Professional Documents
Culture Documents
Training Report On Cisco Certified Network Associate (CCNA) (Network Security, NAT & PAT)
Submitted in the partial fulfillment of the requirement for the award of degree of
Submitted by: Name: Pankaj Rai Reg. Number: 10902129 Name and Location of Company: NETMAX Technology Pvt. Ltd. SCO2, Choti Baradari Part-1 Jalandhar, Punjab (144001) Period Training: 01/06/2012- 15/07/2012
Department of Computer Science Engineering Lovely Professional University Phagwara144001, Punjab (India)
Cisco Certified Network Associate (CCNA) Ph. (01824-506960-61) Department of Computer Science Engineering Lovely Professional University Phagwara (Distt. Kapurthala) Punjab India 144001
Ref:__________
Dated: __________
Certificate
Certified that this Training entitled Area of training submitted by Name of the Student (Roll Number), students of Computer Science Engineering Department, Lovely Professional University, Phagwara Punjab in the partial fulfillment of the requirement for the award of Bachelors of Technology (Computer Science Engineering) Degree of LPU, is a record of students own study carried under my supervision & guidance.
ACKNOWLEDGEMENT
Every piece of creation is originated by the zeal of hard work and determination and to put the effort into action, a lot many factors may influence. Nothing concrete can be achieved without optimum inspiration and perspiration. The phenomenon of creation is very long and involves time consuming process, energy, dedication as well as the skills and Experience of the persons involved in the task. The basic view is to evolve an original and substantial work with many helping hands. Joining NETMAX TECHNOLOGIES as trainees gave me solid platform for nursing my professional career. I t g i v e s m e i m m e n s e p l e a s u r e t o e x p r e s s m y deepest gratitude towards all those persons who have been a vital part of this creation. But thinking them all specifically seems to be impossible, so to fit into the framework of words and acknowledgement. I would like to thank my sir Mr. Jaswinder Singh and Mr. Ajit Pal Brar for providing me the environment which really nursed me to endeavor my professional career. Their backup and motivation always inspired me and acted as a morale booster.
I whole-heartedly thank the whole NETMAX TEAM for giving me the opportunities to bring out the best in me and developing my talents and knowledge, not only in the technical field but also in my overall personality. My sincere thanks goes to all the people who cooperated by providing very cordial environment during the course of work.
All Sincere thanks to Respected HOD sir (CSE) for guiding me not only as a faculty but also for all other problems.
In addition, I would like to thank my colleges T.P. Dept. for the permission to allow me to go on industrial training and have the industry related experience.
Last but not the least, I express my deep felt gratitude to my parents and friends without whose moral support and encouragement, I would have never been able to bring this project to completion in such a presentable form and that too successfully!
TABLE OF CONTENTS S. NO. TITLE 1. ABOUT THE ORGANISATION 2. FLOW CHART OF THE PROCESS AT THE ORGANISATION 3. DETAILS OF WORK/JOB ASSIGNED 4. LEARNING OUTCOMES & ANALYSIS 5. CONCLUSIONS 6. FUTURE SCOPE OF THIS TYPE TRAINING PAGE NO.
The Project Report should be spiral-Binding and the title page should be as per the format (Black on white A4 sheet). Note:
1. One copy is to be submitted to the examiners panel at the time of presentation and evaluation 2. Training report must have minimum 20-30 A4 pages. 3. A power point presentation of 8-10min duration followed by question answer session would be done by each student.
Format must be in New Time Roman (12) for normal and Headlines Size must be
(14+Bold)
Since Their inception, they have remained true to five unwavering commitments...
Draw on the expertise of experienced trainers. Each of our trainers has an average of four years relevant experience in the industry. Together, they have accumulated thousands of teaching hours. No other training center in Region boasts a team with this level of expertise. Provide an environment that is conducive to learning. Among other things, participants have access to top-of-the-line network and system infrastructure. This is why we adhere to rigorous standards of methodology and ensure that our faculty and technicians provide you with assistance should you encountering any problems. Use comprehensive learning material. We provide each participant with comprehensive material that is recommended and an easy-to-use reference guide in which students can find any of the information covered during the course. Provide concrete and current course content. We constantly update and improve our course content in response to the changes made by vendors like CISCO, Microsoft.
Lovely Professional University Punjab
OUR TEAM
Presently we have a strong technical team of certified professionals for catering to these solutions and have presence in Chandigarh and Punjab. We have skilled team of engineers who are experienced in design, programming. We are having more than 15 engineers who are having prestigious certifications like CCNA, CCNP, CCSP, CCSA, MCSE, RHCE, C++, C, and JAVA & PHP MySQL Programming.
Cisco Certified Network Associate (CCNA) NETMAX-TECHNOLOGIES provide the following Courses in IT & Embedded Systems given below:
Network Training
CISCO CCNA, CCNP,CCSP,CCIE
SUN SOLARIS WINDOWS 2000, 2003 (MCP,MCSA & MCSE) SUSE LINUX
Software Training
VB .Net C# .Net ASP .Net PHP JAVA C/C++
To achieve all these objectives we must know about following technologies: Switches VLAN, Inter VLAN, Frame Tagging, Spanning Tree, Port Security, Ether Channel Routing Static, Dynamic, RIP, EIGRP, OSPF Security Access-lists, CBAC, VPN, NAT To perform all these tasks on Router and Switches some prerequisites are required: OSI and TCP/IP model IPv4 basics & Sub-netting Router and Switch Administration
What is Network?
In one network more than one computer connected with each other through centralized device. They can share files and resources with each other.
LAN
LAN stands for Local Area Network. The scope of the LAN is within one building, one school or within one lab. In LAN (Hub), media access method is used CSMA/CD in which each computer sense the carrier before sending the data over the n/w. if carrier is free then you can transmit otherwise you have to wait or you have to listen. In multiple access each computer have right that they can access each other. If two computers sense the carrier on same time then the collision occur. Each computer, in the network, aware about the collision. Now this stop transmitting and they will use back off algorithm. In which random number is generated. This number or algorithm is used by each computer. Who has short number or small number, he has first priority to transmit the data over the network and other computers will wait for their turn.
WAN
WAN stands for Wide Area Network, in which two local area networks are connected through public n/w. it may be through telecommunication infrastructure or dedicated lines. For e.g: ISDN lines, Leased lines etc. In which we can use WAN devices and WAN technology. You can also connect with your remote area through existing Internetwork called Internet.
Switch
Switch is also used to connect multiple workstations. Switch is more intelligent than hub. It has special kind of memory called mac address/filter/lookup table. Switch reads mac addresses. Switch stores mac addresses in its filter address table. Switch when receives frame, it reads the destination mac address and consult with its filter table. If he has entry in its filter table then he forwards the frame to that particular mac address, if not found then it performs broadcasting to all its connected nodes. Every port has its own buffer memory. A port has two queues one is input queue and second is output queue. When switch receives the frame, the frame is received in input queue and forward from output queue. So in case of switch there is no chance or place for collisions. In case of switch, the media access method is used CSMA/CA (Carrier Sense Multiple Access/ Collision Avoidance). Switches provide more efficiency, more speed and security. There are two types of switches: Lovely Professional University Punjab
Cisco Certified Network Associate (CCNA) (i) Manageable switches (can be configured with console cable). (ii) Non-manageable switches. We can perform LAN segmentation by using switches.
Bridge
Bridge is a hardware device, which is used to provide LAN segmentation means it is used for break the collision domain. It has same functionality as performed by switch. We can use bridge between two different topologies. It has fewer ports. Each port has a own buffer memory. It works on Data Link Layer of OSI model. It also read mac address and stores it in its filter table. In case of bridge there is one broadcast domain.
Router
Router is hardware device, which is used to communicate two different networks. Router performs routing and path determination. It does not perform broadcast information. There are two types of routers: (i) Hardware Routers are developed by Cisco, HP. (ii) Software Routers is configured with the help of routing and remote access. This feature is offered by Microsoft. This feature is by default installed, but you have to enable or configure it. Hardware routers are dedicated routers. They are more efficient. But in case of software routers, it has less features, slow performance. They are not very much efficient.
LAN Card
LAN card is media access device. LAN card provide us connectivity in the network. There is a RJ45 (Registered Jack) connector space on the LAN card. RJ45 is used in UTP cable. There is another led which is also called heartbeat of LAN card. When any activity occurs it may be receiving or transmitting any kind of data. This led start blinking and also tells us the status of LAN card.
Network Security
Classification Access Control List: Types of ACL based on Protocol: (1) IP Access Control List (2) IPX Access Control List (3) AppleTalk Access Control List Types of ACL based on Feature: (1) Standard ACL (2) Extended ACL Types of ACL based on Access mode: (1) Numbered ACL (2) Named ACL Types of ACL based on Order of rules: (1) Deny, permit (2) Permit, deny Types of ACL based on direction of implementation: (1) Inbound ACL (2) Outbound ACL
A Packet is received
No
Yes
No
Yes Yes No
Is it permit ?
Router#conf ter Router(config)#access-list <no> <permit|deny> <source> Router(config)#exit <source> Single pc host 192.168.10.5 192.168.10.5 192.168.10.5 0.0.0.0 200.100.100.0 0.0.0.255 200.100.100.32 0.0.0.15 any
Example: - 172.16.0.16 18 should not access Internet; rest of all other pc should access Internet.
Internet
Router
172.16.0.1
172.16.x.x Router#conf ter Router(config)#access-list 30 deny 172.16.0.16 Router(config)#access-list 30 deny 172.16.0.17 Router(config)#access-list 30 deny 172.16.0.18 Router(config)#access-list 30 permit any Router(config)#exit
Internet
Router
Router(config)#access-list 25 permit 192.168.10.32 0.0.0.31 Router(config)#access-list 25 permit 192.168.10.64 0.0.0.3 Router(config)#access-list 25 permit 192.168.10.68 Router(config)#access-list 25 permit 192.168.10.69 Router(config)#access-list 25 permit 192.168.10.70 Router(config)#interface serial 0 Router(config-if)#ip access-group 25 out
Router#conf ter Router(config)#ip access-list standard abc Router(config-std-nacl)#deny 172.16.0.16 Router(config-std-nacl)#deny 172.16.0.17 Router(config-std-nacl)#deny 172.16.0.18
Lovely Professional University Punjab
<no> <protocol>
-> ->
Cisco Certified Network Associate (CCNA) ICMP IGRP no (1 to 65535) or telnet/www/ftp etc. Single pc 192.168.10.4 0.0.0.0 host 192.168.10.4 N/w 200.100.100.0 0.0.0.255 Subnet 172.30.0.32 0.0.0.7 All Any
To display ACL
Router#show access-lists or Router#show access-list <no>
Router
200.100.175.x
Router
200.100.100.x Router(config)#access-list 130 permit tcp any host 200.100.100.3 eq 80 Router(config)#access-list 130 permit tcp 200.100.175.0 0.0.0.255 200.100.100.4 0.0.0.0 Eq 21 Router(config)#access-list 130 permit icmp 200.100.175.80 0.0.0.0 any Router(config)#access-list 130 permit tcp 200.100.175.80 0.0.0.0 any eq 23 Router(config)#access-list 130 permit udp any host 200.100.100.8 eq 53
Cisco Certified Network Associate (CCNA) protocol information and port number. There are also MAC extended access lists that use source and destination MAC addresses and optional protocol type information. Switches scrutinize all inbound ACLs applied to a certain interface and decide to allow traffic through depending on whether the traffic is a good match to the ACL or not. ACLs can also be used to control traffic on VLANs. You just need to apply a port ACL to a trunk port. Switch#conf ter Switch(config)#mac access-list extended abc Switch(config-ext-mac)#deny any host 000d.29bd.4b85 Switch(config-ext-mac)#permit any any Switch(config-ext-mac)#do show access-list Switch(config-ext-mac)#int f0/6 Switch(config-if)#mac access-group abc in
Time-Based ACLs
In this you can specify a certain time of day and week and then identity that particular period by giving it a name referenced by a task. The reference function will fall under whatever time constraints you have dictated. The time period is based upon the routers clock, but it is highly recommended that using it in conjunction with Network Time Protocol (NTP) synchronization. Router#conf ter Router(config)#time-range no-http Router(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00 Router(config-time-range)#exit
Router(config)#time-range tcp-yes Router(config-time-range)#periodic weekend 06:00 to 12:00 Router(config-time-range)#exit Router(config)ip access-list extended time Router(config-ext-nacl)#deny tcp any any eq www time-range no-http Router(config-ext-nacl)#permit tcp any any time-range tcp-yes Router(config-ext-nacl)#interface f0/0 Router(config-if)#ip access-group time in Router(config-if)#do show time-range
Remarks
Remarks are the comments or remarks regarding the entries you have made in both your IP Standard and Extended ACLs. Router#conf ter Router(config)#access-list 110 remark <remark words> permit rahul from admin only to sale
Lovely Professional University Punjab
Cisco Certified Network Associate (CCNA) Router(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255 Router(config)#access-list 110 deny ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255 Router(config)#ip access-list extended no_telnet Router(config-ext-nacl)#remark deny all of finance from telnetting to sale Router(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.20.0 0.0.0.255 eq 23 Router(config-ext-nacl)#permit ip any any Router(config-ext-nacl)#do show run
Advantage of NAT
There are two reasons due to which we use NAT: (1) Conserve Live IP address On Internet, there are limited no of IP addresses. If our Pc wants to communicate on Internet then it should have a Live IP address assigned by our ISP. So that IP address request will depend on no. of PCs that we want to connect on Internet. Due to this, there will be a lot of wastage in IP addresses. To reduce wastage, we can share live IP addresses between multiple PCs with the help of NAT. (2) NAT enhances the network security by hiding PC & devices behind NAT.
10.0.0.5
10.0.0.6
Switch
10.0.0.1
NAT
200.100.100.12
Internet
10.0.0.7
10.0.0.8
10.0.0.5 200.100.100.12 1080 10.0.0.6 200.100.100.12 1085
1100
Port Translation
10.0.0.8 200.100.100.12 1024
Live 200.1.1.5
Local 192.168.10.6
Web 192.168.10.6
DNS 192.168.10.7
Cisco Certified Network Associate (CCNA) Local address => 172.16.X.X Except => 172.16.0.5 172.16.0.6 172.16.0.7
Internet
Router
Web Server DNS Full access 172.16.0.5 172.16.0.6 172.16.0.7 Pool allotted => 200.1.1.0 15/28 Server Static => 200.1.1.3 = 172.16.0.7 Port Based Static NAT 200.1.1.4:53 = 172.16.0.6 200.1.1.4:80 = 172.16.0.5 Client Dynamic NAT Pool => 200.1.1.8 200.1.1.12/28 Local address => 172.16.0.X Except 172.16.0.5 172.16.0.6 172.16.0.7
172.16.X.X
Configuring NAT
Router#conf ter Router(config)#int serial 0 Router(config-if)#ip nat outside Router(config-if)#int eth 0 Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3 Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80
Lovely Professional University Punjab
Cisco Certified Network Associate (CCNA) Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53 Router(config)#access-list 30 deny 172.16.0.5 Router(config)#access-list 30 deny 172.16.0.6 Router(config)#access-list 30 deny 172.16.0.7 Router(config)#access-list 30 permit any Router(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240 Router(config)#ip nat inside source list 30 pool abc overload NAT + PAT