Hands-On Microsoft Windows Server 2003

Administration

Chapter 8

Administering TCP/IP

2

Objectives

• Understand basic concepts about TCP/IP• Configure TCP/IP on Windows Server 2003• Troubleshoot TCP/IP and network connectivity

using various utilities• Administer Dynamic Host Configuration Protocol

(DHCP) in Windows Server 2003

3

Understanding TCP/IP

• Transmission Control Protocol/Internet Protocol (TCP/IP)– Suite of protocols and utilities used for

• Network communication• Troubleshooting on local networks and the Internet

4

Understanding TCP/IP (Continued)

• TCP/IP has become the most popular network protocol in use today, because– It is the protocol suite used for Internet-based

communications

– It is an open-standard, vendor-independent protocol

• In Windows Server 2003 environments, Active Directory depends on TCP/IP and related services to function

5

Four layers of the TCP/IP model

6

The TCP/IP Protocol Stack

• Transmission Control Protocol (TCP)– Operates at the transport layer– Responsible for the reliable transmission of data

on a TCP/IP network– A connection-based protocol

• User Datagram Protocol (UDP)– Functions at the transport layer– A connectionless protocol

• Provides no guarantee of packet delivery– Provides speed advantages in the form of lower

overhead

7

The TCP/IP Protocol Stack (Continued)• Address Resolution Protocol (ARP)

– Works at the Internet layer– Responsible for mapping IP addresses to

hardware media access control (MAC) addresses• Every Windows Server 2003 computer has an ARP

cache that stores both dynamic and static entries

• Internet Control Message Protocol (ICMP)– Operates at the network layer– Used to exchange network status and error

information between two hosts

8

The TCP/IP Protocol Stack (Continued)

• Internet Group Management Protocol (IGMP)– Operates at the network layer

– Used to manage network and host information when a network application requires the use of multicasts to communicate

• Internet Protocol (IP)– Operates at the Internet layer

– Responsible for addressing and routing packets so that they are delivered to the correct host

– A connectionless protocol

9

The TCP/IP Protocol Stack (Continued)

• IPv4– The current version of IP

– Uses a 32-bit addressing scheme

– IP addresses are generally represented using dotted-decimal notation

• For example: 192.168.1.1

• A subnet mask– Used to determine which portion of an address

represents the network and which portion represents a unique host on that network

10

Installing TCP/IP

• TCP/IP is installed by default if– The network adapter is automatically detected

during the installation of Windows Server 2003

• If TCP/IP is not installed during setup, it can be added afterward

• Once TCP/IP has been installed, the network administrator can either– Manually configure addressing parameters, or

– Implement dynamic addressing using DHCP

11

Configuring TCP/IP on Windows Server 2003 Computers

• All hosts on a TCP/IP network require– An IP address

– A subnet mask

• Options for configuring IP addresses on workstations and servers– Configure each one manually with a static IP

address

– Configure computers to obtain an IP address automatically

• Requires a DHCP server on the network

12

Configuring Static IP Addresses

• The decision on whether to use a static or dynamic IP-addressing method is often a function of the size of the network

• For each network card configured to use TCP/IP, you must configure– An IP address

– A subnet mask

• TCP/IP Properties dialog box– Can be used to configure an IP address and a

subnet mask

13

Manually Configuring TCP/IP Properties

14

TCP/IP Options

15

Configuring IP Addresses Dynamically• Dynamic IP addressing

– Possible if there is a server on the network running DHCP

– Advantages• Can eliminate some administrative problems

associated with configuring static IP addresses, such as

– The chance of human error– IP address duplication

• A DHCP server is configured with a range of IP addresses that will be assigned to clients on the network

16

Automatic Private IP Addressing

• Automatic private IP addressing (APIPA)– Allows DHCP-enabled clients to assign

themselves an IP address and subnet mask in the event that a DHCP server is unavailable

– Provides a client with limited functionality on the network

17

Configuring TCP/IP properties dynamically using DHCP

18

Troubleshooting TCP/IP and Network Connectivity

• TCP/IP comes with several command-line utilities that can be used to– Test network connectivity to make sure that

computers can properly communicate over the network

– Troubleshoot network connectivity problems

19

Verifying TCP/IP Configurations

• ipconfig command– Can be used to verify the addressing parameters

assigned to a host– Several parameters can be used with this

command• winipcfg command

– Used by Windows 9x machines to display the TCP/IP configuration settings

– Very similar to the ipconfig utility used in Windows NT/2000/XP and Windows Server 2003

20

Ipconfig parameters

21

Verifying TCP/IP Configurations (Continued)

• Information displayed using ipconfig or winipcfg can assist in determining whether the computer is using the correct – IP address

– Subnet mask

– Default gateway configuration

22

Verifying Network Connectivity

• Windows Server 2003 provides a variety of TCP/IP utilities to troubleshoot connectivity problems

• ping command– Tests network connectivity with other hosts on the

network by sending ICMP packets to a remote computer and then listening for an echo reply from the remote host

23

Ping parameters

24

Verifying Network Connectivity (Continued)• tracert command

– Displays all the routers a packet must pass through in the journey to the remote host

– Helps a network administrator better understand the true nature of a TCP/IP network communication issue

25

Verifying Network Connectivity (Continued)• pathping command

– Combines the functions of both the ping and tracert commands

– Sends echo request messages to each router between a source and destination host

– Once complete, it• Computes results based on the packets returned

from each router• Displays the degree of packet loss at each router

– Can help a network administrator determine which routers are experiencing network problems or congestion

26

Pathping parameters

27

Verifying Network Connectivity (Continued)

• route command– Used to view or modify the contents of a system’s

local routing table

28

Verifying Network Connectivity (Continued)• netdiag command

– Can be used to diagnose and troubleshoot a variety of network connectivity problems

– Some of the information provided includes• A list of installed hotfixes• IP address and DNS settings• Domain configuration information

29

Administering DHCP in Windows Server 2003

• To implement automatic IP addressing for network systems– Install a DHCP service on at least one server on

the network

• Dynamic Host Configuration Protocol (DHCP)– Used to

• Centralize the administration of IP addresses and other options

• Eliminate the administrative overhead of statically assigning the information to each network host

30

Administering DHCP in Windows Server 2003 (Continued)

• A DHCP scope– A range of IP addresses configured on a DHCP

server that can be handed out to network clients• When a client is configured to use DHCP, it

receives– An IP address– A subnet mask– Any other options that may have been configured

for the scope

31

Administering DHCP in Windows Server 2003 (Continued)

• A DHCP lease– An IP address that is assigned to a client from a

DHCP server

• A DHCP client attempts to lease an IP address in one of the following situations:– TCP/IP is installed and started for the first time

– The client releases its IP address and attempts to renew another one

– The client attempts to release a specific IP address and is denied

32

Installing a DHCP Server

• The DHCP server must be assigned– A static IP address

– A subnet mask

– A default gateway (if required on the network)

33

Configuring DHCP Scopes

• A DHCP scope– A range of IP addresses and associated settings

that can be handed out to network clients configured to use automatic addressing

– Configured using the DHCP MMC snap-in

34

The DHCP MMC snap-in

35

Configuring DHCP Scopes (Continued)

• Guidelines for creating a DHCP scope– Each DHCP scope should include only unique

addresses to avoid duplicate IP addresses being handed out on the network

– Any IP addresses that have been statically assigned to clients should be excluded from a scope to avoid duplication

– DHCP servers can be configured with multiple scopes to assign IP addresses to hosts on different subnets

36

Configuring DHCP Scopes (Continued)

• Scope options– Examples: default gateway, DNS server

addresses– Must be configured before activating the scope

• Client reservation– Reserves an IP address within the scope for a

particular client so it is always reassigned the same address

37

Configuring DHCP Scopes (Continued)

• Superscope– Grouping of scopes created for multiple subnets

on a physical network

– Usually created to make the administration of multiple scopes easier

38

Configuring DHCP Scopes (Continued)

• Multicasting– Sending a message to a group of clients, but not

all clients, using a single destination address– Uses a special range of IP addresses known as

the Class D address range– DHCP servers in Windows Server 2003 can

assign multicast addresses to clients as well as traditional unicast addresses

39

Authorizing a DHCP Server

• Authorizing a DHCP server in Active Directory– The last step in installing a DHCP server

– Designed to increase security and stability on a network

• Only those Windows Server 2003 and Windows 2000 DHCP servers that have been authorized by an administrator are permitted to lease IP addresses

40

Using DHCP Options

• Besides an IP address and a subnet mask, a range of DHCP options can be assigned to clients

41

Using DHCP Options (Continued)

• Scope options can be configured at three levels– Server level

• Server options apply to all scopes configured on the DHCP server

– Scope level• Scope options only apply to a specific scope and

the clients that lease an IP address from that scope

– Client level• Client options apply to the specified client

reservation

42

Configuring DHCP in a Routed Network

• Options for implemented DHCP in a routed network– Install and configure a DHCP server on each

subnet– Configure network routers to forward DHCP

broadcast traffic

43

Configuring DHCP in a Routed Network (Continued)

– Configure a DHCP relay agent on each of the subnets

• The DHCP relay agent included with Windows Server 2003

– Relays DHCP broadcast messages between DHCP clients and DHCP servers across a routed network

– Configured using the Routing and Remote Access tool

44

Routing and Remote Access console

45

DHCP and DNS Integration

• Dynamic DNS (DDNS)– Allows name servers and clients to automatically

update the DNS database• Options for DNS registration

– Dynamically update DNS A and PTR records only if requested by the DHCP clients

• Selected by default– Always dynamically update DNS A and PTR

records– Discard A and PTR records when lease is deleted– Dynamically update DNS A and PTR records for

DHCP clients that do not request updates

46

DHCP and DNS integration properties

47

Maintaining DHCP Services

• Ways to monitor DHCP servers– Periodically look at the Event Viewer system log

for any DHCP-related events

– Use DHCP audit logging• Enabled by default in the DHCP MMC snap-in• Forces the DHCP server to place detailed event

logs in the DHCP database directory

48

DHCP service activity log

49

Summary (Continued)

• TCP/IP consists of a suite of protocols that can be used to configure, manage, and troubleshoot network connectivity– The protocols include TCP, UDP, ARP, IP

• All hosts on a TCP/IP network require an IP address and a subnet mask

• A default gateway is needed to communicate outside of the local subnet

• IP addresses can be assigned to a host– Statically– Dynamically by using a DHCP server

50

Summary (Continued)

• Several utilities, such as ipconfig and ping, can be used to verify and troubleshoot TCP/IP

• Once the DHCP service is installed, you must– Create and activate a unique scope

– Authorize the DHCP server in Active Directory

• You can also add various scope options, such as the IP address of the default gateway

51

Summary (Continued)

• Windows 2000 and XP DHCP clients automatically update resource records with the DNS server

• The DHCP server can be configured to perform all updates and perform updates on behalf of legacy clients