Beruflich Dokumente
Kultur Dokumente
Mahdi
You can use the Routing And Remote Access snap-in to set up two kinds of filters that screen out some types of RIP updates:
Route filters allow you to pick and choose the
networks that you want to admit knowing about and for which you want to accept announcements. Peer filters give you control over the neighboring routers to which your router will listen.
of known routes at periodic intervals (which you define). Autostatic update mode, the RRAS router broadcasts the contents of its routing table only when a remote router asks for it.
One drawback to RIP in either version is that it causes the router to send its entire routing table with every update. This can generate a large amount of traffic and makes RIP inappropriate for many of todays networks. Another routing protocol, Open Shortest Path First, solves this problem by sending updates for only routes that have changed.
Internal routing:
Refers to routing that occurs within your
internetwork. By contrast, border routing is what happens when packets leave your internetwork and go to another router someplace else.
Filters are usually used to block out undesirable traffic. In general, the idea is to keep out packets that your machines doesnt need to see. You can construct filters that allow traffic into or deny traffic out of your network based on rules that specify source and destination addresses and ports.
rules.
on TCP ports 80 and 443. Block all outgoing packets on the ports used by the MSN and AOL instant messaging tools. Filters on a PPTP or L2TP server can screen out everything except VPN traffic.
You create and remove filters by using the Input Packet Filters and Output Packet Filters buttons on the General tab of the Local Area Network Properties dialog box. The mechanics of working with incoming and outbound filters are identical; just remember the following guidelines:
You create inbound filters to screen traffic coming to
the interface. You create outbound filters to screen traffic going back out through that interface.
Drop All Packets Except Those That Meet The Criteria Below
This option is inactive until you create a filter rule.
accepts only those packets you specify and excludes everything else.
defined on this interface.
The Filters list, which is initially empty, shows you which filters are
Each entry in the list shows the following: Source address and mask Destination address and mask Protocol, port, and traffic type specified in the rule
The New, Edit, and Delete buttons allow you to add, edit, and
remove filters.
To create a filter that blocks packets by their origin or source address, check the Source Network box, and supply the IP address and subnet mask for the source you want to block. To create a filter that blocks packets according to their destination address, check the Destination Network box, and fill in the appropriate address and subnet mask. To filter by protocol, choose the protocol you want to block:
Any, which blocks everything TCP TCP (Established) IP UDP ICMP Other, with a fill-in field for a protocol number
Packet filters provide a useful security mechanism for blocking unwanted traffic on particular machines.
Its a good idea to use packet filters to keep non-VPN traffic out of your VPN servers.
You need at least two filters to adequately screen out non-PPTP traffic:
The first filter allows traffic with a protocol ID of 47
the Generic Routing Encapsulation (GRE) protocolto pass to the destination address of the PPTP interface. The second filter allows inbound traffic bound for TCP port 1723 (the PPTP port) to come to the PPTP interface. You can add a third filter if the PPTP server also works as a PPTP client; in that case, the third filter needs the interfaces destination address, a protocol type of TCP (established), and a source port of 1723.
1.
2.
3.
4. 5.
Open the Routing And Remote Access snap-in by selecting Start\ Administrative Tools \Routing And Remote Access. Expand the server and IPv4 nodes to expose the General node of the server on which youre working. Select the General node. Right-click the Local Area Connection interface, and choose Properties. In the General tab of the interfaces Properties dialog box, click the Inbound Filters button. The Inbound Filters dialog box appears. Click the New button, and the Add IP Filter dialog box appears. Fill out the Add IP Filter dialog box as follows:
Check the Destination Network check box. Fill in the destination IP address field with the IP address of the remote VPN interface. (For this exercise, we entered 192.168.1.254. You can use the same.) Enter a destination subnet mask of 255.255.255.255. Select a protocol type of TCP, and then specify a source port of 0 and a destination port of 1723. Click the OK button.
Add another new filter using the same IP address and subnet mask, but this time specify Other in the Protocol field and fill in a protocol number of 47. When youre done, click the OK button to return to the Inbound Filters dialog box.
Click the Drop All Packets Except Those That Meet The Criteria Below radio button And click the OK button.
Four filters are requiredtwo input filters and two output filters:
Two input filters with a destination of the VPN
One with a source and destination port of 500 The second with a source and destination port of 1701
One with a source and destination port of 500 The second with a source and destination port of 1701
1.
2. 3.
Open the Routing And Remote Access snap-in by selecting Start \ Administrative Tools \Routing And Remote Access. Select the server whose status you want to monitor in the left pane of the MMC. Select the Network Interfaces node. Select the General node beneath IPv4.
4.
Notice that the right pane of the MMC now lists all known interfaces along with their status and connection state. Notice that the right pane of the MMC updates to show the IP interfaces, their IP addresses, their administrative and operational states, and whether IP filtering is enabled on each interface. Check the number of IP routes shown.
5.
Right-click the General node, and choose the Show TCP/IP Information command.
6.
Right-click the Static Routes node, and choose the Show IP Routing Table command.
Note that the number of routes listed corresponds to the route count in the TCP/IP Information window and that some of the routes listed are automatically generated.
IP multicasting works by sending to a single IP address a packet that is read by many hosts.
Multicasting uses a special range of IP
Internet Group Management Protocol (IGMP) is used to exchange multicast group membership information between multicast capable routers.
addresses, called the Class D address space, that is reserved exclusively for multicasting.
non-multicast-compatible routers. An IP-in-IP interface actually encapsulates packets with an additional IP header. You create and manage IP-in-IP interfaces in RRAS the same way you configure other interfaces.
Lesson 1
What Are Static and Dynamic Routing? How the IP Protocol Selects a Route Demonstration: Viewing a Routing Table Troubleshooting Routing
networks. Do not exchange information with other routers. Are not fault tolerant.
Discover the IDs of remote networks automatically. Use a routing protocol to exchange information with
Lesson 2
RRAS Routing Roles Routing Protocols Configuration Options for an Interface Information Available for an Interface Demonstration: Configuring RRAS as a LAN Router
Demand-dial
NAT
Allows a RRAS router to perform dynamic routing with other RIP routers.
Allows a RRAS server to relay DHCP request to a DHCPv6 server on a remote network.
Fragmentation checking Specifies whether filtering is performed on packet fragments. Multicast boundaries Multicast heartbeat detection Configures time to live for multicast traffic. Used to confirm that multicast infrastructure is functioning properly.
Interface information
TCP/IP Information
Address Translations IP Addresses IP Routing Table TCP connections UDP listener ports
Use for Configuring Routing and Remote Access as a router, VPN server, dialup server, or RADIUS client. Views and modifies the routing table.
Route
Ping Tracert Pathping Group Policy Management Console
Command prompt
Verifying host availability Command prompt and reachability Use to verify router status on a network path Use to verify router status on a network path Edit group policy objects Create QoS policies Command prompt Command prompt Administrative Tools