Server 2012 lab - VMWare Fusion 5 - vlans etc
chrsjcb
Member Posts: 8 ■□□□□□□□□□
Setting up a lab (first one ever) for the server 2012 exams, using VMWare fusion 5 (now has a virtual network editor).
Currently have:
1 x Server 2012 DC running AD/DS, DNS and acting as a DHCP server.
1 x Windows 8 machine.
I have two networks, one which is NAT'ed 192.168.63.0, I have this interface connected to my DC only to allow it to connect to the internet.
The other is a separate Vlan - 172.64.12.0 which the windows 8 machine has as it's interface.
The domain controller is setup to distribute DHCP addresses within the scope of 172.64.12.10 - 254, my clients successfully get an address from this scope, i am able to join them to the domain and connectivity within the internal vlan is fine.
My issue is that I don't know what to set my clients gateway to, the only devices in my internal vlan is one of the DC's NIC's and that one client. I also don't really want to use my DC as the gateway as that isn't best practice.
I want to keep my DC and clients separated from my home network and just allow them access out to the internet.
I'm a bit of a noob to this as you can tell, and i've spent the last 2 nights un til the early hours trying to figure it out / googling everything i can think of. Any help would be appreciated.
Thanks,
Chris
Currently have:
1 x Server 2012 DC running AD/DS, DNS and acting as a DHCP server.
1 x Windows 8 machine.
I have two networks, one which is NAT'ed 192.168.63.0, I have this interface connected to my DC only to allow it to connect to the internet.
The other is a separate Vlan - 172.64.12.0 which the windows 8 machine has as it's interface.
The domain controller is setup to distribute DHCP addresses within the scope of 172.64.12.10 - 254, my clients successfully get an address from this scope, i am able to join them to the domain and connectivity within the internal vlan is fine.
My issue is that I don't know what to set my clients gateway to, the only devices in my internal vlan is one of the DC's NIC's and that one client. I also don't really want to use my DC as the gateway as that isn't best practice.
I want to keep my DC and clients separated from my home network and just allow them access out to the internet.
I'm a bit of a noob to this as you can tell, and i've spent the last 2 nights un til the early hours trying to figure it out / googling everything i can think of. Any help would be appreciated.
Thanks,
Chris
Comments
-
chrsjcb Member Posts: 8 ■□□□□□□□□□I think I may be able to get what I want by bridging the two network adapters on the Domain Controller so that the clients can use the DC as their gateway as it will go through the NAT'ed interface when it can't resolve the addresses locally?
-
tbgree00 Member Posts: 553 ■■■■□□□□□□I use workstation 9 for my lab and haven't found a good reason to give server 2012 access to the internet. May I ask what you need from the internet?
That said in the virtual network editor you can look at the built in DHCP range VMware would hand out on your NAT vSwitch if you had DHCP turned on and try setting your gateway to that. You may be able to set the gateway there. For instance the Subnet IP is 192.168.91.0 and it has the gateway as 192.168.91.2. I set a static IP in that range and the .2 as the gateway on the second nic and was able to ping out to google.
Also it's a lab so best practices aren't really a big deal to me. If you're setting up something to test before rolling live that's different but to study a cert I just do whatever.I finally started that blog - www.thomgreene.com -
chrsjcb Member Posts: 8 ■□□□□□□□□□As of yet, nothing, and I guess I might not need it at all. I was trying to simulate something close to a production environment, where client machines would be able to access the internet.
I think I follow you, so you're saying I should try setting the gateway on my internal network to the same address that my NAT network uses?
They're on different networks though, I don't think my internal 172 network would be able to see a gateway on the 192 network?
I could probably get by without internet access on the clients but it's the fact that I can't get it to work and it must be possible that it's annoying me.
I've even had a quick read over RRAS to setup a route between the internal NIC and the exteral NIC on the DC, then I could set the gateway on the clients as the DC's IP. -
tbgree00 Member Posts: 553 ■■■■□□□□□□I had two NICs set up on my 2012 vm. One was in the 192.168.222.X network and that was my internal only subnet. No routes to the internet, etc.
I set a second nic in the NAT network from network editor. That network came out of box with the 192.168.91.X network. So one of my NICs on the vm was in the .222.X and then the other was in the .91.X. I then was able to ping out, etc. I likely wouldn't do that in production but it was my quick and dirty pre-coffee trial to give you a work around.
I would do a second nic in the same virtual network on the Win8 client so they could talk in both. I don't have any real networking knowledge beyond N+ level so setting up vlan and splitting traffic is above my paygrade for now. Typically if I need to get to the internet for something I switch the network on the vNIC to NAT or Bridged, otherwise I keep them walled off. You can practice pretty much everything short of DirectAccess on the same internal subnet as far as my labs have been concerned.I finally started that blog - www.thomgreene.com -
chrsjcb Member Posts: 8 ■□□□□□□□□□No worries, thanks for that, I guess if I wanted the windows 8 client to connect to the internet I could just add a second NIC in the NAT'ed subnet and that would work.
I think I was trying to accomplish something close to production, when im running it in an environment which is far from that.
Realising internet access isn't too important in a lab has put me at ease, I can always set it up if needed.
Thanks for your help, nugget videos it is tonight.. -
tbgree00 Member Posts: 553 ■■■■□□□□□□Are you doing the 410? I really like learning from James Conrad though I'm glad they include a double speed plugin though...
Most of the labs they show are internal network only. Having a client and two server machines should be enough to do the majority of what they show you. I'm not sure about your background but they are pushing PowerShell from everything I've heard in the 417 series and the book I bought so pay attention to the syntax of that if you've never seen it.I finally started that blog - www.thomgreene.com