This can be a hardware router, a server that is configured as a router, or the computer or wireless router through which the other computers in a small office/home office SOHO network ac
Trang 1So what identifies the computer and what identifies the subnet? To discover this, we need
to look at the next value, the subnet mask Subnet masks are most peculiar numbers They
represent binary numbers that consist of all ones followed by all zeros For example:
255.255.255.0 is the binary number 11111111 11111111 11111111 00000000.
The actual value of this number is irrelevant What matters is the number of ones and
zeros A one says that the corresponding bit in the IPv4 address is a network address bit
A zero says that the corresponding bit in the IPv4 address is a computer or host address bit
In the example given, the last 8 bits of the subnet mask are all zero So the host address is
the final octet of the subnet address, or 143 The network address of the subnet is 10 16 10 0
Because hosts are defined by a single octet in this example, the 10 16 10 0 subnet contains
254 host addresses The first IPv4 address in the subnet is 10 16 10 1 The last is 10 16 10 254
The number 10 16 10 0 identifies the subnet and is called the subnet address The number
10 16 10 255 is called the broadcast address and is used when a packet needs to be sent to
every host on a subnet
Subnetting and Supernetting
You can split a subnet into smaller subnets by adding ones to the end of the ones in the
subnet mask If you have two (or more) suitable contiguous subnets, you can merge them into
a single subnet by changing one or more ones at the end of the ones in the subnet masks to
zeros These techniques are known as subnetting and supernetting, respectively
If an organization has a significant number of computers on its network (say over 100—this
number varies depending on the type, volume, and pattern of traffic on the network—or if it
has several geographic locations, the organization probably creates several subnets If a subnet
contains too many computers and other devices, it tends to slow down because there is a greater
chance of two computers trying to put data onto the network simultaneously and causing
a collision Dividing a network into several subnets reduces the likelihood of such collisions
At the router that connects to the Internet, however, the organization uses supernetting
to combine (or summarize) the subnets so that they can be defined with a single network
address that will be translated to a public address on the Internet Public addresses and
address translation are discussed later in this lesson
More Info SUBNettINg aND SUperNettINg
For more information about supernetting and subnetting, and about CIDR and VLSM
technologies, see http://support.microsoft.com/kb/164015
note CIDr NOtatION
Because the subnet mask 255.255.255.0 consists of 24 ones followed by 8 zeros, you
can also write it as /24 A subnet with a network address 192.168.0.0 and a subnet mask
255.255.255.0 (for example) is then designated 192.168.0.0/24 This is sometimes called
CIDR notation A subnet mask with 25 ones followed by 7 zeros is a /25 subnet mask In
dotted decimal, this would be 255.255.255.128.
Trang 2The final value shown in Figure 6-1 is the default gateway This is the IPv4 address of the
router connection on the same subnet as the IPv4 address of the host computer If an IPv4 packet has a destination address of a different subnet, it is routed through other subnets via the router until it finds the destination it is looking for If you browse to a Web site, for example, you need to send data to the Web server for that site, which has an IPv4 address somewhere on the Internet
Put simply, some packets need to get out of your subnet and go to another network (for example, the Internet) Your computer sends these packets to a routing device This can be
a hardware router, a server that is configured as a router, or the computer or wireless router through which the other computers in a small office/home office (SOHO) network access the Internet The default gateway is the address within the subnet of the routing device (which has at least one more IPv4 address on another subnet) It is where outgoing packets leave the subnet It is also where incoming packets from other networks enter the subnet
quick Check
1. What is the binary number 00001010 11110000 10101010 01000000 in dotted decimal notation?
2. Are the IPv4 addresses 192.168.1.200 and 192.168.1.24 on the same subnet? Both have a subnet mask of 255.255.255.0.
3. Is 10.0.0.130 a valid IPv4 address on the 10.0.0.0/25 subnet?
quick Check answers
1. 10.240.170.64.
2. The subnet mask specifies that the final octet holds the host address Therefore the first three octets hold the subnet’s network address In both cases, this is 192.168.1.0, so the computers are on the same subnet.
3. No The /25 subnet mask specifies 25 ones and therefore 32 – 25 = 7 zeros Zeros denote host address Therefore, the host address is from 0000001 to 1111110 binary (0000000 is the network address and 111111 the broadcast address) In decimal, this is 1 to 126 So the valid IPv4 addresses on the network are 10.0.0.1
to 10.0.0.126 10.0.0.130 is not in this range and therefore is not valid on this subnet It is an address on another subnet (for example, 10.0.0.128/25).
Network Services
IPv4 configuration and operation relies on a number of network services In an enterprise environment, these services (apart from APIPA) are implemented on servers However, on a small network, DHCP and DNS services can be provided by a client running ICS or by a WAP Services associated with IPv4 include the following:
Trang 3n DhCp Assigns IPv4 addresses to hosts that are set to receive their configurations
automatically It assigns IPv4 addresses from one or more scopes and handles IPv4
address leasing and renewal Exclusion ranges can be defined for non-DHCP-enabled
hosts, and static assignments can be made to specific media access control (MAC)
addresses DHCP can also specify the IPv4 address of the default gateway(s) and DNS
server(s)
n DNS Resolves both local host names and fully qualified domain names (FQDNs)—for
example, http://www.contoso.internal—to IPv4 addresses (and vice versa) A local DNS
server can perform this function on its own subnet For example, if you enter ping
canberra in the Command Prompt window, DNS resolves the computer name Canberra
to its IPv4 address DNS also works over the Internet to resolve the FQDNs of remote
Web sites to their IPv4 addresses DNS provides a connection-specific DNS suffix for
e-mail addresses If you had an e-mail server (for example, a server running Microsoft
Exchange Server) on your network, the connection-specific DNS suffix would be the
section of the e-mail address after the @ symbol (for example, don hall@tailspintoys
com) The Dynamic Domain Name Service (DDNS) uses the concept of a dynamic
database and enables dynamic updates
More Info INterNaL VS eXterNaL reSOLUtION
If you need to resolve a computer name on your internal network to an IPv4 address
(for example, if you entered ping canberra in the Command Prompt window), then
the DNS service on your WAP or ICS computer will provide the IPv4 address that
corresponds to the computer name If, on the other hand, you needed to resolve an
FQDN on the Internet (for example if you entered http://www.contoso.com in your
browser), then that FQDN is resolved over the Internet FQDNs are resolved over the
Internet using a DNS server hierarchy and an iterative process It is unlikely that the
70-680 examination will test your knowledge of iterative DNS queries However, if you
want to know more about this topic out of professional interest, see http://technet.
microsoft.com/en-us/library/cc775637.aspx.
n apIpa Configures an internal private network when DHCP is not provided If you
have a network with no connection to any other network and you want the computers
on that network to see one another, you can connect them by using an Ethernet switch
and allow them to configure themselves without requiring DHCP services APIPA
configures a computer’s IPv4 settings with an IPv4 address in the range 169 254 0 1
through 169 254 255 254 and a subnet mask of 255 255 0 0 APIPA does not configure
a default gateway because an APIPA-configured network does not send IPv4 packets
to, or receive them from, any other network
n Nat Allows many devices on a private network to gain access to the Internet
through one public IPv4 address NAT translates between private IPv4 addresses used
internally in a local network and public addresses used on the Internet When you
send a request to the Internet—for example, by typing a Uniform Resource Locator
Trang 4(URL) into a browser—the information that the request returns (the Web page) needs
to find its way back to your computer, which has an internal IPv4 address on your local area network (LAN) Typically, your ISP allocates only one public IPv4 address that all the computers on your LAN share when accessing the Internet NAT deals with this situation and ensures that IPv4 packets from the Internet reach the correct LAN destinations
More Info NetWOrK aDDreSS traNSLatION
For more information about NAT, see http://technet.microsoft.com/en-us/library/
cc739385.aspx.
Public and Private IPv4 Addresses
Every device on the Internet has its own unique public IPv4 address that is shared with no other device (a LAN also has at least one IPv4 address that is unique on the Internet) For
example, if you type a URL such as http://www.adatum.com into your Web browser, the
FQDN www.adatum.com identifies a Web server that has a public IPv4 address—for example,
207 46 197 32
Any organization that has an Internet presence is allocated one or more public IPv4 addresses that that organization and only that organization can use The Internet Assigned Numbers Authority (IANA) issues and controls public IPv4 addresses through various agencies—for example, the United Kingdom Education and Research Network (UKERNA)
In the case of a SOHO network, the ISP allocates one public IPv4 address from a range that IANA or one of its agencies has allocated to the ISP
Most organizations do not have enough public IPv4 addresses to allocate one to
every device on their networks Also, issuing public IPv4 addresses to computers in an organization’s network has security implications Instead, organizations use private IPv4 addresses for their internal networks and use NAT to translate these addresses to a public address or addresses for Internet access
Private IPv4 addresses should never be used on the Internet, and typically a router on the Internet ignores private IPv4 addresses An organization can use whatever private IPv4 address range it chooses without requiring permission from IANA Because private IPv4 addresses are internal to an organization, many organizations can use the same range of IPv4 addresses without causing IPv4 conflicts Most computers on internal networks do not need a unique public address but instead share a single public address that identifies their LAN and that NAT translates to their private addresses Only devices on a LAN that have
an Internet presence—for example, Web servers, e-mail servers, and DNS servers—require
a unique public address mapped through NAT to their internal private address
IANA has reserved the following three blocks of IPv4 address space for private networks:
n 10 0 0 0/8 (10 0 0 1 through 10 255 255 254)
n 172 16 0 0/12 (172 16 0 1 through 172 31 255 254)
n 192 168 0 0/16 (192 168 0 1 through 192 168 255 255)
Trang 5In addition, the APIPA range 169 254 0 0/16 (169 254 0 1 through 169 254 255 254) is also
considered private because these addresses should never appear on the Internet However,
you should use this range only for automatic IPv4 address allocation through APIPA in an
isolated subnet You should not use this range in private networks that configure their devices
though DHCP or manual (static) configuration and use NAT to implement Internet access
Most organizations use only a small subsection of the private address space For example,
the 10 0 0 0/8 network contains more than 16 million host addresses, and very few organizations
need that many A commercial company with two private subnets might, for example, use
10 0 10 0/24 (10 0 10 1 through 10 0 10 254) and 10 0 20 0/24 (10 0 20 1 through 10 0 20 254) for
these subnets ICS uses the 192 168 0 0/24 address range (192 168 0 1 through 192 168 0 254),
and most WAPs also use this range of addresses
note prIVate NetWOrKS—the DeFINItIVe DOCUMeNt
The accurate definition of a private network is a network that uses RFC 1918 IPv4 address
space As you progress in your career as a network administrator, you will refer more and
more frequently to RFCs like RFC 1918 To view this RFC, see http://tools.ietf.org/html/rfc1918.
Connecting to a Network
If you are setting up a wired test or SOHO network from scratch, you likely start with a single
computer connected to your modem (either wired or wirelessly via a WAP), which in turn
provides a connection to the Internet Typically, most networks are connected to the Internet,
either directly or through other networks If your network is completely isolated, with no
connections to either the Internet or other LANs, then it is usually sufficient to let it configure
itself through APIPA
More commonly, you are adding a computer to an existing network (for example, a SOHO
network or a small test network) In this case, a DHCP service typically already exists on
the network, possibly on a computer configured to provide ICS, or (in the case of a wireless
network) from a WAP When you connect to the Internet, your ISP automatically configures
your dial-up or cable modem connection If you set up ICS, then the computer on your
network that directly accesses your modem automatically configures all the other computers
on its subnet
More Info INterNet CONNeCtION SharINg
For more information about ICS and an excellent illustrative diagram, see http://windowshelp
.microsoft.com/Windows/en-US/Help/bfd3bd31-82f0-4b9c-9cde-fb92bc2b14771033.mspx
This is a Windows Vista article, but it works for Windows 7 if you substitute “Change Adapter
Settings” for “Manage Network Settings.”
Trang 6Typically, client computers on a network are set to receive their IP configurations
automatically However, if the computer you are adding is an ICS client, you need to access Network And Sharing Center, click Internet Options, click LAN Settings on the Connections tab, and clear the Automatically Select Connections check box in the Local Area Network (LAN) Settings dialog box You configure an ICS computer and an ICS client in a practice exercise later in this lesson
You can check if a computer is configured and get IPv4 configurations automatically by opening the Network And Sharing Center You do this by opening Control Panel, clicking Network And Internet, and then clicking Network And Sharing Center In the Network And Sharing Center, click Change Adapter Settings Right-click the local area connection that connects to your test network (typically, Local Area Connection) and choose Properties The Local Area Connection Properties dialog box appears, as shown in Figure 6-2 Note that the names of the antivirus supplier and the Ethernet controller manufacturer have been obscured for legal reasons
In this dialog box, you can select Internet Protocol Version 4 (TCP/IPv4) and click
Properties Unless you have chosen manual configuration by selecting Use The Following
IP Address, you should see that IPv4 is set up for automatic configuration, as shown in Figure 6-3 If you click the Alternate Configuration tab, you see that APIPA is used by default if DHCP information is not available
Trang 7FIgUre 6-3 Automatic IPv4 configuration
Lesson 3 discusses the various configurations and combinations of wired and wireless
computers, modems, and WAPs you can use to set up a SOHO or a small test network Setting
up a production network is a much more complex procedure involving the use of multiple
firewalls, peripheral zones, NAT servers, and so on It is unlikely that the 70-680 examination
will ask you about setting up a fully secured production network in the enterprise In this
lesson, we connect the Canberra and Aberdeen computers on a private wired network and
(optionally) connect the Canberra computer wirelessly to a WAP that accesses the Internet
through a cable modem (or uses a composite device that is both a WAP and a cable modem)
and configuring ICS on that computer
To connect wirelessly to a WAP (if this is necessary), open the Network And Sharing Center
(shown in Figure 6-4) and click Connect To A Network You can select a network from the
list of those available You can also specify that the computer should always connect to this
network when it is in range
note UNCONFIgUreD WapS
Figure 6-4 shows the Canberra computer connected to an as-yet-unconfigured WAP
Unconfigured WAPs are typically called Default, have a password of admin, and allow
a client computer to connect to them This WAP is currently unconfigured because WAP
configuration is discussed in Lesson 3 Always configure your WAP; failure to do so is
a major security risk.
Trang 8FIgUre 6-4 The Network And Sharing Center
Setting an IPv4 configuration
In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box shown in Figure 6-3, you can select Use The Following IP Address and type in a static IPv4 address, a subnet mask, and a default gateway You can also select Use The Following DNS Server Address and type
in the IPv4 address of a DNS server and an alternate DNS server the client can use if the first is unavailable Clicking Advanced lets you add more DNS servers You can also add the IPv4 addresses of one or more Windows Internet Naming Service (WINS) server if you need NetBIOS name resolution
However, many administrators prefer to use the Netsh command-line tool from an elevated command prompt For example, if you want to configure the Local Area Connection interface with an IPv4 address 10 0 0 11, a subnet mask 255 255 255 0, and a default gateway
10 0 0 11, you enter the following command:
netsh interface ipv4 set address "local area connection" static 10.0.0.11 255.255.255.0 10.0.0.11
If you also wanted to set the DNS server address as 10 0 0 11, you enter the following command:
netsh interface ipv4 set dnsservers "local area connection" static 10.0.0.11
If you wanted the interface to obtain its IPv4 configuration automatically (dynamically), you enter the following commands:
netsh interface ipv4 set address name="local area connection" source=dhcp
netsh interface ipv4 set dnsservers name="local area connection" source=dhcp
Trang 9You use both the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box and the
Netsh command to configure an interface in the practice later in this lesson
note NetSh SYNtaX
For backward compatibility, you can use netsh interface ip in place of netsh interface
ipv4 For IPv6 Netsh commands, you must specify IPv6 Note also for static settings, the
interface name is simply local area connection. The syntax name="local area connection”
is acceptable but not necessary. For dynamic configuration you need to use name="local
area connection”.
Troubleshooting Network Connectivity
As an IT professional, one of the most common problems you encounter is computers not
being able to connect to one another, to other internal networks within your organization, or
to the Internet In this section, you look at general troubleshooting tools that help you debug
network connectivity, as well as the Windows Network Diagnostics tool
Basic Troubleshooting
Connection problems can have many possible causes In wired networks, a cable could be
faulty or might not be connecting properly to its socket Interfaces that should get their
IP configurations dynamically could be set with a static configuration Where two or more
interfaces form a network bridge, one or more interfaces could have been removed from the
bridge In the enterprise environment, a DHCP or DNS server, or even a domain controller,
might have developed a fault (although there is typically a failover mechanism in this
situation) A firewall might be misconfigured
On a small network, ICS might be set up incorrectly or not set up at all A third-party WAP
could have been added to a wired network so that wireless computers can connect, but
the computer previously configured to provide ICS might not be reconfigured to obtain its
configuration from the WAP A WAP, network adapter, or modem could be faulty Your ISP
could be suffering an outage Newly installed software might have changed your connection
properties The list is practically endless
First principles always apply Start with the network and ensure that no cables have
been pulled out or are halfway out and causing unreliable connections Make sure all the
appropriate light-emitting diodes (LEDs) on the modem, WAP, and network interfaces are lit
when they should be lit and flickering when they should be flickering If a device shows no
sign of life, check that its power supply is connected to a power socket and to the device
Check out any illuminated red LEDs A red light does not always indicate a fault, but red
frequently signifies danger
If you are having problems with wireless connections, try switching the WAP off You
should then power down any computers that connect to the WAP through Ethernet cables
and possibly your wireless computers as well Wait a few minutes, switch the WAP back on,
and restart the computers If you suspect the modem, switch off the modem, the WAP, and all
network computers and then turn them on again in that order Check the WAP settings
Trang 10Checking Computer to Computer Connectivity
Before you start to use the tools Windows 7 provides to check computer-to-computer connectivity, make sure the computer you are trying to connect to is switched on In a wired network, make sure it is plugged into the network If you are using ICS, make sure the ICS computer is switched on and running, otherwise none of the other computers will connect to the Internet If the computers on your network get their IPv4 configurations from a third-party WAP, make sure the WAP is switched on and connected to the modem
For a computer running Windows 7 to connect to other computers on a LAN, Network Discovery needs to be enabled on both the source and destination computers Network Discovery is enabled by default, but if you are having problems accessing other computers, check this setting by clicking Change Advanced Sharing Settings in the Network And Sharing Center Figure 6-5 shows the Advanced Sharing Settings dialog box
If a network connection is suffering intermittent problems, it is sometimes sufficient to disable and then enable the network connector device driver If this does not help, the device driver might be corrupt or out of date, or it might recently have been replaced by a new driver that is causing compatibility problems Chapter 4, “Managing Devices and Disks,” gives more details about updating, uninstalling, rolling back, and troubleshooting drivers
Troubleshooting IP Configuration
Command-line tools for troubleshooting IP configuration have been around for some time
and are well known The Ping tool is still widely used, although more firewalls block Internet
Control Message Protocol (ICMP) echo requests than used to be the case However, even