building a cicso network for windows 2000 phần 2 pot

34 Chapter 1 • Developing a Windows 2000 and Cisco Internetwork

NOTE

To connect to the Internet, you will need to have a registered IP address

for your network. Some organizations, however, require far more

addresses than they have available in their registered address set. To get

around this issue, Request for Comments (RFC) 1918 provides unregis￾tered addresses. To use them and still connect to the Internet, the orga￾nization must translate between a registered IP address that is applied to

an interface connected to the Internet, and the unregistered IP addresses

that are applied to the hosts on the internal network. This process is

called network address translation (NAT). RFC 1918 reserves the fol￾lowing addresses:

Class A–10.x.x.x

Class B–172.16.x.x to 172.31.x.x

Class C–192.168.1.x to 192.168.254.x

RFC 1918 is available at ftp://www.arin.net/rfc/rfc1918.txt.

The remaining addresses from 224 through 239 are reserved for class

D, or multicasting. From 240 through 255, the addresses are considered

class E or experimental. No matter what address a host is assigned, it

must be unique on the internetwork.

IP addressing and routing can be performed without the use of classes.

This is called Classless InterDomain Routing (CIDR). Each distinct route

on the network is not advertised separately. Instead, it is aggregated with

multiple destinations. One benefit of using CIDR is to reduce the size of

the routing tables.

Each address must have a way of separating the network’s IP address

from the host’s IP address. This is achieved with a mask. When you “sub￾tract” the mask from the full address, the result separates the two. Each

class of addresses has its own default mask. A class A address has the

default mask of 255.0.0.0. As you see, the first octet is masked, enabling

the IP address portion to remain. The default mask for class B is

255.255.0.0, and the default mask for class C is 255.255.255.0.

When a network administrator wants to apply a network address to two

different network segments, the IP address must be subnetted. Subnetting

is the process of shifting the boundary from the network portion into part

of the host portion. This creates multiple subnets that can be applied to

physically distinct network segments.

www.syngress.com

71_BCNW2K_01 9/10/00 12:27 PM Page 34

Developing a Windows 2000 and Cisco Internetwork • Chapter 1 35

Subnets are achieved by adding more 1 bits to the default mask. For

instance, a subnet mask for a class A address could be 255.192.0.0

instead of 255.0.0.0. The addition of two 1 bits changed the mask.

If you add two 1 bits to a class C subnet mask, you create two subnets,

each with a possible 62 hosts available to it. If you add three 1 bits, you

create six subnets, each with a possible 30 hosts.

www.syngress.com

Dynamic Host Configuration

Protocol for IP Address

Management

Until Dynamic Host Configuration Protocol (DHCP) arrived, IP address

management was the bane of many a network administrator’s exis￾tence. Each host was matched up with an IP address that had to be

unique from all other IP addresses. In addition, the IP address uses a

mask to determine on which network segment the host is located; to do

so, all hosts on the same segment had to have the same mask. Errors in

IP addressing, such as duplicate IP addresses and wrong subnet masks,

were common. In addition, there tended to be an inefficient assignment

of IP addresses. If a user went on vacation, his or her workstation’s IP

address went unused during that time. If a workstation was replaced, it

may have been assigned a new IP address and the old one remained

assigned to a computer that was no more than a ghost on the network.

With a dearth of IP addresses available, network administrators needed

to reclaim any unused IP addresses that they could. DHCP was helpful

because it could allocate an IP address automatically, as it was needed,

and configuration of the mask was performed a single time for a group

of IP addresses. Above all, DHCP assigned IP addresses through a leasing

system that reclaimed an IP address after the lease expired.

For Managers

71_BCNW2K_01 9/10/00 12:27 PM Page 35

36 Chapter 1 • Developing a Windows 2000 and Cisco Internetwork

Case Studies

Throughout this book, various chapters will include discussions about

implementing the technology for two fictional companies.

ABC Chemical Company

The ABC Chemical Company has the following characteristics. It is a large

industrial chemical company involved in the manufacturing of pharmaceu￾ticals, household products, and raw chemical supplies for clientele. The

company is housed in one large area—a campus environment—with the

exception of two distribution warehouses: one on the east coast, one on

the west coast.

The main campus consists of three large complex buildings that house

the company’s five main departments: Research and Development,

Executive Management, Sales and Marketing, Distribution, and IT/

e-commerce.

There are 1100 employees; the breakdown per department is as follows:

Research and Development: 500

Sales and Marketing: 250

Distribution: 150

Executive Management: 25

IT/e-commerce: 75

Warehouse East: 50

Warehouse West: 50

The ABC Chemical Company currently is running on a Windows NT

network on the main campus with each of the warehouses dialing in to

report to executive management. The network was designated originally for

the Management and Sales divisions only, but over the years the network

has evolved into a mainstay tool of the company. The immediate decision

to upgrade to Windows 2000 and Active Directory is being considered in

order to stay within FDA and government requirements for Internet and

company security. Secondary objectives are to increase productivity and

collaboration between the departments. There is also a desire to gain a

strategic advantage over competition by utilizing video and audio confer￾encing over the Internet for sales and communication with clients. Finally,

the IT department intends to cut costs of administrating the internetwork.

To accommodate the networking needs of the LAN environment on a

campus backbone design, the company is investigating whether to deploy a

“hub and spoke” switch-intensive design. The three main buildings at the

www.syngress.com

71_BCNW2K_01 9/10/00 12:27 PM Page 36

Developing a Windows 2000 and Cisco Internetwork • Chapter 1 37

main campus would be linked in a triangular fiber gigabit configuration to

allow for redundant backbone functionality while providing the best pos￾sible speed between the campus buildings. The switched network is pro￾posed to be configured with two gigabit switches at the core, equipped with

dual Route Switch Modules (RSM) and Supervisor cards. One of the gigabit

switches may be configured as an online backup to the other gigabit

switch utilizing Hot Standby Routing Protocol (HSRP) to allow for a com￾pletely redundant network core. The RSM modules will be programmed to

route between the department virtual local area networks (VLANs) (see

later) and outlying company resources.

Department switches are proposed to run into the core switches via

fiber gigabit links to allow for connectivity to the user community. Each set

of department switches will be configured with their own VLAN, thus

allowing for better network performance within the departments and for

tighter physical network security for data-sensitive areas such as Human

Resources (a subsection of the Executive Management department) and

Research and Development.

The IT department is considering setting up its own VLANs, to be used

exclusively for the corporate server farm and server backup systems. The

IT department also houses two routers that it intends to keep: one for the

Internet and voice communications systems and another to allow access

via frame relay to the warehouse facilities.

West Coast Accounting, L.L.C.

West Coast Accounting, Limited Liability Corporation, is a medium-sized

accounting firm with offices in key cities up and down the west coast.

There are offices in Seattle, Los Angeles, Portland, and Phoenix, with the

main headquarters in San Francisco. The San Francisco office has 100

employees, including Executive Management, Human Resources,

Accounting, and IT departments. The IT department handles all connec￾tivity to the Internet, e-commerce, and Web-hosting tasks, as well as thin￾client server management and remote dial-in systems. Each of the branch

offices house 50 employees, including accountants and support staff.

There are a total of 300 employees.

The company has grown over time via acquisition of smaller individual

companies. This caused a scenario in which IT has had to support multiple

network operating systems and configurations including peer-to-peer

Windows sharing, Windows NT server/client architecture, and Novell

NetWare architecture, as each acquisition was incorporated into the net￾work. All interoffice collaboration was done via phone, fax, or individual

Internet e-mail accounts.

www.syngress.com

71_BCNW2K_01 9/10/00 12:27 PM Page 37

38 Chapter 1 • Developing a Windows 2000 and Cisco Internetwork

The decision to install a Microsoft Windows 2000 and Cisco environ￾ment is being considered due to West Coast’s need to consolidate the com￾pany onto one cohesive networking system. This would allow data access

to all offices and the Internet via one network in order to reduce overall

communications, network administration costs, and to integrate the e-mail

systems to one MS Exchange system for interoffice collaboration.

Secondary objectives are to create an Internet presence for the entire com￾pany under one Internet domain and to replace the old analog dial-in sys￾tems with a more secure and dynamic virtual private network (VPN) access

system. Finally, there is a desire to implement Voice over IP (VoIP) in the

future to eliminate the long distance phone bills inherent in the operations

of the multicity company.

Under consideration is a new WAN design in which a new Cisco-routed

architecture will be implemented over Frame Relay connections. The main

site will have a switched core for the user community and central server

farm running Windows Terminal Server (for centralized applications for

billing and reporting) and will be linked to the remote offices using redun￾dant core Cisco 3640 routers linked over Frame Relay to Cisco 2610s out

at the offices. The Internet will be connected at the main site using a 2610

router equipped with the IP Plus feature set to allow for NAT translation

and Cisco PIX Firewall capability.

Summary

Directory enabled networking (DEN) is a new technology specification that

was originally developed by Microsoft and Cisco. The two companies then

presented their specification to the Distributed Management Task Force

(DMTF) and the Internet Engineering Task Force (IETF) for standardization.

DEN specifies a directory service, which has a common schema. The

schema is the list of classes, or types of objects that can exist within the

directory. It also describes the attributes, or values, of the objects. Objects

represent the services, resources, or user accounts that can participate on

the network. The directory service can specify the policies that manage

how these objects relate to each other.

DEN’s value is in becoming a standard. If directory services developed

by different vendors all meet DEN requirements, then different vendors’

directories can be integrated. The fewer directory services there are, the

less administrative overhead will be utilized. This can free up a traditional

information technology staff for more interesting projects than managing

multiple user accounts in multiple directories.

www.syngress.com

71_BCNW2K_01 9/10/00 12:27 PM Page 38

Developing a Windows 2000 and Cisco Internetwork • Chapter 1 39

One of the opportunities for DEN is to enable policy-based networking

such that a user’s account can be granted various capabilities on the inter￾network through the application of a policy. The alternative to policy-based

networking is to micromanage the granting of capabilities when neces￾sary—for the IP address or host name of the user’s computer.

Windows 2000 is the latest operating system released by Microsoft.

This operating system has four versions:

Windows 2000 Professional The workstation version, also considered the

upgrade for Windows NT Workstation v4.0.

Windows 2000 Server The workgroup server version, considered the

upgrade for Windows NT Server v4.0.

Windows 2000 Advanced Server The enterprise server version, consid￾ered the upgrade for Windows NT Server v4.0 Enterprise Edition.

Windows 2000 DataCenter Server A special original equipment manufac￾turer (OEM) release for high-performance server equipment.

Microsoft has released Windows 2000 with a new feature called Active

Directory. Active Directory is a directory service that provides a hierar￾chical management of the Microsoft network resources, services, and user

accounts. The Active Directory is an implementation that closely resembles

the DEN specification.

Cisco develops routing and switching equipment. Cisco routers run the

Cisco Internetwork Operating System (IOS). The IOS has the capability of

scaling from small workgroup networks to global, wide area networks.

Cisco produces not only the equipment and its operating system, but also

several applications. Some of the tools available for designing and man￾aging a Cisco internetwork include:

Cisco ConfigMaker A free design tool that runs on Windows PCs.

Cisco FastStep A free configuration tool for some of the Cisco routers and

access servers, which also runs on Windows PCs.

CiscoWorks A suite of management applications that has versions avail￾able for UNIX and for Windows.

Cisco and Microsoft converge their technologies with the Cisco

Networking Services for Active Directory (CNS/AD). This technology

enables true policy-based networking extended to the routing and infras￾tructure equipment on the internetwork.

Networking basics apply to understanding the Microsoft and Cisco

technologies. These include the Open Systems Interconnection (OSI)

www.syngress.com

71_BCNW2K_01 9/10/00 12:27 PM Page 39