Lesson 1: Configuring IPv4 CHAPTER 6 303 So what identifies the computer and what identifies the subnet? To discover this, we need to look at the next value, the subnet mask. Subnet masks are most peculiar numbers. They represent binary numbers that consist of all ones followed by all zeros. For example: 255.255.255.0 is the binary number 11111111 11111111 11111111 00000000. The actual value of this number is irrelevant. What matters is the number of ones and zeros. A one says that the corresponding bit in the IPv4 address is a network address bit. A zero says that the corresponding bit in the IPv4 address is a computer or host address bit. In the example given, the last 8 bits of the subnet mask are all zero. So the host address is the final octet of the subnet address, or 143. The network address of the subnet is 10.16.10.0. Because hosts are defined by a single octet in this example, the 10.16.10.0 subnet contains 254 host addresses. The first IPv4 address in the subnet is 10.16.10.1. The last is 10.16.10.254. The number 10.16.10.0 identifies the subnet and is called the subnet address. The number 10.16.10.255 is called the broadcast address and is used when a packet needs to be sent to every host on a subnet. Subnetting and Supernetting You can split a subnet into smaller subnets by adding ones to the end of the ones in the subnet mask. If you have two (or more) suitable contiguous subnets, you can merge them into a single subnet by changing one or more ones at the end of the ones in the subnet masks to zeros. These techniques are known as subnetting and supernetting, respectively. If an organization has a significant number of computers on its network (say over 100—this number varies depending on the type, volume, and pattern of traffic on the network—or if it has several geographic locations, the organization probably creates several subnets. If a subnet contains too many computers and other devices, it tends to slow down because there is a greater chance of two computers trying to put data onto the network simultaneously and causing a collision. Dividing a network into several subnets reduces the likelihood of such collisions. At the router that connects to the Internet, however, the organization uses supernetting to combine (or summarize) the subnets so that they can be defined with a single network address that will be translated to a public address on the Internet. Public addresses and address translation are discussed later in this lesson. More Info SUBNETTING AND SUPERNETTING For more information about supernetting and subnetting, and about CIDR and VLSM technologies, see http://support.microsoft.com/kb/164015. note CIDR NOTATION Because the subnet mask 255.255.255.0 consists of 24 ones followed by 8 zeros, you can also write it as /24. A subnet with a network address 192.168.0.0 and a subnet mask 255.255.255.0 (for example) is then designated 192.168.0.0/24. This is sometimes called CIDR notation. A subnet mask with 25 ones followed by 7 zeros is a /25 subnet mask. In dotted decimal, this would be 255.255.255.128. 3 0 4 CHAPTER 6 Network Settings The final value shown in Figure 6-1 is the default gateway. This is the IPv4 address of the router connection on the same subnet as the IPv4 address of the host computer. If an IPv4 packet has a destination address of a different subnet, it is routed through other subnets via the router until it finds the destination it is looking for. If you browse to a Web site, for example, you need to send data to the Web server for that site, which has an IPv4 address somewhere on the Internet. Put simply, some packets need to get out of your subnet and go to another network (for example, the Internet). Your computer sends these packets to a routing device. This can be a hardware router, a server that is configured as a router, or the computer or wireless router through which the other computers in a small office/home office (SOHO) network access the Internet. The default gateway is the address within the subnet of the routing device (which has at least one more IPv4 address on another subnet). It is where outgoing packets leave the subnet. It is also where incoming packets from other networks enter the subnet. Quick Check 1. What is the binary number 00001010 11110000 10101010 01000000 in dotted decimal notation? 2. Are the IPv4 addresses 192.168.1.200 and 192.168.1.24 on the same subnet? Both have a subnet mask of 255.255.255.0. 3. Is 10.0.0.130 a valid IPv4 address on the 10.0.0.0/25 subnet? Quick Check Answers 1. 10.240.170.64. 2. The subnet mask specifies that the final octet holds the host address. Therefore the first three octets hold the subnet’s network address. In both cases, this is 192.168.1.0, so the computers are on the same subnet. 3. No. The /25 subnet mask specifies 25 ones and therefore 32 – 25 = 7 zeros. Zeros denote host address. Therefore, the host address is from 0000001 to 1111110 binary (0000000 is the network address and 111111 the broadcast address). In decimal, this is 1 to 126. So the valid IPv4 addresses on the network are 10.0.0.1 to 10.0.0.126. 10.0.0.130 is not in this range and therefore is not valid on this subnet. It is an address on another subnet (for example, 10.0.0.128/25). Network Services IPv4 configuration and operation relies on a number of network services. In an enterprise environment, these services (apart from APIPA) are implemented on servers. However, on a small network, DHCP and DNS services can be provided by a client running ICS or by a WAP. Services associated with IPv4 include the following: Lesson 1: Configuring IPv4 CHAPTER 6 305 n DHCP Assigns IPv4 addresses to hosts that are set to receive their configurations automatically. It assigns IPv4 addresses from one or more scopes and handles IPv4 address leasing and renewal. Exclusion ranges can be defined for non-DHCP-enabled hosts, and static assignments can be made to specific media access control (MAC) addresses. DHCP can also specify the IPv4 address of the default gateway(s) and DNS server(s). n DNS Resolves both local host names and fully qualified domain names (FQDNs)—for example, http://www.contoso.internal—to IPv4 addresses (and vice versa). A local DNS server can perform this function on its own subnet. For example, if you enter ping canberra in the Command Prompt window, DNS resolves the computer name Canberra to its IPv4 address. DNS also works over the Internet to resolve the FQDNs of remote Web sites to their IPv4 addresses. DNS provides a connection-specific DNS suffix for e-mail addresses. If you had an e-mail server (for example, a server running Microsoft Exchange Server) on your network, the connection-specific DNS suffix would be the section of the e-mail address after the @ symbol (for example, don.hall@tailspintoys. com). The Dynamic Domain Name Service (DDNS) uses the concept of a dynamic database and enables dynamic updates. More Info INTERNAL VS. EXTERNAL RESOLUTION If you need to resolve a computer name on your internal network to an IPv4 address (for example, if you entered ping canberra in the Command Prompt window), then the DNS service on your WAP or ICS computer will provide the IPv4 address that corresponds to the computer name. If, on the other hand, you needed to resolve an FQDN on the Internet (for example if you entered http://www.contoso.com in your browser), then that FQDN is resolved over the Internet. FQDNs are resolved over the Internet using a DNS server hierarchy and an iterative process. It is unlikely that the 70-680 examination will test your knowledge of iterative DNS queries. However, if you want to know more about this topic out of professional interest, see http://technet. microsoft.com/en-us/library/cc775637.aspx. n APIPA Configures an internal private network when DHCP is not provided. If you have a network with no connection to any other network and you want the computers on that network to see one another, you can connect them by using an Ethernet switch and allow them to configure themselves without requiring DHCP services. APIPA configures a computer’s IPv4 settings with an IPv4 address in the range 169.254.0.1 through 169.254.255.254 and a subnet mask of 255.255.0.0. APIPA does not configure a default gateway because an APIPA-configured network does not send IPv4 packets to, or receive them from, any other network. n NAT Allows many devices on a private network to gain access to the Internet through one public IPv4 address. NAT translates between private IPv4 addresses used internally in a local network and public addresses used on the Internet. When you send a request to the Internet—for example, by typing a Uniform Resource Locator 3 0 6 CHAPTER 6 Network Settings (URL) into a browser—the information that the request returns (the Web page) needs to find its way back to your computer, which has an internal IPv4 address on your local area network (LAN). Typically, your ISP allocates only one public IPv4 address that all the computers on your LAN share when accessing the Internet. NAT deals with this situation and ensures that IPv4 packets from the Internet reach the correct LAN destinations. More Info NETWORK ADDRESS TRANSLATION For more information about NAT, see http://technet.microsoft.com/en-us/library/ cc739385.aspx. Public and Private IPv4 Addresses Every device on the Internet has its own unique public IPv4 address that is shared with no other device (a LAN also has at least one IPv4 address that is unique on the Internet). For example, if you type a URL such as http://www.adatum.com into your Web browser, the FQDN www.adatum.com identifies a Web server that has a public IPv4 address—for example, 207.46.197.32. Any organization that has an Internet presence is allocated one or more public IPv4 addresses that that organization and only that organization can use. The Internet Assigned Numbers Authority (IANA) issues and controls public IPv4 addresses through various agencies—for example, the United Kingdom Education and Research Network (UKERNA). In the case of a SOHO network, the ISP allocates one public IPv4 address from a range that IANA or one of its agencies has allocated to the ISP. Most organizations do not have enough public IPv4 addresses to allocate one to every device on their networks. Also, issuing public IPv4 addresses to computers in an organization’s network has security implications. Instead, organizations use private IPv4 addresses for their internal networks and use NAT to translate these addresses to a public address or addresses for Internet access. Private IPv4 addresses should never be used on the Internet, and typically a router on the Internet ignores private IPv4 addresses. An organization can use whatever private IPv4 address range it chooses without requiring permission from IANA. Because private IPv4 addresses are internal to an organization, many organizations can use the same range of IPv4 addresses without causing IPv4 conflicts. Most computers on internal networks do not need a unique public address but instead share a single public address that identifies their LAN and that NAT translates to their private addresses. Only devices on a LAN that have an Internet presence—for example, Web servers, e-mail servers, and DNS servers—require a unique public address mapped through NAT to their internal private address. IANA has reserved the following three blocks of IPv4 address space for private networks: n 10.0.0.0/8 (10.0.0.1 through 10.255.255.254) n 172.16.0.0/12 (172.16.0.1 through 172.31.255.254) n 192.168.0.0/16 (192.168.0.1 through 192.168.255.255) Lesson 1: Configuring IPv4 CHAPTER 6 307 In addition, the APIPA range 169.254.0.0/16 (169.254.0.1 through 169.254.255.254) is also considered private because these addresses should never appear on the Internet. However, you should use this range only for automatic IPv4 address allocation through APIPA in an isolated subnet. You should not use this range in private networks that configure their devices though DHCP or manual (static) configuration and use NAT to implement Internet access. Most organizations use only a small subsection of the private address space. For example, the 10.0.0.0/8 network contains more than 16 million host addresses, and very few organizations need that many. A commercial company with two private subnets might, for example, use 10.0.10.0/24 (10.0.10.1 through 10.0.10.254) and 10.0.20.0/24 (10.0.20.1 through 10.0.20.254) for these subnets. ICS uses the 192.168.0.0/24 address range (192.168.0.1 through 192.168.0.254), and most WAPs also use this range of addresses. note PRIVATE NETWORKS—THE DEFINITIVE DOCUMENT The accurate definition of a private network is a network that uses RFC 1918 IPv4 address space. As you progress in your career as a network administrator, you will refer more and more frequently to RFCs like RFC 1918. To view this RFC, see http://tools.ietf.org/html/rfc1918. Connecting to a Network If you are setting up a wired test or SOHO network from scratch, you likely start with a single computer connected to your modem (either wired or wirelessly via a WAP), which in turn provides a connection to the Internet. Typically, most networks are connected to the Internet, either directly or through other networks. If your network is completely isolated, with no connections to either the Internet or other LANs, then it is usually sufficient to let it configure itself through APIPA. More commonly, you are adding a computer to an existing network (for example, a SOHO network or a small test network). In this case, a DHCP service typically already exists on the network, possibly on a computer configured to provide ICS, or (in the case of a wireless network) from a WAP. When you connect to the Internet, your ISP automatically configures your dial-up or cable modem connection. If you set up ICS, then the computer on your network that directly accesses your modem automatically configures all the other computers on its subnet. More Info INTERNET CONNECTION SHARING For more information about ICS and an excellent illustrative diagram, see http://windowshelp .microsoft.com/Windows/en-US/Help/bfd3bd31-82f0-4b9c-9cde-fb92bc2b14771033.mspx. This is a Windows Vista article, but it works for Windows 7 if you substitute “Change Adapter Settings” for “Manage Network Settings.” 3 0 8 CHAPTER 6 Network Settings Typically, client computers on a network are set to receive their IP configurations automatically. However, if the computer you are adding is an ICS client, you need to access Network And Sharing Center, click Internet Options, click LAN Settings on the Connections tab, and clear the Automatically Select Connections check box in the Local Area Network (LAN) Settings dialog box. You configure an ICS computer and an ICS client in a practice exercise later in this lesson. You can check if a computer is configured and get IPv4 configurations automatically by opening the Network And Sharing Center. You do this by opening Control Panel, clicking Network And Internet, and then clicking Network And Sharing Center. In the Network And Sharing Center, click Change Adapter Settings. Right-click the local area connection that connects to your test network (typically, Local Area Connection) and choose Properties. The Local Area Connection Properties dialog box appears, as shown in Figure 6-2. Note that the names of the antivirus supplier and the Ethernet controller manufacturer have been obscured for legal reasons. FIGURE 6-2 Local Area Connection Properties dialog box In this dialog box, you can select Internet Protocol Version 4 (TCP/IPv4) and click Properties. Unless you have chosen manual configuration by selecting Use The Following IP Address, you should see that IPv4 is set up for automatic configuration, as shown in Figure 6-3. If you click the Alternate Configuration tab, you see that APIPA is used by default if DHCP information is not available. Lesson 1: Configuring IPv4 CHAPTER 6 309 FIGURE 6-3 Automatic IPv4 configuration Lesson 3 discusses the various configurations and combinations of wired and wireless computers, modems, and WAPs you can use to set up a SOHO or a small test network. Setting up a production network is a much more complex procedure involving the use of multiple firewalls, peripheral zones, NAT servers, and so on. It is unlikely that the 70-680 examination will ask you about setting up a fully secured production network in the enterprise. In this lesson, we connect the Canberra and Aberdeen computers on a private wired network and (optionally) connect the Canberra computer wirelessly to a WAP that accesses the Internet through a cable modem (or uses a composite device that is both a WAP and a cable modem) and configuring ICS on that computer. To connect wirelessly to a WAP (if this is necessary), open the Network And Sharing Center (shown in Figure 6-4) and click Connect To A Network. You can select a network from the list of those available. You can also specify that the computer should always connect to this network when it is in range. note UNCONFIGURED WAPS Figure 6-4 shows the Canberra computer connected to an as-yet-unconfigured WAP. Unconfigured WAPs are typically called Default, have a password of admin, and allow a client computer to connect to them. This WAP is currently unconfigured because WAP configuration is discussed in Lesson 3. Always configure your WAP; failure to do so is a major security risk. 3 1 0 CHAPTER 6 Network Settings FIGURE 6-4 The Network And Sharing Center Setting an IPv4 configuration In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box shown in Figure 6-3, you can select Use The Following IP Address and type in a static IPv4 address, a subnet mask, and a default gateway. You can also select Use The Following DNS Server Address and type in the IPv4 address of a DNS server and an alternate DNS server the client can use if the first is unavailable. Clicking Advanced lets you add more DNS servers. You can also add the IPv4 addresses of one or more Windows Internet Naming Service (WINS) server if you need NetBIOS name resolution. However, many administrators prefer to use the Netsh command-line tool from an elevated command prompt. For example, if you want to configure the Local Area Connection interface with an IPv4 address 10.0.0.11, a subnet mask 255.255.255.0, and a default gateway 10.0.0.11, you enter the following command: netsh interface ipv4 set address "local area connection" static 10.0.0.11 255.255.255.0 10.0.0.11 If you also wanted to set the DNS server address as 10.0.0.11, you enter the following c o m m a n d : netsh interface ipv4 set dnsservers "local area connection" static 10.0.0.11 If you wanted the interface to obtain its IPv4 configuration automatically (dynamically), you enter the following commands: netsh interface ipv4 set address name="local area connection" source=dhcp netsh interface ipv4 set dnsservers name="local area connection" source=dhcp Lesson 1: Configuring IPv4 CHAPTER 6 311 You use both the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box and the Netsh command to configure an interface in the practice later in this lesson. note NETSH SYNTAX For backward compatibility, you can use netsh interface ip in place of netsh interface ipv4. For IPv6 Netsh commands, you must specify IPv6. Note also for static settings, the interface name is simply local area connection. The syntax name="local area connection” is acceptable but not necessary. For dynamic configuration you need to use name="local area connection”. Troubleshooting Network Connectivity As an IT professional, one of the most common problems you encounter is computers not being able to connect to one another, to other internal networks within your organization, or to the Internet. In this section, you look at general troubleshooting tools that help you debug network connectivity, as well as the Windows Network Diagnostics tool. Basic Troubleshooting Connection problems can have many possible causes. In wired networks, a cable could be faulty or might not be connecting properly to its socket. Interfaces that should get their IP configurations dynamically could be set with a static configuration. Where two or more interfaces form a network bridge, one or more interfaces could have been removed from the bridge. In the enterprise environment, a DHCP or DNS server, or even a domain controller, might have developed a fault (although there is typically a failover mechanism in this situation). A firewall might be misconfigured. On a small network, ICS might be set up incorrectly or not set up at all. A third-party WAP could have been added to a wired network so that wireless computers can connect, but the computer previously configured to provide ICS might not be reconfigured to obtain its configuration from the WAP. A WAP, network adapter, or modem could be faulty. Your ISP could be suffering an outage. Newly installed software might have changed your connection properties. The list is practically endless. First principles always apply. Start with the network and ensure that no cables have been pulled out or are halfway out and causing unreliable connections. Make sure all the appropriate light-emitting diodes (LEDs) on the modem, WAP, and network interfaces are lit when they should be lit and flickering when they should be flickering. If a device shows no sign of life, check that its power supply is connected to a power socket and to the device. Check out any illuminated red LEDs. A red light does not always indicate a fault, but red frequently signifies danger. If you are having problems with wireless connections, try switching the WAP off. You should then power down any computers that connect to the WAP through Ethernet cables and possibly your wireless computers as well. Wait a few minutes, switch the WAP back on, and restart the computers. If you suspect the modem, switch off the modem, the WAP, and all network computers and then turn them on again in that order. Check the WAP settings. 3 1 2 CHAPTER 6 Network Settings Checking Computer to Computer Connectivity Before you start to use the tools Windows 7 provides to check computer-to-computer connectivity, make sure the computer you are trying to connect to is switched on. In a wired network, make sure it is plugged into the network. If you are using ICS, make sure the ICS computer is switched on and running, otherwise none of the other computers will connect to the Internet. If the computers on your network get their IPv4 configurations from a third- party WAP, make sure the WAP is switched on and connected to the modem. For a computer running Windows 7 to connect to other computers on a LAN, Network Discovery needs to be enabled on both the source and destination computers. Network Discovery is enabled by default, but if you are having problems accessing other computers, check this setting by clicking Change Advanced Sharing Settings in the Network And Sharing Center. Figure 6-5 shows the Advanced Sharing Settings dialog box. FIGURE 6-5 The Advanced Sharing Settings dialog box If a network connection is suffering intermittent problems, it is sometimes sufficient to disable and then enable the network connector device driver. If this does not help, the device driver might be corrupt or out of date, or it might recently have been replaced by a new driver that is causing compatibility problems. Chapter 4, “Managing Devices and Disks,” gives more details about updating, uninstalling, rolling back, and troubleshooting drivers. Troubleshooting IP Configuration Command-line tools for troubleshooting IP configuration have been around for some time and are well known. The Ping tool is still widely used, although more firewalls block Internet Control Message Protocol (ICMP) echo requests than used to be the case. However, even . diagram, see http://windowshelp .microsoft.com /Windows/ en-US/Help/bfd3bd3 1-8 2f 0-4 b9c-9cde-fb92bc2b1 477 1033.mspx. This is a Windows Vista article, but it works for Windows 7 if you substitute. through 10.255.255.254) n 172 .16.0.0/12 ( 172 .16.0.1 through 172 .31.255.254) n 192.168.0.0/16 (192.168.0.1 through 192.168.255.255) Lesson 1: Configuring IPv4 CHAPTER 6 3 07 In addition, the APIPA. provides a connection-specific DNS suffix for e-mail addresses. If you had an e-mail server (for example, a server running Microsoft Exchange Server) on your network, the connection-specific DNS suffix