Creating subnets liddlem 12/21/2008 6:08:00 AM Hi Folks This message previously posted at Server/SBS, but I was advised to put it in Servers/Windows Server 2003 or WS 2008 - I can seem to find either, so I hope this is now the right location? I am busy setting up a network in a school and need to have more than one subnet as we will run out of ip addresses when new PCs are purchased soon. Seperate servers are being run up for staff and students respectively. Someone has suggested that I establish 2 seperate domains (one on each server) rather increase the subnet range. Apparently...windows explorer takes a lot longer to explore the network when there is a wider subnet???? So the recommended/suggested network would look like this . . . STAFF.DOMAIN | STUDENT.DOMAIN AdminSvr StaffSvr | StudentSvr 192.168.1.1 192.168.1.2 | 192.168.2.1 But I do have a few issues with this configuration.. 1) I would like Staff to have access to the Student SERVER, but not the other way. I can manage this via GP. 2) Staff often log onto student PC (in the student PC lab) for training or because they dont have a desktop PC of their own. So I cannot lock the PC lab machines to the student domain only. 3) How do I share common printers? 4) and then the obvious - I would have to manage 2 sets of AD, 2 intranet sites, 2 etc etc. So my questions are.... 1. Will increasing the subnet range (or is that "scope"?) slow down Windows Explorer response time THAT much? If NOT . . . then. . . 2. How do I actually go about increasing the range? eg, what do I need to do to adjust the subnet range? Is it simply a case of changing the subnet mask on the DHCP to "255.255.WhatValue.0" ? 3. Would it be both possible and wise, to assign all the peripheral devices (printers, routers, switches, hubs etc) a static IP on a subnet of their own (eg: 192.168.3.x) 4. Would I need to tell the DHCP to issue IPs based on user profile (EG STAFF get 192.168.1.x and STUDENTS get 192.168.2.x) or does this not matter? Thanks -- Lots2Learn

Re: Creating subnets "Dave Patrick" <DSPatrick[ at ]nospam.gmail.com> 12/21/2008 3:02:46 PM You'll want to also ask here. x-posted to: microsoft.public.windows.server.networking -- Regards, Dave Patrick ....Please no email replies - reply in newsgroup. Microsoft Certified Professional Microsoft MVP [Windows] http://www.microsoft.com/protect "liddlem" wrote: [Quoted Text] > Hi Folks > This message previously posted at Server/SBS, but I was advised to put it > in > Servers/Windows Server 2003 or WS 2008 - I can seem to find either, so I > hope > this is now the right location? > > I am busy setting up a network in a school and need to have more than one > subnet as we will run out of ip addresses when new PCs are purchased soon. > Seperate servers are being run up for staff and students respectively. > > Someone has suggested that I establish 2 seperate domains (one on each > server) rather increase the subnet range. Apparently...windows explorer > takes > a lot longer to explore the network when there is a wider subnet???? > > So the recommended/suggested network would look like this . . . > > STAFF.DOMAIN | STUDENT.DOMAIN > AdminSvr StaffSvr | StudentSvr > 192.168.1.1 192.168.1.2 | 192.168.2.1 > > But I do have a few issues with this configuration.. > 1) I would like Staff to have access to the Student SERVER, but not the > other way. I can manage this via GP. > 2) Staff often log onto student PC (in the student PC lab) for training or > because they dont have a desktop PC of their own. So I cannot lock the PC > lab > machines to the student domain only. > 3) How do I share common printers? > 4) and then the obvious - I would have to manage 2 sets of AD, 2 intranet > sites, 2 etc etc. > > So my questions are.... > 1. Will increasing the subnet range (or is that "scope"?) slow down > Windows > Explorer response time THAT much? > If NOT . . . then. . . > 2. How do I actually go about increasing the range? eg, what do I need to > do > to adjust the subnet range? Is it simply a case of changing the subnet > mask > on the DHCP to "255.255.WhatValue.0" ? > 3. Would it be both possible and wise, to assign all the peripheral > devices > (printers, routers, switches, hubs etc) a static IP on a subnet of their > own > (eg: 192.168.3.x) > 4. Would I need to tell the DHCP to issue IPs based on user profile (EG > STAFF get 192.168.1.x and STUDENTS get 192.168.2.x) or does this not > matter? > > Thanks > > -- > Lots2Learn

Re: Creating subnets "Robert L. \(MS-MVP\)" <findemail[ at ]chicagotech.net> 12/21/2008 3:54:30 PM This is not easy situation and I am not sure you can do all of them. Here are our school setup. 1. All switches and router/firewall are Cisco equipments. 2. We have 4 VLAN: staff LAN, student LAN, Public wired and public wireless. 3. We configure access lists to allow staff LAN to access the student LAN. We also cerate access list to allow IT staff access all VLANs. 4. We don't allow student or public LAN access the staff LAN. However, you should be able to create access lists to allow student LAN to access restricted devices in the staff LAN. 5. If the teachers and students are sharing the same printers, we will setup the printers in the student LAN because teacher can access them. 6. To change the IP class from C to B, most DHCP clients should work. You may need to work on all servers and devices such as printer manually. How do you setup VLAN? This Cisco question. -- Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "Dave Patrick" <DSPatrick[ at ]nospam.gmail.com> wrote in message news:u1P6w03YJHA.1964[ at ]TK2MSFTNGP02.phx.gbl... [Quoted Text] > You'll want to also ask here. x-posted to: > microsoft.public.windows.server.networking > > > > -- > > Regards, > > Dave Patrick ....Please no email replies - reply in newsgroup. > Microsoft Certified Professional > Microsoft MVP [Windows] > http://www.microsoft.com/protect > > > "liddlem" wrote: >> Hi Folks >> This message previously posted at Server/SBS, but I was advised to put it >> in >> Servers/Windows Server 2003 or WS 2008 - I can seem to find either, so I >> hope >> this is now the right location? >> >> I am busy setting up a network in a school and need to have more than one >> subnet as we will run out of ip addresses when new PCs are purchased >> soon. >> Seperate servers are being run up for staff and students respectively. >> >> Someone has suggested that I establish 2 seperate domains (one on each >> server) rather increase the subnet range. Apparently...windows explorer >> takes >> a lot longer to explore the network when there is a wider subnet???? >> >> So the recommended/suggested network would look like this . . . >> >> STAFF.DOMAIN | STUDENT.DOMAIN >> AdminSvr StaffSvr | StudentSvr >> 192.168.1.1 192.168.1.2 | 192.168.2.1 >> >> But I do have a few issues with this configuration.. >> 1) I would like Staff to have access to the Student SERVER, but not the >> other way. I can manage this via GP. >> 2) Staff often log onto student PC (in the student PC lab) for training >> or >> because they dont have a desktop PC of their own. So I cannot lock the PC >> lab >> machines to the student domain only. >> 3) How do I share common printers? >> 4) and then the obvious - I would have to manage 2 sets of AD, 2 intranet >> sites, 2 etc etc. >> >> So my questions are.... >> 1. Will increasing the subnet range (or is that "scope"?) slow down >> Windows >> Explorer response time THAT much? >> If NOT . . . then. . . >> 2. How do I actually go about increasing the range? eg, what do I need to >> do >> to adjust the subnet range? Is it simply a case of changing the subnet >> mask >> on the DHCP to "255.255.WhatValue.0" ? >> 3. Would it be both possible and wise, to assign all the peripheral >> devices >> (printers, routers, switches, hubs etc) a static IP on a subnet of their >> own >> (eg: 192.168.3.x) >> 4. Would I need to tell the DHCP to issue IPs based on user profile (EG >> STAFF get 192.168.1.x and STUDENTS get 192.168.2.x) or does this not >> matter? >> >> Thanks >> >> -- >> Lots2Learn >

Re: Creating subnets "Phillip Windell" <philwindell[ at ]hotmail.com> 12/24/2008 7:32:46 PM "liddlem" <liddlem[ at ]discussions.microsoft.com> wrote in message news:B8958488-5CBB-4C19-9EB5-348C33A0BF77[ at ]microsoft.com... [Quoted Text] > Hi Folks > This message previously posted at Server/SBS, but I was advised to put it > in > Servers/Windows Server 2003 or WS 2008 - I can seem to find either, so I > hope > this is now the right location? > > I am busy setting up a network in a school and need to have more than one > subnet as we will run out of ip addresses when new PCs are purchased soon. > Seperate servers are being run up for staff and students respectively. > > Someone has suggested that I establish 2 seperate domains (one on each > server) rather increase the subnet range. Apparently...windows explorer > takes > a lot longer to explore the network when there is a wider subnet???? That would be a silly reason to create a Domain. Subnets and Domains really have no relevance to each other at all. > So the recommended/suggested network would look like this . . . > > STAFF.DOMAIN | STUDENT.DOMAIN > AdminSvr StaffSvr | StudentSvr > 192.168.1.1 192.168.1.2 | 192.168.2.1 If the Mask is 255.255.255.0, fine, that looks good. Subnets should be allowed to be over 250-300 Host and that mask gives 254 hosts,...perfect. > But I do have a few issues with this configuration.. > 1) I would like Staff to have access to the Student SERVER, but not the > other way. I can manage this via GP. Define "access"?? That could mean anything. And GP may not even be relevant. You never access "a Server",...you access resources presented by the Server,... and access is controlled differently based on what those resources are. The File System access is controlled by NTFS permissions and Share permissions,...other types or resources are controlled in other ways. I don't see how GP has anything to do with that. > 2) Staff often log onto student PC (in the student PC lab) for training or > because they dont have a desktop PC of their own. So I cannot lock the PC > lab machines to the student domain only. Not relevant. That is the wrong way to look at securty anyway. You are looking at it as protecting "machines from other machines",...instead of,...protecting Resources from User Accounts > 3) How do I share common printers? A "shared" printer is a specific thing,...it is controlled by user account via Share Permissions just like the File System is done. If you mean you have Printers running from a TCP/IP Port then those are not "shared",...they are simply available to anyone. But they can only be installed on a machine as a "local" printer by an administrator. They are available to all users on the machine once that is done. So,... don't let people be Local Admins on their machine if you don't want them installing anything. > 4) and then the obvious - I would have to manage 2 sets of AD, 2 intranet > sites, 2 etc etc. Forget two Domains,...run one Domain. There are no "sites" in this discussion. Classroom Domains in classes where they are teaching students about working with Domains are irrelevant and are torn down, built up, torn down,built up over and over and they do not interact with the School's Domain. They are irrelevant and are not considered in this. > So my questions are.... > 1. Will increasing the subnet range (or is that "scope"?) slow down > Windows > Explorer response time THAT much? Keep the number of hosts per subnet to 250-300,...but if you hit 301 it is not going to crash and fall on its face. But the big problem is that you have now created a structure that is difficult to undo. You can not use all the addresses it now posseses because it *would* be too big *then* and you can not use them else where because you would create address conflicts so you have effectrively thrown away hundreds of addresses. It is this simple: Create a mess, the mess will always grow,...do not create a mess and you will never have a mess. > If NOT . . . then. . . Limit the subnets to less than 300 hosts. So use 255.255.255.0 which gives 254 and leave it that way. Create more subnets if you need them and insert LAN Routers between them. Yes the school can afford a LAN Router or two,..if they can put gas in the school bus they can afford a couple LAN Routers. Whether you create the new segments and run them with static addresses or use DHCP is kind of irrelevant. But if you use DHCP all you do is create a *NEW* Scope (no superscopes!!) for the new Subnet and that is it,...nothing else on the DHCP Server. Then on the LAN Routers between the subnets all you do is configure them to forward the DHCP queries to the DHCP Server. In some routing products these may be called Helper Addresses,...in others they may be called something else,...read the router's documentation. -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------

Re: Creating subnets Rich Wonneberger <turtil[ at ]frontiernet.net> 12/25/2008 1:29:39 AM Phillip, Wouldn't it be 253 usable addresses? 0 is the network, 255 is the broadcast address. Rich W. Phillip Windell wrote: [Quoted Text] > > Limit the subnets to less than 300 hosts. So use 255.255.255.0 which gives > 254 and leave it that way. Create more subnets if you need them and insert

Re: Creating subnets "Phillip Windell" <philwindell[ at ]hotmail.com> 12/29/2008 5:10:16 PM "Rich Wonneberger" <turtil[ at ]frontiernet.net> wrote in message news:eVaIBBjZJHA.552[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > Phillip, > > Wouldn't it be 253 usable addresses? > 0 is the network, 255 is the broadcast address. Hi, Rich, From 0 to 255 is 256 "places" because the 0 counts as well. So after you drop the "0" and the "255" because they are the Network ID and the Broadcast Address, that leaves you with 254 (1-254) hosts. -- Phillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------

Re: Creating subnets Rich Wonneberger <turtil[ at ]frontiernet.net> 12/30/2008 4:03:36 AM Phillip, You are correct. I must have had a bad day. Rich W Phillip Windell wrote: [Quoted Text] > > From 0 to 255 is 256 "places" because the 0 counts as well. > > So after you drop the "0" and the "255" because they are the Network ID and > the Broadcast Address, that leaves you with 254 (1-254) hosts. >