Re: Multiple IP Schemes for Different Buildings
Here's a couple of link on Trusts.
http://www.microsoft.com/windowsserver2003/community/centers/security/security_faq.mspx
http://technet2.microsoft.com/windo...52b2-4985-84aa-4fb95486828c1033.mspx?mfr=true
DHCP broadcast is on the local subnet only, unless you specifically forward
it on the switch or router, so they won't interfere.
The second site needs a router to act as the subnet's gateway. You need that
router to forward internet traffic to your firewall. It would have a line in
the config like ip route 0.0.0.0 0.0.0.0 [meaning anything that does not
have a specific route elsewhere] 192.168.1.1 [your firewall]. The second
site can't use the firewall directly as a gateway, because clients have no
way to get to it except through a router.
255.255.255.0 is the "mask". It tells you that you only need to look at the
end octet to identify the device. 192.168.x.0 address ranges generally have
that mask.
As your two sites have (presumably) been working fine up to now, you just
need to have a router on the second site with two ethernet interfaces,
connected to both networks, and forward everything it doesn't know about to
the firewall on the first site.
Hope that helps,
Anthony
http://www.airdesk.co.uk
"Tom" <Tom@discussions.microsoft.com> wrote in message
news
DEC7AC7-38F3-4167-9EAC-06BA942250B2@microsoft.com...
> Thanks for the info.
> We would like to keep separate AD domains for now since we have a lot of
> software that would need to be changed if we reduce to one.
> Can you send me a link on how to setup a two way trust?
> If each server has it's own DHCP server then I don't need to worry about a
> client in one building getting an IP from the wrong server?
> We currently have a linksys router that will share the internet for both
> buildings. Can setup both DHCP servers to point their default gateways to
> the same router?
> Our current DHCP servers are using the same subnet: 255.255.255.0 , but
> the
> IP ranges are different: 192.168.1.x & 192.168.2.x. Should I change
> that?
> Any links would be greatly helpful. I sure appreciate you taking the time
> to answer.
> Thanks,
> Tom
>
> "Anthony" wrote:
>
>> Tom,
>> 1) If you don't need separate AD domains you can consider reducing them
>> down
>> to one
>> 2) For now, you could just set up a two way trust
>> 3) Ideally you would want at least two DC's for a domain anyway
>> 4) This has no bearing on DHCP
>> 5) Sharing an internet connection is just a routing matter. It does not
>> affect domains or DHCP
>> 6) As you have a server in each subnet, you can just leave it at that.
>> Each
>> server can run DHCP for its own subnet.
>> 7) If you ever wanted to, you can run more than one subnet on one DHCP
>> server. You use an ip-helper address to forward requests from each subnet
>> to
>> the DHCP, where it answers with the relevant scope.
>> Hope that helps,
>> Anthony
>> http://www.airdesk.co.uk
>>
>>
>> "Tom" <Tom@discussions.microsoft.com> wrote in message
>> news:47E65682-14A6-4C1F-AFB2-38AE80435474@microsoft.com...
>> > Thanks for the response Anthony. Sorry I didn't explain it better.
>> > The
>> > problem is I have 2 primary domain controllers on the same network.
>> > They
>> > were separate networks, but once they were connected with the T1 they
>> > now
>> > are
>> > sharing the same Internet connection. They server different domains.
>> > Ex.
>> > example.com and example1.com. The each are running their own DHCP
>> > server
>> > with different IP addressing Ex. 192.168.1.x and 192.168.2.x. We have
>> > to
>> > many machines to have just one scope. So should I make one of the
>> > servers
>> > a
>> > secondary domain controller and join the domains?
>> > Thanks,
>> > Tom
>> >
>> > "Anthony" wrote:
>> >
>> >> Tom,
>> >> Not sure if I understand the question correctly.
>> >> A DHCP server can serve more than one scope. On the "other" subnet
>> >> from
>> >> the
>> >> server you need to add an ip-helper address or some other way of
>> >> forwarding
>> >> the DHCP request from the client. This is normal practice when
>> >> splitting
>> >> a
>> >> LAN into VLANS.
>> >> You can also have more than one DHCP server serving a subnet, but they
>> >> can't
>> >> have the same range of addresses to give out. You need to use
>> >> exclusions
>> >> to
>> >> keep different ranges on different servers. There is no way in MS to
>> >> share
>> >> the DHCP database of leases.
>> >> Hope that helps,
>> >> Anthony -
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >>
>> >>
>> >> "Tom" <Tom@discussions.microsoft.com> wrote in message
>> >> news:5A284B9F-0D1D-40DE-A879-5D2C7AC915C8@microsoft.com...
>> >> > Hello,
>> >> > I currently have 2 office buildings each with their own dc and dhcp
>> >> > servers.
>> >> > However, we are going to connect the 2 buildings for internet
>> >> > purposes,
>> >> > but
>> >> > need to maintain the separate IP scopes. How can I have both dhcp
>> >> > servers
>> >> > running and have them only give a certain range of IPs for each
>> >> > building.
>> >> > Ex. Building one uses 192.168.1.x
>> >> > Building two uses 192.168.2.x
>> >> > Thanks for the help.
>> >> > Tom
>> >>
>> >>
>> >>
>>
>>
>>