Cisco Certified Networking Associate(Project Report)


Published on

Project report on ccna with complete introduction.

Published in: Education
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cisco Certified Networking Associate(Project Report)

  1. 1. NETWORKING BASICS What is a Computer Network? A computer network allows sharing of resources and information among interconnected devices. In the 1960s, the Advanced Research Projects Agency (ARPA) started funding the design of the Advanced Research Projects Agency Network (ARPANET) for the United States Department of Defense. It was the first computer network in the world.[1] Development of the network began in 1969, based on designs developed during the 1960s. Computer networks can be used for a variety of purposes:  Facilitating communications. Using a network, people can communicate efficiently and easily via email, instant messaging, chat rooms, telephone, video telephone calls, and video conferencing.  Sharing hardware. In a networked environment, each computer on a network may access and use hardware resources on the network, such as printing a document on a shared network printer.  Sharing files, data, and information. In a network environment, authorized user may access data and information stored on other computers on the network. The capability of providing access to data and information on shared storage devices is an important feature of many networks.  Sharing software. Users connected to a network may run application programs on remote computers.  Information preservation.  Security.  Speed up. What is a Networking? Networking is a common synonym for developing and maintaining contacts and personal connections with a variety of people who might be helpful to you and your career. Networking is the practice of linking two or more computing devices together for the purpose of sharing data. Networks are built with a mix of computer hardware and computer software. It is an especially important aspect of career management in the financial services industry, since it is helps you keep abreast of:
  2. 2. Types of networks  Localarea network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as home, school, computer laboratory, office building, or closely positioned group of buildings. Each computer or device on the network is a node. Current wired LANs are most likely to be based on Ethernet technology, although new standards like ITU-T also provide a way to create a wired LAN using existing home wires (coaxial cables, phone lines and power lines) Personalarea network A personal area network (PAN) is a computer network used for communication among computer and different information technological devices close to one person. Some examples of devices that are used in a PAN are personal computers, printers, fax machines, telephones, PDAs, scanners, and even video game consoles. A PAN may include wired and wireless devices. The reach of a PAN typically extends to 10 meters.[4] A wired PAN is usually constructed with USB and Firewire connections while technologies such as Bluetooth and infrared communication typically form a wireless PAN. Home area network A home area network (HAN) is a residential LAN which is used for communication between digital devices typically deployed in the home, usually a small number of personal computers and accessories, such as printers and mobile computing devices. An important function is the sharing of Internet access, often a broadband service through a CATV or Digital Subscriber Line (DSL) provider. It can also be referred to as an office area network (OAN). Wide area network A wide area network (WAN) is a computer network that covers a large geographic area such as a city, country, or spans even intercontinental distances, using a communications channel that combines many types of media such as telephone lines, cables, and air waves. A WAN often uses transmission facilities provided by common carriers, such as telephone companies. WAN technologies generally function at the lower three layers of the OSI reference model: the physical layer, the data link layer, and the network layer.
  3. 3. Campus Network A campus network is a computer network made up of an interconnection of local area networks (LAN's) within a limited geographical area. The networking equipments (switches, routers) and transmission media (optical fiber, copper plant, Cat5 cabling etc.) are almost entirely owned (by the campus tenant / owner: an enterprise, university, government etc.). In the case of a university campus-based campus network, the network is likely to link a variety of campus buildings including; academic departments, the university library and student residence halls. Metropolitanarea network A Metropolitan area network is a large computer network that usually spans a city or a large campus. Virtual private network A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. The data link layer protocols of the virtual network are said to be tunneled through the larger network when this is the case. One common application is secure communications through the public Internet, but a VPN need not have explicit security features, such as authentication or content encryption. VPNs, for example, can be used to separate the traffic of different user communities over an underlying network with strong security features. What is network topology? Network topology is the layout pattern of interconnections of the various elements (links, nodes, etc.) of a computer network.[1][2] Network topologies may be physical or logical. Physical topology means the physical design of a network including the devices, location and cable installation. Logical topology refers to how data is actually transferred in a network as opposed to its physical design. Various topologies ::
  4. 4. Bus topology Many devices connect to a single cable "backbone". If the backbone is broken, the entire segment fails. Bus topologies are relatively easy to install and don't require much cabling compared to the alternatives. Ring Topology
  5. 5. In a ring network, every device has exactly two neighbours for communication purposes. All messages travel through a ring in the same direction. Like the bus topology, a failure in any cable or device breaks the loop and will take down the entire segment. A disadvantage of the ring is that if any device is added to or removed from the ring, the ring is broken and the segment fails until it is "reforged" (by dwarfish goldsmiths?) It is also considerably more expensive than other topologies. Star Topology A star network has a central connection point - like a hub or switch. While it takes more cable, the benefit is that if a cable fails, only one node will be brought down. All traffic emanates from the hub of the star. The central site is in control of all the nodes attached to it. The central hub is usually a fast, self contained computer and is responsible for routing all traffic to other nodes. The main advantages of a star network is that one malfunctioning node does not affect the rest of the network. However this type of network can be prone to bottleneck and failure problems at the central site. Tree Topology
  6. 6. Also known as the 'Hierarchical topology', the tree topology is a combination of bus and star topologies. They are very common in larger networks. A typical scenario is: a file server is connected to a backbone cable (e.g. coaxial) that runs through the building, from which switches are connected, branching out to workstations. Meshtopology
  7. 7. In the topologies shown above, there is only one possible path from one node to another node. If any cable in that path is broken, the nodes cannot communicate. Mesh topology uses lots of cables to connect every node with every other node. It is very expensive to wire up, but if any cable fails, there are many other ways for two nodes to communicate. Some WANs, like the Internet, employ mesh routing. In fact the Internet was deliberately designed like this to allow sites to communicate even during a nuclear war. Hybrid Topology Hybrid network is the combination of different topologies such as star, Ring, Mesh, Bus etc. For example, if a department uses a Bus network, second department uses the ring network, third department uses the Mesh network and fourth department uses the star network. All the networks of different types (of four departments) can be connected together through a central hub (in the form of star network) as shown in the figure below.
  8. 8. Basic networking devices Computer networking devices are units that mediate data in a computer network. Computer networking devices are also called network equipment, Intermediate Systems (IS) or InterWorking Unit (IWU). Units which are the last receiver or generate data are called hosts or data terminal equipment. Routers A router is a communication device that is used to connect two logically and physically different networks, two LANs, two WANs and a LAN with WAN. The main function of the router is to sorting and the distribution of the data packets to their destinations based on their IP addresses. Routers provides the connectivity between the enterprise businesses, ISPs and in the internet infrastructure, router is a main device. Cisco routers are widely used in the world. Every router has routing software, which is known as IOS. Router operates at the network layer of the OSI model. Router does not broadcast the data packets. We have two types of router: 1.Hardware – this router is provided by RRAS SERVICE.
  9. 9. Switches Like the router, a switch is an intelligent device that maps the IP address with the MAC address of the LAN card. Unlike the hubs, a switch does not broadcast the data to all the computers, it sends the data packets only to the destined computer. Switches are used in the LAN, MAN and WAN. In an Ethernet network, computers are directly connected with the switch via twisted pair cables. In a network, switches use the three methods to transmit the data i.e. store and forward, cut through and fragment free. We have two types of switch. 1.Mangeable switch: it has console port by using this we can mange this switch according to our need . 2.non-mangeable : it ha no console port we use this switch as we purchase it. Hubs The central connecting device in a computer network is known as a hub. There are two types of a hub i.e. active hub and passive hub. Every computer is directly connected with the hub. When data packets arrives at hub, it broadcast them to all the LAN cards in a network and the destined recipient picks them and all other computers discard the data packets. Hub has five, eight,
  10. 10. sixteen and more ports and one port is known as uplink port, which is used to connect with the next hub. Modems A modem is a communication device that is used to provide the connectivity with the internet. Modem works in two ways i.e. Modulation and Demodulation. It converts the digital data into the analogue and analogue to digital.
  11. 11. LAN Cards LAN cards or network adapters are the building blocks of a computer network. No computer can communicate without a properly installed and configured LAN card. Every LAN card is provided with a unique IP address, subnet mask, gateway and DNS (if applicable). An UTP/STP cable connects a computer with the hub or switch. Both ends of the cable have the RJ-45 connectors one is inserted into the LAN card and one in the hub/switch. LAN cards are inserted into the expansion slots inside the computer. Different LAN cards support different speed from 10/100 to 10/1000. Ethernet = speed 10mbps Fast Ethernet = 100mbps Giga Ethernet = 1000mbps Fastgiga Ethernet = 10000mbps Network Repeater A repeater connects two segments of your network cable. It retimes and regenerates the signals to proper amplitudes and sends them to the other segments. When talking about, ethernet topology, you are probably talking about using a hub as a repeater. Repeaters require a small amount of time to regenerate the signal. This can cause a propagation delay which can affect network communication when there are several repeaters in a row. Many network architectures
  12. 12. limit the number of repeaters that can be used in a row. Repeaters work only at the physical layer of the OSI network model. Bridge A bridge reads the outermost section of data on the data packet, to tell where the message is going. It reduces the traffic on other network segments, since it does not send all packets. Bridges can be programmed to reject packets from particular networks. Bridging occurs at the data link layer of the OSI model, which means the bridge cannot read IP addresses, but only the outermost hardware address of the packet. In our case the bridge can read the ethernet data which gives the hardware address of the destination address, not the IP address. Bridges forward all broadcast messages. Only a special bridge called a translation bridge will allow two networks of different architectures to be connected. Bridges do not normally allow connection of networks with different architectures.
  13. 13. The hardware address is also called the MAC (media access control) address. To determine the network segment a MAC address belongs to, bridges use one of: Transparent Bridging - They build a table of addresses (bridging table) as they receive packets. If the address is not in the bridging table, the packet is forwarded to all segments other than the one it came from. This type of bridge is used on ethernet networks. Source route bridging - The source computer provides path information inside the packet. This is used on Token Ring networks. Gateway A gateway can translate information between different network data formats or network architectures. It can translate TCP/IP to AppleTalk so computers supporting TCP/IP can communicate with Apple brand computers. Most gateways operate at the application layer, but can operate at the network or session layer of the OSI model. Gateways will start at the lower level and strip information until it gets to the required level and repackage the information and work its way back toward the hardware layer of the OSI model. To confuse issues, when talking about a router that is used to interface to another network, the word gateway is often used. This does not mean the routing machine is a gateway as defined here, although it could be. Network Models
  14. 14. When dealing with networking, you may hear the terms "network model" and "network layer" used often. Network models define a set of network layers and how they interact. There are several different network models depending on what organization or company started them. The most important two are: The TCP/IP Model - This model is sometimes called the DOD model since it was designed for the department of defense It is also called the internet model because TCP/IP is the protocol used on the internet. OSI Network Model - The International Standards Organization (ISO) has defined a standard called the Open Systems Interconnection (OSI) reference model. This is a seven layer architecture listed in the next section.
  15. 15. Layers in the TCP/IP model Application Layer (process-to-process): This is the scope within which applications create user data and communicate this data to other processes or applications on another or the same host. The communications partners are often called peers. This is where the "higher level" protocols such as SMTP, FTP, SSH, HTTP, etc. operate. Transport Layer (host-to-host): The Transport Layer constitutes the networking regime between two network hosts, either on the local network or on remote networks separated by routers. Internet Layer (internetworking): The Internet Layer has the task of exchanging datagrams across network boundaries. It is therefore also referred to as the layer that establishes
  16. 16. internetworking, indeed, it defines and establishes the Internet. This layer defines the addressing and routing structures used for the TCP/IP protocol suite. Link Layer: This layer defines the networking methods with the scope of the local network link on which hosts communicate without intervening routers. This layer describes the protocols used to describe the local network topology and the interfaces needed to affect transmission of Internet Layer datagrams to next-neighbor hosts. OSI Model The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy. Application (Layer 7) This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Presentation (Layer 6) This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. Session(Layer 5) This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination. Transport (Layer 4) This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. Network (Layer 3) This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node.
  17. 17. Data Link (Layer 2) At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. Physical (Layer 1) This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. . TCP/IP Modelvs OSI Model Sr. No. TCP/IP Reference Model OSI Reference Model 1 Defined after the advent of Internet. Defined before advent of internet. 2 Service interface and protocols were not clearly distinguished before Service interface and protocols are clearly distinguished 3 TCP/IP supports Internet working Internet working not supported 4 Loosely layered Strict layering 5 Protocol Dependant standard Protocol independent standard 6 More Credible Less Credible 7 TCP reliably delivers packets, IP does not reliably deliver packets All packets are reliably delivered Basic Networking Cables Networking Cables are used to connect one network device to other or to connect two or more computers to share printer, scanner etc. Different types of network cables like Coaxial cable, Optical fiber cable, Twisted Pair cables are used depending on the network's topology, protocol and size. The devices can be separated by a few meters (e.g. via Ethernet) or nearly unlimited distances (e.g. via the interconnections of the Internet). While wireless may be the wave of the future, most computer network today still utilize cables to transfer signals from one point to another
  18. 18. Twisted pair Twisted pair cabling is a type of wiring in which two conductors (the forward and return conductors ofa single circuit) are twisted togetherfor the purposes ofcanceling out electromagnetic interference (EMI) from external sources; for instance, electromagnetic radiation from unshielded twisted pair (UTP) cables, and crosstalkbetween neighboring pairs. It was invented by Alexander Graham Bell. Unshielded twisted pair cable with different twist rates Shielded twisted pair Advantages  It is a thin, flexible cable that is easy to string between walls.  More lines can be run through the same wiring ducts.  UTP costs less permeter/foot than any other type of LAN cable. Disadvantages  Twisted pair’s susceptibility to electromagnetic interference greatly depends on the pair twisting schemes (usually patented by the manufacturers) staying intact during the installation. As a result, twisted pair cables usually have stringent requirements for maximum pulling tension as well as minimum bend radius. This relative fragility of twisted pair cables makes the installation practices an important part of ensuring the cable’s performance.  In video applications that send information across multiple parallel signal wires, twisted pair cabling can introduce signaling delays known as skew which results in subtle color defects and ghosting due to the image components not aligning correctly when recombined in the display device
  19. 19. Optical fiber cable An optical fiber cable is a cable containing one or more optical fibers. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable will be deployed. An optical fiber is a single, hair-fine filament drawn from molten silica glass. These fibers are replacing metal wire as the transmission medium in high-speed, high-capacity communications systems that convert information into light, which is then transmitted via fiber optic cable. Currently, American telephone companies represent the largest users of fiber optic cables, but the technology is also used for power lines, local access computer networks, and video transmission. Coaxial cable Coaxial cable, or coax, is an electrical cable with an inner conductorsurrounded by a flexible, tubular insulating layer, surrounded by a tubular conducting shield. The term coaxial comes from the inner conductorand the outer shield sharing the same geometric axis. Coaxial cable was invented by English engineer and mathematician Oliver Heaviside, who first patented the design in 1880.[1] Coaxial cable is used as a transmission line for radio frequency signals, in applications such as connectingradio transmitters and receivers with their antennas,computer network (Internet) connections,and distributingcable
  20. 20. television signals. One advantage of coax over other types of radio transmission line is that in an ideal coaxial cable the electromagnetic field carrying the signal exists only in the space between the inner and outerconductors.This allows coaxial cable runs to be installed next to metal objects such as gutters without the power losses that occur in other types of transmission lines, and provides protection of the signal from externalelectromagnetic interference. Straight Cable You usually use straight cable to connect different type of devices.This type of cable will be used most of the time and can be used to: 1) Connect a computer to a switch/hub's normal port. 2) Connect a computer to a cable/DSL modem's LAN port. 3) Connect a router's WAN port to a cable/DSL modem's LAN port. 4) Connect a router's LAN port to a switch/hub's uplink port. (normally used for expanding network) 5) Connect 2 switches/hubs with one of the switch/hub using an uplink port and the otherone using normal port. Crossover Cable A crossover cable connects two devices of the same type,for example DTE-DTE or DCE-DCE, usually connected asymmetrically (DTE-DCE), by a modified cable called a crosslink. Such distinction of devices was introduced by IBM Sometimes you will use crossovercable, it's usually used to connect same type of devices. A crossovercable can be used to: 1) Connect 2 computers directly. 2) Connect a router's LAN port to a switch/hub's normal port. (normally used for expanding network) 3) Connect 2 switches/hubs by using normal port in both switches/hubs
  21. 21. We use two types of cable in networking : 1. straight cable 2. cross cable Colour cording of cable: Straight: 1. orange white white 2. orange 3. green white white 4. blue 4. blue 5. blue white 5. blue white 6. green 6. green 7. brown white 7. brown white 8. brown 8. Brown Cross cable: 1 3 2 6 3 1 6 2 1. orange white white 2. orange 3. green white white 4. blue 4. blue 5. blue white 5. blue white 6. green 6. orange 7. brown white 7. brown white 8. brown 8. Brown Colour coding for cables T-568B Straight-Through Ethernet Cable
  22. 22. RJ-45 Crossover Ethernet Cable INSTALLING CABLES In today networks, UTP CABLES are commonly used to connect computers in a network.
  23. 23. Depending on the color codings, we have different cables like straight cable, cross cable and roll- over cable. STRAIGHT CABLE The cable used between the PC and the hub/switch is called straight cable. Straight cable can be used between PC - SWITCH PC- HUB HUB(UPLINK PORT) - HUB According to TIA/EIA(Telecommunications industry standard/Electronics industry standard),we have the following two standards for making straight cable: CROSS-OVER CABLE The cable used to connect two PCs is called cross-over cable. Cross cable can be used between: PC - PC HUB - HUB SWITCH - SWITCH ROUTER - PC ROLL-OVER CABLE The cable used between a hardware router and a PC is called roll-over cable. In this cable,the color coding used in one end is reversed in the other end. DATA TRAVELL ONLY GREEN OR ORANGE PAIR OF CABLE. ADDRESSINGIN COMPUTERNETWORKING There are two kinds of addresses used in networks: 1.Physical address 2.Logical address PHYSICAL ADDRESS 1.It is also called hardware address or MAC address.MAC stands for media access control. 2.It is present in the chip of a NIC card. 3.It is unique for every NIC card and cannot be changed. 4.It is 48 bits.Out of 48 bits,24 bits of address is given by the manufacturer of NIC card and the remaining 24 bits of address is defined as per instructions given by IEEE. 5.IEEE stands for Institute of Electronics and Electrical Engineers. LOGICAL ADDRESS 1.It is also called software address. 2.It is given by the user and can be changed anytime. 3.Several schemes or protocols are used to define logical address in a computer. 4.These protocols are : TCP/IP (TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL) IPX/SPX (Internetwork Packet Exchange/Sequential Packet EXchange) NetBeuI DLC (Data Link Control)
  24. 24. AppleTalk PROTOCOL is a set of rules which in communication between computers. TCP/IP 1.It has become industry-standard 2.It was developed by DOD(Department of Defence) of USA. 3.It is used both in Internet(public network) and Intranet(private network). 4.It is of 32 bits. 5.Currently used version is IP v4. 6.IP v6 is also available. 7.It has four fields or octetes. 8.Each octet is of 8 bits. 9.It can be repesented by w.x.y.z 10.Minimum value of a octet is 0 and maximum is 255 11.Eaxh octet or field can have decimal values ranging from 0 to 255. 12.According to the value of w or first field, we have five classes of TCP/IP Addresses. The first three classes are only used for computer addressing in a network. IP ADDERSSING IP (INTERNER PROTOCOL) ip stands on internet protocol it is 32 is divided in 4 octet each octet contain 8 is numerical identification of computer on network .it is divided in to two parts one is network and second is host .we use private ip address in LAN which is provided by IANA(INTERNET ASSIGNING NUMBRING AUTHOURTIY). The minimum value (per octet) is 0 and the maximum value is 255.IP address are divided in five classes. 1. Network ID : it represent no. of on bit that is (1). 2. Host ID : it represent the no. of off bit that is (0). class Range N/W ID Host/ID Subnet Mask TotalIP Valid IP A 1-126 8 24 16777216 16777214 B 128-191 16 16 65536 65534 C 192-223 24 8 256 254 D 224-239 it is reserved for multicasti. E 240-255 it is reserved for research /scientific use. We use only first three class which is provide by IANA in LAN . IP Addresses are divided into two parts: 1. Private IP address 2. Public (live) IP address. Range of private IP address: to to to Range of public IP address: to to to to to
  25. 25. And another range is called APIPA (Automatic private internet protocol addressing ) range is to we can assign the IP address by using two methods: (1) Statically or manually (2) Dynamically (by using DHCP server- dynamic host configuration protocol) But in case of your computer has no IP address then IP address is assigned to the computer from APIPA Range . but communication is not possible when computer has IP address from APIPA. it is the loop back address it is used for self communication and for troubleshooting perpose. Subnet mask: subnet mask is also 32 bit address, which tell us how many bits are used for network and how many bits are used for host address. In subnet mask network bits are always 1 and host bits are always 0. IP Address invalid or reserve IP Address: When we are going to assign IP Address to our computer interface then we have to follow some rules: Rules: - 1. All Host bits cannot be 0 (, because it represent network address which is reserved for router. 2. All Host bit cannot be 1 (, because it is broadcast address of that network (10th)network. 3. All bits cannot be 0 (, because this address is reserved for default routing. Default routing is used in case of stub n/w (means our network has no exit point). 4. All bits cannot be 1 (, because it reserved for Broadcasting – this is loopback address, which is used for self-communication or troubleshooting purpose. C:> IPCONFIG (this command is use for IP check). C:> IPCONFIG /ALL (This cmd is show all detail of your interface.). Ping – Packet Internet Groper This command is used to check the connectivity with other computer. Ping is performed with in network or outside the network. In this process four packets are send to destination address and four packets received from the destination address. ICMP (Internet control massage protocol ) is used for this process. ICMP Internet Control Messaging Protocol is used by ping and traceroute utilities. Ping (Packet Internet Groper) enables you to validate that an IP address exists and can accept requests. The following transmissions are used by the Ping utility: . Ping sends an echo request packet to receive the echo response. . Routers send Destination Unreachable messages when they can’t reach the destination network and they are forced to drop the packet. The router that drops the packet sends the ICMP DU message. C:> ping (IP of destination) for e.g C:> ping (IP of destination ) –t (for continue).
  26. 26. Press ctrl+c to stop ping. 1.Reply from Destination : Reply from bytes=32 time<1ms TTL=255 Reply from bytes=32 time<1ms TTL=255 Reply from bytes=32 time<1ms TTL=255 Reply from bytes=32 time<1ms TTL=255 Ping statistics for Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: 1. Minimum = 0ms, Maximum = 0ms, Average = 0ms This massage appear when destination computer properly configured and connected with same netwok ip address. 2.Request time out (R.T.O):- This massage appear when Destination computer has some problem .For e.g : IP address does not exit, network cable unplugged, computer shutdown, interconnection firewall enable. 3.Destination host unreachable :- This massage appear when our computer desire to communicate with another n/w but our computer has no gateway IP address. 4.Reply from gateway but Destination host unreachable:-This massage appear when computer desire to communicate with another network computer but our router has no route information in its routing table for Destination n/w. 5.Hardware error:- This massage appears when during communication our network goes unplugged. 6.Negoshating IP sequirty:- This massage appears when our computer has IP-Sec service enabled with sequre communication rule negoshation. PROJECT DESCRIPTION We have designed a network Scienario in which we have used the concepts of routers,switches,servers,NAT,Access list,Vlan,server publishing,we have given detail study of above topics.... Routing
  27. 27. Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network (Circuit switching) , electronic data networks (such as the Internet), and transportation networks. This article is concerned primarily with routing in electronic data networks using packet switching technology. In packet switching networks, routing directs packet forwarding, the transit of logically addressed packets from their source toward their ultimate destination through intermediate nodes,typically hardware devices called routers, bridges, gateways,firewalls, or switches. General-purpose computers can also forward packets and perform routing, though they are not specialized hardware and may suffer from limited performance. The routing process usually directs forwarding on the basis of routing tables which maintain a record of the routes to various network destinations.Thus,constructing routing tables, which are held in the router's memory, is very important for efficient routing. Most routing algorithms use only one network path at a time, but multipath routing techniques enable the use of multiple alternative paths. Types of routing Static routing Static routing is a data communication concept describing one way of configuring path selection of routers in computer networks. It is the type of routing characterized by the absence of communication between routers regarding the current topology of the network.[1] This is achieved by manually adding routes to the routing table. The opposite of static routing isdynamic routing, sometimes also referred to as adaptive routing. Example To configure a static route to network, pointing to a next-hop router with the IP address of, type: (Note that this example is written in the Cisco IOScommand line syntaxand will only work on certain Cisco routers[2]) Router> enable Router# configure terminal Router(config)# ip route The other option is to define a static route with reference to the outgoing interface which is connected to the next hop towards the destination network. Router> enable Router# configure terminal Router(config)# ip route Serial 0/0 Dynamic Routing
  28. 28. Dynamic routing performs the same function as static routing except it is more robust. Static routing allows routing tables in specific routers to be set up in a static manner so network routes for packets are set. If a router on the route goes down the destination may become unreachable. Dynamic routing allows routing tables in routers to change as the possible routes change. There are several protocols used to support dynamic routing including RIP and OSPF Default routing .A default route, also known as the gateway of last resort, is the network route used by a router when no other known route exists for a given IP packet's destination address.All the packets for destinations not known by the router's routing table are sent to the default route. This route generally leads to another router, which treats the packet the same way: If the route is known, the packet will get forwarded to the known route. If not,the packet is forwarded to the default-route of that router which generally leads to another router. And so on. Each router traversal adds a one-hop distance to the route. ROUTING PROTOCOLS
  29. 29. Routed protocols: TCP/IP, IPX-SPX are protocols which are used in a Local Area Network (LAN) so computers can communicate between with each otherand with other computers on the Internet. Chances are that in your LAN you are most probably running TCP/IP. This protocol is what we call a "routed" protocol. The term "routed" refers to something which can be passed on from one place (network) to another. In the example of TCP/IP, this is when you construct a data packet and send it across to anothercomputer on the Internet Routing protocols: Routing protocols were created for routers. These protocols have been designed to allow the exchange of routing tables, or known networks, between routers. There are a lot of different routing protocols, each one designed for specific network sizes, so I am not going to be able to mention and analyse them all, but I will focus on the most popular. Dynamic Routing Protocols There are 3 types of Dynamic routing protocols,these differ mainly in the way that they discover and make calculations about routes (click to select):
  30. 30. 1) Distance Vector 2) Link State 3) Hybrid  Distance Vector routers compute the best path from information passed to themfrom neighbors  Link State routers each have a copy of the entire network map  Link State routers compute best routes from this local map DISTANCE VECTOR ROUTING PROTOCOLS Distance Vector routing protocols use frequent broadcasts ( or FF:FF:FF:FF) of their entire routing table every 30 sec. on all their interfaces in order to communicate with their neighbours.The bigger the routing tables, the more broadcasts.This methodology limits significantly the size of network on which Distance Vector can be used. RIPV1: Routing Information Protocol (RIP) is a true Distance-Vector routing protocol. It sends the complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to determine the best way to a remote network, but it has a maximum allowable hop count of 15, meaning that 16 is deemed unreachable. RIP works well in small networks, but it is inefficient on large networks with slow WAN links or on networks with large number of routers installed.
  31. 31. RIP comes in two different versions. RIP version 1 uses only classful routing, which means that all devices in the network must use the same subnet mask. This is because RIP version 1 does not include the subnet mask when it sends updates. RIP v1 uses broadcasts ( RIP version 2 does,however, and this is what we call classless routing (check the Subnetting section for more details). RIP v2 uses multicasts ( to update its routing tables. COMMANDS:- Configure RIP: Use thefollowing command to enable RIP on RouterA: RouterA(config)#router rip Configure therouter to receive and send only RIP Version 2 packets using the following command: RouterA(config-router)#version 2 Use thefollowing commands to specify the networks directly connected to the router: RouterA(config-router)#network RouterA(config-router)#network Interior GatewayProtocol- IGRP Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary Distance-Vector routing protocol. This means that all yourrouters must be Cisco routers in order to use IGRP in yournetwork, keep in mind that Windows 2000 now supports it as well because they have bought a licence from Cisco to use the protocol! Cisco created this routing protocol to overcome the problems associated with RIP. IGRP has a maximum hop count of 255 with a default of 100. This is helpful in larger networks and solves the problem of there being only 15 hops maximum possible in a RIP network. IGRPalso uses a different metric from RIP. IGRP uses bandwidth and delay of the line by default as a metric for determining the best route to an internetwork. This is called a composite metric. Reliability, load and Maximum Transmission Unit (MTU) can also be used,although they are not used by default. COMMANDS:- RouterA#configure terminal Enter configuration commands, one per line. End with Cntl/z RouterA#(config)#router igrp AS no. RouterA#(config-router)#network ip address RouterA#(config-router)#exit
  32. 32. Link State Routing Protocols Link State protocols,unlike Distance Vector broadcasts,use multicast. Link State routing protocols do not view networks in terms of adjacent routers and hop counts,but they build a comprehensive view of the overall network which fully describes the all possible routes along with their costs.Using the SPF (Shortest Path First) algorithm, the router creates a "topological database" which is a hierarchy reflecting the network routers it knows about.It then puts it's self on the top of this hierarchy, and has a complete picture from it's own perspective. Link State protocols in comparison to Distance Vector protocols have:  Big memory requirements  Shortest path computations require many CPU circles  If network is stable little bandwidth is used; react quickly to topology changes  Announcements cannot be “filtered”. All items in the database must be sent to neighbors  All neighbors must be trusted  Authentication mechanisms can be used to avoid undesired adjacencies  No split horizon techniques are possible Open ShortestPath First (OSPF)Routing Protocol Open Shortest Path First (OSPF) is a routing protocoldeveloped for Internet Protocol (IP) networks by the interior gateway protocol (IGP) working group of the Internet Engineering Task Force (IETF). The working group was formed in 1988 to design an IGP based on the shortest path first (SPF) algorithm for use in the Internet. Similar to the Interior Gateway Routing Protocol (IGRP), OSPF was created because in the mid-1980s, the Routing Information Protocol (RIP) was increasingly unable to serve large, heterogeneous internetworks. OSPF is a classless routing protocol, which means that in its updates,it includes the subnet ofeach route it knows about,thus,enabling variable-length subnet masks. With variable-length subnet masks, an IP network can be broken into many subnets ofvarious sizes. This provides network administrators with extra network-configuration flexibility.These updates are multicasts at specific addresses ( and OSPF has two primary characteristics:  1) The protocolis open (non proprietary), which means that its specification is in the public domain. The OSPF specification is published as Request For Comments (RFC) 1247.  2) The second principal characteristic is that OSPF is based on the SPF algorithm, which sometimes is referred to as the Dijkstra algorithm, named for the person credited with its creation.
  33. 33. COMMANDS:- Router#config terminal Router(config)#router ospf process-id Router(config-router)#network network-number mask area area-id Example: Router(config-router)#network area Hybrid Routing Protocols Hybrid Routing, commonly referred to as balanced-hybrid routing, is a combination of distance- vector routing, which works by sharing its knowledge of the entire network with its neighbors and link-state routing which works by having the routers tell every router on the network about its closest neighbours Eigrp .Enhanced Interior Gateway Routing Protocol (EIGRP) is another Cisco proprietary, hybrid (has feature of Distance Vector and Link State protocols), interior gateway protocol (IGP) used by routers to exchange routing information. EIGRP uses a composite metric composed of Bandwidth, Delay, Reliability, and Loading to determine the best path between two locations. EIGRP can route IP, IPX and Appletalk. Along with IS-IS, it is one of the few multi-protocol routing protocols. The Diffusing Update Algorithm (DUAL) is the heart of EIGRP. In essence, DUAL always keeps a backup route in mind, in case the primary route goes down. DUAL also limits how many routers are affected when a change occurs to the network. There is no maximum allowable number of hops. In a EIGRP network, each router multi-casts "hello" packs to discover its adjacent neighbor. This adjcency database is shared with other router to build a topology database. From the topology database the best route (Successor) and the second best route (Feasible Successor) is found.
  34. 34. EIGRP is classless, meaning it does include the subnet mask in routing updates. However, by default 'auto-summary' is enable. You must disable if you want subnet information from other major networks. The EIGRP metric is a can be a complex calculation, but by default it only uses bandwidth and delay to determine the best path. COMMANDS:- Router#config terminal Router (config)# router eigrp AS Router (config-router)# network X.X.X.X Network Address Translation(NAT) The NAT Concept  NAT is not only used for networks that connect to the Internet. You can use NAT even between private networks as we will see in the pages to follow, but because most networks use it for their Internet connection, we are focusing on that.  The NAT concept is simple: it allows a single device to act as an Internet gateway for internal LAN clients by translating the clients' internal network IP Addresses into the IP Address on theNAT-enabled gateway device.
  35. 35.  In other words, NAT runs on the device that's connected to the Internet and hides the rest of your network from the public, thus making your whole network appear as one device (or computer, if you like) to the rest of the world.  NAT is transparent to your network, meaning all internal network devices are not required to be reconfigured in order to access the Internet. All that's required is to let your network devices know that the NAT device is the default gateway to the Internet.  NAT is secure since it hides your network from the Internet. All communications from your private network are handled by the NAT device, which will ensure all the appropriate translations are performed and provide a flawless connection between your devices and the Internet. As you can see, we have a simple network of 4 hosts (computers) and one router that connects this network to the Internet. All hosts in our network have a private Class C IP Address, including the router's private interface (, while the public interface that's connected to the Internet has a real IP Address (
  36. 36. The NAT Table The NAT table is the heart of the whole NAT operation, which takes place within the router (or any NAT-enabled device) as packets arrive and leave its interfaces. Each connection from the internal (private) network to the external (public-Internet) network, and vice versa, is tracked and a special table is created to help the router determine what to do with all incoming packets on all of its interfaces; in our example there are two. This table, known as the NAT table, is populated gradually as connections are created across the router and once these connections are closed the entries are deleted, making room for new entries. TYPES OF NAT: Static Network Address Translation Static NAT (also called inbound mapping) is the first mode we're going to talk about and also happens to be the most uncommon between smaller networks. Static NAT was mainly created to allow hosts on your private network to be direcly accessible via the Internet using real public IPs; we'll see in great detail how this works and is maintained. Static NAT is also considered a bit dangerous because a misconfiguration to your firewall or other NAT-enabled device can result in the full exposure of the machine on your private network to which the public IP Address maps, and we'll see the security risks later on this page.
  37. 37. As mentioned in the introduction, Static NAT allows the mapping of public IP Addresses to hosts inside the internal network. In simple english, this means you can have a computer on your private network that exists on the Internet with its own real IP. The diagram below has been designed to help you understand exactly how Static NAT works: Dynamic Network Address Translation Dynamic NAT is the second NAT mode we're going to talk about. Dynamic NAT, just like Static NAT, is not that common in smaller networks but you'll find it used within larger corporations with complex networks. The way Dynamic NAT differentiates from Static NAT is that where Static NAT provides a one- to-one internal to public static IP mapping, Dynamic NAT does the same but without making the mapping to the public IP static and usually uses a group of available public IPs. With Dynamic NAT, we also map our internal IP Addresses to real public IP Addresses, but the mapping is not static, meaning that for each session our internal hosts communicate with the Internet, their public IP Addresses remain the same, but are likely to change. These IPs are taken from a pool of public IP Addresses that have been reserved by our ISP for our public network.
  38. 38. The diagram above is our example network and shows our router, which is configured to perform Dynamic NAT for the network. We requested 4 public IPs from our ISP ( to, which will be dynamically mapped by our router to our internal hosts. In this particular session our workstation, with IP Address, sends a request to the Internet and is assigned the public IP address This mapping between the workstation's private and public IP Address will remain until the session finishes. The router is configured with a special NAT timeout and, after this timeout is reached (no traffic sent/received during that time), the router will expire the particular mapping and reuse it for a different internal host. Network Address Translation Overload NAT Overload is the most common NAT method used throughout all networks that connect to the Internet. This is because of the way it functions and the limitations it can overcome, and we'll explore all of these in the next two pages. Whether you use a router, firewall appliance, Microsoft's Internet sharing ability or any 3rd party program that enables all your home computers to connect to the Internet via one connection, you're using NAT Overload. This NAT mode is also know by other names, like NAPT (Network Address Port Translation), IP Masquerading and NAT with PAT (Port Address Translation). The different names logically come from the way NAT Overload works, and you'll understand this by the time we're finished with the topic.
  39. 39. NAT Overload is a mix of Static & Dynamic NAT with a few enhancements thrown in (PAT- Port Address Translation) to make it work the way we need. By now you understand how bothStatic & Dynamic NAT work so we won't get into the details again. NAT Overload takes a Static or Dynamic IP Address that is bound to the public interface of the gateway (this could be a PC, router or firewall appliance) and allows all PCs within the private network to access the Internet. If you find yourself wondering how this is possible with one only IP Address, you will be happy to find that the answer lies within PAT. The diagram below shows you how a single session is handled by a NAT Overload enabled device: So we have a host on a private network, its IP Address is and it's sending a packet to the Internet, more specifically to IP Address, which we're assuming is a server. The Port, which is 23, tells us that it's trying to telnet to, since this is the default port telnet uses. As the original packet passes through the router, the Source IP Address field is changed by the router from to However, notice that the ports are not ‘changed. COMMANDS: access-list1 permit your_lan_address_range example: access-list 1 permit
  40. 40. Now that we defined the addresses that are allowed to use the NAT address we enable the actual NAT: ip nat inside source list access-list number interface overload example: ip nat inside source list 1 dialer0 overload This command states that it will use the addresses from the access-list we defined in step 1 and NAT it to the Public IP address on the interface, e.g. serial 0, dialer 0, ethernet 1,… The overload keyword specifies that multiple LAN addresses can be NAT’d to that address.The router uses the TCP and UDP ports of the hosts [LAN addresses]to translate the public IP address back to the originating local host address. The last steps we need to configure is to tell the router which our inside and outsideaddresses. This is achieved using the following commands: - for the inside conf t interface ethernet | fastethernet number ip nat inside - for the outside, assume we are dealing with an xDSL router conf t interface dialer0 ip nat outside Now that NAT is configured we can check to see which addresses are being used by using the show ip nat translations commands. INTERNET CONNECTION SHARING ICS provides networked computers with the ability to share a single connection to the Internet. If you have multiple computers, you can use ICS to allow you and others on your local area network (LAN) to perform different tasks simultaneously. For example, one person can send and receive e-mail messages, while another person downloads a file, and another person browses the Internet. You can also gain access to your corporate e-mail accounts from a client computer while others on your LAN cannot. You can use Web-enabled programs (such as downloading updates) as well as Microsoft NetMeeting and other video conferencing programs. Internet ConnectionSharing Components  DHCP Allocator - A simplified DHCP service that assigns the IP address, gateway, and name server on the local network.  DNS Proxy - Resolves names on behalf of local network clients and forwards queries.  Network Address Translation (NAT) - Maps a set of private addresses to a set of public addresses. NAT tracks private-source IP addresses and public-destination IP addresses for outbound flows. It changes the IP address information and edits the required IP header information dynamically.  Auto-dial - Automatically dials connections.  Application programming interfaces (APIs) - For configuration, status, and dial control for programs.
  41. 41. How to use Internet Connection Sharing To use Internet Connection Sharing to share your Internet connection, the host computer must have one network adapter that is configured to connect to the internal network, and one network adapter or modem that is configured to connect to the Internet. On the host computer On the host computer, follow these steps to share the Internet connection: 1. Log on to the host computer as Administrator or as Owner. 2. Click Start, and then click Control Panel. 3. Click Network and Internet Connections. 4. Click Network Connections. 5. Right-click the connection that you use to connect to the Internet. For example, if you connect to the Internet by using a modem, right-click the connection that you want under Dial-up. 6. Click Properties. 7. Click the Advanced tab. 8. Under Internet Connection Sharing, select the Allow other network users to connect through this computer's Internet connection check box. 9. If you are sharing a dial-up Internet connection, select the Establish a dial-up connection whenever a computer on my network attempts to access the Internet check box if you want to permit your computer to automatically connect to the Internet. 10. Click OK. You receive the following message: When Internet Connection Sharing is enabled, your LAN adapter will be set to use IP address Your computer may lose connectivity with other computers on your network. If these other computers have static IP addresses, it is a good idea to set them to obtain their IP addresses automatically. Are you sure you want to enable Internet Connection Sharing? 11. Click Yes. On the client computer To connect to the Internet by using the shared connection, you must confirm the LAN adapter IP configuration, and then configure the client computer. To confirm the LAN adapter IP configuration, follow these steps: 1. Log on to the client computer as Administrator or as Owner. 2. Click Start, and then click Control Panel. 3. Click Network and Internet Connections. 4. Click Network Connections. 5. Right-click Local Area Connection, and then click Properties.
  42. 42. 6. Click the General tab, click Internet Protocol (TCP/IP) in the This connection uses the following items list, and then click Properties. 7. In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP address automatically (if it is not already selected), and then click OK. Note You can also assign a unique static IP address in the range of to For example, you can assign the following static IP address, subnet mask, and default gateway: 8. IP Address 9. Subnet mask 10. Default gateway 11. In the Local Area Connection Properties dialog box, click OK. 12. Quit Control Panel. 12. SWITCHING: What is a VLAN? As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can create the broadcast domain. This works by, you, theadministrator, puttingsome switch ports in a VLAN other than 1, the default VLAN. All ports in a single VLAN are in a single broadcast domain. Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any other port in any other VLAN, other than 10. However,
  43. 43. these devices can all communicate because they are on the same VLAN. Without additional configuration, they would not be able to communicate with any other devices, not in their VLAN. How can devices on different VLAN’s communicate? Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets. What is a trunk port? When there is a link between two switches or a router and a switch that carries the traffic of more than one VLAN, that port is a trunk port. A trunk port must run a special trunking protocol. The protocolused would be Cisco’s proprietary Inter-switch link (ISL) or the IEEE standard 802.1q. How do I create a VLAN? Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no matter what the commands are, is to:  Create the newVLAN’s  Put each port in the properVLAN Let’s say we wanted to create VLAN’s 5 and 10. We want to put ports 2 & 3 in VLAN 5 (Marketing) and ports 4 and 5 in VLAN 10 (Human Resources). On a Cisco 2950 switch, here is how you would do it:
  44. 44. At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 & 5 should be able to communicate. That is because each of these is in its own VLAN. For the device on port 2 to communicate with thedevice on port 4, you would have to configure a trunk port to a router so that it can strip off theVLAN information, route the packet, and add back the VLAN information. What do VLAN’s offer? VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts. As the amount of traffic and the number of devices grow, so does the number of broadcast packets. By using VLAN’s you are containing broadcasts. VLAN’s also provide security because you are essentially puttingone group of devices, in one VLAN, on their own network. INTER VLAN ROUTING: Applicable Network Scenarios As shown in the figure below, the addition of a router makes it possible to send traffic between VLANs while still containing broadcast traffic within VLAN boundaries. The router uses IP subnets to move traffic between VLANs. Each VLAN has a different IP subnet, and there is a one-to-one correspondence of VLAN and IP subnet boundaries. If a host is in a given IP subnet, it is also in a given VLAN, and vice-versa.
  45. 45. Access Control List, ACL is a listing containing one or more ACE that tells a computer operating system or other network device what rights users have to each item on a computer or network device. For example, an ACL may specify if a user or the users group have access to a file or folder on that computer or network. Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL does not take effect until it is expressly applied to an interface with the ip access-group command. Packets can be filtered as they enter or exit an interface. If a packet enters or exits an interface with an ACL applied, the packet is compared against the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate “permit” or “deny” action is taken. If there is no match, the second line’s criterion is examined. Again, if there i Each of these rules has some powerful implications when filtering IP and IPX packets with access lists. There are two types of access lists used with IP and IPX: Standard access lists These use only the source IP address in an IP packet to filter the network. This basically permits or denies an entire suite of protocols. IPX standards can filter on both source and destination IPX address. Extended access lists These check for both source and destination IP address, protocol field in the Network layer header, and port number at the Transport layer header. IPX extended access lists use source and destination IPX addresses, Network layer protocol fields, and socket numbers in the Transport layer header. Define In, Out, Inbound, Outbound, Source, and Destination The router uses the terms in, out, source, and destination as references. Traffic on the router can be compared to traffic on the highway. If you were a law enforcement officer in Pennsylvania and wanted to stop a truck going from Maryland to New York, the source of the truck is Maryland and the destination of the truck is New York. The roadblock could be applied at the Pennsylvania–New York border (out) or the Maryland–Pennsylvania border (in). When you refer to a router, these terms have these meanings.
  46. 46.  Out—Traffic that has already been through the router and leaves the interface. The source is where it has been, on the other side of the router, and the destination is where it goes.  In—Traffic that arrives on the interface and then goes through the router. The source is where it has been and the destination is where it goes, on the other side of the router.  Inbound —If the access list is inbound, when the router receives a packet, the Cisco IOS software checks the criteria statements of the access list for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet.  Outbound—If the access list is outbound, after the software receives and routes a packet to the outbound interface, the software checks the criteria statements of the access list for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet. Standard IP Access Lists Standard IP access lists filter the network by using the source IP address in an IP packet. You create a standard IP access list by using the access list numbers 1–99. Here is an example of the access list numbers that you can use to filter your network. The different protocols that you can use with access lists depend on your IOS version. RouterA(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <200-299> Protocol type-code access list <300-399> DECnet access list <400-499> XNS standard access list <500-599> XNS extended access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list By using the access list numbers between 1–99, you tell the router that you want to create a standard IP access list. RouterA(config)#access-list 10 ? deny Specify packets to reject permit Specify packets to forward
  47. 47. After you choose the access list number, you need to decide if you are creating a permit or deny list. For this example, you will create a deny statement: RouterA(config)#access-list 10 deny ? Hostname or A.B.C.D Address to match any Any source host host A single host address The next step requires a more detailed explanation. There are three options available. You can use the any command to permit or deny any host or network, you can use an IP address to specify or match a specific network or IP host, or you can use the host command to specify a specific host only. Here is an example of using the host command: RouterA(config)#access-list 10 deny host This tells the list to deny any packets from host The default command is host. In other words, if you type access-list 10 deny, the router assumes you mean host However, there is another way to specify a specific host: you can use wildcards. In fact, to specify a network or a subnet, you have no option but to use wildcards in the access list. Extended IP Access Lists In the standard IP access list example, notice how you had to block the whole subnet from getting to the finance department. What if you wanted them to gain access to only a certain server on the Finance LAN, but not to other network services, for obvious security reasons? With a standard IP access list, you can’t allow users to get to one network service and not another. However, extended IP access lists allow you to do this. Extended IP access lists allow you to choose your IP source and Destination address as well as the protocol and port number, which identify the upper-layer protocol or application. By using extended IP access lists, you can effectively allow users access to a physical LAN and stop them from using certain services. Here is an example of an extended IP access list. The first command shows the access list numbers available. You’ll use the extended access list range from 100 to 199. At this point, you need to decide what type of list entry you are making. For this example, you’ll choose a deny list entry. RouterA(config)#access-list 110 ? deny Specify packet dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward Once you choose the access list type, you must choose a Network layer protocol field entry. It is important to understand that if you want to filter the network by Application layer, you must
  48. 48. choose an entry here that allows you to go up through the OSI model. For example, to filter by Telnet or FTP, you must choose TCP here. If you were to choose IP, you would never leave the Network layer, and you would not be allowed to filter by upper-layer applications. RouterA(config)#access-list 110 deny ? <0-255> An IP protocol number eigrp Cisco's EIGRP routing protocol gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol Once you choose to go up to the Application layer through TCP, you will be prompted for the source IP address of the host or network. You can choose the any command to allow any source address. RouterA(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host After the source address is selected, the destination address is chosen. RouterA(config)#access-list 110 deny tcp any ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers In the example below, any source IP address that has a destination IP address of has been denied. RouterA(config)#access-list 110 deny tcp any host ? eq Match only packets on a given port number established Match established connections fragments Check fragments
  49. 49. gt Match only packets with a greater port number log Log matches against this entry log-input Log matches against this entry, including input interface lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value range Match only packets in the range of port numbers tos Match packets with given TOS value Now, you can press Enter here and leave the access list as is. However, you can be even more specific: once you have the host addresses in place, you can specify the type of service you are denying. The following help screen gives you the options. You can choose a port number oruse the application or even the program name. RouterA(config)#access-list 110 deny tcp any host eq ? <0-65535> Port number Monitoring IP Access Lists It is important to be able to verify the configuration on a router. The following commands can be used to verify the configuration:  show access-list Displays all access lists and their parameters configured on the router. This command does not show you which interface the list is set on.  show access-list 110 Shows only the parameters for the access list 110. This command does not show you the interface the list is set on.  show ip access-list Shows only the IP access lists configured on the router.  show ip interface Shows which interfaces have access lists set.  show running-config Shows the access lists and which interfaces have access lists set.
  50. 50. Servers A server is primarily a program that runs on a machine, providing a particular and specific service to other machines connected to the machine on which it is found. Nowadays,server functionality has become so rich, complex and varied in nature that there are whole very powerful computers dedicated to being exclusively servers. This has led many non-technical people to denote servers as being machines that run services. A network server is a computer designed to process requests and deliver data to other (client) computers over a local network or the Internet. Network servers typically are configured with additional processing, memory and storage capacity to handle the load of servicing clients. DHCP SERVER DHCP (Dynamic Host Configuration Protocol) is a protocol that allows a central
  51. 51. computer to automatically assign the TCP/IP network configuration to individual work-stations on a private network. With DHCP enabled it suffices to enable the "Obtain an IP address automatically" in the TCP/IP configuration on the private network. The DHCP Server then takes over the responsibility of assigning the TCP/IP parameters, significantly lowering the task of network maintenance How Does DHCP Work? At boot time the computer has no network parameters assigned to it. The following list provides an overview of the typical network parameters: • IP address and network mask • Default route/gateway ñ an IP address which will be used for forwarding packets whose destinations are beyond local network • DNS servers for resolving Internet names (e.g. to IP addresses • Workstation parameters, e.g., domain name or workgroup/workstation name
  52. 52. • Static routes • IP forwarding setting • MTU size • Other settings (a complete list can be found in the DHCP RFCs) • Static configuration. With static configuration, the client computer uses pre-configured network parameters. The disadvantages of this approach include the possibility of IP address conflicts and the administrative issues possible when manually configuring many internal clients. • DHCP configuration (automatic). With automatic configuration, the computer obtains its network parameters from the DHCP Server. This way the IP addresses are automatically managed and accordingly address conflicts are avoided. If manual and automatic network configurations are used together, the administrator must ensure that the DHCP Server wonít assign IP addresses used by manually-configured computers How to configure the DHCP server. Once you have considered the implications of DHCP in your network, you are ready to get started with the simple configuration. For a small network, the configuration of the DHCP Server is not very challenging and the InJoy DHCP Server Plugin is deliberately designed to be extremely simple. In fact, in the InJoy Firewallô, you can immediately enable the DHCP Server and have it operational in less than a minute. Here is how. DNS SERVER
  53. 53. The Domain Name System (DNS) is a standard technology for managing the names of Web sites and other Internet domains. DNS technology allows you to type names into your Web browser like and your computer to automatically find that address on the Internet. A key element of the DNS is a worldwide collection of DNS servers. What, then, is a DNS server? Answer: A DNS server is any computer registered to join the Domain Name System. A DNS server runs special-purpose networking software, features a public IP address, and contains a database of network names and addresses for other Internet hosts. DNS RootServers DNS servers communicate with each other using private network protocols. All DNS servers are organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the complete database of Internet domain names and their corresponding IP addresses. The Internet employs 13 root servers that have become somewhat famous for their special role. Maintained by various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm, Sweden. DNS Server Hierarchy The DNS is a distributed system, meaning that only the 13 root servers contain the complete database of domain names and IP addresses. All other DNS servers are installed at lower levels of the hierarchy and maintain only certain pieces of the overall database. Most lower level DNS servers are owned by businesses or Internet Service Providers (ISPs). For example, Google maintains various DNS servers around the world that manage the,, and other domains. Your ISP also maintains DNS servers as part of your Internet connection setup.