Jump to content

Network Infrastructure

Guest Allan M. Grafil

By Guest Allan M. Grafil
in Windows 2003 Server

 Share

Recommended Posts

Guest Allan M. Grafil

Guest Allan M. Grafil

Posted
Posted

Hi Guys,

 

Hope Im in the right group.

 

Im in a stage of fixing my network. This is my current setup.

 

1. I have an active directory server, which is mydomain.com, wherein

also my DNS and DHCP is located.

2. My subnet is 255.255.255.0

 

This is my idea.

 

1. Have these servers: (Need suggestions on these)

 

a. AD Server with DNS Server - is this a good practice?

b. DHCP Server with ISA Server - is this a good practice?

 

Other concern:

 

I want my network to have access limitations. Here is a scenario.

 

1. In our network, only managers can use their laptop to access our

network and internet. It can be wired or wireless. Unauthorized laptop

should or must not access our network. But from the way the network was

setup, they can access it through wire. I can filter the wireless using MAC

Address filter from the routers. But if they connect through wire and know

how to config TCP/IP they can easily access our network. Can this be

avoided through ISA? Is there a way to filter MAC Address through Active

Directory?

 

Hope you can help me on this.

 

 

Thanks in advance.

 

Allan

  • Replies 5
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Bill Grant

Guest Bill Grant

Posted
Posted

Re: Network Infrastructure

 

I would put the DHCP server with the DNS server on a DC, rather than with

ISA.

 

I don't think that ISA server is what you need here. It is designed to

control how your LAN machines access the Internet, not what happens on the

LAN.

 

You appear to be searching for a way to control unauthorised access to

your LAN, but none of the methods you suggest will do that. DHCP is designed

to make it easier for machines to get on to the network, not make it harder.

The users would not need to know how to configure the tcp/ip settings. DHCP

would do it for them. That is what it is for!

 

There is no way to control this through Active Directory. DHCP is a very

simple minded process. The client machine broadcasts on the LAN and the DHCP

server replies with an offer. Active directory is not involved. Trying to

keep people off your network using DHCP reservations or MAC filtering is not

the way to go.

 

 

"Allan M. Grafil" <agrafil@hotmail.com> wrote in message

news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...

> Hi Guys,

>

> Hope Im in the right group.

>

> Im in a stage of fixing my network. This is my current setup.

>

> 1. I have an active directory server, which is mydomain.com, wherein

> also my DNS and DHCP is located.

> 2. My subnet is 255.255.255.0

>

> This is my idea.

>

> 1. Have these servers: (Need suggestions on these)

>

> a. AD Server with DNS Server - is this a good practice?

> b. DHCP Server with ISA Server - is this a good practice?

>

> Other concern:

>

> I want my network to have access limitations. Here is a scenario.

>

> 1. In our network, only managers can use their laptop to access our

> network and internet. It can be wired or wireless. Unauthorized laptop

> should or must not access our network. But from the way the network was

> setup, they can access it through wire. I can filter the wireless using

> MAC

> Address filter from the routers. But if they connect through wire and

> know

> how to config TCP/IP they can easily access our network. Can this be

> avoided through ISA? Is there a way to filter MAC Address through Active

> Directory?

>

> Hope you can help me on this.

>

>

> Thanks in advance.

>

> Allan

>

>

Guest Craig

Guest Craig

Posted
Posted

Re: Network Infrastructure

 

When you say you do not want them to be on the network, what do you

mean? What is it you are trying to stop? anyone can plug the cable in

a change the IP address to match the network.

 

 

In article <uoT2v0ljIHA.3940@TK2MSFTNGP05.phx.gbl> "Bill

Grant"<not.available@online> wrote:

> I would put the DHCP server with the DNS server on a DC, rather

> than with ISA.

> I don't think that ISA server is what you need here. It is

> designed to control how your LAN machines access the Internet, not

> what happens on the LAN.

> You appear to be searching for a way to control unauthorised

> access to your LAN, but none of the methods you suggest will do that.

> DHCP is designed to make it easier for machines to get on to the

> network, not make it harder. The users would not need to know how to

> configure the tcp/ip settings. DHCP would do it for them. That is

> what it is for!

> There is no way to control this through Active Directory. DHCP is

> a very simple minded process. The client machine broadcasts on the

> LAN and the DHCP server replies with an offer. Active directory is

> not involved. Trying to keep people off your network using DHCP

> reservations or MAC filtering is not the way to go.

> "Allan M. Grafil" <agrafil@hotmail.com> wrote in message

> news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...

>> Hi Guys,

>> Hope Im in the right group.

>> Im in a stage of fixing my network. This is my current setup.

>> 1. I have an active directory server, which is mydomain.com,

>> wherein also my DNS and DHCP is located.

>> 2. My subnet is 255.255.255.0

>> This is my idea.

>> 1. Have these servers: (Need suggestions on these)

>> a. AD Server with DNS Server - is this a good practice?

>> b. DHCP Server with ISA Server - is this a good practice?

>> Other concern:

>> I want my network to have access limitations. Here is a scenario.

>> 1. In our network, only managers can use their laptop to access

>> our network and internet. It can be wired or wireless. Unauthorized

>> laptop should or must not access our network. But from the way the

>> network was setup, they can access it through wire. I can filter

>> the wireless using MAC

>> Address filter from the routers. But if they connect through wire

>> and know

>> how to config TCP/IP they can easily access our network. Can this

>> be avoided through ISA? Is there a way to filter MAC Address

>> through Active Directory?

>> Hope you can help me on this.

>> Thanks in advance.

>> Allan

 

 

 

 

--

I'm trying a new usenet client for Mac, Nemo OS X.

You can download it at http://www.malcom-mac.com/nemo

Guest Paul Weterings

Guest Paul Weterings

Posted
Posted

Re: Network Infrastructure

 

 

This is what I understand the question to be:

 

"I want to restrict rogue systems to have access to servers on my

network, only systems that I allow to have access should be able to

'logon to the network'."

 

This can be done through IPSec policies in combination with Group

policies, but it's too much to explain in a simple E-Mail, hit the

books! It is discussed in the 70-291 exam and even more detailed in the

70-293 MCSE exam.

 

 

/ ) Regards,

/ /_________

_|__|__) Paul Weterings

/ (O_) http://www.servercare.nl

__/ (O_)

____(O_)

 

 

Craig wrote:

> When you say you do not want them to be on the network, what do you

> mean? What is it you are trying to stop? anyone can plug the cable in

> a change the IP address to match the network.

>

>

> In article <uoT2v0ljIHA.3940@TK2MSFTNGP05.phx.gbl> "Bill

> Grant"<not.available@online> wrote:

>> I would put the DHCP server with the DNS server on a DC, rather

>> than with ISA.

>

>> I don't think that ISA server is what you need here. It is

>> designed to control how your LAN machines access the Internet, not

>> what happens on the LAN.

>

>> You appear to be searching for a way to control unauthorised

>> access to your LAN, but none of the methods you suggest will do that.

>> DHCP is designed to make it easier for machines to get on to the

>> network, not make it harder. The users would not need to know how to

>> configure the tcp/ip settings. DHCP would do it for them. That is

>> what it is for!

>

>> There is no way to control this through Active Directory. DHCP is

>> a very simple minded process. The client machine broadcasts on the

>> LAN and the DHCP server replies with an offer. Active directory is

>> not involved. Trying to keep people off your network using DHCP

>> reservations or MAC filtering is not the way to go.

>

>> "Allan M. Grafil" <agrafil@hotmail.com> wrote in message

>> news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...

>>> Hi Guys,

>

>>> Hope Im in the right group.

>

>>> Im in a stage of fixing my network. This is my current setup.

>

>>> 1. I have an active directory server, which is mydomain.com,

>>> wherein also my DNS and DHCP is located.

>>> 2. My subnet is 255.255.255.0

>

>>> This is my idea.

>

>>> 1. Have these servers: (Need suggestions on these)

>

>>> a. AD Server with DNS Server - is this a good practice?

>>> b. DHCP Server with ISA Server - is this a good practice?

>

>>> Other concern:

>

>>> I want my network to have access limitations. Here is a scenario.

>

>>> 1. In our network, only managers can use their laptop to access

>>> our network and internet. It can be wired or wireless. Unauthorized

>>> laptop should or must not access our network. But from the way the

>>> network was setup, they can access it through wire. I can filter

>>> the wireless using MAC

>>> Address filter from the routers. But if they connect through wire

>>> and know

>>> how to config TCP/IP they can easily access our network. Can this

>>> be avoided through ISA? Is there a way to filter MAC Address

>>> through Active Directory?

>

>>> Hope you can help me on this.

>

>>> Thanks in advance.

>

>>> Allan

>

>

>

>

>

Guest JohnB

Guest JohnB

Posted
Posted

Re: Network Infrastructure

 

You can easily create a rule in ISA server to prevent some users from

accessing the internet, just create an OU in AD and select that when you

create the rule in ISA server.

 

On the other part of your question; why would you want to prevent some users

from accessing your LAN (as you say "our network")?

 

 

 

 

"Allan M. Grafil" <agrafil@hotmail.com> wrote in message

news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...

> Hi Guys,

>

> Hope Im in the right group.

>

> Im in a stage of fixing my network. This is my current setup.

>

> 1. I have an active directory server, which is mydomain.com, wherein

> also my DNS and DHCP is located.

> 2. My subnet is 255.255.255.0

>

> This is my idea.

>

> 1. Have these servers: (Need suggestions on these)

>

> a. AD Server with DNS Server - is this a good practice?

> b. DHCP Server with ISA Server - is this a good practice?

>

> Other concern:

>

> I want my network to have access limitations. Here is a scenario.

>

> 1. In our network, only managers can use their laptop to access our

> network and internet. It can be wired or wireless. Unauthorized laptop

> should or must not access our network. But from the way the network was

> setup, they can access it through wire. I can filter the wireless using

> MAC

> Address filter from the routers. But if they connect through wire and

> know

> how to config TCP/IP they can easily access our network. Can this be

> avoided through ISA? Is there a way to filter MAC Address through Active

> Directory?

>

> Hope you can help me on this.

>

>

> Thanks in advance.

>

> Allan

>

>

Guest Allan M. Grafil

Guest Allan M. Grafil

Posted
Posted

Re: Network Infrastructure

 

Hi guys,

 

Thanks for your reply.

 

I'm sorry if my query confuses you. Just to explain further:

 

1. SERVERS (NEEDED)

 

- AD with DNS with DHCP Server - Need for authentication/DNS

resolution and IP traffic

- ISA for proxy server

 

* I'll be taking your suggestion here BILL.

 

2. SECURING my Network

 

Based from your some replies the servers mentioned above will not

answer my query and I think I'll follow PAUL on this..HIT the BOOKS :).

Thanks guys this is a big help.

 

If there are other suggestions still post your message, it will still be a

big help.

 

 

CHEERS,

 

Allan

 

"Allan M. Grafil" <agrafil@hotmail.com> wrote in message

news:%23vv9tFljIHA.4940@TK2MSFTNGP02.phx.gbl...

> Hi Guys,

>

> Hope Im in the right group.

>

> Im in a stage of fixing my network. This is my current setup.

>

> 1. I have an active directory server, which is mydomain.com, wherein

> also my DNS and DHCP is located.

> 2. My subnet is 255.255.255.0

>

> This is my idea.

>

> 1. Have these servers: (Need suggestions on these)

>

> a. AD Server with DNS Server - is this a good practice?

> b. DHCP Server with ISA Server - is this a good practice?

>

> Other concern:

>

> I want my network to have access limitations. Here is a scenario.

>

> 1. In our network, only managers can use their laptop to access our

> network and internet. It can be wired or wireless. Unauthorized laptop

> should or must not access our network. But from the way the network was

> setup, they can access it through wire. I can filter the wireless using

> MAC

> Address filter from the routers. But if they connect through wire and

> know

> how to config TCP/IP they can easily access our network. Can this be

> avoided through ISA? Is there a way to filter MAC Address through Active

> Directory?

>

> Hope you can help me on this.

>

>

> Thanks in advance.

>

> Allan

>

>

 Share
Go to topic listing
×
×
  • Create New...