Windows Management and Scripting

A wealth of tutorials Windows Operating Systems SQL Server and Azure

Posts Tagged ‘CIsco’

Installing an SSH Server in Windows Server 2008

Posted by Alin D on September 29, 2010

There are a number of command line options available to configure Window Server 2008 over the network. For example, Windows Powershell, ServerManager.exe, or a telnet server. However, the tried and true method that has worked so well with just about every type of infrastructure device in use today (including Windows Server 2008, Cisco Routers, Linux servers, and more) is SSH. In this article, learn how to install a SSH Server in Windows Server 2008.

SSH is the secure shell, a standard defined in RFC 4251. It is a network protocol that opens up a secure channel between two devices using TCP port 22. This channel can also be used for SFTP and SCP (secure FTP and secure copy, respectively). To make this work, you need a secure server on the system you are connecting to and a secure client on the client you are connecting from.

Keep in mind that SSH is completely interoperable between different platforms. For example, you could connect to a SSH server on a Cisco router from a Windows client, you could connect to a Linux server from a Cisco router, and you could connect to a Windows 2008 Server from a Linux client.

The only possible compatibility issue is that there are two versions of SSH, SSH version 1 and SSH version 2. You should make sure that the server and client support the same versions so that you know which version you are using when you connect. Usually, this version can be negotiated.

While none of the Windows operating systems come with a SSH Server or Client, they are very easy to install.

By having a SSH Server on your Windows 2008 Server, you can:

Remotely access the command line of your Windows 2008 Server
Control the Server over the network, even if you cannot access the GUI interface
Remotely manage your Windows 2008 Server from any device that has a SSH Client
Do all this over an encrypted connection that could even securely traverse the Internet

SSH Server options available for Windows 2008 Server

There are a number of SSH Server options available for Windows Server 2008. Here are just some of the few that I ran across:

SSH.com – Free non-commercial SSH Server
SSH.com – SSH Tectia Client and Server (commercial)
OpenSSH – see article on how to install openssh server in Vista (applies to Windows Server 2008)
Van Dyke – vShell 3.0 Server (commercial)
Free SSHd
WinSSHd (commercial)
Kpym Telnet/SSH Server
copSSH for Windows (a modified build of OpenSSH)
Sysax Multi-Server (SSH Server) for Windows
Once you have your SSH Server running, you will most likely need a SSH Client for Windows. Here are a couple of the most popular SSH Clients for Windows that I have found:

PuTTY
Van Dyke – SecureCRT (commercial)

Install of FreeSSHd – SSH Server in Windows Server 2008

Because the installation for Free SSHd is so simple as compared to others (especially as compared to OpenSSH in Windows), I have chosen to demonstrate how to install and use Free SSHd. Remember that FreeSSHd is totally free (as the name says) both for personal / non-commercial use but also for commercial use.

To start this process, I downloaded FreeSSHd.exe on my Windows Server 2008 system and ran the downloaded program. The graphical installation began.

I took all the defaults for the installation options and clicked Install to being the install.

When done, I opted not to run SSHd as a service but that may be what you want to do on your production server.

Figure 1: Do you want to run FreeSSHd as a service?

By running FreeSSHd as service, it would be available no matter if you were logged into the console or not. I also chose to create private keys for the SSH server.

Next, I ran the FreeSSHd shortcut on the desktop in order to configure and start the SSH server.

Figure 2: Running the FreeSSH Application

I could see that the SSHd server was already running.

The FreeSSHd application can offer the following:

Both SSH Server and Telnet Server capabilities
Options to run SSHd on only certain interfaces
Multiple methods of authentication, including integrated NTLM authentication to Windows AD
Multiple methods of encryption including AES 128, AES 256, 3DES, Blowfish, and more
Options to bring up a secure tunnel upon connection
Optional Secure FTP (sFTP) – for secure FTP, see the FreeFTPd website
The ability to administer users and restrict access to secure shell, secure tunnel, or secure FTP
Ability to allow access to only certain hosts or subnets
Ability to log all connections and commands performed through FreeSSHd
View currently connected users
Update FreeSSHd automatically
For me to be able to login, I had to do two things:

Add a new user account and allow SSH command line access
Open an exception in my Windows Server 2008 Firewall
To add a new user, I went to the Users tab and clicked Add.

I opted to set up a login for my local Windows administrator account. I set the authorization to NTLM. That way, there was no local password in the FreeSSHd database and if the administrator password changes in the local Windows account database, you don’t have to change the password in the FreeSSHd account database.

I authorized this new administrator SSH user to log in with SSH only.


Figure 3: Adding a SSHd user account with NTLM authorization

Here are the results:

Figure 4: A new SSHd user account added

The second thing I had to do to allow me to login was to open an exception in the Windows Firewall. While I could disable the Windows Firewall completely instead of opening the ports, of course the most secure option is to leave the firewall up and allow for an exception for SSH – TCP port 22.

To do that, I went to Start -> Administrative Tools -> Windows Firewall with Advanced Security.


Figure 5: Opening Windows Firewall with Advanced Security

Next, I clicked on Inbound Rules, then on New Rule.


Figure 6: Adding a new Inbound Rule

Next, I chose to add a Port rule.


Figure 7: Choosing to add a Rule for a Port

I specified TCP port 22 only.


Figure 8: Specifying TCP port 22 only

Take the defaults to Allow the Connection, apply this to All domains, and give the rule a Name of your choice.

Test the Connection

To test the connection, I used SecureCRT from my Windows XP machine to the Windows Server 2008 server, via SSH.

To do this, I connected to the server via the IP address (or domain name). I chose to Accept the server’s certificate and save it.


Figure 9: Connecting via SSH and logging in with your Windows username & password

I logged into the server using the administrator login and password.

And, success! I was able to access the server via SSH!


Figure 10: A successful connection to the Windows 2008 Server via SSH

In Summary
SSH is an excellent tool for Windows Server 2008 administrators to consider for remote server management. In this article, you learned how SSH can help you, the options available for SSH Server and SSH Client installations, and how to install one of those options, FreeSSHd.

Posted in Windows 2008 | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Step by step to configure Exchange 2010 Unified Messaging Server

Posted by Alin D on September 24, 2010

An UM infrastructure is an integration of Microsoft Exchange Server, IP Gateway Conventional PBX and IP-PBX to deliver voicemail, greetings and customer messages to a single outlook client.  Microsoft Exchange Server Unified Messaging (UM) combines voice messaging and e-mail messaging into a single messaging infrastructure. Unified Messaging puts all e-mail and voice messages into one Exchange 2010 mailbox that can be accessed from many different devices. After Unified Messaging servers have been deployed on a network, users can access their messages using Outlook Voice Access, from any telephone, from a mobile phone, or from the computer.

Systems Requirements

Microsoft Certified PBX and IP Gateway

Microsoft Telephony Advisor for Exchange Server

Exchange 2010 pre-requisites

Unified Communication Architecture

image

To install Unified Messaging Server Role on Exchange 2010

  • Log on to the server on which you want to install Exchange 2010
  • Insert the Exchange 2010 DVD into the DVD drive (or browse to your install location). If Setup.exe doesn’t start automatically, navigate to the DVD drive and double-click Setup.exe
  • On the Start page, click Choose Exchange language option. Select Install only languages from the DVD
  • In the Exchange Server 2010 Setup wizard, on the Introduction page, click Next.
  • On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and then click Next.
  • On the Error Reporting page, select Yes, and then click Next.
  • On the Installation Type page, click Custom Exchange Server Installation.
  • On the Server Role Selection page, select the UM server role
  • On the Customer Experience Improvement Program page, choose the appropriate selection for your organization, and then click Next.
  • On the Completion page, click Finish

After you install and configure the Unified Messaging server, You must create the following objects after you successfully install the Unified Messaging server role:

  • Dial Plan objects
  • IP Gateway objects
  • Hunt Group objects
  • Mailbox Policy objects
  • Auto Attendant objects
  • UM Server objects

Once UM server configured. You must configure other UM devices such AudioCodecs IP Gateway, Siemens, Cisco or your preferred PBX, IP-PBX devices to work with Microsoft Exchange Server 2010 UM. Microsoft supported configuration “how to” guides are at the end this articles in PDF format.

How UM use Active Directory and HT server to Transmit Email

The Unified Messaging server role uses Active Directory site membership information to determine which Hub Transport servers are located in the same Active Directory site as the Unified Messaging server. The Unified Messaging server submits messages for routing to a Hub Transport server within the same Active Directory site. The Hub Transport server performs recipient resolution and queries Active Directory to match a telephone number, or another Unified Messaging property, to a recipient account. After the recipient resolution completes, the Hub transport server will deliver the message to the target mailbox in the same way as a regular e-mail message.

To Create UM Dial Plan

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the action pane, click New UM Dial Plan.
  • In the New UM Dial Plan wizard
  • On the Set UM Servers page, click Add, and then, on the Select UM Server page, select the UM server that you want to add to the UM dial plan.
  • On the Completion page, confirm whether the dial plan was successfully created.
  • Click Finish to complete the New UM Dial Plan wizard 1183

    To enable Unified Messaging on an Exchange 2010 server

  • In the console tree, navigate to Server Configuration > Unified Messaging.
  • select the Unified Messaging server, Click on Enter Product Key to enter UM license
  • Once licensed, In the result pane, select the Unified Messaging server to enable.
  • In the action pane, click Enable UM Server 17

    To Create an UM IP Gateway

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM IP Gateways tab.
  • In the action pane, click New UM IP Gateway.
  • In the New UM IP Gateway wizard
  • On the Completion page, confirm whether the UM IP gateway was successfully created.
  • Click Finish to complete the New UM IP Gateway wizard 4567

    To Create an UM Hunt Group

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM IP Gateways tab.
  • In the result pane, select a UM IP gateway.
  • In the action pane, click New UM Hunt Group.
  • In the New UM Hunt Group wizard,view or complete the following fields,  Associated UM IP gateway ,Name  Dial plan   Click the Browse button to select the dial plan that will be associated with the UM hunt group.  Pilot identifier   An extension number or a Session Initiated Protocol (SIP) Uniform Resource Identifier (URI) can be used in this field.
  • On the Completion page, confirm whether the UM hunt group was successfully created
  • Click Finish to complete the New UM Hunt Group wizard. 192021

    To add a UM server to a dial plan

  • In the console tree, click Server Configuration.
  • In the result pane, select the Unified Messaging server.
  • In the action pane, click Properties.
  • On the UM Settings > Associated Dial Plans, click Add.
  • In the Select Dial Plan window, select the dial plan you want to add from the list of available dial plans, and then click OK.
  • Click OK again to accept your changes. 222324
  • To configure the start-up mode
  • In the console root, navigate to Server Configuration > Unified Messaging.
  • In the result pane, click to select the Unified Messaging server you want to set up.
  • In the action pane, click Properties.
  • On the UM Settings tab, in the Startup Mode drop-down list, select one of the following settings: TCP   Use this setting if the UM server is being added to only UM dial plans that are set to Unsecured but won’t be added to dial plans that are set to SIP Secured or Secured. In TCP mode, the UM server will only listen on TCP port 5060 for SIP requests. By default, the UM server will startup in TCP only mode.

    TLS   Use this setting if the UM server is being added to UM dial plans that are set to SIP Secured or Secured but won’t be added to dial plans that are set to Unsecured. In TLS mode, the UM server will only listen on TCP port 5061 for SIP requests.

    Dual   Use this setting if the UM server is being added to UM dial plans that have different security settings. In Dual mode, the UM server can listen on ports 5060 and 5061 simultaneously.

    Click OK.

    To configure number of concurrent voice calls

  • In the console tree, navigate to Server Configuration > Unified Messaging.
  • In the result pane, click to select the Unified Messaging server you want to set up.
  • In the action pane, click Properties.
  • On the UM Settings tab, in the Maximum concurrent calls text box, type the maximum number of concurrent voice calls.
  • Click OK. 22

    To view number of active calls

  • Click Start, click Programs, click Administrative Tools, and then click Performance.
  • In the Performance console, right-click the details pane, and then select Add Counters from the menu. You can also press CTRL+I to open the Add Counters window.
  • In the Add Counters window, in the Performance object list, select MSExchangeUMGeneral.
  • In Select Counters from list, select Current Calls, click Add, and then click Close.
  • In the Performance console, in the details pane, select the Current Calls counter to display the number of current calls.

    To add UM Mailbox

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM Mailbox tab.
  • In the action pane, click New UM Mailbox.
  • In the New UM Mailbox wizard
  • On the Completion page, confirm whether the UM Mailbox was successfully created.
  • Click Finish to complete the New UM Mailbox wizard

    • 89

    10

    To add UM Auto Attendant

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM Auto Attendant tab.
  • In the action pane, click New UM Auto Attendant .
  • In the New UM Auto Attendant wizard
  • On the Completion page, confirm whether the UM Auto Attendant was successfully created.
  • Click Finish to complete the New UM Auto Attendant wizard

    • 11 12

    To verify UM mailbox property

  • In the console tree, navigate to Organization Configuration > Unified Messaging.
  • In the work pane, click the UM Mailbox tab.
  • Right click Newly UM Mailbox.
  • Click on Property

    • 13 14

    15 16

    • Posted in Exchange | Tagged: , , , , , , , , , , , , | Leave a Comment »

    Choose a network troubleshooting methodology

    Posted by Alin D on September 13, 2010

    A decent portion of every network administrator’s job involves troubleshooting. Network problems are as certain as death and taxes—and while you can take steps to prevent issues, sometimes they’re just unavoidable.

    Network problems range in complexity. You could be dealing with one workstation unable to access the network or the entire network going down.

    When you do encounter a network problem, how do you begin troubleshooting? Many admins have never even bothered to thing about it: They don’t have a formal methodology—they just jump right in.

    But there’s something to be said for a formal troubleshooting methodology. For one, it gives you a place to start. And it never hurts to add one more trick to your administrator’s toolkit.

    Let’s look at three common network troubleshooting methodologies. Cisco documents these in its Cisco Internetwork Troubleshooting guidebooks, and you can expect to see questions about them on the CIT 642-831 exam, which is required to achieve CCNP certification.

    OSI model

    The basis of each of these troubleshooting approaches is the seven-layer OSI Reference Model. If you’re unfamiliar with the OSI model or just rusty on the details, here’s a look at the seven layers:

    • Layer 1: Physical
    • Layer 2: Data Link
    • Layer 3: Network
    • Layer 4: Transport
    • Layer 5: Session
    • Layer 6: Presentation
    • Layer 7: Application

    Here’s how the OSI model works: Traffic flows down from the application to the physical layer across the network using the physical medium (for example, an Ethernet cable) to the receiver’s physical layer. It then moves up through the layers to the receiver’s application.

    Once on the receiver’s side, the receiver becomes the sender, and the sender becomes the receiver. The response from the receiver traverses the reverse path and moves back to the original sender.

    So if one of the layers of the OSI model doesn’t work, no traffic will flow. For example, if the data link layer isn’t working, the traffic will never make it from the application layer to the physical layer.

    Bottom-up

    The bottom-up approach is my personal favorite. As the name implies, start at the bottom—Layer 1, the physical layer—and work your way up to the top layer (application).

    The physical layer includes the network cable and the network interface card. So if you encounter a broken or disconnected network cable, there’s probably no need to do anymore troubleshooting.

    You must resolve any physical layer problems before moving on. After fixing the problem, check to see if the trouble still exists. If so, move on to troubleshooting the data link layer.

    For example, an Ethernet LAN has an Ethernet switch, which keeps a table of MAC addresses. If there’s something wrong with that table—such as a duplicate MAC entry—then resolve that problem before looking at anything on the network layer (e.g., an IP address or routing).

    Top-down

    Once again, the name of this methodology implies the approach. With the top-down method, start at the top of the OSI model (i.e., the application layer) and work your way down to the bottom layer (i.e., physical).

    Divide and conquer

    This approach involves a little more intuition. With the divide and conquer method, start at whichever layer you best feel is the root cause of the problem. From there, you can go either up or down through the layers. (Yes, folks, even the “no-method method” has a name.)

    Choosing an approach

    Which approach you decide to use may depend on where you believe the problem lies. For example, if a user is unable to browse the Web and you think most users have a lot of problems with spyware and Internet Explorer settings, then you may want to start with the top-down approach. On the other hand, if the user mentions that he or she just connected a laptop to the network and can’t browse the Web, you might want to use the bottom-up method since there’s a good chance the user has a disconnected cable or similar problem.

    Do you use a troubleshooting methodology when dealing with networking problems? If so, post your approach in this article’s discussion. How important do you think it is to have a troubleshooting methodology?

    Posted in TUTORIALS | Tagged: , , , , , , , | Leave a Comment »

    10 Core Concepts that Every Windows Network Admin Must Know

    Posted by Alin D on September 13, 2010

    Introduction

    I thought that this article might be helpful for Windows Network Admins out there who need some “brush-up tips” as well as those who are interviewing for network admins jobs to come up with a list of 10 networking concepts that every network admin should know.

    So, here is my list of 10 core networking concepts that every Windows Network Admin (or those interviewing for a job as one) must know:

    1.     DNS Lookup

    The domain naming system (DNS) is a cornerstone of every network infrastructure. DNS maps IP addresses to names and names to IP addresses (forward and reverse respectively). Thus, when you go to a web-page like http://www.windowsnetworking.com, without DNS, that name would not be resolved to an IP address and you would not see the web page. Thus, if DNS is not working “nothing is working” for the end users.

    DNS server IP addresses are either manually configured or received via DHCP. If you do an IPCONFIG /ALL in windows, you will see your PC’s DNS server IP addresses.


    Figure 1: DNS Servers shown in IPCONFIG output

    So, you should know what DNS is, how important it is, and how DNS servers must be configured and/or DNS servers must be working for “almost  anything” to work.

    When you perform a ping, you can easily see that the domain name is resolved to an IP (shown in Figure 2).


    Figure 2: DNS name resolved to an IP address

    For more information on DNS servers, see Brian Posey’s article on DNS Servers.

    2.     Ethernet & ARP

    Ethernet is the protocol for your local area network (LAN). You have Ethernet network interface cards (NIC) connected to Ethernet cables, running to Ethernet switches which connect everything together. Without a “link light” on the NIC and the switch, nothing is going to work.

    MAC addresses (or Physical addresses) are unique strings that identify Ethernet devices. ARP (address resolution protocol) is the protocol that maps Ethernet MAC addresses to IP addresses. When you go to open a web page and get a successful DNS lookup, you know the IP address. Your computer will then perform an ARP request on the network to find out what computer (identified by their Ethernet MAC address, shown in Figure 1 as the Physical address) has that IP address.

    3.     IP Addressing and Subnetting

    Every computer on a network must have a unique Layer 3 address called an IP address. IP addresses are 4 numbers separated by 3 periods like 1.1.1.1.

    Most computers receive their IP address, subnet mask, default gateway, and DNS servers from a DHCP server. Of course, to receive that information, your computer must first have network connectivity (a link light on the NIC and switch) and must be configured for DHCP.

    You can see my computer’s IP address in Figure 1 where it says IPv4 Address 10.0.1.107. You can also see that I received it via DHCP where it says DHCP Enabled YES.

    Larger blocks of IP addresses are broken down into smaller blocks of IP addresses and this is called IP subnetting. I am not going to go into how to do it and you do not need to know how to do it from memory either (unless you are sitting for a certification exam) because you can use an IP subnet calculator, downloaded from the Internet, for free.

    4.     Default Gateway

    The default gateway, shown in Figure 3 as 10.0.1.1, is where your computer goes to talk to another computer that is not on your local LAN network. That default gateway is your local router. A default gateway address is not required but if it is not present you would not be able to talk to computers outside your network (unless you are using a proxy server).


    Figure 3: Network Connection Details

    5.     NAT and Private IP Addressing

    Today, almost every local LAN network is using Private IP addressing (based on RFC1918) and then translating those private IPs to public IPs with NAT (network address translation). The private IP addresses always start with 192.168.x.x or 172.16-31.x.x or 10.x.x.x (those are the blocks of private IPs defined in RFC1918).

    In Figure 2, you can see that we are using private IP addresses because the IP starts with “10”. It is my integrated router/wireless/firewall/switch device that is performing NAT and translating my private IP to my public Internet IP that my router was assigned from my ISP.

    6.     Firewalls

    Protecting your network from malicious attackers are firewalls. You have software firewalls on your Windows PC or server and you have hardware firewalls inside your router or dedicated appliances. You can think of firewalls as traffic cops that only allow certain types of traffic in that should be in.

    For more information on Firewalls, checkout our Firewall articles.

    7.     LAN vs WAN

    Your local area network (LAN) is usually contained within your building. It may or may not be just one IP subnet. Your LAN is connected by Ethernet switches and you do not need a router for the LAN to function. So, remember, your LAN is “local”.

    Your wide area network (WAN) is a “big network” that your LAN is attached to. The Internet is a humongous global WAN. However, most large companies have their own private WAN. WANs span multiple cities, states, countries, and continents. WANs are connected by routers.

    8.     Routers

    Routers route traffic between different IP subnets. Router work at Layer 3 of the OSI model. Typically, routers route traffic from the LAN to the WAN but, in larger enterprises or campus environments, routers route traffic between multiple IP subnets on the same large LAN.

    On small home networks, you can have an integrated router that also offers firewall, multi-port switch, and wireless access point.

    For more information on Routers, see Brian Posey’s Network Basics article on Routers.

    9.     Switches

    Switches work at layer 2 of the OSI model and connect all the devices on the LAN. Switches switch frames based on the destination MAC address for that frame. Switches come in all sizes from small home integrated router/switch/firewall/wireless devices, all the way to very large Cisco Catalyst 6500 series switches.

    10. OSI Model encapsulation

    One of the core networking concepts is the OSI Model. This is a theoretical model that defines how the various networking protocols, which work at different layers of the model, work together to accomplish communication across a network (like the Internet).

    Unlike most of the other concepts above, the OSI model isn’t something that network admins use every day. The OSI model is for those seeking certifications like the Cisco CCNA or when taking some of the Microsoft networking certification tests. OR, if you have an over-zealous interviewer who really wants to quiz you.

    To fulfill those wanting to quiz you, here is the OSI model:

    • Application – layer 7 – any application using the network, examples include FTP and your web browser
    • Presentation – layer 6 – how the data sent is presented, examples include JPG graphics, ASCII, and XML
    • Session – layer 5 – for applications that keep track of sessions, examples are applications that use Remote Procedure Calls (RPC) like SQL and Exchange
    • Transport – layer 4 -provides reliable communication over the network to make sure that your data actually “gets there” with TCP being the most common transport layer protocol
    • Network – layer 3 -takes care of addressing on the network that helps to route the packets with IP being the most common network layer protocol. Routers function at Layer 3.
    • Data Link – layer 2 -transfers frames over the network using protocols like Ethernet and PPP. Switches function at layer 2.
    • Physical – layer 1 -controls the actual electrical signals sent over the network and includes cables, hubs, and actual network links.

    At this point, let me stop degrading the value of the OSI model because, even though it is theoretical, it is critical that network admins understand and be able to visualize how every piece of data on the network travels down, then back up this model. And how, at every layer of the OSI model, all the data from the layer above is encapsulated by the layer below with the additional data from that layer. And, in reverse, as the data travels back up the layer, the data is de-encapsulated.

    By understanding this model and how the hardware and software fit together to make a network (like the Internet or your local LAN) work, you can much more efficiently troubleshoot any network. For more information on using the OSI model to troubleshoot a network, see my articles Choose a network troubleshooting methodology and How to use the OSI Model to Troubleshoot Networks.

    Summary

    I can’t stress enough that if you are interviewing for any job in IT, you should be prepared to answer networking questions. Even if you are not interviewing to be a network admin, you never know when they will send a senior network admin to ask you a few quiz questions to test your knowledge. I can tell you first hand, the questions above are going to be the go-to topics for most network admins to ask you about during a job interview. And, if you are already a windows network admin, hopefully this article serves as an excellent overview of the core networking concepts that you should know. While you may not use these every day, knowledge of these concepts is are going to help you troubleshoot networking problems faster.

    Posted in TUTORIALS | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

    Windows Server 2008 IP routing configuration

    Posted by Alin D on August 19, 2010

    Introduction

    With Windows Server 2008, there are a number of changes to networking, routing and remote access. The most notable change is the omission of Open Shortest Path First (OSPF). I find that unfortunate because I think that OSPF is probably the best dynamic routing protocol ever created. Still, I can also partially understand Microsoft’s decision to remove it, as I would venture to guess that 99.9% of Windows Server administrators never used it. So what are we left with?

    With the removal of OSPF, we are left with either 1) static routing or 2) dynamic routing with RIPv2. Let’s find out how each of these works.

    Should you use static or dynamic routing?

    The question of whether you should use static or dynamic routing is really a question of administrative overhead. In the end, the result of your network traffic being routed to the correct network should be the same, no matter which method you choose.

    With static routing, you must make an entry on your Windows Server for every network that will be routed by that server. Thus, for a simple network with a single Windows server, routing traffic between two networks, static routing is a “no brainer.” You could configure it with two simple route add commands.

    On the other hand, on a network where you want the Windows Server 2008 system to route for 25 networks or to exchange routes with a Cisco network that uses RIP, you will want to choose dynamic routing. Obviously, you do not want to have to key in those 25 networks manually, nor can you provide the true dynamic features that RIP provides.

    Speaking of that, what does dynamic routing provide? Let’s list out some features:

    • Ability to add networks automatically by learning them from other RIP routers.
    • Ability to automatically remove routes from the routing table when other RIP neighbors delete them.
    • Ability to select the best route based on routing metrics.
    • Ability to reduce configuration of Windows Server routing systems that have more than a few static routes that need to be added.

    So how do you configure static and dynamic routing in Windows Server 2008?

    Static routing in Windows Server 2008

    Static routing in Windows Server is nothing new. We have been using the route command for years. You can configure static routing in Windows 2008 Server using either the route command or using the GUI. However, if you use the Windows GUI interface, those routes will not be listed in the command line interface (CLI) when you type route print. Thus, I strongly recommend that if you are going to use static routing in Windows 2008, you just use the route command at the Windows command prompt.

    So let’s look at some examples of how you configure static routing using the route command:

    Show the static routing table
    Showing the static routing table is easy. Just use the route print command, as you see in Figure 1 (below):

    Figure 1: Showing the IP Routing table in Windows Server 2008
    Show IP Routing table in Windows Server 2008
    (Click image to enlarge screenshot.)

    In the route print output, the first important thing that you see is the interface list. Windows Server IP interfaces are labeled with an interface number. The interface numbers in Figure 1 are 16, 14, 1, 15, 20 and 12. These interface numbers are used whenever you add or delete routes to the routing table.

    The second important thing is in the route print output IPv4 Route Table. This shows us the network destination, network mask, the default gateway, interface, and metric. This table tells the Windows Server where to route the traffic.

    Below that is the IPv6 routing table. For more information on IPv6, I recommend Brien Posey’s articles Representing an IPv6 address and IPv6 network notation and subnetting, and Mitch Tulloch’s article IPv6 Support in Microsoft Windows.

    Add a static route
    So how do you add a static route at the command line? The answer is easy: Use the route add command like this:

    route add 1.1.1.0 mask 255.255.255.0 10.0.1.1 if 1

    As you see in Figure 2, the result of our route add was an affirmative “OK!”

    Figure 2: Using the route add command in Windows 2008
    Route add command in Windows 2008

    What was important in the route add command was the network we want to add, its subnet, the destination/gateway, and the interface for that route.

    Delete a static route
    Deleting a route is even easier than adding one. All you have to do is tell route delete the network that you want to remove, as you see in Figure 3.

    Figure 3: Using the route delete command in Windows 2008
    Route delete command in Windows 2008

    So those are the basics of configuring static routes at the command line. Now let’s learn about configuring dynamic routing.

    Dynamic routing in Windows Server 2008 using RIPv2

    Earlier in the article, I talked about the benefits of configuring dynamic routing. So now let me show you the steps to configuring RIPv2 in Windows 2008:

    1. The first step is to install the Routing and Remote Access (RRAS) role in Windows 2008 Server. If you go into the Add Roles Wizard, the RRAS role can be difficult to find because what you really need to add is the Network Policy and Access Services role, then the Routing and Remote Access Services Role (as you see in Figure 4 and Figure 5):

    Figure 4: Adding the RRAS Role through the Network Policy and Access Services
    RRAS Role through Network Policy and Access Services
    (Click image to enlarge screenshot.)

    Figure 5: The Win 2008 Role Services are part of the Network Policy and Access Services Role
    Win 2008 Role Services part of the Network Policy and Access Services Role
    (Click image to enlarge screenshot.)

    Once RRAS is installed, you can configure it from the Server Manager application, but I prefer the Routing and Remove Access application.

    1. The second part of this is to Configure Routing and Remote Access by opening the RRAS MMC, right-clicking on the server name, and clicking Configure and Enable Routing and Remote Access, like this:

    Figure 6: Configuring and Enabling RRAS
    Configuring and Enabling RRAS
    (Click image to enlarge screenshot.)

    Make sure that you do a Custom Configuration concerning what RRAS protocol to install. Then, choose to install LAN ROUTING , then choose to start the service.

    From there, you can see the Network Interfaces controlled by RRAS and specific configurations for IPv4 and IPv6.

    At this point, you can expand IPv4, go to General, then to New Routing Protocol (as seen in Figure 7):

    Figure 7: Adding a new Routing Protocol
    Adding a new Routing Protocol in Windows Server 2008
    (Click image to enlarge screenshot.)

    Next, choose to install RIPv2 as your routing protocol:

    Figure 8: Adding RIPv2
    Adding RIPv2 in Windows Server 2008
    (Click image to enlarge screenshot.)

    1. Now that you have RIPv2 installed, you can configure it. Configuring it is really as easy as adding the interfaces that you want to use to exchange RIP routes with. To do this, go to the RIP section, right click, click on New Interface and select the interface you want to add under RIP, as you see in Figure 9:

    Figure 9: Adding a new RIP interface
    Adding a new RIP interface in Windows Server 2008
    (Click image to enlarge screenshot.)

    1. After selecting the interface, you have the option to configure a wide variety of RIP connection properties, as you see in Figure 10. There is more to configuring RIP than I can go into in this article because RIP configuration can be very simple or can become very complex:

    Figure 10: Configuring the new RIP interface
    Configuring the new RIP interface in Windows Server 2008
    (Click image to enlarge screenshot.)

    1. Once you have your RIP interfaces added, you can check to see whether you are sending and receiving responses on your RIP interfaces (you should be). You can also check to see whether you have any RIP neighbors by right-clicking on the RIP protocol, then clicking Show Neighbors.

    Before I conclude this section about RIP in Windows, I want to point you to a couple of excellent resources I used while preparing for this article:

    1. Recently I was watching Ed Liberman’s Train Signal Windows 2008 Network Infrastructure video. In that video, besides explaining routing and the differences between static and dynamic routing, Ed shows, step by step, how to configure RIPv2 in Windows 2008. I found the video very helpful and recommend it to you whether you just want to learn about Win 2008 and routing or whether you are looking to pass Microsoft’s Windows 2008 Network Infrastructure exam (70-642). Here is a screenshot of Ed configuring RIPv2:

    Figure 11: Train Signal’s Windows 2008 Video on how to install and configure RIPv2
    Train Signal's Windows 2008 Video on how to install and configure RIPv2
    (Click image to enlarge screenshot.)

    1. Over at the Petri IT Knowledgebase, I wrote an article on how to configure exchange RIP routes with a Cisco router in Windows 2003, then another article on proving Cisco router exchange route configuration with a Windows server. While not pertaining to Win 2008, the process of configuring RIP on Win 2003 is similar, and the configuration to exchange routes with a Cisco router is very relevant. Summary
      Windows Server 2008 has one solid static routing option and one scalable dynamic routing option: RIPv2. I discussed how OSPF has been removed from Windows 2008 (and how I feel about that). We talked about whether to use static routing or dynamic routing. Finally, I showed you how to configure static routing with the route command and dynamic routing by installing RIPv2 in Windows 2008 Routing and Remote Access.

    Posted in Windows 2008 | Tagged: , , , , , , , , , , , , , , , , , , , | Leave a Comment »