Put DCs on separate VLAN-considerations?

7minabs · 2015-01-02T16:24:51.000Z

I have a vlan I am using as somewhat of a limited sandbox. I want to start moving my servers over to it. I want to start with my 3 DCs. My DNS is an active directory integrated zone as are the other divisions. I am thinking that all should go well if I manually update DNS with the new ips and do a repadmin /syncall. What else should I be considering? Will I have to manually update Sites and Services as well? thanks

Gary-D-Williams · 2015-01-02T16:28:51.000Z

Yes, you’ll need to update sites and services with the IP ranges or you’ll get errors in the event logs stating that it isn’t sure which site needs to authenticate users.

It’s not a major issue but it is annoying

7minabs · 2015-01-02T16:35:52.000Z

So under subnets just *add the new range? In other words, once I separate the DCs from the rest of the lan, do I keep both sets of ranges ? ex:

Division A

172.16.0.0 (current flat network)

192.168.0.0 (vlan network that will include the DCs)

Keep both in the ‘subnets’ section of Sites and Services or delete 172.16.0.0 and replace with 192.168.0.0 for Division A?

Thanks

Gary-D-Williams · 2015-01-02T16:36:53.000Z

Yes, that’s all you need to do.

I’d also suggest that you move one DC and test the process out. Once you change the IP address reboot the box so that it updates everything with the new IP.

Ethan6123 · 2015-01-02T16:40:27.000Z

Are your DCs also your DHCP servers? If so you’ll want to add a helper address on the old subnet pointing to the new address of the DC/DHCP server(s).

7minabs · 2015-01-02T16:43:55.000Z

Yes, one is thanks for the catch!

7minabs · 2015-01-02T17:01:21.000Z

Ok Ethan, from a Poblano to a Tabasco, as long as the DHCP range is listed; won’t everything be ok since the DHCP server will advertise itself as such? I only ask because I am unsure where to config the helper address.

lenmc · 2015-01-02T17:10:21.000Z

if its a new subnet being routed by a layer 3 switch or router you will need a dhcp helper. without a dhcp helper enter subnet a will not know that it has to go to the dhcp server in subnet b to get IPs for the machines in subnet a.

7minabs · 2015-01-02T17:17:43.000Z

Ok, it sounds like I’d be configuring that on my Fortigate since my core switches cannot inter vlan route. I think I have enough now thank you all.

Ethan6123 · 2015-01-02T17:36:59.000Z

Cdog:

Ok Ethan, from a Poblano to a Tabasco, as long as the DHCP range is listed; won’t everything be ok since the DHCP server will advertise itself as such? I only ask because I am unsure where to config the helper address.

Actually no. Clients send out DHCP requests to the local subnet asking for a DHCP server to respond but these requests don’t automatically cross to other VLANs. You need to add a helper address to each subnet without a DHCP server on whatever device will be doing the VLAN routing (i.e. layer 3 switch or router).

Cdog:

Ok, it sounds like I’d be configuring that on my Fortigate since my core switches cannot inter vlan route. I think I have enough now thank you all.

Yup, sounds like you’ve got the picture.

matthew-b · 2015-01-02T21:51:44.000Z

Can i ask why you want to do this?