9
90Ninety
Summary ; Apologies in advance this is my first True IT job , not done this stuff before . The company is a non profit company with a tight budget , so the internal IT is my solely my Responsibility and I have a small amount of money to get it done . The following project is based on research and my studies .
Since I started I had all employee's clients on a 'Workgroup' network , this was when we had a head count under 20 . Though now with 30 + employees I wanted to manage all privies and security from a physical AD DC . I have been testing this idea and figuring it out in a lab environment ( segmented on a separate subnet/ VLAN)
I wanted a minimum of 3 VLANS , this is mainly from a security standpoint . For example there are hire rooms for visitors with computers , these computers I want to be connected via Ethernet but on a different logical network ( currently using guest Wifi) . To keep things simple , our internal staff clients computers would be on one VLAN . The following two VLANS/ Subnets I wanted to focus on :
10.10.1.X/24, VLAN ID #3 ( Staff)
10.10.10.X/24 VLAN ID #10 ( Visitors)
So Far I have managed to create Two ( three including default) VLANS on my router and on one of the Cisco switches . I created a trunk from the router to the switch , this works fine . To accomplish this , I had to use three of the router NIC Interfaces, each interface had to be given an IP for each of the subnets , each subnet was then assigned VLAN TAGS . The cisco SG300 is a little different , IP addresses are not needed , instead you just tag the ports for trunk , or leave the port with a VLAN ID ( untagged for access).
The server , in the interim , is a re purposed workstation , please dont hate me just yet , I will replace it once I get this working ( via bare-bones image )
On the server I had created DNS , DC, DHCP and AD . For the DHCP server I created two Scopes :
10.10.1.101~150 /24
10.10.10.11~50/24
.
I then figured I needed to create Virtual adapters ( aka VLANS) on the server itself to do this , I opened the Realtek Diagnostics software , and added instances of VLAN , this seems to work OK
So if you followed this far , The DHCP server seems to be doing the Job just fine . Packets are sent from the server to the clients on both VLANS on the different Subnets , when connected to their respective access ports . The next stage would be for me to add computers . This is where things get a little strange . I can add Computers that share the same IP range as the physical server NIC but for some reason , the VLAN 10 computers cannot contact the domain . Also , it appears I cannot inter Ping between the subnets . For example if I connect a guest computer to a guest VLAN port , it gets an IP address from the server for the guest network ( 10.10.10.X) but , for whatever reason , it does not contact the domain and , I cannot ping the DHCP server . I am a bit stumped .
Can anyone suggest anything to try ? Many thanks
Continue reading...
Since I started I had all employee's clients on a 'Workgroup' network , this was when we had a head count under 20 . Though now with 30 + employees I wanted to manage all privies and security from a physical AD DC . I have been testing this idea and figuring it out in a lab environment ( segmented on a separate subnet/ VLAN)
I wanted a minimum of 3 VLANS , this is mainly from a security standpoint . For example there are hire rooms for visitors with computers , these computers I want to be connected via Ethernet but on a different logical network ( currently using guest Wifi) . To keep things simple , our internal staff clients computers would be on one VLAN . The following two VLANS/ Subnets I wanted to focus on :
10.10.1.X/24, VLAN ID #3 ( Staff)
10.10.10.X/24 VLAN ID #10 ( Visitors)
So Far I have managed to create Two ( three including default) VLANS on my router and on one of the Cisco switches . I created a trunk from the router to the switch , this works fine . To accomplish this , I had to use three of the router NIC Interfaces, each interface had to be given an IP for each of the subnets , each subnet was then assigned VLAN TAGS . The cisco SG300 is a little different , IP addresses are not needed , instead you just tag the ports for trunk , or leave the port with a VLAN ID ( untagged for access).
The server , in the interim , is a re purposed workstation , please dont hate me just yet , I will replace it once I get this working ( via bare-bones image )
On the server I had created DNS , DC, DHCP and AD . For the DHCP server I created two Scopes :
10.10.1.101~150 /24
10.10.10.11~50/24
.
I then figured I needed to create Virtual adapters ( aka VLANS) on the server itself to do this , I opened the Realtek Diagnostics software , and added instances of VLAN , this seems to work OK
So if you followed this far , The DHCP server seems to be doing the Job just fine . Packets are sent from the server to the clients on both VLANS on the different Subnets , when connected to their respective access ports . The next stage would be for me to add computers . This is where things get a little strange . I can add Computers that share the same IP range as the physical server NIC but for some reason , the VLAN 10 computers cannot contact the domain . Also , it appears I cannot inter Ping between the subnets . For example if I connect a guest computer to a guest VLAN port , it gets an IP address from the server for the guest network ( 10.10.10.X) but , for whatever reason , it does not contact the domain and , I cannot ping the DHCP server . I am a bit stumped .
Can anyone suggest anything to try ? Many thanks
Continue reading...