gamm
asked on
2 Domains on the same switch causes problems
I need to setup 2 local domains on 1 switch.
I've setup the 2 domains as abc.com.au and xyz.com.au.
I've given them different network setup:
abc.com.au 192.168.1.x/24
xyz.com.au 192.168.2.x/24
When I plug the xyz.com.zu server into the same switch, I get errors in Event Viewer, it seems to still be picking up the servers (such as dhcp) on the abc.com.au domain.
What am I not doing correctly?
abc.com.au has a few servers (2000 & 2003), xyz.com.au I am just setting up now (1 x 2003sr2).
I've setup the 2 domains as abc.com.au and xyz.com.au.
I've given them different network setup:
abc.com.au 192.168.1.x/24
xyz.com.au 192.168.2.x/24
When I plug the xyz.com.zu server into the same switch, I get errors in Event Viewer, it seems to still be picking up the servers (such as dhcp) on the abc.com.au domain.
What am I not doing correctly?
abc.com.au has a few servers (2000 & 2003), xyz.com.au I am just setting up now (1 x 2003sr2).
do these servers ever need to communicate? = do the servers in domain abc.com talk to the servers in xyz.com for any reason?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Agree with avilov that's why i'm asking if they need to be seperated. i have a feeling its for security which is good they are in different domains but your ip addresses aren't seperating them by being in different subnets if they are in the same layer 2 switch without vlans. They could still jump to the other domain it would be better (more secure) with vlans the cheaper eaiser way or a layer 3 switch to seperate or a router between. do vlans if the switch supports it.
ASKER
I was thinking of using VLANs as I've heard of them, haven't used one before though & don't know if my existing HP Procurve 2650 switch supports it?
ASKER
We want to separate them as the one department has to open a lot of holes in firewall, so we set them up on their own.
I will have to look up the event viewer messages...
I will have to look up the event viewer messages...
ASKER
They are not in the same forest.
Q: By default, VLAN support on the HP ProCurve Switch 2650 and Switch 6108 is enabled. Can you disable VLAN support like you can on the Switch 4000m?
No. VLAN support cannot be disabled on the HP ProCurve Switch 2650 and Switch 6108. By default, all ports are configured in the default VLAN (DEFAULT_VLAN). The following table shows the differences among the ProCurve Networking by HP switch products with respect to VLAN support:
No. VLAN support cannot be disabled on the HP ProCurve Switch 2650 and Switch 6108. By default, all ports are configured in the default VLAN (DEFAULT_VLAN). The following table shows the differences among the ProCurve Networking by HP switch products with respect to VLAN support:
if they have a lot of holes open to their domain then that is all the more reason to seperate them at the network level as well as the OS domain level. Get the manuals from hp.com and setup vlans that would be the easiest option since the switch supports them.
your switch does support VLANs as well as it is L3 switch, that means that you need to take care of removing routing between these networks, because by default they will be connected
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys,
I will have a read through the VLAN pdf and will post a reply (might take a little while, it's 36 pages long).
Cheers.
I will have a read through the VLAN pdf and will post a reply (might take a little while, it's 36 pages long).
Cheers.
DHCP servers do not respect domains, they will give out an IP address to any machine that asks for one as a t the point of asking for an IP the identity of the requesting machine cannot be verified - as it has no IP address.
If you want to set up a vlan you will need a layer3 switch and configure it accordingly. Alternativey you have two other options:
1. Switch all IPs to static IPs - that will cure the problems but may be imparactical -0 depends how many machines you have
2. Use CLASSIDs to make sure that certain machines always get an IP from a particular scope. see http://articles.techrepublic.com.com/5100-6345-1056706.html especialy the part about ClassIDs
If you want to set up a vlan you will need a layer3 switch and configure it accordingly. Alternativey you have two other options:
1. Switch all IPs to static IPs - that will cure the problems but may be imparactical -0 depends how many machines you have
2. Use CLASSIDs to make sure that certain machines always get an IP from a particular scope. see http://articles.techrepublic.com.com/5100-6345-1056706.html especialy the part about ClassIDs
Just trying to understand the reasoning here to see if it follows best practices?
Are the domains in the same forest?