• Basics of Networking
• Ip Addressing
• Broadcast IP Address
• OSI Reference Model
• Routing Fundamentals
• Subnetting
• Command Line Interface(CLI)
• Routing -- Static and Dynamic (RIP, IGRP, OSPF, EIGRP)
• Remote Management Telnetting , CDP
• Access Lists , Natting
• WAN Protocols (PPD, HDLC, FR , ISDN)
• Switching
• Booting
NETWORKING-BASICS
Network – Connection of Autonomous Computers .
Ethernet
Ethernet Technology uses only one cable that is used to connect all over the world – RJ45/CAT 5/CAT 6/10 ... Earlier Token ring was used in Ethernet.
Types :
Broadcast Multi-Access: Even if all the systems are connected to the network , only the addressed system receives the packets. First messages are broadcast , addresses are received and then the packets are unicast .
Point-to-point: Only two computers are connected. Address is not mandatory (But is present). It is not broadcast .
Routers: Router is an intelligent device ( Layer 3 ) that receives data (packet) and routes the data using the best possible route .
RJ45 RJ11 RJ11 RJ45
Router Telecom
Ethernet (Fibre Optics)
Data in a network is packed in such a way that it travels in any media like RJ45 , fibre optics etc.,
Note: CCNA tells about
How to connect computers?
How hosts systems talks to each other, when and why?
How it interacts with the router and how router talks to the outer world?
Networks are divided as the Private (illegal, reserved, non-routable) and Public (Legal) networks. The private networks are secured leased lines that are over a particular area-used internally only. The public networks are world wide.
Router Router
Ethernet
Computers will have two addresses:
Logical Address – IP Address
Physical Address – Hardware address
MAC address
Ethernet address
Permanent address
MAC Address – Media Access Control Address. It is a 48 bit ( 6 Byte ) Address. No two network cards will have the same MAC addresses.
E.g.: 0010ab 1234cd
Vendor Card No.
Code
Operating System: OS acts as an interface between the hardware and the software .It is a software program that binds itself to the machine components .
We need a protocol to transfer data between two systems else your system will be a stand-alone system. In order for two systems to communicate NOS (Network Operating Systems) is needed.
TCP/IP is used to transfer data between systems . It is not a single protocol instead it is a stack of protocols.
TCP – Transmission Control Protocol
UDP – User Datagram Protocol
IP – Internet Protocol
ARP – Address Resolution Protocol
RARP – Reverse Address Resolution Protocol
ICMP – Internet Control Messaging Protocol
IGMP - Internet Group Messaging Protocol
IP ADDRESSING
Quality of IP Address (Borrowed from the Human & Telecom networks)
Identification and Location
Same length
Network is divided based on the size
IP Address – 32 bit address ( 4 Byte Address )
Divide into 4 octets
0-255 0-255 0-255 0-255
Each octet is of,
This range from 00000000 ………. 11111111 i.e. from 0 – 255.
IP Address has two parts.
Location (NID – Network ID)
Identification (HID - Host ID)
Network Classifications :
Class A
NID HID
(Network ID) (Host ID)
NID – 8 bits.
HID – 24 bits.
Network ID :
There 8 bits and so - 28 networks are possible = 256 networks. These 256 networks are shared among other classes also. We have 0 to 128 networks for Class a.
I octet
MSB LSB
128 64 32 16 8 4 2 1
MSB – Most Significant Bit
LSB – Least Significant Bit
128(MSB) is reserved for Class A. MSB is ‘0’ always.
0 – Default to any network.
127 – Loop Back Address.
The rest can be from 0000000 to 1111111.
Thus Class A can have 1-126 networks.
E.g. 10.0.0.0 is a Class A Network
Host ID :
If the hosts IDs are ‘0’ then it represents the Network and not the host. If the hosts IDs are ‘255’ then it represents the Broadcast address for the particular network.
E.g :
10.0.0.0 ----------- Network Address
10.0.0.1 ----------- First Host IP Address
10.255.255.254 ----------- Last Host IP Address
10.255.255.255 ----------- Broadcast IP Address
Class B :
NID HID
(Network ID) (Host ID)
NID – 16 bits.
HID – 16 bits.
Network ID:
I octet
MSB LSB
128 64 32 16 8 4 2 1
Two bits are reserved for Class B.
The other bits can be from 000000 to 111111.
NID has 2 octets out of which two 2 bits are reserved.
216 - 2 = 214 = 16384 networks for Class B.
E.g. 172.16.0.0 is a Class B network.
Host ID :
If the hosts IDs are ‘0’ then it represents the Network and not the host. If the hosts IDs are ‘255’ then it represents the Broadcast address for the particular network.
E.g :
170.27.0.0 ----------- Network Address
170.27.0.1 ----------- First Host IP Address
170.27.255.254 ----------- Last Host IP Address
170.27.255.255 ----------- Broadcast IP Address
Class C :
NID HID
(Network ID) (Host ID)
NID – 24 bits.
HID – 8 bits.
Network ID :
I octet
MSB LSB
128 64 32 16 8 4 2 1
The last three bits are reserved for Class C.
The others can be from 00000 to 11111.
NID has 3 octets out of which two 3 bits are reserved.
224 – 3 = 221 = 2097152 networks for Class C.
E.g. 202.14.0.0 is a Class C network.
Host ID :
If the hosts IDs are ‘0’ then it represents the Network and not the host. If the hosts IDs are ‘255’ then it represents the Broadcast address for the particular network.
E.g :
194.21.16.0 ----------- Network Address
194.21.16.1 ----------- First Host IP Address
194.21.16.254 ----------- Last Host IP Address
194.21.16.255 ----------- Broadcast IP Address
Class D: Class D can have 224 – 239 networks. They are used for Multicasting.
Class E: Class E can have 240 – 255 networks. They are used for Research purposes.
Note: From the above given addresses some addresses are reserved for the private networks. They are,
10.0.0.0 --------- A
172.16.0.0 to 172.31.0.0 --------- B
192.168.0.0 to 192.168.255.0 --------- C
Broadcasting:
Broadcast involves delivering a message from one sender to many recipients. This broadcast is 'limited' in that it does not reach every node on the Internet, only nodes on the LAN.
Broadcast address is found by ORing the IP address and the bit complement of the subnet mask.
E.g. : Let 190.16.4.9 be the IP address(Class B network).
The subnet mask for class B network is 255.255.0.0 --- bit complement is 0.0.255.255
190.16.4.9 ---- 10111110 00010000 00000100 00001001
0.0.255.255 ---- 00000000 00000000 11111111 11111111
190.16.255.255 -- 10111110 00010000 11111111 11111111
SUMMARY
Class N/w Bits Host bits Range- I octet MSB fixed No of n/ws No of hosts FHID LHID BC Addr Subnet mask
A 8 24 1-126 0 120 224-2 X.0.0.1 X.255.255.254 X.255.255.255 255.0.0.0
B 16 16 128-191 10 216-2=214 216-2 X.Y.0.1 X.Y.255.254 X.Y.255.255 255. 255.0.0
C 24 8 192-223 110 224-3=221 28-2 X.Y.Z.1 X.Y.Z.254 X.Y.Z.255 255. 255. 255.0
D 224-239
E 240-255
All HIDs 1 NID-‘1’
HID-‘0’
OSI REFERENCE MODEL
OSI – Open Systems Interconnection . This was designed by the ISO(International Standard Organisations).This model is developed from the TCP/IP Model given by the DoD,Department of Defence,US.
Open Systems: Irresepective of the plalttform ,open to any plattform.
The OSI Model comprises of 7 layers.
OSI Model
(International Standard Organisation)
TCP/IP Model
(Department of Defence,US)
PHYSICAL LAYER :
Physical layer is about the physical connections/media between the networks.
Connections nay be bound or unbound.
Bound – UTP, STP, Coaxial, Fibre optics..
Unbound – Infrared rays, Blue tooth, Radio waves, Micro waves…
UTP – Unsheilded Twisted Pair.
10 base T
10 base 10
100 base 10
Bandwidth Signal Length of the cable
Frequency
87.5 m (accurately)
100m cable
Ethernet Cross over and Straight Through Cables
There are 8 pins in the cables and or of different colours to identfy.
PIN N0 WIRE COLOR CROSSED-OVER STRAIGHT-THROUGH
1 Orange/White 3 1
2 Orange 6 2
3 Green/White 1 3
4 Blue
5 Blue/White
6 Green 2 6
7 Brown/White
8 Brown
If there are more then two systems,connecting them to each and every systems are not possible.In such cases we use Hub or Switches to connect the systems.
Hub(Concentrator):Hubs operate in the physical layer . Hubs are nothing but a repeaters, that sends data to all the systems connected to it during communicaton. A hub can contain multiple ports.
HUB
1 3 5 7
HUB
2 4 6 8
In a hub with 8 ports, each connected to a system. If system-1 has to send data to system-8 it sends data to system-8 and also to all other systems that are connected to the hub. If the data transfer rate is 10 mbps that is shared to send data to all the systems.
Full Duplex :
If transmission takes place in one line and data is received in another line, it is said to be in Full Duplex.
Half Duplex :
If transmitting and receiving is in same line, then it is said to be in Half Duplex.
DATA LINK LAYER :
All the systems in the network are identified and are ready to send the data.
This layer concentrates on How the data look like? – Format.
To whom the data is being sent and from where it is coming?
It checks for any collisions or errors ? – Error Detection.Error Detection is done by CSMA/CD (Carrier Sense Multilpe Access/Carrier Detection) which continuously senses the line to check if there is any error or collision.
Network Interface Card(NIC) contains the MAC(Media Access Control) Address.
Sub Layers of Data Link Layer:
LLC – Logical Link Control: It is concerned with managing the traffic over the network .While carrying the packet from the Data link layer to the network layer it should also carry data saying that it is a IP packet logical link between Datalink layer and the Network layer.
10.0.0.0
Router
MAC – Media Access Control: It is concerned with sharing the physical connection to the network among several computers. Each computer has its own MAC address.
Frame in the Data link layer consists the To and From MAC address.
Most popular layer-2 component is the Switch.
Switch: A network switch is a small hardware device that joins multiple computers together within one LAN Technically, network switches operate at layer two Data Link Layer.
A switch unlike hub sends data only to the specific system that requested the data .
Switch maintains the MAT (MAC Address Table) to look up the MAC address of the hosts to which it needs to send the data. First time it broadcasts and there after it maintains the addresses.
Port Number MAC address
NETWORK LAYER :
This layer concentrates on routing the packet to the destination in the best possible route .
Packtes in the network layer contains the To and From IP address.
In the following figure there are 4 data links between the the two networks.
10.0.0.0 20.0.0.0 40.0.0.0 60.0.0.0
Router1 Router2 Router3
TRANSPORT LAYER :
This layer is a software layer(A transport layer product is introduced now.)
The role of the transport layer is to provide a Reliable, end-to-end data transport between source and destination machines.
This layer concentrates on,
Segments: The exchanged between the communicating hosts are called the segments. This layer packetizes(i.e. turns into segments). The size of the segment ranges to less than or equal to the MTU(Maximum Transmission Unit=1500 bytes).
Sequence numbers
Check sum
Acknowledgement
Error checking
Windowing
3-way handshake
Port numbers
HTTP-80
FTP-21- CONTROL,20 - DATA
SMTP-25
TELNET-23
POP3-110
The connection may be connection oriented or connectionless.
Connection oriented :
Establishes a connection ( Synchronization )
Transmits data
Ends connection
TCP/IP provides a reliable and connection-oriented service.
Connectionless :
Data delivery
Error checking
UDP provides an unreliable and connection-less service.
SESSION LAYER :
The session layer allows users on different machines to establish sessions between them. A session management takes place whenever a session opens and ends.
If the port is inactive for a particular period of time the port is reset (the session is closed).
Source Quench: It is a message requesting the High speed machine to slow down . It is one way to control data flow over the network.
PRESENTATION LAYER :
This layer is concerned with the presentation of data that is transferred between two application processes.
It ensures that the date exchanged between them has a common meaning – Shared semantics.(common presentation style)
Data are transferred in Binary or ASCII format .
If any compression or encryption are needed they are also agreed upon.
APPLICATION LAYER :
This layer ensures that it provides service for an application program to communicate with other application program in the network.
This layer concentrates on,
Communication partners
Quality of service
User authentication
Constraints on data.
NOTE:
1.Encapsulation-Give the right information to the right user.
ROUTING FUNDAMENTALS
Concepts
Routing Table
Default Gateway
Windows DOS Commands :
Ipconfig
Ipconfig /all
Route Print
Route Add
Route Delete
Ping
arp –a
tracert
Protocols
ICMP
ARP
ROUTING TABLE :
A routing table is a database in which a routing protocol stores information about the network layer topology of the intranet work (The IP Addresses are looked up here before the packets are being routed).
Routing table can be built in two ways:
1. Manual
Route add
E.g. Route add 30.0.0.0 MASK 255.0.0.0 10.0.0.1
2. Default Gateway
PING ( Packet Inter Network Groper ): Sends a packet through the internet to grope the destination host. Echo Request and Reply are the two pairs in ICMP message. The ICMP checks whether there is an error during communication.
Echo Request
Echo Reply
50.0.0.2 70.0.0.1 90.0.0.1
50.0.0.0 70.0.0.0
30.0.0.0 R1 R2 R3 90.0.0.0
30.0.0.1 50.0.0.1 70.0.0.2
While pinging a host from the source,If the host/network is not configured with the router and if it does not identify the destination system in the routing table,then the following ICMP message is generated,
Destination Host Unreachable :
While pinging a host from the source,If the host is connected and configured to the router, the host sends all its messages to the router and then forwarded to the destination. Now if the router is enable to identify the destination IP Address in the routing table,then the following ICMP error message isgenerated,
Reply from
While pinging a host from the source,If the destination host is not connected to the network or if the cable is loosely connected or if the destination host does not respond to the source request then the
following ICMP error message isgenerated,
Request timed out :
arp –a
This command is used to obtain the MAC address of the host system.
C:\>arp -a
Interface: 9.184.45.180 --- 0x2
Internet Address Physical Address Type
9.184.45.1 00-00-0c-07-ac-2d dynamic
9.184.45.15 00-0d-60-8c-9d-93 dynamic
9.184.45.100 00-0d-60-fb-e4-ed dynamic
9.184.45.184 00-11-25-48-14-22 dynamic
C:\>arp –d 10.0.0.1
Deletes the MAC address of the particular host.
Tracert :
The tracert command is used to visually see a network packet being sent and received and the amount of hops required for that packet to get to its destination.
C:\>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
C:\>tracert 9.184.45.148
Tracing route to 9.184.45.148 over a maximum of 30 hops
1 * <1 ms <1 ms 9.184.45.148
Trace complete.
Find the FHID, LHID, Broadcast and SubnetMask
CLASS NETWORK FHID LHID BroadCast SubnetMask
A 1.0.0.0 1.0.0.1 1.255.255.254 1.255.255.255 255.0.0.0
A 39.0.0.0 39.0.0.1 39.255.255.254 3.255.255.255 255.0.0.0
B 147.0.0.0 147.0.0.1 147.0.255.254 147.0.255.255 255.255.0.0
C 211.0.0.0 211.0.0.1 211.0.0.254 211.0.0.255 255.255.255.0
SUBNETTING
Subnetting is the process of subdividing your networks into subnets that are meaningful, for the effective management of IP Address.With the help of mathematical functions we divide network itno subnets. Due to this congestion is controlled.
a. If 9.0.0.5 sends a packet to 9.0.0.3 hub copies and sends the packet to all the other hosts also(Broadcasts).Once it broadcasts it receives the MAC address, it unicasts to every hosts.Here packet is received by only the destination that matches the To address(MAC address).
9.0.0.2 9.0.0.3
9.0.0.5 9.0.0.4
HUB
b. In case if a hub is replaced by the switch, intially it broadcasts and receives the MAC address.After that the switch sends the packet only to the particular destination host and doesnot send copies to other systems.
c. In case if a router is replaced with the switch/hub, broadcasting and unicasting takes place.But it ensures that the MAC address doesnot cross the particular network/LAN.
• Divide the following network consisting of 2 subnets
CLASS NETWORK FHID LHID BroadCast SubnetMask
A 10.0.0.0 10.0.0.1 10.255.255.254 10.255.255.255 255.0.0.0
To get 2 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
Hence to get two subnets, we need to borrow 2 bits from the host id.
128 64
NID HID
Therefore the subnets are,
10.64.0.0 and 10.128.0.0
Class Subnet FHID LHID BroadCast SubnetMask
A 10.64.0.0 10.64.0.1 10.127.255.254 10.127.255.255 255.192.0.0
A 10.128.0.0 10.128.0.1 10.191.255.254 10.191.255.255 255.192.0.0
64+(32+16+8+4+2+1)=64+63=127 128+64=192
128+63=191
Total no of host id bits=24 -2(borrowed)=22.
So, The no of hosts possible in each subnet = 222-2 = 4194304-2 = 4194302 hosts
• Divide the following network consisting of 6 subnets
CLASS NETWORK FHID LHID BroadCast SubnetMask
A 10.0.0.0 10.0.0.1 10.255.255.254 10.255.255.255 255.0.0.0
To get 6 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
23-2=8-2=6 subnets
Hence to get 6 subnets, we need to borrow 3 bits from the host id.
128 64 32
NID HID
Therefore the subnets are, 10.32.0.0
10.64.0.0
10.96.0.0
10.128.0.0
10.160.0.0
10.192.0.0
Class Subnet FHID LHID BroadCast SubnetMask
A 10.32.0.0 10.32.0.1 10.63.255.254 10.63.255.255 255.224.0.0
A 10.64.0.0 10.64.0.1 10.95.255.254 10.95.255.255 255.224.0.0
A 10.96.0.0 10.96.0.1 10.127.255.254 10.127.255.255 255.224.0.0
A 10.128.0.0 10.128.0.1 10.159.255.254 10.159.255.255 255.224.0.0
A 10.160.0.0 10.160.0.1 10.191.255.254 10.191.255.255 255.224.0.0
A 10.192.0.0 10.192.0.1 10.223.255.254 10.223.255.255 255.224.0.0
32+(16+8+4+2+1)=32+31=63 128+64+32=224
Total no of host id bits=24 -3(borrowed)=22.
So, The no of hosts possible in each subnet = 221-2 = 2097152-2 = 2097150 hosts.
• Divide the following network consisting of 14 subnets
CLASS NETWORK FHID LHID BroadCast SubnetMask
A 10.0.0.0 10.0.0.1 10.255.255.254 10.255.255.255 255.0.0.0
To get 14 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
23-2=8-2=6 subnets
24-2=16-2=14 subnets
Hence to get 14 subnets, we need to borrow 4 bits from the host id.
128 64 32 16
NID HID
Therefore the subnets are,
10.16.0.0
10.32.0.0
10.48.0.0
|
10.224.0.0
Class Subnet FHID LHID BroadCast SubnetMask
A 10.16.0.0 10.16.0.1 10.31.255.254 10.31.255.255 255.240.0.0
A 10.32.0.0 10.32.0.1 10.47.255.254 10.47.255.255 255.240.0.0
A 10.48.0.0 10.48.0.1 10.63.255.254 10.63.255.255 255.240.0.0
….. ................ ……… ………………. …………….. …………..
A 10.208.0.0 10.208.0.1 10.223.255.254 10.223.255.255 255.240.0.0
A 10.224.0.0 10.224.0.1 10.239.255.254 10.239.255.255 255.240.0.0
16+(8+4+2+1)=16+15=31 128+64+32+16=240
Total no of host id bits=24 -4(borrowed)=20.
So, The no of hosts possible in each subnet = 220-2 = 1048576-2 = 1048574 hosts.
• How many bits you need to borrow to get 23 subnets.
To get 23 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
23-2=8-2=6 subnets
24-2=16-2=14 subnets
25-2=32-2=30 subnets
Hence to get 23 subnets, we need to borrow 5 bits from the host id.
128 64 32 16 8
NID HID
Therefore the subnets are,
10.8.0.0
10.16.0.0
10.24.0.0
|
10.184.0.0
|
10.240.0.0
Class Subnet FHID LHID BroadCast SubnetMask
A 10.8.0.0 10.8.0.1 10.15.255.254 10.15.255.255 255.248.0.0
A 10.16.0.0 10.16.0.1 10.23.255.254 10.23.255.255 255.248.0.0
A 10.24.0.0 10.24.0.1 10.31.255.254 10.31.255.255 255.248.0.0
….. ................ ……… ………………. …………….. …………..
A 10.184.0.0 10.184.0.1 10.191.255.254 10.191.255.255 255.248.0.0
…… ……… …………. …………… …………… …………..
A 10.240.0.0 10.240.0.1 10.247.255.254 10.247.255.255 255.248.0.0
8+(4+2+1)=8+7=15 128+64+32+16+8=248
Total no of host id bits=24 -5(borrowed)=19.
So, The no of hosts possible in each subnet = 219-2 = 524288-2 = 524286 hosts.
• How many bits you need to borrow to get 45 subnets.
To get 45 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
23-2=8-2=6 subnets
24-2=16-2=14 subnets
25-2=32-2=30 subnets
26-2=64-2=62 subnets
Hence to get 45 subnets, we need to borrow 6 bits from the host id.
128 64 32 16 8 4
NID HID
Therefore the subnets are,
10.4.0.0
10.8.0.0
10.12.0.0
|
10.180.0.0
|
10.248.0.0
Class Subnets FHID LHID BroadCast SubnetMask
A 10.4.0.0 10.4.0.1 10.7.255.254 10.7.255.255 255.252.0.0
A 10.8.0.0 10.8.0.1 10.11.255.254 10.11.255.255 255.252.0.0
A 10.12.0.0 10.12.0.1 10.15.255.254 10.15.255.255 255.252.0.0
….. ................ ……… ………………. …………….. …………..
A 10.180.0.0 10.180.0.1 10..183.254 10.183.255.255 255.252.0.0
…… ……… …………. …………… …………… …………..
A 10.248.0.0 10.248.0.1 10.251.255.254 10.252.255.255 255.252.0.0
4+(2+1)=4+3=7 128+64+32+16+8+4=252
Total no of host id bits=24 -6(borrowed)=18.
So, The no of hosts possible in each subnet = 218-2 = 262144-2 = 262142 hosts.
• Divide the following network consisting of 75 and 150 subnets
CLASS NETWORK FHID LHID BroadCast SubnetMask
A 10.0.0.0 10.0.0.1 10.255.255.254 10.255.255.255 255.0.0.0
To get 2 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
23-2=8-2=6 subnets
24-2=16-2=14 subnets.
25-2=32-2=30 subnets
26-2=64-2=62 subnets.
27-2=128-2=126 subnets
28-2=256-2=254 subnets
Hence to get 75 subnets, we need to borrow 7 bits from the host id.
And to get 150 subnets, we need to borrow 8 bits from the host id.
128 64 32 16 8 4 2
NID HID
128 64 32 16 8 4 2 1
NID HID
Therefore the subnets are,
75 subnet 150 subnet
10.2.0.0 10.1.0.0
10.4.0.0 10.2.0.0
10.6.0.0 10.3.0.0
| |
10.150.0.0 10.150.0.0
75 subnets
Class Subnets FHID LHID BroadCast SubnetMask
A 10.2.0.0 10.2.0.1 10.3.255.254 10.3.255.255 255.254.0.0
A 10.4.0.0 10.4.0.1 10.3.255.254 10.3.255.255 255.254.0.0
A 10.150.0.0 10.150.0.1 10.151.255.254 10.151.255.255 255.254.0.0
A 10.254.0.0 10.254.0.1 10.255.255.254 10.255.255.255 255.254.0.0
2+(1)=2+1 128+64+32+16+8+4+2=254
Total no of host id bits=24 -7(borrowed)=17.
So, The no of hosts possible in each subnet = 217-2 = 131072-2 = 131070 hosts
150 subnets
Class Subnets FHID LHID BroadCast SubnetMask
A 10.1.0.0 10.1.0.1 10.1.255.254 10.1.255.255 255.255.0.0
A 10.2.0.0 10.2.0.1 10.2.255.254 10.2.255.255 255.255.0.0
……. ………. ……….. …………….. …………….. …………
A 10.150.0.0 10.150.0.1 10.150.255.254 10.150.255.255 255.255.0.0
1+(0)=1 128+64+32+16+8+4+2+1=255
Total no of host id bits=24 -8(borrowed)=16.
So, The no of hosts possible in each subnet = 216-2 = 65536-2 = 65534 hosts
------------------------------------------------------------------------------------------------------------
• Divide the following network consisting of 9 subnets
CLASS NETWORK FHID LHID BroadCast SubnetMask
B 170.0.0.0 170.0.0.1 170.0.255.254 170.0.255.255 255.255.0.0
To get 9 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
23-2=8-2=6 subnets
24-2=16-2=14 subnets
Hence to get 9 subnets, we need to borrow 4 bits from the host id.
128 64 32 16
NID HID
Therefore the subnets are, 170.0.16.0
170.0.32.0
170.0.48.0
|
170.0.128.0
170.0.144.0
Class Subnets FHID LHID BroadCast SubnetMask
B 170.0.16.0 170.0.16.1 170.0.31.254 170.0.31.255 255.255.240.0
B 170.0.32.0 170.0.32.1 170.0.47.254 170.0.47.255 255.255.240.0
B 170.0.48.0 170.0.48.1 170.0.79.254 170.0.79.255 255.255.240.0
B ………. ………. ………. ………. …………..
B 170.0.128.0 170.0.128.1 170.0.143.254 170.0.143.255 255.255.240.0
B 170.0.144.0 170.0.144.1 170.0.175.254 170.0.175.255 255.255.240.0
16+(8+4+2+1)=16+15=31 128+64+32+16=240
Total no of host id bits=16 -4(borrowed)=14
So, The no of hosts possible in each subnet = 214-2 = 16384-2 = 16382 hosts.
• Divide the following network consisting of 99 subnets
CLASS NETWORK FHID LHID BroadCast SubnetMask
B 170.0.0.0 170.0.0.1 170.0.255.254 170.0.255.255 255.255.0.0
To get 99 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
23-2=8-2=6 subnets
24-2=16-2=14 subnets
25-2=32-2=30 subnets
26-2=64-2=60 subnets
27-2=128-2=126 subnets
Hence to get 99 subnets, we need to borrow 7 bits from the host id.
128 64 32 16 8 4 2
NID HID
Therefore the subnets are, 170.0.2.0
170.0.4.0
170.0.6.0
|
170.0.250.0
170.0.252.0
Class Subnets FHID LHID BroadCast SubnetMask
B 170.0.2.0 170.0.2.1 170.0.3.254 170.0.3.255 255.255.240.0
B 170.0.4.0 170.0.4.1 170.0.5.254 170.0.5.255 255.255.240.0
B 170.0.6.0 170.0.6.1 170.0.7.254 170.0.7.255 255.255.240.0
B ………. ………. ………. ………. …………..
B 170.0.250.0 170.0.250.1 170.0.251.254 170.0.251.255 255.255.240.0
B 170.0.252.0 170.0.252.1 170.0.253.254 170.0.253.255 255.255.240.0
2+(1)=2+1=3 128+64+32+16+8+4+2=254
Total no of host id bits=16 -7(borrowed)=9
So, The no of hosts possible in each subnet = 29-2 =512-2 = 510 hosts.
------------------------------------------------------------------------------------------------------------
• Divide the following network consisting of 2 subnets
CLASS NETWORK FHID LHID BroadCast SubnetMask
C 200.0.0.0 200.0.0.1 200.0.0.254 200.0.0.255 255.255.255.0
To get 2 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets.
Hence to get 2 subnets, we need to borrow 2 bits from the host id.
128 64
NID HID
Therefore the subnets are, 200.0.0.64
200.0.0.128
Class Subnet FHID LHID BroadCast SubnetMask
C 200.0.0.64 200.0.0.65 200.0.0.126 200.0.0.127 255.255.255.192
C 200.0.0.128 200.0.0.129 200.0.0.190 200.0.0.191 255.255.255.192
64+(32+16+8+4+2+1)=64+63=127 128+64=192
Note:127 is the Broadcast id.
Total no of host id bits=8 -2(borrowed)=6
So, The no of hosts possible in each subnet = 26-2 =64-2 =62 hosts.
• Divide the following network consisting of 23 hosts.
To get 2 subnets,
28-2=256-2=254 hosts
27-2=128-2=126 hosts
26-2=64-2=62 hosts
25-2=-32-2=30 hosts-----------------23-2=-8-2=6 subnets
24-2=16-2=14 hosts
Hence to get 23 hosts, we need to borrow 3 bits from the host id so that 5 bits will be left.
128 64 32
NID HID
Therefore the subnets are, 192.168.1.32
192.168.1.64
192.168.1.96
|
192.168.1.192(we borrow 3 bits and so 32*6 =192)
Class Subnets FHID LHID BroadCast SubnetMask
C 192.168.1.32 192.168.1.33 192.168.1.62 192.168.1.63 255.255.255.224
C 192.168.1.64 192.168.1.65 192.168.1.94 192.168.1.95 255.255.255.224
C 192.168.1.192 192.168.1.193 192.168.1.222 192.168.1.223 255.255.255.224
32+(16+8+4+2+1)=32+31=63 128+64+32=192
Total no of host id bits= 8-3(borrowed)=5
So, The no of hosts possible in each subnet = 25-2 =32-2 =30 hosts in each subnet.
• Divide the following network consisting of 11 hosts.
To get 2 subnets,
28-2=256-2=254 hosts
27-2=128-2=126 hosts
26-2=64-2=62 hosts
25-2=-32-2=30 hosts
24-2=16-2=14 hosts---------------------24-2=-16-2=14
23-2=8-2=6 hosts
Hence to get 11 hosts, we need to borrow 4 bits from the host id so that 4 bits will be left.
128 64 32 16
NID HID
Therefore the subnets are, 192.168.1.16
192.168.1.32
192.168.1.48
|
192.168.224.(we borrow 3 bits and so 16*14=224)
Class Subnet FHID LHID BroadCast SubnetMask
C 192.168.1.16 192.168.1.17 192.168.1.30 192.168.1.31 255.255.255.240
C 192.168.1.32 192.168.1.33 192.168.1.46 192.168.1.47 255.255.255.240
C ……………. ……………. ……………... …………….. ………………….
C 192.168.1.224 192.168.1.225 192.168.1.254 192.168.1.255 255.255.255.240
16+(8+4+2+1)=16+15=31 128+64+32+16=240
Total no of host id bits= 8-4(borrowed)=4
So, The no of hosts possible in each subnet = 24-2 =16-2 =14 hosts in each subnet.
• Divide the following network consisting of 17 subnets.
To get 2 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets
23-2=8-2=6 subnets
24-2=16-2=14 subnets
25-2=32-2=30 subnets
Hence to get 17 subnets, we need to borrow 5 bits from the host id.
128 64 32 16 8
NID HID
Therefore the subnets are, 192.168.1.8
192.168.1.16
192.168.1.24
|
192.168.1.136(we borrow 5 bits and so 8*17=136)
|
192.168.1.240(we borrow 5 bits and so 8*30=240)
Class Subnets FHID LHID BroadCast SubnetMask
C 192.168.1.8 192.168.1.9 192.168.1.14 192.168.1.15 255.255.255.248
C 192.168.1.16 192.168.1.17 192.168.1.22 192.168.1.23 255.255.255.248
C ……………. ……………. ……………... …………….. ………………..
C 192.168.1.240 192.168.1.241 192.168.1.246 192.168.1.247 255.255.255.248
8+(4+2+1)=8+7=15 128+64+32+16+8=248
Total no of host id bits= 8-5(borrowed)=3
So, The no of hosts possible in each subnet = 23-2 =8-2 =6 hosts in each subnet.
• Divide the following network consisting of 50 subnets.
To get 2 subnets,
21-2=2-2=0 subnets
22-2=4-2=2 subnets
23-2=8-2=6 subnets
24-2=16-2=14 subnets
25-2=32-2=30 subnets
26-2=64-2=62 subnets
Hence to get 50 subnets, we need to borrow 6 bits from the host id.
128 64 32 16 8 4
NID HID
Therefore the subnets are, 192.168.1.4
192.168.1.8
192.168.1.12
|
192.168.1.200(we borrow 5 bits and so 4*50=200)
|
192.168.1.248(we borrow 5 bits and so 4*62=248)
Class Subnets FHID LHID BroadCast SubnetMask
C 192.168.1.4 192.168.1.5 192.168.1.6 192.168.1.7 255.255.255.252
C 192.168.1.8 192.168.1.9 192.168.1.10 192.168.1.11 255.255.255.252
C ……………. ……………. ……………... …………….. ………………..
C 192.168.1.248 192.168.1.249 192.168.1.250 192.168.1.251 255.255.255.252
4+(2+1)=4+3=7 128+64+32+16+8+4=252
Total no of host id bits= 8-6(borrowed)=2
So, The no of hosts possible in each subnet = 22-2 =4-2 =2 hosts in each subnet.
NOTE : Subnetting Principle :
Donot change your NID
Borrow HID bits to Nid
Octet size and bit values will not changes
Rules for FHID, LHID, BC and SNM will not change.
CISCO ROUTERS
COMMAND LINE INTERFACE
CISCO ROUTER, doesn’t have the monitor . So , every router needs to be connected to the console.
Console is to manage/administor/monitor the router.For the console to be connected the router needs the console port.To connect the router a cable(RJ45) is provided with 9 pins.
For a router there should be atleast 2 ports.
Router
Serial port/ Powerpoint
WAN port
• To enter the hyperterminal
Programs Acessories Communication HyperTerminal
(HyperTerminal window opens)
-prompts for the screen name(not the router name)
-connect to window select com1 ok
-com1 properties window select restore default ok
-save and exit
• Once you switch on the router (if new router that is not configured / brand new router) it will prompt as ,
Would u like to enter initial configuretion dialog[yes/no]:
(if pressed – no )
press return to get started(enter)
Router>
(this is the first prompt in the router.This is called the user mode or the user execution mode)
Router> enable (enter)
Router#(this is called the priviliged mode/enabled mode /priviliged executable mode –not every one can enter – restrictions provided)
• Cisco commands are not case sensitive
• The user and the priviliged mode are not configurable mode , they are executable only . we can see all the configurations that exists and no new configurations added or no troubleshooting.
• U can find the errors in these two modes but cannot be rectified.
Router#show running-config(enter)
(this command displays the currently running configuration)
Router#debug xxx
Router#copy xxx
Router#configure terminal(enter)
Router(config)#
(this is the global configuration mode-where u can make new configurations)
• To change the hostname
Router(config)#hostname abc(enter)
abc(config)#
• Specific configuration mode
Router(config)#interface ethernet 0/fastethernet 0/serial 0/serial 1(enter)
Router(config-if)#
Router(config)#Line console 0(enter)
Router(config-line)#
To configure from console through port 0
To configure from telnet(virtual terminal-VTY) through port 0 to port 4
To configure from auxillary through port 0
• To set username and password to the router(for the user and priviliged mode)
(For console)
To set password for the user mode,
Router(config-line)#password xxxx
Router(config-line)#login
-enter the pasword
-specify that in the line console mode.
press return to get started
u will be prompted for the password
password: (once u enter the password and press enter)
Router>
To set username & password for the user mode,
Router(config)#username xxxx password xxxx
Router(config-line)#login local
-enter the username and password in the global confifuration mode
-specify that in the line console as login local
-By default the password would be displyed in the above.For to display the encrypted password
Router(config)#service password-encryption
To set password for the privileged mode,
Router(config)#enable password/secret xxxx
-enter the username and password in the global confifuration mode
-specify that in the line console as login(Optional)
• To remove the password/username or any other changes made,
abc(config)#no hostname(enter)
Router(config)#
Router(config-line)#no login
Router(config-line)#no password
Router(config-line)#no login local
Router(config)#no username xxxx(removes the username & password)
Router(config)#no enable password/secret
• To exit from each mode we can use exit or (ctrl + z)
User mode
Exit
Enable mode ctrl z
Exit
Global configuration mode ctrl z
Exit
Specific configuration mode
2. STATIC ROUTING (Leased Line)
V.35
Router Router
Network Telecom Network
company
Fig-a
• Two networks that are geographically seperated are connected with the help of the telecom company.
• The network cable given by the telecom company to the LAN is the RJ11 cable .But the cable to the router is the RJ45 cable.Hene there should be a mediator to synchronize the flow. So, Modem is used for that process.
RJ11 RJ45
Telecom
Company
Fig-a can be represented as,
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10.0.0.0 30.0.0.0
E0 S0 S0 E0
HOR BOR
How to give IP address to the Router and configure it?
Router(config)interface e 0
Router(config-if)ip address 10.0.0.1 0.255.255.255
Router(config-if)no shutdown
Router(config-if)exit
• Administratively by default all the interfaces are shutdown,when is router is on.
• So it is important to give “no shutdown”.Unless interfaces are not shutdown it is not possible to ping a system(from any mode-user or privileged).
Router(config)interface s 0
Router(config-if)ip address 20.0.0.1 255.0.0.0
Router(config-if)no shutdown
Router(config-if)exit
Router(config)interface e 0
Router(config-if)ip address 30.0.0.1 255.0.0.0
Router(config-if)no shutdown
Router(config-if)exit
Router(config)interface s 0
Router(config-if)ip address 20.0.0.2 255.0.0.0
Router(config-if)no shutdown
Router(config-if)exit
• To check the IP address
Router#sh run
Router#sh interfaces
Router#sh interface e 0
Router#sh interface s 0
Router#sh ip interface brief
• To check the routing table
Router#sh ip route
Note: By default router is DTE(Data terminal Equipment) . It is the cable that decides about the DCE / DTE Interface .It is mandatory to give the clock rate for the DCE , inorder to synchronize the data flow.
• To check whether the Router is DTE or DCE.
Router#sh controllers s 0
• To set the clock rate
Router(config)#interface s 0
Router(config-if)#clock rate 64000
• To add and entry in the routing table
Suppose to add and entry in the Router R1 with E0 as 10.0.0.1 and S0 as 20.0.0.1,
Router(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
This specifies that if any packet is to sent to 30.0.0.0 network from 10.0.0.0 network ,then the path is through 20.0.0.2.
In Other Words , If at all a packet has to go to 30.0.0.0 it has to go through 20.0.0.2. So , we are statically adding an entry in the Routing table .
• To debug IP packet
Router#debug ip packet
• To stop debugging the IP packet
Router#no debug ip packet
3. DYNAMIC ROUTING
40.0.0.0 50.0.0.0
80.0.0.0
20.0.0.0 30.0.0.0
10.0.0.0 70.0.0.0
60.0.0.0
• In the above figure there are 3 different paths to travel from 10.0.0.0 network to 70.0.0.0 network.
• Based on the parameters like length of the cable, bandwidth, no of hops etc., the best path is chosen.This work is done by the router based on the Dynamic Routing Protocols.
• The routing protocols helps the router to find the best path.
Dynamic routing
Distance Link State
Vector Protocols
Prorocols
RIP OSPF
IGRP IS-IS
BGP
EIGRP ( Hybrid Protocol )
RIP Routing Information Protocol
IGRP Interior Gateway Routing Protocol
EIGRP Extended Interior Gateway Routing Protocol ( Hybrid Protocol )
• IGRP & EIGRP works on the cisco Router only.
• Routing Protocols fill the routing table automatically.
Distance Vector protcols:
• RIP decide upon the best route based on the distance and direction(of flow of packet in terms of E0 and S0) and IGRP decide upon the best route based on the distance,bandwidth and delay.
• Routing table is broacasted after a particular time.
RIP – every 30 sec
IGRP – every 90 sec
Every time whether or not the table is changed it is broacasted. This unneccessarily occupies the bandwidth.
• Each router knew only the adjacent routers.
Link state protocols:
• Complex protocols
• They decide upon the best route based on the bandwidth, delay, load, MTU, and reliability.
• For the first time it broadcasts the table and there after only the state in send.When there is a change in the table it is broadcasted.
• Each router knew the whole topology of the network.
RIP – Routing Information Protocols
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.2 40.0.0.1
10.0.0.0 40.0.0.0
E0 S0 S0 S1 S0 E0
Ipaddress int hops Ipaddress int hops Ipaddress int hops
C 10.0.0.0 E0 0
C 20.0.0.0 S0 0
C 20.0.0.0 S0 0
C 30.0.0.0 S1 0
C 30.0.0.0 S0 0
C 40.0.0.0 E0 0
R 30.0.0.0 S0 1
R 40.0.0.0 S0 2
R 10.0.0.0 S0 1
R 40.0.0.0 S1 1
R 20.0.0.0 S0 1
R 10.0.0.0 S0 2
• During Routing Table broadcasts RIP of R1says to the adjacent router R2 that it is 1 hop for R2.
• Assume that there is a disconnect of cable between R3 and 40.0.0.0 network.Now the 40.0.0.0 entry in R3 will be removed.R2 broadcasts its known addresses to R3. With all the addresses R2 sends 40.0.0.0 also with the hop count as 2 though S1.Again R3 will send its addresses to R2.Now 40.0.0.0 network with hop count 2 in R3 will be sent to R2 with hop count 3. This repeats as non stop process and results in a Routing Loops.
• To avoid this a maximum hop was set,
RIP – 16
IGRP – 100
• But when the network is down it was unneccessary for 16 hop counts. So to overcome that it was decided that router should not broadcast what they have not received.(Broadcast what u have not received).This is called Split horizon.
3 Hops 1 Hop
40(3) 10(1) 40(2) 10(2) 40(1) 10(3)
10.0.0.0 40.0.0.0
20.0.0.0 30.0.0.0
20(1) 20(2)
30(1) 20(2)
30(2) 30(1)
R1 will not advertise its route for R3 back to R2. On the surface, this seems redundant since R2 will never use R1's route because it costs more than R2's route to R3. However, if R2's route to R3 goes down, R2 could end up using R1's route, which goes through R2; R1 would send the packet right back to R2, creating a loop. With Split Horizon, this particular routing loop cannot happen.
• This logic did not suit the network with mesh topology. To overcome this ,
1. Route poisoning-Route poisoning is a method of preventing a network from sending packets through a route that has become invalid. When the path between two routers in a network goes bad, all the routers in the network are informed immediately. However, it is possible for this information to be lost, causing some routers to once again attempt to send packets over the bad route. This requires that they be informed again that the route is invalid, and again, this information can be lost.(Routing Loop)
Route poisoning and reverse poisoning are routing loop prevention
techniques used by distance vector routing protocols.
Route poisoning is setting a route's metric to infinity (i.e. max hops+1).
2. Poison reverse allows routers to break the split horizon rule by
advertising information learned from an interface out the same
interface. However, it can advertise routes learned from an interface
out the same interface with a 16 hop count, which indicates a
destination unreachable, "poisoning" the route. Routers with a route
with a better metric (hop count) to the network ignore the destination
unreachable update.
Poison reverse is the process of breaking the split horizon rule and
sending a poisoned route back over the same interface from which it was
learned
• Hold-down time: A function that prevents a router from being updated for a specified period in order to give other nodes some time to reconfigure and prevent a routing loop. When a router is notified of a route failure, it starts the hold-down timer. In the meantime, if a notification of a route is received from its neighbor with equal or better metrics than the route that failed, the router stops the timer and updates its routing table. If the new route metrics are inferior, it keeps the timer running and does not update (possibly down).
Note: No of hops donot represent the no of routers a packet has to cross.
4.CONFIGURING RIP AND IGRP
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10.0.0.0 20.0.0.0 30.0.0.0
RIP
R1(config)#router RIP
R1(config-router)#network 10.0.0.0
R1(config-router)#network 20.0.0.0
R2(config)#router RIP
R2(config-router)#network 20.0.0.0
R2(config-router)#network 30.0.0.0
IGRP
R1(config)#router IGRP 123
R1(config-router)#network 10.0.0.0
R1(config-router)#network 20.0.0.0
R2(config)#router IGRP 123
R2(config-router)#network 20.0.0.0
R2(config-router)#network 30.0.0.0
Note: 123 is the autonomous systems number.It may range from 1 to 65535.A very large network is difficult to manage.Hence the network is divivded into autonomous systems and are numbered. It is also done to manage the network and for administration convenience. Routers with the same autonomous systems will only communicate.
• RIP considers only the disance and direction for routing.Since it was not efficient IGRP came up that considerd bandwidth,distance,load,delay and other factors into consideration.
• Router chooses the best administrative distance if two distances are same.Lesser the administrative distance , more reliable the protocol is.
• RIP and IGRP also have the following differences.
RIP IGRP
Update Interval 30 60
Hold-down timer 180 280
Invalid after 180 270
Flushed after 240 630
Commands Continued..
• To check the dynamic routing protocols
Router#sh ip protocols
• To display the dynamic changes made in the routing table.
Router#debug ip routing
Router#sh ip RIP
Router#sh ip IGRP
Router#clear ip route
5. TELNET (CISCO MANGEMENT PROTOCOLS)
Telnet is the generic service that comes with the TCP/IP to manage the Devices automatically from anywhere .
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10.0.0.0 30.0.0.0
20.0.0.0
• To configure Telnet and set password,
R1(config)#line vty 0 4
R1(config-line)#password xxx
• If password is not configured in R2 for VTY and if we try to Telnet R2(20.0.0.2)User mode
R1#telnet 20.0.0.2
Router will show information as,
Password required none set
Connection to 20.0.0.2 is closed
• If password is configured in R2 and if u try to telnet R2(20.0.0.2)
R1>telnet 20.0.0.2
User access verification
Password:
• If secret not enabled for the privileged mode.
R2>enable
No password set
• If the secret password is set
R2>enable
Password:
R2#
• If there more than 2 sessions opened.Migration can be done within sesssions by,
Disconnecting the sessions
R2>exit
R1#
Suspend a session
R2>(Press) ctrl + shift + 6 and x
R1#
• To display the sessions opened by a particular user.
R1#sh sessions
• To move to the last session
R1#(enter)(enter)
• To move to a particular session
R1#session no.(enter)(enter)
• To display the users logged on.
R1#sh users
Line no Console IP Address
0 Console
2 Vty 0 20.0.0.1
3 Vty 2 20.0.0.2
• To disconnect a user
R1#clear line 3
[confirm]
R1#
Note: Each time to open a session we give,
Router#Telnet 20.0.0.1
Router#Telnet 20.0.0.2…..
This can be altered by
Router(config)#ip host us 20.0.0.2
Then thereafter we can use as,
Router#us
CDP-Cisco Delivery Protocol:This is protocol is a layer-2. It is used to get information regarding the directly connected cisco devices(neighboring)
Router#sh cdp
Router#sh cdp neighbors
Router#sh cdp neighbors detail(device IP address is obtained by this command)
• CDP runs every 60 sec.
• Hold time – 180 sec.
• To check CDP dynamically
Router(config)#cdp run
• To stop CDP running dynamically
Router(config)#no cdp run
• To change timer and hold timer
• To check CDP dynamically
Router(config)#cdp time <60>
Router(config)#cdp holdtime <180>
Note: Telnet allows only 5 sessions(vty 0 4).If the 6th session is tried to opened an error message is displayed.
R1#telnet 20.0.0.2
Trying Telnet 20.0.0.2
% connection refused by remote host.
ACCESS CONTROL LISTS (ACL)
Firewall: A firewall is a hardware/software designed to prevent un authorised acces from or to private networks.
Types of firewall techniques,
• Packet filter-Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules.
• Application gateway-Applies security mechanisms to specific applications, such as FTP and Telnet servers.
• Circuit-level gateways-Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
• Proxy-server-Checks all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
When there are only two networks telecom network provides a dedicated line and there is no need of a firewall here.
But when the networks are connected to the internet we need a firewall.
LAN1 Internet LAN2
Hackers Partners Other Users
There are multiple users accessing the internet and there are hackers who try to access the secured data.To overcome this firewall is used and is made to sit at the gateway(Router).
VPN---Virtual Private Network
It is a private communications network used within a company, or by several companies or organizations, to communicate confidentially over a publicly accessible network.
• Basically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses “virtual” connections routed through the Internet from the company’s private network to the remote site or employee.
Destination
VPN
Source Internet
Hackers Partners Other Users
IDS-Intrusion Detection System-An Intrusion Detection System is used to detect all types of malicious network traffic and computer usage.It is used to provide security inside the network.
Essentials for security,
• Clearly defined entity
• Given in time
Admin decides upon the entity and security implements it.
A good router will have two gateways.An access control lists has the follwing format.
Action SIP SWCM SPNO DIP DWCM DPNO Protocol Interface Direction
*Deny 10.0.0.0 0.255.255.255 >1023 30.0.0.10 0.0.0.0 80 TCP E0 in
Deny 10.0.0.10 0.0.0.0 >1023 30.0.0.10 0.0.0.0 80 TCP E0 in
Permit 20.0.0.25 0.0.0.0 >1023 30.0.0.10 0.0.0.0 80 TCP E0 in
• *- This field is the definition field that is specified for the network.
• The following are the original entries that should be matched to the defined entry.
• By default all the IPs are denied. Permission should be specified explicitly. This is called as the implicit deny(for both incoming and outgoing packets.)
• WCM-Wild Card Mask: This represents the bits to be compared with the IP address.Only if the IP address matches with the defined data is forwarded.
If to be Checked – 0
If to be ignored – 1
Consider the following example,
In Out
E0 S0 S0 E0
LAN1 LAN2
Out in
Assume a packet moves from LAN1 to LAN2. For R1 binding can be done at E0 or at S0.If the packet is binded at E0, it is called as in-bound and if it binded at S0, it is called the out-bound.
Similarly if packet moves from LAN2 to LAN1.For R1, the binding may be at S0(in-bound) or at E0(out-bound).
How do ACLs work in Cisco Routers?
ACLs
Standard Extended
(1 – 99) (100 – 199)
• Standard ACL – Action ,ACL number,Source IP, SWCM(Source Wild Card Mask) are the parameters considered. To configure standard ACL,
R1(config)#Access-list 5 deny 30.0.0.10 0.0.0.0
R1(config)#Access-list 5 permit 30.0.0.15 0.0.0.0
Once u specify the list binding should be done at the interface required.
R1(config)#int e 0
R1(config-if)#ip Access-group 5 in
Redefining the action for an IP is not possible in standard ACL.
• Extended ACL – Action ,ACL number,Source IP, SWCM(Source Wild Card Mask), Destination IP, DWCM, Protocol, interface and the destination port number are the parameters considered. To configure extended ACL,
R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 80
R1(config)#Access-list 101 permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq 23
R1(config)#Access-list 101 deny ICMP any any
R1(config)#Access-list 101 permit ICMP any any----------to ping any host
Once u specify the list binding should be done at the interface required.
R1(config)#int s 0
R1(config-if)#ip Access-group 101 out
• To display the ACL
R1#sh Access-list
R1#sh ip Access-list
R1(config)#Access-list?
R1(config)#Access-list deny 5 out
• In Extended ACL
R1(config)#Access-list 101 deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq ftp log
Port no can be replaced by the port names.
Log – gives information about the port no of source, number of packets send, number of matches made etc.,
Note-1: The above given ACLs were numbered Extended ACLs.There is also named ACLs, were u can access the ACL with the names
R1(config)#ip access-list extended R1ACL
R1(config)#deny TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq www
R1(config)#permit TCP 10.0.0.10 0.0.0.0 30.0.0.10 0.0.0.0 eq telnet
R1(config)#deny ICMP any any
Note-2: For an interface at any time there are minimum of two binds(in and out).Hence for 10 interfaces there will be a minimum of 20 interfaces.
6.NETWORK ADDRESS TRANSLATION(NAT)
T The process of network address translation (NAT, also known as network masquerading or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through the serial interface a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address.
Consider,
Original NAT in Source
From To
10.0.0.10 30.0.0.20
30.0.0.20 10.0.0.10
Translated NAT in Router
To From
30.0.0.20 20.0.0.23
20.0.0.23 30.0.0.20
Source – 10.0.0.10
Destination – 30.0.0.20
• When packet comes from the source to the router,it tranlates the original address to 20.0.0.3(any IP that is public-should be purchased) and sends to the destination.Now the destintion knew the source as 20.0.0.3 and replies to that address. The router when it receives the packet it directs to the 10.0.0.10 by checking to the NAT table.Port number is kept track.This process is called Natting.
• But if there are multiple sytems requesting from the same port there is a problem.In this process the port number is translated into a random number and packet is routed to the destination. This process is called the Patting.
NAT
Dynamic Static
-Many to one -one to one
-IP pool NAT
• NAT table has the following format,
Original Translated
From To From port Router To port To From
10.0.0.10
30.0.0.20 30.0.0.20
10.0.0.10 1045 R1 10001 30.0.0.20
20.0.0.23 20.0.0.23
30.0.0.20
10.0.0.25
30.0.0.20 30.0.0.20
10.0.0.25 1045 R1 12678 30.0.0.20
20.0.0.23 20.0.0.23
30.0.0.20
• NAT table is maintained by the router in the RAM. Without configuring RIP router should be able identify all the websites(using NAT table).
Default network
R1(config)#Ip route 0.0.0.0 0 0.0.0.0 S0
R1(config)#access-list 15 permit 10.0.0.0 0.255.255.255
R1(config)#int e 0
R1(config-if)#ip NAT Inside
R1(config)#int s 0
R1(config-if)#ip NAT Outside
• Consider the following figure
10.0.0.1 20.0.0.2
Private
10.0.0.10 Public
30.0.0.20
Inside local Inside global
1. Dynamic NAT
R1(config)#IP NAT inside source list 5 int S0 overload
When a packet comes to (in) E0, it checks the source list 5 (ACL) which gives the source Ip Address and SWCM, and then forwards the packet to S0 interface and overloads all the systems with the Ip address of the serial interface .
2. Pool NAT
R1(config)#IP NAT pool R1ACL 20.0.0.23 20.0.0.30 netmask 255.0.0.0
R1(config)#IP NAT inside source list 5 pool R1ACL overload
When a packet comes to (in) E0, it checks the source list 5(ACL) , then Overloads the Source Ip addresses with the range mentioned i.e from 20.0.0.23 to 20.0.0.30.
3. Static NAT
R1(config)#IP NAT inside source list static 10.0.0.10 20.0.0.23
When a packet comes through E0(in), then source is translated to only one address always(20.0.0.23)
• Once if u try to ping the Internet the output will be as,
NAT : S = 10.0.0.10 20.0.0.23, D = 30.0.0.20[47892]
S = 30.0.0.20, D = 20.0.0.23 10.0.0.10[47892]
47892 is the translated port.
• To debug NAT
R1(config)#debug ip NAT
• To display translations
R1#sh ip translations
• To clear translations
R1(config)#clear ip NAT translations
6.OSPF & EIGRP
OSPF---Open Shortest Path First
EIGRP---Extended Interior Gateway Protocol
Distane Vector Protocols Link State Protocol
Distance is considered BW,delay, load, MTU
Routing Table Broadcasted State of the Link is sent
Adjacent Routers are studied Entire topology is studied
SNO OSPF EIGRP
1 Link state Hybrid(Distance Vector + Link State)
2 Open protocol
(Works on any routers) Works only on the Cisco Routers
3 Supports only IP protocol Supports multiple protocols like
IP, IPX, Apple Talk etc.,
4 Cost = 108 / Bandwidth Cost calculated based on the Bandwidth,
Delay etc.,
5 Link State Advertisement(LSA) is made.
(State Link is broadcasted) Routing Table is broacast
6 Uses Shortest Path First algorithm-
Dijsktra’s algorithm to find the best path(Shortest path) Uses DUAL (Diffusing Update Algorithm) is used to find the best path.
7 For every 10 sec a Hello packet is send For every 10 sec a Hello packet is send
8 For every 30 min LSA is made (BC) Whenerver there is a change in the Routing table it is broacast..
9 When the Link goes down OSPF needs to run the SPF algorithm again When the link goes down EIGRP proceeds with the Next Best Path.
10 Area is used for administrative convinience of a large network Autonomous System is used for administrative convinience of a large network
• In router when RIP is configured, it sends the hop count to its adjacent routers.
• But when OSPF is configured in a router,
1. A Hello signal is send to all the neighbors of a router in all possible connections.They can talk if other routers ar configures with the same protocol. With the received information a Neighbors Table is constructed.
RB S0 – 20.0.0.1
RC S1 – 30.0.0.1
At the end each router will knew about their neighbors.
2. Once the neighbors are found they are added in a topology table.Now the link state is calculated and entered in the table.
Link State is calculated as
Interface Cost
Ethernet Cost = 108/10*106 10
FastEthernet Cost = 108/100*106 1
Serial Cost = 108/1.544*106 64
After the table is fully constructed, a Link State Advertisement(LSA) is made i.e the link state is advertised to all the routers in the network.Finalliy all the routers will knew the entire topology of the network.(all neighbor routers will have identical information).
Note: If two routers are said to have identica information, they are said to maintain adjacency.
• Based on this topology table a topology is being developed.
• Each router keeps itself as the root and structures the tree(paths).
3. Based on the topology tree a Routing table is developed which has the best path calculated from the Shortest Path First (SPF) algorithm.
• In OSPF,if the link goes down, router tries to calculate the alternative path and if it is not able to find,says to the neighbor that the link is down. The best path is calculated again with the SPF algorithm.
• In EIGRP, there three distances maintained
Reported Distance
(Received Distance) Distance got from neighbors
Feasible Distance First best path
Feasible Successor Next best path(In the topology table)
When the link goes down, the router proceeds with the feasible successor(i.e.the next best path).
Broadcast Multiaccess
Consider the following figure,
40.0.0.1 30.0.0.1
10.0.0.1 10.0.0.2
50.0.0.1 20.0.0.1
10.0.0.6 10.0.0.3
10.0.0.05 10.0.0.4
60.0.0.1 70.0.0.1
• In the above figure, if the router sends its link state to its neighbor and the samis done with all the routers.Finally all will receive multiple copies of the link and results in a LSA Flooding.
• To overcome this flooding election is being conducted among the routers and
Designated Router-DR
Back up Designated Router-BDR
Other BDRs.
• But there are some issues in this election
1. Who will be the DR?
2. How to be elected and managed?
• DR is elected based on the Priority and Router-ID.
For OSPF the priority is 1.
If the priority is same, the next criteria is the router-id. The router that has the highest IP address will be elected the router-id.
In some case if the router with the lowest IP address wants to be the DR. Here we can’t change the IP address but we can assign a dummy IP address by Loopback.
R1(config)#int loopback 0
R1(config)#int e 0
R1(config-if)#IP address 75.0.0.1 255.0.0.0
R1 is reassigned with the dummy address 75.0.0.1 which is the router-id. Now the election is between the router-ids and R1 is elected the DR and (the next highest router-id 70.0.0.1)R4 is elected the BDR.
• Once when the election is over all the links are sent to DR/BDR and from there are forwareded to the other BDRs.
• Even when DR and BDR are elected there is and issue that how the link is received by DR/BDR.
For OSPF – 224.0.0.6 – DR
224.0.0.5 – BDR
For EIGRP – 224.0.0.10
• Even in point-to-point flooding takes place.
To solve this the network is divided into autonomous systems in EIGRP and areas in the case of OSPF.
R0 – Backnone Area. There should be one Backbone in a network.
Routers connected to the backbone area Area Border Router .
• When the is broadcasted it is filtered and forwarded in the hierarchial structure.
• Only routers in the same area will communicate.
Note: When two similar networks are seperated Contiguous network.Because when routing table is broadcasted subnetmask is not sent.So RIP can’t differentiate between the 10.6.0.0/16 and 10.5.0.0/15, since it is a classfull protocol.
10.6.0.0/16 20.0.0.1 20.0.0.2 10.5.0.0/15
Here a classless protocol(OSPF,EIGRP,RIP V2) should be used,where the subnetmask is sent along with the IP address.
Variable Length SubnetMask(VLSM):
In a network if there arise situation where large number of subnets and host are wasted, the concept of VLSM is used where different subnet mask is used.
How to configure OSPF and EIGRP ?
When there is a choice os OSPF and EIGRP, EIGRP is chosen considering the administrative distance.Lower the distance better the performance.
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10.0.0.0 30.0.0.0
OSPF
R1(config)#router OSPF
[Process-id 1 to 65535]
R1(config-router)#network
R1(config)#router OSPF 15
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0
R1(config-router)#network 20.0.0.0 0.255.255.255 area 0
R2(config)#router OSPF 12
R2(config-router)#network 10.0.0.0 0.255.255.255 area 0
R2(config-router)#network 20.0.0.0 0.255.255.255 area 0
• There can be more than one processess in a OSPF protocol.
• Between two OSPF routers the process-ids need not be the same.
• The area numbers should be the same.
EIGRP
R1(config)#router EIGRP
[Process-id 1 to 65535]
R1(config-router)#network
R1(config)#router EIGRP 123
R1(config-router)#network 10.0.0.0
R1(config-router)#network 20.0.0.0
R2(config)#router EIGRP 123
R2(config-router)#network 10.0.0.0
R2(config-router)#network 20.0.0.0
The autonomous system numbers should be the same while communicating between the EIGRPs.
For OSPF
• Hello time – 10 sec
• Dead time – 40 sec
• Wait time – 40 sec
• Retransmit time – 5 sec
• sh ip ospf interface
• sh ip ospf int f 0
• sh ip ospf int s 0
• sh ip ospf neighbor shows neighbor router-id.
• sh ip protocols
For EIGRP
• sh ip eigrp neighbor
• sh ip eigrp topology
P – Passive
A – Active
U – Update
R – Reply
r – Reply-state
Note: The advantage of EIGRP over OSPF is the feasible successor in the topology table.
7.WAN PROTOCOLS
In a LAN all the systems are connected by the same cable and technology. The datalink layer prepares data accorcing to the physical layer.(when there is a change in the physical layer, preparation os data in the datalink layer also changes).
• WAN operates at the datalink layer.
• WAN technology operates at the physical layer and WAN software operates at the datalink layer.
• At the datalink layer data preparation ( Encapsulation ) is done by some protocols and some of them are
HDLC – High level DataLink Control
PPP – Point-to-Point Protocol
Frame-Relay
ISDN
PPP HDLC
Open to all network devices Works only on the Cisco devices
Supports multiple protocols Supports multiple protocols
User authentication is possible
Two protocols:
1.PAP-Password Authentication Protocol
2.CHAP-Challenge Handshake Authentication Protocol. User authentication is not possible
NOTE: SLIP – Serial Link Interface Protocol.
Open to all devices
Supports only to IP protocol
Not used anywhere at present
PAP:
When the username and pwd are matched in the HOR Database,BOR is allowed.It is Authentication Request.
Three-way Handshake:
I want to talk to u(SYN)
S,u can(SYN/ACK)
Ok(ACK)
2.CHAP
I want to talk to u
Give me password(Challenge)
Respronse(Password sent as Message Digest-MD)
Message Digest(Message Integrity) is one of the pillars of VLSM (there are 4 pillars).
Eg: if packet sent is 1000.It is performed with Hash function(HF).
Data + Hash Function = Message Digest
1000(pkt) + HF =Message Digest
Qualities of MD:
1. MD is a one-way process.
2. It is always constant.
3. A small change will result in a big change in MD.
Once MD reaches the destination, HF is applied over the MD to get the original message.
How to configure to PPP?
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
10.0.0.0 30.0.0.0
HOR BOR
HOR(config)#int s 0
HOR(config-if)#encapsulation PPP
HOR(config-if)#exit
• When encapsulation is done only in one router link rate goes up and down ie R1 ( HOR ) --- PPP, R2 ( BOR ) --- HDLC.
BOR(config)#int s 0
BOR(config-if)#encapsulation PPP
BOR(config-if)#exit
Username HOR(config)#username BOR password 123 BOR(config)#username HOR password 123
CHAP HOR(config)#int s 0
HOR(config-if)#PPP authentication CHAP BOR(config)#int s 0
BOR(config-if)#PPP authentication CHAP
Username HOR(config)#username BOR password 123 BOR(config)#username HOR password 321
PAP HOR(config)#int s 0
HOR(config-if)#PPP authentication PAP
HOR(config-if)#PPP sent-username HOR password 321 BOR(config)#int s 0
BOR(config-if)#PPP authentication PAP
BOR(config-if)#PPP sent-username BOR password 123
• To check the encapsulation on the serial interface
HOR#sh int s 0
• To debug PPP athentication
HOR#debug PPP authentication
8.ISDN (Integrated Services Digital Network)
ISDN is a an example for Circuit switching Network. Here the circuit doesn’t exists phsically but get connected when required.when needed to transmit data the user can dial-up, get connected ,finish the work and get disconnected.
Data and Voice are integrated into one services digital network. So the user can access the network and telephone at the same time .
LAN 1 LAN 2
Data
System
OR/AND
Service Provoiders
Voice
Digital Phone
Basic Rate Access (BRI):
Data For signall –link purposes
Barer To telephone/System
Barer To telephone/System
Total bandwidth = 144 Kbps
For voice/data = 128 Kbps
16 Kbps For link purposes
Primary Access Data (PRI):
Data For link purposes
Barer For voice/data
Data - 1*64 = 64 Kbps
Barer - 23*64 = 1472 Kbps
NOTE:In Dedicated line there is a G703 switch in the telecom service provider.In ISDN there is ISDN switch.
TE-1: Terminal Equipment type-1
4 pair 2 pair
Router
BRI0 S/T U
Network Terminal
Adapter-1
Service Proivder
Digital Phone
ISDN Switch
TE1
TE-2(Terminal Equipment type-2)
Router R S/T U
R
R
Digital Service Provider
Phone
System ISDN Switch
TE2
U User Mode
S/T Switch and Transfer
R Rate
TA Terminal Adapter
• Demarcation Point: It is the point at which the adminstrative control of the service provider stops and the administrative control of the user starts.
• How to configure ISDN?
10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1
E0 BRI0 BRI0
10.0.0.0 Service Provider 30.0.0.0
• The link is up only if the ISDN switch is specified.
• Dynamic routing is not used only static routing is used.
HOR(config)#ISDN switch-type basic-net3
( We need to tell the router about the type of ISDN switch being used at the service providers end )
HOR(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 (sends pkt to BRI)
HOR(config)#Dialer-list
(if ip pkt comes what action to do)
HOR(config)#Dialer-list 5 protocol ip permit
HOR(config)#int BRI 0
HOR(config-if)#Dialer-group
HOR(config-if)#Dialer-group 5
HOR(config-if)#Dialer-String 08747389234 ( Number given by ISP )
HOR(config-if)#Dialer idle-timeout 30 ( Time in Secs )
• Dialer-list need not be same between two host.
• Default idle is 120sec.( Range :1 to 2147483).
• int e/0 Modular Router
• In a network , all the packets are IP packets and the area of interest can be limited to a certain area using Access-lists.
HOR(config)#Dialer-list 5 protocol ip list 123
HOR(config)#access-list 123 permit tcp 10.0.0.0 0.0.0.0 30.0.0.0 0.0.0.0 eq ftp
HOR(config)#int BRI 0
HOR(config-if)#Dialer-group 5
• For multiple phone calls single Dialer-list can’t be used.In that case Dialer mapping should be done by adding multiple routers.
HOR(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
HOR(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.3
HOR(config)#Dialer-list 5 protocol ip list 123
HOR(config)#access-lists 123 permit tcp 10.0.0.0 0.0.0.0 30.0.0.0 0.0.0.0 eq ftp
HOR(config)#access-lists 123 permit tcp 10.0.0.0 0.0.0.0 40.0.0.0 0.0.0.0 eq ftp
HOR(config)#int BRI 0
HOR(config-if)#Dialer-group 5
HOR(config-if)#Dialer map
HOR(config-if)#Dialer map ip 20.0.0.2 04230847389
HOR(config-if)#Dialer map ip 20.0.0.3 073648790834
• To show ISDN status
HOR#sh ISDN status
• To check whether ISDN call is active or not
HOR#sh ISDN active
• To check ISDN call history
HOR#sh ISDN history
• To use both the channels from the start
HOR(config-if)#Dialer load-threshold 1
Here both the links BRI 1 and BRI 2 are up.
9. FRAME-RELAY
Frame-relay is an example of a Packet Switched Network. This network enables end-stations to dynamically share the connection and the available bandwidth.
• Here bandwidth is given importance and not the connectivity.
• The Frame Relay frame is transmitted to its destination through virtual circuits (logical paths from an originating point in the network) to a destination point.
• TDM-Time Division Multiplexing-In this process user’s doesn’t knew whether others are sending data or not.Each user is allotted with a time slot and are to transmit only in that time slot.
• STDM-Statistical TDM-In this process all the users knew whether others are sending information or idle.If they are idle that particular user in turn can use the full bandwidth and transmit data.
• CIR-Frame relay connections are often given a Committed Information Rate (CIR) and an allowance of burstable bandwidth known as the Extended Information Rate (EIR). The provider guarantees that the connection will always support the CIR rate, and sometimes the EIR rate should there be adequate bandwidth. Frames that are sent in excess of the CIR are marked as "discard eligible" (DE) which means they can be dropped should congestion occur within the frame relay network. Frames sent in excess of the EIR are dropped immediately.
Broadcast Multiaccess Point-to-point
Non-Broadcast Multiaccess
• Congestions in the network are reported by
1. FECN=Forward Explicit Congestion notification bit
2. BECN=Backward Explicit Congestion Notification bit
3. DE=Discard Eligibility bit- When there is congestion on the line, the network must decide which frames to discard in order to free the line. Discard Eligibility provides the network with a signal to determine which frames to discard. The network will discard frames with a DE value of 1 before discarding other frames
• DLCI--Data Link Connections Identifier: The DLCI serves to identify the virtual connection so that the receiving end knows which information connection a frame belongs to.(Range=16 to 10071)
20.0.0.2
200 300
100
DLCI PVC--Permanent Virtual Circuit
20.0.0.1
• In the above figure,data is sent from 20.0.0.1 to 20.0.0.2 through DLCI 100 and data is sent from 20.0.0.2 to 20.0.0.1 through DLCI 300.
• Inverse ARP carries the IP address between the devices with the help of DLCI.
• The link between the frame-relay and the router is managed by LMI--Local Management Interface or Link management Interface .
• How to configure Frame-relay?
BOR(config)#int s 0
BOR(config)#encapsulation frame-relay
If there is router that has two more routers connected to it , one with S 0 and S 1 connected through the frame-relay swtich :
20.0.0.2
200
S0 20.0.0.1
300 20.0.0.3 100 S0
S1
Frame-relay Switch
In the above figure R1 connected through S1 and R2 through S 0 interfaces to the Frame relay switch . And here , R1 and R2 cannot communicate with each other direactly . To solve this we go for Frame-relay mapping. This is another way of configuring Frame-relay network.
R1(config)#int S 0
R1(config-if)#frame-relay map ip 20.0.0.2 300 broadcast
R2(config)#int S 0
R2(config-if)#frame-relay map ip 20.0.0.3 200 broadcast
( Broadcast is optional : Used if Dynamic routing is used )
So, for R2 to go to R1 :
From 20.0.0.2 go through 200 To 20.0.0.1
From 20.0.0.1 go through 400 To 20.0.0.3
• Point-to-point is another type of configuring frame-relay.
Logically making serial interface into two point-point interface(dedicated).
R3(config)#int S 0
R3(config-if)#no ip address
R3(config-if)#exit
R3(config)#int S 0.5 point-to-point
R3(config-subif)#ip address 20.0.0.1 255.0.0.0
R3(config-subif)#frame-relay interface-DLCI 100
R3-----Identified as Multi-point if in
same network
S 0 S 1
100 200
R1 R2
(S0.x) (S0.y)
point-point point-point
• In case of sub-interfaces DLCI no is mandatory to be specified.
• In case of normal serial interfaces it finds automatically.
• How to configure Frame-Relay Switch ?
R3(config)#Frame-relay switching
R3(config)#int S 0
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay intf-type DCE
R3(config-if)#frame-relay route 100 int S1 200
R3(config-if)#clock rate 64000
R3(config-if)#no shutdown
R3(config)#int S 1
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay intf-type DCE
R3(config-if)#frame-relay route 200 int S0 100
R3(config-if)#clock rate 64000
R3(config-if)#no shutdown
• To show frame-relay LMI ( Link / Line Management Interface ) type
R3#sh frame-relay LMI
• To show frame-relay PVC ( Permanent Virtual Circuit )
R3#sh frame-relay PVC
• To show frame-relay mapping
R3#sh frame-relay map
• To stop auto mapping
R3(config-if)#no frame-relay inverse-arp
• To clear frame-relay
R3#clear frame-relay-inarp
10. SWITCHING
• Switch is a layer-2 component.
• Hub is a layer-1 component.Hub and Repeater reduces the bandwidth.Hub doesn’t understand MAC address and IP address.But switch understands MAC addressa and maintains MAC-ADD-TABLE.
MAC Address Port-No
0010abcd1234 0/1
0030abcd1237 0/2
• In switch each port is an ethernet port. So for each port there are separate collision domain(Area where collision is possible).
• Router breaks up both collision and broadcast domains.
• Switch-DL layer frame
This frame contains all the headers and trailers from the application layer and DataLink Layer adds its own header & trailer(MAC from & toAddress).
• Switching uses 3 forwarding trends:
1. Store & forward----stores the full frame and at the end forwards if it is correct.
2. Cut-through---Destination address is attached at the start fo the frame. So the frame is forwarded as soon it enters.
3. Fragment free(modified cut-through)---In this process the frame is stored for 64 bytes and after that it is forwarded.(the first 64 bytes consists of the headers and trailers and those are verified and forwareded).
Most of the switch will come with store & forward trend.
Consider the following network,
Trunk Port
Trunk Link
Access-list
• Here unneccessarily broadcast is done. To avoid this VLANs are created.
• Modifiying the configured LAN setup is not possible.VLANs are created without altering the physical setup.
VLAN (Virtual LAN):
• VLANs are created by making some modifications in the configurations of the actual LAN setup.
• The ports in the swtiches are configured so that they come under different VLANs.For eg consider the following figure,
VLAN1 VLAN2
• Inter-VLAN communication is not possible. If required routers or layer-3 switches are used.
• The default VLAN is VLAN1 and the whole VLAN setup is controlled by VTP (VLAN Trunk Protocol). By default all the switches will have VTP.
• Switches in the VLAN are accessed through
1. Console.
2. Telnet – vty.
3. http(VSM-Visual Switch Manager).
• How to configure switch?
Would you like to start intial configuration[yes/no]:no
Press return to get started
Switch>enable
Switch#configure terminal
Switch(config)#int vlan 1
Switch(config-if)#ip address 10.0.0.5 255.0.0.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#ip default gateway 10.0.0.1
• Each component should be managed by the IP address.
• By default all ports in the VLAN 1
• Routers should be also configured.
• To configure different VLANs,
Switch(config)#vlan
Switch(config)#name < xxx>
• VLAN-no ranges from 2 to 1001(Mandatory).
• VLAN name(xxx) is optional.
Switch(config)#vlan 2
Switch(config-vlan)#name finance
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#name production
Switch(config-vlan)#exit
Switch(config)#vlan 5
Switch(config-vlan)#name marketing
Switch(config-vlan)#exit
• To add the ports to the VLAN, switch ports are to be configured.
Switch(config)#int f 0/1
Switch(config-if)#switchport access vlan
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit
Switch(config)#int f 0/2
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
• It is not necessary for the ports to be allocated in the sequential order to the VLANs.
• As all other ports, trunk port of the switch is also in VLAN1 by default. Hence this trunk port is also needed to be configured so that it recevies all the other VLAN information and forwards it to the other.
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
• If there are more than one swtich in the VLAN and if need them to communciate routers should be used.
• All the switches should be in the same domain.
Switch(config)#VTP domain
Switch(config-if)#VTP domain IBM
Switches in the VLAN operate at 3 modes,
• Server mode-By default all the switches are in server mode.
• Client mode
• Transparent mode
NOTE: There can be two servers but the configuration should be same on both the switches.If two servers send the configuration details to other clients,now the decision is made depending on the configuration revision number.
• Switch can be configured to different mode as,
Switch(config)#VTP server/client/transparent
• If a frame from aVLAN comes from a sytem to the switch,encapsulation is done based indicating that the frame belongs to that particular VLAN. For a switch to deliver that frame to the VLAN,there are two protocols,
1. ISL-InterSwitch Link
Works only on cisco devices
Overhead is more.
2. Frame tagging-IEEE 802.1Q
Works on all devices.
Overhead is less than ISL.
• Bridge and Switch
BRIDGE SWITCH
Has less number of ports Has more number of ports
Slow Fast
It’s software Based It’s hardware Based ( ASIC )
• When u connect two bridges using switches then there is a possibility of Broadcast loop or MAC address table loops
• In this case one switch can be made to act as Root bridge and the other to be the normal bridge. An election is conducted between the switches based on the value obtained by adding the MAC address of the switch and hexadecimal value of default priority- 32768. This value is called the BPDU(Bridge Protocol Data Unit) . Lesser the BPDU, is elected as the root bridge.
• To show the MAC address table
Switch#sh MAC-address-table
• To show the VLAN
Switch#sh VLAN
• To show VTP status
Switch#sh VTP status
• To show spanning tree
Switch#sh spanning-tree
• To clear vlan
Switch#no vlan
11. BOOTING
Booting is the process of intializing the components. The hardwares associated with the router are:
• Processor
• Memory
• Interfaces – E0,F0,S0 etc.,
Memory:
• Flash – IOS ,image(loaded)
• RAM – Running-config volatile
• NVRAM – Non-volatile RAM – Startup-config Secondary
• ROM – Microcodes are present
POST – Power On Self Test – Makes sure that all components are available and are properly working.
BOOTSTRAP -- In this there is a configuration register number which is 16-bit(hexadecimal,default value-0x2102). The last field is called the boot field(2 to F).Once there is a 0 in the third octet ,the booting process continues with the startup-config where there is a bootsystem xxx. In case if there is a dual OS this command is checked else the default OS is loaded(by flash).
if the router is newly configured
Would you like to start intial configuration[ues/no]:
if the router is a already configured
Press enter to get started
ROMMONITOR-similar to BIOS(0)
RxBOOT-Partial IOS(1)
If there is a problem in the booting process, the above two booting takes place.
In case if the flash is corrupted, and when the router is not able to find the flash of the image, it tries to find it in the network with the help of TFTP(Trivial File Transfer Protocol). Router checks for the TFTP for 5 minutes. If it doesn’t finds it checks the 13th bit of the configuration revision number for if it is 1(default it is 0). If 1, boots from RxBOOT else if 0 boots from ROMMONITOR.
Copy commands:
• To copy from router to system
R#copy run tftp
• To copy from system to router
R#copy tftp run
• To copy from flash to system
R#copy flash tftp
• To copy from system to flash
R#copy tftp flash
For all the above copy commands to work TFTP server should be running and the router should be able to ping that system.
To change the password,
1) Switch off and restart the router.
2) In the first 60 sec press (ctrl+pause).
3) Routers CMOS setup is ROMMON> or >
Routers>confreg 0x2142
or
>0x2142
Here 4 represents skip the NVRAM boot(Because configuration is saved in it).
4) Restart the router
ROMMON>reset
5) Would you like to start intial configuration[ues/no]:
Press enter to get started
Router>enable
Router#copy start run
IBM#configure terminal
IBM(config)#enable secret xxx
IBM(config)#config-register 0x2102
IBM(config)#copy run start
NOTE:
1. All passwords are set during the configuration except the console and auxillary password.
2. When running-config is copied from start-config, interface is shutdown.
• To show running and start configurations
R1#sh running-config
R1#sh start-config
• To show versions
R1#sh version
• To restart
R1#reload
Appletalk DECnet NetBois NetWare SNA TCP / IP Vines
Application AFP NICE SAP Telnet
SNMP
FTP File
StreetTalk Applications
Presentation AFP DAP
CTERM
MAIL Netbios RPC Conversion
Compression
Formatting
Encryption
Session ADSP
ZIP
ASP
PAP SCP RPC RPC Sequencing
Synchronizing
Transport RTMP
AURP
NBP
ATP
AEP NSP SPX TCP
UDP IPC
SPP Packet Delivery
Multiplexing
Error Correction
Network DDP
AARP DRP IPX DLSW
APPN
QLLC RIP
OSPF
IP
ICMP VIP
ARP
RTP
ICP Logical Addressing
Routing
Data-Link ELAP
LLAP
TLAP
FLAP DDCMP
MOP
HDLC PPP
SLIP
HDLC HDLC Physical Addressing
Error Notification
Sequencing
Flow Control
Physical Physical Transmission
No comments:
Post a Comment