USING ROUTING & REMOTE ACCESS

 When you have only 2 network sites, then only 1 topology is available in which you install a router on each site & connect the router using WAN link. WAN Routers

 Mesh Topology (if more than 2 network sites)  Fault tolerant  Not practical if more than 3 sites

 Ring Topology  Easier to install & maintain  More affordable  Not fault tolerant  Not efficient

 Star Topology (for company with HQ & branches)  A compromise between mesh & ring  One site functions as hub connected all the others  Fault tolerant  Fast & efficient

 Using Leased Lines  Expensive to install & maintain  Characteristics of leased lines;  Persistent connection – stay connected even when you don’t use it.  Permanent – between two sides (not portable)  Using Dial-on-Demand connections  Slower than leased lines but not persistent & not permanent

 Using frame relay  Consists of leased line linking the network site to the nearest point-of-presence (POP)  Flexible & economical  Using VPNs  Practical for connection between distant locations  Charges based on the distance

 Using static routing  Network administrators must manually create & modify the routing table entries.  Advantage : enables routers to compensate for a failed router or WAN link.  Disadvantage : more manual maintenance.  Dynamic routing  Uses specialized routing protocol to build & update the table entries automatically  Advantage : less maintenance work  Disadvantage : subject to failed router or WAN link.

 Uses specialized protocols enabling routers to communicate & share their routing table information.  When a router fails to transmit its routing table entries on schedule, the other routers will detect the absence & remove the failed router from its routing table, thus prevents the routers from forwarding it to the failed router.

 Dynamic routing table will evaluate the relative efficiency of routes to a specific destination  There may be several path to reach the same destination & its up to the router to use the most efficient one.  Routing table include a numeric qualifier called metric  On static routers – administrator manually enters the metric value

 There are 2 protocols used in routing ;  OSPF – Open Shortest Path First  Only transmits routing table entries when there is a change in the mapping.  Each OSPF router compiles a map of the network called link state database.  RIP – Routing Information Protocol  Repeatedly broadcast their routing tables

 Metric value represents the number of hops between that computer & the destination used in RIP  hop – passage through a router from one network to another.  Distance vector is the most effective way to calculate speed, smaller number of hops = faster  Latency – time it takes for a router to process a packet (usual reason for delay in the packet transmission.

 Open Shortest Path First (OSPF) is called a link state routing because it calculates the hop distance using method called Dijkstra algorithm.  Dijkstra algorithm uses multiply criteria to evaluate the efficiency of a route.  Criteria include the link’s transmission speed and delays caused by network traffic congestion.

 A technique that is designed to provide a more efficient method of one-to-many communication compared to broadcast & unicast.  Unicast transmission – involves 2 systems only, a source & destination.  Multicast use a single destination IP that identifies a group of systems on the network called host group.  Uses class D which ranges from to because class D identifies an entire group of systems.  To receive multicast traffic, the network interface adapters must support a special mode called multicast promiscuous mode.

 Questions to address;  Which users require remote access?  Permit remote access by authenticating them during login process by using remote access policies to dictate the conditions that need to be meet.  Do users require different level of remote access?  Depending on users jobs specification & resources they need, use permissions to assign different level of remote access  Do users need access to the internet?  In cases where users need can be met by access to the remote server, try preventing them from accessing the entire network.

 What applications must users run?  Limit users to specific applications by creating packet filters that permits only traffic using specific protocols & port numbers onto the network.

 Using properties of the individual accounts that clients use to connect to the network is the most basic method of securing access to your network!  Security options on the properties tab (active directory) are as follows;  Remote access permission  Verify caller id  Callback option

 Most basic form of remote access security, & without it anyone can connect to your remote access server  Authentication – exchange of username & password.  Radius – a standard defining a service that provides authentication, authorization & accounting for remote access installations.

 Characteristics of authentication protocol;  Extensible Authentication Protocol (EAP)  Microsoft Encrypted Authentication Version 2 (MS- CHAP v2)  Microsoft Encrypted Authetication (MS-CHAP)  Encrypted Authentication (CHAP)  Shiva Password Authentication Protocol (SPAP)  Unencrypted Password (PAP)  Allow Remote Systems To Connect Without Authentication.

 Ability to validate the configuration of remote client computers before granting access to the entire network.  Delays full access to the private network until the configuration of a connecting remote computer has been examined & validated.  When the user initiates a connection, the user is authenticated & assigned an IP. However the computer is placed in quarantine mode with limited network access. Administrator provides a script to be run in the client PC, when the script returns result that the computer complies with the network policies, only then a full access is granted.

 Consists of 3 elements;  Conditions – specific attributes that the policy uses to grant or deny authorization to a user. In cases where there is more than 1 condition, users must meet all before server grant access.  Remote access permission – receive permission to access the remote network either by satisfying the conditions or an administrator granting them.  Remote access profile – set of attributes associated with a remote access policy that the RRAS applies to a client once it has authenticated & authorized it

 Consists of the following;  A set of quarantine packet filters that restricts the traffic that can be sent to and from a quarantined remote access client.  A quarantine session timer that restricts the amount of time & client can remain connected in quarantine mode before being disconnected.

 Using ping.exe  Ping followed by an IP address on the command line to test any TCP/IP systems connectivity with any other system.  You may IP address successfully even when its not routing properly. These are initial troubleshooting efforts to test the routing following the manner;  Ping the computer’s loopback address to confirm that the TCP/IP client is installed & functioning  Ping the computer’s own IP address to confirm that the routing table contains the appropriate entries.

 Ping the IP address of another computer on the same LAN  Ping the DNS name of another computer on the same LAN  Ping the computer’s designated default gateway address  Ping several computers on another network that are accessible through the default gateway

 Using tracert.exe  Enables you to view the path the packets take from one computer to a specific destination  When you type tracert followed by IP address, then a list of hops to the destination will be displayed including the IP address and DNS names of each router along the way.  An excellent tool for locating a malfunctioning router because it informs how far the packet have gotten so far, when it stops at one spot, you know the router following it is having problem.

 Using pathping.exe  Just like tracert but useful when you reach destination but experiencing data loss or transmission delays.

 Possible causes of problem in Routing & Remote Access Server (RRAS) is that the server is not routing traffic  To begin troubleshooting, start with obvious causes;  Verify that the routing & remote access service is running  Verify that the routing is enabled  Check the TCP/IP configuration settings  Check the IP addresses of the router interfaces

 If RRAS is configured correctly, but still experiencing routing problem then its possible that the routing table do not have the information needed to route network traffic correctly.  Static Routing ;  Possibly someone might have accidentally deleted, omitted or mistyped table entries. (human error). Edit it back using Routing & Remote Access Control Console.  Dynamic Routing  Lack of proper entries in the routing table. 2 ways to rectify;  Verify that the routing protocol is installed on all the participating routers  Verify that the routing protocol is configured to use the correct interfaces.