Use W2K3 as LAN router

Posted on 2008-10-07
Last Modified: 2012-06-21
At our school we have a remote building linked by a wireless bridge. Performance was poor, so I added a local DC to serve this building. The wireless bridge requires that both ends be in the same subnet. Some things still get serviced from the main servers across the slow link occasionally. I need to separate the building into a separate subnet. I have installed a 2nd NIC in the server.  The NIC pointing at the bridge is and the one to the LAN is
The local DHCP allocates addresses in with default gateway as itself, From the server, I can ping the main site, and connect to the internet via the main site gateway. I can also connect to the local PCs.  I turned on RRAS and added gateway to the bridge interface, and gw to the LAN interface. The local PCs can see the local server, but not the main network. What am I doing wrong? The router just isn't routing! How do I break down the problem to test it? Are there test programs to run?
Question by:kmaynard
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22670426
NIC with no gw
NIC with gw=<ip of other end of bridge> (
Client-LAN gw=

Multihomed DCs are a headache and should be avoided.
To avoid problems with authentication, do not use the bridge server as DC because the clients might try to reach the far interface instead of the nearest. It would be better to put the extra NIC in a second member server.

Author Comment

ID: 22676961
The scale of our operation makes that unrealistic unfortunately. I make the PCs in the remote location members of a group, and use that to apply GPOs to ensure the local DC is used to provide local services to restrict traffic across the slow link.  There's a DHCP server at the main site, and one with a disjoint set of addresses at the remote building.The only thing I can't seem to stop is that the DHCPs sometimes serve PCs on the wrong side of the link. That's why I wanted a separate subnet - unless there's another way of constraining which DHCP gets used? I really don't want to have to allocate IP addresses manually.

Author Comment

ID: 22681797
What about putting an old PC with 2 NICs in series with the wireless link? Set the IProutingenable (or whatever it is) registry key, then use IP filtering. Would this work?  If so, what protocol would need filtering out?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 31

Accepted Solution

Henrik Johansson earned 250 total points
ID: 22691907
I re-read question, and don't see why you nead server with 2NICs.

You already have the wireless bridge and separate subnets.
Add DC to remote site, but skip the extra NIC.
Configure the separate subnets as different sites by using dssite.msc and ensure that the DCs are located in correct AD-site. The clients in each site will automatically prefer their local DC.
Configure both DCs as GC (servername\NTDS-settings -> right-click -> Properties -> Global Catalog) by using dssite.msc
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 250 total points
ID: 22692039
I am assuming your configuration is something like:

     Wireless Bridge
         2nd DC

Nothing wrong with your concept. I would agree with henjoh09's comment about multihomed DC's, in that they can be a little problematic, but that is not to say you can't make it work. The issue is mostly making sure DNS is working properly. For starters work with IP's, both pinging and connecting to sites such as Google http// to make sure DNS is not coming into play.

-One of the key issues I see is " with default gateway as itself". The 2nd DC's LAN NIC should have no gateway at all.
-Within RRAS you should only have to enable it and enable LAN routing, nothing else. Were the server knows the two adjoining subnets it should be able to automatically handle the routing.
-The other thing you are missing is the return route. On the router above should have a route added (based on above example):
route add mask
Alternatively rather than adding the static route on both the router and in RRAS you can enable RIP v2 dynamic routing.

-As for DHCP issues. On the second DC make sure DHCP is only bound to the LAN adapter [DHCP management console | right click on server and choose properties | advanced | bindings]
-Similarly I would do the same for DNS [DNS management console | right click on server and choose properties | Interfaces | only the following IP addresses -just the LAN IP]
-DHCP should be assigning the 2nd DC's LAN IP for DNS as the primary DNS server for client machines, and the 1st DC as the alternate/second DNS. It should also be handing out (per example) as their gateway address.

If having problems with DNS, Active Directory, or replication let us know as that can be addressed once pinging works.


Author Comment

ID: 22745711
Thanks for the suggestions. In fact, I am not going to be able to play with this stuff for some time, so I will split points. Hope that's OK. Note to other readers: I haven't actually proved this yet, but both suggestions are worthy.

Currently, the only problems arise if the wrong DHCP server awards an address. Our net is stable, so I have increased the lease to 90 days, and checked that any new clients get the right address when I add them. It seems that 'lease renew' is preferred to getting a new address, so most of the problem has gone away.

Replication, WSUS, Symantec slave AV server all working OK, so I'm inclined to leave well alone for now!

Author Closing Comment

ID: 31504058
Thanks very much for your help.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question