Today we laid the groundwork for a project to allow the Basketball Association (who are located in the shared Basketball Stadium which resides of School property) to use our infrastructure to obtain internet access. Currently they uses 56k Dial Up as ADSL over copper lines is unavailable in this location and satellite is far too expensive for an small/low profit organisation such as the Basketball Association.
For the Basketball Association to use our infrastructure to gain fast internet access provides three obstacles:
1. They will create add to the traffic on our infrastructure (performance)
2. They will be open to our network and vice versa (security)
3. They will need to be accurately charged for the access (cost)
Problems 1 & 2 are easily solved by segmenting the traffic from the rest of the schools traffic using Virtual Local Area Networks (or VLANs). And because we already have VLANs implemented inside the school network it is very very easy to add another VLAN. And because the traffic is seperate from the rest by using the VLANs we can apply security rules just to that particular VLAN to prevent any unwanted traffic or snooping.
Problem 3 is a seperate issue. At first the gateway between the schools infrastructure and their infrastucture was going to be our ex firewall, a Watchguard FIREBOX (see figure 1) and we would use a linux solution to count the traffic and charge accordingly but we happened to stumble upon a CISCO 1700 series router (see figure 2) and used it to be the gateway between the two networks.
I have never had experience setting up a router of this capability so I left that upto my colleague but watched on. They run the same CISCO IOS system that the switches dotted are the school run so it was fairly (or more so exactly) similar command wise but because this is a router it had various features the Layer 2 switches did not (the Layer 3 switch is capable of routing so it too was very similar to the router). One thing my colleague had to implement was a Loopback interface on the Router. He did this so the charging of internet traffic would not charge the Basketball Association for traffic such as DHCP broadcasts and pings. Using ACLS once traffic hit the Ethernet 0 Interface all traffic would be routed to the Loopback Interface 0 where broadcast traffic would hit a dead end so to speak (a null value) and the rest of the traffic would be sent back to the router’s processor and eventually Ethernet 1 and onto the Internet.
Figure 1
Figure 2
