• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Trouble segmenting office network

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
Mizzery

Mizzery

Member
Joined
Jun 9, 2002
Location
Troy, NY
Last night along with our server upgrade, I attempted to segment my office network to keep traffic seperate on the switches. We grouped people into two groups, administrative, and other. The plan was to create another subnet off the main network. However when the plan was actually implemented, we would intermittenly loose dns resolution. The server is on both subnets and gives out addresses and acts as the dns. When the second nic on the server is disabled (along with the appropriate dhcp scope) and we removed the second router the problems went away. For some reason the server seems to need both NICs to get to the net to do resolutions. One wierd thing was that when we went into the routers web admin utility and clicked save changes (without even changing anything ) or reset the routers it would work fine for a bit and without warning (one time it dropped after returning one ping and dropping the last three) it will drop again. Am i missing something in dns or dhcp or does it look like a faulty router. Or is this beyond the cababilities of the linksys routers. There are roughly 15 people on each switch.
 

Attachments

  • network diagram.JPG
    network diagram.JPG
    24.5 KB · Views: 64
Questions:

1. What is your subnet mask?
2. Is the link from the first linksys router to the second connects to the second's WAN port?
3. Is the DHCP server on the linksys routers disabled?
 
if you are having 2 network - why is it all in 1 loop - this could cause the trouble no?


i dont see why you have everything @ the end going into a switch

it should be

internet------Router 1->----> |Server-------------> Computers
------------------------------|Router 2-----------> Computers
 
I thought it was a loop as well but since one of the links goes to a server and the other I hope goes to the WAN port of the linksys there is no loop.

Think of this as the poor man's way of doing VLANs. ;)
 
like this - and as said you also have to be sure you have your secondary routers that come afgter your first linksys configured properly to be able to communicate to the other routers for the DHCP tables and such.
 

Attachments

  • network.jpg
    network.jpg
    25.1 KB · Views: 56
But that doesn't allow the server to provide DHCP for the second network and possibly other services that require layer 2 connections (If he's running Active Directory for example).
 
What are you using for your DHCP server? are you using windows? Linux ? if so why not just put that windows box after your modem and use a 3rd party ICS program which could also allow you to speratre your network and people and permissions - such as ISA / MS proxy server or the variant for linux..

this way you ditch 2 routers that are just making the set up complicated and no reason for them.
 

Attachments

  • easy.jpg
    easy.jpg
    25.9 KB · Views: 60
Smokeys said:
But that doesn't allow the server to provide DHCP for the second network and possibly other services that require layer 2 connections (If he's running Active Directory for example).
Click to expand...

but cant he configure that in his routers tables for staic routes? I think that is the error here is the looping of the network... not sure - just assume, i am by far a network pro.
 
Mr.Guvernment:
IMHO, Forward facing a server which provides possibly critical services (DNS and DHCP is something I concider critical) in a production enviroment isn't a good practise unless you are extremly short on hardware.

Routers need to support DHCP Relay in order to forward DHCP broadcasts across layer 3 boundries, linksys routers do not have this support.
 
Smokeys said:
Think of this as the poor man's way of doing VLANs. ;)
Click to expand...
Exactly. :)

The DHCP server is win2003, running active directory. The second router is set to gateway mode.

The DHCP on all routers was disabled.
The second router is connected to the first via its wan port.
Subnet is 255.255.255.0


The reason we did not have the server before the routers is cause we wanted the server behind the router. It may be better however to just put a third nic on the server and use that to get the router and the other two nics to get to the segments. We wanted it segmented cause the portion behind the second router we have a dept that stages small networks (often with their own dhcp enabled router) and we want to keep that away from our critical users who have been shut down by being given duplicate ip addresses and just to isolate the broadcast traffic.
 
Last edited:
I do not believe i had rip enabled. I'm not familiar with setting up rip on the linksys routers. Any words of wisdom?
 
Smokeys,

thanks for that info, i would assume with this system in front of that dhcp server would be a very secure firewall system of some sort in a production environment.

Myself here at our work it took me forever to convince my boss who knows nothing about a smiliar set up you talk about.
 
You must log in or register to reply here.

Similar threads

BruceUSA
Synology NAS help Please
Replies
4
Views
110
=XAF=AfterShock
=XAF=AfterShock
V
Router or the device gets dropped form the active clients list in the Router after 20 seconds
Replies
3
Views
347
don256us
don256us
B
Ethernet Cables and Best Cat Rating. Some Thoughts
Replies
3
Views
189
Railgun
Railgun
BugFreak
Error 5303 when accessing Office apps
Replies
0
Views
580
BugFreak
BugFreak
J
Trouble Shooting KVM USB Isssue
Replies
11
Views
207
jmh547
J
Back