Difference between Private and Public IPs

Private IP Public IP
Used with the LAN or within the Organization Used on public network (Internet)
Not recognized on the internet Recognized on the internet
Given by the administrator Given by the service provider(from IANA)
Unique within the network or organization Globally unique
Un-registered IP Pay to service provider (or IANA)
IT is free. Registered

Private IP Addresses-
There are certain addresses in each class of IP address that are
reserved for private Networks. These addresses are called private
addresses.
Range of Private IP:
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.0.255
Class C 192.168.0.0 to 192.168.255.255

Default Gateway-
The IP address of the router Ethernet address connecting to
the LAN.
It is the entry and exit point of the network.
 OSI Reference Model
OSI (Open system Interconnect) was developed by the
international Organization for standardization (ISO) and
introduced in 1984.
It defines how the communication happens between two or
more network devices.
It is a layered architecture (consist of seven layers).
Each layer defines a set of functions in data communication.
Purpose OF OSI MODEL-
Troubleshooting
Standardization

OSI Model Layers

All- Layer-7 Application User support layers or

People- Layer-6 Presentation software or data
preparation
Seem- Layer-5 Session
Core layer or middle
To- Layer-4 Transport layer of OSI model
Need- Layer-3 Network Data addressing or
Data- Layer-2 Data Link Hardware or network
Processing- Layer-1 Physical support layer
Application Layer
Application layer is responsible for providing an interface
for the users to interact with application services or
networking services.
Ex- web browser.
Identification of services is done using port numbers.
Port is a logical communication channel.
Port number is a 16 bit identifier.

Total Number of ports : 0-65535

Reserved Number of ports : 1-102
Unreserved Number of ports : 1024-65535
Example of networking services-
Services Port Number
HTTP 80
FTP 21
SMTP 25
TELNET 23
TFTP 69

Presentation Layer-
Presentation Layer defines the specific format for the date to be
sent over the network.
The major function of this layer are
Encryption-Decoding
Ex- ASCII, EBCDIC (Text)
JPEG, GIF, TIFF (Graphics)
MIDI, WAV (Voice)
MPE, DAT, AVI (video)
Encryption- Decryption
Ex-DES,3-DES,AES
Compression Decompression

Session Layer-
It deals with sessions or interactions between the
applications.
It is responsible for establishing, maintaining and
terminating the sessions.
Session layer organizes communication through simplex,
half-duplex or full duplex.
Transport Layer-
It is responsible for end to end transportation of data between
the applications.
Functions of Transport Layer are-
Identifying services
Multiplexing and De-multiplexing
Segmentation
Sequencing and Reassembling
Error correction
Flow control
NETWORK LAYER-
It is responsible for end to end Transportation of data
across multiple networks.
Logical addressing and path determination (routing) are
described at this layer.
The protocols works at Network layer are.
Routed Protocols-
IP, IPX, Apple Talk..etc.
Routed protocols acts as data carriers and defines logical
addressing.
Routing Protocols-
RIP, OSPF, EIGRP, and IGRP .etc.
Routing protocols performs path determination (routing).
Router multilayer switches operate at this layer.
Data Link Layer-
It is responsible for end to end delivery of data between the
devices on a network segment.
Data link layer comprises of two sub layers-
MAC (Media Access Control)
It deals with hardware addresses (MAC addresses).
MAC addresses are 12 digit Hexa-decimal identifier used to
identifiers used to identify the devices uniquely on the
network segment.
It also provide error detection using CRC (Cyclic
Redundancy Check) and framing (Encapsulation).
Ex-Ethernet, token ring.etc.
Logical Link Control (LLC)
LLC used to support multiple network protocols with single
NIC card.
Switches, Bridges work in this layer.
Physical Layer-
It transfer the data in bits format i.e. 0101010101(Zero and
ones).
Conversion of bits over the depends upon the type of
media used
Copper Media-Electrical signals of different voltage.
Fiber Media-Light pulses of different wave length.
Wireless Media-Radio frequency waves.
Hubs, repeater, modems operate at this layer.
 Some more factors about OSI Model-
Header-
Headers are information structures which identifies the
information that follows, such as a block of bytes in
communication.
Trailer-
Trailer is the information which occupies several bytes at the
end of the block of the data being transmitted. They contain
error-checking data which is useful for confirming the accuracy
and status of the transmission.
Note-
During communication of data the sender appends the header
and passes it to the lower layer while the receiver removes
header and passes it to upper layer. Headers are added at layer
6,5,4,3 & 2 while Trailer is added at layer 2.
Network
Computer network is an interconnection of two or more
computers and peripherals such as printers and faxes.
Networking
To share and exchange the resources (File and folder, Printer,
scanner) with each other by using Network is called networking.
History of Computer Networks-
The ARPANET (Advance Research Project Agency Network)- It was the
first network in the world. ARPA designed ARPANET for united states
department of defense. In 1969 the first ARPANET link was established
between the IMP (Interface Message Processors) nodes at the
University of California at LOA.

Network are divided on the bases of coverage rang-

LAN (Local Area of Network)
It is restricted for small area such as offices, schools,
homes..
It covers 1 to 2 k.m.
Example-
Home network.
CAN Network (Campus Area Network)
Collection of LANs is called CAN.
 It covers up to 5 k.m
Example- University Network.

MAN Network (Metropolitan Area Network)

Collection of CANS and LANs.
It covers within 100 k.m (within a city).
Example- cable TV connection ..
PAN Network (Personal Area Network)-
Whenever we connect any two device via Bluetooth than
PAN network formed.
SAN - Network (Storage Area Network)-
It is used to centralize data storage.
WAN (Wide Area Network)-
Above 100 k.m network called WAN network.
Example- Internet, Telephone wires, microwave, satellites.

Network Configuration
1-Point to point configuration
Two devices does not share a communication link.
2-Client -Server configuration-
All the clients access services to the sever. Without server
clients cannot be function.
 Topologies
Topologies define the network structure, how the devices
connected to each other.
There are two types of topologies-
Physical-
It defines the physical structure or layout of the network.
Logical
It defines, how the devices exchange the information to each
other.
Types of Physical Topologies
Single Node topology-
Only One device connect to the server.
Bus Topologies-

In this topology all the devices share a common medium

(Back bone cable or trunk cable or RG8).
It is the example of multipoint connection.
Physically all the devices connected in a linear way.
It passes the data using Token bus method.
Token avoid the collision because only that pc send the
data which has token.
 Star Topology-
Each device is connected point to point to a central device
which is either a hub or switch.

Advantages of star topology-

Easy to install, configure and manage.
Easy to detect faulty device.
Easier to expand
Connecting or removing device does not affect the network.
Hub provides a centralized management
Ring Topology-
In ring topology, each device is connected to adjacent devices
forming a circle but physically devices connected as start
topology.

Data flows only one direction, clockwise or anti-clock wise.

Each device in a ring topology acts as a repeater.
It can send data 4 to 16 Mbps

Dual Ring Topology or FDDI-

In dual ring topology consists of two rings, primary and
secondary, to connect each device in the network.
Primary ring carries data in one direction and secondary ring
carries data in opposite direction.
Secondary ring is used if primary rings stops working.
Each device or station should have two transmitter ports
and two receiver ports.
Mesh Topology-
In mesh topology, every devices is connected to every other
device. A device can send data to all the devices in the
network.
In WAN network routers is connected to each other through
a mesh topology.
It is also known as Fully Mesh topology.
Partial Mesh Topology-
In Partial Mesh topology, some of the devices are connected
to all the others, but there are some devices which do not
exchange data with all.
So they are connected to only those with which they
communicate most of the time.
Tree Topology-
A tree topology combines the characteristics of liner bus and
start topology.

Point to point wiring for each device.

Easy to detect faulty device.
Easy to expand a network.
Hybrid Topology-
Hybrid topology is a combination of different network
topologies.
The commonly used combination of topologies is star-bus or
star-ring.
This topology is useful for corporate offices to link their
internal LANs together while adding external networks
through WANS.
 Transmission Media
A medium by which data or information can be transfer
from one place to another place.
There are two types of transmission media.
Wired (Guided) - Uses wires.
Wireless (Unguided) - Does not uses any type of wires.
Characteristics of Cables-
Before selecting a cable for a network, you may have to
consider various cable characteristics.
Segment Length-
Each cable has a limitation to carry signals only to a
particular distance after which the quality of the signal
degrades and become corrupt.
Attenuation-
The loss of signal strength in a cable is called as
attenuation. It is measured in DB with negative sign.
Bandwidth(Mbps)-
The amount of digital data cable can carry in a single time.
Interference Susceptibility-
Each type of cable is susceptible to some interference such
as internal or external noise.
External noise may consist of electromagnetic interference
(EMI) or Radio Frequency interference (RFI).
 Crosstalk-
It is the interference caused when magnetic fields generated by
the current flowing through one cable affects electrical currents
of other cable.
Wired Cable

Copper Fiber

SM
Coaxial Twisted
MM

RG58 STP
RG8 UTP

RG6 Cat1
Cat2
Cat3
Cat4
Cat5
Cat5e
Cat6
Cat7
Cat1- carry only voice.it is used for telephonic services.
Cat2- carry data up to 4Mbps.
Cat3- carry data up to 10 Mbps and 16MHz frequency.
Cat4- carry data up to 16 Mbps and frequency up to 20 MHz.
Cat5- carry data up to 100 Mbps and frequency up to 100 MHz.
Cat5e- carry data up to 1000Mbps & frequency up to 100 MHz.
Cat6- carry data 1000Mbps & frequency 250 MHz.
Cat7- carry data 1000Mbps & frequency 600 MHz.

Coaxial Cable-
Shielded Twisted Pair Cable-

Unshielded Twisted Pair Cable

Fiber Optic Cable

 Commented [Ps1]:
ROUTING
It is the process of router in which router decide the best route
for the packets.
There are three types of routing
Static
Default
Dynamic Commented [Ps2]: It is CCNA documents

STATIC ROUTING
It is configured by Administrator manually.
Mandatory need of destination Network ID.
It is secure and fast.
Used for small organizations with a network of 10 to 15
routers.
Administrative distance of static route is 0 and 1.
DISADVANTAGE OF STATIC ROUTING-
Used for small networks.
Everything done manually.
Network change affect all network.
Configure Static Route
Router (config)-
Ip route <destination network ID > < destination subnet mask>
<next hop IP address >
 DEFAULT ROUTING
The default routing protocol configured for unknown
destination.
Generally used in Internet where the destinations are
unknown.
Ex- the address of Google is unknown.
It is the last preferred routing.
Also can be used at the end location (optional).
Default routes help in reducing the size of your routing
table.
DEFAULT ROUTING CONFIGURATION
Router (config ) #
Ip route <0.0.0.0 > <0.0.0.0. > < next hop ip address >.

DISADVANTAGE OF DEFAULT ROUTING-

Must know about next hop address.
It cannot be configured all the interface of same router.

DYNAMIC ROUTING
Router decide the best route automatically with the help
dynamic routing protocols and also add and remove
network information in the routing table automatically.
 Advantage of Dynamic routing over static routing-
Works with advertisements (of directly connected routers).
Know need to know destination network.
Updates the topology changes dynamically.
Administrative work is reduce.
Used for large organizations.
Neighbor routers exchange the routing information and
build the routing table automatically.
ROUTING PROTOCOLS
Routing protocols use some metrics to calculate and decide
the best route for the packets.
Comparison between the routing protocols

There are two types of Routings Protocols

IGP (Interior Gateway Routing Protocols)
Those protocols operate within an autonomous system
numbers. EX- RIP, IGRP, EIGRP, OSPF, IS-IS.
EGP (Exterior Gateway Routing Protocols)
It connects different autonomous system numbers.
Ex- BGP
 Autonomous System Numbers
A unique number identifying the routing domains of
routers.
An autonomous system is a collection of networks under a
common administrative domain.
Its range from 1 to 65535
Public AS - 1 to 65512 (In between multiple SP).
Private AS 65512- 65535 (same SP)

Router Metrics-
Routing Metrics are values that allow the routers decide the
best route for the packets .
There are some routing metrics-
Hops Count
Bandwidth
Load
Delay
Cost
Reliability
Administrative Distance (AD)
Trust worthiness of the information received by the
router.
The numbers is between 0 - 255.
Less value is more trusted.
Default administrative distance are given below-
Directly connected route - 0
STATIC ROUTE - 1
EIGRP ROUTE - 90
IGRP ROUTE - 100
OSPF ROUTE - 110
RIP ROUTE - 120
Classful Routing Protocols-
Classful routing protocols do not carry the subnet mask
information along with the updates.

Which means all devices in the network must use the same
subnet mask (FLSM or Default).
Ex-RIPv1, IGRP

Classless Protocols
Classless Protocols carry the subnet mask information
along with updates.
That is why they support sub networks (VLSM and FLSM)
and default network also.
Ex- RIPv2, EIGRP, OSPF, IS-IS
RIP (Routing Information Protocol)
Open standard protocol.
Classful routing protocol.
Updates are broadcast via 255.255.255.255
Metric hop count.
Load balancing of equal four paths.
Max hop count-15 ,Max routes-16
Used for small organization.
Exchange entire routing table for every 30 second.
Administrative Distance is 120.
Convergence Time- 4 min(aprox),EIGRP -15 sec,OSPF-40sec
Rip Timers
Update Timer-
Update timer :30 seconds-
Time between consecutive updates.
Invalid Timer: 180 sec
Time a router wait to hear updates.
The route is marked unreachable if there is no update
during this interval.

Flush Timer: 240 sec

Time before the invalid route is removed from the routing
table.
 Hold Down Timer: 180 sec
Stabilizes routing information and help preventing routing
loops during periods when the topology is converging on
new information.

RIPv1 RIPv2

Classful routing protocols. Classless routing protocols.

No authentication Authentication

Use broadcast Use multicast 224.0.0.9

OSPF (Open Shortest Path First)

Standard Protocol.
It is a link state protocol.
It uses SPF or Dijkistra algorithm.
Unlimited hop count.
Metrics is cost (Cost=108 /bandwidth).
Administrative distance is 110.
It is classless routing protocol.
It supports VLSM and CIDR.
It supports only equal cost load balancing.
Introduce the concept of areas to ease management and
control traffic.
Updates are sent through multicast address 224.0.0.5
Faster convergence.
 Sends hello packets to every 10 seconds and dead =40 sec.
Incremental updates. Commented [Ps3]:
Commented [Ps4R3]: Designer Of This Documents

There are seven state of OSPF

172.16.5.1/24

A 172.16.5.2/24 B
I have router id 172.16.5.1 and I dont knowno abou anyone

Router B Neighbors List

172.16.5.1/24 Interface,
S0/1

I am the router id 172.16.5.2 and I can see 172.16.5.1

Router A neighbors
List172.16.5.2/24 Interface
S0/0
 Discovering the Networks Routes

172.16.5.1/24
172.16.5.2/24
A S0/0
S0/1
B
I will start exchange because I have router ID 172.16.5.1/24

DBD

No,I will start exchange because I have a higher router ID 172.16.5.2/24

DBD

Here is a sumarry of my
LSDB DBD

Here is a sumarry of my
LSDB
DBD
 172.16.5.1/24
172.16.5.2/24
A S0/0 B
S0/1

LSAck Thanks for the information LSAck

Loading State

LSAck
LSR I need the complete entry for network 172.16.5.0/24

Here is the entry for the network 172.16.5.0/24 LSU

LSAck Thanks for the information

Full state
OSPF AREAS
Area is logical grouping of routers.
All the routers maintain same database.
Any change impact the all routers.
OSPF provides hierarchical network design with multiple
different areas.
All the routers maintain same database within the same
area.
Any changes impact the all routers with the same area.

Rules-
Must have one area called as area 0 (It is backbone area).
All the area must connect to area 0.
At least one area router.
Interfaces of both router facing
 The solution:
OSPF Hierarchical Routing
Head Office

State Office Area 0 State Office

c
Area 1
Branch offices Area 2
Branch offices

Advantages of OSPF Areas-

Minimize the size of database.
Restrict any changes with in that area (not flood outside
the area).
Routers with in the same area participate in algorithm.

Advantage of OSPF-
Open standard
No hop count limitation.
Loop free.
Faster convergence
Disadvantage of OSPF
Consume more CPU resources.
Complex design.
Support only equal cost balancing.
Enhanced Interior Gateway Routing Protocol-
o Advance distance vector protocol.
o Standard routing protocol (Initially was cisco
proprietary).
o Classless routing protocols.
o Includes all features of IGRP.
o Maximum hop count is 255(by default 100).
o Administrative distance is 90.
o Flexible network design.
o Multicast and unicast instead of broadcast address.
o 100% loop free classless routing.
o Easy configure WANs and LANs.
o Updates are through multicast 224.0.0.10.
o Hello packets are sent every 5 seconds and dead time
is 15 sec.
o Convergence rate is fast.
o It uses DUAL (diffusion update algorithm).
o Support equal cost an unequal cost load balancing.
o EIGRP metric is Delay.
 EIGRP entire Process of Routing-

220.20.10.1
A B
Neighb I am router A, who is on the link 224.0.0.10
or Neighbor
Table Hello I am router B Table

Here is my complete routing information

Update
Topology Topology
ACK Thanks for the information Table
Table

Here is my complete routing information

Routing Routing

Table Thanks for the information ACK Table

Update
Hello or Keep alive messages
Just to confirm whether neighbor is up or not.

EIGRP TABLE-

1- Neighbor Table

Contains list of directly connected routers.

Show ip eigrp neighbor.

2- Topology Table-

List of all best routes learned from each neighbors.

Show ip eigrp neighbor.

3- Routing Table-

The best route to the destination.

Show ip route.
EIGRP Metrics-
EIGRP uses
BW(k1)+Delay(k3)+Load(2)+MTU(k4)+(k5)Reliability.
By default uses BW and delay in metrics calculation.
Formula with K value (K1=1, K2=0, K3=1, K4=0, K5=0).
Metric={k1*BW+(K2*BW)/(256-load)+K3*delay}.
EIGRP Metrics Calculations Example-

Delay is the sum of all the delays of the links along the
path:
Delay=delay in tens of microsecond x 256
Bandwidth is the lowest bandwidth of the links along the
paths:
Bandwidth={108 /BW in kbps}x256
 Access Control List
ACL is set of rules which allows or deny specific traffic moving
through the router.
It is a layer 3 security which controls the flow of traffic from one
router to another router.
It is called as packet filtering firewall.

There is two types of Access control List-

Standard Access control List Extended Access control List

The access list number is 1 - 99. The access list number is 100-199.

Can block a network, host and Can block a network, host, subnet
subnet. and services.
All services are blocked. Selected services can be blocked.

Implemented closest to the Implemented closest to the source.

destination.
Filtering is based on source IP. Filtering is done based on source IP,
destination IP,protocol,port no

There are two types Standard and Extended ACL-

Name ACL
Number ACL
Access List Rules
Works in sequential order (It will always start with the
first line of access list, than go line 2 and then 3 and so on.
All deny statements have to be given first (preferable most
cases).
There should be at least one permit statement
(mandatory).
An Implicit deny blocks all traffic by default when there is
no match (an invisible statement).
Can have one access list per interface per direction.
Ex-two access lists per interface.
One in inbound direction and one in outbound direction.
Any time a new entry is added to the access list .It will be
placed at the bottom of the list.
You cannot remove one line from the access list. If you try
to do this ,you will remove the entire list .It is best to copy
the
Using text editor to edit access list sequence highly
recommended.
ACL Implementing Rules-
Before implementing rules we must confirm about three things-
1. Which router
2. Source/destination
3. In/out position
Creation of Standard ACL +Number ACL-
Router (config) #access-list <ACL number > <permit/deny>
<source address> <source WCM>
Implementation-
Router (config) #int <int name> <int number>
Router(config-if)#ip access-group <number> <in/out>

Creation of extended ACL-

Router<config># access-list <acl number> <permit/deny> <protocol>
<source address> <source WCM> <destination address> <destination
WCM> <operator> <services or port number>

Implementation
Router (config) # int <int name> <int type>
Route (config-if) # ip access-group <acl number> <in/out>

To verify ACL-
Router# show access-list
Router# show access-list <number>
Wild card Mask-
Tells the router which portion of the bits to match or ignore.

It is the inverse of the subnet mask, hence is also called is inverse

mask.
A bit value of 0 indicates must match.
A bit value of 1 indicates must ignore.

In and Out direction Understanding

Any packets coming towards the interface is In position.
Any packets going far from the interface is Out position.

Name ACL
Named access lists are just another way to create standard and
extended access list.
Access list are identified using name rather than numbers.
Names are case sensitive.
No limitation of number year.
One main advantage is editing of Acls is possible means
removing and adding any statement in Acl list anywhere.
IOS version 11.2 or later allows name ACL.

Creation of Standard Name ACL-

Router (config) # ip access-list standard <Name>
Router (config-std-nacl) - <permit/deny> <source address> <source wild
card mask>
Router (config) # int <int name> <int number>
Router (config-if) # ip access-group <acl name> <in/out>
Creation of Name extended ACL
Router (config) # ip access-list extended <name>
Router (config-ext.-nacl) #<permit/deny> <protocol> <source add>
<source WCM> <destination add> <destination WCM> <operator>
<services>

For Editing ACL Lists

Router (config-std-nacl) #<any no in between > deny host <host ip>
Router (config-std-nacl) # no <sequence no>

Pre-requirement to perform Acl-

Design the topology.
Assign the Ip address.
Make sure that interfaces should be in upstate.
Any dynamic routing protocol or static routing should be
done.
Verify routing table and reachability between the LANs
(using ping and trace).
IP
TCP UDP ICMP
HTTP TFTP PING
Telnet DHCP Tracert
SMTP DNS Traceroute
FTP SCTP
 Network Address Translation
NAT is the method of translation of private IP address into
public IP address and voice-versa.
In order to communicate with internet we must have
registered public IP address.
Address translation was originally developed to solve two
problems-
To handle the shortage of IPv4.
Hide network address schemes.
Small companies get there public Ip addresses directly from ISPs,
which have a limited number.
Large companies can sometimes get their public addresses from a
registration authority .such as IANA.
Common devices can perform addresses translation is done at the
perimeter of network by either firewall or router.
Heres a list of situation when it is best to have NAT on your
side.
You need to connect internet and your hosts do not have the
globally unique IP addresses (or public addresses).
You change to new ISP that requires you to remember your
network.
You need to merge to internets with duplicate addresses.
Advantage of NAT
Congreves legally registered addresses.
Reduce addresses overlap occurrence .Increases flexibility when
connecting to the internet.
 Eliminates address renumbering as network changes.
Disadvantage of NAT
Translation introduces switching path delays.
Loss of end to end IP traceability.
Certain applications will not function with NAT enabled.

NAT terminology
Inside Local Address-
Name of inside source address before translation (private IP).
Inside global address-
Name of inside host after translation (Public IP).
Outside Local Address-
Name of destination host before translation.
Outside global address-
Name of outside destination host after translation.
There are two types of IP address-
Private Address
Which address used in the internet is called private addresses?
Public Address
Which address used in the LAN networks Is called Public
address.
Private Address Rang
There are certain addresses in each class of IP address that are
reserved for Private Networks. These address called private
addresses.
Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.16.255.255
Class C 192.168.0.0 to 192.168.255.255

Types of NAT
Static NAT
Dynamic NAT
PAT (Port Address Translation)
Static NAT
Administrator have to manually bind separate registered
public IP address with each private IP address for accessing
the internet services.
It was not useful to reduce the uses of IPv4 addresses.
It hides each private address in public network. This was
the only advantage of Static NAT.
It works as one to one manually mapping of private
address with public address.
Dynamic NAT
It also works as a static NAT means one to one mapping of
addresses is required.
Administrative task is reduced.
Mapping of IP addresses done by device automatically .
Port Address Translation
It reduces the wastage of IPv4.
It can translate thousands of IPv4 private addresses into
single public IP address.
It uses different-different port numbers for each LAN user
to differentiate in the services which are requested by LAN
users.

Static NAT Configuration-

Router (config) # IP Nat inside source static <private address>
<public address>
Implementation-
1. Router (config) #int f0/0
2. Router (config-if) # ip Nat inside
(Facing interface towards the LAN)
3. Router (config) #int s0/0
4. Router (config-if) #ip Nat outside
Syntax for Dynamic NAT-
1. Router (config) # access-list <acl-no> permit < private network
ID> <WCM>
2. Router (config) # Ip Nat pool <pool name> <starting public IP> <end
public IP> netmask <subnet mask>

3. Router (config) # ip Nat inside source list <acl no > pool <name>
4. Router (config-if) # ip Nat inside (interface facing towards LAN)
Router (config) #int s0/0/0
5. Router (config-if) #ip Nat outside (interface facing towards ISP)

Syntax of Port Address Translation-

To clear the NAT translation Table-
Note-Router# clear IP Nat translation *
1. Router (config) # access-list <acl no> permit <private NID>
<WCM>

2. Router (config) # IP Nat pool <pool name> <public IP> <public

IP> netmask <subnet mask>

3. Router (config) # IP Nat inside source list <acl no> pool <pool
name> overload
 Implementation
1. Router (config) # interface g0/0
2. Router (config-if) # ip Nat inside (interface facing towards LAN)
3. Router (config) #int s0/0/0
4. Router (config-if) #ip Nat outside (interface facing towards ISP)

TO verify NAT-
Router# show ip Nat translation

NAT Configuration Lab-

Private Network- Router

100.1.1.2/8 ISP- Router

200.1.1.100/24
 VLAN (Virtual Local Area Network)
Divides the single broadcast domain into multiple broadcast
domains.
A layer 2 security.
VLAN 1 is default VLAN.
We can create VLAs from 2-1001
Can be configured on a manageable switch only.

HUB
It has no intelligence
It does not know understand
about any addresses.
It always do broadcast.
It works with 0s & 1s.
It works with shared bandwidth.
It has one broadcast Domain.
It has 1 collision domain.
Only road and shared bandwidth
It works at half duplex
SWITCH
It is an intelligence device.
It maintain the MAC address table
It uses broadcast and multicast.
It works with physical address.
It works with fixed bandwidth.
It has 1 broadcast domain by
default.
Number of collision domains
depends upon the number of
ports
Separate road and bandwidth
It works at full duplex.

CSMA/CD
Carrier sense multiple access/collision detection
It is the protocol for carrier transmission access in Ethernet
Networks.
Collisions are identified using access method called CSMA/CD
And CSMA/CA
CSMA/CD works in wired LAN and CSMA/CA works in wireless
LAN.
Broadcast Domain
Set of all the devices that receives broadcast frames originating from
any device within the set.

Collision Domain
A collision domain is a network segments with two or more devices
sharing the same bandwidth (where there is a chance of collision).

Advantage of VLANs
Limit the number of broadcast.
Better performance.
Security.

Types of VLAN
Static VLAN
Dynamic VLAN

Static VLAN
Static VLANs are based on port numbers.
Need to manually assign a port on a switch to a VLAN.
Also called port based VLANs.
One port can be a member of only one VLAN.

Syntax for creation Static VLAN

Switch (config) # VLAN <VLAN no>
Switch (config-vlan) # name <name of vlan>
Assigning Ports in VLAN
Switch (config) # interface <interface type> <interface number>
Switch (config-if) # switchport mode access
Switch (config-if) # switchport access vlan <vlan no>

To Verify VLANs Configuration

Switch # show Vlan
Note- Assigning port continuation command-
Switch (config) # interface range fastethernet 0/0-3, f0/9

Dynamic VLAN
Dynamic VLANs are based on the MAC address of a PC.
Switch automatically assigns the port to a Vlan.
Each port can be a member of multiple VLANs.
For dynamic VLAN configuration, a software called VMPS (Vlan
membership policy server) is needed.
High end switches required (core series) for Dynamic VLANs.
Not in used in production networks.

VTP (Virtual Trucking Protocol

To replicate the Vlans information from one switch to another
switch.
Layer2 protocol
Manages the addition, deletion and renaming of VLANs on a
network-wide basis when you configure a new VLAN on one VTP
switch (server), the VLAN is distributed through all switches in the
domain.
Reduces the need to configure the same vlan everywhere.
Available on the most of cisco catalyst family products.
Why VTP needed?
You can creates VLANs on a switch.
What if you have the same VLANs on the 10 linked switches?
VTP helps
But you still have to assign access ports to the VLANs on the each
ports.
The switch can be configured in the role of a VTP server or a VTP
clients.
VTP stores VLAN configurations in the VLAN database called
VLAN.dat.
Only sever has vlan.dat file in the database.

Benefits of VTP-
VTP reduces administration in a switched network.
Minimize the chances of misconfiguration on switches.

VTP Domain-
Group of layer 2switches sharing Vlan data.
Ends at router or layer3 switch.
Switch can be linked but not part of domain.
Each switch can belong to only one domain.
Domain is defined by its name.
Proprietary of the cisco, so all switches in domain must be Cisco
switches.
 VTP Modes
Server
Default mode .sends Vlan information to the other switches.

Client
Receive Vlans information and forwards it to other switches.

Transparent
Forward VTP traffic but do not originate or use it. They can have their
own Vlans, not shred with other switches.

VLANs Configuration
Switch (config) # vtp mode sever
Switch (config) # vtp domain <domain name>

To Set Password on Vlan Database

Switch (config) # vtp password <password>

To Enable Trunk on Port-

Switch (config) #int <int name> <int no>
Switch (config-if) #switchport mode trunk

To verify VTP-
Switch # show vtp status
Inter Vlan Routing-
Vlans essentially are isolated from each so that packets in one Vlan
cannot cross into another vlans.
To transport packets between Vlans, you must use a layer three
switches.
Inter VLAN Routing Method
Separate physical gateway on router.
Using sub interface(router on stick or switch)
Using Layer 3 switches(Using SVI interfaces)
Note SVI (switch virtual interfaces)
3-Inter Vlan routing Using Layer3 switches
To assign gateway on Multispeed switches
Switch (config) #int vlan <vlan no>
Switch (config-if) # ip add <ip> <subnet mask>
Switch (config-if) # no shutdown
To enable Routing on switches-
Switch (config) # ip routing
Assign IP addresses on Layer3 or Multilayer Switches
Switch (config-if) # no switchport
Switch (config-if) # ip add <ip> <subnet mask>
Inter Vlan Routing through Router on Stick or Switch or Using
Sub-interfaces
Switch(config) # int <trunk int name> <trunk int number>
Switch(config-if) # switchport mode trunk
Router(config) # interface <trunk int name> <int number>
Router(config-if) # no shutdown
 Now Create Sub-interfaces on Router-
Router (config) # interface <trunk int name> <sub int number
(f0/0.1)>
Router (config-subif) #encapsulation dot1q <vlan number>
Router (config-subif) # ip add <IP address> <subnet mask>

STP (Spanning Tree Protocols)

STP stops the loops which occurs when you have multiple links
between switches.
STP avoids broadcast storms. Multiple frame copies & database
instability.
STP is open standard protocol (IEEE 802.1D).
STP is enabled by default on all catalyst switches.
How STP Works-
Selecting the root bridge.
Selecting the root port.
Selecting designated port (forwarding stage) and non-designated
ports (blocking stage).

Selecting the root bridge-

The bridge with the best (lowest) bridge ID.
Bridge ID= Priority (2byte) + MAC address (6byte) of the switch.
Out of all the switches in the network, one is selected as a root
bridge that becomes the focal point in the network.
Every LAN will have only one Root Bridge and all the remaining
switches will be considered as non-root bridges.
Switches are keep on sending the BPDU (bridge protocol data unit)
messages with bridge root Id to each other at very 2 sec.
By default
All switches have default priority value is 32768 than it uses bridge
Priority with switch MAC address.
Every switch has own base MAC address.

Selection of Root Port

Shortest path to the bridge.
Every non-root bridge looks the best to go Root Bridge.
Least cost (speed).
The lowest forwarding switch ID (priority+MAC).
Lowest forwarding physical port number.
For every non-root bridge there is only one root port.
STP port cost-
Link Speed (bandwidth) Cost
10Mbps 100
100Mbps 19
1Gbps 4
10 Gbps 2

BPDU-
All switches exchange information through what is called as bridge
protocols data units (BPDUs).
Hello are sent every 2 sec.
Max age (dead) =20 sec
Forward delay (listening and learning time) =15 sec.
A BPDU contains information regarding ports, switches, port
priority and addresses.
Selection of designated and non-designated ports-
Least Cost
Least Local switch ID.
Lowest local physical port number
Designated Ports- which are in forwarding state.
Non-designated Ports- Which are in blocking state.
STP Ports States-
Blocking 20 sec
Listening 15 sec
Learning 15 sec
Forwarding No limits(50 sec)
Disable No Limits

Verifying Spanning-Tree-
#show spanning-tree
#show spanning-tree valn <vlan number>
#Show spanning-tree root
Selecting Root Bridge Configuration-
Default root bridge election:
Priority+base MAC
Recommended to select high speed switches to be selected as root
bridge.
Changing priority
Primary/secondary
Config)# spanning-tree vlan 1 root primary
Config)#spanning-tree vlan 1 root secondary
OR
Config)# spanning-tree vlan 1 priority <1-4096>
Note -
Priority values can be only multiples of 4096.
Primary reduces priority by 8192 from default priority.
Secondary reduces priority 4096 from default priority.

WAN Technologies-
WAN Protocols-
HDLC PPP

Higher Level Data Link Protocol Point to point protocol

Cisco proprietary Slandered Protocol

No support Support
authentication,comprassion and authentication,comprassion and
error detection error detection
Default on Serial Links Change to PPP
To verify WAN protocol on serial links-
# show interfaces Serial <interface name>
Configuration of PPP-
Router(config) # interface serial <interface name>
Router(config) # encapsulation PPP

Frame Relay-
Uses existing service provider to provide connectivity.
Cost effective solution than leased lines.

WAN Connection Types-

Leased Lines (Synchronous serial)
Circuit-Switch ynchronous serial layer1)-ISDN connection provide by
telecommunication company.
Packet Switch (synchronous serial) - provided by the service
provider.Ex-Frame relay,ATM,
Modern WAN connection-
MPLS
Metro Ethernet
Virtual Ethernet Network
DSL
Cable
VSAT
Frame Relay ONFIGURATION-
CONFIG-IF)# encapsulation frame-relay
Config-if)# frame-relay lmi-type <lmi type>
Config-if)# no sh
Config)#int serial <sub interface no> <frame relay type>
Config-subif)# ip add <sub int IP> <subnet mask?
Config-subif)# frame-relay interface-dlci <dlci value>

Intenet Protocol Version-6(IPv6)

IP Address
IP address is a logical address or software address of device.
It is a layer 3 (Network layer) .
IP address is given to every device in the network and it is used
to identify the device with in the network.
There are two versions of IP addresses-
IPv4

IPv6

1.Overcome the shortage of IPv4 in future.

2. Proposed in 1999.
3.Still not significantly used.

IPv4 IPv6
32 bit address 128 bit address
Written in decimal form Written in hexa decimal form(0-F)
1 group=8bit 1group=16bit
Total group=4 Total group=8
Seperated by Dot(.) Seperated by column(:)
Link local address range Link Local address starts from FE80
169.254.0.0-169.254.255.255
Loop back address is 127.0.0.0- Loop back address is ::1
127.255.255.255
IP space=232 Large IP space=2128
Defined by IANA DefinIed by ITEF
Ex-192.168.1.1 Ex-
FE80:AA00:BB00:CCAC:BCAB:0000:00AA:FF00

IPv6 advance features

Larger address space.
No more need for NAT.
Simpler headre for increased router efficiency.
Aggregation-based address hierarchy .
No more broadcast.
 Stateless auto-configuration.
Built in support for mobile IP.
Built in support for IPsec security.
Rich transmission features.
Easy IP address renumbering.
Capability to have multiple addresses per interface.
IPv6 Structure

Example of IPv6-
2001:0db8:0000:0000:1234:0000:0000:3c4d
2001:db8:0:0:1234:0:0:3c4d
2001:db8::1234::3c4d
2001:db8::1234:0:0:3c4d

IPv6 Address Type

Unicast
Multicast
Anycast

Unicast
Which can be assign any device in the network.
Unicast furter devided into three types.

Global Unicast
It is like Public IP ( routeable ).
Starts with 2000::/3(The first three bits 001)assigned by IANA.

Unique Local
 Like private IP.
It starts from FC00::/7
They are not routable in the global IPv6 Internet.
Starts with either FC or FD in the first two numbers.

Link Local
Default IPv6 address on every IPv6 enable interface( non-
routable)
FE80::/10.
Routers do not forward packets with link local addresses.

Multicast
In IPv6 multicast addess will be starting with FF ( FF00::/8)

Any Cast-
Any cast address is an address that is assigned to a set of
interfaces that typically belongs to the different nodes.
Similer to multicast ,identify multiple interfaces but sends to
only one whichever it finds first.
Unique local and global unicast addresses can be used as
anycast .
Router(config-if)#IPv6 address ipv6-prefix/prefix-length anycast

Assigning of IPv6 Address-

Static Configuration-
Router(config-if) # ipv6 address fc00:11:11:11::1/64
Auto-configuration
Satefull ( via DHCP )
Sateless (Device gets IPv6 add by including the MAC address).
Man in Middle Attack ARP Spoofing
Wireless Router
Gateway

Wireless Router
Victim
Gateway
Man-in-middle attack

1. Sniff traffic to discover IP

Adddresses on the network

Wireless Router Victim

Gateway

Man-in-middle attack

2. Uses ARP Spoofing to

impersonate the gateways &
victim MAC addresses.