Вы находитесь на странице: 1из 60

Building a network

Data Communications and Computer Networks Lab


EP1100

Ezzeldin Shereen
Ming Zeng
Peiyue Zhao

Version 7.0 (2018)

Department of Network and Systems Engineering


School of Electrical Engineering and Computer Science
KTH, Royal Institute of Technology
Laboratory Manual 2
Chapter 1

Introduction

1.1 Purpose of the laboratory


The main goal of this laboratory is to give you an overview of the different processes involved in building a network,
such as a corporate network. You will have to plan the IP address scheme, configure and test the equipment, as well
as configure several applications and servers typical of any corporate network (DNS servers for example).
After you have completed the laboratory exercises, you should be familiar with the practical issues of the different
concepts explained in the course, as well as with the real equipment used nowadays in computer networks.

1.2 Duties before the lab starts


Students are required submit the homeworks before the lab starts. Students missing the homework submission will not
be accepted to the lab.

1.2.1 Preparatory quizzes


Each student has to complete two online lab entry quizzes, which can be found at the course web page. The quizzes
are due on the first lab session, and the third. Their purpose is to check that you have enough theoretical knowledge of
the tasks that you will perform in the lab. Since these tasks are not part of the course book, you will have to read this
manual and its references carefully to pass the quizzes.

1.3 Rules of behavior in the laboratory


1. Every laboratory sessions begins SHARP at the specified time in the schedule. Be on time! Students who arrive
later than 15 minutes after the laboratory session had begun will not be accepted to that session.

2. Each lab session is four hours long. Students are welcome to take 10 minutes break during the session when
they consider convenient.

3. Please bring your identity cards with you.

4. Students must have their own copies of the laboratory manual.

5. Food and drinks are not allowed inside the laboratory.

6. Please keep your lab position organized and clean, and ensure that the equipment is in the same state (or better)
as when you started.

1.4 How to use/read this manual


This manual is divided into different chapters and sections. Each chapter corresponds to a logical unit in the lab, like
this introduction, and the different lab sessions. The lab sessions have two parts: ’before the lab’ and ’during the lab’.
Each of the sessions is self-contained and includes the theory that you will need, either written in this lab manual or
as pointers to the proper places to find it. You are required to read both sections carefully and to have a clear idea of
the different concepts that you will have to manage while executing the lab tasks.

3
1.5. Notation used in the manual

Before the laboratory session: The first thing that you should do is to read the manual completely and start studying
the concepts explained in the ‘Before the session’ sections. Your understanding of these concepts will be tested in the
homeworks.

During the laboratory session: While you are in the lab you must have a copy of the lab manual and your solved
homeworks, and perform the different tasks specified. Each of the tasks contains questions that you have to answer.
To pass the lab, students must successfully complete all tasks.
You must also read this part of the manual before you attend the lab, so that you are familiar with the tasks and
their questions. You will not have time to read the manual during the lab!

1.5 Notation used in the manual


Whenever an example of syntax is given in the manual, the following conventions apply:
• The commands meant to be written in the different terminals, whether it is a router or a PC, are written in bold
letters.
• Parameters that you have to substitute with their proper values are written in italic.

• Parameters inside square brackets are optional and if applied should be written without the square brackets.
Example of syntax in this manual:
ping [-LRUbdfnqrvVaA] destination

Example of issued command:


ping -b 255.13.1.0

1.6 Credits
Parts of this lab manual have been transcribed literally or with small modifications from the white paper ’Understand-
ing IP addresses: everything you ever wanted to know’ by Chuck Semeria ( 3Com c corporation), used with kind
permission of 3Com, and from different Linux HOW–TO’s and manuals. Previous versions of this manual were writ-
ten/edited by Ignacio Más Ivars, Evgueni Ossipov, Héctor Velayos, Mikael Rudholm, Ognjen Vuković and Ljubica
Pajević.

Laboratory Manual 4
Chapter 2

Lab Session 1: Building a network

Before the session


2.1 Representation of networks in diagrams
Network diagrams show the relationship between the elements of communication networks such as computers, periph-
eral devices and network equipment. A diagram is the main documentation of a network and its importance cannot
be overemphasized. Often, it is the key resource when troubleshooting the network. The network diagram shows
how the network operates, so the main task of the network administrator is to maintain the network functioning as its
diagram specifies. As a general rule, any modification to the network must first be made to the network diagram, the
side effects analyzed and then, if everything works properly, the network equipment will be reconfigured following
the new diagram.
Despite the fact that there are standards for most of the network parts, the network diagrams are not standardized
at all. Developing appropriate network diagrams requires a mixture of experience, knowledge and likely some art. It is
a skill that will only be developed through practice, although the study of existing diagrams helps a lot. In these brief
notes you will receive some guidelines to interpret network diagrams and then you will practice with the diagram for
the lab session.
When reading a network diagram, the first thing to dis-
cover is the represented layer. As the network diagram shows
the relationships between networked elements and these hap-
pen at different layers, it is natural that diagrams are classified
according to the network layers. The most frequent diagram
is the network layer diagram, which shows IP networks and
routers between the networks. Usually they are fairly com-
plex, so they do not show any information of other network
layers. It is important not to overload the diagrams with in-
formation, therefore the details of the individual networks are
included in link layer network diagrams. This type of dia-
grams have a narrower scope (a single sub-network typically)
and contains a lot of details about the link and possibly phys-
ical layers. Higher level diagrams are also frequent, showing
the arrangement of network services like DNS or DHCP, or
Figure 2.1: Network symbols often used in network the relationship between application servers and clients.
diagrams. Common to all these types of diagrams is the use of sym-
bols to represent the different entities. These symbols are not
standardized. The diagram author can use any symbols he likes. However, these symbols must be used in a consistent
way. This means that both a square and a circle can represent a router, but all routers in the diagram must be represented
using the same symbol. In this lab, we will use the symbols in Figure 2.1. Files with these symbols in different formats
can be downloaded freely from the Internet (http://www.cisco.com/web/about/ac50/ac47/2.html).
The symbols are classified into three categories: network devices, user devices and media. Among the network
devices you can find the representation for hubs, switches and routers. The user devices group contains icons for
PCs, servers and PCs that act as routers. Finally, the media category contains the symbols for Ethernet connections,
serial lines and the cloud. The cloud is a special symbol used to represent parts of the network not shown in a

5
2.2. Equipment description Before the session

particular diagram. Thus, it can represent an unspecified network media or whole networks, which is its normal usage.
Additional information can be included in the diagram using alphanumeric strings, like IP addresses, host names or
device ports. The next section contains some network diagrams that will be used during the lab. At the same time,
these diagrams are good examples for the brief notes just introduced.

2.1.1 The network diagram for this session


During this lab session you will work with what could be a corporate network of a company with several hundreds of
users. The name of the fictitious company is Acme. It has four departments: administration, production, marketing
as well as research and development. Each department is divided into four areas, with a Fast Ethernet serving each
area. There is a router per area, which connects the Fast Ethernet to the department’s backbone network. The company
has four backbones, one per department. All the backbones are connected to the main router of the company, which
provides access to the Internet among other services. This network is depicted in Figure 2.2. It is a network level
diagram of Acme’s network, containing also the IP addresses used. It is natural that this diagram of a relatively
complex network looks confusing at the beginning. Take your time to review it and understand all its data. It will be
your guide for troubleshooting the network.
As you can see in the figure, the network is quite symmetric. The whole network is called "ACME network", its do-
main name is "acme" and it will use the block of IP addresses from 192.168.0.0 to 192.168.0.255 (i.e. 192.168.0.0/24).
These addresses are defined as "private" by IANA (see http://www.iana.org and RFC 1918), thus they can only
be used internally. The main router of the company, the PC-router depicted in the center of the figure, will implement
NAT (Network Address Translation) to provide access for the hosts to the Internet, using public IP addresses.
Each department has a backbone implemented with a Fast Ethernet. Each backbone has a block of eight IP ad-
dresses assigned. The first address of the block identifies the network, the second is assigned to the gateway connecting
it to other networks, while the rest of the addresses are assigned to the interfaces of the routers that connect the back-
bone with the departmental area networks. Note that the last address of the block is reserved for the network broadcast.
The domain name for the four backbones is acme. An example of a interface name in the backbone is pro.acme (in-
terface to the production network backbone in the main router). Another example is mar1-in.acme (access interface to
the area 1 network of the marketing department from the marketing backbone). The names are meant to help you find
its correspondent interface in the network diagram.
Each departmental network is composed of the backbone and four area networks. The user hosts are connected to
the area network, never to the backbone. Each area network is a Fast Ethernet network with a router to the departmental
backbone. A block of eight IP addresses is assigned to each area network. The first one identifies the network, the
second is given to the internal router interface, the third to the switch (needed for its remote configuration features),
the fourth to the area server, the last is the network broadcast and the rest can be assigned to user terminals. Each
department has its own domain name. Administration has adm.acme, marketing has mar.acme, production has
pro.acme and research & development has rad.acme. In addition, there are special domain names per area network.
Examples of names in the area networks are ns.area1.adm.acme (DNS server of the area 1 network of administration)
or sw.area2.pro.acme (switch of the area 2 network of production). Again the names are meant to help you find the
position of the interface in the network diagram.
Figure 2.3 contains more details of the area network. It depicts the network and link layers, including some physical
details such as the router ports. This figure corresponds to the area 1 of the R&D department and also includes the
departmental backbone. The rest of the areas and backbones are connected in the same way.

2.2 Equipment description


You will work with different pieces of network equipment such as cables, switches and routers during this lab. You
should know what their functions and capabilities are in general terms. This section shows the actual models that you
will find in the lab. It also contains some guidelines to identify the equipment and its interfaces. All the equipment is
classified into four groups: cables, switches, routers and terminals. Below there is one subsection dedicated to each
group.

2.2.1 Cables and connectors


All the cables used in the lab are terminated with adequate connectors on both ends. Two major types of cables will be
used in the lab, power supply and data cables. The power supply cable is necessary for the equipment to be powered,
but it does not participate in the transmission of data signals. Figure 2.4 shows the power supply cable for PCs, routers
and switches.

Laboratory Manual 6
2.2. Equipment description Before the session

Figure 2.2: Acme’s network diagram.

Laboratory Manual 7
2.2. Equipment description Before the session

Figure 2.3: Detailed network and link layer diagram.

Figure 2.4: Power supply cable. Figure 2.5: RJ 45 plug.

For data communication we will use different cables depending


on the link layer technology, though the media will always be copper.
For the Ethernet connections, we will use four-pair category 5 Un-
shielded Twisted-Pair (UTP) cabling with RJ45 plugs on both ends.
Figure 2.5 shows the RJ45 plug at the end of the UTP cable. This type
of cable contains eight individually insulated wires twisted in pairs.
Each pair is colored with one wire having a solid color (blue, orange,
green, or brown) and the other wire having a stripe of the same color
over a white background. Each wire is named by its color when it is
solid (e.g. green) or by the pair white and color of the stripe other-
wise (e.g. white-green). The pairs are identified by the solid colors
(e.g. green pair).
The RJ45 plug has eight pins, numbered from 1 to 8; each one
of the wires of the four-pairs UTP cable connects to one pin. The
assignment of wires to pins is named color code and it is different
depending on the standard. We will use both the EIA/TIA 568A and
Figure 2.6: Standards for color codes. 568B standards. Their color assignment can be seen in Figure 2.6.
We will need two different types of cables for Ethernet connections: crossover cables and straight-through cables.
A crossover cable must be used to connect Ethernet ports of two PCs directly, or two routers or two switches (when
the uplink port of the switches is not used). It has one RJ45 plug wired following the 568A standard and the other

Laboratory Manual 8
2.2. Equipment description Before the session

Figure 2.7: DB9 to RJ45 adapter. Figure 2.8: Rollover cable.

following the 568B standard. A straight-through cable must be used to connect the Ethernet ports of a switch to PCs
or routers. It has both RJ45 plugs wired following the 568B standard. The only way to identify whether an Ethernet
cable is a crossover or straight-through cable is to check the color code at both ends.
More information about Ethernet cables and how to make them can be found at http://www.duxcw.com/
digest/Howto/network/cable/cable5.htm. General information about connectors, pin-outs, cables and
adapters can be consulted at http://www.hardwarebook.net/.
A different cable must be used to connect a PC to the console port of a Cisco device. The console port is a serial
port, and it must be connected to the PC USB port. The console port is a RJ45 jack while the PC has a USB port. To
connect both ports properly, we will use the USB to DB9 adapter, the DB9 to RJ45 adapter, (see Figure 2.9 and 2.7)
and a new type of cable known as roll-over cable. A roll-over cable also uses 8 wires with RJ45 plugs on both ends,
but it is different from the straight-through or crossover cables. In a roll-over cable, the pins on one end are reversed
on the other end. Thus pin 1 on one end connects to pin 8 on the other end. Pin 2 connects to pin 7, pin 3 connects to
pin 6 and so on. Figure 2.8 shows a roll-over cable.

Figure 2.9: USB to DB9 adapter.

In addition to these cables, there is permanent cabling in the lab room that you will need to use to connect the
router’s outer interface to the departmental backbones. The permanent cables run in the tables and floor, and link each
lab position with the lab’s cabling rack. The cabling rack is in front of the lab room (to your left). It contains the
departmental switches and a patch panels below them. Figure 2.10 shows the interior of the cabling rack.
Each switch has a label indicating to which departmental backbone it belongs. The patch panel has two rows
of sockets: the top and the bottom row. Each socket on the panel connects to a similar socket by the tables, which
are marked with a blue label and text LABBNÄT, Figure 2.11. The label indicates to which of the panel sockets a
particular socket is connected to. For example, 17B corresponds to the socket 17 on the bottom row (T stands for top,
B for bottom). The connection between the sockets in the patch panel and by the tables is equivalent to straight-through
cable.
The connection of the router’s outer interface to the departmental backbone requires two straight-through cables.
Use one to connect the router’s outer Ethernet interface to one of the blue-label sockets by the table. Use the other to
connect the socket in the patch panel with the same label to any port of the appropriate departmental switch.

2.2.2 Switches
The switch you will use in the lab is a Cisco Catalyst 3512 XL. In the front it has twelve 10/100 Ethernet switched
RJ45 ports plus two additional Gigabit Ethernet slots. The Ethernet ports will be used to connect the equipment of the
area network. The Gigabit slots will not be used in this lab. In the back it has the RJ45 console port for its configuration
and the three-pin power supply socket. It does not have a power switch, the equipment is turned on when connected
to the power supply. Each port is labeled on the box with a name, which it is also used to identify the port in the
configuration menus. Figure 2.13 shows the front and Figure 2.14 shows a closer view of the Ethernet ports in the
front. Note that each port is given a number, with number one in the top left corner. The number allows identification
of the ports in the configuration file, but there is no difference in the behavior of the ports. Any of them can be used to
connect equipment to the switch.

Laboratory Manual 9
2.2. Equipment description Before the session

Figure 2.10: Switches and patch panel in the lab cabling rack.

Figure 2.11: Cabling sockets by the


tables in the lab

Laboratory Manual 10
2.3. Cisco software Before the session

There are additional switches inside the cabling rack. You will use them to connect your router to the departmental
backbone, but you do not have to change their configuration.

2.2.3 Routers
The router you will use in the lab is a Cisco 2621. All its ports are situated in the
back. It has two 10/100 Ethernet RJ45 ports, a RJ45 console port for its configuration,
a three-pin power socket and a power switch. Each port is labeled in the box with
a name, which it is also used to identify the port in the configuration file. Since the
router forwards packets between its ports, it is very important to connect each network
to the proper port. Figure 2.15 shows the front and Figure 2.16 shows the ports in the
back. Figure 2.12: A Raspberry Pi.

2.2.4 Terminals
A Raspberry Pi running Linux will be used as the terminal in the lab. The Raspberry Pi has functionalities as a regular
personal computer, therefore we refer to the Raspbery Pi as PC in this lab manual. The Raspberry Pi has various
ports, and its most important ports for this lab are the 10/100 Ethernet RJ45 port and the USB ports. Figure 2.12
shows the ports of the Raspberry Pi at the lab. To use the Raspberry Pi, each group needs to prepare a laptop to be
remotely connected to the Raspberry Pi. For more information, please refer to Section 2.8. The Raspberry Pi will fully
work as a PC in the lab. Each area network has a PC, which will be used as the network server for the area network.
Additional laptops can be connected to the area network. These laptops must have a RJ45 Ethernet port. This port will
be connected to any free port in the switch to join the area network.

2.3 Cisco software


In this section we will review the configuration process of the Cisco equipment in the lab. The best way to prepare
yourself for this task, it is to read the manufacturer’s documentation, some of which is provided as a supplementary
course material and the other is available online.
Here in we will give you some references: please read them in advance as you will not have time during the lab.
Since there is a huge amount of published documentation, the next paragraphs contain some guides on what are the
parts that you must study for this lab.
Start by reading the "Cisco Software Configuration Guide" on Canvas. From the section "About this guide", learn
about the objectives, organization and conventions of the document. Then go to the chapter 1, "First-time configu-
ration", which explains how to configure the router initially. This chapter describes both the 3600 and 2600 model
series, read only the part related to the Cisco 2600 series. It is important to review the "Cisco 2600 Series Interface
Numbering". While reading this part, recall that the routers in the lab have two Fast Ethernet ports in slot 0. Then read
the following sections to overview the initial configuration process of the router: "Using the Setup Command Facility",
"Configuring Global Parameters" and "Configuring Interface Parameters". This last section describes several interface
types, read only the "Fast Ethernet Interface Configuration" section. Finally read the "Completing the configuration"
section. During the lab you will configure the router as these sections describe, so read them carefully. After reading
it, read section 2.3.3 of this manual about the same topic. It contains the answers to the set up questions that you
should use during the lab.
After reading the first chapter, move on to the second, "Cisco IOS software basics". It describes general aspects
of the Cisco IOS software, which you need to know before working with the router. Read it completely, with special
attention to the different configuration modes, how to get help on the commands from the command line interface and
how to undo a command or feature.
To complete the review of the router documentation, read chapter 3 titled "Configuring with the Command Line In-
terface". It describes the commands to actually configure particular functions of the router. Read sections "Configuring
Fast Ethernet Interfaces", "Checking the Interface Configuration" and "Saving Configuration Changes".
By reading thoroughly these sections of the documentation, you will obtain a good knowledge of the router, its
software and of how to configure it. However you might still need more information of particular commands. To
obtain it, use the master index of the Cisco IOS Configuration Guide, Release 12.0S available at http://www.
cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/c12k_fm/config.pdf. Use this ref-
erence to read about the "ip route" commands. It will be used during the lab to create the routing table of the router.
Read also about the commands "ping" and "trace" in their privileged and user versions, since you will use them to
troubleshoot the network.
All this information only applies to the router configuration. There is an equivalent document for configuring
the switch called "Cisco IOS Desktop Switching Software Configuration Guide". If you read this document, you will

Laboratory Manual 11
2.3. Cisco software Before the session

Figure 2.13: Front of the Cisco Catalyst 3512 XL.

Figure 2.14: Ethernet ports in the front-left of the Cisco Catalyst 3512 XL.

Figure 2.15: Front of the Cisco 2621.

Figure 2.16: Ports in the back of the Cisco 2621.

Laboratory Manual 12
2.3. Cisco software Before the session

discover that the way the switch is configured is similar to that of the router, but some commands are different. You can
find these commands in a document called "Cisco IOS Desktop Switching Command Reference" available on Canvas.
If you need information on a particular command, you can look it up at http://www.cisco.com/c/en/us/
td/docs/ios/fundamentals/command/reference/cf_book.html. Before the lab, it is enough that
you read section "Using the command-line interface" of the switch manual. Note that it is similar to that section in the
router configuration. Since we will not configure complex functions in the switch during this lab, you do not have to
study deeply any of the switch commands. After reading this information about the switch, read below section 2.3.2
which describes how to start up the switch. You will start up and initially configure the switch during the lab.

2.3.1 Management console


We will configure both the router and the switch typing commands in the command-line interface (CLI). To access the
CLI, we will connect a management console to the router or switch. There is specific hardware that can be connected
to the console port of the router or switch and behaves like a management console. However, in our lab we will instead
use a PC (the Raspberry Pi) running Linux and a serial communication program called minicom, which all together
offers the same functionality.
First you have to connect the PC to the console port of the network equipment (i.e. the router or the switch). Use
the supplied roll over cable, USB to DB-9 adapter, and DB-9 to RJ45 adapter to connect a PC USB port to the switch
console port.
Once the USB port and console port are connected, open a new terminal on PC. Then type sudo minicom
to start the minicom program. If everything is working fine, minicom will display the messages from the network
equipment as character strings and it will display the prompt for you to type commands.
At any moment, you have all the minicom configuration commands available by pressing ’Ctrl+a z’. Before
the lab, read the section "use" of the minicom’s manual page available on-line at http://linux.die.net/man/
1/minicom to learn how to use this software.

2.3.2 Starting up the switch


This subsection describes how to start up your Catalyst 3500 XL switch, to interpret the power-on self-test (POST)
and to configure the switch.

Starting Up The switch will start booting as soon as the power supply is connected, since there is no power switch.
It is important to connect the management console before the switch is powered on, so it will display the messages
generated during the start up process. For the initial configuration, there is no need to connect any cable to the Ethernet
ports.
When the switch starts up, it begins POST, a series of eight tests that run automatically to ensure that the switch
works properly. When the switch begins POST, the port LEDs turn amber for 2 seconds, and then they turn green.
The System LED flashes green, and the RPS LED turns off. As each test runs, the port LEDs, starting with number 1,
turn off. The port LEDs for ports 2 to 8 each turn off in turn as the system completes a test. When POST completes
successfully, the port LEDs return to the status mode display, indicating that the switch is operational. If a test fails,
the port LED associated with the test turns amber, and the system LED turns amber as well.
To initiate the start-up configuration of the switch, send a break command from your terminal program. Then you
should see the initial configuration screen of the switch.

Using the Setup command of the Command Line Interface The command setup from the set of privileged com-
mands is used to assign IP information and to create a default configuration for continued operation. When you boot
the switch (or the router) for the first time, there is no configuration so you will be asked whether you want to enter
the "initial setup dialog". Answer yes and you will be configuring everything from scratch. If this question does not
appear, it means that some configuration was found. In this case, you will have to start the setup procedure from the
privileged mode using these commands:
Switch> enable
Password: passwd
Switch# setup
Continue with configuration dialog? [yes/no]: y

The password should be "qwerty". The setup procedure consists of a sequence of questions that you should answer.
This information is used to create the initial configuration. After the last question, this initial configuration is shown,
so it is possible to review it before saving. Here are the questions and the suggested answers:

Question 1: Enter your switch’s IP address and press Return:

Laboratory Manual 13
2.3. Cisco software Before the session

Enter IP address: ip_address

Question 2: Enter your switch’s subnet mask and press Return:

Enter IP net mask: ip_netmask

Question 3: Enter "Y" to specify a default gateway (router):

Would you like to enter a default gateway address? [yes]: y

Question 4: Enter the IP address of your switch’s default gateway and press Return:

IP address of the default gateway: ip_address

Question 5: Enter a host name for the switch and press Return:

Enter host name: Switch

Question 6: Enter a secret password (which ensures switch security) and press Return:

Enter enable secret: qwerty

Question 7: Enter "Y" to enter a Telnet password:

Would you like to configure a Telnet password? [yes]: y

Question 8: Enter the Telnet password and press Return:

Enter Telnet password: qwerty

Question 9: You would enter Y to configure this switch as the cluster command switch. Enter N to configure it as a
member switch or as a stand-alone switch.

Would you like to enable as a cluster command switch? n

Question 10: Verify that the addresses are correct in the initial configuration displayed:

The following configuration command script was created:


ip subnet-zero
interface VLAN1
ip address ip_address ip_netmask
ip default-gateway ip_address
hostname Switch
enable secret 5 $1$jJql$VA6U.6uTjsa56Xx2yy/t30
line vty 0 15
password telnet_password
snmp community private rw
snmp community public ro
cluster disable
!
end
!
Use this configuration? [yes/no]:

Question 11: If the information is correct, enter y at the prompt and press return to use it. When you see the message
"Press RETURN to get started", the setup program is complete. If the information is not correct, enter n at the
prompt, press Return, and begin again at Question 1.

2.3.3 Starting up the router


This subsection describes how to start up your Cisco 2621 router, to interpret the power-on self-test (POST) and to
initially configure the router.

Laboratory Manual 14
2.3. Cisco software Before the session

Starting Up In contrast to the switch, the router will not boot when the power supply is connected. It will boot
when the power switch in the back part is set to on. It is important to connect the management console before the
router is powered on, so the console will display the messages generated during the start up process. For the initial
configuration, there is no need to connect any cable to the Ethernet ports.
When the router starts up, it performs the POST without producing external signals. When POST completes
successfully, the bootstrap program is loaded from ROM into the RAM. This process produces the first messages in
the console. After bootstrap is loaded, it searches and loads the Cisco IOS. In our case, this software is retrieved from
the internal flash memory, decompressed and loaded into RAM. More messages appear in the console reporting the
evolution of these steps. When it is successfully loaded, the router’s configuration file is searched and loaded.
When you boot the router for the first time, there is no configuration file, so you will be asked whether you want
to enter the "initial configuration dialog". Answer "yes" and you will be configuring everything from scratch in the
set-up mode. If this question does not appear, it means that the router found some configuration. In this case, you
will have to start the initial configuration procedure from the privileged mode using the setup command as described
below:
Router> enable
Password: passwd
Router# setup
Continue with configuration dialog? [yes/no]: y

The password should be "qwerty".

Initial configuration dialog The set up procedure consists of a sequence of questions that you should answer. This
information is used to create the initial configuration. After the last question, this initial configuration is shown, so it
is possible to review it before saving. Here are the questions and the suggested answers:

Question 1: Answer "no" to enter the extended setup:


Would you like to enter basic management setup? [yes/no]: no

Question 2: Answer "no" to skip the interface summary:


First, would you like to see the current interface summary? [yes]: no

After these two questions, the configuration of the global parameters begins:

Question 3: Type a name for the router:


Enter host name [Router]: Router

Question 4: Enter “qwerty” as the enable secret password:


Enter enable secret: qwerty

Question 5: Enter "lab" as the enable password:


Enter enable password: lab

Question 6: Enter "qwerty" as the virtual terminal password:


Enter virtual terminal password: qwerty

Question 7: Answer "no" to skip SNMP configuration:


Configure SNMP Network Management? [yes]: no

Question 8: Answer "yes" to enter the IP configuration:


Configure IP? [yes]: yes

Question 9: Answer "no" since we will use static routing:


Configure IGRP routing? [yes]: no

Question 10: Answer "no" again to this dynamic routing protocol:


Configure RIP routing? [no]: no

Laboratory Manual 15
2.3. Cisco software Before the session

Question 11 Answer "no" since bridging will not be used


Configure bridging? [no]: no

Question 12: No user dialing in via modems, so answer "no" here


Configure Async lines? [yes]: no

Now the configuration of the interface parameters begins. The FastEthernet 0/0 port is first:
Question 13: Answer "yes" to configure FastEthernet 0/0 interface
Do you want to configure FastEthernet0/0 interface? [yes]: yes

Question 14: Answer "yes" to use the RJ45 connector in the back part of the router
Use the 100 Base-TX (RJ-45) connector? [yes]: yes

Question 15: Answer "yes" to activate Ethernet full-duplex mode


Operate in full-duplex mode? [no]: yes

Question 16: Answer "yes" to initiate the IP configuration of the interface


Configure IP on this interface? [yes]: yes

Question 17: Type the proper IP address for this interface in dotted-decimal format. The network diagram should
help finding out what this address should be. We have included an IP address as an example of the expected
answer.
IP address for this interface: 192.168.0.129

Question 18: Type the proper mask in dotted-decimal format corresponding to the previous IP address. We have
included a mask as an example of the expected answer.
Subnet mask for this interface: 255.255.255.0

After this question, similar questions will appear to configure the second FastEthernet interface of the router.
Answer them in the same way you did with the questions for the other FastEthernet interface. Mind that the IP address
and possibly the mask should be different for this second interface.
After this set of questions on the second FastEthernet interface, the initial configuration is generated and displayed
for you to verify it. The screen should look similar to this:
The following configuration command script was created:
hostname Router
enable secret 5 $1$EDYp$8IwOwl7TATzo8lYdAeuIV1
enable password lab
line vty 0 4
password qwerty
no snmp-server
!
ip routing
no bridge 1
!
interface FastEthernet0/0
media-type 100BaseX
full-duplex
ip address 192.168.0.129 255.255.255.0
!
interface FastEthernet0/1
media-type 100BaseX
full-duplex
ip address 192.168.0.26 255.255.255.0
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
end
0 Go to the IOS command prompt without saving this config.
1 Return back to the setup without saving this config.
2 Save this configuration to nvram and exit.
Enter your selection [2]:

Check the configuration, especially the IP addresses and masks, and if everything is correct, answer "2" to save
the configuration and exit from the set up mode. If there is some incorrect information, you can answer "1" to repeat
the set up. After you save it, the router is working with your initial configuration. Note that you have not introduced
the static routing table yet, thus the router can only reach directly connected networks. If any static route is needed,
use the router’s command ip route to add static entries to the routing table.

Laboratory Manual 16
2.4. IP: General concepts Before the session

Figure 2.17: The five classes of IP addresses, where the prefix identifies the network and the suffix the
particular host inside that network.

2.4 IP: General concepts


2.4.1 IP addressing
When the Internet Protocol (IP) was designed and standardized, the specification required that each system interface
had a unique Internet address of 32 bits. Some of these systems could have more than one network interface, like
routers, and thus they would need a unique IP address for each interface. An IP address is divided in two parts: the
first part identifies the network and the second part identifies the particular host in the network.
During the early years of IP addressing, the first part of the IP address was called the network number because the
leading portion of each IP address identifies the network, while the last part of the address was called the host number.
In one particular network, all the hosts contain the same network number, but they must have different host numbers.
On the other hand, if two hosts are in different networks their network number must be different, but they can have the
same host number.
There is one exception to the required uniqueness for IP addresses, and it is the group of addresses reserved for
private use. These private IP addresses can be repeated in different organizations, but they should never be directly
connected to the Internet.

2.4.2 Primary Address Classes


One of the main goals when designing the IP protocol was supporting networks of different size. For that purpose, the
IP address space was divided into five different address classes – Class A, B, C, D, and E. This way of partitioning
is called classful addressing because the address space is split into predefined classes, groupings, or categories. The
different classes fix the boundary between the network number and the host number at different points within the three
first bytes of the address. The different formats are illustrated in Figure 2.17.
Classful IP addressing is quite convenient from the routing point of view, since each address contains a self–
encoding key that identifies the dividing point between the network number and the host number. This way, early
routers on the Internet could know the length of the network number without having a network mask. For example,
when the first two bits of an IP address are 1–0, the dividing point is between the 16th and 17th bits.

Class A Networks Class A network addresses have an 8–bit network number, which starts with a 0, followed with
a 24–bit host number. Nowadays, class A addresses are referred to as ’/8’, because of their 8–bit network number.
There are 126 (27 – 2) class A networks. We have to subtract 2 because the 0.0.0.0 network is reserved for the default
route and 127.0.0.0 is used for the loopback interface. Each /8 network contains 224 – 2 (16,777,214) hosts. Again, we
subtract two addresses because the all–0s ("this network") and all–1s ("broadcast") host numbers cannot be assigned
to individual hosts. There are in total 231 (2,147,483,648) individual addresses available in class A, which are 50% of
the total IPv4 address space.

Class B Networks Class B network addresses have a 16–bit network number, with the two highest order bits set to
1–0, followed by a 16–bit host number. They are usually referred to as ’/16s’. There are 16,384 (214 ) /16 networks,
with 65,534 (216 – 2) hosts per network. The entire class B address space contains 230 (1,073,741,824) addresses.

Class C Networks Class C network addresses have the three highest order bits set to 1–1–0 and a 24–bit network
number, followed by a 8–bit host number. They are referred to as ’/24s’. There are 254 (28 – 2) hosts per network,
with 2,097,152 (221 ) possible /24 networks, giving a maximum of 229 (536,870,912) addresses.

Laboratory Manual 17
2.4. IP: General concepts Before the session

32–bit binary number Equivalent dotted decimal


10000001 00110100 00000110 00000000 129.52.6.0
11000000 00000101 00110000 00000011 192.5.48.3
00001010 00000010 00000000 00100101 10.2.0.37
10000000 00001010 00000010 00000011 128.10.2.3
10000000 10000000 11111111 00000000 128.128.255.0

Table 2.1: Examples of 32–bit addresses and their equivalent in dotted-decimal notation.

Address class Range of values


A (/8 prefixes) 0 through 127
B (/16 prefixes) 128 through 191
C (/24 prefixes) 192 through 223
D (multicast) 224 through 239
E (reserved) 240 through 255

Table 2.2: The range of decimal values in the first octet of each class.

Other Classes In addition to the three classes used to identify individual network interfaces, there are two additional
classes: Class D addresses have their four highest order bits set to 1–1–1–0 and are used to support IP Multicasting,
while Class E addresses have their leading four–bits set to 1–1–1–1 and are reserved for future use.

2.4.3 Dotted–Decimal Notation


In order to facilitate the use of IP addresses, they are often expressed as four decimal numbers, each separated by a
dot. This format is called dotted–decimal notation.
In this notation, each 32–bit Internet address is divided into four 8–bit (byte) fields. Then, the value of each field
is specified independently as a decimal number with the fields separated by dots. Table 2.1 shows typical Internet
addresses expressed this way.
Table 2.2 displays the range of decimal values that can be assigned to the first byte of each address classes.

2.4.4 Problems with Classful Addressing


The Internet nowadays has surpassed in size all the original expectations of its creators. The design decisions made in
the early years of the Internet have created complex problems with difficult solutions:

• When the Internet started, IP addresses were allocated to organizations based on simple requests, instead of the
actual needs. The decision to create 32–bit addresses gave only 232 (4,294,967,296) IPv4 addresses available,
which has led to an actual lack of addresses.

• The division of IP addresses based on octet boundaries was easy to implement and deploy, but it created a lack
of proper support for medium-size organizations. A /16, supporting 65,534 hosts, can be too large for this type
of organizations, while a /24, with only 254 possible hosts can be far too small. In the past, sites with several
hundred hosts were assigned a single /16 address, instead of two or three /24 addresses, thus quickly finishing
off the /16 address space. Also, the need to give several /24 addresses to the same organization has increased
the size of the routing tables.

2.4.5 IP sub–netting
In 1985, IETF RFC 950 defined a way to divide single class addresses into smaller pieces. Sub–netting was introduced
to overcome the problems the Internet was suffering with the two–level addressing hierarchy: first, local administrators
had to apply for a new network address before installing a new network at their site; and, second, the Internet routing
tables were beginning to grow to an unmanageable size.
The way to attack these problems was to add a new hierarchy to the addressing scheme. With sub–netting the host
number was divided into two parts, the subnet number and the host number on that subnet, thus creating a three–level
hierarchy.
With the new sub–netting scheme, the subnet structure of a network is not visible outside the organization’s do-
main. This helps reducing the routing tables of the outside routers, as the route to any subnet is the same as all subnets
share the same network number. It is only inside the organization’s private network were routers need to differentiate

Laboratory Manual 18
2.4. IP: General concepts Before the session

network–number subnet–number host–number


IP address: 130.5.5.25 10000010.00000101 00000101 00011001
Subnet Mask: 255.255.255.0 11111111.11111111 11111111 00000000
Extended–network–number

Table 2.3: Subnet mask.

between the different subnets to route packets, reducing the complexity of the routing tables to the domain of the local
administrator.
With the new scheme, a site with several logical networks uses subnet addressing to cover them with a single /16
(Class B) network address. This concept is sometimes called super–netting. The router accepts all traffic from the
Internet to network 132.5.0.0, and forwards traffic to the interior subnetworks based on the third octet of the address.

2.4.6 Extended Network Number


When a router in the Internet routes a packet, it uses the network number of the destination address. In a sub–
netted environment, once a packet arrives to the sub–netted domain the routers use the extended network number to
distinguish among the different subnets. The extended network number is composed of the classful network number
plus the subnet number.
To identify the extended subnet number routers use the subnet mask. For example, with the /16 address 130.5.0.0,
if you are using the entire third byte for the subnet number, then you need to use a subnet mask of 255.255.255.0. The
bits in the subnet mask are 1 for those bits on the IP address that correspond to the extended network number, and are
0 for those bits belonging to the host number. This is illustrated in Table 2.3
Nowadays, most of the modern routing protocols use the extended network number length instead of the subnet
mask. The length is the number of 1 bits in the mask, so instead of saying that the mask is 255.255.255.0, we denote
the IP address as 130.5.0.0/24. Anyway, all the routing protocols still need the subnet mask, as there is no Internet
routing protocol that contains a one–byte field to carry the extended network number length.

2.4.7 Design Considerations


The design of an address plan for an organization requires the network administrator to carefully consider different
aspects that will influence the final design:

• How many subnets do we need today?

• How many subnets will we need in the future?

• How many hosts are in the largest subnet?

• How many hosts can the largest subnet contain in the future?

The first step to perform is to take the maximum number of subnets required and round that value up to the closest
power of two. This computation should take into account the possible growth of the network. For example, if we need
11 subnets, then 23 will not provide enough subnets, so we will have to round up to 24 . This will give us three extra
subnets for our organization to grow.
The second step is checking the number of hosts that we will need in the largest subnet. Imagine that we will need
26 hosts. If this is the case, then we will need at least 25 (or 32) addresses.
Finally, we have to check the address space of our organization to see if we have enough bits to deploy the required
sub-netting plan. For example, with a single /16 address, we could have four bits for the subnet number and five bits
for the host number. If we instead have several /24s and we want to have 11 subnets, then we will have to subnet each
/24 into four subnets (with two bits of subnet number) and then combine three of them to get the required topology.

2.4.8 Subnet Example


Problem: Let’s assume that we have the network number 193.1.1.0/24 and we want to define six subnets, with a
maximum of 25 hosts per subnet.

Laboratory Manual 19
2.4. IP: General concepts Before the session

Base Net: 11000001.00000001.00000001.00000000 193.1.1.0/24


Subnet 0: 11000001.00000001.00000001.00000000 193.1.1.0/27
Subnet 1: 11000001.00000001.00000001.00100000 193.1.1.32/27
Subnet 2: 11000001.00000001.00000001.01000000 193.1.1.64/27
Subnet 3: 11000001.00000001.00000001.01100000 193.1.1.96/27
Subnet 4: 11000001.00000001.00000001.10000000 193.1.1.128/27
Subnet 5: 11000001.00000001.00000001.10100000 193.1.1.160/27
Subnet 6: 11000001.00000001.00000001.11000000 193.1.1.192/27
Subnet 7: 11000001.00000001.00000001.11100000 193.1.1.224/27

Table 2.4: Subnet numbers for the sub-netting example.

Obtaining the Subnet Mask: To obtain the number of bits required for our six subnets, we need to create them in
blocks of powers of two. To define six subnets, we need, thus, 8 (23 ) subnets and we will have two free subnets for
future use. To enumerate our eight subnets, we will need to use three bits. In our example, we have a /24 address, so
we will have /27 as the extended network number length, which gives a network mask of 255.255.255.224
When we have /27 subnets, we are allocating five more bits for the host number, so we have 25 (32) individual IP
addresses in each subnet. However, there are only 30 (25 –2) possible host addresses on each subnet, as the all–0s and
all–1s host addresses cannot be used.

Obtaining the Subnet Numbers: We will number the eight subnets from 0 to 7, which in binary notation are: 0
(0002 ) to 7 (1112 ). To define subnet n, we place the binary representation of n into the bits of the subnet number. The
eight subnet numbers for this example are given in Table 2.4.
The eight subnet numbers for this example are given in Table 2.4. The bold portion of each address identifies the
network number, while the underlined digits identify the 3–bits representing the subnet-number field:

The Reserved Subnets: The initial definition of sub–netting prohibited the use of the all–0s and the all–1s subnets.
The reason was to avoid possible confusions in the original classful routers. Nowadays, routers can be running classful
and classless protocols at the same time.
The all–0s subnet, originally defines the entire network, so a router needs that each routing table update include the
route/<prefix-length> pair to differentiate between a route to the all-0s subnet and a route to the entire network. If we
are using a classful routing protocol, the routing advertisements for subnet 193.1.1.0/27 and for network 193.1.1.0/24
are identical – 193.1.1.0, so without knowing the network number length, or the netmask, a router will not be able to
differentiate between them.
The problem with the all–1s subnet is exactly the same. Routers need to have the network number length so that
they are able to determine if a broadcast (directed or all–subnets) should be sent only to the all–1s subnet or to the
entire network. For example, when the routing table does not contain a mask or prefix–length for each route, confusion
can occur because the same broadcast address (193.1.1.255) is used for both the entire network 193.1.1.0/24 and the
all–1s subnet 193.1.1.224/27.
The new classless routing protocols contain the mask or length with each route, so the all–0s and all–1s subnets
can be used again. Of course, the other routers in the organization’s network need to be able to correctly interpret,
learn, and forward traffic to other subnetworks with all-0s and all-1s in their subnet number field.

Defining Host Addresses for Each Subnet The host-number field of an IP address cannot contain all 0–bits or all
1–bits. The all–0s host number identifies the base network (or subnetwork) number, while the all–1s host number
represents the broadcast address for the network (or subnetwork).
In our current example, there are 5 bits in the host number field of each subnet address. This means that each
subnet represents a block of 30 host addresses (25 –2 = 30, note that the 2 is subtracted because the all–0s and the
all–1s host addresses cannot be used). The hosts on each subnet are numbered 1 through 30.
In general, to define the address assigned to Host n of a particular subnet, the network administrator places the
binary representation of n into the sub-net’s host number field. For example, to define the address assigned to Host
15 on Subnet 2, the network administrator simply places the binary representation of 15 (011112 ) into the 5–bits of
Subnet 2’s host number field.
The valid host addresses for Subnet 2 and 6 in our example are given in Table 2.5. The bold portion of each address
identifies the extended-network-prefix, while the underlined digits identify the 5-bit host-number field:

Defining the Broadcast Address for Each Subnet The broadcast address for Subnet 2 is the all 1’s host address or:
11000001.00000001.00000001.01011111 = 193.1.1.95

Laboratory Manual 20
2.4. IP: General concepts Before the session

Subnet 2: 11000001.00000001.00000001.01000000 193.1.1.64/27


Host 1: 11000001.00000001.00000001.01000001 193.1.1.65/27
Host 2: 11000001.00000001.00000001.01000010 193.1.1.66/27
Host 3: 11000001.00000001.00000001.01000011 193.1.1.67/27
...
Host 30: 11000001.00000001.00000001.01011110 193.1.1.94/27

Subnet 6: 11000001.00000001.00000001.11000000 193.1.1.192/27


Host 1: 11000001.00000001.00000001.11000001 193.1.1.193/27
Host 2: 11000001.00000001.00000001.11000010 193.1.1.194/27
Host 3: 11000001.00000001.00000001.11000011 193.1.1.195/27
...
Host 30: 11000001.00000001.00000001.11011110 193.1.1.222/27

Table 2.5: Host addresses for the sub-netting example.


192.168.0.A 192.168.0.B

A B
Network 192.168.0.X

192.168.0.R
192.168.0.A 192.168.0.B 192.168.0.C R
192.168.1.R

Network 192.168.1.X
C D
Network 192.168.0.X 192.168.1.C 192.168.1.D

Figure 2.18: An IP network on one Ethernet segment. Figure 2.19: Two IP networks on two different Eth-
ernet segments.

Note that the broadcast address for Subnet 2 is exactly one less than the base address for Subnet 3 (193.1.1.96).
This is always the case – the broadcast address for Subnet n is one less than the base address for Subnet (n+1).
The broadcast address for Subnet 6 is simply the all 1’s host address or:
11000001.00000001.00000001.11011111 = 193.1.1.223
Again, the broadcast address for Subnet 6 is exactly one less than the base address for Subnet 7 (193.1.1.224).

2.4.9 The use of ARP


When computers communicate in a network using a particular link layer technology (for instance, Ethernet), they need
to have more information than the IP address of the host they want to communicate with. Imagine that we have a small
TCP/IP network, built over an Ethernet segment with a class C network address (192.168.0.X), that allows us to have
254 nodes. In our example network (see Fig. 2.18), we have three nodes, with host numbers A, B, C, respectively.
Each one of these nodes has an Ethernet address, like 05-ED-34-4F-37-BC (written in hexadecimal form).
When A wants to send a packet to C for the first time, it needs to know its Ethernet address. The only thing A
knows about C is its IP address, so A uses the Address Resolution Protocol (ARP) to discover C’s Ethernet address.
ARP keeps an internal table of Ethernet addresses and corresponding IP addresses. If the address A is looking for is
not in the table, then ARP will broadcast a special Ethernet packet asking for the Ethernet address corresponding to
C’s IP address. The host on the Ethernet segment that has the particular IP address A is asking for will then answer
back to A, and then A will update its table and use that Ethernet address to send the packet to C. The entries in the
ARP table are flushed after a certain period of time.
Imagine now that instead of having one single Ethernet segment, we have two different segments, like in Figure
2.19. In this figure, R is an IP router, which could be a PC or a dedicated piece of hardware. Of course, R needs
to have two different Ethernet interfaces to each one of the two segments it is connected to, with two different IP
addresses. Since each network is a different Ethernet segment, we have two different class C addresses. Now consider
that A wants to send a packet to D. The only way to do this is by sending the packet first to R, which will forward
the packet to D. This way, A needs to use R’s Ethernet address, but D’s IP address in the packet it is sending. R will
then receive a packet for D, and will write the proper Ethernet address (D’s address) in the packet it is forwarding. All
these machines obtain the Ethernet addresses they need by using ARP.

Laboratory Manual 21
2.5. Debugging Before the session

The difference with the previous case is that now A cannot obtain D’s Ethernet address with an ARP request,
because D would never see A’s request, they are in different physical wires! A knows that D is in a different IP
network, so it knows that it must send the packet to R to get it forwarded to the proper destination.

2.4.10 IP routing
Direct or indirect routing
When two machines are on the same network, there is no need to forward a packet between them on the IP layer. In
this case direct routing is used. In the first example, A and C are in the same network, so they know that they can reach
each other just by using the proper Ethernet address.
On the other hand, if the network addresses of source and destination are not the same, then the packet must be
forwarded by a router who knows how to reach the destination. In the second example, if A wants to reach D, it needs
to have some routing information to know where to send the packet to reach D. The way to add routes to the routing
table in a Unix machine is to use the route command.
R needs to have two IP addresses, one for each network interface. A can then know that R is on its network just
looking at the IP address of the interface of R connected to the first Ethernet segment. The same way, D sees the
second network interface of R and is able to obtain the Ethernet address of this interface. Most of the times it is not
necessary to manually add the routing entry for the other Ethernet segment. It is sufficient to have R as the default
gateway, which is the machine to send the packets addressed to machines out of my network segment. Of course, the
default gateway needs to have a routing table properly configured to forward the packets to the correct destinations.

Static or dynamic routing


There are two different methods to get the information that the routing table needs: static or dynamic routing. With
static routing, the routing table is manually written by the system administrator, and it usually requires all the machines
to have statically configured addresses. In case there is a change in the network topology, it is up to the system
administrator to manually update the routing tables in all the machines needed. Usually, most of the computers and
routing devices add by default a static entry in the routing table when the network interface is configured.
Dynamic routing is a more complex process. It uses special routing protocols to update the information of the
routing table. The routers in the different networks exchange routing information about the different networks they
know about and the different metrics or ’costs’ needed to reach those networks (like number of hops, load or band-
width and so on...). The routing protocols can be classified in Interior Gateway Protocols (IGP), which are used to
distribute routing information inside Autonomous Systems (AS), or Exterior Gateway Protocols (EGP), that transmit
this information between AS’s. An autonomous system is a set of machines inside one particular domain administered
by one authority, group or organization. Examples of IGP are OSPF and RIP, while BGP is an example of an EGP.

Understanding a routing table


The process to choose a particular route from the routing table is a mathematical operation. It requires a little bit of
binary arithmetic and logic: An IP address matches a particular route if the network address in the routing table is
exactly the same as the destination IP address logically ANDed with the network mask. In simple words, a route in the
routing table is chosen if the number of bits specified by the network mask from the destination IP address are equal
to the same number of bits in the network address in the routing table entry.
There can be more than one entry that matches the target address in the routing table, so how does IP find the
proper route? There is one difference between the different routes, the network mask. We have previously said that
the network mask is used to split our address space into smaller networks, so, of course, the larger netmask, the more
precisely a target address is matched. We should always use the route that has the largest network mask.
There are different ways to build a routing table. For a small LAN, like ours, the most efficient way is to build it by
hand with the route command, but for larger networks, they are built and modified by routing daemons, which usually
run in each router on the network. These daemons are the ones that use dynamic routing protocols to exchange routing
information to compute the best routes for the different networks.

2.5 Debugging
2.5.1 General model: top down or bottom up approaches
The main tasks of a network administrator are to keep a network running and to fix it in case of failure. Basically these
tasks can be decomposed in the following set of subtasks.

Laboratory Manual 22
2.5. Debugging Before the session

• Locate the point of failure.

• Fix the problem.

In general one can discover that a failure occurs by simple facts like: you cannot open a web page, you cannot
print on the network printer, you cannot make a remote connection to a distant computer. . . . In this case you, as the
network administrator, should perform certain steps to discover why these strange things are happening. You can use
two general approaches to find out the reason of the failure and to locate the place of the problem in the network.
These two approaches are called Top-Down and Bottom-Up. From the name of the approaches you can understand
that you should check the work of the network on the different levels starting from application level to physical in the
top-down approach, or from physical to application layer in the bottom-up approach. Recall the main layers in the
TCP/IP stack.

Physical layer - On this layer you can check whether the cabling is made correctly. Check that all cables are properly
connected to the network cards. And in the far end check that a network device (your PC, router etc) is powered
ON!

Link layer - On this layer you can check the link layer configuration, status, and statistical information of the network
interfaces. In the PC’s for this purpose you can use the command ifconfig. This command will provide you with
necessary statistics of the interface usage and its current status. You will find in the next subsection a description
on how to use this command. One of the possible problems at the link layer can be an automatic disabling of
the network interface due to incorrect cabling. In this case when executing ifconfig in the PC you either will
not see the record about the problematic interface at all, or in the status field (see the output of ifconfig in the
next subsection) will be written “DOWN”. In the switches and routers the command to see the status of the
interfaces is show interfaces, but the meaning of these commands is exactly the same as of ifconfig. To fix
the problem on this level first check that the cabling is correct. Then, bring the interface up manually with the
proper commands.

Network layer (IP) - The typical problem on this layer is an incorrect IP configuration of the network interface. The
sequence of your actions to fix the problem should be:

1. Check if the network interface is configured with the proper IP address and network mask.
2. Test the configuration by checking if you can communicate with other network devices.
3. If the problem remains repeat from the configuration.

There are different commands to check the IP configuration of the interfaces in PC’s, switches, and routers. For
example in the PC’s use for this purpose ifconfig. Another item which is included in the term “IP configuration”
is proper configuration of the routing table. In the PC’s, for example, you can use the command route for this
purpose. Check the next subsection for details of usage of these commands.
In order to test the correctness of the step one, the easiest way is to use the ping command which exists in all
network devices (so in the simplest case the syntax of the command is common for PC’s and Cisco devices).
Check if you can ping a machine (a PC or a router) which you know for sure that it is up and running. If you
can not ping this machine repeat the configuration step.
If you checked the configuration and you are 100% sure that it is correct but ping still does not work, maybe the
problem is not in your PC, but in an intermediate device (e.g. router). The way to locate the erroneous device is
to use the traceroute command (which again exists both in the PC’s and the Cisco devices). If you find out that
one of the routers which you have an access to configure is not responding, apply the same approach to locate
and fix the failure in this router.

Transport layer - On this level you can try to establish a TCP connection to a particular port and check whether
it works or not. For this purpose you can use the telnet program on your PC in the form: telnet destina-
tion_IP:port_number. The possible reason of the failure on this level could be a special set of rules in your PC
which forbids an access to certain IP addresses and/or TCP/UDP ports. This kind of filtering has the name "IP
firewalling". Check the firewalling rules for correctness.

Application layer - On this layer you can discover that something is going wrong by observing whether your ap-
plications work as they should. Most probably, applications will generate meaningful errors when they cannot
work. The error message is the best hint to find the problem. Read it carefully and make sure you understand it.
Read the application manual if needed.

Laboratory Manual 23
2.6. Tools and commands in the PC Before the session

2.6 Tools and commands in the PC


Here is a description of the most useful commands for debugging a network from your PC.

ifconfig The first action you should performs when you are trying to connect your computer to the Internet is to
configure your network interface (network card). Basically you should be able to:

1. Bring the interface up


2. Configure the IP parameters of the interface (assign an IP address, and specify the network mask)
3. Display the configuration information of the interface
In Unix-like operating systems there is a command which performs exactly this. The command is ifconfig. To
bring the network interface up manually, the syntax of this command is:
ifconfig Interface_name up

The syntax of the command when you would like to assign IP parameters is

ifconfig Interface_name IP_Address netmask Network_mask broadcast Broadcast_address

In the case you run ifconfig without arguments, you will get a summary of the configuration of the interfaces
which are up, like the one you can see below:

[lab@localhost lab]# ifconfig


eth0 Link encap:Ethernet HWaddr 00:50:DA:E9:12:9C
inet addr:193.150.254.81 Bcast:193.150.255.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:359 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0x200

lo Link encap:Local Loopback


inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

As you can notice from the output, the first line gives you information about the link layer; the second and the
third show IP configuration; the fourth line gives you a status of the interface; and finally, the next three strings
show the interface usage statistic. In the lab you will use this command with or without arguments. You can
find information about other arguments and options of this command typing in the terminal window:

man ifconfig

Ping Sometimes the connection to a remote machine cannot be established. This could be due to several reasons.
One of these reasons could be network failure at any part of the network. If you cannot connect to a specific
computer how do you know whether it is due to network failure, the computer being down or perhaps some error
in a program running on the computer? As a first step you could try to figure out if the computer is reachable
through the network. For this purpose you could use the ping program available on most networked systems.
Ping simply sends a number of special packets, called ECHO REQUEST packets, to the destination computer.
When the destination computer receives these packets it is supposed to send back ECHO REPLY packets. Your
ping program will display the received ECHO REPLY packets. These types of packets are part of the ICMP
protocol which ping uses. The syntax of this command is

ping Name_of_the_machine

One option that might be useful to use in this command is “- n”. With this option the ping will produce only
numeric output, without trying to resolve symbolic names for host addresses. This option is useful in the case
when DNS is not working. If this option is not specified the ping trying to resolve a name will block the terminal
window for some tens of seconds. The syntax of the ping in this case is:

ping -n Name_of_the_machine

Laboratory Manual 24
2.6. Tools and commands in the PC Before the session

Traceroute The Internet is a large and complex aggregation of network hardware, connected together by gate-
ways/ routers. Tracking the route your packets follow to their destination (or finding the miss-configured
router that throws away your packets) can be difficult. The command traceroute utilizes the IP protocol TTL
(time to live) field which is decremented by every router a packet passes through. When this counter is zero
the packet is thrown away and an ICMP TIME_EXCEEDED packet is sent back to the sender. This ICMP
TIME_EXCEEDED packet contains among other things the identity of the router that dropped the packet. The
traceroute attempts to force such response from each gateway/router along the path to the destination by first
sending a packet with the TTL set to one, then a packet with the TTL set to two and so on until it reaches the
destination. The syntax of this command is:
traceroute Name_of_the_machine

As with ping you can use the option “- n”, which will disable name resolution. The syntax of the traceroute in
this case is:
traceroute -n Name_of_the_machine

Route After you have checked that your interface is configured properly, but you still do not have any response from
ping or traceroute, it is a good time to check that the routing information in your PC is correct. You can check
the content of the routing table by typing
route

in the terminal window. You will see the output of this command like the one below.
[lab@localhost lab]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.213.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default itguest-gw.gues 0.0.0.0 UG 0 0 0 eth0

Or, if you execute this command with the option “-n”:

[lab@localhost lab]# route -n


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.213.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.213.1 0.0.0.0 UG 0 0 0 eth0

If your PC has one network card the routing table will consist of three records: the route to your network, the
route to the 127.0.0.0 network, and the default route. When sending packets to an IP address that is inside of
your own network, your PC will use the first record; for the packets which destination is outside of your network
the PC will use the third record, and send them to the default gateway. Check the entry corresponding to the
default route (the network address for default route is 0.0.0.0), it should point to the first router in your network.
If you do not have this record or it does not point to the first router, configure the routing table as described in
“During the Laboratory Session” section.

ARP In our lab you will use this command to check the content of the arp table in your PC. The syntax of Arp is:
Arp -a

In this form the command will output the content of the Arp table. You can find more information about usage
of this command executing:
man Arp

Telnet Telnet is a program which allows you to login to a distant device (e.g. computer, router). Use the following
syntax of telnet:
telnet Destination_IP Port_number

If you do not want to connect to a specific port, use

Laboratory Manual 25
2.6. Tools and commands in the PC Before the session

telnet Destination_IP

With this syntax telnet will connect you to the default telnet port (TCP port 23).
Network sniffers A network sniffer is a tool that picks up a copy of each and every packet that traverses the commu-
nication link on which your network interface is attached. We will use a sniffer so that you can see for yourself
exactly what is going on when two computers start talking to each other. This will give you a chance to see
how all the protocols and mechanisms you have read about so far interact and work together. There exists many
network sniffer; in our lab we will use a program called “Wireshark”, which is probably one of the most popular
sniffers used for academic purposes. In the next subsection you will find the description of Wireshark.

To summarize: In a PC the troubleshooting sequence is as follows:

1. Check the configuration of the interfaces (ifconfig)


2. Test the network connection (ping and traceroute)
3. Check the routing table (route)
4. Fix the problem and repeat from 1 until it works fine.

2.6.1 Short introduction to Wireshark


Sniffer programs have their main application in two basic areas. First, network administrators can use sniffers for a
variety of purposes such as security monitoring. Second, they are very useful tools for researchers in the networking
area. For example, one can build a statistical model of traffic by observing traces of particular applications. This data
can be used for engineering the network topology, or the creation of high performance network devices with certain
quality parameters.
Using Wireshark you can hack almost all kinds of network protocols by creating rules of special format, called
display filters. Display filters in Wireshark are very powerful; you have more fields in Wireshark than in other protocol
analyzer, and the syntax you can use to create your filters is richer. Another attractive feature of Wireshark is its
ability to assemble all the packets in a TCP conversation and show you the ASCII (or EBCDIC or hex) data in that
conversation. The following description provides a brief overview of the key features of Wireshark.

GUI description
You can start Wireshark from a window manager, or from the command line; in the second case, you can specify
optional settings, such as the interface to capture from, or more advanced settings. This is not necessary to begin with,
so you can just launch the application, select the interfaces and you will see the main window of the graphical interface
(see Figure 2.20), which consists of three panes that you can re-size. Below the panes there is a strip that shows the
current filter and some informational text. The top pane contains the list of network packets that you can scroll
through and select. By default, the packet number, packet time stamp, source and destination addresses, protocol, and
description are displayed for each packet. The ’Columns’ page in the dialog box popped up by ’Edit:Preferences’ lets
you change this (although, unfortunately, you currently have to save the preferences, and exit and restart Wireshark
for those changes to take effect). If you click on the heading of a column, the display will be sorted by that column;
clicking on the heading again will reverse the sort order for that column. An effort is made to display information as
high up in the protocol stack as possible, e.g. IP addresses are displayed for IP packets, but the MAC layer address
is displayed for unknown packet types. The right mouse button can be used to pop up a menu of operations. The left
mouse button can be used to mark a packet. The middle pane contains a protocol tree for the currently selected packet.
The tree displays each field and its value in each protocol header in the stack. You can expand each item and see the
content of the different protocols by clicking the ’+’ sign left to the name of the protocol. The lowest pane contains a
dump of the actual packet data. Selecting a field in the protocol tree highlights the corresponding bytes in this section.

Display filters syntax and how to make the traces more ’attractive’
Display filters help you to remove the noise from a packet trace and let you see only the packets that interest you. If
a packet meets the requirements expressed in your display filter, then it is displayed in the list of packets. Display
filters let you compare the fields within a protocol against a specific value, compare fields against fields, and check
the existence of specified fields or protocols. The simplest display filter allows you to check for the existence of a
protocol or field. If you want to see all packets which contain the TCP protocol, the filter would be ’tcp’ (without
the quotation marks!). Fields can also be compared against values. The comparison operators can be expressed either
through C-like symbols, or through English-like abbreviations as in Table 2.6.

Laboratory Manual 26
2.6. Tools and commands in the PC Before the session

Figure 2.20: Wireshark - main window.

eq == Equal
ne != Not Equal
gt > Greater that
lt < Less than
ge >= Greater than or equal to
le <= Less than or equal to

Table 2.6: Basic operations.

To create a filter, click on the ’Filter’ button in the left down corner of the main window. In the appearing window,
type the name of your filter (for example ’TCP traffic’) in the ’Filter name’ field. Then, in the ’Filter string’ field,
print the string of your filter, like ’ip.addr eq 130.237.50.78’. Click on ’New’; your filter will be added to the window
of available filters, then click on save to save your filter. To apply your new filter click on the ’Apply’ button. After
you applied your filter you can start capturing. Choose ’Start’ from the ’Capture’ menu and the Capture window will
appear, as shown in Figure 2.21.
In this window you will have to configure your session, and for that you have to activate the live update of packets
in real time and the automatic scrolling, so you are able to see the packets passing by. In addition, you have to select
the monitored interface in the upper most part of the window. Select the interface called "eth0".
Do NOT put anything in the ’Filter’ string! In this string, you are supposed to set ’tcpdump like’ filters. This
type of filters uses different syntax (see the ’tcpdump’ manual page for more information). In fact, you can use either
’display’ or ’tcpdump filters’, or even both of them, but it is enough to use only display filters. Moreover, the syntax
of ’display’ filters is richer and can allow you to do much more than ’tcpdump’ filters. After you configured the
Capture options click ’OK’ to start capturing. After some time, you can stop capturing and analyze the trace. You can
simplify understanding the trace by coloring certain packets. This is good if you want to see for example packets from
a particular host and port number out of all captured packets. For this you need to choose Colorize Display from the
Display menu (note that this item is inactive before you start capturing). Click on New and set the Display filter in
appeared window, with the syntax described above. Choose the foreground and background by clicking on appropriate
button. Then click on ’Apply’, to apply your settings. In Table 2.7 you have some important protocol fields, while
Table 2.8 gives some useful port numbers and Table 2.9 contains some examples.

Laboratory Manual 27
2.6. Tools and commands in the PC Before the session

Protocol name Field name Filter name Filter description


Ethernet (eth) Source or Destination Address eth.addr 6-byte Hardware Address
Ethernet (eth) Destination eth.dst 6-byte Hardware Address
Ethernet (eth) Length eth.len Unsigned 16-bit integer
Ethernet (eth) Source eth.src 6-byte Hardware Address
Ethernet (eth) Trailer eth.trailer Byte array
Ethernet (eth) Type eth.type Unsigned 16-bit integer
IP Source or Destination Address ip.addr IPv4 address
IP Header checksum ip.checksum Unsigned 16-bit integer
IP Differentiated Services field ip.dsfield Unsigned 8-bit integer
IP Destination ip.dst IPv4 addres
IP Flags ip.flags Unsigned 8-bit integer
IP Header Length ip.hdr_len Unsigned 8-bit integer
IP Identification ip.id Unsigned 16-bit integer
IP Total Length ip.len Unsigned 16-bit integer
IP Protocol ip.proto Unsigned 8-bit integer
IP Source ip.src IPv4 address
IP Time to live ip.ttl Unsigned 8-bit integer
IP Version ip.version Unsigned 8-bit integer
TCP Acknowledgement number tcp.ack Unsigned 32-bit integer
TCP Checksum tcp.checksum Unsigned 16-bit integer
TCP Destination Port tcp.dstport Unsigned 16-bit integer
TCP Flags tcp.flags Unsigned 8-bit integer
TCP Header Length tcp.hdr_len Unsigned 8-bit integer
TCP Next sequence number tcp.nxtseq Unsigned 32-bit integer
TCP Source or Destination Port tcp.port Unsigned 16-bit integer
TCP Sequence number tcp.seq Unsigned 32-bit integer
TCP Source Port tcp.srcport Unsigned 16-bit integer
TCP Window size tcp.window_size Unsigned 16-bit integer
UDP Checksum udp.checksum Unsigned 16-bit integer
UDP Destination Port udp.dstport Unsigned 16-bit integer
UDP Length udp.length Unsigned 16-bit integer
UDP Source or Destination Port udp.port Unsigned 16-bit integer
UDP Source Port udp.srcport Unsigned 16-bit integer
SMTP Request smtp.req Boolean
SMTP Response smtp.rsp Boolean

Table 2.7: Important protocol fields in Wireshark

Application Protocol Number


Telnet TCP 23
WWW TCP 80
SMTP TCP 25
DNS UDP 53

Table 2.8: Some useful port numbers

Filter string Description


ip display only IP packets
tcp.dstport eq 25 display SMTP requests
ip.src eq 192.x.x.x and udp.dstport eq 53 display DNS requests
ip.addr eq 192.x.x.x and tcp.port eq 80 display HTTP communication
Arp display Arp traffic

Table 2.9: Some useful display filters

Laboratory Manual 28
2.7. Linux hints Before the session

Figure 2.21: Wireshark - capture window.

2.7 Linux hints


In this lab we do not assume that you have experience working with Unix-like operating systems such as Linux.
Therefore, we briefly describe in this section some basic operations that will help you to complete the lab work. If you
are experienced with Unix-like operating systems, skimming through this section would still be helpful.

2.7.1 Logging in
Unix is a multi-user operating system. This basically means that many people may work on the same computer at
the same time; therefore to work with Linux you have to identify yourself by a process called logging in. When you
switch on your PC the Linux will prompt your user name and password. Depending on the configuration this prompt
can appear either in textual console or in graphical user interface (XWindows). After entering both correct name and
password you are authorized to use the system.
If you work in graphical mode you will see an environment like the one in Figure 2.22 which looks similar to
Microsoft Windows. If you are working in textual mode you will see something like this:
user@live: $

This is a command prompt and you are supposed to write Unix commands after the symbol “$”.
In graphical user interface mode, so go on “Accessories/Terminal” to start a terminal window.

2.7.2 The Linux file system


It is very important to know at least a minimum of information about the Linux file system to perform successfully
in our lab. The file system in Linux is organized as a tree where all directories are branching out from the root. The
root of the Linux file system is denoted as “/”. Under the root there are a number of subdirectories (execute ls / to
see the content of the root directory). Among them the most interesting for us are: /bin, /usr/sbin, /sbin, /etc/, and
/home. The first three directories contain the binary files which are capable to change the key parameters of the system.
The directory /etc contains the system configuration files. Configuration files are the textual files which can be modified
by the administrator of the system. The directory /home contains the directories of the users. So, for example, if a user
with the user name “lab” exists in the system then all his files will be placed in the directory /home/lab. Obviously, in
Linux the rights to access different directories are restricted for different users. By default for a normal user, a write
access is forbidden for the whole /etc directory, and the execution of all programs that can modify system parameters is
limited (e.g. ifconfig, route etc.). Therefore you have to know that in order to modify any system parameter you must
be a superuser (root) or have special privileges. You can have these privileges if you start a command with “sudo” in
front.

Laboratory Manual 29
2.7. Linux hints Before the session

Figure 2.22: Graphical User Interface.

Another important thing for you to know is the concept of paths. In Linux there is a special system file for each
user which contains the paths to the most used directories. Since the access to some parts of the file system is restricted
for the normal user, there is no path to the programs which are in the /bin and /usr/sbin. If, for example, you have
logged in as a normal user you will not be able to execute traceroute command. In this case you have to specify the
full path to this command (e.g. /usr/sbin/traceroute) to execute it. To summarize the discussion:
• All directories are branching out from the root (“/”)
• The record “/usr/sbin/traceroute” means: The program “traceroute” is in the “sbin” directory, which is in the
“usr” directory. The “usr” directory branches directly from the “root” (“/”)
• The most used programs in our lab have the following paths (try to specify the whole path when you see an error
like bash: name_of_command: command not found):

1. /sbin/ifconfig
2. /bin/ping
3. /usr/sbin/traceroute
4. /sbin/route

2.7.3 XWindows and virtual consoles


The graphical user interface in Linux has the name “XWindows”. We will not describe all functionality of XWindows;
you will find it easy to use. Remember, even if you work in graphical mode it is still a Unix system and whenever you
would like to execute something you could need to type a command somewhere. For this purpose XWindows offers
the so-called “terminal windows”, depicted in Figure 2.22. To launch a new terminal go to Applications>Accessorise.
In this window you will see a command prompt such as:
[lab@localhost lab]$

You can open as many terminal windows as you want - they will work in parallel. There is however another way
to execute commands. Linux allows switching between graphical mode (XWindows) and textual mode by means of
virtual consoles. Linux by default offers 6 consoles to the user and you can switch between them by pressing the
following sequence of keys: CTRL-ALT-F1 ... CTRL-ALT-F6. When you switch to a console you will see the login
prompt:
localhost login:

After you log in, you will see the command prompt. You can always return to the graphical mode by pressing
CTRL-ALT-F7.

Laboratory Manual 30
2.8. Connecting to Raspberry Pi Before the session

Command Meaning
ls List the content of your working directory
cd [name of a directory] Change the directory
less [name of a file] Display the content of a file (you can use both)
more [name of a file]
cp [file1] [file2] Copy files
mv [file1] [file2] Move files
rm [file1] Remove file (i.e, delete)

Table 2.10: Unix commands

2.7.4 Unix commands


Let us remind you again that all commands have to be written in the terminal window. Here we give you a list of the
most useful commands. You can always get online help about the syntax of a particular command typing
man Name_of_a_command

Note, that this may be the most useful command in Unix. Use it always when you are unsure about the syntax of
a command. The commands which you will use in the lab are listed in Table 2.10.
You can edit text files using many available text editors like: vi, pico, emacs, or any graphical editor you can find
in XWindows such as gedit.

2.7.5 Getting help


Remember, if you are working with Linux you can always get online help about a particular command by typing:
man [name of a command]. A summary about the usage of a particular command can be obtained using the option “-
-help”. For example : ifconfig –help.
However, if you want to access help via Internet there are sites that contain all Linux documentation. The docu-
ments about all Linux concepts have the name “HOWTO”. You can find them at http://en.tldp.org/. You
can also access online manuals for Linux commands at http://man.he.net.

2.8 Connecting to Raspberry Pi


1. Download the VNC Viewer from https://www.realvnc.com/download/viewer/.
2. Power up the Raspberry Pi.
3. Wait for about 1 minute for the Raspberry Pi to boot up.

4. Connect your computer to the wireless network "PiNetX", where "X" stands for the ID of the Raspberry Pi and
can be found on the case of the Raspberry Pi. The password is also available on the case of the Raspberry Pi.
5. Run the VNC Viewer and connect to host 192.168.50.1. The user name and password for login is "pi" and
"raspberry".

Laboratory Manual 31
Tasks During the laboratory session

During the laboratory session


2.9 Task 1: Review your network diagram
The first thing you should do when creating a network is to carefully review your network diagram and identify the
different elements in it. Figures 2.2 and 2.3 show the network diagram for this session. Look at them and answer the
following questions:

1. How many departmental backbones are there in the whole network?

2. How many LAN’s are there per backbone?

3. How many link-layer hops do the packets perform from the PC in your LAN to the gateway to the Internet?
(Hint: How many ’cables’ are your packets crossing in Figure 2.3?)

4. How many hops do the packets perform considering ONLY the network layer in the same path? (Hint: How
many IP-level devices are your packets crossing?)

5. Each position in the lab corresponds to an area network of a particular department. Write below the name of the
network you are in and the range of the assigned IP addresses.

• Network address:
• Broadcast address:
• The range of addresses available for the devices in your network:
• Network mask:

6. Figure 2.23 represents the equipment in your area network and part of the departmental backbone. Using figure
2.2 and figure 2.3 as a guide, fill in the IP addresses, names and interface names corresponding to your position.
Assign the IP addresses following the rules given in section 2.1.1.

2.10 Task 2: Identify your equipment


This task focuses in the identification of the equipment in your lab position. You will work with the router, the switch
and the PC to find their external ports. The guidelines given at section 2.2 will be a great help here. This task is
both simple and important. You need to be familiar with the aspect and location of the different ports, before you can
perform more complex configuration tasks. In addition to the network devices, here you will also work with the cables
that interconnect them. Knowing how to identify the different cables is also very important for the rest of the tasks in
the lab.

1. Following the indications of section 2.2, find the router, the switch and the PC server (the Raspberry Pi). Note
that the model name of the Cisco equipment appears in the front top-right corner of the box.

• Search in the Cisco boxes and write down the model series:

Cisco router: series


Cisco switch: Catalyst

2. Start working with the router. Find all its Ethernet ports, its console port, its power switch and its power supply
socket.

3. In the switch, find its Ethernet ports and its power supply socket.

4. In the PC, find its serial and Ethernet ports.

5. Classify the cables in your lab position into crossover, straight-through and roll-over cables. Find also the DB9
to RJ45 adapter and USB to DB9 adapter.

Laboratory Manual 32
Tasks During the laboratory session

Figure 2.23: Area diagram

Laboratory Manual 33
Tasks During the laboratory session

• The different types of cables in the lab can also be identified by the color of their external covers. Please
write here the color corresponding to each type of cable:

Crossover cable:
Straight-through cable:
Roll-over cable:

Note: The color of the external cover is not standardized at all. Different brands can use different colors for the
same type of cables. Check the color code in the RJ45 plugs to properly identify the type of cable.

2.11 Task 3: Configure the PC server (the Raspberry Pi)


In this task you will configure the PC using the commands described in the subsection 2.6. In order to do this you will
need to perform three actions. First you have to connect your laptop to the PC (Raspberry Pi). Second you have to
configure the network interface of your computer (assign the proper IP address and the proper netmask). The second
action is to write proper information in the routing table of the PC.

1. Connect to the PC (Raspberry Pi) with your laptop.


2. Open a terminal window on the PC server. You will type all commands in there.
3. Put up your Ethernet interface (in your PC the interface name is eth1) with the command ifconfig. Recall the IP
information of your network and configure your interface using the following command:
ifconfig Interface_ID IP_of_your_PC netmask Your_Netmask broadcast Broadcast_address

• Check the values of your interface by typing ifconfig without options. You should see the configuration
information in the form shown below. Fill in below the missing fields of the ifconfig output:
eth1 Link encap:Ethernet HWaddr
inet addr: Bcast: Mask:
UP BROADCAST RUNNING MULTICAST MTU: Metric:1
RX packets:1217 errors:0 dropped:0 overruns:1 frame:0
TX packets:303 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0x200

lo Link encap:Local Loopback


inet addr: Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

4. Add a route to the default gateway with the route command. The default gateway should be the inner interface
of your LAN router.
route add default gw Address_of_your_router

• Check the content of the routing table by executing


route -n
Fill in the missing fields of the routing table of your PC:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
0.0.0.0 0.0.0.0 UG 0 0 0 eth0

• Looking at the routing table above, answer the following question (you should not run any command to
answer this question, just look at the table, which you have filled in above).
Suppose you ping a computer inside your network and a computer which is outside of your network. Look
at the routing table of your computer and mark which routing entry is the one that is used to send these
ping packets, both to the switch and a computer outside your network.

Laboratory Manual 34
Tasks During the laboratory session

2.12 Task 4: Configure the switch


This task deals with the configuration of the switch in our network. You will create the configuration file of the switch
following the steps described in 2.3.2. You will use the PC (the Raspberry Pi) running Linux as the management
console.

1. Before starting the initial configuration of the switch, you need to find out the answers to the question that will
appear during the setup process. Most of these answers already appeared in 2.3.2. The IP configuration data
must be obtained from the network diagram for your session (See Figure 2.2 considering the position of the
switch in the network and your IP addressing scheme)

• Fill in the gaps below with the information to be used for the configuration of the switch:
– Switch IP address:
– Switch net mask address:
– Switch default gateway address:
– Switch secret password:
– Switch Telnet password:
• If the switch is a link-layer device and thus independent of the IP layer, why does it require an IP address?

2. Connect a management console to the switch following the instructions in 2.2.1.

3. Start the management console following the instructions in 2.3.1.

4. Power on the switch. Some messages should be displayed in the console while the switch boots. If there are no
messages displayed, check the connection and configuration of the emulated console.

5. Perform the initial configuration of the switch as described in 2.3.2

6. Once you have finished and saved the initial configuration, reboot the switch using the switch’s command
reload.

7. After the switch completes the reboot process, connect the PC Ethernet port to any port of the switch. In the
PC open a terminal window. Execute telnet IP_of_the_Switch to login from the PC to the switch. Display the
configuration of the switch using the proper CLI command. With the information shown, fill in the gaps below.
interface VLAN1
ip address
ip default-gateway

2.13 Task 5: Configure the router


This task deals with the configuration of the router in our network. You will create the configuration file of the router
following the steps described in 2.3.3. You will use the PC running Linux as the management console.

1. Before starting the initial configuration of the router, you need to find out the answers to the question that will
appear during the setup process. Most of these answers already appeared in 2.3.3, but the IP configuration data
must be obtained from the network diagram for your session (See Figure 2.2 considering the position of the
router in the network and your IP addressing scheme).

• Fill in the gaps below with the information to be used for the configuration of the router:
– FastEthernet 0/0 IP address:
– FastEthernet 0/0 subnetwork mask address:
– FastEthernet 0/1 IP address:
– FastEthernet 0/1 subnetwork mask address:

Laboratory Manual 35
Tasks During the laboratory session

– Router default gateway address:


– Router secret password:
– Router Telnet password:
• Looking at the network diagram, you can discover that the router needs four static routes to reach all the
networks. Fill in the routing information in the table below. Remember that the router needs a static route
to the network behind each of the other area routers in the same departmental backbone. Since there are
three additional routers per departmental backbone, three statics routes are needed. In addition, the router
needs a static route indicating that any other network can be reached through the PC-router interface in the
backbone. Use the network number 0.0.0.0 and network mask 0.0.0.0 to identify any other network. Note
that the router can reach any host in a directly connected network without a static route to that network.

No Destination network Subnet mask Next hop address


1
2
3
4

2. Connect a management console to the router following the instructions in 2.2.1.

3. Start the management console following the instructions in 2.3.1

4. Connect the router Fast Ethernet ports to the corresponding switch ports. Remember to use the proper type of
Ethernet cable. Refer to Figure 2.3 to find out which ports of the router should be connected to each network.

5. Power the router on. Some messages should be displayed in the console while the router boots. If there are no
messages displayed, check the connection and the configuration of the emulated console.

6. Perform the initial configuration of the router as described in 2.3.3.

7. Once you have finished and saved the initial configuration, add the static routes of the table above using the "ip
route" command. The parameters to this command can be discovered using the question mark character in the
CLI while in configuration mode.

8. Once you have added the routing table save the configuration with the copy command. Use the proper parame-
ters to this command.

9. Once you have completed and saved the configuration, reboot the router using the command reload.

10. After the router completes the reboot process, open a terminal window in the PC. Execute
telnet IP_of_the_Router to login from the PC to the router. Display the configuration of the router using the
proper CLI command. With the information shown, fill in the gaps below.

interface FastEthernet0/0
ip address
no ip directed-broadcast
speed
full-duplex
!
interface FastEthernet0/1
ip address
no ip directed-broadcast
speed
full-duplex
!

11. Ping from the router to its default gateway (the interface of the PC-router in your departmental backbone).
Which is the symbol used to display a successfully received ping reply?

Laboratory Manual 36
Tasks During the laboratory session

2.14 Task 6: Using ping and understanding its output


1. Now after you have configured your computer and the network equipment, you can test the connection. If
something does not work, do the troubleshooting described in Section 2.5.1.

• In a terminal window of the PC try the ping command to check that the following hosts are alive (reachable
from your machine). Pinging the PC-Router use the IP address of the interface which belong to your
department (Check Figure 2.2 for the proper address).
ping -n router_IP
ping -n IP_of_PC-router
ping -n www.imit.kth.se

• Ping the machine www.kth.se and stop it after a few replies typing Ctrl+C; fill in the missing parts of the
ping output given below and answer to the following questions.
PING www.kth.se ( ) (84) bytes of data.
bytes from ( ): icmp_seq=1 ttl=
time=
bytes from ( ): icmp_seq=2 ttl=
time=
bytes from ( ): icmp_seq=3 ttl=
time=

• How many IP hops away is the machine www.kth.se from your current position? (Remember ping re-
quests/replays are sent with maximum value of TTL = 255)

2.15 Task 7: Using traceroute and understanding its output


1. Run traceroute to the following destinations (do not forget the option “-n”, which switches off DNS lookup):
traceroute -n IP of the gateway to the Internet
traceroute -n www.kth.se
traceroute -n www.berkeley.edu

If traceroute does not work, do the troubleshooting.


2. Most of the large corporations try to hide the internal structure of their network. Because of this the routers
are configured not to send ICMP messages back. Make a traceroute to www.microsoft.com and answer the
following question:

• Which is the sequence number of the first router which does not respond?

2.16 Task 8: Checking ARP


1. Discover how exactly your PC does the mapping between MAC and IP addresses and how that affects the
protocols and their performance.

• Execute : arp -a . How many entries has the ARP table of your PC?
• What is the Ethernet address of your PC(you can also find this information using the ifconfig command)?

2.17 Task 9: Using Wireshark


1. In this task you should discover some details of the protocols’ work by observing the traffic using Wireshark.
To start Wireshark, open a terminal window and type:
sudo Wireshark

Remember the facts about construction of the filters and do the following:

• The following filter will display all Ethernet frames from and to your machine which contain the ARP pro-
tocol (we will refer to this filter later as ARP_FILTER). Execute ifconfig to discover Your_MAC_Address.

Laboratory Manual 37
Tasks During the laboratory session

eth.addr==Your_MAC_Address and arp

• The following filter will display only IP traffic (we will refer to this filter later as IP_FILTER).
ip

• The following filter will display traceroute traffic from and to your PC (we will refer to this filter later as
TRACEROUTE_FILTER).
(ip.src==IP_of_Your_PC and ip.proto==0x11) or
(ip.dst==IP_of_Your_PC and ip.proto==0x01)

2. Before proceeding further run the following command in a terminal window:


arp -d switch_IP

If you see an error message after executing this command this means that your ARP table does not have an entry
for this IP address. This is fine, just proceed with the task.
Now go back to your Wireshark window. While capturing, make a ping to the switch in your network. Type
the ARP_FILTER in the Filter field of the main window of Wireshark and answer the following questions:

• On which layer of the TCP/IP stack does ARP work?

• What is the meaning of the first message of ARP (look at “info” column)?

• What is the meaning of the second message of ARP (look at “info” column)?

• What is the destination address of an ARP request?

• What is the destination address of an ARP reply?

3. While capturing, make a ping to the ROUTER in your network. Type the IP_FILTER in the Filter field of the
main window of Wireshark and answer the following questions:

• In the main window of Wireshark choose one of the ICMP request packets. Look at Figure 2.24, find
appropriate information in Wireshark and fill in the gaps (Hint: you need to calculate how many bytes the
ICMP header of the PING packet is).

4. While capturing the traffic in Wireshark, make a traceroute to 194.71.11.40 without the “-n” option. Type
the TRACEROUTE_FILTER in the Filter field of the main window of Wireshark and answer the following
questions:

• How many times does the PC send traceroute probes to each hop? Hint: Choose consequently at least 7
UDP packets starting from the first one. Look at Time To Live value of the IP header in each packet.

• Choose one of the last three ICMP messages of the traceroute (these message came from the destination
machine). What is the code (number and meaning) of this ICMP message?

• Choose any other ICMP message of the traceroute (this message came from one of the routers on the path
to the destination). What is the code (number and meaning) of this ICMP message?

Laboratory Manual 38
Tasks During the laboratory session

Figure 2.24: Format of the Ping message

• What is the UDP port number(s) to which the traceroute sends its probes?

• List the names of all protocols which are involved in the traceroute communications (look at the ’Protocols’
column in Wireshark’s main window).

5. Repeat the task in item 4 with ’-n’ option in the traceroute.

• Which protocols are missing now?

Laboratory Manual 39
Tasks During the laboratory session

Laboratory Manual 40
Chapter 3

Lab Session 2: Digging in the protocols

Before the session


3.1 Traffic filtering
The purpose of the routing is to provide enough information to the routers so they are able to forward traffic to any
destination in the network. However, sometimes it is required that some part of the traffic does not reach certain
destinations. For instance, we would like to avoid users from outside of our network to access the router in our
network for remote configuration using telnet. In addition to security, there are more reasons to place restrictions on
the network traffic. Load balancing is another typical example, where the traffic is classified and routed depending on
its nature and not only its destination.
The set of restrictions on certain types of traffic is usually referred as traffic policies. The mechanism to enforce
these policies in the network is called traffic filtering, and a router applying it is commonly known as a firewall. The
syntax for policies varies between different vendors and platforms, but all implementations allow us to express rules to
check whether the traffic should be forwarded or dropped. Thus, it is important to note that traffic filtering is applied
in addition to the routing.
Since we are using Cisco equipment in the lab, we will use their syntax. In Cisco IOS, the filtering is called the
access control and it is expressed through Access Control Lists (ACL). An ACL is a sequential collection of statements
that establish what kind of packets to permit or deny based on their source address, destination address and/or port. It
is possible to store several ACLs in the configuration of the routers, but only two ACLs can be applied per interface,
one for the outgoing traffic and another one for the incoming traffic. Each packet arriving or leaving the interface is
tested against the statements to determine whether it should be forwarded or dropped.
These concepts are better illustrated with an example. Imagine that we want to create a policy that forbids HTTP
traffic (web browsing) to get in our network 192.168.10.0/24. Using the Cisco ACLs, this is written as follows:

ip access-list extended noHTTPtraffic


deny TCP 0.0.0.0 255.255.255.255 192.168.10.0 0.0.0.255 eq 80
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

These lines should be included in the configuration file of the router as the rest of the configuration. The first
line declares that the definition of an ACL is starting. The keywords ip access-list are mandatory, while
extended specifies the type of ACL. There are several types of ACL, but we will always use extended ACL because
they provide the richest syntax. The first line ends with the name we gave to this ACL, noHTTPtraffic, that can be
used for reference to this ACL later. The second and third lines are the statements, which establish our policy. The first
keyword deny or permit indicates whether the statement will deny or accept respectively the traffic if the condition
is satisfied. The rest of the line contains the condition against which each packet will be tested.
The condition starts with a keyword and then it has two mandatory addresses source address and
destination address and optionally port. The first keyword in the condition indicates the type of traffic to
match. Possible values for this field are TCP,udp,ip or icmp. After the traffic type, each address is specified with
two words, the first is the expected IP address and the second is called a wildcard mask.
The wildcard mask indicates which bits of the packet’s IP address must match the expected address for the state-
ment to be applied. The wildcard mask looks like a network mask, but it operates in a completely different way. Each
0 bit in the wildcard means to check the corresponding packet’s address bit, while a 1 bit means to ignore. So the
destination address 192.168.10.0 0.0.0.255 of the first statement means that the first 3 octets of the packet’s

41
Tasks Before the session

destination address must match the first 3 octets of the given address for this rule to be applied. The last octet of the
packet’s address is not checked since the wildcard mask contains ones there. As a special case, the address 0.0.0.0
means any IP address and the wildcard mask 255.255.255.255 means do not check any bit of the packet’s address.
In our example, the couple 0.0.0.0 255.255.255.255 in the source address of the first statement means accept any
address as the source address of the tested packet. The router will display the word any instead of this couple. The
condition finishes with the port to be matched, being this information optional. In our example, the first statement
contains a port limitation in the condition but not the second. In the first condition, eq 80 means that the packet must
contain the port 80 (HTTP port) to match the condition.
To summarize, our ACL has two statements. The first one denies TCP traffic from any source with destination
any host in our network (192.168.10.0/24) if the packet contains HTTP traffic (port 80). The second one permits any
other packet. It is important to highlight that the packets are tested against the statements in the order in which the
statements were created and that when a packet matches a statement, the permit or deny decision is made and the rest
of the statements are not checked. For example, if the second statement were in the first position, all packets would be
accepted since all would match the permit condition and the deny condition would never be tested.
To finish with the syntax of the ACLs, mind that by default they contain a final statement deny 0.0.0.0
255.255.255.255 0.0.0.0 255.255.255.255, which will deny all packets not matching any of the pre-
vious statements. It is always there, even though it is never displayed. This means that the second statement of our
example is important, otherwise the default statement would have dropped all the packets not containing port 80.
Remember that you always need to permit the allowed traffic explicitly.
Once the desired ACL’s are included in the configuration of the router, they must be linked to a particular interface.
This linking mechanism provides great flexibility because different interfaces in the router can apply different policies
(ACLs). The syntax to link our ACL to the incoming traffic to the FastEthernet0/1 port of the router would be:
interface FastEthernet0/1
...
ip access-group noHTTPtraffic in
...

It is a straightforward command in the interface’s configuration where the name of the ACL is used to identify
it. The final keyword in means that the ACL is to be checked against incoming traffic, thus outgoing traffic will not
be filtered. The other value of this final keyword can be out to filter outgoing traffic. Remember that there is an
additional restriction; at most two ACL can be linked to one interface (one per direction).
To close this section, we will give you some useful hints when working with ACLs. The ACL must be created in
global configuration mode, but they are linked to interfaces from the particular interface’s configuration mode. The
statements are tested in the order in which they were created, thus if you need to change the order of the statements,
you have to delete them first using the “no” form and retype them again in the desired order. The command show ip
interface executed in privileged mode lists the ACLs, which are set for each interface. And the command show
access-list [name] displays the contents of the ACL given by name. When the optional name is omitted all
ACLs are displayed.

Laboratory Manual 42
Tasks During the laboratory session

Figure 3.1: Area diagram

During the laboratory session


3.2 Task 1: Initial configuration of the equipment
This task will guide you through the initial configuration of the equipment for this lab session. We will use the network
diagrams depicted in Figures 2.2 and 2.3.

1. Figure 3.1 represents the equipment in your area network and part of the departmental backbone. Using figure
2.2 and figure 2.3 as a guide, fill in the IP addresses, names and interface names corresponding to your position.
Assign the IP addresses following the rules given in section 2.1.1.

2. Following this diagram, connect the interfaces of the router, the switch and the PC.

3. First you need to configure the router in your network. Connect the management console to the router. Use the
PC running Linux as management console. Remember to link the console port of the router to the USB of the
PC using the rollover cable, the RJ-45 to DB9 converter, and the USB to DB9 converter.

Laboratory Manual 43
Tasks During the laboratory session

4. Open a terminal window in the PC and start the program minicom with the superuser privileges (sudo).

5. Connect the power cable to the router and switch it on. Check that some messages appear in the management
console as the router boots.

6. Wait until the router boots. Then if the router asks you whether you would like to enter the initial configuration
dialog, answer no. When the router’s prompt appears, enter in global configuration mode using the enable
command.

7. This time we will not configure the router typing all commands in the command line interface, but we will
download the configuration from a TFTP server in the network. So the first step is to configure the router to
reach the TFTP server. In our network, the TFTP server is running in the PC-router, which is also the default
gateway to the Internet. This PC can be reached through the router’s port named FastEthernet0/1. Using the
information in figure 3.1, configure the router’s interface FastEthernet0/1 with the proper IP address and network
mask. Remember to use the proper commands to enter in interface configuration mode (i.e. configure
terminal and interface FastEthernet0/1).

8. Once you have configured the interface, check that it is not shutdown. In order to check this display the running
configuration of the router (show running-config). Find the description of the interfaces. If the word
“shutdown” is part of the configuration of any of the two interfaces (i.e FastEthernet0/0 or FastEthernet0/1) the
interface does not work. If this is the case you have to switch it on manually by performing the following steps;
otherwise omit them.

(a) Enter in the interface configuration mode (i.e. configure terminal and interface
FastEthernet0/x, where ’x’ is the number of the shutdown interface).
(b) Type no shutdown.
(c) Exit from the interface configuration mode.

9. At this point you must be able to reach the TFTP server. Check it using ping from the router to the PC-router’s
closest interface. If you cannot reach the IP address of the TFTP server, review all previous steps until you find
the problem. Do not proceed to the next step, before you can reach the TFTP server.

10. The TFTP server stores a different configuration file for every router. So you have to download the file corre-
sponding to your router using the right filename. The filename of your router’s configuration is composed by
your network name and the suffix ’-r-config’. For example, if your position is area 2 of the production depart-
ment, the filename is ’pro2-r-config’. If your position is area 4 of the research and development department,
the filename is ’rad4-r-config’ and so on. Download that file to your router’s running configuration, using the
following Cisco command in global configuration mode:

copy tftp running-config

Firstly, you will be asked for the IP address of the remote host. This should be the IP address of the closest
interface of the PC-router to your router. After this you need to indicate the filename and the destination filename
(use the default value running-config). After you answer the third and last question, the configuration file
will be downloaded to your router. The configuration will become the running configuration in the router
immediately after the download process is completed.

11. The router is now configured as figure 3.1 indicates, including passwords and routing table. Looking at the
running-configuration, check that none of the FastEthernet interfaces is shutdown as explained in Step 8 above.

12. Check that the received configuration is correct. To do this:

(a) Check that the IP addresses assigned to the interfaces correspond to those in figure 3.1.
(b) Check the routing table. You should be able to ping and traceroute any hostname in the Internet from the
router. For instance, try to traceroute www.imit.kth.se.

13. Save the configuration of the router using copy running-config startup-config.

14. Now that the router is ready, configure the switch. Connect the management console to the switch and power it
on. Some messages should appear in the console while the switch boots.

Laboratory Manual 44
Tasks During the laboratory session

15. Wait until the switch boots. Then if the switch asks you whether you would like to enter the initial configuration
dialog, answer no. When the switch prompt appears, enter in global configuration mode using the enable
command. Note that the switch can ask you to log in.
16. Using the information in Figure 3.1, configure the switch’s interface VLAN1 with the proper IP address and net-
work mask. Remember to use the proper commands to enter in interface configuration mode (i.e. configure
terminal and interface vlan1).
17. Set the default gateway for the switch with the command ip default-gateway IP_of_Gateway
in privileged mode.
18. Once you have configured the interface and the default gateway, you must be able to reach the TFTP server. It
is the same server for both the switch and router. Check it using ping from the switch. If you cannot reach the
IP address of the TFTP server, review all the previous steps until you find the problem. Do not proceed to the
next step, before you can reach the TFTP server.
19. The TFTP server stores a different configuration file for every switch. So you have to download the file corre-
sponding to your switch using the right filename. The filename of your switch’s configuration is composed by
your network name and the suffix ’-sw-config’. For example, if your position is area 2 of the production depart-
ment, the filename is ’pro2-sw-config’. If your position is area 4 of the research and development department,
the filename is ’rad4-sw-config’ and so on. Download that file to your switch’s running configuration, using the
following Cisco command in global configuration mode:
copy tftp running-config
Firstly, you will be asked for the IP address of the remote host. This should be the IP address of the closest
interface of the PC-router to your router. After this you need to indicate the filename and the destination filename
(use the default value running-config). After you answer the third and last question, the configuration file
will be downloaded to your switch. The configuration will become the running configuration in the switch
immediately after the download process is complete. The switch is now configured as figure 3.1 indicates,
including passwords and the IP address.
20. Check that the received configuration is correct. Check that the IP addresses assigned to the vlan interface is
right and check the default gateway. You should be able to ping and traceroute any host in the Internet from the
switch. For instance, try to traceroute www.imit.kth.se.
21. Now, save the configuration of the switch using copy running-config startup-config.
22. Finally, configure the PC Ethernet interface using the commands described in the section 2.6. You will need to
configure the network interface with proper IP address and network mask, and then the PC routing table. Open
a terminal window in your PC. You will type all commands there.
23. Configure your Ethernet interface (Remember that in your PC the ID of the Ethernet interface in the PC is eth1)
with the command ifconfig. Recall the IP information of your network and configure your interface using
the following command:
ifconfig Interface_ID IP_of_your_PC netmask Your_Netmask broadcast Broadcast_address

24. Add a route to the default gateway with the ’route’ command. The default gateway should be the inner
interface of your LAN router.
route add default gw Address_of_your_router

25. Now the configuration of the PC is finished. You should be able to ping and traceroute any hostname in the
Internet from the PC. For instance, traceroute to www.imit.kth.se.

3.3 Task 2: Traffic filtering


In this task you will have to use Cisco ACLs to enforce a couple of policies in your area network. The policies are:
Policy 1: All incoming telnet connections must be blocked, while outgoing telnet connections must be allowed.
Policy 2: Users within the area network should be only permitted to browse the Internet with a web browser or
telnet to remote locations. Any other application must be blocked.
The first policy would be part of the network security because it would avoid remote configuration of our network
equipment from outside the area network. The second policy would enforce the ’correct’ use of the network resources,
restricting the user traffic to the allowed applications.

Laboratory Manual 45
Tasks During the laboratory session

1. From the PC telnet to the PC router in the lab, the one that offers Internet access to all the routers. It can be
reached at any IP address shown in Figure 2.3. As the user name use: lab and the password labo. The Linux
command should look like this:
telnet IP_of_PC-Router -l lab

2. From the PC-router telnet to your own router and enter in privileged mode (command enable) so you can
change the configuration of the router. Note that this is exactly the type of connection that policy 1 tries to
forbid.
3. Write below the ACL corresponding to the above policy 1 using the proper Cisco syntax. Remember that telnet
uses tcp port 23.

4. Add the ACL above to the router configuration using the telnet connection established through the PC-router.
Do not link the ACL to the interface yet. Close the telnet connection from the PC-router to your router with the
command exit after adding the ACL.
5. Connect the management console to the router, enter in the configuration mode and link the previous ACL to
the proper interface. Note that the proper interface depends on how you wrote the ACL. Mind that the telnet
connection to PC-router from your PC should keep working after the ACL is set.
6. Now that the ACL is set, check that you cannot establish a telnet connection from the PC-router to your router
any longer. What is the error message displayed when the telnet connection fails?

7. Before starting with the second policy, check that you can open with a web browser in the PC both ’ftp://ftp.sunet.se’
and ’http://ftp.sunet.se’. Both URLs will reach the FTP archive of the Swedish University Network, but the for-
mer will use the FTP protocol while the second will use the HTTP protocol. The second policy will only permit
the HTTP connection to this site.
8. Close the web browser.
9. Write below the ACL corresponding to the policy 2 using the proper Cisco syntax. Note that this ACL should
permit some additional traffic not mentioned in the text of the policy before blocking the rest of the traffic: Web
browsing (tcp port 80) will work if Domain Name Resolution (DNS) is working, thus DNS (udp port 53) should
be permitted as well. In addition, you should allow the traffic useful for network maintenance, so permit also
ICMP traffic.

Laboratory Manual 46
Tasks During the laboratory session

10. Add this second ACL to the router configuration using a telnet connection from your PC to the router.
11. Link this new ACL to the proper interface. Note that the proper interface depends on how you wrote the ACL.
Mind also that the outgoing telnet connection to the router from your PC allowed by policy 1 should keep
working after this ACL is set.
12. Now that the ACL is set, check that you can still open this URL ’http://ftp.sunet.se’ with a web browser in the
PC.
13. Now check that you cannot open this URL ’ftp://ftp.sunet.se’ with a web browser in the PC. What is the error
message displayed when the connection fails?

14. Now check that ’ftp.sunet.se’ is still alive using ping from the PC. Why does ping work when the site cannot be
browsed?

15. Now trace the route from the PC to ’ftp.sunet.se’ using the Linux command traceroute. Why cannot tracer-
oute reach the destination even when ICMP traffic is allowed? (Hint: read traceroute manual page with man
traceroute if you are not sure how it works).

Laboratory Manual 47
Tasks During the laboratory session

Laboratory Manual 48
Chapter 4

Lab Session 3: Offering network services

Before the session


4.1 Domain Name System
The Domain Name System converts hostnames to IP addresses and vice-versa. DNS is one of the most obscure areas
of network administration, but we will try to give you a good introduction to it, so that you are able to configure a
DNS server and understand what you are doing. Some simple words of caution, though: DNS is a net-wide database,
so take care about what you put into it. Keep your DNS tidy and consistent and you will get good service from it.
Learn to use it, administer it, debug it and you will be another good administrator keeping the net from failing due to
mismanagement.

4.1.1 What is DNS?


The Domain Name System is a distributed database, that operates on a client–server scheme. It support replication and
caching to provide robustness and adequate performance. The name servers are the programs that contain information
about different parts of the database and provide that information to the clients, which are called resolvers. Most of
the time, the resolvers are just libraries that send queries across the network to the name servers.
The structure of DNS is seen as an inverted tree with the root node at the top, very similar to the UNIX file system.
Each node in the tree has a label that identifies it to its parent. The root node has reserved the ‘.’ label.
Each of the subtrees of the whole tree represent a part of the DNS database, or in other words a domain in the
Domain Name System. Each domain can also be divided into subdomains, that are drawn as children of their parent
domains. Every domain has a unique name, which identifies its position in the database. In DNS, the domain name is
a sequence of labels from the node at the root of that particular domain to the root of the whole tree, with ‘.’ separating
the labels. Domain names are the indexes to the DNS database. Each domain may contain final hosts and subdomains
Each host on the network has a domain name, which points to the information about that host in DNS database.
This information can include IP address, e-mail information, etc. A host in the Internet may have several different
names. However, one of them must be declared as an official canonical name. Other names are just domain name
aliases, which are equivalent to the canonical name.
In DNS, each domain can be managed by a different organization or company, and they can break their domain
in as many subdomains as they want. Even more, the organizations can give responsibility of those subdomains to
different organizations.

4.1.2 How DNS works


When a DNS client wants to look up a name, it queries DNS servers to resolve the name. The query that the client
sends contains three pieces of information:

• A Fully Qualified Domain Name (FQDN), which is the specific domain you are looking for

• A query type, specifying a simple resource record or a more complex query

• A class for the DNS domain name

49
Tasks Before the session

DNS queries are resolved in different ways. Sometimes your machine contains a local cache that contains infor-
mation previously looked for, or the DNS server can use its own cache to answer a query. However, most of the time,
the DNS server needs to contact other DNS servers to resolve the name and then send back the answer to the client.
This is called a recursive query. The client machine can also contact additional DNS servers using separate queries.
This process is called iteration.

The local name resolver


The first step when resolving a name is to contact the local resolver, which tries to answer using locally cached
information. The local resolver operates with information obtained from two possible sources:

• A hosts file configured locally, which contains hosts name to address mappings. These manually inserted map-
pings are stored in the local cache when the DNS client is started.

• Some Resource Records (RR) that came in previous responses from DNS servers, and that are kept in the local
cache for some time.

If the local resolver is not able to solve a query, then the process continues with the client querying a DNS server.

The DNS server


When a client wants to query a DNS server, it needs to know the IP address of the server. This IP address can be stored
locally in a configuration file or it can be received from the network when the network configuration takes place.
Sometimes the list of DNS servers contains more than one entry, in which case the client usually selects the DNS
servers one by one. In Linux operating system the file, which contain IP addresses of DNS servers is /etc/resolv.conf
Each DNS server contains information about one or more domains. In the terminology of DNS the domain is
also referred as a zone. When a DNS server receives a query, it first checks whether the information is stored in one
of its locally configured zone files. If it is, then the server answers the query authoritatively based on the resource
information in that file. If no information exists in the local zone files, then the server checks whether it can answer
the query with a cached response from a previous query. If this is not the case, then the query continues recursively.
The process of recursion to resolve a query involves more DNS servers. By default, the DNS client asks the server
to use recursion if needed before returning an answer. In most of the cases, the server is configured to support the
recursion.
The first thing a DNS server needs in order to perform the recursion properly is some root hints. In other words it
needs a list of IP addresses of DNS servers, which are authoritative for the root of the DNS tree. These root servers are
authoritative for all the top level domains, like ‘.com’ or ‘.net’. Using these root hints, a DNS server can recursively
complete any query and locate the servers which are authoritative for any other DNS domain used at any branch of the
DNS tree.
Let’s follow the example in Figure 4.1 to clarify it. Imagine that you have a laptop connected to your LAN in
area1.rad.acme and you want to connect to another laptop in area3.mar.acme. Imagine the name of this second
laptop is laptop1.area3.mar.acme. The first thing that your laptop does is contacting the DNS server of your area,
in this case ns.area1.rad.acme to obtain the IP address of laptop1.area3.mar.acme. The DNS server of your area
has no information at all about anything out of its own area (we assume that the local cache is empty). Your DNS
server decides that it needs to contact one of the root servers to obtain the authoritative server for the acme domain.
In the environment of our laboratory, there is only one root server and its IP address is 192.168.0.1. The root server
sends a referral to the authoritative server of acme domain (ns.acme). In our case the DNS server ns.acme runs
on the same machine, its IP address is 192.168.0.1. After receiving the referral your DNS server proceeds with the
recursion asking ns.acme to give an IP address of the DNS server responsible for the mar.acme domain. We config-
ured the DNS server ns.acme so that it is authoritative for all its subdomains (adm.acme, pro.acme, rad.acme, and
mar.acme).When the answer saying that ns.acme is also authoritative DNS server for mar.acme domain is received
from ns.acme your DNS server will proceed with the recursion and ask ns.acme to give a referral to the DNS server of
area3.mar.acme. It is important to understand that these two servers (i.e root, ns.acme) could be located in different
machines, and most of the time they will be! Since ns.acme is authoritative for mar.acme domain it has a description
of this zone, which includes the records about authoritative DNS servers for all its subdomains (area1.mar.acme,
area2.mar.acme, area3.mar.acme, and area4.mar.acme). In our example the DNS server ns.acme will pick the IP
address of ns.area3.mar.acme and will send it back to your DNS server. At the final step of the recursion, your DNS
server will send the full query for laptop1.area3.mar.acme to ns.area3.mar.acme. This last DNS server will give
an authoritative answer with the IP address we are requesting to the DNS server of your area, finishing the recursion
process. Finally, your DNS server (ns.area1.rad.acme) will forward the answer to the DNS client in your PC and the
query will be finished.

Laboratory Manual 50
Tasks Before the session

Figure 4.1: DNS configuration for an example domain.

Laboratory Manual 51
Tasks Before the session

This recursion process can be time consuming and resource intensive, but it has some advantages for the DNS
server, as it obtains information about the DNS name space and caches it in its local cache to speed up subsequent
queries. The local DNS cache is cleared when the DNS server is restarted.

Alternative query responses


When a server answers a query for a client, there are different types of responses that it can give. For example:

• An authoritative answer. It has the authoritative bit set and means that the answer was obtained from a server
with direct authority over the queried name.
• A positive answer, which contains the demanded resource records (RR) or a set of RR’s that comply with the
questioned DNS name and record type.
• A referral answer, which contains additional resource records not included in the query. This answers is given
back to the client when recursion is not supported by the server, so that the client can continue the query using
iteration. If the client is unable to use iteration, it can make further queries using the referral information.
• A negative answer, which can indicate that either an authoritative server answered that the queried name does
not exist, or that it exists but there are no records of the specified type for that name.

How iteration and caching work


When the use of recursion is disabled in the DNS server, or the client does not request its use, then the client uses
iteration to resolve a name. An iterative query from a client demands the best possible answer from the server, but
without contacting other DNS servers. If this is the case, the DNS server answers with the knowledge it has in its own
cache or zone files. If the server does not have the right answer, it provides a list of name servers and resource records
for other DNS servers that are closer in the DNS tree to the name queried.
When the answer from the DNS server is a referral, it is up to the client to continue the iterative query to the other
DNS servers, until it gets the definitive authoritative answer.
The use of the cache by the server is fundamental in the whole DNS scheme. Caching provides the means to speed
up the performance of DNS resolution and it also reduces the amount of DNS related traffic in the network. When
DNS servers make recursive queries, they temporarily cache resource records with information obtained from other
authoritative servers. This cached information coming from authoritative servers can be used to answer later queries
about the same RR’s.
The information cached on the servers has a maximum TimeToLive (TTL). As long as the TTL does not expire the
server can use the RR cached to answer queries. The cached RR’s are assigned by default the minimum TTL, which
is set in the zone’s start of authority (SOA) resource record. This default value is usually 3600 seconds, but it can be
adjusted, or individual TTL’s can be given to each RR.

Laboratory Manual 52
Tasks During the laboratory session

Your Position Name of the web server


adm1 www.webcrawler.com
adm2 www.adobe.com
adm3 www.digits.com
adm4 www.alltheweb.com
rad1 www.dit.upm.es
rad2 www.csu.edu.au
rad3 www.abc.es
rad4 www.ucc.ie
mar1 www.semanticweb.org
mar2 www.cbi-web.org
mar3 www.healthweb.org
mar4 www.un.org
pro1 www.auckland.ac.nz
pro2 www.rmit.edu.vn
pro3 www.mult.ru
pro4 www.anekdot.ru

Table 4.1: The hostnames to use in Task 2.2

During the laboratory session


4.2 Task 1: Initial configuration of the equipment
The first task in this lab is to configure the router, the switch and the PC. For this, you will repeat the tasks in section
3.2. Follow all the steps you performed in lab 2 and configure properly these devices.

4.3 Task 2: Checking DNS operation


In this exercise we want you to understand the way DNS works. You will use BIND DNS server version 9. BIND is
the most commonly used DNS server on the Internet, especially on Unix-like operating systems. You will have to edit
the configuration files in your PC that control the operation of DNS. In order to edit a configuration file you can use
any text editor such as gedit, emacs, or vi. If you are not familiar with any of them, we suggest to use gedit. In order
to be able to successfully save edited files you have to run an editor with the security privileges of root user. You can
start gedit by typing sudo gedit in a terminal window. Sudo password is ‘1234’.

1. Edit the file /etc/resolv.conf. If it does not exists, create one. It contains the IP address of the DNS server to
contact when resolving names. Change the name-server’s IP address to the IP of the PC-router in the network:
192.168.0.1. After editing, the first line of the file should contain the following:
nameserver 192.168.0.1

2. First, perform a recursive query to get the IP address corresponding to a hostname. In this step use dig without
options to resolve hostnames. This is an example of the syntax:
dig Name_of_a_machine

Answer these two questions:

• Look in Table 4.1 and pick up the name of the web server which corresponds to your position. Resolve its
IP address using dig. Look at the statistic’s part (the last part of ‘dig’s’ output). What is the query time?

• Repeat the previous exercise with the same name. What is the query time now? Why do you observe this
phenomenon?

Laboratory Manual 53
Tasks During the laboratory session

3. Second, perform a non-recursive query. In the last step, your DNS client contacted several servers to complete
the recursive query. Now you will use dig to contact the different servers one by one until you get the IP address
corresponding to the given hostname. The goal of this step is to discover how the DNS client in your PC resolves
IP addresses given symbolic names. Execute these commands and answer the questions:

• Execute the following command to obtain the list of available root servers.
dig +nostats +nocmd

How many ‘ROOT’ servers does your machine recognize?

• Choose a ‘ROOT’ server from the list and write its name here:

• Now perform non-recursive queries to resolve the IP address of the machine www.ee.kth.se. Write below
the list of DNS servers (name and IP address) contacted. Start querying from the root server that you
chose above and use the following syntax of dig to do non-recursive queries:
dig +norec +nostats +nocmd www.ee.kth.se @IP_of_the_DNS_server

Note: read the description of DNS in Section 4.1 if you do not remember how the recursion works.

• How many DNS servers contain records about domain ee.kth.se?

• Does the machine www.ee.kth.se have another name?

4.4 Task 3: Configure your own DNS


In this task you will configure a DNS server for your area network in the department. In the process of configuring
your DNS server you will edit the configuration files of BIND. The configuration files are structured as an inverted
tree with the root file ‘/etc/bind/named.conf’ on the top. In this file you can see that three other files are included.
File ‘/etc/bind/named.conf.options’ contains an option statement. The directory options defines the directory for the
zone and cache files. File ‘/etc/bind/named.conf.default-zones’ has the information where localhost, broadcast, and
root level zone files are stored. File ‘/etc/bind/named.conf.local’ is used for adding new zones. In this file, you define
where the different files that contain the databases of your DNS zones are located. After this, you will have to edit
these zone files appropriately, including the different mappings from IP addresses to names and vice-versa. All these
zone files are located in ‘/etc/bind’.

Remember the following! All zone files in the directory contain a serial number inside. A typical example is:

Laboratory Manual 54
Tasks During the laboratory session

;
; Zone file for your_area.your_department.acme
;
; The full zone file
;
$TTL 3D
@ IN SOA ns.your_area.your_department.acme.
hostmaster.your_area.your_department.acme. (
201502271300 ; serial, todays date + todays serial #

Each time you edit this file, increment this field by 1. This will tell your DNS server to flush the cache and load the
edited zone information. Also, notice that in all templates that we provide to you, you need to change certain values.
The values that you should change are written in italics in the manual. In general you should change the places where
it says IP_of_Your_Router or your_area.your_department.

One last comment: whenever you start BIND, you can always check the output messages of the initialization. All
the output is saved in file ‘/var/log/daemon.log’, so just open the file for reading using ‘sudo less /var/log/daemon.log’
to see BIND startup messages.

First, get the parameters for the configuration of your DNS server:

1. Considering the diagram in Figure 4.1 as an example identify the following information for your network.

• What is the domain name of your department?

• What is the domain name of your area?

• What is the IP address of the machine which is able to resolve all domains of ACME’s network?

• What is the IP address of the machine which run the DNS server for YOUR network?

• Use Figure 4.1 as an example and assign the names to the devices in your network and fill them into the
diagram in Figure 4.2 :

Laboratory Manual 55
Tasks During the laboratory session

Figure 4.2: DNS information for your domain.

4.4.1 Configuring your domain


In this section you will set up your own domain. You will modify files ‘/etc/bind/named.conf.options’,
‘/etc/bind/named.conf.default-zones’, and ‘/etc/bind/named.conf.local’. Before you start editing files, a few words
about the syntax for comments in DNS related files. Comments in zone files start with semicolon. Since all lines
must finish with a semicolon, a line with a comment looks like this:
;This is a comment;

However, C-style /* */, C++-style // and Unix-style # comments are used in files ‘/etc/bind/named.conf.options’,
‘/etc/bind/named.conf.default-zones’, and ‘/etc/bind/named.conf.local’. Don’t use a semicolon to mark a comment in
these files.
Finally, after each step that you perform, you should always save your configuration file before continuing.

• Look at the file ‘/etc/bind/named.conf.default-zones’. It should look like this:


zone "." {
type forward;
forward only;
forwarders { 192.168.0.1; };
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";

Laboratory Manual 56
Tasks During the laboratory session

};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

The record starts with the keyword zone followed by the domain name and the class (in stands for the Internet).
The word master indicates that this server is a primary master server for the zone, and the last line shows the
file to be read. On a primary master server, files ’named.conf.default-zones’ and ’named.conf.local’ contain one
record for each file to be read. The special zone ‘.’ is used when your server can not resolve the names by its
own. Basically, you should read this zone description as ‘For every name which is not under my responsibility
forward the query to 192.168.0.1, which is the IP address of the PC-router; it will handle it’.
These zones are the default zones, their zone files come predefined so you do not have to worry about them.
However, for your better understanding you will have to edit the file for your localhost (your own PC).

• Open the file‘/etc/bind/db.127’. This file contains the database for your localhost (your own PC). You can check
that it corresponds to the third zone in your ‘named.conf.default-zone’ file. It should contain the following:
$TTL 3D
@ IN SOA ns.your_area.your_department.acme.
hostmaster.your_area.your_department.acme. (
201502271300; Year+Month+Date+Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns.your_area.your_department.acme.
1.0.0 PTR localhost.

Change all appearances of your_area and your_department to the names corresponding to your area and depart-
ment (refer to Figure 4.2 for information). Save the file and proceed further.
In this file you can see the structure of the database files (db). Remember that every line that starts with a
semicolon is a comment. This file maps addresses to host names. Each file is named as the network number
it represents, so 127 means that this particular file contains the mappings from IP addresses to names for any
address of the form 127.x.x.x. As you can see, only the parts (the ‘x.x.x’) of the IP address needs to be written
in the file, as all the other parts are already matched when this file is used. This is the reason why the localhost
entry is 1.0.0, because the localhost address is ‘127.0.0.1’. Note that the entry address is written in the opposite
order. Notice also the ‘.’ at the end of localhost. If a machine name does not end in a period in a zone file the
origin is added to its end, so the entry would be ‘localhost.127.0.0’ which, of course, is wrong!
Most entries in the db files are called DNS resource records, and they must start in column one. The ordering of
resource records in the db files is as follows (not all of them need to be present):

SOA record: Indicates authority for this zone file


NS record: Lists a name server for this zone
A record: Name to address mapping
PTR record: Address to name mapping
CNAME record: Canonical name (for aliases)
• Edit ‘/etc/resolv.conf’. Comment out the line that you already have and put the IP address of your PC as IP of
the nameserver. Your file should look like this:
nameserver IP_address_of_your_PC
#nameserver 192.168.0.1

Save the file and proceed further.

• Start BIND running ‘/etc/init.d/bind9 start’. Check that BIND loads correctly by looking at the file ‘/var/log/daemon.log’.
Run dig -x 127.0.0.1 and fill the missing parts of its output below. Of course, some of the values will
not be the same for you, as your localhost zone file could differ from this example, however the ANSWER
SECTION should be there!

Laboratory Manual 57
Tasks During the laboratory session

[lab@localhost lab]# dig -x 127.0.0.1


;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 22718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;1.0.0.127. . . IN PTR

;; ANSWER SECTION:
.in-addr.arpa. IN .

;; AUTHORITY SECTION:
0.0.127.in-addr.arpa. IN NS .

;; Query time: msec


;; SERVER: #53( )
;; WHEN:
;; MSG SIZE rcvd:

4.4.2 Your own area


Now, you should create the database for your own area, that will translate from names to IP addresses. Construct the
zone of your area, restart DNS server, and verify that the server is working properly by performing the following tasks:

• Edit ‘/etc/bind/named.conf.local’ file. Append the following text to the end of this file:
zone "your_area.your_department.acme" {
type master;
notify no;
file "/etc/bind/db.your_area.your_department.acme";
};

This entry tells BIND where to find the database about your own area. You should already know what each field
means. The ‘notify no’ means that we do not want to notify all the rest of the DNS servers about the content of
our file. . . after all we are only testing! Save the file and proceed further.

• Open the file ‘/etc/bind/db.your_area.your_department.acme’. It should contain the following:

;
; Zone file for your_area.your_department.acme
;
; The full zone file
;
$TTL 3D
@ IN SOA ns.your_area.your_department.acme.
hostmaster.your_area.your_department.acme. (
201502271300 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
;--- -DESCRIPTION of THIS DNS server-------------;
;----------LABEL--VALUE--------COMMENT------;
TXT "Area.Dept.acme DNS server"
NS ns ; Inet Address of name server
;
;----ASSIGNMENT of IP ADDRESSES TO THE NETWORK DEVICES-;
;NAME-------------------------LABEL--IP ADDRESS---------;
;
localhost A 127.0.0.1
ns A IP_of_your_DNS_Server
www CNAME ns
Name_of_the_inner_interface_of_your_router A IP_of_your_router
sw A IP_of_your_switch
other A IP_of_other_device

In this zone file you should be able to recognize most of the Resource Records (RR). Most of them are ‘A’
resource records, that map names to IP addresses. There is also a CNAME record, which is an alias for the web
server, which in your case would run on the same PC. That is why it points to the ‘A’ record of your name server
(your PC). Save the file and proceed further.

Laboratory Manual 58
Tasks During the laboratory session

• Restart BIND running ‘/etc/init.d/bind9 restart’ and check log messages in ‘/var/log/daemon.log’. In the case
of error messages you need to search for an error in your configuration files. Otherwise, run
dig www.your_area.your_department.acme

and fill in the missing parts of its output below:

[lab@localhost lab]# dig www.your_area.your_department.acme;


«» DiG 9.1.0 «» www.your_area.your_department.acme
;; global options: printcmd
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 22718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www. . .acme. IN A

;; ANSWER SECTION:
. . .acme. IN .
ns. . .acme. IN A

;; AUTHORITY SECTION:
. .acme. IN NS .

;; Query time: msec


;; SERVER: #53( )
;; WHEN:
;; MSG SIZE rcvd:

4.4.3 The reverse zone area


The last thing that we need to do is to construct the reverse zone of the area (the files that will translate from IP
addresses to names).

• Edit ‘/etc/bind/named.conf.local’ file and append the following text to the end of this file:
zone "0.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192.168.0";
};

Save the file and proceed further.

• Open the file /etc/bind/db.192.168.0, it should contain the following:

;
; Zone file for 0.168.192.in-addr.arpa
;
; The reverse zone file
;
$TTL 3D
@ IN SOA ns.your_area.your_department.acme.
hostmaster.your_area.your_department.acme. (
201502271300 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
NS ns.your_area.your_department.acme.
;
;-REVERSE ASSIGNMENT of IP ADDRESSES TO THE NETWORK DEVICES----------;
;Host Part of IP ADD--------LABEL---------------NAME----------------;

First_valid_host_address PTR Name_of_the_inner_interface_of_your_Router.


your_area.your_department.acme.
Second_valid_host_address PTR sw.your_area.your_department.acme.
Third_valid_host_address PTR ns.your_area.your_department.acme.
Fourth_valid_host_address PTR other.your_area.your_department.acme.

Laboratory Manual 59
Tasks During the laboratory session

You can easily understand the content of this file. All resource records are of type PTR, so they translate IP
addresses to names. Edit the file and substitute the given strings by names and IP numbers of your network.
Remember! You only have to write the host part of your IP addresses. For example if the IP address of
the inner interface of your router is 192.168.0.129, then instead of the entry First_valid_host_address you
should write only "129". Notice also the dots at the end of the names. If you do not add those dots, then the
name of the zone file would be added at the end. Save the file and proceed further.

• Restart BIND running ‘/etc/init.d/bind9 restart’ and check if any errors appear. If all is correct, run
dig -x IP_Address_of_Your_Router

and fill in the missing parts of its output below:


[lab@localhost lab]# dig -x IP_Address_of_Your_Router
;; Got answer:
;; -»HEADER«- opcode: QUERY, status: NOERROR, id: 23263
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
; . . . . . . IN PTR

;; ANSWER SECTION:
.in-addr.arpa. IN .

;; AUTHORITY SECTION:
.in-addr.arpa. IN NS .

;; ADDITIONAL SECTION:
ns. . .acme. IN A

;; Query time: msec


;; SERVER: #53( )
;; WHEN:
;; MSG SIZE rcvd:

Laboratory Manual 60