Posted: January 31st, 2023

ICTNWK531 Configure an internet gateway

Unit Assessment Guide
ICTNWK531_UAG_v1 © TAFEnow, NCTAFE Created: 19/08/15 Revised: 15/12/15 Page 1 of 7
Unit details
Unit Code: ICTNWK531
Unit name: Configure an internet gateway
Unit purpose This unit describes the skills and knowledge required to connect network hardware
devices, mainly personal computers (PCs), to an internet gateway.
It applies to individuals who are middle managers, network engineers, technical specialists
or security analysts with excellent information communications and technology (ICT) skills
who plan and implement networks, determine security threats and are involved in
business budgeting.
Elements and
performance criteria
For further information about this unit go to:
https://training.gov.au/Training/Details/ICTNWK531
Unit outcome This unit is not graded. Your result will be recorded as achieved competence (AC) or not
competent (NC).
Pre-requisite / Corequisite
units
Nil
Assessment plan
To demonstrate competence in this unit, you must successfully complete each of the following assessment events:
1. Event 1 Report – Confirm client requirements
2. Event 2 Report – Configure and test gateway
Unit Assessment Guide
ICTNWK531_UAG_v1 © TAFEnow, NCTAFE Created: 19/08/15 Revised: 15/12/15 Page 2 of 7
Assessment conditions
Submission dates Submission of assessment events are flexible to your own personal needs. You should
discuss a timeline with your facilitator in order to determine suitable dates to submit each
assessment event for marking.
Submission instructions Your assessment events must be submitted online via the TAFEnow website.
o Complete each of your assessment events and save your files with the event name
and your own name – for example: Event1_john_smith.
o Upload your assessment event files and any other additional attachments to the
space provided in the TAFEnow online learning platform.
Student is required to
provide materials and
equipment
To complete this assessment, you will need to provide:
o A personal computer with internet access
TAFEnow is required to
provide material and
equipment
Nil
Additional resources Nil
Facilitator support and
supervision
There is no facilitator supervision required for these assessment events. If you are unclear
about any aspect of the assessment please contact your facilitator for guidance.
Student collaboration Student collaboration is not permitted.
Assessment attempts You have two attempts on each event.
General information For general information relating to assessment procedures at TAFEnow refer to
http://tafenow.com.au/aboutassessment
Facilitator information (Facilitator information only)
For Facilitator procedures refer to the TAFEnow Facilitator Space at
http://tafenow.com.au/teacher-resources
Unit Assessment Guide
ICTNWK531_UAG_v1 © TAFEnow, NCTAFE Created: 19/08/15 Revised: 15/12/15 Page 3 of 7
Assessment events
Assessment event 1 – Report – Confirm client requirements
This event requires you to submit a report that demonstrates your ability to confirm client network requirements,
equipment and review security issues.
This assessment event is based on the information found in this scenario. Your report must include the following
sections:
1. Client requirements
2. Scope of internet services
3. Hardware and software components
4. Hardware comparison table
5. Security analysis
6. Proposed solution
Note:
o The report is to be a word processed document addressing each of the criteria in Table 1
o The document should be formatted professionally and include the report author and date.
Marking criteria
Table 1
You must meet the below criteria in order to successfully complete this assessment event.
1. Client
requirements
In this section of your report:
1. Provide a detailed description of client requirements including:
a. At least three (3) reasons why the client needs an internet gateway
b. A list of the main internal and external drivers to ensure productivity for the
client’s network.
2. Scope of
internet
In this section of your report:
Unit Assessment Guide
ICTNWK531_UAG_v1 © TAFEnow, NCTAFE Created: 19/08/15 Revised: 15/12/15 Page 4 of 7
You must meet the below criteria in order to successfully complete this assessment event.
services 1. Provide a list of at least three scope of internet services required to meet client
needs.
3. Hardware and
software
components
In this section of your report:
1. Provide a description of hardware and software components required, including:
a. The name of the hardware component
b. Software required to run hardware
c. A list of steps describing how to set up software and hardware via the Web
Interface.
2. An amended diagram of the REPSOL floor plan indicating changes to be
implemented, i.e. adding or removing hardware and connections.
4. Hardware
comparison
table
In this section of your report:
1 Provide a simple comparison table that compares at least three hardware suppliers,
including:
a. Hardware supplier name
b. A description of component specifications
c. A brief description detailing after sales support
d. The cost of the component
5. Security
analysis
In this section of your report:
1 Research the security features of an internet connection that you have access to
including:
a. A list the steps required to enable MAC filtering
b. A list the steps required to enable advance firewall features on the gateway
2 Provide a description of the security arrangements provided by your ISP how it
could affect you or your client with reference to:
a. Virus protection and spam filtering for emails
b. Blocked ports
c. Availability of static IP addresses.
Unit Assessment Guide
ICTNWK531_UAG_v1 © TAFEnow, NCTAFE Created: 19/08/15 Revised: 15/12/15 Page 5 of 7
You must meet the below criteria in order to successfully complete this assessment event.
3 Prepare a list of at least 10 dos and don’ts for users with reference to internet use
and hazard possibilities.
6. Proposed
solution
In this section of your report:
1 Provide a description of the Internet Gateway selected with references to the
product meets the client requirements.
2 Provide screen images to demonstrate you have configured username and
password provided by the ISP to allow gateway to establish internet connection and
connect the network to the internet.
3 Provide screen images to demonstrate you have created a DHCP IP pool by
allocating an IP to the gateway and limit the number of IP’ produced by the router
to 50 pc’s. REPSOL wants to reserve IPs for shared resources or hardware(s).
Assessment event 2 – Report – Testing and configuration
This event requires you to submit a report that demonstrates your ability to test and configure an internet gateway.
This assessment event is based on the information found in this scenario. Your report must include the following
sections:
1. Testing plan
2. Configuration
Note:
o The report is to be a word processed document addressing each of the criteria in Table 2
o The document should be formatted professionally and include the report author and date.
o To complete your testing plan you can download a tool to test the stability of your network from
https://essays.homeworkacetutors.com/write-my-essay/security-audit.com/blog/penetration-testing-tools/
Unit Assessment Guide
ICTNWK531_UAG_v1 © TAFEnow, NCTAFE Created: 19/08/15 Revised: 15/12/15 Page 6 of 7
Marking criteria
Table 2
You must meet the below criteria in order to successfully complete this assessment event.
1. Testing plan In this section of your report:
1. Provide a testing plan for intranet/ internet connectivity and client requirements
including the following details:
o Test ID
o Test purpose
o Test description
o Test execution date
o Steps
o Test data
o Expected result
o Actual result
o Status (Pass/fail)
o Notes
2. Configuration In this section of your report:
1 Provide a list of the steps to configure a Windows machine so that it has static IP
address, static subnet mask, gateway and DNS.
2 Provide a description of the devices or hardware(s) on the client’s network that need
to be available to clients at all times and list the steps required to configure them with
static IP’s outside the DHCP Pool.
3 List the steps to change the DHCP pool size on a residential gateway that you have
access to.
4 Provide a table documenting which nodes were having problems based on test
results, (example speed test, ping test, etc) including steps taken to provide a
solution.
5 Provide a description that explains how the client’s initial requirements have been
met with your installation, configuration and testing procedures.
Unit Assessment Guide
ICTNWK531_UAG_v1 © TAFEnow, NCTAFE Created: 19/08/15 Revised: 15/12/15 Page 7 of 7
You must meet the below criteria in order to successfully complete this assessment event.
6 List the steps taken to ensure that the recommended network drivers are installed on
network clients.
7 List the steps to ensure the node is connected at the maximum speed that the
intranet is capable of, if not show how to force the network card to connect / work at
the preferred speed.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 1 of 12
Scenario
REPSOL Scenario
REPSOL is a medium sized motorsports company with around 18 employees. The site houses 9 cubicles.
The setup as per Floor Plan below shows that it has an access layer (linking all the workstations) and a distribution
layer (identified by the switch connections).
All of the cubicles are equipped with RJ45 connection sockets which are directly connected via UTP cables to a patch
panel in a communication room where all the incoming UTP connections are connected to a couple of switches.
REPSOL is currently expanding the business and want to have an online presence so they need to convert the local
access to have an Internet connection.
The current network has the capability to transfer data at gigabit speeds and the current usage is only about 5% of
the total capability.
REPSOL’s intranet site abides by company policies, processes, procedures, staff members and financial information. It
wants to allow its employees to have access to high speed Internet connection.
You have been assigned as the contracted Network Engineer and are responsible for implementing and managing
the connection of network hardware devices to an Internet gateway.
Your role will require you to provide technical advice, guidance and leadership in the resolution of specified
problems. In that, it involves managing the installation, configuration and testing of the gateway products and
related hardware and software, as well as determining security threats.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 2 of 12
REPSOL’s Floor Plan
Communication Room
Server NAS
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 3 of 12
REPSOL’s Information Technology (IT) Systems
There are many types of hardware and software in an IT component. Each has its own operational requirements which
will normally be fully documented in an installation manual. The general hardware includes but is not limited to:
 Desktops/ workstations
 The network
 The server and
 Shared resources
Desktops/ Workstations
All managers and staff in office have a PC on their desk. These have been acquired over the last three years and range
from various vendors. Some of the specifications include:
• 3.46 gHz quad core system
• 8 GB DDR-3
• All desktops are equipped with LED monitors
All staff are encouraged to store files on the Network Access Storage (NAS) while user accounts and logins generally is
stored on the Server.
The Network
REPSOL have a generic gigabit network with shared resources connected via networking hardware. The network
consists of 2 switches, a router, a server and a NAS. All equipment is connected to the network via a gigabit network
interface card.
Operating systems
There are a variety of operating systems including Windows 7, Windows 8 Professional, 64 bit. The server is running
Windows Small Business Server 2014: 2024 – Essay Writing Service. Custom Essay Services Cheap. The NAS runs the CISCO firmware while the current networking devices run
CISCO IOS. The operating systems are kept up to date to prevent security flaws or loop holes.
In the event that some of the updates fail to be implemented, the IT department will take immediate action where a
Change Request is logged to update the software on the hardware in question.
Preferred supplier
REPSOL now has a policy of using a single source for computers and that is currently Hytek Computers. They offer a
full onsite support service in the first year of purchase and labour only in year 2. Most of their equipment has a one
year warranty. All computer purchases must be processed through the IT department.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 4 of 12
IT costs and charging policy
The IT department has updated their charging policy. Changes which may affect you are as follows:
1. Costs for computers and computer peripherals will be directly billed to the employee’s cost centre.
2. Infrastructure costs will be charged at a flat rate of $1000 per month, per employee. The services included in
this charge include:
• access to central file server
• network infrastructure
• email
• Internet Access
• help desk
• the POS system.
3. IT personnel assigned to specific projects will be billed out at $100 per hour, (based on effort, not duration).
REPSOL’s Security Policy
User accounts
1. Only employees and authorised contract personnel shall be allowed access to the network.
2. To obtain access to the network, users must submit a Logon Application Form to the IT Help Desk signed by
their manager. Acceptable use policies must be adhered to when completing the application.
3. Passwords must be at least 6 characters long.
4. The system will prompt users to change their password every month. Previous passwords cannot be used.
5. Employees will be given 3 attempts before they are locked out of the network. The counter will be reset after
30 minutes.
6. Employees must press CTRL-ALT-DEL to log-off. When the terminal is unattended for 3 minutes a passwordprotected
screen saver will activate.
7. Employees are responsible for all data and information stored in their own accounts. All files saved by the
employee must be stored on the account network drive (drive D:)
8. Temporary accounts will be deleted when no longer required.
9. Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage rs will submit a Logon Removal Form to the IT Help Desk on the last day when an employee or
contractor leaves the organisation. They will check with the IT Help Desk within 2 days to ensure the account
has been deleted.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 5 of 12
Acceptable use
1. Employees will not attempt to access any network data or programs for which they do not have
authorisation or explicit consent of the owner of the data/program.
2. Employees will not share their passwords with anyone.
3. Employees will not make copies of any software or data on the network for their own, unauthorised personal
use or to provide to other people/users for unauthorised use.
4. Employees will not make copies of copyrighted software.
5. Employees will not place any software on their workstations. All software will be approved and installed by
the IT department.
6. Employees will not copy any data files onto their hard drives or their network drives from a floppy disk.
7. Employees will not attempt to access the network outside of the operating hours of 7am – 7pm.
Remote access policy
1. Only managers and employees with a genuine business need be provided with remote access rights.
Employees must obtain approval from their managers and the IT Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage r before being granted remote
access. Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage rs must submit a signed Remote Access Application to the IT Help Desk.
2. Employees connecting to the network must install virus scanning software and implement security solutions
on their home PC as outlined by the IT department.
3. Employees will not allow access to the network from their home PC by anyone other than themselves.
Information protection policy
1. Disseminating proprietary information, trade secrets, or confidential information is strictly prohibited.
Unauthorised dissemination of this information is a dismissible offence and may result in criminal penalties.
2. Confidential and sensitive information such as trade secrets and proprietary information should be stored on
network drives only.
3. Confidential information transferred over the Internet must be encrypted and digitally signed.
4. Any files received from outside sources must be scanned with company-approved virus checking software.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 6 of 12
Email usage
1. Employees will only use email for business activities except where personal use does not interfere with
employee productivity.
2. Email use is forbidden for amusement/entertainment or private business activities. Employees breaching this
policy will be disciplined and may be dismissed.
3. Fraudulent, harassing, embarrassing, sexually explicit, profane, obscene, intimidating, defamatory, or
otherwise unlawful or inappropriate messages and/or material shall not be sent from, to, or stored on the
network. Employees breaching this policy will be dismissed.
4. Employees will be made aware of new viruses and will diligently monitor incoming emails for new viruses
5. Employee will practice maximum care not to open any email attachment that does not come from a reliable
source.
6. Employees should use the same care in drafting e-mail and other electronic documents as they would any
other written communication.
7. Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage rs will be provided with access rights to employee email accounts. General monitoring will not occur
unless it is deemed appropriate by the manager as stated in (a), (b) and (c) above.
8. Employees must not attempt to access another employee’s email or to use their email accounts to send
email messages. Respect for the privacy of other employee’s is required.
9. All business emails will be stored on the network drives in archived files for future reference.
10. All email attachments will be scanned by anti-virus software before being opened.
11. Employees will exercise due caution after being informed by IT of a new virus. If an employee receives an
email with the new virus attached, they will delete it immediately from the Inbox and Deleted Items.
Internet usage
1. Internal employees are allowed unrestricted access to the Internet.
2. All information downloaded from the Internet will be screened using anti-virus software before being
opened or run.
3. Sensitive or confidential information will not be sent over the Internet unless it is encrypted.
4. Software downloads from the Internet will be performed only by the IT department at the request of a
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 7 of 12
manager.
5. Employees will not use the Internet for personal use except during lunch breaks.
External access to the network from the Internet
1. Internet access will be provided to the web server and email server
2. Incoming traffic to the internal private network must be encrypted and authenticated. Only authorised users
will be given access to the private network.
REPSOL’s Network Policies and Procedures
With the development of networks that promote the availability of data, software and hardware resources to staff
throughout the organisation; it is important that appropriate policies are in place to control such access. These are
specific policies to ensure that the network performs adequately, is secure and provides user services.
Ad-hoc storage of data, poor file naming and maintenance, experimentation, attempts to breach security and
deliberate flouting of the agreed policies and procedures will not be tolerated. Not only may there be a security risk
but the network may not perform to expectations and may require excessive administration.
Hardware
There will be many different items of hardware making up the network. These include servers, work stations, hubs or
concentrators, printers, communication devices, etc. All purchases of computer hardware and software must be
approved by the IT department. In addition, no user is permitted to attach to the network any device that has not
been approved by the IT department. A register of all hardware on the network will be maintained and all items will
be identified by an appropriate numbering sequence.
All users should use company-provided PCs or terminals to connect and log on to the network. The use of an
individual’s personal PC or Notebook as a workstation is not allowed and any staff member found trying such a
connection will be dismissed.
All workstations should be switched off at night.
Servers, CPUs and critical communications devices will be kept in a secure location. Access to these locations will be
restricted to supervisors and other authorised computing staff. Eating, drinking and smoking are not permitted in
these areas.
Eating, drinking and smoking are not permitted at the workstations.
A list of all MAC and terminal addresses with the normal user of that workstation will be maintained. Appropriate
control of dial in access is required.
A separate electric circuit should be used for the servers.
Servers and other critical hardware components such as hubs or routers will be connected to an Uninterruptible
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 8 of 12
Power Supply (UPS) of sufficient power to provide one hour of standby power and to shut down devices safely in
case of an extended power outage.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 9 of 12
Software
By law we can only run software for which the appropriate licence fees have been paid. All software loaded on
company machines must be a legitimately purchased copy and the original disks plus the licence agreement must
be stored in the IT department.
No user is permitted to load on to the network any software that has not been approved by the IT department. A
register of all software on the network will be maintained along with details of licences and approved number of
users.
Users should only avail themselves of company approved and provided software. No personal or public domain
software is to be loaded on the network without approval by the IT department.
All software loaded on the network should have first been checked for virus contamination. The virus checking
program selected should be regularly updated to cover new viruses.
No software should be downloaded from unapproved websites to the network. Computers used for file transfer from
other sources will be disconnected from the network during the transfer. All data thus transferred will be screened
for virus contamination before being released to the network.
Users’ access to software will be controlled by the appropriate access rights. Prior to being allocated access to a
particular application the user:
• must have attended the appropriate training course, and;
• must have permission from their immediate supervisor or department/group manager.
Disaster Recovery Plan
A risk analysis of the security needs of the network will be undertaken and reviewed regularly. Security and control
shall be sufficient to prevent or recover from security breaches in accordance with this analysis. Risk assessment will
review all the major systems and procedures on the LAN. The assessment will identify the threats and quantify the
risks.
The result of the risk assessment will be a list of threats and quantified risks that are not acceptable to management.
Cost effective measures will then be implemented to reduce or recover from those risks. This will be fully
documented and agreed especially in those areas where management agrees to carry the risk.
Any significant changes to the system whether hardware or software will also need to undergo a risk analysis to
gauge their impact on the business.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 10 of 12
User Access
Each user shall have their own account. The supervisor/administrator will have two accounts – a supervisor account
for network maintenance and a normal user account when they are carrying out non-administrative tasks.
Each user’s name or identity on the network shall reflect their actual name. No nicknames or pseudonyms are to be
used. The user’s surname or initials and surname should be used. The user name should be a maximum
of EIGHT characters.
All user accounts will be password protected and changed regularly. The passwords must be unique and the same
password may not be used twice. Each password should be at least SIX characters in length.
Guest and other ‘visitor’ accounts should be removed from the system (or have the password changed) along with
any engineering or maintenance accounts used by service personnel. If any applications loaded on the network
create or use special accounts, these should also be removed or have the password changed.
File and data control
Each user shall have an area on the disk known as the home or user directory in which they can store their own files.
The rights to this directory will be structured so that their immediate supervisor will be able to access these files. All
users should be aware that the administrator can see all files on the system and they should take the appropriate
action to safeguard confidential information.
Users of desktops will also be able to store data on a local hard disk or external storage devices. Should there be a
valid reason for storing files locally, permission must be sought from the IT department and the user will then be
responsible for ensuring adequate backup.
A system of file names and conventions to be used will be distributed and will be adhered to by users. Temporary
files or files with a short life span that are not controlled by applications will need to be regularly deleted by users.
Users dealing with confidential data should be made aware that this data could be accessed by administrators and
they may wish to store that data on a local drive or consider the use of encryption.
Email
The Email system should be used for all intra-office communication.
Email must be treated with the same respect as any other form of communication. It should not contain slang or
vulgar words nor be derogatory to other staff members. It carries the same weight as written communication and
must be acted upon.
Many messages will be temporary in nature and not contain information that is required to be kept. These must be
flagged as temporary and will be deleted from the system after 120 days.
Mail that is more important, forms a policy, or describes decisions or actions taken must be filed and maintained. On
occasions, the sender will want to maintain a copy while at other times the receiver needs it. Again the message
must be flagged with the appropriate indicator.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 11 of 12
In some cases, the document may be of such importance that a hard copy is required. Users should check with their
managers for the types of documents and other legal requirements for printing. It should be the aim of users to print
the minimum number of documents.
Mailing lists will be created to facilitate the distribution of a message to more than one person. These must be used
with care to ensure the correct people receive a message.
Backup
All data on the network should be backed up daily overnight. The software selected for this task should be capable of
backing up all of the volatile system files such as user password files and other system files. All backup media should
be large enough to contain all data without the need to change media during backup. Secure cloud backup and
control is to be implemented. This cloud backup is to be determined as part of the risk analysis.
The backup system must be able to retrieve a deleted or damaged file from the medium in a short time, say, 10
minutes. The frequency and the number of versions of cloud backup will again be determined by the risk analysis.
The master (original) copies of software are to be stored in a secure remote site. Images of existing software media
can be copied onto the cloud storage. In any case that a media is damaged, a new media can be re-created with the
imaged software.
Supervisors must have someone who can perform the common operations on the network while they are away. This
person must be adequately trained and kept up to date by carrying out certain supervisory operations on a regular
basis.
A system for archiving infrequently used, but required files will be instituted.
Users will need to be informed as to which files, if any, are not part of the daily back up routine and how to take
responsibility for recovery of that data. For certain applications, there may be a need to make copies or backups of
files just prior to a periodic update. These copies may be placed in a common area of the hard disk so that the
periodic backup captures and backs up these files as well. However, users may wish to archive or backup files at the
end of an accounting period and will need to inform the administrators of their requirements.
Procedures will need to be implemented to ensure that the backup log is checked each morning to confirm that the
backups were successfully completed.
At regular intervals, the validity of the backups should be tested by running data/ backup verification test which is
done by specialised software. A complete set of disaster recovery procedures should be developed and tested.
Network performance and monitoring
Servers will rarely be turned off but when shutting down servers during a working day users should be
given 30 minutes warning.
If a server fails and then restarts, the system will attempt to clean up any open files or corrupt entries. Technicians
should be aware of the common errors and the expected responses so that they can restart the network.
The accounting system will be used to provide details of user access and utilisation of network resources.
ICTNWK531
ICTNWK531_Scenario_v1 Revised: 14/12/15 Page 12 of 12
The total amount of free space available should be regularly checked. A list of users or groups and the amount of disk
space used should be regularly reviewed.
Get research paper samples and course-specific study resources under   homework for you course hero writing service – Manage ment must be kept informed of the performance of the network. Regular monthly reports should be
submitted by the administrator showing how network usage is progressing and summarising the main activities,
problems and other network matters. If any measured parameter value rises to 80% or more of its maximum, it must
be monitored and reported weekly.
ICTNWK531
Configure an internet gateway
Learner Guide
© Copyright, 2015 – Research Paper Writing Help Service by North Coast TAFEnow
Date last saved: 15 December 2015 – Research Paper Writing Help Service by Smart, Rebecca Version: 1.0 # of Pages = 54
Enter name of writer – Content writer and course adviser
TAFEnow Resource Development Team – Instructional and
graphic design
Copyright of this material is reserved to the Crown in the right of the State of New South Wales.
Reproduction or transmittal in whole, or in part, other than in accordance with the provisions of the Copyright Act, is
prohibited without written authority of North Coast TAFEnow.
Disclaimer: In compiling the information contained within, and accessed through, this document (“Information”)
DET has used its best endeavours to ensure that the Information is correct and current at the time of publication but
takes no responsibility for any error, omission or defect therein. To the extent permitted by law, DET and its
employees, agents and consultants exclude all liability for any loss or damage (including indirect, special or
consequential loss or damage) arising from the use of, or reliance on, the Information whether or not caused by any
negligent act or omission. If any law prohibits the exclusion of such liability, DET limits its liability to the extent
permitted by law, to the re-supply of the Information.
Third party sites/links disclaimer: This document may contain website contains links to third party sites. DET is not
responsible for the condition or the content of those sites as they are not under DET’s control. The link(s) are
provided solely for your convenience and do not indicate, expressly or impliedly, any endorsement of the site(s) or
the products or services provided there. You access those sites and use their products and services solely at your
own risk.
Contents
Getting Started…………………………………………………………………………………………………………………. i
About this unit……………………………………………………………………………………………………………………………………………….. i
Elements and performance criteria…………………………………………………………………………………………………………….. i
Icon Legends………………………………………………………………………………………………………………………………………………….. ii
Topic 1 – Confirm client requirements and network equipment…………………………………………..1
Confirming client’s requirements……………………………………………………………………………………………………………….1
Identify components suitable for an Internet gateway…………………………………………………………………………..8
Verify equipment specification and availability……………………………………………………………………………………..11
Sample Answers…………………………………………………………………………………………………………………………………………..13
Topic 2 – Review security issues ……………………………………………………………………………………….15
Internet gateway architecture and plans…………………………………………………………………………………………………15
Review security measures with the ISP…………………………………………………………………………………………………….20
Brief users on the security plan and risks of Internet use………………………………………………………………………24
Sample Answers…………………………………………………………………………………………………………………………………………..26
Topic 3 – Install and configure gateway products and equipment………………………………………27
Identify configuration options…………………………………………………………………………………………………………………..27
Install and configure gateway products…………………………………………………………………………………………………..33
Plan and execute tests………………………………………………………………………………………………………………………………..35
Analyse and respond to error reports………………………………………………………………………………………………………38
Sample Answers…………………………………………………………………………………………………………………………………………..41
Topic 4 – Configure and test node…………………………………………………………………………………….43
Assign nodes to a specific gateway ………………………………………………………………………………………………………….43
Determine the connection type and configure………………………………………………………………………………………46
Ensure node software and/or hardware is configured………………………………………………………………………….46
Sample Answers…………………………………………………………………………………………………………………………………………..48

Getting Started
About this unit
This unit describes the performance outcomes, skills and knowledge required to connect
network hardware devices, mainly personal computers (PCs), to an internet gateway.
Elements and performance criteria
Elements define the essential outcomes of a unit of competency. The Performance Criteria
specify the level of performance required to demonstrate achievement of the Element. They
are also called Essential Outcomes.
Follow this link to find the essential outcomes needed to demonstrate competency in this
Unit: http://training.gov.au/Training/Details/ICTNWK531
i | Page
ICTNWK531_LG_V1.0
TAFEnow
Icon Legends
Learning Activities
Learning activities are the tasks and exercises that assist you in gaining a
clear understanding of the content in this workbook. It is important for you
to undertake these activities, as they will enhance your learning.
Activities can be used to prepare you for assessments. Refer to the
assessments before you commence so that you are aware which activities
will assist you in completing your assessments.
Readings (Required and suggested)
The required reading is referred to throughout this Learner Guide. You will
need the required text for readings and activities.
The suggested reading is quoted in the Learner Guide, however you do not
need a copy of this text to complete the learning. The suggested reading
provides supplementary information that may assist you in completing the
unit.
Reference
A reference will refer you to a piece of information that will assist you with
understanding the information in the Learner Guide or required text.
References may be in the required text, another textbook on the internet.
ii | Page
ICTNWK531_LG_V1.0
TAFEnow
Topic 1 – Confirm client requirements
and network equipment
Confirming client’s requirements
The requirements for a project are given to you in a wide variety of formats, ranging from
precise specifications required for a tender submission to a cryptic phone message left on
voice mail. Clients may be internal (within your organisation) or external, and a client of your
organisation as a whole. How you respond to a client may depend on which type of client
they are.
Your organisation may have a specific document and format for confirming a client’s
requirements. This document is often in a form that specifies a number of important aspects
of the eventual agreement that both parties may reach. Given the amount of time and
financial investment that can go into an Internet gateway, it is essential that care be taken to
ensure that the requirements are fully met and no surprises show up towards the end of the
1 | Page
ICTNWK531_LG_V1.0
TAFEnow
project. Failure of an Internet gateway to meet the business needs of your client could have
disastrous consequences on the operational capacity and capabilities of their organisation.
You must focus on the client’s requirements first and then select the ICT technology needed
to support the client’s business needs.
For this scenario, installing the Internet gateway will allow for Internet services to run on the
existing network. The three main requirements for REPSOL are:
1 Having access to the Internet
2 Having a secure encrypted connection to the Internet and
3 Adding a layer of protection over the Server and Network Access Storage (NAS) whilst
observing redundancy in connections
Validating client requirements
Once you have confirmed the client’s requirements, they must be checked to ensure that they
can be met by an Internet gateway. This is the process of validating the request.
What can we expect an Internet gateway to do? What are the functional differences and
performance characteristics of each possible solution? What happens if sections of the client’s
requirements are not covered by an Internet gateway?
To know what is possible and what is not, you will need to know at least some of the product
offerings from various vendors of this Internet gateway equipment. There are many Internet
gateway solutions available – from the straightforward Internet connectivity of a residential
gateway to complex business-orientated devices that perform a variety of functions including
routing, security, anti-virus and anti-malware.
For basic understanding on Internet Gateway hardware, you may read
http://compnetworking.about.com/od/networkdesign/g/network-gateway.htm.
Examples from each end of the spectrum of Internet gateway hardware are MSI’s Wireless
Residential Gateway https://essays.homeworkacetutors.com/write-my-essay/manualslib.com/manual/293334/Msi-Rg54gs2.html
and Cisco’s ASA (Adaptive Security Appliance) product range https://essays.homeworkacetutors.com/write-my-essay/cisco.com/
Validation checklist
2 | Page
ICTNWK531_LG_V1.0
TAFEnow
Preparing a checklist of required information in validating a client’s requirements helps to
avoid duplication and omissions.
This checklist should include the following
> client details
> due dates
> an overview
> services required
> existing services
> local network configuration
> external services to offer
> security
> project’s scope
A client will often provide you with requirements that are outside the capabilities of an
Internet gateway or are better suited to another device or server. Such requirements may
include web hosting and FTP services.
While the Internet gateway will need to be configured to allow for these services, the actual
gateway itself is generally not used for running these services.
A broadband connection and a residential gateway (possibly an ADSL router such as the
Billion BiPAC 5200 ADSL2+ Modem/Router) will be able to provide basic gateway functions
and connect a network to the Internet. To read more about this, go to
https://essays.homeworkacetutors.com/write-my-essay/billion.com/product/adsl.html. The residential gateway can be configured to
forward external web and FTP requests to the appropriate system. Residential gateway
manufacturers often refer to this function as configuring a virtual server but it is generally a
property of most routers called port forwarding.
Determining the scope of Internet services required
Home and small business
In a typical small business scenario, the following diagram is indicative of the network
arrangement required. This arrangement is sufficient for most small to medium-sized
businesses and in fact covers most home networks as well. A larger organisation’s network will
be considered later in this topic. If we concentrate on the Internet gateway, we need to
determine the services for which it will be providing access.
3 | Page
ICTNWK531_LG_V1.0
TAFEnow
Figure 1 Typical network layout of an Internet gateway for a home or small business
Figure 1 shows a home and small business network arrangement with the Internet gateway
positioned on the network boundary of the LAN and communicating with the ISP to achieve
Internet connectivity. There is no provision for the hosting of Internet-accessible servers
within the organisation’s network.
An Internet gateway will need to provide these basic functionalities for Internet connectivity:
> Internet access
> Email access
These two simple requests translate to a technical requirement for a firewall to prevent
intrusion and control access to and from the LAN with appropriate ports open from the LAN
side to allow the following:
> NAT (Network Address Translation) since there is more than one workstation
> HTTP (Hyper Text Transfer Protocol) to allow web pages to be accessed and viewed
> HTTPS (Hyper Text Transfer Protocol – Secure) for secure transactions over the Internet
using SSL (Secure Sockets Layer)
> DNS (Domain Name Service) to allow a website’s name to be used and not just the IP
address
4 | Page
ICTNWK531_LG_V1.0
TAFEnow
> SMTP (Small Mail Transfer Protocol) and POP3 (Post Office Protocol version 3) to allow
access to a mail server to send and receive emails.
In addition to these fundamental services, the Internet gateway will need to address any
specific requirements of the client such as:
> FTP (file transfer protocol) for reliably transferring large files
> VoIP (voice over Internet protocol) for telephone-like communications over the Internet
> IM (instant messaging) to allow access to services such as Yahoo! and MSN Messenger.
We need to also consider the internal IP addressing requirements of the LAN and any other
LANs that may form the local network structure.
All the needs above translate to open outgoing ports for the services as in Table 1 below:
Table 1 Services per port used
Service Port used
TCP UDP
HTTP 80 80
HTTPS 443 443
DNS 53 53
SMTP 25 25
POP3 110 110
FTP 20, 21 20, 21
VoIP (SIP) 5060 5060 plus dynamic
ports
VPN as configured
IM (e.g. Yahoo Messenger) 5050 or 80
Microsoft Update uses ports 80 and 443, and so do many other products such as anti-virus and
anti-malware, so generally web access will allow updates to be found and downloaded. Some
require an additional port, such as Panda Anti-Virus that requires port 8003 as well as port 80
for its updates.
5 | Page
ICTNWK531_LG_V1.0
TAFEnow
For more ports information search for the terms standard ports and the service you need to
allow. You can also check the definitive source for just the numbers and protocols first at IANA
(Internet Assigned Numbers Authority) at https://essays.homeworkacetutors.com/write-my-essay/iana.org/assignments/port-numbers
6 | Page
ICTNWK531_LG_V1.0
TAFEnow
Larger organisations
A larger organisation may decide to host some Internet-accessible servers on the local LAN or
preferably in a DMZ (de-militarised zone). This leads to additional requirements to the
configuration of the Internet gateway with the need for increased security. If we concentrate
on the Internet gateway, we need to determine what services it will be providing access for.
Figure 2 Typical network layout of an Internet gateway for a larger organisation
Image: A larger organisation’s network arrangement with the Internet gateway positioned on
the network boundary of the LAN which communicates with the ISP to achieve Internet
connectivity. A DMZ has been created to allow the hosting of Internet-accessible servers
within the organisation’s physical control.
In addition to the configuration required for the home and small business situation earlier, a
larger organisation hosting their own Internet-accessible servers will need to configure virtual
servers or port forwarding on the Internet gateway. Also, the construction of a full DMZ as
shown in Figure 2 requires that the internal Internet gateway be configured correctly for
7 | Page
ICTNWK531_LG_V1.0
TAFEnow
access to both the Internet and the DMZ servers by the systems in the LAN and a separate
Scope of Internet Services sheet filled in for each gateway.
Larger organisations with more than one office location or with remote users may request
VPN (virtual private networking) to join two remote LANs over the Internet or to allow
individual remote workstations to access the resources of the LAN.
LEARNING ACTIVITIES ACTIVITY 1
List out three ISP options for REPSOL and the type of connections each ISP will use and how this
will interconnect with the REPSOL gateway.
Based on the three recommended ISPs you have listed, which one will give the best performance,
value for money and reliability and also fulfil all REPSOL’s requirements.
Identify components suitable for an Internet
gateway
Once all the client requirements are confirmed and validated and the appropriate Internet
services identified, we can move on to locating suitable hardware and software to perform the
functions requested. There is a choice between using mainstream equipment and open
source. The decision ultimately comes down to whether the components are the most
suitable for the project. Remember that open source doesn’t always mean free nor does it
mean no support is available.
Mainstream components:hardware
You have already seen some mainstream components in the products from MSI, Billion,
McAfee, Symantec and Cisco. If you did not look at these before, then now would be a good
time to acquaint yourself with them in order to familiarise yourself with the terminology and
marketing language used.
Some suppliers of products in this category are
> Home and small business components:
> TP-Link: https://essays.homeworkacetutors.com/write-my-essay/tp-link.com/ Click on the Cable/DSL Routers image.
8 | Page
ICTNWK531_LG_V1.0
TAFEnow
> LINKSYS:
http://kb.linksys.com/Linksys/ukp.aspx?pid=80&login=1&app=search&vw=1&article
id=3687
> Billion: https://essays.homeworkacetutors.com/write-my-essay/billion.com/product/adsl.html Click on one of the images of the
range.
> Enterprise components:
> Cisco: ASA: https://essays.homeworkacetutors.com/write-my-essay/cisco.com/go/asa
> Symantec: Gateway Security 5400 Series:
https://essays.homeworkacetutors.com/write-my-essay/symantec.com/theme.jsp?themeid=enterprise-security-framework
Search for Gateway Security Series 5400
If you compare the various device offerings from manufacturers, you will see that there is a
huge gap between the capabilities of the home and small business market and the enterpriselevel
devices. The basic functions are similar, even with different naming conventions, but the
data speeds and the few additional processing functions of the enterprise appliances set them
apart.
Mainstream components: software
A full range of software is available to run on standard workstations acting in the position of
the Internet gateway. These systems may be running a Microsoft Windows operating system
and ICS (Internet connection sharing) or another NAT service gateway. There is also a variety
of UNIX / Linux systems designed for this task.
An advantage of configuring an Internet gateway in this fashion is to allow the Internet
gateway to also act in the role of an Internet-accessible server.
What you decide to use will depend on the availability and specification of the system unit
and the background and experience of the client and yourself with these systems. You can
even just install additional servers in the DMZ to perform special functions such as a PBX
system for telephones connecting to a VoIP system to keep inter-branch call costs down.
Some examples of these systems are:
> Clear Centre – Clear OS at https://essays.homeworkacetutors.com/write-my-essay/clearcenter.com/
> Asterisk – The Open Source PBX at https://essays.homeworkacetutors.com/write-my-essay/asterisk.org/
> Securepoint – Securepoint Firewall and VPN Server at https://essays.homeworkacetutors.com/write-my-essay/securepoint.cc
9 | Page
ICTNWK531_LG_V1.0
TAFEnow
Mix and match components: software
If cost is a main consideration, perhaps for a home Internet gateway, then a mix-and-match
approach may be the way you and your client want to go. You may decide on your own mix of
anti-virus, firewall, servers and malware protection programs on the operating system
platform of your choice.
Some examples of these systems found on C-Net-download.com are
> for MS Windows:
> NetworkActiv – AUTAPF – Port Forwarder at https://essays.homeworkacetutors.com/write-my-essay/networkactiv.com
> Qbik New Zealand – Wingate at https://essays.homeworkacetutors.com/write-my-essay/wingate.com
> Vicomsoft – Intergate at https://essays.homeworkacetutors.com/write-my-essay/vicomsoft.com
> Zonerider Networks – Zonerider Gateway at https://essays.homeworkacetutors.com/write-my-essay/zonerider.com/index.html
> Zyneo – Zyneo SMS Gateway at http://download.cnet.com/Zyneo-SMSGateway/3010-10440_4-10195877.html
> for Macintosh:
> Studiotron Software – MailTron Gateway at https://essays.homeworkacetutors.com/write-my-essay/studiotron.com
> Vicomsoft – Intergate at https://essays.homeworkacetutors.com/write-my-essay/vicomsoft.com
What features do we want from these hardware and software components for an Internet
gateway?
Table 2 Features of Internet gateways
Feature Internet service
NAT (network address
translation); also known as
‘Masquerading’
Multiple computers connect to the Internet over a single
ISP connection and IP address
Special Applications
Port Triggering
May support VoIP (need to check with manufacturer)
Gaming
Instant messaging
Firewall Intrusion prevention
10 | Page
ICTNWK531_LG_V1.0
TAFEnow
Feature Internet service
Port Forwarding
Virtual Server
Virtual DMZ
Internet-accessible servers on private LAN
SPI (state-full packet
inspection)
Intrusion prevention sessions must be started from within
the LAN
May also support special applications such as VoIP, gaming
and instant messaging
LEARNING ACTIVITIES ACTIVITY 2
How many Gigabit or Ethernet ports would you recommend the gateway to have for connections
to the LAN and why?
Verify equipment specification and availability
Having identified a range of products that may satisfy the requirements for the Internet
gateway, you now need to ensure that at least one of these is available from a local supplier
and will perform all the specified functions.
One of the easiest ways to do this is to perform a search for the product identification and – if
possible – limit the results to pages within your area (country). If possible, the manufacturer’s
site is best and should contain datasheets for downloading and product specifications,
brochures, etc., that may be used for comparing against the required functions.
You must be sure that you are conversant with a number of different terms used by the
various manufacturers to identify the same functions. Sometimes it is necessary to download
user guides and manuals in order to get a description of the functions that are possible on a
particular device.
11 | Page
ICTNWK531_LG_V1.0
TAFEnow
You can use the scope of Internet services sheet from before to check that the equipment
supplies each of the required functions. The final selection should be based on a variety of
factors including but definitely not limited to:
> price
> supplier reputation:
> experience with the supplier
> time in business
> familiarity with the product or range
> additional functions available for future uses
> capacity
> speed
> availability
> timeframe
You are also advised to perform a worldwide search for the product in an attempt to discover
problems that other people have had with the device.
LEARNING ACTIVITIES ACTIVITY 3
List out some key specifications of the gateway hardware that you recommend REPSOL to use.
12 | Page
ICTNWK531_LG_V1.0
TAFEnow
Sample Answers
Activity 1
Table 3
ISP Options Connection types
Optus Cable
Telstra ADSL 2+
Iprimus NBN Fibre
Iprimus because it has 100 MB speeds over the National Broadband Network at a reduced cost
due to not needing to pay line rental. Will also suit REPSOL’s requirements for FTP and file
sharing.
Activity 2
Have two connections to each router if more than one. This is to provide redundancy in case
one of the ports fail, services is not interrupted.
Activity 3
> Capable of connecting to ISP via different Interface modules (cable, ADSL, optical fibre).
> Bandwidth the gateway is capable of example 100MB download, 50 MB upload
> Security features – does it have built-in firewall?
> Does it have VPN features to allow employees to work remotely?
13 | Page
ICTNWK531_LG_V1.0
TAFEnow

Topic 2 – Review security issues
Internet gateway architecture and plans
The basic architectural decision to be made when planning an Internet gateway is whether to
host services within the client’s network control. Most gateways today have firewall features
and MAC filtering as added security.
Firewall monitors the incoming and outgoing traffic over the network and from the Internet.
What it blocks and what it allows depends on your firewall settings. Common questions asked
about firewall as follows:
> How can I be sure that the firewall is on?
> What are the recommended settings of a firewall?
> What are some of the things a firewall cannot prevent?
> What else besides a firewall do I need to help protect my computer? (Windows Firewall)
15 | Page
ICTNWK531_LG_V1.0
TAFEnow
The following link will show you how to enable/ disable a firewall of a mainstream product.
https://essays.homeworkacetutors.com/write-my-essay/brighthub.com/computing/smb-security/articles/62076.aspx#imgn_5
The addition of a DMZ to an Internet gateway is a complication that extends the basic
gateway, so we will consider the added requirements for a DMZ later and just the basic
services first.
Home and small business
As seen in Topic 1 Figure 1, the Internet gateway needs to provide access for client systems in
the internal network on the Internet. The internal resources of the LAN, including the normal
sharing of file systems and printers expected of a LAN, should be directly accessible without
the need to involve the Internet gateway.
The Internet resources include access to:
> websites (HTTP, HTTPS)
> FTP servers (FTP)
> email (SMTP and POP3)
> domain name servers (DNS)
Default configuration of most residential gateways and other Internet gateway products may
leave all services open by default. However, in order to create a suitably secure environment,
gateways should have basic configuration carried out prior to being connected to the Internet
link.
Preliminary configuration should include:
> changing default password (and possibly administrator’s username)
> disabling access to the administration utility from the Internet (WAN) side of the device
> enabling NAT
> enabling the firewall initially to block all incoming ports for the Internet (WAN) side
> disabling DHCP server features
> enabling DHCP client capability on the Internet WAN side
> setting the internal IP address of the device to match the internal LAN
> setting the authorisation credentials (username and password) for the ISP’s link
16 | Page
ICTNWK531_LG_V1.0
TAFEnow
To summarise this in a checklist.
Table 4 Initial setting checklist
Setting Completed
Default administrator password (and username)
Disable external (WAN) administration access
Enable NAT
Enable firewall and block all external (WAN) access
Disable DHCP server
Enable DHCP client on WAN
Set internal IP address
Set credentials for logging in to Internet link
The precise way this is done on any particular device is not standardised, so you will need to
refer to manufacturers’ documentation, including user guides and installation manuals. These
user guides may not contain all the options, and it may not be possible for you to completely
document all the actions you need to take until working with the actual device. Remember
that the terminology will vary between manufacturers.
In order to meet these requirements, certain ports must be opened in the firewall or router
part of the Internet gateway to allow communication with appropriate Internet servers. The
ports to open depend on the scope of the Internet services required by the client.
Enterprise
Larger organisations may decide that they have the internal support to host some services for
their clients or mobile staff members. These services will be hosted on their own servers at
their location and be managed by the internal support staff of the organisation.
17 | Page
ICTNWK531_LG_V1.0
TAFEnow
As seen in Topic 1 Figure 2, the inclusion of a DMZ in an Internet gateway requires additional
security attention, as now some of the organisation’s systems are presented to the Internet
and therefore become targets for viruses, worms and hackers worldwide. The host systems
here need to be as well-protected as any severs at an ISP. The ISP will generally just allow
Internet traffic directly to your client’s Internet gateway, so security of these systems is your
responsibility.
The Internet gateway then needs to decide what traffic to direct to which of the number of
DMZ servers and what traffic is a response to internal LAN users and systems and so be passed
in to the internal Internet gateway.
Security of the DMZ servers needs to be tight. Security updates need to be assessed as soon as
they are released. This is not only true for the underlying operating systems but also for any
exposed server applications on each host. The performance and functionality must be
monitored to ensure that a compromised server can be identified quickly or a threat mitigated
as soon as possible.
A DMZ will usually contain a choice of servers for serving web pages (HTTP), domain name
(DNS), email (SMTP and POP3) and file transfer protocol (FTP). The servers for these services
may be on one or many physically distinct computer systems depending on the expected
workloads of the services. For example, a business that is selling software that is available for
download may require separate web and FTP servers to spread the load over a number of
distinct physical machines.
The systems in the DMZ are usually crucial for the business or organisation since there is no
room for frivolous servers in security architectures. Non-critical systems that need to be
Internet accessible are often better outsourced to relieve the burden from local system
administrators.
DMZ systems need to be accessible from the Internet in general as well as from the business’s
LAN equipment. The DMZ produces segregation between the public and private
infrastructures of the organisation. The segregation allows the mitigation of risks involved in
allowing non-trusted, potentially hostile systems to access your client’s computer systems.
Confidential information about customers and internal business working of the organisation
are kept on internal servers, not in the DMZ. Access to these servers is limited to internal LAN
clients.
18 | Page
ICTNWK531_LG_V1.0
TAFEnow
MAC addresses
MAC address is unique and can be used as a filtering mechanism to keep devices on or off
your wireless network. For example, on a Linksys router, you enable MAC filtering and entered
the three MAC addresses that you may want to connect to your network. Each of these MAC
addresses belongs to a device that you use. If a device tries to connect with a MAC address
that is not on that list, it will be blocked.
Read more about MAC address and filtering:
https://essays.homeworkacetutors.com/write-my-essay/timeatlas.com/term_to_learn/general/mac_addresses_and_filtering#.UU2AZhww
oqQ
IP address
Another consideration is that clients from the Internet need to know where to go in order to
contact your servers. That is, they need to know the IP address of your service. This is usually
accomplished through the use of the DNS system, which translates between IP addresses and
domain names on the Internet. The organisation’s ISP must assign a static IP address to your
client’s link in order to allow it to be registered with a DNS server.
An alternative is to work with a dynamic DNS provider such as no-ip.com www.no-ip.com.
These services take the management of the server away from you, yet still allow complete
control over the service. However, using a dynamic IP account to provide servers to the
Internet may contravene the acceptable-use policy of the ISP. In this case, your client may
have their Internet access disconnected until a suitable plan is put into place.
This scheme also places the DNS for all the internal network devices outside the ISP and so will
increase the time to resolve domain name references for all of these devices. Any internal
servers may also need to have their domain name information stored on the remote DNS
server, leading to longer resolution times within the network. What will happen if the Internet
connection fails? A local DNS server for internal lookups is still necessary.
19 | Page
ICTNWK531_LG_V1.0
TAFEnow
LEARNING ACTIVITIES ACTIVITY 4
Create VPN user accounts to enable users to access shared resources within the REPSOL network
remotely.
Review security measures with the ISP
Most ISPs have no commitment to security for your client’s LAN. Many will provide virus
scanning for email accounts hosted on their servers. The two most common problems when
setting up an Internet gateway will be the blocking of port 25 and the use of dynamic IP
addresses.
Blocking port 25
Port 25 is blocked to help reduce SPAM and unwanted transmission of email worms and
viruses. Port 25 is used in sending an email from an email client, such as Outlook, to an SMTP
mail server. It is also used between SMTP email servers in order to exchange emails around the
world.
ISPs will block the outbound passage of connections to port 25 to all except their own email
servers, thus preventing your client from hosting a mail server. If clients are not hosting their
own email server or if the ISP hosts it; then there is no problem with the configuration.
The blocking solution was formed to prevent some email worms from creating their own
SMTP server on a compromised computer and using it to send out emails of itself or in an
attack on other systems. The blocking of port 25 prevents such a bogus server from operating
and causing further damage.
Some ISPs also restrict the rate at which you can send emails in order to stop other massmailing
viruses from using the legitimate email server inappropriately.
20 | Page
ICTNWK531_LG_V1.0
TAFEnow
These restrictions from ISPs can cause problems if your clients have an externally hosted email
provider other than the ISP. All outgoing emails must use the ISP’s mail server, but incoming
mail needs to come from the established email provider. Fortunately, most email clients can
be configured to have different incoming and outgoing email servers as shown in Figure 3.
Figure 3
MS Outlook Accounts Properties screen showing different incoming and outgoing servers, e.g.
incoming mail (POP3) server is mail.myPOP3mail.com and outgoing mail (SMTP) is
mail.myISPmail.com.
Figure 3: Outlook Accounts Properties showing different incoming and outgoing servers
Note that in order for this to work, the ‘outgoing mail server’ section needs to be ticked and
the settings for it set, meaning that two sets of credentials are needed to configure the server:
one for the outgoing and one for the incoming mail servers.
In a larger organisation, the limitation on the rate of sending emails may not be satisfactory. In
this case, the client may have to pay an additional fee to increase the number of outgoing
email accounts available for use.
Typically, a statically assigned IP address supplied for a business Internet connection does not
have either of these limitations.
21 | Page
ICTNWK531_LG_V1.0
TAFEnow
22 | Page
ICTNWK531_LG_V1.0
TAFEnow
Using dynamic IP addresses
Most ISPs provide an Internet connection using a dynamic IP address system (DHCP) for all
broadband links. This makes it easier to configure from the client’s point of view and removes
the need to manually configure options such as the DNS servers. However, if a client is
intending to host their own Internet-accessible servers, then this service will cause problems
in that a domain name is statically assigned to an IP address, so that, for example:
www.mybusiness.com.au – always associates with – 200.174.0.187
If the link to the ISP changes, then the server for www.mybusiness.com.au will no longer be
accessible. The only proper solution to this is to have the ISP assign your client a static IP
address that will always remain the same. Most ISPs will charge more for this service and some
don’t offer it at all. If the latter is the case, then a change of ISP will be required.
You can contact an ISP to obtain security and routing information, and many ISPs have the
information available as either product FAQ (frequently asked questions) or information
pages.
Dynamic DNS services are available that allow this problem to be circumvented. The use of
these services and hosting over a dynamic IP address link may contravene the acceptable
terms of use for the ISP, and the ISP may take action against your client over the use of such a
scheme.
LEARNING ACTIVITIES ACTIVITY 5
List two types of security the ISP will be able to provide you to protect the Internet Gateway from
attacks or unauthorised access?
23 | Page
ICTNWK531_LG_V1.0
TAFEnow
Brief users on the security plan and risks of
Internet use
How can you ensure that users within your client’s network are aware of the security
arrangements of their Internet access? Many businesses are finding that their employees are
circumventing security in many ways. With the portability of mass storage devices increasing
to the point where a pocket-sized 500 gigabyte hard drive can be plugged into a workstation
to bring in and take away data from the organisation, the chances of viruses, worms and other
destructive programs increases.
Users need to be informed of what they should and should not do while accessing the
Internet. These measures should form a subset of a complete technology acceptable-use
policy, including guidelines for all data handling that contacts the network or one of its
systems.
The distribution of a policy and the confirmation that it has been read and understood is a
difficult task. Merely signing an agreement does not ensure it was read or understood.
Clicking on a button on the screen is even less likely to be effective in getting the message
across.
Ways to accomplish the distribution of a policy include:
> induction packages for employees
> seminars
> emails
> log-on notices
> messages of the day
> default home page in Internet Explorer
Depending on your client’s policy documentation and reporting requirements, you may need
to collect and audit information about the policy contents. You may do this by use of web
forms and email read receipts. Some clients may require signatures from the users.
The content of these information parcels needs to include details of:
> security measures that have been implemented
> advice on safe usage of the Internet
24 | Page
ICTNWK531_LG_V1.0
TAFEnow
> why, where, who and how to report incidents and problems
> bad habits
> good habits
> information sources
> penalties
You need to obtain some sort of active feedback in order to gather evidence of the
understanding of these issues by the users. This may be obtained by:
> questionnaire
> mini-quiz
> practical testing with simulated security risks, under the control of the security staff
> monitoring and analysing user patterns
LEARNING ACTIVITIES ACTIVITY 6
Identify a location in the office where only ICT personnel are able to access.
25 | Page
ICTNWK531_LG_V1.0
TAFEnow
Sample Answers
Activity 4
Depending on Internet gateway’s make and model, refer to manufacturer’s manual to enable
and configure this feature.
Activity 5
1 Black list and white list traffic monitoring
2 Packet monitoring
Activity 6
Communication room
26 | Page
ICTNWK531_LG_V1.0
TAFEnow
Topic 3 – Install and configure
gateway products and equipment
Identify configuration options
You will have a range of configuration options to choose from depending on the Internet
gateway solution your client has decided on. These options need to be selected in order to
satisfy the client’s needs in every case. Some options may only become apparent as the
installation progresses and so must be documented during the installation. If possible, screen
captures of configuration utilities would be helpful in the documentation process.
We’ll look at a few Internet gateway solutions here and their options. The solutions covered
are:
> residential/ small business gateway devices
27 | Page
ICTNWK531_LG_V1.0
TAFEnow
> appliances from Cisco
We will start with a discussion of the importance of anti-virus and anti-malware products to
the overall solution.
Anti-virus and anti-malware
All computer systems on the local network (including an ICS host system) must also have antivirus
and anti-malware software installed and active to maintain the maximum possible
security level. Some suitable products include:
> Avast, AVG and Microsoft Security Essentials (no anti-malware) are some free anti-virus
examples
> McAfee, Norton, Trend Micro anti-virus: Most anti-viruses come with built-in antimalwares

> Spybot – Search and destroy – anti-malware: Spybot https://essays.homeworkacetutors.com/write-my-essay/safer-networking.org
There are of course many more products. Your client may have current products in use, or you
can suggest others from your experience.
Note: Remember that free products may only mean free for private use. Sometimes these
products can also be used for educational and non-commercial purposes. You must check on
the licensing of any product to ensure that copyright is not infringed when used in each
solution.
Shared Internet connection/internet connection sharing (ICS)
The machines will be connecting to the Internet through the gateway via a single Internet
link. This Internet connection facility is already enabled and included in most Internet
gateways as most new networks have switches and this allows each computer to have its own
connection to the gateway.
All broadband connections to the gateway are via media such as cable/ fibre/ADSL/ wireless
broadband. For best security solutions, enable and configure the built-in firewall program on
the gateway, as it is the one that directly presents itself to the Internet. You can also install
separate firewall hardware to the gateway for extra security. The Windows Internet
Connection Firewall or the Firewall built into any Windows is sufficient. Take a look at the
following for more information:
28 | Page
ICTNWK531_LG_V1.0
TAFEnow
> Microsoft Windows Internet Connection Firewall: http://technet.microsoft.com/enus/library/cc776029(v=WS.10).aspx
> Microsoft Windows Firewall: http://technet.microsoft.com/enus/network/bb545423.aspx
Some people prefer to use a separate firewall product such as the offerings from the following
sources:
> Zone Alarm by Check Point: https://essays.homeworkacetutors.com/write-my-essay/zonealarm.com/
> AVG Firewall: https://essays.homeworkacetutors.com/write-my-essay/avg.com/au-en/homepage
> Symantec Norton Personal Firewall: https://essays.homeworkacetutors.com/write-my-essay/symantec.com
The ICS drivers and protocols are installed and activated in the ICS feature in the gateway
which forces the network card to have the private IP address of 192.168.0.1. This is a
requirement of ICS, and if the IP address is changed to suit an existing network. Some older
networking equipment used this IP address as a default IP address, so conflicts may occur and
the equipment will need to have its IP address changed.
In order to access the Internet with ICS, other computers and devices on the local network will
have IP addresses in the range 192.168.0.2 to 192.168.0.254 with a network mask of
255.255.255.0. These computers need to set their default gateway to be the IP address of the
Internet gateway (192.168.0.1) and manually set their DNS servers to be the same as the ICS
host settings. These settings may alternatively be provided for workstation computers
through a dynamic host configuration protocol (DHCP) server on the network.
The Internet gateway can be the DNS server as well as the DHCP Server. In order to determine
these DNS addresses on the gateway.
> connect to the Internet
> start a command prompt:
> Start, Run
> type cmd into the Open dialog
> click on OK
> in the command prompt window, type ipconfig /all
> towards the bottom of the listing you should be able to find a line with DNS servers and
an IP address similar to the following:
29 | Page
ICTNWK531_LG_V1.0
TAFEnow
Figure 4: Partial output from the ipconfig/all command showing the DNS Servers information
Partial output from the ipconfig /all command showing the DNS Servers information as a line
of text saying 283.49.70.20. If the Internet gateway, DNS server and DHCP server are of the
same hardware then the IP address of these three are the same.
The DNS server IP address listed should be used for the other workstations in the local
network. Note that there may be more than one DNS server. If the ISP ever changes addresses
for these servers, then all workstations need to be updated to reflect the change, possibly via
the DHCP server. See Figure 4.
Note: Windows server products also include utilities to configure routing and remote access
services. This is the preferred alternative to ICS when multiple connections to remote sites –
not just the Internet – are required in a business. The routing and remote access utilities
include capabilities to provide NAT, static routes, multiple simultaneous connections and dialin
connections.
Routing and remote access also allows the server’s IP address to be set to any address to
match an existing network’s configuration.
ICS and routing and remote access services cannot be used together on the same server.
30 | Page
ICTNWK531_LG_V1.0
TAFEnow
Figure 5 A home or small business LAN utilising Windows Internet connection sharing as the
Internet gateway.
Residential gateway devices
Most residential gateway devices are made specifically for broadband. Some have a built-in
ADSL, cable or fibre connection in order to connect through to the Internet
The built-in facilities of these devices from the various manufacturers are different. All tend to
have NAT and port forwarding, and some have basic firewall settings, parental control URL
blocking, virtual private networking (VPN) and voice over IP (VoIP).
Note: These devices are made for the final connection interface to the Internet link and so only
need to have a traffic throughput equivalent to the maximum Internet connection speed. This
speed is generally available to the home user market of 1 megabits per second (Mbps) to 100
Mbps.
Don’t misinterpret the throughput of an integrated switch (or hub) as the throughput
measurement. These devices are NOT meant for the high-speed interconnection of LANs to
segregate networks within an enterprise or large organisation.
Some routers can be used as residential gateways as well. In particular, a few of these routers
have a RJ11 port allowing for the backup of Internet access via a dial-up connection in case of
the broadband link failing. These devices are also useful for areas without broadband access,
such as country and rural areas, since the PSTN dial-up device may be used as the default
Internet connection. Devices with this capability include:
> Cisco WAG320N VPN Router: https://essays.homeworkacetutors.com/write-my-essay/linksys.com
> NetGear ProSafe VPN Firewall FVS328: https://essays.homeworkacetutors.com/write-my-essay/netgear.com.au
> Open Networks Open524R: https://essays.homeworkacetutors.com/write-my-essay/opennw.com
Residential gateways generally come with a web interface to allow configuration. The web
interface often defaults to an IP address of 192.168.1.1, and you will need to adjust a computer
on the network to be able to use an address on the same network (192.168.1.2 to
192.168.1.253) in order to access the web interface.
If you decide to modify the LAN IP address of the device, then you will need to use this new IP
address in your browser to administer the device in future.
31 | Page
ICTNWK531_LG_V1.0
TAFEnow
A common default username and password is admin and admin. It is in your client’s and your
own best interest to modify this to ensure the security of the settings of the Internet gateway
device.
Devices from the same manufacturer tend to have similar interfaces and use similar
terminology. The interface and terminology used varies widely from one manufacturer to
another.
A home or small business LAN utilising a residential gateway device as the Internet gateway
showing all LAN IP addresses in the 192.168.1.x network. All workstations have the same DNS
information and the same default gateway of 192.168.1.1, which is a common factory setting
for residential gateway devices.
Figure 6 A home or small business LAN utilising a residential gateway device as the Internet
gateway.
The residential gateway shown in Figure 3 has a common, factory-default LAN IP address of
192.168.1.1. If the residential gateway is configured to provide DHCP services, the LAN IP
addresses, DNS and default gateway addresses may be provided dynamically to the
workstations. Alternatively, these settings may be set manually with all the LAN IP addresses
32 | Page
ICTNWK531_LG_V1.0
TAFEnow
in the 192.168.1.x network range, with all workstations having the same DNS information and
the same default gateway being the residential gateway’s 192.168.1.1 IP address.
Appliances
Appliances are basically corporate or enterprise-level versions of the residential gateways
described earlier. The functionality and throughput of these devices distinguishes them from
the home-use product. Features and specifications that are found on appliances that are not
available or are at much lower capacity include the following:
> virtual private networking (VPN) connections
> voice over Internet protocol (VoIP)
> increased IP filtering rates
> encryption
> numbers of users considered, possibly in the thousands
The network arrangement of these appliances is similar to the residential gateways discussed
earlier. Being enterprise-level devices in a large organisation, the physical security of these
appliances tends to be a higher priority. Many of these units are mounted in air-conditioned,
locked racks along with many other network and communications devices.
LEARNING ACTIVITIES ACTIVITY 7
Compare the Internet Gateway hardware by two different manufacturers and list out specifications,
benefits and drawbacks of each different brand.
Install and configure gateway products
Let’s install and configure a simple Internet gateway suitable for use in a home Internet
gateway situation.
Scenario
33 | Page
ICTNWK531_LG_V1.0
TAFEnow
A family has a broadband connection to the Internet and wishes to share this connection with
the three computers currently in use in the house. They want to be able to have just the
computers that want access to the Internet to be on, as the computers are in bedrooms.
There is already a wired network infrastructure with a hub and connections to all bedrooms,
the lounge room and garage. An old computer in good condition is available to be used as an
Internet gateway. This computer can be located in a garage area since it has access to the
ADSL broadband connection and the network infrastructure. The computer specifications are
i3 processor with 4 GB RAM and 500GB hard drive.
Solution
By looking at the solutions for an Internet gateway already given, we can see that there are a
number of options.
> Router and ADSL modem in 2 units
> All in one unit which has routing, gateway, firewall and wireless functions
After discussion with the family, they decide to go with the final solution given for a number
of reasons but primarily because they:
> want a hassle free solution
> does not want many hardware(s) in place
> wants to keep the network simple and efficient
This leads you to choose an “all in one” product. Finally you decide on the Cisco / Linksys
product as it meets all customer’s requirements.
Installation and configuration
http://kb.linksys.com/Linksys/ukp.aspx?pid=80&app=vw&vw=1&login=1&json=1&docid=b76
b9811c882406b9a7179b0116a0e66_4290.xml
LEARNING ACTIVITIES ACTIVITY 8
34 | Page
ICTNWK531_LG_V1.0
TAFEnow
Configure the gateway using credentials provided by ISP so that the gateway is connected to the
Internet at all times
Plan and execute tests
In order to test your Internet gateway, a test system needs to be put into place with the
software needed to access all the provided services. If a DMZ and Internet-accessible servers
are required, then off-site facilities or alternative independent Internet access may be
necessary to ensure that services are duplicated during testing. In a business situation, the
continuity of the business is paramount during the testing phase. Often you will run a test
system in parallel with an existing system and phase in the new system as the testing proves
successful. In REPSOL’s situation, it is slightly different as they don’t have an existing Internet
gateway. So what will you do?
Prior planning of tests is important, with an entire test suite developed including the tests and
conditions and the expected results. Remember that if a test fails and a subsequent repair or
reconfiguration is performed, then the entire test suite should be repeated to ensure that the
whole solution continues to work with the modification. Documentation of ‘on the fly’
modifications is vital to ensure the consistency and accuracy of documentation for future
maintenance, troubleshooting, and modification or addition of features.
If you need to test access to a number of Internet sites, then typing the web address in for
each test is inefficient. A test list needs to be compiled in order to finish testing in a complete
and efficient manner. This may be made in a web page with each link ready to access in order.
An alternative may be to create a spreadsheet with the test links in a column. The worksheet
can also then be used to keep track of the testing and can document faults and remedies. The
tests should include access to all the different types of sites that will be used from the LAN
workstations and may include DMZ computers and external access from the Internet to
Internet-accessible servers and services. More than one program may be required to perform
the tests. An example test plan sample workbook is included in you Resources link and an
extract appears in Figure 7.
See Sample workbook for an example test plan.
35 | Page
ICTNWK531_LG_V1.0
TAFEnow
Figure 7 Section of the Test Plan Sample Workbook
Section of the Test Plan Sample Workbook with the headings Browser checks, Test Results and
Comments, Final Result
In the workbook, the tests are shown with instructions and the expected results with the
reasoning about what the test achieves.
A separate test plan may be required if the Internet gateway should be providing Internetaccessible
services. In such cases, a test plan with a group of tests and expected results should
be developed to confirm functionality of the system from outside the LAN, preferably from an
independent Internet link.
Negative testing
Remember that testing an Internet gateway may involve the denial of services as well. You
would test these in the same way as above, but the expected results would contain an error
situation or message. If these results from the negative test are achieved, then that test is
passed.
The denial of service functionality is extremely important to the testing of Internet-accessible
services to prevent unwanted access to services requiring authentication. These services will
need to be checked before any sensitive data is made available to the Internet in order to
reduce losses and damage during the testing and acceptance process.
Penetration testing
36 | Page
ICTNWK531_LG_V1.0
TAFEnow
There is a method for testing an Internet gateway using third party tools known as
penetration testing. These tools attempt to identify vulnerabilities in a system by trying to
hack into the system in a similar manner to that of a malicious intruder. These testing tools
may start with a simple port scan to identify open TCP and UDP ports on the target system.
You can then check that these ports are meant to be open and take appropriate action to
close any that should not be open.
The tools then may check that the ports that are meant to be open do not exhibit the aspects
of known vulnerabilities associated with the port or the application monitoring the port. In
order to be completely thorough, these tools need to be as up-to-date as possible so that they
test the most recent vulnerabilities as they become known.
Web resources on the use of penetration testing include:
> Security Focus: Penetration testing IPSec VPNs –
https://essays.homeworkacetutors.com/write-my-essay/securityfocus.com/infocus/1821
> InformIT: Sample chapter from Penetration Testing and Network Defence – Performing
Host Reconnaissance – https://essays.homeworkacetutors.com/write-my-essay/informit.com/articles/article.asp?p=469623&rl=1
> Lab Mice: Network penetration and vulnerability testing –
http://labmice.techtarget.com/security/penetration.htm
An external security company may be contracted to perform the penetration testing and
advise you on the appropriate actions to take in order to rectify the vulnerabilities. This would
also give your client an unbiased, independent evaluation and assessment report on the
security of their Internet gateway.
Many network security companies are available, and a local company that can come on site
and discuss and help rectify problems is an advantage. In order to give an overview of the
services offered by these companies, two are listed below:
> EnGarde Systems Inc: https://essays.homeworkacetutors.com/write-my-essay/engarde.com/
> Sage Technology: https://essays.homeworkacetutors.com/write-my-essay/sagetechnology.com.au/
LEARNING ACTIVITIES ACTIVITY 9
37 | Page
ICTNWK531_LG_V1.0
TAFEnow
Come up with a plan to test the Intranet network performance and the Internet connection speeds
of a network you are working in.
Analyse and respond to error reports
Analysing error reports is a process of troubleshooting and refining the error until the root
cause is located, isolated and corrected. Errors come from many sources. You need to keep all
possible sources in mind during the analysis of an error situation, including:
> general hardware failures
> disruption of power supplies
> network cabling problems (infrastructure and patch cables)
> misconfiguration
> misuse
Apart from the failure of the hardware and software from vulnerabilities to environment and
age, the source of errors may come from a variety of human motivations, such as:
> deliberate, malicious or intentionally introduced problems from either an external or
internal source
> accidental or careless damage
> unsuspecting or uninformed actions; results of poor training or poor documentation on
the use of the system
Error reports come in many different formats. You should supply your clients with a standard
form to complete when reporting errors in order to reduce the amount of different formats
you need to deal with. This allows the client to prepare for the questions that you are going to
ask during your response and saves time locating the person reporting the error.
The test plan is the most efficient way to check that the basic functionality is still available.
You will appreciate the effort you have put into the preparation of the tests and expected
results. The reasoning for the different tests you created will help you track down a problem
with confidence.
38 | Page
ICTNWK531_LG_V1.0
TAFEnow
The idea is to reduce the problem down to common factors when analysing any problems
with computer systems and networks. If you can isolate the problem, then the solution is
generally easily definable. Some questions you need to ask, or to locate on the error report,
are shown in the table below.
Table 5 Questions to ask
Question Reasoning Solution
Is it an error or is it a
function not
supported?
Perhaps the error is actually
something that the user
would like to do with a new
program.
Write a word essay – Evaluate the function and get appropriate
authorisation and implement the new
functionality.
Is the error
reproducible?
It is hard to locate and repair
a fault that cannot be
reproduced.
Try to get an idea of all the circumstances
that were present at the time of the fault.
> What other programs were running?
> What else were they doing on the
computer?
> How long had the computer been
on?
> What other applications had
previously been run?
Is the error
reproducible on
other workstations?
This would make it a general
fault and possibly not
isolated to an individual
workstation.
Locate the common component that is
causing the error and correct it.
The fault may still be in each workstation.
Occasionally programs and media are
revised using new versions of applications,
and the workstations need to be updated
to a compatible version in order to
function correctly. Examples are Flash
Player, Adobe Acrobat Reader and Java.
39 | Page
ICTNWK531_LG_V1.0
TAFEnow
Question Reasoning Solution
Could it be an
operational mistake?
Is the user performing the
procedure in the correct
order? Are they logged in as
the correct user?
When all hardware and software problems
are eliminated, then the possibility of
operator error needs to be addressed. Ask
the user experiencing the error to
reproduce the error and take note of the
steps. Are there any missed steps that may
be causing the error to occur?
If this is found to be the problem, then the
remedy involves user training for affected
users. This may also mean updating any
training documents that do not
adequately demonstrate the procedure to
follow to avoid the error.
After any resolution of an error or adding additional functionality, it is important to recheck
that the system functions correctly for the test plan. This may require updating the test plan
and documentation.
Remember that you may not be the next person to work on any particular system, so
updating any documentation is vital.
LEARNING ACTIVITIES ACTIVITY 10
Based on network speed results, propose changes in configuration that can help improve speed
and efficiency.
40 | Page
ICTNWK531_LG_V1.0
TAFEnow
Sample Answers
Activity 7
You can compare between Linksys and Netgear. Visit manufacturer’s website to view
specifications of each and compare.
Activity 8
You may consider reading:
http://kb.linksys.com/Linksys/GetArticle.aspx?docid=20ee1457387f40178cd5f41d4b585db4_
3687.xml&pid=80
Activity 9
You can consider using speedtest.net and totusoft.com
Activity 10
For improving Internet speed, consider port-forwarding.
For improving LAN speed, consider configuring the network adapters to run at Gigabit speeds
rather than Ethernet speeds.
41 | Page
ICTNWK531_LG_V1.0
TAFEnow

Topic 4 – Configure and test node
Assign nodes to a specific gateway
Now that a new or revised gateway is configured and tested, client workstations, servers and
other devices need to be configured to operate in the new networking environment. The
nodes to be configured are divided into two groups, depending on their function. Any
network node will need to be configured with an IP address, subnet mask and gateway
address. This includes printers, wireless access points and network storage devices. Generally,
client workstations are given dynamic IP addresses, while servers and other devices are
allocated static IP addresses.
If your existing network has been using dynamically configured IP addressing, then updating
the DHCP servers with the new parameters will cause all dynamic nodes to be updated at the
next reboot if not forced to renew sooner. Statically allocated IP address nodes will need to be
manually updated to use the new gateway parameters.
43 | Page
ICTNWK531_LG_V1.0
TAFEnow
In most small business and home network environments, there tends to be only a single
Internet gateway. This makes the configuration of nodes reasonably simple. In larger
organisations, a more complex network structure may require the selection of the appropriate
gateway necessary to deal with redundancy and fault tolerance measures. So long as the
intermediate gateways have been configured correctly, remote access and management will
be possible through any number of gateways.
Configuring a node to use a dynamic IP address
A network requiring any nodes to be allocated dynamic IP addresses will have a DHCP
(Dynamic Host Control Protocol) server configured and available for each IP subnet. DHCP
servers can be configured to provide a large number of network parameters, but the
minimum subset of these is: the node’s unique IP address, network mask, gateway IP address
and DNS server IP address. A dynamic IP address node will broadcast a request for its IP
configuration during its boot process and a DHCP server, which monitors the network for such
requests, will respond by assigning an unused address from its pool of addresses and send the
configuration details back to the node.
To configure a node to use dynamic IP addresses, the management software of the node must
be utilised. For a workstation, there are generally available network configuration utilities that
allow the TCP/IP configuration to be modified. For devices, a web management facility is often
provided; otherwise, you will need to check with your manual for the correct procedure to
configure this option. You will be required to log-in as an unrestricted user or administrator in
order to change the configuration of workstations or devices. You will then be able to set the
network parameters to the correct options. The wording of options can vary and may include
the following variations:
> obtain an IP address automatically
> automatically get IP address from DHCP server
> activate DHCP client
> use DHCP server
Important: do not confuse the compatibility of some devices that have DDNS (Dynamic
Domain Name Services) with the DHCP settings.
44 | Page
ICTNWK531_LG_V1.0
TAFEnow
Configuring a node to use a static address
Most networks require at least one node to be allocated with a static IP address. This is often a
gateway or device such as a print server or wireless access point. The gateway itself should
already be configured, but the device nodes and any static workstations will need to be
configured manually.
In a similar manner to configuring for dynamic allocation of IP addresses and other network
parameters, devices and computer systems will need to be configured whilst logged on as an
unrestricted user or an administrator. You need to locate the sections that would turn the
DHCP client configuration on or off; ensure the option is off. Once off, fields should be
available to fill in the configuration details for the node. The details should be recorded as
required by organisational guidelines to ensure that there is no duplication of addresses.
Duplication of IP addresses will generally render all nodes with that IP address unreliable at
best.
Hint: Many DHCP servers can be configured to provide a ‘virtually static’ IP address. This is
achieved by configuring the DHCP server to provide a particular network interface’s MAC
address with a reserved IP address. In this case, the node is configured to obtain its
parameters from the DHCP server. The DHCP server always provides the device, workstation
or server with the same IP address at each renewal request and updates other details at the
same time. Only when the network card or interface is changed will the DHCP server need to
have its reserved list changed.
For more configuration details, search Configuring Static IP windows.
LEARNING ACTIVITIES ACTIVITY 11
What are the benefits of static IP compared to Dynamic IP and when will you use it?
45 | Page
ICTNWK531_LG_V1.0
TAFEnow
Determine the connection type and configure
Some devices on the network may need to be configured with a static IP which is outside the
DHCP Pool. An example will be the NAS and Server; clients will lose connection to these
shared resources if they change IP addresses every now and then. For devices and hardware
that needs to be accessed all the time and should not need to be reconfigured, static ip
outside DHCP pool is the best way to prevent IP conflicts.
LEARNING ACTIVITIES ACTIVITY 12
Based on REPSOL’s network size, what is the size of the DHCP pool you would recommend and
what subnet mask would you recommend to use?
Ensure node software and/or hardware is
configured
A representative sample of the nodes in the network can now be fully tested to ensure that
everything is functioning correctly. You can use the test system put in place during the
gateway configuration and testing. The remaining nodes of the network should work in a
similar manner to these sample cases.
A minority of nodes may experience lack of full functionality. These are typically due to
random hardware failures coinciding with restarts and human error during re-configurations.
Such problems can be resolved using existing disaster / business continuity processes.
A report should be prepared for the client to sign-off against which details the results of
testing. The intent of the report is to back your claim that the Internet gateway and systems
technically provide for the client’s requirements and are functioning as specified by the client.
This report would include a summary followed by details of the test methods used and results
that were obtained. Good documentation here should include the identification of the
problems and the steps taken to resolve them. This documentation can then be included in
the ongoing troubleshooting guidelines for technical and non-technical staff.
46 | Page
ICTNWK531_LG_V1.0
TAFEnow
LEARNING ACTIVITIES ACTIVITY 13
Review customer’s initial requirements and evaluate current network configuration to see if it
meets the initial requirements.
47 | Page
ICTNWK531_LG_V1.0
TAFEnow
Sample Answers
Activity 11
Benefits – IP address do not change so shared devices will not lose connection. Used with
shared devices such as file shared servers and shared printers.
Activity 12
Consider the number of machines in REPSOL and provide the appropriate subnet mask. Best
subnet mask is 255.255.255.224. You can use the subnet mask calculator to help you.
48 | Page
ICTNWK531_LG_V1.0
TAFEnow

Order | Check Discount