This lesson describes the procedure for configuring Microsoft TCP/IP. Follow this procedure if you have not previously installed the TCP/IP network protocol on the computer(s) you are using to perform the practice procedures for this course.
After this lesson, you will be able to
Estimated lesson time: 15 minutes
If you are implementing TCP/IP for the first time on your network, you should construct a detailed plan for IP addressing on your network. Your TCP/IP network addressing scheme can include either public or private addresses. You can use either public or private addresses if your network is not connected to the Internet. However, you will most likely implement some public IP addresses for Internet interconnectivity support. This is because devices connected directly to the Internet require a public IP address. InterNIC assigns public addresses to Internet service providers (ISPs). ISPs, in turn, assign IP addresses to organizations when network connectivity is purchased. IP addresses assigned this way are guaranteed to be unique and are programmed into Internet routers in order for traffic to reach the destination host.
Furthermore, you can implement a private addressing scheme to shield your internal addresses from the rest of the Internet by configuring private addresses on all the computers on your private network (or intranet). Private addresses are not reachable on the Internet because they are separate from public addresses, and they do not overlap.
NOTE
Before you continue with the lesson, run the Ch09A.exe demonstration file located in the Media folder on the Supplemental Course Materials CD-ROM that accompanies this book. The file provides an overview of installing the TCP/IP protocol.
You can assign IP addresses in Windows 2000 dynamically using Dynamic Host Configuration Protocol (DHCP), as well as Automatic Private IP Addressing (see Chapter 5, "Managing Network Protocols and Services" for more details). You can also configure TCP/IP manually. You configure TCP/IP on a particular computer based on that computer's function. For example, servers in a client/server relationship within an organization should be assigned an IP address manually. However, you can configure TCP/IP dynamically through a DHCP server for the majority of clients on a network.
Windows 2000 computers attempt to obtain the TCP/IP configuration from a DHCP server on your network by default, as illustrated in Figure 9.7. If a static TCP/IP configuration is currently implemented on a computer, you can implement a dynamic TCP/IP configuration.
Follow these steps to implement a dynamic TCP/IP configuration:
Figure 9.7 Configuring your computer to obtain TCP/IP settings automatically
For other types of connections, click the Networking tab.
Some servers, such as DHCP, DNS, and WINS servers, should be assigned an IP address manually. If you do not have a DHCP server on your network, you must configure TCP/IP computers manually to use a static IP address.
Follow these steps to configure a TCP/IP computer to use static addressing:
You will then have to type in an IP, subnet mask, and default gateway address. If your network has a DNS server, you can set up your computer to use DNS.
Follow these steps to set up your computer to use DNS:
Figure 9.8 Manually configuring TCP/IP settings on your computer
You can also configure additional IP addresses and default gateways by performing the following procedure.
Follow these steps to configure additional IP addresses and default gateways:
You can also type a metric value in Interface Metric to configure a custom metric for this connection.
Another TCP/IP address configuration option is to use Automatic Private IP Addressing when DHCP is not available. In previous versions of Windows, IP address configuration could be performed either manually or dynamically through DHCP. If a client was not able to obtain an IP address from a DHCP server, network services for the client were unavailable. The Automatic Private IP Addressing feature of Windows 2000 automates the process of assigning an unused IP address in the event that DHCP is not available.
The Automatic Private IP Addressing address is selected from the Microsoft-reserved address block 169.254.0.0, with the subnet mask 255.255.0.0. When the Automatic Private IP Addressing feature of Windows 2000 is used, an address in the Microsoft-reserved IP addressing range from 169.254.0.1 through 169.254.255.254 is assigned to the client. The assigned IP address is used until a DHCP server is located. The subnet mask 255.255.0.0 is automatically used.
You should always verify and test your TCP/IP configuration to make sure your computer can connect to other TCP/IP hosts and networks. You can perform basic TCP/IP configuration testing using Ipconfig and ping utilities.
With Ipconfig, you verify the TCP/IP configuration parameters on a host, including the IP address, subnet mask, and default gateway, from a command prompt. This is useful in determining whether the configuration is initialized, or if a duplicate IP address is configured.
Follow these steps to use Ipconfig from a command prompt:
TCP/IP configuration information is displayed, as illustrated in Figure 9.9.
Figure 9.9 Using Ipconfig to display TCP/IP configuration information
After you verify the configuration with the Ipconfig utility, you can use the ping utility to test connectivity. The ping utility is a diagnostic tool that tests TCP/IP configurations and diagnoses connection failures. Ping uses the Internet Control Message Protocol (ICMP) Echo Request and Echo Reply messages to determine whether a particular TCP/IP host is available and functional. Like the Ipconfig utility, the ping utility is executed at the command prompt. The command syntax is:
Ping IP_Address
If ping is successful, a message appears that is similar to that shown in Figure 9.10.
Figure 9.10 Reply messages displayed by the ping utility
You can use IP packet filtering to trigger security negotiations for a communication based on the source, destination, and type of IP traffic. This allows you to define which specific IP and IPX traffic triggers will be secured, blocked, or allowed to pass through a network unfiltered.
For example, you can limit the type of access allowed to and from the network to restrict traffic to desired systems. You should make sure that you do not configure packet filters that are too restrictive, impairing the functionality of useful protocols on the computer. For example, if a computer running Windows 2000 is also running Internet Information Services (IIS) as a Web server, and packet filters are defined so that only Web-based traffic is allowed, you cannot use ping (which uses ICMP Echo Requests and Echo Replies) to perform basic IP troubleshooting.
You can configure the TCP/IP protocol to filter IP packets based on the following:
In this practice, you implement TCP/IP packet filtering on a Windows 2000 Server computer for a LAN connection.
The Advanced TCP/IP Settings dialog box appears.
The TCP/IP Filtering dialog box appears, as illustrated in Figure 9.11.
Figure 9.11 Setting TCP/IP packet filters in the TCP/IP Filtering dialog box
You can now add TCP, UDP, and IP protocol filtering by clicking the Permit Only option and then clicking Add below the TCP, UDP, or IP Protocols list.
Some TCP/IP filtering implementations you can use include:
CAUTION
By enabling only TCP port 80, all network communications outside of port 80 will be disabled.
By default, Windows 2000 installs the TCP/IP protocol if Setup detects a network adapter. You can also manually install TCP/IP. After you install TCP/IP on a computer, you can either configure it to obtain an IP address automatically or set configuration properties manually. You can also implement packet filters to limit the type of access allowed to and from the network to restrict traffic to desired systems.