Hey guys, I am designing a VLAN and have done my thorough research and I was hoping someone may give me a little advice on my choices.
The network is based around three computer labs, which have around 60 machines in each lab. Lab 1 has full access to the university network and the internet. Lab 2 has some access to the university network and the internet. Lab 3 has no access to the university network only the internet.
So I looked into layer three switches etc, but decided a router on a stick, with a layer two switch was cheaper and better. As for the switches in my network, as there will be three VLANs with 60 machines on each, do I need to watch out for how many ports are on a switch? This is all hypothetical and will be built in packet tracer.
The methods I decided were best to use was things such as encapsulation 802.1q for tagging frames on trunks between the switches. The part I had trouble researching was how to deny access to certain parts or all of the university networks, I came across access lists, but I couldn't make out too much on how this was done, or if it was even the best way to tackle restricting VLAN access to the network.
It is very confusing, as I didn't know if it would be better with a few layer 3 switches and no router or layer 2 switches, I feel a router on a stick and a few layer 2 switches is the way ahead but I'm not sure.
Another thing I was considering was the security factor of the network. I felt port violation was the best for security and perhaps using stickies to assign certain computers to certain ports?
I know I am asking a lot here but I only ask because I am working hard on this and I want some advice on the decisions I've made before I go full steam ahead with my design.
I appreciate any input whatsoever!