http://www.netscum.dk/technet/archive/winntas/proddocs/rras40/rrasch04.mspx?mfr=trueChapter 4 - Planning for Small-Scale Configurations
This chapter focuses on how to create typical small-scale network configurations in which a Windows NT router can be used. This chapter also describes the process of creating a demand-dial connection. The following routed network scenarios are highlighted in this chapter:
• Small office network
• Medium-size office network
• Home network
• Demand-dial network
Network media, addressing, routing protocols, and other services are discussed as they apply to each scenario. While the actual networks you work with might vary, the basic concepts apply as discussed here. Many of these concepts also apply to the large-scale configurations discussed in Chapter 5, "Planning for Large-Scale Configurations."
The network addresses used in examples in this chapter use private address ranges as specified in RFC 1597. If your network will be connected to the Internet, contact an Internet service provider (ISP) to receive network addresses acquired from the Internet Assigned Number Authority (IANA).
Note Routing and Remote Access Service running on Windows NT Server version 4.0 is also referred to as the Windows NT router.
Small Office Routed Network
A small office network has the following characteristics:
• A few LAN segments; for example, one segment on each floor or wing of a building
• Only one network protocol (IP or IPX), which is used by everyone
• Closed network with no connectivity to or from another network
See Figure 4.1 for an example of this type of network.
Figure 4.1 Small office routed network
In this small office network, you configure Windows NT Routers 1 and 2 with a network adapter for each medium being used on the networks. For example, you install one Ethernet card and one Token Ring card on each router.
Planning Addresses on the Small Office Network
You can assign a Class C network for each LAN segment. This provides for growth in your network by enabling a maximum of 254 computers on each segment.
Table 4.1 shows how to assign addresses to your network.
Table 4.1 Addresses on the Small Office Network
Segment IP Network Mask
Network A
192.168.1.0
255.255.255.0
Network B
192.168.2.0
255.255.255.0
Network C
192.168.3.0
255.255.255.0
After planning your network, you assign addresses (manually or by using the DHCP Service) in the ranges described in Table 4.1 for all other computers on Networks A, B, and C.
Routing Protocols for the Small Office Network
It is not necessary to use routing protocols to propagate routing information on small networks. Instead, you can configure static routes on the two routers. See the section "Configuring the Small Office Network" for an example of how to add static routes.
Other Services on the Small Office Network
You can use the DHCP Service for automatic configuration of IP addresses and other information on client computers. For the network depicted in Figure 4.1, the DHCP/BOOTP relay agent must be configured on Windows NT Router 1 and Windows NT Router 2. When the relay agent is used, client computers on Networks A and C can acquire addresses from the DHCP server on Network B. For information on setting up a DHCP server, refer to your DHCP server documentation.
Note You do not need to use a relay agent on your router if you have a DHCP server on each network segment.
Configuring the Small Office Network
Given this type of network, the media used within the network, and the services you need to provide, follow the steps outlined in the following sections to configure this network:
• Install and configure network adapters
• Install Routing and Remote Access Service
• Add IP static routes to each router
• Install and configure the DHCP relay agent
• Install a WINS or DNS name server
These steps are intended as a general guideline to setting up a small office routed network. You can find detailed procedures for these steps in the Routing and Remote Access Service online Help file Mpradmin.hlp, or in Control.hlp, the Help file for Control Panel.
Install and Configure Network Adapters
1.
Install two network adapters into every router computer.
2.
Install the drivers for the network adapters by using Network in Control Panel.
3.
Configure IP addresses on the network adapters by using Network in Control Panel.
For example:
Router Network Adapter connected to Address
Router 1
Network A
192.168.1.1
Network B
192.168.2.1
Router 2
Network B
192.168.2.2
Network C
192.168.3.1
Install Routing and Remote Access Service
The network adapters you have installed automatically appear as interfaces in Routing and RAS Admin.
Add IP Static Routes
1.
In Routing and RAS Admin, right-click Static Routes under IP Routing, then click Add static route.
2.
Add static routes as shown below.
The interface to use should be the network adapter connected to Network B. For example:
Router Destination Mask Gateway Metric Interface
Router 1
192.168.3.0
255.255.255.0
192.168.2.1
2
[1] Netelligent 10/100 TX PCI UTP Bus 0
Router 2
192.168.1.0
255.255.255.0
192.168.2.2
2
[1] Netelligent 10/100 TX PCI UTP Bus 0
Install and Configure the DHCP Relay Agent
To set up and configure DHCP on your network, you need to install the DHCP relay agent, configure your routers to use the relay agent, and configure your server to be used by your clients.
To install the DHCP relay agent on Router 1 and Router 2
1.
In Routing and RAS Admin, right-click Summary under IP Routing, then select Add routing protocol.
2.
In the Select Routing Protocol dialog box, click DHCP Relay Agent, then click OK.
3.
In the DHCP Configuration dialog box, add the IP addresses of the DHCP servers you want to forward packets to.
To configure Router 1 and Router 2 to use the DHCP/BOOTP Relay Agent
1.
In Routing and RAS Admin, right-click DHCP Relay Agent under IP Routing, then select Add interface.
2.
In the Select Interfaces for DHCP Relay Agent dialog box, select the interface to add.
Configure your DHCP server so that the clients on the network can use DHCP. For more information, refer to your DHCP documentation.
Install a WINS or DNS Name Server
To access network resources by using NetBIOS or domain names, you must install a WINS or DNS name server. For more information, refer to your WINS or DNS documentation.
Testing the Small Network Configuration
From a computer in Network A, ping a computer on Network C. If you receive a reply from the computer on Network C, the packets are being routed correctly.
For more information about using the ping utility, see Chapter 6, "Troubleshooting."
Top of page
Medium-Size Office Routed Network
A medium-size office network has the following characteristics:
• Several LAN segments; for example, one segment on each floor or wing of a building with a backbone
• More than one network protocol (IP or IPX)
• Dial-up connectivity for users connecting from home or while traveling
• Figure 4.2 shows an example of this type of network.
Figure 4.2 Medium-size office network
A medium-size network typically uses a few different types of network media. The different office segments can be on 10-MB Ethernet or Token Ring networks, but the backbone network used for connecting the different networks and hosting servers can be made up of 100-MB Ethernet, FDDI, and so on.
Table 4.2 shows the network media used in this medium-size office network.
Table 4.2 Network Media for the Medium-Size Network
Router Role Media
Windows NT Router 1
Connects to Network A
One 10-MB Ethernet or Token Ring card
Connects to backbone
One 100-MB Ethernet or FDDI card
Windows NT Router 2
Connects to Network B
One 10-MB Ethernet or Token Ring card
Connects to the backbone
One 100-MB Ethernet or FDDI card
Windows NT Router 3
Connects to Network C
One 10-MB Ethernet or Token Ring card
Connects to the backbone
One 100-MB Ethernet or FDDI card
Windows NT Router 4
Connects to the backbone
One 100-MB Ethernet or FDDI card
Connects to the Remote Access client
Modems and/or ISDN lines
Planning Addresses on the Medium-Size Office Network
The addresses you need to provide are specific to the transport protocol you are using on the network: IP or IPX.
The following sections describe how to assign addresses to your network.
IP Addressing for the Medium-Size Network
This example assumes that five Class C networks are used. Each network segment as well as the backbone has a Class C network number, which accommodates at least 254 computers per segment. The Remote Access Service (RAS) server assigns addresses from a distinct Class C network to easily identify remote users for troubleshooting purposes.
Table 4.3 IP Addresses for the Medium-Size Network
Segment IP Network Mask
Backbone
192.168.1.0
255.255.255.0
Network A
192.168.2.0
255.255.255.0
Network B
192.168.3.0
255.255.255.0
Network C
192.168.4.0
255.255.255.0
Network D
192.168.5.0
255.255.255.0
After planning your network, you assign addresses (manually or by using the DHCP Service) in the ranges described in Table 4.3 for all other computers on Networks A, B, C, and D.
IPX Addressing for the Medium-Size Network
You must assign a unique hexadecimal internal network number to your IPX router. If you have the default internal network number, 0x00000000, the router will not start. The IPX internal network number is configured in Network in Control Panel by selecting the NWLink IPX/SPX protocol and clicking Properties.
Table 4.4 shows how to assign addresses in your IPX network.
Table 4.4 IPX Addresses for the Medium-Size Network
Segment IPX Network
Backbone
0x80000000
Network A
0x80000001
Network B
0x80000002
Network C
0x80000003
Network D
0x80000004
After planning your network, you must "seed" the network. To do this, you configure the IPX protocol by using Network in Control Panel to enter a network number for the network adapter.
As a result of this seeding, all computers on Networks A, B, C, and D then autoconfigure by sensing the network number and the frame type.
Routing Protocols for the Medium-Size Network
Routing Information Protocol (RIP) version 2 is the recommended IP routing protocol for medium-size networks by virtue of its simplicity. You configure RIP version 2 on Windows NT Routers 1, 2, 3, and 4.
RIP and Service Advertising Protocol (SAP) are recommended as the IPX routing and service protocols.
Other Services on the Medium-Size Network
You can use the DHCP Service for automatic configuration of IP addresses and other information on client computers. For the network depicted in Figure 4.2, the DHCP/BOOTP relay agent must be configured on Windows NT Routers 1, 2, and 3. When the relay agent is used, client computers on Networks A, B, and C can acquire addresses from the DHCP server on the backbone. For information on setting up a DHCP server, refer to your DHCP server documentation.
Note You do not need to use a relay agent on your router if you have a DHCP server on each network segment.
Configuring the Medium-Size Network
Given this type of network, the media used within the network, and the services you need to provide, follow the steps outlined in the following sections to configure this network:
• Install and configure network adapters.
• Install Routing and Remote Access Service.
• Configure RIP.
• Configure remote access devices.
• Install and configure the DHCP relay agent.
• Install and WINS or DNS name server.
These steps are intended as a general guideline to setting up and testing a medium-size office routed IP network. You can find detailed procedures for these steps in the Routing and Remote Access Service online Help file, Mpradmin.hlp, or in Control.hlp, the Help file for Control Panel.
Install and Configure Network Adapters
1.
Install two network adapters into every router computer.
2.
Install the drivers for the network adapters by using Network in Control Panel.
3.
Configure IP addresses on the network adapters by using Network in Control Panel.
For example:
Router Network adapter connected to Address
Router 1
Backbone
192.168.1.1
Network A
192.168.2.1
Router 2
Backbone
192.168.1.2
Network B
192.168.3.1
Router 3
Backbone
192.168.1.3
Network C
192.168.4.1
Router 4 (RAS Server)
Backbone
192.168.1.4
Pool of addresses starting with
192.168.5.0
and mask
255.255.255.0
4.
On Router 4, create a RAS IP address pool after installing Routing and Remote Access Service. For more information on how to create RAS IP address pools, see "Creating a RAS IP Address Pool" in the online Help.
Install Routing and Remote Access Service
Install Routing and Remote Access Service on every router. The network adapters you have installed automatically appear as interfaces in Routing and RAS Admin.
Note When you install Routing and Remote Access Service, you can choose to install only LAN routing on Routers 1, 2, and 3. However, you must install LAN routing and a RAS server on Router 4.
Configure RIP
On each router, configure the RIP protocol. To configure RIP, you must add the RIP routing protocol to IP, add each interface to RIP, and then enable RIP version 2 on the RIP interface connected to the backbone.
To add RIP to IP
1.
In Routing and RAS Admin, right-click Summary under IP Routing, then select Add routing protocol.
2.
In the Select Routing Protocol dialog box, select RIP version 2 for Internet Protocol and click OK.
3.
In the RIP for Internet Protocol Configuration dialog box, make any RIP configurations and then click OK.
To add each interface to RIP
1.
In Routing and RAS Admin, right-click RIP for Internet Protocol, then select Add interface.
2.
In the Select Interfaces for RIP version 2 for Internet Protocol dialog box, select the interface to add.
To enable RIP version 2
1.
In Routing and RAS Admin, select RIP for Internet Protocol and then select the RIP interface connected to the backbone.
2.
Right-click and then select Configure interface.
3.
On the General tab, under Protocol for outgoing packets, select RIP version 2 multicast.
4.
Under Protocol for incoming packets, select RIP version 2 only and then click OK.
Configure Remote Access Devices
Router 4 is a RAS server with dial-in RAS clients. On Router 4, install remote access devices and then add the devices to Routing and Remote Access Service.
To configure remote access devices
1.
On Router 4, install remote access devices.
2.
In Network in Control Panel, configure the Routing and Remote Access Service by adding modems, ISDN, or VPN devices and defining the RAS IP address pool.
For more information about configuring a RAS pool, see the topic "Creating a RAS IP Address Pool" in the online Help.
Install and Configure the DHCP Relay Agent
To use DHCP on your network, install the DHCP relay agent on Routers 1, 2, and 3, configure both interfaces on the routers to use the relay agent, and configure your server to be used by your clients.
To install the DHCP Relay Agent on each router
1.
In Routing and RAS Admin, right-click Summary under IP Routing, then select Add routing protocol.
2.
In the Select Routing Protocol dialog box, select DHCP Relay Agent and click OK.
3.
In the DHCP Configuration dialog box, add the IP addresses of the DHCP servers you want to forward packets to.
To configure the DHCP Relay Agent
1.
In Routing and RAS Admin, right-click DHCP Relay Agent under IP Routing, then select Add interface.
2.
In the Select Interfaces for DHCP Relay Agent dialog box, add the interface that connects to the clients that need IP addresses.
3.
Click OK and then repeat these steps to add the interface that connects to the DHCP server.
To configure your DHCP server so that the clients on the network can use DHCP, refer to your DHCP documentation.
Install a WINS or DNS Name Server
To access network resources by using NetBIOS or domain names, install a WINS or DNS name server. For more information, refer to your WINS or DNS documentation.
Testing the Medium-Size Network Configuration
Are packets being routed correctly?
From a computer on each network, ping a computer on every other network. If you do not receive a reply from a network, the packets are not being routed correctly.
Are you sending RIP packets correctly?
To make sure that you are sending RIP packets correctly, view the neighboring RIP routers on one RIP router. You can also select RIP for IP and then view the Responses sent and Responses received columns in the right window.
To see the RIP neighbors
• In Routing and RAS Admin, right-click RIP for IP under IP Routing, then select View RIP information.
Are you routing to all the networks?
To make sure you are routing to all the networks, view the IP routing table on a router.
To see the IP routing table
• In Routing and RAS Admin, right-click Static Routes under IP Routing, then select View IP routing table.
For more information about using the ping utility, see Chapter 6, "Troubleshooting."
Top of page
Home Network
This scenario describes a home network that connects to the Internet.
A home network has the following characteristics:
• One LAN segment
• IP network protocol
• Demand-dial or dedicated-link connectivity to the ISP
• Figure 4.3 shows an example of this type of network.
Figure 4.3 Home network
The Windows NT router must be configured with a network adapter for the media being used in the home network (for example, Ethernet) and ISDN or an analog modem. A leased-link connection can be used, but this scenario discusses only demand-dial connections.
Planning Addresses on the Home Network
An ISP typically assigns a Class C subnet for use in home networks. For this example, an address range of 14 addresses is assumed. The network number is 192.168.1.16 and the mask is 255.255.255.240.
Routing Protocols on the Home Network
It is not necessary to use routing protocols to propagate IP routing information on a small network. Instead, you can configure static routes on the Windows NT router. For an example of how to add a static route, see "Configuring a Home Network."
Other Services on the Home Network
Computers in the home network can be configured to use any ISP-provided services, such as domain name servers, Network News Transfer Protocol (NNTP) servers, and mail servers.
Configuring a Home Network
Given this type of network, the media used within the network, and the services you need to provide, follow the steps outlined in the following sections to configure this network:
• Install and configure the network adapter.
• Install Routing and Remote Access Service.
• Configure remote access devices.
• Configure a RAS address pool.
• Create a demand-dial interface.
• Add IP static routes.
• Set a filter on the interface.
• Configure ISP services.
These steps are intended as a general guideline to setting up and testing a home network. You can find detailed procedures for these steps in the Routing and Remote Access Service online Help file mpradmin.hlp or in control.hlp, the Help file for Control Panel.
Install and Configure Network Adapters
1.
On the Windows NT router, install one network adapter.
2.
Install the drivers for the network adapter by using Network in Control Panel.
Install Routing and Remote Access Service
Install Routing and Remote Access Service on the Windows NT home router. The network adapter you have installed automatically appears as an interface in Routing and RAS Admin.
Configure Remote Access Devices
Install devices on the Windows NT router that you need to connect to the ISP, and then add the devices and configure an IP address by using Network in Control Panel.
To configure an IP address on the network adapter
• On the Windows NT router, use Network in Control Panel to assign the address 192.168.1.17 to the network adapter connected to the LAN.
Configure a RAS Address Pool
In Network in Control Panel, configure the Routing and Remote Access Service to use a static address pool. For more information, see the topic "Creating a RAS IP Address Pool" in the online Help file.
For this example, the RAS address pool uses the IP address of 192.168.1.28 and the mask 255.255.255.252. This enables a subset of 28 to 31. The address 28 is the subnet ID (0), 29 is used for the router itself, 30 is used for one dial-in client (the ISP), and 31 is broadcast. Now, you can assign only the IP addresses 192.168.1.17 through 192.168.1.27 to computers on the home LAN.
Create a Demand-Dial Interface
On the Windows NT router, create a demand-dial interface to connect to the ISP. For more information on creating a demand-dial interface, see the "Demand-Dial Network" section later in this chapter.
Add IP Static Routes
1.
In Routing and RAS Admin, right-click Static Routes under IP Routing, then select Add static route.
2.
Add one static route to the router. The interface to use is the modem or remote access device that connects to the ISP.
Destination Mask Gateway Metric Interface
0.0.0.0
0.0.0.0
ISP Address
1
The interface for the connection to your ISP.
This route specifies that if a packet is sent to any computer not on the 192.168.1.16 network, a demand-dial connection is made to the ISP.
Set a Filter on the Interface
Set a filter on the interface connected to the ISP to ensure that people cannot browse your computer from the Internet. For more information, see the topic "Adding Local Host Filters" in the online Help file.
Configure ISP Services
Configure the home network to use any ISP-provided services.
Testing the Home Network Configuration
From a computer in the home network, ping a computer on the destination network. If you receive a reply from the destination computer, the packets are being routed correctly.
For more information about using the ping utility, see Chapter 6, "Troubleshooting."
Top of page
Demand-Dial Network
Dial-out-only connections are useful when a central site calls remote sites, but the remote sites connect only occasionally. The ports over which you are making demand-dial connections must be configured for routing.
To configure ports for routing
1.
In Network in Control Panel, select Routing and Remote Access Service.
2.
Click Properties.
3.
Select a port and click Configure.
4.
Select the Dial out and receive calls as a demand dial router check box and click OK.
Routing and RAS Admin includes a wizard to help you set up demand-dial connections. The Demand Dial wizard steps you through the dialog boxes and options. The procedures in this section are intended to provide an overview of how to make a successful demand-dial connection between routers.
To start the Demand-Dial wizard
• In Routing and RAS Admin, right-click LAN and Demand Dial Interfaces, then select Add interface.
You must add an interface for each remote connection you want to make. You can create more than one interface for a remote connection if you want a backup link for the same site. You can also create more than one interface for a remote connection if you are using tunnels; for example, the first interface is for dialing an ISP and the second interface is to connect to the remote RAS server.
Making a Demand-Dial Connection
To configure a demand-dial connection between two locations, such as New York and Seattle in the example in this section, you must complete a series of procedures.
To make a one-way demand-dial connection from Seattle to New York:
• Add an interface on RouterS with the name of "New York."
• Add an interface on RouterNY with the name of "Seattle."
• On RouterS, set the credentials used when dialing into RouterNY.
• On RouterNY, create a user with the user name "Seattle" and password as used in the Credentials dialog box on RouterS.
If you want to make a connection back to Seattle from New York, you must complete additional steps. This is essentially the opposite of the configuration you have just completed:
• On RouterNY, set credentials on the "Seattle" interface to be used when dialing in to RouterS.
• On RouterS, create a new user with the user name "New York" and password as used in the Credentials dialog box on RouterNY.
See the following sections for examples of how to complete these steps.
Figure 4.4 shows an example demand-dial connection from Seattle to New York.
Figure 4.4 Demand-dial connection from Seattle to New York
Add an Interface on the Seattle Router
When you dial from Seattle to New York, each router must have an interface that represents the opposite router. The local router uses that interface to identify the remote router dialing in. When a call comes in, the user name of the remote router is matched to an interface on the local router.
Figure 4.5 shows the interface "New York" on the Seattle router.
Figure 4.5 The "New York" interface on RouterS
To add an interface on RouterS with the name of "New York"
1.
On RouterS, right-click LAN and Demand Dial Interfaces and click to clear Use demand-dial wizard.
2.
Right-click LAN and Demand Dial Interfaces again and then click Add interface.
3.
On the General tab, in Interface name, type New York.
Add an Interface on the New York Router
On RouterNY, add an interface. In this case, name the interface "Seattle."
Figure 4.6 shows the interface "Seattle" on the New York router.
Figure 4.6 The "Seattle" interface on RouterNY
To add an interface on RouterNY with the name of "Seattle"
1.
On RouterNY, right-click LAN and Demand Dial Interfaces and click to clear Use demand-dial wizard.
2.
Right-click LAN and Demand Dial Interfaces again and then click Add interface.
3.
On the General tab, in Interface name, type Seattle.
Set Credentials on the Seattle Router
Next, you need to set the credentials on the Seattle router to use for dialing in to the New York router.
Figure 4.7 shows credentials set on the Seattle router for dialing in to the New York router.
Figure 4.7 Credentials set on RouterS for dialing in to RouterNY
To set the credentials on RouterS to use when dialing in to RouterNY
1.
On RouterS, right-click the New York interface and click Set Credentials.
2.
In the Interface Credentials dialog box, in User name, type Seattle.
3.
In Password, type the password for RouterS.
Create a User on the New York Router
On RouterNY, you now create a user with the user name "Seattle" and a password, as used in the Credentials dialog box on RouterS.
Figure 4.8 shows the user "Seattle" on the New York router.
Figure 4.8 User "Seattle" on RouterNY
To create a user with the user name "Seattle" on RouterNY
1.
On RouterNY, open User Manager for Domains.
2.
On the User menu, click New User.
3.
In the New User dialog box, in Username, type Seattle.
4.
In Password, type the password for RouterS.
You have now completed a demand-dial connection from Seattle to New York. To make a connection back to Seattle from New York complete the following steps.
Set Credentials on the New York Router
Set the credentials on the New York router to use for dialing in to the Seattle router.
Figure 4.9 shows credentials set on the New York router for dialing in to the Seattle router.
Figure 4.9 Credentials set on RouterNY for dialing in to RouterS
To set the credentials on RouterNY to use when dialing in to RouterS
1.
On RouterNY, right-click the Seattle interface and click Set Credentials.
2.
In the Interface Credentials dialog box, in User name, type New York.
3.
In Password, type the password for RouterNY.
Create a User on the Seattle Router
Finally, on RouterS, you now create a user with the user name "New York" and a password, as used in the Credentials dialog box on RouterNY.
Figure 4.10 shows the user "New York" on the Seattle router.
Figure 4.10 User "New York" on RouterS
To create a user with the user name "New York" on RouterS
1.
On RouterS, open User Manager for Domains.
2.
On the User menu, click New User.
3.
In the New User dialog box, in Username, type New York.
4.
In Password, type the password for RouterNY.
Note After you understand the demand-dial process, you might want to use the same interface name on both sides of the demand-dial connection in order to simplify the process. For example, you can use the name Seattle-NewYork on the interface you create on RouterS and as the name of the interface you create on RouterNY. In this way, the user names you then create on both routers will also be Seattle-NewYork.
If the routers are in the same domain, you must make sure that every interface name is unique on the local router.