By default, Windows 2000, like the other Windows operating systems, configures the Microsoft TCP/IP client to use its DHCP client capabilities to request configuration settings from a DHCP server on the network. However, if no DHCP server is available, someone has to configure the TCP/IP client manually. This lesson examines the process of configuring the various TCP/IP client parameters and the functions of each parameter on the computer and the network. As in the previous lesson, the procedure that follows uses the Microsoft Windows 2000 operating system as an example. The other Windows operating systems have most of the same parameters, although the user interface might be slightly different.
The Local Area Connection Properties dialog box that you used to install the TCP/IP protocols in Lesson 1 of this chapter is also where you configure the TCP/IP client. Use the following procedure to access the TCP/IP client's configuration interface and supply values for its various operational parameters.
If you plan to experiment with this TCP/IP configuration procedure on a live network, be sure that the values you supply for the TCP/IP parameters, particularly the IP address, are correct for your computer and your network. Some TCP/IP parameters, when incorrectly set, can prevent your computer from communicating with the network, and others can cause conflicts with other computers on the network, preventing them from communicating. If you want to avoid explaining to your boss why he or she couldn't retrieve e-mail this morning, check with your network's administrator before you begin experimenting.
Figure 11.6 The Internet Protocol (TCP/IP) Properties dialog box
The IP address and the subnet mask are the only two TCP/IP configuration parameters that are absolutely required for the computer to communicate with the local area network (LAN). Others might be required for convenience or for certain types of communication, but they are not essential.
Figure 11.7 Entering a unique IP address into the appropriate text box
Figure 11.8 Windows 2000 supplies a value for the Subnet Mask text box, but you may have to change it to conform with your network's subnet configuration
Windows 2000 determines its value for the Subnet Mask text box by examining the first three bits of the 32-bit IP address you have supplied. If the first bit of the address is a 0, Windows 2000 supplies the subnet mask for a Class A address (255.0.0.0). If the first two bits are 10, Windows 2000 assumes the use of a Class B address and supplies a subnet mask of 255.255.0.0. If the first three bits are 110, the subnet mask value is for a Class C address (255.255.255.0). For more information about the nature of IP addresses and subnet masking, see Lesson 2: IP Addressing, in Chapter 8, "TCP/IP Fundamentals."
The address that you enter into the Default Gateway text box becomes an entry in the computer's routing table with a Network Destination value of 0.0.0.0. You can also create, delete, or modify the default gateway (or any other routing table entry) manually using ROUTE.EXE, as explained in Lesson 2: Building Routing Tables, in Chapter 9, "TCP/IP Routing."
In many cases, a Windows 2000 system needs only the TCP/IP parameters configured in the preceding procedure. However, the Internet Protocol (TCP/IP) Properties dialog box also has an Advanced button that provides access to the Advanced TCP/IP Settings dialog box, in which you can configure a more complete set of TCP/IP parameters, discussed in the following sections.
The IP Settings tab of the Advanced TCP/IP Settings dialog box, shown in Figure 11.9, enables you to specify multiple IP addresses and subnet masks for the network interface adapter in your computer, as well as multiple default gateway addresses. Most computers with multiple IP addresses have multiple network interface adapters as well, using one address per network interface adapter. However, there are situations in which a computer can use more than one IP address for a single network interface adapter, such as when a single physical network hosts multiple TCP/IP subnets. In such cases, a computer needs an IP address on each of the two subnets to participate on both.
Figure 11.9 The IP Settings tab of the Advanced TCP/IP Settings dialog box enables you to specify multiple IP addresses and default gateways
When you open the Advanced TCP/IP Settings dialog box, the parameters you have already configured elsewhere in the Internet Protocol (TCP/IP) Properties dialog box appear in the listings. You can add to the existing settings, modify them, or delete them altogether. To add a new IP address and subnet mask, click Add, enter the desired address and mask values in the TCP/IP Address dialog box, and then click Add to add your entries to the IP Addresses list. Windows 2000 supports an unlimited number of IP address/subnet mask combinations for each network interface adapter in the computer.
The procedure for creating additional default gateways is the same as that for adding IP addresses. A computer can use only one default gateway at a time, however, so the ability to specify multiple default gateways in the Advanced TCP/IP Settings dialog box is simply a fault-tolerance mechanism. If the first default gateway in the list is unavailable for any reason, Windows 2000 sends packets to the second address listed. This practice assumes that the computer is connected to a LAN that has multiple routers on it, each of which provides access to the rest of the internetwork.
The DNS tab of the Advanced TCP/IP Settings dialog box, shown in Figure 11.10, also provides a fault-tolerance mechanism for Windows 2000's DNS client. You can specify more than the two DNS server addresses provided in the main Internet Protocol (TCP/IP) Properties dialog box, and you can modify the order in which the computer uses them if one or more of the servers should be unavailable.
Figure 11.10 The DNS tab of the Advanced TCP/IP Settings dialog box
Unlike the IP address, subnet mask, and default gateway settings, which apply only to a specific network interface adapter, the DNS server addresses apply to the entire Microsoft TCP/IP client. You cannot specify different DNS server addresses for each network interface adapter.
The other controls in the DNS tab control how the TCP/IP client resolves unqualified names. An unqualified name is an incomplete DNS name that does not specify the domain in which the host resides. The Windows 2000 TCP/IP client can still resolve these names by appending a suffix to the unqualified name before sending it to the DNS server for resolution. For example, with a properly configured TCP/IP client, you can supply only the name www as a URL in your Web browser, and the client appends your company's domain name (for example, adatum.com) to the URL as a suffix, resulting in the fully qualified DNS name www.adatum.com, which is presumably the name of your network's intranet Web server.
The DNS controls enable you to configure the client to append the primary and connection-specific DNS suffixes to unqualified names, or you can create a list of suffixes that the client will append to unqualified names, one after the other, until the name resolution process succeeds. The primary DNS suffix is the domain name you specify for the computer in the Network Identification tab of the System dialog box, accessed from the Control Panel. This suffix applies to all of the computer's network interface adapters. You can create a connection-specific suffix by entering a domain name in the DNS Suffix For This Connection text box in the DNS tab. To create a list of suffixes, select the Append These DNS Suffixes (In Order) option, click Add, enter the suffix you want to add to the list, and click Add.
The two check boxes at the bottom of the DNS tab enable you to specify whether the computer should register its DNS name with its designated DNS server. This option requires a DNS server that supports dynamic updates, such as the DNS Server service supplied with Windows 2000 Server. The Register This Connection's Addresses In DNS check box causes Windows 2000 to use the system's primary DNS suffix to register the addresses, and the Use This Connection's DNS Suffix In DNS Registration check box causes the computer to use the connection-specific suffix you've entered in the DNS Suffix For This Connection text box.
Windows 2000 includes a WINS client for NetBIOS name resolution, but on a Windows 2000 network that uses Active Directory, WINS is not needed because Active Directory uses DNS names for the computers on the network and relies on DNS for its name resolution services. However, if you run Windows 2000 systems that use Microsoft Windows NT domains or no directory service at all, you can use the Advanced TCP/IP Settings dialog box's WINS tab, as shown in Figure 11.11, to configure the Microsoft TCP/IP client to use WINS.
Figure 11.11 The WINS tab of the Advanced TCP/IP Settings dialog box
Click Add in the WINS tab to open the TCP/IP WINS Server dialog box, in which you can specify the address of a WINS server on your network. You can create a list of WINS servers and specify the order in which Windows 2000 should use them. As with the default gateway and DNS server settings, supplying multiple WINS server addresses is a fault-tolerance feature.
The Enable LMHOSTS Lookup check box forces the computer to use a file called LMHOSTS to resolve NetBIOS names before contacting the designated WINS server. LMHOSTS is a text file found, by default, in the \Winnt\System32\ Drivers\Etc folder on the computer's local drive, which contains a list of NetBIOS names and their equivalent IP addresses. LMHOSTS functions in much the same way as the HOSTS file, which was used for host name resolution before the advent of DNS. Because each computer must have its own LMHOSTS file, Windows 2000 enables you to import a file from a network drive to the local computer. To do this, click Import LMHOSTS and browse for the desired file.
Using the options at the bottom of the WINS tab, you can specify whether the computer should or should not use NetBIOS over TCP/IP, or whether the computer should rely on a DHCP server to specify the NetBIOS setting. Once again, on a Windows 2000 network that uses Active Directory, you can disable NetBIOS over TCP/IP because the computers use DNS names instead of NetBIOS names.
For more information about NetBIOS naming and WINS, see Lesson 3: NetBEUI, in Chapter 6, "Network Layer Protocols."
The Options tab of the Advanced TCP/IP Settings dialog box, shown in Figure 11.12, contains a list of additional features included with the Microsoft TCP/IP client. You can select any item in the list and click Properties to open a dialog box that enables you to configure that option. Windows 2000 includes two TCP/IP options: IP Security and TCP/IP Filtering. These options are discussed in the following sections.
Figure 11.12 The Options tab of the Advanced TCP/IP Settings dialog box
The IP Security option controls whether the Microsoft TCP/IP client uses the IPSec protocol when communicating with other computers on the network. IPSec is a security protocol that provides end-to-end encryption of data transmitted over a network. By default, IPSec is disabled in Windows 2000, but you can activate it. To open the IP Security dialog box (see Figure 11.13), select IP Security and click Properties. When IPSec is enabled, computers perform an IPSec negotiation before they begin transmitting data to each other. This negotiation enables each computer to determine if the other computer supports IPSec and what policies are in place to govern its use.
Figure 11.13 The IP Security dialog box
When you select the Use This IP Security Policy option in the IP Security dialog box, you can select one of the following policies, which govern when the computer should use the IPSec protocol:
The TCP/IP Filtering option is essentially a rudimentary form of firewall that you can use to control what kinds of network and transport layer traffic can pass over the computer's network interface adapters. By selecting the TCP/IP Filtering option in the Options tab and clicking Properties, you open the TCP/IP Filtering dialog box, shown in Figure 11.14. In this dialog box, you can specify which protocols and which ports the computer can use. Selecting the Enable TCP/IP Filtering (All Adapters) check box activates three separate selectors, one for TCP ports, one for UDP ports, and one for IP protocols. By default, all three selectors permit all traffic to pass through the filters, but selecting the Permit Only option on any selector enables you to build a list of permitted ports or protocols. The filters prevent traffic generated by all unlisted ports and protocols from passing through any of the computer's network interface adapters.
Figure 11.14 The TCP/IP Filtering dialog box
For each of the network scenarios listed, specify which of the following TCP/IP parameters (a, b, c, d, and/or e) you must configure to provide a computer running Windows 2000 with full communications capabilities.