Need some advice on learning networking

Re: Need some advice on learning networking

I finally got my velco strips. Project is complete. Not bad for the first time. Could have been better. Could have been worse. I learned a lot.



cable management.jpg

Re: Need some advice on learning networking

One quick note: Ever since installing Cisco's Catalyst switch, I noticed the network was taking longer than normal to come up. Well, longer than I was used to. When a port would go from down to up, it was taking a long time. That's a problem.

Sometimes I would have to wait 30 seconds to be able to access the internet or a file on the network.


I suspected that Spanning Tree was the the problem. Spanning Tree is a great thing. If we have parallel paths, it will block one of the paths and prevent a loop. No one wants a network loop. But we really don't need spanning tree if it's an access port. There's only one device on an access port and we don't have to worry about a loop.

So, I went to global configuration and enabled Port Fast and that solved the problem.

Re: Need some advice on learning networking

I just finished installing 160GB of memory in my new server.

Re: Need some advice on learning networking

So that's now 192 GB of RAM? That will get you a few powerful VM's or many standard workload systems. Get a start with the 1 TB of storage you have onboard and then build from there. Enjoy it.

Re: Need some advice on learning networking

Yep, that's right.

Without your help, I wouldn't doing any of this. I really can't thank you enough. Cheers.

Re: Need some advice on learning networking

Here at the office, I have 2 physical servers. I have my main 2019 server running DNS/ Active Directory and then I have ESXI running on the second server.

I don't want any single point of failure on my network if it can be avoided. I had only a single DNS server and if it went down, there was no way to resolve a hostname to an IP address.

With my new virtual server, I spun up another 2019 server and set up a secondary DNS server. I had to do my homework to fully understand how a secondary DNS server functions.


For starters, this is a Read Only copy of the DNS records from my primary DNS server. No changes can be made on the secondary. If changes are made on the primary, it will be copied to the secondary.

Once I had the secondary DNS server set up and working, I needed to go to my DHCP server and enter a secondary DNS server.

After that, I went to a Windows 10 PC on the network and ensured that DHCP was giving out the secondary DNS server address. It was.

Next I shut down the primary server. I then went back to the Windows 10 machine and tried to get out to the internet. I successfully pinged google.com.

Beautiful.

Re: Need some advice on learning networking

My project for today is to add an additional domain controller to an existing domain. The reasons for doing this are:


a.) Fault Tolerance
b.) Load Balancing in Active Directory


Wish me luck.

Re: Need some advice on learning networking

The only thing to remember with a virtual domain controller, which they should all be, is to turn off any time sync features where the VM pulls time from the host machine.

It's much simpler to add additional domain controllers than it used to be: build your server and add the domain controller role. In ye olde days, there was a whole convoluted process for adding and enrolling them that's now long gone.

In terms of resources, other than maybe around 80 GB for the drive and 4 GB of RAM there isn't anything you really need for a system that's only running as a DC.

When you get to the point of dumping your physical DC, you'll need to make sure that all of the FSMO roles are transferred to one of your in place DC's: Transfer or seize FSMO roles - Windows Server | Microsoft Docs

You may also want to play around with the role of read-only domain controllers. These are usually for branch offices or locations where you may not want, or need,a full-fledged DC onsite.

I'll be going through this in a few months when I retire our Server 2012 R2 domain controllers.

Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

rthonpm,


I need some advice.

I added an additional domain controller to my existing domain and to test it out, I shut down the primary domain. I encountered a problem that I didn't anticipate. (I had by head up my butt...I should have seen this problem coming.)


Problem. I have DHCP running on my primary domain. So, when the primary is down, no PC can get a DHCP address and every PC must be configured with a a static IP address in order to access any services.


I did a little homework and I'm pretty excited to set this up, but before I do, I wanted to check in with you.


My understanding is that best practice is:

1. Use DHCP Failover
2. Central vs Distributed DHCP Server
3. Avoid static IP assignments and use DHCP reservations
4. Exclude IPs from the DHCP scope
5. Learn PowerShell DHCP Commands
6. Subnetting and benefits of network segmentation
7. DHCP Lease Duration Tips
8. Use IP conflict detection only when it is needed
9. Run DHCP Best Practice Analyzer
10. Document IP addresses or us an IPAM
11. Set DHCP Server Options
12. Use DHCP Relay Agents
13. Prevent Rogue DHCP Servers
14. Backup DHCP Server
15. DHCP MAC Address Filtering

What I'm most interested in is configuring DHCP on 2 separate servers and using one as a failover. I want DHCP off the domain controller.

Thoughts/Advice?

Re: Need some advice on learning networking

Something that I have learned over the years.Static IP are alright as long as you register them with the DHCP server. In fact can sometimes be to your advantage. If the DHCP goes down over night, PCs that are not "always on" with static IP can still access other static IP devices like servers, printers and the internet.

Re: Need some advice on learning networking

You can have DHCP on a domain controller and it's very common in many environments as it is an infrastructure service. The only accounts which should have access to remote or interactive logins to any DC should be your Domain Admins, and in a multiple domain trust environment, your Enterprise Admins. NEVER grant a service account or any application account domain Admin rights, and if the vendor says they need it, tell them where to stuff it.

When configuring it on a DC, I'll also configure DHCP failover on a secondary DC, or secondary DNS server (I have a few customers with Server Essentials for their DC, which doesn't allow for additional domain controllers, so as a workaround I'll set up just a secondary DNS server to allow for network connectivity for DC reboots).
What is DHCP Failover? | Microsoft Docs

As much as Windows licenses cost and the miniscule resources needed for DHCP, why waste a server dedicated to it? In an enterprise environment with thousands of endpoints or subnets, it makes sense, but in the SMB market where you're dealing with a fairly flat network structure, you're bleeding your customers.



Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking


Here's the reason that I read about. It makes sense to me but take that with a grain of salt. I'll defer to your knowledge and experience.

Re: Need some advice on learning networking

The number of times I've come across a DHCP related issue that required the reboot of a DHCP server is zero. The number of issues requiring a restart of the DHCP server service? Several.

I've run into more issues requiring a restart of a domain controller for AD issues than anything related to DHCP or DNS.

The article also conveniently ignores guidance from Microsoft going all the way back to Server 2003, when running DHCP on a DC was first supported: Using DNS servers with DHCP: Dynamic Host Configuration Protocol (DHCP) | Microsoft Docs

See the section Securing records when using the DnsUpdateProxy group on how to segment the DHCP server service from using the Network Service account of the DC and the changes required in DNS to make things work.


Sent from my BlackBerry using Tapatalk

Re: Need some advice on learning networking

I got called out for a printer that some computer in one section at a major account could not print to. When I got there I quickly found out that the one that could not print were the one that had been turned off over night. I immediate checked to see if I was getting DHCP and found out it was down. Called the receptionist to contact their in house IT so I tell him what I found. She called me back to say he was too busy trying to determine which needed to be replaced, he had been working on it 5 hours already. She apparently also called the corporate IT is Portland Oregon because he called me about a minute later. I told him I thought that the DHCP was down. He said he would check it. Seconds later it was back up as he came in remotely and restarted the service.

Re: Need some advice on learning networking

Exactly the kind of thing I've seen: restarting the service is a much more common resolution compared to the entire server.

Sent from my BlackBerry using Tapatalk