Add 2nd SBS server to same network with different IP scheme

[jeff]

I have an SBS 2003 server. I built an SBS 2008 server and would like to use this when the SBS 2003 finally goes.

I know I can't run two SBS servers on the same network, but can I setup the SBS 2008 on a different IP scheme and physically connect it to the same network as the SBS 2003?

My goal is to use a test workstation on the same ip scheme as the SBS 2008 so I can perform some tests without interferring with the current SBS 2003 network.

Is this doable?

 

[RimBlock]

Why not use different subnets. Put a router between the two if you need interconnectivity.

SBS 2003 on 192.168.1.XXX, SBS 2008 on 192.168.2.XXX. Router connected to 192.168.2.XXX with the WAN port connected to 192.168.1.XXX. Set the gateway on 192.168.2.XXX machines as the router 192.168.2.xxx address and you are good to do assuming you need interconnectivity between 192.168.1 and 192.168.2 subnets.

Of course the best idea is a completely separate non-connected network for testing before swapout to prod to replace the SBS 2003 server.

RB

 

[jeff]

The two networks do not need to see each other.
The current network SBS 2003 is on 192.168.1.xxx with cable modem and router.
I would like to connect the SBS 2008 using 192.168.2.xxx DHCP is disabled. The domain name is different also. I also need this network to have internet.

Can I do connect them to the same network without them conflicting? I don't want them to see each other.
And, can i configure it to have internet also. How would I configure a 2nd router then?

 

[PigLover]

You didn't specify your configuration. I will assume you have a simple layer-2 ethernet switch and a separate router?

Yes, you can run two independent subnets on the same Ethernet switch. Setup everything on the second subnet using "static" IP configuration (no DHCP, 192.168.2.x/24 subnet from your example above). Do not use DHCP or the DHCP server in your existing configuration will assign addresses in the "live" subnet. Then all of the machines on the secondary subnet will see each other but will not be able to communicate with the 'production' subnet.

Note that this is a very crude approach. It doesn't really create any kind of security boundary between the two subnets. Any machine on the LAN that wanted to listen in in or interfere with the alternate subnet could do it pretty easily by configuring a second address on their network interface. Presuming you have a relatively "trusted" set us users and are just testing it should work fine.

Getting these machines internet access depends on what you are using for a router. If you are using your typical home/SOHO POS router (the thing your ISP gave you or the D-LINK/Linksys/etc thingy from Frys or Best Buy) then you are probably out of luck. Most of them can't do anything outside the simple Single LAN/One Subnet/Single WAN configuration used for simple networks.

If, OTOH, you have any kind of "real" router, just set up the link facing your layer-2 switch to have addresses on both subnets (192.168.1.x and 192.168.2.x). Add a route so that both can see the WAN port with NAT and ensure that there is no "route" set up between the two subnets. Set the "default" route in the static configuration of each host on the secondary subnet to the address you gave to the router (mostly commonly 192.168.2.1).

 

[jeff]

This is a 10 workstation office with an SBS 2003 server which has exchange 2003.
Using a D-Link DES-1026G (24 port switch) and a Linksys WRT54GS router.
We do have trusted users so security is not an issue.
So, I plan to run the two independant subnets on the same ethernet switch.
New box is SBS 2008 with Exchange 2007.

I just learned the cable modem has a few static IP's so I can connect a 2nd router to the modem and I'll disable DHCP on the router.
I think this whole setup should work.

Do you see any issues with this setup or see anything I should take into consideration?

Thanks

 

[PigLover]

Should work just fine.

If you have to buy another router anyway, why not get a more capable router so that you can do more creative configurations in the future? The basic POS routers like the WRT54GS are pretty idiot proof - but also completely inflexible about having a single WAN-LAN relationship and a single NAT.

You don't even need to spend that much money on the router. You can get a Mikrotik RB750G (5 gigabit ports, highly configurable router) for about $60. Of course then you have to learn how to configure it, but once you do you'll be glad you did. Its a cheap way to start the learning curve from simplistic networking to more sophisticated things...

 

[RimBlock]

WRT54GS -> Switch -> Prod network (SBS 2003 as DNS / DHCP presumabily, gateway is internal IP for WRT54GS, DNS as IP for WHS 2003 server if it is running the DNS role).

WRT54GS -> Switch -> second routers WAN port -> Test network (SBS 2008 as DNS / DHCP , gateway is second router Test network IP, DNS as IP for WHS 2008 server if it is runnig the DNS role).

I do this at home to separate two DNS / DHCP servers that I need to run. Works fine but as PigLover mentions has little security. I have not setup remote access from the internet to the second subnet yet though so cannot confirm this will work easily / at all with consumer grade routers.

RB

 

[PigLover]

One more thought - since you are going to be testing MS services from SBS 2008 you might want to disable IPv6 on the machines on the second subnet. All recent windows systems come with IPv6 enabled by default - and even if your ISP/Router does not support it windows machines in the same "broadcast domain" will use IPv6 for windows services using the link local addresses.

The ghetto second subnet I described above runs on a single Ethernet with a single broadcast domain at layer-2, so leaving IPv6 enabled might cause some funny behavior.

Just unclicking IPv6 in the NIC driver properties is the easiest way. See here to disable using MS "fixya" scripts: http://support.microsoft.com/kb/929852. Simple Google will get you manual methods.