Professional Documents
Culture Documents
A local area network (LAN) connects personal computers, printers, and other computer resources together within a building or campus. Many schools, offices, and even homes now have LANs. These networks allow printers, as well as documents and projects, to be shared. LANs also enable computers to talk to one another and are often used to share Internet access across all of the computers in a building or school. Most LANs use wires, or cables, to connect computers and other peripheral devices. In most networks, a network cable (which generally looks like an oversized telephone cord) connects a computer to a network jack in the wall. Sometimes, in classrooms or business offices, many computers are connected to an intermediate hub or switch, not directly to the network jack. The hub or switch into which all of the computers are plugged is the device that is connected to the network jack. In both cases, the network jack is connected to a small router by another cable. Printers are also often shared using this method of hubs and switches. Some LANs are now wireless. Wireless LANs are fundamentally the same as wired LANs, but the cabling is replaced by small "radios" that are contained inside the computers. Wireless LANs are generally somewhat slower than the wired networks, but they are much easier to set up and allow users to move their machines around without having to reconnect network cables. Wireless LANs have moved into the mainstream in schools and classrooms during the last few years; however, it is important to note that security is much more difficult when using a wireless network. Additionally, the adoption of competing protocols is creating some confusion in the marketplace. Agencies need to select a wireless protocol with care, considering how the network can be upgraded and whether it is compatible with existing wireless protocols.
Telekomunikasi dan Elektronika komlek.net@2008
Where a LAN may connect all of the computers within a building or campus, a wide area network (WAN) connects multiple LANs. Many districts now have WANs connecting all of the schools within the district for the sharing of Internet access, selected files, or other resources. What Are Servers, Routers, and Firewalls? LANs often involve a number of different components, including a dizzying variety of servers, switches, routers, firewalls, and the like. This section provides descriptions of many of these items. Servers While servers often are spoken of in almost mystical tones, they are really just powerful computers running specialized software designed to share files, manage printers, or perform any other specialized task assigned. Most of these computers are powerful enough to do more than one thing at a time; for example, a single network server might be a file server, a print server, and a mail server simultaneously. File server. A file server is essentially the computer equivalent of a filing cabinet. Documents, spreadsheets, and other (computer) files are stored on a file server, just as paper documents are stored in a filing cabinet. The file server's job is to make those files available to computer users on the LAN and, when appropriate, allow the users to update the files. Print server. A print server is a piece of software or hardware that manages print jobs submitted by users. When a document is sent to a networked printer, the print server receives the job and queues it (puts it in line behind previously submitted jobs). When a job gets to the front of the queue, the print server sends it to the printer. It is not necessary to buy an individual printer for each personal computer.
Users in classrooms or offices often share printers, since not everyone is typically printing at the same time. This option can save an agency a great deal of money. Mail server. The third common type of server is a mail server. The mail server acts as the conduit to the outside world as messages are sent and received. Some servers are set up so that all of the mail stays on the mail server until a user actively deletes it. In other configurations, the user is able to move the mail from the server to the desktop computer. This process, called "downloading," uses less space on the mail server. Router A router is a piece of equipment that acts as the interface between a local network and the Internet, by routing traffic from one to the other. A router may be a
Telekomunikasi dan Elektronika komlek.net@2008
computer dedicated to managing the traffic of a WAN, or it may be a piece of software running on a computer that is configured for other tasks as well. Routers also may be used in LANs to route internal traffic. Firewall A critical component of any network is a firewall. A firewall in layman's terms is a wall that acts as a firebreakit keeps a fire from spreading. In this sense, a computer firewall keeps a network secure from hackers (the "arsonists" of the Internet) by denying access to all or part of the network. Management of firewalls requires a great deal of expertise. While the network administrator must ensure that no unwanted traffic can enter the network from outside, a level of access to and from the Internet must be created that will permit authorized users to conduct their business safely and efficiently. A solid, well-designed firewall is critical to ensure that only authorized users have access to a restricted network. Like routers and servers, firewalls are available as either hardware or software. Choosing a firewall for a particular network is an issue best addressed at the local level, after reviewing the options available. Server vs Desktop Computer Advances in technology have blurred the distinctions between the computer on the desktop and a network server. Computing power has continued to grow exponentiallyin fact, most users do not need all the computing power available to them (at least for now). The same is true of network servers, which have become so powerful that some network administrators run applications, in addition to the server software, from the network server, rather than installing applications directly on each of the computers connected to the network. Servers are capable of managing a much greater workload today than they were in past years. Running applications from a server has a number of advantages. One key advantage is in licensing, since it is much easier to track usage. Another is that local users are prevented from altering the configuration of applications, which can create software failure and cause problems for other users. In addition, it is much easier to upgrade software since only one copy needs to be upgraded, instead of upgrading one copy for each personal computer. Applications run from a network server, however, are often comparatively slower than applications running directly on a desktop computer. Another benefit to server-run applications is the cost-saving use of thin clients. Thin clients are basic, low-cost computers with insufficient power to run sophisticated software applications, but with enough power to access applications installed on the server. By purchasing a single copy of an application that can run on a network, with
Telekomunikasi dan Elektronika komlek.net@2008
licenses for multiple users, the organization can save the cost of multiple software copies and can purchase less powerful computers at a much lower cost. In addition, by instituting a thin client environment, older computers in schools have longer useful lives. In recent years, more and more LANs have incorporated thin clients for a variety of purposes. In addition, more and more computer applications are written to take advantage of the web to run remotely. The user's desktop
computer essentially acts as a "dumb" terminal, simply displaying the web pages broadcast by the server. The computing actually takes place on an Internet server, and users transmit their commands via the web page. This web-based model works best when users have high-speed Internet connections. Computing today occurs on the desktop, on network servers, and Internet servers alike. The distinctions between the various types of computers and servers, in many cases, matter less and less. As computer and network transmission speeds improve, the differences will be even harder to grasp. The increasing complexities of computing and networking reinforce the need for agencies to employ the services of a qualified network administrator. Connecting to the Internet There are many different ways to connect to the Internet. Agencies can generally purchase several different kinds of on-ramps to the information superhighway based on their particular need. Depending on the kind of connection to the Internet, access to information may be fast or slow. The key to Internet speed is bandwidth. Bandwidth refers to the amount of data transferred within a specified time. Greater bandwidth increases the speed of data transfer. A general overview of the various types of Internet connections is listed below, starting with the slowest (smallest bandwidth) and moving up to the faster (greater bandwidth) technologies. Cost and service quality can vary widely. Use of a competitive bid process, with an appropriate Request for Proposal (RFP), can better enable agencies to obtain needed service while controlling cost. In other words, the agency should not commit to service from a provider based on advertisements. Acronyms and abbreviations referenced in this appendix are defined in the glossary. A reference table is provided at the end of this appendix for quick comparison of the various Internet connection options discussed below. Internet Service Providers Internet Service Providers (ISPs) provide the portals, or access, that allow computer users to connect to the Internet. There are numerous ways for education agencies to
Telekomunikasi dan Elektronika komlek.net@2008
connect with an ISP. Before selecting an ISP, the agency should determine its needs for bandwidth, speed, and services. The agency should secure the services of an ISP through the RFP process. Using the RFP process, the ISP should be required to identify the available connection speed and the reliability of the system, sometimes measured by the amount of time the ISP's services were down during the previous 6 months. Although most ISPs will advertise a high connection speed, the agency should determine whether the full bandwidth is available at all times by requesting an assessment of the provider's typical bandwidth and connection speed at different times of the day and on different days of the week. The chief technology officer or technology director should review any ISP proposal. Following are descriptions of the various Internet connections available. Dial-Up Dial-up services connect to the Internet using modems over a traditional telephone line. The vast majority of Internet users connect to the Internet from home via dialup service. The maximum connection speed is 56 kilobits per second (Kbps), which is slow when supporting bandwidth-intensive services, such as video conferencing or streaming video. Dial-up service is typically sufficient for using web and e-mail applications. It is not recommended for multiple users, such as a number of students, who need to access the Internet at the same time. Dial-up service is available almost everywhere in the United States and is the least expensive way of connecting to the Internet/World Wide Web. ISDN Developed and marketed through the 1980s and early 1990s, the Integrated Services Digital Network (ISDN) was the telephone company's first attempt at providing faster online services. As with dial-up service, ISDN is generally insufficient for serving a large number of users with the same connection. The service provides up to 128 Kbps,
approximately twice the speed of dial-up. ISDN tends to be much more expensive than dial-up, costing generally $100 to $300 per month. For the most part, DSL technology has replaced ISDN; however, in some areas where DSL is not available, ISDN may be the best option. If available, most of the other services mentioned in this appendix provide greater capacity at lower cost than ISDN. DSL Digital Subscriber Line (DSL) technologies have largely replaced ISDN service as the product telephone companies want consumers to use when connecting to the Internet. Like dial-up service, DSL connects to the Internet over ordinary copper telephone lines, but is faster-at rates of 1.5 to 6.1 megabits per second (Mbps)enabling continuous transmission of video and audio. DSL service is primarily marketed to home and small business users, but the service is adequate to meet the
Telekomunikasi dan Elektronika komlek.net@2008
needs of education agencies. While it does not have the same quality of service in terms of speed or support that dedicated fiber optic lines typically provide, DSL is much more affordable. DSL is available in much of the United States, particularly in urban areas. Commercial DSL service generally runs from $100 to $250 per month, but can run significantly higher. DSL service quality can vary from area to area and from service provider to service provider. Additionally, the speed of access to the Internet depends on the distance between the user and the DSL relay station. Cable Modems Cable modems have become, in recent years, the most popular broadband technology for home computer users. The cable modem uses the same coaxial cable that carries cable TV signals for high-speed data transmission. While not as robust as fiber optic connections, cable modems can provide similar quality service at a fraction of the cost. The quality of a cable modem connection, however, is dependent on the overall quality of the cable modem provider's network, and the more people accessing the provider's network at the same time, the slower each individual's connection to the Internet will be. Speed ranges from under 1 to 8 Mbps; costs are generally $100 to $250 per month for commercial users. Because of the historically strong connection between education and the cable television community, many schools are using cable modems. When contracting to provide cable service to a city or county, the cable company typically makes the commitment to provide one cable connection and one modem to each school within the service area of the cable company. There are cases, however, in which cable companies have provided additional services. Higher Bandwidth Connections (including fiber optics) Many businesses and schools today connect to the Internet through larger cables, typically referred to as T1 (copper wire), T3 (coaxial cable or fiber optic cable), or OC3c (fiber optic) connections. These services are widely available, are highly flexible, and provide high quality, fast broadband service. Costs are comparatively high and vary widely from area to area. In urban areas, T1 connections (providing 1.5 Mbps) are generally available for approximately $200 to $500 per month. In rural areas, the same connection usually costs much more. Larger T3 and OC3c connections, which provide 45 Mbps and 155 Mbps, respectively, generally cost several thousands of dollars per month in urban areas and tens of thousands of dollars per month in rural areas. Depending on the bandwidth needs of the school or district, it may be more sensible to utilize a less expensive connection. For some agencies, a more feasible option in the T-carrier system may be a "fractional" T1 line, which utilizes a portion of the T1. Fractional T1 lines are
Telekomunikasi dan Elektronika komlek.net@2008
available to meet almost any speed requirement for a reduced price. This option makes sense for those agencies that may not need a full T1 line today, but might need increased bandwidth in the future. In addition, upgrading fractional T1 to use more of
the T1 line can usually be done without purchasing new hardware. Larger organizations, such as state government agencies or large school districts, may require the faster OC3c connection. These high-speed connections are not always available and, as mentioned, can cost tens of thousands of dollars per month. Where these networks exist, however, states (or counties or large districts) may be able to divide the bandwidth, according to the needs of smaller districts or schools. By doing this, the cost of connecting to the Internet could be reduced for smaller agencies or schools. Districts or schools should, when considering which kind of connectivity to purchase, determine if there is a preexisting network to which they can connect. Satellite Some larger agencies have considered buying space on a satellite to upload and download files. While the cost of transmitting information over wires would be removed, satellite reliability is debatable. Weather (such as rain) or even sunspots can affect satellite transmission. Cellular Wireless Traditionally, Internet access over cellular telephone networks has been slow and somewhat unreliable. Wireless technology, however, is coming of age, and new, significantly faster Internet connection services are offered throughout the United States. While these "third generation wireless" services (generally referred to as 3G services) are not necessarily suitable for building use, they may suit the needs of individuals within the agency as they maintain contact with each other during the workday. Already, cellular phones are replacing "walkie-talkies" in many secondary schools. It is still too soon to tell how much these services will cost, but they will probably be metered, with cost depending upon the amount of usage. Fixed Wireless Fixed wireless refers to the operation of wireless devices in a fixed location. Unlike mobile wireless devices, which are battery powered, fixed wireless devices are electrically powered. The basic idea behind fixed wireless is that the traditional wired connection (e.g., fiber optic, telephone line, or cable TV line) is replaced by a highspeed wireless connection. Depending on the technology, bad weather (such as rain) can significantly interfere with fixed wireless services. This service is usually most attractive in communities where traditional wired connections are not available; however, the technology is also suitable for urban areas. Fixed wireless speed varies considerably, from under 1 Mbps to upwards of 15 Mbps. Cost also varies widely.
Objectives
The Cisco IOS Wide-Area Networking Configuration Guide presents a set of general guidelines for configuring the following software components: ATM Broadband Access: PPP and Routed Bridge Encapsulation Frame Relay Frame Relay-ATM Internetworking SMDS Link Access Procedure, Balanced and X.25 This overview chapter gives a high-level description of each technology. For specific configuration information, see the appropriate chapter in this document.
Organization
The Cisco IOS Wide-Area Networking Configuration Guide includes the following chapters: Configuring ATM Configuring Broadband Access: PPP and Routed Bridge Encapsulation Configuring Frame Relay Configuring Frame Relay-ATM Interworking Configuring SMDS Configuring X.25 and LAPB
Introduction to NETWORKING
Network is the method to share hardware resources and software resources. We can share the resources with the help of operating system like windows, Linux, UNIX etc. To connect multiple networks we have to use internetworking devices like router, bridge, layer 3, switches etc.
Software
Networking software can be divided in two categories: Server software: - The software used to provide a particular service. Client software: - The software which is used to access service provided by server. Server Software Media Apache, IIS, Exchange 2003, FTP Server, Send Mail Client Software Media Internet Explorer, Outlook Express, Yahoo messenger, Cute FTP
P R O T O C O L Stack NIC
P R O T O C O L Stack NIC
Design Considerations Server software and Client software should be compatible. Protocol stack must be same. Connectivity can be performed via switch/hub etc. If NIC standards are different then translational bridge is required. If media is different then Trans-Receiver is required.
OSI Model OSI model is the layer approach to design, develop and implement networks. OSI model provides following advantages: (i) Designing of network will be standards based. (ii) Development time of new technologies will be reduced. (iii) Devices from multiple vendors can communicate with each other. (iv) Implementation and troubleshooting of network will be easier.
Presentation Layer: -
This layer decides presentation format of the data. It also able to performs other function like compression/decompression and encryption/decryption. Jpg file Online song
Session Layer: -
This layer initiate, maintain and terminate sessions between different applications. Due to this layer multiple application software can be executed at the same time. Telephone trun
Transport Layer: -
Transport layer is responsible for connection oriented and connection less communication. Transport layer also performs other functions like Positive Acknowledgement & Response Error checking Flow Control Buffering Windowing Multiplexing Sequencing Connection Oriented Communication
Connection less Communication Sender Send (i) Error checking Transport layer generates cyclic redundancy check (CRC) and forward the CRC value to destination along with data. The other end will generate CRC according to data and match the CRC value with received value. If both are same, then data is accepted otherwise discarded. (ii) Flow Control Receiver
Flow control is used to control the flow of data during communication. For this purpose following methods are used: (a) Buffering Buffer is the temporary storage area. All the data is stored in the buffer memory and when communication ability is available the data is forward to another. (b) Windowing Windowing is the maximum amounts of the data that can be send to destination without receiving Acknowledgement. It is limit for buffer to send data without getting Acknowledgement. (c) Multiplexing Multiplexing is used for multiple application on same IP. (iii) Sequencing Transport layer add sequence number to data, so that out of sequence data can be detected and rearranged in proper manner. (iv) Positive Acknowledgement and Response When data is send to destination, the destination will reply with Acknowledgement to indicate the positive reception of data. If Acknowledgement is not received within a specified time then the data is resend from buffer memory.
Network Layer
This layer performs function like logical addressing and path determination. Each networking device has a physical address that is MAC address. But logical addressing is easier to communicate on large size network. Its other responsibilities are: Fragmentation Header checksum Identification Quality of Service Protocol
Logical addressing defines network address and host address. This type of addressing is used to simplify implementation of large network. Some examples of logical addressing are: - IP addresses, IPX addresses etc. Path determination Network layer has different routing protocols like RIP, EIGRP, BGP, and ARP etc. to perform the path determination for different routing protocol.
Logical Link Control defines the encapsulation that will be used by the NIC to delivered data to destination. Some examples of Logical Link Control are ARPA (Ethernet), 802.11 wi-fi. Media Access Control defines methods to access the shared media and establish the identity with the help of MAC address. Some examples of Media Access Control are CSMA/CD, Token Passing.
Physical Layer
Physical Layer is responsible to communicate bits over the media this layer deals with the standard defined for media and signals. This layer may also perform modulation and demodulation as required.
Data Encapsulation
DCE: - DCE convert the bits into signal & send them on media.
FDDI Fiber Distributed Data Interface Switch forwards frames on the base of MAC address. Router forwards packets on the base of IP address.
LAN Technologies
LAN
Token Ring
FDDI
4 16 mbps
Ethernet
Ethernet is the most popular LAN technology. It can support verity of media like copper (UTP, Coaxial, fiber optic). This technology supports wide range of speed from 10mbps to 10000 mbps.
Ethernet frame
Preamble An alternating 1,0 pattern provides a 5MHz clock at the start of each packet, which allows the receiving devices to lock the incoming bit stream. Start Frame Delimiter (SFD)/Synch The preamble is seven octets and the SFD is one octet (synch). The SFD is 10101011, where the last pair of 1s allows the receiver to come into the alternating 1,0 pattern somewhere in the middle and still sync up and detect the beginning of the data. Length or type 802.3 uses a length field, but the Ethernet frame uses a type field to identify the network layer protocol. 802.3 cannot identify the upper-layer protocol and must be used with a proprietary LAN-IPX, for example
Ethernet at Media Access Control layer uses CSMA/CD protocol to access the shared media. In these days, we use Ethernet with switches and in switches the technology is made CSMA/CA (Collision Avoidance). So this reason Ethernet is best compare with Token Ring, FDDI & Wi-Fi.
CSMA/CD
Ethernet Family
Speed 10 10 10 10/100(present) 100 100 1000(Server) 1000 10000 Base Base Base Base Base Base Base
Base band 2 200-meter Coaxial cable 5 500-meter Thick Coaxial cable T 100 meter Twisted Pair (UTP) TX 100 meter UTP T4 100 meter UTP 4 Pairs used FX up to 4 kms Fiber Optic Base TX 100 meter UTP FX up to 100 kms Fiber Optic Base FX Fiber Optic
Ethernet Cabling
Coaxial cabling T connector, Terminator, BNC connector, Coaxial cable, 10 base2 lan cards
UTP Cabling In the UTP, we have used different topology to create the network.
In any Ethernet UTP topology we have to use one of the two types of cables Straight cable Cross cable Structure Cabling Requirement: Rack, patch panel, Switch/ Hub( Rack Mounable), patch cord, I/O connector, I/O box, UTP cable Tool: - Punching tool
New 1st collision domain 2nd collision domain 3rd collision domain
1 broadcast domain Working of Bridge: Working of Bridge explains in following steps: (i) Bridge can receives a frame in the buffer memory. (ii) The source MAC address of frame this stored to the bridging table. Port number MAC address 1 2 3 (iii) According to the destination MAC address the frame will be forwarded or drop (a) If destination MAC address of the frame is known then frame is forwarded to the particular port. (b)If destination MAC address is unknown by bridging table then frame is forwarded to the all port except receiving port. (c) If destination MAC address is broadcast MAC address ff.ff.ff.ff.ff.ff. (d)If destination MAC address exist on the same port from which port received then frame is dropped. Collision domain A group of pc, in which collision can occur, is called a collision domain. Broadcast domain A group of pc in which broadcast message is delivered is called broadcast domain.
Due to perform Lan segmentation using switches. We have to remove hubs from the network and replace hub with switches the working of switches. The working of switch is exactly like a bridge. A multiport bridge can be used as a bridge.
Multiple
Collision
domain
micro
Switchs working is similar to the bridge. Advantages of Switches: (1) Bandwidth will not be shared and overall throughput will depend on wire speed of the switch. Wire speed is also called switching capacity measured in mbps or gbps. Minimum port on switches = 4 Maximum port on switches = 48 (2) Any time access technology. (3) One to one communication so that network will be more secures. (4) Switches will perform micro segmentation and no collision will occur in network.
1st Broadcast Domain 2nd Broadcast Domain 3rd Broadcast Domain We have to install router between multiple switches to divide the broadcast domain. Each broadcast domain has to used different network address and router will provide inter network communication between them.
Router Administration
In this chapter we will study hardware architecture, Router Booting behavior, Command Line Usage and administration.
Pc Architecture
Processor Memory controller RAM BIOS ROM HDD CMOS RAM FD CD D I/O Controller Display Card Serial Parallel USB Sound Card V.D.U K/B Controller Keyboard
Router Architecture
Processor I/O Controller Memory Controller BIOS ROM NVRAM RAM Ports Flash RAM O/S IOS LAN WAN
When a pc has to send data to a different network address, then data will be forwarded to the router. It will analysis IP address of the data and obtain a route from the routing table. According to the route data will be dropped, If route not available. (1) Processor Speed: - 20 MHz to 1GHz Architecture: - RISC Reduce Instruction set computer Manufacturers: - Motorola, IBM, Power PC, Texas, Dallis, Intel. (2) Flash RAM Flash Ram is the permanent read/write memory. This memory is used to store one or more copies of router o/s. Router o/s is also called IOS (Internetwork Operating System).
Flash Ram stores the only o/s. The size of flash ram in the router is 4mb to 128mb. The flash ram may be available in one of the following three packages: SIMM Flash: - Single In-Line Memory Module PCMCIA Flash: - Personal Computer Memory Card Interface Architecture Compact Flash: - (Small Memory) (3) NVRAM NVRAM is a Non Volatile Random Access Memory. It is used to store the configuration of the Router. The size of NVRAM is 8 KB to 512 KB. (4) RAM Ram of the router is divided into two logical parts. (i) Primary RAM (ii) Shared RAM Primary RAM Primary RAM is used for: (a) Running copy of IOS. (b)Running configuration (c) Routing table (d)ARP table (IP address to MAC address) (e) Processor & other data structure Shared RAM Shared RAM is used as a buffer memory to shared the data received from different interfaces. Size of ram in a router may vary from 2 mb to 512 mb. The types of memory that may be present in a ram are: (a) DRAM Dynamic RAM (b)EDORAM Extended Data Out RAM (c) SDRAM Synchronous Dynamic RAM (5) BIOS ROM The BIOS ROM is the permanent ROM. This memory is used to store following program & Routines: (i) Boot strap loader (doing booting) (ii) Power on self test routines (iii) Incomplete IOS (iv) ROM Monitor (ROM-MON) Router & PC terms Router ROM-MON Incomplete IOS FLASH PC CMOS Setup Bootable Floppy/CD O/S From HDD
Interface Ethernet Ethernet LAN AUI Ethernet LAN Fast Ethernet Ethernet LAN Serial
Connector RJ45
color yellow
Use To connect
DB15
yellow
10 mbps
To connect
SS RJ45
blue E1-2 mbps To connect WAN T1-1.5 mbps Technology like Leased Lines, Radio link, Frame Relay, X.25, ATM blue orange 192 kbps To connect ISDN Rate Interface
RJ11
white
EPABX
to connect
AUI Attachment Unit Interface EPABX Electronic Private Automatic Branch PSTN Public Services Telephone Network Router Ports Port Console configuration Auxiliary remote PSTN line Virtual terminal remote router Vty protocol via To connect with telnet interface Connector RJ45 Color sky blue Speed 9600bps Details Used for
Other interfaces:(1) Token Ring Token Ring network. (2) E1/T1 controller E1/T1lines RJ45 Violet 4/16 mbps To connect
RJ45
White
Connect
UP- 1 mbps
For
ADSL
Down- 8 mbps
Types of routers:(1) Fixed configuration router (2) Modular router (3) Chassis based router
Step 1 Click the Start button on the Windows Taskbar, and select Programs > Accessories > Communications > HyperTerminal. HyperTerminal launches and displays the Connection Description dialog box.Type any name Step 2 Select com port Step 3 On the Port Settings tab, enter the following settings:
Speed - 9600 Data Bits - 8 Parity - none Stop bits - 1 Flow Control - none
Step 4 Click ok
When we access router command prompt the router will display different modes. According to the modes, privileges and rights are assigned to the user. User mode In this mode, we can display basic parameter and status of the router we can test connectivity and perform telnet to other devices. In this mode we are not configure to manage & configure router.
Privileged mode In this mode, we can display all information, configuration, perform administration task, debugging, testing and connectivity with other devices. We are not able to perform here configuration editing of the router. The command to enter in this mode is enable. We have to enter enable password or enable secret password to enter in this mode. Enable secret has more priority than enable password. If both passwords are configured then only enable secret will work. Global configuration This mode is used for the configuration of global parameters in the router. Global parameters applied to the entire router. The command enter in this mode is configure terminal. For e.g: - router hostname or access list of router Line configuration mode This mode is used to configure lines like console, vty and auxiliary. There are main types of line that are configured. (i) Console router(config)#line console 0 (ii) Auxiliary router(config)#line aux 0 (iii) Telnet or vty router(config)#line vty 0 4 Interface configuration mode This mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI etc. Router(config)#interface <type> <number> e.g. Router(config)#interface serial 1 Routing configuration mode This mode is used to configure routing protocol like RIP, EIGRP, OSPF etc. Router(config)#router <protocol> [<option>] Router(config)#router rip Router(config)#router eigrp 10
Configuring Passwords
There are five types of password available in a router (1) Console Password router#configure terminal router(config)#line console 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exit (2) Vty Password router#configure terminal router(config)#line vty 0 4 router(config-line)#password <word> (3) Auxiliary Password router#configure terminal router(config)#line Aux 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exit (4) Enable Password router>enable router#configure terminal router(config)#enable password <word>
(5) Enable Secret Password Enable Password is the clear text password. It is stored as clear text in configuration where as enable secret password is the encrypted password with MD5 (Media Digest 5) algorithm. Router#configure terminal Router(config)#enable secret <word> Router(config)#exit Encryption all passwords All passwords other than enable secret password are clear text password. We can encrypt all passwords using level 7 algorithm. The command to encrypt all passwords are: Router#configure terminal Router(config)#service password-encryption TIP: In CISCO router any configuration can be removed by using no prefix to the same command.
Managing Configuration
There are two types of configurations present in a router (1) Startup Configuration (2) Running Configuration Startup configuration is stored in the NVRAM. Startup configuration is used to save settings in a router. Startup configuration is loaded at the time of booting in to the Primary RAM. Running Configuration is present in the Primary RAM wherever we run a command for configuration, this command is written in the running configuration. To display runningconfiguration Router#show runningconfiguration To display startup configuration Router#show startupconfiguration To erase old configuration To save configuration Router#copy running-config startup-config Or Router#write To abort configuration Router#copy startup-config running-config
Interfaces configuration is one of the most important part of the router configuration. By default, all interfaces of Cisco router are in disabled mode. We have to use different commands as our requirement to enable and configure the interface. Configuring IP, Mask and Enabling the Interface Router#configure terminal Router(config)#interface <type> <no> Router(config-if)#ip address <ip> <mask> Router(config-if)#no shutdown Router(config-if)#exit
Interface Numbers Interface numbers start from 0 for each type of interface some routers will directly used interface number while other router will use slot no/port no addressing technique. Eth 0 Serial 0 Serial 1 Slot 1 Serial 1/0 Serial 1/1 Slot 0 Serial 0/0 Configuring parameters on WAN interface Router#configure terminal Router(config)#interfac <type> <no> Router(config-if)#encapsulation <protocol> Router(config-if)#clock rate <value> Router(config-if)#end To display interface status
To configure Interface description Router#configure terminal Router(config)#interface <type> <no> Router(config-if)#description <line> Configuring parameters on LAN interface Router#configure terminal Router(config)#interface <type> <no>
Show interfaces command will display following parameters about an interface Status Mac address IP address Subnet mask Hardware type / manufacturer Bandwidth Reliability Delay Load ( Tx load Rx load) Encapsulation ARP type (if applicable) Keep alive Queuing strategy Input queue detail Output queue details Traffic rate (In packet per second,bit per second) Input packet details Output packet details Modem signals (wan interface only) M.T.U maximum transmission rate (mostly 1500 bytes)
Configuring sub interface Sub interface are required in different scenario. For e.g:- in Ethernet we need sub interface for Vlan communication and in frame relay we need sub interface for multipoint connectivity. Sub interface means creating a logical interface from physical interface. Router#config ter Router(config)#interface <type> <no>.<subint no> Router(config-subif)# Router(config)#interface serial 0.2 Configuring secondary IP Router(config-if)#IP address 192.168.10.5 255.255.255.0 Router(config-if)#IP address 192.168.10.18 255.255.255.0 secondary
To display commands present in history Router#show history To display history size Router#show terminal
To change history size Router#config terminal Router(config)#line console 0 Router(config-if)#history size <value> Router(config-if)#exit
Configuring Banners
Banners are just a message that can appear at different prompts according to the type. Different banners are: Message of the day (motd)-This banner appear at every access method Login-Appear before login prompt Exec- Appear after we enter to the execution mode Incoming-Appear for incoming connections Syntax:Router#config terminal Router(config)#banner <type> <delim. char> Text Massage <delimation char> Router(config)# Example:Router#config terminal Router(config)#banner motd $ This router is distribution 3600 router connected to Reliance $
Logging configuration
Router generates the log message, which has stored in the router internal buffer and also displayed on the console. To send log messages to sys log server Router#config ter Router(config)#logging <IP address> Router(config)#exit To display log buffer Router#show logging Download Syslog Server Software from internet & install it on PC to store syslog messages. Synchronous Logging on console Router#config terminal Router(config)#line console 0 Router(config)#logging synchronous Router(config)#exit
We can configure router clock with the help of two methods. (1) Configure clock locally (2) Configure clock on NTP server (Network Time Protocol) Router does not have battery to save the clock setting. So that clock will reset to the default on reboot. In new routers clock battery will be available for time keeping. To display clock Router#show clock To configure clock Router#clock set hh:mm:ss day month year Use C:\>ping pool.ntp.org To configure clock from NTP server Router#config terminal Router(config)#ntp server <IP address> Router(config)#exit
Setup Mode
The router will enter in setup mode if there is no configuration is present in NVRAM. The router will display following message Would you like to enter in initial configuration dialog [ y / n ]: There are two types of setup modes: Basic setup mode Extended setup mode In basic mode only one interface is configured which will be used for telnet or web access connectivity. In extended mode all interfaces are configured. At the end we can save configuration changes or discard changes
Telnet access :
Telnet is a virtual port through which we can access router command line using interfaces
PC Switch Router
To accept telnet connection we have to configure following options on router: Configure IP on interface Configure VTY, enable secret password On client PC test connectivity with router & use command telnet <router_ip>
Router Booting Sources A router can boot from various sources. By default, it will boot from the flash memory and we can control the sequence with the help of configuration system or commands. A router can boot from following sources: (1) First file in flash (2) Specific file in flash (3) Incomplete IOS (4) TFTP Server (5) Rom Monitor (from Bios) The first to control boot sequence using configuration system register. We can modify configuration register value with the help of config-register command in global configuration mode. We can also modify register value from ROM monitor mode. Configuration Register Configuration Register is 16-bit value, which is stored in the NVRAM. At the time of booting the Bootstrap Loader reads the value of configuration Register and according to the value it configure its booting behavior. 0x2102 (IOS with Config) With this value the router will boot from first file present in the flash memory. This is the default value of configuration register. After loading IOS the router will also load startup-config into running-config. 0x2101 (Incomplete IOS with Config) The router will boot from incomplete IOS and then load the startup-config. 0x2100 (Rom Monitor) With this router will not boot, but enters in the Rom Monitor mode. 0x2142 (IOS without Config) The router will boot from first file in flash. But bypass the startup configuration 0x2141 (Incomplete IOS without Config) The router will boot from Incomplete IOS but bypass the startup-config. To change Config-Register from global mode Router#configure terminal Router(config)#config-register <value> Router(config)#exit Router#reload Note: - this is the only value, which is configured in the configuration mode and does not need to be saved. To change Config-Register using Rom Monitor Steps: (1) Power on the router (2) Press ctrl+break from console with in 60 sec. (3) The router will enter to the Rom Monitor. Type following commands Rommon 1> confreg <value> Rommon 2> i Note: - in 2500 series router o/r command should be used in place of confreg command.
To boot router from specific file in flash To boot from first file in Router(config)#boot system flash <file flash TFTP server name> Router(config)#boot TFTP server is modified form of FTP. It is used to flash transfer file without system performing authentication. TFTP has only home directory, in which To boot router from TFTP server/network subdirectories are not allowed. Directory browsing To is not allowed Router(config)#boot system tftp <file name> boot from in the home directory. TFTP is the udp-based protocol, which works on port no 69. TFTP has following features in comparison to the FTP. (1) Only get file and put file service is available. (2) Authentication is not supported. (3) Home directory may not have subdirectories (4) Directory browsing is not allowed Installation and Configuration of TFTP server In windows system, we have to execute following steps to use the pc as TFTP server. (1) Download TFTP server software from Internet. (2) Install the TFTP server software on pc. (3) If software is not installed as the service then software should be running on screen. Configure home directory of server or use default. Functions (1) (2) (3) (4) to be perform with the help of TFTP server To boot router from TFTP server Backup IOS and configuration Restore IOS and configuration Upgrade IOS
(1) To boot from TFTP server i) Run the tftp server s/w on pc. And copy IOS image file in the Home directory of tftp server. ii) Test connectivity between router and tftp server. iii) On router use following commands:Router#conf ter Router(config)#boot system tftp c1700-1s-mz.122.3.bin 10.0.0.18 Router(config)#exit Router#copy runn start Reload the device. Make sure that configuration register set as 0x2102. 2) To backup IOS i) Test connectivity and make sure TFTP server is running. ii) Type command: Router#show flash (note the IOS filename)
Router#copy flash TFTP Source filename = ? Destination filename=? IP of TFTP server=? (3) To backup Configuration i) Test connectivity and make sure TFTP server is running. ii) Type commands: Router#copy running-config tftp Or Router#copy startup-config tftp Remote IP: ________ Destination Filename: ________ 3) To restore Configuration i) Test connectivity and make sure TFTP server is running. ii) Make sure configuration file is present in home directory and note the filename. iii) Type commands: Router#copy tftp running-config Remote IP: __________ Source Filename: ___________ Destination Filename[running-config]: _ Press enter here 4) Restore/Upgrade IOS There are four different conditions in which we can restore/upgrade IOS. Case 1: old IOS is present and flash is in read/write mode. Copy IOS image in tftp servers home directory. Test connectivity and make sure tftp server is running. On router use commands: Router# copy tftp flash Source file: Destination file: IP address: Erase Flash [y/n]: Case2: Old IOS is present but flash is in read only mode. In this case, we have to set config-register to 0x2101 to boot the router from incomplete IOS. After booting the flash will be read/write mode. Now use same command as in condition case 1. When IOS loading is complete reset config-register to 0x2102. Case3: old IOS is not present but incomplete IOS is present in bios. The router will automatically boot from incomplete IOS. And we have to execute same commands as in case1 and case2. Case4: Complete IOS and incomplete IOS is not present in router. There are two methods to load IOS with the help of Rom Monitor mode. Method1: Loading IOS using xmodem
In this case we have to use xmodem command and the IOS will be loaded with the help of console cable. Tftp is not required in this case. Enter to the Rom Monitor and type following command. Rom Mon 1>xmodem <filename> When router display a message Ready to receive file then click on HyperTerminal then Transfer>> Send file>> use browse to select file>> select protocol xmodem>> send. Method2: In this case we have to use tftp server in Rom Monitor. Connect the pc tftp server make sure tftp is running and IOS image present in the home directory. Enter to the Rom Monitor mode and type following command. Rom Mon>IP_ADDRESS=10.0.0.2 Rom Mon> TFTP_SERVER=10.0.0.1 Rom Mon> TFTP_FILE=<filename> Rom Mon> DEFAULT_GATEWAY=10.0.0.1 Rom Mon> IP_SUBNET_MASK=255.0.0.0 Rom Mon> tftpdnld When IOS transfer is completed then type command. Rom Mon>boot To view source from which router boots. Router#show version
2) Using a DNS server We can configure router to send DNS queries to DNS server. The DNS server will resolve hostname and then pc or router will try to communicate with destination. We can create maximum 6 IP. Router#config terminal Router(config)#IP name-server <IP> [<IP2>] Router(config)#IP name-server 202.56.230.6 Router(config)#exit
On telnet client we have to use following command: Router#Telnet <IP of router> To display connected users Router#show users To disconnect a user Router#clear line <no> To display connected session Router#show sessions To telnet a device from router Router#telnet <IP> To exit from telnet session Router#exit To exit from a hanged telnet session Ctrl+shft+6 X
TIP: If we want to allow telnet router without password then on the VTY type command No Login.
TCP/IP MODEL
TCP/IP is the most popular protocol stack, which consist of large no of protocol. According to the OSI model TCP/IP consist of only four layers. TCP/IP model is modified form of DOD (Department of Defense) model.
Application Layer
This layer contains a large no. of protocols. Each protocol is designed to act as server & client. Some of protocol will need connection oriented. TCP and others may need connection less UDP for data transfer. Application layer use port no.s to identity each application at Transport layer. This layer performs most of functions, which are specified by the Application, Presentation, and Session layer of OSI model.
Transport Layer
Two protocols are available on Transport layer Transmission Control Protocol User Datagram Protocol 1) Transmission Control Protocol: TCP performs connection-oriented communication. Its responsibilities are: Error Checking Acknowledgement Sequencing Flow Control Windowing
Source Port and Destination Port fields together identify the two local end points of the particular connection. A port plus its hosts IP address forms a unique end point. Ports are used to communicate with the upper layer and distinguish different application sessions on the host. The Sequence Number and Acknowledgment Number fields specify bytes in the byte stream. The sequence number is used for segment differentiation and is useful for reordering or retransmitting lost segments. The Acknowledgment number is set to the next segment expected. Data offset or TCP header length indicates how many 4-byte words are contained in the TCP header. The Window field indicates how many bytes can be transmitted before an acknowledgment is received. The Checksum field is used to provide extra reliability and security to the TCP segment. The actual user data are included after the end of the header.
2) User Datagram Protocol UDP is considered to be a connectionless protocol. It leaves reliability to be handled by the application layer. All it cares about is fast transmission. UDP header is responsible for error checking and identifying applications using port numbers.
Internet Layer
The main function of Internet layer is routing and providing a single network interface to the upper layers protocols. Upper or lower protocols have not any functions relating to routing. To prevent this, IP provides one single network interface for the upper layer protocols. After that it is the job of IP and the
various Network Access protocols to get along and work together. The main protocols are used in Internet layer:1) Internet Protocol (IP) 2) Internet Control Message Protocol (ICMP) 3) Address Resolution Protocol (ARP) 4) Reverse Address Resolution Protocol (RARP) 5) Proxy ARP
Internet Protocol
This protocol works at internet layer. It is responsible for logical addressing, defining type of service and fragmentation.
Source Port and Destination Port fields together identify the two local end points of the particular connection. A port plus its hosts IP address forms a unique end point. Ports are used to communicate with the upper layer and distinguish different application sessions on the host. The Sequence Number and Acknowledgment Number fields specify bytes in the byte stream. The sequence number is used for segment differentiation and is useful for reordering or retransmitting lost segments. The Acknowledgment number is set to the next segment expected. Data offset or TCP header length indicates how many 4-byte words are contained in the TCP header. Window indicates how many bytes can be transmitted before an acknowledgment is received. Checksum is used to provide extra reliability and security to the TCP segment. User data represents the actual data which are always included at end of the header.
IP Subnet
In TCP/IP by default three sizes of networks are available: (1) Class A -224 PC -> 16777216 (2) Class B - 216 PC-> 65536
(3) Class C 28 PC -> 256 In subneting, we will divide class A,B & C network into small size sub networks. This procedure is called subneting. Subneting is performed with the help of subnet mask. There are two types of subneting that we performed: (1) FLSM Fixed Length Subnet Mask (2) VLSM Variable Length Subnet Mask
Why to Sub?
(i) Default Class Network provide us large no. of PCs in comparison to the requirement of PCs in the network. (ii) It is practical never possible to create a class A or class B sized network. To reduce the broadcast of network, we have to perform LAN segmentation of routers. In each sub network, we need different network addresses.
How to Subnet?
In this formula, we will first modify our requirement according to the no. of subnet possible then we calculate new subnet mask and create IP range. Example 1 Class = C No. of subnet =5 Step1 No. of subnet possible is 2,4,8,16,32 Class= C No. of subnets= 8 Step 2 Calculate key value 2? = No. of subnets 2? = 8 23= 8 Step 3 Calculate new subnet mask In class C Net id 24+key 24+3 27 11111111.11111111.11111111.11100000 255. 255. 255. 224 We add this address to make subnet mask Step 4 Range No. of Pc/Subnet= Total Pc/ No. of Subnet = 256/8 =32
In Class C x.x.x.0 x.x.x.31 (1)(30) x.x.x.32- x.x.x.63 6495 96127 128159 160191 192223 x.x.x.224-x.x.x.255 The first IP of each subnet will be subnet id and last IP will be sub network broadcast address. Example 2 Class= C No. of subnet= 10 Step 1 No. of subnet= 16 Step 2 24= 16 Step 3 Net id Host id 24+4 8-4 11111111.11111111.11111111.11110000
Subneting method 2
Class= No. of Pc/Sub= 8 Mask= ? Range= ? In this case we have to calculate the key according to the no. of per subnet according to the key value the bits of subnet mask from right hand side are set to zero then range is calculated. Example Class= C No. of Pc/Sub=5 Step 1 No. of Pc/Subnet possible 4,8,16,32,64. New requirement Class= C No. of Pc/Sub= 8 Step 2 2?= No. of Pc/Sub 2?= 8
23= 8 key 3 11111111.11111111.11111111.11111000 255. 255. 255. 248 No. of Subnet= Total Pc/(Pc/Sub) = 256/8 Class C 255.255.255.248 .8 .16 .24 . . Example 2 Class C No. of Pc/Sub=50 Step 1 Class= C No. of Pc/Sub= 64 Step 2 26= 64 11111111.11111111.11111111.11000000 255. 255. 255. 192 No. of subnet= 256/64= 4 Class C Sub 255.255.255.192 4 Pc/Sub 64 Sub 32 200.100.100.0 .23 .31 Pc/Sub 8 200.100.100.7 .15
Method 3
No. of Pc/Sub= 50 New req. No. of Pc/Sub= 64 No. of Subnet= 256/64= 4 Class= C No. of Sub= 4 22= 4 24+2 8-2 11111111.11111111.11111111.11000000 255. 255. 255. 192
Zero Subnet
According to the rules of IP Addressing the first subnet and last subnet is not useable due to routing problem. In new Cisco router a command is present in default configuration. With this command, we are able to use first and last Subnet after Subneting. Command is Router#config ter Router(config)#ip subnet-zero Router(config)#exit Example: - Check whether an address is valid IP, N/w address or Broadcast address. If IP is valid then calculate its N/w & Broadcast address. 200.100.100.197 255.255.255.240 28 4 200.100.100.197 200.100.100.1100 200.100.100.192 200.100.100.1100 200.100.100.207 200.100.100.1100 0101 0000 1111 Valid IP Network address Broadcast address
Example: Class= B No. of subnet= 64 26= 64 11111111.11111111.11111111.11000000 255. 255. 255. 192 No. of Pc/Sub= 65536/64= 1024 150.20.0.0 150.20.3.255 150.20.4.0 150.20.7.255 150.20.8.0 150.20.11.255
This method is representing IP address also called CIDR (Classless Inter Domain Routing) notation.
No Subneting
200.100.8.X 200.100.1.X 200.100.7.X 200.100.4.X 200.100.5.X 200.100.2.X 200.100.6.X 200.100.3.X 200.100.9.X
FLSM
200.100.1.112-127/28 200.100.1.128-143/28 200.100.1.95-111/28 200.100.1.48-63/28 200.100.1.80-95/28 200.100.1.64-79/28 200.100.1.32-47/28 200.100.0-15/28 200.100.1.16-31/28
Remaining Subnet 144 159 160 175 176 191 192 207 208 223 224 239 240 255 Problem with FLSM In FLSM, we have to create subnet of equal size. All N/w will be allotted constant size subnet instead of their IP addresses requirement. Due to this a N/w may be allotted more than required IP address and less than required IP addresses.
VLSM
/25
Sub 2 8
Pc/Sub Sub Pc/Sub Sub Pc/Sub 128 4 64 0 63 64 127 128 191 192 255
0 31 0 32 63 64 95 96 127 64 80 96
15 07 16 31 8 15 32 47 16 23 48 63 24 - 31 79 95 111
20 32-63/30
64 64-95/27
2 IP 0-3/30 2 12-15/30
50 128-191/26
Remaining 24 31 112 127 If we are using VLSM and Dynamic Routing then routing be compatible to VLSM. This will happen only if Subnet masks are also sends in the routing updates.
Super Netting
Combining small N/w to create a large size N/w is called Super Network. Super netting is mostly used to define route summarizations in routing tables. It is not used for the implementation of large network. 170.10.0.0 170.00001010.00000000.00000000 170.11.0.0 170.00001011.00000000.00000000
IP Routing
When we want to connect two or more networks using different n/w addresses then we have to use IP Routing technique. The router will be used to perform routing between the networks. A router will perform following functions for routing. (1) Path determination (2) Packet forwarding (1) Path determination The process of obtaining path in routing table is called path determination. There are three different methods to which router can learn path. i) Automatic detection of directly connected n/w. ii) Static & Default routing iii) Dynamic routing (2) Packet forwarding It is a process that is by default enable in router. The router will perform packet forwarding only if route is available in the routing table.
Routing Process
(i) The pc has a packet in which destination address is not same as the local n/w address. (ii) The pc will send an ARP request for default gateway. The router will reply to the ARP address and inform its Mac address to pc. (iii) The pc will encapsulate data, in which source IP is pc itself, destination IP is server, source Mac is pcs LAN interface and destination Mac is routers LAN interface. R1 10.0.0.1
172.16.0.5
The router will receive the frame, store it into the buffer. When obtain packet from the frame then forward data according to the destination IP of packet. The router will obtain a route from routing table according to which next hop IP and interface is selected (iv) According to the next hop, the packet will encapsulated with new frame and data is send to the output queue of the interface.
Static Routing
In this routing, we have to use IP route commands through which we can specify routes for different networks. The administrator will analyze whole internetwork topology and then specify the route for each n/w that is not directly connected to the router. Steps to perform static routing (1) Create a list of all n/w present in internetwork. (2) Remove the n/w address from list, which is directly connected to n/w. (3) Specify each route for each routing n/w by using IP route command. Router(config)#ip route <destination n/w> <mask> <next hop ip> Next hop IP it is the IP address of neighbor router that is directly connected our router. Static Routing Example: Router#conf ter Router(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2
Fast and efficient. More control over selected path. Less overhead for router. Bandwidth of interfaces is not consumed in routing updates.
(1) More overheads on administrator. (2) Load balancing is not easily possible. (3) In case of topology change routing table has to be change manually.
Static route can also specify in following syntax: Old Router(config)#ip route 172.16.0.0 255.255.0.0 172.25.0.2 Or Router(config)#ip route 172.16.0.0 255.255.0.0 serial 0
If more than one path are available from our router to destination then we can specify one route as primary and other route as backup route. Administrator Distance is used to specify one route as primary and other route as backup. Router will select lower AD route to forward the traffic. By default static route has AD value of 1. With backup path, we will specify higher AD so that this route will be used if primary route is unavailable. Protocols AD Directly Connected Static 1 BGP 20 EIGRP 0 90
Syntax: - To set backup path Router(config)#ip route <dest. n/w> <mask> <next hop> <AD> Or <exit interface> Example: Router#conf ter Router(config)#ip route 150.10.0.0 255.255.0.0 150.20.0.5 Router(config)#ip route 150.10.0.0 25.255.0.0 160.20.1.1 8 (below 20) Router(config)#exit
Default Routing
Default routing means a route for any n/w. these routes are specify with the help of following syntax: Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop> Or <exit interface> This type of routing is used in following scenario. Scenario 1: Stub network A n/w which has only one exit interface is called stub network.
If there is one next hop then we can use default routing. Scenario 2 Internet connectivity On Internet, million of n/ws are present. So we have to specify default routing on our router. Default route is also called gateway of last resort. This route will be used when no other routing protocol is available. ISP
200.100.100.11
R1
172.16.0.5 R2 10.0.0.0
Router(config)#ip route 10.0.0.0 255.0.0.0 172.16.0.5 Router(config)#ip route 0.0.0.0 0.0.0.0 200.100.100.11 To display routing table Router#sh ip route To display static routes only Router#sh ip route static To display connected n/ws only Router#sh ip route connected S 192.168.10.0/28 [1/0] via 172.16.0.5 To check all the interface of a router Router#sh interface brief
Dynamic Routing
In dynamic routing, we will enable a routing protocol on router. This protocol will send its routing information to the neighbor router. This protocol will send its routing information to the neighbor router. The neighbors will analyze the information and write new routes to the routing table. The routers will pass routing information receive from one router to other router also. If there are more than one path available then routes are compared and best path is selected. Some examples of dynamic protocol are: RIP, IGRP, EIGRP, OSPF
According to the working there are two types of Dynamic Routing Protocols. (1) Distance Vector (2) Link State According to the type of area in which protocol is used there are again two types of protocol: (1) Interior Routing Protocol (2) Exterior Routing Protocol
Autonomous system
Autonomous system is the group of contiguous routers and n/w, which will share their routing information directly with each other. If all routers are in single domain and they share their information directly with each other then the size of routing updates will depend on the no. of n/w present in the Internetwork. Update for each n/w may take 150 200 bytes information. For example: - if there are 1000 n/ws then size of update will be 200*1000 = 200000 bytes The routing information is send periodically so it may consume a large amount of bandwidth in our n/w. Border Routing Exterior Routing
Protocols
Interior Routing RIP IGRP EIGRP OSPF Exterior Routing BGP EXEIGRP
Hop Count:It is the no. of Hops (Routers) a packet has to travel for a destination n/w. Bandwidth : Bandwidth is the speed of link & path with higher bandwidth is preferred to send data. Load : Load is the amount of traffic present in the interface. Paths with lower load and high throughput is used to send data. Reliability : Reliability is up time of interface over a period of time. Delay : Delay is the time period b/w a packet is sent and received by the destination. MTU : Maximum Transmission Unit It is the maximum size of packet that can be sent in a frame mostly MTU is set to 1500.
Hold Down If a route changes frequently then the route is declared in Hold Down state and no updates are received until the Hold Down timer expires.
Configuring RIP Router#conf ter Router(config)#router rip Router(config-router)#network <own net address> Router(config-router)#network <own net address> --------------------------Router(config-router)#exit 172.16.0.6 10.0.0.1 R 1 172.16.0.5 175.2.1.1
200.100.100.12
Router(config-router)#network 10.0.0.0 Router(config-router)#network 172.16.0.0 Router(config-router)#network 200.100.100.0 175.2.0.0 via 172.16.0.6 Display RIP Routers Router#sh ip route rip R 192.168.75.0/24 [120/5] via 172.30.0.2 00:00:25 serial 1/0 RIP Dest. n/w mask AD Metric Next Hop Timer own Interface RIP advanced configuration Passive Interfaces An interface, which is not able to send routing updates but able to receive routing update only is called Passive Interface. We can declare an interface as passive with following commands: Router#conf ter Router(config)#router rip Router(config-router)#Passive-interface <type> <no> Router(config-router)#exit Neighbor RIP In RIP, by default routing updates are send to the address 255.255.255.255. In some scenarios, it may be required to send routing updates as a unicast from router to another. In this case, we have to configure neighbor RIP. For example: - in a Frame Relay n/w the broadcast update is discarded by the switches, so if we want to send RIP updates across the switches then we have to unicast updates using Neighbor RIP. Unicast 10.0.0.2 255.255.255.255 R1 10.0.0.1 10.0.0.2 R2 Frame Relay Cloud
R1 R2 Router(config)#router rip Router(config)#router rip Router(config-router)#neighbor 10.0.0.2 Router(config-router)#neighbor 10.0.0.1 Configuring Timers Router(config)#router rip Router(config-router)#timers basic <update> <invalid> <hold down> <flush> Router(config-router)#exit Example: -
Router(conf)#timer basic 50 200 210 300 Update 50 sec Invalid 200 sec Hold 210 sec Flush 300 sec To change Administrative Distance Router(config)#router rip Router(config-router)#distance <value> Router(config-router)#exit 95 or 100 To configure Load Balance RIP is able to perform equal path cost Load Balancing. If multiple paths are available with equal Hop Count for the destination then RIP will balance load equally on all paths. Load Balancing is enabled by default 4 paths. We can change the no. of paths. It can use simultaneously by following command: Router(config)#router rip Router(config-router)#maximum-path <1-6> To display RIP parameters Router#sh ip protocol Or Router#sh ip protocol RIP This command display following parameters: (i) RIP Timers (ii) RIP Version (iii) Route filtering (iv) Route redistribution (v) Interfaces on which update send (vi) And receive (vii) Advertise n/w (viii) Passive interface (ix) Neighbor RIP (x) Routing information sources (xi) Administrative Distance
RIP version 2
RIP version 2 supports following new features: (1) Support VLSM (send mask in updates) (2) Multicast updates using address 224.0.0.9 (3) Support authentication Commands to enable RIP version 2 We have to change RIP version 1 to RIP version 2. Rest all communication will remain same in RIP version 2. Router(config)#Router RIP Router(config-router)#version 2 Router(config-router)#exit
To debug RIP routing Router#debug ip rip To disable debug routing Router#no debug ip rip Or Router#no debug all Or Router#undebug all
Configuring IGRP
Router(config)#router igrp <as no>(1 65535) Router(config-router)#network <net address> Router(config-router)#network <net address> Router(config-router)#exit Configuring Bandwidth on Interface for IGRP By default the router will detect maximum speed of interface and use this value as the bandwidth metric for IGRP. But it may be possible that the interfaces and working at its maximum speed then we have to configure bandwidth on interface, so that IGRP is able to calculate correct method. Router(config)#interface <type> <no> Router(config-if)#bandwidth <value in kbps> Router(config-if)#exit Router(config)#interface serial 0 Router(config-if)#bandwidth 256 Router(config-if)#exit
Serial E1
modem
Serial E1
2048 k
Configuring Unequal path cost load balancing To configure load balancing, we have to set two parameters (1) Maximum path (by default 4) (2) Variance (default 1) Maximum Path: - it is maximum no. of paths that can be used for load balancing simultaneously. Variance: - it is the multiplier value to the least metric for a destination n/w up to which the load can be balanced. Router(config)#Router igrp <as no> Router(config-router)#variance <value> Router(config-router)#exit Configuring following options in IGRP as same as in case of RIP: (1) Neighbor (2) Passive interface (3) Timer (4) Distance (AD) (5) Maximum path
15.0.0.0
R 3
13.0.0.0
R 1
11.0.0.0 12.0.0.0
R 2
10.0.0.0
16.0.0.0 17.0.0.0 R 4
The routing protocols, which use link state routing are: (1) OSPF (2) EIGRP
EIGRP Protocols & Modules (1) Protocol depended module This module is used to perform multi protocol routing that is the router will maintain 3 routing table for TCP/IP, IPX/SPX and Appletalk. It will analyze the update packet and send to the corresponding routing table. Reliable Transport Protocol RTP is used to exchange routing updates with neighbor routers. It will also maintain neighbor relationship with the help of Hello packet. RTP has following features: (1) Multicast updates (224.0.0.10) (2) Neighbor recovery: If neighbor stops responding to the Hello packets then RTP will send 16 unicast Hello packet for that neighbor. (3) Partial updates (4) No updates are send if there is no topology change. Due to this feature it is also called quiet protocol. Diffusing Update Algorithm (DUAL) DUAL is responsible for calculating best path from the topology table. Dual has following features: * Backup Path * VLSM * Route queries to neighbor for unknown n/w. Configuring EIGRP Router(config)#router eigrp <as no> Router(config-router)#network <net addr.> Router(config-router)#network <net addr.> Router(config-router)#exit Advanced Configuration EIGRP Configuring following options are same as configuring IGRP (1) Bandwidth on Interfaces (2) Neighbor (3) Load balancing
Max path Variance Display Commands Router#clear ip route * Flush routing table. Router#sh ip eigrp topology It shows topology database. P-> passive-> stable A->active->under updation Router#sh ip eigrp neighbor It shows neighbor table Debug IGRP Router#debug ip igrp events Its display info. On special event Router#debug ip igrp transactions It shows every update Debug EIGRP Router#debug ip eigrp Router#debug ip eigrp summary
OSPF Terminology Already known topics in this: (1) Hello packets (2) LSA (Link State Advertisement) (3) Neighbor (4) Neighbor table (5) Topology table (LSA database) Router ID Router ID is the highest IP address of router interfaces. This id is used as the identity of the router. It maintaining stale databases. The first preference for selecting router ID is given to the Logical interfaces. If logical interface is not present then highest IP of physical interface is selected as router id. Area Area is the group of routers & n/ws, which can share their routing information directly with each other.
Adjacency A router is called adjacency when neighbor relationship is established. We can also say adjacency relationship is formed between the routers.
Area 0
br
br
br
abr
abr
abr
ar
ar
ar
ar
ar
ar
ar
Area 20
Area 70
Area 90
Area Router A router, which has all interfaces member of single area, is called area router. Backbone Area Area 0 is called backbone area. All other areas must connect to the backbone area for communication. Backbone Router A router, which has all interfaces members of area 0, is called backbone router. Area Border Router A router, which connects an area with area 0, is called area border router.
Backup Designated Router This router will work as backup for the designated router. In BDR mode, it will receive all information but do not forward this information to other non-DR router. L K M N
Switch A B C D L B A C D K C A B D M D A B C N
Neighbor
This problem is solved with the help of electing a router as designated router and backup designated router.
Commands to configure OSPF Router#conf ter Router(config)#router ospf <process no> Router(config-router)#network <net address> <wild mask> area <area id> Router(config-router)#network <net address> <wild mask> area <area id> Router(config-router)#exit Wild Mask Complement of subnet mask Example 255.255.0.0 255.255.255.255 - Subnet mask Wild mask 0.0.255.255 255.255.255.255 - 0.255.255.192 0 . 0 . 0 . 63
Configuring bandwidth on interface If the actual bandwidth of interface is not equal to the maximum speed of interface then we have to use bandwidth command to specify the actual bandwidth. Router(config)#interface <type> <no> Router(config-if)#bandwidth <speed> Configuring logical interface for OSPF By default the highest IP address of interface will be elected as Router id. If there is a change in status of interface then router will reelect some IP as Router id. So if we create logical interface, it will never go down and first preference give to the logical interface for RID. Command: Router(config)#interface loopback <no> Router(config-if)#ip address 200.100.100.1 255.255.255.255 Router(config-if)#no sh Router(config-if)#exit The subnet mask 255.255.255.255 is called host mask. It is recommended to use this mask due to which minimum IP address will be wasted.
Command to display OSPF parameter Router#show ip protocol Router#show ip ospf Display Neighbor Table Router#show ip ospf neighbor Display Database Router#show ip ospf database To display DR/BDR Elections Router#show ip ospf interfaces
Area 20 200.100.100.2/24
215.1.13/24
Router(config)#router ospf 32 Router(config-router)#network 200.100.100.0 0.0.0.255 area 20 Router(config-router)#network 215.1.1.0 0.0.0.255 area 20 Router(config-router)#exit
R 1
200.100.100.66/27
200.100.100.160/26
R1 Router(config)#router ospf 33 Router(config-router)#network 200.100.100.32 0.0.0.3 area 0 Router(config-router)#network 200.100.100.64 0.0.0.31 area 0 Router(config-router)#exit R2 Router(config)#router ospf 2 Router(config-router)#network 200.100.100.32 0.0.0.3 area 0 Router(config-router)#network 200.100.100.128 0.0.0.63 area 0 Router(config-router)#exit 200.100.100.5/30 200.100.100.17/30
R 1
R 200.100.100.6/30 2
R 200.100.100.18/30 3 200.100.100.230/27
200.100.100.38/28
200.100.100.161/28
R1 Router(config-router)#network 200.100.100.4 0.0.0.3 Router(config-router)#network 200.100.100.32 0.0.0.15 R2 Router(config-router)#network 200.100.100.4 0.0.0.3 Router(config-router)#network 200.100.100.160 0.0.0.15 Router(config-router)#network 200.100.100.16 0.0.0.3 R3 Router(config-router)#network 200.100.100.16 0.0.0.3 Router(config-router)#network 200.100.100.224 0.0.0.31
LAN Switching Ethernet switches are used in LAN to create Ethernet networks. Switches forward the traffic on the basis of MAC address. Switches maintain a switching table in which MAC addresses and Port No are used to perform switching decision. Working of bridge and switch is similar to each other.
Classification of switches
Switches are classified according to the following criteria: Types of switches based on working (1) Store & Forward This switch receives entire frame then perform error checking and start forwarding data to the destination. (2) Cut through This switch starts forwarding frame as soon as first six bytes of the frame are received. (3) Fragment-free This switch receives 64 bytes of the frame, perform error checking and then start forwarding data. (4) Adaptive cut-through It changes its mode according the condition. If there are errors in frames then it changes its mode to Store & Forward. Types of switches based on management (1) Manageable switches (2) Non-Manageable switches Types of switches based on command mode (only in Cisco) (1) IOS based Features of switch - No. of ports - Type of media Types of switches based on OSI layer (1) Layer 2 switches (only switching) Switches based on hierarchical model (1) Core layer switches (2) Distribution layer switches
Following function and options are not similar in router and switch. Default hostname is Switch Auxiliary port is not present VTY ports are mostly 0 to 15 By default interfaces are enabled IP address cannot be assign to interfaces Routing configuration mode is not Interface no. starts from 1 Web access is by default enabled Configuration register is not same Flash memory may contain multiple files Startup-configuration is also saved in flash
Breaking Switch Password (1) Power off switch press mode button present in front of switch then power on the switch. (2) Keep mode button press until Switch: prompt appears on console. (3) In switch monitor mode, type following commands: flash_init load_helper rename flash:config.text flash:<anyname> dir flash: boot (4) After booting switch will prompt to enter in initial configuration dialog. Enter no here and type. Switch>enable Rename flash:<anyname> Flash:config.text Configure memory Change password and save config. Then copy run strat_config.
Cisco hierarchal model recommends three layer design of the network o Core layer o Distribution layer o Access layer On each layer there are some rules which we have to follow Highest performance devices are connected on Core layer. Resources should be placed on Core layer. Polices should not be applied on core layer. On distribution layer, we can implement policies. Distribution and Core devices should be connected with high-speed links. Access layer devices are basic devices and may be non manageable.
Hierarchal model
After using hierarchal model the most of LAN problem will be solved but one problem still remain same that is all pc s will be in single broadcast domain. We have to implement following solution for this problem. (1) Physical Segmentation (2) Logical Segmentation Logical Segmentation of Network To perform logical segmentation, we have to create VLAN in the network. With the help of VLAN, we can logically divide the broadcast domain of the network.
VLAN provides Virtual Segmentation of Broadcast Domain in the network. The devices, which are member of same Vlan, are able to communicate with each other. The devices of different Vlan may communicate with each other with routing. So that different Vlan devices will use different n/w addresses. Vlan provides following advantages: (1) Logical Segmentation of network (2) Enhance network security
Creating port based Vlan In port based Vlan, first we have to create a VLAN on switch then we have to add ports to the Vlan. Commands to configure ports for a Vlan Switch#conf ter Switch(config)#interface <type> <no> Switch(config-if)#switchport access By default, all ports are member of single vlan that is Vlan1. we can change vlan membership according to our requirement. Commands to configure multiple ports in a vlan Switch#conf ter Switch(config)#interface range <type> <slot/port no (space)(space) port no> Switch(config-if)#switchport access vlan <no> Switch(config-if)#exit Example: - Suppose we want to add interface fast Ethernet 0/10 to 0/18 in vlan5 Switch#config ter Switch(config)#interface range fastethernet 0/10 18 Switch(config-if)#switchport access vlan 5 Switchconfig-if#exit Commands to create Vlan Switch#config ter Switch(config)#vlan <no> Switch(config)#name <word> Switch(config)#exit
Trunking
When there are multiple switches then we have to use trunk links to connect one switch with other. If we are not using trunk links then we have to connect one cable from each VLAN to the corresponding VLAN of the other switch. Normal: Vlan 1 7 3 1 3 7
In Trunking: 1 7 3
Vlan 1, 3, 7 1 3 7
Trunk
Trunk
Switches will perform trunking with the help of frame tagging. The trunk port will send data frames by adding a Vlan id information to the frame, at the receiving end vlan id information is removing from the end and according to the tag data is delivered to the corresponding vlan. There are two protocols to perform frame tagging. (1) Inter switch link (cisco propietry) (2) IEEE 802.1 q Configuring Trunking In cisco switches all switch ports may be configured in three modes (1) Trunk desirable (default) (2) Trunk on (3) Trunk off Switch#conf ter Switch(config)#interface <type> <no> Switch(config-if)#switchport mode <trunk|access|auto> Switch(config-if)#exit on off desirable To configure Vlans allowed on Trunk By default all Vlans are allowed on Trunk port. We can add/remove a partucular Vlan from trunk port with following command Switch#config ter Switch(config)#interface <type> <no> Switch(config-if)#switchport trunk allowed vlan all Remove <vlan> Add <vlan>
Except <vlan> To display trunk interfaces Switch#sh interface trunk Switch#sh interface <type> <no> trunk
With the help of VTP, we can simplify the process of creating Vlan. In multiple switches, we can configure one switch as VTP server and all other switches will be configured as VTP client. We will create Vlans on VTP server switch. The server will send periodic updates to VTP client switches. The clients will create Vlans from the update received from the VTP server. VTP server VTP server is a switch in which we can create, delete or modify Vlans. The server will send periodic updates for VTP clients. VTP client On VTP client, we are not able to create, modify or delete Vlans. The client will receive and forward vtp updates. The client will create same Vlans as defined in vtp update. VTP Transparent Transparent is a switch, which will receive and forward VTP update. It is able to create, delete and modify Vlans locally. A transparent will not send its own VTP updates and will not learn any information from received vtp update.
Client
Client
Client
Client
VTP Transparent Commands Switch#conf ter Switch(config)#vtp domain <name> Switch(config)#vtp password <word> Switch(config)#vtp mode <server|client|transparent> Switch(config)#exit By default in cisco switches the VTP mode is set as VTP server with no domain and no password. To display VTP status Switch#sh vtp status
VTP Pruning
Pruning is the VTP feature through which a trunk link can be automatically disable, for a particular Vlan if neighbor switch does not contain ports in that Vlan. Vlan1 is not prun eligible. Command to configure VTP Pruning We have to use only one command on VTP server for VTP Pruning.
Client Vlan 1 3 5 7
Client 1 3 5 7
Client 1 3 5 7
Router Fa 0/0
Fa 0/0.1 10.0.0.1 -> Vlan1 Fa 0/0.2 11.0.0.1 -> Vlan3 Fa 0/0.3 12.0.0.1 -> Vlan5
Trunk T
Vlan 1, 3, 5 T
T 1 3 5 1
T 3 5 1 3
T 5 12.x.x.x 12.0.0.1
11.x.x.x 11.0.0.1
Configuration on Router Router#config ter Router(config)#interface fastethernet 0/0 Router(config-if)#no ip address Router(config-if)#no sh Router(config-if)#exit Router(config)#interface fastethernet 0/0.1 Router(config-if)#encapsulation dot1q 1 Router(config-if)#ip address 10.0.0.1
Router(config)#interface fastethernet 0/0.2 Router(config-if)#encapsulation dot1q 3 Router(config-if)#ip address 11.0.0.1 255.0.0.0 Router(config-if)#no sh Router(config-if)#exit Router(config)#interface fastethernet 0/0.3 Router(config-if)#encapsulation dot1q 5
Configuration on Core switch (1) Configure switch as VTP server (2) Create Vlans (3) Configure interface connected to router as Trunk
(4) Configure interfaces connected to other switches as trunk (if required) Configuration on Distribution layer switches (1) Configure switch as VTP client (2) Configure required interface as Trunk (optional) (3) Add ports to Vlan Configuration on Pc Configure IP and Gateway
Problems the occur with redundancy path (1) Multiple copies of the frame will be received by destination. (2) Frequent changes in the mac address table of switch. (3) A mac address may appear at multiple ports in a switch. (4) Packets may enter in the endless loop. Spanning Tree Protocol will solve this problem by blocking the redundancy interface. So that only one path will remain active in the switches. If the primary path goes down then disabled link will become enable and data will be transferred through that path. Working of STP The STP will create a topology database in which one switch will be elected as root switch. Path cost is calculated on the basis of bandwidth. The lowest path cost link will be enable mode and another path will be disable. Root Switch 1 Gb Switch 100 Mb Switch 100 Mb 1 Gb Switch 100 Mb Switch
Lowest cost (Disable) STP terminology (1) Bridge id It is the combination of bridge priority and base mac address. In Cisco switches default priority no. is 32768. (2) Root Bridge The Bridge/Switch with lowest Bridge id will become the Root Bridge. The Root Bridge is used as the center point for calculating path cost in topology. (3) BPDU Bridging Protocol Data Units It is the STP information, which is exchange between the switches to create topology and path selection. (4) STP port mode An STP is enabled a port may be in one of the following mode. (i) Listening: - in this mode a port will send/receive BPD. (ii) Learning: - a port will learn mac address table. (iii) Forwarding: - the port will forward data based on mac address table. (iv) Blocking: - the port is block to send/receive data by Spanning Tree Protocol. (v) Disable: - the port is administratively disabled. Path cost calculation The links in switches will be enable or disabled on the basis of path cost. The path cost for each link is calculated according to following table. Speed 10 Mb 100 Mb 1 Gb 10 Gb Old IEEE Cost 100 10 1 1 New IEEE Cost 100 19 4 2
To configure ports for forwarding mode directly Switch#config ter Switch(config)#interface <type> <no> Switch(config-if)#switchport host Configuring port security In manageable switches, we can restrict the no. of mac addresses that a port can learn. Even we can specify the mac address statically with a command. With port security, we can also specify the action to be perform if port security violation is detected. Switch#conf ter Switch(config)#interface <type> <no> Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security Switch(config-if)#exit
maximum <no. of mac> violation <shutdown|restrict|reject> mac-address sticky mac-address sticky <mac address>
A Packet is received
No
No
Yes
Yes
Is it permit ?
No
IP Standard ACL (Numbered) In Standard ACL, we are only able to specify source address for the filtering of packets. The syntax to create IP standard ACL are: Router#conf ter
Router(config)#access-list <no> <permit|deny> <source> Router(config)#exit <source> Single pc host 192.168.10.5 192.168.10.5 192.168.10.5 0.0.0.0 200.100.100.0 0.0.0.255 200.100.100.32 0.0.0.15 any
Applying ACL on interface Router#conf ter Router(config)#interface <type> <no> Router(config-if)#ip access-group <ACL no.> <in|out> Router(config-if)#exit Rule for applying ACL Only one ACL can be applied on each interface, in each direction for each protocol. Example: - Suppose we want to allow Internet only for 192.168.10.32 70. Internet Router(config)#access-list 192.168.10.32 0.0..31 Router(config)#access-list 192.168.10.64 0.0.0.3 Router(config)#access-list 192.168.10.68 Router(config)#access-list 192.168.10.69 Router(config)#access-list 192.168.10.70 25 permit 25 permit 25 permit 25 permit 25 permit
Router
IP Standard ACL (Named) In Numbered ACL editing feature is not available that is we are not able to delete single rule from the ACL. In Named ACL editing feature is available. Router#config ter Router(config)#ip access-list standard <name> Router(config-std-nacl)#<deny|permit> <source> Router(config-std-nacl)#exit Router#conf ter Router(config)#ip access-list standard abc Router(config-std-nacl)#deny 172.16.0.16 Router(config-std-nacl)#deny 172.16.0.17 Router(config-std-nacl)#deny To modify the ACL Router#conf ter Router(config)#ip access-list standard abc Router(config-std-nacl)#no deny 172.16.0.17 Router(config-std-nacl)#exit
To control Telnet access using ACL If we want to control telnet with the help of ACL then we can create a standard ACL and apply this ACL on vty port. The ACL that we will create for vty will be permit deny order. Example: - suppose we want to allow telnet to our router from 192.168.10.5 & 200.100.100.30 pc. Router#conf ter Router(config)#access-list 50 permit 192.168.10.5 Router(config)#access-list 50 permit 192.168.10.30 Router(config)#access-list 50 deny Router(config)#line vty 0 4 Router(config-line)#access-class 50 in Router(config)#exit
Router(config)#access-list 160 deny icmp any any (All icmp data from any source to any destination is denied) To display ACL Router#show access-lists or Router#show access-list <no> To display ACL applied on interface Router#show ip interface
Example: - Extended ACL Suppose we want to control inbound traffic for our network. ACL should be designed according the following policy. (1) Access to web server (200.100.100.3) is allowed from any source. (2) FTP server (200.100.100.4) should be accessible only from branch office n/w (200.100.175.0/24). (3) ICMP & Telnet should be allowed only from remote pc 200.100.175.80 (4) Any pc can access DNS (200.100.100.8) 200.100.175.x
Route r
Route r
200.100.100.x Router(config)#access-list Router(config)#access-list 200.100.100.4 0.0.0.0 Eq 21 Router(config)#access-list Router(config)#access-list Router(config)#access-list 130 permit tcp any host 200.100.100.3 eq 80 130 permit tcp 200.100.175.0 0.0.0.255 130 permit icmp 200.100.175.80 0.0.0.0 any 130 permit tcp 200.100.175.80 0.0.0.0 any eq 23 130 permit udp any host 200.100.100.8 eq 53
to the ACL or not. ACLs can also be used to control traffic on VLANs. You just need to apply a port ACL to a trunk port. Switch#conf ter Switch(config)#mac access-list extended abc Switch(config-ext-mac)#deny any host 000d.29bd.4b85 Switch(config-ext-mac)#permit any any Switch(config-ext-mac)#do show access-list Switch(config-ext-mac)#int f0/6 Switch(config-if)#mac access-group abc
Reflexive ACLs
These ACLs filter IP packets depending upon upper-layer session information, and they often permit outbound traffic to pass but place limitations on inbound traffic. You can not define reflexive ACLs with numbered or standard IP ACLs, or any other protocol ACLs. They can be used along with other standard or static extended ACLs, but they are only defined with extended named IP ACLs.
Time-Based ACLs
In this you can specify a certain time of day and week and then identity that particular period by giving it a name referenced by a task. The reference function will fall under whatever time constraints you have dictated. The time period is based upon the routers clock, but it is highly recommended that using it in conjunction with Network Time Protocol (NTP) synchronization. Router#conf ter Router(config)#time-range no-http Router(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00 Router(config-time-range)#exit Router(config)#time-range tcp-yes Router(config-time-range)#periodic weekend 06:00 to 12:00 Router(config-time-range)#exit Router(config)ip access-list extended time Router(config-ext-nacl)#deny tcp any any eq www time-range no-http Router(config-ext-nacl)#permit tcp any any time-range tcp-yes Router(config-ext-nacl)#interface f0/0 Router(config-if)#ip access-group time in Router(config-if)#do show time-range
Remarks
Remarks are the comments or remarks regarding the entries you have made in both your IP Standard and Extended ACLs.
Router#conf ter Router(config)#access-list 110 remark <remark words> permit rahul from admin only to sale Router(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255 Router(config)#access-list 110 deny ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255 Router(config)#ip access-list extended no_telnet Router(config-ext-nacl)#remark deny all of finance from telnetting to sale Router(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.20.0 0.0.0.255 eq 23 Router(config-ext-nacl)#permit ip any any Router(config-ext-nacl)#do show run
Display CDP status Router#sh cdp To display CDP enabled interfaces Router#sh cdp interface To display CDP neighbors Router#sh cdp neighbor Or Router#sh cdp neighbor detail To disable CDP from device Router#conf ter Router(config)#no cdp run To disable CDP on particular interface Router#conf ter Router(config)#int <type> <no.> Router(config-if)#no cdp enable Router(cobfig-if)#exit To change CDP timers Router#conf ter Router(config)#cdp timer <value> (by default 60 sec)
Leased line ISDN Frame Relay ATM MLLN PSTN X.25 Radio Link For 2 locations Unlimited Maximum Factors to be considered while selecting a WAN technology (1) No. of locations (2) Hours of connectivity (3) Speed (4) Cost (Bandwidth + Distance) (5) Reliability
Maximum
WAN Encapsulation WAN encapsulation is used to convert a packet into frame and transfer data to WAN links, Different type of encapsulation are designed for different WAN technologies. The general format of WAN encapsulation is: Flag Address Control Data FCS Flag
FH Common WAN Encapsulation Point-to-Point Point-to-Point, Circuit Switch Frame Relay Frame Relay X.25 ISDN ATM
Packet
FT
HDLC PPP
Frame Relay Cisco Frame Relay IETF Link Access Procedure Based LAPB Link Access Procedure Based for D channel LAPD ATM Adaptation layer 5 AAL5
These WAN technologies are used to connect two locations with each other. It is the 24-hour high speed and reliable connectivity. We can setup this WAN technology in three steps: Step 1: - Connect the devices according to topology. Step 2: - Configure Modems. Step 3: - Configure Router.
Step 1 Point-to-Point WAN Topology (a) Campus n/w or Drop wire n/w Modem V.35 RS 232 EIA/TIA 530 Line 2 wire TP Or 4 wire TP Line
DB-60 Smart Serial Serial Router eth RJ-45 * Distance depends on modems & mostly up to 10-15 kms. Router
(b) Leased line via Service Provided G703 G704 Modem Line Local Loop Line Modem V.35 RS 232, EIA/TIA 530 R SS, DB-60 Modem Mux Exchange Mux Modem Local Loop
MLLN MUX
MLLN MUX
MLLN Modem
MLLN Modem
Route r
Route r
Radio Modem
Antenna
Radio Modem
(e) Radio Link using IDU & ODU Radio Modem ODU UTP or Coaxial Route r Radio Modem IDU Radio Modem IDU Route r ODU Out Door Unit Radio Modem ODU
Line 4 Wire 1 ------2 ------- Loop 1 3 4 ------- Loop2 5 -----6 7 8 2 Wire 1 2 3 4 ------- Signal 5 ------6 7 8
Step 2 Configurations of Modems We have to configure various parameters in the modem. There are three different methods to configure these parameters according to Modem. Method1) Configuration of modem using Jumper setting/ Dip switches. 2) Configuration of modem using LCD menu. 3) Configuration of Modem using Console/ Terminal. Step 3 Configuration of Router To configure Router for a Leased line scenario or Point-to-Point n/w, we have to set following parameters: 1) IP addresses 2) IP routing 3) WAN encapsulation
172.16.0.1 192.168.5.1
172.16.0.2 10.0.0.1
WAN Encapsulation
Two routers interfaces in Point-to-Point WAN must required to have same WAN encapsulation. Two types of WAN encapsulation are supported in this type of network. (1) HDLC
(2) PPP
PPP Different Manufacturer By default, Cisco routers will use Cisco HDLC encapsulation. We can change encapsulation by following command: Router#conf ter Router(config)#interface <type> <no> Router(config-if)#encapsulation ppp|hdlc
HDLC High Level Data Link Control HDLC is the modified form of SDLC (Synchronous Data Link Control). SDLC was developed by IBM for router to main frame communication. HDLC is modified for router-to-router communication. Most of manufacturer has developed their proprietary HDLC protocol. So HDLC from one manufacturer is not compatible for other. HDLC encapsulation is designed for Point-to-Point router communication. In HDLC no addressing is required, but still all station address is used in encapsulation. HDLC provides only basic features and error checking for the frame. PPP Point-to-Point Protocol PPP is an open standard WAN protocol that can be used in Point-to-Point and circuit switching networks. PPP provides various advantages as compared to HDLC. PPP has following special features: (1) Authentication (2) Multi Link (3) Compression (4) Call Back PPP at OSI layer A P S T N Lan, Wan Protocols P TCP/IP IPX/SPX PPP DL HDLC LAPB EE 8023 ARPA Network D A NCP T ------------------A LCP L I -------------------N HDLC Physical Three Phases of PPP (1) Link Control Protocol (LCP) This protocol negotiates the basic feature of PPP. It exchanges the parameter and option to be used with link. LCP supported features are: -
PPP
Authentication, Compression, Multi link & Call back (2) Authentication Phase - optional In this phase authentication is performed with peers with the help of one of the following protocol. (i) Password Authentication Protocol (ii) Challenge Handshake Authentication Protocol (iii) Microsoft CHAP (iv) Shiva PAP (clear text) (3) Network Control Protocol Phase (NCP) In this phase parameters for routed protocol are established. In NCP, there is one module for each router protocol. IPCP for TCP/IP IPXCP for IPX/SPX CDPCP for CDP etc. Configuring Authentication in PPP Example: Router 1 S0 Router 1 Router#config ter Router(config)#int serial 0 Router(config-if)# encapsulation ppp Router(config-if)# ppp authentication chap Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no sh Router(config-if)#exit Router(config)#hostname chd Router(config)#username ldh password net123 Router(config)#exit Router 2 Router#config ter Router(config)#int serial 1 Router(config-if)#encapsulation ppp Router(config-if)#ppp authentication chap Router(config-if)#ip address 10.0.0.2 255.0.0.0 Router(config-if)#no sh Router(config-if)#exit Router(config)#hostname ldh Router(config)#username chd password net123 Router(config)#exit Configuring Compression in PPP In PPP, one of the following three protocols can be used for compression (1) Stac (2) Predictor (3) Microsoft Point-to-Point Compression
Router 2 S1
Router#config ter Router(config)#interface <type> <no> Router(config-if)#encapsulation ppp Router(config-if)#compress <Stac|MPPC|Predictor> Router(config-if)#exit To display Compression Router#show compress PPP debug commands Router#debug ppp error Router#debug ppp authentication Router#debug ppp negotiation To display PPP status Router#show interface LCP Open LCP Closed LCP Request sent LCP Listen IPCP Open IPCP Closed CDPCP Open CDPCP Closed
Circuit Switching
In Circuit Switching, all users are connected to the Circuit Switching. Exchange cloud depending upon user request. A circuit is established between two locations and then data is transferred. A signaling protocol is used to establish the connectivity then data is transferred with the help of protocol used Point-toPoint WAN. Examples of Circuit Switching are: ISDN (Integrated Services Digital Network) PSTN (Public Switched Telephone Network)
ISDN is the high-end circuit switching technology, which is designed for voice, data and video. ISDN is the time division multiplexing technology, in which multiple channels are used to transfer rate.
ISDN
PRI
BRI
E1
T1
2 B Channels 1 D Channel
30 B Channels 1 D Channel
23 B Channels 1 D Channel
B Channel (Bearer Channel) This channel carries data using data encapsulation. D Channel (Data Channel) This channel carries signal using signaling protocol. Time Division Multiplexing in ISDN BRI B1 S1 B2 S D Ch S B1 S B2 S --
Network Termination 1 Send/Receive ISDN BRI Signals Network Termination 2 Share ISDN between multiple users Terminal Equipment 1 ISDN compatible device Terminal Equipment 2 Non-ISDN device Terminal Adapter
Connects ISDN line with Non-ISDN device Topology 1: - Voice ISDN Phone 1 ISDN Phone 2 Topology 2: - Voice 4 NT 1 4 2 wire ISDN Cloud
PC
USB TA Serial
NT 1
ISDN Cloud
Ph 1
Ph 2
Install TA in Pc, similar to External modem installation. Use Dialup Networking to connect Remote location. Topology 3: - Data Route r ISDN BRI S/T NT 1 ISDN Cloud
Router NT 1
ISDN BRI U
ISDN Cloud
Configuring ISDN BRI We will configure ISDN BRI for following two scenarios: (1) ISDN Branch office to Branch office connectivity. (2) ISDN Branch office to ISP Connectivity.
ISDN Branch office to Branch office ISDN Cloud ISDN Switch ISDN Switch
192.168.10.5 R1 Encapsulation - PPP Authentication - CHAP 172.16.0.1 Hostname R1 - Chd Hostname R2 - Del Password net123 Routing - Static 172.16.X.X Demand Dial Routing Steps: (1) Specify interesting Topic (2) Configure Route (3) Dial to Remote location (4) Negotiate Parameters (5) Transfer Data (6) Monitor interesting traffic (7) Disconnect the call R1 Router#config ter Router(config)#int eth0 Router(config-if)#ip address 172.16.0.1 255.255.0.0 Router(config-if)#no sh Router(config-if)#exit
192.168.10.6 R2
172.30.0.1
172.30.X.X
Router(config)#ip route 172.30.0.0 255.255.0.0 192.168.0.6 Router(config)#ip route 192.168.0.6 255.255.255.255 BRI 0 Router(config)#dialer-list 5 protocol ip permit Or Router(config)#access-list 20 deny 172.16.0.32 0.0.0.15 Router(config)#access-list 20 deny 172.16.0.20 Router(config)#access-list 20 permit any Router(config)#dialer-list 8 protocol ip list 20 Router(config)#isdn switch-type basic-net3 Router(config)#hostname Chd Router(config)#username Del password net123 Router(config)#int bri 0 Router(config-if)#encapsulation ppp Router(config-if)#ppp authentication chap Router(config-if)#ip address 192.168.10.5 255.255.255.0 Router(config-if)#dialer map ip 192.168.10.6 name Del 288288 Router(config-if)#dialer hold-queue 10 (no. of packets range 1 100) Router(config-if)#dialer-group 8 Router(config-if)#dialer idle-timeout 180 Router(config-if)#no sh (if no response from the dialer connection break) Router(config-if)#exit R2 Router#config ter Router(config)#int eth0 Router(config-if)#ip address 172.30.0.1 255.255.0.0 Router(config-if)#no sh Router(config-if)#exit Router(config)#ip route 172.16.0.0 255.255.0.0 192.168.0.5 Router(config)#ip route 192.168.0.5 255.255.255.255 BRI 0 Router(config)#dialer-list 5 protocol ip permit Or Router(config)#access-list 30 deny 172.30.0.32 0.0.0.15 Router(config)#access-list 30 deny 172.30.0.20 Router(config)#access-list 30 permit any Router(config)#dialer-list 8 protocol ip list 30 Router(config)#isdn switch-type basic-net3 Router(config)#hostname Del Router(config)#username Chd password net123 Router(config)#int bri 0 Router(config-if)#encapsulation ppp Router(config-if)#ppp authentication chap Router(config-if)#ip address 192.168.10.6 255.255.255.0 Router(config-if)#dialer map ip 192.168.10.5 name Chd 306306 Router(config-if)#dialer hold-queue 10
Router(config-if)#dialer-group 8 Router(config-if)#dialer idle-timeout 180 Router(config-if)#no sh Router(config-if)#exit ISDN Branch office to ISP Internet
NT1
DNS Route r ISP Parameter Ph no. Username Password ISDN Service Provider Switch Type Router#config ter Router(config)#int eth 0 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no sh Router(config-if)#exit Router(config)#ip route 0.0.0.0 0.0.0.0 bri 0 Router(config)#dialer-list 7 protocol ip permit Router(config)#isdn switch-type basic-net3
Router(config)#int bri 0 Router(config-if)#ip address negotiated Router(config-if)#encapsulation ppp Router(config-if)#ppp authentication chap pap call in Router(config-if)#ppp pap sent-username <ispuser> password <word> Router(config-if)#ppp chap hostname <ispuser> Router(config-if)#ppp chap password <word> Router(config-if)#dialer string 383843 Router(config-if)#dialer-group 7 Router(config-if)#dialer-idle timeout 180 Router(config-if)#dialer hold-queue 10
Router(config-if)#no sh Router(config-if)#exit NAT for ISDN dialup ISP connectivity Router#conf ter Router(config)#int eth 0 Router(config-if)#ip nat inside Router(config-if)#int bri 0 Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#access-list 50 permit any Router(config)#ip nat inside source list 50 interface bri 0 overload Testing and Troubleshooting of ISDN (i) To display present active call Router#sh isdn active (ii) To display history of calls Router#sh isdn history (iii) To display ISDN status Router#sh isdn status Layer1 = Active Layer2 Multiple frame established Layer3 1 Active layer call or 2 Active layer 3 call (iv) To place ISDN test call Router#isdn call interface <type> <no> <phone no> (v) To disconnect a call Router#isdn disconnect interface bri 0 <no> all Debug Commands Interesting traffic or dialer Router#debug dialer events Router#debug dialer packets ISDN problem Router#debug isdn events Router#debug isdn 2921 Error code at cisco.com Router#debug isdn 2931 PPP problem Router#debug ppp negotiation Router#debug ppp authentication Router#debug ppp error
Configuring ISDN multi-link An ISDN multiple channels can be combined to dial the same location and transport data for this purpose. We will use PPP multi-link and Cisco bandwidth on demand configuration. Router#conf ter Router(config)#int bri 0 Router(config-if)#ppp multilink Router(config-if)#dialer load-throshold <value> either (inbound or outbound) 1-255 Router(config-if)#exit
Packet Switching
Packet Switching is the wan technology in which all devices are connected to the packet switching exchange. The devices will request packet switching exchange to create a virtual connection then data is transferred over the virtual connection. It is possible to create more than one virtual connection and transfer data over them one by one. Example of Packet Switching Technology are: (1) X.25 (2) Frame Relay Frame Relay Frame Relay is the Packet switching technology in which virtual connections are established. The frame relay supports only permanent virtual connections. Frame used special addresses called DLCI to create common and virtual connections.
FR SW
4 wire Tp Line
FR Modem
DB-60, Smart Serial Route r Virtual Circuit In packet switching technology there are two types of virtual circuits: (1) Switched Virtual Circuit (SVC) (2) Permanent Virtual Circuit (PVC) Only PVC is supported in Frame Relay technology.
Switch
Frame Relay DLCI DLCI stands for Data Link Control Identifier. It is used for addressing purpose. In frame Relay Encapsulation, Virtual Circuits are established and data is transferred on the basis of DLCI. DLCI addresses are different from general addressing scheme. One DLCI address provided for each virtual circuit that we want to create. DLCI range 16 - 1017
Cisco
any
Frame Relay Local Management Interface LMI are the keepalive signals, which are used to keep the virtual circuit up and running. LMI are exchange between frame relay switch and router. We have to set same LMI on router as specified by the service provider. There are three types of LMI that we can use (1) CISCO (2) Q933a (3) ANSI R1 Router#config ter Router(config)#int eth0 Router(config-if)#ip address 172.16.0.1 255.255.0.0 Router(config-if)#no sh Router(config-if)#exit Router(config)#ip route 172.30.0.0 255.255.0.0 192.168.10.2 Router(config)#int serial 0 Router(config-if)#encapsulation frame-relay Router(config-if)#frame-relay lmi-type cisco Router(config-if)#ip address 192.168.10.1 255.255.255.0 Router(config-if)#frame-relay interface-dlci 300 Router(config-dlci)#exit Router(config-if)#frame-relay map ip 192.168.10.2 300 Router(config-if)#no sh Router(config-if)#exit R2 Router#config ter Router(config)#int eth0 Router(config-if)#ip address 172.30.0.1 255.255.0.0 Router(config-if)#no sh Router(config-if)#exit
Router(config)#ip route 172.16.0.0 255.255.0.0 192.168.10.1 Router(config)#int serial 0 Router(config-if)#encapsulation frame-relay Router(config-if)#frame-relay lmi-type cisco Router(config-if)#ip address 192.168.10.2 255.255.255.0 Router(config-if)#frame-relay interface-dlci 400 Router(config-dlci)#exit Router(config-if)#frame-relay map ip 192.168.10.1 400 Router(config-if)#no sh Router(config-if)#exit Configuring Frame Relay Point to Point connectivity
Cisco
SW
FR
SW
ANSI
M 400 for R1
192.168.10.1 R1 172.16.0.1
192.168.10.2 R2 172.30.0.1
Advantage of NAT
There are two reasons due to which we use NAT: (1) Conserve Live IP address On Internet, there are limited no of IP addresses. If our Clients wants to communicate on Internet then it should have a Live IP address assigned by our ISP. So that IP address request will depend on no. of PCs that we want to connect on Internet. Due to this, there will be a lot of wastage in IP addresses. To reduce wastage, we can share live IP addresses between multiple PCs with the help of NAT. (2) NAT enhances the network security by hiding PC & devices behind NAT.
NAT Terms:
Inside Interface: The interface connected to inside local network Outside Interface: The interface connected to outside internet. Inside Local: IP address assigned to local network by administrator from Private IP range. Inside Global: IP address assigned by ISP for Local LAN from Public IP range.
10.0.0.5
10.0.0.7
Types of NAT
Static NAT This NAT is used for servers in which one Live IP is directly mapped to one Local IP. This NAT will forward on the traffic for the Live IP to the Local PC in the n/w. Static NAT 200.1.1.5 = 192.168.10.6 Route r Internet Live 200.1.1.5
Local 192.168.10.6 Port Based Static NAT This NAT is also used for servers. It provides port-based access to the servers with the help of NAT. 200.1.1.5:80 -> 192.168.10.6 200.1.1.5:53 -> 192.168.10.7 Route r
Internet
Web 192.168.10.6
DNS 192.168.10.7
Dynamic NAT using Pool Dynamic NAT is used for clients, which want to access Internet. The request from multiple client IPs are translated with the Live IP obtained from the Pool. It is also called Pool Based Dynamic NAT. Pool => 200.1.1.8 200.1.1.12/28 Local address => 172.16.X.X
Internet
Pool allotted => 200.1.1.0 15/28 Server Static => 200.1.1.3 = 172.16.0.7 Port Based Static NAT 200.1.1.4:53 = 172.16.0.6 200.1.1.4:80 = 172.16.0.5 Client Dynamic NAT Pool => 200.1.1.8 200.1.1.12/28 Local address => 172.16.0.X Configuring NAT Router#conf ter Router(config)#int serial 0 Router(config-if)#ip nat outside Router(config-if)#int eth 0 Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3 Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80 Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53 Router(config)#access-list 30 permit any Router(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240 Router(config)#ip nat inside source list 30 pool abc overload To display NAT translation Router#sh ip nat translations (after ping any address, it shows ping details) To clear IP NAT Translation Router#clear ip nat Translation *