Your SlideShare is downloading. ×
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Nat report
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Nat report

279

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
279
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. , SIX WEEKS INDUSTRIAL TRAINING REPORT On “CCNA” In partial fulfillment of the degree of Bachelor of Technology in Electronics and communication Engineering AT “NETMAX TECHNOLOGIES PATIALA” Submitted to Guided by Submitted byMr. Barinder Singh DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING RIMT-INSTITUTE OF ENGINEERING AND TECHNOLOGY MANDI GOBINDGARH-147301 Page | 1
  • 2. ACKNOWLEDGEMENTWhile presenting this report I would like to express my deep sense of gratitude to entireNETMAX staff that were indispensable part of my training giving me unending guidance,inspiration, encouragement and providing me excellent environment throughout my training atNETMAX TECHNOLOGIES. The training was an extremely productive & enrichingexperience, not only technically but also from providing some practical skills.I am extremely thankful to Mr.Barinder Singh who had devoted a lot of time in guiding andsupervising me during my training.I must place my gratitude towards Prof. Rajneesh Talwar (H.O.D. of E.C.E. Dept.) for theirvaluable advice and guidance in carrying out this enjoyable and productive experience, whichprovided me a great opportunity to search new horizons. Ashima Malhotra Page | 2
  • 3. PREFACETechnology has rapidly grown in past two-three decades. An engineer without practicalknowledge and skills cannot survive in this technical era. Theoretical knowledge does matter butit is the practical knowledge that is the difference between the best and the better. Organizationsalso prefer experienced engineers than fresher ones due to practical knowledge and industrialexposure of the former. The practical training is highly conductive for solid foundation for:- 1. Knowledge and personality 2. Exposure to industrial environment. 3. Confidence building. 4. Enhancement of creativity. Page | 3
  • 4. TABLE OF CONTENTSSr. No. DESCRIPTION PAGE NO. 1. COMPANY PROFILE 32 2. INTRODUCTION TO CCNA 35 3. BASIC 35 4. IP ADDRESS V4 49 5. IP ROUTING 51 6. LAN SWITCHING 63 7. ACL 68 8. NAT 72 9. PROJECT 76 10. REFERCENCES 83 Page | 4
  • 5. INTRODUCTION NETMAX TECHNOLOGIES, SCO 52, 2ND FLOOR LEELA BHAWAN PATIALA .COMPANY PROFILENETMAX TECHNOLOGIES as an organization is established in 2001 in the field of NetworkSupport, Network training, Software training and Embedded systems.In Education, we have strategic alliance with Pearson VUE and Prometric. We are authorizedTesting Partner of REDHAT & CISCO. We are also NOVELL EDUCATION PARTNER withwhich we provide NOVELL and SUSE LINUX courses. NetMax Technologies also conductcourses in CADENCE based design tools.NETMAX TECHNOLOGIES also provide Technical Research & Development support andconsultancy to some electronics companies.Our clients for R&D support in field of embedded systems:  Recorders and Medicare Ltd Chandigarh.  TELEBOX India Ltd.  Lotus Machines Pvt. Ltd. Chandigarh.  Impearl Electronics Pvt. Ltd. Chandigarh.  KANTA Electrical Ltd. Mohali.The partial list of our client for network field is as below:  CEDTI, Mohali  Premier ISP, Chandigarh  Innovative solutions, Chandigarh  Emmtel ISP, Chandigarh  NIPER, Mohali  Navik Technologies, Chandigarh  Software Technology Parks India, Mohali  Glide Internet Services  Rana Group  IDS  HFCL Infotel Ltd.  Targus Technologies Pvt Ltd  STPI, Mohali  BBMB  The Tribune Page | 5
  • 6.  Ind SwiftOUR TEAMWe are a strong technical team of certified professionals for catering to these solutions and havepresence in Chandigarh and Punjab. We have skilled team of engineers who are experienced indesign, programming. We are having more than 15 engineers who are having prestigiouscertifications like CCNA, CCNP, CCSP, CCSA, MCSE, RHCE,C++,C,JAVA & PhP, MySqlProgramming.Support Area (network solutions):  LINUX / UNIX networks  SUN networks  CISCO devices (Routers, Switches, Firewalls, Cache Engine, RAS etc)  Bandwidth Manager software and hardware  Radio Links  Security Solutions NETMAX TECHNOLOGIES provide the following Courses in IT & Embedded Systems givenbelow:Network Training:  CISCO CCNA, CCNP  RED HAT LINUX 5  WINDOWS 2000, 2003 (MCP,MCSA & MCSE)  MCITP 2008.Software Training:  C++  C  JAVA ( CORE JAVA & ADVANCE JAVA)  ASP.NET  PHP My sql Programming. We provide Technical support and consultancy to electronics companies in the fieldof Embedded micro controllers like 8 bit and 16 bit family based embedded system design,analog systems design(including signal conditioning circuits, filter design, etc) ,precision signalamplifier design for applications like ECG, low power design, precision temperaturemeasurement etc .Power electronics including dc/dc converters, ac/dc converters,thyristor firingbased circuit, battery charging and monitor circuits etc. Application of Embedded systems andanalog control systems in industrial as well as home automation.Our core strengths are our commitment, technical expertise and cost effective solutions.We ensure high service levels and prompt support availability leading to lower downtime. Page | 6
  • 7. NETMAX TECHNOLOGIES is a leader in education services and developer of innovativeembedded solutions. To meet the demands of Post PC era, NeTmax provides complete solutionsas well as design-to-order services to satisfy our customers.NETMAX TECHNOLOGIES:  BARINDER SINGH, 9914713373  HARPREET SINGH, 9814900118HEAD OFFICE:NETMAX TECHNOLOGIES, SCO 58-59, Sector 34A, Chandigarh.0172-4644644Branch Office:NETMAX TECHNOLOGIES, SCO 52 2ND FLOOR LEELA BHAWAN PATIALA.0175- 5018351,9914713373, 9814900118. Page | 7
  • 8. INTRODUCTION TO CCNAWhat is Network?In one network more than one computer connected with each other through centralized device.They can share files and resources with each other.LANLAN stands for Local Area Network. The scope of the LAN is within one building, one schoolor within one lab. In LAN (Hub), media access method is used CSMA/CD in which eachcomputer sense the carrier before sending the data over the n/w. if carrier is free then you cantransmit otherwise you have to wait or you have to listen. In multiple access each computer haveright that they can access each other. If two computers sense the carrier on same time then thecollision occur. Each computer, in the network, aware about the collision. Now this stoptransmitting and they will use back off algorithm. In which random number is generated. Thisnumber or algorithm is used by each computer. Who has short number or small number, he hasfirst priority to transmit the data over the network and other computers will wait for their turn.WANWAN stands for Wide Area Network, in which two local area networks are connected throughpublic n/w. it may be through telecommunication infrastructure or dedicated lines. For e.g: -ISDN lines, Leased lines etc.In which we can use WAN devices and WAN technology. You can also connect with yourremote area through existing Internetwork called Internet.DevicesHubHub is centralized device, which is used to connect multiple workstations. There are two types ofHub: -(i) Active Hub(ii) Passive Hubit has no special kind of memory. It simply receives the frame (data) and forwards it to all itsnodes except the receiving node. It always performs broadcasting. In case of hub, there is onecollision domain and one broadcast domain. In case of hub, the media access method is usedCSMA/CD (Carrier Sense Multiple Access/Collision Detection).(i) Active Hub In Active hub, it receives the frame regenerate and then forward to all its nodes. Page | 8
  • 9. (ii) Passive Hub In Passive hub, it simply receives the frame and forward to all its connected nodes.You cannot perform LAN segmentation using hub.SwitchSwitch is also used to connect multiple workstations. Switch is more intelligent than hub. It hasspecial kind of memory called mac address/filter/lookup table. Switch reads mac addresses.Switch stores mac addresses in its filter address table. Switch when receives frame, it reads thedestination mac address and consult with its filter table. If he has entry in its filter table then heforwards the frame to that particular mac address, if not found then it performs broadcasting toall its connected nodes. Every port has its own buffer memory. A port has two queues one is input queue andsecond is output queue. When switch receives the frame, the frame is received in input queue andforward from output queue. So in case of switch there is no chance or place for collisions. In caseof switch, the media access method is used CSMA/CA (Carrier Sense Multiple Access/ CollisionAvoidance). Switches provide more efficiency, more speed and security.There are two types of switches: -(i) Manageable switches (can be configured with console cable).(ii) Non-manageable switches.We can perform LAN segmentation by using switches.BridgeBridge is a hardware device, which is used to provide LAN segmentation means it is used forbreak the collision domain. It has same functionality as performed by switch. We can use bridgebetween two different topologies. It has fewer ports. Each port has a own buffer memory. Itworks on Data Link Layer of OSI model. It also read mac address and stores it in its filter table.In case of bridge there is one broadcast domain.RouterRouter is hardware device, which is used to communicate two different networks. Routerperforms routing and path determination. It does not perform broadcast information. There aretwo types of routers: -(i) Hardware Routers are developed by Cisco, HP.(ii) Software Routers is configured with the help of routing and remote access. This feature isoffered by Microsoft. This feature is by default installed, but you have to enable or configure it.Hardware routers are dedicated routers. They are more efficient.But in case of software routers, it has less features, slow performance. They are not very muchefficient. Page | 9
  • 10. Lan CardLan card is media access device. Lan card provide us connectivity in the network. There is aRJ45 (Registered Jack) connector space on the Lan card. RJ45 is used in UTP cable. There isanother led which is also called heartbeat of Lan card. When any activity occur it may bereceiving or transmitting any kind of data. This led start blinking and also tell us the status of lancard.LAN TopologiesBUS TopologyCable Type – CoaxialConnector Type – BNC (Bayonet Neill-Concelman), T type, TerminatorCoaxial – Thick Maximum length – 500 meters N/w devices 100Coaxial – Thin Maximum length – 185 meters N/w devices 30 Page | 10
  • 11. Star TopologyCable type - UTPConnector type - RJ45Maximum Length – 100 meters (with proper color coding)UTP (Unshielded Twisted Pair)STP (Shielded Twisted Pair)In case of hub media access method will be CSMA/CD. Page | 11
  • 12. Ring TopologyCable - UTPThere is token ring method used, so there is no collision chance.Ethernet FamilySpeed Base band10 Base 2 200-meter Coaxial cable10 Base 5 500-meter Thick Coaxial cable10 Base T 100 meter Twisted Pair (UTP)10/100(present) Base TX 100 meter UTP100 Base T4 100 meter UTP 4 Pairs used100 Base FX up to 4 kms Fiber Optic1000(Server) Base TX 100 meter UTP1000 Base FX up to 10 kms Fiber Optic10000 Base FX Fiber OpticColorGreen – Green whiteOrange – Orange whiteBlue – Blue whiteBrown – Brown whiteGreen cable has maximum twists. Page | 12
  • 13. Pin Configuration Cross Straight1 3 1 12 6 2 23 1 3 36 2 6 6Straight Cable1 Orange white - Orange white2 Orange - Orange3 Green white - Green white4 Blue - Blue5 Blue white - Blue white6 Green - Green7 Brown white - Brown white8 Brown - Brown Cross Cable1 Orange white - Green white2 Orange - Green3 Green white - Orange white4 Blue - Blue5 Blue white - Blue white6 Green - Orange7 Brown white - Brown white8 Brown - Brown Page | 13
  • 14. RJ45 ConnectorOSI (Open Systems Interconnection) ModelOSI model is the layer approach to design, develop and implement network. OSI providesfollowing advantages: - (i) Designing of network will be standard base. (ii) Development of new technology will be faster. (iii) Devices from multiple vendors can communicate with each other. (iv) Implementation and troubleshooting of network will be easy. (1) Application Layer: - Application layer accepts data and forward into the protocol stack. It creates user interface between application software and protocol stack. (2) Presentation Layer: - This layer decides presentation format of the data. It also able to performs other function like compression/decompression and encryption/decryption. (3) Session Layer: - This layer initiate, maintain and terminate sessions between different applications. Due to this layer multiple application software can be executed at the same time. (4) Transport Layer: - Transport layer is responsible for connection oriented and connection less communication. Transport layer also performs other functions like a. Error checking b. Flow Control Buffering Windowing Multiplexing c. Sequencing d. Positive Acknowledgement e. Response Page | 14
  • 15. (5) Network Layer This layer performs function like logical addressing and path determination. Each networking device has a physical address that is MAC address. But logical addressing is easier to communicate on large size network. Logical addressing defines network address and host address. This type of addressing is used to simplify implementation of large network. Some examples of logical addressing are: - IP addresses, IPX addresses etc. (6) Data Link Layer The functions of Data Link layer are divided into two sub layers a. Logical Link Control b. Media Access Control (i) Logical Link Control defines the encapsulation that will be used by the NIC to delivered data to destination. Some examples of Logical Link Control are ARPA (Ethernet), 802.11 wi-fi. (ii) Media Access Control defines methods to access the shared media and establish the identity with the help of MAC address. Some examples of Media Access Control are CSMA/CD, Token Passing. (7) Physical Layer Physical Layer is responsible to communicate bits over the media this layer deals with the standard defined for media and signals. This layer may also perform modulation and demodulation as required.Router Architecture Page | 15
  • 16. LAN Processor I/O Controlle WAN r Memory Controller RAM BIOS ROM Flash RAM Incomplete O/S IOS IOS NVRAMStartup Configuration Non-Volatile RAMRouter Access ModesWhen we access router command prompt the router will display different modes. According tothe modes, privileges and rights are assigned to the user.User mode Page | 16
  • 17. In this mode, we can display basic parameter and status of the router we can test connectivity andperform telnet to other devices. In this mode we are not enable to manage & configure router.Privileged modeIn this mode, we can display all information, configuration, perform administration task,debugging, testing and connectivity with other devices. We are not able to perform hereconfiguration editing of the router. The command to enter in this mode is ‘enable’. We have to enter enable passwordor enable secret password to enter in this mode. Enable secret has more priority than enablepassword. If both passwords are configured then only enable secret will work.Global configurationThis mode is used for the configuration of global parameters in the router. Global parametersapplied to the entire router.For e.g: - router hostname or access list of routerThe command enter in this mode is ‘configure terminal’.Line configuration modeThis mode is used to configure lines like console, vty and auxiliary. There are main types of linethat are configured.(i) Console router(config)#line console 0(ii) Auxiliary router(config)#line aux 0(iii) Telnet or vty router(config)#line vty 0 4Interface configuration modeThis mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI etc.Router(config)#interface <type> <number>Router(config)#interface serial 1Routing configuration modeThis mode is used to configure routing protocol like RIP, EIGRP, OSPF etc. Page | 17
  • 18. Router(config)#router <protocol> [<option>]Router(config)#router ripRouter(config)#router eigrp 10Configuring PasswordThere are five types of password available in a router(1) Console Password router#configure terminal router(config)#line console 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exitto erase password do all steps with no command.(2) Vty Passwordrouter>enablerouter#configure terminalrouter(config)#line vty 0 4router(config-line)#password <word>router(config-line)#loginrouter(config-line)#exit(3) Auxiliary Passwordrouter#configure terminalrouter(config)#line Aux 0router(config-line)#password <word>router(config-line)#loginrouter(config-line)#exit(4) Enable Passwordrouter>enablerouter#configure terminalrouter(config)#enable password <word>router(config)#exit(5) Enable Secret PasswordEnable Password is the clear text password.Router>enableRouter#configure terminalRouter(config)#enable secret <word>Router(config)#exit Page | 18
  • 19. Encryption all passwordsAll passwords other than enable secret password are clear text password. We can encrypt allpasswords using level 7 algorithm. The command to encrypt all password areRouter#configure terminalRouter(config)#service password-encryptionManaging ConfigurationThere are two types of configuration present in a router(1) Startup Configuration(2) Running Configuration(1) Startup configuration is stored in the NVRAM. Startup configuration is used to save settingsin a router. Startup configuration is loaded at the time of booting in to the Primary RAM.(2) Running Configuration is present in the Primary RAM wherever we run a command forconfiguration, this command is written in the running configuration.To save configurationRouter#copy running-configuration startup-configurationOrRouter#writeTo display running-configurationRouter#show running-configurationTo display startup configurationRouter#show startup-configurationTo erase old configurationRouter#erase startup-configurationConfiguring HostNameRouter#configure terminalRouter#hostname <name><name>#exit or end or /zConfiguration Interfaces Page | 19
  • 20. Interfaces configuration is one of the most important part of the router configuration. By default,all interfaces of Cisco router are in disabled mode. We have to use different commands as ourrequirement to enable and configure the interface.Configuring IP, Mask and Enabling the InterfaceRouter#configure terminalRouter(config)#interface <type> <no>Router(config-if)#ip address <ip> <mask>Router(config-if)#no shutdownRouter(config-if)#exitTo configure Interface descriptionRouter#configure terminalRouter(config)#interface <type> <no>Router(config-if)#description <line>To display interface statusRouter#show interfaces (to show all interfaces)Router#show interface <type> <no>This command will display following parameters about an interface 1) Status 2) Mac address 3) IP address 4) Subnet mask 5) Hardware type / manufacturer 6) Bandwidth 7) Reliability 8) Delay 9) Load ( Tx load Rx load) 10) Encapsulation 11) ARP type (if applicable) 12) Keep aliveConfiguring secondary IPRouter#config terminalRouter(config)#interface <type> <no>Router(config-if)#IP address 192.168.10.5 255.255.255.0Router(config-if)#IP address 192.168.10.18 255.255.255.0 secondaryRouter(config-if)#no shutdown (to enable the interface because they always shutdown) Page | 20
  • 21. Router(config-if)#exitRouter#show run (to display secondary IP)To display commands present in historyRouter#show historyTo display history sizeRouter#show terminalConfiguring BannersBanners are just a message that can appear at different prompts according to the type. Differentbanners are: -Message of the day (motd)This banner appear at every access method IP Address v4IP address is a 32-bit address. It is divided into four octets. Each octet has 8 bits. It has two partsone is network address and second is host address. in local area network, we can used private IPaddress, which is provided by IANA (Internet Assigning Numbering Authority). IP addresses aredivided into five classes. Page | 21
  • 22. Class Range N/w bits Host bits Subnet mask Total IP Valid IPA 1 – 126 8 24 255.0.0.0 16777216 16777214B 128 – 191 16 16 255.255.0.0 65536 65534C 192 – 223 24 8 255.255.255.0 256 254D 224 – 239 it is reserved for multicast.E 240 – 255 it is reserved for research/scientific use.We can use first three classes. IANA provides private IP addresses from first three classes.Class Private IP RangeA 10.0.0.0 – 10.255.255.255B 172.16.0.0 – 172.31.255.255C 192.168.0.0 – 192.168.255.255Subnet MaskSubnet mask is also 32-bit address, which tell us how many bits are used for network and howmany bits are used for host address.In Subnet mask Network bits are always 1 and Host bits are always 0.IP Addresses invalid or reserve IP AddressesWhen we are going to assign IP addresses to our computers then we have to follow some rules.Rules: -(1) All Host bits cannot be 0 (10.0.0.0), because it represent network address which is reservedfor router.(2) All Host bits cannot be 1 (10.255.255.255), because this is broadcast address of that network(10th network).(3) All bits cannot be 0 (0.0.0.0), because this address is reserved for Default routing. Defaultrouting is used in case of Stub n/w (means our network has one exit point).(4) All bits cannot be 1 (255.255.255.255), because this is reserved for Broadcasting.(5) 127.0.0.1 - This is Loopback address, which is used for self-communication ortroubleshooting purpose.C:>ipconfigC:>ipconfig/all Page | 22
  • 23. It shows all detail. IP RoutingWhen we want to connect two or more networks using different n/w addresses then we have touse IP Routing technique. The router will be used to perform routing between the networks. Arouter will perform following functions for routing. (1) Path determination (2) Packet forwarding Page | 23
  • 24. (1) Path determination The process of obtaining path in routing table is called path determination. There are threedifferent methods to which router can learn path.i) Automatic detection of directly connected n/w.ii) Static & Default routingiii) Dynamic routing(2) Packet forwarding It is a process that is by default enable in router. The router will perform packet forwardingonly if route is available in the routing table. Static RoutingIn this routing, we have to use IP route commands through which we can specify routes fordifferent networks. The administrator will analyze whole internetwork topology and then specifythe route for each n/w that is not directly connected to the router.Steps to perform static routing(1) Create a list of all n/w present in internetwork.(2) Remove the n/w address from list, which is directly connected to n/w.(3) Specify each route for each routing n/w by using IP route command.Router(config)#ip route <destination n/w> <mask> <next hop ip>Next hop IP it is the IP address of neighbor router that is directly connected our router.Static Routing Example: -Router#conf terRouter(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2Advantages of static routing(1) Fast and efficient.(2) More control over selected path.(3) Less overhead for router.Disadvantages of static routing(1) More overheads on administrator.(2) Load balancing is not easily possible.(3) In case of topology change routing table has to be change manually. Page | 24
  • 25. Alternate command to specify static routeStatic route can also specify in following syntax: -OldRouter(config)#ip route 172.16.0.0 255.255.0.0 172.25.0.2OrRouter(config)#ip route 172.16.0.0 255.255.0.0 serial 0Default RoutingDefault routing means a route for any n/w. these routes are specify with the help of followingsyntax: -Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop> Or <exit interface>To display routing tableRouter#sh ip routeTo check all the interface of a routerRouter#sh interface brief Dynamic RoutingIn dynamic routing, we will enable a routing protocol on router. This protocol will send itsrouting information to the neighbor router. The neighbors will analyze the information and writenew routes to the routing table. The routers will pass routing information receive from one router to other router also. Ifthere are more than one path available then routes are compared and best path is selected. Someexamples of dynamic protocol are: -RIP, IGRP, EIGRP, OSPFTypes of Dynamic Routing ProtocolsAccording to the working there are two types of Dynamic Routing Protocols.(1) Distance Vector(2) Link StateAccording to the type of area in which protocol is used there are again two types of protocol: - Page | 25
  • 26. (1) Interior Routing Protocol(2) Exterior Routing Protocol Autonomous systemAutonomous system is the group of contiguous routers and n/w, which will share their routinginformation directly with each other. If all routers are in single domain and they share theirinformation directly with each other then the size of routing updates will depend on the no. ofn/w present in the Internetwork. Update for each n/w may take 150 – 200 bytes information.For example: - if there are 1000 n/ws then size of update will be 200*1000 = 200000 bytesThe routing information is send periodically so it may consume a large amount of bandwidth inour n/w. Border Exterior Routing Routing Interior Routing AS AS 200 ASDomain 400 500ProtocolsDistance Vector RoutingThe Routing, which is based on two parameters, that is distance and direction is called DistanceVector Routing. The example of Distance Vector Routing is RIP & IGRP.Operation: - Page | 26
  • 27. (1) Each Router will send its directly connected information to the neighbor router. Thisinformation is send periodically to the neighbors.(2) The neighbor will receive routing updates and process the route according to followingconditions: - (i) If update of a new n/w is received then this information is stored in routing table. (ii) If update of a route is received which is already present in routing table then route willbe refresh that is route times is reset to zero. (iii) If update is received for a route with lower metric then the route, which is already presentin our routing table. The router will discard old route and write the new route in the routing table. (iv) If update is received with higher metric then the route that is already present in routingtable, in this case the new update will be discard.(3) A timer is associated with each route. The router will forward routing information on allinterfaces and entire routing table is send to the neighbor. There are three types of timersassociated with a route.Configuring RIPRouter#conf terRouter(config)#router ripRouter(config-router)#network <own net address>Router(config-router)#network <own net address>---------------------------- Page | 27
  • 28. Router(config-router)#exit 172.16.0.6 10.0.0.1 172.16.0.5 175.2.1.1 R 1 200.100.100.12Router(config-router)#network 10.0.0.0Router(config-router)#network 172.16.0.0Router(config-router)#network 200.100.100.0175.2.0.0 via 172.16.0.6 Configuring IGRPRouter(config)#router igrp <as no>(1 – 65535)Router(config-router)#network <net address>Router(config-router)#network <net address>Router(config-router)#exit Serial E1 modem Serial E1 2048 k 2048 k 256 k Page | 28
  • 29. syncConfiguring following options in IGRP as same as in case of RIP: -(1) Neighbor(2) Passive interface(3) Timer(4) Distance (AD)(5) Maximum path Link State RoutingThis type of routing is based on link state. Its working is explain as under(1) Each router will send Hello packets to all neighbors using all interfaces.(2) The router from which Hello reply receive are stored in the neighborship table. Hello packetsare send periodically to maintain the neighbor table. Page | 29
  • 30. (3) The router will send link state information to the all neighbors. Link state information fromone neighbor is also forwarded to other neighbor.(4) Each router will maintain its link state database created from link state advertisementreceived from different routers.(5) The router will use best path algorithm to store the path in routing table.Problems of Link State RoutingThe main problems of link state routing are: -(1) High bandwidth consumption.(2) More hardware resources required that is processor and memory (RAM)The routing protocols, which use link state routing are: -(1) OSPF(2) EIGRPEnhanced Interior Gateway Routing ProtocolFeatures: -* Cisco proprietary* Hybrid protocol Link State Distance Vector* Multicast Updates using Address 224.0.0.10* Support AS* Support VLSM* Automatic Route Summarization* Unequal path cost load balancing* Metric (32 bit composite) Bandwidth Delay Load Reliability MTU* Neighbor Recovery* Partial updates* Triggered updates* Backup RouteConfiguring EIGRPRouter(config)#router eigrp <as no>Router(config-router)#network <net addr.>Router(config-router)#network <net addr.>Router(config-router)#exit Page | 30
  • 31. OSPF TerminologyAlready known topics in this: -(1) Hello packets(2) LSA (Link State Advertisement)(3) Neighbor(4) Neighbor table(5) Topology table (LSA database)Router IDRouter ID is the highest IP address of router interfaces. This id is used as the identity of therouter. It maintaining link state databases. The first preference for selecting router ID is given tothe Logical interfaces. If logical interface is not present then highest IP of physical interface isselected as router id. Highest ip is router id of a router 50.0.0.611.0.0.2 13.0.0.1AreaArea is the group of routers & n/ws, which can share their routing information directly with eachother.AdjacencyA router is called adjacency when neighbor relationship is established. We can also sayadjacency relationship is formed between the routers.OSPF Hierarchical Model Area 0 Page | 31
  • 32. br br br abr abr abr asb ar ar ar r ar ar arArea 20 Area 70 Area 90Area Router (Autonomous System Border Router – ASBR)A router, which has all interfaces member of single area, is called area router.Backbone Area Page | 32
  • 33. Area 0 is called backbone area. All other areas must connect to the backbone area forcommunication.Backbone RouterA router, which has all interfaces members of area 0, is called backbone router.Area Border RouterA router, which connects an area with area 0, is called area border router.LSA Flooding in OSPFIf there are multiple OSPF routers on multi access n/w then there will be excessive no. of LSAgenerated by the router and they can choke bandwidth of the network. L K M N A B C DA B C DB A A A NeighborC C B BD D D CL K M NThis problem is solved with the help of electing a router as designated router and backupdesignated router.Designated Router Page | 33
  • 34. A router with highest RID (router id) will be designated router for a particular interface. Thisrouter is responsible for receiving LSA from non-DR router and forward LSA to the all DRrouter.Backup Designated RouterThis router will work as backup for the designated router. In BDR mode, it will receive allinformation but do not forward this information to other non-DR router.Commands to configure OSPFRouter#conf terRouter(config)#router ospf <process no>Router(config-router)#network <net address> <wild mask> area <area id>Router(config-router)#network <net address> <wild mask> area <area id>Router(config-router)#exitWild Mask – Complement of subnet maskExample 255.255.0.0 0.0.255.255 255.255.255.255 - Subnet mask Wild mask 255.255.255.255 - 255.255.192.0 subnet mask 0.0.63.255 wild mask Page | 34
  • 35. Area 0 R 200.100.100.33/30 200.100.100.34/30 R 1 2 200.100.100.66/27 200.100.100.160/26R1Router(config)#router ospf 33Router(config-router)#network 200.100.100.32 0.0.0.3 area 0Router(config-router)#network 200.100.100.64 0.0.0.31 area 0Router(config-router)#exitR2Router(config)#router ospf 2Router(config-router)#network 200.100.100.32 0.0.0.3 area 0Router(config-router)#network 200.100.100.128 0.0.0.63 area 0Router(config-router)#exit Page | 35
  • 36. LAN SwitchingEthernet switches are used in LAN to create Ethernet n/ws. Switches forward thetraffic on the basis of MAC address. Switches maintain a Mac Addresse table inwhich mac addresses and port no.s are used to perform switching decision.Working of bridge and switch is similar to each other.Classification of switchesSwitches are classified according to the following criteria: -Types of switches based on working(1) Store & Forward This switch receives entire frame then perform error checking and startforwarding data to the destination.(2) Cut through This switch starts forwarding frame as soon as first six bytes of the frame arereceived.(3) Fragment-free This switch receives 64 bytes of the frame, perform error checking and thenstart forwarding data.(4) Adaptive cut-through It changes its mode according the condition. If it see there are errors in manyframes then it changes to Store & Forward mode from Cut through or Fragment-free.Types of switches based on management(1) Manageable switches(2) Non-Manageable switches(3) Semi-Manageable switchesTypes of switches based on OSI layer Page | 36
  • 37. (1) Layer 2 switches (only switching)(2) Layer 3 switches (switching & routing)Types of switches based on command mode (only in Cisco)(1) IOS based(2) CLI basedType of switches based on hierarchical model(1) Core layer switches(2) Distribution layer switches(3) Access layer switchesQualities of switch- No. of ports- Speed of ports- Type of media- Switching or wire speed or throughputBasic Switch AdministrationIOS based switches are similar to the routers. We can perform following functionon switches in a similar manner as performed on router.(1) Access switch using console(2) Commands to enter & exit from different mode(3) Commands to configure passwords(4) Manage configuration(5) Backup IOS and configuration(6) Configuring and resolving hostnames(7) Managing telnet(8) Configuring CDP(9) Configuring time clock(10) Configuring Banners(11) Command line shortcuts and editing shortcuts Page | 37
  • 38. (12) Managing history(13) Configure logging(14) Boot system commandsFollowing function and options are not similar in router and switch.(1) Default hostname is ‘Switch’(2) Auxiliary port is not present(3) VTY ports are mostly 0 to 15(4) By default interfaces are enabled(5) IP address cannot be assign to interfaces(6) Routing configuration mode is not present(7) Interface no. starts from 1(8) Web access is by default enabled(9) Configuration registry is not present in similar manner(10) Flash memory may contain multiple files and startup-configuration is alsosaved in flashConfiguring IP and Gateway on switchWe can configure IP address on switch for web access or telnet IP address isrequired for the administration of the switch. If we have to access switch fromremote n/w then we will configure default gateway in addition to IP address. IP address is assigned to the logical interface of switch with followingcommand:-Switch(config)#interface vlan 1Switch(config)#IP address <ip> <mask>Switch(config)#no shSwitch(config)#exitOld SwitchesSwitch(config)#ip address <ip> <mask>Switch(config)#exitConfiguring GatewaySwitch(config)#ip default-gateway <ip> Page | 38
  • 39. Switch(config)#exitBreaking Switch Password(1) Power off switch press mode button present in front of switch then power onthe switch.(2) Keep mode button press until ‘Switch:’ prompt appears on console.(3) In switch monitor mode, type following commands: - flash_init load_helper rename flash:config.text flash:<anyname> dir flash: boot(4) After booting switch will prompt to enter in initial configuration dialog. Enter‘no’ here and type. Switch>enable Rename flash:<anyname> Flash:config.text Configure memoryChange password and save config. Then copy run start_config.Cisco Hierarchal ModelWhen we want to create a large sized LAN network then we may face followingproblems if we are going design the network in flat model.(1) High latency(2) Conjunction between switches(3) Large broadcast domainCisco hierarchal model recommends three layer design of the network(i) Core layer(ii) Distribution layer(iii) Access layeron each layer there are some rules which we have to follow(1) Highest performance devices are connected on Core layer(2) Resources should be placed on Core layer Page | 39
  • 40. (3) Polices should not be applied on core layer(4) On distribution layer, we can implement policies(5) Distribution and Core devices should be connected with high-speed links.(6) Access layer devices are basic devices and may be non manageable. Server CORE 1 GBps Distributio Distributio Distributio n n n 100 MBps Accesss Accesss Accesss Accesss Point(Hierarchal model)After using hierarchal model the most of LAN problem will be solve but oneproblem still remain same that is all pc s will be in single broadcast domain. Wehave to implement following solution for this problem.(1) Physical Segmentation(2) Logical Segmentation VLAN Trunking Page | 40
  • 41. VTP Inter VLAN PruningLogical Segmentation of NetworkTo perform logical segmentation, we have to create VLAN in the network. Withthe help of VLAN, we can logically divide the broadcast domain of the network.VLAN (Virtual LAN)VLAN provides Virtual Segmentation of Broadcast Domain in the network. Thedevices, which are member of same Vlan, are able to communicate with eachother. The devices of different Vlan may communicate with each other withrouting. So that different Vlan devices will use different n/w addresses. Vlanprovides following advantages: -(1) Logical Segmentation of network(2) Enhance network securityCreating port based VlanIn port based Vlan, first we have to create a Vlan on manageable switch then wehave to add ports to the Vlan.Commands to create VlanSwitch#config terSwitch(config)#vlan <no> [name <word>]Switch(config)#exit optionalOrSwitch#vlan databaseSwitch(vlan)#vlan <no> [name <word>] Page | 41
  • 42. Switch(vlan)#exitCommands to configure ports for a VlanBy default, all ports are member of single vlan that is Vlan1. we can change vlanmembership according to our requirement.Switch#conf terSwitch(config)#interface <type> <no>Switch(config-if)#switchport access vlan <no>Switch(config-if)#exitCommands to configure multiple ports in a vlanSwitch#conf terSwitch(config)#interface range <type> <slot/port no (space)–(space) port no>Switch(config-if)#switchport access vlan <no>Switch(config-if)#exitExample: - Suppose we want to add interface fast Ethernet 0/10 to 0/18 in vlan5Switch#config terSwitch(config)#interface range fastethernet 0/10 – 18Switch(config-if)#switchport access vlan 5Switchconfig-if#exitIn 1900 & Compatible switchesSwitch#config terSwitch(config)#interface <type> <no>Switch(config-if)#vlan-membership static <vlan no>Switch(config-if)#exitTo Disable web access in switchSwitch#config terSwitch(config)#no ip http server Page | 42
  • 43. To display mac address tableSwitch#sh mac-address-tableVlan Mac address type ports20 00-08-a16-ab-6a-7b dynamic fa0/7To Display Vlan and port membershipSwitch#sh vlanTrunkingWhen there are multiple switches then we have to use trunk links to connect oneswitch with other. If we are not using trunk links then we have to connect onecable from each vlan to the corresponding vlan of the other switch.Normal: - Vlan 1 7 3 1 3 76In Trunking: - Vlan 1,3,7 1 7 3 1 3 7 Trunk Trunk Page | 43
  • 44. Switches will perform trunking with the help of frame tagging. The trunk port willsend data frames by adding a Vlan id information to the frame, at the receiving endvlan id information is removing from the end and according to the tag data isdelivered to the corresponding vlan. There are two protocols to perform frametagging.(1) Inter switch link (cisco prop)(2) IEEE 802.1 qConfiguring Trunking In cisco switches all switch ports may be configured in three modes(1) Trunk desirable (default)(2) Trunk on(3) Trunk offSwitch#conf terSwitch(config)#interface <type> <no>Switch(config-if)#switchport mode <trunk|access|auto>Switch(config-if)#exit on off desirableTo configure Vlans allowed on TrunkBy default all Vlans are allowed on Trunk port. We can add/remove a partucularVlan from trunk port with following commandSwitch#config terSwitch(config)#interface <type> <no>Switch(config-if)#switchport trunk allowed vlan all Remove <vlan> Add <vlan> Except <vlan>To display trunk interfacesSwitch#sh interface trunkSwitch#sh interface <type> <no> trunkVlan Trunking Protocol (VTP) Page | 44
  • 45. With the help of VTP, we can simplify the process of creating Vlan. In multipleswitches, we can configure one switch as VTP server and all other switches will beconfigured as VTP client. We will create Vlans on VTP server switch. The serverwill send periodic updates to VTP client switches. The clients will create Vlansfrom the update received from the VTP server.VTP serverVTP server is a switch in which we can create, delete or modify Vlans. The serverwill send periodic updates for VTP clients.VTP clientOn VTP client, we are not able to create, modify or delete Vlans. The client willreceive and forward vtp updates. The client will create same Vlans as defined invtp update.VTP TransparentTransparent is a switch, which will receive and forward VTP update. It is able tocreate, delete and modify Vlans locally. A transparent will not send its own VTPupdates and will not learn any information from received vtp update.VTP Domain VTP serverVTP password Vlan 1,3,5,10,20Vlan Client Client Clinet Vlan 1,3,10,20,40,901,3,5,10,20Client Client Client Client VTP Transparent Page | 45
  • 46. CommandsSwitch#conf terSwitch(config)#vtp domain <name>Switch(config)#vtp password <word>Switch(config)#vtp mode <server|client|transparent>Switch(config)#exitBy default in cisco switches the VTP mode is set as VTP server with no domainand no password.To display VTP statusSwitch#sh vtp statusVTP PruningPruning is the VTP feature through which a trunk link can be automaticallydisable, for a particular Vlan if neighbor switch does not contain ports in that Vlan.Vlan1 is not prun eligible.Command to configure VTP PruningWe have to use only one command on VTP server for VTP Pruning.Switch#conf terSwitch(config)#vtp pruningSwitch(config)#exit Server Vlan 1,3,5,7 Page | 46
  • 47. Client Client Client Vlan 1 3 5 71 3 5 7 1 3 5 7Inter Vlan CommunicationAfter creating Vlans, each Vlan has own broadcast domain. If we wantcommunication from one Vlan to another Vlan then we need to perform routing.There are three methods for inter vlan communication.(1) Inter Vlan using multi-interface router(2) Inter Vlan using router on a stick method(3) Inter Vlan using layer 3 switch1751, 2621 routers supports Vlan(1) Inter Vlan using multi-interface router In this case, we have to connect one interface of router in each Vlan. Thisinterface will act as gateway for the corresponding vlan. Each Vlan has to usedifferent n/w addresses. Data from one Vlan to another Vlan will travel by router. Router 10.0.0.1 E0 E2 12.0.0.1 E1 11.0.0.1 Vlan1 Vlan3 Vlan5 T T 1, 3, T 5 1 3 1 3 5 1 3 5 5 N/w 10.x.x.x 11.x.x.x 12.x.x.x Gateway 10.0.0.1 11.0.0.1 12.0.0.1(2) Inter Vlan using router on a stick method In this method a special router is used for Inter Vlan. In this router, we cancreate one interface for each Vlan. The physical interface of router will be Page | 47
  • 48. connected on trunk port switch. This router will route traffic on the same interfaceby swapping vlan id information with the help of frame tagging protocol. Router Fa 0/0.1 – 10.0.0.1 -> Vlan1 Fa 0/0.2 – 11.0.0.1 -> Vlan3 Fa 0/0 Fa 0/0.3 – 12.0.0.1 -> Vlan5 Vlan 1, 3, 5 Trunk T T T T T T 1 3 5 1 3 5 1 3 5 N/w 10.x.x.x 11.x.x.x 12.x.x.x Gateway 10.0.0.1 11.0.0.1 12.0.0.1Configuration on RouterRouter#config terRouter(config)#interface fastethernet 0/0Router(config-if)#no ip addressRouter(config-if)#no shRouter(config-if)#exitRouter(config)#interface fastethernet 0/0.1Router(config-if)#encapsulation dot1q 1Router(config-if)#ip address 10.0.0.1 255.0.0.0Router(config-if)#no sh Page | 48
  • 49. Router(config-if)#exitRouter(config)#interface fastethernet 0/0.2Router(config-if)#encapsulation dot1q 3Router(config-if)#ip address 11.0.0.1 255.0.0.0Router(config-if)#no shRouter(config-if)#exitRouter(config)#interface fastethernet 0/0.3Router(config-if)#encapsulation dot1q 5Router(config-if)#ip address 12.0.0.1 255.0.0.0Router(config-if)#no shRouter(config-if)#exitConfiguration on Core switch(1) Configure switch as VTP server(2) Create Vlans(3) Configure interface connected to router as Trunk(4) Configure interfaces connected to other switches as trunk (if required)Configuration on Distribution layer switches(1) Configure switch as VTP client(2) Configure required interface as Trunk (optional)(3) Add ports to VlanConfiguration on PcConfigure IP and GatewaySpanning Tree ProtocolWhen we connect multiple switches with each other and multiple path exist fromone switch to another switch then it may lead to the switching loop in the network. Page | 49
  • 50. Multiple paths are used to create redundancy in the network. STP is only requiredwhen multiple path exist then there is possibility of loop in n/w. Packets Switch Switch SwitchProblems the occur with redundancy path(1) Multiple copies of the frame will be received by destination.(2) Frequent changes in the mac address table of switch.(3) A mac address may appear at multiple ports in a switch.(4) Packets may enter in the endless loop.Spanning Tree Protocol will solve this problem by blocking the redundancyinterface. So that only one path will remain active in the switches. If the primarypath goes down then disabled link will become enable and data will be transferredthrough that path.Working of STPThe STP will create a topology database in which one switch will be elected asRoute switch. Path cost is calculated on the basis of bandwidth. The lowest pathcost link will be enable mode and another path will be disable. Root Switch 1 Gb 1 Gb Switch Switch Page | 50
  • 51. 100 Mb 100 Mb 100 Mb Switch Switch Lowest cost (Disable)STP terminology(1) Bridge id It is the combination of bridge priority and base mac address. In Cisco switchesdefault priority no. is 32768.(2) Root Bridge The Bridge/Switch with lowest Bridge id will become the Route Bridge. RouteBridge is used as the center point for calculating path cost in topology.(3) BPDU Bridging Protocol Data Units It is the STP information, which is exchange between the switches to createtopology and path selection.(4) STP port mode An STP is enabled a port may be in one of the following mode. (i) Listening: - in this mode a port will send/receive BPD. (ii) Learning: - a port will learn mac address table. (iii) Forwarding: - the port will forward data based on mac address table. (iv) Blocking: - the port is block to send/receive data by Spanning TreeProtocol. (v) Disable: - the port is administratively disabled.Path cost calculationThe links in switches will be enable or disabled on the basis of path cost. The pathcost for each link is calculated according to following table. Old IEEE New IEEESpeed Cost Cost Page | 51
  • 52. 10 Mb 100 100100 Mb 10 191 Gb 1 410 Gb 1 2To configure ports for forwarding mode directlySwitch#config terSwitch(config)#interface <type> <no>Switch(config-if)#switchport hostConfiguring port securityIn manageable switches, we can restrict the no. of mac addresses that a port canlearn. Even we can specify the mac address statically with a command. With portsecurity, we can also specify the action to be perform if port security violation isdetected.Switch#conf terSwitch(config)#interface <type> <no>Switch(config-if)#switchport port-securitySwitch(config-if)#switchport port-security maximum <no. of mac>Switch(config-if)#switchport port-security violation <shutdown|restrict|reject>Switch(config-if)#switchport port-security mac-address stickySwitch(config-if)#switchport port-security mac-address sticky <mac address>Switch(config-if)#exit Access Control ListACL are the basic security feature that is required in any network to control the flow of traffic.Most of time our network may have servers and clients for which traffic control is required. We can also use ACL to classify the traffic. ACLs are used in features like QOS (Qualityof Service), Prioritize traffic and interesting traffic for ISDN. Page | 52
  • 53. Classification Access Control List: -Types of ACL based on Protocol: -(1) IP Access Control List(2) IPX Access Control List(3) Appletalk Access Control ListTypes of ACL based on Feature: -(1) Standard ACL(2) Extended ACLTypes of ACL based on Access mode: -(1) Numbered ACL(2) Named ACLTypes of ACL based on Order of rules: -(1) Deny, permit(2) Permit, denyIP Standard ACL (Numbered)In Standard ACL, we are only able to specify source address for the filtering of packets. Thesyntax to create IP standard ACL are: -Router#conf terRouter(config)#access-list <no> <permit|deny> <source>Router(config)#exit<source> Single pc host 192.168.10.5 192.168.10.5 192.168.10.5 0.0.0.0 N/w 200.100.100.0 0.0.0.255 Subnet 200.100.100.32 0.0.0.15Applying ACL on interfaceRouter#conf terRouter(config)#interface <type> <no>Router(config-if)#ip access-group <ACL no.> <in|out>Router(config-if)#exit Page | 53
  • 54. Internet RouterRouter(config)#access-list 25 permit 192.168.10.32 0.0.0.31Router(config)#access-list 25 permit 192.168.10.64 0.0.0.3Router(config)#access-list 25 permit 192.168.10.68Router(config)#access-list 25 permit 192.168.10.69Router(config)#access-list 25 permit 192.168.10.70Router(config)#interface serial 0Router(config-if)#ip access-group 25 outIP Standard ACL (Named)In Numbered ACL editing feature is not available that is we are not able to delete single rulefrom the ACL. In Named ACL editing feature is available.Router#config terRouter(config)#ip access-list standard <name>Router(config-std-nacl)#<deny|permit> <source>Router(config-std-nacl)#exitRouter#conf terRouter(config)#ip access-list standard abcRouter(config-std-nacl)#deny 172.16.0.16Router(config-std-nacl)#deny 172.16.0.17Router(config-std-nacl)#deny 172.16.0.18Router(config-std-nacl)#permit anyRouter(config-std-nacl)#exit Page | 54
  • 55. To modify the ACLRouter#conf terRouter(config)#ip access-list standard abcRouter(config-std-nacl)#no deny 172.16.0.17Router(config-std-nacl)#exitIP Extended ACL (Numbered)Extended ACL are advanced ACL. ACL, which can control traffic flow on the basis of fivedifferent parameters that are: -(i) Source address(ii) Destination address(iii) Source port(iv) Destination port(v) Protocol (layer 3/layer 4)The syntax to create Extended ACLRouter#conf terRouter(config)#access-list <no> <deny|permit> <protocol> <source> [<s.port>] <destination> [<d.port>]router(config)#exitTo display ACLRouter#show access-lists orRouter#show access-list <no>To display ACL applied on interfaceRouter#show ip interfaceRouter#show ip interface <type> <no>Router#show ip interface Ethernet 0Time-Based ACLsIn this you can specify a certain time of day and week and then identity that particular period bygiving it a name referenced by a task. The reference function will fall under whatever timeconstraints you have dictated. The time period is based upon the router’s clock, but it is highlyrecommended that using it in conjunction with Network Time Protocol (NTP) synchronization.Router#conf terRouter(config)#time-range no-http Page | 55
  • 56. Router(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00Router(config-time-range)#exitRouter(config)#time-range tcp-yesRouter(config-time-range)#periodic weekend 06:00 to 12:00Router(config-time-range)#exitRouter(config)ip access-list extended timeRouter(config-ext-nacl)#deny tcp any any eq www time-range no-httpRouter(config-ext-nacl)#permit tcp any any time-range tcp-yesRouter(config-ext-nacl)#interface f0/0Router(config-if)#ip access-group time inRouter(config-if)#do show time-range Network Address TranslationNAT is the feature that can be enable in a Router, Firewall or a Pc. With the help of NAT, we areable to translate network layer addresses that are IP addresses of packets. With the help of PortAddress Translation, we are also able to translate port no.s present in transport layer header. Page | 56
  • 57. There are two reasons due to which we use NAT: -(1) Conserve Live IP address On Internet, there are limited no of IP addresses. If our Pc wants to communicate on Internetthen it should have a Live IP address assigned by our ISP. So that IP address request will dependon no. of PCs that we want to connect on Internet. Due to this, there will be a lot of wastage in IPaddresses. To reduce wastage, we can share live IP addresses between multiple PCs with the helpof NAT.(2) NAT enhances the network security by hiding PC & devices behind NAT.Working of NAT & PAT10.0.0.5 Internet10.0.0.6 10.0.0.1 200.100.100.12 Switc NAT h10.0.0.710.0.0.8 10.0.0.5 200.100.100.1 2 1080 10.0.0.6 200.100.100.1 2 1085 10.0.0.7 200.100.100.1 Port Translation 2 Page | 57 1024
  • 58. 1100 10.0.0.8 200.100.100.1 2 1024Types of NATStatic NATThis NAT is used for servers in which one Live IP is directly mapped to one Local IP. This NATwill forward on the traffic for the Live IP to the Local PC in the n/w. Static NAT200.1.1.5 = 192.168.10.6 Interne Route t r Live 200.1.1.5 Local 192.168.10.6Dynamic NATDynamic NAT is used for clients, which want to access Internet. The request from multipleclient IPs are translated with the Live IP obtained from the Pool. It is also called Pool BasedDynamic NAT. Page | 58
  • 59. Pool => 200.1.1.8 – 200.1.1.12/28Local address => 172.16.X.XExcept => 172.16.0.5 Interne 172.16.0.6 ttt 172.16.0.7 Route r Web Server DNS Full access 172.16.X.X 172.16.0.5 172.16.0.6 172.16.0.7Configuring NATRouter#conf terRouter(config)#int serial 0Router(config-if)#ip nat outsideRouter(config-if)#int eth 0Router(config-if)#ip nat insideRouter(config-if)#exitRouter(config)#ip nat inside source static 172.16.0.7 200.1.1.3Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53Router(config)#access-list 30 deny 172.16.0.5Router(config)#access-list 30 deny 172.16.0.6Router(config)#access-list 30 deny 172.16.0.7Router(config)#access-list 30 permit anyRouter(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240Router(config)#ip nat inside source list 30 pool abc overload NAT + PAT Page | 59
  • 60. Command for Basic NATRouter(config)#ip nat inside source list 30 interface serial 0 <exiting interface name>To display NAT translationRouter#sh ip nat translations(after ping any address, it shows ping details)To clear IP NAT TranslationRouter#clear ip nat Translation *SECURING PRIVATE ENVIORNMENT BY USING NAT PROJECT REPORT Page | 60
  • 61. The project is based on network addressing translation(nat).The beauty of configuring nat on routers is that it can helpusers access internet on private ip address which areotherwise excluded by internet service provider(isp).We have used inter VLAN technology to make work efficientbetween 3 different and independent organisations. Thevlans have been divided into web servers and internetclients.DESCRIPTIONWe have three organisations. Org1, org2 and org3.Each organisation comprises a router, to route the data fromand to isp. There are manageable switches in each Page | 61
  • 62. organisation and we have created separate vlans for serversand internet clients.If we want the communication between the internet clientsand servers then we configure inter vlan concept on therouter. And if we want to block some internet clients cannotaccess our servers then we create acl for that particular user.These organisations are linked externally to an isp whichprovides live(public) ip addresses to each organisation, andisp also provides the internet connections to others.CONFIGURATIONFOR ORG1 Page | 62
  • 63. %SYS-5-CONFIG_I: Configured frROUTER ORG1Router>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG1ORG1(config)#line console 0ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exitORG1(config)#line vty 0 4ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exitORG1(config)#enable password netORG1(config)#enable secret net1ORG1(config)#int f0/0ORG1(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up Page | 63
  • 64. ORG1(config-if)#exitORG1(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 10.0.0.1 255.0.0.0ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int f0/0.2ORG1(config-subif)#encapsulation dot1q 3ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 192.168.10.1 255.255.255.240ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int s0/0/0ORG1(config-if)#ip nat outsideORG1(config-if)#clock rate 64000ORG1(config-if)#ip address 200.10.10.5 255.255.255.252ORG1(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG1(config-if)#exitORG1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0We have place our web server in the private area so that the internet client cannotdirectly access it. So, we have configured static nat and open port number 80(http)only.ORG1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80In our organisation our clients want to access internet so we will configuredynamic nat with overload for clients. Page | 64
  • 65. ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax 200.10.10.18 200.10.10.18 netmask255.255.255.240ORG1(config)#ip nat inside source list 20 pool netmax overloadORG1(config)#exitORG1#wrBuilding configuration...[OK]ORG1#SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clients Page | 65
  • 66. VLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wrFOR ORG2ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG2ORG2(config)#line console 0ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#line vty 0 4ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#enable password netORG2(config)#enable secret net1ORG2(config)#int f0/0ORG2(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up Page | 66
  • 67. ORG2(config-if)#exitORG2(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 10.0.0.1 255.0.0.0ORG2(config-subif)#no shORG2(config-subif)#exitORG2(config)#int f0/0.2ORG2(config-subif)#encapsulation dot1q 3ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 192.168.10.1 255.255.255.240ORG2(config-subif)#no shORG2(config-subif)#exitORG2(config)#int s0/0/0ORG2(config-if)#ip nat outsideORG2(config-if)#clock rate 64000ORG2(config-if)#ip address 200.10.10.9 255.255.255.252ORG2(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG2(config-if)#exitORG2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG2(config)#ip nat inside source static 10.0.0.2 200.10.10.33ORG2(config)#access-list 20 permit anyORG2(config)#ip nat pool netmax 200.10.10.34 200.10.10.36 netmask255.255.255.240ORG2(config)#ip nat inside source list 20 pool netmaxORG2(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG2#wrBuilding configuration...[OK]ORG2# Page | 67
  • 68. SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wrFOR ORG3ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z. Page | 68
  • 69. Router(config)#hostname ORG3ORG3(config)#line console 0ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#line vty 0 4ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#enable password netORG3(config)#enable secret net1ORG3(config)#int f0/0ORG3(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG3(config-if)#exitORG3(config)#int f0/0.1%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state toupRouter(config-subif)#encapsulation dot1q 2ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 10.0.0.1 255.0.0.0ORG3(config-subif)#no shORG3(config-subif)#exitORG3(config)#int f0/0.2ORG3(config-subif)#encapsulation dot1q 3ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 192.168.10.1 255.255.255.240ORG3(config-subif)#no shORG3(config-subif)#exitORG3(config)#int s0/0/0ORG3(config-if)#ip nat outsideORG3(config-if)#clock rate 64000ORG3(config-if)#ip address 200.10.10.13 255.255.255.252ORG3(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG3(config-if)#exitORG3(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG3(config)#ip nat inside source static 10.0.0.2 200.10.10.50ORG3(config)#access-list 20 permit any Page | 69
  • 70. ORG3(config)#ip nat pool netmax 200.10.10.51 200.10.10.51 netmask255.255.255.240ORG3(config)#ip nat inside source list 20 pool netmax overloadORG3(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG3#wrBuilding configuration...[OK]ORG3#SWITCHSwitch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1 Page | 70
  • 71. Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wrREFERENCES Wikipedia Google www.edu.ac.in NETMAX TECHNOLOGIES CISCO Page | 71

×