|
|
 |
|
|
|
MCSA/MCSE Self-Paced Training Kit (Exam 70-216): Microsoft® Windows® 2000 Network Infrastructure Administration, Second Edition
|
|
|
Author
|
|
Microsoft Corporation
|
|
|
Pages
|
992
|
|
Disk
|
1 Companion CD(s); 1 Evaluation CD(s)
|
|
Level
|
Beg/Int
|
|
Published
|
08/14/2002
|
|
ISBN
|
9780735617728
|
|
Price
|
$59.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
Symbols and Numbers
# (pound) sign, 239, 326-27
3DES (Triple Data Encryption), 380
A
A (Host)
creating, 299
dynamic updates and, 182, 184
exercise, 300-301
overview of, 295
abstract syntax, 14
access control
remote access and, 416
VPNs and, 459
accreditation, domain name registrars, 245
ACK flags, TCP, 72-73
ACK messages, TCP, 66, 68-70
Acknowledgement Number field
SPX, 115
TCP, 65
Acks/sec, performance counter, 564
Active Directory domain controller, 155-56
Active Directory Installation Wizard, 274, 281
Active Directory-integrated zones, 282-83, 285-86
Active Directory Sites and Services console, 527
Active Directory User Object folder, 530
Active Directory Users and Computers console, 396, 437-38
Active Queue Length, performance counter, 564
Add Address Pool dialog box, NAT, 483
Add Counters dialog box, System Monitor, 547
Add Exclusions dialog box, New Scope Wizard, 158
Add Filter dialog box, packet filters, 370
Add IP Filter dialog box, packet filters, 373
Add Remote Access Policy Wizard, 440-44
Add Reservation dialog box, 484
Add Server dialog box, DHCP, 176-77
Add Special Port dialog box, NAT, 484-85
Add Standalone Snap-In dialog box, certificates, 527-29
Add/Remove Programs dialog box, 153-54, 510-14
Add/Remove Snap-In dialog box, Certificates console, 527-29
address allocation component, ICS, 494
Address Assignment function, NAT, 486-87
Address Family Identifier field, RIP version 2, 227
Address Leases list, DHCP, 177
address pools, creating, 482-84
Address Pool tab, NAT properties, 482-83
Address Range Assignment page, RRAS Setup Wizard, 418-19
Address Resolution Protocol. See ARP (Address Resolution Protocol)
addresses, filtering by, 578
addresses, hardware. See hardware addresses
administrators
CSNW and, 121
EFS recovery keys, removing, 535-36
GSNW and, 128, 132
OSI model and, 7
Shared Folders snap-in and, 552-59
Advanced tab
Edit Dial-In Profile dialog box, 447
RIP properties, 231
WINS replication partner properties, 360
Advanced TCP/IP Settings dialog box, 86-90
DNS tab, 87-89
IP Settings tab, 86-87
Lmhosts, 325-26
Options tab, 90, 368
WINS tab, 89-90, 347-48AH (Authentication Header), IPsec, 382-84
alerts. See Performance Logs and Alerts snap-in
Alias (CNAME), 295
Allocation Number field, SPX, 115
American Standard Code for Information Interchange (ASCII), 14
ANCOUNT field
DNS, 253-54
NeBT (NetBIOS over TCP/IP), 341
Answer section, NeBT, 342-44
antireplay, IPsec, 381
application layer
attacks directed at, 379
OSI model, 5, 14-15
TCP/IP model, 31, 41-42
Application log, Event Viewer, 540-41
Applications tab, ICS settings, 495-96
Apply Static Routes, Dial-In tab, 438
Applying Changes page, RRAS, 474
ARCOUNT field, DNS, 253-54
areas, defined, 232
Areas tab, OSPF properties, 232
ARP (Address Resolution Protocol)
Arp.exe and, 100-101
DHCP communications with, 148
exercise with, 42-45
overview of, 38-39
RARP vs., 138
as TCP/IP link layer protocol, 31
ARPANET, 28, 239
Arp.exe, 100-101
AS (autonomous systems), 225, 232
ASCII (American Standard Code for Information Interchange), 14
Assign A Static IP Address, Dial-In tab, 438
audit logging, 178, 187
authentication
Internet Key Exchange protocol and, 390
IPsec and, 380
PKI and, 502
PPP connection phase and, 35
remote access security and, 413-15, 433-36
Authentication Data and Padding field, AH, 384
Authentication Data field, ESP, 386
Authentication Header (AH), IPsec, 382-84
Authentication Method page, IP security rules, 398
Authentication Methods dialog box, RAS, 435-36
Authentication tab, dial-in profiles, 446
authorization, DHCP Server, 154-56
autodetection mechanism, NWLink, 125-26
automated enrollment, certificates, 526-27
automatic allocation, DHCP, 141
Automatic Certificate Request Setup Wizard, 526-27
automatic replication partners, WINS, 360
autonomous systems (AS), 225, 232
Auto-Static Update Mode, RIP installation, 230
B
B (broadcast) node, NetBIOS, 330
backbones, defined, 232
backups, CA, 519-21
BACP (Bandwidth Allocation Control Protocol), 429
bandwidth
OSPF and, 232
SPXII and, 114
Bandwidth Allocation Control Protocol (BACP), 429
Bandwidth Allocation Protocol (BAP), 429
baseband medium, 8
Berkeley Internet Name Domain (BIND), 276
binary method, subnetting, 54-56
BIND (Berkeley Internet Name Domain), 276
binding
CSNW and, 123
exercise in, 25
Windows 2000 networking and, 23-24
BOOT file, 276
BOOTP (Bootstrap Protocol), 139, 145
border routing, OSPF, 226
broadband medium, 8
broadcast (B) node, 330
broadcasts
DHCP servers and, 146-48
NetBIOS name resolution and, 327-29
troubleshooting, 190-91
browser, defined, 21
burst mode, SPX, 114
byte, IP address structure, 47
C
CA (certificate authority). See also MCS (Microsoft Certificate Services)
backing up and restoring, 519-22
certificate creation, 504-05
certificate templates and, 505-07
configuring, 514-18
MCS as, 509
overview of, 503
properties, 515-18
protecting, 510
types of, 503-04
CA Identifying page, 513
cables, 7
Cache Lookups folder, DNS, 568
caching
DNS names, 257-58
NetBIOS names, 322
caching-only DNS name server
defined, 249
DNS proxy vs., 469
implementing, 277-78
calculators, 53
callback
Dial-In tab options, 438
remote access security and, 415
caller ID, 416
capture buffer, 575
Capture Filter dialog box, 578
capture filters, Network Monitor, 577-79
capturing, Network Monitor
exercise, 582
frame data, 576-77
frames, 574-75
Carrier Sense Multiple Access with Collision Detection (CSMA/CD), 8
CBC (Cipher Block Chaining), IPsec, 381
CCITT (Comité Consultatif International Téléphonique et Télégraphique), 4
certificate authority. See CA (certificate authority)
Certificate dialog box, 530-31
Certificate Request Wizard, 532-34
Certificate Revocation dialog box, 534-35
Certificate Services. See MCS (Microsoft Certificate Services)
Certificate Services Web Enrollment Support module, 526
certificate store, 529
certificates, 502-07
CAs and, 503-04
contents of, 503
digital, 502-03
enrollment of, 525-27
generating, 505
requesting, 532-34
revoking, 534-35
templates for, 505-06
viewing, 530-31
Certificates console, 527-34
Certificates Snap-In dialog box, 528-29, 532-34
Certification Authority Backup Wizard, 519-21
Certification Authority console
backing up CAs, 519-21
configuring CAs, 514-18
restoring CAs, 521-22
revoking certificates, 534-35
Certification Authority page, 533
Certification Authority Restore Wizard, 521-22
Certification Authority Type page, 511
Certification Path tab, 531
Chaddr field, DHCP, 143, 147
CHAP (Challenge Handshake Authentication Protocol), 414, 436
Checksum field
IPX, 113
TCP, 65, 70-71
UDP, 74
Ciaddr field, DHCP, 143
Cipher Block Chaining (CBC), 381
circuit switching, 28
CLASS field, resource records, 254, 296
classes
IP addresses, 50, 57-59
user, 164-67
Client for Microsoft Networks, 21
Client FQDN, 182
Client (Respond Only), IPsec, 393
Client Service for NetWare. See CSNW (Client Service for NetWare)
clients
DHCP, 188-89
Windows 2000, 21
CNAME (Alias), 295
.com domain, 244-45
Comité Consultatif International Téléphonique et Télégraphique (CCITT), 4
Common Configurations page, RRAS, 208, 417, 473
Completing The IP Security Filter Action Wizard page, 405
Completing The New Zone Wizard page, 284
Completing The Routing and Remote Access Server Setup Wizard page, 419-20
Completion Code field, NCP, 117
Conditions page, Add Remote Access Policy Wizard, 440-41
configuration settings, DHCP, 188-89
Configure Device dialog box, RAS server, 427-28
Configure DHCP Options page, 159
Configure Gateway dialog box, 130-32
Conflict Detection Attempts selector, 179
Conflict Queue Length, performance counter, 564
Connection Control field, SPX, 115
Connection Number High field, NCP, 116, 117
Connection Number Low field, NCP, 116, 117
Connection Status field, NCP, 117
Connection Type page, demand dial interface, 212, 475
connectionless protocols, 12-13, 110
connection-oriented protocols
overview of, 11-13
SPX, 114
TCP, 63, 65-66
Control Access Through Remote Access Policy, VPNs, 459
Control Bits field, TCP, 65, 72-73
counters
DHCP performance, 564-65
System Monitor, 546-49
CRC (cyclical redundancy check), 9, 574
Create IP Security Rule Wizard, 397-99
CryptoAPI programming interface, 509
Cryptographic Service Provider page, 532-33
cryptographic service provider (CSP), 509-10, 512
CSMA/CD (Carrier Sense Multiple Access with Collision Detection), 8
CSNW (Client Service for NetWare)
configuring, 126-27
installing, 121-24
Windows 2000 and, 21
Windows 2000/NetWare compatibility, 118-19
CSP (cryptographic service provider), 509-10, 512
Custom Security Method Settings dialog box, IPsec, 405
cyclical redundancy check (CRC), 9, 574
D
Data, NCP, 117
data encapsulation, OSI model, 5-7
Data Encryption Algorithm (DES), 380
Data field
IP, 37
IPX, 113
NCP, 117
SPX, 115
TCP, 65
UDP, 74
data modification, IPsec, 378, 379
Data Offset field, TCP, 65
data pattern, filtering by, 579
Data Storage Location page, Windows Components Wizard, 513
data transfer, VPN, 453-54
databases
compacting, 180, 350-51
replicating, 359-62
restoring, 521-22
datagram formats, 35-36, 112
data-link layer, OSI model
IPX and, 111-12
network interface adapters, 19
overview of, 8-9
protocol stack and, 5
transmission process, 9-10
Datastream Type field, SPX, 115
Date field, DHCP logging, 564
debugging, DNS server, 312-13, 567-68
Decision statements, display filters, 580-81
Declines/sec, performance counter, 564
Default Action tab, CA (certificate authority), 516-17
default gateways, 198-99, 201
Default Gateway text box, TCP/IP, 85-86
Default Response Rule Authentication Method page, IPsec, 395
delayed acknowledgements, TCP, 69
Delegated Domain Name page, New Delegation Wizard, 287
Demand Dial Interface Wizard, 211-14, 475-76
Demand-Dial Connections page, RRAS, 208
demand-dial interfaces, 210-16
configuring, 214-16
implementing, 210-14
installing RIP on, 230
denial of service (DOS) attacks, 378-79
DES (Data Encryption Algorithm), 380
Description field, DHCP logging, 564
Destination Connection ID field, SPX, 115
Destination IP address field, IP, 37-38
Destination Network Address field, IPX, 113
Destination Node Address field, IPX, 113
Destination Port field, TCP, 65
Destination Port field, UDP message, 74
Destination Socket field, IPX, 113
destination variable, 219
Details tab, Certificate dialog box, 530-31
device drivers, 19
DHCP console
configuration options, 161-64
DHCP Server authorization, 155
monitoring activity, 176-79
reservations, 167-68
scopes, 156-60
Server Statistics dialog box, 561-63
superscopes, 161
DHCP (Dynamic Host Configuration Protocol)
as application layer protocol, 14, 42
communications with, 146-50
conflict detection, 179
as connectionless protocol, 12
database compaction, 180
DNS integration, 182-85
exercise, 150
IP address assignments, 140-41
IP address leases, 149-50
messaging, 141-46
monitoring, 176-79, 561-65
origins of, 138-41
relay agents, 180-81
troubleshooting, 187-92
UDP and, 73-74
Windows 2000 and, 21
WINS support, 352-53
DHCP relay agents, 180-81
DHCP Server, 152-75
authorizing, 154-56
configuration options, 161-64
conflict detection and, 179
DHCP database and, 180
DNS server integration, 182-85
exercise, 169-74
monitoring, 176-79
overview of, 152-53
reservations and, 167-68
scopes and, 156-60
Server Statistics dialog box, 561-63
superscopes and, 161
troubleshooting, 187, 189-92
user classes and, 164-67
Windows 2000 installation and, 153-54
DHCPACK message type, 144, 148-50, 184
DHCPDECLINE message type, 144, 148
DHCPDISCOVER message type
communications and, 146-48
defined, 144
leasing and, 150
relay agents and, 180-81
troubleshooting DHCP servers, 191
DHCPINFORM message type, 144, 148
DHCPNACK message type, 144, 148-50
DHCPOFFER message type
communications and, 146-48
defined, 144
relay agents and, 181
troubleshooting DHCP servers, 191
DHCPRELEASE message type, 144
DHCPREQUEST message type
communications and, 147-48
defined, 144
dynamic DNS updates, 184
leasing and, 149-50
Dial Out Credentials page, 213-14, 476
Dial-In Constraints tab, dial-in profiles, 446
dial-in properties, 437-38
dial-in remote access, 410-12, 436
Dial-In tab, Active Directory, 437-38, 439-45
Dial-In tab, user accounts, 459
dialing properties, configuring, 215
dialog, separation/control, 13
digital certificates, 502-03
Dijkstra algorithm, 232
direct route, IP routing, 196
Directory service log, Event Viewer, 541
Discovers/sec, performance counter, 564
Display Filter dialog box, 580-81
display filters, Network Monitor, 580-81
distance vector routing, 226
DNS console
DNS server installation, 276
monitoring, 567-68
resource records, 297-300
zones, 280-84
DNS (Domain Name System), 238-50. See also Windows 2000 DNS Server
as application layer protocol, 14, 42
as connectionless protocol, 12
DHCP integration with, 182-85
DNS caching-only servers vs. DNS proxy, 469
implementing, 263-71
monitoring activity, 310-13, 567-68
UDP and, 73-74
DNS host names, 238-50
designing, 240-41
exercise, 249
host names, 238, 246
host tables and, 238-40
name guidelines, 246
name servers, 247-49
name space, 241-47
resolvers, 249
root domain, 243-44
second-level domains, 245-46
top-level domains, 244-45
zones, 246-47
DNS name resolution, 251-62
DNS messaging, 251-55
exercise, 260-61
name server caching, 257-58
resolving names, 255-57
reverse name lookups, 258-60
DNS proxy, 469
DNS server log, Event Viewer, 541
DNS servers. See also Windows 2000 DNS Server
caching, 257-58
defined, 241
DHCP and, 163-64
exercise, 260-61
overview of, 247-49
planning implementation of, 263-71
TCP/IP configuration, 86
VPN management, 459
WINS name servers vs., 336
DNS tab, advanced TCP/IP settings, 87-89
domain name servers, 247-49
domain name space, DNS, 241-47
defined, 241
hierarchical structure of, 241-43
host names, 246
naming guidelines, 246
root domain, 243-44
second-level domains, 245-46
top-level domains, 244-45
zones, 246-47
Domain Name System. See DNS (Domain Name System)
domain speculators, 245
domains
defined, 241
root domains, 243-44
second-level domains, 245-46
top-level domains, 244-45
Windows 2000 vs. DNS, 243
DOS (denial of service) attacks, 378-79
dotted decimal notation, IP addressing, 47
Duplicates Dropped/sec, performance counter, 564
dynamic allocation, DHCP, 141
dynamic DNS updates, 182-85
Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol)
dynamic mappings, NAT, 469
dynamic routing protocols, 224-36
exercise, 234
OSPF, 231-33
overview of, 224-26
RIP, 226-31
routing tables and, 202-03
RRAS, 570
dynamic updates
exercise, 292
troubleshooting, 315
zone configuration and, 289-90
E
EAP (Extensible Authentication Protocol), 414-15, 435
EBCDIC (Extended Binary Coded Decimal Interchange Code), 14
Echo Reply, ICMP
defining, 40
Ping.exe and, 94-95
Tracert.exe and, 95
Echo Request, ICMP
defining, 40
DHCP communications and, 147
Ping.exe and, 94-95
Tracert.exe and, 95-96
Edit Dial-In Profile dialog box, 429, 445-47
editors, NAT, 469-70
.edu domain, 244-45
EFS (Encrypting File System), 535
Encapsulating Security Payload (ESP), 384-86
encapsulation
IP, 36
IPX, 112-13
overview of, 452-53
TCP, 64-65
Encrypting File System (EFS), 535
encryption
deployment, 392
Internet Key Exchange protocol and, 390
keys, 500-502
at network layer of OSI model, 379-80
PKI and, 501
Encryption tab, dial-in profiles, 446-47
End option, DHCP messages, 144
end systems, TCP/IP, 40, 194
end-to-end protocols, 32
enrollment, certificates, 525-27
enterprise CA, 503-04
Enterprise Policy module, 527
enterprise root CA, 504, 509, 514
enterprise subordinate CA, 504, 509, 514
Enterprise Trust folder, certificates, 530
ephemeral port numbers, 68, 466
error correction, 13, 70-71
error detection, 9, 13
error messages, ICMP, 40
ESP (Encapsulating Security Payload), 384-86
Ethernet frame types, 111-12, 125-26
event logs
accessing remote, 544
DNS server, 311-13
RAS server, 426
RRAS server, 571
viewing, 541-42
Event Properties dialog box, 542
Event Viewer, 540-44
Event Viewer console, 541-42
events, locating, 542-44
Exclude statements, 578-79
exclusive mode, DNS servers, 255
exit module, 505
Exit Module tab, CA properties, 517EXPIRE (Expires After) subfield, SOA, 295
Extended Binary Coded Decimal Interchange Code (EBCDIC), 14
Extensible Authentication Protocol (EAP), 414-15, 435
External Routing tab, OSPF, 233
F
Failed Requests folder, CA console, 515
FCS (Frame Check Sequence) field, 9
File field, DHCP message, 143
File replication service log, Event Viewer, 541
File Transfer Protocol (FTP), 14, 31, 41
Filter Action General Options page, IPsec, 403-04
Filter Action Name page, IPsec, 403
Filter Action page, IPsec, 398-99, 402
filter actions, 396, 402-05
Filter command, Event Viewer, 543-44
filter list, 396, 399-402
Filter Properties dialog box, 401-02
filters, display, 580-81
FIN flag, TCP, 72-73
Find dialog box, Event Viewer, 543-44
firewalls, 366-67
Flags field
DHCP, 143
DNS, 252-53
IP, 37
flow control, 12, 71-72
forward lookup queries, 255-57
forward lookup zones, 281, 290-91
forwarders, 255
FQDN (fully qualified domain name)
Client FQDN, 182
overview of, 242
reverse name lookups and, 259-60
Fragment Offset field, IP, 37
fragmentation
IP, 38
network layer protocols and, 10
segmentation vs., 11-12
Frame Check Sequence (FCS) field, 9
frame types, 111-12, 125-26Framed-Protocol dialog box, remote access policies, 442
frames
capture filters and, 577-79
capturing, 574-77
data-link layer protocols and, 8
PPP, 33-34
SLIP, 32-33
FTP (File Transfer Protocol), 14, 31, 41
Ftp.exe, 106
fully qualified domain name. See FQDN (fully qualified domain name)
Function field, NCP, 116
G
Gateway Address column, routing tables, 198-201
Gateway Service for Netware. See GSNW (Gateway Service for Netware)
Gateway Service for Netware dialog box, 129-30
gateways
activating, 131-32
creating, 130
default, 201
defining, 199
enabling, 130-31
security, 132
General tab
CA properties, 515, 530
NAT properties, 486-87
OSPF properties, 232
RIP properties, 231
Giaddr field, DHCP, 143
.gov domain, 244-45
group membership, access control and, 438-45
GSNW (Gateway Service for Netware), 127-32
configuring, 129-30
enabling, 21, 118-19, 130-31
gateways, 130-32
installing, 128-29
overview of, 127-28
guaranteed delivery, connection-oriented protocols, 11
H
H node (hybrid node) type, 330-31
half close connection, TCP, 73
hardware, IP routing, 203-05
hardware addresses
converting IP to, 100-101
data-link layer and, 8
IPX and data-link layer and, 110
packet filtering on, 365
Header Checksum field, IP, 37
Header section, NeBT, 340-41
HINFO (Host Information), 296
Hlen field, DHCP, 143
Hops field, DHCP, 143
Host (A). See A (Host)
host identifiers, 47, 49, 51
Host Information (HINFO), 296
Host Name field, DHCP logging, 564
host names. See DNS host names
host tables, 238-39
Hosts file, 238-39
HTTP (Hypertext Transfer Protocol), 14, 31, 41
HTTPS (Secure Hypertext Transfer Protocol), 41
Htype field, DHCP message, 142
hybrid node (H node) type, 330-31
Hypertext Transfer Protocol (HTTP), 14, 31, 41
I
IANA (Internet Assigned Numbers Authority)
Internet routing and, 464-65
IP address classes, 50
overview of, 48
private network addresses, 51-52
unregistered addresses and, 465
IAS (Internet Authentication Service), 433
ICANN (Internet Corporation for Assigned Names and Numbers), 245
ICMP (Internet Control Message Protocol)
overview of, 39-40
packet filter configuration, 374-75
as TCP/IP internet layer protocol, 31
type and code values for, 374-75
ICS (Internet Connection Sharing), 492-98
configuring, 494-97
installing, 493-94
NAT vs., 492
routing software and, 205
ICV (integrity check value), 381
ID field
DHCP logging, 563
DNS, 252
IETF (Internet Engineering Task Force)
DNS standards, 240
RARP standards, 138
TCP/IP standards, 28-29
IGMP (Internet Group Message Protocol), 31, 230
IHL (Internet Header Length) field, IP, 37
IIS (Internet Information Services), 21
IKE (Internet Key Exchange) protocol, 390
IMAP4 (Internet Mail Access Protocol), 41
in-addr.arpa domain, 259-60
inbound connections, 427-28
Include statements, 578-79
Informs/sec, performance counter, 564
init state, defined, 146
initial sequence number (ISN), 66
Instance, System Monitor snap-in, 548
.int domain, 244-45
Integrated Services Digital Network (ISDN), 412
integrity, IPsec, 381
integrity check value (ICV), 381
Interface column, routing tables, 198-200
Interface Name page, demand dial interface, 211, 475
Interface Selector, static routes, 218
interfaces, NAT
creating, 481-82
properties, 482-86
interior routing protocols, 224
Intermediate Certification Authorities folder, certificates, 530
intermediate systems, TCP/IP, 40, 194-95
International Organization for Standardization (ISO), 4
Internet
autonomous systems of, 225
domain speculators and, 245
host tables as insufficient for, 239
IPX's incompatibility with, 110-11
as largest TCP/IP network, 48
NAT configuration for access to, 478-79
routing to, 464-65
VPN servers, integrating with, 457-58
Internet Assigned Numbers Authority. See IANA (Internet Assigned Numbers Authority)
Internet Authentication Service (IAS), 433
Internet Connection Server page, RRAS, 473-74
Internet Connection Server Setup page, RRAS, 473
Internet Connection Sharing. See ICS (Internet Connection Sharing)
Internet Connection Sharing Application dialog box, 495-96
Internet Connection Sharing Settings dialog box, 495-96
Internet Control Message Protocol. See ICMP (Internet Control Message Protocol)
Internet Corporation for Assigned Names and Numbers (ICANN), 245
Internet Engineering Task Force. See IETF (Internet Engineering Task Force)
Internet Group Message Protocol (IGMP), 31, 230
Internet Header Length (IHL) field, IP, 37
Internet Information Services (IIS), 21
Internet Key Exchange (IKE), 390
internet layer, TCP/IP, 31, 35
Internet Mail Access Protocol (IMAP4), 41
Internet Network Information Center (InterNIC), 245
Internet Protocol (TCP/IP) Properties dialog box
Lmhosts implementation, 324
packet filter configuration, 368
TCP/IP configuration, 83-84, 86
WINS client configuration, 347-48
Internet routers, 204
Internet Service Provider (ISP), 464-65
Internetwork Packet Exchange. See IPX (Internetwork Packet Exchange)
internetworks
defining, 194
IP routing and, 195-97
routing tables and, 202-03
transit, 451
InterNIC (Internet Network Information Center), 245
IP Address Assignment page, RRAS, 418
IP Address field
DHCP, 564
RIP, 227
IP addressing, 47-62. See also NAT (network address translation)
ARP and, 38-39
classes, 50
exercise, 60
NAT and, 468
overview of, 10
packet filtering and, 365
private networks and, 51-52
rules, 51
scopes, 156-60
structure of, 47-48
subnet masks, 49-52
subnetting, 52-59
TCP/IP configuration, 84-86
VPN and, 459IP addressing, DHCP
assigning, 140-41
communications and, 148
troubleshooting clients, 188
troubleshooting servers, 191-92
IP Address Range, scopes, 157
IP Filter List dialog box, 400
IP Filter List page, 398
IP Filter Wizard, 400
IP host naming. See DNS host names
IP (Internet Protocol)
as connectionless protocol, 12
as internet layer protocol, 31
overview of, 35-38
RAS server options, 424-25
IP routing. See dynamic routing protocols; routing IP
IP security. See IPsec (IP security)
IP Security Filter Action Wizard, 403-05
IP Security Policies on Local Machine snap-in, 392
IP Security Policies snap-in, 392-93
IP Security Policy Management snap-in, 392
IP Security Policy Name Page, 394
IP Security Policy Wizard, 394-95, 396
IP Settings tab, advanced TCP/IP setting, 86-87
IP tab, Edit Dial-In Profile dialog box, 446
IP Traffic Security page, IP Security Filter Action Wizard, 404-05
Ipconfig.exe, 99-100
IP-IP network layer tunneling technique, 456
IPsec driver, 391
IPsec (IP security), 377-89
advantages of, 379-80
exercise, 388
functions, 380-81
L2TP tunneling and, 388
monitoring activity, 572
overview of, 377-81
protocols, 382-86
standards, 382
transport mode/tunnel mode and, 386-87
tunneling protocols and, 456
IPsec (IP security), deploying, 390-408
components, 390-91
exercises, 406-07
filter actions, 402-05
overview of, 391
policies, 393-96
policy filter list, 399-402
Policy Management, 392-93
policy rules, 396-99
tunnel mode configuration, 406
IPsec Policy Agent service, 390
IPsec Policy Management, 392-93
Ipsecmon.exe utility, 572
IPX (Internetwork Packet Exchange), 109-20
addressing, 10
datagram format, 112-14
data-link layer, 111-12
exercise, 119
NetWare Core Protocol and, 116-18
overview of, 20, 110-11
RAS server options, 425-26
Sequenced Packet Exchange and, 114-16
Windows 2000/NetWare compatibility and, 118-19
ISDN (Integrated Services Digital Network), 412
ISN (initial sequence number), 66
ISO (International Organization for Standardization), 4
ISP (Internet Service Provider), 464-65
Issued Certificates folder, CA console, 515
Items To Back Up page, Certification Authority Backup Wizard, 519
Items To Restore page, Certification Authority Restore Wizard, 521-22
iterative query, 255
ITU-T (Telecommunications Standardization Sector of the International Tele-communication Union), 4, 503
J
Jetpack.exe program, 180, 350-51
K
Kerberos V5, 395
keys
CA management of, 510
compromised, 379
encryption, 500-502
Internet Key Exchange protocol, 390
L
L2TP tunneling protocol
defining, 388
overview of, 454-55
PPTP vs., 455-56
VPN and, 453-54
LAN (local area network)
IPX and, 110
RIP and, 230
VPNs and, 457
LCP (Link Control Protocol), 424, 428-29
Lease Duration page, New Scope Wizard, 159
lease identification cookie, DHCP, 148
leases, DHCP
monitoring DHCP activity, 177
overview of, 149-50
scopes and, 159-60
troubleshooting DHCP servers, 190-91
Length field
IPX, 113
UDP, 74
letter transposition code, encryption, 500
Link Control Protocol (LCP), 424, 428-29
link dead, PPP, 35
link establishment, PPP, 35
link layer protocols, TCP/IP, 30-31, 32
link open, PPP connection phase, 35
link quality monitoring, PPP, 35
link termination, PPP, 35link-state routing, 231-32
litigation, domain names and, 245
Lmhosts file
implementing, 323-26
overview of, 90
tags, 326-27
Local Area Connection properties
CSNW and, 122, 123-24
GSNW, 129
ICS installation, 494
Lmhosts implementation, 323-24
NAT configuration, 478-79
NWLink configuration, 124
packet filters configuration, 367
TCP/IP configuration, 83
TCP/IP installation, 80-82
WINS client configuration, 347-48
local area networks. See LANs (local area networks)
Local File Properties dialog box, RRAS logging, 571
Local Security Settings console, 393-95
Local Users and Groups, dial-in properties, 437
Local-Only mode, NDIS, 576
logging
DHCP, 563-64
DNS server, 567-68
RRAS, 570-71
WINS, 567
Logging tab, DNS server properties, 312-13
logs. See Event Viewer; Performance Logs and Alerts snap-in
M
M (mixed mode) node, 330
MAC Address field, DHCP, 564
MAC (media access control) addresses. See hardware addresses
Mail Exchanger (MX), 296
Managing Multiple Remote Access Servers page, 418-19
manual allocation, DHCP configuration, 141
master servers, 248, 314
maximum segment size (MSS), 66
maximum transfer unit (MTU), 38
MCS (Microsoft Certificate Services), 499-538
backing up/restoring CAs, 519-22
certificate enrollment, 525-27
certificate revocation, 534-35
certificates, 502-07
Certificates console, 527-34
configuring CAs, 514-18
EFS recovery keys, 535
encryption keys and, 500-502
exercises, 507, 522-23
installation, 509-14
overview of, 500
Windows 2000 and, 21
media access control (MAC) addresses. See hardware addresses
message digest, 381
message header, DNS, 252-53
Message Type, DHCP, 144, 150
messaging, DHCP, 141-46
End option, 144
Message Type option, 144, 150
Option Overload option, 141-45
other options, 145-46
overview of, 141-44
Pad option, 144
Vendor-Specific Information option, 145
messaging, DNS, 251-55
message header, 252-53
overview of, 251
Question section, 253
request types, 254-55
response sections, 253-54
messaging, WINS, 335-39
name registration, 335-37
name release, 338
name renewal, 337-38
name resolution, 338-39
NeBT formats, 339-44
Metric column, routing tables, 198-200Metric field, RIP version 2, 228
Microsoft Certificate Services. See MCS (Microsoft Certificate Services)
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), 414, 436
Microsoft node types, 330-32
Microsoft Windows 2000. See Windows 2000
Microsoft Windows 2000 DNS Server. See Windows 2000 DNS Server
Microsoft Windows 2000 network components. See Windows 2000 network components
Microsoft Windows 2000 Server, 205
Microsoft Windows Authentication option, 435
Microsoft Windows Calculator, 53
Microsoft Windows Components Wizard. See Windows Components Wizard
Microsoft Windows Internet Name Service. See WINS (Windows Internet Name Service)
Microsoft-enhanced h mode type, 331-32
.mil domain, 244-45
Milliseconds Per Packet (Avg), performance counter, 564
Minimum (default) TTL (MINIMUM) subfield, SOA, 295
mixed mode, Active Directory, 439
mixed mode (M) node, NetBIOS, 330
MNAME (Primary Server) subfield, SOA, 295
Modified b node type, 330
modular routers, 203-04
monitoring, Network Monitor, 574-83
capture filters, 577-79
display filters, 580-81
displaying captured data, 579-80
exercise, 582
frame data, 576-77
installing tools, 576
overview of, 574-75
performance issues, 581
security, 575-76monitoring, network services, 561-73
DHCP activity, 176-79, 561-65
DNS activity, 310-13, 567-68
IPsec activity, 572
RRAS activity, 568-71
WINS activity, 565-67
monitoring, Windows 2000, 540-60
Event Viewer, 540-44
exercises, 559
Performance console, 544-52
Shared Folders snap-in, 552-59
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol), 414, 436
MSS (maximum segment size), 66
MTU (maximum transfer unit), 38
multicast transmissions, RIP, 228, 230
multihomed computers, 205
Multilink connections, 424, 428-29
Multilink tab, dial-in profiles, 429, 446
multiplexing, 19
mutual authentication, remote access security, 415
MX (Mail Exchanger), 296
N
Nacks/sec, performance counter, 564
NAME field, resource records, 254, 296
name overwrite demand messages, NetBIOS, 328-29
name query request messages
NetBIOS, 327-29
WINS, 336, 338-39
name refresh request messages, WINS, 337-38
name registration request messages, 328-29, 336
name resolution
defined, 238
ICS, 494
NAT, 469, 488-89
WINS, 89-90, 338-39
Name Resolution tab, NAT properties, 488-89
name servers. See also DNS servers
NetBIOS, 330
WINS, 459
Name Servers page, New Delegation Wizard, 287
names
NetBIOS caching, 322
WINS registration, 335-37
WINS release, 338
WINS renewal, 337-38
NAME-TRN_ID field, NeBT, 340
NAT (network address translation), 463-98
components, 468-79
exercises, 470, 489-90
ICS installation and configuration, 492-98
implementing, 472
interface properties, 482-86
Internet routing and, 204, 464-65
NAT editors, 469-70
node, 481-82, 486-88
overview of, 465-70
private network addresses and, 51-52
properties, 486-88
RRAS configuration, 478-82
RRAS installation, 472-77
NAT routing protocol, 480-81
NBNS (NetBIOS name servers), 330
Nbstat.exe, 103-04
NCP (NetWare Core Protocol), 116-18
NDIS boundary layer, defined, 20
NDIS (Network Device Interface Specification), 20
NDS (Novell Directory Services), 126-27, 130
NeBT formats, 339-44
Answer section, 342-44
Header section, 340-41
Question section, 342
negative acknowledgement, TCP, 70
negative caching, DNS name servers, 258
negative name query response messages, 336, 338-39
negative name refresh response messages, 337
negative name registration response messages, 328-29, 336
negative name release response messages, 338
Neighbors tab, RIP properties, 231
.net domain, 244-45
NetBEUI (NetBIOS Enhanced User Interface)
DHCP clients, troubleshooting, 188
installation exercise, 24
NetBIOS and, 318
overview of, 20
RAS connections, 412
RAS server options, 426
NetBIOS name servers (NBNS), 330
NetBIOS (Network Basic Input/Output System), 318-34
broadcast transmissions and, 327-29
exercise, 333
Lmhosts file and, 322-27
name caching, 322
name registration/resolution, 321
name servers, 330
naming, 318-21
node types, 330-32
Netlogon, defined, 21
Netmask column, routing tables, 198-200
Netstat.exe, 101-03
NetWare, 109-35
Client Service configuration, 126-27
Client Service installation, 121-24
exercises, 119, 132-34
Gateway Service installation and configuration, 127-32
IPX overview, 110-11
IPX protocols, 111-17
NWLink configuration, 124-26
Windows 2000 compatibility with, 21, 118-19
NetWare Core Protocol (NCP), 116-18
network adapter drivers, 20, 119
Network Address column, routing tables, 198-201
network address translation. See NAT (network address translation)
Network Address Translation (NAT) Properties dialog box, 481, 486-88
Network and Dial-Up Connections window
CSNW installation, 121-24
GSNW installation, 128-29
ICS installation, 493-94
Lmhosts implementation, 323-24
NWLink configuration, 124-26
packet filter configuration, 367
TCP/IP configuration, 83
TCP/IP installation, 81
WINS client configuration, 347-48
Network Basic Input/Output System. See NetBIOS (Network Basic Input/Output System)
network components. See Windows 2000 network components
Network Device Interface Specification (NDIS), 20
network identifiers
IP address structure and, 47
IP addressing rules for, 51
overview of, 48-49
Network Information Center (NIC), 239
network interface adapters, 19
network interface card. See NIC (network interface card)
network interface layer, TCP/IP, 30-31
network layer, OSI model
encrypting transmissions, 379-80
internet layer of TCP/IP vs., 31
overview of, 9-11
PPP connection phase, 35
protocol stack, 5
RAS server configuration, 424
routing, 194
Network Monitor, 574-83
capture filters and, 577-79
capturing frame data, 576-77
display filters and, 580-81
displaying captured data, 579-80
exercise, 582
installing tools, 576
IP security and, 377-78
overview of, 574-75
performance issues, 581
security, 575-76Network Monitor Capture window, 577
Network Monitor console, installing, 576
Network Monitor driver, installing, 576
network protocols, securing. See IPsec (IP security); packet filters
Network Solutions, Inc., 245
Network Time Protocol (NTP), 42
Network Type page, IP security rules, 398
Networking Services dialog box
DHCP Server, 154
WINS Server, 345-46
Networking tab, demand-dial interface properties, 215-16
New Class dialog box, DHCP, 165
New Delegation Wizard, 287-89
New Interface For Network Address Translation Properties dialog box, 481
New Interface For RIP Version 2 For Internet Protocol dialog box, 229
New Replication Partner dialog box, 360
New Reservation dialog box, 168
New Resource Record dialog box, 287, 300
New Routing Protocol dialog box, 228, 480-81
New Scope Wizard, 156-60
New Share dialog box, 131-32
New Static Mapping dialog box, 348-49
New Zone Wizard, 281-84
Next Header field
AH, 384
ESP, 386
Next Hop IP Address field, RIP version 2, 228
NIC (Network Information Center), 239
NIC (network interface card)
adapters and, 19
NAT configuration and, 478
Windows 2000 and, 22-23
NM-FLAGS field, NeBT, 340
node addresses, IPX, 110
node types, NetBIOS, 330-32
nonexclusive mode, DNS servers, 255
nonrepudiation
IPsec, 380
PKI and, 502
Northwind Traders, DNS design
large networks, 268-70
medium-size networks, 265-68
small networks, 264-65
Novell Client for Windows NT/2000, 119
Novell Directory Services (NDS), 126-27, 130
NRCOUNT field, NeBT message header, 341
NS (Name Server), 285-86, 295
NSCOUNT field
DNS, 253-54
NeBT, 341
Nslookup.exe, 104-05, 258
NTGATEWAY group, 130
NTP (Network Time Protocol), 42
NWLink
configuring, 124-26
CSNW and, 123
exercise, 132-34
overview of, 20
Windows 2000/NetWare compatibility, 118-19
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol Properties dialog box, 124-26
O
octet, IP addresses, 47
ODI (Open Data-Link Interface), 119
offered window, TCP, 72
Offers/sec, performance counter, 564
one-way transform, 381
Op field, DHCP message, 142
OPCODE field, NeBT message header, 340
Open Data-Link Interface (ODI), 119
Open Files folder, sharing folders and, 553, 558-59
Open Shortest Path First. See OSPF (Open Shortest Path First)
Open Systems Interconnection. See OSI (Open Systems Interconnection) reference model
Options field
DHCP, 143-46
IP, 37
TCP, 65
Options tab, advanced TCP/IP settings, 90
.org domain, 244-45
organizationally unique identifier (OUI), 8
OSI (Open Systems Interconnection) reference model, 4-17
application layer, 14-15
applying in real world, 15-16
data encapsulation, 5-7
data-link layer, 8-9
network layer, 9-11
overview of, 4-5
packet filtering and, 365-66
physical layer, 7
presentation layer, 14
session layer, 13
TCP/IP architecture vs., 29-30
transport layer, 11-13
OSPF (Open Shortest Path First)
border routing and, 226
defined, 224
installing, 232-33
as interior routing protocols, 224-25
monitoring, 570
understanding, 231-32
OSPF Properties dialog box, 232-33
OUI (organizationally unique identifier), 8
Overload option, DHCP messages, 144-45
P
P (point-to-point) node, 330
packet filters, 364-76
IPsec and, 381
overview of, 364-67
RRAS configuration, 371-75
TCP/IP client configuration, 367-71
Packet Type field, IPX, 113
packets
burst, 114
capturing, 377-78
switching, 28
TCP acknowledgement, 68-70
Packets Expired/sec, performance counter, 564
Packets Received/sec, performance counter, 564
Pad Length field, ESP, 386
Pad option, DHCP, 144
PAP (Password Authentication Protocol), 413, 436
password compromise, IPsec, 378
Pathping.exe, 97-99
Payload Data and Padding field, ESP, 386
Payload length field, AH, 384
Pending Request folder, CA console, 515
performance baselines, 549
Performance console, 544-52
overview of, 544-45
Performance Logs and Alerts snap-in, 550-52
system and network performance, 548-49
System Monitor snap-in, 545-48
Performance Logs and Alerts snap-in, 544, 550-52
Periodic Update Mode, RIP, 230
Permissions page, Add Remote Access Policy Wizard, 443
Personal folder, Certificates console, 529
Phone Number page, Demand Dial Interface Wizard, 212-13, 476
physical layer, OSI model
network interface adapters at, 19
overview of, 7
protocol stack, 5
Ping, 93-95
PKI (public key infrastructure), 501
Pointer (PTR), 296, 301
point-to-point (P) node, 330
Point-to-Point Protocol. See PPP (Point-to-Point Protocol) Point-to-Point Tunneling Protocol (PPTP), 454-56
policies, IPsec
creating in Active Directory, 393-95
filter actions, 402-05
filter lists, 399-402
Policy Management and, 396
remote access policies, 438-45
rules, 396-99
for tunnel mode, 406
policy module, defined, 505
Policy Module tab, CA properties, 516
Policy Name page, Add Remote Access Policy Wizard, 440
Policy Settings folder, CA console, 515
POP3 (Post Office Protocol), 41
PORT field, SRV, 296
port numbers
DHCP client/server, 142
DNS name server, 251
ephemeral, 466
NAT interface and, 484-85
packet filtering and, 365-66, 369-70
TCP well-known, 67-68
Port Status dialog box, RRAS, 569
ports, RAS server, 427
Ports Properties dialog box, RAS server, 427
positive acknowledgement with retransmission, TCP, 70
positive name query response messages, 328-29, 336, 338-39
positive name refresh response messages, 337
positive name registration response messages, 336
positive name release response messages, 338
Post Office Protocol (POP3), 41
pound (#) sign, 239, 326-27
PPP (Point-to-Point Protocol)
L2TP tunneling and, 388
overview of, 33-35
RAS connections, 412
RAS multilink connections, 428-29
RAS server options, 423-24
as TCP/IP link layer protocol, 31, 32PPTP (Point-to-Point Tunneling Protocol), 454, 455-56
presentation layer, OSI model, 5, 14
primary master servers, 263
primary master zone database file, 248
Primary Server (MNAME) subfield, SOA, 295
primary zone database file, 248
PRIORITY field, SRV, 296
private keys, 501, 512
private network addresses, 51-52
profiles, remote access, 445-47
promiscuous mode
defined, 377-78
NDIS, 576
properties
certificates, 531
Certification Authority console, 515-18
demand-dial interface, 214-16
DHCP server, 179, 563-64
DNS server, 568
filter actions, 402-05
filter lists, 399-401
NAT configuration, 486-88
NAT interface, 482-86
RRAS interface, 372
RRAS logging, 571-72
rules, 397
shared folders, 554-55
Windows 2000 networking components, 23-24
properties, RAS server, 422-26
authentication options, 433-36
event logging options, 426
general options, 422-23
IP options, 424-25
IPX options, 425-26
NetBEUI options, 426
network layer protocol options, 424
PPP options, 423-24
security options, 423
PROTO field, SRV, 296
Protocol field, IP, 37
protocol identification
data-link layer protocols and, 9
network layer protocols and, 11
packet filtering on, 365
protocol stacks
OSI, 4-5, 15-16
TCP/IP, 30-31
Windows 2000, 18
protocols. See also by individual type
data encapsulation and, 5-6
filtering by, 578
overview of, 4
suites, 19
Windows 2000 network, 20
Protocols and Security page, demand dial interface, 213, 476
Provide Password page, Certification Authority Restore Wizard, 522
proxy agents, WINS, 350
pseudo-header, TCP, 71
PSTN (Public Switched Telephone Network), 411
PTR (Pointer), 182, 296, 301
Public and Private Key Pair page, 512
public key infrastructure (PKI), 501
public keys, 501
Public Switched Telephone Network (PSTN), 411
pull partner, WINS, 356-58
push partner, WINS, 356-58
Q
QCLASS field, DNS, 253
QDCOUNT field, DNS, 253
QDCOUNT field, NeBT, 341
QNAME field, DNS, 253
QTYPE field, DNS, 253
quad, IP address, 47
queries
forward lookup, 255-57
iterative, 255
name query request, 327-29, 336, 338-39
negative name query response, 336, 338-39
positive name query response, 328-29, 336, 338-39
recursive, 254-55, 310-11, 469
Simple Query, 310-11
Question section, DNS, 253
Question section, NeBT, 342
R
RADIUS (Remote Authentication Dial-In User Service), 433-34
RADIUS Authentication dialog box, 434
RARP (Reverse Address Resolution Protocol), 39, 138
RAS (Remote Access Service)
authentication, 433-36
dial-in, 410-12
exercise, 420, 447-48
installing, 416-20
overview of, 413-16
policies, 438-45
profiles, 445-47
protocols, 412-13
user account dial-in properties, 437-38
RAS (Remote Access Service), VPN support, 451-62
exercises, 458-59
implementing, 451-56
Internet and, 457-58
managing, 458-59
routed environments and, 457
RAS server configuration, 422-32
event logging options, 426
exercise in, 431-32
general options, 422-23
inbound connections, 427-28
IP options, 424-25
IPX options, 425-26
multilink options, 428-29
NetBEUI options, 426
network layer options, 424
PPP options, 423-24
security options, 423
using RRAS with DHCP, 430
raw Ethernet, 111
RCODE field, NeBT, 341
RDATA field, DNS, 254
RDATA field, NeBT, 343
RDLENGTH field, DNS, 254
RDLENGTH field, NeBT, 343
rebinding time value, DHCP leasing, 149-50
recursive query, DNS
defined, 469
monitoring servers, 310-11
overview of, 254-55
Refresh Interval (REFRESH) subfield, SOA, 295
Relay Agent Service, DHCP, 146
relay agents, DHCP, 180-81
Releases sec, performance counter, 565
remote access account lockout, 416
Remote Access Logging folder, RRAS, 571-72
Remote Access Permission, Dial-In tab, 438
remote access policies, 438-45, 447-48
Remote Access Policies list, 444-45, 445-47
Remote Access Policies node, 439-40
remote access profile, 445-47
Remote Access Service. See RAS (Remote Access Service)
Remote Authentication Dial-In User Service (RADIUS), 433-34
Remote Client Protocols page, RRAS, 417
remote control access, Telnet, 106
renewal time value, DHCP leasing, 149
renewing state, DHCP leasing, 149
replay, SPAP, 413
replication, WINS, 356-62
automatic partners, 360
databases, 359-62
number of servers, 359
overview of, 356
push/pull partners and, 356-58
Replication Partners list, WINS database, 360
Reply message format, NCP, 117
reply messages, RIP, 226
Reply/Response Type field, NCP, 117
REQUEST folder, Certificates console, 530
Request for Secure Communication page, IPsec, 394-95
Request message format, NCP, 116-17
request messages, RIP, 226
Request Security (Server) policy, IPsec, 393, 396-97
Request Type field, NCP, 116
request types, DNS, 254-55
Request for Comments. See RFC (Request for Comments)
Requests sec, performance counter, 565
reservations, DHCP
creating, 167-68
scopes and, 156
troubleshooting, 187
Reserve Addresses dialog box, address pools, 483-84
Reserved field
AH, 384
TCP, 65
resolvers, DNS
defined, 241
name resolution, 255-57
overview of, 249
resource identifier codes, NetBIOS, 319-20
Resource Record Type dialog box, 299
resource records, 294-302
creating, 298-300
exercises, 300-302
types of, 294-97
viewing, 297-98, 301
response sections, DNS, 253-54
Responsible Person (RNAME) subfield, SOA, 295
restoration, CA management, 510
RETRY (Retry Interval) subfield, SOA, 295
Reverse Address Resolution Protocol (RARP), 39, 138
Reverse Lookup Zone page, New Zone Wizard, 284
reverse lookup zones
creating, 281, 284
exercise, 291-92reverse name lookups
domain for, 244
overview of, 256
performing, 258-60
Revoked Certificates dialog box, 535
Revoked Certificates folder, CA console, 514
RFC (Request for Comments)
DNS standards, 240
PPP standards, 34
RARP standards, 138
TCP/IP standards, 28-29
RIP (Routing Information Protocol)
defined, 224
installing, 228-31
as interior routing protocol, 224-25
monitoring, 570
overview of, 226-28
version 1 vs. 2, 227-28
RIP Properties dialog box, 229, 231
RNAME (Responsible Person) subfield, SOA, 295
rogue DHCP server, 154-56
root domain, DNS, 243-44
Root Hints tab, DNS server properties, 277-78
Route Add command, 219
Route Change command, 219
Route Delete command, 219
Route Print command, 198, 219
Route Tag field, RIP version 2, 227
routed environments, VPN, 457
Routed Protocols page, RRAS, 208
Route.exe, 218-21
routers
configuring, 161-64
IP and, 38
network layer protocols and, 10
packet filtering and, 366
Pathping.exe and, 97-99
Tracert.exe and, 95-97
types of, 203-04
Routing and Remote Access console. See RRAS console
Routing and Remote Access Server Setup Wizard
NAT installation, 472-75
RRAS configuration, 207-09, 416-20
RRAS demand-dial interface, 210
Routing and Remote Access Service. See RRAS (Routing and Remote Access Service)
Routing Information Protocol. See RIP (Routing Information Protocol)
routing IP, 193-236
exercise, 205
hardware for, 203-05
principles of, 194-97
routing tables, 197-203, 205
software for, 205
routing tables, 197-203
creating, 202-03
exercise, 205
overview of, 197-98
route selection, 201-02
router routing and, 200
static routes, 217-18
workstation routing and, 198-200
RR_CLASS field, NeBT, 343
RR_NAME field, NeBT, 343
RR_TYPE field, NeBT, 343
RRAS (Routing and Remote Access Service), 207-23
configuration exercises, 221-22, 233-34
configuring, 207-10
demand-dial interfaces, 214-16
demand-dial routing, 210-14
DHCP and, 430
DHCP relay agents and, 181
monitoring, 568-71
NAT configuration, 478-82
NAT installation, 472-77
packet filters and, 371-75
RIP installation, 228-31
routing software and, 205
static routes, 217-21
Windows 2000 and, 21RRAS console
demand-dial interface, 210-14
logging, 570-71
monitoring, 568-70
NAT installation, 472-77
NAT interface creation, 481-82
NAT interface properties, 482-86
packet filters, 371
Remote Access Policies node, 439-40
RIP installation, 228
RRAS, as remote access server, 416-20
RRAS configuration, 207, 209
Server Status display, 569
static routes, 217-18, 479-80
RRAS Input Filters dialog box, 372-74
RRAS Output Filters dialog box, 372-74
rules, IPsec
creating, 396-99
defined, 396
new filter list for, 399-400
S
Scope Name dialog box, 157
Scope Options dialog box, 161-64, 166-67
scopes, DHCP
activating, 160
creating, 156-60
exercise, 174
overview of, 140
superscopes, 161
troubleshooting, 187, 191-92
secondary master name servers
defined, 248
DNS implementation and, 263
troubleshooting, 314
secondary zone database files, 248
second-level domains, DNS, 245-46
secret key encryption, 500-501
Secs field, DHCP, 143
Secure Hypertext Transfer Protocol (S-HTTP), 41
Secure Server (Require Security), IPsec, 393
Secure Sockets Layer (SSL), 380
security. See also certificates; IPsec (IP security); MCS (Microsoft Certificate Services)
demand-dial interface, 216
gateway resources and, 132
Network Monitor and, 575-76
RAS server, 423
remote access, 413-16
Telnet and, 105
security, RAS, 433-50
authentication, 433-36
exercise, 447-48
overview of, 413-16
policies, 438-45
profiles, 445-47
user account dial-in properties, 437-38
Security log, Event Viewer, 540
Security Parameters Index, AH, 384
Security Parameters Index field, ESP, 386
Security tab
CA properties, 518
RIP properties, 231
segmentation, 11-12
segments, TCP, 64
Select A Device page, demand dial interface, 476
Select A Password page, CA backup, 520
Select Attribute dialog box, Add Remote Access Policy Wizard, 441-43
Select NetWare Logon dialog box, CSNW, 126-27
Select Network Client dialog box, CSNW, 122-23
Select Network Component Type dialog box
CSNW installation, 122
GSNW installation, 129
TCP/IP installation, 81
Select Network Protocol dialog box, TCP/IP, 81-82
Send Console message dialog box, session monitoring, 558
Sequence Number field
AH, 384
ESP, 386
NCP, 116, 117
SPX, 115
TCP, 65
sequence, TCP, 64
Sequenced Packet Exchange (SPX, SPXII), 114-16
Serial Line Internet Protocol. See SLIP (Serial Line Internet Protocol)
Serial Number (SERIAL) subfield, SOA, 294
Server Options dialog box, 161-64, 166-67
Server (Request Security) policy, IPsec, 393, 396-97
Server Statistics dialog box
DHCP, 177-78, 561-63
WINS, 565-66
servers, 21. See also DHCP server; DNS server
SERVICE field, SRV, 296
Service (SRV), 274, 296
service-dependent filtering, 365-66
Services tab, ICS, 496
session layer, OSI model, 5, 13
Sessions folder, Shared Folders
defined, 553
disconnecting users, 556-57
monitoring user sessions, 555-56
Shared Folders snap-in, 552-59
disconnecting users, 556-57
monitoring open files, 558-59
monitoring shared folders, 553-54
monitoring user sessions, 555-56
overview of, 552-53
sending administrative messages, 557-58
shared folder access, 554
sharing folders, 555
Shares folder, 553-55
Sharing tab, connection properties, 493-94
Sharing tab, Internet connection properties, 494-95
Shiva Password Authentication Protocol (SPAP), 413, 436
S-HTTP (Secure Hypertext Transfer Protocol), 41
Siaddr field, DHCP, 143
signaled errors, 13
signaling scheme, 5-6
signatures, IPsec, 381
signing, Windows 2000 PKI, 501
Simple Mail Transfer Protocol (SMTP), 14, 41
Simple Network Management Protocol (SNMP), 14, 42
Simple Query, 310-11
slaves, 255
sliding windows, TCP, 72
SLIP (Serial Line Internet Protocol)
OSI data-link layer and, 9
overview of, 32-33
RAS connections and, 412
TCP/IP link layer and, 31, 32
SMTP (Simple Mail Transfer Protocol), 14, 41
Sname field, DHCP, 143
SNAP (Subnetwork Access Protocol), 112
SNMP (Simple Network Management Protocol), 14, 42
SOA (Start of Authority), 294
sockets, TCP, 67-68
Software Compression, 424
Source Connection ID field, SPX, 115
Source IP address field, IP, 37-38
Source Network Address field, IPX, 113
Source Node Address field, IPX, 113
Source Port field, TCP, 65
Source Port field, UDP, 74
Source Socket field, IPX, 113
SPAP (Shiva Password Authentication Protocol), 413, 436
Special Ports tab, NAT interface properties, 484-85
spoofing, 378
SPX (Sequenced Packet Exchange), 114-16
SPXII (Sequenced Packet Exchange), 114
SRI (Stanford Research Center), 239
SRV (Service), 274, 296
SSL (Secure Sockets Layer), 380
stand-alone CA, 504, 509, 522-23
stand-alone servers, 437
stand-alone subordinate CA, 504, 509, 514
standard primary zones, 282-83
standard secondary zones, 282-83
standards
certificate, 503
DHCP, 180
DNS, 240
Ethernet, 111-12
IPsec, 382
multilink connections, 428-29
NetWare, 110
PPP, 34
RIP, 226
TCP/IP, 28-29
Stanford Research Center (SRI), 239
Start of Authority (SOA), 294
static mappings, 348-50, 469
Static Route dialog box, 217-18, 480
static routes
creating, 217-21
exercise, 234
NAT configuration and, 479-80
routing tables and, 202-03
RRAS console and, 217-18
Storage tab, CA properties, 518
Subcomponents Of Networking Services list, Windows 2000 DHCP Server, 275-76
subdomains, 287
Subfunction field, NCP, 117
Subfunction Length field, NCP, 117
subnet identifiers, 52-53
Subnet Mask field, RIP, 227
subnet masks, 49-52
calculating, 52-53
IP address classes, 50
IP address rules, 51
overview of, 49-50
private network addresses, 51-52
RRAS and, 479Subnet Mask text box, TCP/IP, 85
subnetting, 52-59
binary method calculation, 54-56
Class B network calculation, 57-59
exercise, 60
overview of, 52
scopes, creating, 156-60
subnet mask calculation, 52-53
subtraction method calculation, 56-57
Subnetwork Access Protocol (SNAP), 112
subtraction method, subnetting, 56-57
superscopes, 161
switches, 204
symmetric encryption algorithms, 380
SYN messages, TCP, 66, 68-70
syntax
Arp.exe, 101
converting, 14
NBstat.exe, 103-04
Netstat.exe, 101-03
Nslookup.exe, 104-05
Pathping.exe, 97-98
Ping.exe, 93-94
Route.exe, 218-19
Telnet.exe, 105
Tracert.exe, 96-97
System log, Event Viewer, 540
System Monitor snap-in, 544, 545-48
system performance. See monitoring
T
T1 value, DHCP, 149
T2 value, DHCP, 149-50
tags, Lmhosts, 326-27
TARGET field, SRV, 296
Task Number field, NCP, 116, 117
TCP (Transmission Control Protocol), 63-73
as connection-oriented protocol, 11, 65-66
encapsulation, 64-65
error correction, 70-71
exercises, 74-75
flow control, 12, 71-72
overview of, 63-64
packet acknowledgement, 68-70
ports and sockets, 67-68
as TCP/IP transport layer protocol, 31
terminating connections, 72-73
TCP/IP (Transmission Control Protocol/Internet Protocol)
advanced properties, 86-90
application layer protocols, 41-42
architecture, 29-31
ARP and, 38-39
basic properties, 83-86
demand-dial interface, 215-16
DHCP parameters for, 141
exercise, 90
exercises, 42-45
ICMP and, 39-40
installing, 80-83
IP and, 35-38
link layer protocols, 32
NetBIOS names, 321
overview of, 20
PPP and, 33-35
SLIP and, 32-33
standards, 28-29
UDP and, 72-73, 75-76
TCP/IP client, 367-71
TCP/IP Filtering dialog box, 368-69
TCP/IP Information window, RRAS, 570
TCP/IP utilities, 93-108
Arp.exe, 100-101
Ftp.exe, 106
Ipconfig.exe, 99-100
Nbstat.exe, 103-04
Netstat.exe, 101-03
Nslookup.exe, 104-05
Pathping.exe, 97-99
Ping, 93-95
Telnet.exe, 105
Tracert.exe, 95-97
TCP/IP WINS Server dialog box, 89, 348
TDI (transport driver interface), 21
Telecommunications Standardization Sector of the International Telecommunication Union (ITU-T), 4, 503
Telnet (Telecommunications Network Protocol), 42
Telnet.exe, 105
TFTP (Trivial File Transfer Protocol), 41, 139
three-way handshakes, TCP, 65-66
Time field, DHCP logging, 564
Time to Live. See TTL (Time to Live)
token passing, 8
tools, Windows 2000 TCP/IP. See TCP/IP utilities
top-level domains, DNS, 244-45
TOS (Type of Service) field, IP, 37
Total Length field, IP, 37
trace logs, 550
Tracert.exe, 95-97
transfer syntax, 14
transit internetworks, 451
translation component, NAT, 468
Transmission Control Protocol. See TCP (Transmission Control Protocol)
Transmission Control Protocol/Internet Protocol. See TCP/IP (Trans-mission Control Protocol/Internet Protocol)
Transport Control field, IPX, 113
transport driver interface (TDI), 21
transport layer, OSI model, 5, 11-13
transport layer protocols, TCP/IP, 31
transport mode, 386-87
Triple Data Encryption (3DES), 380
Trivial File Transfer Protocol (TFTP), 41, 139
troubleshooting
DHCP clients, 188-89
DHCP, preventing problems, 187
DHCP servers, 190-92
networking problems, 7
Windows 2000 DNS Server, 313-17
Trusted Root Certification Authorities folder, 529-30
TTL (Time to Live)
DNS field for, 254
IP field for, 37
name server caching and, 257-58
NeBT and, 343
SRV field for, 296
Tracert.exe field for, 95-96
WINS and, 337-38
Tunnel Endpoint page, IPsec, 397-98
tunnel maintenance, VPN, 453-54
tunnel mode
IPsec, 406
L2TP tunneling, 388
overview of, 386-87
tunneling protocols, 452-54
Two-Way Alternate (TWA) model, 13
Two-Way Simultaneous (TWS) model, 13
TYPE field, DNS, 254
Type of Service (TOS) field, IP, 37
U
UDP (User Datagram Protocol)
as connectionless protocol, 12
DNS using, 251
exercise, 75
overview of, 72-73
ports, 67
as TCP/IP transport layer protocol, 31
UNIX, Telnet for, 105
unqualified names, TCP/IP, 88
unregistered IP addresses. See NAT (network address translation)
unshielded twisted pair (UTP) cables, 7
unsignaled errors, 13
Urgent Pointer field, TCP, 65
user account dial-in properties, RAS, 437-38
user classes, DHCP, 164-67User Datagram Protocol. See UDP (User Datagram Protocol)
User Profile page, Add Remote Access Policy Wizard, 443
users
RAS authentication, 413-15
VPN and, 458-60
users, shared folders and
determining access, 554
disconnecting, 556-57
monitoring sessions, 555-56
overview of, 552-53
sending administrative messages, 557-58
utilities, TCP/IP. See TCP/IP utilities
UTP (unshielded twisted pair) cables, 7
V
Vendor-Specific Information option, 145
verification, Windows 2000 PKI, 502
Verify Caller ID, Dial-In tab, 438
VeriSign, 245
Version field, IP, 37
views, certificate, 530-31
Virtual Interfaces tab, OSPF properties, 233
VPN (virtual private network), 451-62
exercises, 458-59, 461
implementing, 451-56
Internet and, 457-58
IPsec connection to, 387
managing, 458-59
overview of, 410
routed environments and, 457
W
WACK (wait for acknowledgement response), 338-39
WANs (wide area networks)
as network interface adapters, 19
PPP and, 33-35
WINS Server replication and, 358
Web-based enrollment, 525-26
WEIGHT field, SRV, 296
wide area networks. See WANs (wide area networks)
Window field, TCP, 65
Windows 2000
DCHP Relay Agent, 181
gateways, 130-31
NetWare compatibility, 118-19
PKI features, 501-02
WINS clients, 347-48
Windows 2000 DNS Server, 273-316
Active-Directory integrated zones, 285-86
caching-only server, 277-78
installing, 274-79
monitoring, 310-13
resource records, 298-302
resource records types, 294-97
resource records, viewing, 297-98
troubleshooting, 313-17
zone delegation, 286-89
zone exercises, 290-92
zone transfers, 303-09
zones, 280-85
zones, dynamic updates and, 289-90
Windows 2000, monitoring, 540-60
Event Viewer, 540-44
exercises, 559
Performance console, 544-52
Shared Folders snap-in, 552-59
Windows 2000 network components, 18-46
binding, 23-24
clients, 21
exercise, 24-25
installing, 22-23
network interface adapters, 19
protocol stack, 18
protocols, 20
services, 21-22
Windows 2000 Server, 205
Windows Authentication option, 435
Windows Calculator, 53
Windows Components Wizard
Certificate Services, 510-14
Windows 2000 DHCP Server installation, 153-54, 275-76
WINS Server installation, 345-47
Winipcfg.exe, 99-100
WINS (Windows Internet Name Service), 345-54
exercises, 352-54
installing, 352
messaging, 335-39
monitoring activity, 565-67
NetBT formats and, 339-44
non-WINS clients, 348-50
replication, 356-62
Server Statistics dialog box, 565-66
Windows 2000 and, 21
WINS client configuration, 347-48
WINS database, 350-51
WINS Server installation, 345-47
WINS (Windows Internet Name Service), NetBIOS and, 318-34
broadcast transmissions and, 327-29
exercise, 333
Lmhosts file, 322-27
name caching, 322
name servers, 330
naming, 318-21
node types, 330-32
registering/resolving names, 321
resource identifier codes, 319-20
WINS client, 347-48
WINS console
database replication and, 359-60
static mappings, 348-50
WINS database, 350-51
WINS double ring replication topology, 358
WINS proxy agent, 350
WINS Server
configuring, 347-48
database backups with, 351
installing, 345-47
WINS Server, replication
automatic partners and, 360
databases and, 359
how many to use, 359
push/pull partners and, 356-58
WINS Server dialog box, TCP/IP, 89
WINS snap-in, 347
WINS tab, advanced TCP/IP settings
Lmhosts implementation, 325-26
overview, 89-90
WINS client configuration, 347-48
workstations, 21, 198-200
X
X.509 Extensions tab, 516-17
Xid field, DHCP, 143
Y
Yiaddr field, DHCP, 143, 147
Z
Zone File page, New Zone Wizard, 283
Zone Name page, New Zone Wizard, 281-82
zone transfers, 303-09
DNS notification and, 307-08
example of, 304-06
incremental, 304
overview of, 248
security of, 306-07
troubleshooting, 314
Zone Type page, New Zone Wizard, 281-82
zones, 280-92
Active-Directory integrated, 285-86
creating, 280-85
delegating, 286-89, 314
dynamic updates and, 289-90
exercises, 290-92
overview of, 246-47
troubleshooting, 314
Last Updated: August 9, 2002
|
