Using 'subnet' to restrict access. (not sure my scheme is even possible)

I am establishing a network for a school. For the moment, I wish to
use the 'subnet' field of the IP address to restrict what portion of
the network each computer sees.

The Internet Gateway has current IP address of '153.69.254.240'.

The Administration database has current IP address of '153.69.254.1'

(These can be changed as needed)

My 4 groups are as follows:

group 1. 'Administration': able to see everyone, easy, set to '255.255.255.0'

group 2: 'Faculty': able to see each other and Internet Gateway.

group 3: 'Yearbook': able to see each other and Internet Gateway.

group 4: 'Library': able to see school database, but not Internet.

size of groups needed, from largest to smallest:

Faculty/Administration/Yearbook/Library

(need at least 60 in faculty)

These are the ideal groups, if they are not feasible, then to have 2
groups: one that can see all, and one that cannot see administration
computers or database but can get Internet access. This would be the
minimal solution.

I have access to 'Wildpackets Subnet Calculator', but it does not give
me correct info regarding the 'Subnet Host Address Range'. Could this
be because the Gateway is 'cheating' on me and allowing IP addresses
to see each other when they really should not?

This is a "class C" network, this is not necessary, can use another if 
necessary  

All computers are running XP Pro, we do not use DHCP (all addresses
are assigned manually)

Thanks for your help.

I don't think you can do what you want. The simplest (and best, in my
opinion) way to achieve what you're after is to simply use the
permissions built into WinXP to assign users to groups, and
permissions to the groups. Thus any one in the 'administration' group
could access all computers, 'faculty' users could be excluded from all
computers but the ones they should have access to, etc.

Subnetting, really creates different networks. Your idea to use
255.255.255.0 to create an "administrative" net that can 'see' other
nets just won't work. Subnetting is used strictly to take one large
network and break it up into smaller, individual, separated networks.

To get the subnets to see each other, you'll need one computer on each
network that has access to at least a second subnet (it would be on
both subnets). This is called a gateway.

I suggest you read up on networking, subnetting, and Windows XP user
groups and permissions.

-JtB

I'll state more directly, that my comments below imply all computers
are on the same network.

-JtB

Variably your best answer is purchase a vlan capable router Then setup vlans.
Vlan is more secure,and os independant Active directory is more administrative
nitemarish.

You should be able to carve out 4 /26 networks of 62 hosts each. That
would give you netmasks of 255.255.255.192

Ranges would be:
1-62
65-126
129-190
193-254

You could also do it as 1 /25 network (126 hosts) and 3 /27 networks
(20 hosts) if you need. This will give lots of hosts for faculty, but
remember to always carve your big networks first.

Assume you set aside the first network for admin. Give each host an ip
from that pool but use /24 netmasks (255.255.255.0).
The admin database can keep its ip but will also need /24 mask.
The gateway needs /24 netmask too.
Don't give the library computers a default gateway.

Try Small Business Server and set up user/group accounts for security.
Note: if you are at 60 users you may want to get W2K Server, since SBS
will only support 60 or so users.
What you are attempting won't work. jebdia is correct.

your best bet is to get a managed switch and vlan off networks granted
it isnt very secure becuase any broadcast storm will thow the switch
to dump mode but its a start..