CCNA Practical Guide - 1st Edition

Introduction
This book is dedicated to all Students who need a practical enviroment for ccna. I include in this book all basic and advanced practice modes with brief scenario. I think it is a greate journey for you to read and analyze this book.

As you know every success need more and more knowledge As well as complete command in practical. So this is the best way To make yourself a fully confident network engineer. Thanks to My all friends that help me and encarage me for this book. All sugestions are invited to make this book better then the best. You can mail your advice to me at vinod.rajura@gmail.com . Web site :- http://komalcomedu.webs.com

Vinod D. Lande Mo.8983498861

INDEX S. No. 1 2 Topic Introduction of WAN, WAN devices Topology, Types of data signals and Ethernet NIC and Ethernet cables 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 CSMA/CD protocol, Cables Internet Protocol OSI refrence model DOD-Model Collision & Broadcast domain Protocols IP version-4 MAC address VLSM, CIDR Subnetting Supernetting IP version-6 Cisco Herarchical Model Router Routing Protocols Basic Conf. (Banner, Hostname & Loopback Addr. Setting) Password protection & Password Recovery Backup of Router IOS CDP IP setting on router DHCP Configuration DNS Configuration 7 13 14 15 16 16 17 18 18 18 19 20 22 23 23 25 25 26 27 27 28 29 Page No. Remark 5 6

25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

Types of routing Default routing Static routing RIP routing RIP version-2 OSPF routing IGRP routing EIGRP routing Hostname pinging (router) WAN Protocols (PPP, HDLC & Frame-relay) ISDN Connection Frame Relay Access Controll list Point to Point protocol Authentication VLAN & VTP NAT Translation NAT Overload Spanning Tree Protocol * Some Questions

30 31 32 33 34 35 39 40 41 42 44 48 51 53 55 60 69 71 74

Lets Start=====>>>

Que.* Which Company is responsible for IP address Reservation ? Ans. The Internet Assigned Numbers Authority (IANA) has reserved the IP address space in private and public ip-addresses.

Notes by - Vinod D. Lande Mo. 8983498861

Introduction of WAN
This is a network without limit. A Wide area network is a largest type of n/w that spraid out all over world. Public ip addresses are used in WAN. This n/w is provided by ISP.

WAN-Devices
(1.) WAN Switches (2.)WAN Modems:- CSU/DSU modem

CSU/DSU(Channel Service Unit/Digital Service Unit)Modem is a digital interface

device that adapt the physical interface on a DTE (Data Terminal Equipment) device to the Interface of DCE (Data Circuit Terminating Equipment) device in a switch carier n/w. It also provide Signal Timing for communication.

(3.) ISDN Terminal Adapter:- is used to connect ISDN connection to other interfaces like serial. (4.) HSSI (High Speed Serial Interface):- is a DTE/DCE interface. The flexibility of
HSSI clock & data signal protocol makes user/vender bandwidth allocation possible. The DCE controls the clock by changing it's speed or by deleting its clock puls.

(5.) Terminal Equipment :- (The Routers) These devices has two types- Type-1:- These
device can directly connect to ISDN n/w. Type-2:- These device can't support ISDN n/w and connets with TA to connect ISDN n/w.

(6.)N/W Terminator:-A small connection box that attached to ISDN BRI port. (7.) N/W Terminator-2:- A device that provides switching service for internal n/w. This type
of interface is typically used with PRI.

TOPOLOGY
A Topology defines, how the devices are connected.

(1.) Point to Point Topology:- has a single connection between two devices. (2.) Bus Topology:- uses a single connection or wire to connect all devices. (3.) Star Topology:- has a centrel device with many point to point connections. (4.) Ring Topology:- All devices connects in Ring method. (5.) Mesh Topology:- It has two types{1} Full Mesh:- Every device connects with every device. {2} Partial Mesh:- Makes by a fault that generates in Full Mesh. (6.) Hybrid Topology:-A mixture of two or more topologies.

Types of Network Data Signals

{1} Unicast Signals:- Signal that goes to only one device. {2} Multicast Signal:- Signal that goes to group of devices. [3] Broadcast Signals:- Signal that goes to all N/W devices.

Ethernet Lan Card

Half & Full Duplex Ethernet:- Half duplex Eth. Uses only one wire pair with a digital signal
running in both directions on wire. This type of eth. Usualy give only 3 to 4 MBps speed. But Full duplex ethernet uses 2 pairs of wires in a point to point connection. It has no collision.If a Hub is attached to a switch , It must operate in Half duplex mode. Because the end. station must be able to detect collision. Full duplex eth can be used in three situations(1) With a connection from switch to host. (2) With a connection from switch to switch. (3) With a connection from host to host using crossover cable.

Ethernet Cables:Vocabulary:- (1) 10 Base X = Here 10= 10Mbps (Signal transmission speed.
Base= Base Band. X= value {Ex. 2 here 2= 200 metre range of data flow} T= Twisted pair F= fibre L= link

Types of Cables:(1) 10 baseTX (2) 1000 baseTX (3) 1000 baseSX:- The implimentation of Gigabit eth running over multimode fibre optical cable & using short wavelength laser. (4) 1000 baseLX:- Implimentation of Gigabit eth over single & multi-mode fibre, using long wavelength laser. (5) 1000 baseCX:- Implimentation of Gigabit eth over balanced 150 ohm cupper cabling & uses 9 pin high speed Serial data connector (HSSDC). (6) 10G baseSR:- 2 to 300 metre data flow capacity. (7) 10G baseLR:- 2 metre to 10Km. (8) 10G baseER:- Implimentation of 10 Gigabit eth, runnung over single mode fibre. Transmission distance is 2 metre to 40 Km.

CSMA/CD Protocol
Carier sence multiple access/Collision detection protocol is used by NIC as a machanism to send informations in a shared Enviroment. It works to detect collision and help to stop collision.

How It Works ? :(1.) It listion to the n/w that there are not any other station data transmitting. When it find IFG (Inter frame gap) than it transmit the data. (2.) n/w is continuously monitored for IFG. (3.) When 2 or more stations are listioning at the same time , it detects collision. (4.) Transmission stopped immediately, if it finds collision.

Cables Coaxial Cable:- Coaxial cable, or coax, is an electrical cable with an inner conductor
surrounded by a tubular insulating layer typically of a flexible material with a high dielectric constant, all of which are surrounded by a conductive layer called the shield (typically of fine woven wire for flexibility, or of a thin metallic foil), and finally covered with a thin insulating layer on the outside.Coaxial cable is used as a transmission line for radio frequency signals, in applications such as connecting radio transmitters and receivers with their antennas, computer network (Internet) connections, and distributing cable television signals. Coaxial cable differs from other cable because it is designed to carry radio frequency current. This has a frequency much higher than the 50 or 60 Hz used in mains (electric power) cables, reversing direction millions to billions of times per second.

Twisted pair Cable:This cable has 4 twisted pairs. It has two types-

{1.)STP:- This cable has a coating over its all wires that prevent electro-magnetic-field. So this
cable provide faster performance.

{2.}UTP:- This cable is open sealded means it conficts with its outer electro-magnetic field. Types of UTP Cables:(1.) Cat 1 :- Two twisted pairs. Used in old telephone services. (2.) Cat 2 :- Four twisted pairs. Suitable for upto 4 Mbps speed with 10 MHz frequency. (3.) Cat 3 :- Four twisted pairs. 10Mbps with 16 MHz frequency. (Since mid 1980) (4.) Cat 4 :- Four twisted pairs, 16 Mbps with 100 MHz. (5.) Cat 5 :- Four twisted pairs, 100 Mbps with 100 MHz. (6.) Cat 5e :- Four twisted pairs, 100 Mbps with 100 MHz. Capable of handling the disturbance
on each pair which is needed for Gigabit eth. (7.) Cat 6 :- Four twisted pairs, 250 MHz.

There are two types of cables acording to its configuration.

(1) Straight Through cable

Colors

Colors

(2) Cross Over cable

Colors

{ Coding of colors:- g=white-green, b=white-blue,

G=green, B=blue,

o=white-orange, br=white-brown,

O=orange, Br=brown }

Pins
{ Note:- Straight-thru Cable is used to connect differetn devices like pc to hub Cross-over cable is used to connect same devices like switch to switch But If we want to connect modem to pc then we will use cross-over cable }

Colour coding:T-568A
1. 2. 3. 4. 5. 6. 7. 8. Green/White Green Orange/White Blue Blue/White Orange Brown/White Brown

T-568B
1. Orange/White 2. Orange 3. Green/White 4. Blue 5. Blue/White 6. Green 7. Brown/White 8. Brown

Fibre-optic Cable
This media is used in wireless networking. Optical fiber is used by many telecommunications companies to transmit telephone signals, Internet communication, and cable television signals. Due to much lower attenuation and interference, optical fiber has large advantages over existing copper wire in long-distance and high-demand applications. Modern fiber-optic communication systems generally include an optical transmitter to convert an electrical signal into an optical signal to send into the optical fiber, a cable containing bundles of multiple optical fibers that is routed through underground conduits and buildings, multiple kinds of amplifiers, and an optical receiver to recover the signal as an electrical signal. The information transmitted is typically digital information generated by computers, telephone systems, and cable television companies.

....................................................................................................................................................................

There are two types of fiber optic cable commonly used: single mode, multimode.

Single Mode fiber-optic cable is a single stand (most applications use 2 fibers) of glass fiber
with a diameter of 8.3 to 10 microns that has one mode of transmission. Single Modem fiber is used in many applications where data is sent at multi-frequency (WDM Wave-Division-Multiplexing) so only one cable is needed - (single-mode on one single fiber).Single-mode fiber gives you a higher transmission rate and up to 50 times more distance than multimode. The characteristics of single-mode fibre are:(1) Bandwidth can be in the order of many Gbit/s with very low attenuation. This allows long-

distance unrepeatered transmission up to around 50km. (2) The small diameter (10m) of the core necessitates the use of expensive laser diodes to enable efficient light coupling and pass sufficient light into the fibre. (3) The performance of single-mode fibre is so good that it is the only type of fibre used for long distance links.

Multi-Mode fiber-optic cable has a little bit bigger diameter, with a common diameters
in the 50-to-100 micron range for the light carry component (in the US the most common size is 62.5um).Multimode fiber gives you high bandwidth at high speeds (10 to 100MBS - Gigabit to 275m to 2km) over medium distances. Multi-mode fibre has the following characteristics:(1) The fibre can capture light from the light source and pass light to the receiver with high efficiency, so can be used with low-cost light emitting diodes (LEDs). (2) Low-cost comes at a cost! Multi-mode modal dispersion severely limits the usable bandwidth. (3) Multi-mode fibres suffer from higher losses than single mode fibres. For example, Mercury's Multimode fibre is specified at 0.8dB/km at a wavelength of 1310nm.

BASIC CABLE DESIGN OF Fiber Optic (1) Loose tube cable. (2) Tight Buffered cable. In a loose-tube cable design,A gel filling compound impedes water penetration.With tight-buffered cable designs, the buffering material is in direct contact with the fiber. This design is suited for "jumper cables" which connect outside plant cables to terminal equipment

Internet-Protocol
IP works to provide logical addressing (IP-Address). It is responsible for network host communication. It is a group of protocols that enable communication between computers. IP protocol includes:(1.) TCP (Transmission control protocol):- This protocol works to transmit the data and provide us a confermation messege that the data has been sent or not. This messege is called Achnowledgement and generated with the help of ICMP or IGMP. (2.) UDP (User datagram protocol):- This protocol also work to transmit the data but it never provide any Acknowledgement. It tramit the data in small packets, So it is faster then TCP. (3.) ICMP (Internet connection message protocol):- This protocol works to generate messeges. It generate one messege for one system. (4.) IGMP (Internet group manage protocol):- It works to generate group messeges.

There are four major differences between UDP and TCP: 1. TCP can establishes a Connection and UDP cannot. 2. TCP provides a stream of unlimited length, UDP sends small packets. 3. TCP gurantees that as long as you have a connection data sent will arrive at the destination, UDP provides not guarantee delivery. 4. UDP is faster for sending small amounts of data since no connection setup is required, the data can be sent in less time then it takes for TCP to establish a connection.

OSI Refrence Model

The OSI (Open System Interconnection) was given by ISO (International Organization for Standardization) in 1970. It provides a framework for creating and implementing networking standards, devices, and internetworking schemes.
The OSI model has 7 layers to describe the network data transmission and scemes. 7 6

Application Layer Presentation Layer Session Layer

Provides User Interface, Provides Services Represent data, Handle Processing i.e. encryption, compretion Keep data Seprate of different applications Define the session. Provide Reliable & Unreliable Delivery with end to end connection Provides logical addressing with Routing Provide access to media using MAC with Frames

Data of PDU Data of PDU (Packet data Unit) Data of PDU

DATA DATA

DATA

Transport Layer Network Layer Datalink Layer

Data+TCP/UDP SEGMEN T Data+TCP/UDP PACKET +IP Data+TCP/UDP FRAME +IP+Mac Data in bits Bits Router Switch, Bridge Hub, Repeater

3 2

Physical Layer Moves data between

devices, Uses physical topology

Transport Layer:Features:(1) Flow controll :- It prevents a sending host on one side of the connection from overflowing the buffers in the receiving hostan event that can result in lost data. involved ensure the following will be achieved: 1. The segments delivered are acknowledged back to the sender upon their reception. 2. Any segments not acknowledged are retransmitted. 3. Segments are sequenced back into their proper order upon arrival at their destination. 4. A manageable data flow is maintained in order to avoid congestion, overloading, and data loss. (2) Windowing :- The quantity of data segments that the transmitting machine is allowed to send without receiving an acknowlagement is called as a window and the process which send a window is called windowing.

Data-link Layer:- The IEEE eth datalink layer has two sublayers.
(1) Media access control (MAC) 802.3:- Defines that how packets are placed on the media (first come, first served), line disciplin error notification, order delivery of frames & optimal flow controll can also be used at this sublayer. Physical addressing (MAC) is defined here. (2) Logical link controll (LLC) 802.2:- Responding for identification n/w layer protocols & then encapsulating them. It tells the data-link layer, what to do with a packet once a frame is received.(When the packet is destinied for).

Ethernet at Data-link layer:- is responding for eth addressing & also responsible for framing
packets, received from the n/w layer and preparing for transmission. There are 4 different types of eth frames available(1) ethernet_2 (2) IEEE 802.3 (3) IEEE 802.2 (4) SNAP

DOD Model
This model was given by Department of Defence. It has four layers. (1) Application/Process layer:- makes by application, presentation & session layer of osi model. (2) Host to Host layer:- Transport layer of osi model. (3) Internetwork layer:- Network layer of osi model. (4) N/w Interface Layer:- Data-link & Physical layer of osi model.

Collision and Broadcast Domain

In a WAN the data flows widely & creates collision many times. As same think the data goes to many hosts to search his destination & create a broadcast. Collision & Broadcast domains are created by WAN devices. {1}HUB:- A hub broadcast the data to his every port to reach destination. It also create collision. So Hub is Single collision Single broadcast domain. This device is unable to break broadcast. {2}Switch/Bridge:- Switch creates one broadcast (It can't break broadcastong.). It has it's own MAC-table to identify destination, So it stop colision & manage data flow. That's why it is Multicollosion Single broadcast domain. {3}Router:- A router is able to breake broadcasting. It is a Multi-collision Multi-broadcast domain.

Protocols
Process/Application layer protocols:(1) Telnet :- It allows a user on a remote client machine. (2) SMTP :- {Simple mail transfer protocol} is used to send mails. (3) POP :- {Post office Protocol} is used to receive mails. (4) FTP :- {File transfer protocol}. It allows to upload & download files in a n/w. (5) TFTP :- {Trivial FTP} send much smaller block of data. So it is faster than FTP & there is
no authentication like FTP.

(6) SNMP :- {Simple n/w management protocol}. It collects & manipulates valuable n/w
informations.

(7) NFS :- {N/w file system} (8) X-Windows :- defines a protocol for writing client/Server-applications, based on GUI. (9) LDP :- {Line Printer daemon}. This protocol is desined for printer sharing. (10) DNS Protocol RARP (11) DHCP /Bootp :- {Dynamic host configuration protocol}. Host to Host/Transport layer protocol :(1)TCP:- Transmission control protocol. (2)UDP :- User datagram protocol.

Internetwork layer protocol :(1) IP :- {Internet protocol} is responsible for determining the source & destination IP-address
of every packet.

(2) DNS protocol ARP :- {Address Resolution Protocol}. (3) ICMP :- {Internet control message protocol}. (4) IGMP :- {Internet group message protocol} is used to support multicasting.

IP version-4
32 bits address Total 4 octates, Every octate has 8 bits. Totel 5 Classes are defined for this version.

Class A:- 1 to 126 Class B:- 128 to 191

(First octate value) ( ) ) ) :- is reserved for Broadcasting & Multicasting

Class C:- 192 to 223 ( Class D:- 224 to 239 (

addressing by ISP.

Class E:- 240 to 254 (

experimental purpose.

) :- is reserved by some research organisations for

Loopback Address :- 127 . 0 . 0 . 1 Broadcast Address:- a . b. c. 255 N/w ID :- a . b . c . 0

There are two different ranges provided by ISP's for uses:(1) Public IP range:- The range is reserv by ISP (2) Private ip range:- The range opened for General use.

Private IP Range :Class A :- 10 . 0 . 0 . 0 to 10 . 255 . 255 . 255 . 0

Class B :- 172 . 16 . 0 . 0 to 172 . 31 . 255 . 255 Class C :- 192 . 168 . 0 . 0 to 192 . 168 . 255 . 255

SubnetMask:- The subnet mask value shows the on network bits in our network. The host bits are
not represented by subnet.

Wildcard:- The wildcard value show the no. of allowed hosts in a network. Like- if a wildcard
value is 0.0.0.32 for 192.168.1.0 n/w then it will communicate only 32 hosts in this n/w from 192.168.1.1 to 192.168.1.32

MAC Address
Total 6 blocks Per block 8 bits. Block/Octate no. 1, 2 & 3 are defined by IEEE {Institute of electrical & electronics engineers} Octate no. 4, 5 & 6 are defined by the vender. This is total 48 bits address. The address is given in Hexadesimal language Ex.:12 : 03 : E0 : FC : 7B : 72

Note:- IANA (International Assigned Number Authority) is responsible for the global coordination of
the DNS-root, IP-addressing & other international protocol resources. VLSM (Variable length Subnetmask) It is a stepping stone from subnetting to CIDR (Classless Inter-Domain Routing).

CIDR
With the advent of CIDR, the original class-based scheme has been almost completely discarded. Subnetting is used to devide CIDR-blocks.

Subnetting
No. of bits
0 (Default)

Class A (/8-/15)
255 . 0 . 0 . 0

Class B (/16-/23)
255 . 255 . 0 . 0

Class C (/24-/31)
255 . 255 . 255 . 0

1 2 3 4 5 6 7 8 (Default+8)

255 . 128 . 0 . 0 255 . 192 . 0 . 0 255 . 224 . 0 . 0 255 . 240 . 0 . 0 255 . 248 . 0 . 0 255 . 252 . 0 . 0 255 . 254 . 0 . 0 255 . 255 . 0 . 0

255 . 255 . 128 . 0 255 . 255 . 192 . 0 255 . 255 . 224 . 0 255 . 255 . 240 . 0 255 . 255 . 248 . 0 255 . 255 . 252 . 0 255 . 255 . 254 . 0 255 . 255 . 255 . 0

255 . 255 . 255 . 128 255 . 255 . 255 . 192 255 . 255 . 255 . 224 255 . 255 . 255 . 240 255 . 255 . 255 . 248 255 . 255 . 255 . 252 255 . 255 . 255 . 254 (Unused Subnet) 255 . 255 . 255 . 255 (Broadcast Address)

Counting:(1) Total Subnets = 2n 2 {Here n = on bits} (2) Valid Subnets = 2n y (3) Valid Hosts = 2 - 2 {Here y=off bits} n (4) Valid Networks = 2 (5) Network Id's = ?

Supernetting
CIDR value 14 15 16 17 18 19 20 21 22 23 24 Supernet Mask 255 . 252 . 0 . 0 255 . 254 . 0 . 0 255 . 255 . 0 . 0 255 . 255 . 128 . 0 255 . 255 . 192 . 0 255 . 255 . 224 . 0 255 . 255 . 240 . 0 255 . 255 . 248 . 0 255 . 255 . 252 . 0 255 . 255 . 254 . 0 255 . 255 . 255 . 0 No. of Class-C n/w 1024 512 256 128 64 32 16 8 4 2 1 No. of Hosts

25 26 27 28 29 30

255 . 255 . 255 . 128 255 . 255 . 255 . 192 255 . 255 . 255 . 224 255 . 255 . 255 . 240 255 . 255 . 255 . 248 255 . 255 . 255 . 252

1\2 1\4 1\8 1\16 1\32 1\64

How to calculate ?
Que. We have Three n/ws 192 . 168 . 1 . 0, 192 . 168 . 2 . 0, 192 . 168 . 5 . 0 What will the new Supernet for these n/ws ? Ans. n/w-1 => 192.168.1.0 = 11000000 . 10101000 . 00000 001 . 00000000 n/w-2 => 192.168.2.0= 11000000 . 10101000 . 00000 010 . 00000000 n/w-3 => 192.168.5.0= 11000000 . 10101000 . 00000 101 . 00000000 So new n/w bits are :- 11111111 . 11111111 .11111 000 . 00000000 Same matched bits Unmatched bits So new Supernet is = 255 . 255 . 248 . 0

IP version-6
Total 128 bits version Total hexa-blocks = 08 1 Hexa-block = 16 bits Desimal 0 1 2 3 4 5 6 7 8 Hexadesimal 0 1 2 3 4 5 6 7 8 Binary (4 bits) 0000 0001 0010 0011 0100 0101 0110 0111 1000

9 10 11 12 13 14 15

9 A B C D E F

1001 1010 1011 1100 1101 1110 1111

Internet protocol version 6 (IPv6) is the Next Generation Internet Layer Protocol for packet switched internetworks & internet. In Dec. 1998, The IETF (International Engineering Task Force) desined IPv6 as the successor to IPv4. IPv4 provides an addressing capability of about 4 bilion addresses = 232 . The most important feature of IPv6 is a much larger address space than IPv4. Ipv6-address space supports 2128 = 3.4*1038 addressing. Ipv6-addresses are normally written as eight groups of four Hexadesimal digits, where each group is separated by colon. i.e. 2001 : 0db8 : 85a3 : 0000 : 0000 : 8a2e : 0000 : 7334 or 2001 : 0db8 : 85a3 : : 8a2e : 0 : 7334 or 2001 : db8 : 85a3 : : 8a2e : 0 : 7334 Note:- We can use :: only one time in an address.

Ipv6-CIDR Address :2001 : db8 : 1234 : 85a3 : 0000 : 0000 : 8a2e : 7334/48 means thatHere first 48 bits are Fix for n/w (from left) & the other bits are for hosts. 2001 : db8 : 1234 : 0 : 0 : 0 : 0 : 0 n/w-bits host bits The full value for any block is FFFF

Ex.:- FE80 : 0000 : 0000 : CC00 : A0C4 : ABCD : 1234 : 9B4D/64 Here- --:C4:AB:34:9B:4D is MAC of NIC

How to convert IPv4-address into IPv6-address ?

Ex.:- IPv4 address = 192 . 168 . 1 . 2

Desimal = 192 . 168 . Binary = 1100 0000 . 1010 1000 Hex value= C 0 . A 8 .

1 . 2 . 0000 0001 . 0000 0010 0 1 . 0 2

So last 2 blocks of IPv6 are = C0A8 : 0102 So The new IPv6 Address is = : : f f f f : C 0 A 8 : 0 1 0 2 or = 0 : 0 : 0 : 0 : 0 : f f f f : C 0 A 8 : 1 0 2 Fix Addresses in IP version 6 :1. loopback address = : : 1 2. Reserve for local unicast = f f 8 0 : : /10 3. Reserve for Global unicast = 2000 : /3 4. Multicast address range = f f 0 0 : /8

CISCO HERARCHICAL MODEL

Core layer

Distribution layer Switch Switch Access layer Switch

Switch

(1) Core layer :- It provides optimal transport between sites. (2) Distribution layer :- It provides policy based connectivity. Also called as Workgroup
layer. This is a communication point between access and core layer. It place to implement n/w-policies , access list, routing etc.

(3) Access layer : - It provides user access to network. It also called n/w -layer.

Router
Router Memory :(1)Dynamic Memory (Ram) :- Main storage memory. Called as working storage memory. It contains the running dynamic configuration information. (2)Non volatile Memory (Rom):- It contains a backup copy of configuration. (3)Flash Memory :- It contains a copy of CISCO-IOS software.

Router Ports & Cable Connections :(1)ETh./Fast-eth. Port:- Connects to LAN via UTP/STP cable. (2)Aux (Auxillary) port :- Connects to modem for remote configuration via telnet. (RJ45 connector port) (3)Console Port :- Connects to Pc for local configuration via Console/Rolled cable. (4)Serial Port :- Connects to another router via V.35/Back-bone cable. (60 pins port) (5)BRI and PRI Port :- Connects to ISDN/Lease line. (Basic/Primary rate interface)

Routing Protocols :(1) Distance Vector Protocol :- This protocol use the distance to a remote n/w, to find the
best path. Each time a packet goes through a router, called HOPE means the data packets that flows from a router port in a time is called as hope. The route with the least number of hops to the network is determined to be the best route. Ex:- RIP & IGRP {Routing information protocol / Interior gateway routing protocol}

(2) Link State Protocol :- Also called as Shortest path first protocol. This protocol use three steps for working1. Track directly attached neighbours. 2. Determines the entries of n/w topology. 3. Used Routing Table. Ex- OSPF {Open shortest path first} (3) Hybrid Protocol :- Uses aspects of distance vector and link state. Ex- EIGRP {Enhanced Interior gateway routing protocol}

Router Modes :1. Router> enable < (Go to Previllage mode) = User mode 2. Router# configure terminal < (Go to Configuration mode) = Previlage mode 3. Router(config)# interface port number < (Go to Interface mode) = Configuration mode 4. Router(config-if)# = Interface mode 5. Router(config-subif)# = Subinterface mode 6. Router(config-router)# = Router configuration mode 7. Router(cinfig-line)# = Line console mode

Specific Commands :1. Router# show running-config< 2. Router# show protocols< 3. Router# show controllers< 4. Router# show ip ospf< 5. Router# show ospf database< 6. Router# show ip neighbour< 7. Router# show access-list pvc< (check the current config) (check ip for every port of router) (check serial port's DTE/DCE type) (check ospf ip setting) (check ospf database) (check neighbour ip) (check access list status)

8. Router(config)# replace nvram: startup-config< (roll back router to default configuration) 9. Router# copy running-config: startup-config:< (Save Current configuration)

10. Router# show flash:<

(check IOS name)

Router Configuration
Login Banner Setting:Router(Config)# banner motd @/#/! messege @/#/! <

Hostname Setting:Router(config)# hostname name <

Loopback Address Setting:

Router(config)# interface loopback 0 < # ip address 172.16.15.1 255.255.255.255 < # no shutdown <

Router Password Settings

User/Console mode password:Router(config)# line console 0 < R(config-line)#password cisco < R#login <

Previllage mode Password:{1}Simple PasswordRouter(config)# enable password cisco < (config)# login < {2}Encrypt PasswordRouter(config)# enable secret cisco < # login <

Vty Password for Telnet:Router(config)# line vty 0 4 < R(config-line)# password cisco < R# login <

Login Password for Remote administration/AUX Password:Router(config)# line aux 0 < R(config-line)# password cisco <

R# login <

Password Disabling:Router(config-line)# no password cisco < # no login <

Password Recovery
Step-1 Start the Router. When booting process start, Press ctrl+break Now The Rommon mode( >) will come. Step-2 Run the following command:>confreg 0*2142 >reset Step-3 Now restart the Router and go to Rommon mode again. >confreg default >reset Step-4 Now Router will open in Rommon mode. >boot

Vinod D.Lande

Router Backup
Step-1 Install tftp server in local pc and open it, Set IP on router and check communication between router and pc via ping. Step-2 Router# show flash: {check IOS name} Router# copy flash: tftp: {Give ios filename<, address of remote host<, Destination filename}< How to restore ? Router# copy tftp: flash: < {Give remote host ip<, Source filename<, Destination filename<} Router# show flash: <

# configure termnal<

Cisco Discovery Protocol (CDP)

This is a cisco propwrited protocol that collact's informations of all n/w devices atteched from our n/w. This is always enables in cisco routers. This protocol takes 60 seconds default time to send packets in serial, Bri & Fast eth port. It's hold down time is 180 sec. If cdp will go out from n/w then the ports will disabled.

Commands to configure:Router# show cdp neighbour < Router# show cdp interface < Router(config)# cdp time 40 < Router(config)# cdp hold time 120 < How to disable cdp for perticular port ? Router(config)# interface port no. < (config-if)# no cdp enable <

(check packet sending & hold down time) (check cdp enabling/disabling) (configure packet sending time) (configure hold down time)

IP Setting on Router
Pre Configuration Checkings:Router# show running-config < # show controllers <

(Check port name & port numbers) (check serial port type DCE/DTE)

On Ethernet port:Router(config)# interface eth 0/0 < (config-if)# ip address a.b.c.d s.s.s.s < # no shutdown < # exit < {Here a.b.c.d is ip address and s.s.s.s is subnetmask}

On DCE port:Router(config)# interface serial 0/0 < (config-if)# ip address a.b.c.d s.s.s.s < # clock rate 64000 < # no shutdown < # exit <

 On DTE port:Router(config)# interface serial 0/0 < (config-if)# ip address a.b.c.d s.s.s.s < # no shutdown < # exit <

DHCP on Router

The router will act as a DHCP server for the 192.168.1.0/24 network. IP Addresses already assigned to our switch (192.168.1.2) and File Server (192.168.1.5) will be excluded from the DHCP pool, to ensure they are not given out to other hosts and cause an IP address conflict. Router1# configure terminal R1(config)# service dhcp R1(dhcp-config)# network 192.168.1.0 255.255.255.0 R1(dhcp-config)# default-router 192.168.1.1 R1(dhcp-config)# dns-server 192.168.1.5 195.170.0.1 R1(dhcp-config)# domain-name example.com R1(dhcp-config)# lease 9 R1(dhcp-config)# ip dhcp exclude-address 192.168.1.1 192.168.1.5 clients) R1(dhcp-config)# ip dhcp exclude-address 192.168.1.10 R1# show ip dhcp binding (Not necessory) (Not necessory) (1 to 5 ip will not go to

DNS on Router

First step is to enable the DNS service on the router. R1# configure terminal R1(config)# ip dns server Next, we need to configure the router with a public name-server R1(config)# ip name-server 4.2.2.5 R1(config)# ip name-server 4.2.2.6 The Cisco IOS will allow you to enter up to 6 different name servers (essentially DNS servers). Usually you would use your ISP's DNS server to ensure you have quick responses, then place a few free public DNS servers such as the ones above. This will ensure that you'll get a DNS response from either your ISP or public DNS servers. Next step is to configure your DNS server with the host names of your local network R1(config)# ip host alan 192.168.1.10 R1(config)# ip host john 192.168.1.11 R1(config)# ip host wayne 192.168.1.12 R1# ping wayne

Routing
We can configure the following type of routing:{1} Default Routing :- This routing does not need to configure any network to communicate with. We will give zero value for any network in this routing {2}Static Routing:- We have to define manual network path to communicate our networks in this type of routing. {3}Dynamic Routing:- This routing uses some protocols for network communication. It has the following types(1) RIP (Routing Information protocol):- {Distance Vector}Routing Information Protocol (RIP) is a true distance-vector routing protocol. It sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to determine the best way to a remote network, but it has a maximum allowable hop count of 15, meaning that 16 is deemed unreachable. RIP works well in small networks, but it is inefficient on large networks with slow WAN links. (2) Rip version 2 (RIP-2) :- RIP version 1 uses only classful routing, which means that all devices in the network must use the same subnet mask. This is because RIP version 1 does not send updates with subnet mask information in row. RIP version 2 provides what is called prefix routing and does send subnet mask information with the route updates. This is called classless routing. (3) IGRP (Interior Gateway Routing Protocol) {Hybrid}:- The command used to configure IGRP is the same as the one used to configure RIP routing with one important difference: you use an autonomous system (AS) number. All routers within an autonomous system must use the same AS number, or they will not communicate with routing information. This number advertises only to routers you want to share routing information with. (4) EIGRP (Enhanced IGRP){Link State}:- A router running EIGRp stores all it's neighbours routing tables so that it can quickly adapt to alternate routers. If no appropriate route exists, EIGRP queries it's neighbours to discover an alternate route. These queries propagate until an alternate route is found.

(5) OSPF Open Shortest Path First){Link State}:- This protocol used within larger autonomous system networks in preference to the RIP.

Default Routing:-

Router 1 :Router(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2 Router(config)#end Router#show running-config

Router 2 :Router(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.1 Router(config)#end Router#show running-config

END*

Static Routing:-

Route:- Router1
Router(config)#ip route 192.168.2.0 255.255.255.0 10.0.0.2 Router(config)#ip route 192.168.3.0 255.255.255.0 10.0.0.2 Router(config)#ip route 11.0.0.0 255.0.0.0 10.0.0.2 Router(config)#end Router#show running-config

Route:- Router2
Router(config)#ip route 192.168.1.0 255.255.255.0 10.0.0.1 Router(config)#ip route 192.168.3.0 255.255.255.0 11.0.0.2 Router(config)#end Router#show running-config

Route:- Router3
Router(config)#ip route 192.168.2.0 255.255.255.0 11.0.0.1 Router(config)#ip route 192.168.1.0 255.255.255.0 11.0.0.1

Router(config)#ip route 10.0.0.0 255.0.0.0 11.0.0.1 Router(config)#end Router#show running-config END*

RIP(Routing Information Protocol) Routing {Dynamic}

Route:- Router1
Router(config)#router rip Router(config-router)#network 10.0.0.0 Router(config-router)#network 192.168.1.0 Router(config-router)#end Router#show running-config

Route:- Router2
Router(config)#router rip

Router(config-router)#network 192.168.2.0 Router(config-router)#network 10.0.0.0 Router(config-router)#network 11.0.0.0 Router(config-router)#end Router#show running-config

Route:- Router3
Router(config)# router rip Router(config-router)#network 192.168.3.0 Router(config-router)#network 11.0.0.0 Router(config-router)#end Router#show running-config END*

{Note:-If we want to set Rip virsion-2 Routing then we will give only one cmd extra at the following terminal-

Router(config-router)#version 2}
END*

OSPF(Open shortest path first) Routing {Dynamic}

Router1 :S erial0=10.0.0.1 [Back bone router/BBR] S erial1=11.0.0.1 E t hernet=192.168.1.1

Router2 :S erial0=10.0.0.2 [Autonomous boarder router/ABR] S erial1=12.0.0.1 S erial2=13.0.0.1 E t hernet=192.168.2.1

Router3:Serial0=11.0.0.2 [ABR] Serial1=14.0.0.1 Serial2=15.0.0.1 Ethernet=192.168.3.1

Router4:Serial0=12.0.0.2 [Autonomous system boarder router/ASBR] Ethernet0=192.168.4.1

Router5:Serial0=13.0.0.2 [ASBR] Ethernet0=192.168.5.1

Router6:Serial0=14.0.0.2 [ASBR] Ethernet0=192.168.6.1

Router7:Serial0=15.0.0.2 [ASBR] Ethernet0=192.168.7.1

[ Router-id for this routing is :- 1 to 65,535 This is called as Autonomous number)

Note :- The autonomous no. for a n/w will be same. Subnet. ] Note :- In this type of routing we will use WildMask at the place of

Routing Router1 :Router(config)#router ospf 10 Router(config-router)#network 10.0.0.0 0.255.255.255 area 0 Router(config-router)#network 11.0.0.0 0.255.255.255 area 0 Router(config-router)#network 192.168.1.0 0.0.0.255 area 0 Router(config-router#end Router#show running-config

Routing Router2 :Router(config)#router ospf 10 Router(config-router)#network 10.0.0.0 0.255.255.255 area 0 Router(config-router)#network 12.0.0.0 0.255.255.255 area 1 Router(config-router)#network 13.0.0.0 0.255.255.255 area 1 Router(config-router)#network 192.168.2.0 0.0.0.255 area 0 Router(config-router#end Router#show running-config

outing Router3 :Router(config)#router ospf 10 Router(config-router)#network 11.0.0.0 0.255.255.255 area 0 Router(config-router)#network 14.0.0.0 0.255.255.255 area 2 Router(config-router)#network 15.0.0.0 0.255.255.255 area 2 Router(config-router)#network 192.168.3.0 0.0.0.255 area 0 Router(config-router#end

Router#show running-config

Routing Router4 :Router(config)#router ospf 10 Router(config-router)#network 12.0.0.0 0.255.255.255 area 1 Router(config-router)#network 192.168.4.0 0.0.0.255 area 1 Router(config-router#end Router#show running-config

Routing Router5 :Router(config)#router ospf 10 Router(config-router)#network 13.0.0.0 0.255.255.255 area 1 Router(config-router)#network 192.168.5.0 0.0.0.255 area 1 Router(config-router#end Router#show running-config

Routing Router6 :Router(config)#router ospf 10 Router(config-router)#network 14.0.0.0 0.255.255.255 area 2 Router(config-router)#network 192.168.6.0 0.0.0.255 area 2 Router(config-router#end Router#show running-config

Routing Router7 :Router(config)#router ospf 10 Router(config-router)#network 15.0.0.0 0.255.255.255 area 2

Router(config-router)#network 192.168.7.0 0.0.0.255 area 2 Router(config-router#end Router#show running-config END*

IGRP(Interiar gateway routing protocol) Routing {Dynamic}

Routing Router1 :Router(config)#router igrp 20 Router(config-router)#network 10.0.0.0 Router(config-router)#network 192.168.1.0 Router(config-router)#end Router#show running-config

Routing Router2 :Router(config)#router igrp 20

Router(config-router)#network 10.0.0.0 Router(config-router)#network 11.0.0.0 Router(config-router)#network 192.168.2.0 Router(config-router)#end Router#show running-config

Routing Router3 :Router(config)#router igrp 20 Router(config-router)#network 11.0.0.0 Router(config-router)#network 192.168.3.0 Router(config-router)#end Router#show running-config END*

{Note:-If we want to set EIGRP (E=Enhanced) Routing then we will give only one extra command at the following terminal-

Router(config)#router eigrp 20 }
END*

Ping Router From Hostname

This is necessary to give hostname to every router for this Task. The command for setting hostname isRouter(config)# hostname name

Router1Jaipur(config)# ip host Jaipur 10.0.0.1 Jaipur(config)# ip host Kota 10.0.0.2 Jaipur(config)# ip host Ajmer 11.0.0.2 Jaipur(config)# end Jaipur# show host

Router2Kota(config)#ip host Kota 10.0.0.2 Kota(config)#ip host Kota 11.0.0.1 Kota(config)#ip host Jaipur 10.0.0.1 Kota(config)#ip host Ajmer 11.0.0.2 Kota(config)#end Kota#show host

Router3Ajmer(config)#ip host Ajmer 11.0.0.2 Ajmer(config)#ip host Kota 11.0.0.1 Ajmer(config)#ip host Jaipur 10.0.0.1 Ajmer(config)#end Ajmer#show host

Now check itAjmer#ping Ajmer Ajmer#ping Kota Ajmer#ping Jaipur

END*

3 WAN Protocols you should know: HDLC, PPP, and Frame-Relay

Your company is connected to the Internet, right? (everyone nod your head yes) So what WAN protocol do you use to connect to the Internet? Chances are, that if you have a T1 leased line to the Internet or a private network between locations, you use one of these three WAN Protocols: HDLC, PPP, or Framerelay. Lets explore the differences and similarities of these protocols. What is HDLC? HDLC stands for High-Level Data Link Control protocol. Like the two other WAN protocols mentioned in this article, HDLC is a Layer 2 protocol (see OSI Model for more information on Layers). HDLC is a simple protocol used to connect point to point serial devices. For example, you have point to point leased line connecting two locations, in two different cities. HDLC would be the protocol with the least amount of configuration required to connect these two locations. HDLC would be running over the WAN, between the two locations. Each router would be de-encapsulating HDLC and turning dropping it off on the LAN. HDLC performs error correction, just like Ethernet. Ciscos version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.

HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show running-config on a Cisco router, your serial interfaces (by default) wont have any encapsulation. This is because they are configured to the default of HDLC. If you do a show interface serial 0/0, youll see that you are running HDLC.

What is PPP?
You may have heard of the Point to Point Protocol (PPP) because it is used for most every dial up connection to the Internet. PPP is based on HDLC and is very similar. Both work well to connect point to point leased lines. The differences between PPP and HDLC are: PPP is not proprietary when used on a Cisco router PPP has several sub-protocols that make it function. PPP is feature-rich with dial up networking features Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers: Link quality management monitors the quality of the dial-up link and how many errors have been taken. It can bring the link down if the link is receiving too many errors. Multilink can bring up multiple PPP dialup links and bond them together to function as one. Authentication is supported with PAP and CHAP. These protocols take your username and password to ensure that you are allowed access to the network you are dialing in to. To change from HDLC to PPP, on a Cisco router, use the encapsulation ppp command on wan port, like this: Router(config-if)# encapsulation ppp

What is Frame-Relay? Frame Relay is a Layer 2 protocol and commonly known as a service from carriers. For example, people will say I ordered a frame-relay circuit. Frame relay creates a private network through a carriers network. This is done with permanent virtual circuits (PVC). A PVC is a connection from one site, to another site, through the carriers network. This is really just a configuration entry that a carrier makes on their frame relay switches. Obtaining a frame-relay circuit is done by ordering a T1 or fractional T1 from the carrier. On top of that, you order a frame-relay port, matching the size of the circuit you ordered. Finally, you order a PVC that connects your frame relay port to another of your ports inside the network. The benefits to frame-relay are:

 Ability to have a single circuit that connects to the frame relay cloud and gain access to all other sites (as long as you have PVCs). As the number of locations grow, you would save more and more money because you dont need as many circuits as you would if you were trying to fullymesh your network with point to point leased lines. Improved disaster recovery because all you have to do is to order a single circuit to the cloud and PVCs to gain access to all remote sites. By using the PVCs, you can design your WAN however you want. Meaning, you define what sites have direct connections to other sites and you only pay the small monthly PVC fee for each connection. Some other terms you should know, concerning frame relay are: LMI = local management interface. LMI is the management protocol of frame relay. LMI is sent between the frame relay switches and routers to communicate what DLCIs are available and if there is congestion in the network. DLCI = data link connection identifier. This is a number used to identify each PVC in the frame relay network. CIR = committed information rate. This is the amount bandwidth you pay to guarantee you will receive, on each PVC. Generally you have much less CIR than you have port speed. You can, of course, burst above your CIR to your port speed but that traffic is marked DE. DE = discard eligible. Traffic marked DE (that was above your CIR) CAN be discarded by the frame-relay network if there is congestion. FECN & BECN = forward explicit congestion notification & backward explicit congestion notification. These are bits set inside LMI packets to alert the frame-relay devices that there is congestion in the network.

ISDN-Theory
ISDN is a circuit-switched service. It used as a low cost alternative to frame-relay. ISDN service is offered at two lavels:(1) BRI (Basic rate interface) = Typically used in small offices. (2) PRI (Primary rate interface) = Used in larger environments because it provides high bandwidth.

BRI

= 2*B-channels + 1*D-channel = 2*64 + 16 kbps = 144 kbps speed

T-1 PRI = 23*B-channel + 1*D-channel = 23*64 + 64 kbps T-2 PRI = 30*B-channel + 1*D-channel = 30*64 + 64 = 2.048 mbps = 1.544 mbps

=>ISDN-components:-

(1) TA (Terminal adapter) = device that allows non-isdn device to operate on an ISDN n/w. Connect serial interface with ISDN. (2) TE-1 (Terminal equipment) / Router = device that can connect directly to an ISDN n/w. It has BRI or PRI port to connect with ISDN. (3) TE-2 / Router = device that cannt support to ISDN n/w. This device connects with TA to connect ISDN n/w. It has no BRI or PRI port. (4) NT-1 (n/w termination) = A small connection box that is attached to ISDN-BRI lines. (5) NT-2 = A device that provides switching service for the internel n/w. This type of interface is typically used with ISDN-PRI lines.

ISDN-Configuration

Router-1:Router> en Router# configure terminal Router(config)# isdn switch-type basic-ni Router(config)# dialer-list 1 protocol ip permit Router(config)# interface bri 0/0 Router(config-if)# ip address 10.1.1.1 255.0.0.0 Router(config-if)# no shutdown Router(config-if)# dialer-group 1 Router(config-if)# isdn spid1 32177820010100 Router(config-if)# dialer string 7782001

Router(config-if)# end Router# show isdn status Global ISDN Switchtype = basic-ni ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-ni

Router 2:Router> en Router# conf t Router(config)# hostname r2 r2(config)# isdn switch-type basic-ni r2(config)# dialer-list 1 protocol ip permit r2(config)# interface bri 0/0 r2(config-if)# ip address 10.1.1.2 255.0.0.0 r2(config-if)# no shutdown r2(config-if)# dialer-group 1 r2(config-if)# isdn spid1 32177820020100 r2(config-if)# dialer string 7782002 r2(config-if)# end **************** After configuring both routers, check status ********************** Router#show isdn status Global ISDN Switchtype = basic-ni

ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-ni Layer 1 Status: ACTIVE Router# ping 10.1.1.2 Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms Router1#show isdn active ISDN ACTIVE CALLS Call Calling Called Remote Seconds Seconds Seconds Charges -------------------------------------------------------------------------------Out 1782002 26 179 0 0 In 1782001 22 157 22

Frame Relay (Theory)

Frame-relay is a high performance WAN-protocol that operates at the Physical & Data-link layer. Virtual circuits in frame-relay provides a bi-directional communication path from one DTE device to another and are unique identified by Data-link connection Identifier* (DLCI) The technology used in frame-relay allows it to multiplex several data flows, over the same physical media. The LMI (Local Management Interface) is offers a number of feature for managing complex inter-network. LMI was developed in 1990 by four-companies known as Gang of four (CISCO+StrataCom+Northern Telecom+DEC).

LMI uses keepalive packets (send every 10 second by default)to verify the frame-relay link. Each virtual circuit represented by its DLCI number, can have one of three connection status:{A} ACTIVE - Connection is working & routers can use it to exchange data. {B} INACTIVE - Connection from local router to switch is working, But connection to the remote router is not available. {C} DELETE - No LMI information is being received from frame-relay switch.

LMI-Type
(1) CISCO (2) ANSI (3) Q933A The ITU-T (Q.933A) is supplied by ISP, that serves as a connection to the public data n/w (PDN) DTE is known as CPE (customer premise equipment). If you connect your Cisco-router to a frame-relay switch (Provided by Phone company), The Cisco router is the CPE (DTE) & The frame-relay switch is DCE.

Frame-Relay Configuration

Full Forms:- { LMI = Local management Interface DLCI= Data-link connection identifier

PVC = Permanent virtual circuit

SVC = Switched virtual circuit }

Router1 :Router>en Router#configure t Router(config)#hostname Router1 Router1(config)#int s0/0 Router1(config-if)#encapsulation frame-relay Router1(config-subif)#ip address 150.1.1.1 255.255.0.0 Router1(config-subif)#frame-relay interface-dlci 100 Router1(config-subif)#no shutdown Router1(config-subif)#end Router1#sh frame-relay pvc PVC Statistics for interface Serial0/0.1 (Frame Relay DTE) DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.1 pvc create time 00:32:04, last time pvc status changed 00:32:05

Router2 :Router>en Router#configure t Router(config)#hostname Router2 Router2(config)#int s 0/0

Router2(config-if)#encapsulation frame-relay Router2(config-subif)#ip address 150.1.1.2 255.255.0.0

Router2(config-subif)#frame-relay interface-dlci 200 Router2(config-subif)#no shut Router2(config-subif)#end Router1#sh frame-relay pvc

ACL(Access controll list)

1. 2. Standered Access-list (Roule = 1 to 99 IP-address) Extended Access-list (Route = 100 to 199 IP/TCP/UDP information)

Allow/Deny permissions by Standered ACL- This ACL block Ip address or N/w. TEST-1. Deny 192.168.2.2 for all n/w Router(config)# access list 1 deny host 192.168.2.2

# access-list permit any # int eth 0/0 Router(config-if)# ip access-group 1 in # exit router(config)# interface serial 0/0 # ip access-group 1 out # end

TEST-2. Deny 192.168.1.0 for all n/w. Router(config)# access-list 2 deny 192.168.1.0 0.0.0.255 # access-list 2 permit any # int eth 0/0 Router(config-if)# ip access group 2 in # exit router(config)# interface serial 0/0 # ip access-group 2 out # end Allow/Deny permissions by Extended ACL- With the help of this ACL we can restrict an Ip address
or n/w protocol, port or service to other n/w.

Note:- The Ip includes ICMP, TCP and UDP. TEST-1. Restrict 192.168.1.3 telnet for 192.168.2.3 Router(config)# access-list 101 deny ip 192.168.1.3 0.0.0.0 192.168.2.3 0.0.0.0 eq 23 # access-list 101 permit any any

# int eth 0/0 Router(config-if)# ip access-group 101 in # exit router(config)# interface serial 0/0 # ip access-group 101 out # end

TEST-2. Restrict 192.168.1.3 http for 192.168.2.0 n/w Router(config)# access-list 102 deny ip 192.169.1.3 0.0.0.0 # access-list 102 permit ip any any # int eth 0/0 Router(config-if)# ip access-group 102 in # exit router(config)# interface serial 0/0 # ip access-group 102 out # end
END*

192.168.2.0 0.0.0.255 eq 80

Point to Point protocol (PPP)

PAP (Password Authentication protocol) {old version} CHAP (Challenge-handshake Authentication protocol) {new version}

PAP:- It provide a simple method for remote node to establish its identity using a two way
handshake. After the PPP link establishment phase, a username/password pair is repeatedly send by the remote host until the authantication is acknowlaged.

If the localhost reject the username/password, the connection is terminated. {Passwords are sent across the link in plane text.}

CHAP :- It is used to periodicaly verify the identity of the remote node using a 3 way handshake.
(1) After the PPP link establishment phase, the host send a challenge message to the remote node. (2) The remote node responds with a value, calculated using a one way hash function (typically MD5 ) (3) The host checks the response against it's own calculation of the expected hash value. If the value match, the authentication is acknowlaged, otherwise the connection is terminated. When using CHAP or PAP authentication, each router identifies itself by a name/password. This identification process prevents a router from placing unauthorize access.

PAP-Authentication:RouterAJaipur(config)#interface serial 0 Jaipur(config-if)#encapsulation ppp Jaipur(config-if)#ppp authentication pap Jaipur(config-if)#exit Jaipur(config)#username Kota password abc

Jaipur(config)#end

Router2Kota(config)#interface serial 0 Kota(config-if)#encapsulation ppp Kota(config-if)#ppp authentication pap Kota(config-if)#exit Kota(config)#username Jaipur password abc Kota(config)#end

CHAP-Authentication:This is same configuration like PAP, only one change will take effect & that isRouter(config-if)#ppp authentication chap

VLAN+VTP(Vertual transfer protocol) CONFIGURATION in CISCO SWITCHES

VTP Switch Diagram:-

Note:- (1) If you want to configure only VLAN on a single switch then follow Step-2 & Step-4 on Your Switch. (2)If you want to Configure VLAN transfer by VTP then Follow All steps.

VTP Configuration
VTP-Server configuration:-

{Step-1.} VTP-Server Creation (On VTP Server) :Switch> Switch>enable Switch#vlan database Switch(vlan)#vtp server Switch(vlan)#vtp domain group1 Changing VTP domain from NULL to group1 Switch(vlan) #exit APPLY completed. Exiting....

(Vlan creation start)

{Step-2} VLAN Creation (On VTP Server) :Switch#vlan database Switch(vlan)#vlan 2 VLAN 2 added: Name:VLAN0002 Switch(vlan)#vlan 2 name marketing Switch(vlan)#vlan 3 VLAN 3 added: Name:VLAN0003 Switch(vlan)#vlan 3 name management Switch(vlan)#exit APPLY completed. Exiting.... Switch#vlan database Switch(vlan)#vlan 2 marketing Switch(vlan)#vlan 3 management Switch(vlan)#exit APPLY completed. Exiting.... Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface FastEthernet 0/12 Switch(config-if)#switchport mode trunk

Switch(config-if)#end Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#end (Domainname seting) Switch#show vlan Or Switch#show vlan membership

{Step-3} VTP on Switch2 (VTP-Client) :VTP-Client configuration :Switch> Switch>enable Switch#vlan database Switch(vlan)#vtp client Switch(vlan)#vtp domain group1 Changing VTP domain from NULL to group1 Switch(vlan)#end Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface FastEthernet 0/12 Switch(config-if)#switchport mode trunk

Switch(config-if)#end Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 marketing active 3 management active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active

Client port setting :-

{Step-4} Port Adding On VLAN (On VTP Clients):Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface range FastEthernet 0/1 FastEthernet 0/3 Switch(config-if)#switchport access vlan 2 Switch(config-if)#exit Switch(config)#interface range FastEthernet 0/4 FastEthernet 0/8

Switch(config-if)#switchport access vlan 3 Switch(config-if)#exit Switch#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 2 marketing active Fa0/1, Fa0/2 3 management active Fa0/3, Fa0/4

END*

NAT Translatin
Network Address Translation (NAT) Concepts
The NAT concept is simple: it allows a single device to act as an Internet gateway for internal LAN clients by translating the clients' internal network IP Addresses into the IP Address on the NAT-enabled gateway device. NAT is transparent to your network, meaning all internal network devices are not required to be reconfigured in order to access the Internet. All that's required is to let your network devices know that the NAT device is the default gateway to the Internet.

As you can see, we have a simple network of 4 hosts (computers) and one router that connects this network to the Internet. All hosts in our network have a private Class C IP Address, including the router's private interface (192.168.0.1), while the public interface that's connected to the Internet has a real IP Address (203.31.220.134).

How NAT works:-

In this illustration, a workstation from our network has generated a packet with a destination IP Address 135.250.24.10. Logically, this packet is first sent to the gateway, which performs NAT on this packet and then sends it to the Internet to finally make its way to the destined host.

Looking more closely at the gateway (router) during the initial NAT operation, the original packet's Source IP is changed from 192.168.0.12 to that of the router's public interface, which is 203.31.220.134, then the router stores this information in a special address within its memory (also called NAT Table - explained next), so when the expected reply arrives it will know to which workstation within its network it needs to forward it.

VINOD D. LANDE

Static Network Address Translation

Static NAT (also called inbound mapping) is the first mode we're going to talk about and also happens to be the most uncommon between smaller networks.

But where would Static NAT be used?

Everyone's needs are different and with this in mind Static NAT could be the solution for many companies that require a host on their internal network to be visible and accessible from the Internet.

Let's take a close look at a few examples of places where Static NAT could be used.

Implementation of Static NAT - Example

In this case, Static NAT, with a set of complex filters to make sure only authorised IP Addresses get through, would do the job just fine.

Also, if you wanted a similar setup for the purpose of using only one service, e.g http, then you're better off using a different NAT mode simply because it offers better security and is more restrictive. Let me remind you that Static NAT requires one public IP Address for each mapping to a private IP Address. This means that you're not able to map a public IP Address to more than one private IP Address.

Dynamic Network Address Translation

The way Dynamic NAT differentiates from Static NAT is that where Static NAT provides a one-to-one internal to public static IP mapping, Dynamic NAT does the same but without making the mapping to the public IP static and usually uses a group of available public IPs.

The diagram above is our example network and shows our router, which is configured to perform Dynamic NAT for the network. We requested 4 public IPs from our ISP (203.31.218.210 to 203.31.218.213), which will be dynamically mapped by our router to our internal hosts. In this particular session our workstation, with IP Address 192.168.0.1, sends a request to the Internet and is assigned the public IP address 203.31.218.210. This mapping between the workstation's private and public IP Address will remain until the session finishes.

Network Address Translation Overload

Whether you use a router, firewall appliance, Microsoft's Internet sharing ability or any 3rd party program that enables all your home computers to connect to the Internet via one connection, you're using NAT Overload.

This NAT mode is also know by other names, like NAPT (Network Address Port Translation), IP Masquerading and NAT with PAT (Port Address Translation).

Host 1 and 2 are telneting to the same server (203.31.218.100), the only difference between the two packets is their

Source Port Numbers, the router uses these to keep track of which packet belongs to each host.

The packet Workstation 1 generated arrives at the router's private interface which has IP Address 192.168.0.1. The router accepts the packet and processes it. Once inside the router, the packet's Source IP Address, Destination IP Address, Source Port and Destination Port are examined and the router decides that this is a valid packet so it should be forwarded to the Internet.

Configuring Static NAT On A Cisco Router

Configure Dynamic NAT Step-1 Set ip addresses on per port. Step-2 :Set the fast ethernet 0/0 interface as the inside interface: R1# configure terminal R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside Next step is to set the serial interface S0/0 as the outside interface:
R1(config-if)# interface serial0/0 R1(config-if)# ip nat outside R1(config-if)# exit

R1(config)# ip nat inside source static 192.168.0.7 200.2.2.2 R1(config)# ip nat inside source static 192.168.0.8 200.2.2.3
R1(config)# end R1(config)#show ip nat translations

Configuring Dynamic NAT On A Cisco Router

The diagram below represents our example network, which consists of a number of internal clients trying to access the Internet via our router. The router is connected to the ISP via its serial interface. The company has been assigned the following Class C subnet: 200.2.2.0/29 (255.255.255.248). This translates to the following usable Public IP addresses: 200.2.2.1 - 200.2.2.6.

Configure Dynamic NAT

Dynamic NAT configuration is a pretty straightforward process and is almost identical to other types of NAT configurations. The first step in any NAT configuration is to define the inside and outside interfaces. It is imperative that we define these interfaces for the Dynamic NAT service to function.

Set the fast ethernet 0/0 interface as the inside interface: R1# configure terminal R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside Next step is to set the serial interface S0/0 as the outside interface: R1(config-if)# interface serial0/0 R1(config-if)# ip nat outside R1(config-if)# exit

Next step is to create our pool of Public IP addresses that will be handed out by the router to our internal hosts trying to connect to the Internet. Each time a host sends a packet destined for the Internet, the router will automatically allocate one of the Public IP addresses for the length of that session. When the session is over, the NAT entry will timeout and the Public IP address is released, making it

available once again to the Dynamic NAT pool. Let us define the NAT Pool: R1(config)# ip nat pool Public-IPS 200.2.2.2 200.2.2.5 prefix-length 29 We now need to create an Access Control List (ACL) that will include local (private) hosts or network(s), depending on how large the internal network is. This ACL will be applied to the NAT pool named 'Public-IPS', effectively controlling the hosts that will be assigned a Public IP address and therefore able to access the Internet. You can use standard or extended access lists depending on your requirements: R1(config)# ip nat inside source list 100 pool Public-IPS R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any The above command instructs the router to allow the 192.168.0.0/24 network to use the NAT Pool and provide each host with a unique Dynamic Public IP address. Note that Cisco router standard and extended ACLs always use wildcards (0.0.0.255). Verifying Dynamic NAT operation By viewing the Dynamic NAT table you can easily verify that the internal hosts are correctly being assigned a Dynamic IP address from the configured pool: R1# show ip nat translations Pro.. Inside global .......Inside local .......Outside local .......Outside global ---.. 200.2.2.2.......... 192.168.0.6........---....................-----.. 200.2.2.3...........192.168.0.8........--- ...................--As shown, two internal hosts (192.168.0.6 & 192.168.0.8) have each been assigned an external IP address from the pool we previously created. These translations will eventually timeout if no activity is present from the internal hosts, however, if you need to forcibly clear them this can be easily done by entering the following command: R1# clear ip nat translation * Assuming no request has been sent right after the command was entered, the NAT translation table should be empty: R1# show ip nat translations Pro Inside global ...........Inside local .....Outside local .......Outside global

Lastly, you can obtain statistics on the Dynamic NAT service. This will help you monitor the usage of your Dynamic NAT pool and available public IP addresses: R1# show ip nat statistics

Vinod D. Lande Configure NAT Overload - PAT (Port Address Translation)

The first step in any NAT configuration is to define the inside and outside interfaces. It is imperative that we define the these interfaces for NAT overload to function.

Set the fast ethernet 0/0 interface as the inside interface: R1# configure terminal R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside Next step is to set the serial interface S0/0 as the outside interface: R1(config-if)# interface serial0/0 R1(config-if)# ip nat outside R1(config-if)# exit We now need to create an Access Control List (ACL) that will include local (private) hosts or network(s). This ACL will later on be applied to the NAT service command, effectively controlling the hosts that will be able to access the Internet. You can use standard or extended access lists depending on your requirements:

R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any The above command instructs the router to allow the 192.168.0.0/24 network to reach any destination. Note that Cisco router standard and extended ACLs always use wildcards (0.0.0.255). All that's left now is to enable NAT overload and bind it to the outside interface previously selected: R1(config)# ip nat inside source list 100 interface serial 0/0 overload From this point onward, the router will happily create all the necessary translations to allow the 192.168.0.0/24 network access to the Internet. Verifying NAT Overload operation Viewing the NAT translation table can sometimes reveal a lot of important information on your network's activity. Here you'll be able to identify traffic that's not supposed to be routed to the Internet or traffic that seems suspicious. As packets start traversing the router it will gradually build up its NAT/PAT translation table as shown below: R1# show ip nat translations Pro Inside global ...........Inside local .........Outside local .......Outside global udp 200.2.2.1:53427 .192.168.0.6:53427 ..74.200.84.4:53 ...74.200.84.4:53

As shown, the first 2 translations directed to 74.200.84.4 & 195.170.0.1 are DNS requests from internal host 192.168.0.6. The third entry seems to be an http request to a web server with IP address 64.233.189.99. Looking at the fourth and fifth translation entry, you should identify them as pop3 requests to an external server, possibly generated by an email client. Because these entries are all dynamically created, they are temporary and will be removed from the translation table after some time. Another point you might want to keep in mind is that when we use programs that create a lot of connections e.g Utorrent, Limewire, etc., you might see sluggish performance from the router as it tries to keep up with all connections. Having thousands of connections running through the router can put some serious stress on the CPU. In these cases, we might need to clear the IP NAT table completely to free up resources. This is easily done using the following command:

R1# clear ip nat translation * Assuming no request has been sent right after the command was entered, the NAT translation table should be empty: R1# show ip nat translations Pro Inside global ...........Inside local .....Outside local .......Outside global Lastly, you can obtain statistics on the overload NAT service. This will show you the amount of current translations tracked by our NAT table, plus a lot more: R1# show ip nat statistics

STP (Spanning Tree Protocol)

When 2 or more links are presents in a switched networks then the multiple path creates the unlimited frame loops that causes the problem in network communication and the goes unusable. The STP works to block some ports so that only one active path exist between any pair of LAN Segment (Collision Domain). So frames does not cause loops which makes the LAN usable. For example, if three switches are connected with each other like thisFa0/0 Fa0/5

Switch-A

Switch-B Blocked by STP

Fa0/10 Fa0/15 Switch-C

In this network if Switch-A send a data frame to Switch-C then The frame go to Switch-C and then Switch-B and then again to Switch-A .. This process will run unlimitedly and cause network loop. But if STP works on it then it will Block one path of this network by blocking data communication via one port like Switch-C to Switch-B. This will stop loop. If the active path between Switch-A to Switch-C will stop it's working then the STP will open the blocked path till then the old path activates.

How Spanning Tree Works

The STP algorithm creates a spanning tree of interfaces that either forward or block. STP actually places interfaces into forwarding state; by default, if an interface has no reason to be

in forwarding state, it is placed into a blocking state. In other words, STP simply picks which interfaces should forward. So, how does STP choose whether to put an interface into forwarding state? Well, it uses three criteria: STP elects a root bridge. All interfaces on the root bridge are in forwarding state. Each nonroot bridge considers one of its ports to have the least administrative cost between itself and the root bridge. STP places this least-root-cost interface, called that bridges root port, into the forwarding state. Many bridges can attach to the same segment. These bridges advertise BPDUs declaring their administrative cost to the root bridge. The bridge with the lowest such cost of all bridges on that segment is called the designated bridge. The interface on the designated bridge that sends this lowest-cost BPDU is the designated port on that LAN segment, and that port is placed in a forwarding state. All other interfaces are placed in a blocking state. Table 5-2 summarizes the reasons why spanning tree places a port in forwarding or blocking state. Spanning Tree: Reasons for Forwarding or Blocking Characterization of Port All root bridges ports Each nonroot bridges root port Each LANs designated port All other ports Spanning Tree State Forwarding Forwarding Forwarding Blocking

Explanation The root bridge is always the designated bridge on all connected segments. The root port is the port receiving the lowestcost BPDU from the root. The bridge forwarding the lowest-cost BPDU onto the segment is the designated bridge. The port is not used for forwarding frames, nor are any frames received on these interfaces considered for forwarding.

Device Speed 10 Gbps 1 Gbps 100 Mbps 10 Mbps

Cost 2 4 19 100

When the network is up and no problems are occurring, the process works like this: 1 The root sends a hello BPDU, with a cost of 0, out all its interfaces.

2 3 4 5

The neighboring bridges forward hello BPDUs out their nonroot, designated ports, referring to the root but with their cost added. Step 2 is repeated by each bridge in the network as it receives these hello BPDUs. The root repeats Step 1 every hello time. If a bridge does not get a Hello BPDU in hello time, it continues as normal. If a bridge fails to receive a Hello BPDU in MaxAge time, the bridge reacts.

Some Questions
Que.-1 What is Routing ? Que.-2 What is the difference between static and dynamic routing ? Que.-3 Write the full form of OSI and ISO ? Que.-4 What is TCP/IP model ? Define the role of OSI model ? Que.-5 What is the difference between PAP and CHAP protocol ? Que.-6 What is the role of CDP ? Que.-7 What is the full form of RIP, IGRP, EIGRP, OSPF and V-lan ? Describe these ? Que.-8 Define the PPP protocol ? Que.-9 What is Subnetting ? Que.-10 What is Superneting ? Que.-11 What is access controll list ? How it works ? Que.-12 What is the difference between TCP & UDP ?

Vinod D. Lande Mo. 8983498861.

Jawahar Nagar Ward No.15 Rajura Dist-Chandrapur (M.S.)

http://komalcomedu.webs.com more books Visit