Вы находитесь на странице: 1из 42

128 64 6432 16 84 421 1 128 6432 32 16 84COMPANY 128 64 16 8 128 2 21

PROFILE

Jetking is an organization came into establishment in1947. Jetking is Indias number one Computer Hardware and Networking Institute. Birth and Evolution It took a lot of failure before mankind tasted technological success. Jetking evolved in tune with the changing face of technology. During 55 years in the field of electronic technology. Jetking successfully trained thousands of students to overcome failure for high paying careers.

1947. 1962. 1972. 1986. 1990. 1993. 1994. 1995. 1996.


1997 1998 1999 2008

Birth Pioneered Do-It-Yourself Kits in India Introduced Asia- 72, Fairchild and Wildcat transistors Became a Public Limited Company and also introduced entertainment Launched Jetking School of Electronics Technology Network of Jetking training centers spread all over India Opening of Jetking, Chandigarh Tie-up with Heath kit Educational System (U.S.A.) Introduced advanced courses on Pentium, Notebooks, Modems,

electronics product-T.V sets, Two-in-ones and amplifiers.

Email/Internet, LAN 4.X Novell Education Academic Partner Representative for International Correspondence School (ICS), USA in India Added cyber technology to the curriculum ISO 9001-2000 company and Authorized Microsoft online testing centre (VUE) for MS, CISCO, MCSA, MCSE, CCNA, A+ etc. Mr. Suresh G. Bharwani is the CHAIRMAN and MANAGING Director of

Jetking Infotrain Ltd. Indias leading Computer Hardware and Networking Institute. With the vision to promote and the conviction to deliver the widespread propagation of comp- uter hardware and networking education across the nation, Mr. Bharwani was the first to set up an

training institute offering innovative courses in computer hardware in 1990. Jetkings core competency lies in providing complete training and developing hardware engineers and professionals with sound technical knowledge. It focuses on the overall development of personality of an individual with emphasis on personality

development, presentation and communication skills, leadership skills etc. Jetking has established more than 125 operational centers and 250 faculties across the country and has trained over 3,50,000 students who have move onto the crave success- full career. With its alumni placed in the best of organizations in India and some abroad, Jetking,s vocational training and placement promises has helped build the career prospects of many young boys and girls. The company has been awarded the ISO 9000:2000 certification in 2008.The company has been awarded the Maharashtra IT Award for a key role in manpower activities in year 2006-07,it was felicitated with Franchise Award as Best Franchisor for the year 2007-08.Also,ranked 4th in the list of 26th hot franchises

as per outlook money magazine.


Mr. Suresh Bharwani was awarded with Pikes Peak Award by the Bob Pike Group USA for effective implementing smart lab plus for making technical training fun, faster and easier for non- technical person. Across all the sectors, industries are upgrading their information technology system. Industries ranging from plastics, chemicals, textiles and power to the automotive and telecom sector are now IT savy. Government and public sectors are going hi-tech with EDI and computer networks. The IT industry, software

companies, data centers, IT-enabled services providers are all equipped with advance IT system and networks. The increasing number of call centers, BPOs etc., have given a further boost to the hardware and networking industry. The courses in jetking comprises lecture and theory session, with a great focus on active participation through smart lab plus ,that focuses on audio visual and learning with hands-on training and equips students with an in depth domain knowledge that is technical; it also equips students with soft skills ,to face the multi-faceted challenges of corporate world. PLACEMENT: Jetking is the first and only institute that promises the 100% jobs guarantee to its students. The companies that have recruited jetkings students include: Samsung, Sun Micro system, IBM, Canon, Siement, reliance, TATA, Compaq HP invent, IT-T solutions, Videsh Sanchar Nigam Limited, D-Link, Novell, Dell, Wipro, LG, ICIC Infotech and several other MNCs.

Any student who has qualified his or her HSC/SSC examination is eligible to take up a course at jetking. The one year program Jetking certified hardware and networking professionals give 680 hours of in-depth knowledge to a student in Basic electronics and computer applications. Computer hardware and peripherals, window 2008 administrator and network administrator (soon it will be replaced with window server 2008).Apart frame technical knowledge there are personality development sessions which groom the students personality, their ability to perform better. Jetking, Indias leading hardware and networking training institute has trained over 3,00,000 students from its 125 centers spread across India. With its alumni placed in the best of organizations in India and some abroad, Jetking vocational training and placement promises has helped build the career prospects of many young boys and girls.

Jetking has partnered with some of the worlds most renowed names in networking to provide you with cutting edge courses and technologies. With academic partnerships with Microsoft, Comp TIA,LINUX, NOVELL, and person VUE . Jetking Chandigarh is a division of Hi-Tech point. Hi-Tech point is an ISO 9001-2000 IT company. It was established in year 1993 and run by a company of IT professionals. Jetking Chandigarh branch is considered to be the best centre among all centers. It has bagged number 1 center award consecutively for last 7 years. Here training on various fields is going on like Basic Electronic, Hardware, Networking, JCHNP Analog and Digital electronics and Hardware, RHCE, RHCSS, MNA, MCSE (Microsoft System Engineers), MCITP, MNA, CCNA (CISCO Certified Network Associate), CCNP(CISCO Certified Network Professional). Partnership with industry leaders like Microsoft and Red Hat Jetking ensure its students authentic courseware and technology.

NETWORKING

Introduction to networking
Networking is a practice of linking of two or more computing devices such as PCs, printers, faxes etc., with each other Connection between two devices is through physical media or logical media to share information, data and

resources. Networks are made with the hardware and software.

Cable/media

Fig 1: computer network Models of Networking


Model means the connectivity of two computers. We have many types of networking models. (i) (ii) (iii) Client Server Model Peer to Peer Model (Workgroup Model) Domain Model

(i)

Client Server Model


In a Client server model we have one server and many clients. A Client can

share the resources of server, but a server cannot share the resources on clients.On the point of view of administrator its very easy to control the network because we combine with the server also at security point of view. It is very useful because it

uses user level security in which users have to remember only one password to share the resources.

(ii) Peer to Peer Model (Workgroup Model)


In Peer to Peer networking model all computers are in equal status, that is we cannot manage centralization, administration secutity. In Peer to Perr networking client use operating system like Window 98, Window XP, Window 2000, Window Vista.

(iii) Domain Model


It is a mixture of client server and peer-to-peer model. In this clients can share their resources as peer-to-peer but with the permission of the server as in client server model therefore it is commonly used model because in this security is more as we can put restriction on both server and clients.

Difference between Workgroup & Domain

Table 1

Workgroup

Domain

1. It is a peer to peer networking model. 2. There is no client and no server. All the equal status. computers are in

1. It is a server based networking model. 2. There is a centralized dedicated server computer called domain controller which controls all other computers called clients.

3. This model is recommended for small networks, upto 10 computers. 4. There is no centralized

3. This model is recommended for large networks. 4. There is centralized administration and each PC can be administrated and managed from the server. 5. in this model high grade OS like

administrated separately.

5. In this model, low grade OS like 2000/XP professional, WIN 98 etc. can be used. 6. Users accounts Users. are created in

WIN 2000/2008 Server can be used.

6. Users accounts are created on the server side and are called Domain Users.

each PC and are called as Local

Categories of network 7

Networks can be categorized as per geographical area to be covered by the network. Computer network are divided into four categories includes: Local Area Network (LAN), Campus Area Network (CAN), Metropolitan Area Network (MAN) and Wide Area Network (WAN).

Local Area Network (LAN)


LAN is a computer network that is used to connect computers and work station to share data and resources such as printers or faxes. LAN is restricted to a small area such as home, office or college. Devices used in LAN are : HUB and switch. Media for LAN is UTP cables. Figure 1.2 shows how all work stations, server and printer are interconnected with the help of

the network device.

Fig 2: Local Area Network Types of LAN


used for data sharing, LANS are classified into Ethernet, Token Bus, Token Ring and Fiber Distributed Data Interface (FDDI).Figure 3.3 shows LAN classification. In LANs, data can be transferred using techniques like token passing. As per techniques

Fig 3: LAN classification Advantages of LAN


a). Provides communication in smaller networks, easy to install and configure. b). many users can share data or network elements at the same time which results in fast work.

Disadvantages of LAN
a). limited number of computers are connected in a LAN. b). LAN cannot cover large area. c). Network performance degrades as the number of users exceeds.

Campus Area Network (CAN)


Campus Area Network is a computer network made up of two or more LANs within a limited area. It can cover many buildings in an area. The main feature of CAN is that all of the computers which are connected together

have some relationship to each other e.g. different buildings in a campus can be connected using different CAN. It will help to interconnect academic departments, library and computer laboratories. CAN is larger than LAN but smaller than WAN. Figure 3.4 shows a CAN network.

Fig 4:

Campus Area Network

Devices used in CAN are : HUB, Switch, Layer-3 switch, Access Point .And the media used for CAN is Unshielded twisted pair of cables and Fiber Optics Cable.

Metropolitan Area Network (MAN)


MAN is the interconnection of networks in a city. MAN is not owned by a single organization. It act as a high speed network to allow sharing resources with in a city. MAN can also be formed by connecting remote LANs through telephone lines or radio links. MAN supports data and voice transmission. The best example of MAN is cable T.V network.

Wide Area Network (WAN)


WAN covers a wide geographical area which include multiple computers or LANs. It connects computer networks through public networks like, telephone system, microwave, satellite link or leased line.

10

Most of the WANs use leased lines for internet access as they provide faster data transfer. WAN helps an organization to establish network between all its departments and offices located in the same or different cities. It also enables communication between the organization and rest world.

Devices used in WAN is only Router

IP ADDRESSES and MAC Addresses


It is also called as logical addresses. IP is a 32 bit long and it is divided into 4 octets and dot (.) is used to separate one octet from another. It is represented in the form of decimals. There are two versions of IP addresses:

IPv4 IPv6 Table 2 Comparison between IPv4 and IPv6 IPv4 IPv6 performs It is 128 bit long. It is divided doesnt into 16

It is 32 bit long. It is divided into 4 octets. Ipv4 and unicasting.

octets. IPv6 support and support broadcasting, it performs

broadcasting, multicasting

IPv4

is

divided

into

multicasting unicasting.

classes: A to E. IPv4 is in decimal form.

Ipv6 classes.

doesnt

IPv6 is in hexadecimal form.

11

IP Address Classes Address Classes

Address Class

Startin g Bits (firstbyte)

Range First Octet

of Mask Value

Valid Hosts

Class A

1to 127

255.0.0.0

256*256*256-2= 16,777,214

Class B

10

128 to 191

255.255.0. 0

256*256-2=65,534

12

Class C

110

192 to 223

255.255.25 5.0

256-2

Class D

1110

224 to 239

Reserved for multicasting

Class E

1111

240 to 255

Reserved development

for

research

and

13

Table 3: Address Classes `

How to Assign IP Address to Computer


An IP address assigned to a computer may either be permanent address or address that is assigned to a computer on a time lease or for temporary basis. Hence, the address granted to computers is divided into two categories Dynamic IP addresses and Static addresses.

Dynamic IP Addresses
Dynamic IP addresses are assigned to the devices that require temporary connectivity to the network or non-permanent devices such as portable computer. The most common protocol used for assigning Dynamic IP address is DHCP also called Dynamic Host Configuration Protocol. The DHCP grants IP address to the computer on lease basis.

Static IP Addresses
Static IP addresses are assigned to the device on the network whose existence in the network remains for a longer duration. These static IP addresses are semi-permanent IP addresses which remain allocated to a specific device for longer time e.g. Server.

How to Configure IP Address in window 2008 14

Right click on My Network Places- properties right click on working LAN card- properties select internet protocol (TCP/IP) -properties Tick on- Use the following IP addresses - now fill the IP address e.g 10.0.0.1 Tick on Use the following DNS server address Fill the preferred DNS server 10.0.0.1 Ok Close Now check the connectivity of computer with itself with command

Start-run-cmd-ping 10.0.0.1

MAC Addressing
MAC address is a hardware address that is embedded in the NIC card. It is also known as hardware address or physical address. Every NIC card has a unique MAC address assigned by IEEE. Mac address is used to identify the nodes at lower levels of OSI model. The MAC address operates at the data link layer of the OSI model. MAC address is a 12 digit hexadecimal number (48 bit address). It is made up of numbers from 0-9 or a letter from A-F. MAC address can be written in any one of the formats: MM:MM:MM:SS:SS:SS MM:MM:MM:SS:SS:SS

T o identify the MAC address in window:

Click Start Run Enter cmd in the Open text book Type ipconfig /all

15

Press Enter

The 12 digit MAC address will be shown as say 00:11:11:EA:8D:F6

NETWORKING MEDIA
To do networking we need to use some type of media. There are many types of media. (i) (ii) Coaxial Cable Fiber optic cable

(iii)Twisted Pair of Cables


(iv) Micro- wave

(iv) Satellite
Coaxial Cable Coaxial cable consists of an insulated copper conductor surrounded by a tube shaped copper braid outer copper tune and the inner conductor have the same axis of curvature hence it called coaxial cable. It is basically of two types:

(i) Base Band Cable (RG 59) (ii) Broad Band Cable (RG 58)
We used Base Band signal cable in Networking of Computers, It is so called because it carries single frequency. Its speed is 10 Mbps and impedance is 50 . Where as Broad Band Cables carries multiple frequencies. Connector used for Coaxial cable is BNC(British Novel Connector) connector. ARCnet uses RG-62 coaxial cable. It has an impedance of 93 and has a comparatively lesser attenuation, hence yield greater distances. These cables are expensive and provide high propagation factor.

Fiber Optical Cable

16

propagation factor than coaxial cable. It is a costly but more secure transmission media.
Fiber optic cable consists of a very fine fiber made from two types of glass, one for the inner core and the other for the outer layer. Here signal is transmitted in the form of light. Different varieties of fiber optics is used depending on the size of the network. Single mode fiber optics is used for networks spanning longer distance. Fiber Optics has lower Twisted Pair Cable There are two wires, which are twisted with each other to avoid EMI (Electro Magnetic Induction).these cables are easy to terminate. However they have a slightly higher value of attenuation value and hence have limited distance covering capacity. Connector used for Twisted Pair of Cable is (Registered Jack) RJ-45 and RJ-11. There are two types of twisted pair of cables:

STP (Shielded Twisted Pair): In this an extra wire which is called shielded wire is wrapped over the

inner cover which holds copper in pairs. This protection is used to protect signal from external noise.

noise.

UTP (Unshielded Twisted Pair) In this type of wire no shielded cover is there for extra protection from There are different categories of UTP cables: Categories of UTP Cables Table 4: Category and Speed of UTP cables

Category

Speed

17

CAT-1 CAT-2 CAT-3 CAT-4 CAT-5 CAT-6 CAT-7

56 Kbps 4 Mbps 10 Mbps 16-20 Mbps 100 Mbps 1Gbps 1Gbps

Ethernet Cabling
There are three types of Ethernet cables:

Straight cable Crossover cable Rolled cable

Straight cable
It is used when we have to connect

PC TO Switch PC to Hub Hub to Router

Switch to Router

Color Coding for straight Cable TABLE 5 18

568A (one end)


Green/white Green Orange/white Blue Blue/white Orange Brown/white Brown

568B (one end)


Orange/white Orange Green/white Blue Blue/white Green Brown/white Brown

(other end)
Green/white Green Orange/white Blue Blue/white Orange Brown/white Brown

(other end)
Orange/white Orange Green/white Blue Blue/white Green Brown/white Brown

Crossover Cable
It is used when we have to connect:

PC to PC Hub to Hub Switch to switch Router to Router PC to Router Hub to Switch

Table 6

Color Coding for Crossover cable

19

(one end)

(other end)

Orange/white Orange Green/white Blue Blue/white Green Brown/white Brown

Green/white Green Orange/white Blue Blue/white Green Brown/white Brown

Rollover Cable
Rollover cable isnt used to connect any Ethernet connections together, but Rollover cable can be used to connect a host to a router console serial communication (com) port. NOTE: Straight cable and Cross cables are used for data transfer but Rollover cables are not used for data transfer. There are two methods for manufacturing Rollover cables:

Table 7

Color Coding for Rollover Cable

20

568A

568B

(one end)

(other end)

(one end)

(other end)

Green/white Green Orange/white Blue Blue/white Orange Brown/white Brown

Brown Brown/white Orange Blue/white Blue Orange/white Green Green/white

Orange/white Orange Green/white Blue Blue/white Green Brown/white Brown

Brown Brown/white Green Blue/white Blue Green/white Orange Orange/white

21

OSI REFERENECE MODEL

The OSI model is the very heart of networking with every layer performing a specific task in order to facilitate data communications. In the world of networking the first four (4) layers is the focus. They define the following:

What type and speed of LAN and WAN media to be implemented How data is sent across the media What type of addressing schemes will be used. How data will be reliably sent across the network and how flow control will be accomplished What type of routing protocol will be implemented 22

Why a Layered Network Model?


Reduces complexity Standardizes interfaces Facilitates modular engineering Ensures interoperable technology Accelerates evolution Simplifies teaching and learning

The OSI model - seven numbered layers indicate distinct functions. In the Transmission Control Protocol/Internet Protocol (TCP/IP), the distinct functions fit into five named layers. This separation of networking functions is called "layering". OSI Layer Functions: 7. APPLICATION (Network processes to applications) The application layer provides network services to user applications. For example, a word processing application is serviced by file transfer services at this layer. 6. PRESENTATION (Data representation) This layer provides data representation and code formatting. It ensures that the data that arrives from the network can be used by the application, and it ensures that information sent by the application can be transmitted on the network. 5. SESSION (Interhost communication) This layer establishes, maintains, and manages sessions between applications. 4. TRANSPORT (End-to-end connections) This layer segments and reassembles data into a data stream. This layer uses the TCP protocol. 3. NETWORK (Addresses and best path) This layer determines the best way to move data from one place to another. The router operates at this layer. This layer uses the IP addressing scheme. 2. DATA LINK (Access to media) This layer provides physical transmission across the medium. It handles error notification, network topology, and flow control. This layer uses the Media Access Control (MAC) address. 1. PHYSICAL (Binary transmission) This layer provides the electrical, mechanical, procedural, and functional means for activating and maintaining the physical link between systems. This layer uses the physical media like twisted pair, coaxial, and fiberoptic cable.

23

24

Introduction to Router

A network device that forwards packets from one network to another. Based on internal routing tables, routers read each incoming packet and decide how to forward it. To which interface on the router outgoing packets are sent may be determined by any combination of source and destination address as well as current traffic conditions (load, line costs, bad lines, etc.).

Modes of Router When we access router command prompt the router will display different modes. According to the modes, privileges and rights are assigned to the user. User mode Router> In this mode, we can display basic parameter and status of the router we can test connectivity and perform telnet to other devices. In this mode we are not able to change and save router configuration. Privileged mode Router# In this mode, we can display all information, configuration, perform administration task, debugging, testing and connectivity with other devices. We are not able to perform here configuration editing of the router. The command to enter in this mode is enable. We have to enter enable password or enable secret password to enter in this mode. Enable secret has more priority than enable password. If both passwords are configured then only enable secret will work. Global configuration Route(config)# This mode is used for the configuration of global parameters in the router. Global parameters applied to the entire router. All the changes are performed in this mode. But here we cannot see and save the changes.

25

For e.g: - router hostname or access list of router, password, Banner, Routing, Security. The command to enter in this mode is configure terminal Line configuration mode In this mode we can set the password of the user mode, i.e to set user mode password .This mode is used to configure lines like console, vty and auxiliary. There are main types of line that are configured. (i) (ii) (iii) Console Router(config)#line console 0 Auxiliary Router(config)#line aux 0 Telnet or vty Router(config)#line vty 0 4 Interface configuration mode In this mode we can set ip addresses of the interfaces. This mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI etc. Router(config)#interface <type> <number> Router(config)#interface serial 1 Routing configuration mode This mode is used to configure routing protocol like RIP, EIGRP, OSPF etc. Router(config)#router <protocol> [<option>] Router(config)#router rip Router(config)#router eigrp 10

13.2.

Configuring Password

There are five types of password available in a router Console Password router#configure terminal router(config)#line console 0 router(config-line)#password <word>

26

router(config-line)#login router(config-line)#exit To erase password do all steps with no command. Vty Password router>enable router#configure terminal router(config)#line vty 0 4 router(config-line)#password <word> router(config-line)#login router(config-line)#exit Auxiliary Password router#configure terminal router(config)#line Aux 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exit Enable Password router>enable router#configure terminal router(config)#enable password <word> router(config)#exit Enable Secret Password Enable Password is the clear text password. It is stored as clear text in configuration where as enable secret password is the encrypted password. Router>enable Router#configure terminal Router(config)#enable secret <word> Router(config)#exit

27

Encryption all passwords All passwords other than enable secret password are clear text password. The command to encrypt all password are Router#configure terminal Router(config)#service password-encryption 3.13.5 Managing Configuration (i) (ii) Startup Configuration Running Configuration There are two types of configuration present in a router

Startup configuration is stored in the NVRAM. Startup configuration is used to save settings in a router. Startup configuration is loaded at the time of booting in to the Primary RAM. Running Configuration is present in the Primary RAM wherever we run a command for configuration, this command is written in the running configuration. To save configuration Router#copy running-configuration startup-configuration Or Router#write To abort configuration Router#copy startup-configuration running-configuration To display running-configuration Router#show running-configuration To display startup configuration Router#show startup-configuration Configuring Host Name Router#configure terminal Router(config)#hostname <name> <name>#exit or end or /\z Router#config terminal

28

Router(config)#hostname r1 R1(config)# Configuration Interfaces Interfaces configuration is one of the most important part of the router configuration. By default, all interfaces of Cisco router are in disabled mode. We have to use different commands as our requirement to enable and configure the interface. Router#configure terminal Router(config)#interface <type> <no> Router(config-if)#ip address <ip> <mask> Router(config-if)#no shutdown Router(config-if)#exit To display interface status Router#show interfaces (to show all interfaces) Router#show interface <type> <no> This command will display following parameters about an interface

(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12)

Status Mac address IP address Subnet mask Hardware type / manufacturer Bandwidth Reliability Delay Load ( Tx load Rx load) Encapsulation ARP type (if applicable) Keep alive

Configuring optional parameter on WAN interface

29

Router#configure terminal Router(config)#interfac <type> <no> Router(config-if)#encapsulation <protocol> Router(config-if)#clock rate <value> Router(config-if)#end Command displaying history of Router

To display commands present in history Router#show history To display history size Router#show terminal To change history size Router#config terminal Router(config)#line console 0 Router(config-if)#history size <value(0-256)> Router(config-if)#exit

Configuring Banners Banners are just a message that can appear at different prompts according to the type. Different banners are: -

Message of the day (motd) This banner appear at every access method Login Appear before login prompt Exec Appear after we enter to the execution mode Incoming Appear for incoming connections

Syntax:Router#config terminal

30

Router(config)#banner <delimation char> Router(config)# Example Router#config terminal

<type>

<delimation

char>Text

Massage

Router(config)#banner motd $ This router is distribution 3600 router connected to Reliance $ Router(config)# To set time in router We can configure router clock with the help of two methods:

(i) Configure clock locally (ii) Configure clock on NTP server (Network Time Protocol)
Router does not have battery to save the clock setting. So that clock will reset to the default on reboot. To display clock Router#show clock To configure clock Router#clock set hh:mm:ss day month year Router#clock set 7:15:10 9 June 2009 To configure clock from NTP server Router#config terminal Router(config)#ntp server <IP address> Router(config)#exit C:\>ping pool.ntp.org To get ntp server ip from internet C:\>route print

31

Network Address Translator (NAT) This is used when a end user's network only needs to have a few addresses available to access the Global Internet. A table is created on the router that lists 'inside' local addresses to 'inside'global addresses which are the legal IP addresses. This mapping can be done statically or via the use of a dynamic pool of available legal addresses. NAT provides the following advantages:

NAT saves public IP addresses. Because a client only needs a public IP address when it is communicating with the Internet, the pool of globally routable IP addresses can be shared with other clients. Therefore, you need fewer public IP addresses than the actual number of internal clients that need access to the public network if you use NAT. When your private IP address sends traffic through the NAT, this software translates the private address to the public address. This feature and the ability to translate both the IP address and port (NAT port mapping) make it possible, in many NAT implementations, to require only one public IP address. NAT hides the internal network's IP addresses. It simplifies routing. Since internal hosts are assigned IP addresses from the internal network, other internal systems can access them without special routes or routers. The same hosts are accessed from the public network through globally routable IP addresses translated by NAT. NAT is transparent to the client and, therefore, allows you to support a wider range of clients. NAT supports a wide range of services with a few exceptions. Any application that carries and uses the IP address inside the application does not work through NAT. The Universal Connection can flow through NAT.

The above are all good reasons to use NAT, but there are drawbacks to the technique as well. Some of these take away part of the benefit in certain items in the list above:
o

Complexity: NAT represents one more complexity in setting up and managing the network. It also makes troubleshooting more confusing due to address substitutions.

32

Problems Due to Lack of Public Addresses: Certain functions won't work properly due to lack of a real IP address in the client host machines. Compatibility Problems With Certain Applications: I said above that NAT was only mostly transparent. There are in fact compatibility issues with certain applications that arise because NAT tinkers with the IP header fields in datagrams but not in the application data. This means tools like FTP, which pass IP addresses and port numbers in commands, must be specially handled, and some applications may not work. Problems With Security Protocols: Protocols like IPSEC are designed to detect modifications to headers and commonly balk at the changes that NAT makes, since they cannot differentiate those changes from malicious datagram hacking. It is still possible to combine NAT and IPSec, but this becomes more complicated. Poor Support for Client Access: The lack of a public IP address for each client is a double-edged sword; it protects against hackers trying to access a host but also makes it difficult for legitimate access to clients on the local network. Peer-to-peer applications are harder to set up, and something like an organizational web site (accessed from the Internet as a whole) usually needs to be set up without NAT. Performance Reduction: Each time a datagram transitions between the private network and the Internet, an address translation is required. In addition, other work must be done as well, such as recalculating header checksums. Each individual translation takes little effort but when you add it up, you are giving up some performance.

Following are a number of different ways to implement NAT: Static Address Translation This is where one-to-one mapping is carried out between inside local and outside global addresses. Dynamic Source Address Translation This is where individual addresses within a pool of global addresses are dynamically mapped to local addresses.

33

NAT operation is illustrated in the following diagram:

For both static and dynamic NAT the process occurs as follows: An inside station connects to an outside station. When the first packet arrives from the inside station the router checks the NAT table. If no static match has been found the router carries out a translation of the inside address to an outside address from the available pool of outside addresses by replacing the address. The resultant mapping is saved as a 'simple entry'. The outside station receives the packet and replies to the outside address given by the NAT table. The router carries out a lookup in its table of inside to outside address mappings and forwards the packet to the station with the inside address. The packet is received and the rest of the conversation uses the NAT table. 34

Address Overloading (PAT) Sometimes called Port Address Translation (PAT), this is where each client uses the same IP address but uses a different port. A good example is access to a web server.Users from a private address, say in the 10.0.0.0 network, have their individual addresses translated to just one legal IP address but separate port numbers between 1024 and 65535. They can all have separate conversations with a web server having just one address and destination port of 80 (HTTP). This applies just as well if one user has several sessions with the same web server, the different port numbers distinguish the sessions. The process operates as follows: An inside station connects to an outside station. When the first packet arrives from the inside station the router checks the NAT table. If no static match has been found the router carries out a translation of the inside address to an outside address from the available pool of outside addresses by replacing the address. The resultant mapping is saved as an 'extended entry'. If other inside addresses wants to connect to outside stations then the same IP address is used but a different TCP port is utilised to distinguish the conversations. The outside station receives the packet and replies to the outside address given by the NAT table. The router carries out a lookup in its table of inside to outside address and port mappings and forwards the packet to the station with the inside address. The packet is received and the rest of the conversation uses the NAT table.

35

Static NAT Configuration LAB

10.0.0.1 F0/0

20.0.0.1 S0/0

20.0.0.2 S0/0

30.0.0.1 F0/0

Switch
10.0.0.2

1700 A

1700 B Switch

10.0.0.3 30.0.0.2 SERVER

1700A Router>enable Router#configuration terminal Router(config)#hostname 1700A 1700A(config)#interface Fast Ethernet 0/0 1700A(config-if)#ip address 10.0.0.1 255.0.0.0 1700A(config-if)#no shutdown 1700A(config)#interface Serial 0/0 1700A(config-if)#ip address 20.0.0.1. 255.0.0.0 1700A(config-if)#no shutdown 1700A(config-if)#exit 1700A(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2 1700A(config)#exit 1700A#show ip route 1700A#show ip interface brief 1700A#config t 1700A(config)#ip nat inside source static 10.0.0.2 20.0.0.1 1700A(config)#interface F0/0 1700A(config-if)#ip nat inside 1700A(config-if)#interface S0/0 1700A(config-if)#ip nat outside 36

1700A(config-if)#exit 1700A#debug ip nat ? 1700A#show ip nat translation 1700B Router>enable Router#configuration terminal Router(config)#hostname 1700B 1700B(config)#interface Fast Ethernet 0/0 1700B(config-if)#ip address 30.0.0.1 255.0.0.0 1700B(config-if)#no shutdown 1700B(config)#interface Serial 0/0 1700B(config-if)#ip address 20.0.0.2 255.0.0.0 1700B(config-if)#no shutdown

37

Dynamic NAT Configuration LAB

ISP
10.0.0.64 F0/0 20.0.0.1 S0/0 20.0.0.2 S0/0 30.0.0.1 F0/0

Switch
10.0.0.65

1700 A

Switch
30.0.0.2 200.200.200.0/24

10.0.0.66

Major Network ID 10.0.0.0/8 SERVER SERVER

Major Network ID in LAN 10.0.0.0 / 8 Need 62 IPs 2 6 = 64 2 = 62 Network Bits 6

10. NID - 10.0.0.64 FHID - 10.0.0.65 LHID - 10.0.0.126 BCID - 10.0.0.127 Subnetmask 255.255.255.192 ISP Provided ID 200.200.200.0 / 24 Need 6 IPs 2 3 = 8 2 = 6 Network 3 Bits

38

200. 200. 200. NID - 200.200.200.8 FHID - 200.200.200.9 LHID - 200.200.200.14 BCID - 200.200.200.15 Subnetmask 255.255.255.248 1700A Router>enable Router#configuration terminal Router(config)#hostname 1700A 1700A(config)#interface Fast Ethernet 0/0 1700A(config-if)#ip address 10.0.0.64 255.255.255.192 1700A(config-if)#no shutdown 1700A(config)#interface Serial 0/0 1700A(config-if)#ip address 20.0.0.1. 255.0.0.0 1700A(config-if)#no shutdown 1700A(config-if)#exit 1700A(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2 1700A(config)#exit 1700A#show ip route 1700A#show ip interface brief 1700A#config t 1700A(config)#access-list permit 1 10.0.0.64 0.0.0.63 1700A(config)#ip nat pool CCNA 200.200.200.9 200.200.200.14 255.255.255.248 1700A(config)#ip nat inside source list 1 pool CCNA 1700A(config)#interface F0/0 1700A(config-if)#ip nat inside 1700A(config-if)#interface S0/0 1700A(config-if)#ip nat outside 1700A(config-if)#exit 1700A#debug ip nat 1700A#show ip nat translation

netmask

1700B Router>enable Router#configuration terminal Router(config)#hostname 1700B 1700B(config)#interface Fast Ethernet 0/0 1700B(config-if)#ip address 30.0.0.1 255.0.0.0 39

1700B(config-if)#no shutdown 1700B(config)#interface Serial 0/0 1700B(config-if)#ip address 20.0.0.2 255.0.0.0 1700B(config-if)#no shutdown 1700B(config-if)#exit 1700B(config)#ip route 200.200.200.0 255.255.255.0 20.0.0.1 1700B(config)#exit 1700B#show ip route

40

PAT (Port Address Translation) Configuration LAB

ISP
10.0.0.1 F0/0 20.0.0.1 S0/0 20.0.0.2 S0/0 30.0.0.1 F0/0

Switch
10.0.0.2

1700 A

1700 B Switch

10.0.0.3 30.0.0.2 SERVER

1700A Router>enable Router#configuration terminal Router(config)#hostname 1700A 1700A(config)#interface Fast Ethernet 0/0 1700A(config-if)#ip address 10.0.0.1 255.0.0.0 1700A(config-if)#no shutdown 1700A(config)#interface Serial 0/0 1700A(config-if)#ip address 20.0.0.1. 255.0.0.0 1700A(config-if)#no shutdown 1700A(config-if)#exit 1700A(config)#ip route 0.0.0.0 0.0.0.0 20.0.0.2 1700A(config)#access-list 1 permit 10.0.0.0 0.255.255.25 1700A(config)#ip nat inside source list 1interface S0/0 overload 1700A(config)#interface F0/0 1700A(config-if)#ip nat inside 1700A(config-if)#interface S0/0 1700A(config-if)#ip nat outside

41

1700B Router>enable Router#configuration terminal Router(config)#hostname 1700B 1700B(config)#interface Fast Ethernet 0/0 1700B(config-if)#ip address 30.0.0.1 255.0.0.0 1700B(config-if)#no shutdown 1700B(config)#interface Serial 0/0 1700B(config-if)#ip address 20.0.0.2 255.0.0.0 1700B(config-if)#no shutdown

42

Вам также может понравиться