Goals
This presentation is the property of its rightful owner.
Sponsored Links
1 / 34

Goals PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on
  • Presentation posted in: General

Goals. Design the DHCP infrastructure Design the remote access infrastructure Design remote access policies. (Skill 1). Designing the DHCP Infrastructure. Dynamic Host Configuration Protocol (DHCP) A simple, but critical, service Functionality

Download Presentation

Goals

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Goals

Goals

  • Design the DHCP infrastructure

  • Design the remote access infrastructure

  • Design remote access policies


Goals

(Skill 1)

Designing the DHCP Infrastructure

  • Dynamic Host Configuration Protocol (DHCP)

    • A simple, but critical, service

    • Functionality

      • Provides IP addressing information to client computers

      • Records the addresses leased

      • Can also be configured to notify DNS of address leases to update and maintain a Dynamic DNS (DDNS) zone


Goals

(Skill 1)

Designing the DHCP Infrastructure (4)

  • Number of subnets supported in the design

    • Helps determine how many scopes are required

    • Identifies how many addresses will be provided via DHCP

    • Indicates how many superscopes are required

    • Identifies the exclusions and reservations that will be required


Goals

(Skill 1)

Designing the DHCP Infrastructure (5)

  • RFC 1542 compliance in routers

    • To be RFC 1542-compliant, routers themselves must be capable of acting as Bootstrap Protocol (BOOTP) relay agents

    • Determines whether you require any DHCP relay agents to create a centralized DHCP design

  • Number of scopes required

    • Typically determined once you examine the subnet model


Goals

(Skill 1)

Designing the DHCP Infrastructure (6)

  • Number of superscopes required

    • A superscope is a way of combining more than one non-contiguous IP address range into a single scope

    • Superscopes are only required when you need multiple non-contiguous subnets to be leased to a single physical subnet


Goals

(Skill 1)

Designing the DHCP Infrastructure (7)

  • Reservations and exclusions

    • Reservations are typically used when you do not want to manually configure each client, but you want a specific group of clients to always have the same IP address

    • Exclusions are addresses that will never be handed out by the DHCP server


Goals

(Skill 1)

Designing the DHCP Infrastructure (8)

  • Presence of other DHCP servers/Active Directory integration

    • Active Directory server authorization

      • Windows Server 2003 and Windows 2000 Server require DCHP servers to be authorized in Active Directory before starting, which is a mechanism to disable rogue DHCP servers

      • Windows NT, Unix, and NetWare DHCP servers, as well as client systems with Internet Connection Sharing enabled, do not have this feature

      • It is important to know where the other devices are on the network that may potentially function as a DHCP and make sure that they are not configured to offer IP addresses


Goals

(Skill 1)

Designing the DHCP Infrastructure (9)

  • Redundancy requirements

    • Generally want at least two DHCP servers hosting each scope

    • Servers do not have to be solely dedicated to DHCP

    • DHCP can be installed on file servers, print servers, and even domain controllers


Goals

(Skill 1)

Designing the DHCP Infrastructure (10)

  • Two basic types of DHCP infrastructure designs

    • Centralized

    • Decentralized


Goals

(Skill 1)

Designing the DHCP Infrastructure (11)

  • Centralized design

    • Place two or more DHCP servers in a central hub location and enable BOOTP forwarding on routers for remote DHCP-enabled subnets

      • Typically easier to administer and less costly

      • May make meeting redundancy requirements difficult


Goals

(Skill 1)

Designing the DHCP Infrastructure (12)

  • Decentralized design

    • Place a DHCP server on each DHCP-enabled subnet, with a backup copy of each different scope on an adjacent server

      • Requires more administrative resources

      • Requires more server resources

      • Makes achieving redundancy much easier


Goals

(Skill 1)

Figure 5-4 Reservations and exclusions


Goals

(Skill 1)

Figure 5-5 Decentralized DHCP model


Goals

(Skill 1)

Figure 5-6 Centralized DHCP model


Goals

(Skill 2)

Designing the Remote Access Infrastructure

  • Remote access infrastructure design considerations

    • Type of remote access (dial-up or VPN) required

    • How many concurrent users must be supported

    • Availability requirements


Goals

(Skill 2)

Designing the Remote Access Infrastructure (2)

  • Type of remote access (dial-up or VPN) required

    • Determines the physical considerations of the design

    • Dial-up (POTS or ISDN) must ensure there are enough incoming lines

    • VPN

      • Ensure you have adequate Internet bandwidth

      • Ensure the encryption load can be supported


Goals

(Skill 2)

Designing the Remote Access Infrastructure (3)

  • Availability requirements

    • Determines the number of RAS servers required

    • Determines the configuration of RAS servers

      • If using VPNs, can use network load balancing (NLB) for maximal availability

      • If using dial-up, specialized hardware to distribute connections is typically required


Goals

(Skill 2)

Designing the Remote Access Infrastructure (4)

  • Hardware requirements

    • RAS is a fairly low-impact service

    • Network connectivity for RAS server is biggest consideration

    • When using VPNs, make sure server’s processing capability can support the encryption requirements of the connections


Goals

(Skill 2)

Designing the Remote Access Infrastructure (5)

  • Server placement

    • Place RAS server and RAS connectivity as near as possible to the network resources that remote users will most commonly access

    • Placement of servers vis-à-vis the firewall is very important


Goals

(Skill 2)

Designing the Remote Access Infrastructure (6)

  • Authentication, authorization, and accounting (AAA)

    • RADIUS is generally a better choice than Windows Accounting

    • Provides centralization of remote access policies and accounting information


Goals

(Skill 2)

Designing the Remote Access Infrastructure (7)

  • Auditing and logging options

    • Enable Internet Authentication Service (IAS) logging to keep a running list of connections made to RAS server

    • Enable logging of accounting and authentication requests

    • Audit successful and failed account logon events


Goals

(Skill 2)

Figure 5-10 Placement of a VPN server


Goals

(Skill 3)

Designing Remote Access Policies (2)

  • Remote access policy conditions

    • Used to match a specific policy to a given user

    • Available condition components

      • Authentication-Type: Matches users based on the type of authentication protocol they are using

      • Called-Station-ID: Matches users based on the phone number they dialed

      • Calling-Station-ID: Matches users based on the phone number from which they are calling


Goals

(Skill 3)

Designing Remote Access Policies (3)

  • Available condition components

    • Client-Friendly-Name: Defines the friendly name of the RADIUS client that is requesting use of the RADIUS server

    • Client-IP-Address: Matches the IP address of RADIUS client that is requesting access

    • Client-Vendor: Matches the vendor of the RADIUS client

    • Day-and-Time-Restrictions: Matches the user based on the day and time they attempt to connect


Goals

(Skill 3)

Designing Remote Access Policies (6)

  • Remote access policy permissions

    • Used to control access

    • Set to allow or deny access

  • Remote access policy profile

    • Used to restrict which remote access settings are supported

    • Settings are defined in the Edit Dial-in Profile dialog box


Goals

(Skill 3)

Designing Remote Access Policies (7)

  • Tabs in the Edit Dial-in Profile dialog box

    • Dial-in Constraints tab: Used to define any needed restrictions for the dial-in properties of the policy

    • IP tab: Used to define the IP properties associated with the connections to which this profile applies

    • Multilink tab: Used to define the setting applied to multilink connections for this policy


Goals

(Skill 3)

Designing Remote Access Policies (8)

  • Tabs in the Edit Dial-in Profile dialog box

    • Authentication tab: Used to define the authentication methods allowed by this policy

    • Encryption tab: Used to define MPPE encryption levels for the connection

    • Advanced tab: Used to define special settings to be returned from RADIUS servers to RADIUS clients


Goals

(Skill 3)

Figure 5-11 Components of a remote access policy


Goals

(Skill 3)

Figure 5-12 Dial-in Constraints tab


Goals

(Skill 3)

Figure 5-13 IP tab


Goals

(Skill 3)

Figure 5-14 Multilink tab


Goals

(Skill 3)

Figure 5-15 Authentication tab


Goals

(Skill 3)

Figure 5-16 Encryption tab


Goals

(Skill 3)

Figure 5-17 Advanced tab


  • Login