As you've seen, computers use IP addresses to communicate over TCP/IP and are also assigned names to make it easier for people to work with networked computers. Although name resolution can be performed using DNS, WINS, or a combination of both, the preferred technique on Windows Server 2003 domains is DNS.
IP addresses can be static or dynamic. A static IP address is an IP address that is assigned manually and is fixed once it is assigned. A dynamic IP address is assigned automatically at startup by a DHCP server and can change over time. Most of the time, you assign static IP addresses to servers and configure workstations with dynamic IP addresses.
A third type of addressing, Automatic Private IP Addressing (APIPA), is also available. APIPA is used whenever a DHCP server can't be reached at startup or when the current IP address lease expires and cannot be renewed.
Note
Unless an IP address is specifically reserved, DHCP servers assign IP addresses for a specific period of time, known as an IP address lease. If this lease expires and cannot be renewed, then the client is assigned an automatic private IP address.
Before you can configure TCP/IP networking on individual computers, you need the following information:
Domain name The name of the domain in which the computer will be located. This can be a parent or a child domain as discussed previously.
IP address type, value, or both The IP address information to assign to the computer.
Subnet mask The subnet mask for the network to which the computer is attached.
Default gateway address The address of the router that will function as the computer's gateway.
DNS server address The address of the DNS server or servers that provide DNS name resolution services on the network.
WINS server address The address of the WINS server or servers that provide WINS name resolution services on the network.
If you are unsure of any of this information, you should ask the IT staff. In many cases, even if you are an administrator, there is a specific person you must ask for the IP address setup that should be used. Typically, this is your organization's network administrator and it is that person's job to maintain the spreadsheet or database that shows how IP addresses are assigned within the organization.
If no one in your organization has this role yet, this role should be assigned to someone or jointly managed to ensure that IP addresses are assigned following a specific plan. The plan should detail the following information:
The address ranges that are reserved for network equipment and hardware and which individual IP addresses in this range are currently in use
The address ranges that are reserved for DHCP and as such cannot be assigned using a static IP address
The address ranges that are for static IP addresses and which individual IP addresses in this range are currently in use
TCP/IP is installed by default during the installation of the operating system if a network adapter was detected. If no network adapter was available or you elected not to install TCP/IP during installation, you can add TCP/IP by following these steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box shown in Figure 24-6. If Internet Protocol (TCP/IP) isn't shown in the list of installed components, click Install, select Protocol, and then click Add.
In the Select Network Protocol dialog box, click Internet Protocol (TCP/IP), and then click OK.
In the Local Area Connection Properties dialog box, make sure that Internet Protocol (TCP/IP) is selected, and click OK.
TCP/IP is now installed on the computer. Next you must configure TCP/IP to use the correct IP addressing information. The details of this process are discussed in the remaining sections of this chapter.
You can manually assign an IP address to a computer by giving the computer a static IP address. A static IP address is an IP address that is fixed once it is assigned. Check with your organization's network administrator or whoever else is in charge of assigning IP addresses and get a static IP address that you can use.
Before you use any address—even one assigned to you—you should make sure it doesn't conflict with any existing IP address that has been assigned. One way to do this is to open a command prompt and type ping followed by the IP address, such as ping 192.168.1.100. If no current host on the network uses this IP address, the PING command output should be similar to the following:
Pinging 192.168.1.100 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.100: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
You can then use the IP address. On the other hand, if you receive a reply when you ping the IP address, someone on the network is using that IP address. You should then inform the network administrator and obtain a different address.
Note
Pinging an IP address will work as long as all the hosts are up and running on the network at the time you ping the address. More important is to plan the assignment of static addresses to machines on your network carefully.
You can configure IP addressing for a computer with a static IP address by following these steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box shown previously in Figure 24-6.
Open the Internet Protocol (TCP/IP) Properties dialog box, as shown in Figure 24-7, by double-clicking Internet Protocol (TCP/IP).
Click Use The Following IP Address, and then type the IP address you want to use in the IP Address field. If you press Tab, the subnet mask is filled in for you automatically based on the IP address class. As necessary, change the subnet mask to match the sub-net mask in use for the subnet in which the computer is located.
Type the IP address of the network's default gateway or router in the Default Gateway field. The default gateway is responsible for forwarding and routing packets for any nodes that are outside the local subnet, which could include another intranet subnet or the Internet.
Type the IP addresses of the preferred and alternate DNS servers in the fields provided. These IP addresses are needed for domain name resolution.
When you're finished, click OK. If the computer has additional network adapters, repeat this process for those adapters. Be sure to use a unique IP address for each network adapter.
Many organizations use DHCP servers to dynamically assign IP addresses. To receive an IP address, client computers use a limited broadcast to advertise that they need to obtain an IP address. DHCP servers on the network acknowledge the request by offering the client an IP address. The client acknowledges the first offer it receives, and the DHCP server in turn tells the client that it has succeeded in leasing the IP address for a specified amount of time.
The message from the DHCP server can, and typically does, include the IP addresses of the default gateway, the preferred and alternate DNS servers, and the preferred and alternate WINS servers. This means these settings wouldn't need to be manually configured on the client computer.
Tip
DHCP is primarily for clients
Dynamic IP addresses aren't for all hosts on the network, however. Typically, you'll want to assign dynamic IP addresses to workstations and, in some instances, member servers that perform noncritical roles on the network. But if you use dynamic IP addressing for member servers, these servers should have reservations for their IP addresses. For any server that has a critical network role or provides a key service, you'll definitely want to use static IP addresses. Finally, with domain controllers and DHCP servers, you must use static IP addresses, so don't try to assign dynamic IP addresses to these servers.
You configure a computer to use dynamic IP addressing by completing the following steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box.
Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking Internet Protocol (TCP/IP).
Select Obtain An IP Address Automatically, as shown in Figure 24-8. If your DHCP servers are configured to provide the DNS server addresses, select Obtain DNS Server Address Automatically. Otherwise, select Use The Following DNS Server Addresses, and then type a preferred and alternate DNS server address in the fields provided.
When you're finished, click OK. If the computer has additional network adapters, repeat this process for those adapters. Be sure to use a unique IP address for each network adapter.
Computers using DHCP can be assigned an automatic private IP address, which is also referred to as an alternate address. An alternate address is used when a DHCP server can't be reached at startup or when the current IP address lease expires and cannot be renewed. By default, with Windows 2000 and later, the alternate IP address is in the range of 169.254.0.1 to 169.254.255.254 with a subnet mask of 255.255.0.0 and doesn't include default gateway, DNS, or WINS server settings. This means a computer using the alternate IP addressing is essentially isolated on its own network segment.
To ensure that a computer uses a specific IP address when no DHCP server is available, you must specify an alternate configuration manually by completing the following steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box.
Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking Internet Protocol (TCP/IP).
Select the Alternate Configuration tab, as shown in Figure 24-9. As long as you've already configured the adapter to obtain an IP address automatically, this tab is available.
Select User Configured, and then, in the IP Address field, type the alternate IP address you want to use when no DHCP server is available. The IP address should be a private IP address that isn't in use anywhere else at the time the settings are applied. If you press Tab, the subnet mask is filled in for you automatically based on the IP address class. As necessary, change the subnet mask to match the subnet mask for the subnet the computer should use in the alternate configuration.
If you want the computer to be able to communicate with other computers in the alternate configuration, type the default gateway, DNS server, and WINS server addresses as necessary, and then click OK to save the settings.
Inside Out: Disabling APIPA
Whenever DHCP is used, APIPA is enabled by default. If you don't want a computer to use APIPA, you can either assign a static TCP/IP address or disable APIPA. For example, if your network uses routers or your network is connected to the Internet without a NAT or proxy server, you might not want to use APIPA. You can disable APIPA in the Registry.
On Windows 98 or Microsoft Windows Millennium Edition, you disable APIPA by creating the IPAutoconfigurationEnabled as a DWORD value-entry under HKEY_LOCAL_MACHINE SYSTEMCurrentControlSetServicesVxDDHCP and setting the value to 0×0.
On Windows 2000 or later, you can disable APIPA by creating the IPAutoconfigurationEnabled as a DWORD value-entry under HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ServicesTcpipParametersInterfacesAdapterGUID, where AdapterGUID is the globally unique identifier (GUID) for the computer's network adapter. Set the value to 0×0.
If you create the IPAutoconfigurationEnabled as a DWORD value-entry, you can enable APIPA at any time by changing the value to 0×1.
For more information about disabling APIPA, see Microsoft Knowledge Base article 220874.
When you are using static IP addressing on a computer, you might need to configure additional TCP/IP settings using the Advanced TCP/IP Settings dialog box. As Figure 24-10 shows, this dialog box lets you customize four key areas of a computer's TCP/IP configuration:
IP Settings Allows you to configure additional IP addresses and gateways to use
DNS Allows you to optimize the DNS configuration as well as to add and prioritize the order of DNS servers
WINS Allows you to optimize the WINS configuration as well as to add and prioritize the order of WINS servers
Options Allows you to configure advanced options, such as TCP/IP filtering
Using advanced IP settings, you can configure a single network interface on a computer to use multiple IP addresses and multiple gateways. This allows a computer to appear to be several computers and to access multiple logical subnets to route information or to provide internetworking services. In the example shown in Figure 24-10, the computer has the IP address 192.165.1.52 to communicate on the 192.165.1/24 subnet and the IP address 192.168.1.50 to communicate on the 192.168.1/24 subnet. To get to these subnets, the computer must know the gateways to use, which is why one default gateway for each subnet is configured.
You can configure advanced IP settings by completing the following steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box.
Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking Internet Protocol (TCP/IP).
Display the dialog box shown previously in Figure 24-10 by clicking Advanced.
To add an IP address, click Add in the IP Addresses area to display the TCP/IP Address dialog box. After you type the IP address in the IP Address field and the subnet mask in the Subnet Mask field, click Add to return to the Advanced TCP/IP Settings dialog box. Repeat this step for each IP address you want to add.
To add a default gateway, click Add in the Default Gateways area to display the TCP/IP Gateway Address dialog box. Type the gateway address in the Gateway field. By default, Windows Server 2003 automatically assigns a metric to the gateway, which determines in which order the gateway is used. To assign the metric manually, clear the Automatic Metric option, and then enter a metric in the field provided. Click Add, and then repeat this step for each gateway you want to add.
When you are finished, click OK to apply the changes.
The standard DNS settings are designed to work in network environments where there is a primary and an alternate DNS server and these DNS servers are running Microsoft DNS in a standard configuration. If you want to specify additional DNS servers or your network uses custom DNS settings, you might need to configure advanced DNS settings.
You can configure advanced DNS settings by completing the following steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box.
Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking Internet Protocol (TCP/IP).
Click Advanced to display the Advanced TCP/IP Settings dialog box, and then select the DNS tab, as shown in Figure 24-11.
To add a DNS server address, click Add in the DNS Server Addresses area to display the TCP/IP DNS Server dialog box. After you type the DNS server address in the IP Address field, click Add to return to the Advanced TCP/IP Settings dialog box. Repeat this step for each DNS server address you want to add.
DNS servers are used for name resolution according to the priority order you specified. If the first server isn't available to respond to a host name resolution request, the next DNS server on the list is accessed, and so on. To change the position of a server in the list box, click it, and then use the Up or Down arrow button.
The additional DNS options are used as follows:
Append Primary And Connection Specific DNS Suffixes—Ensures unqualified computer names are resolved in the primary domain (and optionally in the connection-specific domain specified under DNS Suffix For This Computer). If the computer name is CP05 and the parent domain is cpandl.com, DNS attempts to resolve the computer name to cp05.cpandl.com. If the FQDN exists, the lookup succeeds. Otherwise, it fails. The parent domain used is the one set in the Network Identification tab of the System Properties dialog box.
Append Parent Suffixes Of The Primary DNS Suffix—Ensures unqualified computer names are resolved using the parent/child domain hierarchy. If a query fails in the immediate parent domain, the suffix for the parent of the parent domain is used to try to resolve the query. This process continues until the top of the organization's domain hierarchy is reached. If the computer name is CP05 and the parent domain is tech.cpandl.com, DNS attempts to resolve the computer name to cp05.tech.cpandl.com. If this fails, DNS attempts to resolve the computer name to cp05.cpandl.com.
Append These DNS Suffixes (In Order)—Ensures unqualified computer names are resolved using only the suffix provided rather than resolving through the parent domain. If you use this option, the primary and connection-specific DNS suffixes are not applied. When selected, you use the Add button to add a domain suffix to the list, the Remove button to remove a domain suffix from the list, and the Edit button to edit a selected entry. When you specify multiple domain suffixes, these suffixes are used in the order specified. To change the order of the domain suffixes, select the suffix, and then use the Up or Down arrow button to change its position.
DNS Suffix For This Connection—Designates a specific DNS suffix for the connection that overrides DNS names already configured for use on this connection. If you type a suffix here, DNS attempts to resolve in the parent domain and then in the DNS suffix domain. For example, if the parent domain is eng.cpandl.com and the suffix domain is tech.cpandl.com, DNS attempts to resolve the computer name CP05 to cp05.eng.cpandl.com first, and then if this fails, it tries cp05.tech.cpandl.com.
Register This Connection's Addresses In DNS—Ensures all IP addresses for this connection are registered in DNS under the computer's FQDN.
Use This Connection's DNS Suffix In DNS Registration—Ensures all IP addresses for this connection are registered in DNS under the parent domain (and if used, the domain specified under DNS Suffix For This Computer).
The standard WINS settings are designed to work in network environments where there is a primary and an alternate WINS server and these WINS servers are running Microsoft WINS in a standard configuration. If you want to specify additional WINS servers or your network uses custom WINS settings, you might need to configure advanced WINS settings.
To configure advanced WINS settings, complete the following steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box.
Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking Internet Protocol (TCP/IP).
Click Advanced to display the Advanced TCP/IP Settings dialog box, and then select the WINS tab, as shown in Figure 24-12.
To add a WINS server address, click Add in the WINS Addresses area to display the TCP/IP WINS Server dialog box. After you type the WINS server address in the IP Address field, click Add to return to the Advanced TCP/IP Settings dialog box. Repeat this step for each WINS server address you want to add.
WINS servers are listed in priority order. If the first server isn't available to respond to a host name resolution request, the next WINS server on the list is accessed, and so on. To change the position of a server in the list, click it, and then use the Up or Down arrow button.
To enable LMHOSTS lookups, select the Enable LMHOSTS Lookup option. If you want the computer to use an existing LMHOSTS file defined somewhere on the network, retrieve this file by clicking the Import LMHOSTS button. In most cases, you use LMHOSTS only when other name resolution methods fail. Because LMHOSTS files are maintained locally on a computer-by-computer basis, you must configure an LMHOSTS file on each computer for which name resolution is failing.
NetBIOS Over TCP/IP services are required for WINS name resolution. You have three configuration options:
If you use DHCP and NetBIOS settings are provided by the DHCP servers, you can get the NetBIOS setting from the DHCP servers. Select Default, Use NetBIOS Setting From The DHCP Server.
If you use static IP addresses or the DHCP servers don't provide NetBIOS settings, select Enable NetBIOS Over TCP/IP.
If WINS and NetBIOS aren't used on the network, select Disable NetBIOS Over TCP/IP. This eliminates the NetBIOS broadcasts that would otherwise be sent by the computer.
Advanced TCP/IP options are primarily used for configuring TCP/IP filtering. TCP/IP filtering provides a very basic way to control IP traffic to and from a computer and is useful when you don't want to use IP Security or the built-in Internet Connection Firewall. TCP/IP filtering is a global option and applies to all network interfaces configured on a computer.
To configure TCP/IP filtering, complete the following steps:
In Control Panel, access Network Connections, and then select or double-click the connection you want to work with. A connection called Local Area Connection is created automatically when you install a computer.
In the Status dialog box, click Properties. This displays the Properties dialog box.
Open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking Internet Protocol (TCP/IP).
Click Advanced to display the Advanced TCP/IP Settings dialog box, and then select the Options tab.
In the Options tab, select TCP/IP Filtering, and then click Properties. This displays the TCP/IP Filtering dialog box, as shown in Figure 24-13.
If you want to configure TCP/IP filtering, select Enable TCP/IP Filtering, and then configure traffic for TCP ports, User Datagram Protocol (UDP) ports, and IP protocols to permit all or permit only those ports or protocols you've specifically listed.
