network config - communicate between test lab and production environnement

Hi,

We have a lab environnement that is setup on a separate switch. The switch is not connected at all on the production environnement. however this is not very practical when we want to access files on the internet.

I wanted to know if it possible to keep it separate so that the DC and DNS,DHCP,WINS server on this lab environnement do not interfere with our production environnement.
If I use a router like a linksys 4 port wired router and setup a port forwarding on separate subnets

Example :
Production environnement subnet 192.168.0.x connected via switches to cisco router and firewall and then to internet.
Lab environnement subnet 192.168.2.x connected via switches to a linksys router, then to the production env switch and then go to cisco router and firewall .. ..

is that even possible ??
matanguayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig_200XCommented:
Yes - I dont think its the best practice, but Microsoft says it can be done in a Separate AD forest here:

http://www.microsoft.com/dynamics/crm/using/12/buildtestenvironment.mspx


Craig
Craig_200XCommented:
disregard the CRM info
matanguayAuthor Commented:
yeah i know i can have two separate forests and all but the dhcp will interfere .... if I use a router i can filter packets coming on the router so dhcp requests and other stuff dont get to my lab and mess up my production environnement. but I dont know how to do it :(

C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Craig_200XCommented:
A DHCP server can provide IP addresses to client computers on remote multiple subnets only if the router or switch that separates them can act as a BOOTP Relay. DHCP traffic uses the User Datagram Protocol (UDP) ports of 67 and 68. Filtering those ports will prevent DHCP traffic (and BOOTP relays).
matanguayAuthor Commented:
so if I simply plug the router on a switch port and create trusts for file sharing only and internet access it should be ok ???
Craig_200XCommented:
yes. Separate forests.
matanguayAuthor Commented:
ok but what ports do I have to open to allow file sharing and terminal services from the production env. ??
Craig_200XCommented:
TCP 445 for filesharing
TCP 3389 for terminal servicer(s) or remote desktop
matanguayAuthor Commented:
One last detail.

On my router, I do not want to use port forwarding as it will only point to one computer, I need instead to use Static routes (correct me if I'm wrong). Now I tried setting that up on a linksys befsru31 router and I could not get it to work properly. Please tell me if you know it .. if you dont i'll just use port forwarding and accept your answer as it was my original question.
Craig_200XCommented:
click the Show Routing Table button to view the current static routing configuration.

To create a static route entry:
1. Select a Static Route Entry from the drop-down list. The Router supports up to 20 static route entries.
2. Enter the following data to create a new static route.

Destination LAN IP: The Destination LAN IP is the address of the remote network or host to which you want to assign a static route.

Subnet Mask

Default Gateway

Hop Count: This determines the maximum number of steps between network nodes that data packets will travel. A node is any device on the network, such as PCs, print servers, routers, etc.

interface: Select LAN or WAN, depending on the location of the static route’s final destination.

3. When finished making your changes on this tab, click the Apply button to save these changes, or click the Cancel button to undo your changes.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.