4.1.1 Configure IP address options
4.1.2 configure subnetting
4.1.3 configure supernetting
Not going to spend a lot of time on this.
IPv4
Classful:
Class A: 1-127 8 network bits, but starts with 0(binary). 24 host bits
Class B: 128-191 16 network bits, starts with 10(binary). 16 host bits
Class C: 192-223 24 network bits, starts with 110(binary). 8 host bits
Class D: 224 multicast (1110)
Class E: 240 Experimental/unused
Classless Inter-Domain Routing(CIDR)
Allows the assigning of any size networks with a subnet mask that can be any number of bits and the network can then be further divided.
VLSM is the subdividing within a private network into smaller subnets that can be variable size.
subnetting is the process of dividing up networks into smaller networks
supernetting is a way to represent multiple contiguous networks with the same subnet mask by creating a
new subnet mask made up of their common network bits.
Static IP, Dynamic IP
Automatic Private IP Addressing - APIPA - A microsoft mechanism that automatically assigns an address in
the 169.254.0.0./16 network if Windows is unable to contact a DHCP server.
Configure IP address in the network adapter properts under TCP/IPv4 properties. IP address, subnet
mask, default gateway, DNS Servers. Or set to use DHCP
Powershell:
use modules Netadapter and NetTCPIP
To set an adapter to DHCP:
set-netipinterface 'ethernet 5' -dhcp enabled
To setup a static IP:
get-netipinterface
get-netipconfiguration 'ethernet 2' | new-netipaddress -ipaddress 192.168.10.20 -prefixlength 24 -defaultgateway 192.168.10.1
set-dnsclientserveraddress 'ethernet 5' -serveraddresses 192.168.15.90, 192.168.15.91
To remove an ip address, use
remove-netipaddress 192.168.10.20 -defaultgateway 192.168.10.1
Note that you should remove the default gateway along with the ip address, or else the default gateway gets "stuck" on that interface, and cannot be removed using cmdlets until you add another ip in the same subnet to the same interface(or edit through the GUI).
To reset the dns server addresses to default, use the following:
set-dnsclientserveraddress 'ethernet 5' -resetserveraddresses
IPv6
128 bits
:: can be used to compress consecutive 0's. leading 0's can be left off.
63c5:0091:0000:0000:e8cc:011f:009a:c001 can be
63c5:91::e8cc:11f:9a:c001
types of ipv6 addresses:
global unicast address: registered ipv6 block
link-local unicast address: reserved block that can assign themselves automatically(like APIPA IPv4)
10 bit prefix 1111111010 fe80::/64
unique local address : reserved block in fc00::/7 for private use.
multicast: begin with 11111111 ffanycast: a unicast address that is assigned to identify the routers within a given address scope.
site-local address : reserved fec0::/10 for "private" use but has since been deprecated for unique local addresses(ULA)
neighbor discovery(ND): provides functions for v6 similar to v4's ICMP, ARP, Router Discovery, Router
redirect.
powershell
get-netipconfiguration 'ethernet 2' | new-netipaddress -ipaddress fc00::200:cd -prefixlength 64 -defaultgateway fc00::200:1
set-dnsclientserveraddress 'ethernet 5' -serveraddresses fc00::199:40,fc00::199:41
remove an ipv6 address
remove-netipaddress -ipaddress fc00::200:cd -defaultgateway fc00::200:1
4.1.4 configure interoperability between IPv4 and IPv6
1.use a dual stack
2. tunneling:
static configuration with netsh
netsh interface ipv6 add v6v4tunnel tunnelname localaddress remoteaddress
netsh interface ipv6 add v6v4tunnel "tunnel" 192.168.90.1 192.168.91.1
automatic configuration:
6to4: provides automatic tunneling allowing ipv6/ipv4 hosts to establish ipv6 connectivity across ipv4
internet using ipv4 multicast
isatap: intra-site automatic tunnel addressing protocol : emulates an
ipv6 link using a ip4 network. does not support multicasting.
teredo: encapsulates v6 packets inside UDP to facilitate tunneling behind nat routers. like 6to4 but works
with NAT
Extra Note: There is another technology called IP-HTTPS that can be used as a directaccess
fallback method of ipv6/ipv4 access
Translation technologies:
Nat64: used by directaccess on ipv4 networks.
DNS64: maps ipv6 AAAA name queries to ipv4 A records queries.
Portproxy: allows ipv4/ipv6 TCP traffic to be proxied.
4.1.5 configure ISATAP
uses a virtual ipv6 network interface whose link-local address is determined by concatenating either fe80::200:5efe for global unique, or fe80::5efe to the 32 bits of a v4 address
To configure ISATAP you only need a router name. You can configure ISATAP with either a GPO(Network/TCPIP Settings/IPv6 Transistion), set-netisatapconfiguration -router cmdlet, or using netsh interface isatap set router
to disable ISATAP, set the state to Disabled, using GPO, set-netisatapconfiguration -state, or netsh interface isatap set state disabled
The other two isatap states are:
enabled: link-local address configured on each isatap interface
default: attemps to contact isatap server. If it cannot be contacted, no addresses are configured.
other powershell commands: get-netisatapconfiguration, reset-netisatapconfiguration
4.1.6 configure Teredo
Teredo components:
clients, servers, relays, host-specific relays
Client: IPv6/IPv4 node that supports teredo tunneling.
Server: ipv6/ipv4 node that is connected to both ipv4 internet and ipv6 internet, and assists in the address configuration of teredo client and facilitate initial communication between teredo clients and other clients, or with ipv6-only hosts. listens on UDP 3544 for teredo traffic
Relay: ipv6/ipv4 router that can forward packets between teredo clients on the ipv4 internet.
Qualified Types:
qualified(enabled): teredo is always enabled.
not qualified: teredo is dormant when not in use.
You can only configure qualified type by GPO
State/types:
default: default is client state
client: teredo interface present only when host is not on a network with a Domain Controller
enterprise client: teredo interface is always present.
disabled
Configure by GPO: Teredo Default Qualified, Teredo Server Name, Teredo State
netsh interface teredo show state
netsh interface teredo set state servername
netsh interface teredo set state type
powershell:
get-netteredoconfiguration
set-netteredoconfiguration -servername -type
Disable teredo:
set state to disabled in GPO
netsh interface teredo set state type disabled
set-netteredoconfiguration -type disabled
No comments:
Post a Comment