You are on page 1of 31

CAPSTONE PROJECT REPORT

(Project Term August-December, 2013)

(Access Control List In VLAN Environment)


(Networking)
Submitted by

(Pardeep sharma )

Registration Number: 10803336

(Manik kamboj)

Registration Number:

(Navdeep singh)

Registration Number:

(Manbir singh)

Project Group Number .


Under the Guidance of
Navjot Kaur ()
(Lecturer)

Discipline of Computer Science and Information Technology


Lovely Professional University, Phagwara
August to December, 2013

DECLARATION

We hereby declare that the project work entitled (ACL In VLAN Environment) is an
authentic record of our own work carried out as requirements of Capstone Project (Part-I) for
the award of degree of B.Tech in CSE (Diploma-B.Tech-MBA) from Lovely Professional
University, Phagwara, under the guidance of Navjot Kaur(14), during August to December,
2013).

Project Group Number:

Name of Student 1: Pardeep Sharma


Registration Number: 10803336

Name of Student 2: Manik Kamboj


Registration Number:

Name of Student 3: Navdeep Singh


Registration Number:

Name of Student 4: Manbir Singh


Registration Number:

CERTIFICATE

This is to certify that the declaration statement made by this group of students is
correct to the best of my knowledge and belief. The Capstone Project Proposal
based on the technology / tool learnt is fit for the submission and partial
fulfillment of the conditions for the award of B.Tech in CSE from Lovely
Professional University, Phagwara.

Name : ..

U.ID :

Designation : .

Signature of Faculty Mentor

ACKNOWLEDGEMENT

I would like to thank my guide Mrs. Navjot Kaur who guided me , taught me and
helped me completing my Six Month Capstone Project. I would also like to thank
my family and friends for supporting me completing my training. I acknowledge
thatI have completed this project report by myself and I have not copied this
report from anybody. First of all, I would like to thank the supreme power, the
Almighty God for his blessings showered on us that were able to complete this
project work in this topic relevant to the present time.
I also thank our beloved parents who supported us emotionally & financially to
prepare this project report. Their motivation is unmatchable. I pay our deep
gratitude to faculty for their motivation and supervision.
Thank You,

Reg. No. 10803336

Reg. No.

Reg. No.

Reg. No.

ABSTRACT

Contents
1.
2.
3.
4.
5.
6.
7.
8.

Internetworking Concepts
Ip Addressing(IPv4)
Introduction to routers
Basic and Advance Configuration of router
Routing
ACL (Access Control List)
NAT(Network Address Translation)/PAT(Port Address Translation)
Switching
(a) VLAN
(b) STP
(c) VTP
9. WAN Connection
(a) SDLC
(b) Frame-Relay
10 . IPv6

INTERNETWORKING CONCEPTS
Internetworking is a combination of INTER and
Networking. It means communicating a computer in a network with other networks
through the use of gateways that provide a method of routing information between the
networks. It is simply known as internet.

INTRODUCTION TO NETWORK
A network is a system that transmits any combination of voice,
video and or data between users. A network can be defined by its geographical dimensions
and by which the user,s PC access it.

Requirement of Networking
1. Resource Sharing
2. High Reliability
3. Scalability

Types of Network
1. LAN
2. MAN
3. WAN
Two architectural models are commonly used to describe the protocols and methods used in
internetworking.

1. OSI Model
2. TCP/IP

OSI Model Description

Cables:
LAN Cable
(a)
(b)

UTP -> Unshielded Twisted Pair


STP -> Shielded Twisted Pair

Two types of cables


(a)
(b)

Straight Cable
Cross Over Cable

Category of devices
(a)
(b)

DTE (Data Terminal Equipment)


DCE (Data Communication Equipment)

DTE devices such as PCs, hosts and Routers.


DCE devices such as Hub, Switch.

For communication between DTE and DCE devices


DTE<----------->DTE :->Cross Over Cable is used.
DCE<------------>DCE:->Cross Over Cable is used.
DTE<------------>DCE:->Straight cable is used.

COLOR CODING for straight and cross over cable


For Straight Cable
1.
2.
3.
4.
5.
6.
7.
8.

White/Green
Green
White/Orange
Blue
White/Blue
Orange
White/Brown
Brown

For Cross Over


1.
2.
3.
4.
5.
6.
7.

W/Orange
Orange
W/Green
Blue
W/Blue
Green
W/Brown
8. Brown

IP ADDRESSING:
Every machine on the network has its own unique identity number
called the IP address. e.g 10.1.1.25.There are two versions of ip addresses that are used now a
days.i.e IPv4 and IPv6. IPv6 is used at server ends in INDIA.
Each IP address is split into two sections:1. Network Address
2. Host Address
Ip addresses are divided into five classes
1.
2.
3.
4.

Class A is having network id of 8 bit and host id of 24 bit.


Class B is having network id of 16 bit and host id of 16 bit.
Class C is having network id of 24 bit and host id of 8 bit.
Class D is used for multicasting .
5. Class E is used for research work.

Range of Classes:1.
2.
3.
4.

Class A= 0-126
Class B=128-191
Class C= 192-223
Class D= 224-239
5. Class E=240-255

Private IP

It is not necessary that every time we make a network we are connected to


some.ISP (Internet Service Provider). So in that case we require some private IP also
which can be used in indigenous networks .In each class a range of IP addresses have been
defined for this purpose.
CLASS A 10.0.0.1 to 10.255.255.244
CLASS B 172.16.0.1 to 172.34.255.254
CLASS C 192.168.0.0/16

LoopbackThe IP address 127.0.0.1 is used as the loopback address. This


means that it is used by the host computer to send a message back to itself. It is
commonly used for troubleshooting and network testing.
There is a concept called Subnetting that is used to divide a network into its sub parts.
Subnetting is of two types FLSM and VLSM
FLSM: Fixed LAN subnet Mask.
VLSM: Variable LAN Subnet Mask.

SUBNETTING:
There are lots of reasons in favor of subnetting, including the following
benefits:
Reduced network traffic
Optimized network performance
Simplified management
Facilitated spanning of large geographical distance

By default subnet mask for Class A is 255.0.0.0.


By default subnet mask for Class B is 255.255.0.0
By default subnet mask for Class C is 255.255.255.0
By default subnet mask for Class D is 255.255.255.255

ROUTERS:
Establishing a computer network requires the installation of several hardware
and software components. The data is sent to the next network points in the form of packets;
this transfer of packets is carried through routers.

Types of routers:
1. 2620XM
2. 2621XM
3. 2811
Routers of 2600 series are used in IPv4 for communication and 2800 series are used
in IPv6 for communication. When multiple routers are used in interconnected networks, the
routers exchange information about destination addresses, using a dynamic routing protocol.
Each router builds up a table listing the preferred routes between any two systems on the
interconnected networks. A router has interfaces for different physical types of network
connections, (such as copper cables, fiber optic, or wireless transmission).
Routers may also be used to connect two or more logical groups of computer devices known
as subnets, each with a different sub-network address. The subnets addresses recorded in the
router do not necessarily map directly to the physical interface connections.[2] A router has
two stages of operation called planes:[3]
Control plane: A router records a routing table listing what route should be used to forward a
data packet, and through which physical interface connection. It does this using internal preconfigured addresses, called static routes.
Forwarding plane: The router forwards data packets between incoming and outgoing interface
connections. It routes it to the correct network type using information that the packet header
contains. It uses data recorded in the routing table control plane.
2500 and 2600 series are also known as Middle Age Router.

Practical Introduction to routers


Routers operates mostly through CLI i.e. , Command Line Interface
Components of a router
1. Processor

2.
3.
4.
5.

RAM
NVRAM
Flash Memory
ROM

1. Processor: It is used for processing related to routing. Processors are mostly made by
Motorola Company.

2. RAM: It is a volatile memory. In RAM there is a file named Running-Config that


contains all the data of RAM. In Running-Config all the files are the files are stored
temporarily.

3. NVRAM: It is a Non-Volatile memory. In NVRAM the data is permanently stored.


There is a file named Startup-Config that contains the data. When we copy the data from
running-config to startup-config then after the data is permanently stored.

4. Flash Memory: It contains the IOS of the router. IOS stands for
INTERNETWORK OPERATING SYSTEM
5.ROM: ROM contains the following
(a) POST(Power ON Self Test) Program
(b) Bootstrap Program
(c) Mini OS used for trouble shooting

Booting sequence of Router


1.
2.
3.
4.
5.
6.

POST program will check all hardware and memory status of router.
Booting files will load into the RAM from ROM
Bootstrap Program will load the IOS into RAM from Flash memory.
It will prepare a list of hardware and software components of a router.
It will copy the Startup-config into Running-config file from NVRAM to RAM
It will ask to configure Startup-config file.

ADVANTAGES OF USING ROUTER:

1. There are two advantages of using routers in the network:


2. They dont forward broadcasts by default
3. They can filter the network based on layer 3 (Network Layer) information (eg. IP
Address)

FUNCTIONS OF ROUTERS:
1.
2.
3.
4.

Packet switching
Packet filtering
Internetwork communication
Path selection

2500 Series Router


It contains following ports
1. AUI(Attachment Unit Interface)- It has 15 pins used for LAN connection.
2. Serial 0- It has 60 pins and is used to connect router to another router through serial
cable. It has two ends i.e. DTE and DCE.
3. Serial 1- It has 60 pins.
4. BRI(Basic Rate Interface) - It is a RJ-45 connector and is used for connection through
telephone lines.
5. Console-It is a RJ-45 connector and is used for accessing the router for configuration.
Rolled over cable or console cable is used to connect PC and router. Hyperterminal
service is used for this service.
6. AUX-It is a RJ-45 connector. It is used for modem connection.

Modes of Router
1. User Execution mode
Router>
2. Privilage Execution mode
Router#
3. Third Mode
Router(config)#

In user execution mode we will use only one command

Router>enable
After the above command we will enter into the second mode.After entering second mode we
will type Configure terminal to enter into the third mode. After entering the third mode we
can configure new settings for the router.
Exit command is used for going back to the previous mode.

Here is a list of commands that are in router for various purposes.


For changing the name of the router we type the command as following
This command works on third mode .

e.g Router(config)#hostname name


Here name is the name of the router that we want to change.

Router(config)#hostname R1
It will give output as:

R1(config)#
To show details of all the interfaces of routers
R1# show ip interface brief
In routers status of all the interfaces is by default Administratively down.

For assigning Ip addresses to interfaces


R1(config)# interface fastethernet 0/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
The above command is used for assigning ip address to the fastethernet 0/0 interface and
255.0.0.0 is the subnet mask of the of given ip address. As the given subnet is the by default
for CLASS A ip address. If we do not provide subnet mask along with ip address it will give
the following error.

INCOMPLETE COMMAND

For changing the status from administratively down to up.

R1(config-if)# no shutdown
After this command a message will be displayed.
The same command can be used to configure ip addresses to other interfaces.

To see the configuration in RAM


R1#show running config

TYPES OF ROUTER PASSWORDS


1.
2.
3.
4.
5.

Enable Password
Enable Secret Password
Line Console
Telnet Password/Line vty password
Auxillary Password

1. Enable Password:
This password is applicable when we want to enter into the second mode.

Command: enable password pass


Here pass is the password that we have assigned.
2. Enable Secret Password:
Used in same place as enable password

Command: enable secret pass_name


The main difference between enable password and enable secret password is
that enable secret password is stored in the encrypted form in the RAM for temporary storage
and in NVRAM for permanent storage.

3. Line Console Password:


This password is asked when we access router through console cable.It is asked
before entering into the first mode.
In third mode ::
R1(config)#line console 0
R1(config-line)#password pass_name
This password is not enabled yet.

R1(cconfig-line)#login
This command is used to enable the console password as the console password is by
default disabled.

4. Line vty password or Telnet password:


To apply telnet on the router,we firstly have to apply telnet password and
enable password or enable secret password.

Command: R1(config)#line vty 0 15


R1(config-line)#password pass_name
R1(config)#enable secret pass_name
Now we have access over the telnet service.

5. Auxillary password:
This password is used to protect access of router through modem.

Command:R1(config)#line console 0
R1(config-line)#password pass_name
Here line console 0 is used in packet tracer and line aux 0 is used in case of real routers.
AND 0 indicates single user.

To save configuration and passwords


R1(config)#copy running-config startup-config

OR
R1(config)#w

ROUTING
Definition: Process of selecting best path from multiple available paths or routes and
then forwarding the data over that best route.

Types :
1. Static Routing
2. Dynamic Routing
In static routing route is decided by the administrator and it is used in small routers.
Where-else in dynamic routing route is decided by routing protocols. In dynamic routing
route can also be defined by administrator bnuut in case of complicated networks.
There are mainly two things to do in routing. i.e, Data scheduling and Data forwarding.

There are two types of protocols.


1. Routing Protocols:These are used for best route selection and the examples of these are
RIP,OSPF,EIGRP
2. Routed Protocols: These are used for best route selection and the examples for these are
IPv4,IPv6,Apple talk.

STATIC ROUTING:

R3(config)#ip route 11.0.0.0 255.0.0.0 50.1.1.2


R3(config)#ip route 12.0.0.0 255.0.0.0 50.1.1.2
R3(config)#ip route 60.0.0.0 255.0.0.0 50.1.1.2

The above commands are used for telling the router 3 that there are other ip addresses also
exists. AND same commands are used for router 4 and 5 but the ip address will change.
There is a command for checking the routing table.
Router# show ip route

DYNAMIC ROUTING
In dynamic routing there is term called AS or AUTONOMOUS SYSTEM i.e if we
have many routers in a system and only there is only one admin and only one policy for all
routers then the system is called as Autonomous system. And if we have different policies the
the system is called as autonomous system.

Two types of routing protocols


1. IGP: Interior Gateway Protocol and it is used in AS.
2. EGP: Exterior Gateway Protocol and it is used in different AS.

IGP is further is further divided into three protocols


1. Distant Vector Routing Protocol
2. Link State Routing Protocol
3. Hybrid Routing Protocol

Distant Vector Routing Protocol is further divided into.


1. RIP: Routing Information Protocol
2. IGRP: Interior Gateway Routing Protocol

Link State Routing Protocol is divided into


1. OSPF: Open Shortest Path First
2. IS-IS: Intermediate System

Hybrid Routing Protocol has further one part :


EIGRP: Enhanced Interior Gateway Routing Protocol

RIP(Routing Information Protocol)

It is a distance vector protocol.


It measures distance according to number of hopes/router.
Metrics used is HOP Count.
It can support only 15 hopes at maximum.
It sends full routing update after every 30 seconds.
It is a vendor neutral protocol.

Updates are send to directly connected hopes.

RIP has two versions


RIPv1
1. It does not support subnetting.
2. It cannot understand classless IP.
3. It does not send network ID or
network subnet mask information.
Broadcast address:255.255.255.255
for advertising its network.

RIPv2
It supports subnetting.
It can understand classless IP.
It sends network ID or subnet mask
Information.
Multicast Address: 224.0.0.9 for advertising
Its network.

Commands used in RIP


R1(config)#router rip
For enabling RIP
R1(config-router)#Network network_address
R1(config-router)#Network network_address
and so on according to the number of physical connection to the router and same
commands for other routers.

To show the routing table0

OSPF(Open Shortest Path First): It sends subnet status of every link with its
neighbour(s).

Features
1. It is a link state routing protocol.
2. It uses Link State Advertise message to share routing information.
3. It sends full routing update only first time after that update only related to network
changing will be sent.

4. It sends routing update message after 30 minutes but if any change occurs in the network
it can send routing update before 30 minutes also.
5. It uses bandwidth metrics.
6. It uses SPF/Dijkstra Algorithm.
7. It uses two addresses for multicasting 224.0.0.5 and 224.0.0.6 for advertising its
network.
8. It is also vendor neutral.

There are three types of table in OSPF


1. Neighbour Table
2. Database/Topology Table
3. Routing Table
Neighbour Table: For being a neighbour following conditions should be met
1. Hello Interval Time: It should be same. e.g. Router1 will send Hello manage to
router2 and vice versa for checking connectivity
Hello message contain:
1. Hello Interval Time
2. Dead Interval Time
3. RID-Router ID
If the interval time is not same, then these cannot be the neighbour whether directly
connected.
Dead Interval Time should be same.It router1 sends message and router2 does not
reply for another 10 sec then router1 sends hello message again to router2 and so on
for another 30 seconds i.e. four messages will be sent for confirmation otherwise it
will be considered
DEAD INTERVAL TIME.
Subnet should be same.
Routers can communicate directly or indirectly.

Types of Links:1. P2P:- eg Serial Connection and it has direct connectivity.


2. Multipoint:-Any router can share information with any router indirectly.
There is a head called DR or Designated router and sub head called BDR or Backup
Designated Router. If any router want to share information other than DR and BDR then that
router will send information to DR and BDR and then DR will send that information to other
routers.BDR will work in the absence of DR or when DR gets corrupted.

224.0.0.5 is used for sending message to DR and BDR.


224.0.0.6 is used for sending message to other routers by DR and BDR.

Election of DR and BDR


1. OSPF Priority Value: The router having maximum OSPF priority value will be
elected as DR and second maximum OSPF priority value will be elected BDR.
All routers are having by default OSPF priority value 1.
2. Routers are having maximum 32 bit RID value.
It appears same as IP address.
The router having the maximum RID value will be elected as DR.
Admin never configure RID value.
3. We have one logical interface known as LOOPBACK INTERFACE, we can assign IP
to loopback interface .
We normally dont assign IP to loopback interface, then the maximum IP
address on any physical interface will be considered as RID value.

Database/Topology Table:
Entry related to all possible routers to reach destination
networks will be entered in topology table.

Routing Table:
Entry related to best route from all available route to reach a destination
network.

WILD CARD MASK: It also defines netwrk ID as same as subnet mask. If we are
having network having 8 bits then it is represented as 0.255.255.255.
We have a term called as PROCESS-ID that is used to run the OSPF running at the initial
stage. It can vary from 1 to 65535. It can be different on all routers but also can be same. We
have also got one more thing called AREA that tells about the area in which the particular
network lies.

Commands used in OSPF


R1(config)# router ospf 100 area area_num
Here 100 is the process id.

R1(config-router)# network network_address wildcard_mask area_number


e.g. R(config-router)# network 10.0.0.0 0.255.255.255 area 0

and same commands for other routers. This is simple case when we have less number of
routers. But the situation becomes more complex when we have large number of routers then
there will be intense load on router and maximum time will be utilised in making tables only
and its original task will be ignored.

AREA HIERARCHY MODEL

EIGRP (Extended Interior Routing Protocol)


It is a hybrid routing protocol. i.e from Distant Vector and Link State.

It supports 255 hops but by default the number is 100.


It sends update whenever it gets update or triggered update.
It supports hop but it does not use number of hopes as its metrics.

It uses Bandwidth, Delay, Load, Reliability metrics for choosing its path. But
by default it uses bandwidth and delay.
It uses DUAL or diffusing/spread update algorithm.
Multicast Address: 224.0.0.10
It is a vendor based protocol.

ACL(Access Control List)

To assign controls or access controls to any user. Types of ACL


Standard
1.
2.
3.
4.

Basic ACL
We cannot block a particular
It uses only source address.
We should apply it near
destination address.
5. It is represented by numbers
99.

Extended
Advanced ACL
We can block a particular service service.
It uses both source & destination
We should apply it near source
address.
It is represented by numbers between 1100-199.

NAT or Network Address Translation


It is used to translate the local IP address
on a network with the global or public IP address.

Requirement of NAT when..

1. When we are connect to the internet and our hosts dont have global unique IP address
. We are using private addresses.
2. We change our network to another ISP and that require to renumber our network.
Then using the NAT we didnt need to change our IP address.
3. We need to merge two internets with duplicate addresses.
4. No any host from the foreign network can access our local network. Local network
security.

Terms used in NAT

Inside Local: Name of inside source address before translation.


Outside Local: Name of destination host before translation.
Inside Global: Name of Inside host after Translation.
Outside Global: Name of outside destination host after translation.

Types of NAT
1. Static NAT: It is a type of NAT that is designed to allow One-to-One mapping
between the local IP addresses and global IP address.
2. Dynamic NAT: This gives the ability to map an unregistered IP address with a
registered ip address from out of pool of ip address. We dont have to statically
configure our router to map an inside address with outside address like in static NAT.
But we have sufficient number of IP address for every user who is going to transfer
packets with internet.

PAT or PORT ADDRESS TRANSLATION:Port Address Translation (PAT) is a special kind of Network Address Translation (NAT).
It can provide an excellent solution for a company that has multiple systems that need to
access the Internet but that has only a public IP addresses. PAT is commonly known as
NAT overload (or sometimes just overload).

In this configuration, you have multiple clients on your inside network wanting to access
an outside network (usually the Internet). You have few public IP addresses, many more
than the number of clients, so you have to overload that real Internet IP address. In
other words, you are mapping many inside clients to a single Internet IP address (many to
one).

PAT Features
PAT uses unique source port numbers on the inside global IP address to distinguish

between translations.

Relation between NAT & PAT


NAT was designed to be a solution to the lack of public IP addresses
available on the Internet. The basic concept of NAT is that it allows inside/internal hosts to
use the private address spaces (10/8, 172.16/12, and 192.168/16 networkssee RFC1918),
go through the internal interface of a router running NAT, and then have the internal
addresses translated to the router's public IP address on the external interface that connects to
the Internet.
If you dig into NAT a little deeper, you will discover that there are really three ways to
configure it. From these configurations, you can perform a variety of functions. The three
configurations are:
STATIC NAT
POOLED NAT
PAT

To configure PAT/NAT correctly the first time, you need to understand the Cisco NAT
terminology and how your IP networks/addresses map to each of the entities listed below:
Inside local address The IP address assigned to a host on the inside network. This
is the address configured as a parameter of the computer OS or received via dynamic

address allocation protocols such as DHCP. The address is likely not a legitimate IP
address assigned by the Network Information Center (NIC) or service provider.
Inside global address A legitimate IP address assigned by the NIC or service
provider that represents one or more inside local IP addresses to the outside world.
Outside local address The IP address of an outside host as it appears to the inside
network. Not necessarily a legitimate address, it is allocated from an address space
routable on the inside.
Outside global address The IP address assigned to a host on the outside network
by the host owner. The address is allocated from a globally routable address or
network space.

Switches are of two types


1) Managed
2) Unmanaged
Managed switch supports SNMP (Simple Network Management Protocol)

Different switching Principles:1. Store-and-forward:- The switch fully receives all bits in the frame before forwarding
the frame .
2. Cut-through:- The switch performs the address table lookup as soon as the
destination address field in the header is received. The first bits in the frame can
be sent out the outbound port before the final bits in the incoming frame are
received.
3. Fragment Free:- This performs like cut-through switching, but the switch waits
for 64 bytes to be received before forwarding the first bytes of the outgoing
frame. According to Ethernet specifications, collisions should be detected during
the first 64 bytes of the frame; frames in error because of a collision will not be
forwarded.

In switching we have the main concept - VLAN


VLAN or Virtual LAN
1. A VLAN is a logical grouping of networks users and resources connected to
administratively defined ports on a switch.
2. VLAN allows us to break broadcast domain in a pure switched internetwork.
3. VLAN allow us to create smaller broadcast domains within a layer 2 switched
based internetwork.
Network adds, moves and changes are achieved by configuring a port into the appropriate
VLAN. Group of users needing high security can be put into a VLAN so that no users outside
of the VLAN can communicate with them. VLANs are independent from their physical or
logical locations. VLANs can enhance network security. These increase number of broadcast
domains and decrease the size of each broadcast domain. All the devices in a VLAN are a
member of same broadcast domain and receive all broadcast address. The broadcasts, by
default, are filtered from all ports on a switch that are not member of the same VLAN. This
is one of the prime benefit that we get with a VLAN based switched network, otherwise we
would have faced serious problem if all our users were in same broadcast domain.In a flat
network anyone connecting to the physical network could access the network resources
located that physical LAN. In order to observe any/all traffic happening in that network one
has to simply plug a network analyzer into the hub. Users can join any workgroup by just
plugging their workstations into the existing hub. By building VLANs and creating multiple
broadcast groups, administrators can now have control over each port and user. Since VLANs
can be created in accordance with the network resources a user requires, a switch can be
configured to inform a network management station of any unauthorized access to network
resources. During inter VLAN communication, we can implement restrictions on a router to
achieve it. By assigning switch ports or users to VLAN groups on a switch or group of
switches, we gain flexibility to add only the users we want into that broadcast domain
regardless of their physical location. When a VLAN becomes to big, we can create more
VLANs to keep broadcasts from consuming too much bandwidth.

References
Study Notes that were made during training and the book given by
Jetking Institute for reference.

You might also like