Re: VLANs for a DORM to isolate rooms from each other?

From: W.B (civikminded_at_yahoo.com)
Date: 04/14/04


Date: Wed, 14 Apr 2004 09:10:28 -0500

On Tue, 13 Apr 2004 18:41:14 GMT, Leythos wrote:

> I have a client with a dorm of 100 students. They currently (not my
> design) use a stack of switches and connect all users to a single DHCP
> scope for addresses and then NAT it to internet access.
>
> As you can guess, this really causes problems when one or more of the
> kids get infected.
>
> I was thinking of purchasing a couple managed switches, setting up one
> VLAN per switch port to keep each network jack isolated from the others.
> I would still need a single DHCP server to provide addresses to the kids
> network devices, and I would want them to all use the same NAT internet
> solution, just to be isolated from each other.
>
> Anyone got any feedback on VLAN's using a managed switch to build this?

This probably would not be a good idea. Remember the only way to
communicate between VLANs is to route. So you are going to need 2 ports
per user, one to them, one to an external router. Another option would be
to use VLAN tagging which would allow users to be in their own VLAN as well
as in the VLAN of the default gateway, but everything in the default
gatewaty's VLAN would need to be 802.1q compliant. I've never tried that
so I dont even know if it would work.

Im not sure if you can configure this over inter-switch links so you might
need a huge switch to do it this way, probably making cost a factor.



Relevant Pages

  • Re: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping
    ... when I ping to the ip onvlan1, about 10% come back with "Request ... Are you pinging the hsrp vlan 1 address, ... ping vlan 140's interface with no problems? ... how does the other switch know how to get ...
    (comp.dcom.sys.cisco)
  • Re: Catalyst 3750 with 2 vlans. Only vlan1 drop packet when ping
    ... when I ping to the ip onvlan1, about 10% come back with "Request ... Are you pinging the hsrp vlan 1 address, ... ping vlan 140's interface with no problems? ... how does the other switch know how to get ...
    (comp.dcom.sys.cisco)
  • Re: Need guidance on Cisco 6513 install
    ... having this switch set up on Tuesday by noon, ... The switch itself (and other future network hardware) will be on the ... but you can always choose another vlan number and same ... In a two core environment, ...
    (comp.dcom.sys.cisco)
  • Re: bond interface arp, vlan and trunk / network question
    ... So far vlan and trunking works as expected. ... The exact problem is that the bonding driver don't switch the ... interface because the mii-tool don't recognize that the connection ... No, from your configuration information, you're running the ARP ...
    (Linux-Kernel)
  • Re: probably an easy routing question, so please help
    ... non-contiguous subnets into one VLAN and avoid having to run out to the ... router for intra-VLAN traffic, ... VLAN capable Layer 2 switches ignore VLAN tags on unicast traffic. ... A Layer 3 switch can route intraVLAN/interVLAN unicast traffic AS ...
    (comp.dcom.sys.cisco)