Server with NICs in different VLANs: Separation

Hi,

One question for the geniuses: I'm not sure if it's possible to do this
with windows. Could you please give me a hint?

There is a server (shared folders, proxy etc.) with a connection to the
WAN.
This server shall be connected to the LAN via two VLANs, either tagged
(one NIC/cable) or untagged (two NICs/cables).
Devices in one VLAN should not be able to see devices in the other VLAN.
But however from both VLANs access to the server shall be possible and
also via the server out to the WAN.

The server could be Windows SBS or a Linux.

I have yet found out that Windows does not natively support tagged VLANs,
apparently this has to be implemented in the NIC device drivers. But ok,
doesn't matter, I can choose the NICs accordingly.

But what I don't know yet is if I can keep the VLANs clearly seperated
even though common acces to the server and WAN.

Can you perhaps help me here? Is it possible to do this with a Win SBS?

cheers,
Jan

Although it ia a crappy idea, without a Router between them (the server is
not a router),...then yes,... they are separated.

But then you have to deal with all these possble issues...

159168 - Multiple Default Gateways Can Cause Connectivity Problems
http://support.microsoft.com/kb/159168/EN-US/

Name resolution and connectivity issues on a Routing and Remote Access
Server that also runs DNS or WINS
http://support.microsoft.com/kb/292822/en-us

272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default...b;en-us;272294

191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default...b;EN-US;191611

Microsoft Windows XP - Multihoming Considerations
http://www.microsoft.com/resources/d..._tcp_qpzj.asp?

157025 - Default Gateway Configuration for Multihomed Computers
http://support.microsoft.com/default...roduct=win2000



--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------



"Jan Lausch" <(E-Mail Removed)> wrote in message
news:Xns9C4064FE326Csjkajl@130.133.1.18...
> Hi,
>
> One question for the geniuses: I'm not sure if it's possible to do this
> with windows. Could you please give me a hint?
>
> There is a server (shared folders, proxy etc.) with a connection to the
> WAN.
> This server shall be connected to the LAN via two VLANs, either tagged
> (one NIC/cable) or untagged (two NICs/cables).
> Devices in one VLAN should not be able to see devices in the other VLAN.
> But however from both VLANs access to the server shall be possible and
> also via the server out to the WAN.
>
> The server could be Windows SBS or a Linux.
>
> I have yet found out that Windows does not natively support tagged VLANs,
> apparently this has to be implemented in the NIC device drivers. But ok,
> doesn't matter, I can choose the NICs accordingly.
>
> But what I don't know yet is if I can keep the VLANs clearly seperated
> even though common acces to the server and WAN.
>
> Can you perhaps help me here? Is it possible to do this with a Win SBS?
>
> cheers,
> Jan

Hi,

Thanks, Phillip, for your extensive help.

I see the point you're making, thanks for all the pointing to problems.
In fact, I will think about having a seperate router but for various
reasons it's likely that that's not going to be possible.

But thanks for now.

Jan

"Jan Lausch" <(E-Mail Removed)> wrote in message
news:Xns9C417A003981Csjkajl@130.133.1.18...
> Hi,
>
> Thanks, Phillip, for your extensive help.
>
> I see the point you're making, thanks for all the pointing to problems.
> In fact, I will think about having a seperate router but for various
> reasons it's likely that that's not going to be possible.
>
> But thanks for now.
>
> Jan

At least, forget about using SBS server. SBS is a special case and
designed to run as the first/only DC in a domain. It is most unsuitable to
run as a standalone router!

"Jan Lausch" <(E-Mail Removed)> wrote in message
news:Xns9C417A003981Csjkajl@130.133.1.18...
> I see the point you're making, thanks for all the pointing to problems.
> In fact, I will think about having a seperate router but for various
> reasons it's likely that that's not going to be possible.

If you watch out for the things outlined in those articals you can "get by".

If this SBS happens to be the Premium Edition you can use ISA on it as a
"router". ISA is designed as a Firewall but it is also able to serve as a
LAN Router as long as you don't want to get deep into Dynamic Routing
Protocols,...basically you'd just have Static Routing.

However if it is not the Premium Edition then you can't use ISA with it.
Why? Because of the SBS licensing and because it only works with ISA2000
(pre SP1) and ISA2004 (post SP1), and it must be installed from the ISA
installation on the SBS Premium Install Disks,..not from a standalone ISA
install disk,...by using the SBS installation Wizard. ISA2006 won't work at
all,...not compatible.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------