Re: Creating subnets
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Wed, 24 Dec 2008 13:32:46 -0600
"liddlem" <liddlem@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B8958488-5CBB-4C19-9EB5-348C33A0BF77@xxxxxxxxxxxxxxxx
Hi Folks
This message previously posted at Server/SBS, but I was advised to put it
in
Servers/Windows Server 2003 or WS 2008 - I can seem to find either, so I
hope
this is now the right location?
I am busy setting up a network in a school and need to have more than one
subnet as we will run out of ip addresses when new PCs are purchased soon.
Seperate servers are being run up for staff and students respectively.
Someone has suggested that I establish 2 seperate domains (one on each
server) rather increase the subnet range. Apparently...windows explorer
takes
a lot longer to explore the network when there is a wider subnet????
That would be a silly reason to create a Domain.
Subnets and Domains really have no relevance to each other at all.
So the recommended/suggested network would look like this . . .
STAFF.DOMAIN | STUDENT.DOMAIN
AdminSvr StaffSvr | StudentSvr
192.168.1.1 192.168.1.2 | 192.168.2.1
If the Mask is 255.255.255.0, fine, that looks good. Subnets should be
allowed to be over 250-300 Host and that mask gives 254 hosts,...perfect.
But I do have a few issues with this configuration..
1) I would like Staff to have access to the Student SERVER, but not the
other way. I can manage this via GP.
Define "access"?? That could mean anything. And GP may not even be
relevant. You never access "a Server",...you access resources presented by
the Server,... and access is controlled differently based on what those
resources are. The File System access is controlled by NTFS permissions and
Share permissions,...other types or resources are controlled in other ways.
I don't see how GP has anything to do with that.
2) Staff often log onto student PC (in the student PC lab) for training or
because they dont have a desktop PC of their own. So I cannot lock the PC
lab machines to the student domain only.
Not relevant. That is the wrong way to look at securty anyway. You are
looking at it as protecting "machines from other machines",...instead
of,...protecting Resources from User Accounts
3) How do I share common printers?
A "shared" printer is a specific thing,...it is controlled by user account
via Share Permissions just like the File System is done.
If you mean you have Printers running from a TCP/IP Port then those are not
"shared",...they are simply available to anyone. But they can only be
installed on a machine as a "local" printer by an administrator. They are
available to all users on the machine once that is done. So,... don't let
people be Local Admins on their machine if you don't want them installing
anything.
4) and then the obvious - I would have to manage 2 sets of AD, 2 intranet
sites, 2 etc etc.
Forget two Domains,...run one Domain.
There are no "sites" in this discussion.
Classroom Domains in classes where they are teaching students about working
with Domains are irrelevant and are torn down, built up, torn down,built up
over and over and they do not interact with the School's Domain. They are
irrelevant and are not considered in this.
So my questions are....
1. Will increasing the subnet range (or is that "scope"?) slow down
Windows
Explorer response time THAT much?
Keep the number of hosts per subnet to 250-300,...but if you hit 301 it is
not going to crash and fall on its face. But the big problem is that you
have now created a structure that is difficult to undo. You can not use all
the addresses it now posseses because it *would* be too big *then* and you
can not use them else where because you would create address conflicts so
you have effectrively thrown away hundreds of addresses.
It is this simple:
Create a mess, the mess will always grow,...do not create a mess and you
will never have a mess.
If NOT . . . then. . .
Limit the subnets to less than 300 hosts. So use 255.255.255.0 which gives
254 and leave it that way. Create more subnets if you need them and insert
LAN Routers between them. Yes the school can afford a LAN Router or
two,..if they can put gas in the school bus they can afford a couple LAN
Routers.
Whether you create the new segments and run them with static addresses or
use DHCP is kind of irrelevant. But if you use DHCP all you do is create a
*NEW* Scope (no superscopes!!) for the new Subnet and that is it,...nothing
else on the DHCP Server. Then on the LAN Routers between the subnets all
you do is configure them to forward the DHCP queries to the DHCP Server. In
some routing products these may be called Helper Addresses,...in others they
may be called something else,...read the router's documentation.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
.
- Follow-Ups:
- Re: Creating subnets
- From: Rich Wonneberger
- Re: Creating subnets
- References:
- Creating subnets
- From: liddlem
- Creating subnets
- Prev by Date: Re: Email Alerts on Server 2003 R2?
- Next by Date: Re: Creating subnets
- Previous by thread: Creating subnets
- Next by thread: Re: Creating subnets
- Index(es):
Relevant Pages
|
