I have Cisco4503, with few VLANs configured. there are 4 windows 2003 servers in default vlan1, but other PCs are in different VLANs. So, i cann't log on windows domain from them. If I put them in VLAN1 it's working. Can they log on to domain from different VLAN? how?
yes, all servers are pingable, and PCs from different VLAN are pingable, and I can connect between them using start>run> \\\\ipaddress , but I don't see PCs from different VLAN in my netw. neigh., and cann't connect to domain from PC in different VLAN ... like it is passing some protocols, but some not
i can't forward protocol, IOS is not offering that command... there is helper-address on the list, but no ip forward-protocol.. ? is there some other command to forward protocols on VLAN interface?
Not that I know of. It's odd that the IOS doesn't have them because they're directly tied to the helper-address but it's ok in your case as I checked what protocols are automatically forwarded when an "ip helper-address" is configured and see that both "137" and "138" are done so 'browsing' of windows networks via the domain controller should be possible as well.
FYI, here's the whole list.of protocols forwarded by default when an "ip helper-address" is applied ...
.Trivial File Transfer Protocol (TFTP) (port 69) .Domain Naming System (port 53) .Time service (port 37) .NetBIOS Name Server (port 137) .NetBIOS Datagram Server (port 138) .Boot Protocol (BOOTP) client and server datagrams (ports 67 and 68) .TACACS service (port 49) .IEN-116 Name Service (port 42)
As much as MS would like to tell you that WINS is no longer needed, it is still best to configure it in a Windows domain. It will take care of your problem.
Set up WINS on your DC(s). Takes about 5 minutes. Don't worry about any fancy setups, the basic stuff will work fine for you.
Either add the WINs servers in the individual IP configs. Or add options 44 and 46 (set to 8) in your DHCP settings.
You didn't need it when you were in a single segment because broadcasts took care of the NETBIOS name resolution.
It is possible to configure the NETBIOS names in a table on each client machine, but that is ugly and inflexible.
The reason the helper address worked is that the NETBIOS is attempting to resolve the names via broadcast. The helper addresses forwards those messages.
firstly.. thank you Jim and BernieM for usefull info... you guys helped me a lot... i didn't try WINS, but i would because now I have another problem...
MCSE who was here configured 2 Ter. Servers and load balancing between them, he gave two ip addresses to every TS , and this other virtual address is not pingable from other vlan... i'm confused now ! so it seems that router is still blocking something, because you can reach TS when you put PC into his VLAN.
also, you can reach TS from any other VLAN using TS 'main' ip address, but then you don't have load balancing...
I'm just starting to learn 2003 server so i don't know much about it...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.