PROJECT REPORT

ON

(ROUTING WITH OSPF USING EXTENDED ACCESS LIST & NAT)

*SIX MONTHS INDUSTRIAL TRAINING

Tek Chand Mann College of Engineering (Approved by the AICTE New Delhi & Affiliated to M. D. University, Rohtak)

64th KM stone, G. T. Karnal Road (NH-1), Vill- ChirashmiTeh- Gannaur,District – Sonepat, Haryana, India

SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FORTHE AWARD OF DEGREE

OFB. Tech ( Electronics & Communication )

SUBMITTED TO: - SUBMITTED BY:- MR. DHEERAJ KUMAR KUMAR ABHISHEK (H.O.D, ECE DEPT.) B.Tech, 4th YEAR (2009-TCEC-1062)

TRAINING PROVIDED BY

1

CMC Limited NOIDA

( A TATA Enterprise & A Subsidiary of TCS Limited )

IN

NETWORKING (CCNA)

SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FORTHE AWARD OF DEGREE

OFB. Tech ( Electronics & Communication )

SUBMITTED BY:KUMAR ABHISHEKKr.abhishek1991@gmail.com Mb. +918586811891B. Tech - (2009-TCEC-1062)

ACKNOWLEDGEMENT

“The successful completion of any task would be incomplete without accomplishing the people who made it all possible and whose constant guidance and encouragement secured us the success.

I would like to thank “CMC NOIDA” for providing me with an opportunity to pursue my industrial training, as it an important Part of the course of B. Tech and it is the one that exposes you to the industry standards and make you adapt yourself to the latest trends and technologies. At the same time, it gives an experience of working on real time scenarios of the organization.

I feel pride and privileged in expressing my deep sense of gratitude to all those who have helped me in presenting this assignment. I express my sincere gratitude to Mr. Sunil Kumar for their inspiration, constructive suggestions, mastermind analysis and affectionate guidance in my work. It was all impossible for me to complete this project without their guidance and all.

Last but not the least I would like to add my deepest gratitude for my entire faculty of “ECE Department 6th & 7th Sem.” at “TCMCE” from where I have learnt the basics of Computer Networking which helped me a lot in completion of this project.

Preface

The quest for knowledge can never end .The deeper you dig the greater the unexplored seems

to be no man can honestly say?

That he has learned all that this world has to offer we can’t achieve anything worthwhile in

any field only on basis theoretical from the book, programmatically knowledge obtains

through working at zero level and gaining experience, in my view In order to achieve

tangible positive and concert result, the classroom knowledge needs to be effective wedded to

the realities of the situation existing outside the classroom.

CMC Center is one of the leading public sector organizations in the country in

the area of development. The keen interest of the technical CMC Center, in explaining the

various processes has helped me to add much more in my knowledge and I am really too

grateful to all the members of CMC Center. To such great heights as achieved by CMC

Center nationally and globally during part few year.

COMPANYPROFILE

CMC Limited a Tata Enterprise is a premier information technology company with an all India presence having ISO 9001-2000 certification for its R&D Center & System Integration (NR group). CMC Limited has been conducting computer-training program for various organizations since 1978. Large and complex project management capabilities since its incorporation in 1975, CMC has an enviable record of successfully building IT solutions for massive and complex infrastructure and market projects.

Take, for instance, just three of the many major projects undertaken by CMC:

• A passenger ticketing and reservation system for Indian Railways, which runs 6,000 passenger trains carrying over 10 million passengers a day, on a 90,000-km railway network covering around 8,000 railway stations.

• Cargo handling system is a comprehensive online real time cargo handling system to integrate all complex and varied activities of container terminals. This system has been implemented for several Indian and International ports.

• An online transaction processing system for the Bombay Stock Exchange, which handles millions of securities trading transactions every day.

CMC LTD has been imparting corporate trainings for the renowned leading organizations like Tech Mahindra, HCL Technologies, Tata Consultancy Services Tata motors and so on. We have already Trained 400 employees of Tech Mahindra & more than 800 employees of HCL under the ILP since July 2006. To add on , at NOIDA, we have an online testing facility from Pearson’s Vue for the candidates, interested in going for vendor certification on the technology. We are also proud to have world-class trainers for providing in-depth understanding of the topics. Apart from that we have tie-ups with various academic institutions imparting technical education such as engineering colleges pan India for Project based Industrial training on .Net / JAVA / PHP / Embedded Systems and Oracle.

ABSTRACT

OPEN SHORTEST PATH FIRST (OSPF)

OPEN SHORTEST PATH FIRST (OSPF) is an open standards routing protocol that been implemented by a wide verity of network vendors, including Cisco. If we have multiple routers and not of them are Cisco. If it is a large networks, then really your only options are OSPF or something called route redistribution- a translation service between routing protocols.This works by using the Dijkstra algorithm. First a shortest path tree is constructed and then the routing table is populated with the resulting best paths. OSPF converges quickly, although perhaps not so quickly as EIGRP, and supports multiple, equal cost routers to use the same destination.

VIRTUAL LANs (VLANs)

VLAN Basics

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can create the broadcast domain.

This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However, these devices can all

communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN.

Are VLANs required?

It is important to point out that you don’t have to configure a VLAN until your network gets so large and has so much traffic that you need one. Many times, people are simply using VLAN’s because the network they are working on was already using them.

Another important fact is that, on a Cisco switch, VLAN’s are enabled by default and ALL devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by default, you can just use all the ports on a switch and all devices will be able to talk to one another.

When do I need a VLAN?

You need to consider using VLAN’s in any of the following situations:

You have more than 200 devices on your LAN You have a lot of broadcast traffic on your LAN Groups of users need more security or are being slowed down by too many

broadcasts? Groups of users need to be on the same broadcast domain because they are running

the same applications. An example would be a company that has VoIP phones. The users using the phone could be on a different VLAN, not with the regular users.

Or, just to make a single switch into multiple virtual switche

There are several ways that VLANs simplify network management: Network adds, moves, and changes are achieved by configuring a port into the

appropriate VLAN. A group of users needing high security can be put into a VLAN so that no users

outside of the VLAN can communicate with them. As a logical grouping of users by function, VLAN can be considered independent

from their physical or geographic locations. VLANs can enhance network security. VLANs increase the number of broadcast domains while decreasing their size.

VLAN modes

There are three different modes in which a VLAN can be configured. These modes are covered below:

VLAN Switching Mode – The VLAN forms a switching bridge in which frames are forwarded unmodified.

VLAN Translation Mode – VLAN translation mode is used when the frame tagging method is changed in the network path, or if the frame traverses from a VLAN group to a legacy or native interface which is not configured in a VLAN. When the packet is

to pass into a native interface, the VLAN tag is removed so that the packet can properly enter the native interface.

VLAN Routing Mode – When a packet is routed from one VLAN to a different VLAN, you use VLAN routing mode. The packet is modified, usually by a router, which places its own MAC address as the source, and then changes the VLAN ID of the packet.

VLAN configurations

Different terminology is used between different hardware manufacturers when it comes to VLANs. Because of this there is often confusion at implementation time. Following are a few details, and some examples to assist you in defining your VLANs so confusion is not an issue.

Cisco VLAN terminology

You need a few details to define a VLAN on most Cisco equipment. Unfortunately, because Cisco sometimes acquires the technologies they use to fill their switching, routing and security product lines, naming conventions are not always consistent. For this article, we are focusing only one Cisco switching and routing product lines running Cisco IOS.

VLAN ID – The VLAN ID is a unique value you assign to each VLAN on a single device. With a Cisco routing or switching device running IOS, your range is from 1-4096. When you define a VLAN you usually use the syntax "vlan x" where x is the number you would like to assign to the VLAN ID. VLAN 1 is reserved as an administrative VLAN. If VLAN technologies are enabled, all ports are a member of VLAN 1 by default.

VLAN Name – The VLAN name is an text based name you use to identify your VLAN, perhaps to help technical staff in understanding its function. The string you use can be between 1 and 32 characters in length.

Private VLAN – You also define if the VLAN is to be a private vlan in the VLAN definition, and what other VLAN might be associated with it in the definition section. When you configure a Cisco VLAN as a private-vlan, this means that ports that are members of the VLAN cannot communicate directly with each other by default. Normally all ports which are members of a VLAN can communicate directly with each other just as they would be able to would they have been a member of a standard network segment. Private vlans are created to enhance the security on a network where hosts coexisting on the network cannot or should not trust each other. This is a common practice to use on web farms or in other high risk environments where communication between hosts on the same subnet are not necessary. Check your Cisco documentation if you have questions about how to configure and deploy private VLANs.

VLAN modes – in Cisco IOS, there are only two modes an interface can operate in, "mode access" and "mode trunk". Access mode is for end devices or devices that will not require multiple VLANs. Trunk mode is used for passing multiple VLANs to other network devices, or for end devices that need to have membership to multiple VLANs at once. If you are wondering what mode to use, the mode is probably "mode access"

OBJECTIVE AND INTRODUCTION OBJECTIVE

To design and configure a Routing with OSPF with Extended Access list and NAT as

per the requirements of the company.

FEATURES

Consists of areas and autonomous system

Minimize routing update traffic

Allows scalability

Supports VLSM/CIDR

Has unlimited hop count

Allows muti-vendor deployment (open standard)

OSPF is the link-state routing protocol

MATERIALS AND METHODS

HARDWARE REQUIREMENT

Router Switch Access Point Cables Straight cable Serial cable PC

Contents

1. Introduction to 2800 series router 2. Introduction to Computer networking concept 2.1 Network 2.2 Types of Network 2.3Network Topology 2.3.1 Types of Network Topology 3. Basic hardware component 4. Network cabling 5. Network models and protocols 5.1 OSI Model 5.2 TCP/IP Model 6. IP addressing 7. Router 8.1 Routing 8.2 Routing Protocol 8.2.1 RIPv1 8.2.2 RIPv2 8.2.3 EIGRP 8.2.4 OSPF 9. ACL 10. NAT 10.1Types of NAT 11. CDP 12. IPv6 13. WAN 14. Configuring Routing with EIGRP using extended ACL

2. Introduction to Computer Networking ConceptsWhat is a Network?In general, the term network can refer to any interconnected group or system. More specifically, a network is any method of sharing information between two systems (human, electrical or mechanical).

Figure 1: A Simple Network Example

A network lets you effortlessly transfer files, pictures, music and information — without using a disk or burning a CD. It also enables everyone in your home or office to share one broadband Internet connection, one printer, one scanner.

2.2 Types of the Network

LAN (Local Area Network)

A Local Area Network is a group of computers and network communication devices within a limited geographic area, such as an office building. Local area networking uses switches, bridges and/or repeaters, and hubs to interconnect LANs and increase overall size.

Figure 2: A Simple LAN Illustration

MAN (Metropolitan Area Network)

A Metropolitan Area Network is a network that connects two or more Local Area Networks or Campus Area Networks together but does not extend beyond the boundaries of the immediate town, city, or metropolitan area. Multiple routers, switches & hubs are connected to create a MAN. A MAN can range anywhere from 5 to 50km in diameter.

WAN (Wide Area Network)A WAN is a data communications network that covers a relatively broad geographic area (i.e. one city to another and one country to another country) and that often uses transmission facilities provided by common carriers, such as telephone companies. They are generally connected with each other using routers.

Figure 3: An Example of WAN

Personal Area Network (PAN)

A personal area network (PAN) is a computer network used for communication among computer devices close to one person. Some examples of devices that may be used in a PAN are printers, fax machines, telephones, PDAs or scanners. The reach of a PAN is typically within about 20-30 feet (approximately 6-9 Meters).

Storage Area Network (SAN)

We heavily rely on data in modern time. We have a lot of data in the form of audio and video. We need to store data for quick access and transfer on special storage devices. Its

special purpose is to allow users on a larger network to connect various data storage devices with clusters of data servers.

Virtual Private Network (VPN)

A VPN is a private network that lets you access public networks remotely. A VPN uses encryption and security protocols to retain privacy while it accesses outside resources by creating a virtual network for you which acts as if you are having a private line for the given period of time. When employed on a network, VPN enables an end user to create a virtual tunnel to a remote location. Typically, telecommuters use VPN to log in to their company networks from home.

According To the Type of Connection Used Wired Network : A network that connects devices using cables (wires) like Coaxial

Cable, Twisted pair Cable, Optical Fibre Cable etc. Wireless Network : A network that connects devices using wireless technologies like

Bluetooth, infrared, radio frequency etc.

According To the Functional Relationship (Network Architecture)

Peer to peer network (Workgroup)

A Workgroup is a collection of computers on a local area network (LAN) that share common resources and responsibilities. Workgroups provide easy sharing of files, printers and other network resources. Being a peer-to-peer (P2P) network design, each Workgroup computer may both share and access resources if configured to do so.Workgroups are designed for small LANs in homes, schools, and small businesses. A Windows Workgroup, for example, functions best with 15 or fewer computers. As the number of computers in a workgroup grows, workgroup LANs eventually become too difficult to administer and should be replaced with alternative solutions like domains or other client/server approaches.

Client-Server Network (Domain)

A Domain is a “Network Architecture ” in which each computer or process on the network is either a client or a server. Servers are powerful computers or processes dedicated to managing disk drives (file servers), printers (print servers), or network traffic (network servers ). Clients are PCs or workstations on which users run applications . Clients rely on servers for resources, such as files, devices, and even processing power.

2.3 Network Topologies

Topology refers to the way in which the network of computers is connected. Each topology is suited to specific tasks and has its own advantages and disadvantages. The choice of topology is dependent upon---

Type and number of equipment being used Planned applications and rate of data transfers Required response times

Cost

23.1 Types of Network Topologies

Physical Topology: Physical topology defines how devices are connected to the network through the actual cables that transmit data ( physical structure of the network)

Logical Topology: Logical Topology (also referred to as Signal Topology) is a network computing term used to describe the arrangement of devices on a network and how they communicate with one another.

Common LAN Topologies (Physical)1. BUS

Figure: Bus Topology Representation

In a bus topology: A single cable connects each workstation in a linear, daisy-chained fashion. Signals are broadcasted to all stations, but stations only act on the frames addressed to

them.

2. RING

Figure: Ring Topology Representation

In a ring topology: Unidirectional links connect the transmit side of one device to the receive side of

another device. Devices transmit frames to the next device (downstream member) in the ring.

3. STAR

Figure: Star Topology Representation

In a star topology: Each station is connected to a central Hub or Switch (concentrator) that functions as a

multi-port repeater. The HUB broadcasts data all of the devices connected to it. The Switch transmits the data to the dedicated device for which the data is meant for.

LAN Transmission Methods.

Unicast Transmission:In unicast transmissions, a single data packet is sent from a source to a single destination on the network.

Figure: Unicast Transmission

In Unicast Method: oThe source addresses the packet with the destination address.oThe packet is sent into the network. oThe network delivers the packet to the destination.

Multicast Transmission: In multicast transmissions, a single data packet is copied and sent to specific destinations on the network

Figure: Multicast Transmission ExampleIn Multicast Process:

oThe source addresses the packet using a multicast address.oThe packet is sent into the network.oThe network copies the packet.

o A copy is delivered to each destination that is included in the multicast address.

Broadcast Transmission: In Broadcast transmissions, a single data packet is copied and sent to all the destinations on the network.

In Broadcast Process: o The source addresses the packet with the broadcast address.o The packet is sent into the network.o The network copies the packet.o The packet copies are delivered to all destinations on the network.

Figure: Broadcast Transmission

3. Basic Hardware Components

LAN Infrastructure DevicesAll networks are made up of basic hardware building blocks to interconnect network nodes, such as Network Interface Cards (NICs), Bridges, Hubs, Switches, and Routers. In addition, some method of connecting these building blocks is required, usually in the form of galvanic cable (most commonly Category 5 cable). Less common are microwave links (as in IEEE 802.11) or optical cable ("optical fiber").

Network Interface Cards

Figure: A Network Interface Card (NIC)A network card, network adapter or NIC (network interface card) is a piece of computer hardware designed to allow computers to communicate over a computer network. It provides physical access to a networking medium and often provides a low-level addressing system through the use of MAC addresses. It allows users to connect to each other either by using cables or wirelessly.

Repeaters

Figure: Examples of Repeater

A repeater is an electronic device that receives a signal and retransmits it at a higher level or higher power, or onto the other side of an obstruction, so that the signal can cover longer distances without degradation.Because repeaters work with the actual physical signal, and do not attempt to interpret the data being transmitted, they operate on the Physical layer, the first layer of the OSI model.

Hubs

Figure: Example of Hubs

A hub (concentrator) contains multiple ports, which is used to connect devices in a star topology. When a packet arrives at one port, it is copied to all the ports of the hub. But when the packets are copied, the destination address in the frame does not change to a broadcast address. It does this in a rudimentary way; it simply copies the data to all of the Nodes connected to the hub (broadcast).

Bridges

Figure: A Common Bridge

A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model. Bridges do not promiscuously copy traffic to all ports, as hubs do, but learn which physical addresses are reachable through specific ports. Once the bridge associates a port and an address, it will send traffic for that address only to that port. Bridges do send broadcasts to all ports except the one on which the broadcast was received.Bridges learn the association of ports and addresses by examining the source address of frames that it sees on various ports. Once a frame arrives through a port, its source address is stored and the bridge assumes that MAC address is associated with that port.

The first time that a previously unknown destination address is seen, the bridge will forward the frame to all ports other than the one on which the frame arrived.

Switches

Figure: Switches

A switch is a device that performs switching. Specifically, it forwards and filters OSI layer 2 datagram (chunk of data communication) between ports (connected cables) based on the Physical-Addresses in the packets. This is distinct from a hub in that it only forwards the datagram to the ports involved in the communications rather than all ports connected. A switch normally has numerous ports with the intention that most or all of the networks be connected directly to a switch, or another switch that is in turn connected to a switch.

Routers

Figure: Two Modern Routers

Routers are networking devices that forward data packets along networks by using headers and forwarding/routing tables to determine the best path to forward the packets. Routers work at the Internet layer of the TCP/IP model or layer 3 of the OSI model. Routers also provide interconnectivity between like and unlike media. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP's network. Some DSL and cable modems, for home use, have been integrated with routers to allow multiple home computers to access the Internet.

5.Network Models & Protocols

Overview

Network models define a set of network layers and how they interact. There are several different network models depending on what organization or company started them. The most important two are:

OSI Network Model (Reference Model) The TCP/IP Model (DOD model)

5.1 The Open System Interconnection (OSI) Reference Model

Figure: The OSI Model

Introduction

In 1983, the International Standards Organization (ISO) developed a model called Open Systems Interconnection (OSI) which is a standard reference model

19

for communication between two end users in a network. The model is used in developing products and understanding networks.

Layers in the OSI Model

OSI divides Telecommunications into Seven Layers. Each layer is responsible for a particular aspect of data communication. For example, one layer may be responsible for establishing connections between devices, while another layer may be responsible for error checking during transfer.

Layer 7: The Application Layer...

The Application Layer is the highest layer in the protocol stack and the layer responsible for introducing data into the OSI stack. Here reside the protocols for user applications that incorporate the components of network applications. The applications can be classified as:

Computer applications Network applications Internetwork applications

Computer Applications Network Applications Internetwork Applications

Figure 4: Classifications of Applications

Layer 6: The Presentation Layer...

This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). This layer is sometimes called the syntax layer.

The Presentation Layer is responsible for the following services:

20

Presentation Graphics Database Word Processing Spreadsheet Design/ManufacturingOthers

Network ManagementInformation LocationRemote LocationElectronic MailFile TransferClient/Server ProcessOthers

World Wide WebConferencing (Video, Voice, Data)Electronic Date ExchangeInternet Navigation UtilitiesE-Mail GatewaysSpecial-Interest Bulletin BoardsFinancial Transaction Services Others

Data representation: The presentation layer of the OSI model at the receiving computer is also responsible for the conversion of “the external format” with which data is received from the sending computer to one accepted by the other layers in the host computer. Data formats include postscript, ASCII, or BINARY such as EBCDIC (fully Extended Binary Coded Decimal Interchange Code).

Data security:Some types of encryption (and decryption) are performed at the presentation layer. This ensures the security of the data as it travels down the protocol stack. For example, one of the most popular encryption schemes that is usually associated with the presentation layer is the Secure Sockets Layer (SSL) protocol.

Data compression:Compression (and decompression) may be done at the presentation layer to improve the throughput of data.

Layer 5: The Session Layer...

The Session Layer establishes, manages, and terminates sessions (different from connections) between applications as they interact on different hosts on a network. Its main job is to coordinate the service requests and responses between different hosts for applications.The sessions established between hosts can be:

Simplex:Simplex transmission is like a one-way street where traffic moves in only one direction. Simplex mode is a one-way-only transmission, which means that data can flow only in one direction from the sending device to the receiving device.

Figure: Simplex Transmission (One-Way Street)

Half Duplex: Half Duplex is like the center lane on some three-lane roads. It is a single lane in which traffic can move in one direction or the other, but not in both directions at the same time. Half-duplex mode limits data transmission

21

because each device must take turns using the line. Therefore, data can flow from A to B and from B to A, but not at the same time.

Figure: Half Duplex (Center Turn Lane)

Full Duplex: is like a major highway with two lanes of traffic, each lane accommodating traffic going in opposite directions. Full-duplex mode accommodates two-way simultaneous transmission, which means that both sides can send and receive at the same time. In full-duplex mode, data can flow from A to B and B to A at the same time.

Figure: Full Duplex (Interstate Highway)

Layer 4: The Transport Layer...

22

This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer.

The Basic Transport Layer Services are: Resource Utilization (multiplexing): Multiple applications run on the same

machine but use different ports. Connection Management (establishing & terminating): The second major

task of Transport Layer is establishing connection between sender & the receiver before data transmission starts & terminating the connection once the data transmission is finished

Flow Control (Buffering / Windowing): Once the connection has occurred and transfer is in progress, congestion of the data flow can occur at a destination for a variety of reasons.

Layer 3: The Network Layer...

The Network Layer is responsible for identifying computers on a network. This layer is concerned with 2 functions:

Routing: It is the process of selecting the best paths in a network along which to send data on physical traffic.

Figure: Routing at Network Layer

Fragmentation / Reassembly: if the network layer determines that a next router's maximum transmission unit (MTU) size is less than the current frame size, a router can fragment a frame for transmission and re-assembly at the destination station.Two types of packets are used at the Network layer:

Data packets: Used to transport user data through the internetwork. Protocols used to support data traffic are called routed protocols.

Route update packets: Used to update neighboring routers about the network connected to all routers within the internetwork. Protocols that send route updates are called routing protocols.

Layer 2: The data-link layer...

23

The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:

Frame Traffic Control: tells the transmitting node to "stop” when no frame buffers are available.

Frame Sequencing: transmits/receives frames sequentially. Frame Acknowledgment: provides/expects frame acknowledgments. Detects

and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.

Frame Delimiting: creates and recognizes frame boundaries. Link Establishment and Termination: establishes and terminates the logical

link between two nodes. Frame Error Checking: checks received frames for integrity. Media access management: determines when the node "has the right" to use

the physical medium. Data Link Sub layers

Logical Link Control (LLC): The LLC is concerned with managing traffic (flow and error control) over the physical medium and may also assign sequence numbers to frames and track acknowledgements. LLC is defined in the IEEE 802.2 specification and supports both connectionless and connection-oriented services used by higher-layer protocols.

Media Access Control (MAC): The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it.

Figure: Data Link Sub-Layers

Layer 1: The Physical Layer…

The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:

Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:

o What signal state represents a binary 1

24

o How the receiving station knows when a "bit-time" startso How the receiving station delimits a frame

Physical medium attachment, accommodating various possibilities in the medium:

o Will an external transceiver (MAU) be used to connect to the medium?o How many pins do the connectors have and what is each pin used for?

Transmission technique: determines whether the encoded bits will be transmitted by baseband (digital) or broadband (analog) signaling.

Physical medium transmission: transmits bits as electrical or optical signals appropriate for the physical medium, and determines:

o What physical medium options can be usedo How many volts/db should be used to represent a given signal state, using a

given physical medium.

Devices Used At Each Layer of OSI Model

OSI Layers Devices UsedApplication Layer Gateways, Layer 7 SwitchesPresentation Layer -----------Session Layer -----------Transport Layer Layer 4 switchesNetwork Layer Router, Layer 3 switchesData link Layer NIC, Switch, BridgePhysical Layer Hubs, Repeaters, Network

cables & connectors

5.2 Transmission Control Protocol/Internet Protocol (TCP/IP) Model Or DOD Model

A Brief Introduction

The TCP/IP Model is a specification for computer network protocols created in the 1970s by DARPA, an agency of the United States Department of Defense. It laid the foundation for ARPANET, which was the world's first wide area network and a predecessor of the Internet.

25

Figure: Mapping of TCP/IP Suite to OSI

Layers in the TCP/IP Model

TCP/IP is generally described as having four 'layers’ or five if we include the bottom physical layer.The layers near the top are logically closer to the user application, while those near the bottom are logically closer to the physical transmission of the data.

The TCP/IP Application Layer

TCP/IP application layer protocols provide services to the application software running on a computer. The application Layer identifies the application running on the computer through Port Numbers.The various protocols that are used at the Application Layer are:

Telnet:Terminal Emulation, Telnet is a program that runs on your computer and connects your PC to a server on the network. You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console. Port Number :23

FTP:File Transfer Protocol, the protocol used for exchanging files over the Internet. FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server. Port Number : 20(data port) ,21(control port)

HTTP:Hyper Text Transfer Protocol is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when we enter a URL in the browser, this actually

26

sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page. Port Number :80

NFS: Network File System, a client/server application that allows all network users to access shared files stored on computers of different types. Users can manipulate shared files as if they were stored locally on the user's own hard disk. Port Number :2049

SMTP:SimpleMailTransfer Protocol, a protocol for sending e-mail messages between servers. In addition, SMTP is generally used to send messages from a mail client to a mail server. Port Number :25

POP3:PostOfficeProtocol, a protocol used to retrieve e-mail from a mail server. Most e-mail applications (sometimes called an e-mail client) use the POP, although some can use the newer IMAP (Internet Message Access Protocol)as a replacement for POP3 Port Number :110

TFTP:TrivialFileTransfer Protocol, a simple form of the File Transfer Protocol (FTP). TFTP provides no security features. It is often used by servers to boot diskless workstations, X-terminals, and routers. Port Number :69

DNS: Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4. Port Number :53

DHCP:DynamicHostConfiguration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task. Port Number : 67(Server),68(Client)

BOOTP:Bootstrap Protocol (BOOTP) is utilized by diskless workstations to gather configuration information from a network server. This enables the workstation to boot without requiring a hard or floppy disk drive. Port Number : 67(Server),68(Client)

SNMP: Simple Network Management Protocol, a set of protocols for managing complex networks. SNMP works by sending messages, called protocol data units (PDUs), to different parts of a network. Port Number :161

The TCP/IP Transport LayerThe protocol layer just below the Application layer is the host-to-host layer (Transport layer). It is responsible for end-to-end data integrity. Transport Layer identifies the segments through Socket address (Combination of Port Number & I.P. address).The two most important protocols employed at this layer are the

Transmission Control Protocol (TCP): TCP provides reliable, full-duplexconnectionsandreliable service by ensuring that data is retransmitted when transmission results in an error (end-to-end error detection and correction). Also, TCP enables hosts to maintain multiple, simultaneous connections.

User Datagram Protocol (UDP): When error correction is not required, UDP provides unreliable datagram service (connectionless) that enhances network throughput at the host-to-host transport layer. It's used primarily for broadcastingmessages over a network.

27

The TCP/IP Internet Layer

The best known TCP/IP protocol at the internetwork layer is the Internet Protocol (IP), which provides the basic packet delivery service for all TCP/IP networks node addresses, the IP implements a system of logical host addresses called IP addresses.The IP addresses are used by the internetwork and higher layers to identify devices and to perform internetwork routing. IP is used by all protocols in the layers above and below it to deliver data, which means all TCP/IP data flows through IP when it is sent and received, regardless of its final destination.

Types of Addresses Used During Data CommunicationIntroduction

TCP/IP Layers Addresses Used

Application Layer Port Numbers

Transport Layer Socket Address

Network Layer I.P. Address

Network Access Layer Physical Address

Port Numbers

A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server.The port numbers are divided into three ranges:

The Well Known Ports: Range from 0 through 1023. The Well Known port numbers are registered by the IANA and are already assigned to the Well Known protocols. Well Known port numbers can only be used by system (or root) processes or by programs executed by privileged users.

The Registered Ports: Range from 1024 through 49151. The registered port numbers are also registered by the IANA. The Registered Ports are listed by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users.

The Dynamic and/or Private Ports: Range from 49152 through 65535. The Dynamic port numbers are available for use by any application used for communicating with any other application, using the Internet's Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP).

Socket AddressSocket address is a combination of Port Number for a particular process & the I.P. address of the host.

I.P. Address (Logical Address)

There are two different versions of I.P. address: IPv4 & IPv6.

28

IPv4

IPv4 is a 32 bit numeric address used for data communication at the internet layer. This has been in use for more than 20 years and served well but growing number of devices in networks has forced us to go for a new addressing scheme and here comes IPv6.IP address will be discussed in more details in the coming Sessions.

IPv6

IP Version 6 (IPv6) is the newest version of IP, sometimes called “IPng” for “IP, Next Generation”. IPv6 is fairly well defined but is not yet widely deployed. The main differences between IPv6 and the current widely-deployed version of IP (which is IPv4) are:

IPv6 uses larger addresses (128 bits instead of 32 bits in IPv4) and so can support many more devices on the network.

IPv6 includes features like authentication and multicasting that had been bolted on to IPv4 in a piecemeal fashion over the years.

Physical Address (Hardware Address/MAC Address)

The MAC (Media Access control) address is a unique value associated with a network adapter. They uniquely identify an adapter on a LAN. MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:

MM:MM:MM:SS:SS:SS MM-MM-MM-SS

The first half (24 bits) of a MAC address contains the ID number of the adapter manufacturer (Vendor ID). The second half(24 bits) of a MAC address represents the serial number assigned to the adapter by the manufacturer. In the example, 00:A0:C9:14:C8:29The prefix 00A0C9 indicates the manufacturer is Intel Corporation.

24 bits 24 bits

6. IP AddressingAn IntroductionIf a device wants to communicate using TCP/IP, it needs an IP address. I.P. addressing was designed to allow hosts on one network to communicate with a host on a different network regardless of the type of LANs the hosts are participating in. When the device has an IP address and the appropriate software

29

Vendor ID Adaptor ID

and hardware, it can send and receive IP packets. Any device that can send and receive IP packets is called an IP host.

IP TerminologyThe important terms vital to the understanding of the Internet Protocol are:

Bit: A bit is one digit, either a 1 or a 0. Byte: A byte is 8 bits. Octet: An octet, made up of 8 bits, is just an ordinary 8-bit binary number. In

this Session, the terms byte and octet are completely interchangeable. Network address: This is the designation used in routing to send packets to a

remote network—for example, 10.0.0.0, 172.16.0.0, and 192.168.10.0. Broadcast address: The address used by applications and hosts to send

information to all nodes on a network is called the broadcast address. Examples include 255.255.255.255, which is all networks, all nodes; 172.16.255.255, which is all subnets and hosts on network 172.16.0.0; and 10.255.255.255, which broadcasts to all subnets and hosts on network 10.0.0.0.

The Hierarchical IP Addressing SchemeAn IP v4 address consists of 32 bits of information. These bits are divided into four sections, referred to as octets or bytes, each containing 1 byte (8 bits). You can depict an IP address using one of three methods:

Dotted-decimal, as in 172.16.30.56 Binary, as in 10101100.00010000.00011110.00111000 Hexadecimal, as in AC.10.1E.38

All these examples truly represent the same IP address. Hexadecimal isn’t used as often as dotted-decimal or binary when IP addressing is discussed, but you still might find an IP address stored in hexadecimal in some programs. The Windows Registry is a good example of a program that stores a machine’s IP address in hex.The 32-bit IP address is a structured or hierarchical address, as opposed to a flat or nonhierarchical address. Although either type of addressing scheme could have been used, hierarchicaladdressingwas chosen for a good reason. The advantage of this scheme is that it can handle a large number of addresses, namely 4.3 billion (a 32-bit address space with two possible values for each position—either 0 or 1—gives you 232, or 4,294,967,296). The disadvantage of the flat addressing scheme, and the reason it’s not used for IP addressing, relates to routing. If every address were unique, allrouters on the Internet would need to store the address of each and every machine on the Internet. This would make efficient routing impossible, even if only a fraction of the possible addresses were used.The solution to this problem is to use a two- or three-level hierarchical addressing scheme that is structured by network and host or by network, subnet, and host. This two- or three-level scheme is comparable to a telephone number. The first section, the area code, designates a very large area. The second section, the prefix, narrows the scope to a local calling area. The final segment, the customer number, zooms in on the specific connection.IP addresses use the same type of layered structure. Rather than all 32 bits being treated as a unique identifier, as in flat addressing, a part of the address is designated as the network address and the other part is designated as either the subnet and host or just the node address.

30

Network AddressingA Brief Explanation of Network AddressingThe network address(which can also be called the network number) uniquely identifies each network. Every machine on the same network shares that network address as part of its IP address. In the IP address 172.16.30.56, for example, 172.16 is the network address.The node addressis assigned to, and uniquely identifies, each machine on a network. This part of the address must be unique because it identifies a particular machine—an individual—as opposed to a network, which is a group. This number can also be referred to as a host address. In the sample IP address 172.16.30.56, the 30.56 is the node address.The designers of the Internet decided to create classes of networks based on network size. For the small number of networks possessing a very large number of nodes, they created the rank, Class A network. At the other extreme is the Class C network, which is reserved for the numerous networks with a small number of nodes. The class distinction for networks between very large and very small is predictably called the Class B network.Subdividing an IP address into a network and node address is determined by the class designation of one’s network.

Classes 8 bits 8 bits 8 bits 8 bits

Class A: Network Host Host Host

Class B: Network Network Host Host

Class C: Network Network Network Host

Class D: Multicast

Class E: Research

Table: Classes of I.P. Address

Class A Network: binary address start with 0, therefore the decimal number can be anywhere from 1 to 126. The first 8 bits (the first octet) identify the network and the remaining 24 bits indicate the host within the network. An example of a Class A IP address is 102.168.212.226, where "102" identifies the network and "168.212.226" identifies the host on that network.

Class B Network: binary addresses start with 10, therefore the decimal number can be anywhere from 128 to 191. The first 16 bits (the first two octets) identify the network and the remaining 16 bits indicate the host within the network. An example of a Class B IP address is 168.212.226.204 where "168.212" identifies the network and "226.204" identifies the host on that network.

Class Left most bits Start Address Finish Address

31

A: 0xxx 0.0.0.0 127.255.255.255

B: 10xx 128.0.0.0 191.255.255.255

C: 110x 192.0.0.0 223.255.255.255

D: 1110 224.0.0.0 239.255.255.255

E: 1111 240.0.0.0 255.255.255.255

Table: Possible IP Addresses

Class C Network: Binary addresses start with 110, therefore the decimal number can be anywhere from 192 to 223. The first 24 bits (the first three octets) identify the network and the remaining 8 bits indicate the host within the network. An example of a Class C IP address is 200.168.212.226 where "200.168.212" identifies the network and "226" identifies the host on that network. In a Class C network address, the first three bit positions are always the binary 110. The calculation is as follows: 3 bytes, or 24 bits, minus 3 reserved positions leaves 21 positions.

Class D Network: Binary addresses start with 1110, therefore the decimal number can be anywhere from 224 to 239. Class D networks are used to support multicasting.

Class E Network: Binary addresses start with 1111, therefore the decimal number can be anywhere from 240 to 255. Class E networks are used for experimentation. They have never been documented or utilized in a standard way.

Subnet Masks

For the subnet address scheme to work, every machine on the network must know which part of the host address will be used as the subnet address. This is accomplished by assigning a subnet mask to each machine. A subnet mask is a 32-bit value that allows the recipient of IP packets todistinguish the network ID portion of the IP address from the host ID portion of the IP address.The network administrator creates a 32-bit subnet mask composed of 1s and 0s. The 1s in the subnet mask represent the positions that refer to the network or subnet addresses.Table shows the default subnet masks for Classes A, B, and C. These default masks cannot change.

Address Class

Format Default Subnet Mask

Class A network.node.node.node 255.0.0.0Class B Network.network.node.node 255.255.0.0Class C Network.network.network.node 255.255.255.0

Table: Default Subnet Mask

32

6.1 Subnetting

Subnetting is basically just a way of splitting a TCP/IP network into smaller, more manageable pieces. The basic idea is that if you have an excessive amount of traffic flowing across your network, then that traffic can cause your network to run slowly. When you subnet your network, you are splitting the network into a separate, but interconnected network. The various advantages of subnetting are:

Reduced network traffic: We all appreciate less traffic of any kind. Networks are no different. Without trusty routers, packet traffic could grind the entire network down to a near standstill. With routers, most traffic will stay on the local network; only packets destined for other networks will pass through the router. Routers create broadcast domains. The more broadcast domains you create, the smaller the broadcast domains and the less network traffic on each network segment.Optimized network performance: This is a result of reduced network traffic. Simplified management: It’s easier to identify and isolate network problems in a group of smaller connected networks than within one gigantic network.Facilitated spanning of large geographical distances: Because WAN links are considerably slower and more expensive than LAN links, a single large network that spans long distances can create problems in every area.

Subnetting Class C AddressesIntroductionThere are many different ways to subnet a network. The right way is the way that works best for you. In a Class C address, only 8 bits are available for defining the hosts. Remember that subnet bits start at the left and go to the right, without skipping bits. Subnetting a Class C Address: The Fast Way!When you’ve chosen a possible subnet mask for your network and need to determine the number of subnets, valid hosts, and broadcast addresses of a subnet that the mask provides, all you need to do is answer five simple questions:

How many subnets does the chosen subnet mask produce? How many valid hosts per subnet are available? What are the valid subnets? What’s the broadcast address of each subnet? What are the valid hosts in each subnet?

Here’s how you get the answers to those five big questions:How many subnets? 2x = number of subnets. xis the number of masked bits, or the 1s. For example, in 11000000, the number of 1s gives us 22 subnets. In this example, there are 4 subnets.How many hosts per subnet? 2y – 2 = number of hosts per subnet. yis the number of unmasked bits, or the 0s. For example, in 11000000, the number of 0s gives us 26 – 2 hosts. In this example, there are 62 hosts per subnet. You need to subtract 2 for the subnet address and the broadcast address, which are not valid hosts.

33

What are the valid subnets? 256 – subnet mask = block size, or increment number. An example would be 256 – 192 = 64. The block size of a 192 mask is always 64. Start counting at zero in blocks of 64 until you reach the subnet mask value and these are your subnets.0, 64, 128, 192.What’s the broadcast address for each subnet? Now here’s the really easy part. Since we counted our subnets in the last section as 0, 64, 128, and 192, the broadcast address is always the number right before the next subnet. For example, the 0 subnet has a broadcast address of 63 because the next subnet is 64. The 64 subnet has a broadcast address of 127 because the next subnet is 128. And so on. And remember, the broadcast address of the last subnet is always 255.What are the valid hosts? Valid hosts are the numbers between the subnets, omitting the all 0s and all 1s. For example, if 64 is the subnet number and 127 is the broadcast address, then 65–126 is the valid host range—it’s always the numbers between the subnet address and the broadcast address.

Subnetting Practice Examples: Class C AddressesPractice Example #1C: 255.255.255.128 (/25)Since 128 is 10000000 in binary, there is only 1 bit for subnetting and 7 bits for hosts. We’re going to subnet the Class C network address 192.168.10.0.192.168.10.0 = Network address255.255.255.128 = Subnet maskNow, let’s answer the big five:

How many subnets? Since 128 is 1 bit on (10000000), the answer would be 21 = 2.How many hosts per subnet? We have 7 host bits off (10000000), so the equation would be 27 – 2 = 126 hosts.What are the valid subnets? 256 – 128 = 128. Remember, we’ll start at zero and count in our block size, so our subnets are 0, 128.What’s the broadcast address for each subnet? The number right before the value of the next subnet is all host bits turned on and equals the broadcast address. For the zero subnet, the next subnet is 128, so the broadcast of the 0 subnet is 127.What are the valid hosts? These are the numbers between the subnet and broadcast address. The easiest way to find the hosts is to write out the subnet address and the broadcast address. This way, the valid hosts are obvious. The following table shows the 0 and 128 subnets, the valid host ranges of each, and the broadcast address of both subnets:

Subnet 0 128First host 1 129Last host 126 254Broadcast 127 255

Practice Example #2C: 255.255.255.192 (/26)

34

In this second example, we’re going to subnet the network address 192.168.10.0 using the subnet mask 255.255.255.192.192.168.10.0 = Network address255.255.255.192 = Subnet maskNow, let’s answer the big five:

How many subnets? Since 192 is 2 bits on (11000000), the answer would be 22 = 4 subnets.

How many hosts per subnet? We have 6 host bits off (11000000), so the equation would be 26 – 2 = 62 hosts.

What are the valid subnets? 256 – 192 = 64. Remember, we start at zero and count in our block size, so our subnets are 0, 64, 128, and 192.

What’s the broadcast address for each subnet? The number right before the value of the next subnet is all host bits turned on and equals the broadcast address. For the zero subnet, the next subnet is 64, so the broadcast address for the zero subnet is 63.What are the valid hosts? These are the numbers between the subnet and broadcast address. The easiest way to find the hosts is to write out the subnet address and the broadcast address. This way, the valid hosts are obvious. The following table shows the 0, 64, 128, and 192 subnets, the valid host ranges of each, and the broadcast address of each subnet:The subnets (do this first) 0 64 128 192Our first host (perform host addressing last) 1 65 129 193Our last host 62126 190 254The broadcast address (do this second) 63 127 191 255

7.ROUTERIntroductionRouters are nothing more than a special type of PC. Routers and PCs both have some of the same components such as a motherboard, RAM, and an operating system. The main difference is between a router and standard PC, is that a router performs special tasks to control or "route" traffic between two or more networks. They operate at layer 3 of the OSI model.

Hardware ComponentsThere are 7 major internal components of a router:

CPU Internetwork Operating System (IOS) RAM

35

NVRAM Flash ROM Console Interfaces

CPUThe CPU performs functions just as it does in a normal PC. It executes commands given by the IOS using other hardware components. High-end routers may contain multiple processors or extra slots to add more CPUs later. IOSThe IOS is the main operating system on which the router runs. The IOS is loaded upon the router’s boot up. It usually is around 2 to 5MB in size, but can be a lot larger depending on the router series. The IOS is currently on version 12, and they periodically releases minor versions every couple of months e.g. 12.1, 12.3 etc. to fix small bugs and also add extra functionality.The IOS gives the router its various capabilities and can also be updated or downloaded from the router for backup purposes.RAMRandom Access Memory; this component is dynamic. Meaning, its content changes constantly. The main role of the RAM is to hold the ARP cache, Store routing tables, hold fast-switching cache, performs packet buffering, and hold queues. It also provides temporary memory for the configuration file of the router while the router is powered on. However, the RAM loses content when router is restarted or powered off. This component is upgradeable! NVRAM Nonvolatile RAM is used to store the startup configuration files. This type of RAM does not lose its content when the router is restarted or powered off. FlashFlash memory is very important. It holds the Cisco IOS image file, as well as backups. This flash memory is classified as an EEPROM (Electronically Erasable Programmable Read Only Memory). The flash ROM is upgradeable in most Cisco routers. ROM The ROM performs the same operations as a BIOS. It holds information about the systems hardware components and runs POST when the router first starts up. This component can be upgraded by "unplugging" the chip and installing a new one. A ROM upgrade ensures newer versions of the IOS. Console The console consists of the physical plugs and jacks on the router. The purpose of the console is to provide access for configurations. Interfaces The interfaces provide connectivity to LAN, WAN, and Console/Aux. They can be RJ-45 jacks soldered onto the motherboard, transceiver modules, or card modules. Cisco routers, especially the higher-end models, can be configured in many different ways. They can use a combination of transceivers, card modules and onboard interfaces.

ROUTER MODESUser mode

User can examine router status and operation. Configuration cannot be viewed or altered from user mode

36

Prompt : router>Privileged mode (“root”)

Complete control over the router (anything can be set or reset) Configuration cannot be altered Prompt : router#

Configuration mode Used only for change of configuration Not password protected from privileged mode Privileged mode commands don’t have meaning in configuration mode Most statements can be removed from the configuration with the prefix no (ex.

no shutdown) Prompt : router(config)#

Router ConfigurationThere are two router configurations:

The Active configuration (show running-config) The startup configuration (show startup-config)

Summary of Router Modes

Mode Name DescriptionRouter> User ModeRouter# Privileged ModeRouter(config)# Global configuration modeRouter(config-if)# Interface modeRouter(config-subif)# Subinterface modeRouter(config-line)# Line modeRouter(config-router)# Router configuration mode

8.1 ROUTING

The term routing is used for taking a packet from one device and sending it through the network to another device on a different network. Routers don’t really care about hosts—they only care about networks and the best path to each network. The logical network address of the destination host is used to get packets to a network through a routed network, and then the hardware address of the host is used to deliver the packet from a router to the correct destination host.If your network has no routers, then it should be apparent that you are not routing. Routers route traffic to all the networks in your internetwork. To be able to route packets, a router must know, at a minimum, the following:

Destination address Neighbor routers from which it can learn about remote networks Possible routes to all remote networks The best route to each remote network How to maintain and verify routing information The router learns about remote networks from neighbor routers or from an

administrator

37

The router then builds a routing table (a map of the internetwork) that describes how to find the remote networks. If a network is directly connected, then the router already knows how to get to it.If a network isn’t directly connected to the router, the router must use one of two ways to learn how to get to the remote network:

1. Static routing : meaning that someone must hand-type all network locations into the routing table.

2. Dynamic routing : In dynamic routing, a protocol on one router communicates with the same protocol running on neighbor routers. The routers then update each other about all the networks they know about and place this information into the routing table. If a change occurs in the network, the dynamic routing protocols automatically inform all routers about the event. If static routing is used, the administrator is responsible for updating all changes by hand into all routers. Typically, in a large network, a combination of both dynamic and static routing is used.

8.2 ROUTING PROTOCOL

A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on acomputer network, the choice of the route being done by routing algorithms.

8.2.1Routing Information Protocol (RIP)

Routing Information Protocol (RIP) is a true distance-vector routing protocol. RIP sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to determine the best way to a remote network, but it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable. RIP works well in small networks, but it’s inefficient on large networks with slow WAN links or on networks with a large number of routers installed.RIP version 1 uses only classful routing, which means that all devices in the network must use the same subnet mask. This is because RIP version 1 doesn’t send updates with subnet mask information.RIP version 2 provides something called prefix routing and does send subnet mask information with the route updates. This is called classless routing.

Configuring RIP RoutingConfiguration ExampleLet’s use a simple network example, shown in Figure below, to illustrate configuring RIPv1.

38

Figure: RIP Routing in Action Here’s RouterA’s configuration:

RouterA(config)# router rip RouterA(config-router)# network 192.168.1.0

RouterA(config-router)# network 192.168.2.0

Here’s RouterB’s configuration:RouterB(config)# router ripRouterB(config-router)# network 192.168.2.0RouterB(config-router)# network 192.168.3.0

Troubleshooting IP RIPOnce you have configured IP RIP, you have a variety of commands available to view andtroubleshoot your configuration and operation of RIP:_ showip protocols_ showip route_ debug ip rip

8.2.2 RIP Version 2 (RIPv2)RIP version 2 is mostly the same as RIP version 1. Both RIPv1 and RIPv2 are distance-vectorprotocols, which means that each router running RIP sends its complete routing tables out allactive interfaces at periodic time intervals. Also, the timers and loop-avoidance schemes are thesame in both RIP versions (i.e., holddown timers and split horizon rule), and both have the sameadministrative distance (120).But there are some important differences that make RIPv2 more scalable than RIPv1.

39

Configuring RIPv2 is straightforward. Here’s an example:RouterC (config)#router ripRouterC (config-router)#network 192.168.40.0RouterC (config-router)#network 192.168.50.0RouterC (config-router)#version 2

8.2.3 EIGRP Features and Operation

Enhanced IGRP (EIGRP) is a classless, enhanced distance-vector protocol that gives us a real edge over another Cisco proprietary protocol, Interior Gateway Routing Protocol (IGRP). That’s basically why it’s called Enhanced IGRP. Like IGRP, EIGRP uses the concept of an autonomous system to describe the set of contiguous routers that run the same routing protocol and share routing information. But unlike IGRP, EIGRP includes the subnet mask in its route updates. And as you now know, the advertisement of subnet information allows us to use Variable Length Subnet Masks (VLSMs) ansummarization when designing our networks!EIGRP is sometimes referred to as a hybrid routing protocol because it has characteristics of both distance-vector and link-state protocols. For example, EIGRP doesn’t send link-state packets as OSPF does; instead, it sends traditional distance-vector updates containing information about networks plus the cost of reaching them from the perspective of the advertising router. And EIGRP has link-state characteristics as well—it synchronizes routing tables between neighbors at startup and then sends specific updates only when topology changes occur. This makes EIGRP suitable forvery large networks. EIGRP has a maximum hop count of 255 (the default is set to 100). There are a number of powerful features that make EIGRP a real standout from IGRP and other protocols. The main ones are listed here:

Support for IP and IPv6 (and some other useless routed protocols) via protocol dependent modules.

Considered classless (same as RIPv2 and OSPF). Support for VLSM/CIDR. Support for summaries and discontiguous networks. Efficient neighbor discovery. Communication via Reliable Transport Protocol (RTP). Best path selection via Diffusing Update Algorithm (DUAL).

Neighbor DiscoveryBefore EIGRP routers are willing to exchange routes with each other, they must become neighbors.There are three conditions that must be met for neighborship establishment:

Hello or ACK received AS numbers match Identical metrics (K values)

Let’s define some terms before we move on:Feasible distanceThis is the best metric along all paths to a remote network, including the metric to the neighbor that is advertising that remote network. This is the route that you will find in the routing table because it is considered the best path. The metric of a feasible distance is the metric reported by the neighbor (called

40

reported or advertised distance) plus the metric to the neighbor reporting the route.Reported/advertised distanceThis is the metric of a remote network, as reported by a neighbor. It is also the routing table metric of the neighbor and is the same as the second number in parentheses as displayed in the topology table, the first number being the feasible distance.Neighbor tableEach router keeps state information about adjacent neighbors. When a newly discovered neighbor is learned, the address and interface of the neighbor are recorded, and this information is held in the neighbor table, stored in RAM. There is one neighbor table for each protocol-dependent module. Sequence numbers are used to match acknowledgments with update packets. The last sequence number received from the neighbor is recorded so that out-of-order packets can be detected.Topology tableThe topology table is populated by the protocol-dependent modules and acted upon by the Diffusing Update Algorithm (DUAL). It contains all destinations advertised by neighboring routers, holding each destination address and a list of neighbors that have advertised the destination. For each neighbor, the advertised metric, which comes only from the neighbor’s routing table, is recorded. If the neighbor is advertising this destination, it must be using the route to forward packets.Feasible successorA feasible successor is a path whose reported distance is less than the feasible distance, and it is considered a backup route. EIGRP will keep up to six feasible successors in the topology table. Only the one with the best metric (the successor) is copied and placed in the routing table. The show ipeigrp topology command will display all the EIGRP feasible successor routes known to a router.SuccessorA successor route (think successful!) is the best route to a remote network. A successor route is used by EIGRP to forward traffic to a destination and is stored in the routing table. It is backed up by a feasible successor route that is stored in the topology table—if one is available. By using the feasible distance, and having feasible successors in the topology table as backup links, the networkcan converge instantly, and updates to any neighbor make up the only traffic sent from EIGRP.Reliable Transport Protocol (RTP)EIGRP uses a proprietary protocol called Reliable Transport Protocol (RTP) to manage the communication of messages between EIGRP-speaking routers. And as the name suggests, reliability is a key concern of this protocol.

Diffusing Update Algorithm (DUAL)EIGRP uses Diffusing Update Algorithm (DUAL) for selecting and maintaining the best path to each remote network. This algorithm allows for the following:

Backup route determination if one is available Support of VLSMs Dynamic route recoveries Queries for an alternate route if no route can be found

41

DUAL provides EIGRP with possibly the fastest route convergence time among all protocols. The key to EIGRP’s speedy convergence is twofold: First, EIGRP routers maintain a copy of all of their neighbor’s routes, which they use to calculate their own cost to each remote network. If the best path goes down, it may be as simple as examining the contents of the topology table to select the best replacement route. Second, if there isn’t a good alternative in the local topology table, EIGRProuters very quickly ask their neighbors for help finding one. Relying on other routers and leveraging the information they provide accounts for the “diffusing” character of DUAL.

EIGRP MetricsAnother thing about EIGRP is that unlike many other protocols that use a single factor to compareroutes and select the best possible path, EIGRP can use a combination of four:

Bandwidth Delay Load Reliability

Like IGRP, EIGRP uses only bandwidth and delay of the line to determine the best path to a remote network by default.

Configuring EIGRPConfiguration ExampleLet’s look at an example, to illustrate how to configure EIGRP on a router. Here’s the routing configuration of the router:Router(config)# router eigrp 200Router(config-router)# network 172.16.0.0Router(config-router)# network 10.0.0.0Troubleshooting EIGRPHere are some of the main commands used when viewing and troubleshooting EIGRP:

show ip protocols show ip route show ipeigrp neighbors show ipeigrp topology show ipeigrp traffic debug ipeigrp

9. ACCESS CONTROL LIST

The Cisco Access Control List (ACL) is are used for filtering traffic based on a given filtering criteria on a router or switch interface. Based on the conditions supplied by the ACL, a packet is allowed or blocked from further movement.Cisco ACLs are available for several types of routed protocols including IP, IPX, AppleTalk, XNS, DECnet, and others. However, we will be discussing ACLs pertaining to TCP/IP protocol only. ACLs for TCP/IP traffic filtering are primarily divided into two types:

Standard Access Lists, and Extended Access Lists

42

Standard Access Control Lists: Standard IP ACLs range from 1 to 99. A Standard Access List  allows you to permit or deny traffic FROM specific IP addresses. The destination of the packet and the ports involved can be anything. This is the command syntax format of a standard ACL.access-list access-list-number {permit|deny}{host|sourcesource-wildcard|any}Standard ACL example:access-list 10 permit 192.168.2.0 0.0.0.255This list allows traffic from all addresses in the range 192.168.2.0 to 192.168.2.255Note that when configuring access lists on a router, you must identify each access list uniquely by assigning either a name or a number to the protocol's access list.There is an implicit deny added to every access list. If you entered the command:

show access-list 10

The output looks like:access-list 10 permit 192.168.2.0 0.0.0.255access-list 10 deny any

Extended Access Control Lists: Extended IP ACLs allow you to permit or deny traffic from specific IP addresses to a specific destination IP address and port. It also allows you to have granular control by specifying controls for different types of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs began to use additional numbers (2000 to 2699).

The syntax for IP Extended ACL is given below:

access-list access-list-number {deny | permit} protocol source source-wildcarddestination destination-wildcard [precedence precedence]Note that the above syntax is simplified, and given for general understanding only.

Extended ACL example:

access-list 110 - Applied to traffic leaving the office (outgoing)access-list 110 permit tcp 92.128.2.0 0.0.0.255 any eq 80ACL 110 permits traffic originating from any address on the 92.128.2.0 network. The 'any' statement means that the traffic is allowed to have any destination address with the limitation of going to port 80. The value of 0.0.0.0/255.255.255.255 can be specified as 'any'.

43

Applying an ACL to a router interface:

After the ACL is defined, it must be applied to the interface (inbound or outbound). The syntax for applying an ACL to a router interface is given below:interface<interface>ip access-group {number|name} {in|out}An Access List may be specified by a name or a number. "in" applies the ACL to the inbound traffic, and "out" applies the ACL on the outbound traffic.Example:To apply the standard ACL created in the previous example, use the following commands:Rouer(config)#interface serial 0Rouer(config-if)#ip access-group 10 out

10. Network Address Translation

NAT allows private networks all over the world to use the same internal network numbers, while still allowing their users (or perhaps just some users) access to the Internet. In this way, NAT serves as a form of IP address conservation. Imagine how many IP addresses would be necessary if every single office around the world required IP addresses that were not duplicated anywhere else in the world! The addresses that private networks around the world use are the RFC 1918 private addresses, sometimes referred to as “1918 addresses”.  A word to the wise:  Know these, and know them cold.  I should be able to call you at 2AM and ask you what these are, and get an immediate response.  :) 

The RFC 1918 Private Addresses

 Class A 10.0.0.0 / 8Class B 172.16.0.0 / 12Class C 192.168.0.0 /16

 Note that the masks used with the RFC 1918 private addresses are NOT the default masks for Class A, B, and C. These IP addresses are not used on any public networks. By public networks, we mean networks connected to the Internet.  It’s my experience that the Class C 1918 addresses are the most commonly used by offices, banks, and other organizations. If a bank and a school in your home city are both using the 192.168.0.0 /16 network on their internal networks, there’s no problem until some of the users on either network want to access the Internet.  

44

 What's Wrong With Private Addresses? Using private addresses is fine until a host using a private address wants to communicate with a device on the Internet.  In this situation, no user on a private network can successfully communicate with an Internet host. These networks can communicate with Internet hosts by using NAT. NAT stands for Network Address Translation, and that's exactly what is going to happen: the RFC 1918 source address is going to be translated to another address as it leaves the private network, and it will be translated back to its original address as the return data enters the private network. If a limited number of hosts on a private network need Internet access, static NAT may be the appropriate choice.  Static NAT maps a private address to a public one. In this example, there are three internal PCs on an RFC1918 private network. The router's ethernet0 interface is connected to this network, and the Internet is reachable via the Serial0 interface.The IP address of the serial interface is 210.1.1.1 /24, with all other addresseson the 210.1.1.0 /24 network available. Three static mappings are needed to use Static NAT.   Configuring the interfaces for Network Address Translation.  The Ethernet network is the “inside” network; the Serial interface leading to the Internet is the “outside” network. R3(config)#interface ethernet0R3(config-if)#ip address 10.5.5.8 255.0.0.0R3(config-if)#ipnat insideR3(config-if)#interface serial0R3(config-if)#ip address 210.1.1.1 255.255.255.0R3(config-if)#ipnat outside The static mappings are created and verified. R3#conf tR3(config)#ipnat inside source static 10.5.5.5 210.1.1.2R3(config)#ipnat inside source static 10.5.5.6 210.1.1.3R3(config)#ipnat inside source static 10.5.5.7 210.1.1.4 R3#show ipnat translationsPro Inside global      Inside local       Outside local      Outside global--- 210.1.1.2              10.5.5.5           ---                ------ 210.1.1.3              10.5.5.6           ---                ------ 210.1.1.4              10.5.5.7           ---                ---

R3#show ipnat statistics

Total active translations: 3 (3 static, 0 dynamic; 0 extended)

45

Outside interfaces: Serial0Inside interfaces: Ethernet0Hits: 0  Misses: 0Expired translations: 0

 “showipnat statistics” displays the number of static and dynamic mappings.

10.1 Types of Network Address Translation

Static NATThis type of NAT is designed to allow one-to-one mapping between local and global addresses. Keep in mind that the static version requires you to have one real Internet IP address for every host on your network.Dynamic NATThis version gives you the ability to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as you would using static NAT, but you do have to have enough real, bona-fide IP addresses for everyone who’s going to be sending packets to and receiving them from the Internet.OverloadingThis is the most popular type of NAT configuration. Understand that overloading really is a form of dynamic NAT that maps multiple unregistered IP addresses to single registered IP address—many-to-one—by using different ports. Now, why is this so special? Well because it’s also known asPort Address Translation (PAT) And by using PAT (NAT Overload),you get to have thousands of users connect to the Internet using only one real global IP address— pretty slick, yeah? Seriously, NAT Overload is the real reason we haven’t run out of valid IP address on the Internet.

NAT TermsNames MeaningInside local Name of inside source address before translationOutside local Name of destination host before translationInside globalName of inside host after translationOutside global Name of outside destination host after translation

46

In the example shown in Figure 1.2, host 10.1.1.1 sends an outbound packet to the border router configured with NAT. The router identifies the IP address as an inside local IP address destined for an outside network, translates the address, and documents the translation in the NAT table.The packet is sent to the outside interface with the new translated source address. The external host returns the packet to the destination host and the NAT router translates the inside global IP address back to the inside local IP address using the NAT table. This is as simple as it gets.Let’s take a look at a more complex configuration using overloading, or what is also referred to as Port Address Translation (PAT). I’ll use Figure 11.3 to demonstrate how PAT works. With overloading, all inside hosts get translated to one single IP address, hence the term overloading. Again, the reason we have not run out of available IP addresses on the Internet is because of overloading (PAT). Take a look at the NAT table in Figure 11.3 again. In addition to the inside local IP address and outside global IP address, we now have port numbers. These port numbers help the router identify which host should receive the return traffic.

Static NAT ConfigurationLet’s take a look at a simple basic static NAT configuration:ipnat inside source static 10.1.1.1 170.46.2.2!interface Ethernet0ip address 10.1.1.10 255.255.255.0ipnat inside

47

!interface Serial0ip address 170.46.2.1 255.255.255.0ipnat outside!In the preceding router output, theIp nat inside sourcecommand identifies which IPaddresses will be translated. In this configuration example, theipnat inside sourcecommandconfigures a statictranslation between the inside local IP address 10.1.1.1 to the outsideglobal IP address 170.46.2.2.

Dynamic NAT ConfigurationDynamic NAT means that we have a pool of addresses that we will use to provide real IP addresses to a group of users on the inside. We do not use port numbers, so we have to have real IP addresses for every user trying to get outside the local network. Here is a sample output of a dynamic NAT configuration:ipnat pool todd 170.168.2.2 170.168.2.25 netmask 255.255.255.0 ipnat inside source list 1 pool todd!interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ipnat inside!interface Serial0ip address 170.168.2.1 255.255.255.0ipnat outside!access-list 1 permit 10.1.1.0 0.0.0.255Theipnat inside source list 1 pool todd command tells the router to translateIP addresses that match access-list 1 to an address found in the IP NAT pool named todd.The access list in this case is not being used to permit or deny traffic as we would use it for security reasons to filter traffic. It is being used in this case to select or designate what we often call interesting traffic. When interesting traffic has been matched with the access list, it is pulled into the NAT process to be translated. This is a common use for access lists; they don’t always have the dull job of just blocking traffic at an interface. The ip nat pool todd 170.168.2.2 192.168.2.254 command creates a pool of addresses that will be distributed to those hosts that require NAT.

11. CDP

The Cisco Discovery Protocol (CDP) is a proprietary Data Link Layer network protocol developed by Cisco Systems. It is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address. CDP can also be used for On-Demand Routing, which is a method of including routing information in CDP

48

announcements so that dynamic routing protocols do not need to be used in simple network.Cisco devices send CDP announcements to the multicast destination address 01-00-0c-cc-cc-cc, out each connected network interface. These multicast packets may be received by Cisco switches and other networking devices that support CDP into their connected network interface. This multicast destination is also used in other Cisco protocols such as VTP. By default, CDP announcements are sent every 60 seconds on interfaces that support Subnetwork Access Protocol (SNAP) headers, including Ethernet, Frame Relay andAsynchronous Transfer Mode (ATM). Each Cisco device that supports CDP stores the information received from other devices in a table that can be viewed using the show cdpneighborscommand. This table is also accessible via snmp. The CDP table information is refreshed each time an announcement is received, and the holdtime for that entry is reinitialized. The holdtime specifies the lifetime of an entry in the table - if no announcements are received from a device for a period in excess of the holdtime, the device information is discarded (default 180 seconds).The information contained in CDP announcements varies by the type of device and the version of the operating system running on it. This information may include the operating systemversion, hostname, every address (i.e. IP address) from all protocol(s) configured on the port where CDP frame is sent, the port identifier from which the announcement was sent, device type and model, duplex setting, VTP domain, native VLAN, power draw (for Power over Ethernet devices), and other device specific information.

12. IPv6An Internet Protocol Version 6 address (IPv6 address) is a numerical label that is used to identify a network interface of a computer or other network node participating in an IPv6-enabled computer network.

IP addresses serve the purpose of uniquely identifying the individual network interface(s) of a host, locating it on the network, and thus permitting the routing of IP packets between hosts. For routing, IP addresses are present in fields of the packet header where they indicate source and destination of the packet.

IPv6 is the successor to the Internet's first addressing infrastructure, Internet Protocol version 4 (IPv4). In contrast to IPv4, which defined an IP address as

49

a 32-bit value, IPv6 addresses have a size of 128 bits. Therefore, IPv6 has a vastly enlarged address space compared to IPv4.

IPv6 address classesIPv6 addresses are classified by the primary addressing and routing methodologies common in networking: unicast addressing, anycast addressing, and multicast addressing.

A unicast address identifies a single network interface. The Internet Protocol delivers packets sent to a unicast address to that specific interface.

An anycast address is assigned to a group of interfaces, usually belonging to different nodes. A packet sent to an anycast address is delivered to just one of the member interfaces, typically the nearest host, according to the routing protocol’s definition of distance. Anycast addresses cannot be identified easily, they have the same format of unicast addresses, and differ only by their presence in the network at multiple points. Almost any unicast address can be employed as an anycast address.

A multicast address is also used by multiple hosts, which acquire the multicast address destination by participating in the multicast distribution protocol among the network routers. A packet that is sent to a multicast address is delivered to all interfaces that have joined the corresponding multicast group.

Address Format

An IPv6 address consists of 128 bits.[1] Addresses are classified into various types for applications in the major addressing and routing methodologies: unicast, multicast, and anycast networking. In each of these, various address formats are recognized by logically dividing the 128 address bits into bit groups and establishing rules for associating the values of these bit groups with special addressing features.

Presentation

50

An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). An example of an IPv6 address is:

2001:0db8:85a3:0000:0000:8a2e:0370:7334

The hexadecimal digits are case-insensitive when used, but should be represented in lower case.

The full representation of eight 4-digit groups may be simplified by several techniques, eliminating parts of the representation.

13. WAN

A Wide Area Network (WAN) is a telecommunication network that covers a broad area (i.e., any network that links across metropolitan, regional, or national boundaries). Business and government entities utilize WANs to relay data among employees, clients, buyers, and suppliers from various geographical locations. In essence this mode of telecommunication allows a business to effectively carry out its daily function regardless of location.

WAN Connection TypesHere’s a list explaining the different WAN connection types:Leased linesThese are usually referred to as a point-to-point or dedicated connection. A leased line is a pre-established WAN communications path that goes from the CPE through the DCE switch, then over to the CPE of the remote site. The CPE enables DTE networks to communicate at any time with no cumbersome setup procedures to muddle through before transmitting data. When you’ve got plenty of cash, this is really the way to go because it uses synchronous serial lines up to 45Mbps. HDLC and PPP encapsulations are frequently used on leased lines; I’ll go over them with you in detail in a bit.Circuit switchingWhen you hear the term circuit switching, think phone call. The big advantage is cost—you only pay for the time you actually use. No data can transfer before an end-to-end connection is established. Circuit switching uses dial-up modems or ISDN and is used for low-bandwidth data transfersPacket switchingThis is a WAN switching method that allows you to share bandwidth with other companies to save money. Packet switching can be thought of as a network that’s designedto look like a leased line yet charges you more like circuit switching. But less cost isn’t always better— there’s definitely a downside: If you need to transfer data constantly, just forget about this option. Instead, get yourself a leased line. Packet switching will only work for you if your data transfers are the bursty type—not continuous. Frame Relay and X.25 are packet-switching technologies with speeds that can range from 56Kbps up to T3 (45Mbps).

WAN protocolsFrame RelayA packet-switched technology that made its debut in the early 1990s, Frame Relay is a high-performance Data Link and Physical layer specification. It’s

51

pretty much a successorto X.25, except that much of the technology in X.25 used to compensate for physicalerrors (noisy lines) has been eliminated. An upside to Frame Relay is that it can be more costeffective than point-to-point links, plus it typically runs at speeds of 64Kbps up to 45Mbps(T3). Another Frame Relay benefit is that it provides features for dynamic bandwidth allocationand congestion control.ISDNIntegrated Services Digital Network (ISDN) is a set of digital services that transmit voiceand data over existing phone lines. ISDN offers a cost-effective solution for remote userswhoneed a higher-speed connection than analog dial-up links can give them, and it’s also a goodchoice to use as a backup link for other types of links like Frame Relay or T1 connections.LAPBLink Access Procedure, Balanced (LAPB) was created to be a connection-orientedprotocol at the Data Link layer for use with X.25, but it can also be used as a simple data link transport. A not-so-good characteristic of LAPB is that it tends to create a tremendous amount of overhead due to its strict time-out and windowing techniques.LAPDLink Access Procedure, D-Channel (LAPD) is used with ISDN at the Data Link layer (layer 2) as a protocol for the D (signaling) channel. LAPD was derived from the Link Access Procedure, Balanced (LAPB) protocol and is designed primarily to satisfy the signaling requirements of ISDN basic access.

HDLCHigh-Level Data-Link Control (HDLC) was derived from Synchronous Data LinkControl (SDLC), which was created by IBM as a Data Link connection protocol. HDLCworks at the Data Link layer and creates very little overhead compared to LAPB. It wasn’t intended to encapsulate multiple Network layer protocols across the same link—the HDLC header doesn’t contain any identification about the type of protocol being carried inside the HDLC encapsulation. Because of this, each vendor that uses HDLC has its own wayof identifying the Network layer protocol, meaning each vendor’s HDLC is proprietary with regard to its specific equipment.PPPPoint-to-Point Protocol (PPP) is a pretty famous, industry-standard protocol. Because all multiprotocol versions of HDLC are proprietary, PPP can be used to create point to-point links between different vendors’ equipment. It uses a Network Control Protocol field in the Data Link header to identify the Network layer protocol and allows authentication and multilink connections to be run over asynchronous and synchronous links.PPPoEPoint-to-Point Protocol over Ethernet encapsulates PPP frames in Ethernet framesand is usually used in conjunction with ADSL services. It gives you a lot of the familiar PPP features like authentication, encryption, and compression, but there’s a downside—it has a lower maximum transmission unit (MTU) than standard Ethernet does, and if your firewall isn’t solidly configured, this little attribute can really give you some grief! Still somewhat popular in the United

52

States, PPPoE on Ethernet’s main feature is that it adds a direct connection to Ethernet interfaces while providing DSL support as well. It’s often used by many hosts on a shared Ethernet interface for opening PPP sessions to various destinations via at least one bridging modem.

14. Routing with OSPF using Extended ACL & NAT

OSPF configuration:Giving ip address:

Router>EnableRouter#Configure TerminalRouter(config)#hostname TCMCE-ROUTERTCMCE-ROUTER(config)#INTERface S0/3/0TCMCE-ROUTER(config-if)# ip address 192.168.1.1 255.255.255.0TCMCE-ROUTER (config-if)#no shTCMCE-ROUTER (config-if)#exit

Router(config)#hostname MDU-ROUTERMDU-ROUTER(config)#INTERface S0/3/0MDU-ROUTER(config-if)# ip address 192.168.1.2 255.255.255.0MDU-ROUTER (config-if)#no shMDU-ROUTER (config-if)#exit

53

MDU-ROUTER(config)#INTERface S1/0MDU-ROUTER(config-if)# ip address 192.168.2.2 255.255.255.0MDU-ROUTER (config-if)#no shMDU-ROUTER (config-if)#exit

MDU-ROUTER(config)#INTERface S1/1MDU-ROUTER(config-if)# ip address 192.168.3.2 255.255.255.0MDU-ROUTER (config-if)#no shMDU-ROUTER (config-if)#exit

MDU-ROUTER(config)#INTERface S1/2MDU-ROUTER(config-if)# ip address 192.168.4.2 255.255.255.0MDU-ROUTER (config-if)#no shMDU-ROUTER (config-if)#exit

MDU-ROUTER(config)#INTERface S1/3MDU-ROUTER(config-if)# ip address 192.168.5.2 255.255.255.0MDU-ROUTER (config-if)#no shMDU-ROUTER (config-if)#exit

Router(config)#hostname DITM-ROUTERDITM -ROUTER(config)#INTERface S0/3/1DITM -ROUTER(config-if)# ip address 192.168.2.1 255.255.255.0DITM -ROUTER (config-if)#no shDITM -ROUTER (config-if)#exit

Router(config)#hostname AICTE-ROUTERAICTE -ROUTER(config)#INTERface S0/3/1AICTE -ROUTER(config-if)# ip address 192.168.3.1 255.255.255.0AICTE -ROUTER (config-if)#no shAICTE -ROUTER (config-if)#exit

Router(config)#hostname SBIT-ROUTERSBIT -ROUTER(config)#INTERface S0/3/1SBIT -ROUTER(config-if)# ip address 192.168.4.1 255.255.255.0SBIT -ROUTER (config-if)#no shSBIT -ROUTER (config-if)#exit

Router(config)#hostname MHRD-ROUTERMHRD -ROUTER(config)#INTERface S0/3/1MHRD -ROUTER(config-if)# ip address 192.168.5.1 255.255.255.0MHRD -ROUTER (config-if)#no shMHRD -ROUTER (config-if)#exit

Routing with OSPF:

TCMCE-ROUTER(config)# router ospf 100

54

TCMCE-ROUTER(config-router)# network 192.168.1.0 0.0.0.255 area 0TCMCE-ROUTER(config-router)# network 10.1.0.0 0.0.0.255 area 0TCMCE-ROUTER(config-router)# network 10.2.0.0 0.0.0.255 area 0

MDU-ROUTER(config)# router ospf 100MDU-ROUTER(config-router)# network 192.168.1.0 0.0.0.255 area 0MDU-ROUTER(config-router)# network 192.168.2.0 0.0.0.255 area 0MDU-ROUTER(config-router)# network 192.168.3.0 0.0.0.255 area 0MDU-ROUTER(config-router)# network 192.168.4.0 0.0.0.255 area 0MDU-ROUTER(config-router)# network 192.168.5.0 0.0.0.255 area 0MDU-ROUTER(config-router)# network 10.3.0.0 0.0.0.255 area 0MDU-ROUTER(config-router)# network 10.4.0.0 0.0.0.255 area 0MDU-ROUTER(config-router)# network 10.13.0.0 0.0.0.255 area 0

DITM-ROUTER(config)# router ospf 100DITM-ROUTER(config-router)# network 192.168.2.0 0.0.0.255 area 0DITM-ROUTER(config-router)# network 10.5.0.0 0.0.0.255 area 0DITM-ROUTER(config-router)# network 10.6.0.0 0.0.0.255 area 0

AICTE-ROUTER(config)# router ospf 100AICTE-ROUTER(config-router)# network 192.168.3.0 0.0.0.255 area 0AICTE-ROUTER(config-router)# network 10.7.0.0 0.0.0.255 area 0AICTE-ROUTER(config-router)# network 10.8.0.0 0.0.0.255 area 0

SBIT-ROUTER(config)# router ospf 100SBIT-ROUTER(config-router)# network 192.168.4.0 0.0.0.255 area 0SBIT-ROUTER(config-router)# network 10.9.0.0 0.0.0.255 area 0SBIT-ROUTER(config-router)# network 10.10.0.0 0.0.0.255 area 0

MHRD-ROUTER(config)# router ospf 100MHRD-ROUTER(config-router)# network 192.168.5.0 0.0.0.255 area 0MHRD-ROUTER(config-router)# network 10.11.0.0 0.0.0.255 area 0MHRD-ROUTER(config-router)# network 10.12.0.0 0.0.0.255 area 0

Show commands:

TCMCE-ROUTER #sh ip route

55

TCMCE-ROUTER #sh ip route ospf

56

MDU-ROUTER #sh ip route

MDU-ROUTER #sh ip route osfp

57

DITM-ROUTER #sh ip route

DITM-ROUTER #sh ip route ospf

58

AICTE-ROUTER #sh ip route

AICTE-ROUTER #sh ip route ospf

59

SBIT-ROUTER #sh ip route

SBIT-ROUTER #sh ip route ospf

60

MHRD-ROUTER #sh ip route

MHRD-ROUTER #sh ip route ospf

61

ACL EXTENDED:Extended access lists can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet. They can evaluate source and destination IP addresses, the protocol field in the Network layer header, and the port number at the Transport layer header. This gives extended access lists the ability to make much more granular decisions when controlling traffic.

CONFIGURE EXTENDED ACL:ROUTER1(config)#ip access-list extended acl1ROUTER1(config-ext-nacl)#deny tcp 192.168.1.192 0.0.0.63 hoROUTER1(config-ext-nacl)#deny tcp 192.168.1.192 0.0.0.63 host 192.168.1.2ROUTER1(config-ext-nacl)#permit tcp any anyROUTER1(config-ext-nacl)#192.168.1.192 0.0.0.63 host 192.168.1.2 eq 80ROUTER1(config-ext-nacl)#permit icmp any anyROUTER1(config-ext-nacl)#permit ip any anyROUTER1(config-ext-nacl)#permit udp any anyROUTER1(config-ext-nacl)#exitROUTER1(config)#interface s1/1ROUTER1(config-if)#ip access-group acl1 in

SHOW COMMAND:

ROUTER1#show access-lists

DHCP CONFIGURATION:The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for hosts on Internet Protocol (IP) networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The

62

most essential information needed is an IP address, and a default route and routing prefix. DHCP eliminates the manual task by a network administrator. It also provides a central database of devices that are connected to the network and eliminates duplicate resource assignments.

COMMAND:Router(config)#ip dhcp pool scope1Router(dhcp-config)#network 192.168.1.65 255.255.255.192Router(dhcp-config)#default-router 192.168.1.65Router(dhcp-config)#dns-server 192.168.1.2

Router#show dhcp server

WEB SERVER:Web servers are computers that deliver (serves up) Web pages. Every Web server has an IP address and possibly a domain name. For example, if you enter the URL http://www.pcwebopedia.com/index.html in your browser, this sends a request to the Web server whose domain name ispcwebopedia.com. The server then fetches the page named index.html and sends it to your browser.

Access web server for 192.168.1.128 network :

63

Web server blocked for 192.168.1.192 network:

Wi-fi configuration:Wi-Fi is a popular technology that allows an electronic device to exchange data wirelessly (using radio waves) over a computer network, including high-speed Internet connections. The Wi-Fi Alliance defines Wi-Fi as any "wireless local

64

area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards".[1] However, since most modern WLANs are based on these standards, the term "Wi-Fi" is used in general English as a synonym for "WLAN".

A device that can use Wi-Fi (such as a personal computer, video game console, smartphone, tablet, or digital audio player) can connect to a network resource such as the Internet via a wireless network access point. Such an access point (or hotspot) has a range of about 20 meters (65 feet) indoors and a greater range outdoors. Hotspot coverage can comprise an area as small as a single room with walls that block radio waves or as large as many square miles — this is achieved by using multiple overlapping access points.

Configuring access point:

Selecting SSID:

65

Giving wi-fi password:

Campus Network of MDU Affiliated And AICTE Approved Colleges And Institutes

66

Campus Network of TCMCE

Campus Network of DITM67

Campus Network of SBIT

Commands Used in Campus Network Management68

TCMCE-ROUTER>ENABLETCMCE-ROUTER#TCMCE-ROUTER#CONFIGURE TERMINALTCMCE-ROUTER(config)#INTERface F0/0TCMCE-ROUTER(config-if)#NO IP ADdress TCMCE-ROUTER(config-if)#NO SHutdown TCMCE-ROUTER(config-if)#EXITTCMCE-ROUTER(config-subif)#INTERface F0/0.1TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 1TCMCE-ROUTER(config-subif)#IP ADdress 10.1.0.1 255.255.255.0TCMCE-ROUTER(config-subif)#EXITTCMCE-ROUTER(config)#INTERface F0/0.2TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 2TCMCE-ROUTER(config-subif)#IP ADdress 10.2.0.1 255.255.255.0TCMCE-ROUTER(config-subif)#EXITTCMCE-ROUTER(config)#INTERface F0/0.3TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 3TCMCE-ROUTER(config-subif)#IP ADdress 10.3.0.1 255.255.255.0TCMCE-ROUTER(config-subif)#EXITTCMCE-ROUTER(config)#EXITTCMCE-ROUTER#TCMCE-ROUTER#CONFIGURE TERMINALTCMCE-ROUTER(config)#IP DHcp Pool KUMAR-1TCMCE-ROUTER(dhcp-config)#NEtwork 10.1.0.0 255.255.255.0TCMCE-ROUTER(dhcp-config)#DEfault-router 10.1.0.1TCMCE-ROUTER(dhcp-config)#DNs-server 10.1.0.10TCMCE-ROUTER(dhcp-config)#EXITTCMCE-ROUTER(config)#IP DHcp Pool KUMAR-2TCMCE-ROUTER(dhcp-config)#NEtwork 10.2.0.0 255.255.255.0TCMCE-ROUTER(dhcp-config)#DEfault-router 10.2.0.1TCMCE-ROUTER(dhcp-config)#DNs-server 10.2.0.10TCMCE-ROUTER(dhcp-config)#EXITTCMCE-ROUTER(config)#IP DHcp Pool KUMAR-3TCMCE-ROUTER(dhcp-config)#NEtwork 10.3.0.1 255.255.255.0TCMCE-ROUTER(dhcp-config)#DEfault-router 10.3.0.1TCMCE-ROUTER(dhcp-config)#DNs-server 10.3.0.10TCMCE-ROUTER(dhcp-config)#EXITTCMCE-ROUTER#TCMCE-ROUTER#CONFIGURE TERMINALTCMCE-ROUTER(config)#INTERface S0/3/0TCMCE-ROUTER(config-if)#IP ADdress 192.168.1.1 255.255.255.0TCMCE-ROUTER(config-if)#NO SHutdown TCMCE-ROUTER(config-if)#EXITTCMCE-ROUTER(config)#ROuter OSpf 100TCMCE-ROUTER(config-router)#NEtwork 192.168.1.0 0.0.0.255 Area 0TCMCE-ROUTER(config-router)#NEtwork 10.1.0.0 0.0.0.255 Area 0TCMCE-ROUTER(config-router)#NEtwork 10.2.0.0 0.0.0.255 Area 0TCMCE-ROUTER(config-router)#EXitTCMCE-ROUTER(config)#EXitTCMCE-ROUTER#

69

REFERENCES

CCNA by Todd Lammle

www.wikipedia.com

www.google.com

www.answer.com

http://www.cisco.com/web/learning/index.html

70

71