Sunday, July 3, 2011

70-640 Notes



70-640 Notes

Chapter 1 Intro to Active Directory

No two objects can have the same distinguished name
cn=tom,ou=revere,dc=bigdeal,dc=com

Relative distinguished name is the most granular part of the distinguished name. 2 objects can have the same as long as their containers are different.
cn=revere,ou=ma,c=us
cn=revere,ou=nh,c=us

The UPN is a shortcut name for the user that can be the same
as a logon name or email address.

You cannot upgrade from Windeows NT directly to 2008

Canonical Name is the reverse order of a DN
bigdeal.com/marketing/toml
Flat namespace = bigdeal
hierarchical namespace = www.sales.bigdeal.com



The two types of namespaces are contiguous and disjointed. They are defined as
follows:
¦ Contiguous: The name of child objects in the hierarchy contains the name of
the parent object; for example, the relationship between domains within the
same tree.
¦ Disjointed: The name of a child object in the hierarchy does not contain the
name of the parent object; for example, the relationship between different
trees in the same forest.

The schema is a set of rules that define the classes of objects and their attributes
that can be created in Active Directory. It defines what attributes can be held by
objects of various types, which of the various classes can exist, and what object class
can be a parent of the current object class. For example, the User class can contain
user account objects and possess attributes such as password, group membership,
home folder, and so on.

The global catalog is a central information database that can hold data describing
objects throughout the Active Directory forest namespace. Active Directory builds
up the global catalog by replicating information between all domain controllers in
the forest.As well as providing a physical location that contains a subset of all information in
each domain’s Active Directory database, the global catalog is a service that permits
the resolution of many common queries that originate from anywhere in the
forest. It holds and organizes the common attributes used in search operations,
such as usernames and group names, filenames, and so on.Active Directory stores the global catalog on the first domain controller in a new forest.

Active Directory is divided into several partitions—not to be confused with disk
partitions—that allow the enterprise-level network to be scaled to enormous
proportions while remaining manageable. A schema partition and a configuration
partition are stored on all domain controllers within an Active Directory forest,
and application and domain partitions are common to domain controllers within a
domain. The roles of these partitions are as follows:
¦ Domain partition: This partition contains information about all objects such as
users, groups, computers, and OUs in a domain. It is replicated to all domain
controllers within the domain, and a subset of this information is replicated to
global catalog servers in the forest.
¦ Schema partition: This partition contains definitions of all objects and their
attributes. Rules for creating and working with them are also located here.
This partition is replicated to all domain controllers in the forest.
¦ Configuration partition: This partition contains information about the structure
of Active Directory in the forest, including domains, sites, and services. It
is also replicated to all domain controllers in the forest.
¦ Application partition: First introduced in Windows Server 2003, this partition
contains application-specific data that needs to be replicated throughout specified
portions of the forest. It can be replicated to a specific domain controller
or to any set of domain controllers anywhere in the forest. In this way, it differs
from the domain partition in which Active Directory replicates data to all
domain controllers in that domain. It also contains DNS information for
Active Directory–integrated DNS zones.

Each domain has its own ntds.dit file, which is stored on (and replicated among) all domain controllers by a process called
multimaster replication.

All domains in a tree are linked with two-way, transitive trust relationships; in
other words, accounts in any one domain can access resources in another domain
and vice versa.

Microsoft includes the concept of sites to group together resources
within a forest according to their physical location and/or subnet. A site is a set of
one or more IP subnets, which are connected by a high-speed, always available local
area network (LAN) link.A site can contain objects from more
than one tree or domain within a single forest, and individual trees and domains
can encompass more than one site. The use of sites enables you to control the
replication of data within the Active Directory database as well as to apply policies
to all users and computers or delegate administrative control to these objects
within a single physical location. In addition, sites enable users to be authenticated
by domain controllers in the same physical location rather than a distant location
as often as possible. You should configure a single site for all work locations connected
within a high-speed, always available LAN link and designate additional
sites for locations separated from each other by a slower wide area network
(WAN) link. Using sites permits you to configure Active Directory replication to take advantage
of the high-speed connection. It also enables users to connect to a domain controller
using a reliable, high-speed connection.

A domain controller stores a complete copy of
all objects contained within the domain, plus the schema and configuration information
relevant to the forest in which the domain is located. Unlike Windows NT,
there are no primary or backup domain controllers. Similar to Windows 2000 and
Windows Server 2003, all domain controllers hold a master, editable copy of the
Active Directory database.

The global catalog is a subset of domain information created for enabling domain
controllers in other domains in the same forest to locate resources in any domain.
By default, the first domain controller installed in a new domain becomes a global
catalog server.It provides info on objects within that forest, allows UPN logins and provided info on universal groups

Microsoft designed Active Directory in such a fashion that you can perform most
configuration activities from any domain controller. However, certain functions
within the directory are restricted to specific domain controllers, which are known
as flexible single-master operations (FSMO) servers, or simply as operations masters.
These functions include the following:
¦ Schema master: Holds the only writable copy of the Active Directory schema.
This is a configuration database that describes all available object and function
types in the Active Directory forest. Only one domain controller in the forest
holds this role.
¦ Domain naming master: Ensures that any newly created domains are uniquely
identified by names that adhere to the proper naming conventions for new
trees or child domains in existing trees. Only one domain controller in the forest
holds this role.
¦ PDC emulator: Serves as a primary domain controller (PDC) for Windows
NT 4.0 client computers authenticating to the domain and processes any
changes to user properties on these clients, such as password changes. This
server also acts as a time synchronization master to synchronize the time on
the remaining domain controllers in the domain. One domain controller in
each domain holds this role.
¦ Infrastructure master: Updates references in its domain from objects such as
domain group memberships, to objects in other domains. This server
processes any changes in objects in the forest received from global catalog
servers and replicates these changes to other domain controllers in its domain.
One domain controller in each domain holds this role.
¦ RID master: Assigns SIDs to objects created in its domain. A SID consists of a
domain identifier common to all objects in its domain and a relative identifier
(RID) that is unique to each object. This server ensures that no two objects
have the same RID and hands out pools of RIDs to every domain controller in
its domain. One domain controller in each domain holds this role.

Read-only domain controller: A read-only domain controller (RODC) is a domain
controller that contains a read-only copy of the directory database. It can perform
all client-based actions such as authenticating users and distributing
group policies to clients, but administrators cannot make changes to the database
directly from the RODC. It is particularly useful for branch office deployment
where security might not be as high as in the central office and no
administrative personnel are present for day-to-day operations.

Server Core: A Server Core is a stripped-down version ofWindows Server
2008 that does not contain any GUI, taskbar, or Start menu. After logging on,
you are presented with a command prompt window from which you perform
all administrative actions. A Server Core computer uses less hardware and
memory resources than a normal server but is able to perform most (but not
all) of the roles that a normal server performs. Furthermore, a Server Core
computer is more secure because it presents a smaller attack footprint than a
normal server.

R2 has several new features that were added specifically to work with Windows 7 client computers. 
The following are some of the most significant new features:
¦ Active Directory Recycle Bin: Recovery of accidentally deleted objects in
Active Directory has always been a difficult procedure that has resulted in
significant domain controller downtime. In Windows Server 2008 R2, objects
deleted from AD DS or AD LDS are moved into a recycle bin that works in
much the same way as the desktop recycle bin. The deleted object even retains
its attributes. You can simply restore the accidentally deleted object from the
recycle bin, and all its attributes come with it. This is even true for a container
such as an OU; all objects contained within an accidentally deleted OU are
restored when you restore the OU from the recycle bin.
¦ Windows PowerShell 2.0: Included by default in Windows 7 and Windows
Server 2008 R2, this is a task-based command-line scripting interface that
enables you to perform a large number of remote management tasks.
PowerShell includes the Integrated Scripting Environment (ISE), which assists you in the task of writing, 
testing, and executing scripts. You can also perform automated troubleshooting of remote computers. 
Included also isan Active Directory module that provides cmdlets for administrative,
configuration, and diagnostic tasks.
¦ Active Directory Administrative Center (ADAC): This is a new task-based administrative
tool built on PowerShell 2.0 that centralizes a number of object
management tasks within a single graphical user interface (GUI). It harnesses
the functionality of Active Directory Users and Computers, Active Directory
Sites and Services, and Active Directory Domains and Trusts. You can administer
objects such as user, group, or computer accounts or OUs from within
multiple trusted domains including ones in remote locations. You can also
install ADAC on a Windows 7 computer as part of the Remote Server
Administration Tools (RSAT).
¦ Best Practices Analyzer (BPA): This is a new management tool that assists you
in implementation of best practices in configuring the AD DS environment.
You can use this tool to troubleshoot unexpected behavior in Active Directory
and obtain recommendations for improved configuration.
¦ Offline domain join: Enables administrators to pre-stage domain accounts in
AD DS so that these accounts can be imported into any type of automated
computer deployment process such as Sysprep. The newly deployed machines
are automatically joined to the domain when they first connect to the network.
¦ Active Directory health check: Microsoft has enhanced the functionality of the
replsum.exe command to provide additional information on outbound and
inbound replication and error diagnostics for failed replications.
¦ Active Directory Web Services: This feature provides a web service–based
interface to AD DS domains and AD LDS instances.
¦ Active Directory Management Pack: This feature assists you in monitoring
AD DS performance. You can discover and detect problems with computers
and software, as well as health state violations.
¦ Remote Desktop Services (RDS): This is an enhancement to Terminal
Services, which enables users on the local network or remotely via the Internet
to access desktop sessions based on virtual machines or applications in the data
center. Any client that supports Remote Desktop Protocol (RDP) can enable
user communication with virtual desktops hosted on the RDS server.
¦ HyperV: Available as a server role in Windows Server 2008 R2, this is a
hypervisor-based server virtualization technology. It enables you to consolidate
multiple servers on a single physical machine, thereby optimizing hardware
usage and reducing overall costs. The Live Migration feature enables you to move running virtual servers 
from one physical machine to another without loss of user connections and consequent user downtime. 
This facilitates host server management in cases where you need to reboot the host server; simply
move all virtual servers to a different physical machine. Virtual server hard
disks are configured as VHD files, which can be configured with the native
boot function for booting without a virtual machine or hypervisor. In
Windows Server 2008 R2, you can use dynamically expanding VHD files with optimized performance.
¦ DirectAccess: This is a new feature of Windows 7 and Windows Server 2008
R2 that enables users to directly connect to corporate networks from any
Internet connection. When enabled, a user is able to access network resources
as though he were actually at the office. DirectAccess uses IPv6 over IPSec to
create a seamless, bidirectional, secured tunnel between the user’s computer
and the office network without the need for a virtual private network (VPN)
connection. You can configure and monitor this feature from the DirectAccess
Management Console.
¦ BranchCache: This feature provides a local file-caching service that enables
users in branch office locations to cache files on a local computer, thereby
reducing access time for these files. You can configure this feature through
Group Policy. BranchCache uses a hashing mechanism to identify files that
have been cached on a localWindows 7 computer so that other users in the
same office can access the locally cached version of the file. Changes to the file
are saved to both the locally cached version and to the version on the remote
server.
¦ Windows Server Migration Tools: This is a new feature that assists you in migrating
server roles, features, operating system settings, and shares from one
server to another one.
¦ Managed Service Accounts: Assists administrators in isolating service accounts
and their passwords used by directory-enabled applications for authentication
purposes. This helps to protect applications from failing due to
authentication failure resulting from accidental lockout, disabling, or other
reasons.











Chapter 2 Installing and Configuing DNS for Active Directory

The following are the typical levels of the hierarchical DNS namespace:
¦ Root-level domains: This is the top of the DNS hierarchy. Specified by a period
or dot, it is not included in domain names. DNS servers at this level enable you
to access servers for the top-level domains.
¦ Top-level domains: This is a standard set of domains that have been assigned by
the Internet Society (ISOC). Expanded somewhat in recent years, it includes
the domains shown in Figure 2-1 plus several others. In addition, two-letter
ISO standard country name abbreviations are used as top-level domain names,
for example .ca for Canada and .au for Australia.
¦ Second-level domains: This represents additional groupings; for example,
Microsoft or UCLA. Second-level domains can be further subdivided. In fact,
you can have up to a limit of 127 levels.
¦ Hostnames: These are the individual names assigned to individual computers
within domains. The combination of a hostname, an organization’s domain
name, and the Internet top-level domain name creates a name (FQDN) that is
unique across the Internet. Hostnames used inside domains are added at the
beginning of the domain name and are also referred to by their FQDNs. For
example, a computer called search in the Microsoft domain has an FQDN of


Each DNS name server stores information about a discrete portion of the Internet
namespace. Such a portion is known as a zone and the DNS server that is primarily
responsible for each zone is considered to be authoritative for that zone. In other
words, the DNS server is the main source of information regarding the Internet
addresses contained within the zone. A zone can be considered a part of the big
database that is DNS and can contain information on one or more AD DS domains.
Zones are defined by who looks after maintaining the records that they contain. 
In Windows Server 2008, DNS stores its zone data in one or more application
directory partitions, each of which is an AD DS partition that contains
application-specific data (in this case, DNS) that needs to be replicated throughout
specified portions of the forest. This replication takes place by a process called zone
transfers, which take place among all DNS servers in the forest.
search.Microsoft.com. The www is actually a hostname (or one of the names)
used by a particular computer.

Primary Zones
A primary zone is a master copy of zone data hosted on a DNS server that is the
primary source of information for records found in this zone. This server is considered
to be authoritative for this zone, and you can update zone data directly on
this server. It is also known as a master server. If the zone data is not integrated with
AD DS, the server holds this data in a local file named <zone_name.dns> that is
located in the %systemroot%\system32\DNS folder.

Secondary Zones
A secondary zone is an additional copy of DNS zone data hosted on a DNS server
that is a secondary source for this zone information. This server obtains the zone
information from the server hosting the corresponding primary zone. Using secondary
zones improves name resolution services on the network by providing redundancy
and load balancing. The server that hosts a secondary zone is frequently

Stub Zones
A stub zone contains source information about authoritative name servers for its
zone only. The DNS server hosting the stub zone obtains its information from
another server that hosts a primary or secondary copy of the same zone data. The
following are several purposes of stub zones:
¦ Maintain a current list of delegated zone information within a hierarchy of
DNS zones. A DNS server can host a parent zone at the primary or secondary
level together with stub zones for its child zones and thereby have a list of
authoritative DNS servers for the child zones.
¦ Enable improved name resolution by enabling a DNS server to rapidly locate
the stub zone’s list of name servers without the need for querying other servers
to locate the appropriate DNS server.
¦ Simplify the administration of DNS by enabling the distribution of the list of
authoritative DNS servers throughout a large enterprise network without the
need for hosting a large number of secondary zones.

An Active Directory–integrated zone stores its data in one or more application directory
partitions that are replicated along with other AD DS directory partitions.
This helps to ensure that zone data remains up-to-date on all domain controllers hosting DNS in the domain.
Using Active Directory–integrated zones also provides the following benefits:
¦ It promotes fault tolerance because data is always available and can always be
updated even if one of the servers fails. If a DNS server hosting a primary zone
outside of AD DS fails, it is not possible to update its data because no mechanism
exists for promoting a secondary DNS zone to primary.
¦ Each writable domain controller on which DNS is installed acts as a master
server and allows updates to the zones in which they are authoritative; no separate
DNS zone transfer topology is needed.
¦ Security is enhanced because you can configure dynamic updates to be secured;
by contrast, zone data not integrated with AD DS is stored in plain-text
files that unauthorized users could access, modify, or delete.
Either primary or stub zones can be integrated with AD DS. It is not possible to
create an Active Directory–integrated secondary zone.
called the secondary server.

An Active Directory–integrated zone stores its data in one or more application directory
partitions that are replicated along with other AD DS directory partitions.
This helps to ensure that zone data remains up-to-date on all domain controllers
hosting DNS in the domain. Using Active Directory–integrated zones also provides
the following benefits:
¦ It promotes fault tolerance because data is always available and can always be
updated even if one of the servers fails. If a DNS server hosting a primary zone
outside of AD DS fails, it is not possible to update its data because no mechanism
exists for promoting a secondary DNS zone to primary.
¦ Each writable domain controller on which DNS is installed acts as a master
server and allows updates to the zones in which they are authoritative; no separate
DNS zone transfer topology is needed.
¦ Security is enhanced because you can configure dynamic updates to be secured;
by contrast, zone data not integrated with AD DS is stored in plain-text
files that unauthorized users could access, modify, or delete.
Either primary or stub zones can be integrated with AD DS. It is not possible to
create an Active Directory–integrated secondary zone.
Posted by at No comments:

70-642 Notes

70-642 Notes

OSI Model - All People Seem To Need Data Processing
7 Application
6 Presentation
5 Session
4 Tranport
3 Network
2 Data Link
1 Physical





Layer 2 - switches - communicates using MAC addresses

Protocols such as Ethernet that operate at layer 2 do not see beyond
the local network.

The Internet layer, also often called layer 3 or the network layer, describes a global and configurable software addressing scheme that allows devices to communicate when they reside on remote network segments. The main protocol that operates at layer 3 is IP, and the network device that reads data at this layer is a router. Routers block broadcasts by default.

IPv6 uses 128-bit addresses instead of the 32-bit addresses used with IPv4, and, as a result, it can define many more addresses. Because few Internet routers are IPv6- compatible, IPv6 today is used over the Internet with the help of tunneling protocols. However, IPv6 is supported natively in Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

TCP communication is two-way and reliable.

Many network services (such as DNS) rely on UDP instead of TCP as a transport protocol. UDP enables fast transport of datagrams by eliminating the reliability features of TCP, such as acknowledgments, delivery guarantees, and sequence verification. Unlike TCP, UDP is a connectionless service that provides only best-effort delivery to network hosts. A source host that needs reliable communication must use either TCP or a program that provides its own sequencing and acknowledgment services.

Network Map shows a map of all devices connected to the LAN. It relies on two components:
■ The Link Layer Topology Discovery (LLTD) Mapper component queries the network for devices to include in the map.
■ The LLTD Responder component responds to the queries from the Mapper I/O. Although these two components are included only in Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, you can install an LLTD Responder component on computers running Windows XP so that they will appear on a Network Map on other computers.

To open Network connection from a command line type ncpa.cpl

The three types of network components that can be bound to a connection:
■ Network Clients In Windows, network clients are software components, such as Client For Microsoft Networks, that allow the local computer to connect with a particular network operating system. By default, Client For Microsoft Networks is the only network client bound to all local area connections. Client For Microsoft Networks allows Windows client computers to connect to shared resources on other Windows computers.
■ Network Services Network services are software components that provide additional features for network connections. File And Printer Sharing For Microsoft Networks and QoS Packet Scheduler are the two network services bound to all local area connections by default. File And Printer Sharing For Microsoft Networks allows the local computer to share folders for network access. QoS Packet Scheduler provides network traffic control, including rate-of-flow and prioritization services.
■ Network Protocols Computers can communicate through a connection only by using network protocols bound to that connection. By default, four network protocols are installed and bound to every network connection: IPv4, IPv6, the Link-Layer Topology Discovery (LLTD) Mapper, and the LLTD Responder.

When you enable network bridging on a connection, all points entering the server (wireless, Token Ring, and Ethernet) appear on the same network. Hence, they can all share the wireless connection and get out to the Internet.

If you also want to define a default gateway along with the IPv4 configuration, you can add that information to the end of the command. For example, to configure the same IPv4 address for the local area connection with a default gateway of 192.168.33.1, type the following: netsh interface ipv4 set address “local area connection” static 192.168.33.5 255.255.255.0 192.168.33.1

To configure the Local Area Connection to obtain an address automatically, type the following: 
netsh interface ipv4 set address "Local Area Connection" dhcp

Ping, Tracert, and Pathping utilities all rely on a layer 3 messaging protocol named Internet Control Message Protocol (ICMP).

ICMP is blocked by default by Windows Firewall, and it is also blocked by some routers and stand-alone firewalls. Consequently, to use Ping, Tracert, and PathPing successfully, you need to ensure that ICMP is not blocked by the remote host. To enable a firewall exception for ICMP on a computer running Windows Server 2008 R2, use Windows Firewall with Advanced Security console to enable the File and Printer Sharing (Echo Request – ICMPv4-In) firewall rule. To enable a firewall exception for ICMPv6, enable the File and Printer Sharing (Echo Request – ICMPv6-In) firewall rule. You can also enable these firewall rules throughout the domain by using Group Policy.

PathPing is similar to Tracert except that PathPing is intended to find links that are causing intermittent data loss. PathPing sends packets to each router on the way to a final destination over a period of time and then computes the percentage of packets returned from each hop.

arp converts an IP address to MAC address
arp -a displays arp cache
arp -d deletes arp cache

To resolve IP-to-MAC address mappings, IPv6 uses a protocol named Neighbor Discovery (ND) instead of the ARP protocol used by IPv4. For this reason, a nice benefit of an all- IPv6 network is that it prevents the possibility of Arp cache poisoning.


Note also that the same connection has been assigned a link-local IPv6 address beginning with fe80::.
This address is the IPv6 equivalent of an APIPA address.


ipv4 addresses are 32 bit and are divided between the network and host ID's
Each ipv4 address is 4 octet of 8 bits each

The subnet mask is used to determine which part of a 32-bit IPv4 address should be considered its network ID. For example, when you write 192.168.23.245/24, the /24 represents the subnet mask and indicates that the first 24 of the 32 bits in that IPv4 address should be considered its network ID. For the IPv4 address 131.107.16.200 shown in Figure 1-29 earlier, the first 16 bits according to the picture are used for the network ID. Therefore, the appropriate subnet mask to be used by a host assigned that address is /16.

So far, the discussion has focused on subnet masks in slash notation—also known as Classless Inter Domain Routing (CIDR) notation or network prefix notation. Slash notation is a common way of referring to subnet masks both on the 70-642 exam and in the real world. However, subnet masks are represented just as commonly in 32-bit dotted-decimal notation. In dotted-decimal notation, the subnet mask takes the form of a 32-bit IPv4 address. For example, the subnet mask /16 is represented in dotted-decimal notation as 255.255.0.0, and the subnet mask /24 is represented in dotted-decimal notation as 255.255.255.0.





When converting decimal to binary go left to right
200 = 11001000 128+64+0+0+8+0+0+0







Remember these essential points about routing and default gateways:
■ A default gateway must share the same network ID and be located within the same broadcast domain as the hosts it is serving.
■ If a host has no default gateway setting configured, that host will be unable to connect to the Internet or to any computers beyond broadcast range. For example, a private internal server that occasionally needs to download content from the Internet needs to have a default gateway configured.
■ Leaving the default gateway setting unconfigured on a host prevents access to that host from all points beyond the local subnet. In certain situations, therefore, you might in fact want to leave the default gateway setting unconfigured for security reasons.




An address block is the complete group of contiguous IP addresses that shares any single network ID. For example, an organization may purchase from an ISP a /24 address block with network ID 206.73.118. The range of addresses associated with this address block is 206.73.118.0–206.73.118.255.It is essential to understand that the addresses within an address block constitute a single network, and unless the network is subnetted—a possibility we will consider later in this lesson—that address block will serve a single broadcast domain with a single router, or way out of the network. The default gateway is the address assigned to that router within the same broadcast domain. Stated another way, an address block by default is designed to serve a single subnet. 

A subnet is a group of hosts within a single broadcast domain that share the same network ID and the same default gateway address.



/x = The subnet mask
Block size = number of addresses

The maximum host capacity of an address block is always two fewer than the number of addresses in that network.

21 = 2
22 = 4
23 = 8
24 = 16
25 = 32
26 = 64
27 = 128
28 = 256
29 = 512
210 = 1024
211 = 2048
212 = 4096

Shortcut to calculate the number of addresses for a network:
2^(32–n) = number of addresses
For example, a /27 network includes 2^(32 – 27) = 2^5 = 32 addresses.

If the subnet mask value provided is 255.255.255.0 or greater, the calculation is fortunately very easy. Just use the following formula, where z is the value of the last octet: 256 – z = number of addresses
For example, if a network has a subnet mask of 255.255.255.240, the block size is 256 – 240 = 16 addresses. If a network has a subnet mask of 255.255.255.192, the block size is 256 – 192 = 64 addresses. If a network has a subnet mask of 255.255.255.0, the block size is 256 – 0 = 256 addresses. Remember that the block size will always be a power of 2, so if you have the powers of 2 memorized, you should be able to perform the calculation in your head. If the subnet mask value for a network is between 255.255.0.0 and 255.255.255.0, the calculation is still fairly easy. Just use the following formula, where y is the value of the third octet: (256 – y) * 256 = number of addresses
For example, if a network has a subnet mask of 255.255.252.0, the block size is (256 – 252) * 256 = 4 * 256 = 1024 addresses. If a network has a subnet mask of 255.255.240.0, the block size is (256 – 240) * 256 = 16 * 256 = 4096 addresses. Again, the block size will always be a power of 2, so if you have the powers of 2 memorized, you might still be able to perform the calculation in your head.
Network administrators rarely need to determine the address block size for a network with a subnet mask between 255.0.0.0 and 255.255.0.0, and you will not need to perform such a calculation on the 70-642 exam. However, for completeness, the formula is presented here (where x is the value of the second octet):
(256 – x) * 256 * 256 = number of addresses

For example, if you are designing a new network with 30 computers, you need 30 + 2, or 32, addresses for the subnet. Because 2^5 = 32, the value 32 is the smallest power of 2 that is big enough to accommodate your needs. 256 – 32 = 224, so you need a subnet mask of 255.255.255.224 to accommodate your new network. If p ≥ 256, set the first two octets to 255 and the fourth octet to 0. Then determine the following value and place it in the third octet: 256 – (p / 256).

The easiest way to subnet a network is to use one new and extended subnet mask on all computers within your internal address space. Doing so generates a number of subnets of equal size. When you subnet your network in this way, you can determine how many logical subnets have been created by using the formula 2^(n2– n1) = number of subnets where n2 is the length (in bits) of the new network ID used internally within the organization, and n1 is the length of the original network ID assigned externally to refer to the entire address block. For example, if you subnet a 10.0.100.0 /24 address space by using a /27 subnet mask on all hosts in your internal network, you generate 2^(27–24) = 2^3 = 8 subnets. Each of these 8 subnets includes 2^(32–27) = 2^5 = 32 addresses.




Variable Length Subnet Masks - When different subnets use different subnet masks depending on needed amount of addresses

To determine whether IP addresses are on the same subnet, first ensure that the hosts you are comparing have the same subnet mask configured. Then, compare the network IDs of the addresses. For /8, /16, and /24 subnet masks, this comparison is easy: simply compare the IP address values of the first, the first two, or the first three octets, respectively. If and only if the values are identical, the computers are configured on the same subnet. For example, the addresses 192.168.5.1 /24, 192.168.5.32 /24, and 192.168.5.64 /24 are all on the same subnet because they all share the network ID 192.168.5. For subnet masks of /25 and higher, divide the value of the last octet in each address by the address block size, and drop any remainder so that you are left with a whole number such as 0, 1, or 2. If and only if the resulting whole numbers are the same, the addresses are on the same subnet. For example, 192.168.5.1 /26 and 192.168.5.32 /26 are on the same subnet because the block size of a /26 network is 64, and if you discount the remainder, both 1 ÷ 64 and 32 ÷ 64 equal zero. However, 192.168.5.64 is on a different subnet because 64 ÷ 64 = 1. For subnet masks between /16 and /24, first convert the subnet mask to dotted-decimal notation by using a reference chart or by memorization. Subtract the value of the third octet in the subnet mask from 256, and then divide the value of the third octet in the IP addresses you want to compare by this resulting difference, dropping any remainders. If and only if the resulting values are the same, the addresses are on the same subnet. For example, if you want to compare 10.0.40.100 /21 and 10.0.41.1 /21, first determine that the dotted-decimal equivalent of /21 is 255.255.248.0, and then subtract 248 from 256 to obtain a value of 8. Finally, because 40 ÷ 8 = 5 and 41 ÷ 8 = 5 with some remainder, the two addresses are located on he same subnet.


Calculating the number of subnets

Calculate the bits in the subnet mask and default mask for the class of the ip. then calculate 2^x power where x is the number of bits that are 0 in default mask but 1 in subnet mask
ex 172.20.0.0
default mask 255.255.0.0  11111111 11111111 00000000 00000000
subnet mask 255.255.255.0 11111111 11111111 11111111 00000000
2^8 = 256


Calculating the number of hosts

Calculate the bits in the subnet mask and default mask for the class of the ip. then calculate 2^x power -2 where x is the number of bits of host bits (0's)
default mask 255.255.0.0  11111111 11111111 00000000 00000000
subnet mask 255.255.255.0 11111111 11111111 11111111 00000000
2^8 = 256

Findout out which subnet an IP address is on

Convert IP address and subnet mask to binary over one another. Match the bits and if both boths are 1's keep it and if not it's 0.Once done convert bits back to binary.
Ex IP 178.56.21.9 SN 255.255.255.0
IP - 10110010 00111000 00010101 00001001
SN - 11111111 11111111 11111111 00000000 
This = 10110010 00111000 00010101 00000000 = 178.56.21.0 subnet

Calculate network address/1st host/last host/broadcast address

write IP given and subnet mask out in binary
Turn host bits to all 0 to calculate network address
network address +1 = 1st host
All host bits set to 1 = broadcast
broadcast address -1 = last host

IPv6 addresses are written by using eight blocks of four hexadecimal digits. Each block,
separated by colons, represents a 16-bit number. The following shows the full notation of
an IPv6 address:
2001:0DB8:3FA9:0000:0000:0000:00D3:9C5A

You can shorten an IPv6 address by eliminating any leading zeroes in blocks. By using this
technique, you can shorten the representation of the preceding address to the following:
2001:DB8:3FA9:0:0:0:D3:9C5A
You can then shorten the address even further by replacing all adjacent zero blocks as a
single set of double colons (“::”). You can do this only once in a single IPv6 address.
2001:DB8:3FA9::D3:9C5A
Because IPv6 addresses consist of eight blocks, you can always determine how many blocks
of zeroes are represented by the double colons. For example, in the previous IPv6 address,
you know that three zero blocks have been replaced by the double colons because five
blocks still appear.

Global Addresses
IPv6 global addresses are the equivalent of public addresses in IPv4 and are globally reachable
on the IPv6 portion of the Internet. The address prefix currently used for global addresses is
2000::/3, which translates to a first block value between 2000–3FFF in the usual hexadecimal
notation. An example of a global address is 2001:db8:21da:7:713e:a426:d167:37ab.

Link-Local Addresses
Link-local addresses are similar to APIPA addresses (169.254.0.0/16) in IPv4 in that they are
self-configured, nonroutable addresses used only for communication on the local subnet.
However, unlike an APIPA address, a link-local address remains assigned to an interface as a
secondary address even after a routable address is obtained for that interface. Link-local addresses always begin with “fe80”.


Posted by at No comments:
Subscribe to: Posts (Atom)