Best way to divide LAN into 2 subnets and share Internet conx


I have a network that I would like to divide and have two separate subnets that use the same Internet connection.

Currently the Internet comes in through an Adtan box, then to our D-Link router, then that router out several ports to switches, to PCs.

There are some computers that belong to a domain on a Small Biz Server 2003 and there are other computers that do not log into anything and only use the Internet.

The D-Link router is the dhcp server and gateway.

I would like to:
1. Keep the existing D-Link router configured to provide dhcp to the domain computers on one network.
2. Create a second network with its own dhcp to provide to the other computers not on the domain.
3. Keep the new network from possibly interfering with the domain network.
4. Allow them both to access the Internet via the Adtran box.

I have routers and switchs available. I just need to know the easiest, least-intrusive way to reconfigure it.
Well the main problem you have here is the second DHCP server.  You can use the small biz server to handle DHCP for the one network and the router for the other.

They simply need to all have the same gateway to get out to the net.

anon12000Author Commented:
Yes, the second dhcp server is my main problem.

I would like to not use the SBS for dhcp. Instead leave the existing router providing dhcp to that network.

How do I simply give them both the same gateway? Right now the gateway ip is the existing router/dhcp server.
Yes and without a second dhcp server it is not going to work, well with DHCP anyway.

anon12000Author Commented:
I was thinking that I could simply use 2 or 3 routers.

Maybe isp's Adtran to one router (without dhcp), from that router to 2 other routers (both with dhcp and acting as the gateway for their respective networks).

This will not work?
Yes it will, the new router also counts as a dhcp server.  

You will run into problems (most likely) with VPN and other web services.  The reason is you will be double natting.  Which mean you will NAT to an internal IP for both router, then NAT again to the clients.

If you are not using or dont plan on using advanced services such as VPN this solution will work.

You don't need to double NAT. You can easily disable NAT on the second tier of routers with no adverse effects as long as you route the internal subnets in the Adtran. You actually might be able to set this up without another router depending on the capabilites of the Adtran and D-link. What model Adtran and D-link are you using?
anon12000Author Commented:
Ok, I understand that thanks.

I'll have to check on the Adtran ## as it is provided by the isp and I'm not sure how much they are even willing to, or can, modify its configuration.

Our D-Link is the home use type, either the di-604 or similar. I can get its model number tomorrow.

How about leaving both the Adtran gateway and the existing d-link router in place and linking another router off of one of its ports? Can that new router run dhcp and be the gateway out to the d-link router for the PCs on that network?
anon12000Author Commented:
Or what about?:

ISPs Adtran to a switch.
The existing d-link router and a new router attached to the switch and being dhcp server and gateway for their respective workgroups.
Each router has a workgroup switch attached and the respective PCs are attached to that switch.
     switch (with VLAN ability - a good can be had for about 350.00) also dhcp capable.
      VLAN 2          VLAN3      (vlan1 is usually management vlan)
SBS Domain         workgroup

lock and load grunts
anon12000Author Commented:
OK Mark, that is very promising info. I likely have access to a Cisoc switch w/ vlan. I'll check into it.

A couple of questions though please:

If I can't get a vlan switch with dhcp can i just plug the existing d-link router into a vlan port for that network and have it work? like this:

adtran>vlan switch>router1>switch

What devices IP will the client PCs have as the gateway in either configuration?

anon12000Author Commented:
I guess that this isn't as simple as imagines it would be. Increasing points.
anon12000Author Commented:
- The isp's Adtran is a Total Access 612
- I have some switches that appear to be vlan capable: some Baystack 420-24T, some Cisco Catalyst 2900, and an HP Advancestack 12R

Can I go Adtran>vlan switch>(2) workgroup switches>clients and:
1. Use the dhcp from the sbs203 server to provide for vlan1
2. Use existing d-link router to provide dhcp for vlan2
3. Have both vlans share the Adtrans internet? Where is the gateway?
1. tes use sbs for dhcp. You will need to use dhcp helper
3. you don't need it
4. yes. GW  would be the the interface to the router in my rendering
anon12000Author Commented:
I've been researching this weekend reagarding your suggestions but still do not understand.

1. "dhcp helper": Do you mean the same thing as a DHCP Relay Agent? That is the only thing I could find close to "helper". Would that would be another computer on the vlan3 that relays dhcp info to/from the SBS dhcp server on vlan2? What software would it need to run? Isn't it possible to let vlan3 have its own dhcp server, maybe a router?
4. So the gw would be the switch port that connects the isp's Adtan to our network? So my vlan switch would need to be able to assign a specific port as the gw?

Thanks for your help and clarification.
anon12000Author Commented:
Hello, I'm still needing to do this.

Can anyone please help? I need "hand holding" as I don't understand some of the info above. Step by step would be ideal.

More points available.

A. Internet to ISP's Adtran (cannot modify this) to our Baystack 420-24T vlan switch to (2) seperate networks.
B. Domain with SBS2003 server on one network providing DHCP.
C. Need to isolate the non-domain PCs on the second network and have someway to provide them DHCP.
D. Have routers. (1) existing one is between Adtran and full network providing port forwarding for remote access and other services.
E. Would really like to be able to use port forwarding still.
anon12000Author Commented:
Just Closing.
