Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 513
  • Last Modified:

Want different departments to use different gateways. Should I use DHCP or AD + login scripts?

If DHCP, couple someone please let me know the most efficient means of setting up the various scopes?  Thanks!
0
LB1234
Asked:
LB1234
1 Solution
 
Justin OwensITIL Problem ManagerCommented:
I would advise using segmented VLANs, each with its own DHCP scope.  A single DHCP server can farm out all the scopes you need, the VLAN just needs to be configured to point to it.

Justin.
0
 
LB1234Author Commented:
That's a huge amount of reconfiguring, which i don't want to do.  You can only have one DHCP scope per subnet?
0
 
Justin OwensITIL Problem ManagerCommented:
Technically, you can have more than one, the problem is directing how to determine which scope gets assigned to which machines.  Your other alternative would be to manually assign a reservation for each of the NICs via mac address.  If you are having to go through this hassle, you would be better off just manually configuring the IP info.  Finally, if you are all on the same LAN/VLAN, how will your networking equipment handle the request for multiple gateways?  It just isn't a good idea at all, and most likely wouldn't work as expected or consistently.

Separate VLANs is the way to go in your scenario.

Justin
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
Vaidas911Commented:
You can identify DHCP clients by MAC address and provide configuration you want
0
 
chukuCommented:
you can create OUs for the different groups (if you don't have them already in place) and apply Proxy settings where the proxy ip is the D\G you want for that group
this is easy and require minimal configuration
0
 
LB1234Author Commented:
Chuku, unfamiliar with proxy settings.  Are there proxy settings in Group Policy?  Please provide details or steps if you could, thank you.

Vaidas that would be a huge task.

Ultima, my thoughts were to create OU's with each department and then assign a different login script to each OU, then add a route change command correlating to each default gateway in question, which accomplishes routing to each respective gateway (everything on our network, routers included, is a single Class C IP subnet).
0
 
ajeabCommented:
LB: what good does it do? since all is on the same network, it will be the same amount of traffic and broadcast within the network. I assume each GW has different internet access?? GW1 go out ISP1 GW2 go out ISP2, etc..  it's will be a mess and not easier than do vlan.  

for proxy you will need to setup proxy server as well.
0
 
Justin OwensITIL Problem ManagerCommented:
Let's take a step back.  

LB1234,  What are you trying to accomplish by having your different departments on different gateways?  Is it for bandwidth control, monitoring, restriction deployment, or some other need?  If we understand your end goal, what you are trying to accomplish by dividing your departments into different gateways, we can better suggest the most appropriate solution.

Justin
0
 
LB1234Author Commented:
yes, but with a vlan setup, what if one of the gateways does down?  Then I've got 30 people with no internet access, and lots of configuration to make things work properly again.

AJ, the good that it does is that each person has a default gateway allotted just to them by department, so i can control traffic patterns better.  I was just wondering if my method was the most efficient way of doing it.
0
 
Justin OwensITIL Problem ManagerCommented:
Help me understand how a gateway going down is harder to correct on a VLAN than it is in GPO.  To me, a VLAN would be much faster and less trouble to swap over a gateway than a GPO, which would take extra steps on each machine.

As far as traffic control patterns, what are you hoping to control?  Are you aiming at controlling internal traffic or external traffic?

Justin
0
 
Justin OwensITIL Problem ManagerCommented:
I also posted this to your other Question....

Computer startup Script in combination with netsh.exe

It can't be done with native GPO, because it's a chicken and egg problem ... which comes frist?

IP stack is existential to have functional GPO infrastructure.  So you can't manipulate it with GPO, it has to be the right one and after it, changing to a wrong IP stack, no GPO is longer apllying.  If GPO is not running, because of wrong IP stack, how should it be fixed by using GPO?

netsh interface ip set address gateway=xxx.xxx.xxx.xxx

Get that into a batch login script and bind it to the OU that contains your department.

Again, I don't really like this idea.  A VLAN is better, but it is your network.
0
 
Justin OwensITIL Problem ManagerCommented:
Question was technically answer in post html:#26173837.
0
 
Justin OwensITIL Problem ManagerCommented:
Sorry... I meant http:#26173837
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now