General discussion

Locked

Network redesigning problem....

By abubin ·
My LAN currently is setup with subnet 192.168.1.x/24. I have a linux server serving internet service also in same subnet. There is 2 windows 2000 server running the domain and DNS services.

All clients connect to domain with this credentials assigned by DHCP server from both the windows2000 server.

ip : 192.168.1.x
subnet : 255.255.255.0
dns 1 : 192.168.1.2
dns 2 : 192.168.1.3
gateway : 192.168.1.4 (linux server)

So for, no problem. But now, I want to add another subnet to the system. Perhaps 192.168.2.x. But I am not sure how to do this.

I was thinking of adding another NIC to the linux server and it will act as a router to connect the 2 subnet. But then, what about the win2k servers and the DNS servers? If I continue using the win2k servers like this, how does the new subnet login to the domain? Do I absolutely need to have another set of domain servers?

This conversation is currently closed to new comments.

19 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Network redesigning prob ...

You add the sunet to the Active Directory Sites and Services and associate it with your AD site. You do not need a new set of domain controllers.

Collapse -

by CG IT In reply to Network redesigning prob ...

Typically subnetting is done by a router or a VLAN capable switch.

A Windows Active Directory Environment can handle a large # of users spread over a large geographical area by the use of sites. Windows AD defines a site as a subnet connected by fast links. Creating sites and associating a subnet to a site is done in Active Directroy Sites and services. A DC or GC along with operational master roles do not need to be installed in a site if the site has a small number of users or a small # of users and not servers in the site. If you create your site in AD sites and services and associate that site to a subnet, users on that subnet can access the Global Catalog at another site for log in. All that is needed is a WAN link [typically complished by a router].

Collapse -

by CG IT In reply to

Note: you can have 1 large site in a single domain. you can have multiple sites in a single domain and you can have multiple domains within a site [but you need multiple DCs to service the multiple domains within a site] remember a site is a subnet connected by fast links and is not a logical structure [like AD and Domains are] but a physical structure.

Collapse -

by CG IT In reply to

What confuses a lot of people is the logical structure of Active Directory and Domains vs the physical structure [topolopy] of a network. Sites are physical structures because they are subnets connected by fast links. your second subnet can be setup as a site [if you want and if your practicing setting up sites on a test network] and using the best practice of small # of users or small number of users and no servers in a site [provided the site has reliable and fast link] you don't need a DC or GC at the site.

Collapse -

by wmr02 In reply to Network redesigning prob ...

You could just change your subnet mask to 255.255.252.0 which would give you a range of addresses ranging from 192.168.0.1 to 192.168.3.254

Collapse -

by abubin In reply to

Poster rated this answer.

Collapse -

by CG IT In reply to Network redesigning prob ...

I put in a suggestion here and for some reason it doesn't show up. I'll try to recap.

First to answer your question do you absolutely need to have another set of domain servers? No you don't.

If you continue to user your existing W2K DNS servers, how does the new subnet login to the domain? By creating a Site in AD sites and Services, then associating that site with the subnet.

Sites are subnets connected via Fast links. A router is normally used for subnetting but you can use a VLAN as well. Sites do not have to be in different physical locations [as in a test network setup where the subnets are seperated by a router and the 2 routers that connect the subnets together happen to be within 3 ft of each other] but a site is typically thought of as a in a different physical location than other sites. Best practice is that is sites have a small # of users and a fast reliable link that has adequate bandwidth and/or small # of users and no server, then you don't need a GC at the site for user login. They can use the fast reliable WAN link that has adequate bandwidth to use a GC at another site for log in.

Hope that helps ya.

Text book stuff.

Collapse -

by CG IT In reply to

Note: users who VPN in through RRAS are remote users and when they make a connection its as if they are directly connected to the network which is NOT the same as a site defined in Active Directory. AD sites are well connected subnets basically using dedicated lines router to router.

Collapse -

by abubin In reply to

I have looked into setting up sites in AD. I manage to setup another site. But without a server assigned to that site, how would login from the other subnet be able to resolve? How would the other subnet be able to find the DHCP server? Therefore, I would really need at least a DHCP server (maybe from router) to assign the IPs before they can find where is the gateway?

Collapse -

by CG IT In reply to Network redesigning prob ...

welp, it goes like this, clients are configured to look for remote DNS servers over the WAN link in which to authenticate to not local DNS servers on their subnet [which there isn't any] [DNS provides the SVR and PTR records to the DC Global Catalog server]. This is done on a dedicated link NOT via the internet. If you want and are running DHCP on one subnet and want that DHCP server to issue IP addresses to computers on another subnet, add in a DHCP relay agent on the subnet you need IP addresses for. You can create different scopes of IP address in DHCP for different DNS zones in the DNS namespace. Therefore you can create a site, associate a subnet to that site, then give that site it's own DNS namespace [zone], create a scope of IP addresses in DHCP and for that zone, authorize DHCP for the zone to service clients in that site [it's own DNS namespace].

Back to Networks Forum
19 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums