0

If I have 3 different sub nets with 255.255.255.0 mask, 192.168.0.X, 192.168.1.X, and 192.168.2.X with the servers behind the .0.X subnet, will clients on the .1.X and .2.X subnet be able to log into the domain or do they need a server to log into on their same subnet?

Also, if I have servers on two or all three of the subnets, will changes in one server that has replication turned on replicate out to the other servers on the different subnets?

6
Contributors
9
Replies
10
Views
13 Years
Discussion Span
Last Post by bentkey
0

Hello,

I have setup systems where each subnet receives their own NIC in the server. If you have a router in there, I am sure you can get it all to work for you. Or, if you would re-consider your scheme, so that you use a 10.x.y.z network, you can then get it to work properly, because the octals in the subnets allow for more network possibilities than a class-c network.

What kind of clients are you talking about? If they are Win95 machines going to a NT server, you are going to need WINS in there somewhere. If they are over pure IP, then you could be OK.

Please expand on this a bit more, and if you can, draw a little .jpg diagram of what we are looking at.

Christian

0

Does 10.x.y.z not get used on the i-net like 192.168.x.x?

0

Hello,

Yep, 10.x.y.z is a protected subnet. My router is 10.10.1.1, and subnet mask is 255.0.0.0 The router will accept packets from 10.10.1.x, 10.10.2.x, 10.10.3.x and so forth. Can even do a 10.20.1.x and 10.30.1.x because of the subnetting flexibility.

I do not think that you can get a 192.168.1.1 device to catch a packet from 192.168.4.x because of the subnet mask and the limit of hosts on that network.

Remember, a 192.168.1.x/24 network will only have 253 possible hosts (because .0 refers to the whole network, and .255 is the mask).

All the companies that I have done work for had an internal 10.x network. Matter of fact, one that my sister works at has 10.x and my internal network was 10.x and her VPN would not work because the routing thought that her Citrix servers were located inside of my parent's house. I had to re-do the parents network to 192.x.y.z so that the VPN would route packets through the firewall properly, and stop looking for hospital citrix servers near my parents furnace.

Christian

0

I beg to differ. Sorry. A router can send packets from any network to any network that is connected directly to it. All that it needs is a route (the knowledge of a path to a particular subnet existing through a particular interface) and it will pass the packet that way. The PCs only know that the PC they are sending to isn't on their local subnet so they hand the packet off to the default gateway (spelled router) and basically say "Here you deal with this" the router looks through it's route list for the network, if it finds it, it shoves it out that interface. That's it. But it can get hairy configuring routers.

bentkey MCSE,CCNA

0

That will only work if the computers are on the same physical network, but why on earth would anyone use different IP subnets and IP ranges on the same physical network? Which actually gets back to his original question which I never completely answered either. A router is completely capable of routing the two network addresses, but Microsoft networks rely on a lot of other (let's call them sub protocols) for its services to function. So TCP/IP connectivity isn't enough. That's why you can't just browse files across the Internet. To have a fully functioning MS network like this you need some sort of VPN tunnel. The VPN tunnel then encapsulates all the other protocols in TCP packets and sends them each way, basically "bridging" the two desparet networks.

0

You would use different subnets and IP ranges on the same physical network to separate them...for instance, if you were to have your router on the 192.168.0.X and your other satellites at 192.168.1.X and 192.168.2.X and if you threw up a wireless DMZ or something for gaming you could set it up with an entirely different net of 10.x.y.z if you wanted to separate it.

Why? Because then you could use tcpdump or other packet management and logging software to check traffic in and out. Plus it allows you to set up custom firewall rules that you can enforce for say...gaming in our example above...that won't be forced on your normal rules. This also allows you to optimize/mangle the packets coming in and out for LAN gaming. Do you have to use different addy's? No...you could just as easily use 192.168.4.X....but I always use a completely different addy for my wireless and keep the 192.168.X.X for my wired clients...it allows me to tell the difference (Even if I'm loggin in remotely). It just makes things more uniform and offers less questions.

0

Good point, I never thought of it for organizational purposes only. I would have always seperated them physically as well, at least on different VLANS. In business networks the concern is normally traffic and security.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.