Nat report1


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Nat report1

  2. 2. ACKNOWLEDGEMENTWhile presenting this report I would like to express my deep sense of gratitude to entireNETMAX staff that were indispensable part of my training giving me unending guidance,inspiration, encouragement and providing me excellent environment throughout my training atNETMAX TECHNOLOGIES. The training was an extremely productive & enrichingexperience, not only technically but also from providing some practical skills.I am extremely thankful to Mr.Barinder Singh who had devoted a lot of time in guiding andsupervising me during my training.I must place my gratitude towards Prof. Rajneesh Talwar (H.O.D. of E.C.E. Dept.) for theirvaluable advice and guidance in carrying out this enjoyable and productive experience, whichprovided me a great opportunity to search new horizons. Ashima Malhotra
  3. 3. PREFACETechnology has rapidly grown in past two-three decades. An engineer without practicalknowledge and skills cannot survive in this technical era. Theoretical knowledge does matter butit is the practical knowledge that is the difference between the best and the better. Organizationsalso prefer experienced engineers than fresher ones due to practical knowledge and industrialexposure of the former. The practical training is highly conductive for solid foundation for:- 1. Knowledge and personality 2. Exposure to industrial environment. 3. Confidence building. 4. Enhancement of creativity.
  5. 5. INTRODUCTIONCOMPANY PROFILENETMAX TECHNOLOGIES as an organization is established in 2001 in the field of NetworkSupport, Network training, Software training and Embedded systems.In Education, we have strategic alliance with Pearson VUE and Prometric. We are authorizedTesting Partner of REDHAT & CISCO. We are also NOVELL EDUCATION PARTNER withwhich we provide NOVELL and SUSE LINUX courses. NetMax Technologies also conductcourses in CADENCE based design tools.NETMAX TECHNOLOGIES also provide Technical Research & Development support andconsultancy to some electronics companies.Our clients for R&D support in field of embedded systems: • Recorders and Medicare Ltd Chandigarh. • TELEBOX India Ltd. • Lotus Machines Pvt. Ltd. Chandigarh. • Impearl Electronics Pvt. Ltd. Chandigarh. • KANTA Electrical Ltd. Mohali.The partial list of our client for network field is as below: • CEDTI, Mohali • Premier ISP, Chandigarh • Innovative solutions, Chandigarh • Emmtel ISP, Chandigarh • NIPER, Mohali • Navik Technologies, Chandigarh • Software Technology Parks India, Mohali • Glide Internet Services
  6. 6. • Rana Group • IDS • HFCL Infotel Ltd. • Targus Technologies Pvt Ltd • STPI, Mohali • BBMB • The Tribune • Ind SwiftOUR TEAMWe are a strong technical team of certified professionals for catering to these solutions and havepresence in Chandigarh and Punjab. We have skilled team of engineers who are experienced indesign, programming. We are having more than 15 engineers who are having prestigiouscertifications like CCNA, CCNP, CCSP, CCSA, MCSE, RHCE,C++,C,JAVA & PhP, MySqlProgramming.Support Area (network solutions): • LINUX / UNIX networks • SUN networks • CISCO devices (Routers, Switches, Firewalls, Cache Engine, RAS etc) • Bandwidth Manager software and hardware • Radio Links • Security Solutions NETMAX TECHNOLOGIES provide the following Courses in IT & Embedded Systems givenbelow:Network Training: • CISCO CCNA, CCNP • RED HAT LINUX 5 • WINDOWS 2000, 2003 (MCP,MCSA & MCSE)
  7. 7. • MCITP 2008.Software Training: • C++ • C • JAVA ( CORE JAVA & ADVANCE JAVA) • ASP.NET • PHP My sql Programming. We provide Technical support and consultancy to electronics companies in the fieldof Embedded micro controllers like 8 bit and 16 bit family based embedded system design,analog systems design(including signal conditioning circuits, filter design, etc) ,precision signalamplifier design for applications like ECG, low power design, precision temperaturemeasurement etc .Power electronics including dc/dc converters, ac/dc converters,thyristor firingbased circuit, battery charging and monitor circuits etc. Application of Embedded systems andanalog control systems in industrial as well as home automation.Our core strengths are our commitment, technical expertise and cost effective solutions.We ensure high service levels and prompt support availability leading to lower downtime.NETMAX TECHNOLOGIES is a leader in education services and developer of innovativeembedded solutions. To meet the demands of Post PC era, NeTmax provides complete solutionsas well as design-to-order services to satisfy our customers.NETMAX TECHNOLOGIES: • BARINDER SINGH, 9914713373 • HARPREET SINGH, 9814900118HEAD OFFICE:NETMAX TECHNOLOGIES, SCO 58-59, Sector 34A, Chandigarh.0172-4644644Branch Office:NETMAX TECHNOLOGIES, SCO 52 2ND FLOOR LEELA BHAWAN PATIALA.0175- 5018351,9914713373, 9814900118.
  8. 8. INTRODUCTION TO CCNAWhat is Network?In one network more than one computer connected with each other through centralized device.They can share files and resources with each other.LAN LAN stands for Local Area Network. The scope of the LAN is within one building, oneschool or within one lab. In LAN (Hub), media access method is used CSMA/CD in which eachcomputer sense the carrier before sending the data over the n/w. if carrier is free then you cantransmit otherwise you have to wait or you have to listen. In multiple access each computer haveright that they can access each other. If two computers sense the carrier on same time then thecollision occur. Each computer, in the network, aware about the collision. Now this stoptransmitting and they will use back off algorithm. In which random number is generated. Thisnumber or algorithm is used by each computer. Who has short number or small number, he hasfirst priority to transmit the data over the network and other computers will wait for their turn.WAN WAN stands for Wide Area Network, in which two local area networks are connectedthrough public n/w. it may be through telecommunication infrastructure or dedicated lines. Fore.g: - ISDN lines, Leased lines etc. In which we can use WAN devices and WAN technology. You can also connect withyour remote area through existing Internetwork called Internet.MAN MAN stands for Metropolitan Area Network . When the number of computer and thearea covered by computer crosses a cretain limit, we have to create a larger network that is anextension to local area networks. This type of large network is called metropolitan areanetworks(MAN). MAN is an estension of local area networks that can connet coputers placed inan entire city. The MAN can be created as a single network such as a cable network, coveringentire city or a group of serval Local Area Networks. This way, resources can be shared formLAN to LAN and form computer to computer also. Metropolitan Area Network are mainly owned by lrge organization to interconnect alltheir branches across a city
  9. 9. BASICDEVICESHub Hub is centralized device, which is used to connect multiple workstations. There are twotypes of Hub: -(i) Active Hub(ii) Passive Hub it has no special kind of memory. It simply receives the frame (data) and forwards it to allits nodes except the receiving node. It always performs broadcasting. In case of hub, there is onecollision domain and one broadcast domain. In case of hub, the media access method is usedCSMA/CD (Carrier Sense Multiple Access/Collision Detection).(i) Active Hub In Active hub, it receives the frame regenerate and then forward to all its nodes.(ii) Passive Hub In Passive hub, it simply receives the frame and forward to all its connected nodes. You cannot perform LAN segmentation using hub.Switch Switch is also used to connect multiple workstations. Switch is more intelligent than hub.It has special kind of memory called mac address/filter/lookup table. Switch reads macaddresses. Switch stores mac addresses in its filter address table. Switch when receives frame, itreads the destination mac address and consult with its filter table. If he has entry in its filter tablethen he forwards the frame to that particular mac address, if not found then it performsbroadcasting to all its connected nodes. Every port has its own buffer memory. A port has two queues one is input queue andsecond is output queue. When switch receives the frame, the frame is received in input queue andforward from output queue. So in case of switch there is no chance or place for collisions. In caseof switch, the media access method is used CSMA/CA (Carrier Sense Multiple Access/ CollisionAvoidance). Switches provide more efficiency, more speed and security.There are two types of switches: -(i) Manageable switches (can be configured with console cable).(ii) Non-manageable switches.We can perform LAN segmentation by using switches.
  10. 10. Bridge Bridge is a hardware device, which is used to provide LAN segmentation means it is usedfor break the collision domain. It has same functionality as performed by switch. We can usebridge between two different topologies. It has fewer ports. Each port has a own buffer memory.It works on Data Link Layer of OSI model. It also read mac address and stores it in its filtertable. In case of bridge there is one broadcast domain.Router Router is hardware device, which is used to communicate two different networks. Routerperforms routing and path determination. It does not perform broadcast information. There aretwo types of routers: -(i) Hardware Routers are developed by Cisco, HP.(ii) Software Routers is configured with the help of routing and remote access. This feature isoffered by Microsoft. This feature is by default installed, but you have to enable or configure it.Hardware routers are dedicated routers. They are more efficient.But in case of software routers, it has less features, slow performance. They are not very muchefficient.Lan Card Lan card is media access device. Lan card provide us connectivity in the network. Thereis a RJ45 (Registered Jack) connector space on the Lan card. RJ45 is used in UTP cable. There isanother led which is also called heartbeat of Lan card. When any activity occur it may bereceiving or transmitting any kind of data. This led start blinking and also tell us the status of lancard.LAN TOPOLOGIESBUS Topology Cable Type – Coaxial Connector Type – BNC (Bayonet Neill-Concelman), T type, Terminator Coaxial – Thick --Maximum length – 500 meters N/w devices 100 Coaxial – Thin --Maximum length – 185 meters
  11. 11. STAR Topology Cable type - UTP Connector type - RJ45 Maximum Length – 100 meters (with proper color coding)
  12. 12. UTP (Unshielded Twisted Pair)STP (Shielded Twisted Pair)In case of hub media access method will be CSMA/CD.RING Topology Cable - UTPThere is token ring method used, so there is no collision chance.
  13. 13. Ethernet FamilySpeed Base band10 Base 2 200-meter Coaxial cable10 Base 5 500-meter Thick Coaxial cable10 Base T 100 meter Twisted Pair (UTP)10/100(present) Base TX 100 meter UTP100 Base T4 100 meter UTP 4 Pairs used100 Base FX up to 4 kms Fiber Optic1000(Server) Base TX 100 meter UTP1000 Base FX up to 10 kms Fiber Optic10000 Base FX Fiber OpticColorGreen – Green whiteOrange – Orange whiteBlue – Blue whiteBrown – Brown whiteGreen cable has maximum twists.Pin Configuration Cross Straight1 3 1 12 6 2 23 1 3 36 2 6 6
  14. 14. Straight Cable1 Orange white - Orange white2 Orange - Orange3 Green white - Green white4 Blue - Blue5 Blue white - Blue white6 Green - Green7 Brown white - Brown white8 Brown - Brown Cross Cable1 Orange white - Green white2 Orange - Green3 Green white - Orange white4 Blue - Blue5 Blue white - Blue white6 Green - Orange7 Brown white - Brown white8 Brown - BrownRJ45 Connector
  15. 15. OSI (Open Systems Interconnection) Model OSI model is the layer approach to design, develop and implement network. OSI providesfollowing advantages: - • Designing of network will be standard base. • Development of new technology will be faster. • Devices from multiple vendors can communicate with each other. • Implementation and troubleshooting of network will be easy. (1) Application Layer: - Application layer accepts data and forward into the protocol stack. It creates user interface between application software and protocol stack. (2) Presentation Layer: - This layer decides presentation format of the data. It also able to performs other function like compression/decompression and encryption/decryption (3) Session Layer: - This layer initiate, maintain and terminate sessions between different applications. Due to this layer multiple application software can be executed at the same time. (4) Transport Layer: - Transport layer is responsible for connection oriented and connection less communication. Transport layer also performs other functions like . Error checking • Flow Control Buffering Windowing Multiplexing • Sequencing • Positive Acknowledgement • Response (5) Network Layer This layer performs function like logical addressing and path determination. Each networking device has a physical address that is MAC address. But logical addressing is easier to communicate on large size network.
  16. 16. Logical addressing defines network address and host address. This type of addressing is used to simplify implementation of large network. Some examples of logical addressing are: - IP addresses, IPX addresses etc. (6) Data Link Layer The functions of Data Link layer are divided into two sub layers • Logical Link Control • Media Access Control Logical Link Control defines the encapsulation that will be used by the NIC to delivered data to destination. Some examples of Logical Link Control are ARPA (Ethernet), 802.11 wi-fi. Media Access Control defines methods to access the shared media and establish the identity with the help of MAC address. Some examples of Media Access Control are CSMA/CD, Token Passing. (7) Physical Layer Physical Layer is responsible to communicate bits over the media this layer deals with the standard defined for media and signals. This layer may also perform modulation and demodulation as required.Router ArchitectureLANProcessorI/O ControllerWANMemory ControllerRAMBIOS ROM
  17. 17. Flash RAM O/SIncomplete IOSNVRAMIOSStartup ConfigurationNon-Volatile RAMRouter Access Modes When we access router command prompt the router will display different modes.According to the modes, privileges and rights are assigned to the user.User mode In this mode, we can display basic parameter and status of the router we can testconnectivity and perform telnet to other devices. In this mode we are not enable to manage &configure router.Privileged mode In this mode, we can display all information, configuration, perform administration task,debugging, testing and connectivity with other devices. We are not able to perform hereconfiguration editing of the router. The command to enter in this mode is ‘enable’. We have to enter enable password orenable secret password to enter in this mode. Enable secret has more priority than enablepassword. If both passwords are configured then only enable secret will work.Global configuration This mode is used for the configuration of global parameters in the router. Globalparameters applied to the entire router.For e.g: - router hostname or access list of routerThe command enter in this mode is ‘configure terminal’.Line configuration mode This mode is used to configure lines like console, vty and auxiliary. There are main typesof line that are configured.(i) Console router(config)#line console 0
  18. 18. (ii) Auxiliary router(config)#line aux 0(iii) Telnet or vty router(config)#line vty 0 4Interface configuration mode This mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI etc. Router(config)#interface <type> <number> Router(config)#interface serial 1Routing configuration mode This mode is used to configure routing protocol like RIP, EIGRP, OSPF etc. Router(config)#router <protocol> [<option>] Router(config)#router rip Router(config)#router eigrp 10Configuring Password There are five types of password available in a router(1) Console Password router#configure terminal router(config)#line console 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exit to erase password do all steps with no command.(2) Vty Password router>enable router#configure terminal router(config)#line vty 0 4 router(config-line)#password <word> router(config-line)#login router(config-line)#exit(3) Auxiliary Password router#configure terminal router(config)#line Aux 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exit
  19. 19. (4) Enable Password router>enable router#configure terminal router(config)#enable password <word> router(config)#exit(5) Enable Secret Password Enable Password is the clear text password. Router>enable Router#configure terminal Router(config)#enable secret <word> Router(config)#exitEncryption all passwords All passwords other than enable secret password are clear text password. We can encryptall passwords using level 7 algorithm. The command to encrypt all password are Router#configure terminal Router(config)#service password-encryptionManaging Configuration There are two types of configuration present in a router(1) Startup Configuration(2) Running Configuration(1) Startup configuration is stored in the NVRAM. Startup configuration is used to savesettings in a router. Startup configuration is loaded at the time of booting in to the Primary RAM.(2) Running Configuration is present in the Primary RAM wherever we run a command forconfiguration, this command is written in the running configuration.To save configuration Router#copy running-configuration startup-configuration Or Router#writeTo display running-configuration Router#show running-configuratio
  20. 20. To display startup configuration Router#show startup-configurationTo erase old configuration Router#erase startup-configurationConfiguring HostName Router#configure terminal Router#hostname <name> <name>#exit or end or /zConfiguration Interfaces Interfaces configuration is one of the most important part of the router configuration. Bydefault, all interfaces of Cisco router are in disabled mode. We have to use different commandsas our requirement to enable and configure the interface.Configuring IP, Mask and Enabling the Interface Router#configure terminal Router(config)#interface <type> <no> Router(config-if)#ip address <ip> <mask> Router(config-if)#no shutdown Router(config-if)#exitTo configure Interface description Router#configure terminal Router(config)#interface <type> <no> Router(config-if)#description <line>To display interface status Router#show interfaces (to show all interfaces) Router#show interface <type> <no> This command will display following parameters about an interface • Status • Mac address • IP address • Subnet mask • Hardware type / manufacturer • Bandwidth • Reliability • Delay • Load ( Tx load Rx load)
  21. 21. • Encapsulation • ARP type (if applicable) • Keep aliveConfiguring secondary IP Router#config terminal Router(config)#interface <type> <no> Router(config-if)#IP address Router(config-if)#IP address secondary Router(config-if)#no shutdown (to enable the interface because they always shutdown) Router(config-if)#exit Router#show run (to display secondary IP)To display commands present in history Router#show historyTo display history size Router#show terminalConfiguring Banners Banners are just a message that can appear at different prompts according to the type.Different banners are: -Message of the day (motd) This banner appear at every access method
  22. 22. IP ADDRESS V4 IP address is a 32-bit address. It is divided into four octets. Each octet has 8 bits. It hastwo parts one is network address and second is host address. in local area network, we can usedprivate IP address, which is provided by IANA (Internet Assigning Numbering Authority). IPaddresses are divided into five classes.Class Range N/w bits Host bits Subnet mask Total IP Valid IPA 1 – 126 8 24 16777216 16777214B 128 – 191 16 16 65536 65534C 192 – 223 24 8 256 254D 224 – 239 it is reserved for multicast.E 240 – 255 it is reserved for research/scientific use.We can use first three classes. IANA provides private IP addresses from first three classes.Class Private IP RangeA – – – Mask Subnet mask is also 32-bit address, which tell us how many bits are used for network andhow many bits are used for host address. In Subnet mask Network bits are always 1 and Host bits are always 0. IP Addresses invalid or reserve IP Addresses When we are going to assign IP addresses to our computers then we have to follow somerules.
  23. 23. Rules: - (1) All Host bits cannot be 0 (, because it represent network address which isreserved for router. (2) All Host bits cannot be 1 (, because this is broadcast address of thatnetwork (10th network). (3) All bits cannot be 0 (, because this address is reserved for Default routing.Default routing is used in case of Stub n/w (means our network has one exit point). (4) All bits cannot be 1 (, because this is reserved for Broadcasting. (5) - This is Loopback address, which is used for self-communication ortroubleshooting purpose. C:>ipconfig C:>ipconfig/all It shows all detail.
  24. 24. IP ROUTING When we want to connect two or more networks using different n/w addresses then we haveto use IP Routing technique. The router will be used to perform routing between the networks. Arouter will perform following functions for routing. • Path determination • Packet forwarding(1) Path determination The process of obtaining path in routing table is called path determination. There are threedifferent methods to which router can learn path. i) Automatic detection of directly connected n/w. ii) Static & Default routing iii) Dynamic routing(2) Packet forwarding It is a process that is by default enable in router. The router will perform packet forwardingonly if route is available in the routing table.Static Routing In this routing, we have to use IP route commands through which we can specify routesfor different networks. The administrator will analyze whole internetwork topology and thenspecify the route for each n/w that is not directly connected to the router.Steps to perform static routing (1) Create a list of all n/w present in internetwork. (2) Remove the n/w address from list, which is directly connected to n/w. (3) Specify each route for each routing n/w by using IP route command. Router(config)#ip route <destination n/w> <mask> <next hop ip> Next hop IP it is the IP address of neighbor router that is directly connected our router.Static Routing Example: - Router#conf ter Router(config)#ip route of static routing (1) Fast and efficient. (2) More control over selected path. (3) Less overhead for router.
  25. 25. Disadvantages of static routing (1) More overheads on administrator. (2) Load balancing is not easily possible. (3) In case of topology change routing table has to be change manually.Alternate command to specify static route Static route can also specify in following syntax: - Old Router(config)#ip route Or Router(config)#ip route serial 0Default Routing Default routing means a route for any n/w. these routes are specify with the help offollowing syntax: -Router(config)#ip route <next hop> Or <exit interface>To display routing table Router#sh ip routeTo check all the interface of a router Router#sh interface briefDynamic Routing In dynamic routing, we will enable a routing protocol on router. This protocol will sendits routing information to the neighbor router. The neighbors will analyze the information andwrite new routes to the routing table. The routers will pass routing information receive from one router to other router also. Ifthere are more than one path available then routes are compared and best path is selected. Someexamples of dynamic protocol are: -RIP, IGRP, EIGRP, OSPFTypes of Dynamic Routing Protocols According to the working there are two types of Dynamic Routing Protocols. (1) Distance Vector (2) Link State
  26. 26. According to the type of area in which protocol is used there are again two types ofprotocol: - (1) Interior Routing Protocol (2) Exterior Routing ProtocolAutonomous system Autonomous system is the group of contiguous routers and n/w, which will share theirrouting information directly with each other. If all routers are in single domain and they sharetheir information directly with each other then the size of routing updates will depend on the no.of n/w present in the Internetwork. Update for each n/w may take 150 – 200 bytes information.For example: - if there are 1000 n/ws then size of update will be 200*1000 = 200000 bytesBorder Routing The routing information is send periodically so it may consume a large amount ofbandwidth in our n/w.AS 500AS 400AS 200DomainProtocolsDistance Vector Routing The Routing, which is based on two parameters, that is distance and direction is calledDistance Vector Routing. The example of Distance Vector Routing is RIP & IGRP.Operation: - (1) Each Router will send its directly connected information to the neighbor router. Thisinformation is send periodically to the neighbors. (2) The neighbor will receive routing updates and process the route according to followingconditions: - (i) If update of a new n/w is received then this information is stored in routing table. (ii) If update of a route is received which is already present in routing table then routewill be refresh that is route times is reset to zero. (iii) If update is received for a route with lower metric then the route, which is already presentin our routing table. The router will discard old route and write the new route in the routing table. (iv) If update is received with higher metric then the route that is already present in routingtable, in this case the new update will be discard.
  27. 27. (3) A timer is associated with each route. The router will forward routing information on allinterfaces and entire routing table is send to the neighbor. There are three types of timersassociated with a route.Configuring RIP Router#conf ter Router(config)#router rip Router(config-router)#network <own net address> Router(config-router)#network <own net address> -------------- -------------- Router(config-router)#exit Router(config-router)#network Router(config-router)#network Router(config-router)#network via IGRP Router(config)#router igrp <as no>(1 – 65535) Router(config-router)#network <net address> Router(config-router)#network <net address> Router(config-router)#exit Serial E1 modem Serial E1 2048 k 2048 k 256 ksyncConfiguring following options in IGRP as same as in case of RIP: - (1) Neighbor (2) Passive interface (3) Timer (4) Distance (AD) (5) Maximum path
  28. 28. Link State Routing This type of routing is based on link state. Its working is explain as under (1) Each router will send Hello packets to all neighbors using all interfaces. (2) The router from which Hello reply receive are stored in the neighborship table. Hellopackets are send periodically to maintain the neighbor table. (3) The router will send link state information to the all neighbors. Link state informationfrom one neighbor is also forwarded to other neighbor. (4) Each router will maintain its link state database created from link state advertisementreceived from different routers. (5) The router will use best path algorithm to store the path in routing table.Problems of Link State Routing The main problems of link state routing are: - (1) High bandwidth consumption. (2) More hardware resources required that is processor and memory (RAM) The routing protocols, which use link state routing are: - (1) OSPF (2) EIGRPEnhanced Interior Gateway Routing Protocol Features: - * Cisco proprietary * Hybrid protocol Link State Distance Vector * Multicast Updates using Address * Support AS * Support VLSM * Automatic Route Summarization * Unequal path cost load balancing * Metric (32 bit composite) Bandwidth Delay Load Reliability MTU * Neighbor Recovery * Partial updates * Triggered updates * Backup Route
  29. 29. Configuring EIGRP Router(config)#router eigrp <as no> Router(config-router)#network <net addr.> Router(config-router)#network <net addr.> Router(config-router)#exitOSPF Terminology Already known topics in this: - (1) Hello packets (2) LSA (Link State Advertisement) (3) Neighbor (4) Neighbor table (5) Topology table (LSA database)Router ID Router ID is the highest IP address of router interfaces. This id is used as the identity ofthe router. It maintaining link state databases. The first preference for selecting router ID is givento the Logical interfaces. If logical interface is not present then highest IP of physical interface isselected as router id.Highest ip is router id of a router Area is the group of routers & n/ws, which can share their routing information directlywith each other.Adjacency A router is called adjacency when neighbor relationship is established. We can also sayadjacency relationship is formed between the routers.OSPF Hierarchical Model Area 0Area 20 Area 70 Area 90Area Router (Autonomous System Border Router – ASBR) A router, which has all interfaces member of single area, is called area router.
  30. 30. Backbone Area Area 0 is called backbone area. All other areas must connect to the backbone area forcommunication.Backbone Router A router, which has all interfaces members of area 0, is called backbone router.Area Border Router A router, which connects an area with area 0, is called area border router.LSA Flooding in OSPF If there are multiple OSPF routers on multi access n/w then there will be excessive no. ofLSA generated by the router and they can choke bandwidth of the network. L K M N A B C DA B C DB A A A NeighborC C B BD D D CL K M N This problem is solved with the help of electing a router as designated router and backupdesignated router.Designated Router A router with highest RID (router id) will be designated router for a particular interface.This router is responsible for receiving LSA from non-DR router and forward LSA to the all DRrouter.Backup Designated Router This router will work as backup for the designated router. In BDR mode, it will receiveall information but do not forward this information to other non-DR router.
  31. 31. Commands to configure OSPF Router#conf ter Router(config)#router ospf <process no> Router(config-router)#network <net address> <wild mask> area <area id> Router(config-router)#network <net address> <wild mask> area <area id> Router(config-router)#exitWild Mask – Complement of subnet mask R1 Router(config)#router ospf 33 Router(config-router)#network area 0 Router(config-router)#network area 0 Router(config-router)#exit R2 Router(config)#router ospf 2 Router(config-router)#network area 0 Router(config-router)#network area 0 Router(config-router)#exit
  32. 32. Access Control List(ACL) ACL are the basic security feature that is required in any network to control the flow oftraffic. Most of time our network may have servers and clients for which traffic control isrequired. We can also use ACL to classify the traffic. ACLs are used in features like QOS (Qualityof Service), Prioritize traffic and interesting traffic for ISDN.Classification Access Control List: -Types of ACL based on Protocol: - (1) IP Access Control List (2) IPX Access Control List (3) Appletalk Access Control ListTypes of ACL based on Feature: - (1) Standard ACL (2) Extended ACLTypes of ACL based on Access mode: - (1) Numbered ACL (2) Named ACLTypes of ACL based on Order of rules: - (1) Deny, permit (2) Permit, denyIP Standard ACL (Numbered) In Standard ACL, we are only able to specify source address for the filtering of packets.The syntax to create IP standard ACL are: - Router#conf ter Router(config)#access-list <no> <permit|deny> <source> Router(config)#exit <source> Single pc host N/w Subnet
  33. 33. Applying ACL on interface Router#conf ter Router(config)#interface <type> <no> Router(config-if)#ip access-group <ACL no.> <in|out> Router(config-if)#exitInternet Router(config)#access-list 25 permit Router(config)#access-list 25 permit Router(config)#access-list 25 permit Router(config)#access-list 25 permit Router(config)#access-list 25 permit Router(config)#interface serial 0 Router(config-if)#ip access-group 25 outIP Standard ACL (Named) In Numbered ACL editing feature is not available that is we are not able to delete singlerule from the ACL. In Named ACL editing feature is available. Router#config ter Router(config)#ip access-list standard <name> Router(config-std-nacl)#<deny|permit> <source> Router(config-std-nacl)#exit Router#conf ter Router(config)#ip access-list standard abc Router(config-std-nacl)#deny Router(config-std-nacl)#deny Router(config-std-nacl)#deny Router(config-std-nacl)#permit any Router(config-std-nacl)#exitTo modify the ACL Router#conf ter Router(config)#ip access-list standard abc Router(config-std-nacl)#no deny Router(config-std-nacl)#exitIP Extended ACL (Numbered) Extended ACL are advanced ACL. ACL, which can control traffic flow on the basis offive different parameters that are: - (i) Source address (ii) Destination address (iii) Source port (iv) Destination port (v) Protocol (layer 3/layer 4)
  34. 34. The syntax to create Extended ACL Router#conf ter Router(config)#access-list <no> <deny|permit> <protocol> <source> [<s.port>] <destination> [<d.port>] Router(config)#exitTo display ACL Router#show access-lists or Router#show access-list <no>To display ACL applied on interface Router#show ip interface Router#show ip interface <type> <no> Router#show ip interface Ethernet 0Time-Based ACLs In this you can specify a certain time of day and week and then identity that particularperiod by giving it a name referenced by a task. The reference function will fall under whatevertime constraints you have dictated. The time period is based upon the router’s clock, but it ishighly recommended that using it in conjunction with Network Time Protocol (NTP)synchronization.Router#conf terRouter(config)#time-range no-httpRouter(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00Router(config-time-range)#exitRouter(config)#time-range tcp-yesRouter(config-time-range)#periodic weekend 06:00 to 12:00Router(config-time-range)#exitRouter(config)ip access-list extended timeRouter(config-ext-nacl)#deny tcp any any eq www time-range no-httpRouter(config-ext-nacl)#permit tcp any any time-range tcp-yesRouter(config-ext-nacl)#interface f0/0Router(config-if)#ip access-group time inRouter(config-if)#do show time-range
  35. 35. Network Address Translation(NAT) NAT is the feature that can be enable in a Router, Firewall or a Pc. With the help ofNAT, we are able to translate network layer addresses that are IP addresses of packets. With thehelp of Port Address Translation, we are also able to translate port no.s present in transport layerheader.There are two reasons due to which we use NAT: -(1) Conserve Live IP address On Internet, there are limited no of IP addresses. If our Pc wants to communicate onInternet then it should have a Live IP address assigned by our ISP. So that IP address request willdepend on no. of PCs that we want to connect on Internet. Due to this, there will be a lot ofwastage in IP addresses. To reduce wastage, we can share live IP addresses between multiplePCs with the help of NAT.(2) NAT enhances the network security by hiding PC & devices behind NAT.Types of NATStatic NAT This NAT is used for servers in which one Live IP is directly mapped to one Local IP.This NAT will forward on the traffic for the Live IP to the Local PC in the n/w. Static NAT Internet = Live Local NAT Dynamic NAT is used for clients, which want to access Internet. The request frommultiple client IPs are translated with the Live IP obtained from the Pool. It is also called PoolBased Dynamic NAT. Pool => – Internettt Local address => 172.16.X.X Except =>
  36. 36. Web Server DNS Full access 172.16.X.X172.16.0.5 NAT Router#conf ter Router(config)#int serial 0 Router(config-if)#ip nat outside Router(config-if)#int eth 0 Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#ip nat inside source static Router(config)#ip nat inside source static tcp 80 80 Router(config)#ip nat inside source static udp 53 53 Router(config)#access-list 30 deny Router(config)#access-list 30 deny Router(config)#access-list 30 deny Router(config)#access-list 30 permit any Router(config)#ip nat pool abc netmask Router(config)#ip nat inside source list 30 pool abc overload NAT + PATCommand for Basic NAT `Router(config)#ip nat inside source list 30 interface serial 0 <exiting interface name>To display NAT translation Router#sh ip nat translations (after ping any address, it shows ping details)To clear IP NAT Translation Router#clear ip nat Translation *
  37. 37. SECURING PRIVATE ENVIORNMENT BY USING NAT PROJECT REPORTThe project is based on network addressing translation(nat).The beauty of configuring nat on routers is that it can helpusers access internet on private ip address which areotherwise excluded by internet service provider(isp).We have used inter VLAN technology to make work efficientbetween 3 different and independent organisations. Thevlans have been divided into web servers and internetclients.
  38. 38. DESCRIPTION We have three organisations. Org1, org2 and org3.Each organisation comprises a router, to route the data fromand to isp. There are manageable switches in eachorganisation and we have created separate vlans for serversand internet clients. If we want the communication between the internetclients and servers then we configure inter vlan concept onthe router. And if we want to block some internet clientscannot access our servers then we create acl for thatparticular user. These organisations are linked externally to an ispwhich provides live(public) ip addresses to eachorganisation, and isp also provides the internet connectionsto others.
  39. 39. CONFIGURATIONFOR ORG1 %SYS-5-CONFIG_I: Configured frROUTER ORG1 Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ORG1 ORG1(config)#line console 0 ORG1(config-line)#password net ORG1(config-line)#login ORG1(config-line)#exit ORG1(config)#line vty 0 4 ORG1(config-line)#password net ORG1(config-line)#login ORG1(config-line)#exit ORG1(config)#enable password net ORG1(config)#enable secret net1 ORG1(config)#int f0/0
  40. 40. ORG1(config-if)#no sh %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up ORG1(config-if)#exit ORG1(config)#int f0/0.1 %LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address ORG1(config-subif)#no sh ORG1(config-subif)#exit ORG1(config)#int f0/0.2 ORG1(config-subif)#encapsulation dot1q 3 ORG1(config-subif)#ip nat inside ORG1(config-subif)#ip address ORG1(config-subif)#no sh ORG1(config-subif)#exit ORG1(config)#int s0/0/0 ORG1(config-if)#ip nat outside ORG1(config-if)#clock rate 64000 ORG1(config-if)#ip address ORG1(config-if)#no sh %LINK-5-CHANGED: Interface Serial0/0/0, changed state to down ORG1(config-if)#exit ORG1(config)#ip route serial 0/0/0 We have place our web server in the private area so that the internet clientcannot directly access it. So, we have configured static nat and open port number80(http) only. ORG1(config)#ip nat inside source static tcp 80 80 In our organisation our clients want to access internet so we will configuredynamic nat with overload for clients.
  41. 41. ORG1(config)#access-list 20 permit any ORG1(config)#ip nat pool netmax netmask ORG1(config)#ip nat inside source list 20 pool netmax overload ORG1(config)#exit ORG1#wr Building configuration... [OK] ORG1#SWITCH
  42. 42. Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  43. 43. FOR ORG2 ROUTER Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ORG2 ORG2(config)#line console 0 ORG2(config-line)#password net ORG2(config-line)#login ORG2(config-line)#exit ORG2(config)#line vty 0 4 ORG2(config-line)#password net ORG2(config-line)#login ORG2(config-line)#exit ORG2(config)#enable password net ORG2(config)#enable secret net1 ORG2(config)#int f0/0 ORG2(config-if)#no sh %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up ORG2(config-if)#exit ORG2(config)#int f0/0.1 %LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2 ORG2(config-subif)#ip nat inside ORG2(config-subif)#ip address ORG2(config-subif)#no sh ORG2(config-subif)#exit ORG2(config)#int f0/0.2 ORG2(config-subif)#encapsulation dot1q 3 ORG2(config-subif)#ip nat inside ORG2(config-subif)#ip address ORG2(config-subif)#no sh ORG2(config-subif)#exit ORG2(config)#int s0/0/0 ORG2(config-if)#ip nat outside ORG2(config-if)#clock rate 64000 ORG2(config-if)#ip address
  44. 44. ORG2(config-if)#no sh %LINK-5-CHANGED: Interface Serial0/0/0, changed state to down ORG2(config-if)#exit ORG2(config)#ip route serial 0/0/0 ORG2(config)#ip nat inside source static ORG2(config)#access-list 20 permit any ORG2(config)#ip nat pool netmax netmask ORG2(config)#ip nat inside source list 20 pool netmax ORG2(config)#exit %SYS-5-CONFIG_I: Configured from console by console ORG2#wr Building configuration... [OK] ORG2#SWITCH Switch>en Switch#vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. Switch(vlan)#vlan 2 name server VLAN 2 added: Name: server Switch(vlan)#vlan 3 name clients VLAN 3 added: Name: clients Switch(vlan)#exit APPLY completed. Exiting.... Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int f0/1
  45. 45. Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  46. 46. FOR ORG3 ROUTER Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ORG3 ORG3(config)#line console 0 ORG3(config-line)#password net ORG3(config-line)#login ORG3(config-line)#exit ORG3(config)#line vty 0 4 ORG3(config-line)#password net ORG3(config-line)#login ORG3(config-line)#exit ORG3(config)#enable password net ORG3(config)#enable secret net1 ORG3(config)#int f0/0 ORG3(config-if)#no sh %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up ORG3(config-if)#exit ORG3(config)#int f0/0.1 %LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2 ORG3(config-subif)#ip nat inside ORG3(config-subif)#ip address ORG3(config-subif)#no sh ORG3(config-subif)#exit ORG3(config)#int f0/0.2 ORG3(config-subif)#encapsulation dot1q 3 ORG3(config-subif)#ip nat inside ORG3(config-subif)#ip address ORG3(config-subif)#no sh ORG3(config-subif)#exit ORG3(config)#int s0/0/0 ORG3(config-if)#ip nat outside ORG3(config-if)#clock rate 64000 ORG3(config-if)#ip address ORG3(config-if)#no sh
  47. 47. %LINK-5-CHANGED: Interface Serial0/0/0, changed state to down ORG3(config-if)#exit ORG3(config)#ip route serial 0/0/0 ORG3(config)#ip nat inside source static ORG3(config)#access-list 20 permit any ORG3(config)#ip nat pool netmax netmask ORG3(config)#ip nat inside source list 20 pool netmax overload ORG3(config)#exit %SYS-5-CONFIG_I: Configured from console by console ORG3#wr Building configuration... [OK] ORG3#SWITCH Switch>en Switch#vlan database % Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. Switch(vlan)#vlan 2 name server VLAN 2 added: Name: server Switch(vlan)#vlan 3 name clients VLAN 3 added: Name: clients Switch(vlan)#exit APPLY completed. Exiting.... Switch#config t Enter configuration commands, one per line. End with CNTL/Z.
  48. 48. Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr
  49. 49. REFERENCES • Wikipedia • Google • • NETMAX TECHNOLOGIES • CISCO