Hi, we've just removed access list from Synetrix router so that
School range 10.74.140.* can access to Office range 10.74.138.* and vice versa
Subnetmask on both is 255.255.255.0 and domain controller sits on school network at 10.74.140.10 and Dns is on same ip. AD machine is Win 2003
When i ping ips I can reach to one range from other but dns doesn't resolve local names.
DHCP adress pool on Ad set to 10.74.140.20-250.
I want to join 10 computers on Office to domain with their current static ips at 10.74.138.* range as 10.74.140.* getting crowded every day as we add more PC's to network.
What are my options? How can i set Ad to provide and resolve ips for both ranges?
Last edited by POWict; 20th July 2010 at 03:43 PM.
To me your two networks shouldn't be able to talk to each other. If you want this to happen it would seem (but don't take this as golden) that you either need to bring one network into the other range, or even change your subnet to extend your network range.
Thanks for replies.
When they setup school network (i have no info who) they specifies a very large subnet it is 255.0.0.0 and after some test i noticed that i can resolve names that belong to 10.74.140.* from 10.74.138.* range by putting domain name at the end, so ict-00 wouldn't resolve but ict-00.prince.local resolves fine. So, i assume joining office pcs to AD with static ip at 10.74.138.* with DNS server as Domain's DNS server would solve the problem.
What would you advice?
just join them to domain with static ips at 10.74.138.*? ( filtering policy less agressive on this range for office)
delete current scope and re create it with small subnet?
move office pc's to 10.74.140.* and leave 10.74.138.* empty?
You could have another scope in DHCP for your office range with the appropriate settings but your router would need to pass the DHCP/BOOTP between the router interfaces. This is usually the IP help parameter in the vlan settings.
Thanks, unfortunatelly i don't have access to router. It is provided by synetrix and they don;t allow us to access it. I think I'll have to leave 138 range empty for now
Yeah I would bring everything into the 138 range. If you are confident that your security policies are sound there should be no other reason for the second range.
There are currently 1 users browsing this thread. (0 members and 1 guests)