Date: Wed, 14 Apr 2004 09:10:28 -0500

On Tue, 13 Apr 2004 18:41:14 GMT, Leythos wrote:

> I have a client with a dorm of 100 students. They currently (not my
> design) use a stack of switches and connect all users to a single DHCP
> scope for addresses and then NAT it to internet access.
> As you can guess, this really causes problems when one or more of the
> kids get infected.
> I was thinking of purchasing a couple managed switches, setting up one
> VLAN per switch port to keep each network jack isolated from the others.
> I would still need a single DHCP server to provide addresses to the kids
> network devices, and I would want them to all use the same NAT internet
> solution, just to be isolated from each other.
> Anyone got any feedback on VLAN's using a managed switch to build this?

This probably would not be a good idea. Remember the only way to
communicate between VLANs is to route. So you are going to need 2 ports
per user, one to them, one to an external router. Another option would be
to use VLAN tagging which would allow users to be in their own VLAN as well
as in the VLAN of the default gateway, but everything in the default
gatewaty's VLAN would need to be 802.1q compliant. I've never tried that
so I dont even know if it would work.

Im not sure if you can configure this over inter-switch links so you might
need a huge switch to do it this way, probably making cost a factor.