Network Infrastructure

Tutorials Win: Microsoft Windows Forum

Hi Guys,

Hope Im in the right group.

Im in a stage of fixing my network. This is my current setup.

1. I have an active directory server, which is mydomain.com, wherein
also my DNS and DHCP is located.
2. My subnet is 255.255.255.0

This is my idea.

1. Have these servers: (Need suggestions on these)

a. AD Server with DNS Server - is this a good practice?
b. DHCP Server with ISA Server - is this a good practice?

Other concern:

I want my network to have access limitations. Here is a scenario.

1. In our network, only managers can use their laptop to access our
network and internet. It can be wired or wireless. Unauthorized laptop
should or must not access our network. But from the way the network was
setup, they can access it through wire. I can filter the wireless using MAC
Address filter from the routers. But if they connect through wire and know
how to config TCP/IP they can easily access our network. Can this be
avoided through ISA? Is there a way to filter MAC Address through Active
Directory?

Hope you can help me on this.


Thanks in advance.

Allan
Top

Re: Network Infrastructure by Meinolf

Meinolf
Sat Mar 29 06:53:07 PDT 2008

Hello news.microsoft.com,

See inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hi Guys,
>
> Hope Im in the right group.
>
> Im in a stage of fixing my network. This is my current setup.
>
> 1. I have an active directory server, which is mydomain.com,
> wherein
> also my DNS and DHCP is located.
> 2. My subnet is 255.255.255.0
> This is my idea.
>
> 1. Have these servers: (Need suggestions on these)
>
> a. AD Server with DNS Server - is this a good practice?

Yes, but also think about redundancy for DNS/DC/Global Catalog with a second
server. Also i would place DHCP server on the DC

> b. DHCP Server with ISA Server - is this a good practice?

No, an ISA server should always do it's basic work and nothing else. Also
it should be running on a dedicated machine

> Other concern:
>
> I want my network to have access limitations. Here is a scenario.
>
> 1. In our network, only managers can use their laptop to access
> our network and internet. It can be wired or wireless. Unauthorized
> laptop should or must not access our network. But from the way the
> network was setup, they can access it through wire. I can filter the
> wireless using MAC Address filter from the routers. But if they
> connect through wire and know how to config TCP/IP they can easily
> access our network. Can this be avoided through ISA? Is there a way
> to filter MAC Address through Active Directory?

You can see if your switches allow port configuration and specify MAC addresses
for allowed connections.

You can not filter MAC address with GPo under 2000/2003.
In DHCP you can try Vendor classes:
http://technet2.microsoft.com/windowsserver/en/library/111527dc-1e28-4c25-ba20-67daeffa5d1b1033.mspx?mfr=true

In Windows Server 2008, you can configure your DHCP servers to call out to
a Network Policy Server (NPS) to authorize the DHCP leases. In NPS, you can
set policy to deny leases based on MAC address. One limitation is that this
doesn't scale well to a large number of MAC filters.


> Hope you can help me on this.
>
> Thanks in advance.
>
> Allan
>


Top