Вы находитесь на странице: 1из 21

Network Infrastructure services Module 2

Lab Exercises LAB 2.1 Assigning IP address through DHCP server

Objective 1 : Creating a simple scope

Description: Assign IP address through DHCP server for a small office abc.com holding 50
people. Use the network ID as 192.168.10.X.

Steps:

1. Install DHCP service from network services in the Add/remove Windows Components
2. Create a simple scope on the DHCP server
3. Right click on the DHCP server click on simple scope
4. Provide the Host range as 192.168.10.1 to 192.168.10.60 with subnet mask 255.255.255.0
5. Exclude the Address Range 192.168.10.1 to 192.168.10.5
6. Set the lease period to 8 Hours
7. click on advanced scope options
8. set the Default gateway address as 192.168.10.1
9. set the DNS server address as 192.168.10.2 and server name as Server
10. Activate the Scope
11. Authorize the DHCP server
12. On client computers set Obtain IP Address Automatically in TCP/IP Properties
13. On the client computer command prompt type IPCONFIG /all
14. You can Observer from Which DHCP server IP Address has got and lease period

Objective 2: Configure Superscope

Description: Assign IP address through DHCP server for the two segments Sales and Marketing. The
subnet Id’s used are 192.168.10.32 /27 and 192.168.10.64 /27.

Steps:

1. Open the DHCP server console


2. create simple scope for the range 192.168.10.33 to 192.168.10.62 with subnet mask of
255.255.255.224
3. Create one more simple scope for the range 192.168.10.65 to 192.168.10.94 with subnet
mask of 255.255.255.224
4. right click on the DHCP server and click on Superscope
5. Enter the name for the superscope
6. add the created 2 simple scopes into superscope
7. Set obtain IP address automatically on the client computers
8. Checkup whether both the segments got IP Address

Objective 3: Configure Scope Options

Description: Define the DNS server and Gateway Address for the simple scope 192.168.10.X
which is already created.
Steps:
1. Open DHCP server console
2. Click on the scope
3. Click on the scope options
4. Select the DNS server and Assign the Address
5. Select router and assign the gateway address
6. on the client computer type IPCONFIG /release and IPCONFIG /renew
7. The modified DNS and Gateway addresses will be in effective

Objective 4: Configure Reserved Options

Description: Assign IP address through DHCP server for the domain controller and printer as
192.168.10.40 and 192.168.10.41 always.

Steps:

1. Note down the Mac addresses of Domain Controller and the printer
2. Open the DHCP server Console
3. right Click on the reservations
4. select new reservation it will open a new wizard
5. Enter the Reservation Name , IP address as 192.168.10.40 and Mac Address of the
Domain Controller
6. Select the Supported types as Both applicable for DHCP Clients and BootP Clients
7. Click on Add to reserve the IP address 192.168.10.40 to the Domain Controller
8. Repeat the Steps 3 to 7 to assign the Reserve IP address to Printer

Objective 5: Configuring Server options, Scope options and Reserved Options

Description: Assign the IP address 192.168.10.100 of the DNS server through Server
Options, Default gateway 192.168.10.101 through Scope options and DNS and Default Gateway as
192.168.10.200 and 192.168.10.201 respectively through Reserved Options.

Steps

1. To set the Server options right click on the server options in the DHCP server console
2. click on the configure options to view all the possible options and select DNS server
option and set the IP address of the DNS server
3. To set the Scope options Click on the Simple scope that is created in the DHCP server
console to view the Scope options
4. Right click on the Scope options and Click on the Configure options to view all the
possible options and select Router in the Available options and set the IP address
5. To set the Reserved options open the DHCP server console and click on the simple
scope that has been created and right click on the New reservation that is created and
select configure options to view all available options.
6. Select DNS server and Router to Assign the IP address as 192.168.10.200 and
192.168.10.201 respectively.
7. Check the DNS, Default gateway addresses on the DHCP client which has obtain IP
address from this scope
8. Check the DNS and Default gateway Address obtained by a Reserved Client
9. note down the Differences

Objective 6: Assigning IP addresses to two Different Subnets by using DHCP relay Agent

Description: Assign IP addresses to the DHCP clients available in two different Subnets by
using Subnet Id’s 192.168.10.32/27 and 192.168.10.64/27 using DHCP relay agent.

Network Diagram:

DHCP server (192.168.10.33 /27)

DHCP client1

Domain Controller (192.168.10.36 /27)

(192.168.10.34 /27

Software Router DHCP Relay Agent(192.168.10.66 /27)

(192.168.10.65 /27)

DHCP Client 2
Steps

1. Rig up the Circuit as shown in the Network Diagram.


2. Assign Static IP Address to DHCP server, Domain Controller, Software router and DHCP relay
agent as per the Diagram
3. Create 2 simple scopes having network ID 192.168.10.32 and 192.168.10.64 in the DHCP server
4. Configure Software routing by using Routing and Remote access service
a. open routing and Remote access through Administrative tools
b. right click on the server and click on Configure and Enable Routing and Remote Access
to open the Routing and Remote access configuration Wizard and click next
c. select Custom Configuration and click on next
d. Select LAN routing and click next and finish to start the RRAS service

5. Configure DHCP relay agent by using Routing and Remote access service

a. Repeat the steps used for Software routing on DHCP relay agent server
b. Click on IP routing to view general option
c. Right click on the general option and select new routing protocol select DHCP relay
agent and click OK
d. Right click on the DHCP relay agent add existing Interface
e. Select the Default values for HOP count and BOOT threshold values
f. Right click on the DHCP Relay agent select properties and assign the IP address of the
DHCP server and say OK

6. Enable obtain IP address Automatically for both the client PC’s


7. test client 1 should get the address from 192.168.10.32 subnet and Client 2 should get from the
192.168.10.64 subnet.
8. ping between the Client PC’s

Objective 7: DHCP database backup and Restore

Description : To take the backup of DHCP configuration and restoring the Database from the
backup

Steps:

1. Open the DHCP server console by typing dhcpmgmt.msc on the RUN


2. Right click on the DHCP server and click on the Backup option
3. take it on a tape or any storage media like in the other partition of HDD
4. delete the scope and remove the DHCP service completely
5. add the DHCP component and restore the database from the Backup
6. check for the options and scopes that have been created earlier could able to view
Lab 2.2 Installation and Configuration of DNS server

Objective 1: Installation and Basic Configuration of DNS server

Description: Install DNS server with primary zone to host the records for the domain
Acme.com and configure for resolving the Host Names

Steps:

1. Install DNS component from add/Remove Programs


2. Right click on My computer properties  Computer name change more and enter
the primary DNS suffix of this computer as acme.com and say OK
3. Restart the computer
4. assign IP address of the DNS server in the TCP/IP configuration
5. open the DNS server console by running dnsmgmt.msc
6. right click on the server and click on configure the server to view the welcome to the
configure DNS server Wizard and click on next
7. on the select configuration action select create forward and reverse lookup Zones and say
next.
8. select yes create forward lookup zone now and click next
9. In the zone type wizard select primary as the Zone type and click next
10. on the new zone wizard enter the zone name as ACME.COM and click on next and select
to create new file with this file name click next in the dynamic update wizard allow both
nonsecure and secure dynamic updates and click next
11. select create a reverse lookup Zone now and click next
12. select the Zone type as Primary and click next
13. In the reverse lookup Zone name enter the Network ID as 192.168.10 and click next
select the create a new file with this file name and click next
14. In the Dynamic Update wizard select allow both secure and nonsecure Dynamic updates
and click next
15. If this DNS server wants to forward the quarries which it can not resolve then enter the
address of the Forwarder or select no if it should not forward queries and click next and
click finish
16. enter into command prompt and type ipconfig/registerdns
17. to test the DNS server launch NSLOOKUP by right clicking on the DNS server
18. test for resolving the Host names and IP address
Objective 2: configuring Secondary Zone acme.com

Description: to configure secondary zone as a load balancer and fault tolerant zone for the
primary zone Acme.com. Create a secondary zone for the primary zone which you have already created.

Network Diagram

Primary DNS server (192.168.10.33 /27)

IP:192.168.10.33 /27
GW:192.168.10.34
DNS: 192.168.10.33 /27

DNS client1

IP:192.168.10.35/27
GW:192.168.10.34
DNS: 192.168.10.33 Domain Controller (192.168.10.36 /27)

IP:192.168.10.36 /27
GW: 192.168.10.34
DNS:192.168.10.33
Lan1:192.168.10.34 /27
Lan2: 192.168.10.65 /27
Software Router Secondary zone (192.168.10.66 /27)

IP: 192.168.10.66 /27


GW: 192.168.10.65
DNS : 192.168.10.66 /27

DNS Client 2

IP: 192.168.10.67 /27


GW: 192.168.10.65
Steps : DNS: 192.168.10.66

1. rig up the circuit diagram as shown in the diagram


2. Assign the static IP addresses as shown in the Diagram
3. Configure the Primary Zone for acme.com as described in the Previous Exercise
4. Configure Software routing (refer DHCP relay agent Exercise)
5. Test for the connectivity between primary and secondary zone DNS server
6. Install DNS Component from add/remove Programs on Secondary zone DNS server
7. open DNS console by entering dnsmgmt.msc on RUN menu
8. Right click on the Forward lookup zone to view the New Zone creation Wizard and click next
9. choose the secondary zone as the zone type and click next to enter the Zone Name
10. enter the name of the Zone as acme.com and click next
11. enter the IP address of the Primary DNS server which is the Master DNS server
12. click on finish to complete the Task
13. on the secondary zone properties configure the Zone Transfer and notification by specifying the
Master DNS server address
14. test for all the records from primary should flow into Secondary Zone
15. Test for name resolution on the DNS client2 by using NSLOOKUP utility
16. Test whether you can create Records on the secondary zone

Objective 3: Configuring Stub Zone

Description : Configure a Stub zone acme.com for the Primary zone. Primary zone is located in in
BLR site Stub zone is located in Delhi site both the sites have been linked through high reliable
Bandwidth.

Network Diagram:

Primary DNS server (192.168.10.33 /27)

IP:192.168.10.33 /27
GW:192.168.10.34
DNS: 192.168.10.33 /27

DNS client1

IP:192.168.10.35/27
GW:192.168.10.34
DNS: 192.168.10.33 Domain Controller (192.168.10.36 /27)

IP:192.168.10.36 /27
GW: 192.168.10.34
DNS:192.168.10.33
Lan1:192.168.10.34 /27
Lan2: 192.168.10.65 /27
Software Router Stub zone (192.168.10.66 /27)

IP: 192.168.10.66 /27


GW: 192.168.10.65
DNS : 192.168.10.66 /27
DNS Client 2

IP: 192.168.10.67 /27


GW: 192.168.10.65
DNS: 192.168.10.66
Steps

1. Build the setup as shown in the diagram


2. Assign the IP addresses as per the Diagram
3. Configure software routing and test the connectivity between the two subnets
4. Follow the same steps used for creating secondary Zone except select stub zone instead of
secondary zone or
5. Open the properties of Secondary zone which has been created in the previous exercise click on
general tab to change the zone type from secondary to stub
6. Note down the records available in the Stub zone
7. test for the name resolution using NSLOOKUP to view Non AUTHORITATIVE answers

Objective 4: Configuring Active directory Integrated zone

Description: configure active directory integrated zone on the domain controller of BLR site. Check
for the zone update on the DELHI site Domain controller and test for dynamic updates and secure only
updates

BLR

DNS client1

IP:192.168.10.35/27
GW:192.168.10.34
DNS: 192.168.10.33 Domain Controller (192.168.10.36 /27)

IP:192.168.10.36 /27
GW: 192.168.10.34
DNS:192.168.10.33
Lan1:192.168.10.34 /27
Lan2: 192.168.10.65 /27
Software Router AD integrated zone (192.168.10.66 /27)

ADC
IP: 192.168.10.66 /27
DELHI GW: 192.168.10.65
DNS : 192.168.10.66 /27
DNS Client 2

IP: 192.168.10.67 /27


GW: 192.168.10.65
DNS: 192.168.10.66

Steps

1. Rig up the setup as per the Network Diagram


2. Assign the IP Addresses as shown in the Network Diagram
3. Configure the AD integrated zone on the primary domain controller and check for all SRV
records in the zone
4. configure ADC on the Subnet 192.168.10.64
5. Create two sites BLR and DELHI by using ADSS
6. Create two subnets 192.168.10.32 and 192.168.10.64 by using ADSS
7. Map the subnets to respective sites
8. Move Main domain controller into BLR and ADC into Delhi in ADSS
9. ensure that site link is available between BLR and Delhi
10. set the replication interval to 15 Minutes
11. install the DNS service on the ADC
12. check whether you can view the AD integrated zone on the ADC
13. to check for the dynamic update of the records , set allow dynamic updates in the zone
properties of the main DC.
14. delete the host record updated by the DNS client1 in the zone
15. disjoin the dnsclient1 from the domain and run IPCONFIG /registerdns
16. check for update in the zone
17. enable secure only option in the Dynamic updates
18. delete the updated dns client1 record from the zone
19. run IPconfig /registerdns on the DNS client computer
20. Check for the Update
21. join the computer to the domain and check for the update
22. try for updating the record through DHCP

Objective 5: Configuring forwarder


Description : configure the DNS server of ACME.com to resolve the queries of IBM.com by using
forwarder option in the DNS server

Network diagram

DC for ACME.com

IP:192.168.10.35/27
GW:192.168.10.34 IP:192.168.10.36 /27
DNS: 192.168.10.33 GW: 192.168.10.34
DNS:192.168.10.33
S/W Router
Lan1:192.168.10.34 /27
Lan2: 192.168.10.65 /27
Dns client 2 DC for IBM.com
IP: 192.168.10.67 /27 IP: 192.168.10.66 /27
GW: 192.168.10.65 GW: 192.168.10.65
DNS: 192.168.10.66 DNS : 192.168.10.66 /27

Steps

1. Build the circuit as per the Network Diagram


2. Assign the IP addresses as per the Network Diagram
3. Configure Domain controller for the Domain ACME.COM
4. Configure Domain Controller for the Domain IBM.com
5. configure AD integrated zone on both the Domain Controllers
6. with out configuring Forwarder ping IBM.com from the DNS client 1
7. right click on the DNS server in the Acme.com select forwarder option and give the address of
the IBM.com DNS server address
8. Now run pinging test from DNS client1 to IBM.com
9. Do similar steps on the DNS server of IBM.com to ping acme.com from DNS client2
LAB 3 Monitoring and troubleshooting DNS server

Objective 1: Testing DNS activities through NSLOOKUP

Description: test the host name,domain Name IP address using NSLOOKUP,also list out the
resource records through nslookup

1. Type NSLOOKUP
2. >hostaname
3. >IP address
4. >Domain Name
5. >ls –t A acme.com
6. >ls –t PTR acme.com
7. >ls –t srv acme.com
8. >ls –t MX acme.com

Objective 2: Creating Zone from Command line

Description: create a forward lookup zone IBM.com from the command line also view the
zone information from the command line

1. enter into command line check for DNSCMD command


2. DNSCMD server5.net.com /zoneadd ibm.com /primary /file ibm.dns
3. the command will create a primary zone IBM.com
4. DNSCMD server5.net.com /zoneinfo ibm.com
5. the command will display the Zone information
6. DNSCMD server5.net.com /Zoneprint ibm.com
7. The command displays all records in the Zone
8. DNSCMD server5.net.com /statistics 1
9. the command will display DNS server Time statistics
10. DNSCMD server5.net.com /statistics 2
11. The command will display Queries and responses
12. DNSCMD server5.net.com /zonedelete ibm.com /f
13. The command will delete the Zone IBM.COM

Objective 3: To generate reports using DNSLINT command

Description: To generate reports of the DNS server testing Activities by running


DNSLINT command with different switches
1. DNSLINT /ql autocreate
2. The command will generate a sample of dnslint file
3. edit the file to suit for our requirement
4. DNSLINT /ql in-dnslint.txt
5. used to request querry test from a list
6. DNSLINT /ad 192.168.10.5 /s 192.168.10.5
7. used to request AD tests
8. DNSLINT /d net.com /s 192.168.10.5
9. used to request domain name tests

Objective 4: Backup and restore of DNS server

Description : To take the backup of DNS server using NTBACKUP utility . remove the DNS
component and delete the DNS folder . Restore the DNS server back to its initial state

1. Run NTBACKUP utility on the DNS server


2. In the Backup wizard select backup
3. check selected files and folders to take backup and click next
4. check for the DNS folder in windows\system32 folder and click next
5. select the folder where you want to keep your Backup files and say finish to complete
the backup
6. Delete the DNS folder completely by stopping DNS service
7. Remove the DNS component completely
8. Recovering the DNS server
9. Install the DNS component
10. Restore the Backup by running NTBACKUP utility
11. create a forward lookup zone and link to the existing file
12. Create reverse lookup zone and link to the Existing file
13. The above procedure is applicable for Standard primary and Secondary Zones
14. The backup of AD integrated zone is taken by running system state Backup on Domain
Controller
15. Restoration of system state will restore the DNS server also
Lab 4: Configuration of WEB site and FTP site

Objective 1: Configuring new WEB and FTP site


Description: configure a web site by name Wipro.com to host the presentation slides of the
training. Provide access to authenticated users only

Configuring a WEB site

1. open Add remove programs windowscomponentsApplication


serverIIScomponents and select WWW components
2. Open Administrative toolsIIS manager
3. Right click on the web sites and select New website to open Web site creation Wizard
4. In WEB site description wizard mention Wipro.com and click next
5. select the IP address you want to use to host this Web site and click next
6. In the web site home directory provide the path of the presentation slides of Training
7. You can remove check mark for Allow Anonymous Access to this web site
8. In the Web site access permission check READ,Write and Browse and Run scripts
9. This will create a new Web site by name Wipro.com
10. Create Forward lookup zone having zone name as .by opening the DNS server console
11. create domain name wipro under .com
12. Create a A record and alias name for wipro.com under wipro
13. Create a sub domain by name WWW under Wipro
14. Create an alias name for www.wipro.com
15. open the internet Explorer and type in address field Http://192.168.10.5 it will ask for
user name and password type in domain user and password and repeat the same for next 2
steps also
16. open the internet Explorer and type in address field as wipro.com
17. open the IE and type in address field as www.wipro.com

Configuring a FTP site


Steps
1. open Add remove programs windowscomponentsApplication
serverIIScomponents and select FTP component
2. Open Administrative toolsIIS manager
3. Right click on the FTP site and select New to open new FTP site Wizard and click next
4. In FTP site description enter the name of the FTP site as Lee.com
5. Select on which IP address you want to host this FTP site and click next
6. under FTP user isolation select Do not isolate users
7. provide the path for the home directory which acts as root for FTP content sub directories
8. In FTP site access permission provide read permission to allow only download set write
permission also to have upload and download
9. This will create a FTP site by name Lee.com
10. open the DNS server console to create domain name Lee under .com
11. Add a record into this domain and add a alias name Lee.com
12. open the IE and type ftp://192.168.10.5 to access the FTP site
13. open the IE and type ftp://lee.com to access the FTP site
14. enter the command line and type FTP 192.168.10.5 and provide user name and password
to log in to the site
15. use ls command to view the list of files and folders
16. use get command to download the files
17. use put command to upload the files

Objective2: Creating secure WEB site

Description: configure a secure website wipro.com to be hosted on a server


server5.wipro.com. and test the secure connection

1. open Add remove programsAdd/remove Windows Componentsselect certificate


cervices and click next
2. select enterprise root CA and click on Next
3. Enter the common name as ENTROOTCA and hold other as default values and click next
4. retain the default values of Certificate database settings and click next to finish the
operation
5. open IIS manager , right click on the wipro.com Web site access the properties and select
directory security
6. Under secure communications click on server certificate to open a new wizard for
attaching the Existing certificate for the current web site wipro.com
7. under server certificate click on assign an existing certificate select the certificate that
you got from CA and click next
8. By default the SSL port no. it will take as 443 and click next
9. This will complete the secure web site creation
10. Open IE and type on the Address field https://wipro.com

Objective 3: Backup and Restore of IIS

Description: Take the backup of the IIS delete the sites that has been created and restore
from the backup to initiate to original State

Steps

1. Open Administrative toolsInternet information service manager. Right click on the


server under all tasks click on Backup/restore configuration and take the backup
2. Run ntbackup utility and select files and folders to be backed up
3. select the folder Inetsrv under windows\system32
4. select the location where you want to keep the Backed up files
5. this will take the backup of complete IIS
6. delete the web sites which you have created in the previous exercise
7. These web sites can be recovered by running restoration wizard in internet information
service manager
8. Remove the IIS components completely by using Add remove programs
9. install the IIS components and restore the Inetsrv folder from the backup
10. Now run the Backup/restore wizard from Internet Information server console

LAB 5 Managing the Network Access

Objective 1: Configuring a dial up connection and RAS server

Description: Establish a dial up connection to access the RAS server of your organization.
And test the connectivity

Network Diagram

Client 1 Modem PSTN Modem RAS server

Steps

1. Build the setup as shown in the Diagram


2. Install the driver for the modem on both Client PC and RAS server
3. Check for the connectivity between PC and the Modem by running query modem under
diagnostics in the Modem Properties
4. configure the RAS service on the RAS server
4.1 open Administrative toolsRouting and Remote access service
4.2 right click on the server and select Configure and enable routing and remote access
4.3 select remote access(dial up or VPN) and click next
4.4 Select dial up option to receive dialup connection
4.5 Select how do you want to assign IP address to the Dial Up clients the choices are
through DHCP or by the RAS server it self.
4.6 In this scenario select from the specified range of addresses and click next
4.7 Then provide the Address range as 192.168.10.20 to 192.168.10.30 and click next
4.8 IF you want to make This RAS server as the client for the RADIUS server select
second option else the first option. In this case select the first option
4.9 This will completes the configuration of RAS server and service will Start
automatically
4.10 Right click on the ports properties under RAS server to configure the phone
number for the modem
4.11 Create a user account on the RAS server and provide the dial in permission as
Allow access
5. On the client computer create a dial up connection
5.1 open startsettingsnetwork connectionscreate new connection to open new
connection Wizard
5.2 In the network connection type select connect to the network at my workplace
5.3 Under network connection select dial up connection and click next
5.4 Provide the name for the connection say Home
5.5 Provide the phone number which you want to dial to get connected to the RAS server
5.6 Enable check mark to create a short cut connection on the Desktop
5.7 This will create a dial up connection to get connected to the RAS server

Objective 2: Configuring a VPN connection and VPN server

Description: Create a VPN connection to establish a secure connection to get connected


to VPN server. also access file server which is placed in the corporate network

Network Diagram

WANIP:200.1.1.1 /24
LANIP:192.168.10.1 /24
WAN VPN server

Wan cloud LAN

Modem

Client 1 Domain Controller File server


IP:192.168.10.2 /24 IP:192.168.10.10 /24
GW: 192.168.10.1 GW: 192.168.10.1
Steps

1. Rig up the setup as shown in the diagram


2. Assign the static IP addresses as per the Diagram
3. Ensure that VPN server is having 2 NIC cards
4. configure VPN server by using Routing and Remote access

4.1 open administrative toolsrouting and Remote access


4.2 Right click on the server and select configure and enable Routing and Remote access to
open the routing and remote access server setup wizard
4.3 In the configuration Wizard select VPN access and NAT click next
4.4 In the VPN connection Wizard select the Interface that connects to the Internet and click
next
4.5 In the IP address Assignment Wizard select from a specified range of Addresses and click
next
4.6 In the Address Assignment Wizard provide the Address range as 200.1.1.10 to 200.1.1.20
and click OK
4.7 Do not make this VPN server as the Client of RADIUS server and click next
4.8 Click on finish to start the remote Access service

5. Configuring VPN connection on the Client computer

5.1 open startsettingsnetworkconnectionscreate a new connection to view the new


connection wizard
5.2 In the network connection type choose connect to Internet and click next
5.3 In Getting Ready Wizard select Set up my connection Manually and click next
5.4 In the Interconnection Wizard choose Connect using Dial UP modem and click next
5.5 Mention the name for the Connection as “Internet”
5.6 Mention the Phone number of the service provider which you want to dial
5.7 Provide the information of the Service provider account name password and click next
5.8 This will create the Internet connection for the client

5.9 open startsettingsnetwork connectionscreate a new connection to view the new


connection wizard

5.10 In the network connection type select connect to the network at my workplace

5.11 Select virtual private network connection in the Network connection Wizard and click
next

5.12 Provide the name for the connection as VPN

5.13 In Public network wizard select Automatically dial this initial connection and select
Internet which you have created earlier

5.14 Mention the Public IP address of the VPN server i.e 200.1.1.1 in VPN server selection
Wizard and click next

5.15 This will complete the VPN connection to the VPN server

5.16 Open the VPN connection and provide the User name and Password of the Domain User
Account which has the Dial permission as Allow Access

5.17 This will initiate the internet connection Automatically and get connected to the VPN
server
Objective 3: Configuring Software Routing

Description: Configure software routing to communicate between 192.168.10.32 /27


and 192.168.10.64 /27. Using static and dynamic Routing

Network Diagram:
Router1 Router 2

LAN1 IP:192.168.10.33 /27 LAN2 IP:192.168.10.65 /27


WAN IP: 192.168.10.97 /27 WAN IP: 192.168.10.98 /27

Client1 Client 2

LAN1 IP: 192.168.10.34 /27 LAN 2 IP:192.168.10.66 /27


GW: 192.168.10.33 GW: 192.168.10.97

Steps

1. Rig up the Circuit as per the Network Diagram


2. Configure the Static IP addresses as per the Diagram
3. To configure Static Routing between the Router1 and Router2 do following steps
4. Open Routing and Remote access in Router1
5. Right click on the Router1 and select Configure and enable Routing and Remote access
6. Select custom Configuration and click on next
7. Enable the LAN Routing service and click next
8. This will enable the Routing service on router1
9. Follow the steps from 3-8 on router2 to enable the Routing Service
10. click on router1IP routing, to view the Static Routes
11. Right click on the Static routes and select New Static Route to open the Static route
Creation Wizard
12. under interface select LAN1 destination Network as 192.168.10.66 and subnet mask as
255.255.255.224 and gateway as 192.168.10.98 and click ok
13. Click on router2IP routing, to view static Routes
14. Right click on the static routes and select new static route to open the static route
Creation Wizard
15. under interface selection select LAN2 destination Network as 192.168.10.32 and subnet
mask as 255.255.255.224 and gateway as 192.168.10.97 and click Ok
16. This will completes the Static Routing configuration
17. Right click on static routes and click on Show IP routing Table to view the Static routes
18. To configure the Dynamic Routing follow the steps below
19. open routing and remote access on Router1
20. right click on general under IP Routing to select New Routing Protocol
21. Select Open shortest path first and click Ok
22. Right click on the OSPF and select both LAN and WAN Interfaces
23. Follow the same steps fro 20-22 on router2 also
24. Right click on the static routes and select Show IP Routing Table to view the OSPF routes
25. as a part of testing check by right clicking on the OSPF to view Areas, Neighbors and
Link state Database under IP routing
26. Test for connectivity from Client1 to client 2
27. Test Tracert destination IP address to test functionality of the Routers

Objective 4 : Configuring NAT

Description : to Hide the inside private network not to get exposed to the outside world through
NAT.access the web server having an IP address 200.10.10.10/24 from the inside network

Network Diagram:

Router1 Router 2

NAT public network

LAN1 IP:10.1.1.1 /24 LAN2 IP:200.10.10.20/24


WAN IP: 200.1.1.1/24 WAN IP: 200.1.1.2 /24

Private Network
Client1 Webserver Client 2

IP:10.1.1.10/24 IP: 200.10.10.10 /24 IP: 200.10.10.30/24


GW: 200.1.1.1 GW: 200.10.10.20 GW: 200.10.10.20

Steps :

1. Rig up the Setup as shown in the Network Diagram


2. Assign the Static IP addresses as per the Network Diagram
3. Configure a Web server on the Public Network
4. Configure NAT on the Router1
5. open Routing and Remote access on router1
6. Right click on Router1 to select configure and Enable Routing and Remote access
7. Select the Network Address Translation in the Configuration Wizard and click next
8. In the NAT internet connection Wizard select the WAN Interface Which is used to Connect to the
Internet
9. This will completes the NAT configuration
10. Enable routing services on the Router2 and configure Static routing to reach the network 10.1.1.0
/24 as discussed earlier
11. Now try to access the WB server through IE
12. Right click on the Public interface in the NAT/Basic firewall on a NAT server to see show
Mapping which will provide the Private and Public Address Mapping

Objective 5 : Configuring IAS

Description: To configure two or Multiple RAS servers to act as Clients fro the RADIUS server to
provide Central Authorization configure RAS1 and RAS2 to act as Clients for the RADIUS server.
configure a client1 to dial to RAS1 or RAS2

Network Diagram:

Client 1 Modem PSTN Modem RAS1 server


IP:192.168.10.1/24
RAS2 IAS Domain Controller
IP:192.168.10.2/24 IP:192.168.10.3/24 IP:192.168.10.4/24

Steps:

1. Build the Setup as shown in the Network Diagram


2. Assign the Static IP Addresses as shown in the Diagram
3. Reserve a Pool of IP addresses 192.168.10.10 to 192.168.10.20 to RAS1
4. Reserve a pool of IP Addresses 192.168.10.30 to 192.168.10.40 to RAS2
5. Configure a Domain Controller for the Domain Wipro.com
6. Configure RAS1 and RAS2 (refer LAB 5 Objective 1)
7. Install IAS component from Add remove windows Components
8. open startprogramsadministrative ToolsInternet Authentication Service
9. right click on Radius clients and select New RADIUS client
10. provide the information RAS1 in friendly name and IP address of the RAS server
11. In New Radius Client Wizard select Microsoft as Client-vendor and type the Secret
password as Admin@123
12. Follow the Steps 8-11 for RAS2 also
13. open routing and Remote access on server RAS1
14. Right click on the RAS1 click on the Security tab
15. provide RADIUS Authentication on the Authentication Provider and RADIUS
accounting in the Accounting Provider and click OK
16. This will completes the Configuration of IAS
17. configure a Dial up client to get connected to either RAS1 or RAS2
18. Observe RAS policies will not be available on both the RAS servers once they become
the IAS Clients
19. The Authentication and Accounting has been Centralized through IAS