Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

routing assistance required.

Status
Not open for further replies.
baronne

baronne

Technical User
May 31, 2003
166
Hi,

We are a school and have a scenario:

In the boarding house, we'd like the students to be able to access the internet via our normal gateway, but we don't want them to access the rest of the network, ie. servers, etc. -just the gateway/proxy server for the internet.
The boarding house consists of a bunch of wireless access points and a bunch of wired PCs. There is one HP Procurve 2650 in there (which connects back to the main switch in the comms room). I also have a SonicWall TZ170 at my disposal (which I guess will be used to route traffice in the boarding house?).
Our subnet range for the school is:
172.16.x.x
Default Gateway : 172.16.0.10

The questions:
How should we best go about this? should the boarding be on a seperate subnet? can I use DHCP - or will it affect the rest of the network? What about VLANs - should I consider the use of this, if so, how?


cheers


:: baronne
------------------
"lekker, shot bru
 
Sort by date Sort by votes
I would put the students on a seperate network and then only allow traffic out to the internet from that subnet and block all traffic to the main network.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Hi...

Cheers for the response. The switch in the boarding house is connected via fibre back to another switch in the main comms room. If I put a router in the switch in the boarding house, will this cause DHCP problems for other machines on the network? Should I use the layer 3/VLAN abilities of the switch.. sorry I'm a bit of a newbie on some of this stuff.

cheers

Baronne

:: baronne
------------------
"lekker, shot bru
 
Upvote 0 Downvote
It depends on the router. For example Cisco router can forward DHCP requests to a server on another subnets. It it were me I'd put a DHCP server on that network segment and VLAN it off from the main LAN.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Hi

Without having a full understand of the network, it is difficult to advise appropriately. However here are some pointers:

If you put all the students switch ports in their own VLAN (one which is currently not allocated to any other user) then this will achieve the seperation from the main network you're looking for. If the proxy/gateway device also sit in this same VLAN, this will work fine for you.

If however the proxy/gateway is to be shared by students and other people, you will need a router at the middle of the network that can route traffic accordingly. If you deploy a router, consider the use of access control lists on that router to prevent the students accessing other parts of the network except the services they need access too.

Hope this is useful
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sylric
  • Locked
  • Question
Audiocodes Mediant 1000B Routing question
Replies
0
Views
114
Sylric
Sylric
turksthegreat
  • Locked
  • Question
inter VLAN Routing
Replies
2
Views
158
VinceWhirlwind
VinceWhirlwind
matept
  • Locked
  • Question
Assign default gateway routing
Replies
0
Views
79
matept
matept
kyuss2242
  • Locked
  • Question
Server 2008 R2 RRAS routing issues
Replies
3
Views
141
kyuss2242
kyuss2242
RFC1795
  • Locked
  • Question
SNMP Perl script to view routing table on Cisco
Replies
3
Views
125
bnorton916
bnorton916

Part and Inventory Search

Sponsor

Back
Top