1

I am building a windows based network for my 'medium sized' business and I am only used to linux/mac networks. Any help is greatly appreciated! :)

This is the setup I have:

T1 from at&t, and a fancy router from them. We are using their IP-flex service and will also attach an avaya ip office for my phones... later. A few different Windows servers, everything is 2008R2, but really my questions revolve only around one of these units which is active directory - domain controller, dns, and dhcp server. I have a couple of fully managed dell switches, and a Juniper ssg5 for vpn to connect to our one other location and for road warriors.

This is where I am now:

We have a single static IP from at&t from their router they setup, and I am primarily confused about the network structure. I originally connected the router to the switch, and configured it with the static IP, subnetmask, and dns provided by at&t. I thought that the switch would have that as an external address and I could assign it a static internal ip, kinda like a router, but I don't think that's how a switch like this works so I tried something else.

Currently I have connected the router to my domain controller/dhcp/dns server via en1 with the static info from at&t. Then on en0 I have it statically set to a 172.16.. and connected that to the switch, and assigned the switch another 172.16.. ... this seems to be nearly right, I have connected a client to the switch and it has joined the domain successfully and received a dhcp address and configuration information. However, while it connects to the local network, it cannot reach the internet. I believe it will not because of the default gateway information, I've tried to set it to the routers static IP, server's 2 static IPs, and the switch's IP via the Scope Options within the dhcp server but nothing seems to work, the configuration is updated everytime.

I am starting to believe I need to first connect the at&t router to the juniper, and then connect the juniper to my domain controller while keeping the switch connected to the other ethernet port on that server or connect the switch to the juniper. Does this make sense?

Again thank you so much for any suggestions! :) I am happy to answer any questions you may have for me as well!

jtrip
  • 41
  • 1
  • If you haven't purchased your server(s) yet, I'd highly recommend going with Microsoft Small Business Server 2011 Standard. Inexpensive, comes with Exchange (mail), Remote Web Workplace (Web-based remote access), SharePoint, and of course DHCP/DNS/VPN services. – gravyface May 07 '11 at 22:40
  • DHCP certainly doesn't have to be handled by one of the Windows servers -- depends on what you need, though. One of our Linux boxes is our firewall/router between us and the rest of the campus network, and it handles DHCP for our Windows systems without problem. We've even got it handing out the necessary pieces for PXE-booting unattended Windows 7 installs using Microsoft Deployment Toolkit (MDT is running on a Windows server, however). – Mike Renfro May 08 '11 at 00:13
  • In a domain environment, it's recommended to use Windows DHCP. – gravyface May 08 '11 at 01:30

1 Answers1

4

A typical setup would look like this:

T1 <-> Juniper firewall <-> Managed Switch(es) <-> Server

  1. Your Juniper firewall's WAN interface needs to be configured with the static IP address provided by your ISP.
  2. The Juniper firewall's LAN interface should be configured with an RFC 1918 private IP address (e.g. 192.168.x.1) and it should provide NAT but not DHCP.
  3. Your Windows domain controller(s) will provide DHCP and DNS.

One common misconception about T1s is that they must be fast because they are so expensive. At only 1.5 Mbps (about one tenth the speed of a typical home internet connection in an American city), T1 internet connectivity may be severely inadequate for shared use in a business environment, particularly if it is being used for VPN access. If, by "medium-sized," you mean a business with something on the order of 50-250 employees, you almost certainly should be looking into a second internet connection with more bandwidth.

Have you considered hiring a consultant to assist with some of the less familiar details of this project?

Skyhawk
  • 14,200
  • 4
  • 53
  • 95
  • Thank you so much! In hindsight it seems like a silly question, I think I've just been having a hard time wrapping my brain around it all and distracted by the domain stuff. I was also concerned that the juniper is not gigabit and would create a bottle neck. I appreciate your concern about the size and speed of our network, really 50 users is actually an over estimate right now, but thanks! – jtrip May 07 '11 at 21:55
  • 1
    You bet. Definitely no need to worry about building a gigabit path to the internet connection if the internet connection is only 1.5 Mbps. The T1 itself is the bottleneck. – Skyhawk May 07 '11 at 22:19