After getting your network adapter installed and configured to your liking, your next step is to install and configure the required network protocols. Think of network protocols as a language. If you were speaking to a friend in English and he replied back to you in German (and assuming that you didn't understand German), you would not know what was being said. Just the same, a computer that requires the AppleTalk protocol would not be able to effectively communicate with a computer using the TCP/IP protocol for communications. Windows 2000 is a radical departure from all previous versions of the Windows operating system in that it is designed from the ground up to use the TCP/IP network protocol for all network communications. In fact, it is now possible (and recommended) to run an entire Windows network using TCP/IP only, because all versions of Windows include support for TCP/IP. Before you can actually begin communication between computers, you must install and configure the required network protocols. Installing network protocols is a very simple process and is done as follows :
TCP/IPBy default, all Windows 2000 installations include the TCP/IP protocol, but you may need to reinstall or configure it later. To that end, we examine the configuration of TCP/IP here. To begin the configuration of any protocol, select it from the network adapter properties page (refer to Figure 7.3) and click Properties. The Internet Protocol (TCP/IP) Properties window opens, as shown in Figure 7.6. Figure 7.6. The TCP/IP properties page showing manually configured settings.
IP addresses are 32-bit (4 octet) numbers that uniquely identify a computer on a network. The first part of each IP address is used to identify the network the computer is on and the last part of the IP address is used to identify the computer itself. Consider the case of a house's street address such as 325 Peachtree Road. The street address can be considered to be two parts , the first part being the street name (Peachtree Road) and the last part being the house number (325). IP addresses function in the same way, but are slightly more complicated. There are five classes of IP address: Not surprisingly they are called Class A, B, C, D, and E. Table 7.2 outlines the key points of the classes of public IP addresses (A, B, and C), which are usable by your system. Class D addresses are multicast addresses and Class E addresses are experimental addresses reserved for future use; neither Class D or E addresses is for public use. Table 7.2. Public IP Address Classes
In the default Class A IP address of 45.234.67.122, the first octet only (45 in this case) identifies the network and the remaining three octets (234.67.122) identify a specific host on that network. A host is any device that requires or uses an IP address, including managed hubs, printers, and so on. If this were a default Class B IP address of 145.234.67.122, then the first two octets (145.234 in this case) would identify the network and the remaining two octets would identify the host. In a default Class C IP address of 215.234.67.122, the first three octets would identify the network address, with the remaining octet left to identify the host. When we say "default," we are referring to the default subnet masks as outlined in Table 7.2. It is possible, and very commonplace, for the subnet mask to be non-default. That is beyond the realm of this exam, however. In each address range, there exists a range of private IP addresses that are specified for usage only on a private network. They are as follows:
Private IP addresses are sometimes referred to as non-routable addresses . This is because the addresses are not routed to the Internet by an Internet service provider (ISP). The name is misleading because these networks can be routed within private networks and Intranets. To conserve IP addresses, most companies use private IP addresses within their network, and use some type of proxy or firewall to translate the private address to a public address when a internal user is going out to the Internet. This is also a good security measure, because outsiders have no easy way of knowing the IP addresses of computers in your organization.
A feature that was first used in Windows 98 and has now been brought over to Windows 2000 is Auto Private IP Addressing (APIPA) . APIPA automatically supplies an IP address to your network adapter if you don't specify a static IP address and your computer is unable to contact a DHCP server. The APIPA service queries the network to find out what APIPA addresses are in use, and then it attempts to assign your computer a unique IP address in the 169.254.0.0169.254.255.255 range. APIPA does not assign a default gateway, or the address of a Domain Name Service (DNS) or Windows Internet Naming Service (WINS) server, so your computer is usually not able to contact other computers with normally assigned IP addresses, or access the Internet or other networks through your router. General TCP/IP PropertiesBy default, Windows 2000 configures your computer as a DHCP client, which gives your workstation an automatic TCP/IP address. This is all well and good in about 90 percent of the cases, but what about the other 10 percent of the time when you are dealing with a server that requires a static IP address, or have a network without a DHCP server? In cases such as these, or for any other reason, you can very easily manually configure your TCP/IP settings. Click the alternate set of radio buttons to enable manual entry of IP addresses and other IP- related items. For example, you must supply the computer's IP address, subnet mask (Windows 2000 automatically suggests a default subnet mask based on the IP address you enter), default gateway IP address, and a primary DNS server IP address (you can also configure additional DNS servers to use if the primary server is offline). Should you need to enter some very specific TCP/IP configuration options, you can do so by clicking the Advanced button seen in Figure 7.6. The Advanced TCP/IP Settings window, shown in Figure 7.7, opens with four available tabs: IP Settings, DNS, WINS, and Options. Each of these is described in greater detail in the following sections. Figure 7.7. The Advanced TCP/IP Settings page.
The IP Settings PropertiesFrom the IP Settings page, you can manually configure additional IP addresses and subnet masks, additional gateways, and the metric (link cost) for each gateway configured. The link cost is the number of hops between routers. Multiple IP addresses may need to be configured on the server for a variety of reasons. One such reason is when you have multiple IP subnets in use on your network and the computer must use a different IP address to communicate on each of these logical IP networks. Gateways are routers that forward IP packets to destinations beyond the boundaries of the local network. It is possible in larger networks that you may have multiple gateways passing traffic out off the network. The metric, as stated previously, indicates the cost of the route that could be used to pass traffic, the least costly route is chosen automatically. You can specify the cost of each of the configured default gateways as you desire , thus indicating to Windows the order in which they are to be used to route packets. DNS PropertiesDomain name servers have been in use on the Internet for many years . DNS resolves numerical IP addresses into more user-friendly host names . Prior to DNS, HOSTS files were used for name resolution, but as the Internet quickly grew in size and popularity, maintaining HOSTS files became impossible . When the Internet community realized there was a need for a more manageable, scalable, and efficient name resolution system, DNS was created. From the DNS Properties tab (see Figure 7.8), you can configure advanced DNS options such as adding more DNS servers to the computer's list of DNS servers, as well as specifying domain suffixes for unqualified names and instructing Windows to register or not register this connections address in DNS. Figure 7.8. The DNS properties page.
WINS PropertiesWINS provides a dynamic database to register NetBIOS names and resolve them to IP addresses. Clients can dynamically register their NetBIOS names with a WINS server and query the WINS server when they need to resolve a NetBIOS name to an IP address. From the WINS Properties tab (see Figure 7.9), you can configure WINS options, such as adding more WINS servers to the computer's list of WINS servers as well as specifying whether to import an LMHOSTS file. Figure 7.9. The WINS Properties page.
An LMHOSTS file is a flat file database that contains the mapping of computer Network Basic Input/Output System (NetBIOS) names to IP addresses. A sample LMHOSTS file is stored in the %systemroot%\system32\drivers\etc folder. LMHOSTS files are generally used for NetBIOS name resolution when you don't have a WINS server. The following options are available for NetBIOS configuration:
These options are used to select whether or not the computer is configured to use the NetBIOS protocol, or to allow the DHCP server to supply the NetBIOS setting.
Options PropertiesThe Options tab lets you configure two of the more advanced TCP/IP options: TCP/ IP Filtering and IP Security . Both of these options are used to increase the security of your computer by allowing you to control what incoming traffic is accepted. TCP/IP packet filtering allows you to specify, by adapter, whether communication is allowed, secured, or blocked, according to the IP address ranges, IP protocols, or even specific TCP and UDP ports. As shown in Figure 7.10, when TCP/IP filtering is turned on, it is turned on for all network adapters. However, you can configure each adapter with separate settings via each adapter's properties page. Note, however, that the Windows 2000 Server Routing and Remote Access Service (RRAS) provides much more advanced filtering capabilities and should be used in place of TCP/IP filtering. Figure 7.10. The TCP/IP Filtering Properties page.
The second option is IP Security (IPSec), see Figure 7.11. IPSec provides for secure communications between computers. You can configure an IPSec policy as part of the local or domain security policy to assign encryption levels and private or shared keys. In addition, IPSec can automatically be configured for you by applying a security template to your computer. For more information on security policy and security templates, see Chapter 8, "Implementing, Monitoring, and Troubleshooting Security." Figure 7.11. The IP Security Properties page.
If you're not using a predefined security policy, you can use the options page to control what types of traffic are allowed in and out of your computer. The following options are available:
NWLinkNWLink is the Microsoft version of Novell's Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) protocol. Although more efficient and easier to configure than TCP/IP, generally you will find that it is only used on Novell NetWare networks. NWLink is installed like any other protocol by selecting the Install button from the Local Area Connection Properties page (refer to Figures 7.3 through 7.5) of your network adapter. From the Select Network Protocol dialog, just select NWLink and click OK. NWLink is automatically installed. For most environments, the default settings are sufficient and no other configuration is required. However, the following configuration settings can be configured by highlighting the NWLink entry and clicking the Properties button in the Local Area Connections Properties dialog box:
NetBEUINetBEUI is a legacy protocol that was used on Microsoft networks before TCP/IP was available. NetBEUI is only suitable for small networks because it is not routable. There is basically no configuration involved; just give the computer a unique name. NetBEUI is installed like any other protocol by selecting the Install button from the Local Area Connection Properties page (refer to Figures 7.37.5) of your network adapter. From the Select Network Protocol dialog, just select NetBEUI and click OK. NetBEUI will be automatically installed and configured. There is absolutely no reason to install NetBEUI. If any applications or downlevel Windows clients require NetBEUI support, you can just configure the network adapters on all of your computers to support NetBIOS over TCP/IP. For details, see the previous section that covers the network adapter WINS Properties tab. |