Can Server in between of Router and Switch?

October 1, 2010 at 05:31:31
Specs: Windows XP
I have this on my network:
1 Catalyst Switch 2600 (VLAN 1, VLAN 2)
1 Cisco 2800 router
1 Windows Server 2008(DHCP, DNS, FIREWALL,
1 Fedora
1 Sun

Router >> WS 2008>> Switch>> PC 1, PC 2

I need to make the WS 2008 to be in between of router and switch.
So that any outgoing and incoming message will have to pass WS 2008 first.
Is this possible?


See More: Can Server in between of Router and Switch?

Report •

#1
October 1, 2010 at 07:23:03
Sure it's possible, put two NIC's in the server and configure them appropriately. One NIC connects to the router, the other to the Switch.

There's probably an easier, or better, way to do what you want to do, if we knew what it is you're trying to accomplish with this server, we may be able to point you in a better direction.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
October 2, 2010 at 00:01:25
Thank you for your answer. I appreciate it.

What I'm going to do is:

IPv6 tunneling >>Router>> Windows Server 2008 >> Switch >> PC 1, PC 2, PC 3

Windows Server 2008 : DHCP, DNS, Firewall
Switch: Vlan 1 and Vlan 2
Vlan 1: PC 1 and PC 2
Vlan 2: PC 3

How many hours can finish doing this?

I'm really new to network.
I need guidance on doing this.



Report •

#3
October 2, 2010 at 05:13:56
As far as setup goes, I could probably have it all setup and configured in about 2 hours. This does not include installing the server and creating the AD domain and any other configuration on it. This is assuming it's already had that done and only needs to be plugged in and the NIC's configured.

What I was wondering and I guess didn't say very clearly was, why do you want to put the 2008 server in between the router and switch like that?

If you're going to be running a Windows Active Directory Integrated domain, it's not necessary that all traffic flow through the server like that. The only possible reason I could see for doing so would be to use it as a router but since you have a cisco 2800, you don't really need a windows server turned router.

Also, why are you using IPv6 at this point in time?

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Related Solutions

#4
October 2, 2010 at 06:26:45
Thanks Curt R for the reply.

Actually, this is a team project that given by our university.
They ask us to setup network that have several services such as
mail server, proxy server and I'm only responsible for network connection such as
DHCP, Routing, NAT, VLAN, IPv6 network and IPv6 tunneling.

For the concept of Router>> WS 2008 >> Switch>>PC, actually I'm also not sure
why because I just listen to other team to do like that to make make the server as main server that provide firewall, dhcp, dns.

So I get confused. Which is correct way. Maybe you can help me to understand better by looking at what they ask to do..

http://img201.imageshack.us/i/bengk...

and my logical design plan... http://img824.imageshack.us/i/logic...

hope you guide me to make my brain moving because i'm stuck right now..



Report •

#5
October 4, 2010 at 05:58:00
For the concept of Router>> WS 2008 >> Switch>>PC, actually I'm also not sure why because I just listen to other team to do like that to make make the server as main server that provide firewall, dhcp, dns.

Ok, that's what I figured. Personally, I wouldn't rely on the server for your firewall. I would use a firewall appliance, or more likely in my case, teamed (redundant) OpenBSD (UNIX) servers with failover running the pf filter. I would also use them to do the routing. If I were setting this up, it would look as follows:

External >> Router/Firewall >> Switch >> Server & Clients

With this setup the server which will be a Domain Controller (DC) if you make it an AD (active directory) integrated domain. With a DC, you don't want to run any more services on it than you have to and the added load of handling all traffic in this scenario, plus doing the firewall, would slow everything else down on the DC. Your DC should only be doing DNS and DHCP. For redundancy sake, you should have a second (redundant) DC in your network. If you require a mail server, that should run on another, separate, server just like the firewall and NAT should be done on any server not a DC.

I see several things in this assignment that annoy me. Why is it instructors insist on giving out such unrealistic assignments?

Nobody is using IPv6 yet. Yes, the day will come for it, but for now everyone is still using IPv4 and that's what you should be using for this assignment.

Just a quick overview of your assignment tells me you have several single points of failure. You have a single router and a single server acting as the firewall through which all traffic passes. If your server dies, no domain client can logon to the domain and external traffic stops flowing. If the router dies, all external traffic stops.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#6
October 10, 2010 at 21:53:31
i have same prob there...

because server between router and switch...

the intervlan i create at router not functionally...

that means...

only client in vlan 1 get the ip address from server...

pc in vlan 2 cannot get ip from dhcp server

can anyone help ???


Report •

Ask Question