I'm helping a buddy of mine clean up his company's corporate network, and the most importan aspect I recommended was to divide into VLANs. Everything was on a flat address space (192.168.1.0/24) and obviously this presented many issues.
The entire network is based on UniFi hardware and Windows AD DCs acting as DHCP and DNS servers.
I've successfully separated IP cameras, printers, workshop machinery and devices and employee's mobile phones into their own VLANs. Different SSIDs for gust Wi-Fi is also in place.
Now, what's left are the Windows servers and client PCs. As I mentioned, there are two DCs acting as DHCP and DNS servers, currently offering IP addresses only to domain joined PCs, as every other device gets an IP directly form the USG. This is working perfectly fine although every computer in the domain can see every server when going to Network in Windows Explorer.
Both DCs have a scope setup in the 192.168.1.0 range. It's split up 80/20 so both are offering addresses. The same goes for the DNS Reverse Lookup Zones, each one has the 1.168.192.in-addr.arpa zone.
I created a new VLAN subnet in UniFi with 192.168.40.0/24 to place all client PCs there. DHCP was set to Relay pointing to the current servers.
My questions are:
- Should I create a new scope in the DHCP servers for the 192.168.40.1 space? Should I add a second Ethernet adapter to listen on the new scope?
- Should I also create a new primary zone in DNS for it?
I want the DCHP and DNS servers in 192.168.1.0 to serve all clients in 192.168.40.0.
Would this be OK or am I giving the wrong advice? It's been a while since I setup DHCP and DNS on Windows Servers.
Sorry if this is the wrong sub. Stay safe.
No comments:
Post a Comment