Metro E networking and Cable internet questions

Metro E questions:
I currently have a Domain at a central office with about 45 computer and 45 users.  The domain controller (server 2012) hosts shared drives, printing, manages credentials, DNS and group policy for 3 different Organizational Units on the Domain.  It does not host any applications as these are hosted elsewhere.  I have 8 other small remote offices with 2 to 6 machines each.  These machines are not part of the main office domain and they are standalone machines.  My goal is to connect them to the main office so these machines are all on the same domain and can be centrally managed.  
I’ve decided to go with Metro E from the cable provider rather than VPN.  I like the idea of Metro E for its cost and functionality.  But I have questions as far as the best way to connect everything.  CableCo has suggested that I keep my existing Internet Connections for external access to the internet for our hosted apps at these remote locations.  So for logging in and shared drives, etc…. the remote machines would use the Metro E connection to the Main office – they would be on the main office network.  However, for browsing the internet, access to our web based applications, the remote machines would go out over the cable internet connection.
How would I make this happen?  Currently, through DHCP, the domain controller assigns network information to workstations – IP, DNS, subnet, and gateway – so that the DC resolves DNS and directs everything external to our local building over our cable internet connection.
Metro E essentially acts as an ethernet cable off of my switch in the main office to the switch at the remote location.  Therefore the remote location would have the same IP address scheme and act just like the workstations at the main office – which is what I want.  The problem with this is that these remote locations would also be sending internet traffic through the Metro E connection to the main office and would bypass the remote internet connection.  How can I configure it so that Domain functions go over the metro e connection while the internet traffic goes out over the remote local cable connection?
jbasiliere67Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
I would suggest that each site would need to be it's own subnet.  This prevents broadcast traffic from going over the Metro E network to each and every site.

At each site you need a script that get executed at boot-up time that will:

1) Set the default route to that router at that site to get it to the Internet.
2) Set one or more static routes for all your internal subnets that points to the the router that will get you to all of your  locations on the Metro E network.

Depending on your IP addressing scheme it might be just one static route.  You could, for instances, say that 10.1.10.0/24 is HQ, 10.1.20.0/24 is location #1, 10.1.30.0/24 is location #2 .... 10.1.80.0/24 is location #8.  Then you would just need one static route at each site for 10.1.0.0/16 pointing to the router at that site to get you to all other sites.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike SmithEnterprise VoIP & ISP BrokerCommented:
Your service provider's sales engineer should be able to help you with this configuration at no charge.

On a little separate but related note, if you are not yet in-stone on your Metro E decision, you may want to consider MPLS over cable or DSL.  It's functionality will be true MPLS rather than the Metro-E quasi-MPLS and will allow you more flexible routing.  There are several service providers that specialize in MPLS over DSL for small sites and we've helped many large retail clients find this same solution, who have hundreds of small locations.
jbasiliere67Author Commented:
This sounds right I may re-open this once the Metro E is installed in May.....  Thanks.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

jbasiliere67Author Commented:
My Knowledge of other than basic networking is limited.   I finally have the metro-e installed and it is working.  A machine plugged into the metro e modem in the remote location gets an IP from the server at HQ (192.168.2.0/24) - shared drives are accessible everything works as planned.  

Right now at each remote location I have a metro e connection to HQ and a cable connection to the internet as well as a HP switch.   The cable connection goes through a Linksys or other off-the-shelf router and into the switch.  The router supplies IP's to the remote office machines.   which goes through an off the shelf Linksys router - this router supplies IP addresses to the machines in the remote location.   In your previous response you said I could set a static route back to HQ.  The cable rep said I can use a managed switch to have Domain traffic, (login, shared drives, group policy) go over Metro E while internet traffic goes out over cable modem.  Is this the only way to do this or can I do it just using the static route?  What is the  best way to do this?
giltjrCommented:
Somewhere at each location you need a router/layer 3 device.  You will want a static route that points to the MetroE path for each subnet you want to use the MetroE path.  Then your default route will point to the path that uses the Cable connection.

Does that make sense to you?
jbasiliere67Author Commented:
Yes, for the most part.  It's the details that get me. I realized my previous post was confusing because I didn't delete some stuff before posting.  
I have a dell managed switch at the Main (HQ) location.  I assume I need to set some VLANs on this for each location?  192.168.2.1  192.168.3.1 192.168.4.1 etc....
Then at each remote location can I use the existing linsys router which is serving DHCP and connecting to the internet to set a static route to the particular VLAN for that remote location.    I would plug the Metro E into a port on the linsys router and set the static route......or do I need a separate managed switch?
giltjrCommented:
I am assuming that the cable/ISP connection at each site is connected to the WAN port on the Linksys router and that the Metro E connect is connected to one of the "LAN" ports.

Since you have basic SOHO routers at each location you can't create VLAN's.  You would need routes/switches at each location that support VLAN if you really wanted to create VLAN's.

So with just SOHO routers at each site you are going to have 1 SUBNET that covers every site.

On the Linksys router you would configure routes for all SUBNET that you need to go over the Metro E connection and point it to the IP address of the router at your HQ and that is it.  The Linksys router will already have a default route pointing to the WAN port.

Now if you want you can get an inexpensive switch that supports VLAN's. Make each site its own Sunet/VLAN.  At the HQ site define the port for the Metro E link as a trunk port with all the VLAN's required and an IP address on each VLAN.

Then at each location define the VLAN for that LOCATION on its port connecting it to the Metro E network.  Connect that switch to one of the LAN ports on the Linksys router. Then, again, on the Linksys router define a route for all the VLAN that need to go over the Metro E link and point it to the IP address for that VLAN on the HQ router.

Does this make sense?

Netgear makes some inexpensive semi-smart switch that support VLAN, POE, and QOS.  It is their ProSafe Plus series.  They have 5 port and 8 port models.  I think the 8 port model is under USD $150
jbasiliere67Author Commented:
Yes, this makes sense.  This s great, thank-you.  I am going to give this a try this week so I will let you know.
jbasiliere67Author Commented:
Hi,  I don't know if this is still open but I have had this running and ended up having to set static IP's at remote office.  Otherwise, HQ will sometimes get IP addresses from the remote router........any ideas how to keep DHCP from remote office getting back to HQ?
giltjrCommented:
Unfortunately this question is closed, so to get a more detailed answer you would need to open a new question.

There are ways, but we would need to know exactly how you have the network configured.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.