Network Structure (topology - managed switches)
I have a network with 24 computers. All these computers are connected to a 24 Port switch (not L3). I have recently had a need to add another two computers to the network. My switch is full.
In addition I would like to subnet the current network into three subnets: 1 for staff, 1 for students, 1 for domain controller.
I have a need for certain staff to be able to cross over from one subnet to the other. In other words I want to be able to totally isolate staff from students but enable some staff to cross into student network. both these networks should be able to cross into third network for internet access and authentication by a domain controller.
I was going to buy a L3 Managed switch with maybe 8 ports, plug three hubs or switches (not L3's) one for each subnet into the managed switch and connect all the computers into the appropriate hub/switch.
I have since been advised that this will not work and that I need one managed switch with enough ports for every computer.
Can somebody confirm this advice or comment on the scenario I was planning. Hope diagram below will help, this is what I was planning.
MS = L3 Managed Switch
DC = Domain Controller
(Switch 24 Port)
|Student Subnet| 192.168.7.0
/
/ (Switch 8 Port)
|MS| ----->|ADSL Modem & DC| 192.168.0.0
\
\ (Switch 8 Port)
|Staff Subnet| 192.168.8.0
1. All computers must be able to cross in to 192.168.0.0 for domain authentication and Internet Access
2. Students cannot cross into staff subnet
3. Selected staff can cross into student subnet for remote monitoring of activities and marking student work
TIA
Rodney
In addition I would like to subnet the current network into three subnets: 1 for staff, 1 for students, 1 for domain controller.
I have a need for certain staff to be able to cross over from one subnet to the other. In other words I want to be able to totally isolate staff from students but enable some staff to cross into student network. both these networks should be able to cross into third network for internet access and authentication by a domain controller.
I was going to buy a L3 Managed switch with maybe 8 ports, plug three hubs or switches (not L3's) one for each subnet into the managed switch and connect all the computers into the appropriate hub/switch.
I have since been advised that this will not work and that I need one managed switch with enough ports for every computer.
Can somebody confirm this advice or comment on the scenario I was planning. Hope diagram below will help, this is what I was planning.
MS = L3 Managed Switch
DC = Domain Controller
(Switch 24 Port)
|Student Subnet| 192.168.7.0
/
/ (Switch 8 Port)
|MS| ----->|ADSL Modem & DC| 192.168.0.0
\
\ (Switch 8 Port)
|Staff Subnet| 192.168.8.0
1. All computers must be able to cross in to 192.168.0.0 for domain authentication and Internet Access
2. Students cannot cross into staff subnet
3. Selected staff can cross into student subnet for remote monitoring of activities and marking student work
TIA
Rodney
ASKER
I am aware that I don't have to have a subnet, but I am choosing to subnet for two reasons:
1. I have a W2K Domain and have setup relevant security to block access of students to staff files etc. But would feel safer if students could not even see other computers on network.
I currently have all students and staff accessing the same file server and use NTFS permissions to protect Staff data. In the new setup I would consider having one file server for staff and one file server for students that would sit in the respective subnets. All authenticating to one domain controller in the central subnet.
I guess I see the seperate networks as an extra level of seperation in case a permission has not been set correctly or a security issue exists that I am not aware of. Just trying to be ultra cautious really.
2. Part of my motivation here is a bit of personal development and increasing my understanding of networks and subnetting so when I do need to do it, I have a good understanding of how to set it up.
Not sure what you meant by Internet sharing part and routing between subnets and default gateways.
My current setup is everyone on a 192.168.0.0 network. 192.168.0.1 is the ADSL modem and all computers have this as their default gateway. I had planned that in the new subnets each computer would have the default gateway as the (managed switch, if this has and IP address that I not sure of) or that each computer would still have the default gateway of 192.168.0.1 and that the managed switch for route all requests for Internet Access or Domain Authentication to the subnet that contains the ADSL Modem and Domain Controller.
I imagined that firewall functions were provided by the managed switch ( I sought of thought that was one of its main functions). ie controlling what can come in and out of each network
1. I have a W2K Domain and have setup relevant security to block access of students to staff files etc. But would feel safer if students could not even see other computers on network.
I currently have all students and staff accessing the same file server and use NTFS permissions to protect Staff data. In the new setup I would consider having one file server for staff and one file server for students that would sit in the respective subnets. All authenticating to one domain controller in the central subnet.
I guess I see the seperate networks as an extra level of seperation in case a permission has not been set correctly or a security issue exists that I am not aware of. Just trying to be ultra cautious really.
2. Part of my motivation here is a bit of personal development and increasing my understanding of networks and subnetting so when I do need to do it, I have a good understanding of how to set it up.
Not sure what you meant by Internet sharing part and routing between subnets and default gateways.
My current setup is everyone on a 192.168.0.0 network. 192.168.0.1 is the ADSL modem and all computers have this as their default gateway. I had planned that in the new subnets each computer would have the default gateway as the (managed switch, if this has and IP address that I not sure of) or that each computer would still have the default gateway of 192.168.0.1 and that the managed switch for route all requests for Internet Access or Domain Authentication to the subnet that contains the ADSL Modem and Domain Controller.
I imagined that firewall functions were provided by the managed switch ( I sought of thought that was one of its main functions). ie controlling what can come in and out of each network
ASKER
Also on the issue of routing between subnets. My original intention was not to buy a managed switch but just some routers, but I was told that I could not accomplish what I wanted with routers, that I needed a managed switch.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, your assistance has been very helpful
you are welcome
You dont need the Subnet for 30 Computers...
You just Need a Good File server and Proxy server, to put restrictions between students and staff.
Scenarios to go for a Subnet,
1. If you have 2 many broadcast packets, computers are increasing like upto 300
2. If you want to put restrictions from one network to other network(you also need to consider the rules for that i.e waht you want to allow and what you want to block)
If you still going for the subnet
Your above diagram is fine, However you may have to use a crossover cable when connecting switch to switch.
Also did you consider the Internet sharing Part????
Routing between the subnets, default gateways???
You wont achieve much if you dont use the Firewall policies between the subnets
regards
naren