[OPLINTECH] VLAN

Ed Liddle eliddle at marysvillelib.org
Mon Jan 21 15:06:23 EST 2008 

Josh,
The pros to doing this is the separation of the public computers and
staff computers on the network. This is good from a security point of
view by making it harder for someone on a public computer to access
something on a staff computer. The separation can be useful to control
bandwidth as well. 

We have our staff computers and public computers on 2 separate v-lans.
We are currently using a checkpoint gateway/firewall appliance connected
to a cable modem and t-1 line to tie them together. Using QOS in the
checkpoint box I can give all the traffic on the public v-lan a lower
priority and limit the total bandwidth to no more than x amount going
out to the cable modem and limit it to a different amount for the t-1
line. I did this to ensure the public computers could not use all the
bandwidth going to the internet via the cable modem which has happened
in the past. You will have to figure out what the usual bandwidth usage
is for staff machines and set the total amount of bandwidth for the
public machines accordingly. 

Since it separates the staff computers from the public computers,
traffic generated by the public computers shouldn't effect the the staff
computers very much.
 
The cons for doing this I think may be possibly extra hardware needed
and the time it takes to set it up. For instance if a server needs to
access both the public and staff v-lans, it may need two NIC cards in it
to do so. If your current switch does not have v-lan support then you
may need to purchase a switch that does or use 2 different switches, one
for the staff computers and one for the public ones,since that is what a
switch with v-lan support will do. If you have resources or applications
that are shared by public computers and staff computers you will have to
make sure they will be able to talk to each other. For us  this is done
through the firewall/gateway appliance. Also if you have anything with
static IP addresses set you may need to change them to a new address for
the new v-lan. 

I hope this helps. 
-- 
-Ed Liddle
 
Technology Assistant

Marysville Public library
231 S. Plum Street,
Marysville, OH  43040

      * Phone: 937-642-1876 ext.45
      * Fax: 937-642-3457

 

On Mon, 2008-01-21 at 14:02 -0500, Josh Proffit wrote:
> I’m considering setting up a VLAN for our library’s public Internet.
> The bandwidth that they currently use is just outrageous. Can anyone
> give me the pros and cons of doing this? Or just any comments from
> anyone out there who has done this in the past. Thanks!
> 
>  
> 
> Joshua Proffit
> 

>

More information about the OPLINTECH mailing list