Академический Документы
Профессиональный Документы
Культура Документы
Submitted in partial fulfillment of the Requirements for the award of the degree
Of
Bachelor of Technology
In COMPUTER SCIENCE ENGENEERING IBRAHIM ZARGAR
2|Page
Acknowledgement
This project was one of the most productive & knowledgeable experience in my engineering carrier. I have learned so many new things during this project like how to work in a group ,leadership, how to use different skills and knowledge, group discussion etc. It provided me a golden opportunity to improve my basic skills and practical aspects which is the primary requirement of the todays companies and organizations. It gives me an immense pleasure to thank those people who have contributed directly or indirectly during the completion of this project. I would like to express my gratitude to MR. ASHUTOSH Sir for all time cooperation in guiding this project into final shape. Last but not the least, I wish to thank our College Principal and H.O.D. Sir to encourage me to complete this project.
(SUMIT CHANDEL)
3|Page
CERTIFICATE
This is to certify that the project report entitled NETWORK SYSTEM Submitted by SUMIT CAHNDEL, in the partial fulfillment of the requirement of the course of NETWORKING AND TECHNOLOGY in INFORMATION TECHNOLOGY embodies the Work done by them under my guidance.
4|Page
INDEX
Sr. No. 1 2 Topic Training Organization detail Introduction to Computer Networking Principles Building Blocks: The basic components of a network 3 4 5 6 7 8 9 10 11 12 OSI Model TCP/IP Cisco IOS Routing Table STP TCP/IP VLAN Access-Lists Network Address Translation Bibliography 19 - 21 22 - 25 26 - 30 31 - 32 33 - 34 35 - 36 37 - 38 39 - 40 41 - 44 45 - 45 Page 05 - 05 06 - 18
5|Page
CHAPTER-1
TRAINING ORGANISATION DETAIL
Department of Information Technology is the state level organization that provides all the software needs to the state of Himachal Pradesh. It is a national level government organization that provides training to young individuals in the field of Information Technology and Computer Science field. The entire software maintenance and development task is done by this very organization. DIT is a dynamic, growing institution, focused on the development of cutting edge solutions in the following domains: Health Informatics Multilingual Technologies Software Technologies Cyber Forensics and Security Multimedia Technologies
The organization inculcates the tangible need of flexible nature of software market. It has various plans to implement and to share with trainees. They make to work in some of the live projects of the state. So this is overall training to an individual here at DIT National Informatics Centre is the major player for the spread of IT in the State and Districts. The IT requirements at the District are being fulfilled by the District Informatics Centres of NIC established in each District.
6|Page
CHAPTER- 2
Computer Network
A computer network is interconnection of various computer systems located at different places. In computer network two or more computers are linked together with a medium and data communication devices for the purpose of communication data and sharing resources. The computer that provides resources to other computers on a network is known as server. In the network the individual computers, which access shared network resources, are known as nodes.
Types of Networks:
There are many different types of networks. However, from an end user's point of view there are two basic types: Local-Area Networks (LANs) The computers are geographically close together (that is, in the same building). Wide-Area Networks (WANs) The computers are farther apart and are connected by telephone lines or radio waves. In addition to these types, the following characteristics are also used to categorize different types of networks.
Other Definitions:
Topology
The geometric arrangement of computer system is termed as a topology. Common topologies include bus, star, and ring.
Protocol
The protocol defines a common set of rules and signals that computers on the network use to communicate. One of the most popular protocols for LANs is called Ethernet. Another popular LAN protocol for PCs is the IBM token-ring network.
Architecture
7|Page Networks can be broadly classified as using either peer-to-peer or client/server architecture. Computers on a network are sometimes called nodes. Computers and devices that allocate resources for a network are called servers.
LANs
LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANS over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN). Most LANs as shown in Figure connect workstations and personal computers. Each node (individual computer) in a LAN has its own CPU with which it executes programs, but it is also able to access data and devices anywhere on the LAN. This means that many users can share expensive devices, such as laser printers, as well as data. Users can also use the LAN to communicate with each other, by sending e-mail or engaging in chart sessions. There are many different types of LANs-token-ring networks, Ethernets, and ARCnets being the most common for PCs.
A Typical LAN LANs are capable of transmitting data at very fast rates, much faster than data can be transmitted over a telephone line; but the distance are limited, and there is also a limit on the number of computers that can be attached to a single LAN.
8|Page
WANs
A WAN is a computer network that spans a relatively large geographical area. Typically, A WAN consists of two or more local-area networks (LANs). Computers connected to a widearea network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.
DCE DTE WAN Connection WANs connect users and LANs spread between various sites, whether in the same city, across the country, or around the world. Remote access refers to a simple connection, usually dialled up over telephone lines as needed, between an individual user or very small branch office and a central network. Your campus gains access to the Internet through some type of remote connection. A single user can use a modem to dial up an Internet service provider (ISP). Multiple users within a campus might choose to rely on a router to connect to the ISP, who then connects the campus to the Internet. In general, LAN speeds are much greater than WAN and remote access speeds. For example, a single shared- Ethernet connection runs at 10 Mbps (mega means million). Todays fastest analogue modem runs at 56 kilobits per second (Kbps) (kilo means thousand) less than one percent of the speed of an Ethernet link. Even the more expensive, dedicated WAN services such as T1 lines dont compare (with bandwidth of 1.5 Mbps, a T1 lines has only 15 percent of the capacity of a single Ethernet link). For this reason, proper network design aims to keep most traffic localthat is, contained within one siterather than allowing that traffic.
Network Topologies
9|Page
As we have seen earlier, topology is the geometric arrangement of the computers in a network. Common topologies include star, ring and bus.
Star Network
The star network as shown in Fig 5.6 is frequently used to connect one or more small computers or peripheral devices to a large host computer or CPU. Many organizations use the star network or a variation of it in a time-sharing system, in which several users are able to share a central processor.
In a time-sharing setup, each terminal receives a fixed amount of the CPU's time, called a time slice. If you are sitting at a terminal and cannot complete your task during the time slice, the computer will come back to you to allow you to do so. Actually, because the CPU operates so much faster than terminals, you will probably not even notice that the CPU is away. By establishing time-sharing, many people in a large organization can use a centralized computing facility. Time-sharing can also be purchased from an outside service, which is an economical way to operate for a small company that cannot afford its own large computer. Star network is frequently used in a LAN to connect several microcomputers to a central unit that works as a communications controller. If the user of one microcomputer wants to send a document or message to a user at another computer, the message is routed through the central communications controller. Another common use of the star network is the feasibility of connecting several microcomputers to a mainframe computer that allows access to an organization's database. Access and control of star network typically is maintained by a polling system. Polling means that the central computer or communications controller "polls" or asks each device in the network if it has a message to send and then allows each in turn to transmit data.
Ring Network
The ring network is a Local Area Network (LAN) whose topology is a ring - can be as simple as a circle or point-to-point connections of computers at dispersed locations, with no central host computer or communications controller. That is, all of the nodes are connected in a closed loop. Messages travel around the ring, with each node reading those messages addressed to it. One of the advantages of ring networks is that they can span larger distance than other types of networks, such as bus networks, because each node regenerates messages as they pass through it.
10 | P a g e
Access and control of ring networks are typically maintained by a "token-passing" system. IBM's Token-Ring network is thought by some observers to be a watershed event comparable to the development of the IBM PCV itself, because the Token-Ring network is designed to link all types of computers together, including not only personal computers but also possible mini computes and mainframes.
Bus Network
Bus networks are similar to ring network that the ends are not connected. All communications are carried on a common cable or bus and are available to each device on the network.
Access and control of bus networks are typically maintained by a method called contention, whereby if a line is unused, a terminal or device can transmit its message at will, but if two or more terminals initiate messages simultaneously, they must stop and transmit again at different intervals.
Network Architecture
The term architecture can refer to either hardware or software, or a combination of hardware and software. The architecture of a system always defines its broad outlines, and may define precise mechanisms as well. An open architecture allows the system to be connected easily to devices and programs made by other manufacturers. Open architectures use off-the-shelf components and conform to approved standards. A system with a closed architecture, on the other hand, is one whose design is proprietary, making it difficult to connect the system to other systems. As we have seen before, network architectures can be broadly classified as using either peer-to-peer or client/server architecture.
11 | P a g e
Peer-to-peer Architecture
This is a type of network in which each workstation has equivalent capabilities and responsibilities. This differs from client/server architecture, in which some workstations are dedicated to serving the others. Peer-to-peer networks are generally simpler and less expensive, but they usually do not offer the same performance under heavy loads.
Client/Server Architecture
This is network architecture in which each computer or process on the network is either a client or a server. Servers are powerful computers or processors dedicated to managing disk drives (file servers), printers (print servers), or network traffic (network servers). Clients are less powerful PCs workstations on which users run applications. Clients rely on servers for resources, such as files, devices, and even processing power.
12 | P a g e In modern protocol design, protocols are "layered" according to the OSI 7 layer model or a similar layered model. Layering is a design principle which divides the protocol design into a number of smaller parts, each part accomplishing a particular sub-task and interacting with the other parts of the protocol only in a small number of well-defined ways. Layering allows the parts of a protocol to be designed and tested without a combinatorial explosion of cases, keeping each design relatively simple. Layering also permits familiar protocols to be adapted to unusual circumstances. The header and/or trailer at each layer reflect the structure of the protocol. Detailed rules and procedures of a protocol or protocol group are often defined by a lengthy document. For example, IETF uses RFCs (Request for Comments) to define protocols and updates to the protocols. A wide variety of communication protocols exists. These protocols were defined by many different standard organizations throughout the world and by technology vendors over years of technology evolution and development. One of the most popular protocol suites is TCP/IP, which is the heart of Internetworking communications. The IP, the Internet Protocol, is responsible for exchanging information between routers so that the routers can select the proper path for network traffic, while TCP is responsible for ensuring the data packets are transmitted across the network reliably and error free. LAN and WAN protocols are also critical protocols in network communications. The LAN protocols suite is for the physical and data link layers of communications over various LAN media such as Ethernet wires and wireless radio waves. The WAN protocol suite is for the lowest three layers and defines communication over various wide-area media, such as fiber optic and copper cables. Network communication has slowly evolved. Today's new technologies are based on the accumulation over years of technologies, which may be either still existing or obsolete. Because of this, the protocols which define the network communication are highly inter-related. Many protocols rely on others for operation. For example, many routing protocols use other network protocols to exchange information between routers. In addition to standards for individual protocols in transmission, there are now also interface standards for different layers to talk to the ones above or below (usually operating system specific). The protocols for data communication cover all areas as defined in the OSI model. However, the OSI model is only loosely defined. A protocol may perform the functions of one or more of the OSI layers, which introduces complexity to understanding protocols relevant to the OSI 7 layer model. In real-world protocols, there is some argument as to where the distinctions between layers are drawn; there is no one black and white answer. To develop a complete technology that is useful for the industry, very often a group of protocols is required in the same layer or across many different layers. Different protocols often describe different aspects of a single communication; taken together, these form a protocol suite. For example, Voice over IP (VOIP), a group of protocols developed by many vendors and standard organizations, has many protocols across the 4 top layers in the OSI model. Protocols can be implemented either in hardware or software or a mixture of both. Typically, the lower layers are implemented in hardware, with the higher layers being implemented in software. Protocols could be grouped into suites (or families, or stacks) by their technical functions, or origin of the protocol introduction, or both. A protocol may belong to one or multiple protocol suites, depending on how you categorize it. For example, the Gigabit Ethernet
13 | P a g e protocol IEEE 802.3z is a LAN (Local Area Network) protocol and it can also be used in MAN (Metropolitan Area Network) communications. Most recent protocols are designed by the IETF for Internetworking communications and by the IEEE for local area networking (LAN) and metropolitan area networking (MAN). The ITU-T contributes mostly to wide area networking (WAN) and telecommunications protocols. ISO has its own suite of protocols for internetworking communications, which is mainly deployed in European countries.
INTERNET BACKBONE
The Internet backbone refers to the principal data routes between large, strategically interconnected networks and core routers in the Internet. These data routes are hosted by commercial, government, academic and other high-capacity network centers, the Internet exchange points and network access points that interchange Internet traffic between the countries, continents and across the oceans of the world. Traffic interchange between the Internet service providers (often Tier 1 networks) participating in the Internet backbone exchange traffic by privately negotiated interconnection agreements, primarily governed by the principle of settlement-free peering.
Infrastructure
The internet backbone is a conglomeration of multiple, redundant networks owned by numerous companies. It is typically a fiber optic trunk line. The trunk line consists of many fiber optic cables bundled together to increase the capacity. The backbone is able to re route traffic in case of a failure. The data speeds of backbone lines have changed with the times. In 1998, all of the United States backbone networks had utilized the slowest data rate of 45 Mbps. However the changing technologies allowed for 41 percent of backbones to have data rates of 2,488 Mbps or faster by the mid 2000's. The FCC currently defines "high speed" as any connection with data speeds that exceed 200 kilobits per second. An Azerbaijani based telecommunication company, Delta Telecom, has recently developed a very efficient trunk line with possible speeds of to 1.6 terabits per second. Internet traffic from this line goes through
14 | P a g e the countries of Iran, Iraq and Georgia. Fiber-optic cables are the medium of choice for internet backbone providers for many reasons. Fiber-optics allow for fast data speeds and large bandwidth; they suffer relatively little attenuation, allowing them to cover long distances with few repeaters; they are also immune to crosstalk and other forms of EM interference which plague electrical transmission.
When their computers are joined in a network, people can share files and peripherals such as modems, printers, tape backup drives, and CD-ROM drives. When networks at multiple locations are connected using services available from phone companies, people can send e-mail, share links to the global Internet, or conduct videoconferences in real time with other remote users on the network.
Twisted-pair
15 | P a g e This wire comes in several standards. Unshielded twisted pair (UTP) Category 3 wire (also called 10BaseT) is often used for your phone lines, and UTP Category 5 (also called 10Base2) wire is the current networking standards. Coaxial resembles round cable TV wiring.
Fiber-optic
Usually reserved for connections between backbone devices in larger networks, though in some very demanding environments, highly fault resistant cable is used to connect desktop workstations to the network and to link adjacent buildings. Fiber-optic cable is the most reliable wiring but also the most expensive. For instance, Ethernet can useUTP Category 3 wiring. However, Fast Ethernet requires at least the higher-grade UTP Category 5 wiring. As a result, all new wiring installations should be Category 5.
Hubs
16 | P a g e Hubs, or repeaters, are simple devices that interconnect groups of users. Hubs forward any data packets they receive over one port from one workstationincluding e-mail, word processing documents, spreadsheets, graphics, or print requeststo all of their remaining ports. All users connected to a single hub or stack of connected hubs are in the same segment, sharing the hubs bandwidth or data-carrying capacity. As more users are added to a segment, they compete for a finite amount of bandwidth devoted to that segment.
Switches
Switches are smarter than hubs and offer more bandwidth. A switch forwards data packets only to the appropriate port for the intended recipient, based on information in each packets header. To insulate the transmission from the other ports, the switch establishes a temporary connection between the source and destination then terminates the connection when the conversation is done. As such, a switch can support multiple conversations and move much more traffic through the network than a hub. A single eight-port Ethernet hub provides a total of 10 megabits per second (Mbps) of data-carrying capacity shared among all users on the hub. A full-duplex, eight-port Ethernet switch can support eight 10-Mbps conversations at once, for a total data-carrying capacity of 160 Mbps. Full-duplex refers to simultaneous two-way communications, such as telephone communication. With half-duplex communications, data can move across the cable or transmission medium in just one direction at a time.
Routers
Compared to switches and bridges, routers are smarter still. Routers use a more complete packet address to which router or workstation should receive each packet. Based on a network roadmap called a routing table, routers can help ensure that packets are travelling the most efficient paths to their destinations. If a link between two routers goes down, the sending router can determine an alternate route to keep traffic moving. Routers also provide links between networks that speak different languagesor, in computer speak networks that use different protocols. Examples include IP (Internet Protocol), the IPX (Internet Packet Exchange Protocol), and AppleTalk. Routers not only connect networks in a single location or set of buildings, but they provide interfaces or socketsfor connecting to wide-area network (WAN) services. These WAN services, which are offered by telecommunications companies to connect geographically, dispersed networks.
17 | P a g e
Ethernets bandwidth or data-carrying capacity (also called throughput) is 10 Mbps. Fast Ethernet (or 100BaseT) works the same waythrough collision detectionbut it provides 10 times the bandwidth, or 100 Mbps. Shared Ethernet is like a single-lane highway with a 10Mbps speed limit (see diagrams below). Shared Fast Ethernet is like a much wider highway with a 100-Mbps speed limit; there is more room for cars, and they can travel at higher speeds. What would Switched Ethernet look like? A multilane highway with a speed limit of 10 Mbps in each lane, Switched Fast Ethernet also would be a multilane highway, but with a speed limit of 100 Mbps in each lane.
Ethernet Cabling
18 | P a g e
Although Ethernet networks originally used thick or thin coaxial cable, most installations currently use unshielded twisted pair (UTP) cabling. The UTP cable contains eight conductors, arranged in four twisted pairs, and is terminated with an RJ45 type connector. A normal straight-through UTP Ethernet cable follows the EIA568B standard wiring as described below. Category 5 Cable Quality Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 feet (ft.) or 100 meters (m) in length, divided as follows: 20 ft. (6 m) between the hub and the patch panel (if used) 295 ft. (90 m) from the wiring closet to the wall outlet 10 ft. (3 m) from the wall outlet to the desktop device The patch panel and other connecting hardware must meet the requirements for 100-Mbps operation (Category 5). Only 0.5 inch (1.5 cm) of untwist in the wire pair is allowed at any termination point. A twisted pair Ethernet network operating at 10 Mbits/second (10BASE-T) will often tolerate low-quality cables, but at 100 Mbits/second (10BASETx) the cable must be rated as Category 5, or Cat 5, by the Electronic Industry Association (EIA). This rating will be printed on the cable jacket. A Category 5 cable will meet specified requirements regarding loss and crosstalk. In addition, there are restrictions on maximum cable length for both 10- and 100Mbits/second networks.
CHAPTER 3
19 | P a g e
OSI MODEL
The Open Systems Interconnection model (OSI model) was a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a way of sub-dividing a communications system into smaller parts called layers. Similar communication functions are grouped into logical layers. A layer provides services to its upper layer while receiving services from the layer below. On each layer, an instance provides service to the instances at the layer above and requests service from the layer below.
20 | P a g e The Data Link Layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical Layer. Originally, this layer was intended for point-to-point and point-to-multipoint media, characteristic of wide area media in the telephone system. Local area network architecture, which included broadcast-capable multi-access media, was developed independently of the ISO work in IEEE Project 802. IEEE work assumed sub layering and management functions not required for WAN use. In modern practice, only error detection, not flow control using sliding window, is present in data link protocols such as Point-to-Point Protocol (PPP), and, on local area networks, the IEEE 802.2 LLC layer is not used for most protocols on the Ethernet, and on other local area networks, its flow control and acknowledgment mechanisms are rarely used.
21 | P a g e
CHAPTER 4
TCP/IP
22 | P a g e In the TCP/IP model of the Internet, protocols are deliberately not as rigidly designed into strict layers as the OSI model. However, TCP/IP does recognize four broad layers of functionality which are derived from the operating scope of their contained protocols, namely the scope of the software application, the end-to-end transport connection, the internetworking range, and lastly the scope of the direct links to other nodes on the local network. Even though the concept is different from the OSI model, these layers are nevertheless often compared with the OSI layering scheme in the following way: The Internet Application Layer includes the OSI Application Layer, Presentation Layer, and most of the Session Layer. Its end-to-end Transport Layer includes the graceful close function of the OSI Session Layer as well as the OSI Transport Layer. The internetworking layer (Internet Layer) is a subset of the OSI Network Layer (see above), while the Link Layer includes the OSI Data Link and Physical Layers, as well as parts of OSI's Network Layer. These comparisons are based on the original seven-layer protocol model as defined in ISO 7498, rather than refinements in such things as the internal organization of the Network Layer document. The presumably strict peer layering of the OSI model as it is usually described does not present contradictions in TCP/IP, as it is permissible that protocol usage does not follow the hierarchy implied in a layered model. Such examples exist in some routing protocols (e.g., OSPF), or in the description of tunneling protocols, which provide a Link Layer for an application, although the tunnel host protocol may well be a Transport or even an Application Layer protocol in its own right.
23 | P a g e
The five address classes are: Class A Class A addresses can have up to 16,777,214 hosts on a single network. They use an 8-bit network number and a 24-bit node number. Class A addresses are in this range: 1.x.x.x to 126.x.x.x. Class B Class B addresses can have up to 65,354 hosts on a network. A Class B address uses a 16-bit network number and a 16-bit node number. Class B addresses are in this range: 128.1.x.x to 191.254.x.x. Class C Class C addresses can have up to 254 hosts on a network. A Class C address uses a 24-bit network number and an 8-bit node number. Class C addresses are in this range: 192.0.1.x to 223.255.254.x. Class D Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are in this range: 224.0.0.0 to 239.255.255.255. Class E Class E addresses are for experimental use.
Net mask
In each of the address classes previously described, the size of the two parts (network address and host address) is implied by the class. This partitioning scheme can also be expressed by a netmask associated with the IP address. A netmask is a 32-bit quantity that, when logically combined (using an AND operator) with an IP address, yields the network address. For instance, the netmasks for Class A, B, and C addresses are 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively. For example, the address 192.168.170.237 is a Class C IP address whose network portion is the upper 24 bits. When combined (using an AND operator) with the Class C netmask, as shown here, only the network portion of the address remains: 11000000 10101000 10101010 11101101 (192.168.170.237) combined with: 11111111 11111111 11111111 00000000 (255.255.255.0) equals: 11000000 10101000 10101010 00000000 (192.168.170.0) As a shorter alternative to dotted-decimal notation, the netmask may also be expressed in terms of the number of ones from the left. This number is appended to the IP address, following a backward slash (/), as /n. In the example, the address could be written as 192.168.170.237/24, indicating that the netmask is 24 ones followed by 8 zeros.
24 | P a g e
25 | P a g e
Private IP Addresses
If youre local network is isolated from the Internet (for example, when using Network Address Translation, NAT, which is described below), you can assign any IP addresses to the hosts without problems. However, the IANA has reserved the following three blocks of IP addresses specifically for private networks: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Choose your private network number from this range.
CHAPTER 5
26 | P a g e
User EXEC Mode: When you are connected to the router, you are started in user EXEC mode. The user EXEC commands are a subset of the privileged EXEC commands. Privileged EXEC Mode: Privileged commands include the following: Configure Changes the software configuration. Debug Display process and hardware event messages. Setup Enter configuration information at the prompts. Enter the command disable to exit from the privileged EXEC mode and return to user EXEC mode.
Configuration Mode
27 | P a g e Configuration mode has a set of sub modes that you use for modifying interface settings, routing protocol settings, line settings, and so forth. Use caution with configuration mode because all changes you enter take effect immediately. To enter configuration mode, enter the command configure terminal and exit by pressing Ctrl-Z. Note: Almost every configuration command also has a no form. In general, use the no form to disable a feature or function. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. For example, IP routing is enabled by default. To disable IP routing, enter the no ip routing command and enter ip routing to re-enable it.
Getting Help
In any command mode, you can get a list of available commands by entering a question mark (?). Router>? To obtain a list of commands that begin with a particular character sequence, type in those characters followed immediately by the question mark (?). Router#co? configure connect copy To list keywords or arguments, enter a question mark in place of a keyword or argument. Include a space before the question mark. Router#configure ? memory Configure from NV memory network Configure from a TFTP network host terminal Configure from the terminal You can also abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh.]
Configuration Files
Any time you make changes to the router configuration, you must save the changes to memory because if you do not they will be lost if there is a system reload or power outage. There are two types of configuration files: the running (current operating) configuration and the startup configuration. Use the following privileged mode commands to work with configuration files. configure terminal modify the running configuration manually from the terminal. show running-config display the running configuration. show startup-config display the startup configuration. copy running-config startup-config copy the running configuration to the startup configuration. copy startup-config running-config copy the startup configuration to the running configuration.
28 | P a g e erase startup-config erase the startup-configuration in NVRAM. copy tftp running-config load a configuration file stored on a Trivial File Transfer Protocol (TFTP) server into the running configuration. copy running-config tftp store the running configuration on a TFTP server.
IP Address Configuration
Take the following steps to configure the IP address of an interface. Step 1: Enter privileged EXEC mode: Router>enable password Step 2: Enter the configure terminal command to enter global configuration mode. Router#config terminal Step 3: Enter the interface type slot/port (for Cisco 7000 series) or interface type port (for Cisco 2500 series) to enter the interface configuration mode. Example: Router (config)#interface ethernet 0/1 Step 4: Enter the IP address and subnet mask of the interface using the ip address ipaddress subnetmask command. Example, Router (config-if)#ip address 192.168.10.1 255.255.255.0 Step 5: Exit the configuration mode by pressing Ctrl-Z Router(config-if)#[Ctrl-Z] Routing Protocol Configuration Routing Information Protocol (RIP) Step 1: Enter privileged EXEC mode: Router>enable password Step 2: Enter the configure terminal command to enter global configuration mode. Router#config terminal Step 3: Enter the router rip command Router(config)#router rip Step 4: Add the network number to use RIP and repeat this step for all the numbers. Router(config-router)#network network-number Example: Router(config-router)#network 192.168.10.0 Note: To turn off RIP, use the no router rip command. Router(config)#no router rip Other useful commands Specify a RIP Version
29 | P a g e By default, the software receives RIP version 1 and version 2 packets, but sends only version 1 packets. To control which RIP version an interface sends, use one of the following commands in interface configuration mode:
To control how packets received from an interface are processed, use one of the following commands:
Open Shortest Path First (OSPF) Step 1: Enter privileged EXEC mode: Router>enable password Step 2: Enter the configure terminal command to enter global configuration mode. Router#config terminal Step 3: Enter the router ospf command and follow by the process-id. Router(config)#router ospf process-id Pick the process-id which is not being used. To determine what ids are being used, issue the show process command. Router(config)#show process Step 4: Add the network number, mask and area-id Router(config-router)#network network-number mask area area-id The network-number identifies the network using OSPF. The mask tells which bits to use from the network-number, and the area-id is used for determining areas in an OSPF configuration. Example: Router(config-router)#network 192.168.10.0 255.255.255.0 area 0.0.0.0 Repeat this step for all the network numbers. To turn off OSPF, use the following command. Router(config)#no router ospf process-id
30 | P a g e You are not required to alter any of these parameters, but some interface parameters must be consistent across all routers in an attached network.
Command
ip ospf cost cost ip ospf retransmit-interval seconds
Purpose
Explicitly specify the cost of sending a packet on an OSPF interface. Specify the number of seconds between link state advertisement retransmissions for adjacencies belonging to an OSPF interface. Set the estimated number of seconds it takes to transmit a link state update packet on an OSPF interface. Set router priority to help determine the OSPF designated router for a network. Specify the length of time, in seconds, between the hello packets that a router sends on an OSPF interface. Set the number of seconds that a routers hello packets must not have been seen before its neighbors declare the OSPF router down.
CHAPTER 6
31 | P a g e
ROUTING TABLE
In computer networking a routing table, or Routing Information Base (RIB), is a data structure in the form of a table-like object stored in a router or a networked computer that lists the routes to particular network destinations, and in some cases, metrics associated with those routes. The routing table contains information about the topology of the network immediately around it. The construction of routing tables is the primary goal of routing protocols. Static routes are entries made in a routing table by non-automatic means and which are fixed rather than being the result of some network topology 'discovery' procedure. Routing tables are generally not used directly for packet forwarding in modern router architectures; instead, they are used to generate the information for a smaller forwarding table which contains only the routes which are chosen by the routing algorithm as preferred routes for packet forwarding, often in a compressed or pre-compiled format that is optimized for hardware storage and lookup. The remainder of this article will ignore this implementation detail, and refer to the entire routing/forwarding information subsystem as the "routing table".
Basics
A routing table utilizes the same idea that one does when using a map in package delivery. Whenever a node needs to send data to another node on a network, it must know where to send it, first. If the node cannot directly connect to the destination node, it has to send it via other nodes along a proper route to the destination node. Most nodes do not try to figure out which route(s) might work; instead, a node will send an IP packet to a gateway in the LAN, which then decides how to route the "package" of data to the correct destination. Each gateway will need to keep track of which way to deliver various packages of data, and for this it uses a Routing Table. A routing table is a database which keeps track of paths, like a map, and allows the gateway to provide this information to the node requesting the information. With hop-by-hop routing, each routing table lists, for all reachable destinations, the address of the next device along the path to that destination; the next hop. Assuming that the routing tables are consistent, the simple algorithm of relaying packets to their destination's next hop thus suffices to deliver data anywhere in a network. Hop-by-hop is the fundamental characteristic of the IP Internetwork layer and the OSI Network Layer, in contrast to the functions of the IP End-to-End and OSI Transport Layers. Current router architecture separates the Control Plane function of the routing table from the Forwarding Plane function of the forwarding table.
Since in a network each node presumably possesses a valid routing table, routing tables must be consistent among the various nodes or routing loops can develop. This is particularly problematic in the hop-by-hop routing model in which the net effect of inconsistent tables in several different routers could be to forward packets in an endless loop. Routing
32 | P a g e Loops have historically plagued routing, and their avoidance is a major design goal of routing protocols.
CHAPTER 7
SWITCHES
33 | P a g e
Function
The network switch plays an integral part in most modern Ethernet local area networks (LANs). Mid-to-large sized LANs contain a number of linked managed switches. Small office/home office (SOHO) applications typically use a single switch, or an all-purpose converged device such as a gateway to access small office/home broadband services such as DSL or cable internet. In most of these cases, the end-user device contains a router and components that interface to the particular physical broadband technology. User devices may also include a telephone interface for VoIP. An Ethernet switch operates at the data link layer of the OSI model to create a separate collision domain for each switch port. With 4 computers (e.g., A, B, C, and D) on 4 switch ports, A and B can transfer data back and forth, while C and D also do so simultaneously, and the two conversations will not interfere with one another. In the case of a hub, they would all share the bandwidth and run in half duplex, resulting in collisions, which would then necessitate retransmissions. Using a switch is called micro segmentation. This allows computers to have dedicated bandwidth on a point-to-point connection to the network and to therefore run in full duplex without collisions.
Interconnection of different Layer 3 networks is done by routers. If there are any features that characterize "Layer-3 switches" as opposed to general-purpose routers, it tends to be that they are optimized, in larger switches, for high-density Ethernet connectivity. In some service provider and other environments where there is a need for a great deal of analysis of
34 | P a g e network performance and security, switches may be connected between WAN routers as places for analytic modules. Some vendors provide firewall, network intrusion detection, and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules. In other cases, the switch is used to create a mirror image of data that can go to an external device. Since most switch port mirroring provides only one mirrored stream, network hubs can be useful for fanning out data to several read-only analyzers, such as intrusion detection systems and packet sniffers.
Switch
A Switched Network
CHAPTER 8
STP
STP is a bridge-to-bridge protocol used to maintain a loop-free network.
35 | P a g e To maintain a loop-free network topology, STP establishes a root bridge, a root port, designated ports. and
With STP, the root bridge has the lowest BID, which is made up of the bridge priority and the MAC address. When STP is enabled, every bridge in the network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, the ports then stabilize to the forwarding or blocking state. If the network topology changes, STP maintains connectivity by transitioning some blocked ports to the forwarding state. RSTP significantly speeds the recalculation of the spanning tree when the network topology changes.
STP provides a loop-free redundant network topology by placing certain ports in the blocking state One root bridge per broadcast domain One root port per no root bridge One designated port per segment No designated ports are unused
36 | P a g e
BPDU (default = sent every two seconds Root bridge = bridge with the lowest bridge ID Spanning tree transits each port through several different states:
CHAPTER 9
37 | P a g e
VLAN
A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. LAN membership can be configured through software instead of physically relocating devices or connections. To physically replicate the functions of a VLAN, it would be necessary to install a separate, parallel collection of network cables and equipment which are kept separate from the primary network. However unlike a physically separate network, VLANs must share bandwidth; two separate one-gigabit VLANs using a single one-gigabit interconnection can suffer both reduced throughput and congestion. It virtualizes VLAN behaviors (configuring switch ports, tagging frames when entering VLAN, lookup MAC table to switch/flood frames to trunk links, and untangling when exit from VLAN.)
Uses
VLANs are created to provide the segmentation services traditionally provided by routers in LAN configurations. VLANs address issues such as scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, address summarization, and traffic flow management. By definition, switches may not bridge IP traffic between VLANs as it would violate the integrity of the VLAN broadcast domain. This is also useful if someone wants to create multiple layer 3 networks on the same layer 2 switch. For example, if a DHCP server is plugged into a switch it will serve any host on that switch that is configured to get its IP from a DHCP server. By using VLANs you can easily split the network up so some hosts won't use that DHCP server and will obtain link-local addresses, or obtain an address from a different DHCP server. VLANs are layer 2 constructs, compared with IP subnets which are layer 3 constructs. In an environment employing VLANs, a one-to-one relationship often exists between VLANs and IP subnets, although it is possible to have multiple subnets on one VLAN. VLANs and IP subnets provide independent Layer 2 and Layer 3 constructs that map to one another and this correspondence is useful during the network design process. By using VLANs, one can control traffic patterns and react quickly to relocations. VLANs provide the flexibility to adapt to changes in network requirements and allow for simplified administration.
38 | P a g e
Dynamic VLANs are created through the use of software. With a VLAN Management Policy Server (VMPS), an administrator can assign switch ports to VLANs dynamically based on information such as the source MAC address of the device connected to the port or the username used to log onto that device. As a device enters the network, the device queries a database for VLAN membership.
CHAPTER 10
ACCESS-LISTS
39 | P a g e Standard Access Control Lists (ACL) is Cisco IOS-based commands used to filter packets on Cisco routers based on the source IP Address of the packet. Extended Access Control Lists have the ability to filter packets based on source and destination IP addresses.
40 | P a g e Example: access-list 5 permit 11.0.3.0 0.0.0.255 access-list 5 permit 10.0.5.0 0.0.0.255 int fa0/0 ip access-group 5 in The above example permits traffic from two specific networks. Note that the access-list must be defined, and assigned an interface. An access-list by itself (not assigned to an interface) doesn't do anything at all. "in" or "out" refer to the traffic into, or out of, the router that is being configured.
CHAPTER 11
Network address translation
In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.
41 | P a g e The simplest type of NAT provides a one to one translation of IP addresses. RFC 2663 refers to this type of NAT as basic NAT. It is often also referred to as one-to-one NAT. In this type of NAT only the IP addresses, IP header checksum and any higher level checksums that include the IP address need to be changed. The rest of the packet can be left untouched (at least for basic TCP/UDP functionality, some higher level protocols may need further translation). Basic NATs can be used when there is a requirement to interconnect two IP networks with incompatible addressing. However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space. To avoid ambiguity in the handling of returned packets, a one-to-many NAT must alter higher level information such as TCP/UDP ports in outgoing communications and must maintain a translation table so that return packets can be correctly translated back. Other names include PAT (port address translation), IP masquerading, NAT Overload and many-to-one NAT. Since this is the most common type of NAT it is often referred to simply as NAT. As described, the method enables communication through the router only when the conversation originates in the masqueraded network, since this establishes the translation tables. For example, a web browser in the masqueraded network can browse a website outside, but a web browser outside could not browse a web site in the masqueraded network. However, most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network. In the mid-1990s NAT became a popular tool for alleviating the consequences of IPv4 address exhaustion. It has become a standard, indispensable feature in routers for home and small-office Internet connections. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address Network address translation has serious drawbacks on the quality of Internet connectivity and requires careful attention to the details of its implementation. In particular all types of NAT break the originally envisioned model of IP end-to-end connectivity across the Internet and NAPT makes it difficult for systems behind a NAT to accept incoming communications. As a result, NAT traversal methods have been devised to alleviate the issues encountered.
42 | P a g e
Visibility of Operation
NAT operation is typically transparent to both the internal and external hosts. Typically the internal host is aware of the true IP address and TCP or UDP port of the external host. Typically the NAT device may function as the default gateway for the internal host. However the external host is only aware of the public IP address for the NAT device and the particular port being used to communicate on behalf of a specific internal host.
43 | P a g e The originating host may perform Maximum transmission unit (MTU) path discovery to determine the packet size that can be transmitted without fragmentation, and then set the don't fragment (DF) bit in the appropriate packet header field.
44 | P a g e
EXAMPLE:
WAN
45 | P a g e
BIBLIOGRAPHY
Books:
CCNA 6th Edition (Todd Lammle) Network security fundamental
Sites:
www.google.com