+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Network and Classroom Management Thread, Are Vlans worth while in Technical; I have inherited network running 10.0.0.0/16 in one building with about 500 nodes is it worth my time to create ...
  1. #1

    Join Date
    Feb 2009
    Posts
    4
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Are Vlans worth while

    I have inherited network running 10.0.0.0/16 in one building with about 500 nodes is it worth my time to create separate vlans for wireless,printers,desktops etc?

  2. #2

    Join Date
    Jan 2013
    Posts
    123
    Thank Post
    24
    Thanked 14 Times in 13 Posts
    Rep Power
    6
    In my experience no, just 1 extra thing you have to deal with. We had huge issues with incorrect vlan configurations at our High School Campus, so we were a bit burnt by vlans and may effect recommendation. We have simplified to 1 vlan per campus site and our wifi merged with no guest access.

    Possibly with the exception of wireless, if you want more control on that then it may be worth a vlan.

  3. #3
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,631
    Thank Post
    378
    Thanked 270 Times in 222 Posts
    Rep Power
    103
    Yes, absolutely!

    Don't over complicate it though, keep it simple, printers, wireless, door access control systems, infrastructure, segmenting different building or sites etc. Anything simple that will cut out broadcast traffic.

    One thing i would not recommend though is what i've seen once or twice on here, and that's different vlans for student and teacher PCs. Well over the top and over complicating things in my opinion, can only see something like that causing headaches for no great benefit.
    Last edited by mrbios; 23rd June 2014 at 09:35 PM.

  4. #4
    rob_coles's Avatar
    Join Date
    Mar 2007
    Location
    Hull
    Posts
    118
    Thank Post
    17
    Thanked 16 Times in 12 Posts
    Rep Power
    18
    We've got geographical vlans, IT suites, buildings & guest access and voip. Mainly to reduce broadcast traffic.

    Keep it simple

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Quote Originally Posted by mrbios View Post
    Yes, absolutely!

    Don't over complicate it though, keep it simple, printers, wireless, door access control systems, infrastructure, segmenting different building or sites etc. Anything simple that will cut out broadcast traffic.

    One thing i would not recommend though is what i've seen once or twice on here, and that's different vlans for student and teacher PCs. Well over the top and over complicating things in my opinion, can only see something like that causing headaches for no great benefit.
    Benefits include:

    Different ACLs allowing students/teachers access to different servers/resources
    Different filtering/firewall rules based on student/teacher subnets
    Windows firewall ACLs based on subnet, eg not allowing student machines smb access to staff machines (I'm sure you use different user/pass for local admin users on staff/student builds, so this is less of an issue - admin on one local, admin on them all and profiles become vulnerable).

    I found it to be worth the time, it's just another vlan after all, but I was using 802.1x for automatic vlan assignment based on machine group membership, so it didn't take long.

  6. #6
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,631
    Thank Post
    378
    Thanked 270 Times in 222 Posts
    Rep Power
    103
    Quote Originally Posted by DMcCoy View Post
    Benefits include:

    Different ACLs allowing students/teachers access to different servers/resources
    Different filtering/firewall rules based on student/teacher subnets
    Windows firewall ACLs based on subnet, eg not allowing student machines smb access to staff machines (I'm sure you use different user/pass for local admin users on staff/student builds, so this is less of an issue - admin on one local, admin on them all and profiles become vulnerable).

    I found it to be worth the time, it's just another vlan after all, but I was using 802.1x for automatic vlan assignment based on machine group membership, so it didn't take long.
    Seems like a big over complication of the network configuration when all those things can be done through easier to manage and customise methods.

    One question for you though, what happens if a student logs into a teacher PC? Do the instantly get teachers filtering rules or are you combining the subnet rules with user based rules? (which would seem like you'd just be doing the same thing twice but in different ways)

  7. #7
    robjduk's Avatar
    Join Date
    Jun 2011
    Posts
    521
    Thank Post
    25
    Thanked 76 Times in 59 Posts
    Rep Power
    26
    can cause issues in some cases but from my school's experience it is good to VLAN your wireless at minimum. We had a ruckus deployment and it completely fell on its arse until VLANS were made.
    Im considering adding a VLAN to our media departments iMacs soon.

  8. #8
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    Teacher machines that were just classroom machines had the same access as student machines, it stopped staff wondering off with outlook open, whiteboard machines had custom desktops to avoid all those helpfully named files on the desktop when smt login on a board. Drive mapping was controlled via subnet too so there was less mapped when logging into a student subnet, along with the multiple server subnets. Internet filtering was a combination of user and a small number of subnet rules.

    It *can* be complicated yes, but it doesn't have to be if you plan carefully. Vlans are just repeating the same process each time so the number doesn't matter as long as it's reasonable enough to still see an overview of what is allowed where. It's really useful when you apply it to things like item level targeting with gpp.

  9. #9
    newpersn's Avatar
    Join Date
    Nov 2010
    Location
    Gloucestershire
    Posts
    1,383
    Thank Post
    327
    Thanked 126 Times in 90 Posts
    Rep Power
    91
    We vlan ' ed about 2 years ago.

    Each floor on its own.
    It rooms on there own
    Wireless on its own.
    Servers are on its own.

    Best move ever. Worth the time it takes to set up.

  10. #10
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    152
    Thank Post
    12
    Thanked 20 Times in 20 Posts
    Rep Power
    5
    We are looking to vlan to separate wifi and servers this summer, looking forward to it... Kinda :s

  11. #11
    simpsonj's Avatar
    Join Date
    Apr 2009
    Location
    Oxford
    Posts
    406
    Thank Post
    165
    Thanked 70 Times in 59 Posts
    Blog Entries
    8
    Rep Power
    23
    Apologies for the slight thread hijack, but can anyone point me at a good 'teach yourself vLanning' website, book or training course? I'm pretty keen to vLan off the wireless and servers myself!

  12. #12

    fiza's Avatar
    Join Date
    Dec 2008
    Location
    London
    Posts
    2,297
    Thank Post
    456
    Thanked 330 Times in 278 Posts
    Rep Power
    156

  13. Thanks to fiza from:

    simpsonj (24th June 2014)

  14. #13

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    12,437
    Thank Post
    1,682
    Thanked 2,039 Times in 1,483 Posts
    Blog Entries
    2
    Rep Power
    460
    In my old school we did it, and colour coordinated everything also.

    Printers/MFDs were Red
    Thin Clients were Orange
    VOIP was Yellow
    Telephones/Faxes were Green
    Servers were Blue
    VPN was Purple
    Class Rooms with PCs were Black (includes science, english, maths, IT etc)
    Wifi was Grey
    DMZ was White

  15. #14
    Gibson335's Avatar
    Join Date
    May 2008
    Posts
    981
    Thank Post
    271
    Thanked 142 Times in 113 Posts
    Rep Power
    82
    VLANs can be useful, but can also be overcooked. They can also be a bugger to remember during that brief moment of panic when something goes wrong. Planning and recording are the key.

  16. Thanks to Gibson335 from:

    dcsdne (24th June 2014)

  17. #15

    Join Date
    Mar 2012
    Location
    Nevada
    Posts
    6
    Thank Post
    11
    Thanked 4 Times in 4 Posts
    Rep Power
    0
    I vlan Wifi into different segments to control BYOD, Staff then students. I will probably expand soon. My feeling with VLANing is if you are comfortable then go for it. VLANing can provide some really nice control, but you do expand your config. I administrate about 200 switches procurve/enterasys. Just make sure to back up your configs.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. What are these worth?
    By steveg in forum General Chat
    Replies: 1
    Last Post: 21st June 2011, 11:19 AM
  2. Notebooks - Are they worth it????
    By Geek_of_HeathMount in forum Hardware
    Replies: 49
    Last Post: 8th April 2010, 01:43 PM
  3. Are they really worth it??
    By neilmc in forum General Chat
    Replies: 11
    Last Post: 15th October 2009, 01:33 PM
  4. cheap laptop chargers- are they worth it?
    By rocknrollstar in forum Hardware
    Replies: 13
    Last Post: 21st January 2009, 10:20 PM
  5. How are your mac's connected ?
    By daveyboy in forum Mac
    Replies: 11
    Last Post: 16th July 2005, 02:52 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •