using routing and remote access chapter five. exam objectives in this chapter: plan a routing...

Using Routing Using Routing and Remote and Remote

AccessAccess

ChapterFive

Exam Objectives in this Chapter: Plan a routing strategy

Identify routing protocols to use in a specified environment

Plan routing for IP multicast traffic Plan security for remote access users

Plan remote access policies Analyze protocol security requirements Plan authentication methods for remote access clients

Troubleshoot TCP/IP routing. Tools might include the route, tracert, ping, pathping, and netsh commands, and Network Monitor

Lessons in this Chapter: Planning a Routing and Remote Access

Strategy Static and Dynamic Routing Securing Remote Access Troubleshooting TCP/IP Routing

Planning a Routing and Remote Access Strategy Choosing a WAN Topology

WAN

Router Router

Planning a Routing and Remote Access Strategy 5 Network Sites WAN

Mesh Topology

Planning a Routing and Remote Access Strategy 5 Network Site WAN

Ring Topology

Planning a Routing and Remote Access Strategy 5 Network Site WAN Star Topology

Selecting a WAN Technology Using Leased Lines Using Dial-On-Demand Connections Using Frame Relay Using VPN

Exam Tip Be sure to understand the ramifications of

using persistent WAN connections as

Using Frame Relay

Static and Dynamic Routing Selecting Routers

Using Route Print

Using Static Routing The drawbacks of static routing are the amount of manual

maintenance the process requires and the routers’ inability to compensate for changes in the network configuration

Example Route Add Statement:

ROUTE ADD 192.168.87.0 MASK 255.255.255.0 192.168.2.21 METRIC 2 IF 1

The address following the ADDADD parameter is the Network Destination column value.

The subnet mask for the destination network address follows the MASK parameter.

The IP address following the subnet mask is the Gateway column value. The Metric column value follows the METRIC parameter, and The number following the IF parameter identifies one of the computer’s

network interfaces. By substituting the DELETE or CHANGE parameter for ADD, you can create

commands that remove entries from the routing table or modify existing entries.






The subnet mask for the destination network address follows the MASKMASK parameter.

The IP address following the subnet mask is the Gateway column value. The Metric column value follows the METRIC parameter, and The number following the IF parameter identifies one of the computer’s









The IP addressIP address following the subnet mask is the Gateway column value. The Metric column value follows the METRIC parameter, and The number following the IF parameter identifies one of the computer’s









The IP addressIP address following the subnet mask is the Gateway column value. The MetricMetric column value follows the METRIC parameter, and The number following the IF parameter identifies one of the computer’s









The IP addressIP address following the subnet mask is the Gateway column value. The MetricMetric column value follows the METRIC parameter, and The number following the IFIF parameter identifies one of the computer’s






ROUTE ADDADD 192.168.87.0 MASK 255.255.255.0 192.168.2.21 METRIC 2 IF 1



The IP addressIP address following the subnet mask is the Gateway column value. The MetricMetric column value follows the METRIC parameter, and the number

following the IF parameter identifies one of the computer’s network interfaces. By substituting the DELETEDELETE or CHANGECHANGE parameter for ADDADD, you can create


Planning When you consider the number of

networks, routers, and sites that make up your enterprise, you can decide whether the amount of time and effort needed to maintain static routes is worth the savings in network traffic.

Using Dynamic Routing Dynamic routing uses specialized

protocols that enable routers to communicate with each other and share their routing table information

Dynamic routing eliminates the need for network administrators to manually create static routes on each router

Selecting a Routing Protocol The routing protocols most commonly

used on private networks are the two supported by the Routing and Remote Access service in Windows Server 2003: Routing Information Protocol (RIP) and Open Shortest Path First (OSPF).

In most cases, the designer of a routing strategy selects one of these two protocols

Understanding Routing Metrics The lower the metric value, the more

efficient the route In dynamic routing, the metric values must

represent a specific attribute for routing protocols to compute them

Different Routing Protocols: Distance Vector Routing Link State Routing

Exam Tip Be sure to understand that the metrics in

distance vector routing protocols represent the number of hops to the destination, regardless of the type or speed of the network connecting the routers at each hop. RIP is a distance vector routing protocol.

Distance Vector Routing RIP makes no distinction between different

types of networks. A hop is a hop, whether the packets are passing over a 1,000 Mbps Gigabit Ethernet network or a 33 Kbps dial-up modem connection.

Link State Routing Use a route cost value, which OSPF factors

into the equation Link state routing is more processor

intensive than distance vector routing, but it is also more precise and more capable of compensating for changes in the network infrastructure.

Understanding Routing Protocol Communications Link state routing is one of the main

reasons that administrators choose OSPF over RIP

When a RIP router starts, it generates a RIP request message and transmits it as a broadcast over all its network interfaces.

After the initial exchange of messages, the RIP routers all transmit periodic updates at regular intervals.

Administering Routing Protocols OSPF’s link state routing capabilities and

its ability to form areas make it more efficient and scaleable than RIP, but it does have drawbacks. Deploying RIP on a network is usually simplicity itself.

Exam Tip When preparing for the exam, no time

spent familiarizing yourself with the RIPand OSPF configuration parameters in the Routing And Remote Access console will be wasted.

Use the online help to learn the functions of the routing protocol parameters.

Routing IP Multicast Traffic A unicastunicast transmission, by definition,

involves two systems only, a source and a destination.

MulticastMulticast transmissions use a single destination IP address that identifies a group of systems on the network, called a host group.

MulticastsMulticasts use Class D addressesClass D addresses, as assigned by the Internet Assigned Numbers Authority (IANA), which can range from 224.0.1.0 to 239.255.255.255.

Multicast Promiscuous Mode To receive all the IP multicast traffic on the

network, the network interface adapters in a router must support a special mode called multicast promiscuous mode.

Unlike promiscuous mode, in which the network interface adapter processes all incoming packets, multicast promiscuous mode has the network interface adapter process all incoming packets with the multicast bit (that is, the last bit of the first byte of the destination hardware address) set to a value of 1.

Practice: Installing RIP

Exercise 1: Configuring Routing and Remote Access as a LAN Router

Page 5-21 Exercise 2: Installing RIP

Page 5-22 Exercise 3: Disabling Routing and Remote

Access Page 5-23

Securing Remote Access Determining Security Requirements

Which users require remote access? Do users require different levels of remote

access? Do users need access to the network? What applications must users run?

Securing Remote Access Controlling Access Using Dial-In Properties

Remote Access Permission (Dial-in Or VPN) Verify Caller ID Callback Options

Planning Authentication Extensible Authentication Protocol (EAP) Microsoft Encrypted Authentication Version 2 (MS-CHAP v2) Microsoft Encrypted Authentication (MS-CHAP) Encrypted Authentication (CHAP) Shiva Password Authentication Protocol (SPAP) Unencrypted Password (PAP) Allow Remote Systems To Connect Without Authentication

Exam Tip You should understand the differences

among these authentication protocols and how they provide their respective levels of security.

Using Remote Access Policies Remote Access Policy Components

Conditions Remote access permission Remote access profile

Creating Remote Access Policies

Important: Before RRAS can use remote access

policies to regulate access to the serverby group membership, you must configure the user’s account by selecting the Control Access Through Remote Access Policy option button in the Dial-in tab in the user’s Properties dialog box in the Active Directory Users And Computers console.

Practice: Installing a Routing and Remote Access

Server Exercise 1: Configuring Routing and Remote

Access as a Remote Access Server Page 5-35

Exercise 2: Creating a Remote Access Policy for Domain Users

Page 5-36 Exercise 3: Creating a Remote Access Policy for

Domain Administrators Page 5-37

Troubleshooting TCP/IP Routing Isolating Router Problems

Using Ping Using Tracert Using Pathping

Troubleshooting the Routing and Remote Access Configuration Verify that the Routing and Remote Access

service is running Verify that routing is enabled Check the TCP/IP configuration settings Check the IP addresses of the router

interfaces

Troubleshooting the Routing Table Troubleshooting Static Routing Troubleshooting Routing Protocols Troubleshooting RIP Troubleshooting OSPF

Summary Case Scenario Exercise

Page5-50 Troubleshooting Lab

Page 5-52 Exam Highlights

Key Points Key Terms

Page 5-53

using routing and remote access chapter five. exam objectives in this chapter: plan a routing...

Documents