using routing & remote access. when you have only 2 network sites, then only 1 topology is...
TRANSCRIPT
USING ROUTING & REMOTE ACCESS
When you have only 2 network sites, then only 1 topology is available in which you install a router on each site & connect the router using WAN link.
WAN
Routers
Mesh Topology (if more than 2 network sites) Fault tolerant Not practical if more than 3 sites
Ring Topology Easier to install & maintain More affordable Not fault tolerant Not efficient
Star Topology (for company with HQ & branches)
A compromise between mesh & ring One site functions as hub connected all
the others Fault tolerant Fast & efficient
Using Leased Lines Expensive to install & maintain Characteristics of leased lines;
Persistent connection – stay connected even when you don’t use it.
Permanent – between two sides (not portable)
Using Dial-on-Demand connections Slower than leased lines but not persistent
& not permanent
Using frame relay Consists of leased line linking the network
site to the nearest point-of-presence (POP) Flexible & economical
Using VPNs Practical for connection between distant
locations Charges based on the distance
Using static routing Network administrators must manually
create & modify the routing table entries. Advantage : enables routers to compensate for
a failed router or WAN link. Disadvantage : more manual maintenance.
Dynamic routing Uses specialized routing protocol to build &
update the table entries automatically Advantage : less maintenance work Disadvantage : subject to failed router or WAN
link.
Uses specialized protocols enabling routers to communicate & share their routing table information.
When a router fails to transmit its routing table entries on schedule, the other routers will detect the absence & remove the failed router from its routing table, thus prevents the routers from forwarding it to the failed router.
Dynamic routing table will evaluate the relative efficiency of routes to a specific destination
There may be several path to reach the same destination & its up to the router to use the most efficient one.
Routing table include a numeric qualifier called metric
On static routers – administrator manually enters the metric value
There are 2 protocols used in routing ; OSPF – Open Shortest Path First
Only transmits routing table entries when there is a change in the mapping.
Each OSPF router compiles a map of the network called link state database.
RIP – Routing Information Protocol Repeatedly broadcast their routing tables
Metric value represents the number of hops between that computer & the destination used in RIP
hop – passage through a router from one network to another.
Distance vector is the most effective way to calculate speed, smaller number of hops = faster
Latency – time it takes for a router to process a packet (usual reason for delay in the packet transmission.
Open Shortest Path First (OSPF) is called a link state routing because it calculates the hop distance using method called Dijkstra algorithm.
Dijkstra algorithm uses multiply criteria to evaluate the efficiency of a route.
Criteria include the link’s transmission speed and delays caused by network traffic congestion.
A technique that is designed to provide a more efficient method of one-to-many communication compared to broadcast & unicast.
Unicast transmission – involves 2 systems only, a source & destination.
Multicast use a single destination IP that identifies a group of systems on the network called host group.
Uses class D which ranges from 224.0.1.0 to 238.255.255.255 because class D identifies an entire group of systems.
To receive multicast traffic, the network interface adapters must support a special mode called multicast promiscuous mode.
Questions to address; Which users require remote access?
Permit remote access by authenticating them during login process by using remote access policies to dictate the conditions that need to be meet.
Do users require different level of remote access?
Depending on users jobs specification & resources they need, use permissions to assign different level of remote access
Do users need access to the internet? In cases where users need can be met by access to
the remote server, try preventing them from accessing the entire network.
What applications must users run? Limit users to specific applications by creating
packet filters that permits only traffic using specific protocols & port numbers onto the network.
Using properties of the individual accounts that clients use to connect to the network is the most basic method of securing access to your network!
Security options on the properties tab (active directory) are as follows; Remote access permission Verify caller id Callback option
Most basic form of remote access security, & without it anyone can connect to your remote access server Authentication – exchange of username &
password. Radius – a standard defining a service that
provides authentication, authorization & accounting for remote access installations.
Characteristics of authentication protocol; Extensible Authentication Protocol (EAP) Microsoft Encrypted Authentication Version 2
(MS-CHAP v2) Microsoft Encrypted Authetication (MS-CHAP) Encrypted Authentication (CHAP) Shiva Password Authentication Protocol
(SPAP) Unencrypted Password (PAP) Allow Remote Systems To Connect Without
Authentication.
Ability to validate the configuration of remote client computers before granting access to the entire network.
Delays full access to the private network until the configuration of a connecting remote computer has been examined & validated.
When the user initiates a connection, the user is authenticated & assigned an IP. However the computer is placed in quarantine mode with limited network access. Administrator provides a script to be run in the client PC, when the script returns result that the computer complies with the network policies, only then a full access is granted.
Consists of 3 elements; Conditions – specific attributes that the policy
uses to grant or deny authorization to a user. In cases where there is more than 1 condition, users must meet all before server grant access.
Remote access permission – receive permission to access the remote network either by satisfying the conditions or an administrator granting them.
Remote access profile – set of attributes associated with a remote access policy that the RRAS applies to a client once it has authenticated & authorized it
Consists of the following; A set of quarantine packet filters that
restricts the traffic that can be sent to and from a quarantined remote access client.
A quarantine session timer that restricts the amount of time & client can remain connected in quarantine mode before being disconnected.
Using ping.exe Ping followed by an IP address on the
command line to test any TCP/IP systems connectivity with any other system.
You may IP address successfully even when its not routing properly. These are initial troubleshooting efforts to test the routing following the manner;
Ping the computer’s loopback address 127.0.0.1 to confirm that the TCP/IP client is installed & functioning
Ping the computer’s own IP address to confirm that the routing table contains the appropriate entries.
Ping the IP address of another computer on the same LAN
Ping the DNS name of another computer on the same LAN
Ping the computer’s designated default gateway address
Ping several computers on another network that are accessible through the default gateway
Using tracert.exe Enables you to view the path the packets take
from one computer to a specific destination When you type tracert followed by IP address,
then a list of hops to the destination will be displayed including the IP address and DNS names of each router along the way.
An excellent tool for locating a malfunctioning router because it informs how far the packet have gotten so far, when it stops at one spot, you know the router following it is having problem.
Using pathping.exe Just like tracert but useful when you
reach destination but experiencing data loss or transmission delays.
Possible causes of problem in Routing & Remote Access Server (RRAS) is that the server is not routing traffic
To begin troubleshooting, start with obvious causes; Verify that the routing & remote access service
is running Verify that the routing is enabled Check the TCP/IP configuration settings Check the IP addresses of the router interfaces
If RRAS is configured correctly, but still experiencing routing problem then its possible that the routing table do not have the information needed to route network traffic correctly.
Static Routing ; Possibly someone might have accidentally deleted,
omitted or mistyped table entries. (human error). Edit it back using Routing & Remote Access Control Console.
Dynamic Routing Lack of proper entries in the routing table. 2 ways to
rectify; Verify that the routing protocol is installed on all the participating
routers Verify that the routing protocol is configured to use the correct
interfaces.