Internet Related/Filtering/Firewall Thread, Anyone work in a Boarding School...? in Technical; If so how do you go about providing the kids with internet access? Do you have a seperate connection for ...
23rd March 2009, 01:20 PM #1
- Rep Power
Anyone work in a Boarding School...?
If so how do you go about providing the kids with internet access? Do you have a seperate connection for them? Do they just pick up in IP from your main DHCP and push the Schools PCs and theirs through the same connection? Do you have a completely seperate network for their personal laptops which doesn't touch the school's network? What speed connections are you running?
Any thoughts or answers would be good.
23rd March 2009, 01:24 PM #2
I know someone who does....
They have a seperate V-lan on the managed WIFI that is open for kids. On the V-lan all they can do is go on the filtered internet. The internet uses the same connection as the school
23rd March 2009, 01:50 PM #3
^ ^ This is how we have it setup for our guest wireless users.
23rd March 2009, 08:04 PM #4
We have a 'guest' wireless with a WPA password on that the kids use. Although we are just in the middle of a refurbishment and will be providing network sockets in all rooms.
Eventually when i can pull my finger out i'll have a new vlan to keep them off the main school network
We have 100MBit leased line
All traffic is filtered regardless
23rd March 2009, 08:06 PM #5
the friend I know has his wireless open. When you connect you get a username and password box. You login using AD credentials
23rd March 2009, 08:19 PM #6
we dont let their own laptops on the internet at all. There is a suite of workstations, and a couple of other machines dotted about the boarding house for them to use whenever they want and at homework time. This internet connection uses the same filtering/logging system as the main school internet.
23rd March 2009, 08:23 PM #7
How restricted is your filtering?
23rd March 2009, 09:47 PM #8
for the students its very strict. Still the occasional proxy crops up they are able to get through, but they are nipped in the bud sharpish
23rd March 2009, 09:55 PM #9
WE've seperated the wireless network from the LAN, but only recently.
The wireless is now controlled by a Cisco firewall which controls all access with username and password (AD). The only ports open to them are 80 and 443 and they
HAVE to go through our web filter. THis is pretty strict, including no internet during prep, only email.
23rd March 2009, 10:39 PM #10
We have kids laptops on separate Vlan for wireless, (and wired in their studies come to that) all are filtered as harshly as I can get away with. Also time banded to restrict their usage times.(other wise they leave them on all night long)
All children and teachers share one 16mb connection and Admin and It share a 7mb connection (also filtered, but not as harshly)
I personally would not let them on my network as we have lots of different languages on their laptops and they could be running all sorts of nasties and we would never know.
But as we do let them if I could afford another connection for them I would as if they are doing anything doggy, it used to kill connection, their fav was using ultrasurf until I finally managed to block it last week.
23rd March 2009, 11:07 PM #11
Which school in york are you in?
Originally Posted by imiddleton25
24th March 2009, 09:45 AM #12
- Rep Power
That seems a little harsh unless you actually have enough PCs for all the kids to do their homework online at the same time. Surely as boarders there is a duty of care to allow them to have something resembling a normal home-life... e.g. use of their own laptop through a filtered internet connection.
Originally Posted by RabbieBurns
24th March 2009, 09:55 AM #13
They can use their laptops as much as they like, just not online. If they want to go online they can use the provided machines. There is only 60 boarders, and there is about 10 machines with internet. They use their own laptops for word processing etc, and if they need to do some research online during prep time there is never an issue with not getting a PC.
24th March 2009, 10:10 AM #14
- Rep Power
Thanks for the input guys.
Currently our students can just access our network by plugging into a port in their room or using the wireless. The DHCP gives them an address and sends them through our filtered connection (same connection as the rest of the School).
Would like to be able to still do this, but without them being able to see the network... although with NT permissions they can still only see what they could see if they were on one of the Schools PCs.
Sounds like a VLAN is the way forward to seperate them from the network but still push them through the same router/internet connection......
We use HP Procurves for our switches (2800s and 1800s) so I'm sure we could do this, but I'm not sure how it all works in a VLAN formation. Can anyone point to a good diagram of how a VLAN works and the switches talk to each other etc.... as I'm not sure I get how if one switch is seperated into 2 VLANS but only has 1 connection back to the main switch... how does the main switch tell which VLAN its from? Do I need one cable back to the main switch from each VLAN and split the main switch into 2 VLANs as well... then which VLAN connects to the router... how do I get a different IP range (which I presume I need to give the students pcs) over one VLAN etc.....
..... basically I haven't a clue, and everything I've read so far is too technical... I need the basics on how I'm supposed to split up the network and connect it first!
24th March 2009, 10:40 AM #15
- Rep Power
Ok.... I think I might be understanding a bit more.
If I was to use Port-based VLANs I could assign certain ports on one of the edge switches (e.g. those going to the network points in the students rooms) to a VLAN and all the ports going to the Schools PCs to a different VLAN. If I do this on all edge switches and use the same VLAN IDs for the all the School connections and the same VLAN ID for all the Student rooms connections, then we should be getting somewhere.
Now, am I right in thinking that if I put a cable between the edge switches and the core switch, I would only need to connect via a port that is on the default VLAN and this would allow the VLANs with same ID but on a different switch to talk to each other?
If that is correct, then next question how do I assign an IP address to the students PCs if the DHCP server is in the School VLAN and not the Student VLAN?
By djm968 in forum General Chat
Last Post: 30th June 2008, 12:13 PM
By Vegas in forum General Chat
Last Post: 29th October 2007, 02:14 PM
Last Post: 26th October 2007, 12:41 AM
Last Post: 23rd February 2007, 12:47 AM
By tosca925 in forum General Chat
Last Post: 18th October 2005, 05:30 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)