+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Network and Classroom Management Thread, Are Vlans worth while in Technical; I have inherited network running 10.0.0.0/16 in one building with about 500 nodes is it worth my time to create ...
  1. #1

    Join Date
    Feb 2009
    Posts
    4
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Are Vlans worth while

    I have inherited network running 10.0.0.0/16 in one building with about 500 nodes is it worth my time to create separate vlans for wireless,printers,desktops etc?

  2. #2

    Join Date
    Jan 2013
    Posts
    98
    Thank Post
    23
    Thanked 11 Times in 10 Posts
    Rep Power
    5
    In my experience no, just 1 extra thing you have to deal with. We had huge issues with incorrect vlan configurations at our High School Campus, so we were a bit burnt by vlans and may effect recommendation. We have simplified to 1 vlan per campus site and our wifi merged with no guest access.

    Possibly with the exception of wireless, if you want more control on that then it may be worth a vlan.

  3. #3
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 261 Times in 213 Posts
    Rep Power
    99
    Yes, absolutely!

    Don't over complicate it though, keep it simple, printers, wireless, door access control systems, infrastructure, segmenting different building or sites etc. Anything simple that will cut out broadcast traffic.

    One thing i would not recommend though is what i've seen once or twice on here, and that's different vlans for student and teacher PCs. Well over the top and over complicating things in my opinion, can only see something like that causing headaches for no great benefit.
    Last edited by mrbios; 23rd June 2014 at 08:35 PM.

  4. #4
    rob_coles's Avatar
    Join Date
    Mar 2007
    Location
    Hull
    Posts
    104
    Thank Post
    15
    Thanked 13 Times in 9 Posts
    Rep Power
    18
    We've got geographical vlans, IT suites, buildings & guest access and voip. Mainly to reduce broadcast traffic.

    Keep it simple

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,456
    Thank Post
    10
    Thanked 494 Times in 434 Posts
    Rep Power
    112
    Quote Originally Posted by mrbios View Post
    Yes, absolutely!

    Don't over complicate it though, keep it simple, printers, wireless, door access control systems, infrastructure, segmenting different building or sites etc. Anything simple that will cut out broadcast traffic.

    One thing i would not recommend though is what i've seen once or twice on here, and that's different vlans for student and teacher PCs. Well over the top and over complicating things in my opinion, can only see something like that causing headaches for no great benefit.
    Benefits include:

    Different ACLs allowing students/teachers access to different servers/resources
    Different filtering/firewall rules based on student/teacher subnets
    Windows firewall ACLs based on subnet, eg not allowing student machines smb access to staff machines (I'm sure you use different user/pass for local admin users on staff/student builds, so this is less of an issue - admin on one local, admin on them all and profiles become vulnerable).

    I found it to be worth the time, it's just another vlan after all, but I was using 802.1x for automatic vlan assignment based on machine group membership, so it didn't take long.

  6. #6
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 261 Times in 213 Posts
    Rep Power
    99
    Quote Originally Posted by DMcCoy View Post
    Benefits include:

    Different ACLs allowing students/teachers access to different servers/resources
    Different filtering/firewall rules based on student/teacher subnets
    Windows firewall ACLs based on subnet, eg not allowing student machines smb access to staff machines (I'm sure you use different user/pass for local admin users on staff/student builds, so this is less of an issue - admin on one local, admin on them all and profiles become vulnerable).

    I found it to be worth the time, it's just another vlan after all, but I was using 802.1x for automatic vlan assignment based on machine group membership, so it didn't take long.
    Seems like a big over complication of the network configuration when all those things can be done through easier to manage and customise methods.

    One question for you though, what happens if a student logs into a teacher PC? Do the instantly get teachers filtering rules or are you combining the subnet rules with user based rules? (which would seem like you'd just be doing the same thing twice but in different ways)

  7. #7
    robjduk's Avatar
    Join Date
    Jun 2011
    Posts
    422
    Thank Post
    12
    Thanked 64 Times in 50 Posts
    Rep Power
    22
    can cause issues in some cases but from my school's experience it is good to VLAN your wireless at minimum. We had a ruckus deployment and it completely fell on its arse until VLANS were made.
    Im considering adding a VLAN to our media departments iMacs soon.

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,456
    Thank Post
    10
    Thanked 494 Times in 434 Posts
    Rep Power
    112
    Teacher machines that were just classroom machines had the same access as student machines, it stopped staff wondering off with outlook open, whiteboard machines had custom desktops to avoid all those helpfully named files on the desktop when smt login on a board. Drive mapping was controlled via subnet too so there was less mapped when logging into a student subnet, along with the multiple server subnets. Internet filtering was a combination of user and a small number of subnet rules.

    It *can* be complicated yes, but it doesn't have to be if you plan carefully. Vlans are just repeating the same process each time so the number doesn't matter as long as it's reasonable enough to still see an overview of what is allowed where. It's really useful when you apply it to things like item level targeting with gpp.

  9. #9
    newpersn's Avatar
    Join Date
    Nov 2010
    Location
    Gloucestershire
    Posts
    1,217
    Thank Post
    281
    Thanked 110 Times in 83 Posts
    Rep Power
    76
    We vlan ' ed about 2 years ago.

    Each floor on its own.
    It rooms on there own
    Wireless on its own.
    Servers are on its own.

    Best move ever. Worth the time it takes to set up.

  10. #10
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    123
    Thank Post
    12
    Thanked 18 Times in 18 Posts
    Rep Power
    4
    We are looking to vlan to separate wifi and servers this summer, looking forward to it... Kinda :s

  11. #11
    simpsonj's Avatar
    Join Date
    Apr 2009
    Location
    Oxford
    Posts
    382
    Thank Post
    160
    Thanked 65 Times in 54 Posts
    Blog Entries
    8
    Rep Power
    21
    Apologies for the slight thread hijack, but can anyone point me at a good 'teach yourself vLanning' website, book or training course? I'm pretty keen to vLan off the wireless and servers myself!

  12. #12

    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    2,124
    Thank Post
    418
    Thanked 314 Times in 265 Posts
    Rep Power
    153

  13. Thanks to fiza from:

    simpsonj (24th June 2014)

  14. #13

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,935
    Thank Post
    1,628
    Thanked 1,898 Times in 1,410 Posts
    Blog Entries
    2
    Rep Power
    429
    In my old school we did it, and colour coordinated everything also.

    Printers/MFDs were Red
    Thin Clients were Orange
    VOIP was Yellow
    Telephones/Faxes were Green
    Servers were Blue
    VPN was Purple
    Class Rooms with PCs were Black (includes science, english, maths, IT etc)
    Wifi was Grey
    DMZ was White

  15. #14
    Gibson335's Avatar
    Join Date
    May 2008
    Posts
    930
    Thank Post
    257
    Thanked 133 Times in 106 Posts
    Rep Power
    79
    VLANs can be useful, but can also be overcooked. They can also be a bugger to remember during that brief moment of panic when something goes wrong. Planning and recording are the key.

  16. Thanks to Gibson335 from:

    dcsdne (24th June 2014)

  17. #15

    Join Date
    Mar 2012
    Location
    Nevada
    Posts
    4
    Thank Post
    11
    Thanked 2 Times in 2 Posts
    Rep Power
    0
    I vlan Wifi into different segments to control BYOD, Staff then students. I will probably expand soon. My feeling with VLANing is if you are comfortable then go for it. VLANing can provide some really nice control, but you do expand your config. I administrate about 200 switches procurve/enterasys. Just make sure to back up your configs.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. What are these worth?
    By steveg in forum General Chat
    Replies: 1
    Last Post: 21st June 2011, 10:19 AM
  2. Notebooks - Are they worth it????
    By Geek_of_HeathMount in forum Hardware
    Replies: 49
    Last Post: 8th April 2010, 12:43 PM
  3. Are they really worth it??
    By neilmc in forum General Chat
    Replies: 11
    Last Post: 15th October 2009, 12:33 PM
  4. cheap laptop chargers- are they worth it?
    By rocknrollstar in forum Hardware
    Replies: 13
    Last Post: 21st January 2009, 09:20 PM
  5. How are your mac's connected ?
    By daveyboy in forum Mac
    Replies: 11
    Last Post: 16th July 2005, 01:52 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •