VLANs
VLANs (Virtual Local Area Networks) can be setup on certain types of switches. VLANs segregate users into different groups as if they were plugged into separate switches. Users cannot see data on the other VLANs, and they cannot even communicate with devices on the other VLANs without specific permission. VLANs make sense in a library setting because libraries can have as many as 4 kinds of users on the network:
- Staff Workstations
These users are under the authority of the library administration and are aware of the acceptable use policy of the library. They do library business on the PC’s including circulation, data entry, accounting, word processing, and any number of other tasks. - Public Workstations
These workstations typically have a number of security measures in place to prevent users from damaging the PC and doing unauthorized activity on the PCs. - Workstations located in, but not under the authority of, the library
These include training rooms that are used by outside agencies and meeting rooms with network access that an instructor can use to plug in their own workstation. - Patron Workstations
These include laptops accessing the wireless network as well as the wired network, if a library were to provide such access for its patrons/students.
Within these larger groupings, libraries may have wireless access for staff and/or public. Wireless access, especially for the public, is a great service that can benefit both the users and the library. However, public wireless access brings with it increased security concerns for the equipment is not under the control of the library and can innocently bring viruses to the LAN and can even bring deliberate security breach attempts. For more information see our Wireless Networking and Security page.
Given these separate groups of users within the library and the desire to separate the different classes of users from one another, it becomes necessary to create VLANs within a switch. When this is done, users from one VLAN cannot talk at all to users from another VLAN directly without the presence of a translator, a device or software to translate one VLAN’s talk to another VLAN.
Here is a simple diagram of how VLAN’s are setup on a switch:
The switch is configured so that one group of ports can never see data or go to a PC on another group of ports. You could have an exception to that to enable the blue ports (staff) to access the green ports (public PCs). The wireless access point is in its own zone so that all users who associate with the access point simply get to the Internet and cannot see any PC on the local network. The training room is protected from public users, wireless users, and even staff PCs if necessary.
Segregating users is important to preserve the privacy of all users of the library network, including the protection of library information and passwords.
Switches
NOBLE recommends switches with the capacity for setting up VLANs for better data privacy and security and are standard throughout NOBLE. The switches can be accessed remotely to streamline troubleshooting. Please contact us for the current model and pricing.
Wireless Networking Equipment
Wireless networking equipment, such as access points, is considered part of the local library’s equipment, and the library is responsible for installation and troubleshooting.
Several of our libraries have implemented the UniFi Enterprise WiFi System. What’s really nice about this system is that it comes with management software that is installed on a PC. This software has several nice features including:
– a secure, encrypted network for staff
– statistics
– list of connected devices with the ability to block
– starting page if desired
– acceptable use policy (strongly recommended)
– bandwidth limits
Planning
NOBLE staff will be happy to meet with libraries to discuss current and future networking needs. Please be sure to include us in your planning process so we can provide you with the information you need.