Could you add a Guest Wifi for the gadgets and keep the main wifi for official domain devices? (depending on the policy of whether you give out the wifi key or not I guess)...
Following some issues of it being given out, we no longer give out the main curric wifi key, but people use the guest wifi as required, that has a 192.168.0.0 range, so doesn't affect our main domain/dhcp range...
Do your LEA provide a gateway? In Brum we have CISCO 2500s set up to route traffic out to the MAN, the core proxy servers and ultimately the internet.
If they provide all of this, your really don't want to be changing subnet masks - you may end up cutting your users off from LEA resources/the internet.
I'd also not arbitrarily pick a new IP range and add it to your DHCP - your LEA may have assigned that to another school and you could cause no end of headaches.
If you can't get the LEA to any of this, try VLANing.
Jim: Brum have plenty of IP ranges left. I've have 5 full address ranges. Four are continuous and were assigned back when BGfL started. The fifth was for our remote site annex and they just pulled a range out for me.
im not confident in using VLans, so thats not an option right now. will look into it in the near future
Just tweaking subnets on your Routers seems a risky business if your provider has not allocated them to you! If this is a truly managed network that they are providing for you I would also say that giving individual schools the keys to the realm seems an erroneous practice to me and if tech departments in and around Birmingham have just been allowed to participate in such activities then it must make for a very flaky network and I guess that this is really not the case.
NAT would seem the way to go here as this then frees you from the shackles of this type of setup, you know where your network starts and the Brum network ends. Anything you do on your side of the NAT is irrelevant to anything past the NAT. This also gives you more scope for managing and securing your own internal network. If indeed external companies need access to internal resources then you have a whole host of available IP’s that you can direct NAT to etc etc.
On the other hand I can see why this type of setup is installed as there is an extra layer of hardware needed in most cases by each school and someone in each school to be available to manage that, so as a cost approach the install is not the wrong way.
Note that I am guessing a bit here as I do not know the ins and outs of your individual networks, and it’s a bit like plumbing what makes sense to one don’t always make sense to another! But that does not make any solution wrong or right.
Last edited by HPlum78; 11th July 2014 at 12:26 PM.
thank you all for your suggestions. i think taking into consideration of support from our LEA Networks team it might just be easier to have another ip range then super scope them together.
If we moved away from the LEA Network team support i think it would be plausible to run a NAT within my network. I don't want to over complicate things, and i dont think i would need any more than another 100 ips as for the size of the building and the amount of wireless hardware we have
There are currently 1 users browsing this thread. (0 members and 1 guests)