Designing a Network Infrastructure/MCSE Study guide/exam 70-221
MCSE 05 Implementing of a Network Infrastructure 10 Theory
-
Upload
sivasankar015 -
Category
Documents
-
view
222 -
download
0
Transcript of MCSE 05 Implementing of a Network Infrastructure 10 Theory
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
1/45
ADVANTAGE PRO Chennais Premier Networking Training Center
RoutingRouting
andand
Remote AccessRemote Access
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
2/45
ADVANTAGE PRO Chennais Premier Networking Training Center2
Successor to Windows NT 4.0 Remote Access ServiceSuccessor to Windows NT 4.0 Remote Access Service(RAS)(RAS)
AddAdd--on feature for Windows NT 4.0 also called Routingon feature for Windows NT 4.0 also called Routing
and Remote Access (RRAS)and Remote Access (RRAS)
High performance service that allows one computer toHigh performance service that allows one computer tohandle remote users through dialhandle remote users through dial--up or VPN, routingup or VPN, routing
between branch offices, routing to the Internet, andbetween branch offices, routing to the Internet, androuting between network segmentsrouting between network segments
What is Routing and Remote Access?What is Routing and Remote Access?
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
3/45
ADVANTAGE PRO Chennais Premier Networking Training Center3
Open the Routing and Remote Access tool fromOpen the Routing and Remote Access tool fromAdministrative ToolsAdministrative Tools
RightRight--click on your server name to run the wizardclick on your server name to run the wizard
Configuring an RRASServerConfiguring an RRASServer
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
4/45
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
5/45
ADVANTAGE PRO Chennais Premier Networking Training Center5
This option walks you through setting up NetworkThis option walks you through setting up NetworkAddress TranslationAddress Translation
If you are not in a domain, it will ask if you want to set upIf you are not in a domain, it will ask if you want to set up
simple ICS insteadsimple ICS instead
Allows you to create a demand dial connection to yourAllows you to create a demand dial connection to yourISPISP
Asks if you want to set up the DHCP Allocator and DNSAsks if you want to set up the DHCP Allocator and DNSProxyProxy
Internet Connection ServerInternet Connection Server
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
6/45
ADVANTAGE PRO Chennais Premier Networking Training Center6
Configured after the wizardConfigured after the wizard
Properties of externalProperties of externalnetwork interfacenetwork interface
Address PoolAddress Pool
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
7/45
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
8/45
ADVANTAGE PRO Chennais Premier Networking Training Center8
Configured after wizardConfigured after wizard
Properties of external networkProperties of external network
interfaceinterface
Port to IP mappingPort to IP mapping FTPFTPserver, WWW serverserver, WWW server
Special PortsSpecial Ports
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
9/45
ADVANTAGE PRO Chennais Premier Networking Training Center9
This option helps configure a RAS serverThis option helps configure a RAS server
If you are not in a domain, it will ask if you want to set upIf you are not in a domain, it will ask if you want to set upsimple incoming connections insteadsimple incoming connections instead
Allows you to select how you want to handle IP addressAllows you to select how you want to handle IP addressassignmentassignment
Asks if you want to use a radius server for authenticationAsks if you want to use a radius server for authentication(IAS)(IAS)
Remote Access ServerRemote Access Server
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
10/45
ADVANTAGE PRO Chennais Premier Networking Training Center10
It will set up all modem and ISDN devices for dialIt will set up all modem and ISDN devices for dial--in, andin, andalso five PPTP and five L2TP connections (you can addalso five PPTP and five L2TP connections (you can addmore later)more later)
Configures DHCP relay agent automatically so RASConfigures DHCP relay agent automatically so RASclients will use DHCP informclients will use DHCP inform
Configures IGMP so RAS clients can run multicastConfigures IGMP so RAS clients can run multicast
applications over their connectionapplications over their connection
Configures a default Remote Access PolicyConfigures a default Remote Access Policy
Remote Access ServerRemote Access Server
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
11/45
ADVANTAGE PRO Chennais Premier Networking Training Center11
This option helps configure a VPN serverThis option helps configure a VPN server
Asks similar questions to RAS server setupAsks similar questions to RAS server setup
Asks for which interface is your Internet connectionAsks for which interface is your Internet connection
Must have an Internet connection through a network cardMust have an Internet connection through a network card
Will not work if you have only one network card in theWill not work if you have only one network card in thecomputercomputer
Virtual Private Network ServerVirtual Private Network Server
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
12/45
ADVANTAGE PRO Chennais Premier Networking Training Center12
Configures 128 PPTP and 128 L2TP connections (youConfigures 128 PPTP and 128 L2TP connections (youcan change this later)can change this later)
Configures DHCP Relay, IGMP, and RAS policies justConfigures DHCP Relay, IGMP, and RAS policies justlike RAS serverlike RAS server
Configures IP filters on the selected Internet interface soConfigures IP filters on the selected Internet interface soit accepts only PPTP and L2TP connectionsit accepts only PPTP and L2TP connections
Virtual Private Network ServerVirtual Private Network Server
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
13/45
ADVANTAGE PRO Chennais Premier Networking Training Center13
Configures a basic IP or IPX network routerConfigures a basic IP or IPX network router
Allows you to configure for demandAllows you to configure for demand--dial connectionsdial connections
You must add and configure routing protocols laterYou must add and configure routing protocols later(IGMP, NAT, DHCP, RIP, OSPF)(IGMP, NAT, DHCP, RIP, OSPF)
Network RouterNetwork Router
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
14/45
ADVANTAGE PRO Chennais Premier Networking Training Center14
Use this option if you just want to start RRAS with defaultUse this option if you just want to start RRAS with defaultoptionsoptions
Routing for LAN and demandRouting for LAN and demand--dial is turned ondial is turned on
RAS server with default settings is installedRAS server with default settings is installed
Configures DHCP Relay, IGMP, and RAS policies, justConfigures DHCP Relay, IGMP, and RAS policies, just
like RAS serverlike RAS server
Configures for five PPTP and five L2TP connectionsConfigures for five PPTP and five L2TP connections
Manually Configured ServerManually Configured Server
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
15/45
ADVANTAGE PRO Chennais Premier Networking Training Center15
After you have run the RRAS wizard and configured yourAfter you have run the RRAS wizard and configured yourserver, you can still change it laterserver, you can still change it later
You can easily make a VPNYou can easily make a VPN--only server a RAS serveronly server a RAS serveror router later on by removing the IP filtersor router later on by removing the IP filters
You can add additional routing protocols after you areYou can add additional routing protocols after you are
configured for NATconfigured for NAT
Important to RememberImportant to Remember
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
16/45
ADVANTAGE PRO Chennais Premier Networking Training Center16
Remote Access ServerRemote Access Server
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
17/45
ADVANTAGE PRO Chennais Premier Networking Training Center17
General issuesGeneral issues
VPN/routing IssuesVPN/routing Issues
NAT issuesNAT issues
Troubleshooting Common IssuesTroubleshooting Common Issues
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
18/45
ADVANTAGE PRO Chennais Premier Networking Training Center18
Manually configured serverManually configured server
Remote registry serviceRemote registry service
DOD static routeDOD static route
BrowsingBrowsing
General IssuesGeneral Issues
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
19/45
ADVANTAGE PRO Chennais Premier Networking Training Center19
Firewalls/routers must allow GRE traffic on port 1723Firewalls/routers must allow GRE traffic on port 1723
Use the same IP scheme as the local network for RRAS
Use the same IP scheme as the local network for RRAS
PPP loggingPPP logging -- Q234014Q234014
VPN/Routing IssuesVPN/Routing Issues
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
20/45
ADVANTAGE PRO Chennais Premier Networking Training Center20
Set adapter to use internal interfaceSet adapter to use internal interface
VPN/Routing IssuesVPN/Routing Issues
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
21/45
ADVANTAGE PRO Chennais Premier Networking Training Center21
NAT address assignment and name resolutionNAT address assignment and name resolution
Troubleshooting NATTroubleshooting NAT
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
22/45
ADVANTAGE PRO Chennais Premier Networking Training Center22
Troubleshooting NATTroubleshooting NAT Internet connection sharingInternet connection sharing cannot be used incannot be used in
conjunction with NATconjunction with NAT
Public and private interfacePublic and private interface
Obvious but commonObvious but common be sure the adapters selectedbe sure the adapters selectedare correctare correct
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
23/45
ADVANTAGE PRO Chennais Premier Networking Training Center
Microsoft IAS RADIUSServer:Microsoft IAS RADIUSServer:Features and AdvantagesFeatures and Advantages
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
24/45
ADVANTAGE PRO Chennais Premier Networking Training Center24
Understand the features and benefits of MicrosoftsUnderstand the features and benefits of MicrosoftsRemote Authentication DialRemote Authentication Dial--In UserService (RADIUS)In UserService (RADIUS)server: Internet Authentication Services (IAS)server: Internet Authentication Services (IAS)
ObjectivesObjectives
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
25/45
ADVANTAGE PRO Chennais Premier Networking Training Center25
IntroductionIntroduction
Overview of the features of IAS
Overview of the features of IAS
Benefits of IASBenefits of IAS
ConclusionConclusion
AgendaAgenda
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
26/45
ADVANTAGE PRO Chennais Premier Networking Training Center 26
RADIUS definitionRADIUS definition
Availability in Microsoft Windows 2000 Server andAvailability in Microsoft Windows 2000 Server andMicrosoft Windows Server2003Microsoft Windows Server2003
Interoperable through standardsInteroperable through standards
IntroductionIntroduction
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
27/45
ADVANTAGE PRO Chennais Premier Networking Training Center 27
Client Gateway
Allow or deny network access
Specify restrictions for permitted connections
Securely transfer keys used for data encryption
Collect connection accounting and auditing information
Federated control of network connection
Network access control
Any gateway to any database
Single identity to any network
RADIUSRADIUS
3Com
User
Database
IntroductionIntroduction
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
28/45
ADVANTAGE PRO Chennais Premier Networking Training Center 28
PolicyPolicy--based accessbased access
Different authentication protocolsDifferent authentication protocols
AccountingAccounting
ExtensibilityExtensibility
RADIUS proxyRADIUS proxy
CommandCommand--line configurationline configuration
FeaturesFeatures
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
29/45
ADVANTAGE PRO Chennais Premier Networking Training Center 29
FeaturesFeatures
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
30/45
ADVANTAGE PRO Chennais Premier Networking Training Center 30
Access control evolved through releases.Access control evolved through releases.
Windows NT 4.0 Server:U
ser properties.Windows NT 4.0 Server:U
ser properties.
Windows 2000/Windows Server2003: UserWindows 2000/Windows Server2003: Userproperties and remote access policies.properties and remote access policies.
Policies are evaluated against connections.Policies are evaluated against connections.
Policy restriction settings are applied to authorizedPolicy restriction settings are applied to authorizedconnections.connections.
FeaturesFeatures11-- PolicyPolicy--Based AccessBased Access
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
31/45
ADVANTAGE PRO Chennais Premier Networking Training Center 31
FeaturesFeatures11-- PolicyPolicy--Based AccessBased Access
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
32/45
ADVANTAGE PRO Chennais Premier Networking Training Center 32
Password based:Password based:
802.1x Protected Extensible Authentication Protocol802.1x Protected Extensible Authentication Protocol--
Microsoft Challenge Handshake AuthenticationMicrosoft Challenge Handshake AuthenticationProtocol version 2 (PEAPProtocol version 2 (PEAP--MSCHAPv2)MSCHAPv2)
DialDial--up connection and virtual private network (VPN):up connection and virtual private network (VPN):MSCHAPv2 (also support previous protocols: PAP,MSCHAPv2 (also support previous protocols: PAP,
CHAP, MSCHAPv1)CHAP, MSCHAPv1)
FeaturesFeatures22-- Different Authentication ProtocolsDifferent Authentication Protocols
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
33/45
ADVANTAGE PRO Chennais Premier Networking Training Center 33
Ability to change passwords (MSCHAP family ofAbility to change passwords (MSCHAP family ofprotocols)protocols)
EAPEAP--MD5MD5
Certificates and smart cards: Extensible AuthenticationCertificates and smart cards: Extensible AuthenticationProtocolProtocol--Transport LayerSecurity (EAPTLS)Transport LayerSecurity (EAPTLS)
Token cards: EAPToken cards: EAP--SecureIDSecureID
Other: thirdOther: third--party EAPparty EAP
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
34/45
ADVANTAGE PRO Chennais Premier Networking Training Center 34
FeaturesFeatures22-- Different Authentication ProtocolsDifferent Authentication Protocols
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
35/45
ADVANTAGE PRO Chennais Premier Networking Training Center 35
Three modes of logging:Three modes of logging:
Log filesLog files
SQL ServerSQL Server (Windows Server2003)(Windows Server2003)
Event viewerEvent viewer
FeaturesFeatures33-- AccountingAccounting
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
36/45
ADVANTAGE PRO Chennais Premier Networking Training Center 36
FeaturesFeatures33-- AccountingAccounting
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
37/45
ADVANTAGE PRO Chennais Premier Networking Training Center 37
Extensible authentication infrastructureExtensible authentication infrastructure
EAP software development kit (SDK)EAP software development kit (SDK)
Write authentication protocolsWrite authentication protocols
Internet Authentication ServiceInternet Authentication Service
IAS SDKIAS SDK Write RADIUS extensions for authentication,Write RADIUS extensions for authentication,authorization, and loggingauthorization, and logging
IAS SDOIAS SDO API to configure IASAPI to configure IAS
FeaturesFeatures44-- ExtensibilityExtensibility
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
38/45
ADVANTAGE PRO Chennais Premier Networking Training Center 38
RADIUS proxy available on Windows Server2003.RADIUS proxy available on Windows Server2003.
Requests can be routed to a different RADIUS serverRequests can be routed to a different RADIUS serverbased on specific criteria.based on specific criteria.
Load balancing and failLoad balancing and fail--over.over.
FeaturesFeatures55-- Radius ProxyRadius Proxy
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
39/45
ADVANTAGE PRO Chennais Premier Networking Training Center 39
FeaturesFeatures55-- Radius ProxyRadius Proxy
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
40/45
ADVANTAGE PRO Chennais Premier Networking Training Center 40
Netsh aaa:Netsh aaa:
Easy to useEasy to use
Save, copy, restore all or detailed IAS configurationSave, copy, restore all or detailed IAS configuration
FeaturesFeatures66-- CommandCommand--Line ConfigurationLine Configuration
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
41/45
ADVANTAGE PRO Chennais Premier Networking Training Center 41
Integrated identity managementIntegrated identity management
Single authentication model for all network entry points:Single authentication model for all network entry points:wired, wireless, VPN, or dialwired, wireless, VPN, or dial--upup
Industry leadingIndustry leading
EAP, ProtectedEAP, Protected--EAPEAP
Flexible access policyFlexible access policy
XML SQL loggingXML SQL logging
BenefitsBenefits
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
42/45
ADVANTAGE PRO Chennais Premier Networking Training Center 42
Standards based (RADIUS, EAP, ProtectedStandards based (RADIUS, EAP, Protected--EAP)EAP)
11--factor or2factor or2--factor authenticationfactor authentication
Passwords, certificates, or smart cardsPasswords, certificates, or smart cards
ThirdThird--party plugparty plug--ins: Security Dynamicsins: Security Dynamics
Extensible platformExtensible platform
Split authentication: authenticate remotely, authorizeSplit authentication: authenticate remotely, authorizelocallylocally
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
43/45
ADVANTAGE PRO Chennais Premier Networking Training Center 43
Works with Active DirectoryWorks with Active Directory
Low cost of ownershipLow cost of ownership
BenefitsBenefits
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
44/45
-
8/6/2019 MCSE 05 Implementing of a Network Infrastructure 10 Theory
45/45
ADVANTAGE PRO Chennais Premier Networking Training Center 45
ALL THE BESTALL THE BEST