[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1869
  • Last Modified:

Set up SBS 2011 using router to run DHCP

I am setting up a SBS 2011 Std machine for the very first time; no prior experience setting up a server OS other than Windows Home Server.

When the CTIW runs it sees that I have a router (LINKSYS WRT310n) running DHCP and wants me to disable it on the router. When I click 'Postpone' to doing that, if I try to move forward in setting up the server it tells me I have no internet connection, even though I obviously do.

My main question is: Do I have to let SBS 2011 do DHCP on the network? At this point there are no plans to set up Exchange email on this server, it is basically going to be used in a small office environment as an application and file server. I also have a remote location that will need to access it.

Also, if I must run DHCP on the server, I keep seeing information that it only supports 1 NIC; but wouldn't it need to support 2? 1 for the LAN and 1 for the WAN?
0
coptechs
Asked:
coptechs
  • 3
  • 2
  • 2
  • +3
2 Solutions
 
KCTSCommented:
Its far better to have SBS do the DHCP - for a start it will give the clients the SBS server as the DHCP server which is essential for you domain to function properly (typically is a pain or impossible to get router based DHCP to do this). Windows hased DHCP also can give out other domain specific info to the clients (such as domain name), and it integrates much better with the other windows domain components.
0
 
CSIPComputingCommented:
And no, you don't need dual NICs any more.

The router acts as a gateway on your internal LAN, rather than the server acting as the gateway, and ISA server doing the routing.

Suggest you follow best practices as KCTS suggests, and let the server sort the DHCP.  
0
 
Cliff GaliherCommented:
Running DHCP on the server has nothing to do with Exchange (although, on a tangent, running SBS 2011 without Exchange is also a recipe for disaster and usually means you are running the wrong product for your needs.)

When DHCP runs on a router such as a consumer router, it's DHCP service is all about getting the connected machines Internet service, nothing more. In a domain environment, a machine needs to know more about the network. Kerberos, the default authentication, for example, is sensitive to time discrepancies to prevent replay attacks, so all machines must be close in clock sync.

The SBS DHCP service knows this and sets several DHCP options that a router would not, and therefore helps prevent common workstation issues. There IS a reason the SBS wizard is stubborn. Don't try to out-think it.

Regarding NICs, SBS 2011 is a LAN only topology designed OS. it dies not proxy ir filter Internet access. You must use a router or (preferably) a business security device for that. So yes, only one NIC is supported, and SBS ahold never have a direct WAN connection.

-Cliff
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Cliff GaliherCommented:
Running DHCP on the server has nothing to do with Exchange (although, on a tangent, running SBS 2011 without Exchange is also a recipe for disaster and usually means you are running the wrong product for your needs.)

When DHCP runs on a router such as a consumer router, it's DHCP service is all about getting the connected machines Internet service, nothing more. In a domain environment, a machine needs to know more about the network. Kerberos, the default authentication, for example, is sensitive to time discrepancies to prevent replay attacks, so all machines must be close in clock sync.

The SBS DHCP service knows this and sets several DHCP options that a router would not, and therefore helps prevent common workstation issues. There IS a reason the SBS wizard is stubborn. Don't try to out-think it.

Regarding NICs, SBS 2011 is a LAN only topology designed OS. it dies not proxy ir filter Internet access. You must use a router or (preferably) a business security device for that. So yes, only one NIC is supported, and SBS ahold never have a direct WAN connection.

-Cliff
0
 
coptechsAuthor Commented:
I'm all for best practice so I will let the server do DHCP.

So I'll turn off DHCP on the router but still leave the WAN connection plugged in to the router, right?

Some follow up questions:

Most of the clients on the network are static IP's, do I have to/should I change them? Will my routers firewall still protect the network or do I need another piece of hardware or software to be a firewall?
0
 
Cliff GaliherCommented:
It would be best to change them (see above on DHCP Options for why) and a consumer router is rarely adequate network protection for a business. Look at a security appliance such as watchguard, sonicwall, Calyptix, cisco ASA series, or similar. Many security appliances have small business versions.

And apologies fir the double post earlier. iPad is being stubborn about 3G today.

-Cliff
0
 
CSIPComputingCommented:
I would recommend changing those clients to DHCP so you get the benefit of the extra scope options dealt by the server. If the clients MUST stay on a particular IP address, create a DHCP reservation for them.

Assuming you have a good firewall (draytek vigorous 2820n being a favourite of mine) it will protect your network. You also MUST protect workstations from user-invoked attacks (malware etc) by installing business class anti virus throughout.

I'm unsure what you mean by plugging the wan connection into the router... But assuming your router is on the same ip range as your server, and you have only one NIC on the server, plug the server, pcs, router, etc ALL  into the switch, and away you go.
0
 
SuperTacoCommented:
SBS best practice dictates to use the SBS as DHCP
0
 
KCTSCommented:
Your setup will look something like this
SBS.gif
0
 
D_VanteCommented:
Turn off dhcp on the router
Point your server to the router by giving it a static ip
Verify Internet access
Setup your dhcp on your server
Remember to exclude any static IPs such as printers
Reboot one if your workstations that are dynamic and see if gets the appropriate info
0
 
coptechsAuthor Commented:
Thank you all so very much for your input on this. All of the information will be helpful.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now