Lesson 2:Configuring TCPIP

By default, Windows 2000, like the other Windows operating systems, configures the Microsoft TCP/IP client to use its DHCP client capabilities to request configuration settings from a DHCP server on the network. However, if no DHCP server is available, someone has to configure the TCP/IP client manually. This lesson examines the process of configuring the various TCP/IP client parameters and the functions of each parameter on the computer and the network. As in the previous lesson, the procedure that follows uses the Microsoft Windows 2000 operating system as an example. The other Windows operating systems have most of the same parameters, although the user interface might be slightly different.

After this lesson, you will be able to

• Manually configure the TCP/IP client on a computer running Windows 2000 and understand the functions of the various parameters

Estimated lesson time: 30 minutes

Configuring Basic TCP/IP Properties

The Local Area Connection Properties dialog box that you used to install the TCP/IP protocols in Lesson 1 of this chapter is also where you configure the TCP/IP client. Use the following procedure to access the TCP/IP client's configuration interface and supply values for its various operational parameters.

If you plan to experiment with this TCP/IP configuration procedure on a live network, be sure that the values you supply for the TCP/IP parameters, particularly the IP address, are correct for your computer and your network. Some TCP/IP parameters, when incorrectly set, can prevent your computer from communicating with the network, and others can cause conflicts with other computers on the network, preventing them from communicating. If you want to avoid explaining to your boss why he or she couldn't retrieve e-mail this morning, check with your network's administrator before you begin experimenting.

To access the TCP/IP client's configuration interface

1. In the Start menu's Settings group, select Network And Dial-Up Connections to display the Network And Dial-Up Connections window.
2. Right-click the Local Area Connection icon in the Network And Dial-Up Connections window and select Properties from the shortcut menu to display the Local Area Connection Properties dialog box.
3. Select the Internet Protocol (TCP/IP) module in the components list and click Properties to display the Internet Protocol (TCP/IP) Properties dialog box, shown in Figure 11.6.

   

   Figure 11.6  The Internet Protocol (TCP/IP) Properties dialog box

4. Select the Use The Following IP Address option to activate the IP Address, Subnet Mask, and Default Gateway text boxes, which provide the dialog box's manual configuration capability. Although its label does not indicate this, it is the Obtain An IP Address Automatically option that activates the DHCP client.
5. In the IP text box, enter a valid IP address using the standard dotted decimal notation, as shown in Figure 11.7. The address you supply must be unique on the network and it must conform to the subnet configuration used on your network. If you don't know anything about the addresses used on your network, ask an administrator to supply you with an IP address you can use. Do not simply select one at random or change the last number of the address used by the computer next to yours.

   The IP address and the subnet mask are the only two TCP/IP configuration parameters that are absolutely required for the computer to communicate with the local area network (LAN). Others might be required for convenience or for certain types of communication, but they are not essential.

   

   Figure 11.7  Entering a unique IP address into the appropriate text box

6. In the Subnet Mask text box, enter an appropriate mask for the IP address you supplied, as shown in Figure 11.8. Windows 2000 supplies a subnet mask based on your IP address's first byte value. However, if your network is subnetted, the subnet mask value supplied by Windows 2000 might not be correct.

   

   Figure 11.8  Windows 2000 supplies a value for the Subnet Mask text box, but you may have to change it to conform with your network's subnet configuration

   Windows 2000 determines its value for the Subnet Mask text box by examining the first three bits of the 32-bit IP address you have supplied. If the first bit of the address is a 0, Windows 2000 supplies the subnet mask for a Class A address (255.0.0.0). If the first two bits are 10, Windows 2000 assumes the use of a Class B address and supplies a subnet mask of 255.255.0.0. If the first three bits are 110, the subnet mask value is for a Class C address (255.255.255.0). For more information about the nature of IP addresses and subnet masking, see Lesson 2: IP Addressing, in Chapter 8, "TCP/IP Fundamentals."

7. The Default Gateway text box should contain the IP address of the router on the local network that the computer should use to send TCP/IP traffic to destinations on other networks. On a private internetwork, the default gateway is a router that provides access to the other networks. On a stand-alone LAN connected to the Internet, the default gateway refers to the system that provides the shared Internet connection. If the computer is connected to a LAN that is not part of an internetwork and not connected to the Internet, leave this text box blank.

   The address that you enter into the Default Gateway text box becomes an entry in the computer's routing table with a Network Destination value of 0.0.0.0. You can also create, delete, or modify the default gateway (or any other routing table entry) manually using ROUTE.EXE, as explained in Lesson 2: Building Routing Tables, in Chapter 9, "TCP/IP Routing."

8. When you select the Use The Following IP Address option in the Internet Protocol (TCP/IP) Properties dialog box, Windows 2000 deactivates the DHCP client completely, and as a result, the Obtain DNS Server Address Automatically option becomes unavailable. In the Preferred DNS Server and Alternate DNS Server text boxes, enter the IP addresses of the DNS servers that your computer will use to resolve DNS names into IP addresses. The Microsoft TCP/IP client uses the Alternate DNS Server address only if the primary DNS server is unreachable. If your network is connected to the Internet, you must supply at least one DNS server address to convert the DNS names in your Uniform Resource Locators (URLs) into IP addresses. If your computer is part of a Windows 2000 Active Directory service domain, you need to supply the address of a Windows 2000 DNS server or a DNS server that is hosting the zone file for your Active Directory on your internetwork. If you are not using Active Directory, the DNS server can be either on your internetwork or that of your Internet service provider (ISP).
9. Click OK to close the Internet Protocol (TCP/IP) Properties dialog box and click OK again to close the Local Area Connection Properties dialog box.

Configuring Advanced TCP/IP Properties

In many cases, a Windows 2000 system needs only the TCP/IP parameters configured in the preceding procedure. However, the Internet Protocol (TCP/IP) Properties dialog box also has an Advanced button that provides access to the Advanced TCP/IP Settings dialog box, in which you can configure a more complete set of TCP/IP parameters, discussed in the following sections.

The IP Settings Tab

The IP Settings tab of the Advanced TCP/IP Settings dialog box, shown in Figure 11.9, enables you to specify multiple IP addresses and subnet masks for the network interface adapter in your computer, as well as multiple default gateway addresses. Most computers with multiple IP addresses have multiple network interface adapters as well, using one address per network interface adapter. However, there are situations in which a computer can use more than one IP address for a single network interface adapter, such as when a single physical network hosts multiple TCP/IP subnets. In such cases, a computer needs an IP address on each of the two subnets to participate on both.

Figure 11.9  The IP Settings tab of the Advanced TCP/IP Settings dialog box enables you to specify multiple IP addresses and default gateways

When you open the Advanced TCP/IP Settings dialog box, the parameters you have already configured elsewhere in the Internet Protocol (TCP/IP) Properties dialog box appear in the listings. You can add to the existing settings, modify them, or delete them altogether. To add a new IP address and subnet mask, click Add, enter the desired address and mask values in the TCP/IP Address dialog box, and then click Add to add your entries to the IP Addresses list. Windows 2000 supports an unlimited number of IP address/subnet mask combinations for each network interface adapter in the computer.

The procedure for creating additional default gateways is the same as that for adding IP addresses. A computer can use only one default gateway at a time, however, so the ability to specify multiple default gateways in the Advanced TCP/IP Settings dialog box is simply a fault-tolerance mechanism. If the first default gateway in the list is unavailable for any reason, Windows 2000 sends packets to the second address listed. This practice assumes that the computer is connected to a LAN that has multiple routers on it, each of which provides access to the rest of the internetwork.

The DNS Tab

The DNS tab of the Advanced TCP/IP Settings dialog box, shown in Figure 11.10, also provides a fault-tolerance mechanism for Windows 2000's DNS client. You can specify more than the two DNS server addresses provided in the main Internet Protocol (TCP/IP) Properties dialog box, and you can modify the order in which the computer uses them if one or more of the servers should be unavailable.

Figure 11.10  The DNS tab of the Advanced TCP/IP Settings dialog box

Unlike the IP address, subnet mask, and default gateway settings, which apply only to a specific network interface adapter, the DNS server addresses apply to the entire Microsoft TCP/IP client. You cannot specify different DNS server addresses for each network interface adapter.

The other controls in the DNS tab control how the TCP/IP client resolves unqualified names. An unqualified name is an incomplete DNS name that does not specify the domain in which the host resides. The Windows 2000 TCP/IP client can still resolve these names by appending a suffix to the unqualified name before sending it to the DNS server for resolution. For example, with a properly configured TCP/IP client, you can supply only the name www as a URL in your Web browser, and the client appends your company's domain name (for example, adatum.com) to the URL as a suffix, resulting in the fully qualified DNS name www.adatum.com, which is presumably the name of your network's intranet Web server.

The DNS controls enable you to configure the client to append the primary and connection-specific DNS suffixes to unqualified names, or you can create a list of suffixes that the client will append to unqualified names, one after the other, until the name resolution process succeeds. The primary DNS suffix is the domain name you specify for the computer in the Network Identification tab of the System dialog box, accessed from the Control Panel. This suffix applies to all of the computer's network interface adapters. You can create a connection-specific suffix by entering a domain name in the DNS Suffix For This Connection text box in the DNS tab. To create a list of suffixes, select the Append These DNS Suffixes (In Order) option, click Add, enter the suffix you want to add to the list, and click Add.

The two check boxes at the bottom of the DNS tab enable you to specify whether the computer should register its DNS name with its designated DNS server. This option requires a DNS server that supports dynamic updates, such as the DNS Server service supplied with Windows 2000 Server. The Register This Connection's Addresses In DNS check box causes Windows 2000 to use the system's primary DNS suffix to register the addresses, and the Use This Connection's DNS Suffix In DNS Registration check box causes the computer to use the connection-specific suffix you've entered in the DNS Suffix For This Connection text box.

The WINS Tab

Windows 2000 includes a WINS client for NetBIOS name resolution, but on a Windows 2000 network that uses Active Directory, WINS is not needed because Active Directory uses DNS names for the computers on the network and relies on DNS for its name resolution services. However, if you run Windows 2000 systems that use Microsoft Windows NT domains or no directory service at all, you can use the Advanced TCP/IP Settings dialog box's WINS tab, as shown in Figure 11.11, to configure the Microsoft TCP/IP client to use WINS.

Figure 11.11  The WINS tab of the Advanced TCP/IP Settings dialog box

Click Add in the WINS tab to open the TCP/IP WINS Server dialog box, in which you can specify the address of a WINS server on your network. You can create a list of WINS servers and specify the order in which Windows 2000 should use them. As with the default gateway and DNS server settings, supplying multiple WINS server addresses is a fault-tolerance feature.

The Enable LMHOSTS Lookup check box forces the computer to use a file called LMHOSTS to resolve NetBIOS names before contacting the designated WINS server. LMHOSTS is a text file found, by default, in the \Winnt\System32\ Drivers\Etc folder on the computer's local drive, which contains a list of NetBIOS names and their equivalent IP addresses. LMHOSTS functions in much the same way as the HOSTS file, which was used for host name resolution before the advent of DNS. Because each computer must have its own LMHOSTS file, Windows 2000 enables you to import a file from a network drive to the local computer. To do this, click Import LMHOSTS and browse for the desired file.

Using the options at the bottom of the WINS tab, you can specify whether the computer should or should not use NetBIOS over TCP/IP, or whether the computer should rely on a DHCP server to specify the NetBIOS setting. Once again, on a Windows 2000 network that uses Active Directory, you can disable NetBIOS over TCP/IP because the computers use DNS names instead of NetBIOS names.

For more information about NetBIOS naming and WINS, see Lesson 3: NetBEUI, in Chapter 6, "Network Layer Protocols."

The Options Tab

The Options tab of the Advanced TCP/IP Settings dialog box, shown in Figure 11.12, contains a list of additional features included with the Microsoft TCP/IP client. You can select any item in the list and click Properties to open a dialog box that enables you to configure that option. Windows 2000 includes two TCP/IP options: IP Security and TCP/IP Filtering. These options are discussed in the following sections.

Figure 11.12  The Options tab of the Advanced TCP/IP Settings dialog box

Using the IPSec Protocol

The IP Security option controls whether the Microsoft TCP/IP client uses the IPSec protocol when communicating with other computers on the network. IPSec is a security protocol that provides end-to-end encryption of data transmitted over a network. By default, IPSec is disabled in Windows 2000, but you can activate it. To open the IP Security dialog box (see Figure 11.13), select IP Security and click Properties. When IPSec is enabled, computers perform an IPSec negotiation before they begin transmitting data to each other. This negotiation enables each computer to determine if the other computer supports IPSec and what policies are in place to govern its use.

Figure 11.13  The IP Security dialog box

When you select the Use This IP Security Policy option in the IP Security dialog box, you can select one of the following policies, which govern when the computer should use the IPSec protocol:

• Client (Respond Only).  This option causes the computer to use the IPSec protocol only when another computer requests it.
• Secure Server (Require Security).  This option causes the computer to require IPSec for all communications. Connections requested by other computers that are not configured to use IPSec are refused.
• Server (Request Security).  This option causes the computer to request the use of IPSec for all communications, but not to require it. If the other computer does not support IPSec, communications proceed without it.

Using TCP/IP Filtering

The TCP/IP Filtering option is essentially a rudimentary form of firewall that you can use to control what kinds of network and transport layer traffic can pass over the computer's network interface adapters. By selecting the TCP/IP Filtering option in the Options tab and clicking Properties, you open the TCP/IP Filtering dialog box, shown in Figure 11.14. In this dialog box, you can specify which protocols and which ports the computer can use. Selecting the Enable TCP/IP Filtering (All Adapters) check box activates three separate selectors, one for TCP ports, one for UDP ports, and one for IP protocols. By default, all three selectors permit all traffic to pass through the filters, but selecting the Permit Only option on any selector enables you to build a list of permitted ports or protocols. The filters prevent traffic generated by all unlisted ports and protocols from passing through any of the computer's network interface adapters.

Figure 11.14  The TCP/IP Filtering dialog box

Exercise 1: TCP/IP Configuration Requirements

For each of the network scenarios listed, specify which of the following TCP/IP parameters (a, b, c, d, and/or e) you must configure to provide a computer running Windows 2000 with full communications capabilities.

1. IP address
2. Subnet mask
3. Default gateway
4. DNS server address
5. WINS server address

1. A private internetwork using Windows NT domains
2. A single peer-to-peer LAN
3. A corporate internetwork using Active Directory
4. A peer-to-peer LAN using a shared Internet connection
5. A Windows NT internetwork with a router connected to the Internet

Lesson Review

1. Which of the following IP security policies does not request the use of IPSec?
   1. Client
   2. Server
   3. Secure server
   4. All of the above
2. Which of the following services is not used on a Windows 2000 Active Directory network?
   1. DHCP
   2. WINS
   3. DNS
   4. IPSec
3. What is the function of a DNS suffix?
4. Which utility can you use to specify a default gateway address?
   1. TRACERT.EXE
   2. ARP.EXE
   3. IPCONFIG.EXE
   4. ROUTE.EXE
5. Which of the following is a valid reason for assigning more than one IP address to a single network interface adapter?
   1. To balance the network traffic load between the addresses
   2. To support multiple subnets on one network
   3. To provide fault tolerance
   4. To support both TCP and UDP traffic
6. How many default gateway addresses does a computer need to function on a LAN?
   1. 0
   2. 1
   3. 2
   4. 3
7. At which of the following layers does the TCP/IP filtering option operate?
   1. Physical and data-link
   2. Application and session
   3. Data-link and network
   4. Network and transport
8. How does Windows 2000 supply a subnet mask for the IP address you specify?
   1. By performing a reverse DNS name resolution on the address
   2. By checking the values of the first three address bits
   3. By checking the HOSTS file
   4. By querying the directory service
9. What is the function of an LMHOSTS file?

Lesson Summary

• If you don't have DHCP servers on your network, you must configure the Microsoft TCP/IP client manually.
• Every computer on the network must have a unique IP address and an appropriate subnet mask.
• A default gateway address instructs the computer where to send packets that are destined for other networks.
• The DNS server parameters instruct the computer where to send DNS names for resolution into IP addresses.
• The Advanced TCP/IP Settings dialog box provides access to the complete set of TCP/IP configuration options, including WINS, IPSec, and TCP/IP filtering.