DNS-Multiple Default Gateway

Discussion in 'DNS Server' started by Ferg, Jul 24, 2009.

  1. Ferg

    Ferg Guest

    G'Day All,

    Greetings and best wishes. I posted this on the AD list but, after thinking
    about it, I believe this list is the better one.
    I have searched high and low for a solution here and am stumpped. I have not
    found anything. I am trying to accomplist the following.

    In my AD I have 3 OU - <Staff>, <Associates>, <Partners>
    I also have two different internet connections each with their own firewall,
    LAN IP, and range of WAN IPs. Internet Connection #1 Internet Connection #2

    How can I, through AD, Logon Scripts, DNS, DHCP or whatever, set <STAFF> to
    ALWAYS use Internet Connection#2 as the default gateway,
    <Associates> and <Partners> to ALWAYS use Internet Connection#1 as the
    default gateway.

    Many thanks

    Ferg, Jul 24, 2009
    1. Advertisements

  2. Anthony [MVP], Jul 24, 2009
    1. Advertisements

  3. Ferg

    Ferg Guest

    Thanks very much for the reply. Can you please expound on your reply as I do
    not currently have any VLAN configured.

    Ferg, Jul 24, 2009
  4. Ferg

    Ferg Guest

    By the way. I filled out Contact Airdesk on your website as I have a
    possible CITRIX project. Look out for it.

    Ferg, Jul 24, 2009
  5. Hello Ferg,

    Answered to the same posting with different subject "AD-DNS-DHCP" microsoft.public.windows.server.active_directory

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Jul 24, 2009
  6. Ferg

    Ferg Guest

    Thanks very much. 'preciate it greatly....

    Ferg, Jul 24, 2009
  7. I responded as well. Keep in mind, most, if not all the engineers/responders
    in these group, monitor both of these groups, as well as many other groups.

    Ace Fekay [MCT], Jul 25, 2009
  8. What type of switch do you have (brand/model)? Is it VLAN capable?

    If so, what Anthony's suggesting is to pick a port on the switch, say port
    #7, set that to VLAN1, provide an IP subnet for the one group of folks, and
    plug another switch into this port tha thave all the workstations from that
    group plugged into it. Then pick another port, say port #8 and create VLAN2,
    provide a separate IP subnet, then plug a whole different switch into it
    that has the other group of workstations plugged into it. Each VLAN can be
    defined to have it's own gateway, which of course you would need to
    configure another port with that ISP's router plugged into it. Say if ISP1
    is plugged into port1, then create a trunk between port1 and port7. Then
    plug ISP#2 into port2, then trunk that to port8.

    Make sense? If not, I would suggest to put in a call to your switch vendor's
    support to ask them for asistance. They will be more than happy to help. If
    you don't have a VLAN capable switch, they are relatively inexpensive these
    days. An 8 port Cisco or Dell may cost you $100 or so, or even look at some
    of the auction sites to get it for a fraction of that.

    Ace Fekay [MCT], Jul 25, 2009
  9. Thanks, I will look out for it

    Anthony [MVP], Jul 25, 2009
  10. Ferg,
    Exactly as ACE describes.
    If you have separate VLAN's they will get different DHCP options. You just
    need to assign the ports on the switch to the required VLAN, but that is
    easy to do, and you should already be administering the ports for Access
    security purposes.

    More generally, it sounds as though you want to provide a different Quality
    of Service for different users. Using different gateways is a physical
    implementation of this, but wasteful and inflexible. Unused bandwidth cannot
    be used even by low priority services, and you don't have load balancing.
    Using QoS you could assign different priorities to different hosts. Then
    Staff (or servers) could use all the bandwidth they want but Associates or
    Partners would bump them down when they want it. You would need to
    investigate the QoS options for whatever type of equipment you have, or buy
    a traffic shaping device,
    Hope that helps,
    Anthony [MVP], Jul 25, 2009
  11. Ferg

    Grant Taylor Guest

    I'm betting that you are wanting to set things up so that <Staff>,
    <Associates>, <Partners> can log on to any computer and always use the
    appropriate internet connection regardless of what computer they are on.

    Presuming that this is the case I would look at implementing a login
    script (based on OU GPOs) that run a route command to set the
    appropriate default gateway. I.e. for <Staff>

    route add mask

    You might also want to consider a fourth group, that being any body /
    thing that is not part of the <Staff>, <Associates>, <Partners> OUs,
    like systems that have no one logged in to them that want to pull
    Windows and / or AV updates. I would set the gateway that DHCP hands
    out to be this gateway and use scripts to change things as needed based
    on OU.

    Grant. . . .
    Grant Taylor, Jul 25, 2009
  12. Ferg

    Ferg Guest


    Thanks again. That's exactly what I did.

    'preciate it.
    Ferg, Jul 27, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.