Presentation is loading. Please wait.

Presentation is loading. Please wait.

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Published byMelissa Sanders Modified over 8 years ago

Similar presentations

Presentation on theme: "CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+"— Presentation transcript:

1 CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

2 Agenda Chapter 5: Configuring Routing and Remote Access (RRAS) and Wireless Networking Exercise Lab Quiz

3 Routing The process of transferring data across an internetwork from one LAN to another

4 Hub & Switch A hub (multi-port repeater) operates at Layer 1 ▫Receives the incoming signal and recreates it for transmission on all of its ports A switch examines the destination and source address of data frame, and forwards to the destination port ▫Most switches operate at Layer 2

5 Router (Layer 3 Devices) Determines routes from a source network to a destination network, then send packets to that path To join networks together over extended distances or WANs ▫The routers choose the fastest or cheapest route To connect dissimilar LANs, such as an Ethernet LAN, to a Fiber Distributed Data Interface (FDDI) backbone.

6 Routing Protocols Used to automatically transmit information about the routing topology and which segments can be reached via which router. Windows Server 2003 support both ▫RIPv2 (Routing Information Protocol) ▫OSPF (Open Shortest Path First) Windows Server 2008 support only RIPv2

7 Routing Information Protocol (RIP) Designed for use only on smaller networks Broadcast-based protocol ▫Broadcasts information about available networks on a regular basis, as well as when the network topology changes RIP v2 ▫Improve the amount of routing information that was provided by RIP ▫Increase the security of the routing protocol

8 Open Shortest Path First (OSPF) Designed for use on significantly larger networks Each OSPF router maintains a database of routes to all destination networks that it knows of ▫It routes the traffic using the best (shortest) route ▫It share database information only with those OSPF routers that it has been configured to share information with

9 Software-based Router Windows Server 2008 computer can be used to route traffic on a small network ▫Routing and Remote Access server role  Under Network Policy and Access services

10 Static Routes Manually configured by a router administrator ▫Static routes do not add any processing overhead on the router Not appropriate for large or complex environments

11 Windows Server 2008 Routing Protocols Generally, you do not need routing protocol for small subnets Windows Server 2008 includes three routing protocols that can be added to the Routing and Remote Access service: ▫RIPv2 ▫IGMP Router And Proxy  Used for multicast forwarding. ▫DHCP Relay Agent

12 Routing Table Provide directions toward destination networks or hosts (Route) ▫Each route consists of a destination, network mask, gateway interface, and metric The IP routing table serves as a decision tree that enables IP to decide the interface and gateway through which it should send the outgoing traffic ▫See Figure 5-5 and Figure 5-6 on Page 106

13 Routing Table (Cont.) 0.0.0.0 ▫Default route 224.0.0.0 ▫Entries refer to a separate multicast route Metric ▫Lower metric is chosen for the path

14 Routing Table (Cont.) Four types of routes ▫Directly attached network routes  Gateway can be blank  Same subnet, use arp to resolve to MAC address ▫Remote network routes  For subnets that are available across routers and that are not directly attached to the node ▫Host routes  A route to a specific IP address ▫Default routes

15 Route Command To configure the routing table from the command line, use the route command-line utility The Route utility syntax is as follows: route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric] [if Interface] See Table 5-1 on Page 108

16 Demand-Dial Routing Routing and Remote Access also includes support for demand-dial routing (also known as dial-on-demand routing) ▫To dial/make a connection automatically whenever the router receives a packet ▫Drop the connection when idle for certain amount of time ▫You can use dial-up connection

17 Remote Access A Windows Server 2008 computer ▫Can act as a Network Address Translation (NAT ) device  Allows internal network clients to connect to the Internet using a single shared IP address ▫Can provide both NAT and VPN services ▫Can configure a secure site-to-site connection between two private networks Dial-up networking (DUN) ▫Often use unencrypted traffic Virtual Private Network (VPN)

18 Creates a secure point-to-point connection Rely on secure TCP/IP-based protocols called tunneling protocols ▫The remote access server authenticates the VPN client and creates a secured connection A VPN is a logical connection between the VPN client and the VPN server over a public network ▫In order to secure any data sent over the public network, VPN data must be encrypted

19 Virtual Private Network (VPN) A VPN connection in Windows Server 2008 consists of the following components: ▫A VPN server ▫A VPN client ▫A VPN connection (the portion of the connection in which the data is encrypted) ▫A VPN tunnel (the portion of the connection in which the data is encapsulated)

20 Virtual Private Network (VPN) Two tunneling protocols available with Remote and Routing Access: ▫Point-to-Point Tunneling Protocol (PPTP)  In Windows Server 2k8, PPTP supports only the 128-bit RC4 encryption algorithm ▫Layer Two Tunneling Protocol (L2TP)  L2TP with IPSec to provide a secure, encrypted VPN solution  In Windows Server 2k8, L2TP will support the Advanced Encryption Standard (AES) 256-bit, 192- bit, 128-bit, and 3DES encryption algorithms by default

21 Network Access Translation (NAT) A protocol that enables private networks to connect to the Internet ▫Translates private IP addresses to/from public IP addresses The NAT process also obscures private networks from external access by hiding private IP addresses from public networks The only IP address that is visible to the Internet is the IP address of the computer running NAT

22 Network Policy Server (NPS) After a user submits credentials to create a remote access connection The remote access connection must be authorized by ▫Network Policy Server (NPS) RRAS role service ▫A third-party authentication and authorization service such as a Remote Authentication Dial-In User Service (RADIUS) server

23 Network Policy Server (NPS) Remote access authorization consists of two steps: ▫Verifying the dial-in properties of the user account ▫Verifying any NPS Network Policies that have been applied against the Routing and Remote Access server

24 NPS Network Policies An NPS Network Policy is a set of permissions or restrictions that is read by a remote access authenticating server that applies to remote access connections A rule for evaluating remote connections, consists of three components: ▫Conditions ▫Constraints ▫Settings

25 NPS Network Policies NPS Network Policies are ordered on each Remote Access server ▫Each policy is evaluated in order from top to bottom ▫Once the RRAS server finds a match, it will stop processing additional policies See Figure 5-9 on Page 116

26 NPS Network Policy Two NPS Network Policies are preconfigured in Windows Server 2008 ▫Connections To Microsoft Routing And Remote Access Server  Configured to match every remote access connection to the Routing and Remote Access service ▫Connections To Other Access Servers  Configured to match every incoming connection, regardless of network access server type  If an incoming connection is being authenticated by a RADIUS server or some other authentication mechanism, this policy will take effect

27 Policy Conditions Each NPS Network policy is based on policy conditions that determine when the policy is applied This policy would then match a connection for a user who belongs to the global security group ▫Only membership in global security groups can serve as a remote policy condition ▫Universal or domain local security groups cannot be specified as the condition for a remote access policy

28 Policy Settings An NPS Network policy profile consists of a set of settings and properties that can be applied to a connection ▫Such as IP Address properties ▫You can configure an NPS profile by clicking the Settings tab in the policy Properties page See Figure 5-12 on Page 118

29 Policy Settings You can set multilink properties ▫Enable a remote access connection to use multiple modem connections for a single connection and determine the maximum number of ports (modems) that a multilink connection can use You can also set Bandwidth Allocation Protocol (BAP) policies ▫Determine BAP usage and specify when extra BAP lines are dropped By default, multilink and BAP are disabled ▫Multilink and BAP must be enabled for the multilink properties of the profile to be enforced

30 Policy Settings Dial-up PPTP-based VPN Encryption Type L2TP/IPSec VPN Encryption Type Basic Encryption (MPPE 40-Bit) 40-bit key56-bit DES Strong Encryption (MPPE 56-Bit) 56-bit key56-bit DES Strongest Encryption (MPPE 128-Bit)128-bit key168-bit 3DES No Encryption Four encryption options available in the Encryption tab:

31 Authentication Protocols Challenge Handshake Authentication Protocol (CHAP) ▫A generic authentication method that offers encryption of authentication data through the MD5 hashing scheme ▫CHAP provides compatibility with non-Microsoft clients ▫The group policy that is applied to accounts using this authentication method must be configured to store passwords using reversible encryption ▫Passwords must be reset after this new policy is applied ▫It does not support encryption of connection data

32 Authentication Protocols Extensible Authentication Protocol-Message Digest 5 Challenge Handshake Authentication Protocol (EAP-MD5 CHAP) ▫Supports encryption of authentication data through the MD5 hashing scheme ▫It does not support the encryption of connection data ▫Provides compatibility with non-Microsoft clients, such as those running Mac OS X

33 Authentication Protocols MS-CHAP v1 ▫A one-way authentication method that offers encryption of both authentication data and connection data ▫The same cryptographic key is used in all connections. MS-CHAP v1 supports older Windows clients, such as Windows 95 and Windows 98

34 Authentication Protocols MS-CHAP v2 ▫A mutual authentication method that offers encryption of both authentication data and connection data ▫A new cryptographic key is used for each connection and each transmission direction ▫MS-CHAP v2 is enabled by default in Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008

35 Authentication Protocols EAP-TLS ▫A certificate-based authentication that is based on EAP ▫Typically used in conjunction with smart cards ▫Supports encryption of both authentication data and connection data ▫The remote access server must be a member of a domain  Stand-alone servers do not support EAP-TLS

36 Authentication Protocols Shiva Password Authentication Protocol (SPAP) ▫A weakly encrypted authentication protocol that offers interoperability with Shiva remote networking products ▫SPAP does not support the encryption of connection data Password Authentication Protocol (PAP) ▫A generic authentication method that does not encrypt authentication data  User credentials are sent over the network in plaintext ▫PAP does not support the encryption of connection data Unauthenticated access ▫Allows remote access connections to connect without submitting credentials

37 Authentication Protocols See Table 5-2 on Page 120 for authentication requirement

38 Accounting By default, all remote access attempts are logged to text files ▫C:\Windows\system32\LogFiles directory You can also configure logging to a SQL DB for better reporting and event correlation

39 802.1X 802.1X is port-based ▫It can allow or deny access on the basis of a physical port or a logical port  Wall jack using an Ethernet cable  Wireless access point using the WiFi cards

40 802.1X Components Supplicant ▫The device that is seeking access to the network Authenticator ▫The component that requests authentication credentials from supplicants ▫Forwards the supplicant’s credentials to the Authentication Server (AS)  The port on a switch for a wired connection or a wireless access point Authentication Server (AS) ▫Verifies the supplicant’s authentication credentials ▫Required Network Policy Server role or third- party RADIUS servers

41 Assignment Summarize the chapter in your own word ▫At least 75 words ▫Due BEFORE class start on Thursday Lab 5 ▫Due BEFORE class start on Monday

Download ppt "CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+"

Similar presentations

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.

4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.

1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.

Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Configuring Routing and Remote Access (RRAS) and Wireless Networking Lesson 5.

Configuring Routing and Remote Access (RRAS) and Wireless Networking Lesson 5.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Similar presentations

Ads by Google