Solved

Connecting 2 lans (two different ADs)- 2 routers (2 different ISPs) - 1 DHCP (for all non-manual settings)

Posted on 2014-09-30
4
484 Views
Last Modified: 2014-10-13
I have two small law offices.  Currently they are on different IP ranges ("A" is 192.158.2... "B" is 192.168.1...)  I am replacing the old SBS2003 on "B" with Server 2012R2 and "A" is already on SERVER 2008R2 with AD, DNS, DHCP.  We had to separate them because originally they were both running SBS2003.  They both have their own internet service.
1.  The 2008 Server is running DHCP and all new devices, phones, tablets, etc,,, connect via that internet and network
2.  The two offices share two high end MFPs and one of the things we are trying to do is to marry them together so they can both use all the features of these devices.  We currently have both MFPs hardwired onto the "A"  switch and on their network segment, the other office has stuff "emailed" from the scanners to their accounts,  They ("B") cannot print to these devices.  
What I would like to do is the following:
Have both Networks on the same IP range to allow them to use the MFPs and it is OK if the DHCP for additional devices are provided by the current (A) server.  ("A")  has 7 PCs and Server.  "B" will have 1 SERVER and 4 workstations.  I can manually add all the PCs onto different sections of the same IP range ("A" will be 192.168.2.1-75, "B" could be 192.168.2.150-175) The two Servers will be within the scope of THEIR network.  
My concerns:  As both will be running AD, I assume that each office will be using their servers IP as their default DNS, which in turn will route the traffic through that offices router ("A" is 192.168.2.1 & "B" is 192.168.2.254) - will they interfere with one another (again, only 1 DHCP server)?  Is this the best way to do this under the circumstances and using the existing switches and cabling?  If I keep them on different IP ranges, is there an easy way to bridge them so both offices can use the MFPs?
0
Comment
Question by:Marshalk
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:schaps
ID: 40353925
Need a couple more details clarified:
--Are these two offices in the same building? It seems as though they are in separate locations (due to your separate domain controllers, ISP's, and routers), but you don't specify any way that the two networks are, or can be, joined together. If you want people in office "B" to be able to print directly to MFP's on a different physical network, the two networks need to have something joining them. If they are in the same physical location, you definitely do not need two routers and two ISP bills, even if you want to keep the "logical" networks separated and maintain the separate domains.
--Important but small note: regardless of any other plans, do not use 192.158.x.x -- that IP range is not in the private address space and may eventually cause you some problems.
--If you are using the standard /24 IP mask (255.255.255.0), then the IP ranges 192.168.2.1-75 and 192.168.2.150-175 are actually in the same network (IP range: 192.168.2.1-254). While you could use those ranges if you keep these two network completely separated, you cannot do that if you want to allow one LAN to access any services on the other LAN or share an Internet connection.
--The number of users you have does not suggest any reason why two domains are necessary. Have you considered consolidating to one domain?
0
 

Author Comment

by:Marshalk
ID: 40360250
Thank you for your quick response (sorry for the delay but my internet has been down until today)

1.  They are in the same building, share a wiring closet and are actually connected via switches.  The "B" uses "A"'s DHCP for phones, tablets and laptops - just for internet access - all their PCs are configured with a static IP.  The only DHCP users for the PCs are on "A"s side.
2.  For legal, phone line and bandwidth purposes they want their own ISP (one uses windstream, the other a different carrier.  They are two discreet companies and are affiliated only in the purchase of the MFPs.
3.  That was a typo (sorry) They are all 192.168...
4.  The purpose is to keep the networks separate BUT equal.  In a nutshell:
Network "A" is currently the PRIMARY network 192.168.2 - it has AD, SQL, File Sharing, DNS & DHCP.  This firm's SERVER provides the DHCP services for all devices that are not set with static IPs.  The "A" network was originally set up with a 2003 SBS server, then when I went to install it, I found out the hard way that the 2nd law firm had JUST installed a 2003 SBS sever of their own so they collided and I had to change ours to 192.168.2 to separate them.  As we are getting rid of all SBS SERVER we can now add the two domains together on the same IP range to allow them both to use the MFPs.
The other law firm does NOT need access to that "A"'s server, but the two MFPs are on that network. We are replacing the 2nd law firms 2003SBS server with SERVER 2012R2.  We will add the new server as an AD, DNS and file sharing Server for the 4 workstations in the 2nd law firm.  As they have their own carrier, I will configure their Router to NOT use DHCP (it never did) and be at address 192.168.2.254 as opposed to "A"s router at 192.168.2.1.
I am hoping by separating the GATEWAYs, that I will be able to see the printers from both networks but all internet traffic will be routed to their own ISP.  The DHCP will still be provided by "A" but the scope will change as will the reserved IPs for all PCs, servers and the 2 MFPs ("A" & "B").

A-L Network Current.pdf = current layout,   A-L Network NEW.pdf = desired layout

A-L-Network-Current.pdf

A-L-Network-NEW.pdf
0
 
LVL 10

Accepted Solution

by:
schaps earned 500 total points
ID: 40377304
This should all work as long as you manually set all the Network "B" devices with static IPs and their gateways addresses to 192.168.2.254. And as long as you do not have VLANs set on the switches, if you out a link between the two switches, there should be no problem. Once done, you should be able to ping every device on "B" from "A" and vice-versa, which means you can set up the printers (via IP address). You should also be able to, for testing, set up a device on "A" to use the gateway of "B."
I am not clear on the phone system DHCP, if that is a separate VLAN on the "B" network, but if it is not a separate VLAN, connecting the networks together will make "A" devices see the phone system DHCP server and potentially get an IP address from it. And if those IP ranges overlap, you will see some connectivity issues.
Also in this scenario, any device which connects to the wireless network will use A's gateway (ISP) as well as DNS.
As long as there is no problem linking the networks, something to consider would be a multi-WAN router so that you would only have one gateway, but traffic distributed over two ISPs, which should increase overall speed as well as provide failover for both "A" and "B" users in case one of the ISPs or modems goes down. There are many small organizations which do this nowadays, usually with separate ISP types (i.e. one DSL, one cable), to make sure they always stay online. I've had great luck with PepLink load-balancing routers: http://www.peplink.com/products/balance/model-comparison/

If there's more to this phone system DHCP, please clarify.
0
 

Author Comment

by:Marshalk
ID: 40377387
No, sorry to mislead you.  The phone system I am referring to is each Law office has their own T1 provider and they want to keep their phones separated (as opposed to 1 ISP  & Phone provider for both offices.  We are going to keep each T1 for their phone, and hopefully get two Comcast Cable 50MB internet lines (again, 1 for each of them) to keep their internet traffic separated.  The multi-WAN router is a good idea down the road for failover but we would need 2 of them, one for each - carrying cable as the primary and their T1s as the backup ISPs.

Now my biggest issue will be getting into their (B) router and reconfiguring it as I doubt they know the password :-)

Thank you for re-confirming my intentions and the info on the PepLink routers.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

This article is focussed on erradicating the confusion with slash notations. This article will help you identify and understand the purpose and use of slash notations. A deep understanding of this will help you identify networks quicker especially w…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now