MCSA/MCSE 70-270 Exam Prep 2: Windows XP Professional
Configuring and Troubleshooting the TCP/IP Protocol
The Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite is the default protocol for Windows XP Professional. With the omnipresent Internet, the usage of proprietary network protocol suites has diminished greatly in favor of seamless integration with the Internet, which requires TCP/IP. Since its introduction of the Active Directory in Windows 2000, Microsoft has made TCP/IP the protocol required for Windows networks that use Active Directory. This is largely because of the Active Directory's dependence upon Domain Name System (DNS) to provide the name and address resolution for all Active Directory resources. So, between the ever-present Internet and the need for faultless integration into Windows networks, it is no surprise that TCP/IP is the default protocol suite in the Windows XP Professional desktop operating system. Much of TCP/IP is transparent to users and to administrators. After the protocol is installed, if the administrator must configure anything, it will be the address information applied to the network interface. This consists of
Configuring IP Addresses
You can configure TCP/IP on a Windows XP Professional computer either manually or dynamically. The default method is to dynamically configure TCP/IP. If the infrastructure includes Dynamic Host Configuration Protocol (DHCP) services that deliver IP addresses to network computers, then a Windows XP computer can connect upon logon with the default configuration of the network adapter. However, if you need to apply a static IP address and other parameters, your only option is to manually configure the network adapter. Manually configuring one computer is time-consuming and error-prone. Multiply that by hundreds of computers and you can see why dynamic configuration has become so popular. Step by Step 11.1 describes how to configure TCP/IP.
Exam Alert Look out for questions that require you to know how to solve TCP/IP problems as well as use other skills Administrators need to know TCP/IP like the backs of their hands. To make certain you understand these skills and to test you on the core exam requirements, you will find that questions that appear to be focused on one subject also incorporate a question about TCP/IP.
Creating a Network Bridge
Windows XP Professional includes a new type of connection called a network bridge. This type of connection is available when you have two network adapters in a computer, each connected to different network segments, and you want to connect the segments so that the computers on one segment can talk to the computers on the other segment. Basically, the network bridge connection acts as a bridge between two segments. A traditional router is a dedicated computer or a specialized piece of computer equipment that has two or more network interfaces and is connected to two or more networks. When the router receives data on its first interface, it checks to see whether the data should be sent to a host on its second interface by checking its routing table. If so, the router sends the data on its way. If not, the router discards the data. A traditional bridge is a dedicated computer or specialized piece of computer equipment that has two or more network interfaces and is connected to two or more physical networks. The networks, however, are logically the same because they are assigned to the same IP subnet. Bridges are often used to overcome the physical distance limitations that are imposed by the media used. They can also be used to link two different media types in a single logical network, as depicted in Figure 11.5. Figure 11.5. Computer B can use a Windows XP network bridge connection to enable A to send data to C.
The network bridge connection is extremely economical because you need only two interfaces in a computer in order to create it. The computer does not need to be dedicated, nor do you need to purchase additional hardware. Another advantage when you create the network bridge connection is that after the two segments are bridged, they are then able to use the same IP subnet. Windows XP Professional allows you to create only a single bridge in the computer, regardless of how many network adapters have been installed. To bridge two network connections, follow the process explained in Step by Step 11.2. To perform this exercise, you need to have one PC with two network adapters. Each of the network adapters should be connected to a small network with at least one PC on it.
Caution Network bridge limitations You cannot create a network bridge that includes a connection with Windows Firewall or with Internet Connection Sharing (ICS) enabled.
Implementing APIPA
The Automatic Private Internet Protocol Addressing (APIPA) system provides an alternate configuration to Dynamic Host Configuration Protocol (DHCP) for automatic IP addressing in small networks. When a computer uses APIPA, Windows XP assigns itself an IP address and then verifies that it is unique on the local network. To work effectively, APIPA is useful only on a small local area network (LAN) or as a backup to DHCP. Note What is APIPA? APIPA is not a protocol; it is an internal procedure that the operating system performs. When a Windows XP Professional computer begins its network configuration, it performs the following procedures:
APIPA defines its IP addresses in the range of 169.254.0.1 to 169.254.255.254. The subnet mask on these addresses is configured as 255.255.0.0. You do have administrative control over APIPA. When Windows XP selects an address from this range, it then performs a duplicate address detection process to ensure that the IP address it has selected is not already being used, while continuing to query for a DHCP server in the background. If the address is found to be in use, Windows XP selects another address. The random IP selection occurs recursively until an unused IP address is selected, a DHCP server is discovered, or the process has taken place ten times. To determine whether the IP address the computer is using has been provided by APIPA, you can check the address of the interface by using the ipconfig command at a command prompt. The syntax for this command, which shows you the configuration of all network adapters, is ipconfig /all In the resulting text, such as is shown in Figure 11.7, you can see whether the line Autoconfiguration Enabled is Yes or No. If Yes, and the IP address is 169.254.0.1 through 169.254.255.254, you are using an APIPA address. Figure 11.7. APIPA addresses require autoconfiguration to be enabled.
Static IP Addressing
IP addresses indicate the same type of location information as a street address. A building on a street has a number, and when you add it to the street address, you can find it fairly easily because the number and the street will be unique within a city. This type of address schemean individual address plus a location addressallows every computer on the Internet to be uniquely identified. A static IP address is one that is permanently assigned to a computer on the network. Certain computers require static IP addresses because of their functions, such as routers or servers. Client computers are more often assigned dynamic addresses because they are more likely to be moved around the network or retired and replaced. DSL and cable modem users are usually given a static IP address, whereas dial-up users are provided with dynamic addresses. As discussed earlier, IP addresses consist of two parts: one that specifies the network and the other that specifies the computer. These addresses are further categorized with Classes, as described in Table 11.1.
Note Loopback testing TCP/IP has a predefined IP address that identifies a computer to dial itself up to perform loopback testing. If TCP/IP is configured, you should be able to run the ping 127.0.0.1 command when troubleshooting a connectivity problem. The private IP address classes are used on private networks that utilize Network Address Translation or proxy services to communicate on the Internet. Internet routers are preconfigured to not forward data that contains these IP addresses. The portion of the address that decides on which network the host resides varies based on the class, and, as you will see further on, the subnet mask. In the following list, the uppercase Ns represent which binary bits represent the part of the IP address that specifies the network, and the lowercase Cs represent the part of the address that specifies the computer. This explains why there are differing numbers of networks per class, and different numbers of hosts per network, as listed in Table 11.1.
These address portions coincide with the default subnet masks for each address class. A Class A subnet mask is 255.0.0.0, a Class B subnet mask is 255.255.0.0, and a Class C subnet mask is 255.255.255.0. Subnet masks enable you to reconfigure what constitutes the network portion and what constitutes the computer portion. When you apply the subnet mask to the IP address by using a "bitwise logical AND" operation, the result is a network number. A bitwise logical AND operation adds the bit, whether 1 or 0, to the corresponding bit in the subnet mask. If the subnet mask bit is a 1, the corresponding IP address bit is passed through as a result. If the subnet mask bit is a 0, a zero bit is passed through. For example, if the IP address is 141.25.240.201, you will have the following:
This shows the network address as 141.25.0.0 and the host address to 0.0.240.201. If you add bits to the mask, you will be able to have additional subnetworks when you perform a bitwise logical AND, and each subnetwork will have fewer hosts because fewer bits are available for the host portion of the address. Using the same address, and adding five bits to the subnet mask, you would receive the following:
However, the subnet mask is considered separately from the rest of the network address. For example, the older rules stated that no subnetwork address can be all 1s or all 0s. This reduced the number of subnets and hosts that an address could produce. Some legacy networking devices require the old rules, but most networks have upgraded. (However the Classless Inter-Domain Routing (CIDR) specification enables you to eke out more addresses when you subnet.) Therefore, the subnet mask changes the network address to 141.25.240.0. The host address changes to 0.0.0.201. Other IP addresses that are under the default Class B subnet mask that would have been considered part of the same network, such as 140.25.192.15 and 140.25.63.12, are now on different subnets. For an organization with a large number of physical networks where each requires a different subnet address, the subnet mask can be used to segment a single address to fit the network. You can easily calculate how many subnets and hosts you will receive when you subnet a network. The formula is 2n2, where n is the number of bits. 2n is the number 2 raised to the power of the number of bits, and that result minus 2 (the addresses represented by all 1s and all 0s) equals the available subnets or hosts. Therefore, if you have a subnet of 5 bits as is shown here, you are able to achieve 252 = 322 = 30 subnets. Because there are 11 bits left for host addresses, each subnet will have 2112 = 20482 = 2,046 hosts. When you multiply 2046 by 30, you will see that you have 61,380 addresses available for network hosts, and that you "lost" 4,154 addresses. This is the problem that CIDR solves, and is discussed in the sidebar.
Dynamic IP Addressing
Dynamic IP addresses are provided to a computer when it needs to be connected to the network. The provider is the DHCP server. When the computer is disconnected, the IP address becomes available for use by another computer. The address does not become available immediately, however. It is leased for a specified period of time (the administrator specifies this time period when configuring the DHCP server), and when the lease is up, the IP address is placed back in an IP address pool and can be delivered to another computer. Before DHCP was developed, network administrators were forced to manually assign a separate IP address to each computer on the network. If a user left for a 2-month vacation and the computer was off the entire time, the IP address was unusable by anyone else. If the administrator (yes, to err is human) forgot to reuse an IP address for a computer that was retired, then the number of IP addresses available was also reduced. Other administrative errors included assigning duplicate IP addresses to computers on the network and misconfiguring the subnet mask, default gateway, and DNS server addresses. DHCP resolved a lot of problems. Exam Alert The DHCP process DHCP has a set communication process that is used to lease an IP address to a DHCP client. You may see a reference to a particular part of this process, so you should be able to relate the entire sequence of events and understand where a breakdown in communications may occur.
On a Windows XP Professional computer, you can configure any network connection to be a DHCP client by selecting the option to Obtain an IP Address Automatically, which is configured in the Interent Protocol (TCP/IP) Properties dialog box. If you change from a manual address to a dynamic one, you need to clear out the manual IP addressing information first. Exam Alert Troubleshooting DHCP Often a question that requires troubleshooting DHCP involves a DHCP server that resides on a different subnet than the DHCP client, usually because a router does not forward UDP broadcast packets. Routers must be configured to forward packets specifically for DHCP whenever a DHCP client is separated from the DHCP servers.
Troubleshooting TCP/IP
The TCP/IP protocol suite includes a number of tools that can help you isolate the source of connectivity problems. Windows XP Professional incorporates these tools as command-line executables. Each tool is different in what information it provides and when you might want to use it. When you are troubleshooting a connectivity problem, remember that sometimes the problem is the hardwarea failed network adapter, a failed port on the hub, a failed switch, and so on. If the communication is between two different physical segments, it could be a problem with the router between them. And if you were able to communicate in the past, and now cannot, the most likely suspect is a configuration change on one of the computers and the second most likely is that a piece of equipment has failed. To check whether there is an adapter failure, you can look at Device Manager in Windows XP. ARP
After data reaches the segment on which the IP address resides, it needs to discover the Media Access Control (MAC) address of the machine. The address resolution Protocol (ARP) is the protocol in the TCP/IP suite that resolves IP addresses to MAC addresses by creating an Address Resolution table in each host that transmits data on the network segment. Arp is also the name of a utility in the TCP/IP suite that can check the table for errors. You should use the Arp utility when data is sent to a computer unexpectedly. Event Viewer
One of Windows XP's standard troubleshooting tools is Event Viewer, which is incorporated into the Computer Management console. You can rely on this utility to be able to see errors and system messages. The ones that would be of most concern for a network problem are in the System Event log. Finger
If you want to finger the culprit when a user has intentionally caused a problem, you can use Finger. Actually, the Finger utility, which is part of the TCP/IP protocol suite, requires the finger service to be running on the computer to which you send the command. (If the service is not running, you see a Connection Timed Out response when you run the Finger command.) What the Finger utility does is query the computer about the services and users that are running on it. Each operating system returns different output to the Finger command. FTP and TFTP
File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) are not considered to be troubleshooting tools. Sometimes you need to make certain that a protocol is able to move data from one network segment to another and these two utilities can help out in a pinch because they verify TCP and UDP specifically, as well as all the protocols down to the Physical layer of the stack. If you want to verify whether the Transport Control Protocol (TCP) is functioning across a router, you can use FTP to download a file from an FTP server on another subnet. If you want to verify whether the User Datagram Protocol (UDP) is functioning across a router, you can use TFTP to download a file from a TFTP server on another subnet. Ipconfig
Windows XP uses the Ipconfig utility to display information about the IP address configuration of its network adapters. When you are experiencing a problem with connectivity, this is the first thing you should check (besides the link lights on the network adapter). If you are using DHCP, you can see whether the adapter was able to obtain an IP address lease. If you are using a static IP address, you can verify and validate whether it has been configured correctly. You can use Ipconfig with the following switches:
Nbtstat
The Nbtstat utility is used on networks that run NetBIOS over TCP/IP. This utility checks to see the status of NetBIOS name resolution to IP addresses. You can check current NetBIOS sessions, add entries to the NetBIOS name cache, and check the NetBIOS name and scope assigned to the computer. Netstat
The Netstat command-line tool enables you to check the current status of the computer's IP connections. If you do not use switches, the results are protocol statistics and current TCP/IP connections. You should use Netstat to look for the services that are listening for incoming connections, if you have already checked the IP configuration and, though it is correct, the computer still displays a connectivity problem. Nslookup
NSLookup literally means Name Server Lookup, and is a command-line utility that communicates with a DNS server. There are two modes to Nslookup: interactive and non-interactive. The interactive mode opens a session with a DNS server and views various records. The non-interactive mode asks for one piece of information and receives it. If more information is needed, a new query must be made. Ping
Packet InterNet Groper (Ping) is a valuable tool for determining whether there is a problem with connectivity. The ping command uses an Echo packet at the Network layerthe default is to send a series of four echoes in a rowtransmitting the packets to the IP address specified. The Echo returns an acknowledgment if the IP address is found. The results are displayed in the command window. If an IP address is not found, you see only the response Request timed out. You see similar results to those shown in Figure 11.8, where the first address that was pinged was not found and the second address was found. Ping indicates how long each packet took for the response. You can use the ping command to determine whether a host is reachable, and to determine whether you are losing packets when sending/receiving data to a particular host. Figure 11.8. Ping displays its results in a command window.
You can use the ping command to determine whether the internal TCP/IP protocol stack is functioning properly by pinging the loopback testing address. The command is ping 127.0.0.1 TRacert
When you have a problem communicating with a particular host, yet you have determined that your computer is functioning well, you can use tracert (TRace Route) to tell you how the data is moving across the network between your computer and the one that you are having difficulty reaching. TRacert offers a somewhat higher level of information than Ping. Rather than simply tell you that the data was transmitted and returned effectively, as Ping does, tracert logs each hop through which the data was transmitted. Figure 11.9 shows the results of a TRacert command. Keep in mind that some network routers strip out or refuse to reply to tracert requests. When this happens, you see Request timed out messages. Figure 11.9. tracert provides detailed information about the path that data travels between two IP hosts.
Exam Alert Understand the typical response to a connectivity problem The Microsoft troubleshooting process for TCP/IP is
|