Академический Документы
Профессиональный Документы
Культура Документы
Submitted in partial fulfillment of the Requirements for the award of the degree
Of
Bachelor of Technology
In INFORMATION TECHNOLOGY
SUMIT CHANDEL 45 !
2|Page
Acknowledgement
This project was one of the most productive & knowledgeable experience in my engineering carrier. I have learned so many new things during this project like how to work in a group ,leadership, how to use different skills and knowledge, group discussion etc. It provided me a golden opportunity to improve my basic skills and practical aspects which is the primary requirement of the today s companies and organi!ations. It gives me an immense pleasure to thank those people who have contributed directly or indirectly during the completion of this project. I would like to express my gratitude to "#. $%&'T(%& %ir for all time cooperation in guiding this project into final shape. )ast but not the least, I wish to thank our *ollege +rincipal and &.(.,. %ir to encourage me to complete this project.
-%'"IT *&$.,/)0
3|Page
CE"TI#ICATE
Thi i !" #e$!i%& !ha! !he '$"(e#! $e'"$! e)!i!*e+ , NET$%"& SYSTEM' S-./i!!e+ .& SU0IT CAHNDEL, i) !he 'a$!ia* %-*%i**/e)! "% !he $e1-i$e/e)! "% !he #"-$ e "% NET$%"&IN( AND TECHN%L%(Y i) IN#%"MATI%N TECHN%L%(Y e/."+ie !he 2"$3 +")e .& !he/ -)+e$ /& g-i+a)#e.
4|Page
INDE0
Sr1 No1 1 2 To2.c T$ai)i)g O$ga)i5a!i") +e!ai* I)!$"+-#!i") !" C"/'-!e$ Ne!9"$3i)g P$i)#i'*e :-i*+i)g :*"#3 ; The .a i# #"/'")e)! "% a )e!9"$3 3 4 7 < @ = > 16 11 12 (SI 0"+e* TCP?IP Ci #" IOS R"-!i)g Ta.*e STP TCP?IP ALAN A##e 8Li ! Ne!9"$3 A++$e :i.*i"g$a'h& T$a) *a!i") 1> 8 21 22 8 27 2< 8 36 31 8 32 33 8 34 37 8 3< 3@ 8 3= 3> 8 46 41 8 44 47 8 47 )age 67 8 67 6< 8 1=
7|Page
The organization inculcates the tangi le need of fle%i le nature of software market. It has various plans to implement and to share with trainees. They make to work in some of the live pro&ects of the state. So this is overall training to an individual here at DIT 'ational Informatics Centre is the ma&or player for the spread of IT in the State and Districts. The IT re(uirements at the District are eing fulfilled y the District Informatics Centres of 'IC esta lished in each District.
<|Page
CHAPTER- !
Computer Network
) computer network is interconnection of various computer systems located at different places. In computer network two or more computers are linked together with a medium and data communication devices for the purpose of communication data and sharing resources. The computer that provides resources to other computers on a network is known as server. In the network the individual computers! which access shared network resources! are known as nodes.
Ty2e3 of Ne+4or53:
There are many different types of networks. However! from an end user*s point of view there are two asic types" Local-Area Ne+4or53 6LAN37 The computers are geographically close together +that is! in the same uilding,. $./e-Area Ne+4or53 6$AN37 The computers are farther apart and are connected y telephone lines or radio waves. In addition to these types! the following characteristics are also used to categorize different types of networks.
Other Definitions:
To2ology
The geometric arrangement of computer system is termed as a topology. Common topologies include us! star! and ring.
)ro+ocol
The protocol defines a common set of rules and signals that computers on the network use to communicate. -ne of the most popular protocols for .)'s is called /thernet. )nother popular .)' protocol for PCs is the I0# token1ring network.
Arch.+ec+-re
@|Page 'etworks can e roadly classified as using either peer1to1peer or client2server architecture. Computers on a network are sometimes called nodes. Computers and devices that allocate resources for a network are called servers.
LANs
.)' is a computer network that spans a relatively small area. #ost .)'s are confined to a single uilding or group of uildings. However! one .)' can e connected to other .)'S over any distance via telephone lines and radio waves. ) system of .)'s connected in this way is called a wide1area network +3)',. #ost .)'s as shown in $igure connect workstations and personal computers. /ach node +individual computer, in a .)' has its own CP4 with which it e%ecutes programs! ut it is also a le to access data and devices anywhere on the .)'. This means that many users can share e%pensive devices! such as laser printers! as well as data. 4sers can also use the .)' to communicate with each other! y sending e1mail or engaging in chart sessions. There are many different types of .)'s1token1ring networks! /thernets! and )5Cnets eing the most common for PCs.
A Ty2.cal LAN .)'s are capa le of transmitting data at very fast rates! much faster than data can e transmitted over a telephone line6 ut the distance are limited! and there is also a limit on the num er of computers that can e attached to a single .)'.
=|Page
WANs
) 3)' is a computer network that spans a relatively large geographical area. Typically! ) 3)' consists of two or more local1area networks +.)'s,. Computers connected to a wide1 area network are often connected through pu lic networks! such as the telephone system. They can also e connected through leased lines or satellites. The largest 3)' in e%istence is the Internet.
DCE DTE $AN Connec+.on 3)'s connect users and .)'s spread etween various sites! whether in the same city! across the country! or around the world. 75emote access8 refers to a simple connection! usually dialled up over telephone lines as needed! etween an individual user or very small ranch office and a central network. 9our campus gains access to the Internet through some type of remote connection. ) single user can use a modem to dial up an Internet service provider +ISP,. #ultiple users within a campus might choose to rely on a router to connect to the ISP! who then connects the campus to the Internet. In general! .)' speeds are much greater than 3)' and remote access speeds. $or e%ample! a single shared1 /thernet connection runs at :; # ps +mega means 7million8,. Today<s fastest analogue modem runs at => kilo its per second +? ps, +kilo means 7thousand8, @less than one percent of the speed of an /thernet link. /ven the more e%pensive! dedicated 3)' services such as T: lines don<t compare +with andwidth of :.= # ps! a T: lines has only := percent of the capacity of a single /thernet link,. $or this reason! proper network design aims to keep most traffic local@that is! contained within one site@rather than allowing that traffic.
Network Topologies
>|Page
)s we have seen earlier! topology is the geometric arrangement of the computers in a network. Common topologies include star! ring and us.
S+ar Ne+4or5
The star network as shown in $ig =.> is fre(uently used to connect one or more small computers or peripheral devices to a large host computer or CP4. #any organizations use the star network or a variation of it in a time1sharing system! in which several users are a le to share a central processor.
In a time1sharing setup! each terminal receives a fi%ed amount of the CP4*s time! called a time slice. If you are sitting at a terminal and cannot complete your task during the time slice! the computer will come ack to you to allow you to do so. )ctually! ecause the CP4 operates so much faster than terminals! you will pro a ly not even notice that the CP4 is away. 0y esta lishing time1sharing! many people in a large organization can use a centralized computing facility. Time1sharing can also e purchased from an outside service! which is an economical way to operate for a small company that cannot afford its own large computer. Star network is fre(uently used in a .)' to connect several microcomputers to a central unit that works as a communications controller. If the user of one microcomputer wants to send a document or message to a user at another computer! the message is routed through the central communications controller. )nother common use of the star network is the feasi ility of connecting several microcomputers to a mainframe computer that allows access to an organization*s data ase. )ccess and control of star network typically is maintained y a polling system. Polling means that the central computer or communications controller ApollsA or asks each device in the network if it has a message to send and then allows each in turn to transmit data.
".ng Ne+4or5
The ring network is a .ocal )rea 'etwork +.)', whose topology is a ring 1 can e as simple as a circle or point1to1point connections of computers at dispersed locations! with no central host computer or communications controller. That is! all of the nodes are connected in a closed loop. #essages travel around the ring! with each node reading those messages addressed to it. -ne of the advantages of ring networks is that they can span larger distance than other types of networks! such as us networks! ecause each node regenerates messages as they pass through it.
16 | P a g e
)ccess and control of ring networks are typically maintained y a Atoken1passingA system. I0#*s Token15ing network is thought y some o servers to e a watershed event compara le to the development of the I0# PCB itself! ecause the Token15ing network is designed to link all types of computers together! including not only personal computers ut also possi le mini computes and mainframes.
B-3 Ne+4or5
0us networks are similar to ring network that the ends are not connected. )ll communications are carried on a common ca le or us and are availa le to each device on the network.
)ccess and control of us networks are typically maintained y a method called contention! where y if a line is unused! a terminal or device can transmit its message at will! ut if two or more terminals initiate messages simultaneously! they must stop and transmit again at different intervals.
11 | P a g e
)eer-+o-2eer Arch.+ec+-re
This is a type of network in which each workstation has e(uivalent capa ilities and responsi ilities. This differs from client2server architecture! in which some workstations are dedicated to serving the others. Peer1to1peer networks are generally simpler and less e%pensive! ut they usually do not offer the same performance under heavy loads.
Cl.en+8Ser9er Arch.+ec+-re
This is network architecture in which each computer or process on the network is either a client or a server. Servers are powerful computers or processors dedicated to managing disk drives +file servers,! printers +print servers,! or network traffic +network servers,. Clients are less powerful PCs workstations on which users run applications. Clients rely on servers for resources! such as files! devices! and even processing power.
12 | P a g e In modern protocol design! protocols are AlayeredA according to the -SI C layer model or a similar layered model. .ayering is a design principle which divides the protocol design into a num er of smaller parts! each part accomplishing a particular su 1task and interacting with the other parts of the protocol only in a small num er of well1defined ways. .ayering allows the parts of a protocol to e designed and tested without a com inatorial e%plosion of cases! keeping each design relatively simple. .ayering also permits familiar protocols to e adapted to unusual circumstances. The header and2or trailer at each layer reflect the structure of the protocol. Detailed rules and procedures of a protocol or protocol group are often defined y a lengthy document. $or e%ample! I/T$ uses 5$Cs +5e(uest for Comments, to define protocols and updates to the protocols. ) wide variety of communication protocols e%ists. These protocols were defined y many different standard organizations throughout the world and y technology vendors over years of technology evolution and development. -ne of the most popular protocol suites is TCP2IP! which is the heart of Internetworking communications. The IP! the Internet Protocol! is responsi le for e%changing information etween routers so that the routers can select the proper path for network traffic! while TCP is responsi le for ensuring the data packets are transmitted across the network relia ly and error free. .)' and 3)' protocols are also critical protocols in network communications. The .)' protocols suite is for the physical and data link layers of communications over various .)' media such as /thernet wires and wireless radio waves. The 3)' protocol suite is for the lowest three layers and defines communication over various wide1area media! such as fi er optic and copper ca les. 'etwork communication has slowly evolved. Today*s new technologies are ased on the accumulation over years of technologies! which may e either still e%isting or o solete. 0ecause of this! the protocols which define the network communication are highly inter1related. #any protocols rely on others for operation. $or e%ample! many routing protocols use other network protocols to e%change information etween routers. In addition to standards for individual protocols in transmission! there are now also interface standards for different layers to talk to the ones a ove or elow +usually operating system specific,. The protocols for data communication cover all areas as defined in the -SI model. However! the -SI model is only loosely defined. ) protocol may perform the functions of one or more of the -SI layers! which introduces comple%ity to understanding protocols relevant to the -SI C layer model. In real1world protocols! there is some argument as to where the distinctions etween layers are drawn6 there is no one lack and white answer. To develop a complete technology that is useful for the industry! very often a group of protocols is re(uired in the same layer or across many different layers. Different protocols often descri e different aspects of a single communication6 taken together! these form a protocol suite. $or e%ample! Boice over IP +B-IP,! a group of protocols developed y many vendors and standard organizations! has many protocols across the D top layers in the -SI model. Protocols can e implemented either in hardware or software or a mi%ture of oth. Typically! the lower layers are implemented in hardware! with the higher layers eing implemented in software. Protocols could e grouped into suites +or families! or stacks, y their technical functions! or origin of the protocol introduction! or oth. ) protocol may elong to one or multiple protocol suites! depending on how you categorize it. $or e%ample! the Eiga it /thernet
13 | P a g e protocol I/// F;G.Hz is a .)' +.ocal )rea 'etwork, protocol and it can also e used in #)' +#etropolitan )rea 'etwork, communications. #ost recent protocols are designed y the I/T$ for Internetworking communications and y the I/// for local area networking +.)', and metropolitan area networking +#)',. The IT41T contri utes mostly to wide area networking +3)', and telecommunications protocols. IS- has its own suite of protocols for internetworking communications! which is mainly deployed in /uropean countries.
INTE"NET BAC&B%NE
The Internet ack one refers to the principal data routes etween large! strategically interconnected networks and core routers in the Internet. These data routes are hosted y commercial! government! academic and other high1capacity network centers! the Internet e%change points and network access points that interchange Internet traffic etween the countries! continents and across the oceans of the world. Traffic interchange etween the Internet service providers +often Tier : networks, participating in the Internet ack one e%change traffic y privately negotiated interconnection agreements! primarily governed y the principle of settlement1free peering.
Infra3+r-c+-re
The internet ack one is a conglomeration of multiple! redundant networks owned y numerous companies. It is typically a fi er optic trunk line. The trunk line consists of many fi er optic ca les undled together to increase the capacity. The ack one is a le to re route traffic in case of a failure. The data speeds of ack one lines have changed with the times. In :IIF! all of the 4nited States ack one networks had utilized the slowest data rate of D= # ps. However the changing technologies allowed for D: percent of ack ones to have data rates of G!DFF # ps or faster y the mid G;;;*s. The $CC currently defines Ahigh speedA as any connection with data speeds that e%ceed G;; kilo its per second. )n )zer ai&ani ased telecommunication company! Delta Telecom! has recently developed a very efficient trunk line with possi le speeds of to :.> tera its per second. Internet traffic from this line goes through
14 | P a g e the countries of Iran! Ira( and Eeorgia. $i er1optic ca les are the medium of choice for internet ack one providers for many reasons. $i er1optics allow for fast data speeds and large andwidth6 they suffer relatively little attenuation! allowing them to cover long distances with few repeaters6 they are also immune to crosstalk and other forms of /# interference which plague electrical transmission.
3hen their computers are &oined in a network! people can share files and peripherals such as modems! printers! tape ackup drives! and CD15-# drives. 3hen networks at multiple locations are connected using services availa le from phone companies! people can send e1mail! share links to the glo al Internet! or conduct videoconferences in real time with other remote users on the network.
T4.3+e/-2a.r
17 | P a g e This wire comes in several 7standards.8 4nshielded twisted pair +4TP, Category H wire +also called :;0aseT, is often used for your phone lines! and 4TP Category = +also called :;0aseG, wire is the current networking standards. Coa%ial resem les round ca le TB wiring.
#.;er-o2+.c
4sually reserved for connections etween ack one8 devices in larger networks! though in some very demanding environments! highly fault resistant ca le is used to connect desktop workstations to the network and to link ad&acent uildings. $i er1optic ca le is the most relia le wiring ut also the most e%pensive. $or instance! /thernet can use4TP Category H wiring. However! $ast /thernet re(uires at least the higher1grade 4TP Category = wiring. )s a result! all new wiring installations should e Category =.
H-;3
1< | P a g e Hubs, or repeaters! are simple devices that interconnect groups of users. Hu s forward any data packets they receive over one port from one workstation@including e1mail! word processing documents! spreadsheets! graphics! or print re(uests@to all of their remaining ports. )ll users connected to a single hu or stack of connected hu s are in the same segment! sharing the hu <s andwidth or data1carrying capacity. )s more users are added to a segment! they compete for a finite amount of andwidth devoted to that segment.
S4.+che3
Switches are smarter than hu s and offer more andwidth. ) switch forwards data packets only to the appropriate port for the intended recipient! ased on information in each packet<s header. To insulate the transmission from the other ports! the switch esta lishes a temporary connection etween the source and destination then terminates the connection when the conversation is done. )s such! a switch can support multiple 7conversations8 and move much more traffic through the network than a hu . ) single eight1port /thernet hu provides a total of :; mega its per second +# ps, of data1carrying capacity shared among all users on the hu . ) 7full1duple%!8 eight1port /thernet switch can support eight :;1# ps conversations at once! for a total data1carrying capacity of :>; # ps. 7$ull1duple%8 refers to simultaneous two1way communications! such as telephone communication. 3ith half1duple% communications! data can move across the ca le or transmission medium in &ust one direction at a time.
"o-+er3
Compared to switches and ridges! routers are smarter still. 5outers use a more complete packet 7address8 to which router or workstation should receive each packet. 0ased on a network roadmap called a 7routing ta le!8 routers can help ensure that packets are travelling the most efficient paths to their destinations. If a link etween two routers goes down! the sending router can determine an alternate route to keep traffic moving. 5outers also provide links etween networks that speak different languages@or! in computer speak@ networks that use different 7protocols.8 /%amples include IP +Internet Protocol,! the IPMN +Internet Packet /%change Protocol,! and )ppleTalk. 5outers not only connect networks in a single location or set of uildings! ut they provide interfaces@ or 7sockets8@for connecting to wide1area network +3)', services. These 3)' services! which are offered y telecommunications companies to connect geographically! dispersed networks.
1@ | P a g e
/thernet<s andwidth or data1carrying capacity +also called throughput, is :; # ps. $ast /thernet +or :;;0aseT, works the same way@through collision detection@ ut it provides :; times the andwidth! or :;; # ps. Shared /thernet is like a single1lane highway with a :;1 # ps speed limit +see diagrams elow,. Shared $ast /thernet is like a much wider highway with a :;;1# ps speed limit6 there is more room for cars! and they can travel at higher speeds. 3hat would Switched /thernet look likeO ) multilane highway with a speed limit of :; # ps in each lane! Switched $ast /thernet also would e a multilane highway! ut with a speed limit of :;; # ps in each lane.
E+herne+ Ca;l.ng
1= | P a g e
)lthough /thernet networks originally used thick or thin coa%ial ca le! most installations currently use unshielded twisted pair +4TP, ca ling. The 4TP ca le contains eight conductors! arranged in four twisted pairs! and is terminated with an 5PD= type connector. ) normal straight1through 4TP /thernet ca le follows the /I)=>F0 standard wiring as descri ed elow. Category = Ca le Quality Category = distri uted ca le that meets )'SI2/I)2TI)1=>F1) uilding wiring standards can e a ma%imum of HGF feet +ft., or :;; meters +m, in length! divided as follows" G; ft. +> m, etween the hu and the patch panel +if used, GI= ft. +I; m, from the wiring closet to the wall outlet :; ft. +H m, from the wall outlet to the desktop device The patch panel and other connecting hardware must meet the re(uirements for :;;1# ps operation +Category =,. -nly ;.= inch +:.= cm, of untwist in the wire pair is allowed at any termination point. ) twisted pair /thernet network operating at :; # its2second +:;0)S/1T, will often tolerate low1(uality ca les! ut at :;; # its2second +:;0)S/1 T%, the ca le must e rated as Category =! or Cat =! y the /lectronic Industry )ssociation +/I),. This rating will e printed on the ca le &acket. ) Category = ca le will meet specified re(uirements regarding loss and crosstalk. In addition! there are restrictions on ma%imum ca le length for oth :;1 and :;;1 # its2second networks.
CHAPTER "
1> | P a g e
OSI &ODEL
The -pen Systems Interconnection model +-SI model, was a product of the -pen Systems Interconnection effort at the International -rganization for Standardization. It is a way of su 1dividing a communications system into smaller parts called layers. Similar communication functions are grouped into logical layers. ) layer provides services to its upper layer while receiving services from the layer elow. -n each layer! an instance provides service to the instances at the layer a ove and re(uests service from the layer elow.
26 | P a g e The Data .ink .ayer provides the functional and procedural means to transfer data etween network entities and to detect and possi ly correct errors that may occur in the Physical .ayer. -riginally! this layer was intended for point1to1point and point1to1multipoint media! characteristic of wide area media in the telephone system. .ocal area network architecture! which included roadcast1capa le multi1access media! was developed independently of the IS- work in I/// Pro&ect F;G. I/// work assumed su layering and management functions not re(uired for 3)' use. In modern practice! only error detection! not flow control using sliding window! is present in data link protocols such as Point1to1Point Protocol +PPP,! and! on local area networks! the I/// F;G.G ..C layer is not used for most protocols on the /thernet! and on other local area networks! its flow control and acknowledgment mechanisms are rarely used.
21 | P a g e
CHAPTER #
TC!'I!
22 | P a g e In the TCP2IP model of the Internet! protocols are deli erately not as rigidly designed into strict layers as the -SI model. However! TCP2IP does recognize four road layers of functionality which are derived from the operating scope of their contained protocols! namely the scope of the software application! the end1to1end transport connection! the internetworking range! and lastly the scope of the direct links to other nodes on the local network. /ven though the concept is different from the -SI model! these layers are nevertheless often compared with the -SI layering scheme in the following way" The Internet )pplication .ayer includes the -SI )pplication .ayer! Presentation .ayer! and most of the Session .ayer. Its end1to1end Transport .ayer includes the graceful close function of the -SI Session .ayer as well as the -SI Transport .ayer. The internetworking layer +Internet .ayer, is a su set of the -SI 'etwork .ayer +see a ove,! while the .ink .ayer includes the -SI Data .ink and Physical .ayers! as well as parts of -SI*s 'etwork .ayer. These comparisons are ased on the original seven1layer protocol model as defined in IS- CDIF! rather than refinements in such things as the internal organization of the 'etwork .ayer document. The presuma ly strict peer layering of the -SI model as it is usually descri ed does not present contradictions in TCP2IP! as it is permissi le that protocol usage does not follow the hierarchy implied in a layered model. Such e%amples e%ist in some routing protocols +e.g.! -SP$,! or in the description of tunneling protocols! which provide a .ink .ayer for an application! although the tunnel host protocol may well e a Transport or even an )pplication .ayer protocol in its own right.
23 | P a g e
The five address classes are" J Cl"ss A Class ) addresses can have up to :>!CCC!G:D hosts on a single network. They use an F1 it network num er and a GD1 it node num er. Class ) addresses are in this range" :.%.%.% to :G>.%.%.%. J Cl"ss ( Class 0 addresses can have up to >=!H=D hosts on a network. ) Class 0 address uses a :>1 it network num er and a :>1 it node num er. Class 0 addresses are in this range" :GF.:.%.% to :I:.G=D.%.%. J Cl"ss C Class C addresses can have up to G=D hosts on a network. ) Class C address uses a GD1 it network num er and an F1 it node num er. Class C addresses are in this range" :IG.;.:.% to GGH.G==.G=D.%. J Cl"ss D Class D addresses are used for multicasts +messages sent to many hosts,. Class D addresses are in this range" GGD.;.;.; to GHI.G==.G==.G==. J Cl"ss E Class / addresses are for e%perimental use.
Ne+ :a35
In each of the address classes previously descri ed! the size of the two parts +network address and host address, is implied y the class. This partitioning scheme can also e e%pressed y a netmask associated with the IP address. ) netmask is a HG1 it (uantity that! when logically com ined +using an )'D operator, with an IP address! yields the network address. $or instance! the netmasks for Class )! 0! and C addresses are G==.;.;.;! G==.G==.;.;! and G==.G==.G==.;! respectively. $or e%ample! the address :IG.:>F.:C;.GHC is a Class C IP address whose network portion is the upper GD its. 3hen com ined +using an )'D operator, with the Class C netmask! as shown here! only the network portion of the address remains" ::;;;;;; :;:;:;;; :;:;:;:; :::;::;: +:IG.:>F.:C;.GHC, com ined with" :::::::: :::::::: :::::::: ;;;;;;;; +G==.G==.G==.;, e(uals" ::;;;;;; :;:;:;;; :;:;:;:; ;;;;;;;; +:IG.:>F.:C;.;, )s a shorter alternative to dotted1decimal notation! the netmask may also e e%pressed in terms of the num er of ones from the left. This num er is appended to the IP address! following a ackward slash +2,! as 72n.8 In the e%ample! the address could e written as :IG.:>F.:C;.GHC2GD! indicating that the netmask is GD ones followed y F zeros.
24 | P a g e
27 | P a g e
)r.9a+e I) A//re33e3
If you<re local network is isolated from the Internet +for e%ample! when using 'etwork )ddress Translation! ')T! which is descri ed elow,! you can assign any IP addresses to the hosts without pro lems. However! the I)') has reserved the following three locks of IP addresses specifically for private networks" :;.;.;.; 1 :;.G==.G==.G== :CG.:>.;.; 1 :CG.H:.G==.G== :IG.:>F.;.; 1 :IG.:>F.G==.G== Choose your private network num er from this range.
CHAPTER $
2< | P a g e
4ser /M/C #ode" 3hen you are connected to the router! you are started in user /M/C mode. The user /M/C commands are a su set of the privileged /M/C commands. Privileged /M/C #ode" Privileged commands include the following" J Configure R Changes the software configuration. J De ug R Display process and hardware event messages. J Setup R /nter configuration information at the prompts. /nter the command disa le to e%it from the privileged /M/C mode and return to user /M/C mode.
Conf.g-ra+.on Mo/e
2@ | P a g e Configuration mode has a set of su modes that you use for modifying interface settings! routing protocol settings! line settings! and so forth. 4se caution with configuration mode ecause all changes you enter take effect immediately. To enter configuration mode! enter the command onfigure termin"l and e%it y pressing Ctrl)*. 'ote" )lmost every configuration command also has a no form. In general! use the no form to disa le a feature or function. 4se the command without the keyword no to re1ena le a disa led feature or to ena le a feature that is disa led y default. $or e%ample! IP routing is ena led y default. To disa le IP routing! enter the no ip routing command and enter ip routing to re1ena le it.
(e++.ng Hel2
In any command mode! you can get a list of availa le commands y entering a (uestion mark +O,. 5outerS+ To o tain a list of commands that egin with a particular character se(uence! type in those characters followed immediately y the (uestion mark +O,. 5outerT o+ configure connect copy To list keywords or arguments! enter a (uestion mark in place of a keyword or argument. Include a space efore the (uestion mark. 5outerT onfigure + memory Configure from 'B memory network Configure from a T$TP network host terminal Configure from the terminal 9ou can also a reviate commands and keywords y entering &ust enough characters to make the command uni(ue from other commands. $or e%ample! you can a reviate the show command to sh.,
Conf.g-ra+.on #.le3
)ny time you make changes to the router configuration! you must save the changes to memory ecause if you do not they will e lost if there is a system reload or power outage. There are two types of configuration files" the running +current operating, configuration and the startup configuration. 4se the following privileged mode commands to work with configuration files. J onfigure termin"l R modify the running configuration manually from the terminal. J show running) onfig R display the running configuration. J show st"rtup) onfig R display the startup configuration. J op% running) onfig st"rtup) onfig R copy the running configuration to the startup configuration. J op% st"rtup) onfig running) onfig R copy the startup configuration to the running configuration.
2= | P a g e J er"se st"rtup) onfig R erase the startup1configuration in 'B5)#. J op% tftp running) onfig R load a configuration file stored on a Trivial $ile Transfer Protocol +T$TP, server into the running configuration. J op% running) onfig tftp R store the running configuration on a T$TP server.
I) A//re33 Conf.g-ra+.on
Take the following steps to configure the IP address of an interface. Step :" /nter privileged /M/C mode" 5outerSena le password Step G" /nter the configure terminal command to enter glo al configuration mode. 5outerTconfig terminal Step H" /nter the interface type slot2port +for Cisco C;;; series, or interface type port +for Cisco G=;; series, to enter the interface configuration mode. /%ample" 5outer +config,Tinterface ethernet ;2: Step D" /nter the IP address and su net mask of the interface using the ip address ipaddress su netmask command. /%ample! 5outer +config1if,Tip address :IG.:>F.:;.: G==.G==.G==.; Step =" /%it the configuration mode y pressing Ctrl1U 5outer+config1if,TKCtrl1U, Routing !roto ol Configur"tion Routing Inform"tion !roto ol -RI!. Step :" /nter privileged /M/C mode" 5outerSen"#le password Step G" /nter the onfigure termin"l command to enter glo al configuration mode. 5outerT onfig termin"l Step H" /nter the router rip command 5outer+config,Trouter rip Step D" )dd the network num er to use 5IP and repeat this step for all the num ers. 5outer+config1router,Tnetwork network1num er /%ample" 5outer+config1router,Tnetwork /012/342/525 'ote" To turn off 5IP! use the no router rip command. 5outer+config,Tno router rip Other useful omm"n$s J Specify a 5IP Bersion
2> | P a g e 0y default! the software receives 5IP version : and version G packets! ut sends only version : packets. To control which 5IP version an interface sends! use one of the following commands in interface configuration mode"
To control how packets received from an interface are processed! use one of the following commands"
Open Shortest !"th 6irst -OS!6. Step :" /nter privileged /M/C mode" 5outerSen"#le password Step G" /nter the onfigure termin"l command to enter glo al configuration mode. 5outerT onfig termin"l Step H" /nter the router ospf command and follow y the process1id. 5outer+config,Trouter ospf process1id Pick the process1id which is not eing used. To determine what ids are eing used! issue the show pro ess command. 5outer+config,Tshow pro ess Step D" )dd the network num er! mask and area1id 5outer+config1router,Tnetwork network1num er mask "re" area1id The network1num er identifies the network using -SP$. The mask tells which its to use from the network1num er! and the area1id is used for determining areas in an -SP$ configuration. /%ample" 5outer+config1router,Tnetwork /012/342/525 1772177217725 "re" 5252525 5epeat this step for all the network num ers. To turn off -SP$! use the following command. 5outer+config,Tno router ospf process1id
36 | P a g e 9ou are not re(uired to alter any of these parameters! ut some interface parameters must e consistent across all routers in an attached network.
Co::an/
ip ospf ost cost ip ospf retr"nsmit)inter8"l seconds
)-r2o3e
/%plicitly specify the cost of sending a packet on an -SP$ interface. Specify the num er of seconds etween link state advertisement retransmissions for ad&acencies elonging to an -SP$ interface. Set the estimated num er of seconds it takes to transmit a link state update packet on an -SP$ interface. Set router priority to help determine the -SP$ designated router for a network. Specify the length of time! in seconds! etween the hello packets that a router sends on an -SP$ interface. Set the num er of seconds that a router<s hello packets must not have een seen efore its neigh ors declare the -SP$ router down.
CHAPTER %
31 | P a g e
RO9TING TA(LE
In computer networking a routing ta le! or 5outing Information 0ase +5I0,! is a data structure in the form of a ta le1like o &ect stored in a router or a networked computer that lists the routes to particular network destinations! and in some cases! metrics associated with those routes. The routing ta le contains information a out the topology of the network immediately around it. The construction of routing ta les is the primary goal of routing protocols. Static routes are entries made in a routing ta le y non1automatic means and which are fi%ed rather than eing the result of some network topology *discovery* procedure. 5outing ta les are generally not used directly for packet forwarding in modern router architectures6 instead! they are used to generate the information for a smaller forwarding ta le which contains only the routes which are chosen y the routing algorithm as preferred routes for packet forwarding! often in a compressed or pre1compiled format that is optimized for hardware storage and lookup. The remainder of this article will ignore this implementation detail! and refer to the entire routing2forwarding information su system as the Arouting ta leA.
Ba3.c3
) routing ta le utilizes the same idea that one does when using a map in package delivery. 3henever a node needs to send data to another node on a network! it must know where to send it! first. If the node cannot directly connect to the destination node! it has to send it via other nodes along a proper route to the destination node. #ost nodes do not try to figure out which route+s, might work6 instead! a node will send an IP packet to a gateway in the .)'! which then decides how to route the ApackageA of data to the correct destination. /ach gateway will need to keep track of which way to deliver various packages of data! and for this it uses a 5outing Ta le. ) routing ta le is a data ase which keeps track of paths! like a map! and allows the gateway to provide this information to the node re(uesting the information. 3ith hop1 y1hop routing! each routing ta le lists! for all reacha le destinations! the address of the ne%t device along the path to that destination6 the ne%t hop. )ssuming that the routing ta les are consistent! the simple algorithm of relaying packets to their destination*s ne%t hop thus suffices to deliver data anywhere in a network. Hop1 y1hop is the fundamental characteristic of the IP Internetwork layer and the -SI 'etwork .ayer! in contrast to the functions of the IP /nd1to1/nd and -SI Transport .ayers. Current router architecture separates the Control Plane function of the routing ta le from the $orwarding Plane function of the forwarding ta le.
Since in a network each node presuma ly possesses a valid routing ta le! routing ta les must e consistent among the various nodes or routing loops can develop. This is particularly pro lematic in the hop1 y1hop routing model in which the net effect of inconsistent ta les in several different routers could e to forward packets in an endless loop. 5outing
32 | P a g e .oops have historically plagued routing! and their avoidance is a ma&or design goal of routing protocols.
CHAPTER &
SWITC:ES
33 | P a g e
#-nc+.on
The network switch plays an integral part in most modern /thernet local area networks +.)'s,. #id1to1large sized .)'s contain a num er of linked managed switches. Small office2home office +S-H-, applications typically use a single switch! or an all1purpose converged device such as a gateway to access small office2home road and services such as DS. or ca le internet. In most of these cases! the end1user device contains a router and components that interface to the particular physical road and technology. 4ser devices may also include a telephone interface for BoIP. )n /thernet switch operates at the data link layer of the -SI model to create a separate collision domain for each switch port. 3ith D computers +e.g.! )! 0! C! and D, on D switch ports! ) and 0 can transfer data ack and forth! while C and D also do so simultaneously! and the two conversations will not interfere with one another. In the case of a hu ! they would all share the andwidth and run in half duple%! resulting in collisions! which would then necessitate retransmissions. 4sing a switch is called micro segmentation. This allows computers to have dedicated andwidth on a point1to1point connection to the network and to therefore run in full duple% without collisions.
features that characterize A.ayer1H switchesA as opposed to general1purpose routers! it tends to e that they are optimized! in larger switches! for high1density /thernet connectivity. In some service provider and other environments where there is a need for a great deal of analysis of
34 | P a g e network performance and security! switches may e connected etween 3)' routers as
places for analytic modules. Some vendors provide firewall! network intrusion detection! and performance analysis modules that can plug into switch ports. Some of these functions may e on com ined modules. In other cases! the switch is used to create a mirror image of data that can go to an e%ternal device. Since most switch port mirroring provides only one mirrored stream! network hu s can e useful for fanning out data to several read1only analyzers! such as intrusion detection systems and packet sniffers.
S4.+ch
A S4.+che/ Ne+4or5
CHAPTER '
ST!
STP is a ridge1to1 ridge protocol used to maintain a loop1free network.
37 | P a g e To maintain a loop1free network topology! STP esta lishes a root ridge! a root port! designated ports. and
3ith STP! the root ridge has the lowest 0ID! which is made up of the ridge priority and the #)C address. 3hen STP is ena led! every ridge in the network goes through the locking state and the transitory states of listening and learning at power up. If properly configured! the ports then sta ilize to the forwarding or locking state. If the network topology changes! STP maintains connectivity y transitioning some locked ports to the forwarding state. 5STP significantly speeds the recalculation of the spanning tree when the network topology changes.
ST) 2ro9./e3 a loo2-free re/-n/an+ ne+4or5 +o2ology ;y 2lac.ng cer+a.n 2or+3 .n +he ;loc5.ng 3+a+e -ne root ridge per roadcast domain -ne root port per no root ridge -ne designated port per segment 'o designated ports are unused
3< | P a g e
0PD4 +default V sent every two seconds 5oot ridge V ridge with the lowest ridge ID Spanning tree transits each port through several different states"
CHAPTER (
3@ | P a g e
;LAN
) virtual local area network! virtual .)' or B.)'! is a group of hosts with a common set of re(uirements that communicate as if they were attached to the same roadcast domain! regardless of their physical location. ) B.)' has the same attri utes as a physical local area network +.)',! ut it allows for end stations to e grouped together even if they are not located on the same network switch. .)' mem ership can e configured through software instead of physically relocating devices or connections. To physically replicate the functions of a B.)'! it would e necessary to install a separate! parallel collection of network ca les and e(uipment which are kept separate from the primary network. However unlike a physically separate network! B.)'s must share andwidth6 two separate one1giga it B.)'s using a single one1giga it interconnection can suffer oth reduced throughput and congestion. It virtualizes B.)' ehaviors +configuring switch ports! tagging frames when entering B.)'! lookup #)C ta le to switch2flood frames to trunk links! and untangling when e%it from B.)'.,
U3e3
B.)'s are created to provide the segmentation services traditionally provided y routers in .)' configurations. B.)'s address issues such as scala ility! security! and network management. 5outers in B.)' topologies provide roadcast filtering! security! address summarization! and traffic flow management. 0y definition! switches may not ridge IP traffic etween B.)'s as it would violate the integrity of the B.)' roadcast domain. This is also useful if someone wants to create multiple layer H networks on the same layer G switch. $or e%ample! if a DHCP server is plugged into a switch it will serve any host on that switch that is configured to get its IP from a DHCP server. 0y using B.)'s you can easily split the network up so some hosts won*t use that DHCP server and will o tain link1local addresses! or o tain an address from a different DHCP server. B.)'s are layer G constructs! compared with IP su nets which are layer H constructs. In an environment employing B.)'s! a one1to1one relationship often e%ists etween B.)'s and IP su nets! although it is possi le to have multiple su nets on one B.)'. B.)'s and IP su nets provide independent .ayer G and .ayer H constructs that map to one another and this correspondence is useful during the network design process. 0y using B.)'s! one can control traffic patterns and react (uickly to relocations. B.)'s provide the fle%i ility to adapt to changes in network re(uirements and allow for simplified administration.
3= | P a g e
Dynamic B.)'s are created through the use of software. 3ith a B.)' #anagement Policy Server +B#PS,! an administrator can assign switch ports to B.)'s dynamically ased on information such as the source #)C address of the device connected to the port or the username used to log onto that device. )s a device enters the network! the device (ueries a data ase for B.)' mem ership.
CHAPTER
ACCESS)LISTS
3> | P a g e Standard )ccess Control .ists +)C., is Cisco I-S1 ased commands used to filter packets on Cisco routers ased on the source IP )ddress of the packet. /%tended )ccess Control .ists have the a ility to filter packets ased on source and destination IP addresses.
46 | P a g e /%ample" access1list = permit ::.;.H.; ;.;.;.G== access1list = permit :;.;.=.; ;.;.;.G== int fa;2; ip access1group = in The a ove e%ample permits traffic from two specific networks. 'ote that the access1list must e defined! and assigned an interface. )n access1list y itself +not assigned to an interface, doesn*t do anything at all. AinA or AoutA refer to the traffic into! or out of! the router that is eing configured.
CHAPTER
Network "$$ress tr"nsl"tion
In computer networking! network address translation +')T, is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.
41 | P a g e The simplest type of ')T provides a one to one translation of IP addresses. 5$C G>>H refers to this type of ')T as asic ')T. It is often also referred to as one1to1one ')T. In this type of ')T only the IP addresses! IP header checksum and any higher level checksums that include the IP address need to e changed. The rest of the packet can e left untouched +at least for asic TCP24DP functionality! some higher level protocols may need further translation,. 0asic ')Ts can e used when there is a re(uirement to interconnect two IP networks with incompati le addressing. However it is common to hide an entire IP address space! usually consisting of private IP addresses! ehind a single IP address +or in some cases a small group of IP addresses, in another +usually pu lic, address space. To avoid am iguity in the handling of returned packets! a one1to1many ')T must alter higher level information such as TCP24DP ports in outgoing communications and must maintain a translation ta le so that return packets can e correctly translated ack. -ther names include P)T +port address translation,! IP mas(uerading! ')T -verload and many1to1one ')T. Since this is the most common type of ')T it is often referred to simply as ')T. )s descri ed! the method ena les communication through the router only when the conversation originates in the mas(ueraded network! since this esta lishes the translation ta les. $or e%ample! a we rowser in the mas(ueraded network can rowse a we site outside! ut a we rowser outside could not rowse a we site in the mas(ueraded network. However! most ')T devices today allow the network administrator to configure translation ta le entries for permanent use. This feature is often referred to as Astatic ')TA or port forwarding and allows traffic originating in the AoutsideA network to reach designated hosts in the mas(ueraded network. In the mid1:II;s ')T ecame a popular tool for alleviating the conse(uences of IPvD address e%haustion. It has ecome a standard! indispensa le feature in routers for home and small1office Internet connections. #ost systems using ')T do so in order to ena le multiple hosts on a private network to access the Internet using a single pu lic IP address 'etwork address translation has serious draw acks on the (uality of Internet connectivity and re(uires careful attention to the details of its implementation. In particular all types of ')T reak the originally envisioned model of IP end1to1end connectivity across the Internet and ')PT makes it difficult for systems ehind a ')T to accept incoming communications. )s a result! ')T traversal methods have een devised to alleviate the issues encountered.
42 | P a g e
?.3.;.l.+y of %2era+.on
')T operation is typically transparent to oth the internal and e%ternal hosts. Typically the internal host is aware of the true IP address and TCP or 4DP port of the e%ternal host. Typically the ')T device may function as the default gateway for the internal host. However the e%ternal host is only aware of the pu lic IP address for the ')T device and the particular port eing used to communicate on ehalf of a specific internal host.
43 | P a g e The originating host may perform #a%imum transmission unit +#T4, path discovery to determine the packet size that can e transmitted without fragmentation! and then set the don*t fragment +D$, it in the appropriate packet header field.
44 | P a g e
E0AM)LE:
WAN
47 | P a g e
(I(LIOGRA!:<
Boo53:
CC') >th /dition +Todd .ammle, 'etwork security fundamental
S.+e3:
www.google.com