Net+ Chapter 1 - Cisco Networking Academy

advertisement
SYSTEM ADMINISTRATION
Chapter 12
Remote Access Protocols,
Services, and Troubleshooting
Understanding Remote Access
• Remote access is the process of gaining access to
some type of network remotely, or from a distant
location.
• Once the user is authenticated, he or she may or
may not be required to log on a second time through
the appropriate network client, i.e., the Novell Client
for NetWare Networks or the Microsoft Client for
Microsoft Networks.
• Once users are authenticated, they have access to
network resources, just like any other network client.
• When using remote access, there are two
components to consider: the remote access server
and the remote access client.
Remote Access Server (RAS)
• Almost all major manufacturers of networking
operating systems, such as Microsoft and Novell,
make a remote access component that can be
installed on their servers.
• Once it is installed and configured, remote access
clients have the ability to connect to the server and
then access the network.
RAS Installation
• When you install the Routing and Remote Access
Service (RRAS) on a Windows 2000 server, you
enable support for both multiprotocol routing and
remote access.
• The multiprotocol routing component enables the
server to act as a static router, making routing
decisions for the AppleTalk, IPX, and IP protocols,
through manually configured routing tables.
RAS Configuration
• Once the advanced RRAS service has been
successfully completed, you have the option of
making changes to the server’s configuration.
Security
• The Security screen determines the type of
authentication that will be provided for dial-up clients.
• You can also choose the authentication method that you
want to use. Some examples are:
– Extensible Authentication Protocol (EAP)
– Microsoft Encrypted Authentication version 2 (MSCHAP v2)
– Microsoft Encrypted Authentication (MS-CHAP)
– Encrypted authentication (CHAP)
– Shiva Password Authentication Protocol (SPAP)
– Unencrypted password (PAP)
• You may also choose to allow clients to connect without
authentication.
• The exact authentication method you choose will be
determined the type of client that is connecting, the
protocols used, etc.
IP
• The IP property sheet allows you to enable IP
routing along with several other IP-based options.
PPP
• At the PPP screen, you can enable an RRAS server to
support the Point-to-Point Protocol (PPP), and set
several other options.
• Multilink allows you to connect multiple adapters to
multiple lines in order to take advantage of the
bandwidth of more than one line. If you want to use
multilink over a dial-up connection, the following rules
apply:
– The ISP you are dialing into must support the
synchronization of multiple modems.
– You will need to install multiple modems
– You will need to plug a separate phone line into each
modem.
• An exception to this rule is ISDN. One ISDN adapter can
act as more than one device because ISDN includes two
56-Kbps B channels.
(continued)
PPP
(continued)
• Each of these channels can be used independently of
the other, essentially creating two separate physical
devices.
• A multilink connection can be used to combine multiple
ISDN B channels of a basic rate interface (BRI)
connection.
• You may also select to use Bandwidth Allocation
Protocol (BAP) and Bandwidth Allocation Control
Protocol (BACP) to allow for dynamic control of the
multilink bandwidth.
– Both BAP and BACP are able to adapt to changing
bandwidth conditions. BAP provides all of the
parameters necessary to allow the client and server
to negotiate when using multilink.
Event Logging
• The Event Logging Properties dialog box allows you
to determine whether or not errors and warnings
should be logged and the amount of information that
is logged by each.
• You can also enable or disable the logging of PPP
events.
Remote Access Client
• From a hardware point of view, the client must have
a modem installed and the modem must be
connected to a phone line.
• Once these physical requirements are met, a dial-up
connection is established using system-supplied
software.
• Your dial-up connection has a number of properties
that can be changed to help connect to an RRAS
server.
(continued)
Remote Access Client
(continued)
Examples include:
– General
• Allows you to change the area code or phone
number that is being dialed.
– Options
• Can be used to change dialing and redialing
options.
– Security
• Used to set security validation options, such as
using an unsecure versus a secure password for
logon.
(continued)
Remote Access Client
(continued)
– Networking
• Displays the networking components, such as
clients, protocols, and services, that are being
used to make the connection to the RRAS server.
– Sharing
• Allows you to enable and disable Internet
connection sharing.
Serial Line Internet Protocol
(SLIP)
• For the RRAS server and client to communicate with
each other, they must use a protocol.
• SLIP is a TCP/IP-based protocol that allows the
client and server to talk with each other.
• SLIP connections are now an older technology with
many limitations.
• SLIP is being replaced by a newer technology, the
Point-to-Point Protocol (PPP).
Point-to-Point Protocol (PPP)
• Point-to-Point Protocol (PPP) is also a serialcommunications based protocol that allows a dial-up
client to access an RRAS server.
• PPP provides error-checking features that SLIP
does not, and it has the ability to share a data line.
• PPP can handle synchronous and asynchronous
communications.
(continued)
Point-to-Point Protocol (PPP)
(continued)
• PPP has the added advantage of allowing you to
use more than one protocol. While SLIP can only
transport TCP/IP traffic, PPP can transport TCP/IP,
IPX/SPX, and even AppleTalk traffic.
• All of these protocols can be transported at the
same time using PPP’s multiprotocol transport
mechanism.
• PPP also provides additional security through the
use of both Password Authentication Protocol (PAP)
and Challenge-Handshake Authentication Protocol
(CHAP).
Point to Point Tunneling
Protocol (PPTP)
• The Point-to-Point Tunneling Protocol (PPTP) was
designed as a more secure way of transmitting
messages across the Internet.
• PPTP is commonly used to create virtual private
networks (VPNs).
Independent Computing
Architecture (ICA) Protocol
• Independent Computing Architecture (ICA) is a
Presentation layer protocol that allows any Microsoft
Windows client to act as a thin client.
• That means that the client computer, even though it has
a hard drive and its own processing power, connects to a
central server, which actually runs the application.
• All keystrokes and mouse movements and strokes on
the client are transmitted to the server, where they are
executed.
• The server responds by sending screen updates back to
the client computer. These screen updates are displayed
in one or more windows on the client PC.
Troubleshooting RAS Problems
• The important thing to remember about the RAS
environment is that standard networking rules apply.
• This means that the client computers must have
some type of network adapter, in this case a
modem.
• The client computer must be running the appropriate
client software and network protocol.
Troubleshooting Authentication
Failure
• When an authentication failure occurs, always ensure
you are typing the correct user name and password.
• Although user names are generally not case sensitive,
passwords are, so make sure the Caps Lock key is not
engaged and try again.
• If you are still unable to authenticate, check with the
server administrator to make sure your account has not
been locked out or changed in any way.
• Have the administrator reset the password and try again.
• Another area to check is the type of security and
protocols that are being used.
• The client and the server must be able to speak the
same language in order to authenticate your request to
logon to the server.
• Make sure you have physical connectivity to the server.
Troubleshooting Protocol
Configuration
• Since one of the primary uses of RRAS is to enable
Internet connectivity, all RRAS servers will generally
use the TCP/IP protocol.
• Therefore, the TCP/IP protocol must be installed on
the client computer.
• You may or may not be required to manually
configure your TCP/IP addressing parameters. If
you are, the standard rules concerning address
class, subnet mask, etc., must be followed.
• The information must be entered correctly into the
correct boxes and all settings, to include DNS
servers, must be assigned.
(continued)
Troubleshooting Protocol
Configuration (continued)
• In cases where you are required to statically or manually
assign IP addressing information, your ISP should
provide you with written instructions.
• Today, most ISPs will assign IP addresses to client
computers dynamically. That means that when you log
on to the RRAS server, the server will pass all of the
addressing parameters to the client.
• The client must still have the TCP/IP protocol installed
and it must be configured to automatically accept IP
addressing.
• You may also be required to configure the client software
on the computer to designate if the computer belongs to
a Windows domain or workgroup.
Troubleshooting Physical
Connectivity
• If your dial-up connection was working correctly and
suddenly stopped, begin by conducting some simple
checks of the modem and phone line.
• Although features vary from brand to brand and
model to model, most modems contain one or more
lights that will give you an idea whether the problem
is with the modem, the telephone line, or the
computer.
(continued)
Troubleshooting Physical
Connectivity (continued)
• Some of the status lights that are common on most
modems include:
– Activity
– TX and RX
• If the lights are not lit, check the Device Manager
utility to ensure the network card is configured
correctly.
• Check the status of the adapter to ensure it is
functioning correctly.
• Finally, check the telephone wiring at your home or
office.
Download