Ok this may be alot to take it at first, but stay with it...
I am head of IT at a community centre, and i want to set up DHCP role on a Windows server 2008 32bit Server. The server currently has 1 static ip, and gets it's internet from a standard router, and lets say that is adapter 1.
I have installed another network card in it, which i intend to provide and connection for all the client PC's, which are running off a switch. The DHCP going from adapter 2 i want to have a different subnet. So this is how it currently looks...
IP address: 192.168.1.19 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.254
IP address: 172.25.16.1 Subnet Mask: 255.255.252.0 Default Gateway: 172.25.16.1
All i want adapter 1 to do, is supply the server, and the clients running off adapter 2, a internet connection. The way i thought to do this is to share the connection from adapter 1 to adapter 2, but after a bit of research, it turns out you cannot share a internet connection under the same subnet.
So, is there a way to get a internet connection to adapter 2 for the clients? Effectively, the network will have 2 DHCP servers, the server, and the router. I want the client PC's to not know about the router, and have their IP addresses and Internet come "from the server".
Ok it's a bit long winded, but i think i explained well enough, help will be grately appreciated!
There are several ways to accomplish this. The best approach in my opinion is to connect this DHCP server and all of hte client to a switch that is connected to the router. On the router, turn off DHCP services.
Next, do not enable more than one NIC on the DHCP server, its not necessary. Place all clients on the 192.168.1.x/24 subnet. Just create one DHCP scope on the DHCP server for this subnet. So, you will create a range for IP leases, subnet mask = 255.255.255.0, their default gateway will be 192.168.1.254 and their DNS settings will be whatever DNS you want to use for your server and clients... it can be the router as well since the router is performing a DNS Proxy role.
Why is this a better solution than what you proposed... its a simpler design, easier to configure and troubleshoot. What you proposed will require that you enable routing and remote access on the DHCP server and either add NAT, or full routing between the server and your edge router. Full routing will require that you add routes on your router for the 172.25.16.x segment. I do not recommend this design.
You can do what JorgeM suggests, or you can separate the clients from the router, physically, and turn your server into a router. That way, they can ONLY get their IP addresses from the server. It will require more work on your part, and all the client traffic will get routed through your server's two NICs, but it WILL key the clients from accessing the router directly.
Thank you both for your input. JorgeM, that is moreless how the network was before I took over, and yes I agree it's definitely the easiest way around it. Rubberman, I know it's more work but that is what I would like to do ideally, as I don't want the clients to know about the router. I have thought about turning DHCP off in the router, but my reason for going against that is because it hosts a wireless access point in which Visitors can connect to, and I'm not sure they could connect through the server DHCP scope?
Passing all of your traffic through the server may slow down your Internet traffic. A windows box will not route as quick as your $39 router. In addition, as I mentioned, its another layer on your network.
In any case, you will have to leave both DHCP services up and running because you will not be able to create multiple DHCP scopes on the router.
Therefore, on the DHCP server go into its bindings from the DHCP admin console and uncheck the binding for the NIC on the 192. Network. You'll only want DHCP to listen and serve on the other NiC. This DHCP server would be able to service your clients only if the router had a DHCP relay agent service, also known as IP helper in the Cisco world. Since it likely doesn't you will need to leave both running. This will force you to ensure that you don't place clients on the wrong subnet.
Next, on the server , you will need to enable RRAS and enable NAT so you don't have to worry about the routing, but this config creates a double NAT on your network. No big deal but if you don't want this option, you will need to configure routes on both th server and router.
I have a videos related to RRAS on my channel you can refer to.
thanks for your input, i understand from where your coming from, but i dont mind extra work/another layer onm the netork. The network is all gigabit (1000MBPS), except the router is only megabit (100MBPS) so im not sure the server would slow anything down. I justr really need 2 networks, one from the router DHCP for wireless devices, and a wired DHCP network coming from the DHCP on the server, on 2 different subnets. Thanks again.
im not sure why, but i think because the router is under such constant heavy load, and the fact that it is only basic, not all my group policies are going through. Some things are taking a while, such as folder redirection, all i want is for the clients not to go through the router, and to just go to the server, using that as the router. does that make sense? I just thought that if the only place the clients are being slowed down is the router, take that out the equation...?
A windows router is much slower than even the most inexpensive consumer based router. You need to investigate the actual cause if the problem before you make changes to your network design, just my two cents.
I aggree, Windows SUX! I have a question, what exactly are you using the server for? Is it just for routing purposes? If it is, take that crappy widows off of it and install something like PFSense. If your running group policies on the server, then find an old computer that is not being used and add your second nic to it and load PFSense on it. With the PFSense box, you have a whole lot more functionality then you do with your basic router (like running several different subnets as well as caching and onboard antivirus as well as the firewall features) and it can all run off of a small computer. Go to this link and watch the video http://www.youtube.com/watch?v=Q0JFfpG4BWI . Any questions, just hit me back.
Hmm ok i understand, thanks. To be honest, i dont really want to get rid of the server, espicially as its fairly new, but i do need it for GP, folder redirection, and it is also doing windows deployment, which is very useful.