Retro-Starr Posted July 12, 2010 Share Posted July 12, 2010 I work as a Tech Support student for a high-school and I was curious if splitting the network down into little subnets would help the school's performance and manageability. The school is setup up as so: Whole School | | - 100's - 1 - ... - 24 | - 200's - 1 - ... - 24 | - 300's - 1 - ... - 24 | - 400's - 1 - ... - 24 | - 500's - 1 - ... - 24 | - 600's - 1 - ... - 24 | - B's - 1 - ... - 24 | - Faculty - 1 - ... - 24 Where the "<something>'s" is the buildings and the "1..24" (not always exactly this many, but for brevity's sake) is the rooms. Would it do anything to break it down so individual rooms get a subnet or would it be better so that the whole building gets it's own subnet? I don't fully understand subnetting or TCP/IP, but I heard a talk where this network admin (I can't remember the show I heard it from or what his job title was) broke his business's network down and let only the PR people use Facebook instead of letting the entire network use Facebook. I also read that subnet reduces packet collisions. Quote Link to comment Share on other sites More sharing options...
decepticon_eazy_e Posted July 12, 2010 Share Posted July 12, 2010 I don't fully understand subnetting or TCP/IP, but I heard a talk where this network admin (I can't remember the show I heard it from or what his job title was) broke his business's network down and let only the PR people use Facebook instead of letting the entire network use Facebook. I also read that subnet reduces packet collisions. Short answer, I seriously doubt it. But you came here for a decent answer so I'll elaborate... First, learn about subnetting and or TCP/IP if you plan to implement because by implementing a thing you are now 'supporting' a thing. When it's broken, you typically go back to the guy who put it in to fix it. When you learn about OSI Layers, you'll find out packets are Layer 3 objects. You will need a layer 3 capable device to route the packets from one network (or subnet) to another. You will need a layer 3 switch or a router. If you have one of these devices, you'll need to learn to configure it. If you want to limit different networks to different resources (i.e. facebook), you will need something like a firewall or content management device (some routers and high end switches do this). You'll need to learn to configure that also. Don't worry about packet collisions unless you have a layer 2 only network. Again, when you learn about the layers, you'll find out frames are at layer 2. Hubs and switches are the devices that route frames, switches don't broadcast every frame so you won't have collisions. At some point early in your self education you'll find out about collision domains vs broadcast domains. If you have switches (not hubs) in your school, you have many collision domains and one broadcast domain. Don't worry about this, I don't think people had this problem since the 80's... that's why CDMA was created. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 12, 2010 Share Posted July 12, 2010 (edited) If you want to break down the network into small sub networks, I would first recommend learning how ip subnet works and once you fully understand. Buy a network switch that has Vlan capabilities. Creating vlans would be the best practice to segment your network, and that will also improve your network performance, as each subdomain will have its own broadcasting domain. For example say the school has 100 PCs. You break it down into 4 groups or 4 vlan groups each one of them holding a total of 25 nodes each. The good thing about this approach is security, one subnet can not interfere or talk to the other one unless you have configured some routing protocol like Rip Or IGMP. Hope this helps. Edited July 12, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
decepticon_eazy_e Posted July 12, 2010 Share Posted July 12, 2010 If you want to break down the network into small sub networks, I would first recommend learning how ip subnet works and once you fully understand. Buy a network switch that has Vlan capabilities. Creating vlans would be the best practice to segment your network, and that will also improve your network performance, as each subdomain will have its own broadcasting domain. For example say the school has 100 PCs. You break it down into 4 groups or 4 vlan groups each one of them holding a total of 25 nodes each. The good thing about this approach is security, one subnet can not interfere or talk to the other one unless you have configured some routing protocol like Rip Or IGMP. Hope this helps. True, but you left out... 99% of all managed switches will do VLANs. VLANs are a layer 2 concept, so a layer 2 switch will do vlans. You need to buy a layer 3 switch to do what you suggest. The VLANs cannot talk to each other without some device routing the information between them, even on the same switch. A layer 3 switch would have a route processor (RP) built in and that would do the job. Otherwise you need a router attached to that switch and trunk all the VLANs to the router, etc. VLAN routing is not something built in to every switch. Honestly, if the network is as large as 100 workstations, and you have good switches, you would see a slow down with this configuration. 100 workstation is not a big network. That's 100+ IPs, which fits fine in a class C subnet. When you need to use large subnets because of the amount of workstations, then you'll need this. I'm talking 1000+ Quote Link to comment Share on other sites More sharing options...
Retro-Starr Posted July 12, 2010 Author Share Posted July 12, 2010 So VLANS instead of subnetting? The school does have roughly 1560+ computers (assuming all classes rooms had around 15 computers and a few rooms with 30). Maybe grouping all the way down to the classroom level isn't the best, but would grouping the whole building better? Any good places to learn TCP/IP? I read a lot of that subject on wikipedia, but I either forgot most of it or it was ridiculous figuring out what the hell it was saying (i.e. subnet calculations)! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 12, 2010 Share Posted July 12, 2010 So VLANS instead of subnetting? The school does have roughly 1560+ computers (assuming all classes rooms had around 15 computers and a few rooms with 30). Maybe grouping all the way down to the classroom level isn't the best, but would grouping the whole building better? Any good places to learn TCP/IP? I read a lot of that subject on wikipedia, but I either forgot most of it or it was ridiculous figuring out what the hell it was saying (i.e. subnet calculations)! These are good places to start learning subnetting http://www.ralphb.net/IPSubnet/ http://www.firstnetsecurity.com/library/mi...orialMaster.PDF http://www.cisco.com/en/US/tech/tk365/tech...0800a67f5.shtml Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 12, 2010 Share Posted July 12, 2010 (edited) True, but you left out... 99% of all managed switches will do VLANs. VLANs are a layer 2 concept, so a layer 2 switch will do vlans. You need to buy a layer 3 switch to do what you suggest. The VLANs cannot talk to each other without some device routing the information between them, even on the same switch. A layer 3 switch would have a route processor (RP) built in and that would do the job. Otherwise you need a router attached to that switch and trunk all the VLANs to the router, etc. VLAN routing is not something built in to every switch. Honestly, if the network is as large as 100 workstations, and you have good switches, you would see a slow down with this configuration. 100 workstation is not a big network. That's 100+ IPs, which fits fine in a class C subnet. When you need to use large subnets because of the amount of workstations, then you'll need this. I'm talking 1000+ Yes you are correct, there will be a slow down due to the traffic being routered between the Vlan groups. And tough it provides organizations with a good opportunity to segment their network. I think in terms of network management, Vlans will do a better job. Edited July 13, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 13, 2010 Share Posted July 13, 2010 Well, you can do VLANs at layer 1 too, assign specific switch ports to a specific VLAN, this is the best method for security, prevents the user from deciding what VLAN they are on. Also, you need to ask your self, which VLANs should be accessible to each other? Should should traffic from one class room be routable to another class room in a different VLAN or should they just have access to the server VLAN? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 13, 2010 Share Posted July 13, 2010 (edited) Also, you need to ask your self, which VLANs should be accessible to each other? Should should traffic from one class room be routable to another class room in a different VLAN or should they just have access to the server VLAN? Very good observation you made there, I guess that will depend on how the school want to use the network. I think connecting to a central server, would be a good option cause you can control what users do and how the information is accessed. But if routing is required between the vlan groups, that could be enabled from the switch web-based admin interface, that is if the switch is a layer 3 device, because most layer 2 switches does not have routing capabilities, unless there is a router in between. Edited July 13, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
decepticon_eazy_e Posted July 13, 2010 Share Posted July 13, 2010 Very good observation you made there, I guess that will depend on how the school want to use the network. I think connecting to a central server, would be a good option cause you can control what users do and how the information is accessed. Since we have covered everything else in this thread, it's worth taking this point out of the argument. VLANs and subnets are NOT how you will achieve this next goal. You need something else to limit or regulate the content. Controlling what users can do and how info is accessed is the job of a couple more devices. You need a content management device and/or firewall, something like Websense. You'll also need an enterprise level monitoring system if you want to see HOW the information is accessed. Having file share permissions in Active Directory is one step, but once the information is out of that 'secure' folder, you don't have any control of it. You seem to elude to wanting more than that. I'm going to assume you really don't need more than that, but just understand none of those goals can be met with the built in technology of a switch or small/med (translate: affordable!) router. You are onto another topic or area of technology altogether now. Quote Link to comment Share on other sites More sharing options...
Retro-Starr Posted July 13, 2010 Author Share Posted July 13, 2010 Thanks for the links, looks like I have reading ahead of me! A lot of this just went right over my head lol. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 13, 2010 Share Posted July 13, 2010 (edited) Since we have covered everything else in this thread, it's worth taking this point out of the argument. VLANs and subnets are NOT how you will achieve this next goal. You need something else to limit or regulate the content. Controlling what users can do and how info is accessed is the job of a couple more devices. You need a content management device and/or firewall, something like Websense. You'll also need an enterprise level monitoring system if you want to see HOW the information is accessed. Having file share permissions in Active Directory is one step, but once the information is out of that 'secure' folder, you don't have any control of it. You seem to elude to wanting more than that. I'm going to assume you really don't need more than that, but just understand none of those goals can be met with the built in technology of a switch or small/med (translate: affordable!) router. You are onto another topic or area of technology altogether now. I know that implementing a domain controller is one step, in controlling access but there are other steps to control the flow of the information, than just adding one step. And sorry I got a bit carried away with the topic, my bad Edited July 13, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 13, 2010 Share Posted July 13, 2010 (edited) . Edited July 13, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
3w`Sparky Posted July 14, 2010 Share Posted July 14, 2010 vlan'ing also gives the option of deploying applications and alike by subnet / eg sites and services a good switch will do routing of vlans learn to subnet . com i think its called has a nice powerpoint run through with speech guide Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.