List three advantages of using a larger, high-level ISP compared to a smaller one The possible advantages include support for multiple WAN connection technologies, more

Internet bandwidth available, redundant Internet backbone connections, fault tolerant hard- ware, and more diverse services.

Page Lesson 3 Review

1. Port filtering can provide which of the following Internet access control capabilities?

a. Limit the applications users can run

b. Prevent specific users from accessing the Internet

c. Limit the applications that can access the Internet

d. Prevent specific computers from accessing the Internet c

3-22

2. Specify which of the three types of NAT processing (static, dynamic, or masquer­ ading) provides the best security, and state why this is so.

Masquerading provides the best security because mapping a client’s unregistered IP address to the NAT router’s registered address lasts only for the duration of the connection.

3. How many registered IP addresses does a dynamic NAT router require?

a. None

b. One

c. One for every unregistered IP address

d. One for each simultaneous connection d

Page Lesson 4 Review

1. A user is unable to access an Internet Web site but can access file system shares on the same LAN. Which of the following might be the problem? (Choose all answers that are correct.)

a. The user’s computer has an incorrect IP address.

b. The user’s computer has an incorrect default gateway address.

c. The user’s hub is malfunctioning.

d. The router connecting the LAN to the ISP is malfunctioning. b and d

2. What does a troubleshooter do to determine the scope of an Internet connection problem?

Attempt to reproduce the problem with other computers on the same hub, on the same LAN, and on different LANs.

3. If a Web server with a registered IP address can access the Internet but client com­ puters with unregistered addresses cannot, which of the following components might be the source of the problem?

a. The CSU/DSU

b. The Internet access router

c. The proxy server

d. The WAN connection c

Page Case Scenario Exercise 3-39

Based on the information in the Case Scenario Exercise, answer the following ques­ tions about the Internet access strategy for the Litware, Inc. building.

1. For each of the following Internet access solutions, specify why it would or would not be suitable for this installation.

a. ISDN Basic Rate Interface

At 128 Kbps, the ISDN BRI service would not provide sufficient bandwidth for the building’s users.

b. ADSL

ADSL is an asymmetrical service that provides relatively little upstream bandwidth, which would be insufficient for the Internet Web servers in the building.

c. T-1

A T-1 leased line would be a suitable connection for this building because it provides sufficient bandwidth both upstream and downstream and operates around the clock.

d. Frame relay

Frame relay would be an excellent Internet access solution for this building because it enables the company to pay only for the bandwidth it uses and because it also supports bursts of band- width in excess of the contracted transfer rate.

2. All computers on the building’s three client LANs use unregistered IP addresses, and the router connecting the backbone network to the Internet WAN link has NAT, port forwarding, and packet filtering capabilities. Explain how you would have to modify the Internet access strategy to support each of the following capabilities.

a. Enable the scientists on the third floor to temporarily activate a server that streams video live over the Internet.

To enable a server behind a NAT router to have a presence on the Internet, you must use port forwarding to associate the server’s unregistered IP address with a specific registered address and port.

b. Prevent the inside sales personnel from running any Internet application other than an e-mail client.

To limit the inside sales users to e-mail access only, you can create IP address and port filters on the NAT router that block all Internet traffic from the IP addresses of the users’ computers, except for that containing the port numbers associated with e-mail protocols.

c. Authenticate users before granting them Internet access and limiting Internet access to certain hours of the day.

You cannot configure a NAT router to authenticate users and control access based on the time of day. You would have to install a proxy server product that provides these features.

Page 3-40

Troubleshooting Lab

Place the following troubleshooting steps in the order you should perform them.

1. Call the ISP, and ask if there is a problem with the company’s Internet service.

2. Call a user who is connected to the same hub as Mark, and ask if she can access the Internet.

3. Power cycle the CSU/DSU for the T-1 providing Internet access.

4. Try to access the company Web site using a computer with a separate dial-up modem connection to the Internet.

5. Ask Mark to try to access a different site on the Internet.

6. Call a user on a different LAN from Mark, and ask if he can access the Internet.

7. Ask Mark to repeat his actions and see if he still can’t access the company Web site.

8. Try to access the company Web site using a computer on the network with a reg­ istered IP address.

9. Check the NAT router logs to see if they are functioning properly. 7, 5, 2, 6, 8, 4, 9, 3, 1

4

Planning a Name Resolution