Professional Documents
Culture Documents
We can share
the resources with the help of operating system like windows, Linux, UNIX etc. To
connect multiple networks we have to use internetworking devices like router, bridge,
layer 3, switches etc.
Server
Software
P
R
O
T
O
C
O
L
Stack
Apache,
IIS,
Exchange 2003,
FTP Server,
Send Mail
TCP/IP,
IPX/SPX,
AppleTalk,
Netbeui
Client
Software
Internet Explorer,
Outlook Express,
Yahoo messenger,
Cute FTP
P
R
O
T
O
C
O
L
Stack
NIC
NIC
Media
Media
If NIC are different then use bridge. If media is different then use Trans-Receive devices.
OSI Model
OSI model is the layer approach to design, develop and implement network. OSI
provides following advantages: (i)
Designing of network will be standard base.
(ii)
Development of new technology will be faster.
(iii)
Devices from multiple vendors can communicate with each other.
(iv)
Implementation and troubleshooting of network will be easy.
Software
Application Layer
Presentation Layer
Session Layer
Protocol Stack
Transport Layer
Network Layer
Physical Layer
Data Link Layer
NIC
Media
(1) Application Layer: Application layer accepts data and forward into the protocol stack. It creates user
interface between application software and protocol stack.
(2) Presentation Layer: This layer decides presentation format of the data. It also able to performs other
function like compression/decompression and encryption/decryption.
(3) Session Layer: This layer initiate, maintain and terminate sessions between different applications.
Due to this layer multiple application software can be executed at the same time.
(4) Transport Layer: Transport layer is responsible for connection oriented and connection less
communication. Transport layer also performs other functions like
(i) Error checking
(ii) Flow Control
Buffering
Windowing
Multiplexing
(iii) Sequencing
(iv) Positive Acknowledgement
(v) Response
Connection Oriented Communication
Sender
Receiver
Request for synchronize
Virtual
Connection
Or
Handshaking
Negotiation
Acknowledgement
Send
Send
Data
Transfer
Acknowledgement
Send
Acknowledgement
Terminate
Or
Receiver
Send
Logical addressing defines network address and host address. This type of
addressing is used to simplify implementation of large network. Some examples
of logical addressing are: - IP addresses, IPX addresses etc.
Path determination
Network layer has different routing protocols like RIP, EIGRP, BGP, and ARP
etc. to perform the path determination for different routing protocol.
Network layer also perform other responsibilities like defining quality of service,
fragmentation and protocol identification.
Logical Link Control defines the encapsulation that will be used by the
NIC to delivered data to destination. Some examples of Logical Link
Control are ARPA (Ethernet), 802.11 wi-fi.
Media Access Control defines methods to access the shared media and
establish the identity with the help of MAC address. Some examples of
Media Access Control are CSMA/CD, Token Passing.
Data Encapsulation
Data
Application Layer
Physical Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer 1 0
Data*
Data**
Data***
Transport Header | Data
Network Header | Segment
Header | Packet | Trailer
= Segment
= Packet
= Frame
= Bits
DCE
CSU | DSU
DTE
Channel Service Unit Data Service Unit
Data Terminal Equipment
DCE: - DCE convert the bits into signal & send them on media.
FDDI Fiber Distributed Data Interface
Switch forwards frames on the base of MAC address.
Router forwards packets on the base of IP address.
LAN Technologies
LAN
Ethernet
10 10000 mbps
100 m
Token Ring
FDDI
Wi-Fi
4 16 mbps
100m
4 16 mbps
up to 2 km
1 108 mbps
up to 40 km
Ethernet
Ethernet is the most popular LAN technology. It can support verity of media like copper
(UTP, Coaxial, fiber optic). This technology supports wide range of speed from 10mbps
to 10000 mbps.
Ethernet at Logical Link Control
To create logical link control Ethernet uses ARPA protocol also called IEEE802.3.
Ethernet adds source MAC, destination MAC, error checking information and some other
information to data. Ethernet encapsulation explain as follows
Preamble
64
1010101010..10
start frame
Delimiter 8
Destination
MAC
48
49
Source MAC
48
Length
16
Data up to
1500 bytes
10101011
Receive data
Yes
Is
carrier
busy?
No
Do we have
any data to
communicate?
Yes
No
Frame
Check
Sequence
16
Ethernet Family
Speed
10
10
10
10/100(present)
100
100
1000(Server)
1000
10000
Base band
Base 2
Base 5
Base T
Base TX
Base T4
Base FX
Base TX
Base FX
Base FX
Ethernet frame
Preamble An alternating 1,0 pattern provides a 5MHz clock at the start of each packet,
which allows the receiving devices to lock the incoming bit stream.
Start Frame Delimiter (SFD)/Synch The preamble is seven octets and the SFD is one
octet (synch). The SFD is 10101011, where the last pair of 1s allows the receiver to come
into the alternating 1,0 pattern somewhere in the middle and still sync up and detect the
beginning of the data.
Length or type 802.3 uses a length field, but the Ethernet frame uses a type field to
identify the network layer protocol. 802.3 cannot identify the upper-layer protocol and
must be used with a proprietary LAN-IPX, for example
Ethernet Cabling
Coaxial cabling
Requirement: T connector, Terminator, BNC connector, Coaxial cable, 10 base2 lan cards
T Connector
Terminator
BNC
Lan card
This is used by BUS topology with 10 mbs Base 2 and Base 5. it is not used currently.
UTP Cabling
In the UTP, we have used different topology to create the network.
(1)
Hub / Switch
PC
PC
In any Ethernet UTP topology we have to use one of the two types of cables
(1) Straight cable
(2) Cross cable
TX
RX
Structure Cabling
Requirement: Rack, patch panel, Switch/ Hub( Rack Mounable), patch cord, I/O connector, I/O box,
UTP cable
Tool: - Punching tool
(7)
In Ethernet only one pc is able to send data at a time, due to this the bandwidth of
Ethernet will be shared.
Not an equal access technology.
One pc will send data, which will be received by the all devices of network. Due
to this data communication will not be secured.
Collision will occur in the network and collision will lead to other problems like
latency, delay and reduce throughput.
Latency time duration to send packet from start to end.
Throughput speed to send data (output)
All PCs will have single broadcast domain. Due to this the bandwidth will be
reduced.
Hub
Hub
New
Port1
Bridge
Port3
Port2
Hub
Hub
Hub
1 broadcast domain
Working of Bridge: Working of Bridge explains in following steps: (i)
Bridge can receives a frame in the buffer memory.
(ii)
The source MAC address of frame this stored to the bridging table.
Port number
MAC address
1
2
3
(iii)
According to the destination MAC address the frame will be forwarded or
drop
(a) If destination MAC address of the frame is known then frame is
forwarded to the particular port.
(b) If destination MAC address is unknown by bridging table then frame
is forwarded to the all port except receiving port.
(c) If destination MAC address is broadcast MAC address ff.ff.ff.ff.ff.ff.
(d) If destination MAC address exist on the same port from which port
received then frame is dropped.
Collision domain
A group of pc, in which collision can occur, is called a collision domain.
Broadcast domain
A group of pc in which broadcast message is delivered is called broadcast domain.
LAN segmentation using Switches
Due to perform Lan segmentation using switches. We have to remove hubs from the
network and replace hub with switches the working of switches. The working of switch is
exactly like a bridge. A multiport bridge can be used as a bridge.
Switch
Switch
Switch
1 broadcast domain
Collision domain = micro segmentation
Switchs working is same like bridge
Advantages: (1) Bandwidth will not be shared and overall throughput will depend on wire
speed of the switch. Wire speed is also called switching capacity measured
in mbps or gbps.
Minimum port on switches = 4
Maximum port on switches = 48
(2) Any time access technology.
(3) One to one communication so that network will be more secures.
(4) Switches will perform micro segmentation and no collision will occur in
network.
Lan segmentation using router
If we are facing high concession in the n/w due to the large number of broadcast then we
can divide broadcast domain of network. So that number of broadcast message will be
reduced.
Exist: Switch | Hub
Switch | Hub
Switch | Hub
New: R
Switch | Hub
Switch | Hub
Switch | Hub
We have to install router between multiple switches to divide the broadcast domain. Each
broadcast domain has to used different network address and router will provide inter
network communication between them.
Router operation
When a pc has to send data to a different network address, then data will be forwarded to
the router. It will analysis IP address of the data and obtain a route from the routing table.
According to the route data will be dropped, If route not available.
Pc Architecture
K/B
Controller
Processor
Keyboard
Memory controller
I/O
Controller
RAM
Serial
Parallel
USB
BIOS
ROM
HDD
CMOS
RAM
Display
Card
FD
CDD
Sound
Card
V.D.U
Router Architecture
LAN
Processor
I/O
Controller
Memory
Controller
BIOS
ROM
Incomplete
IOS
NVRAM
RAM
WAN
Ports
Flash
RAM
O/S
IOS
Startup Configuration
Non-Volatile
RAM
(1) Processor
Speed: - 20 MHz to 1GHz
Architecture: - RISC
Reduce Instruction set computer
Manufacturers: - Motorola, IBM, Power PC, Texas, Dallis, Intel.
(2) Flash RAM
Flash Ram is the permanent read/write memory. This memory is used to store one
or more copies of router o/s. Router o/s is also called IOS (Internetwork Operating
System).
Flash Ram stores the only o/s.
The size of flash ram in the router is 4mb to 128mb. The flash ram may be
available in one of the following three packages: SLMM Flash: - Single Line Memory Module
PCMCIA Flash: - Personal Computer Memory Card Interface Architecture
Compact Flash: - (Small Memory)
(3) NVRAM
NVRAM is a Non Volatile Random Access Memory. It is used to store the
configuration of the Router. The size of NVRAM is 8 KB to 512 KB.
(4) RAM
Ram of the router is divided into two logical parts.
(i) Primary RAM
(ii) Shared RAM
Primary RAM
Primary RAM is used for: (a) Running copy of IOS.
(b) Running configuration
(c) Routing table
(d) ARP table (IP address to MAC address)
(e) Processor & other data structure
Shared RAM
Shared RAM is used as a buffer memory to shared the data received from
different interfaces. Size of ram in a router may vary from 2 mb to 512 mb. The
types of memory that may be present in a ram are: (a) DRAM -> Dynamic RAM
(b) EDORAM -> Extended Data Out Ram
(c) SDRAM -> Synchronous Dynamic Ram
(5) BIOS ROM
The BIOS ROM is the permanent ROM. This memory is used to store following
program & Routines: (i)
Boot strap loader (doing booting)
(ii)
Power on self test routines
(iii) Incomplete IOS
(iv)
ROM Monitor (ROM-MON)
Booting difference between router & Pc
Router
ROM-MON
Incomplete IOS
FLASH
PC
CMOS Setup
Bootable Floppy/CD
O/S From HDD
color
yellow
AUI
DB15
yellow
Fast Ethernet
Serial
RJ45
DB60
yellow
blue
Smart Serial
BRI ISDN
SS
RJ45
blue
orange
VOIP
RJ11
white
Speed
10 mbps
Use
to connect Ethernet LAN
Using UTP media
10 mbps
to connect Ethernet LAN
Using Trans-Receiver
100 mbps
to connect Ethernet LAN
E1-2 mbps
to connect WAN
T1-1.5 mbps Technology like Leased
Lines, Radio link, Frame
Relay, X.25, ATM
192 kbps
to connect ISDN Basic
Rate Interface
to connect Phones, Fax,
EPABX
Connector
RJ45
Auxiliary
RJ45
Color
sky blue
black
-
Speed
9600bps
Details
used for configuration
Using PC
depend on to connect remote
Modem
router using PSTN line
to connect remote router
with telnet protocol via
interface
4/16 mbps
E1-2048 kbps
T1-1544 kbps
up-640 kbps
Down-8 mbps
Configuring Password
There are five types of password available in a router
(1) Console Password
router#configure terminal
router(config)#line console 0
router(config-line)#password <word>
router(config-line)#login
router(config-line)#exit
to erase password do all steps with no command.
(2) Vty Password
router>enable
router#configure terminal
router(config)#line vty 0 4
router(config-line)#password <word>
router(config-line)#login
router(config-line)#exit
(3) Auxiliary Password
router#configure terminal
router(config)#line Aux 0
router(config-line)#password <word>
router(config-line)#login
router(config-line)#exit
(4) Enable Password
router>enable
router#configure terminal
router(config)#enable password <word>
router(config)#exit
(5) Enable Secret Password
Enable Password is the clear text password. It is stored as clear text in configuration
where as enable secret password is the encrypted password with MD5 (Media Digest 5)
algorithm.
Router>enable
Router#configure terminal
Router(config)#enable secret <word>
Router(config)#exit
Encryption all passwords
All passwords other than enable secret password are clear text password. We can encrypt
all passwords using level 7 algorithm. The command to encrypt all password are
Router#configure terminal
Router(config)#service password-encryption
Managing Configuration
There are two types of configuration present in a router
(1) Startup Configuration
(2) Running Configuration
(1) Startup configuration is stored in the NVRAM. Startup configuration is used to save
settings in a router. Startup configuration is loaded at the time of booting in to the
Primary RAM.
(2) Running Configuration is present in the Primary RAM wherever we run a command
for configuration, this command is written in the running configuration.
To save configuration
Router#copy running-configuration startup-configuration
Or
Router#write
To abort configuration
Router#copy startup-configuration running-configuration
To display running-configuration
Router#show running-configuration
To display startup configuration
Router#show startup-configuration
Configuring HostName
Router#configure terminal
Router#hostname <name>
<name>#exit or end or /\z
Configuration Interfaces
Interfaces configuration is one of the most important part of the router configuration. By
default, all interfaces of Cisco router are in disabled mode. We have to use different
commands as our requirement to enable and configure the interface.
Configuring IP, Mask and Enabling the Interface
Router#configure terminal
Router(config)#interface <type> <no>
Router(config-if)#ip address <ip> <mask>
Router(config-if)#no shutdown
Router(config-if)#exit
Interface Numbers
Interface numbers start from 0 for each type of interface some routers will directly used
interface number while other router will use slot no/port no addressing technique.
Eth 0
Serial 0
Serial 1
Slot 1
Serial 1/0
Serial 1/1
Slot 0
Serial 0/0
Configuring Banners
Banners are just a message that can appear at different prompts according to the type.
Different banners are: Message of the day (motd)
This banner appear at every access method
Login
Appear before login prompt
Exec
Appear after we enter to the execution mode
Incoming
Appear for incoming connections
Syntax:Router#config terminal
Router(config)#banner <type> <delimation char>
Text Massage
<delimation char>
Router(config)#
Example:Router#config terminal
Router(config)#banner motd $
This router is distribution 3600 router connected to Reliance
$
Router(config)#
Configure Login
Router generates the log message, which has stored in the router internal buffer and also
displayed on the console.
To display log buffer
Router#show logging
To send log messages to sys log server
Router#config ter
Router(config)#logging <IP address>
Router(config)#exit
To configure synchronous logging on console
Router#config terminal
Router(config)#line console 0
Router(config)#logging synchronous
Router(config)#exit
syslog server windows->search on google to install syslog server on our pc which creates
a file in which we store logging buffer memory on the pc.
(3) The router will enter to the Rom Monitor. Type following commands
Rom Mon>confreg <value>
Rom Mon>i
Note: - in 2500 series router o/r command should be used in place of confreg
command.
Boot System commands
Boot system command is the second method to control sequence of router. These
commands will be executed only when configuration register is set to 0x2102.
Boot system commands are executed in global configuration mode. These commands are
executed in the same sequence they are applied to the router. If one boot system
command is successful then next boot system command is not executed in the router.
Router(config)#boot system flash <file name>
To boot router from specific file in flash
Router(config)#boot system tftp <file name> <IP address>
To boot router from TFTP server/network
Router(config)#boot system flash
To boot from first file in flash
Router(config)#boot system rom
To boot from incomplete IOS
TFTP server
TFTP server is modified form of FTP. It is used to transfer file without performing
authentication. TFTP has only home directory, in which subdirectories are not allowed.
Directory browsing is not allowed in the home directory.
TFTP is the udp-based protocol, which works on port no 69. TFTP has following
features in comparison to the FTP.
(1) Only get file and put file service is available.
(2) Authentication is not supported.
(3) Home directory may not have subdirectories
(4) Directory browsing is not allowed
Installation and Configuration of TFTP server
In windows system, we have to execute following steps to use the pc as TFTP server.
(1) Download TFTP server software from Internet.
(2) Install the TFTP server software on pc.
(3) If software is not installed as the service then software should be running on
screen. Configure home directory of server or use default.
4) Restore/Upgrade IOS
There are four different conditions in which we can restore/upgrade ios.
Case 1: old ios is present and flash is in read/write mode.
i) Copy ios image in tftp servers home directory.
ii) Test connectivity and make sure tftp server is running.
iii) On router use commands: Router# copy tftp flash
Source file: Destination file: IP address: Erase Flash [y/n]:
Case2: old ios is present but flash is in read only.
i) In this case, we have to set config-register to 0x2101 to boot the router from
incomplete ios.
ii) After booting the flash will be read/write mode. Now use same command as in
condition case 1.
iii) When ios loading is complete reset config-register to 0x2102.
Case3: old ios is not present but incomplete ios is present in bios.
The router will automatically boot from incomplete ios. And we have to execute
same commands as in case1 and case2.
Case4: complete ios and incomplete ios is not present in router.
There are two methods to load ios with the help of Rom Monitor mode.
Method1: loading ios using xmodem
In this case we have to use xmodem command and the ios will be loaded with the
help of console cable. Tftp is not required in this case.
i) Enter to the Rom Monitor and type following command.
Rom Mon 1>xmodem <filename>
ii) When router display a message Ready to receive file then click on
HyperTerminal then Transfer>> Send file>> use browse to select file>> select protocol
xmodem>> send.
Method2: in this case we have to use tftp server in Rom Monitor.
i) Connect the pc tftp server make sure tftp is running and ios image present in the
home directory.
ii) Enter to the Rom Monitor mode and type following command.
Rom Mon>IP_ADDRESS=10.0.0.2
TFTP_SERVER=10.0.0.1
TFTP_FILE=<filename>
DEFAULT_GATEWAY=10.0.0.1
IP_SUBNET_MASK=255.0.0.0
>tftpdnld
When ios transfer is completed then type command.
Rom Mon>boot
Router#show version
To view from where ios boot.
Router#show flash
TCP/IP MODEL
TCP/IP is the most popular protocol stack, which consist of large no of protocol.
According to the OSI model TCP/IP consist of only four layers. TCP/IP model is
modified form of DOD (Department of Defense) model.
A
Http Smtp Dns Ftp Tftp Telnet Ntp Snmp Ssl Rdp & many more
80
25 53 20 69
23 123
443 3389 pop3 imap
Application
S
T
TCP | UDP
Transport
(Host to Host)
Internet Protocol
N
Ph
Internet
Network
Access
DL
Application Layer
This layer contains a large no. of protocols. Each protocol is designed to act as server &
client. Some of protocol will need connection oriented. TCP and others may need
connection less UDP for data transfer.
Application layer use port no.s to identity each application at Transport layer.
This layer performs most of functions, which are specified by the Application,
Presentation, and Session layer of OSI model.
Transport Layer
Two protocols are available on Transport layer
1) Transmission Control Protocol
2) User Datagram Protocol
1) Transmission Control Protocol
TCP performs connection-oriented communication. Its responsibilities are: i) Error Checking
ii) Acknowledgement
iii) Sequencing
iv) Flow Control
v) Windowing
TCP Header (24 bytes)
Bytes 4
Bytes 4
4
Checksum 16 bits
Options 0 or 32
Window
16 bits
(512 bytes onwards 1024)
Urgent 16 bits
Length 16 bits
Ckecksum 16 bits
Data
Internet Layer
The main function of Internet layer is routing and providing a single network interface to
the upper layers protocols. Upper or lower protocols have not any functions relating to
routing. To prevent this, IP provides one single network interface for the upper layer
protocols. After that it is the job of IP and the various Network Access protocols to get
along and work together. The main protocols are used in Internet layer:1) Internet Protocol (IP)
2) Internet Control Message Protocol (ICMP)
3) Address Resolution Protocol (ARP)
4) Reverse Address Resolution Protocol (RARP)
5) Proxy ARP
Internet Protocol
This protocol works at internet layer. It is responsible for logical addressing, defining
type of service and fragmentation. Segment data
IP Header (20 24 bytes)
IP version (4bits)
Identification no (16)
Flag (3)
Protocol (8)
Source IP (32)
Destination IP (32)
Options (0 or 32 bits if any)
IP Subnet
In TCP/IP by default three sizes of networks are available: (1) Class A -2 24 PC -> 16777216
(2) Class B - 216 PC-> 65536
(3) Class C 28PC -> 256
In subneting, we will divide class A,B & C network into small size sub networks. This
procedure is called subneting.
Subneting is performed with the help of subnet mask. There are two types of
subneting that we performed: (1) FLSM Fixed Length Subnet Mask
(2) VLSM Variable Length Subnet Mask
Why to Sub?
(i) Default Class Network provide us large no. of PCs in comparison to the requirement
of PCs in the network.
(ii) It is practical never possible to create a class A or class B sized network.
To reduce the broadcast of network, we have to perform LAN segmentation of
routers. In each sub network, we need different network addresses.
How to Subnet?
In this formula, we will first modify our requirement according to the no. of subnet
possible then we calculate new subnet mask and create IP range.
Example 1
Class = C
No. of subnet =5
Step1
No. of subnet possible is 2,4,8,16,32
Class= C
No. of subnets= 8
Step 2
Calculate key value
2? = No. of subnets
2? = 8
23= 8
Step 3
Calculate new subnet mask
In class C
Net id
24+key
24+3
Host id
8-key
8-3
27
11111111.11111111.11111111.11100000
255.
255.
255.
224
We add this address to make subnet mask
Step 4
Range
No. of Pc/Subnet= Total Pc/ No. of Subnet
= 256/8 =32
In Class C
x.x.x.0 x.x.x.31
(1)(30)
x.x.x.32- x.x.x.63
6495
96127
128159
160191
192223
x.x.x.224-x.x.x.255
The first IP of each subnet will be subnet id and last IP will be sub network broadcast
address.
Example 2
Class= C
No. of subnet= 10
Step 1
No. of subnet= 16
Step 2
24= 16
Step 3
Net id
Host id
24+4
8-4
11111111.11111111.11111111.11110000
Subneting method 2
Class=
No. of Pc/Sub= 8
Mask= ?
Range= ?
In this case we have to calculate the key according to the no. of per subnet according to
the key value the bits of subnet mask from right hand side are set to zero then range is
calculated.
Example
Class= C
No. of Pc/Sub=5
Step 1
No. of Pc/Subnet possible 4,8,16,32,64.
New requirement
Class= C
No. of Pc/Sub= 8
Step 2
2?= No. of Pc/Sub
2?= 8
23= 8
key 3
11111111.11111111.11111111.11111000
255.
255.
255.
248
No. of Subnet= Total Pc/(Pc/Sub)
= 256/8
Class C
255.255.255.248
200.100.100.0 200.100.100.7
.8
.16
.24
.
.
Example 2
Class C
No. of Pc/Sub=50
Step 1
Class= C
No. of Pc/Sub= 64
Sub
32
.15
.23
.31
Pc/Sub
8
Step 2
26= 64
11111111.11111111.11111111.11000000
255.
255.
255.
192
No. of subnet= 256/64= 4
Class C
255.255.255.192
Sub
4
Pc/Sub
64
Method 3
No. of Pc/Sub= 50
New req.
No. of Pc/Sub= 64
No. of Subnet= 256/64= 4
Class= C
No. of Sub= 4
22= 4
24+2
8-2
11111111.11111111.11111111.11000000
255.
255.
255.
192
Zero Subnet
According to the rules of IP Addressing the first subnet and last subnet is not useable due
to routing problem. In new Cisco router a command is present in default configuration.
With this command, we are able to use first and last Subnet after Subneting.
Command is
Router#config ter
Router(config)#ip subnet-zero
Router(config)#exit
Example: - Check whether an address is valid IP, N/w address or Broadcast address. If
IP is valid then calculate its N/w & Broadcast address.
200.100.100.197
255.255.255.240
28 4
200.100.100.197
200.100.100.1100
0101
Valid IP
200.100.100.192
200.100.100.1100
0000
Network address
200.100.100.207
200.100.100.1100
1111
Broadcast address
Example: Class= B
No. of subnet= 64
26= 64
11111111.11111111.11111111.11000000
255.
255.
255.
192
No. of Pc/Sub= 65536/64= 1024
150.20.0.0 150.20.3.255
150.20.4.0 150.20.7.255
150.20.8.0 150.20.11.255
No Subneting
200.100.8.X
200.100.1.X
200.100.7.X
200.100.4.X
200.100.6.X
200.100.5.X
200.100.3.X
200.100.9.X
FLSM
200.100.1.112-127/28
200.100.1.128-143/28
200.100.1.95-111/28
200.100.1.48-63/28
200.100.1.80-95/28
200.100.1.64-79/28
200.100.1.32-47/28
200.100.0-15/28
200.100.1.16-31/28
Remaining Subnet
144 159
160 175
176 191
192 207
208 223
224 239
240 255
Problem with FLSM
In FLSM, we have to create subnet of equal size. All N/w will be allotted constant size
subnet instead of their IP addresses requirement. Due to this a N/w may be allotted more
than required IP address and less than required IP addresses.
VLSM
/25
/26
/27
/28
/29
255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248
Sub
2
Pc/Sub
128
0 127
128 255
Sub
4
Pc/Sub
64
0 63
64 127
128 191
192 255
Sub
8
Pc/Sub
32
0 31
32 63
64 95
96 127
Sub Pc/Sub
16
16
Sub Pc/Sub
32
8
0 15
16 31
32 47
48 63
64
80 95
96 111
/30
255.255.255.252
Sub Pc/Sub
64 4
03
47
8 11
12 15
20
32-63/30
2
4-7/30
2
8-11/30
64
64-95/27
2 IP
0-3/30
128-191/26
2
12-15/30
5
16-23/29
10
96-111/28
50
07
8 15
16 23
24 - 31
Remaining
24 31
112 127
If we are using VLSM and Dynamic Routing then routing be compatible to VLSM. This
will happen only if Subnet masks are also sends in the routing updates.
Super Netting
Combining small N/w to create a large size N/w is called Super Network. Super netting is
mostly used to define route summarizations in routing tables. It is not used for the
implementation of large network.
170.10.0.0 170.00001010.00000000.00000000
170.11.0.0 170.00001011.00000000.00000000
IP Routing
When we want to connect two or more networks using different n/w addresses then we
have to use IP Routing technique. The router will be used to perform routing between the
networks. A router will perform following functions for routing.
(1) Path determination
(2) Packet forwarding
(1) Path determination
The process of obtaining path in routing table is called path determination. There are
three different methods to which router can learn path.
i) Automatic detection of directly connected n/w.
ii) Static & Default routing
iii) Dynamic routing
(2) Packet forwarding
It is a process that is by default enable in router. The router will perform packet
forwarding only if route is available in the routing table.
Routing Process
(i) The pc has a packet in which destination address is not same as the local n/w address.
(ii) The pc will send an ARP request for default gateway. The router will reply to the
ARP address and inform its Mac address to pc.
(iii) The pc will encapsulate data, in which source IP is pc itself, destination IP is server,
source Mac is pcs LAN interface and destination Mac is routers LAN interface.
R1
10.0.0.1
PC1 10.0.0.6
S. MAC
PC1
D. IP 172.16.0.5
S. IP 10.0.0.6
172.16.0.5
D. MAC
R1
The router will receive the frame, store it into the buffer. When obtain packet from the
frame then forward data according to the destination IP of packet. The router will obtain a
route from routing table according to which next hop IP and interface is selected
(iv) According to the next hop, the packet will encapsulated with new frame and data is
send to the output queue of the interface.
Static Routing
In this routing, we have to use IP route commands through which we can specify routes
for different networks. The administrator will analyze whole internetwork topology and
then specify the route for each n/w that is not directly connected to the router.
Steps to perform static routing
(1) Create a list of all n/w present in internetwork.
(2) Remove the n/w address from list, which is directly connected to n/w.
(3) Specify each route for each routing n/w by using IP route command.
Router(config)#ip route <destination n/w> <mask> <next hop ip>
Next hop IP it is the IP address of neighbor router that is directly connected our router.
Static Routing Example: Router#conf ter
Router(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2
AD
0
1
20
90
100
110
120
Default Routing
Default routing means a route for any n/w. these routes are specify with the help of
following syntax: Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop>
Or
<exit interface>
This type of routing is used in following scenario.
Scenario 1: Stub network
A n/w which has only one exit interface is called stub network.
ISP
200.100.100.11
172.16.0.5
R1
R2
10.0.0.0
Dynamic Routing
In dynamic routing, we will enable a routing protocol on router. This protocol will send
its routing information to the neighbor router. This protocol will send its routing
information to the neighbor router. The neighbors will analyze the information and write
new routes to the routing table.
The routers will pass routing information receive from one router to other router
also. If there are more than one path available then routes are compared and best path is
selected. Some examples of dynamic protocol are: RIP, IGRP, EIGRP, OSPF
Autonomous system
Autonomous system is the group of contiguous routers and n/w, which will share their
routing information directly with each other. If all routers are in single domain and they
share their information directly with each other then the size of routing updates will
depend on the no. of n/w present in the Internetwork. Update for each n/w may take 150
200 bytes information.
For example: - if there are 1000 n/ws then size of update will be
200*1000 = 200000 bytes
The routing information is send periodically so it may consume a large amount of
Exterior Routing
bandwidth in our n/w.
Border Routing
Interior Routing
AS 200
AS 400
Domain
Protocols
Interior Routing
RIP
IGRP
EIGRP
OSPF
Exterior Routing
BGP
EXEIGRP
AS 500
Bandwidth
Bandwidth is the speed of link. The path with higher bandwidth is preferred to send the
data.
Load
Load is the amount of traffic present in the interface. Paths with lower load and high
throughput are used to send data.
Reliability
Reliability is up time of interface over a period of time.
Delay
Delay is the time period b/w a packet is sent and received by the destination.
MTU Maximum Transmission Unit
It is the maximum size of packet that can be sent in a frame mostly MTU is set to 1500.
Configuring RIP
Router#conf ter
Router(config)#router rip
Router(config-router)#network <own net address>
Router(config-router)#network <own net address>
--------------------------Router(config-router)#exit
172.16.0.6
10.0.0.1
172.16.0.5
175.2.1.1
R1
200.100.100.12
Router(config-router)#network 10.0.0.0
Router(config-router)#network 172.16.0.0
Router(config-router)#network 200.100.100.0
175.2.0.0 via 172.16.0.6
Display RIP Routers
Router#sh ip route rip
R 192.168.75.0/24 [120/5] via 172.30.0.2 00:00:25 serial 1/0
RIP Dest. n/w mask AD Metric Next Hop Timer own Interface
RIP advanced configuration
Passive Interfaces
An interface, which is not able to send routing updates but able to receive routing update
only is called Passive Interface. We can declare an interface as passive with following
commands: Router#conf ter
Router(config)#router rip
Router(config-router)#Passive-interface <type> <no>
Router(config-router)#exit
Neighbor RIP
In RIP, by default routing updates are send to the address 255.255.255.255. In some
scenarios, it may be required to send routing updates as a unicast from router to another.
In this case, we have to configure neighbor RIP.
For example: - in a Frame Relay n/w the broadcast update is discarded by the switches,
so if we want to send RIP updates across the switches then we have to unicast updates
using Neighbor RIP.
Unicast 10.0.0.2
Frame Relay
Cloud
255.255.255.255
R1
10.0.0.1
R1
Router(config)#router rip
Router(config-router)#neighbor 10.0.0.2
10.0.0.2
R2
R2
Router(config)#router rip
Router(config-router)#neighbor 10.0.0.1
Configuring Timers
Router(config)#router rip
Router(config-router)#timers basic <update> <invalid> <hold down> <flush>
Router(config-router)#exit
Example: Router(conf)#timer basic 50 200 210 300
Update 50 sec
Invalid 200 sec
Hold 210 sec
Flush 300 sec
To change Administrative Distance
Router(config)#router rip
Router(config-router)#distance <value>
Router(config-router)#exit
95 or 100
To configure Load Balance
RIP is able to perform equal path cost Load Balancing. If multiple paths are available
with equal Hop Count for the destination then RIP will balance load equally on all paths.
Load Balancing is enabled by default 4 paths. We can change the no. of paths. It
can use simultaneously by following command: Router(config)#router rip
Router(config-router)#maximum-path <1-6>
To display RIP parameters
Router#sh ip protocol
Or
Router#sh ip protocol RIP
This command display following parameters: (i) RIP Timers
(ii) RIP Version
(iii) Route filtering
(iv) Route redistribution
(v) Interfaces on which update send
(vi) And receive
(vii) Advertise n/w
(viii) Passive interface
(ix) Neighbor RIP
(x) Routing information sources
(xi) Administrative Distance
RIP version 2
RIP version 2 supports following new features: (1) Support VLSM (send mask in updates)
(2) Multicast updates using address 224.0.0.9
(3) Support authentication
Commands to enable RIP version 2
We have to change RIP version 1 to RIP version 2. Rest all communication will remain
same in RIP version 2.
Router(config)#Router RIP
Router(config-router)#version 2
Router(config-router)#exit
To debug RIP routing
Router#debug ip rip
To disable debug routing
Router#no debug ip rip
Or
Router#no debug all
Or
Router#undebug all
Configuring IGRP
Router(config)#router igrp <as no>(1 65535)
Router(config-router)#network <net address>
Router(config-router)#network <net address>
Router(config-router)#exit
Configuring Bandwidth on Interface for IGRP
By default the router will detect maximum speed of interface and use this value as the
bandwidth metric for IGRP. But it may be possible that the interfaces and working at its
maximum speed then we have to configure bandwidth on interface, so that IGRP is able
to calculate correct method.
Router(config)#interface <type> <no>
Router(config-if)#bandwidth <value in kbps>
Router(config-if)#exit
Router(config)#interface serial 0
Router(config-if)#bandwidth 256
Router(config-if)#exit
Serial E1 modem
Serial E1
2048 k
2048 k
256 k
sync
Neighbor
Topology
11.0.0.1
R1 11.0.0.0 dc
13.0.0.2
12.0.0.0 dc
13.0.0.0 dc
Routing
R2 11.0.0.0
10.0.0.0
R3 13.0.0.0
14.0.0.0
15.0.0.0
16.0.0.0
R4 16.0.0.0
17.0.0.0
R5 18.0.0.0
19.0.0.0
20.0.0.0
14.0.0.0
R6
20.0.0.0
21.0.0.0
R6
19.0.0.0
20.0.0.0
R5
21.0.0.0
18.0.0.0
14.0.0.0
15.0.0.0
R3 13.0.0.0
16.0.0.0
17.0.0.0
R4
R1
11.0.0.0
12.0.0.0
R2
10.0.0.0
IP Routing
TCP/IP
Packet
type?
IPX/SPX
Appletalk
IPX Routing
Appletalk
Routing
Metric
Bandwidth
Load
Delay
Reliability
MTU
K
K1
K2
K3
K4
K5
Default value
1
0
1
0
0
All routers exchanging update with each other must have same AS no. and same K value.
To up the Ethernet without connect wire
Router(config)#int eth0
Router(config-if)#no keepalive
Router(config-if)#bandwidth 64
Router#clear ip route *
Hush routing table and again make it.
Router#sh ip eigrp topology
It shows topology database.
P-> passive->stable A->active->under updation
Router#sh ip eigrp neighbor
It shows neighbor table
Router#redistribute <protocol> ?
Metric also need to be modified
Debug IGRP
Router#debug ip igrp events
Its display info. On special event
Router#debug ip igrp transactions
It shows every update
Debug EIGRP
Router#debug ip eigrp
For full debug
Router#debug ip eigrp summary
For few debug
13.0.0.1
Area
Area is the group of routers & n/ws, which can share their routing information directly
with each other.
Adjacency
A router is called adjacency when neighbor relationship is established. We can also say
adjacency relationship is formed between the routers.
Area 0
br
br
abr
abr
ar
abr
ar
ar
ar
ar
ar
ar
Area 20
Area 70
Area 90
Area Router
A router, which has all interfaces member of single area, is called area router.
Backbone Area
Area 0 is called backbone area. All other areas must connect to the backbone area for
communication.
Backbone Router
A router, which has all interfaces members of area 0, is called backbone router.
Area Border Router
A router, which connects an area with area 0, is called area border router.
LSA Flooding in OSPF
If there are multiple OSPF routers on multi access n/w then there will be excessive no. of
LSA generated by the router and they can choke bandwidth of the network.
A
B
C
D
L
B
A
C
D
K
C
A
B
D
M
D
A
B
C
N
Neighbor
This problem is solved with the help of electing a router as designated router and backup
designated router.
Designated Router
A router with highest RID (router id) will be designated router for a particular interface.
This router is responsible for receiving LSA from non-DR router and forward LSA to the
all DR router.
Backup Designated Router
This router will work as backup for the designated router. In BDR mode, it will receive
all information but do not forward this information to other non-DR router.
wild mask
Area 20
200.100.100.2/24
215.1.13/24
Router(config)#router ospf 32
Router(config-router)#network 200.100.100.0 0.0.0.255 area 20
Router(config-router)#network 215.1.1.0 0.0.0.255 area 20
Router(config-router)#exit
Area 0
R1 200.100.100.33/30
200.100.100.34/30 R2
200.100.100.66/27
200.100.100.160/26
R1
Router(config)#router ospf 33
Router(config-router)#network 200.100.100.32 0.0.0.3 area 0
Router(config-router)#network 200.100.100.64 0.0.0.31 area 0
Router(config-router)#exit
R2
Router(config)#router ospf 2
Router(config-router)#network 200.100.100.32 0.0.0.3 area 0
Router(config-router)#network 200.100.100.128 0.0.0.63 area 0
Router(config-router)#exit
R1
200.100.100.5/30
R2
200.100.100.17/30
200.100.100.6/30
R3
200.100.100.18/30
200.100.100.230/27
200.100.100.38/28
200.100.100.161/28
R1
Router(config-router)#network 200.100.100.4 0.0.0.3
Router(config-router)#network 200.100.100.32 0.0.0.15
R2
Router(config-router)#network 200.100.100.4 0.0.0.3
Router(config-router)#network 200.100.100.160 0.0.0.15
Router(config-router)#network 200.100.100.16 0.0.0.3
R3
Router(config-router)#network 200.100.100.16 0.0.0.3
Router(config-router)#network 200.100.100.224 0.0.0.31
Configuring bandwidth on interface
If the actual bandwidth of interface is not equal to the maximum speed of interface then
we have to use bandwidth command to specify the actual bandwidth.
Router(config)#interface <type> <no>
Router(config-if)#bandwidth <speed>
Configuring logical interface for OSPF
By default the highest IP address of interface will be elected as Router id. If there is a
change in status of interface then router will reelect some IP as Router id. So if we create
logical interface, it will never go down and first preference give to the logical interface
for RID.
Command: Router(config)#interface loopback <no>
Router(config-if)#ip address 200.100.100.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#exit
Command to display OSPF parameter
Router#show ip protocol
Router#show ip ospf
Router#show ip ospf neighbor
Router#show ip ospf database (it shows RID of router)
Router#show ip ospf interfaces
LAN Switching
Ethernet switches are used in LAN to create Ethernet n/ws. Switches forward the traffic
on the basis of MAC address. Switches maintain a switching table in which mac
addresses and port no.s are used to perform switching decision. Working of bridge and
switch is similar to each other.
Classification of switches
Switches are classified according to the following criteria: -
Server
CORE
1 GBps
Distribution
Distribution
Distribution
100 MBps
Accesss
Accesss
Accesss
Accesss Point
(Hierarchal model)
After using hierarchal model the most of LAN problem will be solve but one problem
still remain same that is all pc s will be in single broadcast domain. We have to
implement following solution for this problem.
(1) Physical Segmentation
(2) Logical Segmentation
VLAN
Trunking
VTP
Inter VLAN
Pruning
Logical Segmentation of Network
To perform logical segmentation, we have to create VLAN in the network. With the help
of VLAN, we can logically divide the broadcast domain of the network.
ports
fa0/7
Trunking
When there are multiple switches then we have to use trunk links to connect one switch
with other. If we are not using trunk links then we have to connect one cable from each
vlan to the corresponding vlan of the other switch.
Normal: Vlan 1
In Trunking: -
Vlan 1,3,7
7
Trunk
Trunk
Switches will perform trunking with the help of frame tagging. The trunk port will send
data frames by adding a Vlan id information to the frame, at the receiving end vlan id
information is removing from the end and according to the tag data is delivered to the
corresponding vlan. There are two protocols to perform frame tagging.
(1) Inter switch link (cisco prop)
(2) IEEE 802.1 q
Configuring Trunking
In cisco switches all switch ports may be configured in three modes
(1) Trunk desirable (default)
(2) Trunk on
(3) Trunk off
Switch#conf ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport mode <trunk|access|auto>
Switch(config-if)#exit
on
off desirable
To configure Vlans allowed on Trunk
By default all Vlans are allowed on Trunk port. We can add/remove a partucular Vlan
from trunk port with following command
Switch#config ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport trunk allowed vlan all
Remove <vlan>
Add <vlan>
Except <vlan>
To display trunk interfaces
Switch#sh interface trunk
Switch#sh interface <type> <no> trunk
VTP Transparent
Transparent is a switch, which will receive and forward VTP update. It is able to create,
delete and modify Vlans locally. A transparent will not send its own VTP updates and
will not learn any information from received vtp update.
VTP Domain
VTP password
Vlan
1,3,5,10,20
VTP server
Vlan 1,3,5,10,20
Client
Client
Client
Client
Client
Client
VTP Transparent
Commands
Switch#conf ter
Switch(config)#vtp domain <name>
Switch(config)#vtp password <word>
Switch(config)#vtp mode <server|client|transparent>
Switch(config)#exit
By default in cisco switches the VTP mode is set as VTP server with no domain and no
password.
To display VTP status
Switch#sh vtp status
VTP Pruning
Pruning is the VTP feature through which a trunk link can be automatically disable, for a
particular Vlan if neighbor switch does not contain ports in that Vlan. Vlan1 is not prun
eligible.
Command to configure VTP Pruning
We have to use only one command on VTP server for VTP Pruning.
Switch#conf ter
Switch(config)#vtp pruning
Switch(config)#exit
Server
Vlan 1,3,5,7
Client
Vlan 1
Client
3
1 3 5 7
Client
1
Router
10.0.0.1
E0
E2
12.0.0.1
E1
11.0.0.1
Vlan1
T
Vlan3
T
Vlan5
T
1 3 5
1, 3, 5
1 3
N/w 10.x.x.x
Gateway 10.0.0.1
1 3 5
11.x.x.x
11.0.0.1
12.x.x.x
12.0.0.1
Router
Fa 0/0
Trunk
T
T
135
N/w 10.x.x.x
Gateway 10.0.0.1
Vlan 1, 3, 5
T
135135
11.x.x.x
11.0.0.1
Configuration on Router
Router#config ter
Router(config)#interface fastethernet 0/0
Router(config-if)#no ip address
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface fastethernet 0/0.1
Router(config-if)#encapsulation dot1q 1
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface fastethernet 0/0.2
Router(config-if)#encapsulation dot1q 3
Router(config-if)#ip address 11.0.0.1 255.0.0.0
12.x.x.x
12.0.0.1
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface fastethernet 0/0.3
Router(config-if)#encapsulation dot1q 5
Router(config-if)#ip address 12.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
Configuration on Core switch
(1) Configure switch as VTP server
(2) Create Vlans
(3) Configure interface connected to router as Trunk
(4) Configure interfaces connected to other switches as trunk (if required)
Configuration on Distribution layer switches
(1) Configure switch as VTP client
(2) Configure required interface as Trunk (optional)
(3) Add ports to Vlan
Configuration on Pc
Configure IP and Gateway
Switch
Switch
Spanning Tree Protocol will solve this problem by blocking the redundancy interface. So
that only one path will remain active in the switches. If the primary path goes down then
disabled link will become enable and data will be transferred through that path.
Working of STP
The STP will create a topology database in which one switch will be elected as Route
switch. Path cost is calculated on the basis of bandwidth. The lowest path cost link will
be enable mode and another path will be disable.
Route Switch
1 Gb
Switch
Switch
100 Mb
Switch
1 Gb
100 Mb
100 Mb
Switch
Lowest cost
(Disable)
STP terminology
(1) Bridge id
It is the combination of bridge priority and base mac address. In Cisco switches
default priority no. is 32768.
(2) Route Bridge
The Bridge/Switch with lowest Bridge id will become the Route Bridge. Route
Bridge is used as the center point for calculating path cost in topology.
(3) BPDU Bridging Protocol Data Units
It is the STP information, which is exchange between the switches to create topology
and path selection.
(4) STP port mode
An STP is enabled a port may be in one of the following mode.
(i) Listening: - in this mode a port will send/receive BPD.
(ii) Learning: - a port will learn mac address table.
(iii) Forwarding: - the port will forward data based on mac address table.
(iv) Blocking: - the port is block to send/receive data by Spanning Tree Protocol.
(v) Disable: - the port is administratively disabled.
Old IEEE
Cost
100
10
1
1
New IEEE
Cost
100
19
4
2
A Packet is received
No
The packet
is passed to
Routing
Engine
Yes
No
The packet
is dropped.
Yes
The packet
is passed to
RE
Yes
Is it
permit?
No
The packet
is dropped.
Single pc
host 192.168.10.5
192.168.10.5
192.168.10.5 0.0.0.0
N/w
200.100.100.0 0.0.0.255
any
Example: - 172.16.0.16 18 should not access Internet; rest of all other pc should access
Internet.
Internet
Router
172.16.0.1
172.16.x.x
Router#conf ter
Router(config)#access-list 30 deny 172.16.0.16
Router(config)#access-list 30 deny 172.16.0.17
Router(config)#access-list 30 deny 172.16.0.18
Router(config)#access-list 30 permit any
Router(config)#exit
Applying ACL on interface
Router#conf ter
Internet
Router
Router(config-std-nacl)#deny 172.16.0.18
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
To modify the ACL
Router#conf ter
Router(config)#ip access-list standard abc
Router(config-std-nacl)#no deny 172.16.0.17
Router(config-std-nacl)#exit
To control Telnet access using ACL
If we want to control telnet with the help of ACL then we can create a standard ACL and
apply this ACL on vty port. The ACL that we will create for vty will be permit deny
order.
Example: - suppose we want to allow telnet to our router from 192.168.10.5 &
200.100.100.30 pc.
Router#conf ter
Router(config)#access-list 50 permit 192.168.10.5
Router(config)#access-list 50 permit 192.168.10.30
Router(config)#access-list 50 deny
Router(config)#line vty 0 4
Router(config-line)#access-class 50 in
Router(config)#exit
<Source port>
<Destination port>
<Source>
<Destination>
no (1 to 65535) or
telnet/www/ftp etc.
Single pc
192.168.10.4 0.0.0.0
host 192.168.10.4
N/w
200.100.100.0 0.0.0.255
Subnet
172.30.0.32 0.0.0.7
All
Any
Router
200.100.175.x
Router
200.100.100.x
Router(config)#access-list 130 permit tcp any host 200.100.100.3 eq 80
Router(config)#access-list 130 permit tcp 200.100.175.0 0.0.0.255 200.100.100.4 0.0.0.0
Eq 21
Router(config)#access-list 130 permit icmp 200.100.175.80 0.0.0.0 any
Router(config)#access-list 130 permit tcp 200.100.175.80 0.0.0.0 any eq 23
Router(config)#access-list 130 permit udp any host 200.100.100.8 eq 53
Switches scrutinize all inbound ACLs applied to a certain interface and decide to
allow traffic through depending on whether the traffic is a good match to the ACL or not.
ACLs can also be used to control traffic on VLANs. You just need to apply a port ACL
to a trunk port.
Switch#conf ter
Switch(config)#mac access-list extended abc
Switch(config-ext-mac)#deny any host 000d.29bd.4b85
Switch(config-ext-mac)#permit any any
Switch(config-ext-mac)#do show access-list
Switch(config-ext-mac)#int f0/6
Switch(config-if)#mac access-group abc
Reflexive ACLs
These ACLs filter IP packets depending upon upper-layer session information, and they
often permit outbound traffic to pass but place limitations on inbound traffic. You can not
define reflexive ACLs with numbered or standard IP ACLs, or any other protocol ACLs.
They can be used along with other standard or static extended ACLs, but they are only
defined with extended named IP ACLs.
Time-Based ACLs
In this you can specify a certain time of day and week and then identity that particular
period by giving it a name referenced by a task. The reference function will fall under
whatever time constraints you have dictated. The time period is based upon the routers
clock, but it is highly recommended that using it in conjunction with Network Time
Protocol (NTP) synchronization.
Router#conf ter
Router(config)#time-range no-http
Router(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00
Router(config-time-range)#exit
Router(config)#time-range tcp-yes
Router(config-time-range)#periodic weekend 06:00 to 12:00
Router(config-time-range)#exit
Router(config)ip access-list extended time
Router(config-ext-nacl)#deny tcp any any eq www time-range no-http
Router(config-ext-nacl)#permit tcp any any time-range tcp-yes
Router(config-ext-nacl)#interface f0/0
Router(config-if)#ip access-group time in
Router(config-if)#do show time-range
Remarks
Remarks are the comments or remarks regarding the entries you have made in both your
IP Standard and Extended ACLs.
Router#conf ter
Router(config)#access-list 110 remark <remark words>
permit rahul from admin only to sale
Router(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255
Router(config)#access-list 110 deny ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255
Router(config)#ip access-list extended no_telnet
Router(config-ext-nacl)#remark deny all of finance from telnetting to sale
Router(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.20.0 0.0.0.255 eq 23
Router(config-ext-nacl)#permit ip any any
Router(config-ext-nacl)#do show run
Point-to-Point
Circuit Switching
Packet Switching
Leased line
ISDN
Frame Relay
MLLN
PSTN
X.25
Radio Link
For 2 locations
Unlimited
Maximum
Factors to be considered while selecting a WAN technology
(1) No. of locations
(2) Hours of connectivity
(3) Speed
(4) Cost (Bandwidth + Distance)
(5) Reliability
Cell Switching
ATM
Maximum
FCS Flag
WAN Encapsulation
WAN encapsulation is used to convert a packet into frame and transfer data to WAN
links, Different type of encapsulation are designed for different WAN technologies. The
general format of WAN encapsulation is: Flag
FH
Packet
FT
HDLC
PPP
LAPB
LAPD
AAL5
V.35
RS 232
EIA/TIA 530
Line
Line
2 wire TP
Or
4 wire TP
DB-60
Smart Serial
Serial
Router
eth
Router
RJ-45
* Distance depends on modems & mostly
up to 10-15 kms.
Mux
Exchange
Modem
Mux
Modem
Line
Local Loop
Local Loop
Line
Modem
V.35
RS 232, EIA/TIA 530
R
Modem
SS, DB-60
MLLN
MUX
Exchange
MLLN
MUX
MLLN
Modem
MLLN
Modem
Router
Router
V.35
RS 232
EIA 530
Antenna
Radio
Modem
Radio
Modem
DB-60
Smart Serial
Router
Router
Radio
Modem
ODU
UTP or
Coaxial
Router
Radio
Modem
IDU
Radio
Modem
IDU
Router
Line
4 Wire
1 ------2 ------- Loop 1
3
4 ------- Loop2
5 ------ 6
7
8
2 Wire
1
2
3
4 ------- Signal
5 ------6
7
8
172.16.0.1
172.16.0.2
192.168.5.1
10.0.0.1
WAN Encapsulation
Two routers interfaces in Point-to-Point WAN must required to have same WAN
encapsulation. Two types of WAN encapsulation are supported in this type of network.
(1) HDLC
(2) PPP
HDLC
PPP
Same Manufacturer
PPP
Different Manufacturer
By default, Cisco routers will use Cisco HDLC encapsulation. We can change
encapsulation by following command: Router#conf ter
Router(config)#interface <type> <no>
Router(config-if)#encapsulation ppp|hdlc
HDLC
High Level Data Link Control
HDLC is the modified form of SDLC (Synchronous Data Link Control). SDLC was
developed by IBM for router to main frame communication. HDLC is modified for
router-to-router communication. Most of manufacturer has developed their proprietary
HDLC protocol. So HDLC from one manufacturer is not compatible for other.
HDLC encapsulation is designed for Point-to-Point router communication. In
HDLC no addressing is required, but still all station address is used in encapsulation.
HDLC provides only basic features and error checking for the frame.
PPP Point-to-Point Protocol
PPP is an open standard WAN protocol that can be used in Point-to-Point and circuit
switching networks. PPP provides various advantages as compared to HDLC. PPP has
following special features: (1) Authentication
(2) Multi Link
(3) Compression
(4) Call Back
PPP at OSI layer
A
P
S
T
N
Lan, Wan Protocols
TCP/IP
IPX/SPX
PPP
DL
HDLC
LAPB
EE 8023 ARPA
Network
D
A NCP
T ------------------A
LCP
L
I -------------------N
K HDLC
PPP
Physical
Three Phases of PPP
(1) Link Control Protocol (LCP)
This protocol negotiates the basic feature of PPP. It exchanges the parameter and
option to be used with link. LCP supported features are: Authentication, Compression, Multi link & Call back
(2) Authentication Phase - optional
In this phase authentication is performed with peers with the help of one of the
following protocol.
(i) Password Authentication Protocol
(ii) Challenge Handshake Authentication Protocol
(iii) Microsoft CHAP
(iv) Shiva PAP (clear text)
(3) Network Control Protocol Phase (NCP)
In this phase parameters for routed protocol are established. In NCP, there is one
module for each routered protocol.
IPCP for TCP/IP
IPXCP for IPX/SPX (internetwork packet exchange/sequenced packet exchange)
CDPCP for CDP etc.
Configuring Authentication in PPP
Example: Router 1
S0
Router 1
Router#config ter
Router(config)#int serial 0
Router(config-if)# encapsulation ppp
Router(config-if)# ppp authentication chap
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#hostname chd
Router(config)#username ldh password net123
Router(config)#exit
Router 2
Router#config ter
Router(config)#int serial 1
Router(config-if)#encapsulation ppp
Router(config-if)#ppp authentication chap
Router(config-if)#ip address 10.0.0.2 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#hostname ldh
Router(config)#username chd password net123
Router(config)#exit
Router 2
S1
Advantage of NAT
There are two reasons due to which we use NAT: (1) Conserve Live IP address
On Internet, there are limited no of IP addresses. If our Pc wants to communicate on
Internet then it should have a Live IP address assigned by our ISP. So that IP address
request will depend on no. of PCs that we want to connect on Internet. Due to this, there
will be a lot of wastage in IP addresses. To reduce wastage, we can share live IP
addresses between multiple PCs with the help of NAT.
(2) NAT enhances the network security by hiding PC & devices behind NAT.
Internet
10.0.0.6
10.0.0.1
Switch
10.0.0.7
10.0.0.8
10.0.0.5
200.100.100.12
1080
10.0.0.6
200.100.100.12
1085
NAT
200.100.100.12
10.0.0.7
200.100.100.12
1024
Port Translation
1100
10.0.0.8
200.100.100.12
1024
Types of NAT
Static NAT
This NAT is used for servers in which one Live IP is directly mapped to one Local IP.
This NAT will forward on the traffic for the Live IP to the Local PC in the n/w.
Static NAT
200.1.1.5 = 192.168.10.6
Internet
Router
Live 200.1.1.5
Local 192.168.10.6
Internet
Router
Web
192.168.10.6
DNS
192.168.10.7
Internet
Router
Web Server
DNS
Full access
172.16.0.5 172.16.0.6 172.16.0.7
172.16.X.X