Active Directory and multiple vlans

[Guest]

I have not been able to find the answer to this anywhere, so lets try here.

I want to know if it is possible to set up active directory to work with
multiple vlans? The idea was to set up the switch port the primary and
backup DC are connected to as trunking so all vlans can talk to that port.
Then, set up multiple IP's on the NIC (virtual ip's).

Does active directory support this?

 

[Herb Martin]

I have not been able to find the answer to this anywhere, so lets try here.

I want to know if it is possible to set up active directory to work with
multiple vlans? The idea was to set up the switch port the primary and
backup DC are connected to as trunking so all vlans can talk to that port.
Then, set up multiple IP's on the NIC (virtual ip's).

It is unclear exactly what you intend, but in general
AD doesn't much care.

Windows machines cannot effectively place two
NICs on the same "broadcast domain" but can run
effectively in most cases (check for WINS server
first) with different NICs on different broadcast
domains.

Windows machines can easily have multiple IP
addresses on each NIC.

Does active directory support this?

It's not really an AD issue (even though I don't
really understand precisely what you intend, the
network is not really a concern of AD as long
as it works and is IP.)
[/QUOTE]

 

[Guest]

Basically we have our network subnetted off with vlans, but use AD for LDAP
authentication on our windows and unix boxen. We were hoping to trunk the
port the primary and backup domain controllers are on and assign multiple IP
addresses, so the servers do not need to go through the firewall in order to
authenticate to the AD server.

Assuming AD doesn't care, I guess we could test it and see.

It is unclear exactly what you intend, but in general
AD doesn't much care.

Windows machines cannot effectively place two
NICs on the same "broadcast domain" but can run
effectively in most cases (check for WINS server
first) with different NICs on different broadcast
domains.

Windows machines can easily have multiple IP
addresses on each NIC.


It's not really an AD issue (even though I don't
really understand precisely what you intend, the
network is not really a concern of AD as long
as it works and is IP.)

[/QUOTE]

 

[ptwilliams]

VLANs are fine. Just remember two things:

1. Each VLAN will need to be defined in sites and services as a subnet and
then joined to the appropriate site.
2. DCs and multiple NICs can be quite tricky. Avoid this if possible
(unless, of course, you know what you're up to then go for it -just check
DNS thoroughly).

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


Basically we have our network subnetted off with vlans, but use AD for LDAP
authentication on our windows and unix boxen. We were hoping to trunk the
port the primary and backup domain controllers are on and assign multiple IP
addresses, so the servers do not need to go through the firewall in order to
authenticate to the AD server.

Assuming AD doesn't care, I guess we could test it and see.

It is unclear exactly what you intend, but in general
AD doesn't much care.

Windows machines cannot effectively place two
NICs on the same "broadcast domain" but can run
effectively in most cases (check for WINS server
first) with different NICs on different broadcast
domains.

Windows machines can easily have multiple IP
addresses on each NIC.


It's not really an AD issue (even though I don't
really understand precisely what you intend, the
network is not really a concern of AD as long
as it works and is IP.)

[/QUOTE]

 

[edwardb]

As long as routing is working on your network with the IP protocol and
is working, AD does not care what method of routing or the medium it is
flowing over. Now to say that the network is not important is very
untrue, poor network performance or lots errors will eventually cause
you problems.
I have to ask, is the firewall your router?

Basically we have our network subnetted off with vlans, but use AD for LDAP
authentication on our windows and unix boxen. We were hoping to trunk the
port the primary and backup domain controllers are on and assign multiple IP
addresses, so the servers do not need to go through the firewall in order to
authenticate to the AD server.

Assuming AD doesn't care, I guess we could test it and see.

[/QUOTE]

 

[Herb Martin]

As long as routing is working on your network with the IP protocol and
is working, AD does not care what method of routing or the medium it is
flowing over. Now to say that the network is not important is very
untrue, poor network performance or lots errors will eventually cause
you problems.
I have to ask, is the firewall your router?

I agree with a couple of clarifications: as long as the
Latency is not excessive and the Error Rate is reasonably
low. The RPCs used by AD are unforgiving of both.

Even slow lines might be used as long as the above two
criteria are covered.