Solved

Use W2K3 as LAN router

Posted on 2008-10-07
7
782 Views
Last Modified: 2012-06-21
At our school we have a remote building linked by a wireless bridge. Performance was poor, so I added a local DC to serve this building. The wireless bridge requires that both ends be in the same subnet. Some things still get serviced from the main servers across the slow link occasionally. I need to separate the building into a separate subnet. I have installed a 2nd NIC in the server.  The NIC pointing at the bridge is 10.66.16.21/24 and the one to the LAN is 10.66.18.2/24.
The local DHCP allocates addresses in 10.66.18.0/24 with default gateway as itself, 10.66.18.2. From the server, I can ping the main site, and connect to the internet via the main site gateway. I can also connect to the local PCs.  I turned on RRAS and added 0.0.0.0/0 gateway 10.66.16.21 to the bridge interface, and 10.66.18.0/24 gw 10.66.18.2 to the LAN interface. The local PCs can see the local server, but not the main network. What am I doing wrong? The router just isn't routing! How do I break down the problem to test it? Are there test programs to run?
0
Comment
Question by:kmaynard
  • 4
  • 2
7 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22670426
NIC with 10.66.18.2: no gw
NIC with 10.66.16.21: gw=<ip of other end of bridge> (10.66.16.2?)
Client-LAN 10.66.18.0/24: gw=10.66.18.2

Multihomed DCs are a headache and should be avoided.
To avoid problems with authentication, do not use the bridge server as DC because the clients might try to reach the far interface instead of the nearest. It would be better to put the extra NIC in a second member server.
0
 

Author Comment

by:kmaynard
ID: 22676961
The scale of our operation makes that unrealistic unfortunately. I make the PCs in the remote location members of a group, and use that to apply GPOs to ensure the local DC is used to provide local services to restrict traffic across the slow link.  There's a DHCP server at the main site, and one with a disjoint set of addresses at the remote building.The only thing I can't seem to stop is that the DHCPs sometimes serve PCs on the wrong side of the link. That's why I wanted a separate subnet - unless there's another way of constraining which DHCP gets used? I really don't want to have to allocate IP addresses manually.
0
 

Author Comment

by:kmaynard
ID: 22681797
What about putting an old PC with 2 NICs in series with the wireless link? Set the IProutingenable (or whatever it is) registry key, then use IP filtering. Would this work?  If so, what protocol would need filtering out?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 250 total points
ID: 22691907
I re-read question, and don't see why you nead server with 2NICs.

You already have the wireless bridge and separate subnets.
Add DC to remote site, but skip the extra NIC.
Configure the separate subnets as different sites by using dssite.msc and ensure that the DCs are located in correct AD-site. The clients in each site will automatically prefer their local DC.
Configure both DCs as GC (servername\NTDS-settings -> right-click -> Properties -> Global Catalog) by using dssite.msc
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 22692039
I am assuming your configuration is something like:

        Internet
             ||
  Router(10.66.16.254)
             ||
     (10.66.16.253)
     Wireless Bridge
     (10.66.16.252)
             ||
     (10.66.16.100)
         2nd DC
     (10.66.18.100)
             ||
           PC's

Nothing wrong with your concept. I would agree with henjoh09's comment about multihomed DC's, in that they can be a little problematic, but that is not to say you can't make it work. The issue is mostly making sure DNS is working properly. For starters work with IP's, both pinging and connecting to sites such as Google http//64.233.187.99/ to make sure DNS is not coming into play.

-One of the key issues I see is "10.66.1.0/24 with default gateway as itself". The 2nd DC's LAN NIC should have no gateway at all.
-Within RRAS you should only have to enable it and enable LAN routing, nothing else. Were the server knows the two adjoining subnets it should be able to automatically handle the routing.
-The other thing you are missing is the return route. On the router 10.66.16.254 above should have a route added (based on above example):
route add 10.66.18.0 mask 255.255.255.0 10.66.16.100
Alternatively rather than adding the static route on both the router and in RRAS you can enable RIP v2 dynamic routing.

-As for DHCP issues. On the second DC make sure DHCP is only bound to the LAN adapter [DHCP management console | right click on server and choose properties | advanced | bindings]
-Similarly I would do the same for DNS [DNS management console | right click on server and choose properties | Interfaces | only the following IP addresses -just the LAN IP]
-DHCP should be assigning the 2nd DC's LAN IP for DNS as the primary DNS server for client machines, and the 1st DC as the alternate/second DNS. It should also be handing out 10.66.18.100 (per example) as their gateway address.

If having problems with DNS, Active Directory, or replication let us know as that can be addressed once pinging works.

--Rob
0
 

Author Comment

by:kmaynard
ID: 22745711
Thanks for the suggestions. In fact, I am not going to be able to play with this stuff for some time, so I will split points. Hope that's OK. Note to other readers: I haven't actually proved this yet, but both suggestions are worthy.

Currently, the only problems arise if the wrong DHCP server awards an address. Our net is stable, so I have increased the lease to 90 days, and checked that any new clients get the right address when I add them. It seems that 'lease renew' is preferred to getting a new address, so most of the problem has gone away.

Replication, WSUS, Symantec slave AV server all working OK, so I'm inclined to leave well alone for now!
0
 

Author Closing Comment

by:kmaynard
ID: 31504058
Thanks very much for your help.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question