Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
1
Replies

PIX, Active Directory and VLANs

admin_2
Level 3
Level 3

‎06-01-2004 12:53 PM - edited ‎02-20-2020 11:25 PM

I have an AD network. I use our PIX to route between VLANs - each VLAN has a seperate interface. I plan on moving student PCs to the Student VLAN. The Domain Controller is on the default VLAN. If I allow the Domain service TCp and Domain service UPD from any box on the Stident VLAN to the Domain Contoller on the default VLAN will this work? Will the client boxes be able to logon to AD? Is this the best method or should I have a Domain Controller on the Student VLAN that replicates the the Domain Controller on the default VLAN? Any best practices would be appreciated.

Thnaks

0 Helpful
1 Reply 1

ehirsel
Level 6
Level 6

‎06-02-2004 09:47 AM

What do you mean by default vlan? Is that the switch management vlan, or vlan 1? Or is it the native vlan? If it is vlan 1 or the switch mgmt vlan, I would move the domain server onto another one, as cisco cat switches can have performance issues with devices on the mgmt. vlan during high traffic loads.

You can allow the student pcs to connect to the current domain controller by coding the proper acls - for active directory I believe that port 445 is used as well as ports 137-139 (tcp and udp). I am not sure about port 135, it may be needed too.

However it is best to have a seperate domain controller on the student vlan, to mitigate against some direct attacks by the student workstations directed towards domain services.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card