Chapter 1

Download Report

Transcript Chapter 1 

Configuring Routing and Remote Access(RRAS) and
Wireless Networking
Configuring Routing
 Routing –transferring data across our network one
LAN to another.
 Routers are used to making routing decisions
 Routers are the default gateways for our PCs
 Routers get us outside of our network
 Types of Routes
 Static
 Dynamic – RIP is the only one available in W2K08
 Windows Server 2008 is considered a software-based
router when running the RRAS service
Configuring Routing
 Install the RRAS service and Choose Custom
Configuration
 Most Setups require 2 NICS to be installed
 Select which type of routing you are going to use
 2 choices


Static Routes
RIP
Reading the IP routing Table
 Can view the routing table through the RRAS console
or by using the route print command
 4 types of routes that will be found
 Directly attached networks
 Remote network Routes
 Host routes – subnetmask will be 255.255.255.255
 Default Route – 0.0.0.0
Configuring Demand Dial Routing
 With Demand Dial Routing the connection is only
active when it needs to be.
 When a router receives a packet for a remote network
this will initiate a connection to the remote site.
 1st step is to configure a demand-dial interface
 The next step is to configure a static route to that
destination.
Configuring Remote Access
 Windows Server 2008 provides several options to allow
hosts to connect remotely to your network and
network resources
 Dial-Up Networking (DUN)
 VPN
 NAT
Configuring Dial-Up Remote Access
 Enables remote computers that have modems to
connect to the network.
 Typically used in laptops.
 Allows the computer to act as if it were locally
connected.
 To enable multiple PCs to connect at the same time a
modem bank is needed.
Configuring VPNs
 Creates a tunnel through a public network such as the
internet into the private network.
 No dedicated lines are needed
 Performance is not comparable to a dedicated line
 Use a dedicated line when traffic speed is important or
traffic is synchronous, as in voice and video
 A tunneling-Protocol must be chosen when creating
the VPN
 PPTP – Point to Point Tunneling Protocol
 L2TP – Layer Two Tunneling Protocol
NAT
 Network Address Translation
 Allows clients to connect to the internet with only 1 IP
address available.
 Similar to how home
 wireless routers work.
Authorizing Remote Connections
 Users must submit credentials (username and
password) to be authenticated on the network.
 Authentication proves that the user is who he or she
claims to be.
 Once the user is authenticated they must be
authorized to connect remotely
 Authorizing controls what users can and can’t access
 Can they have access remotely or not?
 A two step process is used to authorize
Authorizing Remote Connections
 Step #1
 The Dial-In properties of the user account must be
evaluated
 Done in Active Directory for a domain environment
 In the local users and groups for stand-alone servers
 Step #2
 The authorizing process must meet all criteria specified
in the NPS network Policy

Example: must be between 8:00 – 5:00 and use L2TP to
connect
Configuring an NPS Policy
 An NPS policy is basically a rule for evaluating remote
connections.
 Consists of 3 parts
 Conditions – must meet a condition: Ex: certain users, or IP’s
 Constraints – if the condition is met it must also meet all of the constraints
 Settings – Once conditions and constraints are met the certain settings can
be applied to that remote connection
 NPS policies are processed in order
 Once a policy is matched it will not move on to the next
 Page 117 gives a good example on how this works.
Choosing an Authentication Protocol
 When submitting credentials a common
authentication protocol must be used.
 In order from most secure to least:
 EAP-TLS
 MS-CHAP v2
 MS-CHAP v1
 EAP-MD5 CHAP
 CHAP
 SPAP
 PAP
 Unauthenticated Access
Configuring Wireless Access
 IEEE 802.1X – standard for network access control
 Port based – can allow or deny access based on physical
port or logical port
 802.1X provides port-based security using 3 components.
 Supplicant – devices seeking access
 Authenticator –component that requests authentication
credentials from supplicant. Usually port or wireless AP.
The Authenticator forwards the credentials to the AS.
 Authentication Server (AS) – server that verifies the
supplicants credentials. It tells the authenticator whether
to allow or deny access.
Configuring Wireless Access
 To configure Server 08 to allow wireless access you will
need to do the following.
 Install and configure radius clients

Switches or Wireless AP’s that are 802.1X capable
 Select an authentication protocol
 Add radius clients to NPS server
 Configure a NPS network Policy
 Configuring accounting – logs what a user attempts to
access
You Learned

By using the Routing and Remote Access
service, Windows Server 2008 can be configured
as a router and remote access server. The
Routing And Remote Access console is the
principal tool used for configuring and managing
this service.
Lesson 5
You Learned (cont.)

Routing and Remote Access can be
automatically configured for several options:
Remote Access (Dial-Up Or VPN), Network
Address Translation (NAT), Virtual Private
Network (VPN) Access And NAT, and Secure
Connection Between Two Private Networks. If
none of the standard options match your
requirements, you can also manually configure
Routing and Remote Access.
Lesson 5
You Learned (cont.)

Without dynamic routing protocols, such as
RIPv2, network administrators must add static
routes to connect to non-neighboring subnets
when those subnets do not lie in the same
direction as the default route.
Lesson 5
You Learned (cont.)

Routers read the destination addresses of received
packets and route those packets according to directions
that are provided by routing tables. In Windows Server
2008, you can view the IP routing table through the
Routing And Remote Access console or through the
Route Print command.
Lesson 5
You Learned (cont.)

Windows Server 2008 provides extensive support for
demand-dial routing, which is the routing of packets over
physical point-to-point links, such as analog phone lines
and ISDN, and over virtual point-to-point links, such as
PPTP and L2TP. Demand-dial routing allows you to
connect to the Internet, connect branch offices, or
implement router-to-router VPN connections.
Lesson 5
You Learned (cont.)

The remote access connection must be authorized after it
is authenticated. Remote access authorization begins
with the user account’s dial-in properties; the first
matching remote access policy is then applied to the
connection.
Lesson 5
You Learned (cont.)

Microsoft implementation of a RADIUS server is the
Network Policy Server. Use a RADIUS server to
centralize remote access authentication, authorization, and logging. When you implement RADIUS,
multiple Windows Server 2008 computers running
the Routing and Remote Access service forward
access requests to the RADIUS server. The RADIUS
server then queries the domain controller for
authentication and applies remote access policies
to the connection requests.
Lesson 5
You Learned (cont.)

The 802.1X IEEE standard allows for port-level
network access control of both wired and
wireless connections.

A Windows Server 2008 server running the NPS
role can also secure 802.1X connectivity for
802.1X-capable network switched and wireless
access ports.
Lesson 5