Professional Documents
Culture Documents
Install the Routing and Remote Access (RRAS) role in Windows 2008 Server
If you go into the Add Roles Wizard, the RRAS role can be difficult to find because what you
really need to add is the Network Policy and Access Services role then the Routing and
Remote Access Services Role
Installation will take a couple of minutes and present an install summary. Just click Close.
After installing, browse over to the RRAS console from Administrative Tools.
Next Configure Routing and Remote Access by opening the RRAS MMC, right-clicking
the server, and clicking Configure and Enable Routing and Remote Access
The Routing and Remote Access Server Setup Wizard appears
There are several options available to you when configuring remote access:
Remote Access (Dial-Up Or VPN) This option enables remote clients to connect to the
server by using either a dial-up connection or a secure VPN.
Network Address Translation (NAT This option enables internal clients to connect to the
Internet using a single, external IP address.
Virtual Private Network (VPN) Access And NAT This option configures NAT for the
internal network and configures VPN connections.
Secure Connection Between Two Private Networks This option is useful when, for
example, setting up a router-to-router VPN.
Custom Configuration As noted previously, you use this option when none of the service
combinations meet your exact needs.
Types of IP Routing
A router can find best route to the destination by exchanging the routing information. This is
possible only when any kind of IP Routing is enabled on the routers.
Static Routing: uses a route that a network administrator enters into the router
manually.
Dynamic Routing: uses a route that a network routing protocol adjusts automatically
for topology and traffic changes. RIPv2 and OSPF
The dynamic routing protocols RIP and OSPF allow routers to determine paths along which
to send traffic.
RIP
When you enable RIP, you allow Windows Server 2008 to advertise routes to neighbouring
routers and to automatically detect neighbouring routers and remote networks.
RIP is a dynamic routing protocol that routers use to determine the best path to send given
data. Routes to destinations are chosen according to lowest cost.
By default, this cost is determined by the number of hops or routers between endpoints;
however, you can manually adjust the cost of any route as needed.
Importantly, RIP discards routes that are determined to have a cost higher than 15. This
feature effectively limits the size of the network in which RIP can operate. Another important
feature of RIP is that RIP-enabled routers advertise their entire routing tables to each other
every 30 seconds. The service therefore generates a substantial amount of network traffic.
To enable RIP
Now that you have RIPv2 installed, you can configure it. Configuring it is really as easy as
adding the interfaces that you want to use to exchange RIP routes with. To do this, go to the
RIP section, right click, click on New Interface and select the interface you want to add
under RIP.
In the New Interface For RIP Version 2 For Internet Protocol dialog box, select the interface
you want to advertise with RIP. Then click OK.RIP is now enabled on the selected interface.
Configure RIP settings to match those of neighboring routers. The default settings will work
in most environments. You can adjust settings using the four tabs of the RIP Properties
dialog box:
General Select whether RIP v1 or RIP v2 is used and whether authentication is required.
This is where you can define general information about how RIP will operate on your server.
On this tab, Operation Mode refers to how RIP will update its tables. The two choices are
Auto-static Mode and Periodic Update Mode, which is the default. Auto-static Mode means
that an update will be triggered when another router requests an update while Periodic
Update Mode means that the routing table will be updated at a defined interval (defined on
the Advanced tab).
The General tab also provides a place for you to define the incoming and outgoing protocol.
For outgoing packets, you can choose RIP1 broadcast, RIP2 broadcast, RIP2 multicast or
silent RIP. In silent mode, the system only listens for new RIP announcements but does not
make any itself. If your network uses consistent network masks throughout, you can use
RIP1, but I don’t recommend it unless you have devices that can only use RIP1. You can
also specify the route cost for this interface as well as a tag number for the routes on this
interface. Finally, a password can be specified to be used for RIP2 updates as a means of
identification.
Security Choose whether to filter router advertisements. Because a routing protocol could
be used to advertise a route to a malicious computer, RIP could be used as part of a man-in-
the-middle attack. Therefore, you should restrict the advertised routes that will be accepted
whenever possible.
Neighbors Allows you to manually list the neighbors that the computer will communicate
with.
Advanced Configure announcement intervals and time-outs, as well as other infrequently
used settings such as Split horizon and poison reverse, useful in preventing routing loops
Static Routing
You can view the IP routing table by using the Routing And Remote Access console or the
command prompt.
In the Routing And Remote Access console, expand the IP Routing node,
right-click the Static Routes node, and then click Show IP Routing Table.
To view the routing table from the command prompt, type route print and press Enter
To add static routes
2. In the IPv4 Static Route dialog box, select the network interface that will be used to
forward traffic to the remote network.
In the Destination box, type the network ID of the destination network.
In the Network Mask box, type the subnet mask of the destination network.
In the Gateway box, type the IP address of the router that packets for the destination
network should be forwarded to.
Adjust the Metric only if you have multiple paths to the same destination network and want
the computer to prefer one gateway over the others; in this case, configure the preferred
routes with lower metrics.
If a computer needs to use different routers to communicate with different remote networks,
you need to configure static routing. For example, the client computer would have a default
gateway of 192.168.1.1 (because that leads to the Internet, where most IP address
destinations reside). However, an administrator would need to configure a static route for the
192.168.2.0/24 subnet that uses the gateway at 192.168.1.2.
Typically, you would do this configuration using the command-line tool Route.
For the example shown, you could allow it to access the 192.168.2.0/24 network by running
When using the Route Add command, the –p parameter makes a route persistent. If a route
is not persistent, it will be removed the next time you restart the computer.
Run Route Print at the command prompt and verify that the static route has been added.
Exam Tip Know that a router’s IP address must always be on the same subnet as the
computer.
Routing and Remote Access also includes support for demand-dial routing (also known as
dial-on-demand routing). When the router receives a packet, the router can use demand dial
routing to initiate a connection to a remote site. The connection becomes active only when
data is sent to the remote site. The link is disconnected when no data has been sent over
the link for a specified amount of time. Because demand-dial connections for low traffic
situations can use existing dial-up telephone lines instead of leased lines, demand dial
routing can significantly reduce connection costs.
You can configure these interfaces by using the Demand-Dial Interface Wizard when you
initially set up Routing and Remote Access or as an option after the Routing and Remote
Access service has already been configured and enabled.
If you have previously configured and enabled the Routing and Remote Access service
without demand-dial functionality, you must enable this functionality before you create any
demand-dial interfaces.
DHCP Relay Agent is a routing protocol that allows client computers to obtain an address
from a DHCP server on a remote subnet. Typically, DHCP clients broadcast DHCPDiscover
packets that are then received and answered by a DHCP server on the same subnet.
Because routers block broadcasts, DHCP clients and servers must normally be located on
the same physical subnet.
However, two methods can help you work around this limitation. First, if the routers
separating the DHCP server and clients are RFC 1542–compliant, the routers can be
configured for Boot Protocol (BOOTP) forwarding. Through BOOTP forwarding, routers
forward DHCP broadcasts between clients and servers and inform servers of the originating
subnet of the DHCP requests. This process allows DHCP servers to assign addresses to the
remote clients from the appropriate scope.
The second way to allow remote communication between DHCP servers and clients is to
configure a DHCP relay agent on the subnet containing the remote clients. DHCP relay
agents intercept DHCP Discover packets and forward them to a remote DHCP server whose
address has been preconfigured. Although DHCP Relay Agent is configured through Routing
and Remote Access, the computer hosting the agent does not need to be functioning as an
actual router between subnets.
Exam Tip: Expect a topology question about DHCP Relay Agent and RFC 1542–compliant
routers on the exam.
Note: You cannot use the DHCP Relay Agent component on a computer running any of the
following: the DHCP service, the NAT routing protocol component with automatic addressing
enabled, or ICS.
NOTE: DHCP Relay Agent cannot be installed on a server which already is running DHCP
server
This allows relaying DHCP broadcast messages from DHCP clients to DHCP servers on
different IP networks. Right-click the DHCP Relay Agent node and select New Interface...
Verify that the DHCP Interface is configured to Relay DHCP packets
Right the interface and select Properties
This configuration is achieved through the DHCP Relay Agent Properties dialog box.
Enter the IP address of your DHCP server and click Add, then OK to save the settings.
Configure the DHCP Relay Agent to point to the address of at least one remote DHCP
server. (Use more than one DHCP server for fault tolerance.)
You can verify that the DHCP Relay Agent is functioning by using the Routing And Remote
Access console.
To do so, select the DHCP Relay Agent node and view the statistics in the details pane.
The details pane compiles requests received, replies received, requests discarded, and
replies discarded.
If this data reveals that both requests and replies have been received, the DHCP Relay
Agent is functioning.
You want to deploy one DHCP server on your network that consists of two subnets.
What are two methods that will enable you to achieve this task?
You can separate the two subnets with an RFC 1542–compatible router and enable BOOTP
forwarding, or you can configure a DHCP relay agent on the subnet that does not have the
DHCP server.