PROJECT REPORT

ON
(ROUTING WITH OSPF USING EXTENDED ACCESS LIST & NAT)
*SIX MONTHS INDUSTRIAL TRAINING

Tek Chand Mann College of Engineering

(Approved by the AICTE New Delhi & Affiliated to M. D. University, Rohtak)
64th KM stone, G. T. Karnal Road (NH-1), Vill- Chirashmi
Teh- Gannaur,District Sonepat, Haryana, India

SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR

THE AWARD OF DEGREE
OF
B. Tech ( Electronics & Communication )

SUBMITTED TO: MR. DHEERAJ KUMAR

(H.O.D, ECE DEPT.)

SUBMITTED BY:KUMAR ABHISHEK

B.Tech, 4th YEAR
(2009-TCEC-1062)

TRAINING PROVIDED BY
CMC Limited NOIDA
( A TATA Enterprise & A Subsidiary of TCS Limited )
IN
NETWORKING (CCNA)

SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR

THE AWARD OF DEGREE
OF
B. Tech ( Electronics & Communication )

SUBMITTED BY:
KUMAR ABHISHEK
Kr.abhishek1991@gmail.com
Mb. +918586811891
B. Tech - (2009-TCEC-1062)
ACKNOWLEDGEMENT

The successful completion of any task would be incomplete without accomplishing

the people who made it all possible and whose constant guidance and encouragement
secured us the success.
I would like to thank CMC NOIDA for providing me with an opportunity to pursue
my industrial training, as it an important Part of the course of B. Tech and it is the one
that exposes you to the industry standards and make you adapt yourself to the latest
trends and technologies. At the same time, it gives an experience of working on real
time scenarios of the organization.

I feel pride and privileged in expressing my deep sense of gratitude to all those who
have helped me in presenting this assignment. I express my sincere gratitude to
Mr. Sunil Kumar for their inspiration, constructive suggestions, mastermind analysis
and affectionate guidance in my work. It was all impossible for me to complete this
project without their guidance and all.
Last but not the least I would like to add my deepest gratitude for my entire faculty of
ECE Department 6th & 7th Sem. at TCMCE from where I have learnt the
basics of Computer Networking which helped me a lot in completion of this project.

Preface

The quest for knowledge can never end .The deeper you dig the greater the unexplored seems
to be no man can honestly say?
That he has learned all that this world has to offer we cant achieve anything worthwhile in
any field only on basis theoretical from the book, programmatically knowledge obtains
through working at zero level and gaining experience, in my view In order to achieve
tangible positive and concert result, the classroom knowledge needs to be effective wedded to
the realities of the situation existing outside the classroom.

CMC Center is one of the leading public sector organizations in the country in
the area of development. The keen interest of the technical CMC Center, in explaining the
various processes has helped me to add much more in my knowledge and I am really too
grateful to all the members of CMC Center. To such great heights as achieved by CMC
Center nationally and globally during part few year.

COMPANYPROFILE

CMC Limited a Tata Enterprise is a premier information technology company with an all
India presence having ISO 9001-2000 certification for its R&D Center & System Integration
(NR group). CMC Limited has been conducting computer-training program for various
organizations since 1978. Large and complex project management capabilities since its
incorporation in 1975, CMC has an enviable record of successfully building IT solutions for
massive and complex infrastructure and market projects.
Take, for instance, just three of the many major projects
undertaken by CMC:
A passenger ticketing and reservation system for Indian Railways, which runs 6,000
passenger trains carrying over 10 million passengers a day, on a 90,000-km railway network
covering around 8,000 railway stations.

 Cargo handling system is a comprehensive online real time cargo handling system to
integrate all complex and varied activities of container terminals. This system has been
implemented for several Indian and International ports.
An online transaction processing system for the Bombay Stock Exchange, which handles
millions of securities trading transactions every day.
CMC LTD has been imparting corporate trainings for the renowned leading organizations like
Tech Mahindra, HCL Technologies, Tata Consultancy Services Tata motors and so on. We
have already Trained 400 employees of Tech Mahindra & more than 800 employees of HCL
under the ILP since July 2006. To add on , at NOIDA, we have an online testing facility from
Pearsons Vue for the candidates, interested in going for vendor certification on the
technology. We are also proud to have world-class trainers for providing in-depth
understanding of the topics. Apart from that we have tie-ups with various academic
institutions imparting technical education such as engineering colleges pan India for Project
based Industrial training on .Net / JAVA / PHP / Embedded Systems and Oracle.

ABSTRACT
OPEN SHORTEST PATH FIRST (OSPF)
OPEN SHORTEST PATH FIRST (OSPF) is an open standards routing protocol that
been implemented by a wide verity of network vendors, including Cisco. If we
have multiple routers and not of them are Cisco. If it is a large networks, then
really your only options are OSPF or something called route redistribution- a
translation service between routing protocols.
This works by using the Dijkstra algorithm. First a shortest path tree is constructed
and then the routing table is populated with the resulting best paths. OSPF
converges quickly, although perhaps not so quickly as EIGRP, and supports multiple,
equal cost routers to use the same destination.
VIRTUAL LANs (VLANs)
VLAN Basics
As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain
created by switches. Normally, it is a router creating that broadcast domain. With VLANs, a
switch can create the broadcast domain.
This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the
default VLAN. All ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and
other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be
seen on any other port in any other VLAN, other than 10. However, these devices can all
communicate because they are on the same VLAN. Without additional configuration, they
would not be able to communicate with any other devices, not in their VLAN.
Are VLANs required?
It is important to point out that you dont have to configure a VLAN until your network gets
so large and has so much traffic that you need one. Many times, people are simply using
VLANs because the network they are working on was already using them.
Another important fact is that, on a Cisco switch, VLANs are enabled by default and ALL
devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by
default, you can just use all the ports on a switch and all devices will be able to talk to one
another.
When do I need a VLAN?
You need to consider using VLANs in any of the following situations:

You have more than 200 devices on your LAN

You have a lot of broadcast traffic on your LAN
Groups of users need more security or are being slowed down by too many
broadcasts?
Groups of users need to be on the same broadcast domain because they are running
the same applications. An example would be a company that has VoIP phones. The
users using the phone could be on a different VLAN, not with the regular users.
Or, just to make a single switch into multiple virtual switche
There are several ways that VLANs simplify network management:
Network adds, moves, and changes are achieved by configuring a port into the
appropriate VLAN.
A group of users needing high security can be put into a VLAN so that no users
outside of the VLAN can communicate with them.
As a logical grouping of users by function, VLAN can be considered independent
from their physical or geographic locations.
VLANs can enhance network security.
VLANs increase the number of broadcast domains while decreasing their size.
VLAN modes

There are three different modes in which a VLAN can be configured. These modes are
covered below:

VLAN Switching Mode The VLAN forms a switching bridge in which frames are
forwarded unmodified.

VLAN Translation Mode VLAN translation mode is used when the frame tagging
method is changed in the network path, or if the frame traverses from a VLAN group
to a legacy or native interface which is not configured in a VLAN. When the packet is
to pass into a native interface, the VLAN tag is removed so that the packet can
properly enter the native interface.
VLAN Routing Mode When a packet is routed from one VLAN to a different
VLAN, you use VLAN routing mode. The packet is modified, usually by a router,
which places its own MAC address as the source, and then changes the VLAN ID of
the packet.
VLAN configurations

Different terminology is used between different hardware manufacturers when it comes to

VLANs. Because of this there is often confusion at implementation time. Following are a few
details, and some examples to assist you in defining your VLANs so confusion is not an
issue.
Cisco VLAN terminology
You need a few details to define a VLAN on most Cisco equipment. Unfortunately, because
Cisco sometimes acquires the technologies they use to fill their switching, routing and
security product lines, naming conventions are not always consistent. For this article, we are
focusing only one Cisco switching and routing product lines running Cisco IOS.

VLAN ID The VLAN ID is a unique value you assign to each VLAN on a single
device. With a Cisco routing or switching device running IOS, your range is from 14096. When you define a VLAN you usually use the syntax "vlan x" where x is the
number you would like to assign to the VLAN ID. VLAN 1 is reserved as an
administrative VLAN. If VLAN technologies are enabled, all ports are a member of
VLAN 1 by default.
VLAN Name The VLAN name is an text based name you use to identify your
VLAN, perhaps to help technical staff in understanding its function. The string you
use can be between 1 and 32 characters in length.
Private VLAN You also define if the VLAN is to be a private vlan in the VLAN
definition, and what other VLAN might be associated with it in the definition section.
When you configure a Cisco VLAN as a private-vlan, this means that ports that are
members of the VLAN cannot communicate directly with each other by default.
Normally all ports which are members of a VLAN can communicate directly with
each other just as they would be able to would they have been a member of a standard
network segment. Private vlans are created to enhance the security on a network
where hosts coexisting on the network cannot or should not trust each other. This is a
common practice to use on web farms or in other high risk environments where
communication between hosts on the same subnet are not necessary. Check your
Cisco documentation if you have questions about how to configure and deploy private
VLANs.
VLAN modes in Cisco IOS, there are only two modes an interface can operate in,
"mode access" and "mode trunk". Access mode is for end devices or devices that will
not require multiple VLANs. Trunk mode is used for passing multiple VLANs to
other network devices, or for end devices that need to have membership to multiple

VLANs at once. If you are wondering what mode to use, the mode is probably "mode
access"

OBJECTIVE AND INTRODUCTION

OBJECTIVE
To design and configure a Routing with OSPF with Extended Access list and NAT as
per the requirements of the company.
FEATURES

Consists of areas and autonomous system

Minimize routing update traffic
Allows scalability
Supports VLSM/CIDR
Has unlimited hop count
Allows muti-vendor deployment (open standard)
OSPF is the link-state routing protocol

MATERIALS AND METHODS

HARDWARE REQUIREMENT

Router
Switch
Access Point
Cables
Straight cable
Serial cable
PC

Contents
1. Introduction to 2800 series router
2. Introduction to Computer networking concept
2.1 Network
2.2 Types of Network
2.3Network Topology
2.3.1 Types of Network Topology
3. Basic hardware component
4. Network cabling
5. Network models and protocols
5.1 OSI Model
5.2 TCP/IP Model
6. IP addressing
7. Router
8.1 Routing
8.2 Routing Protocol
8.2.1 RIPv1
8.2.2 RIPv2
8.2.3 EIGRP
8.2.4 OSPF
9. ACL
10. NAT
10.1Types of NAT
11. CDP
12. IPv6
13. WAN
14. Configuring Routing with EIGRP using extended ACL

2. Introduction to Computer Networking Concepts

What is a Network?
In general, the term network can refer to any interconnected group or system. More
specifically, a network is any method of sharing information between two systems
(human, electrical or mechanical).

Figure 1: A Simple Network Example

A network lets you effortlessly transfer files, pictures, music and information
without using a disk or burning a CD. It also enables everyone in your home or office to
share one broadband Internet connection, one printer, one scanner.
2.2 Types of the Network
LAN (Local Area Network)
A Local Area Network is a group of computers and network communication devices
within a limited geographic area, such as an office building. Local area networking uses
switches, bridges and/or repeaters, and hubs to interconnect LANs and increase overall
size.

Figure 2: A Simple LAN Illustration

MAN (Metropolitan Area Network)
A Metropolitan Area Network is a network that connects two or more Local Area
Networks or Campus Area Networks together but does not extend beyond the
boundaries of the immediate town, city, or metropolitan area. Multiple routers, switches
& hubs are connected to create a MAN. A MAN can range anywhere from 5 to 50km in
diameter.
WAN (Wide Area Network)
A WAN is a data communications network that covers a relatively broad geographic
area (i.e. one city to another and one country to another country) and that often uses
transmission facilities provided by common carriers, such as telephone companies.
They are generally connected with each other using routers.

Figure 3: An Example of WAN

Personal Area Network (PAN)

A personal area network (PAN) is a computer network used for communication among
computer devices close to one person. Some examples of devices that may be used in a
PAN are printers, fax machines, telephones, PDAs or scanners. The reach of a PAN is
typically within about 20-30 feet (approximately 6-9 Meters).

Storage Area Network (SAN)

We heavily rely on data in modern time. We have a lot of data in the form of audio and
video. We need to store data for quick access and transfer on special storage devices. Its
special purpose is to allow users on a larger network to connect various data storage
devices with clusters of data servers.
Virtual Private Network (VPN)
A VPN is a private network that lets you access public networks remotely. A VPN uses
encryption and security protocols to retain privacy while it accesses outside resources
by creating a virtual network for you which acts as if you are having a private line for
the given period of time. When employed on a network, VPN enables an end user to
create a virtual tunnel to a remote location. Typically, telecommuters use VPN to log in
to their company networks from home.
According To the Type of Connection Used

Wired Network: A network that connects devices using cables (wires) like Coaxial
Cable, Twisted pair Cable, Optical Fibre Cable etc.

Wireless Network: A network that connects devices using wireless technologies like
Bluetooth, infrared, radio frequency etc.
According To the Functional Relationship (Network Architecture)
Peer to peer network (Workgroup)
A Workgroup is a collection of computers on a local area network (LAN) that share
common resources and responsibilities. Workgroups provide easy sharing of files,
printers and other network resources. Being a peer-to-peer (P2P) network design, each
Workgroup computer may both share and access resources if configured to do so.
Workgroups are designed for small LANs in homes, schools, and small businesses. A
Windows Workgroup, for example, functions best with 15 or fewer computers. As the
number of computers in a workgroup grows, workgroup LANs eventually become too
difficult to administer and should be replaced with alternative solutions like domains or
other client/server approaches.
Client-Server Network (Domain)

A Domain is a NetworkArchitecture in which each computer or process on the

network is either a client or a server. Servers are powerful computers or processes
dedicated to managing disk drives (file servers), printers (print servers), or network
traffic (networkservers). Clients are PCs or workstations on which usersrunapplications.
Clients rely on servers for resources, such as files, devices, and even processing power.

2.3 Network Topologies

Topology refers to the way in which the network of computers is connected. Each
topology is suited to specific tasks and has its own advantages and disadvantages. The
choice of topology is dependent upon--Type and number of equipment being used
Planned applications and rate of data transfers
Required response times
Cost
23.1 Types of Network Topologies

Physical Topology: Physical topology defines how devices are connected to the
network through the actual cables that transmit data ( physical structure of the network)

Logical Topology: Logical Topology (also referred to as Signal Topology) is a

network computing term used to describe the arrangement of devices on a network and
how they communicate with one another.

Common LAN Topologies (Physical)

1. BUS

Figure: Bus Topology Representation

In a bus topology:
A single cable connects each workstation in a linear, daisy-chained fashion.
Signals are broadcasted to all stations, but stations only act on the frames addressed to
them.

2. RING

Figure: Ring Topology Representation

In a ring topology:

Unidirectional links connect the transmit side of one device to the receive side of
another device.

Devices transmit frames to the next device (downstream member) in the ring.
3. STAR

Figure: Star Topology Representation

In a star topology:

Each station is connected to a central Hub or Switch (concentrator) that functions as a

multi-port repeater.

The HUB broadcasts data all of the devices connected to it.

The Switch transmits the data to the dedicated device for which the data is meant for.
LAN Transmission Methods.

Unicast Transmission:In unicast transmissions, a single data packet is sent from a

source to a single destination on the network.

Figure: Unicast Transmission

In Unicast Method:
oThe source addresses the packet with the destination address.
oThe packet is sent into the network.
oThe network delivers the packet to the destination.

Multicast Transmission: In multicast transmissions, a single data packet is copied

and sent to specific destinations on the network

Figure: Multicast Transmission Example

In Multicast Process:
oThe source addresses the packet using a multicast address.
oThe packet is sent into the network.
oThe network copies the packet.
o A copy is delivered to each destination that is included in the multicast address.

Broadcast Transmission: In Broadcast transmissions, a single data packet is copied

and sent to all the destinations on the network.

o
o
o
o

In Broadcast Process:
The source addresses the packet with the broadcast address.
The packet is sent into the network.
The network copies the packet.
The packet copies are delivered to all destinations on the network.

Figure: Broadcast Transmission

3. Basic Hardware Components
LAN Infrastructure Devices
All networks are made up of basic hardware building blocks to interconnect network
nodes, such as Network Interface Cards (NICs), Bridges, Hubs, Switches, and Routers.
In addition, some method of connecting these building blocks is required, usually in the
form of galvanic cable (most commonly Category 5 cable). Less common are
microwave links (as in IEEE 802.11) or optical cable ("optical fiber").
Network Interface Cards

Figure: A Network Interface Card (NIC)

A network card, network adapter or NIC (network interface card) is a piece of computer
hardware designed to allow computers to communicate over a computer network. It
provides physical access to a networking medium and often provides a low-level
addressing system through the use of MAC addresses. It allows users to connect to each
other either by using cables or wirelessly.
Repeaters

Figure: Examples of Repeater

A repeater is an electronic device that receives a signal and retransmits it at a higher
level or higher power, or onto the other side of an obstruction, so that the signal can
cover longer distances without degradation.
Because repeaters work with the actual physical signal, and do not attempt to interpret
the data being transmitted, they operate on the Physical layer, the first layer of the OSI
model.
Hubs

Figure: Example of Hubs

A hub (concentrator) contains multiple ports, which is used to connect devices in a star
topology. When a packet arrives at one port, it is copied to all the ports of the hub. But
when the packets are copied, the destination address in the frame does not change to a

broadcast address. It does this in a rudimentary way; it simply copies the data to all of
the Nodes connected to the hub (broadcast).
Bridges

Figure: A Common Bridge

A network bridge connects multiple network segments at the data link layer (layer 2)
of the OSI model. Bridges do not promiscuously copy traffic to all ports, as hubs do,
but learn which physical addresses are reachable through specific ports. Once the
bridge associates a port and an address, it will send traffic for that address only to that
port. Bridges do send broadcasts to all ports except the one on which the broadcast was
received.
Bridges learn the association of ports and addresses by examining the source address of
frames that it sees on various ports. Once a frame arrives through a port, its source
address is stored and the bridge assumes that MAC address is associated with that port.
The first time that a previously unknown destination address is seen, the bridge will
forward the frame to all ports other than the one on which the frame arrived.
Switches

Figure: Switches
A switch is a device that performs switching. Specifically, it forwards and filters OSI
layer 2 datagram (chunk of data communication) between ports (connected cables)
based on the Physical-Addresses in the packets. This is distinct from a hub in that it
only forwards the datagram to the ports involved in the communications rather than all
ports connected.
A switch normally has numerous ports with the intention that most or all of the
networks be connected directly to a switch, or another switch that is in turn connected
to a switch.
Routers

Figure: Two Modern Routers

Routers are networking devices that forward data packets along networks by using
headers and forwarding/routing tables to determine the best path to forward the packets.
Routers work at the Internet layer of the TCP/IP model or layer 3 of the OSI model.
Routers also provide interconnectivity between like and unlike media. A router is
connected to at least two networks, commonly two LANs or WANs or a LAN and its
ISP's network. Some DSL and cable modems, for home use, have been integrated with
routers to allow multiple home computers to access the Internet.

5.Network Models & Protocols

Overview
Network models define a set of network layers and how they interact. There are
several different network models depending on what organization or company
started them. The most important two are:
OSI Network Model (Reference Model)
The TCP/IP Model (DOD model)
5.1 The Open System Interconnection (OSI) Reference Model

Figure: The OSI Model

Introduction
In 1983, the International Standards Organization (ISO) developed a model
called Open Systems Interconnection (OSI) which is a standard reference model
20

for communication between two end users in a network. The model is used in
developing products and understanding networks.
Layers in the OSI Model
OSI divides Telecommunications into Seven Layers. Each layer is responsible
for a particular aspect of data communication. For example, one layer may be
responsible for establishing connections between devices, while another layer
may be responsible for error checking during transfer.
Layer 7: The Application Layer...
The Application Layer is the highest layer in the protocol stack and the layer
responsible for introducing data into the OSI stack. Here reside the protocols for
user applications that incorporate the components of network applications.
The applications can be classified as:
Computer applications
Network applications
Internetwork applications
Computer Applications
Applications
Presentation
Graphics
Database
Word Processing
Spreadsheet
Design/Manufactur
ing
Others

Network Applications

Network
Management
Information
Location
Remote Location
Electronic Mail
File Transfer
Client/Server
Process
Others

Internetwork

World Wide Web

Conferencing (Video, Voice,
Data)
Electronic Date Exchange
Internet Navigation Utilities
E-Mail Gateways
Special-Interest Bulletin Boards
Financial Transaction Services
Others

Figure 4: Classifications of Applications

Layer 6: The Presentation Layer...

This is a layer, usually part of an operating system, that converts incoming and
outgoing data from one presentation format to another (for example, from a text
stream into a popup window with the newly arrived text). This layer is
sometimes called the syntax layer.
The Presentation Layer is responsible for the following services:
21

Data representation: The presentation layer of the OSI model at the receiving
computer is also responsible for the conversion of the external format with
which data is received from the sending computer to one accepted by the other
layers in the host computer. Data formats include postscript, ASCII, or BINARY
such as EBCDIC (fully Extended Binary Coded Decimal Interchange Code).
Data security:Some types of encryption (and decryption) are performed at the
presentation layer. This ensures the security of the data as it travels down the
protocol stack. For example, one of the most popular encryption schemes that is
usually associated with the presentation layer is the Secure Sockets Layer (SSL)
protocol.
Data compression:Compression (and decompression) may be done at the
presentation layer to improve the throughput of data.
Layer 5: The Session Layer...
The Session Layer establishes, manages, and terminates sessions (different from
connections) between applications as they interact on different hosts on a
network. Its main job is to coordinate the service requests and responses
between different hosts for applications.
The sessions established between hosts can be:
Simplex:Simplex transmission is like a one-way street where traffic moves in
only one direction. Simplex mode is a one-way-only transmission, which means
that data can flow only in one direction from the sending device to the receiving
device.

Figure: Simplex Transmission (One-Way Street)

Half Duplex: Half Duplex is like the center lane on some three-lane roads. It is
a single lane in which traffic can move in one direction or the other, but not in
both directions at the same time. Half-duplex mode limits data transmission
22

because each device must take turns using the line. Therefore, data can flow
from A to B and from B to A, but not at the same time.

Figure: Half Duplex (Center Turn Lane)

Full Duplex: is like a major highway with two lanes of traffic, each lane
accommodating traffic going in opposite directions. Full-duplex mode
accommodates two-way simultaneous transmission, which means that both
sides can send and receive at the same time. In full-duplex mode, data can flow
from A to B and B to A at the same time.

Figure: Full Duplex (Interstate Highway)

Layer 4: The Transport Layer...

23

This layer manages the end-to-end control (for example, determining whether all
packets have arrived) and error-checking. It ensures complete data transfer.
The Basic Transport Layer Services are:
Resource Utilization (multiplexing): Multiple applications run on the same
machine but use different ports.
Connection Management (establishing & terminating): The second major
task of Transport Layer is establishing connection between sender & the
receiver before data transmission starts & terminating the connection once the
data transmission is finished
Flow Control (Buffering / Windowing): Once the connection has occurred
and transfer is in progress, congestion of the data flow can occur at a destination
for a variety of reasons.
Layer 3: The Network Layer...
The Network Layer is responsible for identifying computers on a network.
This layer is concerned with 2 functions:
Routing: It is the process of selecting the best paths in a network along which
to send data on physical traffic.

Figure: Routing at Network Layer

Fragmentation / Reassembly: if the network layer determines that a next
router's maximum transmission unit (MTU) size is less than the current frame
size, a router can fragment a frame for transmission and re-assembly at the
destination station.
Two types of packets are used at the Network layer:
Data packets: Used to transport user data through the internetwork. Protocols
used to support data traffic are called routed protocols.
Route update packets: Used to update neighboring routers about the network
connected to all routers within the internetwork. Protocols that send route
updates are called routing protocols.
Layer 2: The data-link layer...

24

The data link layer provides error-free transfer of data frames from one node to
another over the physical layer, allowing layers above it to assume virtually
error-free transmission over the link. To do this, the data link layer provides:

Frame Traffic Control: tells the transmitting node to "stop when no frame
buffers are available.
Frame Sequencing: transmits/receives frames sequentially.
Frame Acknowledgment: provides/expects frame acknowledgments. Detects
and recovers from errors that occur in the physical layer by retransmitting nonacknowledged frames and handling duplicate frame receipt.
Frame Delimiting: creates and recognizes frame boundaries.
Link Establishment and Termination: establishes and terminates the logical
link between two nodes.
Frame Error Checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use
the physical medium.
Data Link Sub layers
Logical Link Control (LLC): The LLC is concerned with managing traffic
(flow and error control) over the physical medium and may also assign sequence
numbers to frames and track acknowledgements. LLC is defined in the IEEE
802.2 specification and supports both connectionless and connection-oriented
services used by higher-layer protocols.
Media Access Control (MAC): The MAC sub layer controls how a computer
on the network gains access to the data and permission to transmit it.

Figure: Data Link Sub-Layers

Layer 1: The Physical Layer
The physical layer, the lowest layer of the OSI model, is concerned with the
transmission and reception of the unstructured raw bit stream over a physical
medium.
It describes the electrical/optical, mechanical, and functional interfaces to the
physical medium, and carries the signals for all of the higher layers.
It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by
the PC to better accommodate the characteristics of the physical medium, and to
aid in bit and frame synchronization. It determines:
o What signal state represents a binary 1
25

o How the receiving station knows when a "bit-time" starts

o How the receiving station delimits a frame
Physical medium attachment, accommodating various possibilities in the
medium:
o Will an external transceiver (MAU) be used to connect to the medium?
o How many pins do the connectors have and what is each pin used for?
Transmission technique: determines whether the encoded bits will be
transmitted by baseband (digital) or broadband (analog) signaling.
Physical medium transmission: transmits bits as electrical or optical signals
appropriate for the physical medium, and determines:
o What physical medium options can be used
o How many volts/db should be used to represent a given signal state, using a
given physical medium.
Devices Used At Each Layer of OSI Model
OSI Layers

Devices Used

Application Layer

Gateways, Layer 7 Switches

Presentation Layer

-----------

Session Layer

-----------

Transport Layer

Layer 4 switches

Network Layer

Router, Layer 3 switches

Data link Layer

NIC, Switch, Bridge

Physical Layer

Hubs,
Repeaters,
cables & connectors

Network

5.2 Transmission Control Protocol/Internet Protocol

(TCP/IP) Model Or DOD Model
A Brief Introduction
The TCP/IP Model is a specification for computer network protocols created in
the 1970s by DARPA, an agency of the United States Department of Defense. It
laid the foundation for ARPANET, which was the world's first wide area
network and a predecessor of the Internet.

26

Figure: Mapping of TCP/IP Suite to OSI

Layers in the TCP/IP Model
TCP/IP is generally described as having four 'layers or five if we include the
bottom physical layer.
The layers near the top are logically closer to the user application, while those
near the bottom are logically closer to the physical transmission of the data.
The TCP/IP Application Layer
TCP/IP application layer protocols provide services to the application software
running on a computer. The application Layer identifies the application running
on the computer through Port Numbers.
The various protocols that are used at the Application Layer are:
Telnet:Terminal Emulation, Telnet is a program that runs on your computer and
connects your PC to a server on the network. You can then enter commands
through the Telnet program and they will be executed as if you were entering
them directly on the server console. Port Number :23
FTP:File Transfer Protocol, the protocol used for exchanging files over the
Internet. FTP is most commonly used to download a file from a server using the
Internet or to upload a file to a server. Port Number : 20(data port) ,21(control
port)
HTTP:Hyper Text Transfer Protocol is the underlying protocol used by the
World Wide Web. HTTP defines how messages are formatted and transmitted,
and what actions Web servers and browsers should take in response to various
commands.
For example, when we enter a URL in the browser, this actually
27

sends an HTTP command to the Web server directing it to fetch and transmit the
requested Web page. Port Number :80
NFS: Network File System, a client/serverapplication that allows all network
users to access shared files stored on computers of different types. Users can
manipulate shared files as if they were stored locally on the user's own hard
disk. Port Number :2049
SMTP:SimpleMailTransfer Protocol, a protocol for sending e-mail messages
between servers. In addition, SMTP is generally used to send messages from a
mail client to a mail server. Port Number :25
POP3:PostOfficeProtocol, a protocol used to retrieve e-mail from a mail server.
Most e-mail applications (sometimes called an e-mail client) use the POP,
although some can use the newer IMAP (Internet Message Access Protocol)as a
replacement for POP3 Port Number :110
TFTP:TrivialFileTransfer Protocol, a simple form of the File Transfer Protocol
(FTP). TFTP provides no security features. It is often used by servers to boot
diskless workstations, X-terminals, and routers. Port Number :69
DNS: Domain Name System (or Service or Server), an Internet service that
translates domain names into IP addresses. Because domain names are
alphabetic, they're easier to remember. The Internet however, is really based on
IP addresses. Every time you use a domain name, a DNS service must translate
the name into the corresponding IP address. For example, the domain name
www.example.com might translate to 198.105.232.4. Port Number :53
DHCP:DynamicHostConfiguration Protocol, a protocol for assigning
dynamicIP addresses to devices on a network. With dynamic addressing, a
device can have a different IP address every time it connects to the network.
Dynamic addressing simplifies network administration because the software
keeps track of IP addresses rather than requiring an administrator to manage the
task. Port Number : 67(Server),68(Client)
BOOTP:Bootstrap Protocol (BOOTP) is utilized by diskless workstations to
gather configuration information from a network server. This enables the
workstation to boot without requiring a hard or floppy disk drive. Port Number :
67(Server),68(Client)
SNMP: Simple Network Management Protocol, a set of protocols for managing
complex networks. SNMP works by sending messages, called protocol data
units (PDUs), to different parts of a network. Port Number :161

The TCP/IP Transport Layer

The protocol layer just below the Application layer is the host-to-host layer
(Transport layer). It is responsible for end-to-end data integrity. Transport Layer
identifies the segments through Socket address (Combination of Port Number &
I.P. address).
The two most important protocols employed at this layer are the
Transmission Control Protocol (TCP): TCP provides reliable, fullduplexconnectionsandreliable service by ensuring that data is retransmitted
when transmission results in an error (end-to-end error detection and
correction). Also, TCP enables hosts to maintain multiple, simultaneous
connections.
User Datagram Protocol (UDP): When error correction is not required, UDP
provides unreliable datagram service (connectionless) that enhances network
throughput at the host-to-host transport layer. It's used primarily for
broadcastingmessages over a network.
28

The TCP/IP Internet Layer

The best known TCP/IP protocol at the internetwork layer is the Internet
Protocol (IP), which provides the basic packet delivery service for all TCP/IP
networks node addresses, the IP implements a system of logical host addresses
called IP addresses.
The IP addresses are used by the internetwork and higher layers to identify
devices and to perform internetwork routing. IP is used by all protocols in the
layers above and below it to deliver data, which means all TCP/IP data flows
through IP when it is sent and received, regardless of its final destination.
Types of Addresses Used During Data Communication
Introduction
TCP/IP Layers

Addresses Used

Application Layer

Port Numbers

Transport Layer

Socket Address

Network Layer

I.P. Address

Network Access Layer

Physical Address

Port Numbers
A port number is a way to identify a specific process to which an Internet or
other network message is to be forwarded when it arrives at a server.
The port numbers are divided into three ranges:
The Well Known Ports: Range from 0 through 1023. The Well Known port
numbers are registered by the IANA and are already assigned to the Well
Known protocols. Well Known port numbers can only be used by system (or
root) processes or by programs executed by privileged users.
The Registered Ports: Range from 1024 through 49151. The registered port
numbers are also registered by the IANA. The Registered Ports are listed by the
IANA and on most systems can be used by ordinary user processes or programs
executed by ordinary users.
The Dynamic and/or Private Ports: Range from 49152 through 65535. The
Dynamic port numbers are available for use by any application used for
communicating with any other application, using the Internet's Transmission
Control Protocol (TCP) or the User Datagram Protocol (UDP).
Socket Address
Socket address is a combination of Port Number for a particular process & the
I.P. address of the host.
I.P. Address (Logical Address)
There are two different versions of I.P. address: IPv4 & IPv6.

29

IPv4
IPv4 is a 32 bit numeric address used for data communication at the internet
layer. This has been in use for more than 20 years and served well but growing
number of devices in networks has forced us to go for a new addressing scheme
and here comes IPv6.
IP address will be discussed in more details in the coming Sessions.
IPv6
IP Version 6 (IPv6) is the newest version of IP, sometimes called IPng for IP,
Next Generation. IPv6 is fairly well defined but is not yet widely deployed.
The main differences between IPv6 and the current widely-deployed version of
IP (which is IPv4) are:
IPv6 uses larger addresses (128 bits instead of 32 bits in IPv4) and so can
support many more devices on the network.
IPv6 includes features like authentication and multicasting that had been
bolted on to IPv4 in a piecemeal fashion over the years.
Physical Address (Hardware Address/MAC Address)
The MAC (Media Access control) address is a unique value associated with a
network adapter. They uniquely identify an adapter on a LAN. MAC addresses
are 12-digit hexadecimal numbers (48 bits in length).
By convention, MAC addresses are usually written in one of the following two
formats:
MM:MM:MM:SS:SS:SS
MM-MM-MM-SS
The first half (24 bits) of a MAC address contains the ID number of the adapter
manufacturer (Vendor ID). The second half(24 bits) of a MAC address
represents the serial number assigned to the adapter by the manufacturer. In the
example,
00:A0:C9:14:C8:29
The prefix 00A0C9 indicates the manufacturer is Intel Corporation.
24 bits
Vendor ID

24 bits
Adaptor ID

6. IP Addressing
An Introduction
If a device wants to communicate using TCP/IP, it needs an IP address. I.P.
addressing was designed to allow hosts on one network to communicate with a
30

host on a different network regardless of the type of LANs the hosts are
participating in. When the device has an IP address and the appropriate software
and hardware, it can send and receive IP packets. Any device that can send and
receive IP packets is called an IP host.

IP Terminology
The important terms vital to the understanding of the Internet Protocol are:
Bit: A bit is one digit, either a 1 or a 0.
Byte: A byte is 8 bits.
Octet: An octet, made up of 8 bits, is just an ordinary 8-bit binary number. In
this Session, the terms byte and octet are completely interchangeable.
Network address: This is the designation used in routing to send packets to a
remote networkfor example, 10.0.0.0, 172.16.0.0, and 192.168.10.0.
Broadcast address: The address used by applications and hosts to send
information to all nodes on a network is called the broadcast address. Examples
include 255.255.255.255, which is all networks, all nodes; 172.16.255.255,
which is all subnets and hosts on network 172.16.0.0; and 10.255.255.255,
which broadcasts to all subnets and hosts on network 10.0.0.0.

The Hierarchical IP Addressing Scheme

An IP v4 address consists of 32 bits of information. These bits are divided into
four sections, referred to as octets or bytes, each containing 1 byte (8 bits). You
can depict an IP address using one of three methods:
Dotted-decimal, as in 172.16.30.56
Binary, as in 10101100.00010000.00011110.00111000
Hexadecimal, as in AC.10.1E.38
All these examples truly represent the same IP address. Hexadecimal isnt used
as often as dotted-decimal or binary when IP addressing is discussed, but you
still might find an IP address stored in hexadecimal in some programs. The
Windows Registry is a good example of a program that stores a machines IP
address in hex.
The 32-bit IP address is a structured or hierarchical address, as opposed to a flat
or nonhierarchical address. Although either type of addressing scheme could
have been used, hierarchicaladdressingwas chosen for a good reason. The
advantage of this scheme is that it can handle a large number of addresses,
namely 4.3 billion (a 32-bit address space with two possible values for each
positioneither 0 or 1gives you 232, or 4,294,967,296). The disadvantage of
the flat addressing scheme, and the reason its not used for IP addressing, relates
to routing. If every address were unique, allrouters on the Internet would need to
store the address of each and every machine on the Internet. This would make
efficient routing impossible, even if only a fraction of the possible addresses
were used.
The solution to this problem is to use a two- or three-level hierarchical
addressing scheme that is structured by network and host or by network, subnet,
and host. This two- or three-level scheme is comparable to a telephone number.
The first section, the area code, designates a very large area. The second section,
the prefix, narrows the scope to a local calling area. The final segment, the
customer number, zooms in on the specific connection.
31

IP addresses use the same type of layered structure. Rather than all 32 bits being
treated as a unique identifier, as in flat addressing, a part of the address is
designated as the network address and the other part is designated as either the
subnet and host or just the node address.
Network Addressing
A Brief Explanation of Network Addressing
The network address(which can also be called the network number) uniquely
identifies each network. Every machine on the same network shares that
network address as part of its IP address. In the IP address 172.16.30.56, for
example, 172.16 is the network address.
The node addressis assigned to, and uniquely identifies, each machine on a
network. This part of the address must be unique because it identifies a
particular machinean individualas opposed to a network, which is a group.
This number can also be referred to as a host address. In the sample IP address
172.16.30.56, the 30.56 is the node address.
The designers of the Internet decided to create classes of networks based on
network size. For the small number of networks possessing a very large number
of nodes, they created the rank, Class A network. At the other extreme is the
Class C network, which is reserved for the numerous networks with a small
number of nodes. The class distinction for networks between very large and
very small is predictably called the Class B network.
Subdividing an IP address into a network and node address is determined by the
class designation of ones network.
Classes

8 bits

8 bits

8 bits

8 bits

Class A:

Network

Host

Host

Host

Class B:

Network

Network

Host

Host

Class C:

Network

Network

Network

Host

Class D:

Multicast

Class E:

Research
Table: Classes of I.P. Address

Class A Network: binary address start with 0, therefore the decimal number can
be anywhere from 1 to 126. The first 8 bits (the first octet) identify the network
and the remaining 24 bits indicate the host within the network. An example of a
Class A IP address is 102.168.212.226, where "102" identifies the network and
"168.212.226" identifies the host on that network.
Class B Network: binary addresses start with 10, therefore the decimal number
can be anywhere from 128 to 191. The first 16 bits (the first two octets) identify
the network and the remaining 16 bits indicate the host within the network. An
example of a Class B IP address is 168.212.226.204 where "168.212" identifies
the network and "226.204" identifies the host on that network.
32

Class

Left
bits

A:

most

Start Address

Finish Address

0xxx

0.0.0.0

127.255.255.255

B:

10xx

128.0.0.0

191.255.255.255

C:

110x

192.0.0.0

223.255.255.255

D:

1110

224.0.0.0

239.255.255.255

E:

1111

240.0.0.0

255.255.255.255

Table: Possible IP Addresses

Class C Network: Binary addresses start with 110, therefore the decimal
number can be anywhere from 192 to 223. The first 24 bits (the first three
octets) identify the network and the remaining 8 bits indicate the host within the
network. An example of a Class C IP address is 200.168.212.226 where
"200.168.212" identifies the network and "226" identifies the host on that
network. In a Class C network address, the first three bit positions are always
the binary 110. The calculation is as follows: 3 bytes, or 24 bits, minus 3
reserved positions leaves 21 positions.
Class D Network: Binary addresses start with 1110, therefore the decimal
number can be anywhere from 224 to 239. Class D networks are used to support
multicasting.
Class E Network: Binary addresses start with 1111, therefore the decimal
number can be anywhere from 240 to 255. Class E networks are used for
experimentation. They have never been documented or utilized in a standard
way.
Subnet Masks
For the subnet address scheme to work, every machine on the network must
know which part of the host address will be used as the subnet address. This is
accomplished by assigning a subnet mask to each machine. A subnet mask is a
32-bit value that allows the recipient of IP packets todistinguish the network ID
portion of the IP address from the host ID portion of the IP address.
The network administrator creates a 32-bit subnet mask composed of 1s and 0s.
The 1s in the subnet mask represent the positions that refer to the network or
subnet addresses.
Table shows the default subnet masks for Classes A, B, and C. These default
masks cannot change.
Address
Class
Class A
Class B
Class C

Format

Default Subnet Mask

network.node.node.node
Network.network.node.node
Network.network.network.nod

255.0.0.0
255.255.0.0
255.255.255.0
33

e
Table: Default Subnet Mask
6.1 Subnetting
Subnetting is basically just a way of splitting a TCP/IP network into smaller,
more manageable pieces. The basic idea is that if you have an excessive amount
of traffic flowing across your network, then that traffic can cause your network
to run slowly. When you subnet your network, you are splitting the network into
a separate, but interconnected network.
The various advantages of subnetting are:
Reduced network traffic: We all appreciate less traffic of any kind. Networks
are no different. Without trusty routers, packet traffic could grind the entire
network down to a near standstill. With routers, most traffic will stay on the
local network; only packets destined for other networks will pass through the
router. Routers create broadcast domains. The more broadcast domains you
create, the smaller the broadcast domains and the less network traffic on each
network segment.
Optimized network performance: This is a result of reduced network traffic.
Simplified management: Its easier to identify and isolate network problems in
a group of smaller connected networks than within one gigantic network.
Facilitated spanning of large geographical distances: Because WAN links are
considerably slower and more expensive than LAN links, a single large network
that spans long distances can create problems in every area.

Subnetting Class C Addresses

Introduction
There are many different ways to subnet a network. The right way is the way
that works best for you. In a Class C address, only 8 bits are available for
defining the hosts. Remember that subnet bits start at the left and go to the right,
without skipping bits.
Subnetting a Class C Address: The Fast Way!
When youve chosen a possible subnet mask for your network and need to
determine the number of subnets, valid hosts, and broadcast addresses of a
subnet that the mask provides, all you need to do is answer five simple
questions:
How many subnets does the chosen subnet mask produce?
How many valid hosts per subnet are available?
What are the valid subnets?
Whats the broadcast address of each subnet?
What are the valid hosts in each subnet?
Heres how you get the answers to those five big questions:
How many subnets?
2x = number of subnets. xis the number of masked bits, or the 1s. For example,
in 11000000, the number of 1s gives us 2 2 subnets. In this example, there are 4
subnets.
34

How many hosts per subnet?

2y 2 = number of hosts per subnet. yis the number of unmasked bits, or the 0s.
For example, in 11000000, the number of 0s gives us 26 2 hosts. In this
example, there are 62 hosts per subnet. You need to subtract 2 for the subnet
address and the broadcast address, which are not valid hosts.
What are the valid subnets?
256 subnet mask = block size, or increment number. An example would be
256 192 = 64. The block size of a 192 mask is always 64. Start counting at
zero in blocks of 64 until you reach the subnet mask value and these are your
subnets.
0, 64, 128, 192.
Whats the broadcast address for each subnet?
Now heres the really easy part. Since we counted our subnets in the last section
as 0, 64, 128, and 192, the broadcast address is always the number right before
the next subnet. For example, the 0 subnet has a broadcast address of 63 because
the next subnet is 64. The 64 subnet has a broadcast address of 127 because the
next subnet is 128. And so on. And remember, the broadcast address of the last
subnet is always 255.
What are the valid hosts?
Valid hosts are the numbers between the subnets, omitting the all 0s and all 1s.
For example, if 64 is the subnet number and 127 is the broadcast address, then
65126 is the valid host rangeits always the numbers between the subnet
address and the broadcast address.
Subnetting Practice Examples: Class C Addresses
Practice Example #1C: 255.255.255.128 (/25)
Since 128 is 10000000 in binary, there is only 1 bit for subnetting and 7 bits for
hosts. Were going to subnet the Class C network address 192.168.10.0.
192.168.10.0 = Network address
255.255.255.128 = Subnet mask
Now, lets answer the big five:
How many subnets?
Since 128 is 1 bit on (10000000), the answer would be 21 = 2.
How many hosts per subnet?
We have 7 host bits off (10000000), so the equation would be 2 7 2 = 126
hosts.
What are the valid subnets?
256 128 = 128. Remember, well start at zero and count in our block size, so
our subnets are 0, 128.
Whats the broadcast address for each subnet?
The number right before the value of the next subnet is all host bits turned on
and equals the broadcast address. For the zero subnet, the next subnet is 128, so
the broadcast of the 0 subnet is 127.
What are the valid hosts?
These are the numbers between the subnet and broadcast address. The easiest
way to find the hosts is to write out the subnet address and the broadcast
address. This way, the valid hosts are obvious. The following table shows the 0
and 128 subnets, the valid host ranges of each, and the broadcast address of both
subnets:
Subnet
0
128
35

First host
1
129
Last host
126
254
Broadcast
127
255
Practice Example #2C: 255.255.255.192 (/26)
In this second example, were going to subnet the network address 192.168.10.0
using the subnet mask 255.255.255.192.
192.168.10.0 = Network address
255.255.255.192 = Subnet mask
Now, lets answer the big five:
How many subnets?
Since 192 is 2 bits on (11000000), the answer would be 22 = 4 subnets.
How many hosts per subnet?
We have 6 host bits off (11000000), so the equation would be 26 2 = 62 hosts.
What are the valid subnets?
256 192 = 64. Remember, we start at zero and count in our block size, so our
subnets are 0, 64, 128, and 192.
Whats the broadcast address for each subnet?
The number right before the value of the next subnet is all host bits turned on
and equals the broadcast address. For the zero subnet, the next subnet is 64, so
the broadcast address for the zero subnet is 63.
What are the valid hosts?
These are the numbers between the subnet and broadcast address. The easiest
way to find the hosts is to write out the subnet address and the broadcast
address. This way, the valid hosts are obvious. The following table shows the 0,
64, 128, and 192 subnets, the valid host ranges of each, and the broadcast
address of each subnet:
The subnets (do this first)
0 64 128 192
Our first host (perform host addressing last)
1 65 129 193
Our last host
62126 190 254
The broadcast address (do this second)
63 127 191 255

7.ROUTER
Introduction
Routers are nothing more than a special type of PC. Routers and PCs both
have some of the same components such as a motherboard, RAM, and an
operating system. The main difference is between a router and standard PC, is
that a router performs special tasks to control or "route" traffic between two or
more networks. They operate at layer 3 of the OSI model.
36

Hardware Components
There are 7 major internal components of a router:
CPU
Internetwork Operating System (IOS)
RAM
NVRAM
Flash
ROM
Console
Interfaces
CPU
The CPU performs functions just as it does in a normal PC. It executes
commands given by the IOS using other hardware components. High-end
routers may contain multiple processors or extra slots to add more CPUs later.
IOS
The IOS is the main operating system on which the router runs. The IOS is
loaded upon the routers boot up. It usually is around 2 to 5MB in size, but can
be a lot larger depending on the router series. The IOS is currently on version
12, and they periodically releases minor versions every couple of months e.g.
12.1, 12.3 etc. to fix small bugs and also add extra functionality.
The IOS gives the router its various capabilities and can also be updated or
downloaded from the router for backup purposes.
RAM
Random Access Memory; this component is dynamic. Meaning, its content
changes constantly. The main role of the RAM is to hold the ARP cache, Store
routing tables, hold fast-switching cache, performs packet buffering, and hold
queues. It also provides temporary memory for the configuration file of the
router while the router is powered on. However, the RAM loses content when
router is restarted or powered off. This component is upgradeable!
NVRAM
Nonvolatile RAM is used to store the startup configuration files. This type of
RAM does not lose its content when the router is restarted or powered off.
Flash
Flash memory is very important. It holds the Cisco IOS image file, as well as
backups. This flash memory is classified as an EEPROM (Electronically
Erasable Programmable Read Only Memory). The flash ROM is upgradeable in
most Cisco routers.
ROM
The ROM performs the same operations as a BIOS. It holds information about
the systems hardware components and runs POST when the router first starts
up. This component can be upgraded by "unplugging" the chip and installing a
new one. A ROM upgrade ensures newer versions of the IOS.
Console
The console consists of the physical plugs and jacks on the router. The purpose
of the console is to provide access for configurations.
Interfaces
The interfaces provide connectivity to LAN, WAN, and Console/Aux. They can
be RJ-45 jacks soldered onto the motherboard, transceiver modules, or card
modules. Cisco routers, especially the higher-end models, can be configured in
37

many different ways. They can use a combination of transceivers, card modules
and onboard interfaces.

ROUTER MODES
User mode
User can examine router status and operation.
Configuration cannot be viewed or altered from user mode
Prompt : router>
Privileged mode (root)
Complete control over the router (anything can be set or reset)
Configuration cannot be altered
Prompt : router#

Configuration mode
Used only for change of configuration
Not password protected from privileged mode
Privileged mode commands dont have meaning in configuration mode
Most statements can be removed from the configuration with the prefix no (ex.
no shutdown)
Prompt : router(config)#
Router Configuration
There are two router configurations:
The Active configuration (show running-config)
The startup configuration (show startup-config)
Summary of Router Modes
Mode Name
Router>
Router#
Router(config)#
Router(config-if)#
Router(config-subif)#
Router(config-line)#
Router(config-router)#

Description
User Mode
Privileged Mode
Global configuration mode
Interface mode
Subinterface mode
Line mode
Router configuration mode

8.1 ROUTING

The term routing is used for taking a packet from one device and sending it
through the network to another device on a different network. Routers dont
really care about hoststhey only care about networks and the best path to each
network. The logical network address of the destination host is used to get
packets to a network through a routed network, and then the hardware address
of the host is used to deliver the packet from a router to the correct destination
host.
If your network has no routers, then it should be apparent that you are not
routing. Routers route traffic to all the networks in your internetwork. To be able
to route packets, a router must know, at a minimum, the following:
Destination address
38

Neighbor routers from which it can learn about remote networks

Possible routes to all remote networks
The best route to each remote network
How to maintain and verify routing information
The router learns about remote networks from neighbor routers or from an
administrator
The router then builds a routing table (a map of the internetwork) that
describes how to find the remote networks. If a network is directly connected,
then the router already knows how to get to it.
If a network isnt directly connected to the router, the router must use one of two
ways to learn how to get to the remote network:
1. Static routing: meaning that someone must hand-type all network locations
into the routing table.
2. Dynamic routing: In dynamic routing, a protocol on one router communicates
with the same protocol running on neighbor routers. The routers then update
each other about all the networks they know about and place this information
into the routing table. If a change occurs in the network, the dynamic routing
protocols automatically inform all routers about the event.
If static routing is used, the administrator is responsible for updating all changes
by hand into all routers. Typically, in a large network, a combination of both
dynamic and static routing is used.
8.2 ROUTING PROTOCOL
A routing protocol is a protocol that specifies how routers communicate with
each other, disseminating information that enables them to select routes between
any two nodes on acomputer network, the choice of the route being done
by routing algorithms.
8.2.1Routing Information Protocol (RIP)
Routing Information Protocol (RIP) is a true distance-vector routing protocol.
RIP sends the complete routing table out to all active interfaces every 30
seconds. RIP only uses hop count to determine the best way to a remote
network, but it has a maximum allowable hop count of 15 by default, meaning
that 16 is deemed unreachable. RIP works well in small networks, but its
inefficient on large networks with slow WAN links or on networks with a large
number of routers installed.
RIP version 1 uses only classful routing, which means that all devices in the
network must use the same subnet mask. This is because RIP version 1 doesnt
send updates with subnet mask information.
RIP version 2 provides something called prefix routing and does send subnet
mask information with the route updates. This is called classless routing.
Configuring RIP Routing
Configuration Example
Lets use a simple network example, shown in Figure below, to illustrate
configuring RIPv1.

39

Figure: RIP Routing in Action

Heres RouterAs configuration:
RouterA(config)# router rip
RouterA(config-router)# network 192.168.1.0
RouterA(config-router)# network 192.168.2.0
Heres RouterBs configuration:
RouterB(config)# router rip
RouterB(config-router)# network 192.168.2.0
RouterB(config-router)# network 192.168.3.0

Troubleshooting IP RIP
Once you have configured IP RIP, you have a variety of commands available to
view and
troubleshoot your configuration and operation of RIP:
_ showip protocols
_ showip route
_ debug ip rip
8.2.2 RIP Version 2 (RIPv2)
RIP version 2 is mostly the same as RIP version 1. Both RIPv1 and RIPv2 are
distance-vector
protocols, which means that each router running RIP sends its complete routing
tables out all
active interfaces at periodic time intervals. Also, the timers and loop-avoidance
schemes are the
same in both RIP versions (i.e., holddown timers and split horizon rule), and
both have the same
administrative distance (120).
But there are some important differences that make RIPv2 more scalable than
RIPv1.

40

Configuring RIPv2 is straightforward. Heres an example:

RouterC (config)#router rip
RouterC (config-router)#network 192.168.40.0
RouterC (config-router)#network 192.168.50.0
RouterC (config-router)#version 2
8.2.3 EIGRP Features and Operation
Enhanced IGRP (EIGRP) is a classless, enhanced distance-vector protocol that
gives us a real edge over another Cisco proprietary protocol, Interior Gateway
Routing Protocol (IGRP). Thats basically why its called Enhanced IGRP. Like
IGRP, EIGRP uses the concept of an autonomous system to describe the set of
contiguous routers that run the same routing protocol and share routing
information. But unlike IGRP, EIGRP includes the subnet mask in its route
updates. And as you now know, the advertisement of subnet information allows
us to use Variable Length Subnet Masks (VLSMs) ansummarization when
designing our networks!
EIGRP is sometimes referred to as a hybrid routing protocol because it has
characteristics of both distance-vector and link-state protocols. For example,
EIGRP doesnt send link-state packets as OSPF does; instead, it sends
traditional distance-vector updates containing information about networks plus
the cost of reaching them from the perspective of the advertising router. And
EIGRP has link-state characteristics as wellit synchronizes routing tables
between neighbors at startup and then sends specific updates only when
topology changes occur. This makes EIGRP suitable for
very large networks. EIGRP has a maximum hop count of 255 (the default is set
to 100). There are a number of powerful features that make EIGRP a real
standout from IGRP and other protocols. The main ones are listed here:
Support for IP and IPv6 (and some other useless routed protocols) via
protocol dependent modules.
Considered classless (same as RIPv2 and OSPF).
Support for VLSM/CIDR.
Support for summaries and discontiguous networks.
Efficient neighbor discovery.
41

 Communication via Reliable Transport Protocol (RTP).

Best path selection via Diffusing Update Algorithm (DUAL).
Neighbor Discovery
Before EIGRP routers are willing to exchange routes with each other, they
must become neighbors.
There are three conditions that must be met for neighborship establishment:
Hello or ACK received
AS numbers match
Identical metrics (K values)
Lets define some terms before we move on:
Feasible distance
This is the best metric along all paths to a remote network, including the
metric to the neighbor that is advertising that remote network. This is the route
that you will find in the routing table because it is considered the best path.
The metric of a feasible distance is the metric reported by the neighbor (called
reported or advertised distance) plus the metric to the neighbor reporting the
route.
Reported/advertised distance
This is the metric of a remote network, as reported by a neighbor. It is also the
routing table metric of the neighbor and is the same as the second number in
parentheses as displayed in the topology table, the first number being the
feasible distance.
Neighbor table
Each router keeps state information about adjacent neighbors. When a newly
discovered neighbor is learned, the address and interface of the neighbor are
recorded, and this information is held in the neighbor table, stored in RAM.
There is one neighbor table for each protocol-dependent module. Sequence
numbers are used to match acknowledgments with update packets. The last
sequence number received from the neighbor is recorded so that out-of-order
packets can be detected.
Topology table
The topology table is populated by the protocol-dependent modules and acted
upon by the Diffusing Update Algorithm (DUAL). It contains all destinations
advertised by neighboring routers, holding each destination address and a list
of neighbors that have advertised the destination. For each neighbor, the
advertised metric, which comes only from the neighbors routing table, is
recorded. If the neighbor is advertising this destination, it must be using the
route to forward packets.
Feasible successor
A feasible successor is a path whose reported distance is less than the feasible
distance, and it is considered a backup route. EIGRP will keep up to six
feasible successors in the topology table. Only the one with the best metric
(the successor) is copied and placed in the routing table. The show ipeigrp
topology command will display all the EIGRP feasible successor routes
known to a router.
Successor
A successor route (think successful!) is the best route to a remote network. A
successor route is used by EIGRP to forward traffic to a destination and is
stored in the routing table. It is backed up by a feasible successor route that is
42

stored in the topology tableif one is available. By using the feasible

distance, and having feasible successors in the topology table as backup links,
the networkcan converge instantly, and updates to any neighbor make up the
only traffic sent from EIGRP.
Reliable Transport Protocol (RTP)
EIGRP uses a proprietary protocol called Reliable Transport Protocol (RTP) to
manage the communication of messages between EIGRP-speaking routers.
And as the name suggests, reliability is a key concern of this protocol.
Diffusing Update Algorithm (DUAL)
EIGRP uses Diffusing Update Algorithm (DUAL) for selecting and
maintaining the best path to each remote network. This algorithm allows for
the following:
Backup route determination if one is available
Support of VLSMs
Dynamic route recoveries
Queries for an alternate route if no route can be found
DUAL provides EIGRP with possibly the fastest route convergence time
among all protocols. The key to EIGRPs speedy convergence is twofold:
First, EIGRP routers maintain a copy of all of their neighbors routes, which
they use to calculate their own cost to each remote network. If the best path
goes down, it may be as simple as examining the contents of the topology
table to select the best replacement route. Second, if there isnt a good
alternative in the local topology table, EIGRP
routers very quickly ask their neighbors for help finding one. Relying on other
routers and leveraging the information they provide accounts for the
diffusing character of DUAL.
EIGRP Metrics
Another thing about EIGRP is that unlike many other protocols that use a
single factor to compare
routes and select the best possible path, EIGRP can use a combination of four:
Bandwidth
Delay
Load
Reliability
Like IGRP, EIGRP uses only bandwidth and delay of the line to determine the
best path to a remote network by default.
Configuring EIGRP
Configuration Example
Lets look at an example, to illustrate how to configure EIGRP on a router.
Heres the routing configuration of the router:
Router(config)# router eigrp 200
Router(config-router)# network 172.16.0.0
Router(config-router)# network 10.0.0.0
Troubleshooting EIGRP
Here are some of the main commands used when viewing and troubleshooting
EIGRP:
show ip protocols
43

show ip route
show ipeigrp neighbors
show ipeigrp topology
show ipeigrp traffic
debug ipeigrp

9. ACCESS CONTROL LIST

The Cisco Access Control List (ACL) is are used for filtering traffic based on
a given filtering criteria on a router or switch interface. Based on the
conditions supplied by the ACL, a packet is allowed or blocked from further
movement.
Cisco ACLs are available for several types of routed protocols including IP,
IPX, AppleTalk, XNS, DECnet, and others. However, we will be discussing
ACLs pertaining to TCP/IP protocol only.
ACLs for TCP/IP traffic filtering are primarily divided into two types:
Standard Access Lists, and
Extended Access Lists
Standard Access Control Lists: Standard IP ACLs range from 1 to 99. A
Standard Access List allows you to permit or deny traffic FROM specific IP
addresses. The destination of the packet and the ports involved can be
anything.
This is the command syntax format of a standard ACL.
access-list access-list-number {permit|deny}
{host|sourcesource-wildcard|any}
Standard ACL example:
access-list 10 permit 192.168.2.0 0.0.0.255
This list allows traffic from all addresses in the range 192.168.2.0 to
192.168.2.255
Note that when configuring access lists on a router, you must identify each
access list uniquely by assigning either a name or a number to the protocol's
access list.
There is an implicit deny added to every access list. If you entered the
command:
show
The output looks like:
access-list
10
access-list 10 deny any

access-list
permit

10
192.168.2.0

0.0.0.255

Extended Access Control Lists: Extended IP ACLs allow you to permit or

deny traffic from specific IP addresses to a specific destination IP address and
port. It also allows you to have granular control by specifying controls for
different types of protocols such as ICMP, TCP, UDP, etc within the ACL
statements. Extended IP ACLs range from 100 to 199. In Cisco IOS Software
Release 12.0.1, extended ACLs began to use additional numbers (2000 to
2699).
44

The syntax for IP Extended ACL is given below:

access-list access-list-number {deny | permit} protocol source source-wildcard
destination destination-wildcard [precedence precedence]
Note that the above syntax is simplified, and given for general understanding
only.
Extended ACL example:
access-list 110 - Applied to traffic leaving the office (outgoing)
access-list 110 permit tcp 92.128.2.0 0.0.0.255 any eq 80
ACL 110 permits traffic originating from any address on the 92.128.2.0
network. The 'any' statement means that the traffic is allowed to have any
destination address with the limitation of going to port 80. The value of
0.0.0.0/255.255.255.255 can be specified as 'any'.
Applying an ACL to a router interface:
After the ACL is defined, it must be applied to the interface (inbound or
outbound). The syntax for applying an ACL to a router interface is given
below:
interface<interface>
ip access-group {number|name} {in|out}
An Access List may be specified by a name or a number. "in" applies the ACL
to the inbound traffic, and "out" applies the ACL on the outbound traffic.
Example:
To apply the standard ACL created in the previous example, use the following
commands:
Rouer(config)#interface
serial
0
Rouer(config-if)#ip access-group 10 out
10. Network Address Translation
NAT allows private networks all over the world to use the same internal
network numbers, while still allowing their users (or perhaps just some users)
access to the Internet.
In this way, NAT serves as a form of IP address conservation. Imagine how
many IP addresses would be necessary if every single office around the world
required IP addresses that were not duplicated anywhere else in the world!
The addresses that private networks around the world use are the RFC 1918
private addresses, sometimes referred to as 1918 addresses. A word to the
wise: Know these, and know them cold. I should be able to call you at 2AM
and ask you what these are, and get an immediate response. :)
The RFC 1918 Private Addresses
45

Class A
Class B
Class C

10.0.0.0 / 8
172.16.0.0 / 12
192.168.0.0 /16

Note that the masks used with the RFC 1918 private addresses are NOT the
default masks for Class A, B, and C.
These IP addresses are not used on any public networks. By public networks,
we mean networks connected to the Internet. Its my experience that the Class
C 1918 addresses are the most commonly used by offices, banks, and other
organizations.
If a bank and a school in your home city are both using the 192.168.0.0 /16
network on their internal networks, theres no problem until some of the users
on either network want to access the Internet.
What's Wrong With Private Addresses?
Using private addresses is fine until a host using a private address wants to
communicate with a device on the Internet. In this situation, no user on a
private network can successfully communicate with an Internet host.
These networks can communicate with Internet hosts by using NAT. NAT
stands for Network Address Translation, and that's exactly what is going to
happen: the RFC 1918 source address is going to be translated to another
address as it leaves the private network, and it will be translated back to its
original address as the return data enters the private network.
If a limited number of hosts on a private network need Internet access, static
NAT may be the appropriate choice. Static NAT maps a private address to a
public one.
In this example, there are three internal PCs on an RFC1918 private network.
The router's ethernet0 interface is connected to this network, and the Internet
is reachable via the Serial0 interface.
The IP address of the serial interface is 210.1.1.1 /24, with all other addresses
on the 210.1.1.0 /24 network available. Three static mappings are needed to
use Static NAT.
Configuring the interfaces for Network Address Translation. The Ethernet
network is the inside network; the Serial interface leading to the Internet is
the outside network.
R3(config)#interface ethernet0
R3(config-if)#ip address 10.5.5.8 255.0.0.0
R3(config-if)#ipnat inside
R3(config-if)#interface serial0
R3(config-if)#ip address 210.1.1.1 255.255.255.0
R3(config-if)#ipnat outside
The static mappings are created and verified.
46

R3#conf t
R3(config)#ipnat inside source static 10.5.5.5 210.1.1.2
R3(config)#ipnat inside source static 10.5.5.6 210.1.1.3
R3(config)#ipnat inside source static 10.5.5.7 210.1.1.4
R3#show ipnat translations
Pro Inside global
Inside local
--- 210.1.1.2
10.5.5.5
--- 210.1.1.3
10.5.5.6
--- 210.1.1.4
10.5.5.7

Outside local
-------------

Outside global

R3#show ipnat statistics

Total active translations: 3 (3 static, 0 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet0
Hits: 0 Misses: 0
Expired translations: 0
showipnat statistics displays the number of static and dynamic mappings.
10.1 Types of Network Address Translation
Static NAT
This type of NAT is designed to allow one-to-one mapping between local and
global addresses. Keep in mind that the static version requires you to have one
real Internet IP address for every host on your network.
Dynamic NAT
This version gives you the ability to map an unregistered IP address to a
registered IP address from out of a pool of registered IP addresses. You dont
have to statically configure your router to map an inside to an outside address
as you would using static NAT, but you do have to have enough real, bona-fide
IP addresses for everyone whos going to be sending packets to and receiving
them from the Internet.
Overloading
This is the most popular type of NAT configuration. Understand that
overloading really is a form of dynamic NAT that maps multiple unregistered
IP addresses to single registered IP addressmany-to-oneby using different
ports. Now, why is this so special? Well because its also known as
Port Address Translation (PAT) And by using PAT (NAT Overload),
you get to have thousands of users connect to the Internet using only one real
global IP address pretty slick, yeah? Seriously, NAT Overload is the real
reason we havent run out of valid IP address on the Internet.
NAT Terms
Names Meaning
Inside local Name of inside source address before translation
Outside local Name of destination host before translation
Inside globalName of inside host after translation
Outside global Name of outside destination host after translation
47

In the example shown in Figure 1.2, host 10.1.1.1 sends an outbound packet to
the border router configured with NAT. The router identifies the IP address as
an inside local IP address destined for an outside network, translates the
address, and documents the translation in the NAT table.
The packet is sent to the outside interface with the new translated source
address. The external host returns the packet to the destination host and the
NAT router translates the inside global IP address back to the inside local IP
address using the NAT table. This is as simple as it gets.
Lets take a look at a more complex configuration using overloading, or what
is also referred to as Port Address Translation (PAT). Ill use Figure 11.3 to
demonstrate how PAT works. With overloading, all inside hosts get translated
to one single IP address, hence the term overloading. Again, the reason we
have not run out of available IP addresses on the Internet is because of
overloading (PAT). Take a look at the NAT table in Figure 11.3 again. In
addition to the inside local IP address and outside global IP address, we now
have port numbers. These port numbers help the router identify which host
should receive the return traffic.

Static NAT Configuration

Lets take a look at a simple basic static NAT configuration:
ipnat inside source static 10.1.1.1 170.46.2.2
!
interface Ethernet0
ip address 10.1.1.10 255.255.255.0
48

ipnat inside
!
interface Serial0
ip address 170.46.2.1 255.255.255.0
ipnat outside
!
In the preceding router output, the
Ip nat inside source
command identifies which IP
addresses will be translated. In this configuration example, the
ipnat inside source
command
configures a static
translation between the inside local IP address 10.1.1.1 to the outside
global IP address 170.46.2.2.
Dynamic NAT Configuration
Dynamic NAT means that we have a pool of addresses that we will use to
provide real IP addresses to a group of users on the inside. We do not use port
numbers, so we have to have real IP addresses for every user trying to get
outside the local network. Here is a sample output of a dynamic NAT
configuration:
ipnat pool todd 170.168.2.2 170.168.2.25 netmask 255.255.255.0 ipnat inside
source list 1 pool todd
!
interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ipnat inside
!
interface Serial0
ip address 170.168.2.1 255.255.255.0
ipnat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
The
ipnat inside source list 1 pool todd command tells the router to translate
IP addresses that match access-list 1 to an address found in the IP NAT pool
named todd.
The access list in this case is not being used to permit or deny traffic as we
would use it for security reasons to filter traffic. It is being used in this case to
select or designate what we often call interesting traffic. When interesting
traffic has been matched with the access list, it is pulled into the NAT process
to be translated. This is a common use for access lists; they dont always have
the dull job of just blocking traffic at an interface. The ip nat pool todd
170.168.2.2 192.168.2.254 command creates a pool of addresses that will be
distributed to those hosts that require NAT.
11. CDP
The Cisco Discovery Protocol (CDP) is a proprietary Data Link
Layer network protocol developed by Cisco Systems. It is used to share
information about other directly connected Cisco equipment, such as
the operating system version and IP address. CDP can also be used for On49

Demand Routing, which is a method of including routing information in CDP

announcements so that dynamic routing protocols do not need to be used in
simple network.
Cisco
devices
send
CDP
announcements
to
the multicast destination address 01-00-0c-cc-cc-cc,
out
each
connected network interface. These multicast packets may be received by
Cisco switches and other networking devices that support CDP into their
connected network interface. This multicast destination is also used in other
Cisco protocols such as VTP. By default, CDP announcements are sent every
60 seconds on interfaces that support Subnetwork Access Protocol (SNAP)
headers,
including Ethernet, Frame
Relay andAsynchronous
Transfer
Mode (ATM). Each Cisco device that supports CDP stores the information
received from other devices in a table that can be viewed using the show
cdpneighborscommand. This table is also accessible via snmp. The CDP table
information is refreshed each time an announcement is received, and the
holdtime for that entry is reinitialized. The holdtime specifies the lifetime of
an entry in the table - if no announcements are received from a device for a
period in excess of the holdtime, the device information is discarded (default
180 seconds).
The information contained in CDP announcements varies by the type of device
and the version of the operating system running on it. This information may
include the operating systemversion, hostname, every address (i.e. IP address)
from all protocol(s) configured on the port where CDP frame is sent, the port
identifier from which the announcement was sent, device type and
model, duplex setting, VTP domain, native VLAN, power draw (for Power
over Ethernet devices), and other device specific information.

12. IPv6
An Internet Protocol Version 6 address (IPv6 address) is a numerical label
that is used to identify a network interface of a computer or other network
node participating in an IPv6-enabled computer network.
IP addresses serve the purpose of uniquely identifying the individual network
interface(s) of a host, locating it on the network, and thus permitting the
routing of IP packets between hosts. For routing, IP addresses are present in
fields of the packet header where they indicate source and destination of the
packet.
IPv6 is the successor to the Internet's first addressing infrastructure, Internet
Protocol version 4 (IPv4). In contrast to IPv4, which defined an IP address as
50

a 32-bit value, IPv6 addresses have a size of 128 bits. Therefore, IPv6 has a
vastly enlarged address space compared to IPv4.

IPv6 address classes

IPv6 addresses are classified by the primary addressing and routing
methodologies common in networking: unicast addressing, anycast
addressing, and multicast addressing.

A unicast address identifies a single network interface. The Internet Protocol

delivers packets sent to a unicast address to that specific interface.
An anycast address is assigned to a group of interfaces, usually belonging to
different nodes. A packet sent to an anycast address is delivered to just one of
the member interfaces, typically the nearest host, according to the routing
protocols definition of distance. Anycast addresses cannot be identified easily,
they have the same format of unicast addresses, and differ only by their
presence in the network at multiple points. Almost any unicast address can be
employed as an anycast address.
A multicast address is also used by multiple hosts, which acquire the multicast
address destination by participating in the multicast distribution protocol
among the network routers. A packet that is sent to a multicast address is
delivered to all interfaces that have joined the corresponding multicast group.
Address Format
An IPv6 address consists of 128 bits. [1] Addresses are classified into various
types for applications in the major addressing and routing methodologies:
unicast, multicast, and anycast networking. In each of these, various address
formats are recognized by logically dividing the 128 address bits into bit
groups and establishing rules for associating the values of these bit groups
with special addressing features.
Presentation
51

An IPv6 address is represented as eight groups of four hexadecimal digits,

each group representing 16 bits (two octets). The groups are separated
by colons (:). An example of an IPv6 address is:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
The hexadecimal digits are case-insensitive when used, but should be
represented in lower case.
The full representation of eight 4-digit groups may be simplified by several
techniques, eliminating parts of the representation.
13. WAN
A Wide Area Network (WAN) is a telecommunication network that covers a
broad area (i.e., any network that links across metropolitan, regional, or
national boundaries). Business and government entities utilize WANs to relay
data among employees, clients, buyers, and suppliers from various
geographical locations. In essence this mode of telecommunication allows a
business to effectively carry out its daily function regardless of location.
WAN Connection Types
Heres a list explaining the different WAN connection types:
Leased lines
These are usually referred to as a point-to-point or dedicated connection. A
leased line is a pre-established WAN communications path that goes from the
CPE through the DCE switch, then over to the CPE of the remote site. The
CPE enables DTE networks to communicate at any time with no cumbersome
setup procedures to muddle through before transmitting data. When youve
got plenty of cash, this is really the way to go because it uses synchronous
serial lines up to 45Mbps. HDLC and PPP encapsulations are frequently used
on leased lines; Ill go over them with you in detail in a bit.
Circuit switching
When you hear the term circuit switching, think phone call. The big advantage
is costyou only pay for the time you actually use. No data can transfer
before an end-to-end connection is established. Circuit switching uses dial-up
modems or ISDN and is used for low-bandwidth data transfers
Packet switching
This is a WAN switching method that allows you to share bandwidth with
other companies to save money. Packet switching can be thought of as a
network thats designedto look like a leased line yet charges you more like
circuit switching. But less cost isnt always better theres definitely a
downside: If you need to transfer data constantly, just forget about this option.
Instead, get yourself a leased line. Packet switching will only work for you if
your data transfers are the bursty typenot continuous. Frame Relay and X.25
are packet-switching technologies with speeds that can range from 56Kbps up
to T3 (45Mbps).
WAN protocols
Frame Relay
A packet-switched technology that made its debut in the early 1990s, Frame
Relay is a high-performance Data Link and Physical layer specification. Its
52

pretty much a successorto X.25, except that much of the technology in X.25
used to compensate for physicalerrors (noisy lines) has been eliminated. An
upside to Frame Relay is that it can be more costeffective than point-to-point
links, plus it typically runs at speeds of 64Kbps up to 45Mbps(T3). Another
Frame Relay benefit is that it provides features for dynamic bandwidth
allocationand congestion control.
ISDN
Integrated Services Digital Network (ISDN) is a set of digital services that
transmit voiceand data over existing phone lines. ISDN offers a cost-effective
solution for remote userswhoneed a higher-speed connection than analog dialup links can give them, and its also a goodchoice to use as a backup link for
other types of links like Frame Relay or T1 connections.
LAPB
Link Access Procedure, Balanced (LAPB) was created to be a connectionoriented
protocol at the Data Link layer for use with X.25, but it can also be used as a
simple data link transport. A not-so-good characteristic of LAPB is that it
tends to create a tremendous amount of overhead due to its strict time-out and
windowing techniques.
LAPD
Link Access Procedure, D-Channel (LAPD) is used with ISDN at the Data
Link layer (layer 2) as a protocol for the D (signaling) channel. LAPD was
derived from the Link Access Procedure, Balanced (LAPB) protocol and is
designed primarily to satisfy the signaling requirements of ISDN basic access.
HDLC
High-Level Data-Link Control (HDLC) was derived from Synchronous Data
Link
Control (SDLC), which was created by IBM as a Data Link connection
protocol. HDLCworks at the Data Link layer and creates very little overhead
compared to LAPB. It wasnt intended to encapsulate multiple Network layer
protocols across the same linkthe HDLC header doesnt contain any
identification about the type of protocol being carried inside the HDLC
encapsulation. Because of this, each vendor that uses HDLC has its own
wayof identifying the Network layer protocol, meaning each vendors HDLC
is proprietary with regard to its specific equipment.
PPP
Point-to-Point Protocol (PPP) is a pretty famous, industry-standard protocol.
Because all multiprotocol versions of HDLC are proprietary, PPP can be used
to create point to-point links between different vendors equipment. It uses a
Network Control Protocol field in the Data Link header to identify the
Network layer protocol and allows authentication and multilink connections to
be run over asynchronous and synchronous links.
PPPoE
Point-to-Point Protocol over Ethernet encapsulates PPP frames in Ethernet
frames
and is usually used in conjunction with ADSL services. It gives you a lot of
the familiar PPP features like authentication, encryption, and compression, but
theres a downsideit has a lower maximum transmission unit (MTU) than
standard Ethernet does, and if your firewall isnt solidly configured, this little
attribute can really give you some grief! Still somewhat popular in the United
53

States, PPPoE on Ethernets main feature is that it adds a direct connection to

Ethernet interfaces while providing DSL support as well. Its often used by
many hosts on a shared Ethernet interface for opening PPP sessions to various
destinations via at least one bridging modem.

14. Routing with OSPF using Extended ACL & NAT

OSPF configuration:
Giving ip address:
Router>Enable
Router#Configure Terminal
Router(config)#hostname TCMCE-ROUTER
TCMCE-ROUTER(config)#INTERface S0/3/0
TCMCE-ROUTER(config-if)# ip address 192.168.1.1 255.255.255.0
TCMCE-ROUTER (config-if)#no sh
TCMCE-ROUTER (config-if)#exit
Router(config)#hostname MDU-ROUTER
MDU-ROUTER(config)#INTERface S0/3/0
MDU-ROUTER(config-if)# ip address 192.168.1.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
54

MDU-ROUTER(config)#INTERface S1/0
MDU-ROUTER(config-if)# ip address 192.168.2.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
MDU-ROUTER(config)#INTERface S1/1
MDU-ROUTER(config-if)# ip address 192.168.3.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
MDU-ROUTER(config)#INTERface S1/2
MDU-ROUTER(config-if)# ip address 192.168.4.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
MDU-ROUTER(config)#INTERface S1/3
MDU-ROUTER(config-if)# ip address 192.168.5.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
Router(config)#hostname DITM-ROUTER
DITM -ROUTER(config)#INTERface S0/3/1
DITM -ROUTER(config-if)# ip address 192.168.2.1 255.255.255.0
DITM -ROUTER (config-if)#no sh
DITM -ROUTER (config-if)#exit
Router(config)#hostname AICTE-ROUTER
AICTE -ROUTER(config)#INTERface S0/3/1
AICTE -ROUTER(config-if)# ip address 192.168.3.1 255.255.255.0
AICTE -ROUTER (config-if)#no sh
AICTE -ROUTER (config-if)#exit
Router(config)#hostname SBIT-ROUTER
SBIT -ROUTER(config)#INTERface S0/3/1
SBIT -ROUTER(config-if)# ip address 192.168.4.1 255.255.255.0
SBIT -ROUTER (config-if)#no sh
SBIT -ROUTER (config-if)#exit
Router(config)#hostname MHRD-ROUTER
MHRD -ROUTER(config)#INTERface S0/3/1
MHRD -ROUTER(config-if)# ip address 192.168.5.1 255.255.255.0
MHRD -ROUTER (config-if)#no sh
MHRD -ROUTER (config-if)#exit

Routing with OSPF:

TCMCE-ROUTER(config)# router ospf 100
55

TCMCE-ROUTER(config-router)# network 192.168.1.0 0.0.0.255 area 0

TCMCE-ROUTER(config-router)# network 10.1.0.0 0.0.0.255 area 0
TCMCE-ROUTER(config-router)# network 10.2.0.0 0.0.0.255 area 0
MDU-ROUTER(config)# router ospf 100
MDU-ROUTER(config-router)# network 192.168.1.0 0.0.0.255 area 0
MDU-ROUTER(config-router)# network 192.168.2.0 0.0.0.255 area 0
MDU-ROUTER(config-router)# network 192.168.3.0 0.0.0.255 area 0
MDU-ROUTER(config-router)# network 192.168.4.0 0.0.0.255 area 0
MDU-ROUTER(config-router)# network 192.168.5.0 0.0.0.255 area 0
MDU-ROUTER(config-router)# network 10.3.0.0 0.0.0.255 area 0
MDU-ROUTER(config-router)# network 10.4.0.0 0.0.0.255 area 0
MDU-ROUTER(config-router)# network 10.13.0.0 0.0.0.255 area 0
DITM-ROUTER(config)# router ospf 100
DITM-ROUTER(config-router)# network 192.168.2.0 0.0.0.255 area 0
DITM-ROUTER(config-router)# network 10.5.0.0 0.0.0.255 area 0
DITM-ROUTER(config-router)# network 10.6.0.0 0.0.0.255 area 0
AICTE-ROUTER(config)# router ospf 100
AICTE-ROUTER(config-router)# network 192.168.3.0 0.0.0.255 area 0
AICTE-ROUTER(config-router)# network 10.7.0.0 0.0.0.255 area 0
AICTE-ROUTER(config-router)# network 10.8.0.0 0.0.0.255 area 0
SBIT-ROUTER(config)# router ospf 100
SBIT-ROUTER(config-router)# network 192.168.4.0 0.0.0.255 area 0
SBIT-ROUTER(config-router)# network 10.9.0.0 0.0.0.255 area 0
SBIT-ROUTER(config-router)# network 10.10.0.0 0.0.0.255 area 0
MHRD-ROUTER(config)# router ospf 100
MHRD-ROUTER(config-router)# network 192.168.5.0 0.0.0.255 area 0
MHRD-ROUTER(config-router)# network 10.11.0.0 0.0.0.255 area 0
MHRD-ROUTER(config-router)# network 10.12.0.0 0.0.0.255 area 0

Show commands:
TCMCE-ROUTER #sh ip route

56

TCMCE-ROUTER #sh ip route ospf

57

MDU-ROUTER #sh ip route

MDU-ROUTER #sh ip route osfp

58

DITM-ROUTER #sh ip route

DITM-ROUTER #sh ip route ospf

59

AICTE-ROUTER #sh ip route

AICTE-ROUTER #sh ip route ospf

60

SBIT-ROUTER #sh ip route

SBIT-ROUTER #sh ip route ospf

61

MHRD-ROUTER #sh ip route

MHRD-ROUTER #sh ip route ospf

62

ACL EXTENDED:
Extended access lists can evaluate many of the other fields in the layer 3 and layer 4
headers of an IP packet. They can evaluate source and destination IP addresses, the
protocol field in the Network layer header, and the port number at the Transport layer
header. This gives extended access lists the ability to make much more granular
decisions when controlling traffic.
CONFIGURE EXTENDED ACL:
ROUTER1(config)#ip access-list extended acl1
ROUTER1(config-ext-nacl)#deny tcp 192.168.1.192 0.0.0.63 ho
ROUTER1(config-ext-nacl)#deny tcp 192.168.1.192 0.0.0.63 host 192.168.1.2
ROUTER1(config-ext-nacl)#permit tcp any any
ROUTER1(config-ext-nacl)#192.168.1.192 0.0.0.63 host 192.168.1.2 eq 80
ROUTER1(config-ext-nacl)#permit icmp any any
ROUTER1(config-ext-nacl)#permit ip any any
ROUTER1(config-ext-nacl)#permit udp any any
ROUTER1(config-ext-nacl)#exit
ROUTER1(config)#interface s1/1
ROUTER1(config-if)#ip access-group acl1 in
SHOW COMMAND:
ROUTER1#show access-lists

DHCP CONFIGURATION:
The Dynamic Host Configuration Protocol (DHCP) is a network configuration
protocol for hosts on Internet Protocol (IP) networks. Computers that are connected to
IP networks must be configured before they can communicate with other hosts. The
63

most essential information needed is an IP address, and a default route and routing
prefix. DHCP eliminates the manual task by a network administrator. It also provides
a central database of devices that are connected to the network and eliminates
duplicate resource assignments.
COMMAND:
Router(config)#ip dhcp pool scope1
Router(dhcp-config)#network 192.168.1.65 255.255.255.192
Router(dhcp-config)#default-router 192.168.1.65
Router(dhcp-config)#dns-server 192.168.1.2
Router#show dhcp server
WEB SERVER:
Web servers are computers that deliver (serves up) Web pages. Every Web server has
an IP address and possibly a domain name. For example, if you enter
the URL http://www.pcwebopedia.com/index.html in your browser, this sends a
request to the Web server whose domain name ispcwebopedia.com. The server then
fetches the page named index.html and sends it to your browser.

Access web server for 192.168.1.128 network :

64

Web server blocked for 192.168.1.192 network:

Wi-fi configuration:
Wi-Fi is a popular technology that allows an electronic device to exchange
data wirelessly (using radio waves) over a computer network, including highspeed Internet connections. The Wi-Fi Alliance defines Wi-Fi as any "wireless local
65

area network (WLAN) products that are based on the Institute of Electrical and
Electronics Engineers' (IEEE) 802.11 standards".[1] However, since most modern
WLANs are based on these standards, the term "Wi-Fi" is used in general English as a
synonym for "WLAN".
A device that can use Wi-Fi (such as a personal computer, video game
console, smartphone, tablet, or digital audio player) can connect to a network resource
such as the Internet via a wireless network access point. Such an access point
(or hotspot) has a range of about 20 meters (65 feet) indoors and a greater range
outdoors. Hotspot coverage can comprise an area as small as a single room with walls
that block radio waves or as large as many square miles this is achieved by using
multiple overlapping access points.
Configuring access point:

Selecting SSID:

66

Giving wi-fi password:

Campus Network of MDU Affiliated And AICTE Approved Colleges And Institutes

67

Campus Network of TCMCE

Campus Network of DITM

68

Campus Network of SBIT

Commands Used in Campus Network Management

69

TCMCE-ROUTER>ENABLE
TCMCE-ROUTER#
TCMCE-ROUTER#CONFIGURE TERMINAL
TCMCE-ROUTER(config)#INTERface F0/0
TCMCE-ROUTER(config-if)#NO IP ADdress
TCMCE-ROUTER(config-if)#NO SHutdown
TCMCE-ROUTER(config-if)#EXIT
TCMCE-ROUTER(config-subif)#INTERface F0/0.1
TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 1
TCMCE-ROUTER(config-subif)#IP ADdress 10.1.0.1 255.255.255.0
TCMCE-ROUTER(config-subif)#EXIT
TCMCE-ROUTER(config)#INTERface F0/0.2
TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 2
TCMCE-ROUTER(config-subif)#IP ADdress 10.2.0.1 255.255.255.0
TCMCE-ROUTER(config-subif)#EXIT
TCMCE-ROUTER(config)#INTERface F0/0.3
TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 3
TCMCE-ROUTER(config-subif)#IP ADdress 10.3.0.1 255.255.255.0
TCMCE-ROUTER(config-subif)#EXIT
TCMCE-ROUTER(config)#EXIT
TCMCE-ROUTER#
TCMCE-ROUTER#CONFIGURE TERMINAL
TCMCE-ROUTER(config)#IP DHcp Pool KUMAR-1
TCMCE-ROUTER(dhcp-config)#NEtwork 10.1.0.0 255.255.255.0
TCMCE-ROUTER(dhcp-config)#DEfault-router 10.1.0.1
TCMCE-ROUTER(dhcp-config)#DNs-server 10.1.0.10
TCMCE-ROUTER(dhcp-config)#EXIT
TCMCE-ROUTER(config)#IP DHcp Pool KUMAR-2
TCMCE-ROUTER(dhcp-config)#NEtwork 10.2.0.0 255.255.255.0
TCMCE-ROUTER(dhcp-config)#DEfault-router 10.2.0.1
TCMCE-ROUTER(dhcp-config)#DNs-server 10.2.0.10
TCMCE-ROUTER(dhcp-config)#EXIT
TCMCE-ROUTER(config)#IP DHcp Pool KUMAR-3
TCMCE-ROUTER(dhcp-config)#NEtwork 10.3.0.1 255.255.255.0
TCMCE-ROUTER(dhcp-config)#DEfault-router 10.3.0.1
TCMCE-ROUTER(dhcp-config)#DNs-server 10.3.0.10
TCMCE-ROUTER(dhcp-config)#EXIT
TCMCE-ROUTER#
TCMCE-ROUTER#CONFIGURE TERMINAL
TCMCE-ROUTER(config)#INTERface S0/3/0
TCMCE-ROUTER(config-if)#IP ADdress 192.168.1.1 255.255.255.0
TCMCE-ROUTER(config-if)#NO SHutdown
TCMCE-ROUTER(config-if)#EXIT
TCMCE-ROUTER(config)#ROuter OSpf 100
TCMCE-ROUTER(config-router)#NEtwork 192.168.1.0 0.0.0.255 Area 0
TCMCE-ROUTER(config-router)#NEtwork 10.1.0.0 0.0.0.255 Area 0
TCMCE-ROUTER(config-router)#NEtwork 10.2.0.0 0.0.0.255 Area 0
TCMCE-ROUTER(config-router)#EXit
TCMCE-ROUTER(config)#EXit
TCMCE-ROUTER#
70

REFERENCES
CCNA by Todd Lammle
www.wikipedia.com
www.google.com
www.answer.com
http://www.cisco.com/web/learning/index.html

71

72