PDA

View Full Version : Installing, Configuring, Managing, Monitoring, and Troubleshooting Protocols in W2K



sejwaldeepak
November 4th, 2005, 12:25 PM
Installing, Configuring, Managing, Monitoring, and Troubleshooting Protocols in a Windows 2000 Network Infrastructure

NetBEUI
· Almost no longer in use.
· Communicate via broadcast.
· No configuration at all - very easy to use.
· Cannot pass through a router.
· Good for very SMALL peer to peer network.
· You may need it for backward compatibility with early non-Windows 2000 clients.
NWLink/Client Software
· NWLINK is Microsoft’s implementation of NetWare protocols.
· "Represents" IPX, SPX, RIPX, and NBIPX.
· Almost completely auto configuring with its AutoDetect features, unless that the incorrect frame type is detected and used.
· You can manually reset the frame types for an adapter.
· Netware 5 natively supports IP, but one of the client software solutions below is required depending on the need to be filled
o Client Services for NetWare (CSNW) - Allows Windows 2000 clients to connect directly to NetWare shares, without needing a Netware Client32.
o Gateway Services for NetWare (GSNW) - Allows Windows 2000 clients to connect to Netware shares via a gateway set up on a Windows 2000 server, without needing a native Netware client.
o File and Print Services for NetWare (FPNW) - Provides the ability for NetWare clients to access Windows 2000 network shares including printers. The Microsoft Directory Synchronization Services and the File Migration Utility (FMU) help to synchronize AD with NDS as well as migrate from NDS to AD and migrate a Netware file system to Windows 2000.
o Client32 is Novell's client software used to allow Windows based computers to access Novell servers. If you wish to connect the clients to Netware servers via TCP/IP, this is the option that must be used.
Appletalk
· If you have MAC clients, you will still need Appletalk.
· You cannot use Appletalk as the primary protocol on the network.
TCP/IP
· Its Application layer corresponds to the OSI model’s Application and Presentation layers.
· Its Transport layer corresponds to the Session and Transport layers of the OSI model.
· Its Internet layer corresponds to the Networking layer of the OSI model.
· Its TCP/IP model’s Network Interface layer corresponds to the Data Link and Physical layers of the OSI model.
· Public addresses are assigned by an entity designated by the Internet Corporation for Assigning Names and Numbers.
· Three ranges are reserved for private addressing and not available as registered addresses on the Internet
TCP/IP Configuration
· Minimum addressing requirements associated with the installation of TCP/IP includes the IP address and the Subnet Mask
· Automatic Private IP Addressing APIPA will set an unique IP address for the adaptor should DHCP fails.
· APIPA is recommended for small networks with no DHCP service available.
· Keep in mind that the host portion of an IP address must be unique to a specific host on the network.
· TCP/IP filtering can be used to specifically permit or deny TCP/IP traffic, based on IP Protocol, TCP Port number and UDP Port number.
· IPSec can be implemented in a Windows 2000 network to provide cryptography-based security for IP traffic.
IP Addressing
· Class A
o /8 Prefixes
o 24-bit host-number
· Class B
o /16 Prefixes
o 16-bit host-number
· Class C
o /24 Prefixes
o 8-bit host-number
IP Subnet Mask
· Subnetting is used to control network traffic in a sense that it segments the broadcast domain into smaller independent segments.
· Classfull addressing follows the Class A B C rules.
o Class A - 255.0.0.0
o Class B - 255.255.0.0
o Class C - 255.255.255.0
· Classless addressing breaks the limitation – Variable length subnet mask VLSM.
· When planning for the addressing and subnets, ALWAYS take into account the future room for growth.

Exam Hints: Subnetting

For the 70-216 test a lot of focus will be on how well you understand IP addressing and different scenarios where IP subnetting is used.

First, you must have a thorough understanding of how an IP address is built from binary and octets, the default A, B, C, D and E class networks and what a subnet mask and default gateway are. Second, this paper will guide you through some of the more advanced topics and tricky questions you might see in one form or another at the test.
Let’s examine a sample network:
We have 3 subnets – A, B and C. We have a host called “Workstation 1”. We need to add more subnets (D and E) and we have been given a class C network address “192.168.6.0” to use for this.

So let’s look at what kind of trouble or problems you might be presented with.

1. You may be asked which subnet a host belongs to given its IP address or given that two hosts are on the same network what would their subnet mask be?
o If we look at the figure, we have a lot of 192.168.5.x networks (subnet A, B and C), so which one does the host Workstation 1 belong to? Since we have the subnet masks given for each subnet we must figure out what ranges the individual subnets cover to identify the range where 128 fits in. We could use a binary cheat-sheet, but let’s look at the bytes to be thorough. First we take each host from the different subnets and convert to binary by looking only at the last octet:
Host 140 = 10001100
Host 130 = 10000010
Subnet 240 = 11110000
Host 35 = 00100011
Host 62 = 00111110
Host 22 = 00010110
Subnet 192 = 11000000
Host 66 = 01000010
Host 128 = 10000000
So with all the hosts lined up we can see that the subnets are identified as the 1000 network, the 00 network and the 01 network given the subnet masks for each subnet. The 128 host only matches the 1000 network because its 4 first bits mismatch even the first 2 bits of the 11 and 01 networks. The 192.168.5.128 should be given the subnet mask of 255.255.255.240 and be placed on Subnet A.
o We can use the decimal to binary conversion to compare two hosts and determine what subnet mask they should have to be on the same network – the opposite of the above method:
Host A = 11011011
Host B = 11101101
So if we line up the binary numbers for the hosts, we can see that they differ on the 3rd bit in this octet. Given the previous octets are alike, the network bits stop at the 2nd and the host bits start from the 3rd. This would give them subnet mask 192 for that octet.
o Remember, these kinds of questions might be camouflaged with other information to set you off such as:
§ A DNS server where Round Robin has not been enabled for multiple Web Servers hosting the same material – which Web Server will a host connect to?
§ Wrongfully configured IP addresses on hosts, routers with incorrect subnet masks, or a misplaced host: Host A (IP/mask) = 192.168.1.92 / 255.255.255.192 is placed on the subnet/mask = 192.168.1.0/ 255.255.255.128. This subnet already covers the hosts 192.168.1.1 to 192.168.1.126. Given the subnet mask 255.255.255.192, the host will only be able to communicate with hosts in the range of 192.168.1.65 to 192.168.1.126 as it will believe the first 62 hosts are on a different subnet.
2. Occasionally, you might be presented with a question about how to divide a single network into X number of networks and figure out how many hosts will be supported? Or, if there are Y number of hosts, then how many networks? Often this will be subnetting with different length subnet masks.
o Given the 192.168.6.0 class C network, how can we divide this into subnets of 100 hosts and 30 hosts respectively? The “train of thought” here is to divide in halves and then divide the second half in more but smaller parts.
o If we divide the network into to parts, there will be 126 hosts on each, so we have more than 100 for the first subnet. We then assign “Subnet D” the range 192.168.6.0/25 (192.168.6.1 to 168.192.6.126 valid for hosts with subnet mask 266.255.255.128).
o Then we divide the remaining portion of the hosts (128-254) into 2 or more subnets. Since we only need 30 hosts we could either make some subnets with 62 hosts or more with 32 hosts.
o So the next subnet “Subnet E” would be either 192.168.6.128/26 with 62 hosts or 192.168.6.128/27 with only 30 hosts but with no room to grow. The answer depends on the question and what solutions we can choose from when taking the test.

Enjoy!

sejwaldeepak
November 4th, 2005, 12:27 PM
Installing, Configuring, Managing, Monitoring, and Troubleshooting Protocols in a Windows 2000 Network Infrastructure

IP Monitoring
· SNMP is used for network management.
· SNMP agent is installed on the hosts to be monitored.
· Agents report back to the SNMP management console.
· Fill blown SNMP Management console is available separately. SMS is an example.
· You use Network Monitor to capture and analyze frames.
· Capture filter is available in Network Monitor to ease the analysis process.
· Components of a frame:
o Source address of sender
o Destination address of recipient
o Protocol headers
o Payload
· Network Monitor that comes with Windows 2000 can only capture frames destined to or send from this particular computer.
· System Monitor can be used to generate statistics.
· You do NOT use System Monitor to capture frames.
IPSec
· Defined by IETF.
· Operates at layer 3.
· Encrypts and decrypts message for online transmission.
· Supported by Windows 2000.
· NOT supported by many pre-Windows 2000 clients.
· Secret key cryptography uses single preshared key.
· Public key cryptography uses key pair with one for encryption and the other for decryption.
· Security Association is established with ISAKMP/Oakley.
· IPSec policy has a collection of rules and key exchange settings concluded in a domain security policy or an individual computer’s security policy.
· IPSec policy can be created with the IPSec Management MMC snap-in.
· Use IPSECMON.EXE to monitor and troubleshoot IPSec.
· Use Network Monitor V2.0’s parser for IPSec to capture IPSec related information transferred over a network interface.
· L2TP + IPSec is usually the best combination for VPN of pure Windows 2000 computers.

sanjay22dahiya
November 5th, 2005, 10:26 PM
Hi deepak

Thanks for sharing valuable information with us.I need your help regarding subnetting.We have Airtel process & our callcenter is remotely connected to Airtel headoffice at okala.Our router's IP is 100.100.61.1/24 through which we access Airtel softwares.

Till now we have less than 254 node network for our agents to login.The IP range is 100.100.61.2 to 100.100.61.254 with subnet mask 255.255.255.0 and default gateway 100.100.61.1.Now our network is growing & we want to use the same range.Could you please tell me how to do further subnetting?