Developing a Networking model using Cisco related technologies

Developed by: Sneha Shah Prasenjit Saha Krishnendu Saha Milan Patra

Certificate
This is to certify that Prasenjit Saha , a student of 3rd year, Electronics & Communication Engineering Department , St. Thomas College of Engineering and Technology, has undertaken and successfully completed the project. The working model of the project was verified and found to be in accordance with the following project report.

Mr. Tariq Ahmed

NetComms Solutions 41- Syed Amir Ali Avenue Beck Bagan Crossing Calcutta 700019

Aim:
To develop 2 LAN models and to integrate them over WAN to illustrate how data flows from one business location to another .

Technologies to be applied :
i. Routing protocol( EIGRP /OSPF) ii. DHCP Software based to be installed on Windows XP/Windows 7 iii. IPv4 based Addressing iv. VLAN v. Mitigation of basic Security Threats vi. Access Control List(ACLs)

Abstract:

Two LANs are to be developed at 2 sites . let the first site be Kolkata and the second site be Delhi. We need to develop a LAN at Kolkata and another LAN at Delhi. Kolkata LAN consists of a switch , and 4 hosts attached to it. Delhi LAN consists of a switch and a server attached to it Since it is not possible to develop this network in real scenario owing to limitations of resources and authority, the simulated environment is created in

Netcomms office with the available resources and a small model of network is created. Here we have developed 2 LANs and have used 2 routers in order to make them communicate. It is assumed that one of the routers is in Kolkata and the other one is in Delhi Physical connections of the network: All hosts are connected to the switch via Ethernet interfaces using Ethernet cables. Similarly both the switches are connected to their respective routers via an Ethernet cable. The 2 routers are connected via a cross cable through serial interface. A console cable connects RS232 port of one of the hosts to the host of the router. This host is the only host which can access router using Hyper-terminal. DHCP software installation The IP Addresses of machines attached to Kolkata router lie in 192.168.1.0 series .and the IP Addresses of machine attached to Delhi lies in 10.0.0.0 series. In order to assign IP Addresses to machines, DHCP software is installed in one of the machine .

 DHCP stands for Dynamic Host Configuration Protocol . It dynamically allocates IP Addresses from the server on which DHCP software is installed , to the hosts from a pool of addresses set by the Administrator itself . There are many DHCP software available for Windows XP/7 and Some of them are : 1) Alax.Info DHCP Server 2) Antamedia Server 3) DHCP Server v3

One of the DHCP Servers :

Router and switch configuration Routers and switches at Kolkata and Kelhi are assigned names Kolkata and Delhi respectively. Next step is to configure routing protocols in both the router. EIGRP and OSPF protocols are configured. EIGRP provides a back-up path in case of failure of OSPF.

VLAN configuration : A Vlan is created and 2 of the machines are put in this Vlan . Machines in this Vlan can communicate only among themselves . They cannot communicate with other machines of this network .

Security of Network : To make networks more secure, Passwords are assigned . In order to prevent unauthorized computers from accessing network, Port Security is provided. In this

project, with the help of Port Security only one computer is authorized to access one port of the switch. This is done by binding the Physical MAC address of the desired computer to the port. In order to deny the 1st host from accessing the router, TELNET is disabled in that host using Access Lists. Ping (ICMP) function is also disabled in this host. Similarly , to deny the protocol FTP and HTTP in 2nd host, FTP and HTTP is disabled in this host .

Basic requirements of the project:

a. SITE 1 CISCO 2600 ROUTER b. CISCO 3550(48 port Switch) c. SITE 2-CISCO 2550 ROUTER d. CISCO 2950(24 port Switch) e. LAN WIRES AND CONNECTORS f .FOUR COMPUTERS AND ONE SERVER

Implementation of network :
A. All physical connections are done . B. DHCP software Installation :
Antamedia DHCP installer/DHCP Server 1.1 is installed in one of the machines.

DHCP Server 1.1 : Step 1: Run installer AlaxInfoDhcpServerSetup.msi Step 2: Open the installed application

Step 3: Double click on the application icon on the system tray Step 4: Select enable under Status Step 5: Under Network tab set the pool of first and last IP address Step 6: For Adapter IP address Step 6.1: Go to control panel Network and Internet View network status and task change adapter setting Local Area connection Step 6.2: Right click on local area connection and go to properties Step 6.3: Go to TCP/Ipv4 Step 6.4: Set IP address for the PC manually and set default gateway as 192.168.1.1 Step 7: Go to Options tab Step 8: Set router gateway as 192.168.1.1 Step 9: DHCP is now configured for usage Here the 1st ip address of the pool is assigned as 192.168.1.10 And the last address is assigned as 192.168.1.100 As a result DHCP allots the ip addresses to all the machines under Kolkata router. The first machine gets an ip address- 192.168.1.10 The second machine gets an ip address- 192.168.1.20 The third machine gets an ip address- 192.168.1.30 The fourth machine gets an ip address- 192.168.1.40

C. Configuration of Routers :
Now routers need to be configured. To configure the routers, following steps are undertaken in the hosts connected by console port to each router

 Start-> all programs-> accessories-> communications-> Hyper-terminal Hyper-terminal Parameters : 1. Establishing the connection

2. Setting the port as COM1

3. Restore the port parameters to default

Now on clicking on ok, a window appears. All the commands are entered in this window.

. Assigning names to Routers :

To assign host name to the Kolkata router,
Router>en Router#config terminal Router(config)#hostname Kolkata

Similarly to assign host name to Delhi router,

Router>en Router#config terminal Router(config)#hostname delhi

. Routing protocol Configuration :

1. OSPF configuration : a. Configure OSPF on Kolkata router :
Place the serial interface and Ethernet interface in area 0 .

Kolkata>en

Kolkata#config terminal Kolkata(config)#router ospf 5 Kolkata(config-router)#network 1.0.0.0 0.255.255.255 area 0 Kolkata(config-router)#network 192.168.1.0 0.0.0.255 area 0

b. Configure OSPF on Delhi router :

Place serial interface and Ethernet interface in area 0
Delhi>en Delhi#config terminal Delhi(config)#router ospf 5 Delhi(config-router)#network 1.0.0.0 0.255.255.255 area 0 Delhi(config-router)#network 10.0.0.0 0.255.255.255 area 0

2. EIGRP configuration :
- Use AS Number 10
- Disable auto summarization

Configure EIGRP on Kolkata router :

Kolkata>en Kolkata#config terminal Kolkata(config)#router eigrp 10 Kolkata(config-router)#network 192.168.1.0 Kolkata(config-router)#network 1.0.0.0

Kolkata(config-router)# no auto-summary Kolkata(config-router)#exit

b. Configure EIGRP on Delhi router :

Delhi >en Delhi#config terminal Delhi(config)#router eigrp 10 Delhi(config-router)#network 10.0.0.0 Delhi(config-router)#network 1.0.0.0 Delhi(config-router)# no auto-summary Delhi(config-router)#exit

Routing table of Kolkata router is :

Since EIGRP has lower administrative distance than OSPF , EIGRP is currently the working protocol because of lower Administrative Distance compared to OSPF .

D. Configuration of switches:
To assign names to Kolkata and delhi switches: Kolkata :
SW3550>en SW3550#config terminal SW3550(config)# hostname Kolkata SW3550>en SW3550#config terminal SW3550(config)# hostname Delhi

Delhi :

E. VLAN configuration :
A Vlan is created in Kolkata site and the name Management is given to it. 3rd and 4th machines are put in this vlan . These machines are in the port number 29 and port number 30 of the switch respectively.
Kolkata>en

Kolkata#config terminal Kolkata(config)#VLAN 10 Kolkata(config-vlan)#name Management Kolkata(config-vlan)#exit Kolkata(config)#interface range Fa0/29-30 Kolkata(config-if-range)#switchport mode access Kolkata(config-if-range)#switchport access VLAN 10 Kolkata(config-if-range)#exit

F. Security!
Port security:In order to make switch ports secure , Port Security in shutdown mode is assigned to all the switch ports . port security is configured in both the switches.
Kolkata>en Kolkata#config terminal Kolkata(config)#interface Fa0/8 Kolkata(config-if)#switchport mode access Kolkata(config-if)#switchport port-security

Kolkata(config-if)#switchport port-security macaddress sticky Kolkata(config-if)#switchport port-security maximum 1 Kolkata(config-if)#switchport port-security violation shutdown Kolkata(config-if)#exit Kolkata(config)#exit Kolkata#show port-security

Similarly all ports of switches are assigned port security. If any other machine tries to access a secured port, security violation occurs. Security Violation Table :

Password assignment:
Console password assignment : Kolkata>en Kolkata#config termina Kolkata(config)#line console 0 Kolkata(config-line)#login Kolkata(config-line)#password cisco123 Virtual terminal password assignment : Kolkata>en Kolkata#config terminal Kolkata(config)#line vty 0 4 Kolkata(config-line)#login Kolkata(config-line)#password cisco123

Enable password : Kolkata>en Kolkata#config terminal

Kolkata(config)#enable password cisco123

Content of startup-configuration as viewed after password assignments:

Access lists:
Access lists allows some of the protocols to some of the PCs and other protocols to other PCs. Prevent telnet from 1st host to Web Server :

Kolkata>en Kolkata#config terminal Kolkata(config)#access-list 120 deny tcp host

192.168.1.10 host 192.168.1.1 eq 23 Kolkata(config)#access-list 120 permit ip any any Kolkata(config)#interface Fa0/0 Kolkata(config-if)#ip access-group 120 in Kolkata(config-if)#exit Kolkata(config)#exit Kolkata#show access-lists
As viewed from Hyper-terminal :

Prevent ICMP(ping) from 1st host to Web Server :

Kolkata>en Kolkata#config terminal

Kolkata(config)#access-list 120 deny icmp host 192.168.1.10 any echo Kolkata(config)#access-list 120 deny icmp host 192.168.1.10 any echo reply Kolkata(config)#access-list 120 permit ip any any Kolkata(config)#interface Fa0/0 Kolkata(config-if)#ip access-group 120 in Kolkata(config-if)#exit Kolkata(config)#exit Kolkata#show access-lists

From Hyper terminal :

 Prevent ftp from 2nd host to Web Server : Kolkata>en Kolkata#config terminal Kolkata(config)#access-list 110 deny tcp host 192.168.1.20 host 10.0.0.20 eq 20 Kolkata(config)#access-list 110 deny tcp host 192.168.1.20 host 10.0.0.20 eq 21 Kolkata(config)#access-list 110 permit ip any any Kolkata(config)#interface Fa0/0 Kolkata(config-if)#ip access-group 110 in

Prevent http from 2nd host to Web Server : Kolkata(config)#access-list 110 deny tcp host 192.168.1.10 host 10.0.0.20 eq 80 Kolkata(config)#access-list 110 permit ip any any Kolkata(config)#interface Fa0/0

Kolkata(config-if)#ip access-group 110 in Kolkata(config-if)#exit Kolkata(config)#exit Kolkata#show access-lists

As seen from web browser of third host :

Startup-configuration is a file which stores all the configurations of the network The content of startup-config can be viewed by the command : Kolkata# show startup-config

Testing of developed wan network

All the physical connections are checked Ping :ping is a command which is used to check
if the machines in the network are communicating with each other.

Eg. In the command window of one of the host Ping 192.168.1.10 is typed the following result is obtained.

This shows that machines are communicating with each other.

Routing tables of both the Routers are checked

Eg. This window shows that routing tables are not working properly.

Hence physical connection are checked and existing errors are fixed.

Blocking of TELNET :
Since we blocked one of the hosts from telnet, checking can be done to see if the blocking is working properly. This can be done from command window of the blocked host

Blocking of HTTP :
Since we blocked one of the hosts from http, checking can be done to see if the blocking is working properly.

This can be done from the browser of the blocked host

http site as viewed from the browser of the blocked host

HTTP site as viewed from the browser of host other than the blocked host .

References
1. CCNA Study Guide by Todd Lammle 2. Cisco Packet Tracer 5.3.3 (for Simulation of the topology)