Guest VLAN (ahead of guest wireless)
We don't have the money to upgrade our wireless at the moment, but there's nothing stopping me doing the groundwork now and giving sixth form access via LAN cable for their laptops in the common room.
So: I want to set up an entirely separate guest VLAN, wholly segregated from the rest of the network. It'll be routed at the core, and the only other device on the VLAN will be a Smoothwall SWG-1200 doing transparent filtering (i.e. it will be the default gateway).
The SWG can't do DHCP - only the UTM does that, and I don't want to pay the upgrade just for DHCP as it ain't cheap. So I could set up a virtual DHCP server inside the range, or I could do it via the core switch, a HP 5800 (Comware 5). Both are zero cost, essentially; which is better? Would the switch doing DHCP interfere with the other VLANs where it relays to the domain controllers? Would a server on the range be an additional vulnerability in a way, as it would be hosted on the same virtual infrastructure as everything else? All else being equal the server would at least be easier to use when it comes to investigating leases etc. (as techies will need to do it as well, not just me).
I'm also not certain how I'd go about segregating the VLAN off completely. Routing is static on the switches (not all of them supported OSPF and such, static was the lowest common denominator - works fine, though, so I'm not too concerned); can I use that to keep the traffic contained inside the guest VLAN?