CCN 2010

Practical Workbook
Computer Communication Networks
Name : _____________________________
Year : _____________________________
Batch : _____________________________
Roll No : _____________________________
Department: _____________________________
Dept. of Computer & Information Systems Engineering

NED University of Engineering & Technology,
Karachi 75270, Pakistan
Practical Workbook
Computer Communication Networks
Prepared By: M Saqib Ilyas (Assistant Professor),

M Mazher Alam (Ex Assistant Professor)
Syed Abbas Ali (Assistant Professor)
Revised by: Ms. Saneeha Ahmed (Assistant Professor)
Second Edition
2010
Dept. of Computer & Information Systems Engineering

NED University of Engineering & Technology,
Karachi 75270, Pakistan
INTRODUCTION
The days of mainframe computing using dumb terminals is long gone. The present time is the
era of very powerful personal computers, interconnecting with each other and even more well
equipped servers, sometimes connecting across continental boundaries.
Computer Communication Networks is a senior level undergraduate course in Computer and

Information Systems Engineering, which covers various aspects of computer networks. It
covers various classifications of computer networks and gives the students a good grasp on
the various topics in computer networks. This laboratory manual aims to augment the
classroom teaching of the course and to provide the students essential practical knowledge in
the subject.
The first lab deals with networking using a Windows NT Workstation 4.0 based client. In this
lab, the student will setup a small Ethernet LAN based on Windows NT Workstation clients
in a workgroup environment.
The second lab teaches how to make crossover and straight-through UTP cables. This skill
will come in very handy in various trades when the students go into practical life. It
introduces some related standards and equipment used in this regard.
The third lab jumps into Cisco routers. It is a hands-on exercise using some commonly used
Cisco IOS commands. In this lab, the students will learn how to connect to and interact with a
Cisco router.
The fourth lab teaches the students how to copy a new IOS image to a Cisco router as well as
how to backup an IOS image from a router. It uses a TFTP (Trivial File Transfer Protocol)
server on the host computer. The same basic technique is also used to copy and backup router
configuration data.
The fifth lab configures routing using static routes, while the sixth lab introduces dynamic
routing using a simple routing protocol, namely RIP (Routing Information Protocol). In these
two labs, the students will learn how to interconnect several different IP networks. The
seventh lab builds on this and here, the student will learn some advanced configuration
parameters and techniques for RIP.
As careful as one might be, the disaster of lost or forgotten or stolen password will,
nonetheless, strike sooner or later. The ninth lab teaches how to do disaster recovery on a
Cisco router in terms of recovering a forgotten password.
While the tenth lab teaches traffic management techniques using the related Cisco IOS
commands, the eleventh and twelfth labs teach the student how to configure a hub and spoke
frame relay network using Cisco routers and end devices as well as frame relay switch.
The next three labs teach the students how to setup Linux on an x86 machine, and to install
and configure the FTP, Apache, Bind and Samba daemons on it. This list of daemons is by no
means exhaustive and there are many more services available on Linux platforms that the
students are encouraged to try out in the lab in their free time.
3
CONTENTS
Lab Session No. Object Page No.
1 To install network card in Windows NT environment, and perform 7

following configurations: TCP/IP, IP configuration, Default Gateway.
2 To make following UTP Cables: 18

Straight through Cable
Cross Cable
3 To practice some basic commands to interact with the Cisco IOS 24

(Interenetworking Operating System) CLI Software.
4 To copy IOS image and configuration to and from CISCO router. 29
5 Configuring static routes on Cisco routers. 34
6 To configure RIP (Router Information Protocol). 37
7 To study advanced RIP configuration and parameters tuning. 43
8 To configure OSPF (Open Shortest Path First). 47
9 To recover lost router password. 51
10 To study and configure access-lists. 55
To configure hub and spoke frame relay on Cisco routers using

11 multipoint interfaces. 57
To configure hub and spoke frame relay on Cisco routers using point-to-
12 point sub-interfaces. 62
To study RedHat Linux setup.

13 66
To setup FTP Server, and Apache on Linux.
14 89
To setup BIND on Linux.
15 92
To setup Samba on Linux
16 94
To setup DHCP server on Linux.
17 98
5
Computer Communication Networks Lab Session 01
NED University of Engineering & Technology - Department of Computer & Information Systems Engineering
Lab Session 01
OBJECT
To install network card in Windows NT environment, and perform following
configurations:
TCP/IP
IP configuration
Default Gateway
EQUIPMENT AND APPARATUS

Network Interface Cards
Ethernet hub or switch
UTP cables
THEORY
Windows NT networking allows computers running the Windows NT operating system to
participate in a domain or peer-to-peer network and share resources with other computers,
running Windows NT, 9x, 2000, or some other operating system.
It also allows you to connect to the Internet using dial-up connection or LAN. Windows NT
network can use a variety of protocols. NetBEUI is a protocol most suitable for smaller
networks, as a rule of thumb, not exceeding 10 hosts.
TCP/IP is a protocol suite well suited for larger networks, but it can also be used on smaller
networks. It is the protocol that the Internet uses. As you know TCP/IP is a collection of many
different protocols, with IP being the protocol that runs on the network layer. Among other
things, IP defines addressing requirements for the hosts.
An IP (Internet Protocol) address uniquely identifies a node or host connection to an IP

network. System administrators or network designers assign IP addresses to nodes. IP
addresses are configured by software and are not hardware specific. An IP address is a 32 bit
binary number usually represented as four fields each representing 8 bit numbers in the range
0 to 255 (sometimes called octets) separated by decimal points.
For example: 150.215.17.9
It is sometimes useful to view the values in their binary form.
150.215.17.9
10010110.11010111.00010001.00001001
An IP address consists of two parts, one identifying the network and one identifying the node.
The class of the address determines which part belongs to the network address which part
belongs to the node address.
7
PROCEDURE
Log on to the machine. The password for the administrator account should be ned. Right click
on Network Neighborhood icon and select Properties:
Figure 1.1: Network Neighborhood contex menu
A dialog box will inform you that Windows NT networking is not installed, and ask you
whether or not to install it. Click Yes on that dialog box to start the wizard. On the next
dialog, leave only the Wired to the network option checked and click next.
Figure 1.2: Selecting the network connection type
8
On the next dialog, click Select from list:
Figure 1.3: Network adapter search screen
On the next dialog click Have Disk:
Figure 1.4: Selecting a network adapter
9
On the next dialog enter the path C:\net for the path to the device driver files and click OK:
Figure 1.5: Specifying path to network adapter driver
On the next dialog select the appropriate NIC and click OK:
Figure 1.6: Selecting the specific network adapter
10
On the next dialog, click next:
Figure 1.7: Enabling a network adapter for networking
On the next dialog make sure that TCP/IP is checked and click next:
Figure 1.8: Selecting protocols to install
11
On the next dialog click next:
Figure 1.9: Selecting services to install
Windows NT is now ready to install Operating System files for networking. On the next
dialog click next:
Figure 1.10: Preparing to install networking
12
When Windows asks for the path to the operating system installation files, type C:\i386 and
click continue:
Figure 1.11: Specifying path to Windows NT setup files
When Windows asks whether or not you want to use DHCP, click on No:
Figure 1.12: Specifying DHCP option
13
On the TCP/IP configuration dialog, enter the IP address, subnet mask and default gateway as
shown and click OK:
Figure 1.13: Specifying IP address, subnet mask and default gateway
Figure 1.14: Services bindings screen
14
Figure 1.15: Preparing to start the network
On the next dialog use CNL as the workgroup name and click next:
Figure 1.16: Specifying Windows NT workgroup or domain
15
The wizard is now complete so click on Finish and when Windows asks you to confirm
restart, click Yes. The computer will now restart, so make sure that you have saved any files
that might be open before clicking Yes.
Figure 1.17: Finishing setup of Windows NT networking
Network Card Diagnosis

You can check your network card by pinging your IP Address or by ping loop back address.
Open a command prompt window and issue the commands shown below:
Figure 1.18: Ping utility
Finishing off:
Once you are done, right click on Network Neighborhood, select Properties from the
context menu and then click on the adapters tab and remove the installed adapter by clicking
16
on the adapter and then clicking on remove. Then switch to the protocols tab and click and
remove TCP/IP. Then switch to the services tab and remove, in order, Netbios Interface,
RPC configuration, Workstation, Server. Dismiss this dialog box and the computer will
ask for restart. Click Yes. This should leave the computer ready for the next group to work on.
EXERCISES
1. List the parameters that must be configured when configuring TCP/IP on a host.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
2. Define the recommended maximum cable length for UTP and cite a reason for it.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
3. Mention a way to connect two hosts with a UTP cable without a hub or switch.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
17
NED University of Engineering & Technology Department of Computer & Information Systems Engineering
Lab Session 02
OBJECT
To make the following kinds of UTP cables:
1. Straight through cable

2. Cross cable
THEORY
There are several classifications of twisted pair cable. Lets skip right over
them and state that well use Category 5 (or CAT 5) cable for all new
installations. Likewise, there are several fire code classifications for the
outer insulation of CAT 5 cable. Well use CMR cable, or riser cable, for
most of the wiring we do. You should also be aware of CMP or plenum
cable (a plenum is used to distribute air in a building) you may be required
by local or national codes to use the more expensive plenum-jacketed cable
if it runs through suspended ceilings, ducts, or other areas, if they are used
to circulate air or act as an air passage from one room to another. If in
doubt, use plenum. CMR cable is generally acceptable for all applications
not requiring plenum cable.
CAT 5 cable is available in reel-in-box packaging. This is very handy for

pulling the wire without putting twists in it. Without this kind of package or
a cable reel stand, pulling wire is a two-person job. Before the advent of the
reel-in-box, we used to put a reel of wire on a broom handle to pull it. One
person would hold the broom handle and the other would pull broom handle
to pull it. You will produce a tangled mess, if your pull the wire off the end
Figure 2.1:
of the reel alone.
UTP cable
Standard wire patch cables are often specified for cable segments running
form a wall jack to a PC and for patch panels. They are more flexible than solid core wire.
However, the rationale for using it
is that the constant flexing of patch cables may wear-out solid core cable and break it. This is
not a real concern in the average small network.
Most of the wiring we do simply connects computers directly to other computers or hubs. Solid
core cable is quite suitable for this purpose and for many home and small business network. It is
also quite acceptable for use as patch cables. You might consider a stranded wire patch cable if
you have a notebook computer you are constantly moving around.
CAT 5 cable has four twisted pairs of wire for a total of eight individually insulated wires. Each
pair is color coded with one wire having solid color (blue, orange, green, or brown) twisted
around a second wire with a white background and a stripe of the same color. The solid color
may have white stripe in some cables. Cable colors are commonly described using the
background color followed by the color of the stripe; e.g; white-orange is a wire with a white
background and an orange stripe.
18
Connectors
The straight through and cross-over patch cables are discussed in this
article which are terminated with CAT 5 RJ-45 modular plugs. RJ-45
plugs are similar to those youll see on the end of your telephone cable
except they have eight as opposed to four or six contacts on the end of the
plug and they are about twice as big. Make sure they are rated for CAT 5
Figure 2.2: RJ-45 wiring. (RJ stands for Registered Jack). Also, there are RJ-45 plugs
Connector designed for both solid core wire and stranded wire. Others are designed
specifically for one kind of wire or the other. Be sure you buy plugs
appropriate for the wire you are going to use. We normally use plugs designed to accommodate
both kinds of wire.
Network cabling tools
1. Modular Plug Crimp Tool
You will need a modular crimp tool. This is very

similar to the ones which have been used for many
years for all kinds of telephone cable work and it Figure 2.3: Modular plug crimp tool
works just fine for Ethernet cables. You dont need a
lot of bells and whistles, just a tool which will
securely crimp RJ-45 connectors. Some crimpers have cutters which can be used to cut the cable
and individual wires, and possibly stripping the outer jacket.
2. Universal UTP Stripping Tool (Eclipse)
It makes a much neater cut. It is highly recommending

for anyone who will make a lot of cables.
3. Diagonal Cutters Figure 2.4: Eclipse
It is easier to use diagonal cutters (diags or dikes)

to cut the cable off at the reel and to fine-tune the cable
ends during assembly. Also, if you dont have a
stripper, you can strip the cable by using a small knife Figure 2.5 Diagonal Cutters
to carefully slice the outer jacket longitudinally and use
the diags to cut it off around the circumference.
Figure 2.5: Diagonal cutters
UTP basics
The 10BASE-T and 100BASE-TX Ethernet consist of two transmission lines. Each
transmission line is a pair of twisted wires. One pair receives data signals and the other pair
transmits data signals. A balanced line driver or transmitter is at one end of one of these lines
and a line receiver is at the other end. A (much) simplified schematic for one of these lines and
its transmitter and receiver follows:
19
Figure 2.6: Schematic diagram of transmission line
Pulses of energy travel down the transmission line at about the speed of light (186,000
miles/second). The principal components of these pulses of energy are the potential difference
between the wires and the current flowing near the surface of the wires. This energy can also be
considered as residing in the magnetic field which surrounds the wires and the electric field
between the wires. In other words, an electromagnetic wave which is guided by, and travels
down the wires.
The main concern are the transient magnetic fields which surround the wires and the magnetic
fields generated externally by the other transmission lines in the cable, other network cables,
electric motors, fluorescent lights, telephone and electric lines, lightning, which may literally
bury the Ethernet pulses, the conveyor of the information being sent down the line.
The twisted-pair Ethernet employs two principal means for combating noise. The first is the use
of balanced transmitters and receivers. A signal pulse actually consists of two simultaneous
pulses relative to ground: a negative pulse on one line and a positive pulse on the other. The
receiver detects the total difference between these two pules. Since a pulse of noise usually
produces pulses of the same polarity on both lines, it is essentially canceled out at the receiver.
Also, the magnetic field surrounding one wire from a signal pulse is a mirror of the one on the
other wire. At a very short distance from the two wires the magnetic fields are opposite and have
a tendency to cancel the effect of each other out. This reduces the lines impact on the other
pairs of wires and the rest of the world.
The second and the primary means of reducing cross-talk (the term cross-talk came from the
ability to overhear conversations on other lines on your phone) between the pairs in the cable, is
the double helix configuration produced by twisting the wires together. This configuration
produces symmetrical (dentinal) noise signals in each wire. Ideally, their difference as detected
at the receiver, is zero. In actuality it is much reduced.
Straight through and cross over cable
Again, the wire with colored backgrounds may have white stripes and may be denoted that way
in diagrams found elsewhere. For example, the green wire may be labeled Green-White. The
background color is always specified first.
20
Figure 2.7: Straight through and crossover cable wire scheme
A Straight-through cable has identical ends, whereas a Crossover cable has different ends.
EIA/TIA 568A and 568B standards
Figure 2.8: Cable connector standard ordering
It makes no functional difference which standard you use

for a straight-through cable. Your can start a crossover
cable with either standard as long as the other end is the
other standard. It makes no functional difference which
end is which. Despite what you may have read elsewhere,
a 568A patch cable will work in a network with 568B
wiring and 568B patch cable will work in a 568A
network. The electrons couldnt care less.
PROCEDURE
To Make Cable
Figure 2.9: EIA/TIA 568A and 568B
1. Pull the cable off the reel to the desired length and cut the total length of wire segments
between a PC and a hub or between two PCs cannot exceed 100 Meters (328 feet or about
the length of a football field) for 100BASE-TX and 300 Meters for 100BASE-T.
2. Strip one end of the cable with the stripper or a knife and diags. If you are using the stripper,
place the cable in the groove on the blade (left) side of the stripper and align the end of the
cable with the right side of the stripper. This will strip about of the jacket off the cable.
21
Turn the stripper about 1 turn and pull. If you turn it more, you will probably nick the
wires. If you are using knife and diags, carefully slit the cable for about an inch or so and
neatly trim around the circumference of the cable with diags to remove the jacket.
3. Inspect the wires for nicks. Cut off the end and start over if you see any. You may have to
adjust the blade with the screw at the front stripper. Cable diameters and jacket thicknesses
vary.
4. Spread and arrange the pairs roughly in the order of the desired cable end.
5. Untwist the pairs and arrange the wires in the order of the desired cable end. Flatten the end
between your thumb and forefinger. Trim the ends of the wires so they are even with one
another.
It is very important that the unstripped (untwisted) end be slightly less than
long. If it is longer than it will be out-of-spec and susceptible to
crosstalk. If it is less than it will not be properly clinched when RJ-45
plug is crimped on. Flatten again. There should be little or no space between
the wires.
6. Hold the RJ-45 plug with the clip facing down or away from you. Push the
wire firmly into the plug. Now, inspect before crimping and wasting the
plug! Looking through the bottom of the plug, the wire on the far-left side
will have a white background. The wires should alternative light and dark
from left to right. The furthest right wire is brown. The wires should all end
evenly at the front of the plug. The jacket should end just about where you
see it in the diagram-right on the line.
Figure 2.10:
ALL ABOUT CRIMPING Preparing the RJ-45 Connector
7. Hold the wire near the RJ-45 plug with the clip down and firmly
push it into the left side of the front of the Crimper (it will only go in one way). Hold the
wire in place and squeeze the crimper handles quite firmly. This is what will happen:
Figure 2.11: Crimping
(Crimp it once). The crimper pushes two plungers down on the RJ-45 plug. One forces, what
amounts to, a cleverly designed plastic plug/wedge onto the cable jacket and very firmly
clinches it. The other seats the pins, each with two teeth at its end, through the insulation
and into the conductors of their respective wires.
22
8. Test the crimp if done properly an average person will not be able to pull the plug off the
cable with his or her bare hands. And that quite simply, besides lower cost, is the primary
advantage of twisted-pair cables over the older thin wire, coaxial cables. In fact, the ease of
installation and the modular RJ-45 plug is the main reason coaxial cable is no longer widely
used for small Ethernet. But, dont pull that hard on the plug. It could stretch the cable and
change its characteristics. Look at the side of the plug and see if it looks like the diagram
and give it a fairly firm tug to make sure it is crimped well.
9. Prepare the other end of the cable so it has the desired end and crimp.
10. If both ends of the cable are within reach, hold them next to each other and with RJ-45 clips
facing away. Look through the bottom of the plugs. If the plugs are wired correctly, and they
are identical, it is a straight-through cable. If they are wired correctly and they are different,
it is a crossover cable.
PRECAUTIONS
1. Try to avoid running cables parallel to power cables.
2. If you bundle a group of cables together with cable ties (zip ties), do not over-clinch them.
Its okay to snug them together firmly; but dont tighten them so much that you deform the
cables.
3. Keep cables away from devices which can introduce noise into them. Heres a short list:
electric heaters, loud speakers, printers, TV sets, fluorescent light, copiers, welding
machines, microwave ovens, telephones, fans, elevator motors, electric ovens, dryers,
washing machines, and shop equipment.
4. Avoid stretching UTP cables (the force should not exceed 24 LBS).
5. Don not use a stapler to secure UTP cables. Use telephone wire hangers, which are available
at most hardware stores.
EXERCISE
1. Give the reason why it is not advisable to bend UTP cables more than four times the
diameter of the cable.
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
2. Why is it not advisable to run UTP cable outside of a building?
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
23
Lab Session 03
Si Si
OBJECT
To practice some basic commands to interact with the Cisco IOS (Internetwork Operating
System) CLI Software
THEORY
Welcome to hands on routing. The goal of this lab is to introduce you to Cisco routers and
other equipment that you will be using throughout the semester. In order to do well in the
labs, we need to understand the basic set-up of the lab.
The lab has one rack, which is connected to a PC. You will be using the PC as a terminal
to talk to the routers.
The routers are labeled alphanumerically (Example R1, R2)
Each rack has two patch panels. One of them has RJ-45 connectors and the other has serial
connectors. Ethernet ports are pre-connected to the RJ-45 patch panel. Serial ports are
pre-connected to the serial patch panel. The ports are labeled on their left.
To connect the PC to a specific router, connect the PCs console cable to the appropriate
console port on the patch panel in the rack. You will find the console cable as a UTP cable
with one of its ends connected through a small devices to a serial port on the PC.
Cisco routers support different modes of operation. When you access a router, it will
typically be in the user mode. User mode gives a user access to simple show commands.
From user mode the next step is Privileged mode. In the Privileged mode a user can have
full access to all the databases maintained by the router. Cisco routers use many other modes,
but let us keep it simple for now.
Configuration mode
Privileged mode mode
User mode
24
PROCEDURE
It is time to have fun:
1. Connect the PC to R1.
2. Press enter a few times and you should get a prompt that looks like: router>
3. You are now in the user mode.
4. Type ?. Question mark lists commands that can be used in a certain context.
First type help

Try typing these commands:
p?
pi?
5. The IOS will complete commands for you with the help of the TAB key.
Type sh<TAB>
Finish the command with a ? to see what commands you can use with show. (show
?)
6. You dont have to type a complete command for the IOS to execute it. You only need to
type enough of a command to differentiate it from all other commands.
7. We have been operating in User Mode (identified by the prompt ending in >), now we
want to go into the Privileged Mode:
Type enable or en
The prompt should end with a # (Router#)
Type ? to see all the commands possible from this mode
8. One of the most useful commands in the Cisco IOS is show. Try these variations:
show configuration shows saved router configuration

show version - shows IOS statistics
show startup-configuration shows the configuration during startup
show running configuration shows the dynamic configuration
show flash gives details of flash memory where IOS is stored
show protocols shows protocol and interface statistics
show interface gives detailed statistics on each interface
show interface s0 - Try this command with some other interfaces as well.
9. Now lets move to configuration mode. Type the following commands:
25
configure terminal
This will take you to configuration mode. The prompt ends with (router-config)#
? ; to see the available commands
10. Next we will change the name of router to R1
Go into configuration mode (if you have followed the step 6 then you are already in
the config mode) and type the following commands:
hostname R1 ;this command will change name.
ctrl+Z ;this is to come out of privilege mode
wr m ;write to the memory.
11. Now we want to set up an interface for a TCP/IP network.
Type these commands:

config t
After this you will be in config mode same as you did in step 6.
interface Ethernet 0
This puts you in interface mode. Now you can configure interface Ethernet0.
ip address 130.10.20.5 255.255.255.0
This gives the interface an IP address and subnet mask.
no shutdown
By default all interface are administratively down. This command will bring them up.
ctrl+Z
This is to come out of privilege mode. Now type the following command:
sh interface e0
Observe and record carefully what you see.
Now connect a cable from router R1`s Ethernet e0 interface to a hub or switch.
Again type this command:
sh interface e0
Again observe and record carefully what you see.
Note: Cisco commands are not case-sensitive.
EXERCISE
1) Determine which mode you operate in when you first access the router.
_____________________________________________________________________
2) Local access to the router is done via _ _ _ _ _ _ ports. (serial, Ethernet,

asynchronous)
3) An Ethernet cable has _ _ _ _ _ pins.
4) Start-up configuration is stored in RAM(true or false).
26
5) Running-configuration is stored in _ _ _ _ _ _ _ _.
6) The command used to save changes made in the running configuration to start-up
configuration is:
_____________________________________________________________________
7) The version of the Cisco IOS used on R1 is _ _ _ _ _ _ _.
8) Hubs are used in _ _ _ _ _ _ and MAUs are used in _ _ _ _ _ _ networks.
9) You have to connect 14 machines on same LAN. Using two 8-ports hubs (shown
below), show the necessary connections.
Hub1 Hub2
1 8 1 8
10) List the interfaces on three routers of your choice. Be sure to indicate the router
number.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
11) Elaborate on the information presented by the command show version.

_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
27
12) Ethernet is used to connect to _ _ _ _ _ _ _ whereas serial port is used to connect to _ _

_ _ _ _ _ _ and Token ring is used to connect to _ _ _ _ _ _ _ _ _. (Choose from the
following: ISDN, WAN, LAN, FDDI)
13) Elaborate on the cascading of two or more hubs.

___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
14) Specify the difference in output when you gave the command sh int e0 before
and after connecting the cable in step 11.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
14)Which of the condition(s) are possible for an interface:
a. administratively down, line protocol down
b. administratively down, line protocol up
c. administratively up, line protocol up
d. administratively up, line protocol down
15) Can you connect a DTE of a serial interface to a DTE of another serial interface? Will
it work?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
16) Explain the possibility and effect of giving the clock rate command on a DTE serial
interface.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
28
Lab Session 04
OBJECT
To copy IOS image and configuration to and from CISCO router.
THEORY
The IOS image of a Cisco router can be upgraded or replaced for additional compatibilities and
support as well as bug fixes. The IOS image can be upgraded by means of a flash card or through
TFTP file transfer. Not all routers have slots for flash cards. So, TFTP is the dominant means of
IOS upgrade. Not only can an IOS image be downloaded from a TFTP server, it can also be
backup up to a TFTP server. The utility would be to save an image for later use, in case
something goes wrong.
In addition to the IOS image, the running configuration of the router can also be backed up to or
restored from a TFTP server. You can setup a TFTP server on a Cisco router, with IOS image or
running configuration data file in memory, or on a PC with a TFTP server software. In our lab,
we have setup a TFTP server on the PC that acts as a console for the router rack.
PROCEDURE
The goal of this lab is to train you to copy the IOS image and configuration on CISCO routers.
In this lab you will be introduced to the utility on which all networking engineers thrive i.e.
ping.
1. Connect to router R1 and copy the IOS image from the TFTP server at address 130.10.10.1.
Follow the following steps:
Step 1: Establish a console session with the router
This can either be done with a direct console connection or virtual telnet connection. A direct
console connection is preferred over a telnet connection because a telnet connection will be lost
during the reboot phase of the software installation.
Step 2: Configure the Router
Configure the Ethernet interface of the router with the IP address 130.10.10.34 with a 24-bit
subnet mask (255.255.255.0). Connect the Ethernet interface of the router and that of the PC onto
the same hub.
Step 3: Verify that the TFTP server has IP connectivity to the router
29
The PC is configured as the TFTP server. Double click the TFTP server icon on the Desktop to
start the TFTP server. The Ethernet card on the PC is configured with the IP address
130.10.10.1/24. Ping the PC from the router console and make sure the ping is 100% successful.
Router#ping 130.10.10.1
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echoes to 130.10.10.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4
ms
Step 4: Begin the process of copying the new software image from the TFTP server to the router
Router> enable
Router#
Router# copy tftp flash
Step 5: Specify the IP address of the TFTP server
When prompted, enter the IP address of the TFTP server as in the following example:
Address or name of remote host [255.255.255.255]? 130.10.10.1
Step 6: Specify the filename of the new Cisco IOS software image
The IOS images are stored in the directory c:\temp\ios_images. You can use any of the files
under this directory for this lab. All the images are the same except that their filenames are
different.
When prompted, enter the filename of the Cisco IOS software image to be installed as in the
following example:
Source file name? ios_image1.bin
Step 7: Specify the destination image filename
This is the name the new software image will have once it is loaded onto the router.
Destination file name [80180812.bin]? ios_image1.bin
Step 8: Clear flash for new image
When prompted, enter "yes" to erase the existing software image resident in the router's Flash
memory before copying the new one:
30
Erase flash device before writing? [confirm]y

Flash contains files. Are you sure you want to erase? [confirm]y
The router asks you to confirm the copy process again, this time specifying what exactly it is
going to do.
Copy 'ios_image1.bin' from server as 'ios_image1.bin' into Flash

WITH erase? [yes/no]y
The router reloads after this point using the emergency IOS stored in the ROM. It erases the flash
file system and then continues loading the IOS image from the TFTP Server onto the flash. The
entire copying process takes several minutes and differs from network to network. During the
transfer process, messages indicate if the specified file has been accessed. The exclamation point
(!) indicates that the copy process is taking place. Each exclamation point (!) indicates that ten
packets have been transferred successfully. A checksum verification of the image occurs after the
image is written to Flash memory. The router will reload itself with the new image once the
software upgrade has been completed.
Step 9: Verify new software image has been loaded
After reload is complete, the router should be running the desired Cisco IOS image. Use the
"show version" command to verify.
Following is the screen shot during the copy process.
Router#ping 130.10.10.1

Sending 5, 100-byte ICMP Echoes to 130.10.10.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4
ms
Router#copy tftp flash

**** NOTICE ****
Flash load helper v1.0
This process will accept the copy options and then terminate
the current system image to use the ROM based image for the copy.
Routing functionality will not be available during that time.
If you are logged in via telnet, this connection will terminate.
Users with console access can see the results of the copy
operation.
---- ******** ----
31
Proceed? [confirm]y
System flash directory:

File Length Name/status
1 5435532 igs-inr-l.111-15.bin
[5435596 bytes used, 2953012 available, 8388608 total]
Address or name of remote host [130.10.10.1]?
Source file name? ios_image1.bin
Destination file name [ios_image1.bin]?
Accessing file 'ios_image1.bin' on 130.10.10.1...
Loading ios_image1.bin from 130.10.10.1 (via Ethernet0): ! [OK]
Erase flash device before writing? [confirm]y

Flash contains files. Are you sure you want to erase? [confirm]y
Copy 'ios_image1.bin' from server

as 'ios_image1.bin' into Flash WITH erase? [yes/no]y
%SYS-5-RELOAD: Reload requested

%FLH: ios_image1.bin from 130.10.10.1 to flash ...
System flash directory:
File Length Name/status
1 5435532 igs-inr-l.111-15.bin
[5435596 bytes used, 2953012 available, 8388608 total]
Accessing file 'ios_image1.bin' on 130.10.10.1...
Loading ios_image1.bin .from 130.10.10.1 (via Ethernet0): ! [OK]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased

Loading ios_image1.bin from 130.10.10.1 (via Ethernet0):
!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!
[OK - 5435532/8388608 bytes]
Verifying checksum... OK (0x9E40)

Flash copy took 0:03:05 [hh:mm:ss]
%FLH: Re-booting system after download
2. Now copy the configuration from the same TFTP server at address 130.10.10.1. Copying
configuration is much easier than copying the IOS image.
The configuration for R1 is stored in the file R1config
32
Begin the process of copying the configuration from the TFTP server to the routers running-
configuration.
Router# copy tftp running-config
Specify the configuration filename
Address of remote host[255.255.255.255]?
Enter the address as 130.10.10.1
When prompted, enter the configuration filename loaded as in the following example:
Source file name? R1config.txt
3. Look at the configuration of router R1.
EXERCISE
1. Determine the interface states after the configuration file has been loaded to the router from
the TFTP server. Reason why the states are that way.
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
2. Backup the running configuration of the router to the TFTP server.
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
33
Lab Session 05
OBJECT
Configuring static routes on Cisco routers.
THEORY
The simplest method to route packets on a network is static routes. Although dynamic routing
protocols are flexible and adjust to network changes, they do have associated network traffic
which competes for network bandwidth with the user data traffic.
Static routes specify a fixed route for a certain destination network. They need to be
configured on any router that needs to reach a network that it is not directly connected to. The
IOS command used to configure static routes is ip route. The syntax is:
ip route destination-address subnet-mask {ip-address | outgoing-interface} [distance] [tag

tag] [permanent]
where:
destination-address is the destination address prefix for the network that we would
like the router to reach
subnet-mask is the subnet mask to be used on the address prefix to match for
destination addresses. Multiple networks may be combined such that the destination-
address and subnet-mask combination matches all hosts on those networks.
ip-address specifies what ip address to forward a packet to if an IP packet arrives with
a destination address that matches the destination-address subnet-mask pair specified
in this command.
34
Alternatively outgoing-interface specifies which interface the packet should be sent

out of. Adding a static route to an Ethernet or other broadcast interface (for example,
ip route 0.0.0.0 0.0.0.0 Ethernet 1/2) will cause the route to be
inserted into the routing table only when the interface is up. This configuration is not
generally recommended. When the next hop of a static route points to an interface, the
router considers each of the hosts within the range of the route to be directly connected
through that interface, and therefore it will send ARP requests to any destination
addresses that route through the static route.
distance is the optional administrative distance value for the route. If unspecified the
default value is 1.
tag value can be used as a "match" value for controlling redistribution via route maps.
permanenet specifies that the route will not be removed even if the interface shuts
down.
DTE/DCE:
DCE and DTE are the interfaces. The DCE-DTE connection between routers is referred to as
a null serial cable DCE(data communication equipment) and DTE (Data terminal equipment).
DCE is located at the service provider end while the DTE is attached device.
The services that are given to the DTE is often accessed via modems or channel service
unit/data service unit(CSU/DSU). DCE provides clocking and DTE receives the clock
PROCEDURE
1. Connect the network as shown in the network diagram.
2. Configure appropriate ip addresses and clock rates(if needed) on the router interfaces
as specified in the network diagram.
3. For R1, enter the following static routes

ip route 172.16.20.0 255.255.255.0 192.168.10.2
ip route 192.168.20.0 255.255.255.0 192.168.10.2
4. On R2 enter:
ip route 172.16.10.0 255.255.255.0 192.168.10.1
ip route 172.16.20.0 255.255.255.0 192.168.20.2
5. On R3 enter:
ip route 172.16.10.0 255.255.255.0 192.168.10.1
ip route 192.168.10.0 255.255.255.0 192.168.10.1
6. After that verify the static routes by entering the following commands in the privilege
mode:
router# sh ip route
35
EXERCISE
1. .
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
36
Lab Session 06
a) To configure RIP(Routing Information Protocol).

b) Rip Version 2
a) To configure RIP(Routing Information Protocol).
THEORY
Routing Information Protocol is an Interior Gateway Protocol (IGP), meaning it is used within
an autonomous system. An autonomous system is a collection of networks under a single
administration, sharing a common routing strategy. A distance-vector protocol, RIP was
designed to work with small to medium-sized networks.
The original version of RIP is based on the program routed (pronounced "route dee"),
distributed with the 4.3 Berkeley Software Distribution. RIP was in widespread use as a
routing protocol before it was formally defined in RFC 1058. RIP Version 2, defined in RFC
2453, added some additional features and functionality to the original version. Both versions
of RIP are discussed in this module. RFC 2091 specified additional extensions for RIP to
allow support for demand circuits (Triggered RIP). Support for Triggered RIP was added in
12.0(1)T and will not be discussed here.
Some advantages of using RIP, especially in small networks, is that there is very little
overhead, in terms of bandwidth used and configuration and management time. RIP is also
easy to implement, compared to newer IGPs, and has been implemented in networks around
the world.
37
RIP uses timers both to regulate its performance and to help prevent routing loops. All routers
that use RIP send an update message to all of their neighbors approximately every 30 seconds;
this process is termed advertising. The RFC specifies that advertisements should be
randomized by up to +/ five seconds in order to prevent synchronization of routing updates.
The Cisco implementation sends updates every 30 seconds minus up to 15 percent, or 4.5
seconds.
If a neighbor has not responded in 180 seconds, it is assumed that the neighboring router is
unavailable or the network connecting it to the router has become unusable. When the
neighbor has not responded for 180 seconds, the route is marked invalid; 180 seconds is long
enough that a route won't be invalidated by a single missed update message. The neighbor is
shown to be unreachable by sending a normal update message with a metric of "infinity;" in
the case of RIP, this number is 16. If an advertisement is received from a neighbor with a
metric of infinity, then the route is placed into holddown state, advertised with a distance of
16, and kept in the routing table. No updates from other neighbors for the same route are
accepted while the route is in holddown state. If other neighbors are still advertising the same
route when the holddown timer expires, then their updates will then be accepted. The route
will be advertised with an infinity metric for a period of time after the holddown state if no
alternate paths are found.
The actual timers used to accomplish the above tasks are a routing-update timer, a route-
invalid timer, a route-holddown timer, and a route-flush timer. The RIP routing-update timer
is generally set to 30 seconds, ensuring that each router will send a complete copy of its
routing table to all neighbors every 30 seconds. The route-invalid timer determines how much
time must expire without a router having heard about a particular route before that route is
considered invalid. When a route is marked invalid or put in holddown state, neighbors are
notified of this fact. This notification must occur prior to expiration of the route-flush timer.
When the route flush-timer expires, the route is removed from the routing table. Typical initial
values for these timers are 180 seconds for the route-invalid and route-holddown timers and
240 seconds for the route-flush timer. The values for each of these timers can be adjusted with
the timers basic router configuration command.
To adjust for rapid network-topology changes, RIP specifies numerous stability features that
are common to many routing protocols. RIP implements split horizon with poison-reverse and
holddown mechanisms to prevent incorrect routing information from being propagated. Split
horizon prevents incorrect messages from being propagated by not advertising routes over an
interface that the router is using to reach the route. Implementing split horizon helps avoid
routing loops. Poison reverse operates by advertising routes that are unreachable with a metric
of infinity back to the original source of the route. Holddown is a method of marking routes
invalid (expired). As discussed above, no updates from other neighbors for the same route are
accepted while the route is in holddown state.
Triggered updates are also an included convergence and stability feature. Updates are
triggered whenever a metric for a route changes. Triggered updates may also contain only
information regarding routes that have changed, unlike scheduled updates. There is a
minimum delay of five seconds between triggered updates to prevent update storms.
38
PROCEDURE
1. Cable up the network as shown in the diagram.
2. Assign the IP address as shown in the diagram to the appropriate interfaces. For the
serial links, has been used to indicate a DCE port.
3. Issue RIP routing commands on all the routers starting from the global config mode.
4. On R1:
router rip
network 172.16.10.0
network 192.168.10.0
On R2
router rip
network 192.168.10.0
network 192.168.20.0
On R 3
router rip
network 10.0.0.0
network 192.168.20.0
These two commands enable the routing protocol RIP. For more information refer to
Chapter 5 in Routing TCP/IP, Jeff Doyle or RFC 1058.
5. Ping the host from R1.

Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
39
b) RIP Version 2
RIPv2 is almost the same as the RIP version 1. RipV2 also sends its complete routing table to
its active interfaces at periodic time intervals. The timers, loop avoidance schemes and
administrative distance are the same as Rip version 1.But RIPv2 is considered classless
routing protocol because it also sends subnet informations with each router. It also allows
authentication using MD5 encryption scheme. And it also supports discontiguous networks.
Configuring router with RIP version 2 is very simple. Just add the command version 2 under
the (config-router)# prompt and the router is running RIPv2.
router rip
version 2
network 172.16.10.0 255.255.0.0
network 192.168.10.0 255.255.255.0
EXERCISE
1. Find out which protocol is used by ping.
___________________________________________________________________________
___________________________________________________________________________
2. Determine which transport layer protocol ping uses.

___________________________________________________________________________
___________________________________________________________________________
3. Write down the source IP address for the ping packets when you ping H1 from R1.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
4. While working on R1, how could you check if H1 can reach the loopback interface?
In other words, how can you verify if a ping from H1 to loopback of R1 is successful?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
40
41
Lab Session 08
OBJECT
OSPF (Open Shortest Path First) Single Area
THEORY
Open Shortest Path First (OSPF) was developed by the Internet Engineering Task Force (IETF)
as a replacement for the problematic RIP and is now the IETF-recommended Interior Gateway
Protocol (IGP). OSPF is a link state protocol that, as the name implies, uses Dijkstra's Shortest
Path First (SPF) algorithm and that is openthat is, it isn't proprietary to any vendor or
organization. OSPF has evolved through several RFCs, all of which were written by John Moy.
Version 1 of the protocol was specified in RFC 1131; this version never progressed beyond the
experimental stage. Version 2, which is still the current version, was first specified in RFC 1247,
and the most recent specification is RFC 2328.
[1]
RFC 2328 was released as this chapter was being written, and obsoletes RFC 2178.
Like all link state protocols, OSPF's major advantages over distance vector protocols are fast
reconvergence, support for much larger internetworks, and less susceptibility to bad routing
information. Other features of OSPF are:
The use of areas, which reduces the protocol's impact on CPU and memory, contains the
flow of routing protocol traffic, and makes possible the construction of hierarchical
internetwork topologies
Fully classless behavior, eliminating such classful problems as discontiguous subnets
Support of classless route table lookups, VLSM, and supernetting for efficient address
management
A dimensionless, arbitrary metric
Equal-cost load balancing for more efficient use of multiple paths.
The use of reserved multicast addresses to reduce the impact on non-OSPF-speaking
devices
Support of authentication for more secure routing
The use of route tagging for the tracking of external routes
47
Operation of OSPF
1. OSPF-speaking routers send Hello packets out all OSPF-enabled interfaces. If two routers
sharing a common data link agree on certain parameters specified in their respective Hello
packets, they will become neighbors.
2. Adjacencies, which may be thought of as virtual point-to-point links, are formed between
some neighbors. OSPF defines several network types and several router types. The
establishment of an adjacency is determined by the types of routers exchanging Hellos
and the type of network over which the Hellos are exchanged.
3. Each router sends link state advertisements (LSAs) over all adjacencies. The LSAs
describe all of the router's links, or interfaces, and the state of the links. These links may
be to stub networks (networks with no other router attached), to other OSPF routers, to
networks in other areas, or to external networks (networks learned from another routing
process). Because of the varying types of link state information, OSPF defines multiple
LSA types.
4. Each router receiving an LSA from a neighbor records the LSA in its link state database
and sends a copy of the LSA to all of its other neighbors.
5. By flooding LSAs throughout an area, all routers will build identical link state databases.
6. When the databases are complete, each router uses the SPF algorithm to calculate a loop-
free graph describing the shortest (lowest cost) path to every known destination, with
itself as the root. This graph is the SPF tree.
7. Each router builds its route table from its SPF tree.
48
Table 12.1 Characteristics of OSPF
Characteristic OSPF
VLSM support Yes
Manual summarization Yes
Type of protocol Link state
Classless support Yes
Auto-summarization No
Discontiguous support Yes
Route propagation Multicast on change
Hop count limit None
Convergence Fast
Peer authentication Yes
Hierarchical network Event triggered/

Updates/ Route Dijkstra
computation
49
DR and BDR
DR (Designated Routers ):
The DR has the following duties:
To represent the multi-access network and its attached routers to the rest of the
internetwork
To manage the flooding process on the multi-access network
The concept behind the DR is that the network itself is considered a "pseudonode," or a virtual
router. Each router on the network forms an adjacency with the DR which represents the
pseudonode. Only the DR will send LSAs to the rest of the internetwork.
Note: router might be a DR on one of its attached multi-access networks, and it might not be the
DR on another of its attached multi-access networks. In other words, the DR is a property of a
router's interface, not the entire router.
BDR(Backup Designated Router):

A Backup Designated Router (BDR) is a hot standby for the DR on multi-access links. The BDR
receives all routing updates from OSPF adjacent routers but doesnt flood LSA updates.
Note: if the router interface priority value is set to zero then that router wont participate in the
DR or BDR elections on that interface.
50
After assigning ip addresses to interfaces of the routers the following IP Routing commands of
OSPF on each other will be given as below.
Router A:
Router_A#config t
Router_A(config)#router ospf 1
Router_A(config-router)#network 192.168.10.64 0.0.0.7 area 0
Router_A(config-router)#network 10.255.255.80 0.0.0.3 area 0
The Router_A is using a /29 or 255.255.255.248 mask on the fa0/0 interface. This
is a block size of 8, which is a wildcard of 7. The s0/0 interface is a mask of 255.255.255.252
block size of 4, with a wildcard of 3. Similarly the other subnet ,mask, and wildcard can be
determined by looking
at the IP address of an interface.
Router B:
Router_B#config t
Router_B(config)#router ospf 1
Router_B(config-router)#network 10.255.255.80 0.0.0.3 area 0
Router_B(config-router)#network 10.255.255.8 0.0.0.3 area 0
Router C:
Router_C#config t
Router_C(config)#router ospf 1
Router_C(config-router)#network 192.168.10.16 0.0.0.7 area 0
Router_C(config-router)#network 10.255.255.8 0.0.0.3 area 0
51
EXERCISE
1. .
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
52
Lab Session 09
OBJECT
To recover lost router password.
THEORY
In this lab you will learn the procedures required to recover a lost login or enable password. The
procedures differs depending on the platform and the software used, but in all cases, password
recovery requires that the router be taken out of operation and powered down. Note:
1. Please use cisco as the password where necessary.
2. Please be prepared to do password recovery right away. The group before you might have set
a password other than cisco.
3. Use show version command to determine the platform before you try the password
recovery.
You will be working with the configuration register as part of this lab. The config-register is a 16
bit register. Look up information about the config-register on documentation CD, CISCO web
site, or any other resources available to you.
Software Configuration Register Bits (What do they mean)
Bit Number Value Meaning

0 to 3 0x0000 to 0x000F Boot field
6 0x0040 (setting bit 6 to 1) Causes system software to ignore
NVRAM contents
8 0x0100 Break disabled
13 0x2000 Boot default Flash software if
network boot fails
Explanation of Boot Field
Boot Field Meaning

0x0000 Stays at the system bootstrap prompt
0xXXX1 Boots the first system image in onboard Flash memory
0xXXX2 If you set the boot field value to 0x2 through 0xF and there is a valid
0xXXXF boot system command stored in the configuration file, the router boots
the system software as directed by that value. If there is no boot
system command, the router forms a default boot filename for booting
from a network server. If there is no network server configured, as is
the case in our lab, the standard setup dialogue is started.
51
PROCEDURE
Assume you have been locked out of the router. You have access only to the user mode. Follow
the instructions below from the user mode. Do not get into privileged mode.
1. Type show version and record the value of the configuration register.
2. Using the power switch, turn off the router and then turn it on.
3. Press CTRL+Break on the terminal keyboard within 60 seconds of the powerup to put the
router into ROMMON mode.
4. This is where the procedure differs depending on the platform.
For 25XX and 4000:

Type o/r 0x2142 or 0x42 at the > prompt to boot from flash without loading the
configuration.
Type i or reset at the > prompt. The router reboots but ignores its saved configuration.
For 2600, 3600, 4500, 4700:

Type confreg 0x2142 at the rommon 1> prompt to boot from Flash without loading the
configuration.
Type reset at the rommon 2> prompt. The router reboots but ignores its saved
configuration.
5. Type no after each setup question or press Ctrl-C to skip the initial setup procedure.
6. Type enable at the Router> prompt. You'll be in enable mode and see the Router# prompt.
7. Type config mem or copy start running to copy the nonvolatile RAM (NVRAM)
into memory. Do not type config term.
8. Type config term and make the changes. The prompt is now hostname(config)#.
9. Type enable password <password> to set the password to the new value or issue the
command no enable password.
10. Type config-register 0x2102, or the value you recorded in step 1.
11. Type write mem or copy running startup to commit the changes.
12. Type show version and observe the configuration register setting carefully.
52
EXERCISE
1. Explain the setting when the configuration-register is set to 0x2542
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
2. There are may different ways to access a router. Write down these ways.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
3. Explain the need for step 7 in password recovery procedure.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
4. Write down the difference between enable password and enable secret
password.
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
5. What happens if enable password and enable secret password are the
same?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
53
6. When you configure enable password and issue the command show running, you can see the
password set for the privileged mode. Is there a method to prevent it from being visible?
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
7. Set the configuration-register to 0x2542. Reload the router. Does the break sequence work?
Cross check with configuration-register settings and see if it matches with the settings. Is
there any difference? Explain
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
________________________________________________________________
54
Lab Session 10
OBJECT
To study and configure Access Lists
THEORY
An access list is essentially a list of conditions that categorize packets. One of the most common
and easiest to understand uses of access lists is filtering unwanted packets when implementing
security policies. Access lists can even be used in situations that dont necessarily involve
blocking packets.
There are a few important rules that a packet follows when its being compared with an
access list:
Rule#1
Its always compared with each line of the access list in sequential orderthat is, itll
always start with the first line of the access list, then go to line 2, then line 3, and so on.
Rule#2
Its compared with lines of the access list only until a match is made. Once the packet
matches the condition on a line of the access list, the packet is acted upon and no further
comparisons take place.
Rule#3
There is an implicit deny at the end of each access listthis means that if a packet doesnt
match the condition on any of the lines in the access list, the packet will be discarded.
Each of these rules has some powerful implications when filtering IP packets with access
lists, so keep in mind that creating effective access lists truly takes some practice.
There are two main types of access lists:
1. Standard access lists

2. Extended access lists
Standard access lists
These use only the source IP address in an IP packet as the condition

test. All decisions are made based on the source IP address. This means that standard access
lists basically permit or deny an entire suite of protocols. They dont distinguish between any
of the many types of IP traffic such as web, Telnet, UDP, and so on.
Its command syntax is
access-list <number> {permit| deny} <destination> [log]
Standard
Access list(allow my network)
Commands on router will be
R1(config)#aaccess-list 1 permit 172.16.0.0 0.0.255.255

R1(config)#interface ethernet 0
R1(config)#ip access-group 1 out
R1(config)#interface ethernet 1
R1(config)#ip access-group 1 out
The above commands will permit the network 172.16.0.0 only and
will block other network through the router on its ethernet
interfaces in its out side directions
Extended access lists
Extended access lists can evaluate many of the other fields in the
layer 3 and layer 4 headers of an IP packet. They can evaluate source and destination IP
addresses, the protocol field in the Network layer header, and the port number at the Trans-
port layer header. This gives extended access lists the ability to make much more granular deci-
sions when controlling traffic.
Its command syntax is

access-list <number> {permit| deny}
<protocol><source>[<ports>]<destination>[ports][<options>]
Extended access list
Commands on the router will be:

access-list 101 deny tcp 172.16.4.0 0.0.0.255 any eq 23
access-list 101 permit ip any any
interface ehternet 0
ip access-group 101 out
The above commands will Deny only the Telent from subnet 172.16.40.0 out of E0 and will
permit all other traffic.
Lab Session 11
OBJECT
To configure hub and spoke frame relay on Cisco routers using multipoint interfaces.
THEORY
Frame relay is one of the most prevalent packet switching technology in use today. It is a
layer 2 service. Initially, frame relay was an extension of the ISDN standard. CCIT was the
first to define frame relay. Later on, CCIT changed its name to ITU-T and the frame relay
standard is now known as ITU-T I.122.
Frame relay was designed to be more efficient than X.25 and take full advantage of the
primary rate ISDN bandwidth. A major difference from the traditional ISDN was that the
control channel would not be separate but included within the data channel. This single stream
would provide for flow control, congestion control and frame routing.
It is a telecommunication service designed for cost-effective data transmission across the

WAN. Its frames are variable size. Frame relay leaves any necessary error correction up to the
end-points.
Virtual Circuits
Frame relay is a connection-oriented protocol. Once the connection is established, end devices
can transmit data across the network. This layer 2 connection is knows as a virtual circuit.
The end devices(in our case a router) act as DTE(Data Terminal Equipment), and the frame
relay switch is the DCE(Data Circuit-Terminating Equipment). From the routers point of
view, the virtual circuit is transparent. This means that even though the circuit may pass
through several frame relay switches to its destination, the router simply sees its connection to
the local frame relay switch.
There are two types of virtual circuits, switched virtual circuits(SVC), and permanent virtual
circuits(PVC).
An SVC is only active when there is data to send. It provides temporary connectivity to the
network on as-needed basis. It is an economical way of connecting to a frame relay network.
There are three stages to an SVC, namely, call establishment, data exchange, idle, and call
termination.
A PVC on the other hand is a dedicated line that is up all the time. It does not require call
establishment or termination stages, thus the only two stages involved are data exchange and
idle. The end devices can send data as needed, without waiting for call establishment. The idle
time can be an indefinite period of time whereas in an SVC, if a circuit has been in idle stage
for a specified amount of time, it enters the termination phase.
57
Data Link Connection Identifier(DLCI)
DLCIs identify a virtual circuit and tie it to a physical circuit. DLCIs have local significance
only, i.e., they identify the circuit between a router and the frame relay switch only and are
not unique across the entire frame relay network.
Figure 11.1: A frame relay network
Multipoint Topologies
Apart from point-to-point topologies, frame relay also supports

multipoint connections between sites. The most common is the star,
also knows as hub-and-spoke topology. This topology provides full
connectivity without incurring the substantial cost of a full mesh
network.
Figure 11.2: Star configuration
The hub routers may have hundreds of virtual circuits connected to the regional offices and
they may all use the same physical connection. When the router wants to send tragic to a
particular site, it must indicate the site using the DLCI in the header.
Figure 11.3: Hub and spoke configuration
58
Valid DLCI Values
DLCIs have a value in the range 0 through 1023, several of these values being reserved for
special pruposes.
DLCI Value Function

0 Call control channel
1-15 Reserved for future use
16-1007 Available to user
1008-1022 Reserved
1023 LMI channel
Frame Relay Local Management Interface(LMI)
In 1990, an industrial consortium proposed extensions to the frame relay standardf to ease the
management and configuration burden. These extensions include the LMI. LMI provides for
virtual circuit status messages, multicasting, and inverse ARP. Cisco routers support three
versions of the LMI standard:
Cisco
ANSI
q933a
Starting from IOS 11.2, Cisco introduced LMI type autosense. Once LMI type is determined
between a router and the frame relay switch, the next stage is DLCI determination and inverse
ARP. The router queries the switch, asking what the DLCI for the circuit is. The router
configures itself with this DLCI and queries the switch as to the status of the circuit.
This query is the first stage of a process called Inverse ARP. Inverse ARP automatically maps
a DLCI to a network address(IP, IPX and so on) without any user configuration. The query
that is sent includes the local routers network information. The remote router records this
information and responds in kind. The local router maps the DLCI it has just learnt to the
other network address it has just discovered.
PROCEDURE
We will work with the network shown in the diagram on the following page. R1 is the hub
router, R2 and R3 being the spoke routers. R6 will act as the frame relay switch. Lets look at
the network and the configuration.
R2
10.10.1.2/24
R1
10.10.1.1/24
DLCI 200 R6
10.10.1.3/24
R3
Figure 11.4: Network diagram for this lab
59
R1:
int s0
ip address 10.10.1.1 255.255.255.0
no shut
encapsulation frame-relay
frame-relay lmi-type ansi
frame-relay map ip 10.10.1.2 100 broadcast
R2:
int s0
ip address 10.10.1.2 255.255.255.0
no shut
R3:
int s0
ip address 10.10.1.3 255.255.255.0
no shut
frame-relay map ip 10.10.1.1 101 300
R6:
frame-relay switching
int s0
frame-relay intf-type dce
frame-relay route 300 interface s1 200
clock rate 64000
no shut
int s1
int s2
60

clock rate 64000
no shut
The frame-relay map statements are optional in the presence of LMI extensions, as there
task is done by inverse ARP. However, the map statements are useful in certain situations.
The command frame-relay switching enables frame relay switching on the router.
Whenever frame relay encapsulation is enabled on a router interface using the command
encapsulation frame-relay, it defaults to a DTE. In order to change it to a DCE, we need to use
the command frame-relay intf-type dce. The frame relay route statements
create the proper DLCI forwarding rules. In order to check the proper operation of the frame
relay switch you can use the command show frame-relay route.
Now, if you ping from either spoke to the hub or from hub to either spoke, the ping will be
successful. However, if you ping from spoke to spoke, the ping will be unsuccessful because
there is no DLCI to IP address mapping for it. Only the hubs IP address is learnt via inverse
ARP by a spoke.
In order to get connectivity between the two spokes serial interfaces, you need to add explicit
map statements. On R2, issue the command frame-relay map ip 10.10.1.3 203, while on R3,
frame-relay map ip 10.10.1.2 302. On the frame-relay switch, under the interface serial 2
configuration, add the command, frame-relay route 203 interface s0 302,
and under serial 0 add the command frame-relay route 302 interface s2
203.
All should be well at this point. Experiment with the commands show frame-relay map, show
frame-relay pvc, show frame-relay lmi and show ip route on all the routers and observe the
information presented there.
EXERCISE
1. Note down the output of the command show frame-relay pvc on the hub router and the
frame relay switch.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
61
Lab Session 12
OBJECT
To configure a Cisco router as a frame relay switch and create a hub and spoke frame relay
network using point-to-point sub-interfaces.
THEORY
We studied and implemented hub and spoke frame relay in the previous lab and talked about
spoke to spoke connectivity. We will look at the problems associated with this topology and
another way of solving the spoke to spoke connectivity problem.
Point-to-point and Multipoint Interfaces
At the simplest level, point-to-point means that site A connects to site B, and nowhere else,
whereas multipoint means that one site is connected to many sites by a physical connection.
There are two primary reasons that make it useful for a multipoint network to behave as if
each connection were a point-to-point connection, namely, routing protocol updates and the
ease of configuration.
The split horizon rule states that it is never useful to send information back out the interface
through which it was learned. Consider split horizon in the following figure:
Figure 12.1: Problem with Multipoint interfaces
Router B sends a routing update about network 5. Router A would receive it on its serial 0
interface and update its routing table. However, Router A will not send the information back
out of serial 0 to Router C because of split horizon. Router C would never see network 5 and
it will be unreachable from Router C.
The problem is that we have one physical interface and two virtual circuits. The solution is to
create a logical interface for each circuit. A sub-interface is a logical interface within a router
62
that is mapped to a particular DLCI. Serial 0 would now be configured as two sub interfaces
Serial0.1 and Serial 0.2, both being point-to-point. Each will be treated as an independent
interface by the routing protocol process.
PROCEDURE
We will set up the same network as in the previous lab, however, now we will use two
different network addresses on the frame-relay network. The configuration of the routers will
be different as given below.
R2
10.10.2.2/24
R1
10.10.1.1/24
DLCI 200 R6
10.10.3.3/24
R3
Figure 12.2: Network diagram for this lab
Configuring the frame relay switch
To configure a router as frame relay switch, log in to the router and enter the global
configuration mode. Issue the command frame-relay switching. Next configure the
serial interfaces using the following commands:
interface serial0
clockrate 64000
frame relay route 300 interface serial1 200
interface serial1
clockrate 64000
interface serial2
clockrate 64000
63
The command frame-relay switching enables frame relay switching on the router.
Whenever frame relay encapsulation is enabled on a router interface using the command
encapsulation frame-relay, it defaults to a DTE. In order to change it to a DCE, we need to use
the command frame-relay intf-type dce. The frame relay route statements
create the proper DLCI forwarding rules. In order to check the proper operation of the frame
relay switch you can use the command show frame-relay route.
Configuring the end devices
To configure the hub router, issue the following commands in the global configuration mode:
interface serial 0
interface serial0.1 point-to-point

ip address 10.10.1.1 255.255.255.0
frame-relay interface-dlci 100

ip address 10.10.2.2 255.255.255.0
frame-relay interface-dlci 200
router rip
network 10.0.0.0
On one spoke routers we issue the following configuration:
interface serial0

ip address 10.10.2.2 255.255.255.0
router rip
network 10.0.0.0
On the other spoke router, we issue the following configuration:
interface serial0

ip address 10.10.3.3 255.255.255.0
router rip
network 10.0.0.0
64
At this point we should have complete connectivity and all networks should be visible in all
routing tables. The students are encouraged to visit www.cisco.com and see the frame relay
configuration examples.
EXERCISE
1. Configure loopback interfaces on each spoke and the hub using different network
addresses, add those networks to the RIP routing process and verify that connectivity is
established.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
65
Lab Session 13
OBJECT
To study RedHat Linux setup.
THEORY
Linux is a Unix-like operating system which is available free of cost for download and for
sale by many vendors on CDs. RedHat Linux is a popular distribution of Linux which is very
well suited for novice users, even though it has all the advanced features that one could hope
for in a stable and full-blown mission critical operating system.
PROCEDURE
The first thing to do before you start is to know what hardware is in the computer you are
going to install Linux on. You must know at least the manufacturer and model number of
devices such as your monitor, sound card, VGA card. This information can be obtained if MS
Windows is already installed on the computer. You can collect this information from the
system applet in the MS Windows control panel. Note down the relevant information in the
table given below:
hard drive(s): type, label,

size; ex: IDE hda=1.2 GB
partitions: map of
partitions and mount
points; ex:
/dev/hda1=/home,
/dev/hda2=/ (fill this
in once you know where
they will reside)
memory: amount of RAM
installed on your system;
ex: 64 MB, 128 MB
CD-ROM: interface type;
ex: SCSI, IDE (ATAPI)
SCSI adapter: if present,
make and model number;
ex: BusLogic SCSI
Adapter, Adaptec
2940UW
network card: if present,
make and model number;
ex: Tulip, 3COM 3C590
66
mouse: type, protocol,

and number of buttons;
ex: generic 3 button PS/2
mouse, MouseMan 2
button serial mouse
monitor: make, model,

and manufacturer
specifications; ex:
Optiquest Q53,
ViewSonic G773
video card: make, model

number and size of
VRAM; ex: Creative
Labs Graphics Blaster
3D, 8MB
sound card: make, chipset

and model number; ex:
S3 SonicVibes, Sound
Blaster 32/64 AWE
IP, DHCP, and BOOTP

addresses: four numbers,
separated by dots; ex:
10.0.2.15
netmask: four numbers,

separated by dots; ex:
255.255.248.0
gateway IP address: four

numbers, separated by
dots; ex: 10.0.2.245
one or more name server

IP addresses (DNS): one
or more sets of dot-
separated numbers; ex:
10.0.2.1
domain name: the name

given to your
organization; ex: Red
Hat's would be
redhat.com
67
hostname: the name of

your computer; your
personal choice of names;
ex: cookie,
southpark
Some of this information may not be relevant to all installations and can be ignored. Once you
know that hardware in your computer, the next step is to determine how to install the Linux
operating system. From amongst the various ways to install Linux, the easiest one is installing
from the bootable installation CD-ROMs. But a pre-requisite is that your computer must be
able to boot from CD-ROM. Boot sequence can be modified in a computers BIOS.
If the computer does not permit booting from CD-ROM, one alternative is to run the
autoboot.bat file from the dosutils directory on the RedHat installation CD. Another
alternative is to install from a Linux installation boot disk. The disk image for the boot disk is
available on the images directory on your RedHat installation CD as boot.img.
Once you have located the boot image, you need a blank formatted 1.44 MB disk and a disk
image utility such as rewrite.
Using the rawrite Utility
To make a diskette using MS-DOS, use the rawrite utility included on the Red Hat Linux
CD-ROM in the dosutils directory. First, label a blank, formatted 3.5-inch diskette
appropriately (such as "Boot Disk" or "Updates Disk"). Insert it into the diskette drive. Then,
use the following commands (assuming your CD-ROM is drive d:):
C:\> d:
D:\> cd \dosutils
D:\dosutils> rawrite
Enter disk image source file name: ..\images\boot.img
Enter target diskette drive: a:
Please insert a formatted diskette into drive A: and
press --ENTER-- : [Enter]
D:\dosutils>
First, rawrite asks you for the filename of a diskette image; enter the directory and name of
the image you wish to write (for example, ..\images\boot.img). Then rawrite asks for a
diskette drive to write the image to; enter a:. Finally, rawrite asks for confirmation that a
formatted diskette is in the drive you have selected. After pressing [Enter] to confirm, rawrite
copies the image file onto the diskette.
Installation classes
Red Hat Linux provides five different classes, or types, of installations:
68
Workstation
A workstation installation is most appropriate if you are new to the world of Linux,
and would like to give it a try. A workstation installation will create a system for your
home or desktop use. A graphical, Windows-like environment will be installed.
Server
A server installation is most appropriate if you would like your system to function as a
Linux-based server, and you do not want to heavily customize your system
configuration.
Laptop
A laptop installation has been designed to make installing Red Hat Linux on laptops
even easier. Much like a workstation installation, it will make sure you have the
appropriate packages needed, as well as offer you an automated installation
environment.
Custom
A custom installation allows you the greatest flexibility during your installation. You
choose your boot loader, which packages you want, and more. Custom installations
are most appropriate for those users more familiar with Red Hat Linux installations
and for those afraid of losing complete flexibility.
Upgrade
If you already have a version of Red Hat Linux (4.2 or greater) running on your
system and you want to quickly update to the latest packages and kernel version, then
an upgrade is most appropriate for you.
These classes give you the option of simplifying the installation process (with some potential
for loss of configuration flexibility), or retaining flexibility with a slightly more complex
installation process.
Workstation Installations
Most suitable for new users, the workstation installation will install your choice of the
GNOME or KDE desktop environments, or both, and the X Window System (the graphical
software on which the desktop environments are based).
Below are the minimum recommended disk space requirements for a workstation installation
where only one language (such as English) will be installed.
Workstation choosing GNOME or KDE : 1.5 GB
Workstation choosing both GNOME and KDE, and games: 1.8 GB
If you plan to choose all package groups (for example, GNOME is a group of packages), as
well as select additional individual packages, you may want to allow yourself 2.1 GB or more
of disk space.
What a Workstation Installation Will Do
If you choose automatic partitioning, a workstation installation will create the following
partitions:
69
The size of the swap partition is determined by the amount of RAM in your system
and the amount of space available on your hard drive. For example, if you have 128
MB of RAM then the swap partition created can be 128 MB 256 MB (twice your
RAM), depending on how much disk space is available.
A 50 MB partition mounted as /boot in which the Linux kernel and related files
reside.
A root partition mounted as / in which all other files are stored (the exact size of this
partition is dependent on your available disk space).
Server Installations
A server installation is most appropriate for you if you would like your system to function as
a Linux-based server, and you do not want to heavily customize your system configuration.
Below are the minimum recommended disk space requirements for a server installation where
only one language (such as English) will be installed.
Server (minimum, no graphical interface): 1.3 GB
Server (choosing everything, no graphical interface): 1.4 GB
Server (choosing everything, GNOME and KDE): 2.1 GB
If you plan to choose all group packages, as well as select additional individual packages, you
may want to allow yourself 2.3 GB or more of disk space.
During the server installation, the X Window System is not configured and no GUI will be
loaded when the system boots, unless you choose to install the appropriate packages during
package selection.
What a Server Installation Will Do
MB of RAM then the swap partition created can be 128 MB - 256 MB (twice your
A 384 MB root partition mounted as /.
A partition mounted as /usr (the exact size of this partition is dependent on your
available disk space).
A partition mounted as /home (the exact size of this partition is dependent on your
available disk space).
A 256 MB partition mounted as /var.
A 50 MB partition mounted as /boot in which the Linux kernel and related files are
kept.
This disk partitioning scheme results in a reasonably flexible file system configuration for
most server tasks.
70
Laptop Installations
The laptop installation will install your choice of the GNOME or KDE desktop environments
(or both) and the X Window System.
Below are the minimum recommended disk space requirements for a laptop installation where
only one language (such as English) will be installed.
Laptop choosing GNOME or KDE: 1.5 GB
Laptop choosing both GNOME and KDE: 1.8 GB
If you plan to choose all package groups (for example, GNOME is a group of packages), as
well as select additional individual packages, you may want to allow yourself 1.7 GB or more
of disk space. If you provide this extra space, you will have room for additional data, if
needed.
What a Laptop Installation Will Do
If you choose automatic partitioning, a laptop installation will create the following partitions:
reside.
Custom Installations
The custom installation allows you the most flexibility during your installation. The
workstation and server installations automatically go through the installation process for you
and omit certain steps. During a custom installation, you have complete control over the
packages that will be installed on your system.
The recommended disk space requirements for a custom installation are as follows:
Custom (minimum): 350 MB
Custom (choosing everything): 3.7 GB
What a Custom Installation Will Do
As you might guess from the name, a custom installation puts the emphasis on flexibility.
You have complete control over which packages will be installed on your system.
If you choose automatic partitioning, a custom installation will create the following partitions:
71
reside.
We recommend using Custom installation and selecting only the modules and packages that
you need. You may delete the existing hard disk partitions in use by MS Windows and create
partitions for Linux from scratch. It is also possible to let MS Windows and Linux co-exist
and choosing between them when the computer boots.
The Red Hat Linux text mode installation program uses a screen-based interface that includes
most of the on-screen "widgets" commonly found on graphical user interfaces. The following
screen shots illustrate what you will see.
The installation program interface
Figure 13.1: Installation Program Widgets as seen in Boot Loader Configuration
72
Figure 13.2: Installation Program Widgets as seen in Disk Druid
Here is a list of the most important widgets shown in the above figures:
Window windows (usually referred to as dialogs in this manual) will appear on
your screen throughout the installation process. At times, one window may overlay
another; in these cases, you can only interact with the window on top. When you are
finished in that window, it will disappear, allowing you to continue working in the
window underneath.
Text Input text input lines are regions where you can enter information required by
the installation program. When the cursor rests on a text input line, you may enter
and/or edit information on that line.
Checkbox checkboxes allow you to select or deselect a feature. The box displays
either an asterisk (selected) or a space (unselected). When the cursor is within a
checkbox, press [Space] to select an unselected feature or to deselect a selected
feature.
Text widget text widgets are regions of the screen for the display of text. At times,
text widgets may also contain other widgets, such as checkboxes. If a text widget
contains more information than can be displayed in the space reserved for it, a scroll
bar appears; if you position the cursor within the text widget, you can then use the
[Up] and [Down] arrow keys to scroll through all the information available. Your
current position is shown on the scroll bar by a # character, which moves up and down
the scroll bar as you scroll.
Button widget button widgets are the primary method of interacting with the
installation program. You progress through the windows of the installation program by
navigating these buttons, using the [Tab] and [Enter] keys. Buttons can be selected
when they are highlighted.
73
Cursor although not a widget, the cursor is used to select (and interact) with a
particular widget. As the cursor is moved from widget to widget, it may cause the
widget to change color, or you may only see the cursor itself positioned in or next to
the widget. In Figure 14-1, the cursor is positioned on the OK button. Figure 14-2,
shows the cursor on the Edit button.
Using the Keyboard to Navigate
Navigation through the installation dialogs is performed through a simple set of keystrokes.
To move the cursor, use [Left], [Right], [Up], and [Down] arrow keys. Use [Tab], and [Alt]-
[Tab] to cycle forward or backward through each widget on the screen. Along the bottom,
most screens display a summary of available cursor positioning keys.
To "press" a button, position the cursor over the button (using [Tab], for example) and press
[Space] or [Enter]. To select an item from a list of items, move the cursor to the item you wish
to select and press [Enter]. To select an item with a checkbox, move the cursor to the
checkbox and press [Space] to select an item. To deselect, press [Space] a second time.
Pressing [F12] accepts the current values and proceeds to the next dialog; it is equivalent to
pressing the OK button.
The first screen you will see in the installation program is the welcome screen which does not
require any information from the user. You just need to press next to continue. The next
screen will ask you to select the language for the installation program. We recommend
selecting English.
Figure 13.3: Installation language selection dialog
The next screen will seek the keyboard configuration which is mostly correctly auto-detected
by the installation program so you may not need to make any changes:
74
Figure 13.4: Keyboard type selection dialog
Next, on the mouse configuration screen, you need to select the kind of mouse connected to
your computer. The common type of mice are serial or PS-2. PS-2 mice have round
connectors whereas serial mice have D-type connectors, mostly 9-pin. On the next screen you
will select the installation type:
Figure 13.5: Installation class selection dialog
Next step is disk partitioning. RedHat Linux installation offers you three different schemes.
We recommend Manually partitioning with Disk Druid.
75
Figure 13.6: Partitioning scheme selection dialog
Partitioning using Disk Druid

At this point, you must tell the installation program where to install Red Hat Linux. This is
done by defining mount points for one or more disk partitions in which Red Hat Linux will be
installed. You may also need to create and/or delete partitions at this time.
Figure 13.7: Partitioning with Disk Druid
76
Graphical Display of Hard Drive(s)

Disk Druid offers a graphical representation of your hard drive(s). Using your mouse, click
once to highlight a particular field in the graphical display. Double-click to edit an existing
partition or to create a partition out of existing free space.
Above the display, you will see the drive name (such as /dev/hda), the geom (which shows
the hard disk's geometry and consists of three numbers representing the number of cylinders,
heads, and sectors as reported by the hard disk), and the model of the hard drive as detected
by the installation program.
Disk Druid's Buttons
These buttons control Disk Druid's actions. They are used to change the attributes of a
partition (for example the file system type and mount point) and also to create RAID devices.
Buttons on this screen are also used to accept the changes you have made, or to exit Disk
Druid. For further explanation, take a look at each button in order:
New: Used to request a new partition. When selected, a dialog box appears containing
fields (such as mount point and size) that must be filled in.
Edit: Used to modify attributes of the partition currently selected in the Partitions
section. Selecting Edit opens a dialog box. Some or all of the fields can be edited,
depending on whether the partition information has already been written to disk.
You can also edit free space as represented in the graphical display to create a new
partition within that space. Either highlight the free space and then select the Edit
button, or double-click on the free space to edit it.
Delete: Used to remove the partition currently highlighted in the Current Disk
Partitions section. You will be asked to confirm the deletion of any partition.
Reset: Used to restore Disk Druid to its original state. All changes made will be lost
if you Reset the partitions.
Make RAID: Make RAID can be used if you want to provide redundancy to any or
all disk partitions. It should only be used if you have experience using RAID.
To make a RAID device, you must first create software RAID partitions. Once you
have created two or more software RAID partitions, select Make RAID to join the
software RAID partitions into a RAID device.
Partition Fields
Above the partition hierarchy are labels which present information about the partitions you
are creating. The labels are defined as follows:
Device: This field displays the partition's device name.
Start: This field shows the sector on your hard drive where the partition begins.
End: This field shows the sector on your hard drive where the partition ends.
77
Size: This field shows the partition's size (in MB).

Type: This field shows the partition's type (for example, ext2, ext3, or vfat).
Mount Point: A mount point is the location within the directory hierarchy at which a
volume exists; the volume is "mounted" at this location. This field indicates where the
partition will be mounted. If a partition exists, but is not set, then you need to define
its mount point. Double-click on the partition or click the Edit button.
Format: This field shows if the partition being created will be formatted.
Recommended Partitioning Scheme
Unless you have a reason for doing otherwise, we recommend that you create the following
partitions:
A swap partition (at least 32 MB) swap partitions are used to support virtual
memory. In other words, data is written to a swap partition when there is not enough
RAM to store the data your system is processing. The size of your swap partition
should be equal to twice your computer's RAM, or 32 MB, whichever amount is
larger, but no more than 2048 MB (or 2 GB). In Disk Druid, the partition field for
swap should look similar to the following:
<Swap> hda6 64M 64M Linux swap
For example, if you have 1 GB of RAM or less, your swap partition should be at least
equal to the amount of RAM on your system, up to two times the RAM. For more than
1 GB of RAM, 2 GB of swap is recommended. Creating a large swap space partition
will be especially helpful if you plan to upgrade your RAM at a later time.
A /boot partition (50 MB) the partition mounted on /boot contains the operating
system kernel (which allows your system to boot Red Hat Linux), along with files
used during the bootstrap process. Due to the limitations of most PC BIOSes, creating
a small partition to hold these files is a good idea. For most users, a 50 MB boot
partition is sufficient. In Disk Druid, the partition field for /boot should look similar
to:
/boot hda1 50M 50M Linux native
A root partition (1.5-3.7 GB) this is where "/" (the root directory) will be located.
In this setup, all files (except those stored in /boot) are on the root partition. A 1.5 GB
root partition will permit the equivalent of a workstation installation (with very little
free space), while a 3.7 GB root partition will let you install every package. In Disk
Druid, the partition field for / should look similar to:
/ hda5 3734M 3734M Linux native
Adding Partitions
To add a new partition, select the New button. A dialog box appears.
78
Mount Point: Enter the partition's

mount point. For example, if this
partition should be the root partition,
enter /; enter /boot for the /boot
partition, and so on. You can also use
the pull-down menu to choose the
correct mount point for your partition.
File System Type: Using the pull-down
menu, select the appropriate file system
type for this partition.
Allowable Drives: This field contains a
list of the hard disks installed on your
system. If a hard disk's box is
highlighted, then a desired partition can
be created on that hard disk. If the box is
not checked, then the partition will never
be created on that hard
Figure 13.8: Creating a New Partition
disk. By using different checkbox settings, you can have Disk Druid place partitions
as you see fit, or let Disk Druid decide where partitions should go.
Size (Megs): Enter the size (in megabytes) of the partition. Note, this field starts with
a "1" (one); unless changed, only a 1 MB partition will be created.
Additional Size Options: Choose whether to keep this partition at a fixed size, to
allow it to "grow" (fill up the available hard drive space) to a certain point, or to allow
it to grow to fill any remaining hard drive space available.
If you choose Fill all space up to (MB), you must give size constraints in the field to
the right of this option. This allows you to keep a certain amount of space free on your
hard drive for future use.
Force to be a primary partition: Select whether the partition you are creating should
be one of the first four partitions on the hard drive. If unselected, the partition created
will be a logical partition.
Check for bad blocks: Checking for bad blocks can help prevent data loss by
locating the bad blocks on a drive and making a list of them to prevent using them in
the future. If you wish to check for bad blocks while formatting each file system,
please make sure to select this option.
Selecting Check for bad blocks may dramatically increase your total installation
time. Since most newer hard drives are quite large in size, checking for bad blocks
may take a long time; the length of time depends on the size of your hard drive.
79
Ok: Select Ok once you are satisfied with the settings and wish to create the partition.
Cancel: Select Cancel if you do not want to create the partition.
File System Types
Red Hat Linux allows you to create different partition types, based on the file system they
will use. The following is a brief description of the different file systems available, and how
they can be utilized.
ext2 An ext2 file system supports standard Unix file types (regular files,
directories, symbolic links, etc). It provides the ability to assign long file names, up to
255 characters. Versions prior to Red Hat Linux 7.2 used ext2 file systems by default.
ext3 The ext3 file system is based on the ext2 file system and has one main
advantage journaling. Using a journaling file system reduces time spent recovering
a file system after a crash as there is no need to fsck the file system. The ext3 file
system will selected by default and is highly recommended.
software RAID Creating two or more software RAID partitions allows you to
create a RAID device.
swap Swap partitions are used to support virtual memory. In other words, data is
written to a swap partition when there is not enough RAM to store the data your
system is processing.
vfat The VFAT file system is a Linux file system that is compatible with Windows
95/NT long filenames on the FAT file system.
Editing Partitions
To edit a partition, select the Edit button or double-click on the existing partition. If the
partition already exists on your hard disk, you will only be able to change the partition's
mount point. If you want to make any other changes, you will need to delete the partition and
recreate it
Deleting a Partition
To delete a partition, highlight it in the Partitions section and click the Delete button. You
will be asked to confirm the deletion.
Boot Loader Installation
In order to boot your Red Hat Linux system, after installation, without a boot disk, you
usually need to install a boot loader. You can choose to install GRUB (selected by default),
LILO, or you can choose not to install a boot loader at all.
First, select which boot loader you want to install. If you do not want to overwrite your
current boot loader, choose Do not install a boot loader. If you choose not to install GRUB
or LILO for any reason, you will not be able to boot your Red Hat Linux system directly, and
you will need to use another boot method (such as a boot diskette). Use this option only if you
are sure you have another way of booting your Red Hat Linux system! We recommend using
LILO.
80
Figure 13.9: Boot Loader Installation
Assuming you chose GRUB or LILO, you must now determine where you want the boot
loader to be installed. You may install the boot loader in one of two places:
The master boot record (MBR)
This is the recommended place to install a boot loader, unless the MBR already starts
another operating system loader, such as System Commander. The MBR is a special
area on your hard drive that is automatically loaded by your computer's BIOS, and is
the earliest point at which the boot loader can take control of the boot process. If you
install it in the MBR, when your machine boots, GRUB (or LILO) will present a boot
prompt. You can then boot Red Hat Linux or any other operating system that you have
configured the boot loader to boot.
The first sector of your boot partition
This is recommended if you are already using another boot loader on your system. In this
case, your other boot loader will take control first. You can then configure that boot loader to
start GRUB (or LILO), which will then boot Red Hat Linux.
If your system will use only Red Hat Linux, you should choose the MBR. For systems with
Windows 95/98, you should also install the boot loader to the MBR so that it can boot both
operating systems. In short, we recommend using the MBR method.
81
If you wish to add default options to GRUB or LILO's boot command, enter them into the
Kernel parameters field. Any options you enter will be passed to the Linux kernel every
time it boots. This is generally not needed except for a few complex situations.
The Force use of LBA32 (not normally required) option allows you to exceed the 1024
cylinder limit for the /boot partition. If you have a system which supports the LBA32
extension for booting operating systems above the 1024 cylinder limit, and you want to place
your /boot partition above cylinder 1024, you should select this option.
Every bootable partition is listed, including partitions used by other operating systems. The
partition holding your Red Hat Linux system's root file system will have a Boot label of Red
Hat Linux (for GRUB) or linux (for LILO). Other partitions may also have boot labels. If
you would like to add boot labels for other partitions (or change an existing boot label), click
once on the partition to select it. Once selected, you can change the boot label by editing the
name in the Boot label text field. The Boot label column lists what you must enter at the boot
prompt, in non-graphical boot loaders, in order to boot the desired operating system.
Once you have loaded the GRUB boot screen, use the arrow keys to choose a boot label or
type e for edit. You will be presented with a list of items in the configuration file for the boot
label you have selected.
At the graphical LILO screen, press [Ctrl]-[x] to exit to the boot: prompt. If you forget the
boot labels defined on your system, you can always press [Tab] at the prompt to display a list
of defined boot labels.
Network Configuration
If you have multiple devices, you will see a tab for each device. You may switch between
devices (for example, between eth0 and eth1) and the information you provide on each tab
will be specific to each device.
Figure 13.10: Network Configuration
82
You can indicate if you would like to configure your IP address using DHCP (Dynamic Host
Configuration Protocol). If you select Activate on boot, your network interface will be started
when you boot. We will not use DHCP, so you need to provide the IP address, netmask,
network address and broadcast address as provided on the small label on the PC. The
remaining entries can be skipped.
Firewall Configuration
The next screen will ask you to configure the type of firewall to use. There will be three
options, namely, high, medium, and no firewall. You can also customize these. However, we
recommend selecting no firewall. Selecting a firewall type will deny access to certain network
services to and from the host.
High
If you choose High, your system will not accept connections (other than the default settings)
that are not explicitly defined by you. By default, only the following connections are allowed:
DNS replies
DHCP so any network interfaces that use DHCP can be properly configured
If you choose High, your firewall will not allow the following:
Active mode FTP (passive mode FTP, used by default in most clients, should still work)
IRC DCC file transfers
RealAudioTM
Remote X Window System clients
If you are connecting your system to the Internet, but do not plan to run a server, this is the
safest choice. If additional services are needed, you can choose Customize to allow specific
services through the firewall.
Medium
If you choose Medium, your firewall will not allow remote machines to have access to
certain resources on your system. By default, access to the following resources are not
allowed:
Ports lower than 1023 the standard reserved ports, used by most system services, such
as FTP, SSH, telnet, HTTP, and NIS.
The NFS server port (2049) NFS is disabled for both remote severs and local clients.
The local X Window System display for remote X clients.
The X Font server port (by default, xfs does not listen on the network; it is disabled in the
font server).
83
If you want to allow resources such as RealAudioTM while still blocking access to normal
system services, choose Medium. Select Customize to allow specific services through the
firewall.
Obviously, since we will be configuring some of these servers in later labs, we would not
want to deny access to any of them.
The next step, Language support selection has the necessary support checked already so we
will not need to do anything special there. Click next to go on to time zone selection. On the
time zone selection screen, you will see a map of the world and can select your location from
either the scrollable list box or by clicking on locations marked by yellow dots on the map.
Our location is Karachi, Islamabad, and we are GMT+5:00.
Clicking next will bring you to the user account configuration screen. You need to provide a
password for the super user account, root, which is the Linux equivalent of the Windows NT
administrator user account. The password must be typed twice. Since it is not echoed on the
screen, just to be sure that you did not misspell anything, you are not very likely to mistype
something exactly the same way twice. The root password needs to be at least six characters
long. For your installation we recommend using cnl2k3 as the root password for uniformity.
On this screen you can also create other user accounts. You are welcome to create user
accounts for your ordinary use. Even if you know the root account password, it is not a good
practice to log on using it. Log on with an ordinary user account and do your work. If and
when you need root privileges, switch to root mode by issuing the command su. Linux will
ask you for the root password and if you type the correct password, put you in super user
mode. Once you are done doing whatever needed root privileges, such as installing a program
from an RPM, switch back to ordinary user mode by typing exit. When you are done on this
screen, click next.
Figure 13.11: Package Selection Screen
84
Everything on the authentication configuration screen is already set to acceptable values for
us, so we will just click next on that screen. Since we chose the custom installation class, the
next screen is package group selection. The last item in this list is Everything. If you select
it, all packages that come with RedHat Linux will be installed at about 3.7GB.
You can select a package by clicking on the checkbox next to it. If you select select
individual packages then when you click next, you will be given a chance to select individual
components of these packages.
Figure 13.12: Individual package selection
As you can see, there is a detailed explanation of each package available, which can help you
decide whether or not you want to install it. Briefly, Gnome and KDE are two graphical user
interface packages. You can choose either one or both of these to install. Its only a matter or
personal preference as to which one you like later on. Some people like one, some like the
other. Given sufficient hard disk space, you are welcome to try both out. I prefer KDE over
Gnome.
When you are done and click next, the setup program looks for any missing dependencies for
any modules that you selected. If there is any package that you did not select, and some other
package you selected depends on it, you will be notified of the missing package and asked if
you would like to install the missing packages. We recommend that you select to install the
missing packages.
85
If you had decided to install the X Window System package, then the next step will be vide
configuration for X Window system. If your video card does not appear on the list (see Figure
14-13), X may not support it. However, if you have technical knowledge about your card, you
may choose Unlisted Card and attempt to configure it by matching your card's video chipset
with one of the available X servers.
Figure 13.13: Video Card Setup
Next, enter the amount of video memory installed on your video card. If you are not sure,
please consult the documentation accompanying your video card. You will not damage your
video card by choosing more memory than is available, but the X server may not start
correctly if you do.
If you decide that the values you have selected are incorrect, you can click the Restore
original values button to return to the suggested settings. You can also select Skip X
Configuration if you would rather configure X after the installation or not at all.
You will next see a screen that will prepare you for installation of RedHat Linux and the
actual package installation will start. At this point you have to do no intervention and have to
wait for the installation to complete. The progress bars will keep you up to date about the
current and overall progress.
86
Once the package installation is complete, the next screen will offer you to make a boot disk.
If you have a spare blank formatted disk with you, setup can create a boot disk for you which
will be very handy in case of any disastrous situation. However, since you chose to install
LILO, this is not necessary. You may just click on skip boot disk creation and continue on
to the next step.
If you are installing X Window System and did not select to skip X Configuration earlier, the
next step will be configuration of your monitor. Most monitors are listed on this screen and
you can select the appropriate monitor from the list.
If your monitor does not appear on the list, select the most appropriate Generic model
available. By selecting a Generic monitor, Xconfigurator will suggest horizontal and vertical
sync ranges. These values are generally available in the documentation which accompanies
your monitor, or from your monitor's vendor or manufacturer; please check your
documentation to make sure these values are set correctly.
Figure 13.14: Custom configuration
87
On the next step, Custom Configuration select the color depth and resolution for X Window
System. Choose a setting on this window and click on Test Setting to try it out. If you dont
like what you see on the test screen, click no, otherwise click yes.
You will also select your login type. If you select Graphical, then Linux will immediately
go into the X Window System after it boots. Otherwise you will get a text mode screen to log
in to. You can then, start the X Window system using the command startx.
Congratulations! Your Red Hat Linux 7.3 installation is now complete! The installation
program will prompt you to prepare your system for reboot. Remember to remove any
installation media (diskette in the diskette drive or CD in the CD-ROM drive) if they are not
ejected automatically upon reboot.
If you do not have a boot loader installed and configured, you will need to use the boot disk
you created during the installation now.
After your computer's normal power-up sequence has completed, you should see the graphical
boot loader prompt, at which you can do any of the following things:
Press [Enter] causes the default boot entry to be booted.
Select a boot label, followed by [Enter] causes the boot loader to boot the operating
system corresponding to the boot label. (Press [?] or [Tab] at LILO's text mode boot
loader prompt for a list of valid boot labels.)
Do nothing after the boot loader's timeout period, (by default, five seconds) the
boot loader will automatically boot the default boot entry.
Do whatever is appropriate to boot Red Hat Linux. You should see one or more screens of
messages scroll by. Eventually, you should see a login: prompt or a graphical login screen (if
you installed the X Window System and chose to boot into graphical mode by default).
88
Lab Session 14
OBJECT
To setup FTP server and Apache on Linux
THEORY
File transfer protocol is a popular way of transferring files from machine to machine
across a network. Clients and servers have been written to all the popular platforms,
thereby often making FTP the most convenient way of performing file transfers. You can
configure FTP servers one of two ways. The first is as a private, user only site, which is
the default configuration for the FTP server. A private FTP server allows only system
users to connect via FTP and access their files. You can place access control to either
deny or allow access to specific users. The other kind of FTP server is anonymous. An
anonymous FTP server allows anyone on the network to connect to it and transfer files
without having an account. Because of the potential security risk involved with this setup,
you should allow access only to certain directories on the system.
Depending on which packages you chose to install during the installation you might
already have FTP server software installed. To determine whether you do, check for the
/usr/sbin/in.ftpd file. If it is there, you have the necessary software to install the FTP
server.
PROCEDURE
FTP server most commonly used on Linux is wu-ftpd, developed at Washington
University. It is freely available as binary as well as source code. You can download and
install from the RPM easily. RPMs can be located on the web using
http://www.rpmfind.net. The RPM would also be available on the installation CD-ROM
in the RedHat/RPMS directory.
To install from the RPM use the command:
rpm ivh wu-ftpd-2.6.2-5.i386.rpm
To ensure that the FTP server is installed and running, connect to it from the local
machine using the command ftp localhost. You should, at this point, be able to login to
the server. Note that you can not login to the FTP server using the root id.
FTP Configuration Files
The various configuration files associated with the FTP server are:
/etc/ftpaccess
89
/etc/ftpconversions
/etc/ftphosts
/var/log/xferlog
For advanced configuration options see the documentation for wu-ftpd or the man page
for ftpd.
Apache Server
Apache is the most commonly used web server on the Internet. You can install Apache
from the sources or from the RPM. Once you have located the RPM for Apache, type the
following command as root:
rpm ivh apache-1.3.23-11.i386.rpm
Upon installation, the RPM installs file in the following directories:
/etc/httpd/conf/ contains all the apache configuration files, which include

access.conf, httpd.conf, and srm.conf.
The tree under /etc/rc.d/ contains system startup scripts.
/var/www contains the default server icons, CGI programs and html files.
/usr/sbin/ contains the executable programs.
/usr/bin/ contains some utilities from the Apache package.
/var/log/http/ contains the server log file.
When Apache is running, it creates files in the following directories:
/var/run/lock/ contains a file called httpd created by the startup scripts.

/var/run/ contains http.pid file which has the process ID for Apache parent
process.
An interesting option you might want to configure in the httpd.conf file is UserDir. This
directive defines the directory relative to a local users home directory where that user
can put public HTML documents. The default value is public_html. This allows you to
access a users home page using the syntax http://servername/~username/ in your web
browser.
To check that the Apache web server is running, type the following command line:
lynx localhost
Lynx is a small text-mode web browser that comes with RedHat Linux. You should get
the default home page that Apache comes with. You can quit Lynx using the q key.
90
REMARKS (List down any difficulties that you faced during this lab)
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
91
Lab Session 15
OBJECT
To setup BIND on Linux
THEORY
Referring to hosts by IP addresses is convenient for computers, but humans have an easier
time working with names. Obviously, we need some sort of translation table to convert IP
addresses to hostnames. With millions of machines on the Internet today and new ones
popping up every day it would be impossible for someone to maintain a list of all the hosts.
This is where DNS comes in.
The Domain Name Service is the system by which each site maintains its own mapping of IP
addresses to machine names. Each site puts this mapping into a publicly accessible database,
so anyone can find the IP address corresponding to a hostname is the site simply by querying
the sites database.
To access this database, you need to run a DNS server for your site. A DNS server is also
known as a nameserver (NS). These servers come in three varieties:
Master (also called primary)

Slave (also called secondary)
Caching
If you are connecting to an existing network you only need to run a caching server. On the
other hand if you are setting up a new site to be accessed through the Internet, you need to
setup a primary server. Secondary servers eliminate the single point of failure represented by
lone master server and also share the query load.
PROCEDURE
BIND (Berkley Internet Name Domain) is the most popular DNS server on Linux. You can
install it using the RPM or the source. Locate and install the BIND RPM. The DNS boot file
/etc/named.conf contains the configuration for BIND. For our purpose put the following at the
end of this file:
options{
directory "/var/named";
};
zone "neduet.edu.pk" in {
type master;
file "neduet.edu.pk";
};
You also need to create the zone data file, notified in above as neduet.edu.pk. Create this file
under /var/named using the vi or pico editor with the following contents:
92
$TTL 86400
@ IN SOA cisd.neduet.edu.pk root.localhost. (
20030125 ;serial
3600 ;refresh
300 ;retry
3600000 ;expire
3600 ); minimum;
IN NS cisd
cisd IN A 192.168.6.133
www IN CNAME cisd
ftp IN CNAME cisd
Some helpful commands to check your BIND configuration are named-checkconf and
named-checkzone. These two utilities check the BIND configuration and the zone data
file respectively.
To start the name server, issue the command:
/etc/rc.d/init.d/named start
If all went well, your DNS server is up and running. To verify, specify your Linux hosts IP
address as the primary DNS server on a Windows machine and try to ping cisd.neduet.edu.pk
or open www.neduet.edu.pk from a web browser.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
93
Lab Session 16
OBJECT
To setup Samba on Linux.
THEORY
Samba is a suite of SMB(Session Message Block) protocol services under Linux. Using
Samba you can share a Linux filesystem with Windows. You can also share a Windows
filesystem with Linux. You can also share printers connected to either a Linux or Windows
System.
The Samba suite of SMB protocol utilities consists of several components. The smbd daemon
provides the file and print services to SMB clients, such as Winodws or other Linux and Unix
hosts. The configuration file for Samba is described in smb.conf.
The smbclient program implements a simple FTP-like client on a Linux or Unix box. The
SMB mount program(smbmount) enables mounting of server directories on a Linux or Unix
box. The testparam utility allows you to test your smb.conf configuration file. The
smbstatus utility tells you who is currently using the smbd server. SWAT is a web-based
interface to smb.conf.
PROCEDURE
Install Samba from an RPM if you havent got it installed on the Linux machine. The samba
server uses the /etc/samba/smb.conf file as the configuration file. If you change this
configuration file, the changes will not take effect until you restart the Samba daemon with
the command service smb restart.
The default configuration file (smb.conf) in Red Hat Linux 7.3 allows users to view their
Linux home directories as a Samba share on the Windows machine after they log in using the
same username and password. It also shares any printers configured for the Red Hat Linux
system as Samba shared printers. In other words, you can attach a printer to your Red Hat
Linux system and print to it from the Windows machines on your network.
To specify the Windows workgroup and description string, edit the following lines in your
smb.conf file:
workgroup = WORKGROUPNAME
server string = BRIEF COMMENT ABOUT SERVER
94
Replace WORKGROUPNAME with the name of the Windows workgroup to which this
machine should belong, in our case CNL. The BRIEF COMMENT ABOUT SERVER is
optional and will be the Windows comment about the Samba system.
To create a Samba share directory on your Linux system, add the following section to your
smb.conf file (after modifying it to reflect your needs and your system):
[sharename]
comment = Insert a comment here
path = /home/share/
valid users = tfox carole
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users tfox and carole to read and write to the directory
/home/share, on the Samba server, from a Samba client.
Samba Passwords
In Red Hat Linux 7.3 encrypted passwords are enabled by default because it is more secure. If
encrypted passwords are not used, plain text passwords are used, which can be intercepted by
someone using a network packet sniffer. It is recommended that encrypted passwords be used.
The Microsoft SMB Protocol originally used plaintext passwords. However, Windows 2000
and Windows NT 4.0 with Service Pack 3 or higher require encrypted Samba passwords. To
use Samba between a Red Hat Linux system and a system with Windows 2000 or Windows
NT 4.0 Service Pack 3 or higher, you can either edit your Windows registry to use plaintext
passwords or configure Samba on your Linux system to use encrypted passwords. If you
choose to modify your registry, you must do so for all your Windows NT or 2000 machines
this is risky and may cause further conflicts.
To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these
steps:
1. Create a separate password file for Samba. To create one based on your existing
/etc/passwd file, at a shell prompt, type the following command:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
2. If the system uses NIS, type the following command:
ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
3. The mksmbpasswd.sh script is installed in your /usr/bin directory with the

samba package.
4. Use the command chmod 600 /etc/samba/smbpasswd to change permissions on the
Samba password file so that only root has read and write permissions.
95
5. The script does not copy user passwords to the new file. To set each Samba user's
password, use the command smbpasswd username (replace username with each user's
username). A Samba user account will not be active until a Samba password is set for
it.
6. Encrypted passwords must be enabled in the Samba configuration file. In the file
smb.conf, verify that the following lines are not commented out:
encrypt password = yes
smb passwd file = /etc/samba/smbpasswd
7. Make sure the smb service is started by typing the command service smb restart at a
shell prompt.
8. If you want the smb service to start automatically, use ntsysv, chkconfig, or
serviceconf to enable it at runtime.
The pam_smbpass PAM module can be used to sync users' Samba passwords with their
system passwords when the passwd command is used. If a user invokes the passwd
command, the password he uses to log in to the Red Hat Linux system as well as the
password he must provide to connect to a Samba share are changed.
To enable this feature, add the following line to /etc/pam.d/system-auth below the
pam_cracklib.so invocation:
password required /lib/security/pam_smbpass.so nullok

use_authtok try_first_pass
Connecting to a Samba Share
To connect to a Linux Samba share from a Microsoft Windows machine, use Network
Neighborhood or Windows Explorer.
To connect to a Samba share from a Linux system, from a shell prompt, type the following
command:
smbclient //hostname/sharename -U username
You will need to replace hostname with the hostname or IP address of the Samba server you
want to connect to, sharename with the name of the shared directory you want to browse, and
username with the Samba username for the system. Enter the correct password or press [Enter]
if no password is required for the user.
If you see the smb:\> prompt, you have successfully logged in. Once you are logged in, type
help for a list of commands. If you wish to browse the contents of your home directory,
replace sharename with your username. If the -U switch is not used, the username of the current
user is passed to the Samba server. To exit smbclient, type exit at the smb:\> prompt.
96
You can also use Nautilus to view available Samba shares on your network. On the
GNOME desktop, go to the Main Menu Button (on the Panel) => Programs =>
Applications => Nautilus to open a Nautilus window. Type smb: in the
Location: bar. You will see an icon for each available SMB workgroups on your network.
To access one, double-click the icon for it.
Figure 16-1: SMB browser in the Nautilus window
If the SMB share you are connecting to requires a user name and password combination, you
must specify them in the Location: bar using the following syntax (replace user, password,
servername, and sharename with the appropriate values):
smb://user:password@servername/sharename/
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
97
Lab Session 17
OBJECT
To setup DHCP server on Linux.
THEORY
DHCP (Dynamic Host Configuration Protocol) is a protocol to configure hosts dynamically,
meaning that unconfigured client computers can be plugged into a DHCP served LAN, and
will be given an IP address, a DNS server address, a WINS server address, and many other
configuration items that would otherwise need to be manually configured by the network
administrator. The administrators sole network configuration task is to make sure that each
client has a unique hostname.
Obviously, this can save many weeks of configuration over the lifetime of a medium-sized
LAN. It also makes renumbering a cinch when the LANs network address or netmask is
changed. DHCP can be used to automatically reconfigure LAN clients to accommodate
changes in DNS and WINS server addresses.
Configuring a DHCP Server
You can configure a DHCP server using the configuration file /etc/dhcpd.conf. DHCP also
uses the file /var/lib/dhcp/dhcpd.leases to store the client lease database. The first step in
configuring a DHCP server is to create the configuration file that stores the network
information for the clients. Global options can be declared for all clients, or options can be
declared for each client system.
The configuration file can contain any extra tabs or blank lines for easier formatting. The
keywords are case-insensitive, and lines beginning with a hash mark (#) are considered
comments. There are two types of statements in the configuration file:
Parameters state how to perform a task, whether to perform a task, or what
network configuration options to send to the client.
Declarations describe the topology of the network, describe the clients, provide
addresses for the clients, or apply a group of parameters to a group of declarations.
Some parameters must start with the option keyword and are referred to as options.
Options configure DHCP options; whereas, parameters configure values that are not
optional or control how the DHCP server behaves.
Parameters (including options) declared before a section enclosed in curly brackets ({ })
are considered global parameters. Global parameters apply to all the sections below it. If
you change the configuration file, the changes will not take effect until you restart the
DHCP daemon with the command service dhcpd restart.
Take a look at the subnet declaration given below. The routers, subnet-mask, domain-
name, domain-name-servers, and time-offset options are used for any host statements
declared below it. In the configuration file, you must include a subnet declaration for
98
every subnet in your network. If you do not, the DHCP server will fail to start. In this
example, there are global options for every DHCP client in the subnet and a range
declared. Clients are assigned an IP address within the range.
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.250;
option subnet-mask 255.255.255.0;
option domain-name "example.com";

option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard

Time
range 192.168.1.1 192.168.1.100;

}
All subnets that share the same physical network should be declared within a shared-
network declaration as shown below. Parameters within the shared-network but outside the
enclosed subnet declarations are considered global parameters. The name of the shared-
network should be a descriptive title for the network such as test-lab to describe all the
subnets in a test lab environment.
shared-network name {
option domain-name "test.redhat.com";
option domain-name-servers ns1.redhat.com,
ns2.redhat.com;
more parameters for EXAMPLE shared-network
subnet 192.168.1.0 netmask 255.255.255.0 {
parameters for subnet
range 192.168.1.1 192.168.1.31;
}
subnet 192.168.1.32 netmask 255.255.255.0 {
parameters for subnet
range 192.168.1.33 192.168.1.63;
}
}
As demonstrated below, the group declaration can be used to apply global parameters to a
group of declarations. You can group shared networks, subnets, hosts, or other groups.
group {

option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard

Time
99
host apex {
option host-name "apex.example.com";
hardware ethernet 00:A0:78:8E:9E:AA;
fixed-address 192.168.1.4;
}
host raleigh {
option host-name "raleigh.example.com";
hardware ethernet 00:A1:DD:74:C3:F2;
}
}
To configure a DHCP server that leases a dynamic IP address to a system within a subnet,
modify the below example with your values. It declares a default lease time, maximum
lease time, and network configuration values for the clients. This example assigns IP
addresses in the range 192.168.1.10 and 192.168.1.100 to client systems.
default-lease-time 600;
max-lease-time 7200;
option broadcast-address 192.168.1.255;
option domain-name-servers 192.168.1.1, 192.168.1.2;
subnet 192.168.1.0 netmask 255.255.255.0 {

range 192.168.1.10 192.168.1.100;
}
It is also possible to assign an IP address to a client based on the MAC address of the
network interface card. In this case, use the hardware Ethernet parameter within a host
declaration. As demonstrated below, the host apex declaration specifies that the network
interface card with the MAC address 00:A0:78:8E:9E:AA always receives the IP address
192.168.1.4. Notice that you can also use the optional parameter host-name to assign a
host name to the client.
host apex {
option host-name "apex.example.com";
hardware ethernet 00:A0:78:8E:9E:AA;
}
For a complete list of option statements and what they do, refer to the dhcp-options man
page.
Lease Database
On the DHCP server, the file /var/lib/dhcp/dhcpd.leases stores the DHCP client lease
database. This file should not be modified by hand. DHCP lease information for each
recently assigned IP address is automatically stored in the lease database. The information
100
includes the length of the lease, to whom the IP address has been assigned, the start and
end dates for the lease, and the MAC address of the network interface card that was used to
retrieve the lease. All times in the lease database are in Greenwich Mean Time (GMT), not
local time.
The lease database is recreated from time to time so that it is not too large. First, all known
leases are saved in a temporary lease database. The dhcpd.leases file is renamed
dhcpd.leases~, and the temporary lease database is written to dhcpd.leases.
The DHCP daemon could be killed or the system could crash after the lease database has
been renamed to the backup file but before the new file has been written. If this happens,
there is no dhcpd.leases file that is required to start the service. Do not create a new lease
file if this occurs. If you do, all the old leases will be lost and cause many problems. The
correct solution is to rename the dhcpd.leases~ backup file to dhcpd.leases and then start
the daemon.
Starting and Stopping the Server
To start the DHCP service, use the command /sbin/service dhcpd start. To
stop the DHCP server, use the command /sbin/service dhcpd stop. If you have
more than more network interface attached to the system, but you only want the DHCP
server to start on one of the interface, you can configure the DHCP server to start only on
that device. In /etc/sysconfig/dhcpd, add the name of the interface to the list of
DHCPDARGS:
# Command line options here

DHCPDARGS=eth0
This is useful if you have a firewall machine with two network cards. One network card
can be configured as a DHCP client to retrieve an IP address to the Internet. The other
network card can be used as a DHCP server for the internal network behind the firewall.
Specifying only the network card connected to the internal network makes the system
more secure because users can not connect to the daemon via the Internet.
Other command line options that can be specified in /etc/sysconfig/dhcpd include:
-p <portnum> Specify the udp port number on which dhcpd should listen. The
default is port 67. The DHCP server transmits responses to the DHCP clients at a port
number one greater than the udp port specified. For example, if you accept the default of
port 67, the server listens on port 67 for requests and responses to the client on port 68.
-f Run the daemon as a foreground process. This is mostly used for debugging.
-d Log the DHCP server daemon to the standard error descriptor. This is mostly
used for debugging. If this is not specified, the log is written to /var/log/messages.
-cf filename Specify the location of the configuration file. The default location is
/etc/dhcpd.conf.
-lf filename Specify the location of the lease database file. If a lease database file
already exists, it is very important that the same file be used every time the DHCP
server is started. It is strongly recommended that this option only be used for
101
debugging purposes on non-production machines. The default location is

/var/lib/dhcp/dhcpd.leases.
-q Do not print the entire copyright message when starting the daemon.
PROCEDURE
The first step is to see whether DHCP is already in service. You might have installed
DHCP during Linux installation. Use the following command:
ps -ax | grep dhcpd
If you see an instance of dhcpd running, you know its already configured and running.
Otherwise, youll need to configure dhcpd. Its an easy task. You can use the sample
configuration file in Red Hat Linux 7.3 as a starting point and then add your own custom
configuration options to it.
Use the following as the configuration file for the server:
default-lease-time 600;
max-lease-time 7200;
option broadcast-address 192.168.6.255;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "neduet.edu.pk";
subnet 192.168.6.0 netmask 255.255.255.0 {

range 192.168.1.100 192.168.6.150;
}
Restart the DHCP server. Now configure a Windows client on the LAN to use DHCP and
specify the IP address of the Linux server as the DHCP server. Restart the Windows client
and check that it has been assigned an IP address from the pool specified above, using the
command ipconfig in an MS-DOS window.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
102

CCN 2010

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCN 2010

Uploaded by

Copyright:

Available Formats

Practical Workbook

Computer Communication Networks

Dept. of Computer & Information Systems Engineering

Prepared By: M Saqib Ilyas (Assistant Professor),

Revised by: Ms. Saneeha Ahmed (Assistant Professor)

Dept. of Computer & Information Systems Engineering

Computer Communication Networks is a senior level undergraduate course in Computer and

Lab Session No. Object Page No.

1 To install network card in Windows NT environment, and perform 7

2 To make following UTP Cables: 18

3 To practice some basic commands to interact with the Cisco IOS 24

4 To copy IOS image and configuration to and from CISCO router. 29

5 Configuring static routes on Cisco routers. 34

6 To configure RIP (Router Information Protocol). 37

7 To study advanced RIP configuration and parameters tuning. 43

8 To configure OSPF (Open Shortest Path First). 47

9 To recover lost router password. 51

10 To study and configure access-lists. 55

To configure hub and spoke frame relay on Cisco routers using

To study RedHat Linux setup.

EQUIPMENT AND APPARATUS

An IP (Internet Protocol) address uniquely identifies a node or host connection to an IP

Figure 1.1: Network Neighborhood contex menu

Figure 1.2: Selecting the network connection type

On the next dialog, click Select from list:

Figure 1.3: Network adapter search screen

On the next dialog click Have Disk:

Figure 1.4: Selecting a network adapter

Figure 1.5: Specifying path to network adapter driver

Figure 1.6: Selecting the specific network adapter

On the next dialog, click next:

Figure 1.7: Enabling a network adapter for networking

Figure 1.8: Selecting protocols to install

On the next dialog click next:

Figure 1.9: Selecting services to install

Figure 1.10: Preparing to install networking

Figure 1.11: Specifying path to Windows NT setup files

Figure 1.12: Specifying DHCP option

Figure 1.13: Specifying IP address, subnet mask and default gateway

On the next dialog click next:

Figure 1.14: Services bindings screen

On the next dialog click next:

Figure 1.15: Preparing to start the network

Figure 1.16: Specifying Windows NT workgroup or domain

Figure 1.17: Finishing setup of Windows NT networking

Network Card Diagnosis

Figure 1.18: Ping utility

To make the following kinds of UTP cables:

1. Straight through cable

CAT 5 cable is available in reel-in-box packaging. This is very handy for

Network cabling tools

1. Modular Plug Crimp Tool

You will need a modular crimp tool. This is very

2. Universal UTP Stripping Tool (Eclipse)

It makes a much neater cut. It is highly recommending

3. Diagonal Cutters Figure 2.4: Eclipse

It is easier to use diagonal cutters (diags or dikes)

Figure 2.6: Schematic diagram of transmission line

Straight through and cross over cable

Figure 2.7: Straight through and crossover cable wire scheme

EIA/TIA 568A and 568B standards

Figure 2.8: Cable connector standard ordering

It makes no functional difference which standard you use