Member_2_6492660_1
asked on
Can't Ping Windows 2008 Server on new Subnet
Windows 2003 SP2 DC
Windows 7
Windows 8
Windows Vista
Windows 2008 R2 Servers
Cisco sg200 switch setup with two Vlans vlan 1 and vlan 1018
Meraki MX60 Security Appliance 10.2.8.1 vlan 1 and 10.1.8.1 vlan 1018
Just added new subnet to my network 10.1.8.0/22 valn 1018
My existing subnet is 10.2.8.0/22 vlan 1
I have several servers with dual nics and I need them to access the new subnet
Server A Windows 2003 DC 10.2.8.23 vlan 1
Server B Windows 2003 DC 10.2.8.30 vlan 1
Server C Windows 2003 Member Server 10.2.8.23 vlan 1 second nic 10.1.8.23 vlan 1018
Windows 7 10.2.8.99 vlan 1
Windows 8 10.2.8.98 vlan 1
Vista 10.2.8.97 vlan 1
Windows 2008 Member server 10.2.8.17 vlan 1 second nic 10.1.8.17 vlan 1018
Windows 2008 Member Server 10.2.8.36 vlan 1 second nic 10.1.8.36 vlan 1018
So that's the network layout
From any vlan 1 computer I can ping the MX60 10.1.8.1 address no issue
from any vlan 1 computer I can ping 10.1.8.23 on vlan 1018 which is the Windows 2003 member server
From MX60 I can ping any computer on vlan 1 and vlan 1018 all works so far
When I try to ping from a vlan 1 computer like 10.2.8.99 Windows 7 I can not ping the Windows 2008 Servers on vlan 1018 by ip address 10.1.8.17 or 10.1.8.36
Both Windows 2008 Servers on vlan 1018 has the problem
The same two Windows 2008 server work ok on vlan 1
Both Windows 2008 servers on on both vlans
What is stopping ping from working from vlan 1 to vlan 1018 on a windows 2008 server?
Windows 7
Windows 8
Windows Vista
Windows 2008 R2 Servers
Cisco sg200 switch setup with two Vlans vlan 1 and vlan 1018
Meraki MX60 Security Appliance 10.2.8.1 vlan 1 and 10.1.8.1 vlan 1018
Just added new subnet to my network 10.1.8.0/22 valn 1018
My existing subnet is 10.2.8.0/22 vlan 1
I have several servers with dual nics and I need them to access the new subnet
Server A Windows 2003 DC 10.2.8.23 vlan 1
Server B Windows 2003 DC 10.2.8.30 vlan 1
Server C Windows 2003 Member Server 10.2.8.23 vlan 1 second nic 10.1.8.23 vlan 1018
Windows 7 10.2.8.99 vlan 1
Windows 8 10.2.8.98 vlan 1
Vista 10.2.8.97 vlan 1
Windows 2008 Member server 10.2.8.17 vlan 1 second nic 10.1.8.17 vlan 1018
Windows 2008 Member Server 10.2.8.36 vlan 1 second nic 10.1.8.36 vlan 1018
So that's the network layout
From any vlan 1 computer I can ping the MX60 10.1.8.1 address no issue
from any vlan 1 computer I can ping 10.1.8.23 on vlan 1018 which is the Windows 2003 member server
From MX60 I can ping any computer on vlan 1 and vlan 1018 all works so far
When I try to ping from a vlan 1 computer like 10.2.8.99 Windows 7 I can not ping the Windows 2008 Servers on vlan 1018 by ip address 10.1.8.17 or 10.1.8.36
Both Windows 2008 Servers on vlan 1018 has the problem
The same two Windows 2008 server work ok on vlan 1
Both Windows 2008 servers on on both vlans
What is stopping ping from working from vlan 1 to vlan 1018 on a windows 2008 server?
Silly question... what happens if you stop W2008's Firewall?
ASKER
firewall stopped same problem
ASKER
Update stopping the firewall killed all access to this server
Also not a silly question
Thoughts
Also not a silly question
Thoughts
Hi,
You are using a netmask of 255.255.252.0 is that the correct mask on all your items. also you have two vlans using the same IP space.
You need to define the separation which is what vlans do then configure the firewall on which the vlans exist to allow the traffic you need to pass between them. Note if you have a single DHCP, you would need to setup multiple scopes on the dhcp server while on the router/switch setup a dhcp relay agent or ip helper that will deal with dhcp search requests on vlans where there is no dhcp connected.
You are using a netmask of 255.255.252.0 is that the correct mask on all your items. also you have two vlans using the same IP space.
You need to define the separation which is what vlans do then configure the firewall on which the vlans exist to allow the traffic you need to pass between them. Note if you have a single DHCP, you would need to setup multiple scopes on the dhcp server while on the router/switch setup a dhcp relay agent or ip helper that will deal with dhcp search requests on vlans where there is no dhcp connected.
ASKER
Arnold
Only one dhcp server
But all these devices on vlan 1018 have static ip addresses assigned no dhcp is required
How do I do that in the firewall never setup vlans before on my network
Do you have an example
Thanks
Only one dhcp server
But all these devices on vlan 1018 have static ip addresses assigned no dhcp is required
How do I do that in the firewall never setup vlans before on my network
Do you have an example
Thanks
VLAN is a virtual separation to having two separate switches with one set of computers connected to one switch and the other connected to another. Both switches are connected ton a router.
Each VLAN has to have their own IPS.
Are you setting up VLAns to restrict limit interaction between one set of computers and perhaps servers?
On the firewall where you define the VLAn, what IP are you using for the interface?
Broadcasts can not pass VLAN boundaries.
Try leaving your VLAN 1 using 10.1.8.1/24
your vlan 1018 setup with 10.1.9.1/24 configure DHCP helper, dhcp relay agent, ip helper to forward requests to your dhcp server IP
in dhcp server create a new scope for 10.1.9.0/24 2-254.
make sure in scope options use the router IP for this scope to us the 10.1.9.1 of the vlan 1018 ip address.
see if a dynamic allocating IP host on vlan18, presumably you have a managed switch where you designate which port is on which vlan.
make sure host connecting on vlan1018 can get ip from dhcp server.
On your
Each VLAN has to have their own IPS.
Are you setting up VLAns to restrict limit interaction between one set of computers and perhaps servers?
On the firewall where you define the VLAn, what IP are you using for the interface?
Broadcasts can not pass VLAN boundaries.
Try leaving your VLAN 1 using 10.1.8.1/24
your vlan 1018 setup with 10.1.9.1/24 configure DHCP helper, dhcp relay agent, ip helper to forward requests to your dhcp server IP
in dhcp server create a new scope for 10.1.9.0/24 2-254.
make sure in scope options use the router IP for this scope to us the 10.1.9.1 of the vlan 1018 ip address.
see if a dynamic allocating IP host on vlan18, presumably you have a managed switch where you designate which port is on which vlan.
make sure host connecting on vlan1018 can get ip from dhcp server.
On your
ASKER
arnold
I can ping across vlans from windows 7 10.2.8.99 to windows 2003 on 10.1.8.23 no problem
It is only the windws 2008 computers that have the problem
I can ping across vlans from windows 7 10.2.8.99 to windows 2003 on 10.1.8.23 no problem
It is only the windws 2008 computers that have the problem
check the netmask on the workstation versus on the 2008 which is presumably static. make sure if the netmask matche
is the router set.
is the router set.
ASKER
arnold
Ipconfig all from workstation
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\trgrassijr55.OUR> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : tgkw002
Primary Dns Suffix . . . . . . . : our.network.tgcsnet.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : our.network.tgcsnet.com
network.tgcsnet.com
tgcsnet.com
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 0C-60-76-0C-E8-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : our.network.tgcsnet.com
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet
Controller
Physical Address. . . . . . . . . : 00-25-64-60-50-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc96:aacc:2e25:5c90% 10(Preferr ed)
IPv4 Address. . . . . . . . . . . : 10.2.8.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Friday, March 13, 2015 6:14:49 PM
Lease Expires . . . . . . . . . . : Saturday, March 21, 2015 6:15:03 PM
Default Gateway . . . . . . . . . : 10.2.8.1
DHCP Server . . . . . . . . . . . : 10.2.8.30
DHCPv6 IAID . . . . . . . . . . . : 218113380
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-E8-CC-27-00 -25-64-60- 50-83
DNS Servers . . . . . . . . . . . : 10.2.8.24
10.2.8.30
Primary WINS Server . . . . . . . : 10.2.8.30
Secondary WINS Server . . . . . . : 10.2.8.24
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : our.network.tgcsnet.com
Description . . . . . . . . . . . : isatap.our.network.tgcsnet .com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{09BFB1DD-1B40-4A25 -94FE-6DD7 8403C
499}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ping attempt from the above computer
C:\Users\trgrassijr55.OUR> ping 10.1.8.17
Pinging 10.1.8.17 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.8.17:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
ping 10.2.8.17
Pinging 10.2.8.17 with 32 bytes of data:
Reply from 10.2.8.17: bytes=32 time=1ms TTL=128
Reply from 10.2.8.17: bytes=32 time<1ms TTL=128
Reply from 10.2.8.17: bytes=32 time<1ms TTL=128
Reply from 10.2.8.17: bytes=32 time<1ms TTL=128
Ping statistics for 10.2.8.17:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Ipconfig /all from windows 2008 server
pconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : TGCS010
Primary Dns Suffix . . . . . . . : our.network.tgcsnet.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : our.network.tgcsnet.com
Ethernet adapter Local Area Connection 4:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-26-B9-5C-AC-5C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.8.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.2.8.30
10.2.8.24
Primary WINS Server . . . . . . . : 10.2.8.30
Secondary WINS Server . . . . . . : 10.2.8.24
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-B9-5C-AC-5B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.2.8.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.2.8.1
DNS Servers . . . . . . . . . . . : 10.2.8.30
10.2.8.24
Primary WINS Server . . . . . . . : 10.2.8.24
Secondary WINS Server . . . . . . : 10.2.8.30
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{B5DBEC9A-2727-42CB -8595-01EA 414E2DFB}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{7A0063A1-9BFE-467B -AB12-FD12 51F03636}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Arnold
Remember
This same computer can ping a windows 2003 server with the same vlan as the windows 2008 server
Also not all server have 2 nics with both vlans
The windows 2008 server is blocking ping on the second vlan
Thoughts
Ipconfig all from workstation
Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\trgrassijr55.OUR>
Windows IP Configuration
Host Name . . . . . . . . . . . . : tgkw002
Primary Dns Suffix . . . . . . . : our.network.tgcsnet.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : our.network.tgcsnet.com
network.tgcsnet.com
tgcsnet.com
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 0C-60-76-0C-E8-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : our.network.tgcsnet.com
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet
Controller
Physical Address. . . . . . . . . : 00-25-64-60-50-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc96:aacc:2e25:5c90%
IPv4 Address. . . . . . . . . . . : 10.2.8.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Friday, March 13, 2015 6:14:49 PM
Lease Expires . . . . . . . . . . : Saturday, March 21, 2015 6:15:03 PM
Default Gateway . . . . . . . . . : 10.2.8.1
DHCP Server . . . . . . . . . . . : 10.2.8.30
DHCPv6 IAID . . . . . . . . . . . : 218113380
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-E8-CC-27-00
DNS Servers . . . . . . . . . . . : 10.2.8.24
10.2.8.30
Primary WINS Server . . . . . . . : 10.2.8.30
Secondary WINS Server . . . . . . : 10.2.8.24
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : our.network.tgcsnet.com
Description . . . . . . . . . . . : isatap.our.network.tgcsnet
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{09BFB1DD-1B40-4A25
499}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ping attempt from the above computer
C:\Users\trgrassijr55.OUR>
Pinging 10.1.8.17 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.8.17:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
ping 10.2.8.17
Pinging 10.2.8.17 with 32 bytes of data:
Reply from 10.2.8.17: bytes=32 time=1ms TTL=128
Reply from 10.2.8.17: bytes=32 time<1ms TTL=128
Reply from 10.2.8.17: bytes=32 time<1ms TTL=128
Reply from 10.2.8.17: bytes=32 time<1ms TTL=128
Ping statistics for 10.2.8.17:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Ipconfig /all from windows 2008 server
pconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : TGCS010
Primary Dns Suffix . . . . . . . : our.network.tgcsnet.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : our.network.tgcsnet.com
Ethernet adapter Local Area Connection 4:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-26-B9-5C-AC-5C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.8.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.2.8.30
10.2.8.24
Primary WINS Server . . . . . . . : 10.2.8.30
Secondary WINS Server . . . . . . : 10.2.8.24
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-B9-5C-AC-5B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.2.8.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.2.8.1
DNS Servers . . . . . . . . . . . : 10.2.8.30
10.2.8.24
Primary WINS Server . . . . . . . : 10.2.8.24
Secondary WINS Server . . . . . . : 10.2.8.30
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{B5DBEC9A-2727-42CB
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{7A0063A1-9BFE-467B
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Arnold
Remember
This same computer can ping a windows 2003 server with the same vlan as the windows 2008 server
Also not all server have 2 nics with both vlans
The windows 2008 server is blocking ping on the second vlan
Thoughts
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Arnold
Sorry for the late response on this my internet service went out late last night yuk.
On the phone for hours.
I added the Gateway 10.1.8.1 to the nic above and yes now I can ping
I should have mentioned that I was not using a gateway on the second nic that was by my design.
When you add a second nic with a gateway you get a warning message.
It does work.
I am wondering why this does not happen on a Windows 2003 Server no gateway and I can ping from any computer to its second vlan address
My Windows 2003 Server
IPv4 Address. . . . . . . . . . . : 10.1.8.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . :
Any computer on vlan 1 (10.2.8.x/22) can ping 10.1.8.23
The only difference I can see if that my Windows 2003 server does not run Windows firewall where as the Windows 2008 servers do.
Also would it be better if I did a route add ?
route add 10.1.8.0 mask 255.255.252.0 10.1.8.1 metric 2 -p
or
route add 10.1.8.17 mask 255.255.252.0 10.1.8.1 metric 2 -p
Thoughts
Sorry for the late response on this my internet service went out late last night yuk.
On the phone for hours.
I added the Gateway 10.1.8.1 to the nic above and yes now I can ping
I should have mentioned that I was not using a gateway on the second nic that was by my design.
When you add a second nic with a gateway you get a warning message.
It does work.
I am wondering why this does not happen on a Windows 2003 Server no gateway and I can ping from any computer to its second vlan address
My Windows 2003 Server
IPv4 Address. . . . . . . . . . . : 10.1.8.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . :
Any computer on vlan 1 (10.2.8.x/22) can ping 10.1.8.23
The only difference I can see if that my Windows 2003 server does not run Windows firewall where as the Windows 2008 servers do.
Also would it be better if I did a route add ?
route add 10.1.8.0 mask 255.255.252.0 10.1.8.1 metric 2 -p
or
route add 10.1.8.17 mask 255.255.252.0 10.1.8.1 metric 2 -p
Thoughts
why do you have two segments on the servers? This bypasses your VLAN shielding.
A VLan is to isolate/insulate by connecting even a single system to bot means this system is a vulnerability of the setup and could be made to function as the bridge.
What is the reason for your VLAN setup (other than to learn, defining what it is you expect from this)?
A VLan is to isolate/insulate by connecting even a single system to bot means this system is a vulnerability of the setup and could be made to function as the bridge.
What is the reason for your VLAN setup (other than to learn, defining what it is you expect from this)?
ASKER
Arnold,
This all started when I ran test-systemhealth on my Exchange 2010 server on a windows 2008 server
The report listed that I had two default gateways defined
So to get around this i decided a vlan would be a good method
Added plus i learned about vlan
So how should I proceed?
This all started when I ran test-systemhealth on my Exchange 2010 server on a windows 2008 server
The report listed that I had two default gateways defined
So to get around this i decided a vlan would be a good method
Added plus i learned about vlan
So how should I proceed?
Why do you have a system with two separate networks? What is the purpose for that?
Without understanding what your setup is and what motivates it, a suggestion could significantly adversely impact your setup/environment.
Without understanding what your setup is and what motivates it, a suggestion could significantly adversely impact your setup/environment.
ASKER
Arnold,
Not sure where we are going here.
This all started back a few years ago. When ISP's started blocking port 25 for email. My exchange server had only one nic with port 25 open for email. Then after several issues of not receiving email I enabled the second nic on the server and assigned port 1025 to that nic. All works well this was Exchange 2007.
Now Exchange 2010 is running and with the same setup the test-systemhealth report complains about two gateways on the server. Spoke with Exchange Experts they suggested to fix that.
So this is my way of fixing that creating a new network using vlan on my one and only switch. This is a small network I run in my residence. So it keeps me busy.
Can you suggest a different method to accomplish this?
Thanks
Not sure where we are going here.
This all started back a few years ago. When ISP's started blocking port 25 for email. My exchange server had only one nic with port 25 open for email. Then after several issues of not receiving email I enabled the second nic on the server and assigned port 1025 to that nic. All works well this was Exchange 2007.
Now Exchange 2010 is running and with the same setup the test-systemhealth report complains about two gateways on the server. Spoke with Exchange Experts they suggested to fix that.
So this is my way of fixing that creating a new network using vlan on my one and only switch. This is a small network I run in my residence. So it keeps me busy.
Can you suggest a different method to accomplish this?
Thanks
I think this is where an issue starts and ends.
Your firewall can handle everything dealing with port forwarding from outside to inside.
There only time one uses two nics on the server is when one is used for one type of access while the other for something like backup network, access to storage (SAN) i.e. minimize impact of one type of traffic on the other, or as a teaming connection (both nics are bonded and so on the switch) deals with increasing the available bandwidth for both lan and incoming traffic along with proviing cable/network adatapter failure.
you did not have to use two networks to have 25 and 1025 end on the same system.
vlan is also not needed for those changes.
A vlan is suitable if you have lan systems and you wish to limit the exposure of the servers to compromised workstations. with VLANs all workstations on one and the servers on the other. On the router you will have rules what type of traffic from the workstations can pass to get to each server or all servers.
.
Your firewall can handle everything dealing with port forwarding from outside to inside.
There only time one uses two nics on the server is when one is used for one type of access while the other for something like backup network, access to storage (SAN) i.e. minimize impact of one type of traffic on the other, or as a teaming connection (both nics are bonded and so on the switch) deals with increasing the available bandwidth for both lan and incoming traffic along with proviing cable/network adatapter failure.
you did not have to use two networks to have 25 and 1025 end on the same system.
vlan is also not needed for those changes.
A vlan is suitable if you have lan systems and you wish to limit the exposure of the servers to compromised workstations. with VLANs all workstations on one and the servers on the other. On the router you will have rules what type of traffic from the workstations can pass to get to each server or all servers.
.
ASKER
Arnold,
Thanks on this one
Still trying to figure out the route add I need so I do not need the default gateway I will open new question later
Thanks on this one
Still trying to figure out the route add I need so I do not need the default gateway I will open new question later