46538735 project report ccna

7/30/2019 46538735 Project Report Ccna

1/84

DECLARATIONI hereby declare that the project work entitled CCNA (OSI, TCP/IP Models & Basics of Routing) is an authentic record of my own work carried out at Netmax Technologies, Chandigarh as requirement of six weeks industrial training for the awardof B.Tech. Degree in Electronics and Communication, under the guidance of Mr Navdeep Mangal (Director Netmax Technologies, Chd.)

SHAINI SACHDEVA 80406106016 ECE

This is to certify that the above statement made by the candidate is correct tothe best of our knowledge & belief.

(Name & Designation) TRAINING & PLACEMENT OFFICER, ECE

The INDUSTRIAL TRAINING Viva-Voce Examination of SHAINI SACHDEVA has been held on .......... and accepted.

(Name & Designation) EXTERNAL EXAMINER

2


2/84

2


3/84

AbstractThe enterprise network is the lifeblood of any Small to Medium Enterprise (SME)with more than one site or supply chain partner. It enables access to business information and allows for profitable and effective communication flows between employees in different enterprise sites. Network enterprise network equipment ismature and ubiquitous, but the quality of services provided by similar networksvaries from city to city and from country to country. In particular, the qualityvariation gap between most of the cities in some developing nations and their counterparts in advanced nations is very wide. This is due to the lack in developing nations of an adequate IT infrastructure, which is taken for granted in developed nations. Planning an enterprise network in a developing nation is almost like planning it in the middle of a desert. This project briefly discusses the architecture of an enterprise network. It examines the barriers to planning, designing and implementing an enterprise network. This project also covers the methods to implement enterprise level networks. In this project we will start from working basic router configuration then covering the Routing technologies requiredto route data between branches. After that we have implement WAN and Frame-relayis considered a good choice because it connects multiple location using singleinterface of router and reduce the hardware costs. For Internet connectivity weare also using frame relay. In this setup NAT is very essential in which we havetranslate live IP into local and vice-versa. In short we can say a lot of technologies are studied and implemented for the successful completion of the project. Following list of technologies that are required in this project. Administron of router Routing Types of routing Benefits of static and dynamic routing Sca

lability of networks

2


4/84

LIST OF USED DEVICES & TECHNOLOGIES CONFIGURED Cisco router Core layer switch Dstribution layer switch Access layer switches

TECHNOLOGIES TO CREATE NETWORK Router IP Addressing Routier VLAN database Trunk Links Spanning Tree Configuration Configuring IP & Gateway VLAN Port Membership Distribution Switches VTP Client Configuring IP & GatewayTrunk Link Configuration VLAN Port Membership

4


5/84

ACKNOWLEDGEMENTThanking and feeling obliged indicates that we believe in someone elses existencerather than in the Divine who rules everything. When we feel obliged, then we are not honoring the principles of the Divine karma. We should appreciate peoplefor what they are and not thank them for what they do We should be grateful to people for what they are and not for their acts. Now, it is really a long journey,going back in the past times and making a big list of names for appreciation and gratitude. Industrial Training is an important aspect of engineering. Throughthis training the student learns to conduct himself/herself in environment of the industry. This training is also helpful in acquiring the required technical knowledge. I am pursued my training at Netmax Technologies, Chandigarh. I learneda lot at this place. I really feel the deepest gratitude towards my supervisor,Mr Navdeep Mangal (Director, Netmax Technologies). His immense love has been ofgreat value to me. Without his unrivalled guidance, constant encouragement, painstaking efforts, keen observance, benevolent attention the present dissertationwork would have remained futile. He really has the ability to make a laidback person the foremost one. I am deeply grateful to our training and placement officer Mr Inderjeet Singh Gill and all my respected teachers of Shaheed Bhagat SinghCollege of Engg. & Tech, Ferozepur for their smile, support, calm and soothing attitude, which yielded peace of mind during my busy work hours. The biggest appreciation and gratitude is towards my seniors, who were brave enough to share their views, keep a vision on my work and who made the task of compiling the dissertation an easy way out for me. I salute these grand masters, filled with knowledge, patience and above all love. They were tolerant and uncomplaining all the ti

mes and calmed and supported me, when I needed them the most. They never retraced their steps in the hour of need and were ready with their helping hands for all the times. I offer appreciation to all these great people of my life, for whatthey are. May they all win laurels and their names are glorified and honored. Needless to say, the more I direct my thoughts positively and feel genuinely thankful, I find that the more I get to experience good results. SHAINI SACHDEVA 804061060162


6/84

PREFACEPractical training constitutes an integral part of engineering studies. The training gives an opportunity to the students to express themselves to the industrial environment which is quite different from the teaching classroom. The trainingenables the student to work in the future. It enables the student to undergo those experiences which help them later when they join an organization. Industrialtraining is a major part of course. It is period in which we are introduced tothe industrial environment or in other words we can say that industrial trainingis provided for the familiarization with the industrial environment, with the advancement in computer technologies and increased automation in the industries for increasing their production. In organization where Making Things Right in thefirst instance is the driving motto, perfection and accuracy are inevitable. Excellence is an attitude that the whole of the human race is born with. It is theenvironment that makes sure that whether the result of this attitude is visibleor otherwise. A well planned, properly executed and evaluated industrial training helps a lot in inculcating a professional attitude. It provides a linkage between the student and industry to develop an awareness of industrial approach toproblem solving, based on a broad understanding of process and mode of operationof organization. The objective of training is to raise the level of performanceon one or more of its aspects and this may be achieved by providing new knowledge and information relevant to a job. During this period, the students get the real, firsthand experience for working in the actual environment. Most of the theoretical knowledge that has been gained during the course of their studies is put to test here. It covers all the remains uncovered in the classroom i.e. withou

t it our studies remains ineffective and incomplete. Apart from this, the students get an opportunity to learn the latest technology, which immensely helps themin building their carrier. I had the opportunity to have a real experience on many ventures, which increased my sphere of knowledge to a great extent. I was entrusted with a real life project, working on which had finally made me step intothe ongoing technology and gradually become a part of it. And all the credit goes to NETMAX TECHNOLOGIES, CHANDIGARH for providing me the opportunity and facility for the making of this dissertation. I availed this instance in a very satisfactory manner and think it will be very beneficial for me in building my future.

COMPANY PROFILE2


7/84

Netmax Technologies is an organization which is established in the field of Network Support, Network training, Software training and Embedded systems. In Education we have strategic alliance with Pearson VUE and Parametric. We are authorized Testing Partner of REDHAT & Cisco. We are also NOVELL EDUCATION PARTNER with which we provide NOVELL and SUSE LINUX courses. Netmax Technologies also conductcourses in CADENCE based design tools. Netmax Technologies also provide Technical Research & Development support and consultancy to some Electronics companies.Our clients for R&D support in field of embedded systems. Recorders and Medicltd Chandigarh. TELEBOX India ltd. Lotus Machines Pvt. Ltd. Chandigarh. ImpearlElectronics Pvt. Ltd. Chandigarh. KANTA Electrical Ltd. Mohali.

The partial list of our client for network field is as below: ier ISP, Chandigarh Innovative Solutions, Chandigarh Emmtel ISP, Chandigarh NIPER, Mohali Navik Technologies, Chandigarh Software Technology Parks India, MohaliGlide Internet Services Rana Group IDS HFCL Infotel Ltd. Targus Technologies Pvt. ltd STPI, Mohali BBMB The Tribune

4


8/84

OUR TEAMPresently we have a strong technical team of certified professionals for catering to these solutions and have presence in Chandigarh and Punjab. We have skilledteam of engineers who are experienced in design, programming. We are having more than 15 engineers who are having prestigious certifications like CCNA, CCNP, CCSP, CCSA, MCSE, RHCE, C, C++, JAVA and PhP MySql Programming. Support Area (network solutions) a. LINUX / UNIX networks b. SUN networks c. CISCO devices (Routers, Switches, Firewalls, Cache Engine, RAS etc) d. Bandwidth Manager software and hardware e. Radio Links f. Security Solutions Netmax-Technologies provide thefollowing Courses in IT & Embedded Systems given below: Network Traininga. CISCO CCNA, CCNP, CCSP, CCIE

b. RED HAT LINUX c. SUN SOLARISd. WINDOWS 2000, 2003 (MCP, MCSA & MCSE)

e. SUSE LINUX Software Training a. C++ b. C c. JAVA d. PhP My Sql Programming e.1 year Diploma in System administration & Networking. Design Services (Embeddedsystems) a) AVR family b) MCS 51 c) ELECTRONIC SYSTEM DESIGN

4


9/84

Our core strength is our commitment, technical expertise and cost effective solutions. We ensure high service levels and prompt support availability leading tolower downtime. Netmax Technologies is a leader in education services and developer of innovative embedded solutions. To meet the demands of Post PC era Netmaxprovides complete solutions as well as design-to-order services to satisfy our customers. For NetMax Technologies Navdeep Mangal Sonika Mangal +9888070008, +9888435109. Head Office NetMax Technologies SCO 58-59 Sector 34A Chandigarh 0172-4644644 Branch Office NetMax Technologies SCO 198-200 Sector 34A Chandigarh 0172-2608351

2


10/84

Contents

Page No.

Declaration.....2 Certificate2.

Hub17-18 Switch18Bridge

UTP (Unshielded Twisted Pair)21-23 Administrator model for networking

OSI (Open Systems Interconnection) Model24-29 2.1 2.1.1 2.1.2 2.1.3 2.1.4 yer.24-25 Layer 2: The Data Link Layer...25 Layer 3: Th4


11/84

2.1.6 2.1.7 2.1.8 3.

Layer 6: The Presentation Layer.28 Layer 7: The Application Layer

TCP/IP Model.30-323.1

TCP/IP MODEL...30 3.1.1 3.1.2 3.1.3 LAYER 1:- Application Layer

4.

IP Routing33-42 4.1 4.2 4.3 ROUTER..4.7.2 4.7.3 4.7.4 4.7.5 User mode......39 Privileged modemode...40 Console Password..40 Vty Password6

38 4.6

Configuring Password40


12/84

4.7.6 4.85

Encryption all passwords...41

Managing Configuration...41-42

Types Of Routing.43-64 5.1 Static Routingrouting.43 Disadvantages of static routing.43 Alternate comng static route44-45

Default Routing....46 Dynamic Routing.47 5.3t Path First..59-61 OSPF Hierarchical Model.61 LSA Floodin

6

Access Control List...65-69 6.1 ACL.65 6tandard ACL (Named)..67-68 IP Extended ACL (Numbered)68-69

7

LAN Switching70-73 7.1 7.2 LAN Switching70-71

Conclusion..74 Bibliography

8


13/84

List of Figures1.1. 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 2.1 2.2 2.3 2.4 3.1 3.2 4.1 4.2 5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8 5.9 5.10 5.11 5.12 6.1 6.2 PCS CONNECTED VIA HUBH..19 PCS CONNECTED VIA BRIDGE.20 DIFFERENT N/Ws CON

2


14/84

List of Tables1.1 Pin Configuration22

2


15/84

ABBREVIATIONSn/w LAN WAN CSMA/CD CSMA/CA ISDN OSI TCP/IP NIC MAC IETF EXEC VTY VLAN BGP EIGRPIGRP OSPF RIP MTU VLSM IOS CLI Network Local Area Network Wide Area Network Carrier Sense Multiple Access/ Collision Detection Carrier Sense Multiple Access/ Collision Avoidance Integrated Services Digital Network (ISDN) Open Systems Interconnection Transmission Control Protocol/Internet Protocol Network Interface Card Media Access Control Internet Engineering Task Force EXECUTION (Virtual TeletYpe) VIRTUAL Local Area Network Border Gateway Protocol Enhanced Interior Gateway Routing Protocol Interior Gateway Routing Protocol Open Shortest Path First Routing Information Protocol Maximum Transmission Unit Variable Length Subnet MaskInternetwork Operating System Command-Line Interface

2


16/84

Chapter 1 NETWORKING 1.1 Network

In one network more than one computer connected with each other through centralized device. They can share files and resources with each other. Networks are themethod to share hardware resources and software resources. We can share the resources with the help of operating system like windows, Linux, UNIX etc. To connect multiple networks we have to use internetworking devices like router, bridge,layer 3, switches etc.

1.2

LAN

LAN stands for Local Area Network. The scope of the LAN is within one building,one school or within one lab. In LAN (Hub), media access method is used CSMA/CDin which each computer sense the carrier before sending the data over the n/w. If carrier is free then you can transmit otherwise you have to wait or you have to listen. In multiple accesses each computer has right that they can access eachother. If two computers sense the carrier on same time then the collision occur. Each computer in the network aware about the collision. Now this stop transmitting and they will use back off algorithm. In which random number is generated.This number or algorithm is used by each computer. Who has short number or smallnumber, he has first priority to transmit the data over the network and other computers will wait for their turn.

1.3

WAN

WAN stands for Wide Area Network, in which two local area networks are connectedthrough public n/w. it may be through telecommunication infrastructure or dedicated lines. For e.g.: - ISDN lines, Leased lines etc. In which we can use WAN devices and WAN technology. You can also connect with your remote area through existing Internetwork called Internet.

1.4

Devices 1.4.1 Hub

Hub is centralized device, which is used to connect multiple workstations. Thereare two types of Hub: 2


17/84

(i) Active Hub (ii) Passive Hub

Fig. 1.1. PCS CONNECTED VIA HUB

It has no special kind of memory. It simply receives the frame (data) and forwards it to all its nodes except the receiving node. It always performs broadcasting. In case of hub, there is one collision domain and one broadcast domain. In case of hub, the media access method is used CSMA/CD (Carrier Sense Multiple Access/Collision Detection). Active Hub In Active hub, it receives the frame regenerate and then forward to all its nodes. Passive Hub In Passive hub, it simply receives the frame and forward to all its connected nodes. We cannot perform LAN segmentation using hub.

1.4.2 SwitchSwitch is also used to connect multiple workstations. Switch is more intelligentthan hub. It has special kind of memory called mac address/filter/lookup table.Switch reads mac addresses. Switch stores mac addresses in its filter address table. Switch when receives frame, it reads the destination mac address and consult with its filter table. If he has entry in its filter table then he forwards the frame to that particular mac address, if not found2


18/84

then it performs broadcasting to all its connected nodes. Every port has its ownbuffer memory. A port has two queues one is input queue and second is output queue. When switch receives the frame, the frame is received in input queue and forward from output queue. So in case of switch there is no chance or place for collisions. In case of switch, the media access method is used CSMA/CA (Carrier Sense Multiple Access/ Collision Avoidance). Switches provide more efficiency, more speed and security.

Fig. 1.2 PCS CONNECTED VIA SWITCH

There are two types of switches: I. Manageable switches (can be configured withconsole cable). II. Non-manageable switches. We can perform LAN segmentation byusing switches.

1.4.3 BridgeBridge is a hardware device, which is used to provide LAN segmentation means itis used for break the collision domain. It has same functionality as performed by switch. We can use bridge between two different topologies. It has fewer ports. Each port has a own buffer memory. It works on Data Link Layer of OSI model. It also read mac address and stores it in its filter table. In case of bridge there is one broadcast domain.

3


19/84

FIG. 1.3PCS CONNECTED VIA BRIDGE

1.4.4 RouterRouter is hardware device, which is used to communicate two different networks.Router performs routing and path determination. It does not perform broadcast information.

FIG. 1.4DIFFERENT N/Ws CONNECTED VIA ROUTER

There are two types of routers: I. Hardware Routers are developed by Cisco, HP.II. Software Routers is configured with the help of routing and remote access. This

feature is offered by Microsoft. This feature is by default installed, but you have to enable or configure it. Hardware routers are dedicated routers. They aremore efficient. But in case of software routers, it has fewer features, slow performance.2


20/84

They are not very much efficient.

1.4.5 LAN CardLAN card is media access device. LAN card provide us connectivity in the network. There is a RJ45 (Registered Jack) connector space on the LAN card. RJ45 is used in UTP cable. There is another led which is also called heartbeat of LAN card.When any activity occurs it may be receiving or transmitting any kind of data.This led start blinking and also tells us the status of LAN card.

FIG. 1.5Internal network interface card

Fig. 1.6 PCMCIA Network interface card

1.5

UTP (Unshielded Twisted Pair)

3


21/84

FIG. 1.7UTP

Pin ConfigurationHub/Switch PC/Router/Online Printer 1 2 3 4 5 6 7 8 Rx+ RxTx+ NC NC Tx NC NCTABLE 1.1

Uplink port(Hub/Switch) Tx+ Tx Rx+ NC NC Rx NC NC

Tx+ Tx Rx+ NC NC Rx NC NCPin Configuration

2


22/84

Fig. 1.8 Cross & Straight Cable

Straight Cable 1 Orange white - Orange white 2 Orange - Orange 3 Green white - Green white 4 Blue - Blue 5 Blue white - Blue white 6 Green - Green 7 Brown white- Brown white 8 Brown Brown Cross Cable 1 Orange white - Green white 2 Orange -Green 3 Green white - Orange white 4 Blue - Blue 5 Blue white - Blue white 6 Green - Orange 7 Brown white - Brown white 8 Brown - BrownFig. 1.9 RJ 45 Connector

1.6 Administrator model for networkingServer software: - Software which are used to giving services are server software.2


23/84

Client software: - which gets services.NIC Media Client Software Server Software P Apache,Explorer, TCP/IP, Internet IPX/SPX, Outlook Express, RIIS, AppleTalk, Yahoo messenger OExchange 2003, NetbeuiCute FTP TFTP Server Send Mail

O C O L Stack

Fig. 1.10 Networking Model

4


24/84

Chapter 2 OSI (Open Systems Interconnection) Model 2.1 OSI Model

OSI model is the layer approach to design, develop and implement network. OSI provides following advantages: (i) Designing of network will be standard base. (ii) Development of new technology will be faster. (iii) Devices from multiple vendors can communicate with each other. (iv) Implementation and troubleshooting ofnetwork will be easy.MediaData LayerLayer Software Stack Layer NICPresentation Layer Protocol Link Layer Physical Network Application Layer Transport Session Layer

2


25/84

Fig. 2.1 OSI MODEL

2.1.1 Layer 1: The Physical LayerThe bottom layer, or Layer 1, of the OSI reference model is called the physicallayer. This layer is responsible for the transmission of the bit stream. It accepts frames of data from Layer 2, the data link layer, and transmits their structure and content serially, one bit at a time. Layer 1 is also responsible for thereception of incoming streams of data, one bit at a time. These streams are then passed on to the data link layer. The physical layer, quite literally, operates on only 1s and 0s. It has no mechanism for determining the significance of thebits it transmits or receives. It is solely concerned with the physical characteristics of electrical and/or optical signaling techniques. This includes the voltage of the electrical current used to transport the signal, the media type andimpedance characteristics, and even the physical shape of the connector used toterminate the media. Transmission media includes any means of actually transporting signals generated by the OSI

s Layer 1 mechanisms. Some examples of transmission media are coaxial cabling, fiber-optic cabling, and twisted-pair wiring.

2.1.2 Layer 2: The Data Link LayerLayer 2 of the OSI reference model is called the data link layer. As all the layers do, it has two sets of responsibilities: transmit and receive. It is responsible for providing end-toend validity of the data being transmitted. On the transmit side, the data link layer is responsible for packing instructions---data---into frames. A frame is a structure indigenous to the data link layer that conta

ins enough information to make sure that the data can be successfully sent across a LAN to its destination. Implicit in this definition is that the data link layer contains its own address architecture. This addressing is only applicable toother networked devices that reside locally on the same data link layer domain.

2.1.3 Layer 3: The Network LayerThe network layer enables internetworking. The protocols at this layer are responsible for4


26/84

establishing the route to be used between the source and destination computers.This layer lacks any native transmission error detection/correction mechanisms and, consequently, is forced to rely on the end-to-end reliable transmission service of either the data link layer or the transport layer. Although some data link layer technologies support reliable delivery, many others do not. Therefore, Layer 3 protocols (such as IP) assume that Layer 4 protocols (such as TCP) will provide this functionality rather than assume Layer 2 will take care of it.

2.1.4 Layer 4: Transport Layer: Transport layer is responsible for connection oriented and connection less communication. Transport layer also performs other functions like (i) (ii) Error checking Flow Control Buffering Windowing Multiplexing (iii) (iv) Sequencing Positive Acknowledgement Response

(i) Error checkingTransport layer generates cyclic redundancy check (CRC) and forward the CRC value to destination along with data. The other end will generate CRC according to data and match the CRC value with received value. If both are same, then data isaccepted otherwise discard.

(ii) Flow ControlFlow control is used to control the flow of data during communication. For thispurpose following methods are used: -

(a) Buffer

Buffer is the temporary storage area. All the data is stored in the buffer memory and when communication ability is available the data is forward to another.

(b) WindowingWindowing is the maximum amounts of the data that can be send to destination without receiving Acknowledgement. It is limit for buffer to send data without getting Acknowledgement.5


27/84

Fig. 2.2 Windowing

(c) MultiplexingMultiplexing means combining small data segment, which has same destination IP and same destination service.

(iii) SequencingTransport layer add sequence number to data, so that out of sequence data can bedetected and rearranged in proper manner.

(iv) Positive acknowledgement and ResponseWhen data is send to destination, the destination will reply with acknowledgement to indicate the positive reception of data. If acknowledgement is not receivedwithin a specified time then the data is resend from buffer memory.

2.1.5 Layer 5:.Session Layer: This layer initiate, maintain and terminate sessions between different applications. Due to this layer multiple application software can be executed at the same time. 1. Connection Oriented Communication

2


28/84

Fig. 2.3 3 Way hand shaking

Fig. 2.4 Connection Oriented Communication

2. Connection less CommunicationSEND SENDER

Receiver

2.1.6 Layer 6: The Presentation LayerLayer 6, the presentation layer, is responsible for managing the way that data is encoded. Not every computer system uses the same data encoding scheme, and thepresentation layer is responsible for providing the translation between otherwise incompatible data encoding schemes, such as American Standard Code for Information Interchange (ASCII) and Extended Binary Coded Decimal Interchange Code (EBCDIC). The presentation layer can be used to mediate differences in floating-point formats, as2


29/84

well as to provide encryption and decryption services.

2.1.7 Layer 7: The Application LayerThe top, or seventh, layer in the OSI reference model is the application layer.Despite its name, this layer does not include user applications. Instead, it provides the interface between those applications and the network

s services. Thislayer can be thought of as the reason for initiating the communications session.For example, an email client might generate a request to retrieve new messagesfrom the email server. This client application automatically generates a requestto the appropriate Layer 7 protocol(s) and launches a communications session toget the needed files.

2.1.8 Data EncapsulationData

Application Layer Presentation Layer Session Layer Transport Layer Network LayerData Link Layer Physical Layer

Data* Data** Data*** Transport Header | Data = Segment Network Header | Segment= Packet Header | Packet | Trailer = Frame 1 0 = Bits

Data => Segment => Packet => Frames => Bits

3


30/84

CHAPTER 3 TCP/IP MODEL 3.1 TCP/IP MODEL

TCP/IP is the most popular protocol stack, which consist of large no of protocol. According to the OSI model TCP/IP consist of only four layers. TCP/IP model ismodified form of DOD (Department of Defense) model.Network Internet Transport Protocol Application Ph D NLARP Dns Ftp Tftp IGMP RIPOSPF TInternetRARP ICMPLan/Wan Snmp Ssl BGP Http Smtp All commonTelenet Ntp Technologies Rdp & many more A TCP UDP Access Host) (Host to25 53 20 69 23 80 123 443 3389 pop3 imap

P S

2


31/84

Fig. 3.1 TCP/IP MODEL

3.1.1 LAYER 1:- Application LayerThis layer contains a large no. of protocols. Each protocol is designed to act as server & client. Some of protocol will need connection oriented. TCP and others may need connection less UDP for data transfer. Application layer use port no.sto identity each application at Transport layer. This layer performs most of functions, which are specified by the Application, Presentation, and Session layerof OSI model.

3.1.2 LAYER 2:- Transport LayerTwo protocols are available on Transport layer 1) Transmission Control Protocol2) User Datagram Protocol I) Transmission Control Protocol TCP performs connection-oriented communication. Its responsibilities are: i) Error Checking ii) Acknowledgement iii) Sequencing iv) Flow Control v) Windowing

4


32/84

Fig. 3.2 TCP Header

II) User Datagram ProtocolUDP is connection less protocol, which is responsible for error checking and identifying applications using port numbers.

Bytes 4 4

Source port 16 bits Length 16 bits Data

Destination port 16 bits Checksum 16 bits

UDP HEADER (8 bytes)

2


33/84

3.1.3 LAYER 3 Internet LayerThe main function of Internet layer is routing and providing a single network interface to the upper layers protocols. Upper or lower protocols have not any functions relating to routing. To prevent this, IP provides one single network interface for the upper layer protocols. After that it is the job of IP and the various Network Access protocols to get along and work together. The main protocolsare used in Internet layer:1) Internet Protocol (IP) 2) Internet Control MessageProtocol (ICMP) 3) Address Resolution Protocol (ARP) 4) Reverse Address Resolution Protocol (RARP) 5) Proxy ARP

4


34/84

CHAPTER 4 IP ROUTING 4.1 ROUTER

Unlike most LAN components, routers are intelligent. More importantly, they canoperate at all layers of the OSI reference model rather than just the first two.This enables them to internetwork multiple LANs by using Layer 3 addressing. Arouter must have two or more physical interfaces for interconnecting LANs and/orWAN transmission facilities. The router learns about the addresses of machinesor networks that are somehow connected via each of its interfaces. The list of these addresses is kept in tables that correlate Layer 3 addresses with the portnumbers that they are directly or indirectly connected to. A router uses two types of networking protocols, both of which operate at Layer 3. These are routableprotocols and routing protocols. Routable protocols, also known as routed protocols, are those that encapsulate user information and data into packets. An example of a routed protocol is IP. IP is responsible for encapsulating applicationdata for transport through a network to the appropriate destinations. Routing protocols are used between routers to determine available routes, communicate whatis known about available routes, and forward routed protocol packets along those routes. The purpose of a routing protocol is to provide the router with all the information it needs about the network to route datagrams.

4.2

Routing

Routers are used to forward packets of data between devices that aren

t necessarily connected to the same local network. Routing is the cumulative processes that discover paths through the network to specific destinations, compare redundantroutes mathematically, and build tables that contain routing information.

2


35/84

The router

s task is easy: It has only two interfaces. Any packets received by one of its interfaces was either delivered to the other interface or discarded asundeliverable. In this particular case, the router may well have been replacedby a hub, bridge, switch, or any other Layer 2 device. The router

s real value lies in determining routes to destinations on nonadjacent networks.

4.3

IP AddressingClass A Addresses Class B Addresses Class C Addresses Class D Addresses Class EAddresses

IPv4 Address Formats

IP addressing is accompanied by a two-tiered network address, consisting of thenetwork

s address and a host address.

4.3.1 Class A AddressesThe Class A IPv4 address was designed to support extremely large networks. As the need for very large-scale networks was perceived to be minimal, an architecture was developed that maximized the possible number of host addresses but severely limited the number of possible Class A networks that could be defined. A ClassA IP address uses only the first octet to indicate the network address. The remaining three octets enumerate host addresses. The first bit of a Class A address

is always a 0. This mathematically limits the possible range of the Class A address to 127, which is the sum of 64 + 32 + 16 + 8 + 4 + 2 + 1. The leftmost bit

s decimal value of 128 is absent from this equation. Therefore, there can only ever be 127 possible Class A IP networks. The last 24 bits (that is, three dotted-decimal numbers) of a Class A address represent possible host addresses. The range of possible Class A network addresses is from 1.0.0.0 to 126.0.0.0. Notice that only the first octet bears a network address number. The remaining three areused to create unique host addresses within each network number. As2


36/84

such, they are set to zeroes when describing the range of network numbers. NoteTechnically, 127.0.0.0 is also a Class A network address. However, it is reserved for loop-back testing and cannot be assigned to a network.

4.3.2. Class B AddressesThe Class B addresses were designed to support the needs of moderate- to large-sized networks. The range of possible Class B network addresses is from 128.1.0.0to 191.254.0.0. The mathematical logic underlying this class is fairly simple.A Class B IP address uses two of the four octets to indicate the network address. The other two octets enumerate host addresses. The first 2 bits of the first octet of a Class B address are 10. The remaining 6 bits may be populated with either 1s or 0s. This mathematically limits the possible range of the Class B address space to 191, which is the sum of 128 + 32 + 16 + 8 + 4 + 2 + 1. The last 16bits (two octets) identify potential host addresses. Each Class B address can support 65,534 unique host addresses. This number is calculated by multiplying twoto the 16th power and subtracting two (values reserved by IP). Mathematically,there can only be 16,382 Class B networks defined.

4.3.3 Class C AddressesThe Class C address space is, by far, the most commonly used of the original IPv4 address classes. This address space was intended to support a lot of small networks. This address class can be thought of as the inverse of the Class A address space. Whereas the Class A space uses just one octet for network numbering, and the remaining three for host numbering, the Class C space uses three octets fo

r networking addressing and just one octet for host numbering. The first 3 bitsof the first octet of a Class C address are 110. The first 2 bits sum to a decimal value of 192 (128 + 64). This forms the lower mathematical boundary of the Class C address space. The third bit equates to a decimal value of 32. Forcing this bit to a value of 0 establishes the upper mathematical boundary of the addressspace. Lacking the capability to use the third digit limits the maximum value of this octet to 255 - 32, which equals 223. Therefore, the range of possible Class C network addresses is from 192.0.1.0 to 223.255.254.0. The last octet is used for host addressing. Each Class C address can support a theoretical maximum of256 unique host addresses (0 through 255), but only 254 are usable because3


37/84

0 and 255 are not valid host numbers. There can be 2,097,150 different Class C network numbers. Note In the world of IP addressing, 0 and 255 are reserved hostaddress values. IP addresses that have all their host address bits set equal to0 identify the local network. Similarly, IP addresses that have all their host address bits set equal to 255 are used to broadcast to all end systems within that network number.

4.3.4. Class D AddressesThe Class D address class was created to enable multicasting in an IP network. The Class D multicasting mechanisms have seen only limited usage. A multicast address is a unique network address that directs packets with that destination address to predefined groups of IP addresses. Therefore, a single station can simultaneously transmit a single stream of datagrams to multiple recipients. The need to create separate streams of datagrams, one for each destination, is eliminated.Routers that support multicasting would duplicate the datagram and forward as needed to the predetermined end systems. Multicasting has long been deemed a desirable feature in an IP network because it can substantially reduce network traffic. The Class D address space, much like the other address spaces, is mathematically constrained. The first 4 bits of a Class D address must be 1110. Presettingthe first 3 bits of the first octet to 1s means that the address space begins at128 + 64 + 32, which equals 224. Preventing the fourth bit from being used means that the Class D address is limited to a maximum value of 128 + 64 + 32 + 8 +4 + 2 + 1, or 239. Therefore, the Class D addresses space ranges from 224.0.0.0to 239.255.255.254. This range may seem odd because the upper boundary is specif

ied with all four octets. Ordinarily, this would mean that the octets for both host and network numbers are being used to signify a network number. There is a reason for this. The Class D address space isn

t used for internetworking to individual end systems or networks. Class D addresses are used for delivering multicast datagrams within a private network to groups of IPaddressed end systems. Therefore, there isn

t a need to allocate octets or bits of the address to separatenetwork and host addresses. Instead, the entire address space can be used to identify groups of IP addresses (Classes A, B, or C). Today, numerous other proposals are being developed that would allow IP multicasting without the complexity of a Class D address space.4


38/84

4.3.5 Class E AddressesA Class E address has been defined, but is reserved by the IETF for its own research. Therefore, no Class E addresses have been released for use in the Internet. The first 4 bits of a Class E address are always set to 1s; therefore, the range of valid addresses is from 240.0.0.0 to 255.255.255.255. Given that this class was defined for research purposes, and its use is limited to inside the IETF,it is not necessary to examine it any further.

4.4

IP Routing

When we want to connect two or more networks using different n/w addresses thenwe have to use IP Routing technique. The router will be used to perform routingbetween the networks. A router will perform following functions for routing. (1)Path determination The process of obtaining path in routing table is called path determination. There are three different methods to which router can learn path. i) Automatic detection of directly connected n/w. ii) Static & Default routing iii) Dynamic routing (2) Packet forwarding It is a process that is by defaultenable in router. The router will perform packet forwarding only if route is available in the routing table. Path determination Packet forwarding

4.5

Routing Process(i) The pc has a packet in which destination address is not same as the local n/w address. (ii) The pc will send an ARP request for default gateway. The routerwill reply to the ARP address and inform its Mac address to pc. (iii) The pc will encapsulate data, in which source IP is pc itself, destination IP is server, source Mac is pcs LAN interface and destination Mac is routers LAN interface.

6


39/84

oleObject1

Fig. 4.1 Routing Process

S. MAC PC1 D. IP 172.16.0.5 S. IP 10.0.0.6

D. MAC R1

The router will receive the frame, store it into the buffer. When obtain packetfrom theframe then forward data according to the destination IP of packet. The router will obtain a route from routing table according to which next hop IP and interface is selected (iv) According to the next hop, the packet will encapsulated withnew frame and data is send to the output queue of the interface.

4.6

Router Access Modes4


40/84

When we access router command prompt the router will display different modes. According to the modes, privileges and rights are assigned to the user.

Fig. 4.2 Router access modes

4.6.1 User modeIn this mode, we can display basic parameter and status of the router we can test connectivity and perform telnet to other devices. In this mode we are not enable to manage & configure router.

4.6.2 Privileged modeIn this mode, we can display all information, configuration, perform administration task, debugging, testing and connectivity with other devices. We are not able to perform here configuration editing of the router. The command to enter in this mode is enable. We have to enter enable password or enable secret password toenter in this mode. Enable secret has more priority than enable password. If both passwords are configured then only enable secret will work.

4.6.3 Global configurationThis mode is used for the configuration of global parameters in the router. Global parameters applied to the entire router. For e.g.: - router hostname or access list of router the command enters in this mode is configure terminal.

4.6.4 Line configuration mode

This mode is used to configure lines like console, vty and auxiliary. There aremain types of line that are configured. (i) Console router(config)#line console0 (ii) Auxiliary router(config)#line aux 0 (iii) Telnet or vty router(config)#line vty 0 42


41/84


42/84

4.6.6 Routing configuration modeThis mode is used to configure routing protocol like RIP, EIGRP, OSPF etc. Router(config)#router [] Router(config)#router rip Router(config)#router eigrp 10

4.7

Configuring Password4.7.1 Console Password router#configure terminal router(config)#line console 0 router(config-line)#password router(config-line)#login router(config-line)#exit to erase password do all steps with no command. 4.7.2 Vty Password router>enable router#configure terminal router(config)#line vty 0 4 router(config-line)#password router(config-line)#login router(config-line)#exit 4.7.3 Auxiliary Password router#configure terminal router(config)#line Aux 0 router(config-line)#password router(config-line)#login router(config-line)#exit 4.7.4 Enable Password router>enable router#configure terminal router(config)#enable password router(config)#exit

There are six types of password available in a router

2


43/84

4.7.5

Enable Secret Password Enable Password is the clear text password. It is storedas clear text in configuration where as enable secret password is the encryptedpassword with MD5 (Media Digest 5) algorithm. Router>enable Router#configure terminal Router(config)#enable secret Router(config)#exit

4.7.6

Encryption all passwords All passwords other than enable secret password are clear text password. We can encrypt all passwords using level 7 algorithms. The command to encrypt all passwords is Router#configure terminal Router(config)#service password-encryption

4.8

Managing Configuration

There are two types of configuration present in a router (1) Startup Configuration (2) Running Configuration (1) Startup configuration is stored in the NVRAM. Startup configuration is used to save settings in a router. Startup configurationis loaded at the time of booting in to the Primary RAM. (2) Running Configuration is present in the Primary RAM wherever we run a command for configuration; this command is written in the running configuration. To save configuration Router

#copy running-configuration startup-configuration Or Router#write To abort configuration Router#copy startup-configuration running-configuration To display running-configuration Router#show running-configuration To display startup configuration Router#show startup-configuration Configuring HostName2


44/84

Router#configure terminal Router#hostname #exit or end or /\z Configuring Interfaces Interfaces configuration is one of the most important part ofthe router configuration. By default, all interfaces of Cisco router are in disabled mode. We have to use different commands as our requirement to enable and configure the interface. Configuring IP, Mask and Enabling the Interface Router#configure terminal Router(config)#interface Router(config-if)#ip address Router(config-if)#no shutdown Router(config-if)#exit Interface Numbers Interface numbers start from 0 for each type of interface some routers will directly used interface number while other router will use slot no/port no addressing technique. To display interface status Router#show interfaces (to show all interfaces) Router#show interface

4


45/84

CHAPTER 5 TYPES OF ROUTING 5.1 Static RoutingIn this routing, we have to use IP route commands through which we can specify routes for different networks. The administrator will analyze whole internetworktopology and then specify the route for each n/w that is not directly connectedto the router.

5.1.1 Steps to perform static routing(1) Create a list of all n/w present in internetwork. (2) Remove the n/w addressfrom list, which is directly connected to n/w. (3) Specify each route for eachrouting n/w by using IP route command. Router(config)#ip route Next hop IP it is the IP address of neighbor router that is directly connected our router.

Static Routing Example: Router#conf ter Router(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2

5.1.2 Advantages of static routing(1) Fast and efficient. (2) More control over selected path. (3) Less overhead for router. (4) Bandwidth of interfaces is not consumed in routing updates.

5.1.3 Disadvantages of static routing(1) More overheads on administrator. (2) Load balancing is not easily possible.(3) In case of topology change routing table has to be change manually.2


46/84

5.1.4 Alternate command to specify static routeStatic route can also specify in following syntax: Router(config)#ip route 172.16.0.0 255.255.0.0 172.25.0.2 Or Router(config)#ip route 172.16.0.0 255.255.0.0 serial 0

5.1.5 Backup route or loading static routeIf more than one path is available from our router to destination then we can specify one route as primary and other route as backup route. Administrator Distance is used to specify one route as primary and other route as backup. Router will select lower AD route to forward the traffic. By default static route has AD value of 1. With backup path, we will specify higher AD so that this route will be used if primary route is unavailable. Protocols Directly Connected Static BGPEIGRP IGRP OSPF RIP Syntax: - To set backup path Router(config)#ip route Or Example: Router#conf ter Router(config)#ip route 150.10.0.0 255.255.0.0 150.20.0.5 Router(config)#ip route 150.10.0.0 25.255.0.0 160.20.1.1 8 (below 20) Router(config)#exit Scenario 14

AD 0 1 20 90 100 110 120


47/84

oleObject2

Fig.5.1 Static routing

To display routing table Router#sh ip route To display static routes only Router#sh ip route static2


48/84

S 192.168.10.0/28 [1/0] via 172.16.0.5 To display connected n/ws only Router#ship route connected To check all the interface of a router Router#sh interface brief

5.2

Default Routing

Default routing means a route for any n/w. these routes are specify with the help of following syntax: Router(config)#ip route 0.0.0.0 0.0.0.0 Or This type of routing is used in following scenario. Scenario 2: Stub network A n/w which has only one exit interface is called stub network.

4


49/84


50/84

In dynamic routing, we will enable a routing protocol on router. This protocol will send its routing information to the neighbor router. The neighbors will analyze the information and write new routes to the routing table. The routers willpass routing information receive from one router to other router also. If thereare more than one path available then routes are compared and best path is selected. Some examples of dynamic protocol are: RIP, IGRP, EIGRP, OSPF

5.3.1 Types of Dynamic Routing ProtocolsAccording to the working there are two types of Dynamic Routing Protocols. (1) Distance Vector (2) Link State According to the type of area in which protocol isused there are again two types of protocol: (1) Interior Routing Protocol (2) Exterior Routing Protocol (a) Distance Vector Routing

The Routing, which is based on two parameters, that is distance and direction iscalled Distance Vector Routing. The example of Distance Vector Routing is RIP &IGRP. Operation: (1) Each Router will send its directly connected information to the neighbor router. This information is send periodically to the neighbors.

2


51/84

oleObject4

Fig.5.3 Distance vector routing

(2) The neighbor will receive routing updates and process the route according tofollowing conditions: (i) If update of a new n/w is received then this information is stored in routing table. (ii) If update of a route is received which is already present in routing table then route will be refresh that is route times are reset to zero. (iii) If update is received for a route with lower metric thenthe route, which is already present in our routing table. The router will discard old route and write the new route in the routing table. (iv) If update is received with higher metric then the route that is already present in routing table, in this case the new update will be discard. (3) A timer is associated with each route. The router will forward routing information on all interfaces and entire routing table is send to the neighbor. There are three types of timers associated with a route. (i) Route update timer. It is the time after which the routerwill send periodic update to the neighbor. (ii) Route invalid timer. It is thetime after which the route is declared invalid, if there are no updates for theroute. Invalid route are not forwarded to neighbor routers but it is still usedto forward the traffic. (iii) Route flush timer. It is the time after which route is removed from the routing table, if there are no updates about the router.

2


52/84

Metric of Dynamic Routing Metric are the measuring unit to calculate the distance of destination n/w. A protocol may use a one or more than one at a time to calculate the distance. Different types of metric are: (1) Hop Count (2) Band Width(3) Load (4) Reliability (5) Delay (6) MTU Hop Count It is the no. of Hops (Routers) a packet has to travel for a destination n/w. Bandwidth Bandwidth is the speed of link. The path with higher bandwidth is preferred to send the data. LoadLoad is the amount of traffic present in the interface. Paths with lower load and high throughput are used to send data. Reliability Reliability is up time ofinterface over a period of time. Delay Delay is the time period b/w a packet issent and received by the destination. MTU Maximum Transmission Unit It is the maximum size of packet that can be sent in a frame mostly MTU is set to 1500. Problems of Distance Vector There are two main problems of distance vector routing (i) Bandwidth Consumption Routing Loops Bandwidth Consumption

2


53/84

The problem of excessive bandwidth consumption is solved out with the help of autonomous system. It exchanges b/w different routers. We can also perform route summarization to reduce the traffic. (ii) Routing Loops

It may occur b/w adjacent routers due to wrong routing information. Distance Vector routing is also called routing by Rumor. Due to this the packet may enter inthe loop condition until their TTL is expired.

4


54/84


55/84

oleObject6

Fig.5.5 Split horizon

(iv)

Poison Reverse

This method is the combination of split Horizon and Flash updates. It implementsthe rule that information received from the interface can not be sent back to the interface and in case of topology change flash updates will be send to the neighbor. (v) Hold Down

If a route changes frequently then the route is declared in Hold Down state andno updates are received until the Hold Down timer expires. Routing Information Protocol Features of RIP: * Distance Vector * Open standard * Broadcast Updates (255.255.255.255)2


56/84

* Metric Hop Count *Timers Update 30 sec Invalid 180 sec Hold 180 sec Flush 240sec * Loop Control Split Horizon Triggered Updates Maximum Hop Count Hold Down *Maximum Hop Count 15 * Administrative Distance 120 * Equal Path Cost Load Balancing * Maximum Load path 6 Default 4 * Does not support VLSM * Does not supportAutonomous system Configuring RIP

Router#conf ter Router(config)#router rip Router(config-router)#network Router(config-router)#network Router(config-router)#exit

2


57/84

172.16.0.6

oleObject7

oleObject8

oleObject9

10.0.0.1

172.16.0.5

175.2.1.1 200.100.100.12

Fig.5.6 Configuring RIP

Router(config-router)#network 10.0.0.0 Router(config-router)#network 172.16.0.0Router(config-router)#network 200.100.100.0 175.2.0.0 via 172.16.0.6

4


58/84

Display RIP Routers Router#sh ip route rip R 192.168.75.0/24 [120/5] via 172.30.0.2 00:00:25 serial 1/0 RIP Dest. n/w mask AD Metric Next Hop Timer own Interface RIP advanced configuration (a) Passive Interfaces An interface, which is not able to send routing updates but able to receive routing update only is called Passive Interface. We can declare an interface as passive with following commands:Router#conf ter Router(config)#router rip Router(config-router)#Passive-interface Router(config-router)#exit (b) Configuring Timers Router(config)#router rip Router(config-router)#timers basic Router(config-router)#exit Example: Router(conf-router)#timer basic 50 200210 300 Update 50 sec Invalid 200 sec Hold 210 sec Flush 300 sec (c) To change Administrative Distance Router(config)#router rip Router(config-router)#distance Router(config-router)#exit 95 or 100

2


59/84

(d)

To configure Load Balance RIP is able to perform equal path cost Load Balancing.If multiple paths are available with equal Hop Count for the destination then RIP will balance load equally on all paths. Load Balancing is enabled by default4 paths. We can change the no. of paths. It can use simultaneously by followingcommand: Router(config)#router rip Router(config-router)#maximum-path

(e)

To display RIP parameters Router#sh ip protocol

This command display following parameters: (i) RIP Timers (ii) RIP Version (iii)Route filtering (iv) Route redistribution (v) Interfaces on which update send (vi) And receive (vii) Advertise n/w (viii) Passive interface (ix) Neighbor RIP (i) Routing information sources (ii) Administrative Distance RIP version 2 RIP version 2 supports following new features: (1) Support VLSM (send mask in updates)(2) Multicast updates using address 224.0.0.9 Support authentication Commands to enable RIP version 2 We have to change RIP version 1 to RIP version 2. Rest all communication will remain same in RIP version 2. Router(config)#Router RIP2


60/84

Router(config-router)#version 2 Router(config-router)#exit To debug RIP routingRouter#debug ip rip To disable debug routing Router#no debug ip rip

(b)

Link State Routing

This type of routing is based on link state. Its working is explain as under (1)Each router will send Hello packets to all neighbors using all interfaces. (2)The router from which Hello reply receive are stored in the neighbor ship table.Hello packets are send periodically to maintain the neighbor table. (3) The router will send link state information to the all neighbors. Link state information from one neighbor is also forwarded to other neighbor. (4) Each router will maintain its link state database created from link state advertisement received from different routers. (5) The router will use best path algorithm to store the path in routing table.

(i)

Problems of Link State Routing

The main problems of link state routing are: (1) High bandwidth consumption. (2)More hardware resources required that is processor and memory (RAM) The routingprotocols, which use link state routing, are: OSPF

(ii) Enhanced Interior Gateway Routing Protocol * Cisco proprietary * Hybrid protocol Link State Distance Vector * Multicast Updates using Address 224.0.0.102

Features: -


61/84

* Support AS * Support VLSM * Automatic Route Summarization * Unequal path costload balancing * Metric (32 bit composite) Bandwidth Delay Load Reliability MTU* Neighbor Recovery * Partial updates * Triggered updates * Backup Route * MultiProtocol Routing (iii) EIGRP Protocols & Modules

(1) Protocol depended module This module is used to perform multi protocol routing that is the router will maintain 3 routing table for TCP/IP, IPX/SPX and AppleTalk. IP Routing TCP/IP IPX Routing IPX/SPX Appletalk Routing Appletalk

4


62/84

(iv)

Reliable Transport Protocol (Quiet Protocol)

RTP is used to exchange routing updates with neighbor routers. It will also maintain neighbor relationship with the help of Hello packet. RTP has following features: (1) Multicast updates (224.0.0.10) (2) Neighbor recovery If neighbor stopsresponding to the Hello packets then RTP will send unicast Hello packet for that neighbor. (3) Partial updates (4) No updates are sending if there is no topology change. (v) Configuring EIGRP

Router(config)#router eigrp Router(config-router)#network Router(config-router)#network Router(config-router)#exit

(vi)

Advanced Configuration EIGRP

Configuring following options are same as configuring IGRP (1) Bandwidth on Interfaces (2) Neighbor (3) Load balancing Max path Variance (vii) Configuring EIGRPMetric

If we want our router to use additional metric then we can use following command: Router(config)#Router eigrp Router(config-router)#metric weights 0 Type of service (default) 1 Router(config-router)#exit Metric Bandwidth K K1 Default value 12

0

1

0

0


63/84

Load Delay Reliability MTU

K2 K3 K4 K5

0 1 0 0

All routers exchanging update with each other must have same AS no. and same K value.

Router#sh ip eigrp topology It shows topology database. Router#sh ip eigrp neighbor It shows neighbor table

Debug EIGRP Router#debug ip eigrp

5.3.2 Autonomous systemAutonomous system is the group of contiguous routers and n/w, which will share their routing information directly with each other. If all routers are in singledomain and they share their information directly with each other then the size of routing updates will depend on the no. of n/w present in the Internetwork. Update for each n/w may take 150 200 bytes information. For example: - if there are1000 n/ws then size of update will be 200*1000 = 200000 bytes The routing information is send periodically so it may consume a large amount of bandwidth in ourn/w.

4


64/84

oleObject10

Fig.

5.7 Autonomous system

Protocols Interior Routing RIP IGRP EIGRP OSPF Exterior Routing BGP EXEIGRP

5.3.3 Open Shortest Path FirstFeatures: * Link State * Open standard * Multicast updates 224.0.0.5 224.0.0.6 *Support VLSM * Support Area similar to AS2


65/84

* Manual Route Summarization * Hierarchical model * Metric Bandwidth *Equal pathcost load balancing * Support authentication *Unlimited hop count OSPF Terminology

(1) Hello packets (2) LSA (Link State Advertisement) (3) Neighbor (4) Neighbor table (5) Topology table (LSA database)Router ID

Router ID is the highest IP address of router interfaces. This id is used as theidentity of the router. It maintains link state databases. The first preferencefor selecting router ID is given to the Logical interfaces. If logical interface is not present then highest IP of physical interface is selected as router id.ROUTER ID

oleObject11

Fig. 5.8 Router ID

4


66/84

Area Area is the group of routers & n/ws, which can share their routing information directly with each other. OSPF Area Characteristics: - Minimizes routing table entries. - Localizes impact of a topology change within an area. - Detailed LSA flooding stops at the area boundary. - Requires a hierarchical network design.Fig. 5.9 Autonomous system

Adjacency A router is called adjacency when neighbor relationship is established. We can also say adjacency relationship is formed between the routers.

5.3.4 OSPF Hierarchical Model

4


67/84

oleObject12

Fig. 5.10 OSPF Hierarchical Model

Area Router (Autonomous System Border Router ASBR) A router, which has all interfaces member of single area, is called area router. Backbone Area Area 0 is called backbone area. All other areas must connect to the backbone area for communication. Backbone Router A router, which has all interfaces members of area 0, iscalled backbone router.2


68/84

Area Border Router A router, which connects an area with area 0, is called areaborder router.

5.3.5 LSA Flooding in OSPFIf there are multiple OSPF routers on multi access n/w then there will be excessive no. of LSA generated by the router and they can choke bandwidth of the network.

oleObject13

Fig. 5.11 LSA Flooding in OSPF

This problem is solved with the help of electing a router as designated router and backup designated router. Designated Router A router with highest RID (routerid) will be designated router for a particular interface. This router is responsible for receiving LSA from non-DR router and forward LSA to the all DR router.4


69/84

Backup Designated Router This router will work as backup for the designated router. In BDR mode, it will receive all information but do not forward this information to other non-DR router. Commands to configure OSPF Router#conf ter Router(config)#router ospf Router(config-router)#network area Router(config-router)#network area Router(config-router)#exit Wild Mask Complement of subnet mask Example 255.255.0.0 0.0.255.255 255.255.255.255 - Subnet mask Wild mask 255.255.255.255 - 255.255.192.0 0.0.63.255 subnet mask wild mask

4


70/84

oleObject14

Fig. 5.12 OSPF

R1 Router(config-router)#network 20.0.0.0 0.255.255.255 area 0 Router(config-router)#network 10.0.0.0 0.255.255.255 area 0 R2 Router(config-router)#network 20.0.0.0 0.255.255.255 area 0 Router(config-router)#network 30.0.0.0 0.255.255.255 area 1 Router(config-router)#network 40.0.0.0 0.255.255.255 area 1 R3 Router(config-router)#network 40.0.0.0 0.255.255.255 area 1 Router(config-router)#network 50.0.0.0 0.255.255.255 area 1 Command: Router(config)#interface loopback 2


71/84

Router(config-if)#ip address 200.100.100.1 255.255.255.0 Router(config-if)#no shRouter(config-if)#exit Command to display OSPF parameter Router#show ip protocol

4


72/84

CHAPTER 6 Access Control List 6.1 ACLACL are the basic security feature that is required in any network to control the flow of traffic. Most of time our network may have servers and clients for which traffic control is required. We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality of Service), Prioritize traffic and interesting traffic for ISDN.

6.2

Classification Access Control List: Types of ACL based on Protocol: (1) IP Access Control List (2) IPX Access Control List (3) AppleTalk Access Control List Types of ACL based on Feature: (1) Standard ACL (2) Extended ACL Types of ACL basedon Access mode: (1) Numbered ACL (2) Named ACL Types of ACL based on Order of rules: (1) Deny, permit (2) Permit, deny Types of ACL based on direction of implementation: (1) Inbound ACL (2) Outbound ACL

2


73/84


74/84

Single pc host 192.168.10.5 192.168.10.5 192.168.10.5 0.0.0.0 N/w 200.100.100.0 0.0.0.255 Subnet 200.100.100.32 0.0.0.15 All any

4


75/84

Example: - 172.16.0.16 18 should not access Internet; rest of all other pc should access Internet.

Fig. 6.2 Configuring ACL

Router#conf ter Router(config)#access-list 30 deny 172.16.0.16 Router(config)#access-list 30 deny 172.16.0.17 Router(config)#access-list 30 deny 172.16.0.18 Router(config)#access-list 30 permit any Router(config)#exit Applying ACL on interface Router#conf ter Router(config)#interface Router(config-if)#ip access-group Router(config-if)#exit Rule for applying ACL Onlyone ACL can be applied on each interface, in each direction for each protocol.

6.5

IP Standard ACL (Named)

In Numbered ACL editing feature is not available that is we are not able to delete single rule from the ACL. In Named ACL editing feature is available. Router#config ter Router(config)#ip access-list standard Router(config-std-nacl)# 2


76/84

Router(config-std-nacl)#exit Router#conf ter Router(config)#ip access-list standard abc Router(config-std-nacl)#deny 172.16.0.16 Router(config-std-nacl)#deny 172.16.0.17 Router(config-std-nacl)#deny 172.16.0.18 Router(config-std-nacl)#permit any To modify the ACL Router#conf ter Router(config)#ip access-list standard abc Router(config-std-nacl)#no deny 172.16.0.17 Router(config-std-nacl)#exit To control Telnet access using ACL If we want to control telnet with the help of ACLthen we can create a standard ACL and apply this ACL on vty port. The ACL thatwe will create for vty will be permit deny order. Example: - suppose we want toallow telnet to our router from 192.168.10.5 & 192.168.10.30 pc. Router#conf terRouter(config)#access-list 50 permit 192.168.10.5 Router(config)#access-list 50permit 192.168.10.30 Router(config)#line vty 0 4 Router(config-line)#access-class 50 in Router(config)#exit

6.6

IP Extended ACL (Numbered)

Extended ACL are advanced ACL. ACL, which can control traffic flow on the basisof five different parameters that are: (i) Source address (ii) Destination address (iii) Source port (iv) Destination port (v) Protocol (layer 3/layer 4) Router(config-std-nacl)#exit4


77/84

To display ACL Router#show access-lists or Router#show access-list To display ACL applied on interface Router#show ip interface Router#show ip interface Router#show ip interface Ethernet 0

2


78/84


79/84


80/84


81/84

VTP client On VTP client, we are not able to create, modify or delete Vlans. Theclient will receive and forward vtp updates. The client will create same Vlansas defined in vtp update. Commands Switch#conf ter Switch(config)#vtp domain Switch(config)#vtp password Switch(config)#vtp mode Switch(config)#exit By default in cisco switches the VTP mode is setas VTP server with no domain and no password. To display VTP status Switch#sh vtp status

2


82/84

CONCLUSIONCCNA training has made me learn 21st century skills such as complex problem solving and critical thinking. To conclude one can say that CCNA training was reallybeneficial for me and making report for such a great training is not being written just for the sake of writing. I am crisply stating the main take away pointsfrom my work. I feel that CCNA Security Course help to meet the growing demandfor network security skills. It provides the blended curriculum which provides ahands-on and carrier oriented introduction to come security concepts. The course is highly beneficial, as I feel; it helps students differentiate themselves inthe marketplace. Develop students for network security carrier opportunities. It enhances specialized security skills.

2


83/84

BIBLIOGRAPHY1. 2 3 Course book on CCNA by Todd Lammle. www.cisco.com Daily Diary

2


84/84

46538735 project report ccna

Documents