Exercises 4.1 Enabling Routing and Remote Access In this exercise, you enable and perform basic configuration on the Routing and Remote Access Service. Estimated time: 15 minutes -
Open the Routing and Remote Access console by choosing Start, Control Panel, Administrative Tools, and then Routing and Remote Access. By default, the local computer is listed as a server. -
Right-click the server you want to configure and select Configure and Enable Routing and Remote Access. The Routing and Remote Access Server Setup Wizard starts. -
Click Next to start configuring the Routing and Remote Access Service. The Configuration dialog box opens. -
Select the Secure Connection Between Two Private Networks option and click Next to continue. The Demand-Dial Connections dialog box opens. -
On the Demand-Dial Connections dialog box, select No and click Next to continue. The Completing the Routing and Remote Access Server Setup Wizard summary dialog box opens. -
Click Finish to complete the enabling of routing services. 4.2 Adding a Static Route to the Existing Routing Table This exercise explores using the route command to add a static route to an existing routing table. This method provides a way for you to add static routes to routing configurations. Estimated time: 10 minutes -
From the command prompt, enter route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2 . -
Type route print to examine the new route in the routing table. 4.3 Adding RIP to the Routing and Remote Access Service In this exercise, you add RIP as a dynamic routing protocol for use on your Windows Server 2003 RRAS computer. Estimated time: 15 minutes -
Open the Routing and Remote Access console. -
In the left pane, expand the list under IP Routing and right-click General. From the context menu, select New Routing Protocol. The New Routing Protocol dialog box opens. -
Select RIP Version 2 for Internet Protocol and click OK. RIP appears under the IP Routing entry. RIP is now installed on your Windows Server 2003 server. -
Right-click the RIP entry and select New Interface from the context menu. The New Interface for RIP Version 2 for Internet Protocol dialog box opens. -
Select the appropriate Local Area Connection and click OK. The RIP Properties dialog box opens. -
On the General tab, in Outgoing Packet Protocol, select RIP Version 1 Broadcast. In Incoming Packet Protocol, select RIP Version 1 and 2. Click OK to return to the Routing and Remote Access console and activate the changes. 4.4 Implementing Silent RIP In this exercise, you implement silent RIP on your Windows Server 2003 RRAS computer. Estimated time: 15 minutes -
Open the Routing and Remote Access console. -
Expand the console tree and select RIP. The list of available interfaces running RIP appears in the right pane of the console. -
Right-click the interface that you want to configure for silent RIP mode, and from the context menu, select Properties. The Local Area Connection Properties opens. -
On the General tab, in Outgoing Packet Protocol, select Silent RIP from the pull-down menu. Click OK to return to the Routing and Remote Access console and apply the changes. 4.5 Adding OSPF to the Routing and Remote Access Service In this exercise, you add OSPF as a dynamic routing protocol for use on your Windows Server 2003 RRAS computer. Estimated time: 15 minutes -
Open the Routing and Remote Access console. -
Expand the console tree, and under IP Routing, right-click General. From the context menu, select New Routing Protocol. The New Routing Protocol dialog box opens. -
Select Open Shortest Path First and click OK to install it. It now appears under IP Routing in the Routing and Remote Access console. -
Select the newly installed OSPF protocol and right-click. From the context menu, select New Interface. The New Interface for Open Shortest Path First (OSPF) dialog box opens. -
Select Local Area Connection and click OK. The OSPF Properties dialog box opens. -
On the General tab, select the Enable OSPF for This Address option. In Area ID, click the ID of the area to which the interface belongs (for this exercise it should be 0.0.0.0). In Router Priority, click the arrows to set the priority of the router over the interface to 1. In Cost, click the scroll arrows to set the cost of sending a packet over the interface to 2. In Password, type a password. Under Network Type, set the type of OSPF interface as Broadcast. Click OK to complete the installation of the interface and return to the Routing and Remote Access console. Review Questions 1: | Several of your Windows XP Professional clients are having trouble connecting to an Internet Web site labeled http://www.rsnetworks.net. You suspect that they have a connectivity issue via IP and want to perform a quick test to see why they cannot connect to the Web site. What can you do to quickly resolve this situation? | 2: | Several of your Windows 2000 Professional clients cannot access a server on a remote network segment that is separated by two routers. What can you do to test to see where the problem is occurring? | 3: | All your Windows XP Professional clients are having trouble connecting to your Windows Server 2003 Remote Access Server via VPN. The server was fine this morning, and all other clients can access the Remote Access Server. What could be the problem, and how would you try to resolve it? | 4: | You are running three Windows Server 2003 computers in a network that needs to participate in multicast routing. You cannot add a multicast routing protocol to your server, but you are able to add a forwarding protocol. If you needed to add a routing protocol for multicast, what protocol would you recommend to use? | 5: | You are a systems administrator responsible for deploying Windows Server 2003 in your network. You need a routing solution (in the form of a protocol) that will allow for massive scalability, is dynamic in nature, and will be scalable past 20 router hops. What routing protocol would you choose? | Exam Questions 1: | As the lead administrator for the ABC LLC network, you are responsible for planning a TCP/IP network that is robust and functional. You have a total of 450 clients spread out over three locations. You have 150 clients per location, and at one central location, you have approximately 25 servers. You are asked to deploy a routing solution using Windows Server 2003. Your requirements are to provide two different subnetted segments access to each other using Windows Server 2003. You would like to use a routing solution that is simple and that will forward traffic from one location to another without keeping too many unneeded routes in the table. Which of the following options represents the best choice? -
RIP -
OSPF -
IGMP -
Static Routes | 2: | Marshall is the network administrator for QBC Corp. He runs a network of 20 Windows Server 2003 systems on a network backbone, as well as 200 Windows XP Professional clients. Marshall is worried about connectivity to the corporate network, which extensively uses multicasting for video services. He is asked to deploy a Windows Server 2003 solution so that it can participate in the multicast routing function. Which of the following options represents the best choice? -
IGMP Routing Mode -
DVMRP Route Static -
Static IP Routes -
OSPF | 3: | Jake is the senior network administrator for your organization. He is responsible for 200 Windows XP Professional clients and 15 Windows Server 2003 systems located on a network backbone running at 100 Mbps. Jake needs to build a Windows Server 2003 system into a router connecting four subnets, and he needs to participate in a Cisco Router environment running the Enhanced Interior Gateway Routing Protocol (EIGRP) protocol. What can Jake configure on the Windows Server 2003 system to get it to pass routing updates from the Cisco routers to the four subnets connected? -
RIP -
OSPF -
EIGRP -
Jake can't use EIGRP. | 4: | You are the network administrator of the ABC Company, and you currently have a network client that cannot access network resources that are on a separate subnet across the WAN. When you talk to the user on the phone, you find out that there is no break in the cable and the link lights on the NIC are operational. You then try to ping the default gateway router, and you get a response that the router is up and functional. What would be the next option you can try to find out where the breakdown in communication is coming from? -
Ping the next hop router. -
Run tracert to the default gateway. -
Use netsh at the routing> prompt and type TEST . -
Run pathping to the default gateway. | 5: | Pete is the systems administrator for RDT, Inc. He runs a network of 25 Windows Server 2003 systems on a network backbone, as well as 300 Windows XP Professional clients. Pete needs to set up a Windows Server 2003 router with multicast forwarding capabilities. He has a specific requirement to configure the router with different settings on different interfaces. To do this, Pete would have to configure the router in which mode? -
IGMP Router mode -
IGMP Proxy mode -
IGMP Cancel mode -
IGMP Split mode | 6: | Sally is the senior network administrator for Runners Corp. She runs a network of 20 Windows Server 2003 systems, as well as 250 Windows XP Professional clients. Sally needs to set up remote access polices so that clients with proper credentials can access the Remote Access Server and gain access to the internal network to get resources. Sally wants to ensure that all users are secure when connecting via the Internet. Which protocol can users use from a client to connect to and access a Remote Access Server securely? -
PAP -
SPAP -
EAP -
OSPF | 7: | Marshall is the network administrator for QBC Corp. He runs a network of 20 Windows Server 2003 systems on a network backbone, as well as 200 Windows XP Professional clients. Marshall is worried about a single PC that cannot connect to the network. He wants to ensure that all users are secure when connecting via the Internet. Which protocol can users use from a client to connect to and access a Remote Access Server securely, and is the most secure? -
PAP -
SPAP -
CHAP -
EAP | 8: | Pete is the systems administrator for RDT, Inc. He runs a network of 25 Windows Server 2003 systems on a network backbone, as well as 300 Windows XP Professional clients. Pete needs to work on testing a router that is 16 hops away. Pete's network runs the Routing Information Protocol (RIP). Every time Pete tries to get to and connect to the router, he times out and can't connect to it. What could be the problem? -
The router can't be reached because it is more than 12 hops away; RIP can handle only a 12-hop count limit. -
The router can't be reached because it is more than 13 hops away; RIP can handle only a 13-hop count limit. -
The router can't be reached because it is more than 14 hops away; RIP can handle only a 14-hop count limit. -
The router can't be reached because it is more than 15 hops away; RIP can handle only a 15-hop count limit. | 9: | Sally is the senior network administrator for Runners Corp. She runs a network of 20 Windows Server 2003 systems, as well as 250 Windows XP Professional clients. Sally needs to use MS-CHAP version 1 on her Remote Access Server. She is told that this would not be wise and to use MS-CHAP version 2 instead. Why would Sally want to use version 2 over version 1? -
MS-CHAPv2 enables users to log in and check against a RADIUS server. -
MS-CHAPv2 provides for mutual authentication of both the remote access client and the remote access server for increased connection security. -
MS-CHAPv2 can authenticate as well as encrypt. -
MS-CHAPv2 allows users to send small packets across the network. | 10: | Jason is the network administrator for QBC Corp. He runs a network of 20 Windows Server 2003 systems on a network backbone, as well as 200 Windows XP Professional clients. Jason has a PC on a remote network segment that is separated by two routers. Users are complaining of slow connections and time-out errors when attempting to connect to this remote PC. Jason needs to see where the trouble may be occurring on the network and also needs to find out why people are complaining of timed-out sessions on their applications. There must be a bandwidth problem as well. Which tool should he use to troubleshoot and resolve this problem? -
tracert -
pathping -
ping -
route | 11: | Marshall is the network administrator for QBC Corp. He runs a network of 20 Windows Server 2003 systems on a network backbone, as well as 200 Windows XP Professional clients. Marshall needs to allow for the delay of a remote access connection attempt to the Remote Access Server until a script runs verifying the identity of the remote access computer. What is the new Windows Server 2003 feature called? -
IIS Lockdown tool -
Network Access Quarantine Control -
Wscript.exe -
Remote Access Scripter | 12: | Pete is the systems administrator for RDT, Inc. He runs a network of 25 Windows Server 2003 systems on a network backbone, as well as 300 Windows XP Professional clients. Pete must use an authentication protocol on RDT's Windows Server 2003 system that will allow him to support password change during the authentication process. This way, if someone's password has expired , the person has the chance to change it if he or she wants to. Which protocol should Pete use if he wants to provide this feature? -
SPAP -
PAP -
MS-CHAP -
LDAP | 13: | Sally is the senior network administrator for Runners Corp. She runs a network of 20 Windows Server 2003 systems, as well as 250 Windows XP Professional clients. Sally is asked to design a network that uses RIP. She needs to span over 20 routers from one network segment to another at times. Which routing protocol should Sally recommend that the company use? -
PAP -
EAP -
OSPF -
MPPE | 14: | You are the network administrator for QBC Corp. The company has a network of 25 Windows Server 2003 systems on a network backbone, as well as 300 Windows XP Professional clients. You need to reset the IP address of your router quickly from the command line. Which utility should you use? -
ping -
tracert -
route -
netsh | Answers to Review Questions | | A1: | You can ping the Web site if you have DNS resolution, or ping it via the IP address if you know that as well. Either way, knowing how to use ping can quickly verify whether you have IP connectivity to a system, node, or host on the network to which you are connected. For more information, see the section "Troubleshooting TCP/IP Routing." | | | A2: | If you are not able to access a segment that is separated from you by two routers or more, you can easily see where the breakdown in communications is occurring by using tracert . You can also use ping or pathping for diagnostics, but tracert allows you to trace the route to the destination to see where the break in communication may be. For more information, see the section "Troubleshooting TCP/IP Routing." | | | A3: | The default gateway (the router closest to you that you use to exit the network subnet you are on) may not be up or experiencing any problem. To resolve this issue, you should ping your default gateway to ensure that you have connectivity to the router closest to you, which is responsible for forwarding traffic to destinations not local to your own subnet. For more information, see the section "Troubleshooting TCP/IP Routing." | | | A4: | If you want to participate in multicast routing, you can add the IGMP routing protocol to your Windows Server 2003 system in Routing and Remote Access. For more information, see the section "Planning Routing for IP Multicast Traffic." | | | A5: | You should deploy Open Shortest Path First (OSPF), a Link Statebased dynamic routing protocol that you can install and use on Windows Server 2003. You use this protocol if you want to be able to scale the network up, as well as to go beyond the 15-hop count limit that RIP imposes. For more information, see the section "OSPF." | Answers to Exam Questions | | A1: | D. RIP and OSPF are routing protocols and IGMP is a multicast protocol, so answers A, B, and C are incorrect. For more information, see the section "RIP." | | | A2: | A. IGMP Routing mode is not a multicast routing protocol, but a forwarding-based multicast protocol. DVMRP is a multicast routing protocol; Static IP Routes will do nothing for multicast forwarding; and OSPF is a dynamic routing protocol, not a multicast-based protocol, although it sends its updates via multicast; therefore, answers B, C, and D are incorrect. For more information, see the section "Planning Routing for IP Multicast Traffic." | | | A3: | D. RIP and OSPF will not work because all routing protocols must be redistributed via another routing protocol or be identical. EIGRP is not an option either because it is vendor specific and does not work with Microsoft Windows Server 2003. Therefore, answers A, B, and C are incorrect. For more information, see the section "Planning a Routing Environment." | | | A4: | A. Running tracert to the Default gateway will not give you the desired result; thus, answer B is incorrect. Using netsh at the routing> prompt and typing TEST will not work because it is really an invalid command; thus, answer C is incorrect. Running pathping to the default gateway also will not provide the desired result; thus, answer D is incorrect. For more information, see the section "The ping Command." | | | A5: | B. Although IGMP Router mode is a valid Windows Server 2003 router mode for forwarding multicast traffic, it is not the correct mode to solve the solution; thus answer A is incorrect. IGMP Cancel mode and IGMP Split mode are not valid modes; thus, answers C and D are incorrect. For more information, see the section "Planning Routing for IP Multicast Traffic." | | | A6: | C. PAP, SPAP, and OSPF are incorrect; thus, answers A, B, and D are incorrect. EAP is by far the most secure and up-to-date protocol Sally can use, especially because it is not vendor specific and has many extensions, such as EAP-TLS and LEAP. For more information, see the section "Extensible Authentication Protocol (EAP)." | | | A7: | C. PAP, SPAP, and OSPF are incorrect; thus, answers A, B, and D are incorrect. EAP is by far the most secure and up-to-date protocol Marshall can use, especially because it is not vendor specific and has many extensions, such as EAP-TLS and LEAP. For more information, see the section "Extensible Authentication Protocol (EAP)." | | | A8: | D. The router can't be reached because it is more than 15 hops away, and RIP can handle only a 15-hop count limit. All the other answers have the wrong hop count. For more information, see the section "RIP." | | | A9: | B. MS-CHAPv2 provides for mutual authentication of both the remote access client and the remote access server for increased connection security, thus making it more secure and a better choice than MS-CHAPv1. For more information, see the section "MS-CHAP." | | | A10: | B. The pathping , tracert , and route commands are all valid troubleshooting tools, but pathping solves the problem the best. For more information, see the section "The pathping Command." | | | A11: | B. Windows Server 2003 provides a new feature called Network Access Quarantine Control. This feature allows the delay of a remote access connection attempt to the Remote Access Server until a script runs verifying the configuration of the remote access system. The IIS Lockdown tool, Wscript.exe , and the Remote Access Scripter are either not valid services or are improper services for this solution; thus, answers A, C, and D are incorrect. For more information, see the section "Windows Server 2003 Routing Solutions." | | | A12: | C. SPAP PAP, and LDAP are either the wrong authentication protocol or, in the case of LDAP, not even an authentication protocol to begin with; thus, answers A, B, and D are incorrect. For more information, see the section "Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)." | | | A13: | C. OSPF is a dynamic routing protocol used to build a routing table. PAP, EAP, and MPPE are not routing protocols; therefore, answers A, B, and D are invalid. For more information, see the section "OSPF." | | | A14: | D. You can use netsh to add an IP interface and a wealth of other solutions right from the command line. This way, you can quickly change many things on your system. ping , tracert , and route are all incorrect tool options; thus, answers A, B, and C are incorrect. For more information, see the section "The netsh Command." | |