    All our classrooms need continous access to the student's domain controller (with DHCP, DNS etc...), and in addition, internet access *only when needed*.

    How can we avoid connecting ALL classrooms to the internet once the gateway cable is connected to the domain controller net in one of the classrooms?

    The router / firewall IP is on the same subnet as the domain controller. A small sketch of a similar system is available here (with separate switches for internet and domain controller):

    Connecting / disconnecting the internet for classrooms would be by connecting /disconnecting the blue connection in each classroom in the above sketch.

    I'm aware that this could probably be achieved by setting a gigabit router in the domain controller cable for each classroom, but I hoped to avoid the cost of this. The sketch' 'Domain controller subnet switch' is a Linksys SRW2016.

    Thanks if someone have some bright ideas and suggestions ;-)

