Network and Classroom Management Thread, Are Vlans worth while in Technical; I have inherited network running 10.0.0.0/16 in one building with about 500 nodes is it worth my time to create ...
23rd June 2014, 07:28 PM #1
- Rep Power
Are Vlans worth while
I have inherited network running 10.0.0.0/16 in one building with about 500 nodes is it worth my time to create separate vlans for wireless,printers,desktops etc?
23rd June 2014, 07:44 PM #2
- Rep Power
In my experience no, just 1 extra thing you have to deal with. We had huge issues with incorrect vlan configurations at our High School Campus, so we were a bit burnt by vlans and may effect recommendation. We have simplified to 1 vlan per campus site and our wifi merged with no guest access.
Possibly with the exception of wireless, if you want more control on that then it may be worth a vlan.
23rd June 2014, 08:25 PM #3
Don't over complicate it though, keep it simple, printers, wireless, door access control systems, infrastructure, segmenting different building or sites etc. Anything simple that will cut out broadcast traffic.
One thing i would not recommend though is what i've seen once or twice on here, and that's different vlans for student and teacher PCs. Well over the top and over complicating things in my opinion, can only see something like that causing headaches for no great benefit.
Last edited by mrbios; 23rd June 2014 at 08:35 PM.
23rd June 2014, 08:34 PM #4
We've got geographical vlans, IT suites, buildings & guest access and voip. Mainly to reduce broadcast traffic.
Keep it simple
23rd June 2014, 09:15 PM #5
Originally Posted by mrbios
Different ACLs allowing students/teachers access to different servers/resources
Different filtering/firewall rules based on student/teacher subnets
Windows firewall ACLs based on subnet, eg not allowing student machines smb access to staff machines (I'm sure you use different user/pass for local admin users on staff/student builds, so this is less of an issue - admin on one local, admin on them all and profiles become vulnerable).
I found it to be worth the time, it's just another vlan after all, but I was using 802.1x for automatic vlan assignment based on machine group membership, so it didn't take long.
23rd June 2014, 09:47 PM #6
Seems like a big over complication of the network configuration when all those things can be done through easier to manage and customise methods.
Originally Posted by DMcCoy
One question for you though, what happens if a student logs into a teacher PC? Do the instantly get teachers filtering rules or are you combining the subnet rules with user based rules? (which would seem like you'd just be doing the same thing twice but in different ways)
23rd June 2014, 09:54 PM #7
can cause issues in some cases but from my school's experience it is good to VLAN your wireless at minimum. We had a ruckus deployment and it completely fell on its arse until VLANS were made.
Im considering adding a VLAN to our media departments iMacs soon.
23rd June 2014, 10:03 PM #8
Teacher machines that were just classroom machines had the same access as student machines, it stopped staff wondering off with outlook open, whiteboard machines had custom desktops to avoid all those helpfully named files on the desktop when smt login on a board. Drive mapping was controlled via subnet too so there was less mapped when logging into a student subnet, along with the multiple server subnets. Internet filtering was a combination of user and a small number of subnet rules.
It *can* be complicated yes, but it doesn't have to be if you plan carefully. Vlans are just repeating the same process each time so the number doesn't matter as long as it's reasonable enough to still see an overview of what is allowed where. It's really useful when you apply it to things like item level targeting with gpp.
23rd June 2014, 10:05 PM #9
We vlan ' ed about 2 years ago.
Each floor on its own.
It rooms on there own
Wireless on its own.
Servers are on its own.
Best move ever. Worth the time it takes to set up.
24th June 2014, 10:34 AM #10
We are looking to vlan to separate wifi and servers this summer, looking forward to it... Kinda :s
24th June 2014, 10:50 AM #11
Apologies for the slight thread hijack, but can anyone point me at a good 'teach yourself vLanning' website, book or training course? I'm pretty keen to vLan off the wireless and servers myself!
24th June 2014, 11:03 AM #12
Thanks to fiza from:
simpsonj (24th June 2014)
24th June 2014, 11:17 AM #13
In my old school we did it, and colour coordinated everything also.
Printers/MFDs were Red
Thin Clients were Orange
VOIP was Yellow
Telephones/Faxes were Green
Servers were Blue
VPN was Purple
Class Rooms with PCs were Black (includes science, english, maths, IT etc)
Wifi was Grey
DMZ was White
24th June 2014, 11:46 AM #14
VLANs can be useful, but can also be overcooked. They can also be a bugger to remember during that brief moment of panic when something goes wrong. Planning and recording are the key.
Thanks to Gibson335 from:
24th June 2014, 05:21 PM #15
- Rep Power
I vlan Wifi into different segments to control BYOD, Staff then students. I will probably expand soon. My feeling with VLANing is if you are comfortable then go for it. VLANing can provide some really nice control, but you do expand your config. I administrate about 200 switches procurve/enterasys. Just make sure to back up your configs.
By steveg in forum General Chat
Last Post: 21st June 2011, 10:19 AM
By Geek_of_HeathMount in forum Hardware
Last Post: 8th April 2010, 12:43 PM
By neilmc in forum General Chat
Last Post: 15th October 2009, 12:33 PM
By rocknrollstar in forum Hardware
Last Post: 21st January 2009, 09:20 PM
Last Post: 16th July 2005, 01:52 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)