Some questions..
How far from the IDF's to the MDF? This defines what flavor of fiber you need.
What protocols do you need to run? This depends on how fancy you need your routing or L3 switching needs to be.
There's a lot of way to build this kind of network, and it really depends on your budget and uptime requirements. For example, is this driven by budget or is it driven by high availability? Given that it's a school, I would assume that it's budget-driven. Most of my school project have been. *grin*
Is cabling included? If not, you should probably include an assumptions page that states that it is assumed that cabling is all Cat5 or greater.
I think you're on the right track, but I've got some adds..
One very, very important design constraint: Keep it simple. Don't try to get fancy or go overboard with enhanced features like FastEtherChannel, trunking, etc. Make it easy to install, easy to troubleshoot and stable.
In each IDF, use a single layer 3 switch. Something like a Cisco 3550 would probably be OK, a 4503 would be better (depends on cost, of course). Create one VLAN for all the teachers and one VLAN per classroom. In each classroom, use a single L2 switch - A 2900-class box would be fine. I don't see any need for gigabit uplinks between the classroom and IDF - You probably won't have enough server hardware or Internet connectity bandwidth to merit it. If you want to future-proof it, use a 3550 in each classroom instead of a 2900. So, you'd have from each room, the teacher PC plugged into the IDF switch, on the teacher VLAN (just one teacher VLAN for the whole IDF - No need for one per classroom). The 2900 would be plugged into the IDF switch on it's own VLAN. Repeat, make cookie-cutter, and you're done.
In your MDF, put in a 4503 or 4506 layer 3 switch with enough fiber ports to connect to the 3550's in the IDF and some 10/100/1000 LAN blades to hang your servers off of in their own VLAN. Skip using real "routers" - They don't have the capabilities of a L3 switch and will probably cost more, too. Be sure to include GBICS for the MDF and IDF switches, too.
You mention that you have a firewall/router for outside services. Is that the Internet? If so, I'd use a separate small router (Like a 1700 or 2600 for a T1 or a 3700 for a T3), and a separate PIX firewall. For a T1, probably a 506 and for anything faster, a 515e.
For IP addressing, yeah, definitely use a class C (255.255.255.0) for all your subnets. Makes troubleshooting easier. Be sure to consider assigning a "block" class C addresses to each IDF - Make sure you leave some overhead. Break the class C's blocks on a normal boundry - Blocks of 16 would be fine. Do something like..
.0 - .15 - MDF
.16 - .31 - IDF #2
.32 - .47 - IDF #3
etc.
Other details:
Be sure to include a routing protocol, to be able to distribute your routes across the network. EIGRP would probably be fine for this network, it's not that big.
Be sure to specify that the classroom switches should be cofigured to be end-user connections and disable trunking, channeling, spanning tree, etc. and enable BPDU guard on the switches to prevent spanning tree loops.
I think you're right on with the security - Make sure each IDF has a teacher VLAN and write ACLs on the MDF L3 switches to prevent students from accessing admin servers.
VLANS are a must, with the various switches and security requirements. Do not, however, implement any trunking unless you really need to. Schools don't usually have high-talent network engineers on staff to handle troubleshooting trunking issues. (See earlier comment on "keep it simple").
- G