What Change Will You Need to Make to Support CIDR?

1. You are the network administrator for a rapidly growing company. Your network currently has a single domain with three domain controllers. Two of the domain controllers are in the corporate site. The other is in a branch office site. The offices are connected through a leased line routed using Routing Information Protocol version 1 (RIP v1). The domain controllers are all running Microsoft Windows Server 2003 and are configured as Domain Name System (DNS) servers. The zone is an Active Directory-Integrated zone. Addresses are currently assigned through Dynamic Host Configuration Protocol (DHCP).

When the company's network was first designed, it could be supported by a single class C address, subnetted into two subnets. Now you have run out of addresses at the corporate office. Your manager has suggested you use Classless Interdomain Routing (CIDR) to supernet several class C addresses.

What change will you need to make to support CIDR?

Assign static addresses to each computer.

Change the routing protocol to RIP v2.

Create separate primary zones for each site.

Integrate all domain controllers into a single site.

Explanation: B

RIP v1 does not support CIDR or variable-length subnet masks (VLSM). Therefore, you will need to upgrade the routing protocol to RIP v2.

CIDR addresses can be assigned with DHCP, so you will not need to change the way you assign addresses.

DNS can resolve CIDR addresses using an Active Directory-Integrated zone, so you will not need to change the DNS configuration to primary zones.

Domain controllers can be located in different sites even if CIDR is used in one of them. Therefore, you will not need to integrate all domain controllers into a single site.

2. You are the administrator for a network that includes three subnets. A diagram of the network is shown in the exhibit. The network is configured as a single Active Directory domain. DC1 and DC2 are both domain controllers running Microsoft Windows Server 2003 and the Domain Name System (DNS) service. The forward lookup zone is configured as an Active Directory-integrated zone.

Client computers receive their IP configuration from the Network Address Translation (NAT) server in Subnet C. The alternate IP configuration is set to statically define an IP address from the appropriate subnet, the default gateway address, and the DNS server address. Both routers are running Windows Server 2003 Routing and Remote Access service and both are configured as Dynamic Host Configuration Protocol (DHCP) Relay agents.

Clients in Subnet A complain that access to Web sites on the Internet is very slow and that they receive a number of errors when accessing several sites on the Internet. The problem is especially bad at certain times of day.

You need to determine whether the performance problem is related to a problem on the internal network, the ISP, or somewhere on the Internet.

What should you do?

From a computer in Subnet A, use tracert to try to reach one of the hosts that returns errors.

Use Network Monitor to capture network traffic on the NAT server.

Use Netstat to view TCP/IP statistics on the NAT server.

From a computer in Subnet A, use pathping to try to reach one of the hosts that returns errors.

Explanation: D

The problem is intermittent and is most likely caused by congestion somewhere along the path between the hosts in Subnet A and the hosts on the Internet. The pathping command returns information about the path taken to access a resource and any delays along that path. Therefore, it is the most appropriate tool for determining whether the congestion is on the internal network, at the ISP, or somewhere on the Internet.

The tracert command will report any problems with a router being down, but it is not useful for analyzing delays caused by congestion.

Capturing network traffic on the NAT server will provide you with detailed information about the types of packets being handled by the NAT server, but it will not allow you to determine which device is congested.

Using Netstat on the NAT server will give you information about the sessions currently active on the NAT server, but it will not allow you to pinpoint the location of the congestion.

3. You are a network administrator for your company's network. The campus network is configured as an Active Directory domain with three subnets, as shown in the exhibit.

All network servers run Microsoft Windows Server 2003. Router1 and Router2 both run Windows Server 2003 and are configured as routers through Routing and Remote Access (RRAS). All clients run Windows 2000 Professional or Windows XP Professional.

Users in the North subnet complain of intermittent problems communicating with the file server named SecFS. There does not appear to be any pattern as to when the problem occurs. The problem occurs on multiple clients.

You need to start troubleshooting the problem. What should you do first?

Run Network Monitor on Router1.

Run the tracert secfs command on a workstation contained in the North subnet.

Run the route command on Router2.

Run the pathping secfs command on a workstation contained in the North subnet.

Run Network Monitor on Router2.

Run the route command on Router1.

Explanation: A

Of the options given, the best starting point is to run Network Monitor on Router1 to capture network traffic. Because clients in the North subnet are experiencing the intermittent problem, and not the Home subnet, the problem is most likely related somehow to either traffic in that subnet or the directly connected router, Router1. Network Monitor gives you the option of capturing traffic over a period of time. You can then go back and analyze the traffic and other network statistics (such as corrupted packets and collisions) to see if you can find any clues to the problem. The intermittent nature of the problem means that you should try to start by capturing activity over time, because this gives you a better chance of documenting the failure.

The Network Monitor version that ships with Windows Server 2003 captures only traffic coming to or from the computer on which it is running. If you run Network Monitor on Router2, it is unlikely that you would capture traffic related to the problem because clients on the subnets connected directly to that router are not reporting any problems.

The route command lets you view and manage a computer's routing table. It could be used, for example, to configure static routes or correct corrupted routing table information. The intermittent symptoms reported by the users do not indicate a problem with the routing table.

Tracert and pathping let you test connectivity, track traffic, and generate limited traffic statistics, but they are not the best choice as a place to start for this problem. The intermittent nature of the problem makes it less likely that these utilities could provide useful information. The problem would have to occur while the utility was running, and even then, very little information beyond success or failure and the time required is reported.

4. You are the network administrator for a small law firm. The law firm is implemented as a workgroup. A computer running Microsoft Windows Server 2003 connects the client computers to the Internet using Network Address Translation (NAT).

An attorney complains that he receives an error when attempting to connect to www.contoso.com through his browser. He says he was able to connect to it yesterday, but is unable to connect to it today. You attempt to connect to www.contoso.com from your computer and are successful.

You connect to his computer using Remote Desktop and ping www.contoso.com. You are unsuccessful. You attempt to access other Web sites and are successful. You run ipconfig and receive the following configuration information:

IP Address: 192.168.0.88

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.0.1

DHCP Server: 192.168.0.1

DNS Server: 192.168.0.1

What should you do?

Delete the cached Web pages from the computer running NAT.

Repair the network connection on his computer.

Run ipconfig /flushdns on the computer running NAT.

Run ipconfig /flushdns on his computer.

Explanation: D

You have verified that the problem is not with the server the user is trying to reach or the Domain Name System (DNS) configuration on the Internet. You have also verified that the user's network connection is configured correctly and that he can connect to other resources on the Internet. Therefore, the problem is most likely that the name resolution information for the Web site has been cached on his computer, but that information has changed since he last accessed the site. To remove the entry from the cache, you need to run ipconfig /flushdns on his computer.

Running ipconfig /flushdns on the NAT server will not solve the problem. You know that the NAT server is resolving addresses correctly because you were able to connect to the Web site.

NAT does not cache Web pages. Also, the problem is not that the user is receiving an out-of-date version of the Web page. The problem is that he is not able to connect at all.

The network connection on the user's computer is working properly. Otherwise, you would not be able to access other Web sites from his computer.

5. You are a network administrator for your company. The network is configured as two subnets, as shown in the exhibit. Host addresses .1 through .10 are used for static IP addresses on each subnet.

The network was originally configured with a single Dynamic Host Configuration Protocol (DHCP) server named DHCP1. You add a second DHCP server named DHCP2.

You want to configure the DHCP servers to make best use of available host addresses, optimize client address assignments, and minimize the network traffic relating to client address assignments.

What DHCP scope assignments should you use? (Each correct answer presents part of the solution. Choose two.)

DHCP2

Start address: 192.168.1.11

End address: 192.168.1.200

Start address 192.168.2.201

End address 192.168.2.254

DHCP2

Start address: 192.168.1.201

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.200

DHCP1

Start address: 192.168.1.11

End address: 192.168.1.200

Start address 192.168.2.201

End address 192.168.2.254

DHCP2

Start address: 192.168.1.11

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.254

DHCP1

Start address: 192.168.1.201

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.200

DHCP1

Start address: 192.168.1.11

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.254

Explanation: 2nd and 3rd answers

The best configuration is to use the following scope assignments:

DHCP1

Start address: 192.168.1.11

End address: 192.168.1.200

Start address 192.168.2.201

End address 192.168.2.254

DHCP2

Start address: 192.168.1.201

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.200

When configuring multiple DHCP servers with multiple scopes, Microsoft recommends configuring approximately 80% of the host addresses on the local DHCP server and 20% of the host addresses on the remote DHCP server for fault tolerance. Clients are most likely to lease an IP address from the local DHCP server, improving performance and minimizing traffic.

The following scope assignments are directly opposite the configuration you would want:

DHCP1

Start address: 192.168.1.201

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.200

DHCP2

Start address: 192.168.1.11

End address: 192.168.1.200

Start address 192.168.2.201

End address 192.168.2.254

These scope assignments put 80% of the host addresses on the remote DHCP server, increasing the traffic required for address assignment and potentially reducing performance.

The following scope assignments result in overlapping addresses, which could result in duplicate address assignments:

DHCP1

Start address: 192.168.1.11

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.254

DHCP2

Start address: 192.168.1.11

End address: 192.168.1.254

Start address 192.168.2.11

End address 192.168.2.254

In addition, combinations other than those previously shown would result in duplicate addresses.

6. You are the administrator for your company's network. The network contains a Domain Name System (DNS) server with a static IP address. The network is configured as a single TCP/IP subnet. The network uses a computer running Microsoft Windows Server 2003 Routing and Remote Access (RRAS) Network Address Translation (NAT) to enable users to connect to the Internet. NAT is configured with Dynamic Host Configuration Protocol (DHCP) Allocator enabled.

One user complains that he is unable to connect to the Internet or the company's network. When questioned, he admits that he reconfigured his laptop so that he could connect to the Internet from home. The user's laptop is running Windows XP Professional.

You run ipconfig on the user's computer and find the IP address is configured as 131.107.0.12 with a subnet mask of 255.255.0.0. When you examine the network adapter's properties, you see that the IP address is set manually, but the DNS configuration is set to obtain the DNS Server address automatically.

You must correct the user's problem while still allowing him to access the Internet from home. What should you do? (Choose all that apply.)

Configure 131.107.0.12 as the alternate configuration.

Install and configure a DHCP server.

Change the configuration to obtain the IP address automatically.

Change the IP address to 169.254.0.0.

Configure the DNS server address manually.

Change the subnet mask to 255.255.255.0.

Explanation: A & C

When you are using NAT, computers must be assigned a private address. The user's computer was assigned a public address statically. The best way to solve the problem is to allow NAT to assign the correct address dynamically.

By configuring the alternate configuration with the static address for the user's personal Internet service provider (ISP), you can allow him to connect to the Internet from home. The alternate configuration is used when a DHCP server cannot be contacted. By default, the alternate configuration is configured to use Automatic Private IP Addressing (APIPA), but it can be modified to provide a static IP address assignment. In this scenario, setting the user's alternate configuration to the address settings provided by his ISP will allow him to connect to the Internet when he is not able to contact the company's DHCP server.

You should not change the IP address to an APIPA address. These are used as the alternate configuration by default and should not be assigned by NAT.

You should not configure the DNS server address manually. The NAT server will act as a DNS proxy.