Re: Adding a second domain.
- From: "Kurt" <lorentzenkurt@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 7 Dec 2005 20:04:29 -0800
If you create VLANs, you can segregate broadcast traffic into one subnet or
the other. You'll need a router to pass traffic between the VLANs if your
switch is not a layer-three switch. Once you do that, you can have a DHCP
server and a DC on each VLAN (and yes, they'll have to be different subnets
in order to route). As far as your question beginning with "Now, for our
environment", I don't know enough about your environment to answer. But from
your original post, you said domain 1 need to be able to access a server in
domain 2 but domain 2 shouldn't be able to access domain 1 at all. This
could be accomplished real easily with routes:
If the Internet router is in the subnet for domain 1, all of the
workstations in domain 1 will use the Internet router as their default
gateway, so they won't have a route to domain 2's subnet. The file server
will have a static route (using the "route add" command in a batch
file/startup script) to the domain 2 subnet via the inter-vlan router.
On the other side, domain 2's clients will have the inter-vlan router as
their default gateway, and the inter-vlan's default route will be the
Internet router. That technically will give domain 2 access to domain 1, but
since domain 1 (all but the file server) doesn't have a route back, no
connections will be made.
You'll have to work around the lack of a trust if the file server is joined
to domain1 by adding local accounts and permissions for users in domain 2.
....kurt
"it-al" <ital@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A2108036-9BCF-4025-83A3-6970E288E16E@xxxxxxxxxxxxxxxx
> Thanks for replying, I appreciate your help.
>
> So, if I can create a VLAN on one of the blades of our switch then I can
> contain broadcasts from each domain, correct? And once i do that, then
> each
> domain can have it's own dhcp server and independently authenticate their
> own
> respective users, right?
>
> You brought up the subject of not needing both a separate subnet and
> separate domain for our scenario. I always thought, incorrectly it seems,
> that you need a separate subnet for each domain you add into your
> environment. Now, for our environment, do we need another subnet given the
> same requirements (each domain having it's own domain name, dns, dhcp, ad
> authenticating its own set of users)?
>
> As for SBS not being able to set up trusts, I didn't know that and i'm
> dissappinted but not a major stumbling block, we can work around that.
>
> I'm new at this, personnel changes and company directives have conspired
> to
> drop IT responsibility onto my novice lap. Thank you again.
>
>
> "Kurt" wrote:
>
>>
>> If the DHCP servers are connected to the same switch, you won't have any
>> way
>> of separating the clients. DHCP is broadcast based, and the first DHCP
>> server that responds to a request will issue the IP address, no knowing
>> or
>> caring which subnet the computer requesting the address is supposed to be
>> in. This is also true if you use a router with both interfaces plugged
>> into
>> the same switch. You will need to physically or logically (VLANs) contain
>> broadcasts for each subnet. But do you need two domains? or two subnets?
>> You
>> don't have to have both. You can have two domains in the same subnet.
>> Both
>> domains will show up in the browser (My Network Places), but domain
>> membership and permissions will prevent users from different domains from
>> being able to access resources in the other. If you need one-way
>> permissions
>> between domains, you can create a one-way trust.
>>
>> ....kurt
>>
>> "it-al" <ital@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:D0703BF1-6778-4D05-844A-737BEAC5EB4D@xxxxxxxxxxxxxxxx
>> > What is the best way to add another domain into your existing network?
>> >
>> > The current Domain1 (10.10.10.xx) contains four 2k3 servers: AD, Exch,
>> > File,
>> > and Web. Everyone is connected to an HP Procurve switch and goes out to
>> > the
>> > internet through a PIX firewall. The AD server is also running DNS and
>> > DHCP.
>> >
>> > We need to add another domian, Domain2 (10.10.11.xx), into our existing
>> > infrastructure. The new domain will have 2 servers: an SBS 2k3 server
>> > running
>> > AD, DNS, DHCP, and Exchange, and a 2k File/Web server.
>> >
>> > Domain1 needs to be able to access Domain2's File/Web server but
>> > Domain2
>> > should not be able to browse or access anything in Domain1.
>> >
>> > Is it just a matter of entering the appropriate domian names and ip
>> > addresses on Domain2's servers and then connecting them to the same HP
>> > Procurve switch? Because they are on a different ip address scheme,
>> > 10.10.10.xx vs. 10.10.11.xx, there should be not DHCP or any other
>> > conflicts
>> > right? Will I need a router to sit between the two domains or will the
>> > switch
>> > be enough?
>>
>>
>>
.
- References:
- Re: Adding a second domain.
- From: Kurt
- Re: Adding a second domain.
- From: it-al
- Re: Adding a second domain.
- Prev by Date: Re: Change the default IP in ICS
- Next by Date: Re: Extremely slow connection to network shares.
- Previous by thread: Re: Adding a second domain.
- Next by thread: W2k3 Shared Folder help
- Index(es):
Relevant Pages
|
