Creating a DHCP server, with a twist, need help

[Helly]

Ok so i've been trying this for a while now and i just can't figure it out. It seems simple when i think about it but i just can't get it to work at all.

 

I have my server, it has a 10Gbit network card (Asus PEB-10G/57840-2T) with 2 ports on it. I want to connect both my 2nd server and my PC to this card and have all 3 machines be able to access each other's shared folders. I think this is a pretty clear explanation of what i want, if its not ill put my paint skills to use :P.

 

My server with the 10G card is running windows server 2016. I have tried to install DHCP server on it and that worked as far as it giving IP's to the other machines but the "outside" machines can only talk to the server and not each other. I have tried to bridge the 2 ports on the 10G card but that ends up making the DHCP not working at all.

 

I installed Routing and Remote Services but i can't setup anything in that and it doesn't do anything at all on it's own it seems.

 

I installed Pfsense in a VM but i run into the same problem where i have to setup a DHCP on each connection and they can't reach each other. Plus i can't setup a connection to the host to create a network of all 3 PC's.

 

I just don't know what else to do, so i'm hoping someone else here knows how to set this up.... or just plain tell me it can't be done so i can stop trying.

 

PS. please don't tell me to buy a switch, i plan to but 10Gbit switches are a bit on the expensive side atm....

[AbsoluteFool]

As far as i know, and i could be wrong here. You can't access the two other machines because the DHCP server is not a router. So it cannot make two connected machines communicate. However, there might excist a way to make this happen. Not saying it's recomended but it should work.

 

Spin up a VM and install Pfsense then diable the DHCP for pfsense in exhange to use the windows server DHCP server instead. As far as i know Pfsense should handle 10G.

 

Another way i can think of, is using Pfsense in a wm with DHCP enabeled then just use the server as a "meeting point" if you know what i mean.

 

Otherwise you'd need a switch or router capable of handeling 10G. (As i said, i will not garantee that anything of this will work, or be recomended at all.)

[Helly]

Well to be absolutely clear here. The DHCP is not a must, i just installed it to see if it could do what i wanted. If there is another way of doing this without DHCP, by all means explain away. In the end i just want the 3 machines to be able to access each others shared folders. It doesn't need internet or anything else, just a separate network with 3 machines.

[beersykins]

Bridge the interfaces and they'll all be on the same network.  You could then assign statics or throw up a DHCP server.  Don't put a default gateway on the DHCP server leases or your pc might lose internet connectivity.  Without being bridged the interfaces will act as if they're each in their own individual network.

 

Make sure the IP space is different than your normal network.

[Helly]

40 minutes ago, beersykins said:

Bridge the interfaces and they'll all be on the same network.  You could then assign statics or throw up a DHCP server.  Don't put a default gateway on the DHCP server leases or your pc might lose internet connectivity.  Without being bridged the interfaces will act as if they're each in their own individual network.

 

Make sure the IP space is different than your normal network.

Tried it with DHCP, got no ip on either system. Tried it now with statics (couldn't believe i hadn't tried that), the 2 outside systems can reach the server but not each other. So this doesn't work unfortunately.

[beersykins]

1 hour ago, Helly said:

So this doesn't work unfortunately.

Purely a layer 8 issue.

[leadeater]

16 hours ago, beersykins said:

Purely a layer 8 issue.

lol 

[leadeater]

@Helly

It'll be far easier to use the 10Gb connections as direct links between each other then use the onboard 1Gb NICs as secondary connections that give access to the rest of the network and internet. Easy to setup and the way I do it, I could do routing etc etc but just easier to use 2 NICs.

 

Don't bother with DHCP on the 10Gb NICs either just use static.

[Helly]

45 minutes ago, leadeater said:

@Helly

It'll be far easier to use the 10Gb connections as direct links between each other then use the onboard 1Gb NICs as secondary connections that give access to the rest of the network and internet. Easy to setup and the way I do it, I could do routing etc etc but just easier to use 2 NICs.

 

Don't bother with DHCP on the 10Gb NICs either just use static.

hmmm k i feel like i should explain things a bit more clearer then.

 

I do NOT want or need access to the internet or any other network with the 10Gbit NICs. I already have that setup through the onboard NICs in the systems. This is a separate network that i want between the 3 systems. So i guess i named the topic completely wrong. Should just be "creating a separate network, with a twist", in that case then.

 

Also, if it wasn't clear already, i am by no means a networking expert. So a comment like "layer 8 issue", although funny, doesn't help cuz i already knew i was the problem, it's why i came here for help.

 

So thx for letting me know i am the problem, but what is the solution? Because i am literally doing what both of you suggested and it's not working...

 

 

[leadeater]

23 minutes ago, Helly said:

So thx for letting me know i am the problem, but what is the solution? Because i am literally doing what both of you suggested and it's not working...

Do all 3 computers have the same, or a, dual port 10Gb card? If the other two computers only have single port cards and you need 10Gb access between those two and not just to the main server then it'll be a bit more challenging.

 

I'll cover all computers having dual port cards each first since that is the easiest to setup and I hope that's what you have.

 

Server 1:

• NIC1 IP: 10.10.1.1 subnet mask 255.255.255.0
• NIC2 IP: 10.10.2.1 subnet mask 255.255.255.0

Server 2:

• NIC1 IP: 10.10.1.2 subnet mask 255.255.255.0
• NIC2 IP: 10.10.3.1 subnet mask 255.255.255.0

PC:

• NIC1 IP: 10.10.2.2 subnet mask 255.255.255.0
• NIC2 IP: 10.10.3.2 subent mask 255.255.255.0

 

This will create dedicated direct links between each computer and all will have 10Gb access to each other, no routing and static IPs. It's important that these links between each computer does not use the same subnet, it won't work otherwise, and none of them can overlap with your main 1Gb network.

 

Situation 2 if you only have single port 10Gb NICs in the other two computers will require routing, with the Routing and Remote Access role you already tried but there is a bit of configuration you have to do to make it actually work.

 

Server 1:

• NIC1 IP: 10.10.1.1 subnet mask 255.255.255.0
• NIC2 IP: 10.10.2.1 subnet mask 255.255.255.0

Server 2:

• NIC1 IP: 10.10.1.2 subnet mask 255.255.255.0

PC:

• NIC1 IP: 10.10.2.2 subnet mask 255.255.255.0

Then in RRAS you need to setup static routes from 10.10.1.0 to 10.10.1.1 and 10.10.2.0 to 10.10.2.1. Though that might not actually be required as direct connections are added to route tables by default, you need the RRAS role installed to allow routing and forward though that is a must.

 

 

Also are you aware of this switch? It's rather cheap, for a 10Gb switch.

https://www.asus.com/us/Networking/XG-U2008/

https://www.amazon.com/XG-U2008-Unmanaged-2-Port-8-Port-Gigabit/dp/B01LZMM7ZO/ref=sr_1_1?ie=UTF8&qid=1534155589&sr=8-1&keywords=xg-u2008&dpID=41d7-WKo19L&preST=_SX300_QL70_&dpSrc=srch

[Helly]

19 minutes ago, leadeater said:

Situation 2 if you only have single port 10Gb NICs in the other two computers will require routing, with the Routing and Remote Access role you already tried but there is a bit of configuration you have to do to make it actually work.

 

Server 1:

• NIC1 IP: 10.10.1.1 subnet mask 255.255.255.0
• NIC2 IP: 10.10.2.1 subnet mask 255.255.255.0

Server 2:

• NIC1 IP: 10.10.1.2 subnet mask 255.255.255.0

PC:

• NIC1 IP: 10.10.2.2 subnet mask 255.255.255.0

Then in RRAS you need to setup static routes from 10.10.1.0 to 10.10.1.1 and 10.10.2.0 to 10.10.2.1. Though that might not actually be required as direct connections are added to route tables by default, you need the RRAS role installed to allow routing and forward though that is a must.

The other systems only have a single port. So situation 2 is what will apply for me. Thanks for this, will try it and post the results.

 

20 minutes ago, leadeater said:

Also are you aware of this switch? It's rather cheap, for a 10Gb switch.

https://www.asus.com/us/Networking/XG-U2008/

https://www.amazon.com/XG-U2008-Unmanaged-2-Port-8-Port-Gigabit/dp/B01LZMM7ZO/ref=sr_1_1?ie=UTF8&qid=1534155589&sr=8-1&keywords=xg-u2008&dpID=41d7-WKo19L&preST=_SX300_QL70_&dpSrc=srch

Yes i am aware of this switch. It would be perfect if it didn't have only 2 10Gbit ports. Might be just me being stupid, which is entirely possible, but afaik you cant create a network between 3 systems with only 2 ports on a switch.

[leadeater]

2 minutes ago, Helly said:

Yes i am aware of this switch. It would be perfect if it didn't have only 2 10Gbit ports. Might be just me being stupid, which is entirely possible, but afaik you cant create a network between 3 systems with only 2 ports on a switch.

Correct, not all 3 at 10Gb. It's a nice switch and will work if you really only need two at 10Gb and multiple 1Gb clients accessing those 10Gb computers that can combine to 10Gb, individually 1Gb though. Used switches on ebay is probably best bet for more than 2 ports and less than $1k.

[Helly]

6 minutes ago, leadeater said:

Correct, not all 3 at 10Gb. It's a nice switch and will work if you really only need two at 10Gb and multiple 1Gb clients accessing those 10Gb computers that can combine to 10Gb, individually 1Gb though. Used switches on ebay is probably best bet for more than 2 ports and less than $1k.

actually atm the cheapest switch with more then 2 ports is the Netgear XS505M. 4 10Gbit ports. But its just a little to expensive for what i want to spend on this. I do keep an eye on it though and i will be buying one as soon as they get cheaper. For now, hopefully situation 2 will do.. if it works.

[Helly]

5 hours ago, leadeater said:

Situation 2 if you only have single port 10Gb NICs in the other two computers will require routing, with the Routing and Remote Access role you already tried but there is a bit of configuration you have to do to make it actually work.

 

Server 1:

• NIC1 IP: 10.10.1.1 subnet mask 255.255.255.0
• NIC2 IP: 10.10.2.1 subnet mask 255.255.255.0

Server 2:

• NIC1 IP: 10.10.1.2 subnet mask 255.255.255.0

PC:

• NIC1 IP: 10.10.2.2 subnet mask 255.255.255.0

Then in RRAS you need to setup static routes from 10.10.1.0 to 10.10.1.1 and 10.10.2.0 to 10.10.2.1. Though that might not actually be required as direct connections are added to route tables by default, you need the RRAS role installed to allow routing and forward though that is a must.

Tried this now, running into "layer 8" issues again unfortunately. Without doing anything in RRAS just pinging over the direct connections is working, same as before. Just not from server 2 to PC.

 

Cant figure out the static routes. Attached a screenshot of how i have it now. Which is wrong obviously. Can't set the network mask to 255.255.255.0 (no idea if it should be) because "the destination can't be more specific then the mask" (error i get). Gateway, no idea thought i'd just throw in the "from" IP there. Would appreciate some more input

[leadeater]

2 hours ago, Helly said:

Tried this now, running into "layer 8" issues again unfortunately. Without doing anything in RRAS just pinging over the direct connections is working, same as before. Just not from server 2 to PC.

 

Cant figure out the static routes. Attached a screenshot of how i have it now. Which is wrong obviously. Can't set the network mask to 255.255.255.0 (no idea if it should be) because "the destination can't be more specific then the mask" (error i get). Gateway, no idea thought i'd just throw in the "from" IP there. Would appreciate some more input

Check if forwarding is enabled.

 

Quote

1. Right-click Routing and Remote Access, and then click Properties.
2. On the IPv4 tab, select Enable IPv4 Forwarding, and then click OK to save your changes.

 

Also forgot to say make sure on server 2 the default gateway needs to be 10.10.1.1 and PC 10.10.2.1.

[Mikensan]

For static routes there's no real need to put the entire subnet since it's a single PC, be more specific.

 

Destination: 10.10.2.2 Subnet: 255.255.255.255 Gateway: 10.10.2.1

Destination: 10.10.1.2 Subnet: 255.255.255.255 Gateway: 10.10.1.1

 

Or if you do want /24, try setting Destination to 10.10.2.0 with a subnet of 255.255.255.0 instead of 10.10.2.1.

 

 

Also make sure the metric is 1, so it will use this route / gateway before anything else for those networks.

[AngryBeaver]

Well I showed up to say this looked like either a failure to install the routing function or a configuration of routing issue. Reading over the topic though it looks like they have given you good information.

[leadeater]

12 hours ago, Mikensan said:

Or if you do want /24, try setting Destination to 10.10.2.0 with a subnet of 255.255.255.0 instead of 10.10.2.1.

Good spotting, yea that dest IP for the route won't work at all, needs to be 10.10.2.0 not .1.

 

I kept all the examples at nice /24's just to keep it simple, personally I use /30 for p2p links or /31 if the device supports that.

[Helly]

You guys make it sound so easy, its making me feel dumb cuz i can't get it to work. Set everything up as you said, but still cant reach PC from server2.

 

21 hours ago, Mikensan said:

Destination: 10.10.2.2 Subnet: 255.255.255.255 Gateway: 10.10.2.1

Destination: 10.10.1.2 Subnet: 255.255.255.255 Gateway: 10.10.1.1

 

Or if you do want /24, try setting Destination to 10.10.2.0 with a subnet of 255.255.255.0 instead of 10.10.2.1.

 

Also make sure the metric is 1, so it will use this route / gateway before anything else for those networks.

Tried both ways. Neither works :(.

 

Another SS to show the settings, included the routing table since it shows the metric, but its not 1, so no idea if it helps anything but can't hurt to show it.

 

[Mikensan]

Are you sure the port 1 and port 2 under interfaces are correct? Have you tried swapping those?

 

Just to double check - you did set stat IP addresses for the two ports as 2.1 and 1.1 on the dual nic server correct?

[Mikensan]

From "SERVER" can you RDP to both your desktop and other server?

[Mikensan]

I've never setup Windows Server to act as a router before so I'm guessing about as much as you are lol - when you went through the wizard did you chose "LAN routing"? I kind of feel like there should be some NAT going on

 

I understand what should be done - but no idea "how" using windows.

[Helly]

The main server can reach both other systems. Each system can reach the server. The only thing not working is server 2 to PC.

 

Just now, Mikensan said:

when you went through the wizard did you chose "LAN routing"?

yes i did choose that.

 

What's a bit confusing to me is the routing itself. If you look back at the first SS i showed, the static routes were the other way around. So that's what i tried first.

As shown below Port 2 has ip "10.10.2.1" and port 1 has ip "10.10.1.1". It's the magic part that tells the packets coming from 10.10.1.2 to go to 10.10.2.2 that's completely unknown to me. I'm assuming that's was RRAS is suppose to do.

 

[Mikensan]

Oke doke so honestly you don't need static routes on "SERVER" because as soon as you set the IP addresses of the NICs the routes for /24 were added automatically. So go ahead and remove the static routes (sorry).

 

On your client PC's secondary nic with 10.10.2.2 - should have the gateway on that NIC set to 10.10.2.1 and you need to add a static route:

Route ADD 10.10.1.0 MASK 255.255.255.0 10.10.2.1 1

 

Opposite is true on your spoke/lonely server:

Route ADD 10.10.2.0 MASK 255.255.255.0 10.10.1.1

 

One thing also, disable the windows firewall on all 3 to remove any potential headaches.

 

 

**Correction, on your spoke/lonely server, since it only has 1 connection you don't need to add a route. Since you define a gateway in the IPv4 settings it will consider that the default route.

 

[Mikensan]

re-edited my above post like 4-5 times so may need to refresh if you were reading it earlier...