Lesson 2: Microsoft TCPIP Configuration

This lesson describes the procedure for configuring Microsoft TCP/IP. Follow this procedure if you have not previously installed the TCP/IP network protocol on the computer(s) you are using to perform the practice procedures for this course.


After this lesson, you will be able to

  • Set TCP/IP configuration parameters
  • Identify some common TCP/IP utilities
  • Describe packet filtering

Estimated lesson time: 15 minutes


Configuring TCP/IP

If you are implementing TCP/IP for the first time on your network, you should construct a detailed plan for IP addressing on your network. Your TCP/IP network addressing scheme can include either public or private addresses. You can use either public or private addresses if your network is not connected to the Internet. However, you will most likely implement some public IP addresses for Internet interconnectivity support. This is because devices connected directly to the Internet require a public IP address. InterNIC assigns public addresses to Internet service providers (ISPs). ISPs, in turn, assign IP addresses to organizations when network connectivity is purchased. IP addresses assigned this way are guaranteed to be unique and are programmed into Internet routers in order for traffic to reach the destination host.

Furthermore, you can implement a private addressing scheme to shield your internal addresses from the rest of the Internet by configuring private addresses on all the computers on your private network (or intranet). Private addresses are not reachable on the Internet because they are separate from public addresses, and they do not overlap.

NOTE


Before you continue with the lesson, run the Ch09A.exe demonstration file located in the Media folder on the Supplemental Course Materials CD-ROM that accompanies this book. The file provides an overview of installing the TCP/IP protocol.

You can assign IP addresses in Windows 2000 dynamically using Dynamic Host Configuration Protocol (DHCP), as well as Automatic Private IP Addressing (see Chapter 5, "Managing Network Protocols and Services" for more details). You can also configure TCP/IP manually. You configure TCP/IP on a particular computer based on that computer's function. For example, servers in a client/server relationship within an organization should be assigned an IP address manually. However, you can configure TCP/IP dynamically through a DHCP server for the majority of clients on a network.

Dynamic Configuration

Windows 2000 computers attempt to obtain the TCP/IP configuration from a DHCP server on your network by default, as illustrated in Figure 9.7. If a static TCP/IP configuration is currently implemented on a computer, you can implement a dynamic TCP/IP configuration.

Follow these steps to implement a dynamic TCP/IP configuration:

  1. Click Start, point to Settings, and then click Network And Dial-Up Connections.
  2. Right-click the Local Area Connection, and then click Properties.

    Figure 9.7 Configuring your computer to obtain TCP/IP settings automatically

  3. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.

    For other types of connections, click the Networking tab.

  4. Click Obtain An IP Address Automatically, and then click OK.

Manual Configuration

Some servers, such as DHCP, DNS, and WINS servers, should be assigned an IP address manually. If you do not have a DHCP server on your network, you must configure TCP/IP computers manually to use a static IP address.

Follow these steps to configure a TCP/IP computer to use static addressing:

  1. Click Start, point to Settings, and then click Network And Dial-Up Connections.
  2. Right-click Local Area Connection, and then click Properties.
  3. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.
  4. Select Use The Following IP Address.

You will then have to type in an IP, subnet mask, and default gateway address. If your network has a DNS server, you can set up your computer to use DNS.

Follow these steps to set up your computer to use DNS:

  1. Select Use The Following DNS Server Addresses.
  2. In Preferred DNS Server and Alternate DNS Server, type the primary and secondary DNS server addresses, as illustrated in Figure 9.8.

Figure 9.8 Manually configuring TCP/IP settings on your computer

You can also configure additional IP addresses and default gateways by performing the following procedure.

Follow these steps to configure additional IP addresses and default gateways:

  1. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
  2. On the IP Settings tab, in IP Addresses, click Add.
  3. In IP Address And Subnet Mask, type an IP address and subnet mask, and then click Add.
  4. Repeat steps 2 and 3 for each IP address you want to add, and then click OK.
  5. On the IP Settings tab, in Default Gateways, click Add.
  6. In Gateway And Metric, type the IP address of the default gateway and the metric, and then click Add.

    You can also type a metric value in Interface Metric to configure a custom metric for this connection.

  7. Repeat steps 5 and 6 for each IP address you want to add, and then click OK.

Automatic Private IP Address Assignment

Another TCP/IP address configuration option is to use Automatic Private IP Addressing when DHCP is not available. In previous versions of Windows, IP address configuration could be performed either manually or dynamically through DHCP. If a client was not able to obtain an IP address from a DHCP server, network services for the client were unavailable. The Automatic Private IP Addressing feature of Windows 2000 automates the process of assigning an unused IP address in the event that DHCP is not available.

The Automatic Private IP Addressing address is selected from the Microsoft-reserved address block 169.254.0.0, with the subnet mask 255.255.0.0. When the Automatic Private IP Addressing feature of Windows 2000 is used, an address in the Microsoft-reserved IP addressing range from 169.254.0.1 through 169.254.255.254 is assigned to the client. The assigned IP address is used until a DHCP server is located. The subnet mask 255.255.0.0 is automatically used.

Testing TCP/IP with Ipconfig and Ping

You should always verify and test your TCP/IP configuration to make sure your computer can connect to other TCP/IP hosts and networks. You can perform basic TCP/IP configuration testing using Ipconfig and ping utilities.

With Ipconfig, you verify the TCP/IP configuration parameters on a host, including the IP address, subnet mask, and default gateway, from a command prompt. This is useful in determining whether the configuration is initialized, or if a duplicate IP address is configured.

Follow these steps to use Ipconfig from a command prompt:

  1. Open a command prompt.
  2. When the command prompt is displayed, type Ipconfig and then press Enter.

    TCP/IP configuration information is displayed, as illustrated in Figure 9.9.

Figure 9.9 Using Ipconfig to display TCP/IP configuration information

After you verify the configuration with the Ipconfig utility, you can use the ping utility to test connectivity. The ping utility is a diagnostic tool that tests TCP/IP configurations and diagnoses connection failures. Ping uses the Internet Control Message Protocol (ICMP) Echo Request and Echo Reply messages to determine whether a particular TCP/IP host is available and functional. Like the Ipconfig utility, the ping utility is executed at the command prompt. The command syntax is:

 Ping IP_Address 

If ping is successful, a message appears that is similar to that shown in Figure 9.10.

Figure 9.10 Reply messages displayed by the ping utility

Configuring Packet Filters

You can use IP packet filtering to trigger security negotiations for a communication based on the source, destination, and type of IP traffic. This allows you to define which specific IP and IPX traffic triggers will be secured, blocked, or allowed to pass through a network unfiltered.

For example, you can limit the type of access allowed to and from the network to restrict traffic to desired systems. You should make sure that you do not configure packet filters that are too restrictive, impairing the functionality of useful protocols on the computer. For example, if a computer running Windows 2000 is also running Internet Information Services (IIS) as a Web server, and packet filters are defined so that only Web-based traffic is allowed, you cannot use ping (which uses ICMP Echo Requests and Echo Replies) to perform basic IP troubleshooting.

You can configure the TCP/IP protocol to filter IP packets based on the following:

  • TCP port number
  • UDP port number
  • IP protocol number

Practice: Implementing IP Packet Filters

In this practice, you implement TCP/IP packet filtering on a Windows 2000 Server computer for a LAN connection.

Exercise 1: Implementing TCP/IP Packet Filtering

  1. On Server01, Click Start, point to Settings, and then click Network And Dial-Up Connections.
  2. Right-click Local Area Connection and then click Properties. The Local Area Connection Properties dialog box appears.
  3. Select Internet Protocol (TCP/IP), then click Properties. The Internet Protocol (TCP/IP) Properties dialog box appears.
  4. Click Advanced.

    The Advanced TCP/IP Settings dialog box appears.

  5. Click the Options tab, select TCP/IP Filtering, and then click Properties.

    The TCP/IP Filtering dialog box appears, as illustrated in Figure 9.11.

Figure 9.11 Setting TCP/IP packet filters in the TCP/IP Filtering dialog box

  1. Click Enable TCP/IP Filtering (All Adapters).

    You can now add TCP, UDP, and IP protocol filtering by clicking the Permit Only option and then clicking Add below the TCP, UDP, or IP Protocols list.

    Some TCP/IP filtering implementations you can use include:

    • Enabling only TCP port 23, which filters all traffic except Telnet traffic
    • Enabling only TCP port 80 on a dedicated Web server to process only Web-based TCP traffic

    CAUTION


    By enabling only TCP port 80, all network communications outside of port 80 will be disabled.

  2. Click OK repeatedly to close all open dialog boxes.

Lesson Summary

By default, Windows 2000 installs the TCP/IP protocol if Setup detects a network adapter. You can also manually install TCP/IP. After you install TCP/IP on a computer, you can either configure it to obtain an IP address automatically or set configuration properties manually. You can also implement packet filters to limit the type of access allowed to and from the network to restrict traffic to desired systems.



MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net