- Introduction
- Buildings
- vLANs
A Virtual Local Access Network (vLAN) provides an additional level of network coordination and control. With appropriate network firewall rules, a vLAN can mitigate the spread of viruses, trojans, worms, and other malicious software across the campus network.
As part of the implementation process in converting to the new ITRP equipment, I&IT Systems is establishing new vLAN firewall rules and assisting department technical personnel in developing a vLAN structure and firewall rules to suit the department’s needs. In the past, many departments had a single vLAN which spanned across the campus core into multiple buildings. This vLAN structure caused stability issues on the network; however with the restructuring to the new vLANs, we are establishing new vLANs on each network core. While we may allow the same instance of a particular vLAN in multiple buildings, we will not allow that vLAN to span across the network core. In the case where we cannot span a vLAN to multiple buildings, we recommend mirroring the firewall rules on the vLANs and allowing the vLANs to communicate with each other freely, making it appear as if they were a single vLAN from the perspective of communication between the vLANs.
We recognize that some departments have special needs and we will work with those departments to develop a vLAN structure which meets those specific requirements while maintaining a network infrastructure manageable by I&IT Systems.
The following list is the most common types of vLAN firewall rules currently implemented by I&IT Systems:
Owner: I&IT Systems
Summary: The most restrictive access for on campus computing
Permitted Access: Limited Internet and campus web based services. Inbound connections are not permitted.
Description: Typically used in open areas where students plug in their own laptops. Should faculty or staff use ports on this vLAN and want to gain access to other campus services, they will need to use their VPN account to gain access to those services. Does not allow for fixed IP addresses.
Owner: Department Technician or Department Head
Summary: Similar firewall rules to the Frontier, however, specific requirements such as fixed addresses are taken into consideration.
Permitted Access: Internet and limited access to on campus services. Inbound connections are not permitted.
Description: Typically used in open areas where students plug in their own laptops. Generally used for a lab with printers that need fixed IP addresses or in places with restrictions similar to Frontier with access to specific services.
Owner: Department Technician or HEERA Manager
Summary: Faculty/Staff vLAN.
Permitted Access: Access to the Internet and on-campus services. May have inbound connections at the request of the department technician.
Description: Generally used with a large number of faculty/staff workstations; a standard ruleset is applied to access on campus services as well as the Internet.
Owner: Department Technician or Department Head
Summary: Server vLAN.
Permitted Access: Access to the Internet and on campus services. Usually allows inbound connections from the appropriate Tech vLAN, Faculty/Staff vLAN, and the Internet.
Description: Used for servers and services the department shares with other departments and/or off campus users. Some technicians will choose to place servers in the Faculty/Staff vLAN if there are a small number of servers or access to the servers is only from clients within the Faculty/Staff vLAN. Generally, the firewall rules are setup to block unnecessary access to the servers while permitting access from appropriate clients.
Owner: Department Technician or Department Head
Summary: vLAN for technician(s)
Permitted Access: Access to the Internet and on-campus services. Generally provides full access to department’s other vLANs for troubleshooting and support. Inbound connections allowed at department technicians request.
Description: Used by the technician(s) for their own desktops to gain access to the department’s other vLANs for troubleshooting and support. It is important the machines in this vLAN stay clean of viruses, worms, etc. to prevent the spread of viruses, worms, and other malicious software to the desktops and servers in the vLANs of the department.
Owner: Department Technician or Department Head
Summary: vLAN used for lab workstations.
Permitted Access: Access to the Internet and on-campus services. No inbound connections unless specified by the department technician.
Description: Used by departments for labs of workstations run by the department. This vLAN may also contain printers or other devices needing fixed addresses.
Owner: I&IT Operations (Jovito Barrantes)
Summary: vLAN used in smart classrooms.
Permitted Access: Access to the Internet and on-campus services..
Description: Used for smart classrooms. Should faculty or staff use ports on this vLAN and want to gain access to other campus services, they will need to use their VPN account to gain access to those services.
