Professional Documents
Culture Documents
ON
(ROUTING WITH OSPF USING EXTENDED ACCESS LIST & NAT)
*SIX MONTHS INDUSTRIAL TRAINING
TRAINING PROVIDED BY
CMC Limited NOIDA
( A TATA Enterprise & A Subsidiary of TCS Limited )
IN
NETWORKING (CCNA)
SUBMITTED BY:
KUMAR ABHISHEK
Kr.abhishek1991@gmail.com
Mb. +918586811891
B. Tech - (2009-TCEC-1062)
ACKNOWLEDGEMENT
I feel pride and privileged in expressing my deep sense of gratitude to all those who
have helped me in presenting this assignment. I express my sincere gratitude to
Mr. Sunil Kumar for their inspiration, constructive suggestions, mastermind analysis
and affectionate guidance in my work. It was all impossible for me to complete this
project without their guidance and all.
Last but not the least I would like to add my deepest gratitude for my entire faculty of
ECE Department 6th & 7th Sem. at TCMCE from where I have learnt the
basics of Computer Networking which helped me a lot in completion of this project.
Preface
The quest for knowledge can never end .The deeper you dig the greater the unexplored seems
to be no man can honestly say?
That he has learned all that this world has to offer we cant achieve anything worthwhile in
any field only on basis theoretical from the book, programmatically knowledge obtains
through working at zero level and gaining experience, in my view In order to achieve
tangible positive and concert result, the classroom knowledge needs to be effective wedded to
the realities of the situation existing outside the classroom.
CMC Center is one of the leading public sector organizations in the country in
the area of development. The keen interest of the technical CMC Center, in explaining the
various processes has helped me to add much more in my knowledge and I am really too
grateful to all the members of CMC Center. To such great heights as achieved by CMC
Center nationally and globally during part few year.
COMPANYPROFILE
CMC Limited a Tata Enterprise is a premier information technology company with an all
India presence having ISO 9001-2000 certification for its R&D Center & System Integration
(NR group). CMC Limited has been conducting computer-training program for various
organizations since 1978. Large and complex project management capabilities since its
incorporation in 1975, CMC has an enviable record of successfully building IT solutions for
massive and complex infrastructure and market projects.
Take, for instance, just three of the many major projects
undertaken by CMC:
A passenger ticketing and reservation system for Indian Railways, which runs 6,000
passenger trains carrying over 10 million passengers a day, on a 90,000-km railway network
covering around 8,000 railway stations.
Cargo handling system is a comprehensive online real time cargo handling system to
integrate all complex and varied activities of container terminals. This system has been
implemented for several Indian and International ports.
An online transaction processing system for the Bombay Stock Exchange, which handles
millions of securities trading transactions every day.
CMC LTD has been imparting corporate trainings for the renowned leading organizations like
Tech Mahindra, HCL Technologies, Tata Consultancy Services Tata motors and so on. We
have already Trained 400 employees of Tech Mahindra & more than 800 employees of HCL
under the ILP since July 2006. To add on , at NOIDA, we have an online testing facility from
Pearsons Vue for the candidates, interested in going for vendor certification on the
technology. We are also proud to have world-class trainers for providing in-depth
understanding of the topics. Apart from that we have tie-ups with various academic
institutions imparting technical education such as engineering colleges pan India for Project
based Industrial training on .Net / JAVA / PHP / Embedded Systems and Oracle.
ABSTRACT
OPEN SHORTEST PATH FIRST (OSPF)
OPEN SHORTEST PATH FIRST (OSPF) is an open standards routing protocol that
been implemented by a wide verity of network vendors, including Cisco. If we
have multiple routers and not of them are Cisco. If it is a large networks, then
really your only options are OSPF or something called route redistribution- a
translation service between routing protocols.
This works by using the Dijkstra algorithm. First a shortest path tree is constructed
and then the routing table is populated with the resulting best paths. OSPF
converges quickly, although perhaps not so quickly as EIGRP, and supports multiple,
equal cost routers to use the same destination.
VIRTUAL LANs (VLANs)
VLAN Basics
As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain
created by switches. Normally, it is a router creating that broadcast domain. With VLANs, a
switch can create the broadcast domain.
This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the
default VLAN. All ports in a single VLAN are in a single broadcast domain.
Because switches can talk to each other, some ports on switch A can be in VLAN 10 and
other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be
seen on any other port in any other VLAN, other than 10. However, these devices can all
communicate because they are on the same VLAN. Without additional configuration, they
would not be able to communicate with any other devices, not in their VLAN.
Are VLANs required?
It is important to point out that you dont have to configure a VLAN until your network gets
so large and has so much traffic that you need one. Many times, people are simply using
VLANs because the network they are working on was already using them.
Another important fact is that, on a Cisco switch, VLANs are enabled by default and ALL
devices are already in a VLAN. The VLAN that all devices are already in is VLAN 1. So, by
default, you can just use all the ports on a switch and all devices will be able to talk to one
another.
When do I need a VLAN?
You need to consider using VLANs in any of the following situations:
There are three different modes in which a VLAN can be configured. These modes are
covered below:
VLAN Switching Mode The VLAN forms a switching bridge in which frames are
forwarded unmodified.
VLAN Translation Mode VLAN translation mode is used when the frame tagging
method is changed in the network path, or if the frame traverses from a VLAN group
to a legacy or native interface which is not configured in a VLAN. When the packet is
to pass into a native interface, the VLAN tag is removed so that the packet can
properly enter the native interface.
VLAN Routing Mode When a packet is routed from one VLAN to a different
VLAN, you use VLAN routing mode. The packet is modified, usually by a router,
which places its own MAC address as the source, and then changes the VLAN ID of
the packet.
VLAN configurations
VLAN ID The VLAN ID is a unique value you assign to each VLAN on a single
device. With a Cisco routing or switching device running IOS, your range is from 14096. When you define a VLAN you usually use the syntax "vlan x" where x is the
number you would like to assign to the VLAN ID. VLAN 1 is reserved as an
administrative VLAN. If VLAN technologies are enabled, all ports are a member of
VLAN 1 by default.
VLAN Name The VLAN name is an text based name you use to identify your
VLAN, perhaps to help technical staff in understanding its function. The string you
use can be between 1 and 32 characters in length.
Private VLAN You also define if the VLAN is to be a private vlan in the VLAN
definition, and what other VLAN might be associated with it in the definition section.
When you configure a Cisco VLAN as a private-vlan, this means that ports that are
members of the VLAN cannot communicate directly with each other by default.
Normally all ports which are members of a VLAN can communicate directly with
each other just as they would be able to would they have been a member of a standard
network segment. Private vlans are created to enhance the security on a network
where hosts coexisting on the network cannot or should not trust each other. This is a
common practice to use on web farms or in other high risk environments where
communication between hosts on the same subnet are not necessary. Check your
Cisco documentation if you have questions about how to configure and deploy private
VLANs.
VLAN modes in Cisco IOS, there are only two modes an interface can operate in,
"mode access" and "mode trunk". Access mode is for end devices or devices that will
not require multiple VLANs. Trunk mode is used for passing multiple VLANs to
other network devices, or for end devices that need to have membership to multiple
VLANs at once. If you are wondering what mode to use, the mode is probably "mode
access"
Router
Switch
Access Point
Cables
Straight cable
Serial cable
PC
Contents
1. Introduction to 2800 series router
2. Introduction to Computer networking concept
2.1 Network
2.2 Types of Network
2.3Network Topology
2.3.1 Types of Network Topology
3. Basic hardware component
4. Network cabling
5. Network models and protocols
5.1 OSI Model
5.2 TCP/IP Model
6. IP addressing
7. Router
8.1 Routing
8.2 Routing Protocol
8.2.1 RIPv1
8.2.2 RIPv2
8.2.3 EIGRP
8.2.4 OSPF
9. ACL
10. NAT
10.1Types of NAT
11. CDP
12. IPv6
13. WAN
14. Configuring Routing with EIGRP using extended ACL
Wired Network: A network that connects devices using cables (wires) like Coaxial
Cable, Twisted pair Cable, Optical Fibre Cable etc.
Wireless Network: A network that connects devices using wireless technologies like
Bluetooth, infrared, radio frequency etc.
According To the Functional Relationship (Network Architecture)
Peer to peer network (Workgroup)
A Workgroup is a collection of computers on a local area network (LAN) that share
common resources and responsibilities. Workgroups provide easy sharing of files,
printers and other network resources. Being a peer-to-peer (P2P) network design, each
Workgroup computer may both share and access resources if configured to do so.
Workgroups are designed for small LANs in homes, schools, and small businesses. A
Windows Workgroup, for example, functions best with 15 or fewer computers. As the
number of computers in a workgroup grows, workgroup LANs eventually become too
difficult to administer and should be replaced with alternative solutions like domains or
other client/server approaches.
Client-Server Network (Domain)
Topology refers to the way in which the network of computers is connected. Each
topology is suited to specific tasks and has its own advantages and disadvantages. The
choice of topology is dependent upon--Type and number of equipment being used
Planned applications and rate of data transfers
Required response times
Cost
23.1 Types of Network Topologies
Physical Topology: Physical topology defines how devices are connected to the
network through the actual cables that transmit data ( physical structure of the network)
In a bus topology:
A single cable connects each workstation in a linear, daisy-chained fashion.
Signals are broadcasted to all stations, but stations only act on the frames addressed to
them.
2. RING
Unidirectional links connect the transmit side of one device to the receive side of
another device.
Devices transmit frames to the next device (downstream member) in the ring.
3. STAR
The Switch transmits the data to the dedicated device for which the data is meant for.
LAN Transmission Methods.
o
o
o
o
In Broadcast Process:
The source addresses the packet with the broadcast address.
The packet is sent into the network.
The network copies the packet.
The packet copies are delivered to all destinations on the network.
broadcast address. It does this in a rudimentary way; it simply copies the data to all of
the Nodes connected to the hub (broadcast).
Bridges
Figure: Switches
A switch is a device that performs switching. Specifically, it forwards and filters OSI
layer 2 datagram (chunk of data communication) between ports (connected cables)
based on the Physical-Addresses in the packets. This is distinct from a hub in that it
only forwards the datagram to the ports involved in the communications rather than all
ports connected.
A switch normally has numerous ports with the intention that most or all of the
networks be connected directly to a switch, or another switch that is in turn connected
to a switch.
Routers
Introduction
In 1983, the International Standards Organization (ISO) developed a model
called Open Systems Interconnection (OSI) which is a standard reference model
20
for communication between two end users in a network. The model is used in
developing products and understanding networks.
Layers in the OSI Model
OSI divides Telecommunications into Seven Layers. Each layer is responsible
for a particular aspect of data communication. For example, one layer may be
responsible for establishing connections between devices, while another layer
may be responsible for error checking during transfer.
Layer 7: The Application Layer...
The Application Layer is the highest layer in the protocol stack and the layer
responsible for introducing data into the OSI stack. Here reside the protocols for
user applications that incorporate the components of network applications.
The applications can be classified as:
Computer applications
Network applications
Internetwork applications
Computer Applications
Applications
Presentation
Graphics
Database
Word Processing
Spreadsheet
Design/Manufactur
ing
Others
Network Applications
Network
Management
Information
Location
Remote Location
Electronic Mail
File Transfer
Client/Server
Process
Others
Internetwork
Data representation: The presentation layer of the OSI model at the receiving
computer is also responsible for the conversion of the external format with
which data is received from the sending computer to one accepted by the other
layers in the host computer. Data formats include postscript, ASCII, or BINARY
such as EBCDIC (fully Extended Binary Coded Decimal Interchange Code).
Data security:Some types of encryption (and decryption) are performed at the
presentation layer. This ensures the security of the data as it travels down the
protocol stack. For example, one of the most popular encryption schemes that is
usually associated with the presentation layer is the Secure Sockets Layer (SSL)
protocol.
Data compression:Compression (and decompression) may be done at the
presentation layer to improve the throughput of data.
Layer 5: The Session Layer...
The Session Layer establishes, manages, and terminates sessions (different from
connections) between applications as they interact on different hosts on a
network. Its main job is to coordinate the service requests and responses
between different hosts for applications.
The sessions established between hosts can be:
Simplex:Simplex transmission is like a one-way street where traffic moves in
only one direction. Simplex mode is a one-way-only transmission, which means
that data can flow only in one direction from the sending device to the receiving
device.
Half Duplex: Half Duplex is like the center lane on some three-lane roads. It is
a single lane in which traffic can move in one direction or the other, but not in
both directions at the same time. Half-duplex mode limits data transmission
22
because each device must take turns using the line. Therefore, data can flow
from A to B and from B to A, but not at the same time.
23
This layer manages the end-to-end control (for example, determining whether all
packets have arrived) and error-checking. It ensures complete data transfer.
The Basic Transport Layer Services are:
Resource Utilization (multiplexing): Multiple applications run on the same
machine but use different ports.
Connection Management (establishing & terminating): The second major
task of Transport Layer is establishing connection between sender & the
receiver before data transmission starts & terminating the connection once the
data transmission is finished
Flow Control (Buffering / Windowing): Once the connection has occurred
and transfer is in progress, congestion of the data flow can occur at a destination
for a variety of reasons.
Layer 3: The Network Layer...
The Network Layer is responsible for identifying computers on a network.
This layer is concerned with 2 functions:
Routing: It is the process of selecting the best paths in a network along which
to send data on physical traffic.
24
The data link layer provides error-free transfer of data frames from one node to
another over the physical layer, allowing layers above it to assume virtually
error-free transmission over the link. To do this, the data link layer provides:
Frame Traffic Control: tells the transmitting node to "stop when no frame
buffers are available.
Frame Sequencing: transmits/receives frames sequentially.
Frame Acknowledgment: provides/expects frame acknowledgments. Detects
and recovers from errors that occur in the physical layer by retransmitting nonacknowledged frames and handling duplicate frame receipt.
Frame Delimiting: creates and recognizes frame boundaries.
Link Establishment and Termination: establishes and terminates the logical
link between two nodes.
Frame Error Checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use
the physical medium.
Data Link Sub layers
Logical Link Control (LLC): The LLC is concerned with managing traffic
(flow and error control) over the physical medium and may also assign sequence
numbers to frames and track acknowledgements. LLC is defined in the IEEE
802.2 specification and supports both connectionless and connection-oriented
services used by higher-layer protocols.
Media Access Control (MAC): The MAC sub layer controls how a computer
on the network gains access to the data and permission to transmit it.
Devices Used
Application Layer
Presentation Layer
-----------
Session Layer
-----------
Transport Layer
Layer 4 switches
Network Layer
Physical Layer
Hubs,
Repeaters,
cables & connectors
Network
26
sends an HTTP command to the Web server directing it to fetch and transmit the
requested Web page. Port Number :80
NFS: Network File System, a client/serverapplication that allows all network
users to access shared files stored on computers of different types. Users can
manipulate shared files as if they were stored locally on the user's own hard
disk. Port Number :2049
SMTP:SimpleMailTransfer Protocol, a protocol for sending e-mail messages
between servers. In addition, SMTP is generally used to send messages from a
mail client to a mail server. Port Number :25
POP3:PostOfficeProtocol, a protocol used to retrieve e-mail from a mail server.
Most e-mail applications (sometimes called an e-mail client) use the POP,
although some can use the newer IMAP (Internet Message Access Protocol)as a
replacement for POP3 Port Number :110
TFTP:TrivialFileTransfer Protocol, a simple form of the File Transfer Protocol
(FTP). TFTP provides no security features. It is often used by servers to boot
diskless workstations, X-terminals, and routers. Port Number :69
DNS: Domain Name System (or Service or Server), an Internet service that
translates domain names into IP addresses. Because domain names are
alphabetic, they're easier to remember. The Internet however, is really based on
IP addresses. Every time you use a domain name, a DNS service must translate
the name into the corresponding IP address. For example, the domain name
www.example.com might translate to 198.105.232.4. Port Number :53
DHCP:DynamicHostConfiguration Protocol, a protocol for assigning
dynamicIP addresses to devices on a network. With dynamic addressing, a
device can have a different IP address every time it connects to the network.
Dynamic addressing simplifies network administration because the software
keeps track of IP addresses rather than requiring an administrator to manage the
task. Port Number : 67(Server),68(Client)
BOOTP:Bootstrap Protocol (BOOTP) is utilized by diskless workstations to
gather configuration information from a network server. This enables the
workstation to boot without requiring a hard or floppy disk drive. Port Number :
67(Server),68(Client)
SNMP: Simple Network Management Protocol, a set of protocols for managing
complex networks. SNMP works by sending messages, called protocol data
units (PDUs), to different parts of a network. Port Number :161
Addresses Used
Application Layer
Port Numbers
Transport Layer
Socket Address
Network Layer
I.P. Address
Physical Address
Port Numbers
A port number is a way to identify a specific process to which an Internet or
other network message is to be forwarded when it arrives at a server.
The port numbers are divided into three ranges:
The Well Known Ports: Range from 0 through 1023. The Well Known port
numbers are registered by the IANA and are already assigned to the Well
Known protocols. Well Known port numbers can only be used by system (or
root) processes or by programs executed by privileged users.
The Registered Ports: Range from 1024 through 49151. The registered port
numbers are also registered by the IANA. The Registered Ports are listed by the
IANA and on most systems can be used by ordinary user processes or programs
executed by ordinary users.
The Dynamic and/or Private Ports: Range from 49152 through 65535. The
Dynamic port numbers are available for use by any application used for
communicating with any other application, using the Internet's Transmission
Control Protocol (TCP) or the User Datagram Protocol (UDP).
Socket Address
Socket address is a combination of Port Number for a particular process & the
I.P. address of the host.
I.P. Address (Logical Address)
There are two different versions of I.P. address: IPv4 & IPv6.
29
IPv4
IPv4 is a 32 bit numeric address used for data communication at the internet
layer. This has been in use for more than 20 years and served well but growing
number of devices in networks has forced us to go for a new addressing scheme
and here comes IPv6.
IP address will be discussed in more details in the coming Sessions.
IPv6
IP Version 6 (IPv6) is the newest version of IP, sometimes called IPng for IP,
Next Generation. IPv6 is fairly well defined but is not yet widely deployed.
The main differences between IPv6 and the current widely-deployed version of
IP (which is IPv4) are:
IPv6 uses larger addresses (128 bits instead of 32 bits in IPv4) and so can
support many more devices on the network.
IPv6 includes features like authentication and multicasting that had been
bolted on to IPv4 in a piecemeal fashion over the years.
Physical Address (Hardware Address/MAC Address)
The MAC (Media Access control) address is a unique value associated with a
network adapter. They uniquely identify an adapter on a LAN. MAC addresses
are 12-digit hexadecimal numbers (48 bits in length).
By convention, MAC addresses are usually written in one of the following two
formats:
MM:MM:MM:SS:SS:SS
MM-MM-MM-SS
The first half (24 bits) of a MAC address contains the ID number of the adapter
manufacturer (Vendor ID). The second half(24 bits) of a MAC address
represents the serial number assigned to the adapter by the manufacturer. In the
example,
00:A0:C9:14:C8:29
The prefix 00A0C9 indicates the manufacturer is Intel Corporation.
24 bits
Vendor ID
24 bits
Adaptor ID
6. IP Addressing
An Introduction
If a device wants to communicate using TCP/IP, it needs an IP address. I.P.
addressing was designed to allow hosts on one network to communicate with a
30
host on a different network regardless of the type of LANs the hosts are
participating in. When the device has an IP address and the appropriate software
and hardware, it can send and receive IP packets. Any device that can send and
receive IP packets is called an IP host.
IP Terminology
The important terms vital to the understanding of the Internet Protocol are:
Bit: A bit is one digit, either a 1 or a 0.
Byte: A byte is 8 bits.
Octet: An octet, made up of 8 bits, is just an ordinary 8-bit binary number. In
this Session, the terms byte and octet are completely interchangeable.
Network address: This is the designation used in routing to send packets to a
remote networkfor example, 10.0.0.0, 172.16.0.0, and 192.168.10.0.
Broadcast address: The address used by applications and hosts to send
information to all nodes on a network is called the broadcast address. Examples
include 255.255.255.255, which is all networks, all nodes; 172.16.255.255,
which is all subnets and hosts on network 172.16.0.0; and 10.255.255.255,
which broadcasts to all subnets and hosts on network 10.0.0.0.
IP addresses use the same type of layered structure. Rather than all 32 bits being
treated as a unique identifier, as in flat addressing, a part of the address is
designated as the network address and the other part is designated as either the
subnet and host or just the node address.
Network Addressing
A Brief Explanation of Network Addressing
The network address(which can also be called the network number) uniquely
identifies each network. Every machine on the same network shares that
network address as part of its IP address. In the IP address 172.16.30.56, for
example, 172.16 is the network address.
The node addressis assigned to, and uniquely identifies, each machine on a
network. This part of the address must be unique because it identifies a
particular machinean individualas opposed to a network, which is a group.
This number can also be referred to as a host address. In the sample IP address
172.16.30.56, the 30.56 is the node address.
The designers of the Internet decided to create classes of networks based on
network size. For the small number of networks possessing a very large number
of nodes, they created the rank, Class A network. At the other extreme is the
Class C network, which is reserved for the numerous networks with a small
number of nodes. The class distinction for networks between very large and
very small is predictably called the Class B network.
Subdividing an IP address into a network and node address is determined by the
class designation of ones network.
Classes
8 bits
8 bits
8 bits
8 bits
Class A:
Network
Host
Host
Host
Class B:
Network
Network
Host
Host
Class C:
Network
Network
Network
Host
Class D:
Multicast
Class E:
Research
Table: Classes of I.P. Address
Class A Network: binary address start with 0, therefore the decimal number can
be anywhere from 1 to 126. The first 8 bits (the first octet) identify the network
and the remaining 24 bits indicate the host within the network. An example of a
Class A IP address is 102.168.212.226, where "102" identifies the network and
"168.212.226" identifies the host on that network.
Class B Network: binary addresses start with 10, therefore the decimal number
can be anywhere from 128 to 191. The first 16 bits (the first two octets) identify
the network and the remaining 16 bits indicate the host within the network. An
example of a Class B IP address is 168.212.226.204 where "168.212" identifies
the network and "226.204" identifies the host on that network.
32
Class
Left
bits
A:
most
Start Address
Finish Address
0xxx
0.0.0.0
127.255.255.255
B:
10xx
128.0.0.0
191.255.255.255
C:
110x
192.0.0.0
223.255.255.255
D:
1110
224.0.0.0
239.255.255.255
E:
1111
240.0.0.0
255.255.255.255
Format
network.node.node.node
Network.network.node.node
Network.network.network.nod
255.0.0.0
255.255.0.0
255.255.255.0
33
e
Table: Default Subnet Mask
6.1 Subnetting
Subnetting is basically just a way of splitting a TCP/IP network into smaller,
more manageable pieces. The basic idea is that if you have an excessive amount
of traffic flowing across your network, then that traffic can cause your network
to run slowly. When you subnet your network, you are splitting the network into
a separate, but interconnected network.
The various advantages of subnetting are:
Reduced network traffic: We all appreciate less traffic of any kind. Networks
are no different. Without trusty routers, packet traffic could grind the entire
network down to a near standstill. With routers, most traffic will stay on the
local network; only packets destined for other networks will pass through the
router. Routers create broadcast domains. The more broadcast domains you
create, the smaller the broadcast domains and the less network traffic on each
network segment.
Optimized network performance: This is a result of reduced network traffic.
Simplified management: Its easier to identify and isolate network problems in
a group of smaller connected networks than within one gigantic network.
Facilitated spanning of large geographical distances: Because WAN links are
considerably slower and more expensive than LAN links, a single large network
that spans long distances can create problems in every area.
First host
1
129
Last host
126
254
Broadcast
127
255
Practice Example #2C: 255.255.255.192 (/26)
In this second example, were going to subnet the network address 192.168.10.0
using the subnet mask 255.255.255.192.
192.168.10.0 = Network address
255.255.255.192 = Subnet mask
Now, lets answer the big five:
How many subnets?
Since 192 is 2 bits on (11000000), the answer would be 22 = 4 subnets.
How many hosts per subnet?
We have 6 host bits off (11000000), so the equation would be 26 2 = 62 hosts.
What are the valid subnets?
256 192 = 64. Remember, we start at zero and count in our block size, so our
subnets are 0, 64, 128, and 192.
Whats the broadcast address for each subnet?
The number right before the value of the next subnet is all host bits turned on
and equals the broadcast address. For the zero subnet, the next subnet is 64, so
the broadcast address for the zero subnet is 63.
What are the valid hosts?
These are the numbers between the subnet and broadcast address. The easiest
way to find the hosts is to write out the subnet address and the broadcast
address. This way, the valid hosts are obvious. The following table shows the 0,
64, 128, and 192 subnets, the valid host ranges of each, and the broadcast
address of each subnet:
The subnets (do this first)
0 64 128 192
Our first host (perform host addressing last)
1 65 129 193
Our last host
62126 190 254
The broadcast address (do this second)
63 127 191 255
7.ROUTER
Introduction
Routers are nothing more than a special type of PC. Routers and PCs both
have some of the same components such as a motherboard, RAM, and an
operating system. The main difference is between a router and standard PC, is
that a router performs special tasks to control or "route" traffic between two or
more networks. They operate at layer 3 of the OSI model.
36
Hardware Components
There are 7 major internal components of a router:
CPU
Internetwork Operating System (IOS)
RAM
NVRAM
Flash
ROM
Console
Interfaces
CPU
The CPU performs functions just as it does in a normal PC. It executes
commands given by the IOS using other hardware components. High-end
routers may contain multiple processors or extra slots to add more CPUs later.
IOS
The IOS is the main operating system on which the router runs. The IOS is
loaded upon the routers boot up. It usually is around 2 to 5MB in size, but can
be a lot larger depending on the router series. The IOS is currently on version
12, and they periodically releases minor versions every couple of months e.g.
12.1, 12.3 etc. to fix small bugs and also add extra functionality.
The IOS gives the router its various capabilities and can also be updated or
downloaded from the router for backup purposes.
RAM
Random Access Memory; this component is dynamic. Meaning, its content
changes constantly. The main role of the RAM is to hold the ARP cache, Store
routing tables, hold fast-switching cache, performs packet buffering, and hold
queues. It also provides temporary memory for the configuration file of the
router while the router is powered on. However, the RAM loses content when
router is restarted or powered off. This component is upgradeable!
NVRAM
Nonvolatile RAM is used to store the startup configuration files. This type of
RAM does not lose its content when the router is restarted or powered off.
Flash
Flash memory is very important. It holds the Cisco IOS image file, as well as
backups. This flash memory is classified as an EEPROM (Electronically
Erasable Programmable Read Only Memory). The flash ROM is upgradeable in
most Cisco routers.
ROM
The ROM performs the same operations as a BIOS. It holds information about
the systems hardware components and runs POST when the router first starts
up. This component can be upgraded by "unplugging" the chip and installing a
new one. A ROM upgrade ensures newer versions of the IOS.
Console
The console consists of the physical plugs and jacks on the router. The purpose
of the console is to provide access for configurations.
Interfaces
The interfaces provide connectivity to LAN, WAN, and Console/Aux. They can
be RJ-45 jacks soldered onto the motherboard, transceiver modules, or card
modules. Cisco routers, especially the higher-end models, can be configured in
37
many different ways. They can use a combination of transceivers, card modules
and onboard interfaces.
ROUTER MODES
User mode
User can examine router status and operation.
Configuration cannot be viewed or altered from user mode
Prompt : router>
Privileged mode (root)
Complete control over the router (anything can be set or reset)
Configuration cannot be altered
Prompt : router#
Configuration mode
Used only for change of configuration
Not password protected from privileged mode
Privileged mode commands dont have meaning in configuration mode
Most statements can be removed from the configuration with the prefix no (ex.
no shutdown)
Prompt : router(config)#
Router Configuration
There are two router configurations:
The Active configuration (show running-config)
The startup configuration (show startup-config)
Summary of Router Modes
Mode Name
Router>
Router#
Router(config)#
Router(config-if)#
Router(config-subif)#
Router(config-line)#
Router(config-router)#
Description
User Mode
Privileged Mode
Global configuration mode
Interface mode
Subinterface mode
Line mode
Router configuration mode
8.1 ROUTING
The term routing is used for taking a packet from one device and sending it
through the network to another device on a different network. Routers dont
really care about hoststhey only care about networks and the best path to each
network. The logical network address of the destination host is used to get
packets to a network through a routed network, and then the hardware address
of the host is used to deliver the packet from a router to the correct destination
host.
If your network has no routers, then it should be apparent that you are not
routing. Routers route traffic to all the networks in your internetwork. To be able
to route packets, a router must know, at a minimum, the following:
Destination address
38
39
Troubleshooting IP RIP
Once you have configured IP RIP, you have a variety of commands available to
view and
troubleshoot your configuration and operation of RIP:
_ showip protocols
_ showip route
_ debug ip rip
8.2.2 RIP Version 2 (RIPv2)
RIP version 2 is mostly the same as RIP version 1. Both RIPv1 and RIPv2 are
distance-vector
protocols, which means that each router running RIP sends its complete routing
tables out all
active interfaces at periodic time intervals. Also, the timers and loop-avoidance
schemes are the
same in both RIP versions (i.e., holddown timers and split horizon rule), and
both have the same
administrative distance (120).
But there are some important differences that make RIPv2 more scalable than
RIPv1.
40
show ip route
show ipeigrp neighbors
show ipeigrp topology
show ipeigrp traffic
debug ipeigrp
The Cisco Access Control List (ACL) is are used for filtering traffic based on
a given filtering criteria on a router or switch interface. Based on the
conditions supplied by the ACL, a packet is allowed or blocked from further
movement.
Cisco ACLs are available for several types of routed protocols including IP,
IPX, AppleTalk, XNS, DECnet, and others. However, we will be discussing
ACLs pertaining to TCP/IP protocol only.
ACLs for TCP/IP traffic filtering are primarily divided into two types:
Standard Access Lists, and
Extended Access Lists
Standard Access Control Lists: Standard IP ACLs range from 1 to 99. A
Standard Access List allows you to permit or deny traffic FROM specific IP
addresses. The destination of the packet and the ports involved can be
anything.
This is the command syntax format of a standard ACL.
access-list access-list-number {permit|deny}
{host|sourcesource-wildcard|any}
Standard ACL example:
access-list 10 permit 192.168.2.0 0.0.0.255
This list allows traffic from all addresses in the range 192.168.2.0 to
192.168.2.255
Note that when configuring access lists on a router, you must identify each
access list uniquely by assigning either a name or a number to the protocol's
access list.
There is an implicit deny added to every access list. If you entered the
command:
show
The output looks like:
access-list
10
access-list 10 deny any
access-list
permit
10
192.168.2.0
0.0.0.255
Class A
Class B
Class C
10.0.0.0 / 8
172.16.0.0 / 12
192.168.0.0 /16
Note that the masks used with the RFC 1918 private addresses are NOT the
default masks for Class A, B, and C.
These IP addresses are not used on any public networks. By public networks,
we mean networks connected to the Internet. Its my experience that the Class
C 1918 addresses are the most commonly used by offices, banks, and other
organizations.
If a bank and a school in your home city are both using the 192.168.0.0 /16
network on their internal networks, theres no problem until some of the users
on either network want to access the Internet.
What's Wrong With Private Addresses?
Using private addresses is fine until a host using a private address wants to
communicate with a device on the Internet. In this situation, no user on a
private network can successfully communicate with an Internet host.
These networks can communicate with Internet hosts by using NAT. NAT
stands for Network Address Translation, and that's exactly what is going to
happen: the RFC 1918 source address is going to be translated to another
address as it leaves the private network, and it will be translated back to its
original address as the return data enters the private network.
If a limited number of hosts on a private network need Internet access, static
NAT may be the appropriate choice. Static NAT maps a private address to a
public one.
In this example, there are three internal PCs on an RFC1918 private network.
The router's ethernet0 interface is connected to this network, and the Internet
is reachable via the Serial0 interface.
The IP address of the serial interface is 210.1.1.1 /24, with all other addresses
on the 210.1.1.0 /24 network available. Three static mappings are needed to
use Static NAT.
Configuring the interfaces for Network Address Translation. The Ethernet
network is the inside network; the Serial interface leading to the Internet is
the outside network.
R3(config)#interface ethernet0
R3(config-if)#ip address 10.5.5.8 255.0.0.0
R3(config-if)#ipnat inside
R3(config-if)#interface serial0
R3(config-if)#ip address 210.1.1.1 255.255.255.0
R3(config-if)#ipnat outside
The static mappings are created and verified.
46
R3#conf t
R3(config)#ipnat inside source static 10.5.5.5 210.1.1.2
R3(config)#ipnat inside source static 10.5.5.6 210.1.1.3
R3(config)#ipnat inside source static 10.5.5.7 210.1.1.4
R3#show ipnat translations
Pro Inside global
Inside local
--- 210.1.1.2
10.5.5.5
--- 210.1.1.3
10.5.5.6
--- 210.1.1.4
10.5.5.7
Outside local
-------------
Outside global
In the example shown in Figure 1.2, host 10.1.1.1 sends an outbound packet to
the border router configured with NAT. The router identifies the IP address as
an inside local IP address destined for an outside network, translates the
address, and documents the translation in the NAT table.
The packet is sent to the outside interface with the new translated source
address. The external host returns the packet to the destination host and the
NAT router translates the inside global IP address back to the inside local IP
address using the NAT table. This is as simple as it gets.
Lets take a look at a more complex configuration using overloading, or what
is also referred to as Port Address Translation (PAT). Ill use Figure 11.3 to
demonstrate how PAT works. With overloading, all inside hosts get translated
to one single IP address, hence the term overloading. Again, the reason we
have not run out of available IP addresses on the Internet is because of
overloading (PAT). Take a look at the NAT table in Figure 11.3 again. In
addition to the inside local IP address and outside global IP address, we now
have port numbers. These port numbers help the router identify which host
should receive the return traffic.
ipnat inside
!
interface Serial0
ip address 170.46.2.1 255.255.255.0
ipnat outside
!
In the preceding router output, the
Ip nat inside source
command identifies which IP
addresses will be translated. In this configuration example, the
ipnat inside source
command
configures a static
translation between the inside local IP address 10.1.1.1 to the outside
global IP address 170.46.2.2.
Dynamic NAT Configuration
Dynamic NAT means that we have a pool of addresses that we will use to
provide real IP addresses to a group of users on the inside. We do not use port
numbers, so we have to have real IP addresses for every user trying to get
outside the local network. Here is a sample output of a dynamic NAT
configuration:
ipnat pool todd 170.168.2.2 170.168.2.25 netmask 255.255.255.0 ipnat inside
source list 1 pool todd
!
interface Ethernet0 ip address 10.1.1.10 255.255.255.0 ipnat inside
!
interface Serial0
ip address 170.168.2.1 255.255.255.0
ipnat outside
!
access-list 1 permit 10.1.1.0 0.0.0.255
The
ipnat inside source list 1 pool todd command tells the router to translate
IP addresses that match access-list 1 to an address found in the IP NAT pool
named todd.
The access list in this case is not being used to permit or deny traffic as we
would use it for security reasons to filter traffic. It is being used in this case to
select or designate what we often call interesting traffic. When interesting
traffic has been matched with the access list, it is pulled into the NAT process
to be translated. This is a common use for access lists; they dont always have
the dull job of just blocking traffic at an interface. The ip nat pool todd
170.168.2.2 192.168.2.254 command creates a pool of addresses that will be
distributed to those hosts that require NAT.
11. CDP
The Cisco Discovery Protocol (CDP) is a proprietary Data Link
Layer network protocol developed by Cisco Systems. It is used to share
information about other directly connected Cisco equipment, such as
the operating system version and IP address. CDP can also be used for On49
12. IPv6
An Internet Protocol Version 6 address (IPv6 address) is a numerical label
that is used to identify a network interface of a computer or other network
node participating in an IPv6-enabled computer network.
IP addresses serve the purpose of uniquely identifying the individual network
interface(s) of a host, locating it on the network, and thus permitting the
routing of IP packets between hosts. For routing, IP addresses are present in
fields of the packet header where they indicate source and destination of the
packet.
IPv6 is the successor to the Internet's first addressing infrastructure, Internet
Protocol version 4 (IPv4). In contrast to IPv4, which defined an IP address as
50
a 32-bit value, IPv6 addresses have a size of 128 bits. Therefore, IPv6 has a
vastly enlarged address space compared to IPv4.
pretty much a successorto X.25, except that much of the technology in X.25
used to compensate for physicalerrors (noisy lines) has been eliminated. An
upside to Frame Relay is that it can be more costeffective than point-to-point
links, plus it typically runs at speeds of 64Kbps up to 45Mbps(T3). Another
Frame Relay benefit is that it provides features for dynamic bandwidth
allocationand congestion control.
ISDN
Integrated Services Digital Network (ISDN) is a set of digital services that
transmit voiceand data over existing phone lines. ISDN offers a cost-effective
solution for remote userswhoneed a higher-speed connection than analog dialup links can give them, and its also a goodchoice to use as a backup link for
other types of links like Frame Relay or T1 connections.
LAPB
Link Access Procedure, Balanced (LAPB) was created to be a connectionoriented
protocol at the Data Link layer for use with X.25, but it can also be used as a
simple data link transport. A not-so-good characteristic of LAPB is that it
tends to create a tremendous amount of overhead due to its strict time-out and
windowing techniques.
LAPD
Link Access Procedure, D-Channel (LAPD) is used with ISDN at the Data
Link layer (layer 2) as a protocol for the D (signaling) channel. LAPD was
derived from the Link Access Procedure, Balanced (LAPB) protocol and is
designed primarily to satisfy the signaling requirements of ISDN basic access.
HDLC
High-Level Data-Link Control (HDLC) was derived from Synchronous Data
Link
Control (SDLC), which was created by IBM as a Data Link connection
protocol. HDLCworks at the Data Link layer and creates very little overhead
compared to LAPB. It wasnt intended to encapsulate multiple Network layer
protocols across the same linkthe HDLC header doesnt contain any
identification about the type of protocol being carried inside the HDLC
encapsulation. Because of this, each vendor that uses HDLC has its own
wayof identifying the Network layer protocol, meaning each vendors HDLC
is proprietary with regard to its specific equipment.
PPP
Point-to-Point Protocol (PPP) is a pretty famous, industry-standard protocol.
Because all multiprotocol versions of HDLC are proprietary, PPP can be used
to create point to-point links between different vendors equipment. It uses a
Network Control Protocol field in the Data Link header to identify the
Network layer protocol and allows authentication and multilink connections to
be run over asynchronous and synchronous links.
PPPoE
Point-to-Point Protocol over Ethernet encapsulates PPP frames in Ethernet
frames
and is usually used in conjunction with ADSL services. It gives you a lot of
the familiar PPP features like authentication, encryption, and compression, but
theres a downsideit has a lower maximum transmission unit (MTU) than
standard Ethernet does, and if your firewall isnt solidly configured, this little
attribute can really give you some grief! Still somewhat popular in the United
53
OSPF configuration:
Giving ip address:
Router>Enable
Router#Configure Terminal
Router(config)#hostname TCMCE-ROUTER
TCMCE-ROUTER(config)#INTERface S0/3/0
TCMCE-ROUTER(config-if)# ip address 192.168.1.1 255.255.255.0
TCMCE-ROUTER (config-if)#no sh
TCMCE-ROUTER (config-if)#exit
Router(config)#hostname MDU-ROUTER
MDU-ROUTER(config)#INTERface S0/3/0
MDU-ROUTER(config-if)# ip address 192.168.1.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
54
MDU-ROUTER(config)#INTERface S1/0
MDU-ROUTER(config-if)# ip address 192.168.2.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
MDU-ROUTER(config)#INTERface S1/1
MDU-ROUTER(config-if)# ip address 192.168.3.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
MDU-ROUTER(config)#INTERface S1/2
MDU-ROUTER(config-if)# ip address 192.168.4.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
MDU-ROUTER(config)#INTERface S1/3
MDU-ROUTER(config-if)# ip address 192.168.5.2 255.255.255.0
MDU-ROUTER (config-if)#no sh
MDU-ROUTER (config-if)#exit
Router(config)#hostname DITM-ROUTER
DITM -ROUTER(config)#INTERface S0/3/1
DITM -ROUTER(config-if)# ip address 192.168.2.1 255.255.255.0
DITM -ROUTER (config-if)#no sh
DITM -ROUTER (config-if)#exit
Router(config)#hostname AICTE-ROUTER
AICTE -ROUTER(config)#INTERface S0/3/1
AICTE -ROUTER(config-if)# ip address 192.168.3.1 255.255.255.0
AICTE -ROUTER (config-if)#no sh
AICTE -ROUTER (config-if)#exit
Router(config)#hostname SBIT-ROUTER
SBIT -ROUTER(config)#INTERface S0/3/1
SBIT -ROUTER(config-if)# ip address 192.168.4.1 255.255.255.0
SBIT -ROUTER (config-if)#no sh
SBIT -ROUTER (config-if)#exit
Router(config)#hostname MHRD-ROUTER
MHRD -ROUTER(config)#INTERface S0/3/1
MHRD -ROUTER(config-if)# ip address 192.168.5.1 255.255.255.0
MHRD -ROUTER (config-if)#no sh
MHRD -ROUTER (config-if)#exit
Show commands:
TCMCE-ROUTER #sh ip route
56
57
58
62
ACL EXTENDED:
Extended access lists can evaluate many of the other fields in the layer 3 and layer 4
headers of an IP packet. They can evaluate source and destination IP addresses, the
protocol field in the Network layer header, and the port number at the Transport layer
header. This gives extended access lists the ability to make much more granular
decisions when controlling traffic.
CONFIGURE EXTENDED ACL:
ROUTER1(config)#ip access-list extended acl1
ROUTER1(config-ext-nacl)#deny tcp 192.168.1.192 0.0.0.63 ho
ROUTER1(config-ext-nacl)#deny tcp 192.168.1.192 0.0.0.63 host 192.168.1.2
ROUTER1(config-ext-nacl)#permit tcp any any
ROUTER1(config-ext-nacl)#192.168.1.192 0.0.0.63 host 192.168.1.2 eq 80
ROUTER1(config-ext-nacl)#permit icmp any any
ROUTER1(config-ext-nacl)#permit ip any any
ROUTER1(config-ext-nacl)#permit udp any any
ROUTER1(config-ext-nacl)#exit
ROUTER1(config)#interface s1/1
ROUTER1(config-if)#ip access-group acl1 in
SHOW COMMAND:
ROUTER1#show access-lists
DHCP CONFIGURATION:
The Dynamic Host Configuration Protocol (DHCP) is a network configuration
protocol for hosts on Internet Protocol (IP) networks. Computers that are connected to
IP networks must be configured before they can communicate with other hosts. The
63
most essential information needed is an IP address, and a default route and routing
prefix. DHCP eliminates the manual task by a network administrator. It also provides
a central database of devices that are connected to the network and eliminates
duplicate resource assignments.
COMMAND:
Router(config)#ip dhcp pool scope1
Router(dhcp-config)#network 192.168.1.65 255.255.255.192
Router(dhcp-config)#default-router 192.168.1.65
Router(dhcp-config)#dns-server 192.168.1.2
Router#show dhcp server
WEB SERVER:
Web servers are computers that deliver (serves up) Web pages. Every Web server has
an IP address and possibly a domain name. For example, if you enter
the URL http://www.pcwebopedia.com/index.html in your browser, this sends a
request to the Web server whose domain name ispcwebopedia.com. The server then
fetches the page named index.html and sends it to your browser.
64
Wi-fi configuration:
Wi-Fi is a popular technology that allows an electronic device to exchange
data wirelessly (using radio waves) over a computer network, including highspeed Internet connections. The Wi-Fi Alliance defines Wi-Fi as any "wireless local
65
area network (WLAN) products that are based on the Institute of Electrical and
Electronics Engineers' (IEEE) 802.11 standards".[1] However, since most modern
WLANs are based on these standards, the term "Wi-Fi" is used in general English as a
synonym for "WLAN".
A device that can use Wi-Fi (such as a personal computer, video game
console, smartphone, tablet, or digital audio player) can connect to a network resource
such as the Internet via a wireless network access point. Such an access point
(or hotspot) has a range of about 20 meters (65 feet) indoors and a greater range
outdoors. Hotspot coverage can comprise an area as small as a single room with walls
that block radio waves or as large as many square miles this is achieved by using
multiple overlapping access points.
Configuring access point:
Selecting SSID:
66
Campus Network of MDU Affiliated And AICTE Approved Colleges And Institutes
67
TCMCE-ROUTER>ENABLE
TCMCE-ROUTER#
TCMCE-ROUTER#CONFIGURE TERMINAL
TCMCE-ROUTER(config)#INTERface F0/0
TCMCE-ROUTER(config-if)#NO IP ADdress
TCMCE-ROUTER(config-if)#NO SHutdown
TCMCE-ROUTER(config-if)#EXIT
TCMCE-ROUTER(config-subif)#INTERface F0/0.1
TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 1
TCMCE-ROUTER(config-subif)#IP ADdress 10.1.0.1 255.255.255.0
TCMCE-ROUTER(config-subif)#EXIT
TCMCE-ROUTER(config)#INTERface F0/0.2
TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 2
TCMCE-ROUTER(config-subif)#IP ADdress 10.2.0.1 255.255.255.0
TCMCE-ROUTER(config-subif)#EXIT
TCMCE-ROUTER(config)#INTERface F0/0.3
TCMCE-ROUTER(config-subif)#ENcapsulation DOt1Q 3
TCMCE-ROUTER(config-subif)#IP ADdress 10.3.0.1 255.255.255.0
TCMCE-ROUTER(config-subif)#EXIT
TCMCE-ROUTER(config)#EXIT
TCMCE-ROUTER#
TCMCE-ROUTER#CONFIGURE TERMINAL
TCMCE-ROUTER(config)#IP DHcp Pool KUMAR-1
TCMCE-ROUTER(dhcp-config)#NEtwork 10.1.0.0 255.255.255.0
TCMCE-ROUTER(dhcp-config)#DEfault-router 10.1.0.1
TCMCE-ROUTER(dhcp-config)#DNs-server 10.1.0.10
TCMCE-ROUTER(dhcp-config)#EXIT
TCMCE-ROUTER(config)#IP DHcp Pool KUMAR-2
TCMCE-ROUTER(dhcp-config)#NEtwork 10.2.0.0 255.255.255.0
TCMCE-ROUTER(dhcp-config)#DEfault-router 10.2.0.1
TCMCE-ROUTER(dhcp-config)#DNs-server 10.2.0.10
TCMCE-ROUTER(dhcp-config)#EXIT
TCMCE-ROUTER(config)#IP DHcp Pool KUMAR-3
TCMCE-ROUTER(dhcp-config)#NEtwork 10.3.0.1 255.255.255.0
TCMCE-ROUTER(dhcp-config)#DEfault-router 10.3.0.1
TCMCE-ROUTER(dhcp-config)#DNs-server 10.3.0.10
TCMCE-ROUTER(dhcp-config)#EXIT
TCMCE-ROUTER#
TCMCE-ROUTER#CONFIGURE TERMINAL
TCMCE-ROUTER(config)#INTERface S0/3/0
TCMCE-ROUTER(config-if)#IP ADdress 192.168.1.1 255.255.255.0
TCMCE-ROUTER(config-if)#NO SHutdown
TCMCE-ROUTER(config-if)#EXIT
TCMCE-ROUTER(config)#ROuter OSpf 100
TCMCE-ROUTER(config-router)#NEtwork 192.168.1.0 0.0.0.255 Area 0
TCMCE-ROUTER(config-router)#NEtwork 10.1.0.0 0.0.0.255 Area 0
TCMCE-ROUTER(config-router)#NEtwork 10.2.0.0 0.0.0.255 Area 0
TCMCE-ROUTER(config-router)#EXit
TCMCE-ROUTER(config)#EXit
TCMCE-ROUTER#
70
REFERENCES
CCNA by Todd Lammle
www.wikipedia.com
www.google.com
www.answer.com
http://www.cisco.com/web/learning/index.html
71
72