Installing, Configuring, and Troubleshooting Network Protocols

After getting your network adapter installed and configured to your liking, your next step is to install and configure the required network protocols. Think of network protocols as a language. If you were speaking to a friend in English and he replied back to you in German (and assuming that you didn't understand German), you would not know what was being said. Just the same, a computer that requires the AppleTalk protocol would not be able to effectively communicate with a computer using the TCP/IP protocol for communications.

Windows 2000 is a radical departure from all previous versions of the Windows operating system in that it is designed from the ground up to use the TCP/IP network protocol for all network communications. In fact, it is now possible (and recommended) to run an entire Windows network using TCP/IP only, because all versions of Windows include support for TCP/IP. Before you can actually begin communication between computers, you must install and configure the required network protocols.

Installing network protocols is a very simple process and is done as follows :

1. Open the network adapter properties by selecting it from the Network Connections window, right-clicking on it, and selecting Properties. The window shown in Figure 7.3 opens.

   Figure 7.3. The Local Area Connection properties window.

   

2. Click on the Install button to open the Select Network Component Type dialog box as shown in Figure 7.4.

   Figure 7.4. Installing a new network protocol.

   

3. You have the option of installing Clients , Services, or Protocols from the dialog box shown in Figure 7.4. Other options, such as the Client Service for NetWare or the Client for Microsoft Networks, appear under the Client listing. The Service listing includes things like the QoS (Quality of Service) Packet Scheduler or the Service Advertising Protocol. Finally, under Protocols, are the network communications protocols that we are interested in, such as AppleTalk, IPX/SPX, and TCP/IP (see Figure 7.5). Click Protocols and then select the protocol you wish to install on your computer.

   Figure 7.5. Selecting the protocol to be installed.

   

TCP/IP

By default, all Windows 2000 installations include the TCP/IP protocol, but you may need to reinstall or configure it later. To that end, we examine the configuration of TCP/IP here.

To begin the configuration of any protocol, select it from the network adapter properties page (refer to Figure 7.3) and click Properties. The Internet Protocol (TCP/IP) Properties window opens, as shown in Figure 7.6.

IP addresses are 32-bit (4 octet) numbers that uniquely identify a computer on a network. The first part of each IP address is used to identify the network the computer is on and the last part of the IP address is used to identify the computer itself. Consider the case of a house's street address such as 325 Peachtree Road. The street address can be considered to be two parts , the first part being the street name (Peachtree Road) and the last part being the house number (325). IP addresses function in the same way, but are slightly more complicated.

There are five classes of IP address: Not surprisingly they are called Class A, B, C, D, and E. Table 7.2 outlines the key points of the classes of public IP addresses (A, B, and C), which are usable by your system. Class D addresses are multicast addresses and Class E addresses are experimental addresses reserved for future use; neither Class D or E addresses is for public use.

Table 7.2. Public IP Address Classes

In the default Class A IP address of 45.234.67.122, the first octet only (45 in this case) identifies the network and the remaining three octets (234.67.122) identify a specific host on that network. A host is any device that requires or uses an IP address, including managed hubs, printers, and so on. If this were a default Class B IP address of 145.234.67.122, then the first two octets (145.234 in this case) would identify the network and the remaining two octets would identify the host. In a default Class C IP address of 215.234.67.122, the first three octets would identify the network address, with the remaining octet left to identify the host. When we say "default," we are referring to the default subnet masks as outlined in Table 7.2. It is possible, and very commonplace, for the subnet mask to be non-default. That is beyond the realm of this exam, however.

In each address range, there exists a range of private IP addresses that are specified for usage only on a private network. They are as follows:

• Class A 10.0.0.010.255.255.255

• Class B 172.16.0.0172.31.255.255

• Class C 192.168.0.0192.168.255.255

Private IP addresses are sometimes referred to as non-routable addresses . This is because the addresses are not routed to the Internet by an Internet service provider (ISP). The name is misleading because these networks can be routed within private networks and Intranets. To conserve IP addresses, most companies use private IP addresses within their network, and use some type of proxy or firewall to translate the private address to a public address when a internal user is going out to the Internet. This is also a good security measure, because outsiders have no easy way of knowing the IP addresses of computers in your organization.

IP address 127.0.0.1 is reserved as the loopback address for testing the configuration of the network card. Any other addresses in the 127 range are considered invalid or are not supported by some TCP/IP implementations .

A feature that was first used in Windows 98 and has now been brought over to Windows 2000 is Auto Private IP Addressing (APIPA) . APIPA automatically supplies an IP address to your network adapter if you don't specify a static IP address and your computer is unable to contact a DHCP server. The APIPA service queries the network to find out what APIPA addresses are in use, and then it attempts to assign your computer a unique IP address in the 169.254.0.0169.254.255.255 range. APIPA does not assign a default gateway, or the address of a Domain Name Service (DNS) or Windows Internet Naming Service (WINS) server, so your computer is usually not able to contact other computers with normally assigned IP addresses, or access the Internet or other networks through your router.

General TCP/IP Properties

By default, Windows 2000 configures your computer as a DHCP client, which gives your workstation an automatic TCP/IP address. This is all well and good in about 90 percent of the cases, but what about the other 10 percent of the time when you are dealing with a server that requires a static IP address, or have a network without a DHCP server? In cases such as these, or for any other reason, you can very easily manually configure your TCP/IP settings. Click the alternate set of radio buttons to enable manual entry of IP addresses and other IP- related items. For example, you must supply the computer's IP address, subnet mask (Windows 2000 automatically suggests a default subnet mask based on the IP address you enter), default gateway IP address, and a primary DNS server IP address (you can also configure additional DNS servers to use if the primary server is offline).

Should you need to enter some very specific TCP/IP configuration options, you can do so by clicking the Advanced button seen in Figure 7.6. The Advanced TCP/IP Settings window, shown in Figure 7.7, opens with four available tabs: IP Settings, DNS, WINS, and Options. Each of these is described in greater detail in the following sections.

The IP Settings Properties

From the IP Settings page, you can manually configure additional IP addresses and subnet masks, additional gateways, and the metric (link cost) for each gateway configured. The link cost is the number of hops between routers.

Multiple IP addresses may need to be configured on the server for a variety of reasons. One such reason is when you have multiple IP subnets in use on your network and the computer must use a different IP address to communicate on each of these logical IP networks. Gateways are routers that forward IP packets to destinations beyond the boundaries of the local network. It is possible in larger networks that you may have multiple gateways passing traffic out off the network. The metric, as stated previously, indicates the cost of the route that could be used to pass traffic, the least costly route is chosen automatically. You can specify the cost of each of the configured default gateways as you desire , thus indicating to Windows the order in which they are to be used to route packets.

DNS Properties

Domain name servers have been in use on the Internet for many years . DNS resolves numerical IP addresses into more user-friendly host names . Prior to DNS, HOSTS files were used for name resolution, but as the Internet quickly grew in size and popularity, maintaining HOSTS files became impossible . When the Internet community realized there was a need for a more manageable, scalable, and efficient name resolution system, DNS was created.

From the DNS Properties tab (see Figure 7.8), you can configure advanced DNS options such as adding more DNS servers to the computer's list of DNS servers, as well as specifying domain suffixes for unqualified names and instructing Windows to register or not register this connections address in DNS.

WINS Properties

WINS provides a dynamic database to register NetBIOS names and resolve them to IP addresses. Clients can dynamically register their NetBIOS names with a WINS server and query the WINS server when they need to resolve a NetBIOS name to an IP address.

From the WINS Properties tab (see Figure 7.9), you can configure WINS options, such as adding more WINS servers to the computer's list of WINS servers as well as specifying whether to import an LMHOSTS file.

An LMHOSTS file is a flat file database that contains the mapping of computer Network Basic Input/Output System (NetBIOS) names to IP addresses. A sample LMHOSTS file is stored in the %systemroot%\system32\drivers\etc folder. LMHOSTS files are generally used for NetBIOS name resolution when you don't have a WINS server.

The following options are available for NetBIOS configuration:

• Enable NetBIOS over TCP/IP

• Disable NetBIOS over TCP/IP

• Use NetBIOS setting from the DHCP server

These options are used to select whether or not the computer is configured to use the NetBIOS protocol, or to allow the DHCP server to supply the NetBIOS setting.

In previous versions of Windows, the NetBIOS Application Programming Interface (API) and the NetBIOS Enhanced User Interface (NetBEUI) protocol, with or without WINS servers, was the primary name resolution method. Pre-Windows 2000 clients still require the presence of WINS and NetBIOS. In a completely Windows 2000 Active Directory network, NetBIOS support is rarely necessary.

Options Properties

The Options tab lets you configure two of the more advanced TCP/IP options: TCP/ IP Filtering and IP Security . Both of these options are used to increase the security of your computer by allowing you to control what incoming traffic is accepted.

TCP/IP packet filtering allows you to specify, by adapter, whether communication is allowed, secured, or blocked, according to the IP address ranges, IP protocols, or even specific TCP and UDP ports. As shown in Figure 7.10, when TCP/IP filtering is turned on, it is turned on for all network adapters. However, you can configure each adapter with separate settings via each adapter's properties page. Note, however, that the Windows 2000 Server Routing and Remote Access Service (RRAS) provides much more advanced filtering capabilities and should be used in place of TCP/IP filtering.

The second option is IP Security (IPSec), see Figure 7.11. IPSec provides for secure communications between computers. You can configure an IPSec policy as part of the local or domain security policy to assign encryption levels and private or shared keys. In addition, IPSec can automatically be configured for you by applying a security template to your computer. For more information on security policy and security templates, see Chapter 8, "Implementing, Monitoring, and Troubleshooting Security."

If you're not using a predefined security policy, you can use the options page to control what types of traffic are allowed in and out of your computer. The following options are available:

• Client (Respond Only) This option allows your Windows 2000 server to communicate normally with the computers on your network. However it uses IPSec to communicate to any computers that require IPSec secured communications.

• Secure Server (Require Security) This option requires that all traffic in and out of your Windows 2000 server must be secured.

• Server (Request Security) With this option turned on, your Windows 2000 server requests that any client that communicates with it uses secure communications. However, if the client is unable to do so, it will allow unsecured communications.

NWLink

NWLink is the Microsoft version of Novell's Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) protocol. Although more efficient and easier to configure than TCP/IP, generally you will find that it is only used on Novell NetWare networks.

NWLink is installed like any other protocol by selecting the Install button from the Local Area Connection Properties page (refer to Figures 7.3 through 7.5) of your network adapter. From the Select Network Protocol dialog, just select NWLink and click OK. NWLink is automatically installed.

For most environments, the default settings are sufficient and no other configuration is required. However, the following configuration settings can be configured by highlighting the NWLink entry and clicking the Properties button in the Local Area Connections Properties dialog box:

• Frame Type The default is for NWLink to use auto frame type detection, and this is appropriate for most situations. However, if it needs to be changed, select the Manual frame type detection option, click the Add button in the NWLink Properties dialog box, and select the desired frame type from the drop-down, as shown in Figure 7.12.

  Figure 7.12. NWLink, selecting Frame Type.

  

• Network number This number identifies the network in which the computer is installed. All computers on the network must have the same number. This is automatically detected with the frame type. If the frame type is manually configured, the network number must be as well.

• Internal network number This is a unique number that the administrator assigns to identify a server.

NetBEUI

NetBEUI is a legacy protocol that was used on Microsoft networks before TCP/IP was available. NetBEUI is only suitable for small networks because it is not routable. There is basically no configuration involved; just give the computer a unique name.

NetBEUI is installed like any other protocol by selecting the Install button from the Local Area Connection Properties page (refer to Figures 7.37.5) of your network adapter. From the Select Network Protocol dialog, just select NetBEUI and click OK. NetBEUI will be automatically installed and configured.

There is absolutely no reason to install NetBEUI. If any applications or downlevel Windows clients require NetBEUI support, you can just configure the network adapters on all of your computers to support NetBIOS over TCP/IP. For details, see the previous section that covers the network adapter WINS Properties tab.