Network Structure (topology - managed switches)

I have a network with 24 computers.  All these computers are connected to a 24 Port switch (not L3).  I have recently had a need to add another two computers to the network.  My switch is full.

In addition I would like to subnet the current network into three subnets: 1 for staff, 1 for students, 1 for domain controller.

I have a need for certain staff to be able to cross over from one subnet to the other.  In other words I want to be able to totally isolate staff from students but enable some staff to cross into student network.  both these networks should be able to cross into third network for internet access and authentication by a domain controller.

I was going to buy a L3 Managed switch with maybe 8 ports, plug three hubs or switches (not L3's)  one for each subnet into the managed switch and connect all the computers into the appropriate hub/switch.

I have since been advised that this will not work and that I need one managed switch with enough ports for every computer.

Can somebody confirm this advice or comment on the scenario I was planning.  Hope diagram below will help, this is what I was planning.

MS = L3 Managed Switch
DC = Domain Controller


            (Switch 24 Port)
           |Student Subnet| 192.168.7.0
         /      
       /              (Switch 8 Port)
|MS| ----->|ADSL Modem & DC| 192.168.0.0
       \
         \  (Switch 8 Port)
           |Staff Subnet|  192.168.8.0

1.  All computers must be able to cross in to 192.168.0.0 for domain authentication and Internet Access
2.  Students cannot cross into staff subnet
3.  Selected staff can cross into student subnet for remote monitoring of activities and marking student work


TIA


Rodney



LVL 1
rcockerAsked:
Who is Participating?
 
r_naren22atyahooCommented:
OK I get the Whole Idea now.

My suggestion
1.You can Put the DC in the Staff Subnet, as it is more secured.
2.IF you dont have a proxy server put a proxy server in any Subnet.
http://www.janaserver.de/start.php?lang=en

3. Create 2 sites in the DC using sites and services snap-in.
4.get a managed Switch, just enable the routing on the managed switch
Now comming to the DHCP, staff network has the DHCP server(i.e. the DC)
Now Students need a DHCP server too,
you have to enable DHCP server on the managed switch if possible or
get a workstation on students and install a open source DHCP server and also a proxy server.
5. all subnet must have the switch ip addres as the gateway.

other than that you should be doing fine.
But first create a test environment,
get a managed switch create 3 subnets and connect 3 workstations and test the connectivity.
i suggest the HP Procurve managed Switch, check for a product for your budget

           (Switch 24 Port)
           |Student Subnet| 192.168.7.0
         /      
       /              (Switch 8 Port)
|MS| ----->|ADSL Modem & DC| 192.168.0.0
       \
         \  (Switch 8 Port)
           |Staff Subnet|  192.168.8.0
0
 
r_naren22atyahooCommented:
I Suggest you dont need a Subnet
You dont need the Subnet for 30 Computers...
You just Need a Good File server and Proxy server, to put restrictions between students and staff.

Scenarios to go for a Subnet,
1. If you have 2 many broadcast packets, computers are increasing like upto 300
2. If you want to put restrictions from one network to other network(you also need to consider the rules for that i.e waht you want to allow and what you want to block)

If you still going for the subnet
Your above diagram is fine, However you may have to use a crossover cable when connecting switch to switch.

Also did you consider the Internet sharing Part????
Routing between the subnets, default gateways???

You wont achieve much if you dont use the Firewall policies between the subnets

regards
naren


0
 
rcockerAuthor Commented:
I am aware that I don't have to have a subnet, but I am choosing to subnet for two reasons:

1.  I have a W2K Domain and have setup relevant security to block access of students to staff files etc.  But would feel safer if students could not even see other computers on network.  

I currently have all students and staff accessing the same file server and use NTFS permissions to protect Staff data.  In the new setup I would consider having one file server for staff and one file server for students that would sit in the respective subnets.  All authenticating to one domain controller in the central subnet.

I guess I see the seperate networks as an extra level of seperation in case a permission has not been set correctly or a security issue exists that I am not aware of.  Just trying to be ultra cautious really.

2.  Part of my motivation here is a bit of personal development and increasing my understanding of networks and subnetting so when I do need to do it, I have a good understanding of how to set it up.

Not sure what you meant by Internet sharing part and routing between subnets and default gateways.

My current setup is everyone on a 192.168.0.0 network.  192.168.0.1 is the ADSL modem and all computers have this as their default gateway.  I had planned that in the new subnets each computer would have the default gateway as the (managed switch, if this has and IP address that I not sure of) or that each computer would still have the default gateway of 192.168.0.1 and that the managed switch for route all requests for Internet Access or Domain Authentication  to the subnet that contains the ADSL Modem and Domain Controller.

I imagined that firewall functions were  provided by the managed switch ( I sought of thought that was one of its main functions). ie controlling what can come in and out of each network

0
Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

 
rcockerAuthor Commented:
Also on the issue of routing between subnets.  My original intention was not to buy a managed switch but just some routers, but I was told that I could not accomplish what I wanted with routers, that I needed a managed switch.
0
 
rcockerAuthor Commented:
Thanks, your assistance has been very helpful
0
 
r_naren22atyahooCommented:
you are welcome
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.