Lab Manual -Network Design Case Study

8/13/2019 Lab Manual -Network Design Case Study

1/143

CASE STUDY 1: ANALYZING THE PERFORMANCE OF VARIOUS

CONFIGURATIONS AND PROTOCOLS IN LAN.

1.1. Establishi! a L"#al A$%a N%t&"$' (LAN)

The main objective is to set up a Local Area Network,concepts involved in this network are IP addressingand the Address Resolution Protocol (ARP! The re"uired e"uipment#s are $%&!$'!$!$ ,$%&!$'!$!&,$%&!$'!$!),*ost A *ost + *ost , -witch.*/+, three P0s e"uipped with at least one NI, one */+ or-witch and the necessar1 cables! 2nce the ph1sical LAN is set up the hosts need to be con3igured usingthe i3con3ig command! To veri31 communication among the machines the ping command is used! Ne4t, tomanipulate the routing tables at the hosts to understand how machines know where to send packets! -incethe i3con3ig command places a de3ault route into the routing tables this route must be deleted! to blind3oldthe machine! The ping command is used again to show that communication is no longer available! To re5establish communication the routes are put back into the routing table one host at a time! ommunication ionce again veri3ied using the ping command!

RE*UIREMENTS:

$! ) 6indows P or ) Linu4 P, 7ach P must *ave 2ne NI cards!

&! $ -witch ( port or $ *ub!)! ) -traight Line LAN(cat58 ables with R95:8 -ockets!:! Power suppl18! lass IP Address! using -tatic IP con3iguration!'! +asic Network on3iguration ommands! ;or -witch and Ps!


2/143

PHYSICAL CONNECTIONS :

PC-1 IP ADDRESS :

PC- IP ADDRESS :
http://4.bp.blogspot.com/-VXtaJSOPDzg/UiqEW_xIu5I/AAAAAAAAA7w/XGjBOiCaFh0/s1600/PC1.PNGhttp://1.bp.blogspot.com/-pcbEcOd2_pg/UiqFBV-F0lI/AAAAAAAAA8I/HsMadW3vBSo/s1600/sw.PNG


3/143

PC-/ IP ADDRESS :

VIE0 THE S0ITCH MAC ADDRESS TALE :
http://2.bp.blogspot.com/-UswW7fFrFdg/UiqE5aaM_LI/AAAAAAAAA8A/OK9CL6B-1sM/s1600/pc3.PNGhttp://3.bp.blogspot.com/-cxCDB1ycCjI/UiqEgpjnhlI/AAAAAAAAA74/lkY-QzPiUHs/s1600/PC2.PNG


4/143

C"22a3 Li% Vi%&:S&it#h4sh"& 2a#-a33$%ss-tabl%

G$a+hi#al Vi%& :

ARP Tabl% F"$ S&it#h :

ARP is La1er & to La1er ) mappingB i3 our switches are La1er & and pings are on the same network, thereis no arp cash on switches!

PING PC 1 - PC :

+i! command is a Network /tilit1 ommand! ping tools use Internet ontrol @essage Protocol (I@P!ping used to veri31 the connection between source P to ?estination P!

#:4+i! 15.167.1./
http://3.bp.blogspot.com/-pgjMBVSgDKY/UiqH53IITNI/AAAAAAAAA8U/deJENb5SLeE/s1600/mac.PNGhttp://3.bp.blogspot.com/-zB168delRPc/UiqJNO8xQiI/AAAAAAAAA8o/7lOf3VLgnuY/s1600/mac.PNG


5/143

PING PC 1 - PC /

#:4+i! 15.167.1./

OSI LAYER ARCHITECTURE :
http://2.bp.blogspot.com/-DXu119lWf0Q/UiqZvQNyiDI/AAAAAAAAA84/ReEiK928AMo/s1600/ping+pc1-pc3.PNGhttp://2.bp.blogspot.com/-_bxhjigo61Q/UiqH6_eL21I/AAAAAAAAA8c/IeJIUHwMAg0/s1600/ping.PNG


6/143

INPUT PROTOCOL DATA UNIT (PDU):
http://3.bp.blogspot.com/-edGGSQYQeOs/UiqZ7LmsPDI/AAAAAAAAA9A/YdvDQcnRG8U/s1600/osi+layer.PNG


7/143

OUTPUT PROTOCOL DATA UNIT (PDU):
http://2.bp.blogspot.com/-VmZjLWWcVgY/UiqalMyD9bI/AAAAAAAAA9I/4bTWU1KOInY/s1600/in+protocol.PNG


8/143

RESULT:

Thus the 74periment 6as on3igured -uccess3ull1!

1.. C"%#ti! t&" LANs 8si! 28lti-$"8t%$ t"+"l"!9 &ith stati#

$"8t%s :

The main objective is to e4tend routing connection b1 using multiple routers! The concepts include IPaddressing and basic network routing principles! onnect two LANs topolog1! ?uring router con3iguration
http://4.bp.blogspot.com/-Uwn_iGJICz0/Uiqall2au_I/AAAAAAAAA9Q/32FMmVs8aYY/s1600/ou+pdu.PNG


9/143

attention is paid to the t1pes o3 inter3aces as additional issues are involved with set5up! ;or e4ample, theserial inter3aces re"uire clocking mechanisms to be set correctl1! 2nce the inter3aces are working the pingcommand is used to check 3or communication between LANs! The 3ailure o3 communication illustrates theneed 3or routes to be established inside the routing in3rastructure! -tatic routes are used to show how

packets can be transported through an1 reasonable route! It is run trace route on two di33erentcon3igurations to demonstrate the implementation o3 di33erent routes!

RE*UIREMENTS:

$! : 6indows P or : Linu4 P, 7ach P must *ave 2ne NI cards!&! & -witch ( port or & *ub!)! ' -traight Line LAN(cat58 ables with R95:8 -ockets!:! Power suppl18! lass IP Address! using -tatic IP con3iguration!'! +asic Network on3iguration ommands! ;or Router,-witch and Ps!

$)! iew the ARP Address Table!$:! view the Routing Table!



10/143

Ph1sical onnection

ROUTER R1 CONFIGURATION

RouterCRouterCcon3igure terminal7nter con3iguration commands, one per line! 7nd with NTL.D!Router(con3ig5i3Cip address $%&!$'!$!$ &88!&88!&88!=Router(con3igCinter3ace -erial=.=.=Router(con3ig5i3Cip address $%&!$'!)!$ &88!&88!&88!=

Router(con3ig5i3C

SET THE CLOC RATE

Router(con3igCinter3ace serial=.=.=Router(con3ig5i3Cclock rate E-peed (bits per second $&==&:==:==%'==$%&==):==

8'===':===


11/143

:======F)==5:======G hoose clockrate 3rom list above

Router(con3ig5i3Cclock rate


12/143

Router(con3ig5routerCnetwork $%&!$'!&!=Router(con3ig5routerCnetwork &=!=!=!=

PC CONFIGURATION:

P5$Gipcon3ig;ast7thernet= onnection(de3ault port

Link5local IPv' Address!!!!!!!!! ;7=&7=;;;;7+$+:IP Address!!!!!!!!!!!!!!!!!!!!!! $%&!$'!$!&-ubnet @ask!!!!!!!!!!!!!!!!!!!!! &88!&88!&88!=?e3ault Jatewa1!!!!!!!!!!!!!!!!! $%&!$'!$!$

P5&Gipcon3ig;ast7thernet= onnection(de3ault portLink5local IPv' Address!!!!!!!!! ;7=&'=&;;;;7'$+)


13/143

KKspanning5tree mode pvstKKK

Kinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=duple4 autospeed autoKinter3ace ;ast7thernet=.$no ip addressduple4 autospeed autoshutdownKinter3ace -erial=.=.=

ip address $%&!$'!)!$ &88!&88!&88!=Kinter3ace -erial=.=.$no ip addressKinter3ace lan$no ip addressshutdownKrouter ripnetwork &=!=!=!=network $%&!$'!$!=

Kip classlessip route $%&!$'!&!= &88!&88!&88!= $%&!$'!)!&KKKKKKKline con =Kline au4 =

Kline vt1 = :loginKKKend

RouterCcop1 running5con3ig startup5con3ig?estination 3ilename startup5con3igME+uilding con3iguration!!!2>M


14/143

RouterC

ROUTER R RUNNING CONFIGURATION:

RouterGenableRouterCshow running5con3ig+uilding con3iguration!!!

urrent con3iguration


15/143

network $%&!$'!&!=Kip classlessip route $%&!$'!$!= &88!&88!&88!= $%&!$'!)!$KK

KKKKKline con =Kline au4 =Kline vt1 = :loginKK

KendRouterCcop1 running5con3ig startup5con3ig?estination 3ilename startup5con3igME+uilding con3iguration!!!2>MRouterC

ROUTER R1 ROUTE TALE:


16/143

RouterCsh ip route

ROUTER R ROUTE TALE:

RouterCsh ip route

SHO0 R1 ROUTER ARP TALE:

SHO0 R ROUTER ARP TALE:
http://1.bp.blogspot.com/-kG7MXHCYhpM/UisIA5JxiMI/AAAAAAAAA-I/EHz0_ImFsPQ/s1600/arpr1.PNGhttp://3.bp.blogspot.com/-x2oxWuYYR-o/UisHWQRYYEI/AAAAAAAAA-A/Nc0GBDNl6z8/s1600/ip+route.PNGhttp://4.bp.blogspot.com/-AuiSv_23TuI/UisHU64jtfI/AAAAAAAAA94/-O6CjSeKvds/s1600/ip+route1.PNG


17/143

SHO0 PC ARP TALE:

OSI LAYER ARCHITECTURE:

R1 ROUTER
http://4.bp.blogspot.com/-rFD1R8cJe_4/UisJActzkNI/AAAAAAAAA-o/wCjcPCUaOGM/s1600/set+clock.PNGhttp://1.bp.blogspot.com/-_jz08mmdJDA/UisIxJf-uzI/AAAAAAAAA-g/BV2EgRWUb9M/s1600/arp2.PNGhttp://1.bp.blogspot.com/-bKquL3aAgSI/UisIvM3i0xI/AAAAAAAAA-Y/qB8vHHJvDrM/s1600/arp.PNGhttp://1.bp.blogspot.com/-mGOPZspvI_M/UisICe1XsVI/AAAAAAAAA-Q/H2xqwqmbCiE/s1600/arpr2.PNG


18/143

R ROUTER
http://1.bp.blogspot.com/-K_qFCY_Bj0g/UisV7wzOB4I/AAAAAAAAA-4/wVNFkMhLqac/s1600/R1OSI.PNG


19/143

INPUT PROTOCOL DATA UNIT (PDU):
http://4.bp.blogspot.com/-PEbi5Ncwdt0/UisWmt_-cVI/AAAAAAAAA_A/ZC8oc9gCAdM/s1600/R2OSI.PNG


20/143

OUTPUT PROTOCOL DATA UNIT (PDU):
http://1.bp.blogspot.com/-CQStjkoRWYk/UisXMoBjjUI/AAAAAAAAA_M/_fpBUYQtfak/s1600/R1PDU.PNG


21/143

OUT PUT:

cGping $%&!$'!&!&
http://1.bp.blogspot.com/-nuGDj8StWXg/UisXWRbMYZI/AAAAAAAAA_U/7eo-aUE5iFo/s1600/R1OPDU.PNG


22/143

cGping $%&!$'!$!)

RESULT:

Thus the 74periment 6as on3igured -uccess3ull1!

1./ Aal9;i! th% +%$,"$2a#% ",


23/143

2riginal TP versus the above modi3ied one To compare the per3ormance between the operation o3 TPwith congestion control and the operation o3 TP as implemented ! The main objective is 3or students toe4amine how TP responds to a congested network! The concepts involved in the lab include networkcongestion and the host responsibilities 3or communicating over a network! This lab re"uires three Psconnected to a switch!2ne P is designated as the target host and the other two Ps will trans3er a 3ile3rom the target host using ;TP! A load is placed on the network to simulate congestion and the 3ile is

trans3erred, 3irst b1 the host using the normal TP and then b1 the host using the modi3ied version! Thisprocedure is per3ormed multiple times to determine average statistics! The students are then asked tosummariOe the results and draw conclusions about the per3ormance di33erences and the underl1ingimplications 3or hosts operating in a network environment!

RE*UIREMENTS2ne Linu4(3edora irtual P!Two 6indows(4p irtual P!one 6indows < P with @ware 6orkstation

;TP Application la1er protocolTP Transport la1er protocolInternet onnection@ware 6orkstation %!=!&6ireshark5win)&5$!$=!=rc$lass IP Address!

FILE TRANSFER PROTOCOL

;ile Trans3er Protocol (;TP is the standard mechanism provided b1 TP.IP 3or cop1ing a 3ile 3rom onehost to another!
http://2.bp.blogspot.com/-WbtrTK7R_w0/Uj7XxoxbxOI/AAAAAAAABAQ/4qwk2ZE_nQU/s1600/1.jpg


24/143

PROCEDURE:

-tart the ) virtual machine one b1 one!

0INDO0S =P VIRTUAL PC-1
http://2.bp.blogspot.com/-NOtosI0uE9A/Uj7YR0JfiJI/AAAAAAAABBk/90wkUdY5xVQ/s1600/2.jpg


25/143

0INDO0S =P VIRTUAL PC-
http://3.bp.blogspot.com/-lR2ErbP8_eQ/Uj7ZYXTO-wI/AAAAAAAABDE/TlwvuC3DQPE/s1600/3.jpg


26/143

LINU= VIRTUAL PC
http://3.bp.blogspot.com/-UIHunud7SsY/Uj7brtz8IRI/AAAAAAAABEI/BXEsG9TApJA/s1600/4.jpg


27/143

@ake the Internet onnectivit1 to 1our -1stemLog in to Linu4 virtual @achineLog in to 6indows P irtual @achine2pen The terminal window on 1our Linu4 machine!

L"! i t" $""t 8s%$ a##"8t
http://4.bp.blogspot.com/-sDOHo4a8oTQ/Uj7cM04EzaI/AAAAAAAABEg/AMtTKgV7BxE/s1600/5.jpg


28/143

Assi! th% I+ a33$%ss 15.167.1.>

C i3con3ig

Istall th% VSFTPD ,t+ s%$


29/143

GRAPHICAL MODE INSTALLATION

P"&%$ " th%


30/143

Sta$t th%


31/143

Eabl% Li8? Ma#hi% Fi$%&all

C setup7nable ;TP protocol into 1our 3irewall con3iguration window!
http://1.bp.blogspot.com/-3Pdyb6ANqWc/Uj8J32N3-rI/AAAAAAAABLk/4gyexN_3NX4/s1600/IPTABLES.PNG


32/143

0i3"&s =P PC-1 I+ A33$%ss

Assign the IP Address to 1our 3irst windows P P $%&!$'!$!& c.Gipcon3ig

Assign The IP Address to 1our second windwos P P $%&!$'!$!)
http://2.bp.blogspot.com/-P5IDgWkdTqk/Uj7sfiph79I/AAAAAAAABGI/Z_haeKVAf4A/s1600/8.jpghttp://4.bp.blogspot.com/-Nh-xc6egZ_Y/Uj7r5Fwx-fI/AAAAAAAABGA/A66Qe4Nd8W0/s1600/11.jpg


33/143

FTP SERVER CONFIGURATION:

7dit the 3tp server con3iguration 3ile! C vi .etc.vs3tpd.vs3tpd!con3

Ma'% s"2% #ha!%s a3 a33 s"2% li%s t" 9"8$


34/143
http://1.bp.blogspot.com/-LleSpGVOY4Y/Uj7ukB1YOuI/AAAAAAAABG4/lMncMluXsc0/s1600/17.jpghttp://1.bp.blogspot.com/-jHmkcH9HFY8/Uj7ufLtSJiI/AAAAAAAABGo/6paB1XA7mzQ/s1600/16.jpg


35/143
http://4.bp.blogspot.com/-zM85OdnCesk/Uj7uizQuWJI/AAAAAAAABGw/3mW_stZG2tk/s1600/19.jpghttp://3.bp.blogspot.com/-H1CMji0878g/Uj7uXsU12DI/AAAAAAAABGg/Bsn8xK-tTT0/s1600/18.jpg


36/143

A33 th% 8s%$ a2%s t" #h$""t@list ,il%

C vi .etc!vs3tpd!chrootQlist

A33 9"8$ 8s%$ a2% ,%3"$a
http://1.bp.blogspot.com/-mMLYoa-8V30/Uj7uvGE_uwI/AAAAAAAABHI/NE88k-KblzE/s1600/21.jpghttp://2.bp.blogspot.com/-jxtwmrnMIIs/Uj7up8MKNSI/AAAAAAAABHA/EakQ_g2DWTY/s1600/20.jpg


37/143

R%sta$t th%


38/143

S%t th% ""l%a


39/143

R%sta$t th% FTP S%$


40/143

3tpG recv sample 3iles has been success3ull1 copied!
http://3.bp.blogspot.com/-opMa03buXa8/Uj740Vpd-AI/AAAAAAAABJc/n4fnzOnYp38/s1600/27.jpg


41/143

Past% th% ,il%s

VIE0 THE FILE CONTENT:
http://4.bp.blogspot.com/-mzitKSlchew/Uj76Xk6mQQI/AAAAAAAABJ4/A7ZWI0hnniA/s1600/34.jpghttp://2.bp.blogspot.com/-rhgc8aw3EQ8/Uj75YoO9wWI/AAAAAAAABJk/nkFKMbyoB6o/s1600/33.jpg


42/143

GUI MODE :

O+% It%$%t E?+l"$%$

T1pe the 3ollowing te4t on Address bar! 3tp..$%&!$'!$!8
http://2.bp.blogspot.com/-KKXOZiebKoE/Uj76IqMyu5I/AAAAAAAABJw/rBL3jJE0Kwo/s1600/35.jpg


43/143

Et%$ li8? 2a#hi% 8s%$-a2% a3 +ass&"$3 ,$" l"!i
http://1.bp.blogspot.com/-lURspNlK6G4/Uj73Ey1tQoI/AAAAAAAABIw/NPEcZ2ZL2dM/s1600/28.jpg


44/143

Y"8$ Li8? Ma#hi% has% b% "+%%3 " 9"8$ &%b b$"&s%$

i3 u want an1 3ile 3rom 1our linu4 machine
http://4.bp.blogspot.com/-ox2iKi0nPCs/Uj77lFSLfaI/AAAAAAAABKE/OJRQWrVijnc/s1600/29.jpg


45/143

COPY THE FILE

-elect the 3ile!op1 -elected 3ile!Paste on 1our windows P ?esktop
http://1.bp.blogspot.com/-bqmFEGLlcMw/Uj78KazFMDI/AAAAAAAABKM/J8Vbya3MsFo/s1600/30.jpg


46/143

PASTE THE FILE

VIE0 THE FILE CONTENT
http://2.bp.blogspot.com/-v6keHPHaLjk/Uj78cnM9dYI/AAAAAAAABKc/Ze4fGt-moVI/s1600/32.jpghttp://3.bp.blogspot.com/--vm26JsAJa8/Uj78UaXV29I/AAAAAAAABKU/JRZVHv5Ruxs/s1600/31.jpg


47/143

TCP PROTOCOL ANALYZING

2pen 6ire5shark application select the inter3ace !-tart the capture button!
http://1.bp.blogspot.com/-CYUl8dDdCEg/Uj79oTJ2TAI/AAAAAAAABKo/zgjqJHNFblY/s1600/35.jpg


48/143

All the incoming and outgoing in3ormation are captured!-ave 1our 6ire5shark capture 3ile!

iew the 6ire5shark capture 3ile and Anal1Oing 1our TP protocol in3ormation#s and congestion#s!
http://1.bp.blogspot.com/-BxozsMQXUQQ/Uj8AGvTVqmI/AAAAAAAABK8/JVLSULdEGz4/s1600/37.jpghttp://3.bp.blogspot.com/-89nLELv8JT0/Uj7_yQWm8dI/AAAAAAAABK0/7KxRQli9aPo/s1600/36.jpg


49/143

This application ver1 use 3ull 3or protocol Anal1Oing!

0IRE SHAR DISPLAY MY FTP LOGIN USER NAME AND PASS0ORD
http://3.bp.blogspot.com/-6bkrtcijDUM/Uj8ANhob7uI/AAAAAAAABLE/TtolcrmmTH8/s1600/39.jpghttp://1.bp.blogspot.com/-IxqyGu8MdXs/Uj8AXgH8rSI/AAAAAAAABLU/vxJknfmDaQY/s1600/38.jpg


50/143

CLOSE THE FTP CONNECTION

/sing "uit command 3or close the ;TP connection!shutdown 1our virtual PCS

RESULT:

Thus the e4periment was e4ecute success3ull1!
http://1.bp.blogspot.com/-NpGWNmSvNiA/Uj8ATVIlaII/AAAAAAAABLM/6F2aNShOVzM/s1600/40.jpghttp://1.bp.blogspot.com/-HTgRWqK1sGM/UkER6Ax7ksI/AAAAAAAABL0/y96tYsb5ywU/s1600/FTP+PASSWORD.png


51/143

CASE STUDY B: CONFIGURING A FIRE 0ALL


52/143

onsider a ;ire wall communication server with single inbound modem! on3igure the modem to ensuresecurit1 3or LAN

0hat is Fi$%&all

A 3irewall is a la1er o3 securit1 between 1our home network and the Internet! -ince a router or modem isthe main connection 3rom a home network to the Internet, a 3irewall is o3ten packaged with those devices!7ver1 home network should have a 3irewall to protect its privac1! 3irewalls are a combination o3 hardware

and so3tware The hardware part gives 3irewalls e4cellent per3ormance, while the so3tware part allows3irewalls to be tailored to 1our speci3ic needs!

Fi$%&all R8l%s :;irewall rules block or allow speci3ic tra33ic passing through 3rom one side o3 the router to the other!Inbound rules (6AN to LAN restrict access b1 outsiders to private resources, selectivel1 allowing onl1speci3ic outside users to access speci3ic resources! 2utbound rules (LAN to 6AN determine what outsideresources local users can have access to! A 3irewall has two de3ault rules, one 3or inbound tra33ic and one3or outbound! The de3ault rules o3 the modem router are

1. Ib"83

. O8tb"83

INOUND RULES :

+lock all access 3rom outside e4cept responses to re"uests 3rom the LAN side

OUTOUND RULES :Allow all access 3rom the LAN side to the outside!

NOTE :

Sou can de3ine additional rules that will speci31 e4ceptions to the de3ault rules! +1 adding custom rules,1ou can block or allow access based on the service or application, source or destination IP addresses, andtime o3 da1! Sou can also choose to log tra33ic that matches or does not match the rule 1ou have de3ined!
http://1.bp.blogspot.com/-G0tLSCNWL7Q/UkXCUeh9kuI/AAAAAAAABME/xyfN8J4wjyQ/s1600/Firewall.png


53/143

HO0 TO 0OR FIRE0ALL :
http://3.bp.blogspot.com/-jhSIOvV4AiM/UkXEL8JSEpI/AAAAAAAABMY/fdUQRGFzDNE/s1600/firewall.jpg


54/143

HO0 TO PROTECT OUR NET0OR FROM THE HACER ATTACS :

FIRE0ALL CARTOON LOGO :
http://1.bp.blogspot.com/-zpHPI-hKHa4/UkXEO9GREdI/AAAAAAAABMg/_Sba4I404NE/s1600/firewall1.gif


55/143

RE*UIREMENTS :

$! isco Packet Tracer '!=!$&! ) P windows or Linu4 P#s

)! 2ne -witch or *ub:! 2ne ?-L @odem8! 2ne Application -erver'! ommunication hannels

PROCEDURE :

o 2pen The I-2 PA>7T TRA7R so3tware!
http://3.bp.blogspot.com/-eqbV74mBqzI/UkXEEI4ARkI/AAAAAAAABMQ/Yn4b6elHI0M/s1600/cartoon-firewall-md.png


56/143

o ?raw The Three P using 7nd ?evice Icons!

o ?raw The I-2 &: Port -witch /sing -witch icon lists!

o ?raw The ?-L modem using 6AN 7mulation Icon!

o ?raw The loud Icon using 6AN 7mulation Icon!

o ?raw The -erver using 7nd ?evice Icons!

o @ake the cable connectivit1!

o 7nter The IP Address To 7ach @achine (-erver and P#s!o heck the IP address 3or 7ver1 P using ipcon3ig or i3con3ig ommand!

o heck The onnections using Ping ommands!


SERVER IP ADDRESS :

-7R7RGipcon3ig;ast7thernet= onnection(de3ault portLink5local IPv' Address!!!!!!!!! ;7=&=$');;;7+$:&%IP Address!!!!!!!!!!!!!!!!!!!!!! $


57/143

?e3ault Jatewa1!!!!!!!!!!!!!!!!! =!=!=!=

PC-/ IP ADDRESS :

PGipcon3ig;ast7thernet= onnection(de3ault port

Link5local IPv' Address!!!!!!!!! ;7=&%=&$;;;7+?A8IP Address!!!!!!!!!!!!!!!!!!!!!! $


58/143

PC- IP ADDRESS :

PC-/ IP ADDRESS :
http://3.bp.blogspot.com/-3Q4zqFO2YFg/UkXMTXnqd0I/AAAAAAAABNE/wj-Vx52NBkQ/s1600/PC2.PNGhttp://2.bp.blogspot.com/-tzQQFO71e-Q/UkXMSSRgyeI/AAAAAAAABM8/vj3w2RcIeAk/s1600/PC1.PNG


59/143

EFORE THE FIRE0ALL CONFIGURATION :

I@Pping command is a Network /tilit1 ommand! ping tools use Internet ontrol @essage Protocol (I@P!ping used to veri31 the connection between source P to ?estination P!

PING ET0EEN 0AN PC TO SERVER USING ICMP PROTOCOL :

ping was success3ul between the -erver and Remote P!

HTTP

2pen the an1 P web +rowser t1pe the server IP address in address bar! ( http..$


60/143

AFTER THE FIRE0ALL CONFIGURATION :

6e use ;irewall Inbound Rules! +lock all access 3rom outside e4cept responses to re"uests 3rom the LANsideN"t% :

I D%9 ICMP +$"t"#"l S%$


61/143

I All"& TCP +$"t"#"l S%$


62/143

0%b Pa!% #a A##%ss s8##%ss,8l

RESULT :

Thus the ;irewall 74periment was on3igured -uccess3ull1!
http://1.bp.blogspot.com/-1wJKkMwYBcU/UkXWz2PUSkI/AAAAAAAABOQ/I5WYjeg1W-M/s1600/after+tcp.PNG


63/143


64/143

CASE STUDY : RIP AND OSPF R%3ist$ib8ti"

This case stud1 addresses the issue o3 integrating Routing In3ormation Protocol (RIP networks with

2pen -hortest Path ;irst (2-P; networks! @ost 2-P; networks also use RIP to communicate with hosts

or to communicate with portions o3 the inter5network that do not use 2-P;! This case stud1 should

provide e4amples o3 how to complete the 3ollowing phases in redistributing in3ormation between RIP and

2-P; networks, including the 3ollowing topics

on3iguring a RIP Network

Adding 2-P; to the enter o3 a RIP Network

Adding 2-P; Areas

-etting /p @utual Redistribution


RIP AND OSPF R%3ist$ib8ti"

@ost 2-P; networks also use RIP to communicate with hosts or to communicate with portions o3 the

inter5network that do not use 2-P;! isco supports both the RIP and 2-P; protocols and provides a wa1

to e4change routing in3ormation between RIP and 2-P; networks!
http://2.bp.blogspot.com/-lfGqi2tg6ck/UlAJhh-hy4I/AAAAAAAABPo/fFeB0Cg4Z4k/s1600/RIP+AND+OSPF.PNG


65/143

RE*UIREMENTS:

$! I-2 $:$ @odel : Routers!

&! Two port switchs!

)! Two 7nd ?evice P#s

:! ommunication medias (-erial able and copper straight through cable!

8! lass IP Address!'! Routing Protocols (RIP and 2-P;!

! isco Packet Tracer '!=!$!e4e

%! Power suppl1!

PROCEDURES :

C",i!8$i! a RIP N%t&"$'

A RIP network illustrates a RIP network! ;our sites are connected with s%$ial li%s!The RIP network uses

a Class Caddress!7ach site has a contiguous set o3 network numbers

ROUTER R NET0OR CONFIGURATION:

inter3ace ;ast7thernet=.=

ip address $%&!$'!)!$ &88!&88!&88!=

duple4 auto

speed auto

K

inter3ace -erial=.=.=

ip address $%&!$'!&!& &88!&88!&88!=

K

inter3ace -erial=.=.$

ip address $%&!$'!:!& &88!&88!&88!=

K

router rip

network $%&!$'!&!=

network $%&!$'!)!=

network $%&!$'!:!=

ROUTER R/ NET0OR CONFIGURATION:


ip address $%&!$'!$!& &88!&88!&88!=

Kinter3ace -erial=.=.$

ip address $%&!$'!&!$ &88!&88!&88!=

K

ROUTER R1 NET0OR CONFIGURATION:

K


ip address $%&!$'!8!& &88!&88!&88!=

K


66/143


ip address $%&!$'!:!$ &88!&88!&88!=

K

ROUTER R NET0OR CONFIGURATION:

Kinter3ace ;ast7thernet=.=

ip address $%&!$'!'!$ &88!&88!&88!=

duple4 auto

speed auto

K


ip address $%&!$'!$!$ &88!&88!&88!=

K


ip address $%&!$'!8!$ &88!&88!&88!=

K

A33i! OSPF t" th% C%t%$ ", a RIP N%t&"$' :

A common 3irst step in converting a RIP network to 2-P; is to add backbone routers that run both RIP

and 2-P;, while the remaining network devices run RIP! These backbone routers are 2-P; autonomous

s1stem boundar1 routers! 7ach autonomous s1stem boundar1 router controls the 3low o3 routing

in3ormation between 2-P; and RIP

ROUTER R/ OSPF CONFIGURATION:

K

router osp3 $

network $%&!$'!$!= =!=!=!&88 area =

K

ROUTER R1 OSPF CONFIGURATION:

K

router osp3 $

network $%&!$'!8!= =!=!=!&88 area =

K

A33i! OSPF A$%as :

ROUTER R OSPF CONFIGURATION:router osp3 $

network $%&!$'!$!= =!=!=!&88 area =

network $%&!$'!'!= =!=!=!&88 area $

K

S%tti! U+ M8t8al R%3ist$ib8ti" :


67/143

MUTUAL REDISTRIUTION

@utual redistribution between RIP and 2-P; networks is running both 2-P; and RIP!

R1 ROUTER MUTUAL REDISTRIUTION :

router osp3 $

log5adjacenc15changes

redistribute rip subnets

network $%&!$'!8!= =!=!=!&88 area =

K

router rip

redistribute osp3 $ metric $=

network $%&!$'!:!=

R/ ROUTER MUTUAL REDISTRIUTION :

router osp3 $



network $%&!$'!$!= =!=!=!&88 area =

K

router rip


network $%&!$'!&!=

NOTE:

I 74plain The basic concept o3 RIP AN? 2-P; Redistribution! I3 1ou want @ore Advanced RIP AN?

2-P; Redistribution oncept!

ROUTER R1 RUNNING CONFIGURATION FILE :

K

version $&!:

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password5encr1ption
http://1.bp.blogspot.com/-ojlWED5cvAQ/UlBTvA_PEmI/AAAAAAAABP4/iS5Drcdx3jo/s1600/MUTUAL+REDISTRIBUTION.PNG


68/143

K

hostname Router

K

spanning5tree mode pvst

K

inter3ace ;ast7thernet=.=no ip address

duple4 auto

speed auto

shutdown

K

inter3ace ;ast7thernet=.$

no ip address

duple4 auto

speed auto

shutdown

K


ip address $%&!$'!8!& &88!&88!&88!=

K


ip address $%&!$'!:!$ &88!&88!&88!=

K

inter3ace lan$

no ip address

shutdown

K

router osp3 $



network $%&!$'!8!= =!=!=!&88 area =

K

router rip


network $%&!$'!:!=

K

ip classless

Kline con =

K

line au4 =

K

line vt1 = :

login

K

end


69/143

ROUTER R RUNNING CONFIGURATION FILE :

K

version $&!:



no service password5encr1ptionK

hostname Router

K


K


ip address $%&!$'!'!$ &88!&88!&88!=

duple4 auto

speed auto

K


no ip address

duple4 auto

speed auto

shutdown

K


ip address $%&!$'!$!$ &88!&88!&88!=

K


ip address $%&!$'!8!$ &88!&88!&88!=

K

inter3ace lan$

no ip address

shutdown

K

router osp3 $


network $%&!$'!$!= =!=!=!&88 area =

network $%&!$'!'!= =!=!=!&88 area $

K

router ripK

ip classless

K

line con =

K

line au4 =

K

line vt1 = :

login


70/143


71/143

line con =

K

line au4 =

K

line vt1 = :

loginK

end

ROUTER R RUNNING CONFIGURATION FILE :

K

version $&!:




K

hostname Router

K


K


ip address $%&!$'!)!$ &88!&88!&88!=

duple4 auto

speed auto

K


no ip address

duple4 auto

speed auto

shutdown

K


ip address $%&!$'!&!& &88!&88!&88!=

K


ip address $%&!$'!:!& &88!&88!&88!=

K

inter3ace lan$no ip address

shutdown

K

router rip

network $%&!$'!&!=

network $%&!$'!)!=

network $%&!$'!:!=

K

ip classless


72/143

K

line con =

K

line au4 =

K

line vt1 = :login

K

end

PING ET0EEN 15.167.6. TO 15.167./. :

PING ET0EEN 15.167./. TO 15.167.6. :
http://4.bp.blogspot.com/-ifwewjfwKBQ/UlBa0ZXuAxI/AAAAAAAABQI/is-BhxVolVg/s1600/ping+192.168.3.2.PNG


73/143

ROUTING TALE :

;or a isco router, the I2- command sh"& i+ $"8t%displa1s the routes in the routing table! There are

several t1pes o3 routes that can appear in the routing table

Di$%#tl9-C"%#t%3 R"8t%s:

6hen the router powers up, the con3igured inter3aces are enabled! As the1 become operational, the router

stores the directl1 attached local network addresses as connected routes in the routing table! ;or isco

routers, these routes are identi3ied in the routing table with the +$%,i? C! These routes are automaticall1

updated whenever the inter3ace is recon3igured or shutdown!

Stati# R"8t%s:A network administrator can manuall1 con3igure a static route to a speci3ic network! A static route does

not change until the administrator manuall1 recon3igures it! These routes are identi3ied in the routing table

with the +$%,i? S!

D9a2i#all9-U+3at%3 R"8t%s (D9a2i# R"8t%s) :

?1namic routes are automaticall1 created and maintained b1 routing protocols! Routing protocols are

implemented in programs that run on routers and that e4change routing in3ormation with other routers in

the network! ?1namicall15updated routes are identi3ied in the routing table with the pre3i4 that

corresponds to the t1pe o3 routing protocol that created the route, 3or e4ample Ris used 3or the Routing

In3ormation Protocol (RIP!

D%,a8lt R"8t% :

The de3ault route is a t1pe o3 static route which speci3ies a gatewa1 to use when the routing table does not

contain a path to use to reach the destination network! It is common 3or de3ault routes to point to the ne4t

router in the path to the Internet -ervice Provider! I3 a subnet has onl1 one router, then that router is

automaticall1 the de3ault gatewa1, because all network tra33ic to and 3rom that local network has no option

but to travel through that router!

RIP:

It is a distance vector routing protocol!
http://1.bp.blogspot.com/-tlFFwh662vM/UlBbDJ114_I/AAAAAAAABQQ/6Q_H26X8mfA/s1600/ping+192.168.6.2.PNG


74/143

send the complete routing table out to all inter3ace ever1 )= seconds!

Rip onl1 use hop count to determine best wa1 to remote Network!

@a4imum allowable hop count is $8

OSPF:

2pen -hortest Path ;irst (2-P; is a non5proprietar1 link5state routing protocol described in R; &)&!identi3ied in the routing table with the +$%,i? O !

/ses the -P; algorithm to calculate the lowest cost to a destination

-ends routing updates onl1 when the topolog1 changesB does not send periodic updates o3 the

entire routing table!

Provides 3ast convergence

-upports L-@ and discontiguous subnets

Provides route authentication

RESULT :

Thus the 74periment 6as con3igured -uccess3ull1!

CASE STUDY 6 : DEFINING ACCESS LISTS
http://3.bp.blogspot.com/-SGgmSFLLEl4/UlBdACtM9_I/AAAAAAAABQc/iJdeMk9a_LM/s1600/1.PNG


75/143

Access lists de3ine the actual tra33ic that will be permitted or denied, whereas an access groupapplies an access list de3inition to an inter3ace! Access lists can be used to den1 connections that are

known to be a securit1 risk and then permit all other connections, or to permit those connections that areconsidered acceptable and den1 all the rest! ;or 3irewall implementation, the latter is the more securemethod! In this case stud1, incoming email and news are permitted 3or a 3ew hosts, but ;TP, Telnet, andrlogin services are permitted onl1 to hosts on the 3irewall subnet! IP e4tended access lists (range $== to

$%% and transmission control protocol (TP or user datagram protocol (/?P port numbers are used to3ilter tra33ic! 6hen a connection is to be established 3or email, Telnet, ;TP, and so 3orth, the connectionwill attempt to open a service on a speci3ied port number! Sou can, there3ore, 3ilter out selected t1pes o3connections b1 den1ing packets that are attempting to use that service! An access list is invoked a3ter arouting decision has been made but be3ore the packet is sent out on an inter3ace! The best place to de3inean access list is on a pre3erred host using 1our 3avorite te4t editor! Sou can create a 3ile that contains theaccess5list commands, place the 3ile (marked readable in the de3ault T;TP director1, and then networkload the 3ile onto the router!

0HAT IS ACCESS CONTROL LIST

2ne o3 the most common methods o3 tra33ic 3iltering is the use o3 access control lists (ALs! ALs canbe used to manage and 3ilter tra33ic that enters a network, as well as tra33ic that e4its a network!An AL ranges in siOe 3rom one statement that allows or denies tra33ic 3rom one source, to hundreds o3

statements that allow or den1 packets 3rom multiple sources! The primar1 use o3 ALs is to identi31 thet1pes o3 packets to accept or den1!ACLs i3%ti,9 t$a,,i# ,"$ 28lti+l% 8s%s s8#h as:

-peci31ing internal hosts 3or NAT

Identi31ing or classi31ing tra33ic 3or advanced 3eatures such as o- and "ueuing

Restricting the contents o3 routing updates

Limiting debug output

ontrolling virtual terminal access to routers

Th% ,"ll"&i! +"t%tial +$"bl%2s #a $%s8lt ,$"2 8si! ACLs:

The additional load on the router to check all packets means less time to actuall1 3orward packets

Poorl1 designed ALs place an even greater load on the router and might disrupt network usage!

Improperl1 placed ALs block tra33ic that should be allowed and permit tra33ic that should beblocked!


76/143

TYPES OF ACCESS CONTROL LIST :

1.Sta3a$3 ACLs

The -tandard AL is the simplest o3 the three t1pes! 6hen creating a standard IP AL, the ALs 3ilterbased on the source IP address o3 a packet! -tandard ALs permit or den1 based on the entire protocol,such as IP! -o, i3 a host device is denied b1 a standard AL, all services 3rom that host are denied! Thist1pe o3 AL is use3ul 3or allowing all services 3rom a speci3ic user, or LAN, access through a router while

den1ing other IP addresses access! -tandard ALs are identi3ied b1 the number assigned to them! ;oraccess lists permitting or den1ing IP tra33ic, the identi3ication number can range 3rom $ to %% and 3rom$)== to $%%%!

.E?t%3%3 ACLs

74tended ALs 3ilter not onl1 on the source IP address but also on the destination IP address, protocol,and port numbers! 74tended ALs are used more than -tandard ALs because the1 are more speci3ic and

provide greater control! The range o3 numbers 3or 74tended ALs is 3rom $== to $%% and 3rom &=== to&'%%!

/.Na2%3 ACLs

Named ALs (NALs are either -tandard or 74tended 3ormat that are re3erenced b1 a descriptive namerather than a number! 6hen con3iguring named ALs, the router I2- uses a NAL subcommand mode!
http://4.bp.blogspot.com/-y8YvMTiuKYk/Ula2ZyOjj2I/AAAAAAAABTY/0ZIkKsBWLBk/s1600/ACCESS+LIST.PNG


77/143

1. STANDARD ACL CONFIGURATION :

It is the basic level o3 Access control List con3iguration techni"ue! it permit and den1 the remotehosts to on 1our network!

RE*UIREMENTS:

isco $:$ model router

2ne switch

2ne dedicated server

;ive 6indows or Linu4 P#s

ooper -traight Through able

ooper ross over cable

lass IP Address and lass A IP Address

+asic Router Inter3ace on3iguration ommands!

+asic -tandard AL on3iguration ommands

Ping ommand

isco Packet Tracer '!=!=!e4e

PROCEDURE :

$! 2pen The I-2 PA>7T TRA7R so3tware!&! ?raw The ;I7 P using 7nd ?evice Icons!)! ?raw The I-2 &: Port -witch /sing -witch icon lists!:! ?raw The I-2 R2/T7R /sing router icon lists!

8! @ake The onnections using -traight5Through 7thernet ables and ross 2ver ables!'! 7nter The IP Address To 7ach @achine Like P, Router and -erver!


78/143

PHYSICAL CONNECTION :

-TAN?AR? A7-- LI-T
http://4.bp.blogspot.com/-8K8LSSq75Yk/UlbBO0MOcqI/AAAAAAAABT0/w-fIlZkgdhA/s1600/STANDARD+ACCESS+LIST.PNG


79/143

IP ADDRESS FOR EACH MACHINES :

PC-1 IP ADDRESS :

PC- IP ADDRESS :

PC-/ IP ADDRESS :
http://1.bp.blogspot.com/-BA6cTxhU6Dw/UlbDTsV3GlI/AAAAAAAABUQ/YKu4vyYZfwk/s1600/PC2.PNGhttp://4.bp.blogspot.com/-ySPHeX8quUM/UlbDRx7rxOI/AAAAAAAABUA/xR5yJbnpMzg/s1600/PC1.PNG


80/143

PC- IP ADDRESS :

PC-> IP ADDRESS :
http://2.bp.blogspot.com/-Od_LTCZ7gZo/UlbDVpDApPI/AAAAAAAABUY/zX96FLwRmAQ/s1600/PC4.PNGhttp://2.bp.blogspot.com/-RScuhp593b8/UlbDSWkNNtI/AAAAAAAABUI/neibI357Ypg/s1600/PC3.PNG


81/143

ROUTER R1 FAST ETHERNET INTERFACE AND INTERFACE 1 IP ADDRESS :

OUTSIDE NET0OR SERVER IP ADDRESS :
http://3.bp.blogspot.com/-GWAfY07cJfY/UlbF4QDW6sI/AAAAAAAABWE/qRcdNr4McKs/s1600/R1+IP.PNGhttp://4.bp.blogspot.com/-dMC_q2FA0b4/UlbDXQ4i7UI/AAAAAAAABUg/FY4MlAWypsI/s1600/PC5.PNG


82/143

CHEC THE NET0OR CONNECTIVITY USING PING COMMAND EFORE THE

STANDARD ACCESS LIST CONTROL CONFIGURATION :

PING PC-1 TO SERVER :

PING PC- TO SERVER :
http://3.bp.blogspot.com/-Z-ECdkYC4UE/UlbDY44q5QI/AAAAAAAABU0/IW1TfCJGHIo/s1600/PING+PC1.PNGhttp://1.bp.blogspot.com/-Ihv-ViYnzjY/UlbG1h4UhTI/AAAAAAAABWM/jAZ--Cb0gcA/s1600/SERVER.PNG


83/143

CONFIGURE THE STANDARD ACCESS LIST CONTROL LIST:

N26 I ?7NS T*R77 R7@2T7 P A7-- P7R@I--I2N! IN @S R2/T7R R$! *7R7A;T7R *7> T*7 PINJ 2NN7TIITS +7T677N P ),:,8 T2 -7R7R! ping 6A-/N -/7--;/L +7A/-7 I +L2> T*7 P ), :, 8 R7/7-T!

PING PC-/ TO SERVER :

PING PC- TO SERVER :
http://4.bp.blogspot.com/-YYOQZAyoIpo/UlbDa3kuTpI/AAAAAAAABU8/dEknm_RLvHs/s1600/PING+PC3.PNGhttp://3.bp.blogspot.com/-WwMAkCR6IhE/UlbKdLAZyWI/AAAAAAAABWc/RlSG3BY12Yw/s1600/ACL.PNGhttp://4.bp.blogspot.com/-N31-orELuqo/UlbDYuv0sDI/AAAAAAAABUw/3WJXTUkkNa4/s1600/PING+PC2.PNG


84/143

PING PC-> TO SERVER :

RI ROUTER RUNNING CONFIGURATION :

Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionKhostname RouterK

spanning5tree mode pvstKKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=ip access5group $$ induple4 autospeed autoKinter3ace ;ast7thernet=.$ip address $=!$=!$=!$= &88!=!=!=
http://3.bp.blogspot.com/-cfiYVDBWteE/UlbDfDbDhsI/AAAAAAAABVM/NVUPLmHFT3Q/s1600/PING+PC5.PNGhttp://3.bp.blogspot.com/-tPw0zgah188/UlbDcR0u_jI/AAAAAAAABVE/TNdzcqa0Nco/s1600/PING+PC4.PNG


85/143

duple4 autospeed autoKinter3ace lan$no ip addressshutdown

Kip classlessKKaccess5list $$ den1 host $%&!$'!$!'access5list $$ den1 host $%&!$'!$!8access5list $$ den1 host $%&!$'!$!:access5list $$ permit an1KKline con =Kline au4 =

Kline vt1 = :loginKKend

R1 ROUTER ROUTING TALE :

. E=TENDED ACL :

74tended ALs 3ilter not onl1 on the source IP address but also on the destination IP address, protocol,and port numbers! 74tended ALs are used more than -tandard ALs because the1 are more speci3ic and
http://3.bp.blogspot.com/-f26jnwlKiNo/UlbDf560xeI/AAAAAAAABVU/B7U4a6qZUdM/s1600/R1+ROUTING.PNG


86/143

provide greater control! The range o3 numbers 3or 74tended ALs is 3rom $== to $%% and 3rom &=== to&'%%!

RE*UIREMENTS :

$! 2ne isco &%'= switch or other comparable switch&! Two isco $:$ or e"uivalent routers, each with a serial and an 7thernet inter3ace

)! Three 6indows5based Ps, at least one with a terminal emulation program, and all set up as hosts:! At least one R95:85to5?+5% connector console cable to con3igure the routers and switch8! Three straight5through 7thernet cables'! 2ne crossover 7thernet cable

PROCEDURE :

$! onnect the -erial =.=.= inter3ace o3 Router $ to the -erial =.=.= inter3ace o3 Router & using aserial cable!

&! onnect the ;a=.= inter3ace o3 Router $ to the ;a=.$ port o3 -witch $ using a straight5throughcable!

)! onnect a console cable to each P to per3orm con3igurations on the routers and switch!:! onnect *ost $ to the ;a=.) port o3 -witch $ using a straight5through cable!8! onnect *ost & to the ;a=.& port o3 -witch $ using a straight5through cable!

'! onnect a crossover cable between *ost ) and the ;a=.= inter3ace o3 Router &!PHYSICAL CONNECTIONS :

P%$,"$2 basi# #",i!8$ati" " R"8t%$ 1

Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ption

Khostname R$Kspanning5tree mode pvstKit%$,a#% FastEth%$%t

i+ a33$%ss 15.167.1.1 >>.>>.>>.

i+ a##%ss-!$"8+ 11 i

duple4 autospeed autoK
http://1.bp.blogspot.com/-ap7e8oXlKj8/UlcKGlLxjuI/AAAAAAAABWs/0nCX-aXyJSg/s1600/EACL.PNG


87/143

inter3ace ;ast7thernet=.$no ip addressduple4 autospeed autoshutdownK

it%$,a#% S%$iali+ a33$%ss 15.167.1>.1 >>.>>.>>.

i+ a##%ss-!$"8+ 11 i

Kinter3ace -erial=.=.$no ip addressshutdownKinter3ace lan$no ip addressshutdownKrouter rip

network $%&!$'!$!=network $%&!$'!$8!=Kip classlessKa##%ss-list 11 +%$2it i+ h"st 15.167.>.1 h"st 15.167.1>.1

a##%ss-list 11 +%$2it i+ h"st 15.167.>.1 h"st 15.167.1.1

a##%ss-list 11 3%9 i+ a9 h"st 15.167.1>.1

a##%ss-list 11 3%9 i+ a9 h"st 15.167.1.1

a##%ss-list 11 +%$2it i+ a9 a9

a##%ss-list 11 3%9 i+ a9 a9

K

line con =Kline au4 =Kline vt1 = :loginKend

P%$,"$2 basi# #",i!8$ati" " R"8t%$ 1

Kversion $&!:no service timestamps log datetime msec

no service timestamps debug datetime msecno service password5encr1ptionKhostname R&Kspanning5tree mode pvstKit%$,a#% FastEth%$%ti+ a33$%ss 15.167.>.1 >>.>>.>>.

i+ a##%ss-!$"8+ 11 "8t

duple4 autospeed auto


88/143

Kinter3ace ;ast7thernet=.$no ip addressduple4 autospeed autoshutdown

Kinter3ace -erial=.=.=ip address $%&!$'!$8!& &88!&88!&88!=Kinter3ace -erial=.=.$no ip addressshutdownKinter3ace lan$no ip addressshutdownKrouter rip

network $%&!$'!8!=network $%&!$'!$8!=Kip classlessKa##%ss-list 11 +%$2it i+ h"st 15.167.1.1 h"st 15.167.>.1

a##%ss-list 11 3%9 i+ 15.167.1. ...>> h"st 15.167.>.1

a##%ss-list 11 +%$2it i+ a9 a9

a##%ss-list 11 3%9 i+ a9 a9

Kline con =K

line au4 =Kline vt1 = :loginKend

PERMIT HTTP AND DENY ICMP:


89/143

PERMIT HTTP DENY ICMP

R1 ROUTER CONFIGURATION :

Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionKhostname RouterKspanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=duple4 auto

speed autoKit%$,a#% FastEth%$%t1

i+ a33$%ss 1B.16.1/.1 >>.>>..

i+ a##%ss-!$"8+ 1 "8t

duple4 autospeed autoKinter3ace lan$no ip addressshutdownKip classlessKKa##%ss-list 1 +%$2it t#+ a9 h"st 1B.16.1/. % &&&

a##%ss-list 1 3%9 i#2+ a9 h"st 1B.16.1/. 8$%a#habl%

Kline con =Kline au4 =Kline vt1 = :login
http://2.bp.blogspot.com/-0LGtu_V93Sw/UlmfKJS5S0I/AAAAAAAABW8/8XVB4S8Q6r4/s1600/EACL+HTTP.PNG


90/143

Kend

PERMIT HTTP:

E=TENDED ACCESS LIST 1

a##%ss-list 1 +%$2it t#+ a9 h"st 1B.16.1/. % &&&DENY ICMP:

a##%ss-list 1 3%9 i#2+ a9 h"st 1B.16.1/. 8$%a#habl%

DENY AND PERMIT TELNET :
http://1.bp.blogspot.com/-jx7Af7v9YAg/Ulmg_ZeNMZI/AAAAAAAABXM/-CavTRBgQDQ/s1600/DENY+ICMP.PNGhttp://1.bp.blogspot.com/-sWH9VpM0ye4/Ulmg_5xOtnI/AAAAAAAABXQ/MFdb7mp0gAI/s1600/PERMIT+HTTP.PNG


91/143

PERMIT AND DENY TELNET CONNECTION


Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionKhostname R$K

%abl% s%#$%t > 12ER$IAMOT5O7OiB1FD6#*sKaaa %&-2"3%l

Kaaa a8th%ti#ati" l"!i TT l"#al

K8s%$a2% t%l%t +ass&"$3 t%l%t

Kspanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=

duple4 autospeed autoKinter3ace ;ast7thernet=.$no ip addressduple4 autospeed autoshutdownKit%$,a#% S%$ial

i+ a33$%ss 1.1.1.1 >>...

i+ a##%ss-!$"8+ 11 i
http://3.bp.blogspot.com/-7TwcUVQ5N4w/UlmjVAue-CI/AAAAAAAABXc/0b2il223pfU/s1600/EACL+TELNET.PNG


92/143

Kinter3ace -erial=.=.$no ip addressshutdownKinter3ace lan$

no ip addressshutdownKrouter ripnetwork $=!=!=!=network $%&!$'!$!=Kip classlessKa##%ss-list 11 3%9 t#+ h"st 1B.16.1/.1 h"st 15.167.1.1 % t%l%t

a##%ss-list 11 +%$2it t#+ h"st 1.1.1. h"st 15.167.1.1 % t%l%t

Kline con =

Kline au4 =Kli%


93/143

inter3ace lan$no ip addressshutdownKrouter ripnetwork $=!=!=!=

network $


94/143

a##%ss-list 1 +%$2it t#+ a9 h"st 1B.16.1/. % ,t+

FTP LOG IN FROM PC 15.167.1.

a##%ss list 1 +%$2it t#+ a9 h"st 1B.16.1/. !t 1/


Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionKhostname RouterK
http://1.bp.blogspot.com/-ZfH-nzHmEb8/UlmrRUHsFLI/AAAAAAAABYQ/iz-4bZXindg/s1600/FTP+LOGIN.PNGhttp://3.bp.blogspot.com/-LPn96hT-gmk/Ulm0uEuqIYI/AAAAAAAABYg/VDfqKUvH2is/s1600/EACL+FTP.PNG


95/143

spanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=duple4 autospeed auto

Kit%$,a#% FastEth%$%t1

i+ a33$%ss 1B.16.1/.1 >>.>>..

i+ a##%ss-!$"8+ 1 "8t

duple4 autospeed autoKinter3ace lan$no ip addressshutdownKip classlessK

access5list $== permit tcp an1 host $


96/143

version $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionKhostname Router

Kspanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=duple4 autospeed autoKit%$,a#% FastEth%$%t1

i+ a33$%ss 1B.16.1/.1 >>.>>..

i+ a##%ss-!$"8+ 1 "8t

duple4 autospeed auto

Kinter3ace lan$no ip addressshutdownKip classlessKaccess5list $== permit tcp an1 host $


97/143

a##%ss-list 1 +%$2it 83+ a9 h"st 1B.16.1/. % 1/

PERMIT DNS FROM ANY HOST :

a##%ss-list 1 +%$2it 83+ a9 h"st 1B.16.1/./ % 3"2ai

a##%ss-list 1 +%$2it 83+ a9 h"st 1B.16.1/. % 3"2ai
http://1.bp.blogspot.com/-CYHdyoVWsQc/UlnAPH_9BDI/AAAAAAAABZQ/6bRiZUj5p2k/s1600/DNS+SUCESS.PNGhttp://3.bp.blogspot.com/-HHAxEfKRpsI/UlnAQMsaRpI/AAAAAAAABZY/jHatuWPT3uM/s1600/NTP+TIME.PNG


98/143

PERMIT AND DENY EMAIL :

EFORE THE EMAIL ACL CONFIGURATION :
http://1.bp.blogspot.com/-b42PNM3IlGk/UlocFvZv2RI/AAAAAAAABZs/9VLMld3BpLQ/s1600/ACL+BEFORE+EMAIL.PNG


99/143

EFORE EMAIL ACL CONFIGURATION

SEND A EMAIL FROM 8s%$1Jsa2+l%.#"2 TO 8s%$Jsa2+l%.#"2 :
http://3.bp.blogspot.com/-JX88W_tZEr8/UlocRE6gTiI/AAAAAAAABaU/oh16rE-85JI/s1600/SEND+MAIL+USER1+TO+USER+2.PNG


100/143

SEND A EMAIL FROM 8s%$Jsa2+l%.#"2 TO 8s%$1Jsa2+l%.#"2 :
http://1.bp.blogspot.com/-XCtFWE-YUcY/UlocO3JUtsI/AAAAAAAABaM/bxRp_83XhCI/s1600/SEND+MAIL+TO+USER2+TO+USER1.PNG


101/143

AFTER EMAIL ACL CONFIGURATION :


Kversion $&!:no service timestamps log datetime msec

no service timestamps debug datetime msecno service password5encr1ptionKhostname RouterKspanning5tree mode pvstKit%$,a#% FastEth%$%t

i+ a33$%ss 15.167.1.1 >>.>>.>>.

i+ a##%ss-!$"8+ 11 i

duple4 autospeed autoKinter3ace ;ast7thernet=.$ip address $


102/143

network $%&!$'!&!=Kip classlessKKa##%ss-list 11 3%9 t#+ 15.167.1. ...>> h"st 1B.16.1/. % s2t+

Kline con =Kline au4 =Kline vt1 = :loginKend

SEND A EMAIL 8s%$1Jsa2+l%.#"2 TO 8s%$Jsa2+l%.#"2 :

SEND A EMAIL 8s%$Jsa2+l%.#"2 TO 8s%$1Jsa2+l%.#"2 :
http://4.bp.blogspot.com/-aOmrPbTQx4E/UlocSIOX8-I/AAAAAAAABac/lRynYds9RIY/s1600/compose+1+to+2.PNG


103/143

DENY EMAIL SERVICE FROM 15.167.1. NET0OR :
http://4.bp.blogspot.com/-Ljlm5_efF1Q/UlocYKOgQVI/AAAAAAAABak/RkvHepYVCT0/s1600/compose+2+t0+1.PNG


104/143

a##%ss list 11 3%9 t#+ 15.167.1. ...>> h"st 1B.16.1/. % s2t+

RESULT :

Thus the e4periment was con3igured success3ull1!
http://4.bp.blogspot.com/-MKGrMqcjIj8/UlocNMY0t9I/AAAAAAAABaE/maP7NkbI21A/s1600/AFTER+SEND+USER1+TO+USER2.PNG


105/143

CASE STUDY : NET0OR SECURITY

This case stud1 should provide the speci3ic actions 1ou can take to improve the securit1 o3 1ournetwork! +e3ore going into speci3ics, however, 1ou should understand the 3ollowing basic concepts thatare essential to an1 securit1 s1stem

"& 9"8$ %%29

This case stud1 re3ers to attackers or intruders! onsider who might want to circumvent 1our securit1measures and identi31 their motivations! ?etermine what the1 might want to do and the damage that the1could cause to 1our network! -ecurit1 measures can never make it impossible 3or a user to per3ormunauthoriOed tasks with a computer s1stem! The1 can onl1 make it harder! The goal is to make sure thenetwork securit1 controls are be1ond the attackers abilit1 or motivation!

C"8t th% #"st

-ecurit1 measures almost alwa1s reduce convenience, especiall1 3or sophisticated users! -ecurit1 can

dela1 work and create e4pensive administrative and educational overhead! It can use signi3icant computingresources and re"uire dedicated hardware! 6hen 1ou design 1our securit1 measures, understand their costsand weigh those costs against the potential bene3its! To do that, 1ou must understand the costs o3 themeasures themselves and the costs and likelihoods o3 securit1 breaches! I3 1ou incur securit1 costs out o3

proportion to the actual dangers, 1ou have done 1oursel3 a disservice!

I3%ti,9 9"8$ ass82+ti"s

7ver1 securit1 s1stem has underl1ing assumptions! ;or e4ample, 1ou might assume that 1our network isnot tapped, or that attackers know less than 1ou do, that the1 are using standard so3tware, or that a lockedroom is sa3e! +e sure to e4amine and justi31 1our assumptions! An1 hidden assumption is a potentialsecurit1 hole!

C"t$"l 9"8$ s%#$%ts

@ost securit1 is based on secrets! Passwords and encr1ption ke1s, 3or e4ample, are secrets! Too o3ten,though, the secrets are not reall1 all that secret! The most important part o3 keeping secrets is knowing theareas 1ou need to protect! 6hat knowledge would enable someone to circumvent 1our s1stemE Soushould jealousl1 guard that knowledge and assume that ever1thing else is known to 1our adversaries! Themore secrets 1ou have, the harder it will be to keep all o3 them! -ecurit1 s1stems should be designed sothat onl1 a limited number o3 secrets need to be kept!

"& 9"8$ &%a'%ss%s

7ver1 securit1 s1stem has vulnerabilities! Sou should understand 1our s1stems weak points and knowhow the1 could be e4ploited! Sou should also know the areas that present the largest danger and preventaccess to them immediatel1! /nderstanding the weak points is the 3irst step toward turning them intosecure areas!

Li2it th% s#"+% ", a##%ss

Sou should create appropriate barriers inside 1our s1stem so that i3 intruders access one part o3 the s1stem,the1 do not automaticall1 have access to the rest o3 the s1stem! The securit1 o3 a s1stem is onl1 as good asthe weakest securit1 level o3 an1 single host in the s1stem!

R%2%2b%$ +h9si#al s%#8$it9

Ph1sical access to a computer (or a router usuall1 gives a su33icientl1 sophisticated user total control overthat computer! Ph1sical access to a network link usuall1 allows a person to tap that link, jam it, or injecttra33ic into it! It makes no sense to install complicated so3tware securit1 measures when access to thehardware is not controlled


106/143

RE*UIREMENTS :

$! I-2 $:$ @odel $ Routers!&! 2ne port switch!)! 2ne Laptop ;or onsole Local Administration !:! 2ne P 3or Remote telnet Login!

8! lass , lass + IP Address!'! +asic Telnet Routing on3iguration ommands!

reating AAA Authentication

+locking ?ictionar1 Attack!

reating Named Access List ontrol!

7nabling Log ;iles ?atabase 3or ;ailure and -uccess Attempt!


107/143

C$%at% #"s"l% #"%#ti>DA16

Kspanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=duple4 autospeed autoKinter3ace ;ast7thernet=.$no ip address
http://2.bp.blogspot.com/-BOOa_-6exP4/Ulp_1RtwZKI/AAAAAAAABbA/W9ZLXe_MYu8/s1600/CONSOLE+AND+TELNET.PNG


108/143

duple4 autospeed autoshutdownKinter3ace lan$no ip address

shutdownKip classlessKli% #"

%?%#-ti2%"8t /

+ass&"$3 B 7>>DA16

l"!i

Kline au4 =Kline vt1 = :

password < =&&:88?=A$'

loginKendPC-1 IP ADDRESS :

C$%at% C"s"l% L"!i

line con =e4ec5timeout )= =

S%#8$i! R"8t%$ C"s"l% It%$,a#%.

password < =&&:88?=A$'login
http://2.bp.blogspot.com/-2xAOhgV6nMk/UlqBCvC_lcI/AAAAAAAABbM/C3VyLNSFA78/s1600/PC+IP.PNG


109/143

TRY TO LOGIN CONSOLE PORT :

onsole LoginC$%ati! R%2"t% T%l%t A##%ss " 9"8$ R"8t%$ &ith basi# l%


110/143

no service timestamps debug datetime msecservice password5encr1ptionKhostname R$K%abl% +ass&"$3 B 7>>DA16

Kspanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$ &88!&88!&88!=duple4 autospeed autoKinter3ace ;ast7thernet=.$no ip addressduple4 autospeed autoshutdown

Kinter3ace lan$no ip addressshutdownKip classlessKline con =e4ec5timeout )= =password < =&&:88?=A$'loginK

line au4 =Kli% >DA16'! Jo to This 6ebsite Link

7. http..www!i3m!net!nO.cookbooks.passwordcracker!html

! Then paste 1our Password on the T1pe < password te4t bo4%! Then lick crack password button$=! Sour password has been success3ull1 ?ecr1pted!$$! 2riginal Password is #is#"$&! 7ncr1pted Password is 7>>DA16
http://www.ifm.net.nz/cookbooks/passwordcracker.htmlhttp://www.ifm.net.nz/cookbooks/passwordcracker.html


111/143

-o ?on#t use the old t1pe < passwords an1more!@ore ?etailsCli#' H%$%

C$%ati! Hi!h L%


112/143

reating @?8The password has been hashed using the stronger @?8 algorithm!

enable secret password

+$ikcJR2j?g/mP>rv"1r$=

C$%ati! AAA A8th%ti#ati" :

AuthenticationIdenti3ies users b1 login and password using challenge and response methodolog1 be3ore the user evengains access to the network! ?epending on 1our securit1 options, it can also support encr1ption!

AuthoriOation

A3ter initial authentication, authoriOation looks at what that authenticated user has access to do! RA?I/-or TAA-V securit1 servers per3orm authoriOation 3or speci3ic privileges b1 de3ining attribute5value(A pairs, which would be speci3ic to the individual user rights! In the isco I2-, 1ou can de3ine AAAauthoriOation with a named list or authoriOation method!

Accounting
http://2.bp.blogspot.com/-cEI2k20DWFo/UlqkMlU459I/AAAAAAAABcI/m4bu2m2bK7A/s1600/CONSOLE+AND+TELNET+MD5+ALGORITHM.PNG


113/143

The last WAW is 3or accounting! It provides a wa1 o3 collecting securit1 in3ormation that 1ou can use 3orbilling, auditing, and reporting! Sou can use accounting to see what users do once the1 are authenticatedand authoriOed! ;or e4ample, with accounting, 1ou could get a log o3 when users logged in and when the1logged out!Eabli! AAA

Router(con3igC aaa new5model

R$(con3igCusername cisco secret cisco$&):

C",i!8$i! th% TACACS s%$e1&

l"#'i! Di#ti"a$9 Atta#' :

The primar1 intention o3 a dictionar1 attack, unlike a t1pical ?o- attack, is to actuall1 gain administrativeaccess to the device! A dictionar1 attack is an automated process to attempt to login b1 attemptingthousands, or even millions, o3 username.password combinations! (This t1pe o3 attack is called aWdictionar1 attackW because it t1picall1 uses, as a start, ever1 word 3ound in a t1pical dictionar1 as a

possible password! As scripts or programs are used to attempt this access, the pro3ile 3or such attempts ist1picall1 the same as 3or ?o- attemptsB multiple login attempts in a short period o3 time!
http://3.bp.blogspot.com/-ZlO3R80uGXw/UlqrH7125wI/AAAAAAAABcY/3QhbScocds8/s1600/CONSOLE+AND+TELNET+MD5+ALGORITHM+DICTIONAR+ATTACK.PNG


114/143

+lock ?ictionar1 AttackR$(con3igClogin block53or $&= attempts ) within '=

E?+laati" :

This command -top the ?ictionar1 attacks 3rom the *ackers!Time period in seconds 5$&= seconds

attempts 5-et ma4 number o3 3ail attempts 5 8 timeswithin 6atch period 3or 3ail attempts 5 '= seconds

C$%ati! Na2%3 A##%ss List C"t$"l :

isco I2- versions $$!& and higher can create Named ALs (NALs! In an NAL, a descriptive namereplaces the numerical ranges re"uired 3or -tandard and 74tended ALs! Named ALs o33er all the3unctionalit1 and advantages o3 -tandard and 74tended ALsB onl1 the s1nta4 3or creating them isdi33erent!The name given to an AL is uni"ue! /sing capital letters in the name makes it easier to recogniOe inrouter command output and troubleshooting!A Named AL is created with the command

ip access5list Xstandard H e4tendedY name

-TAN?AR? NA@7? AL

DENY 15.167.1. :


Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionKhostname R$K
http://4.bp.blogspot.com/-hpkl3IZPQ0A/UlrHtScbkhI/AAAAAAAABc0/38NYWzvcpj8/s1600/NACL.PNGhttp://1.bp.blogspot.com/-6y22Si5DCCE/UlrGST2AQOI/AAAAAAAABco/uv9ddZ43QvM/s1600/SAMPLE.PNG


115/143


116/143

R$(con3ig5std5naclCpermit an1

permit an1

Eabli! L"! Fil%s Databas% ,"$ Fail8$% a3 S8##%ss Att%2+t :

It store the login attempt success and 3ailure data base!
http://3.bp.blogspot.com/-nOF_6SEKk10/UlrQo_mzu_I/AAAAAAAABdY/bBkmJFZzTgg/s1600/CONSOLE+AND+TELNET+MD5+ALGORITHM+DICTIONAR+ATTACK.PNGhttp://2.bp.blogspot.com/-yOEOBBjsxYs/UlrLWNAczcI/AAAAAAAABdI/RsXlj9_ZRKI/s1600/PING+192.168.1.3+TO+172.16.13.2.PNG


117/143

VIE0 LOG FILES ENTERING ON YOUR ROUTER +7;2R7 T*7 L2J ;IL7 R7ATI2N

A;T7R T*7 L2J ;IL7 R7ATI2N

RESULT :

Thus the 74periment was con3igured success3ull1!
http://2.bp.blogspot.com/-OUgi5OGn290/UlrSfWSMHoI/AAAAAAAABd0/Fzc7PwqgRNw/s1600/login+lgo+file.PNGhttp://3.bp.blogspot.com/-qm11qrYuz3I/UlrSH-Boy0I/AAAAAAAABdk/3tJ9tuaHgvA/s1600/console+login+pwd.PNG


118/143

CASE STUDY > : CONTROLLING TRAFFIC FLO0

In this case stud1, the 3irewall router allows incoming new connections to one or more

communication servers or hosts! *aving a designated router act as a 3irewall is desirable because it clearl1identi3ies the routers purpose as the e4ternal gatewa1 and avoids encumbering other routers with this task!In the event that the internal network needs to isolate itsel3, the 3irewall router provides the point o3isolation so that the rest o3 the internal network structure is not a33ected! onnections to the hosts arerestricted to incoming 3ile trans3er protocol (;TP re"uests and email services! The incoming Telnet, ormodem connections to the communication server are screened b1 the communication server runningTAA- username authentication!

RE*UIREMENTS :

$! 2ne I-2 $:$ @odel $ Routers!&! 2ne port switch!)! 2ne P 3or Remote telnet Login!

:! 2ne -erver (TAA-V 3or telnet Login Authentication!8! lass , lass + IP Address!'! +asic Telnet Routing on3iguration ommands!

con3iguration at AAA server 555555555A- -7R7R555555555555555user account 5555username tacacs

password tacacstacasV client Ip $%&!$'!$!$


119/143

ke1 $&):Now here is 3ew show commands we can use plus one command to unlock an1 user account reach ma43ailed attempts to logonRouterCshow aaa user allRouterCshow aaa sessionsRouterCshow aaa local user lockout

RouterCclear aaa local user lockout username all;or best practice tr1 to telnet the router with local 8s%$a2% t%l%t +ass&"$3 1/and it will not workthen tr1 to use TAA- server user name we wrote above ta#a#s +ass&"$3 ta#a#sand it will work 3inenow disconnect the TAA- server or just remove the cable and tr1 tot%l%tthe router using telnet and itwill work 3ine! remember method $ 3ail , 1ou will not go to method & but i3 method $ is not available then1ou can go to method & and use it!


TELNET 0ITH OUT TACACS SERVER :
http://3.bp.blogspot.com/-364vGRKXkBE/Ulv7wDxKkJI/AAAAAAAABeE/A9d_SumyNtM/s1600/TELNET+WITH+OUT+TACACS+SERVER.PNG


120/143

TELNET 0ITH TACACS SERVER :
http://4.bp.blogspot.com/-g-RHmkY0cAg/Ulv8EmXYfvI/AAAAAAAABeM/K64wOgpBeo0/s1600/TELNET+WITH+TACACS+SERVER.PNG


121/143

TELNET CLIENT IP ADDRESS :

TACACS SERVER IP :

TACACS SERVER CONFIGURATION :
http://1.bp.blogspot.com/-0gIr4jfxFME/Ulv8h3MSTaI/AAAAAAAABec/wxwbc_3E1cw/s1600/TACACS+SERVER+IP.PNGhttp://2.bp.blogspot.com/-U0r2oV8NmS0/Ulv8Zt2vRpI/AAAAAAAABeU/sZyBZsx1_Ag/s1600/PC+IP+ADDRESS.PNG


122/143

ROUTER RUNNING CONFIGURATION :

K

version $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionKhostname R$K%abl% s%#$%t > 12ER$3+RATI!?*a#PVC,NV

Kaaa %&-2"3%l

aaa a8th%ti#ati" l"!i 3%,a8lt !$"8+ ta#a#s l"#al
http://2.bp.blogspot.com/-JIFGEc_bQ24/Ulv8irQvH3I/AAAAAAAABeo/CtMPahbNois/s1600/TACACS+AUTHENTICATION.PNG


123/143


124/143

TELNET LOGIN 0ITH TACACS SERVER AUTHENTICATION :

R"8t%$Ksh aaa s%ssi" :

RESULT :


CASE STUDY 7: INTEGRATING EIGRP (ENHANCED

INTERIOR GATE0AY ROUTING PROTOCOL) INTO

E=ISTING NET0ORS

The case stud1 should provide the bene3its and considerations involved in integrating7nhanced
http://2.bp.blogspot.com/-AdaOm7eketw/Ulv_xUO4PgI/AAAAAAAABfE/E79cYL0xnuk/s1600/sh+aaa+session.PNGhttp://2.bp.blogspot.com/-2j3nSUdqxXI/Ulv-rMEfLZI/AAAAAAAABe4/ePnK1Z75XLQ/s1600/TELNET+LOGIN+WITH+TACACS+AUTHENTICATION.PNGhttp://2.bp.blogspot.com/-OnZclBfmpHU/Ulv-qzU7gsI/AAAAAAAABew/CwutxWm5f-4/s1600/TELNET+LOGIN+WITH+OUT+TACACS+AUTHENTICATION.PNG


125/143

IGRP it" th% ,"ll"&i! t9+%s ", it%$%t&"$'s:

IPZThe e4isting IP network is running IJRP

Novell IPZThe e4isting IP network is running RIP and -AP

AppleTalkZThe e4isting AppleTalk network is running the Routing Table

@aintenance Protocol (RT@P

6hen integrating 7nhanced IJRP into e4isting networks, plan a phased implementation!Add 7nhanced IJRP at the peripher1 o3 the network b1 con3iguring 7nhanced IJRP on aboundar1 router on the backbone o33 the core network! Then integrate 7nhanced IJRP intothe core network

RE*UIREMENTS :

$! Three isco &$$ Routers!&! Three &: Port isco -witch!

)! opper -traight Through ables!

:! Three -erial Line ables!

8! Nine 6indows Ps

'! lass A and lass IP Address!

! +asic Network con3iguration commands!

%! isco Packet Tracer '!=!$!e4e

PROCEDURES :

CREATE EIGRP NET0OR TOPOLOGY :

NET0OR TOPOLOGY :


126/143

7IJRP

0hat is EIGRP :

7nhanced Interior Jatewa1 Routing ProtocolAdvanced distance vectorRapid convergence$==[ loop53ree classless routing7as1 con3igurationIncremental updates
http://1.bp.blogspot.com/-lNsQH1czYvY/Ul-Q4cYDEEI/AAAAAAAABfU/rr0mqktXaDo/s1600/TOPOLOGY.PNGhttp://1.bp.blogspot.com/-4mSDQkqUPOI/UmKwegweRZI/AAAAAAAABjY/jL0EG6OzAOc/s1600/NEW.PNG


127/143

Load balancing across e"ual5 and une"ual5cost pathwa1s;le4ible network design@ulticast and unicast instead o3 broadcast address-upport 3or L-@ and discontiguous subnets@anual summariOation at an1 point in the internetwork

-upport 3or multiple network la1er protocols

F%at8$%s O, EIGRP :

isco proprietar1 protocollassless routing protocolIncludes all 3eatures o3 IJRP@etric ()& bit omposite @etric (+6 V ?ela1 V load V @T/ V reliabilit1 Administrative distance is %=/pdates are through @ulticast (&&:!=!=!$= @a4 *op count is &88 ($== b1 de3ault

-upports IP, IP and Apple Talk protocols*ello packets are sent ever1 8 secondsonvergence rate is 3ast2vercome The RIP limitations!

EIGRP Tabl%s :

7igrp routing Protocol maintains Three tables 3or best routing or path selection to destinationNetwork!

$! Neighbor Table&! Topolog1 Table

)! Routing Table


128/143

Disa3


129/143

HYDERAAD R"8t%$ R8i! C",i!8$ati" :Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ption

Khostname *S?K

spanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!$!$8= &88!&88!&88!=duple4 autospeed autoKinter3ace ;ast7thernet=.$no ip address

duple4 autospeed autoshutdownKinter3ace -erial=.).=ip address $=!=!=!$ &88!=!=!=clock rate $:===Kinter3ace -erial=.).$no ip addressshutdownKinter3ace lan$no ip addressshutdownKrouter eigrp $=network $%&!$'!$!=network $=!=!=!=no auto5summar1Kip classlessKline con =Kline au4 =K

line vt1 = :loginKend

CHENNAI R"8t%$ R8i! C",i!8$ati" :Kversion $&!:no service timestamps log datetime msecno service timestamps debug datetime msecno service password5encr1ptionK


130/143

hostname *7Kspanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!&!$8= &88!&88!&88!=duple4 autospeed autoKinter3ace ;ast7thernet=.$no ip addressduple4 autospeed autoshutdownKinter3ace -erial=.&.=ip address $=!=!=!& &88!=!=!=Kinter3ace -erial=.&.$ip address $$!=!=!$ &88!=!=!=

Kinter3ace lan$no ip addressshutdownKrouter eigrp $=network $=!=!=!=network $%&!$'!&!=network $$!=!=!=no auto5summar1Kip classlessK

line con =Kline au4 =Kline vt1 = :loginKend

a!al"$% R"8t%$ R8i! C",i!8$ati" :Kversion $&!:no service timestamps log datetime msec

no service timestamps debug datetime msecno service password5encr1ptionKhostname +ANJKspanning5tree mode pvstKinter3ace ;ast7thernet=.=ip address $%&!$'!)!$8= &88!&88!&88!=duple4 autospeed autoK


131/143

inter3ace ;ast7thernet=.$no ip addressduple4 autospeed autoshutdownKinter3ace -erial=.&.=ip address $$!=!=!& &88!=!=!=Kinter3ace -erial=.&.$no ip addressclock rate $======shutdownKinter3ace lan$no ip addressshutdownKrouter eigrp $=network $%&!$'!)!=

network $$!=!=!=no auto5summar1Kip classlessKline con =Kline au4 =Kline vt1 = :loginKend

VERIFY THE NET0OR CONFIGURATION :


132/143

PING 15.167.1./

PING 15.167./.
http://4.bp.blogspot.com/-UhcG22rTGUM/Ul-YN5oIElI/AAAAAAAABf8/jpoyca3u-7c/s1600/PING+192.168.1.3.PNG


133/143

PING 15.167../

NEIGHORS ROUTING TALES :

HYDERAAD ROUTER NEIGHOR TALE :
http://2.bp.blogspot.com/-sTD2CtENbik/Ul-YLm98h1I/AAAAAAAABf4/X3cDiXCXHY8/s1600/PING+192.168.2.3.PNGhttp://4.bp.blogspot.com/-IANqzB9OPYQ/Ul-YLn4M_PI/AAAAAAAABfs/B78dmNTzCSM/s1600/PING+192.168.3.2.PNG


134/143

CHENNAI ROUTER NEIGHOR TALE :

ANGALORE ROUTER NEIGHOR TALE :

ROUTER TOPOLOGY TALES :

ANGALORE ROUTER TOPOLOGY TALE
http://3.bp.blogspot.com/-6sOxM89h_kg/Ul-b11kz6WI/AAAAAAAABgc/xOt-FUEMwFQ/s1600/BANG+NEIGHBORS.PNGhttp://1.bp.blogspot.com/-Sx2AiFJalDE/Ul-bitu-rVI/AAAAAAAABgM/SbJ8N_xzvB8/s1600/CHE+NEIGHBORS.PNGhttp://4.bp.blogspot.com/-RJJYnsxmK1k/Ul-bj2CzTRI/AAAAAAAABgQ/8J_7BvwGjC4/s1600/HYD+NEIGHBORS.PNG


135/143

CHENNAI ROUTER TOPOLOGY TALE :

HYDERAAD ROUTER TOPOLOGY TALE
http://4.bp.blogspot.com/-yPwlFWufQIY/Ul-dxO3vTeI/AAAAAAAABgs/RXHzuofF7GA/s1600/CHE+TOPOLOGY+TABLE.PNGhttp://3.bp.blogspot.com/-GuqRBJuYYhw/Ul-dvQkdmqI/AAAAAAAABgk/m1jIMKLHiIk/s1600/BANG+TOPOLOGY+TABLE.PNG


136/143

ROUTERS ROUTING TALES :

ANGALORE ROUTER ROUTING TALE :

CHENNAI ROUTER ROUTING TALE
http://1.bp.blogspot.com/-SOaLwVjKuUk/Ul-g2iLSnnI/AAAAAAAABhY/VVdiUazvrPk/s1600/BANG+ROUTING+TABLE.PNGhttp://3.bp.blogspot.com/-hR9Ah_R-ZUU/Ul-dxCrGz-I/AAAAAAAABgw/9gkxa1YOVks/s1600/HYD+TOPLOLOGY+TABLE.PNG


137/143

HYDERAAD ROUTER ROUTING TALE

RESULT :


CASE STUDY /: DIAL-ON-DEMAND ROUTING
http://1.bp.blogspot.com/-LLR8B5yK1hc/Ul-hAjC28QI/AAAAAAAABho/1nnPIKutnys/s1600/HYD+ROUTING+TABLE.PNGhttp://2.bp.blogspot.com/-oWh3QZwBGGQ/Ul-g9JRbWrI/AAAAAAAABhg/qaEHilFfivg/s1600/CHE+ROUTING+TABLE.PNG


138/143

This case stud1 should describe the use o3 ??R to connect a worldwide network that

consists o3 a central site located in @umbai and remote sites located in hennai, +angalore, and

*1derabad! The 3ollowing scenarios should be considered

Ha


139/143

ROUTERS ISDN PARAMETERS:

CHENNAI ROUTER RUNNING CONFIGURATION:

*7NNAICsh running5con3ig

+uilding con3iguration!!!
http://3.bp.blogspot.com/-9NuZcPrFxQY/UnTjTzcQ--I/AAAAAAAABm8/AykKX3kcpWE/s1600/DIAL+NUMBER.pnghttp://3.bp.blogspot.com/-dkqPSjXfyQA/UnTgIKAJK1I/AAAAAAAABmw/_9bzZy7-uyg/s1600/TOPOLOGY.jpg


140/143

K

ersion $&!$

service timestamps debug uptime

service timestamps log uptime


Khostname *7NNAI

K

ip subnet5Oero

K

inter3ace -erial=

no ip address

no ip directed5broadcast

bandwidth $8::

shutdown

K

inter3ace -erial$no ip address


bandwidth $8::

shutdown

K

inter3ace 7thernet=

no ip address


bandwidth $====

shutdown

K

inter3ace +ri=

ip address $%&!$'!=!$ &88!&88!&88!=


dialer5group $

isdn switch5t1pe basic5ni

isdn spid$ )&$


141/143

line au4 =

line vt1 = :

K

no scheduler allocate

end

MUMAI ROUTER RUNNING CONFIGURATION:

@/@+AICsh running5con3ig

+uilding con3iguration!!!

K

ersion $&!$

service timestamps debug uptime

service timestamps log uptimeno service password5encr1ption

K

hostname @/@+AI

K

ip subnet5Oero

K

inter3ace 7thernet=

no ip address


bandwidth $====

shutdown

K

inter3ace +ri=

ip address $%&!$'!=!& &88!&88!&88!=


dialer5group $

isdn switch5t1pe basic5ni

isdn spid$ )&$


142/143

line au4 =

line vt1 = :

K

no scheduler allocate

end

VERIFY ISDN DDR NET0OR CONNECTIVITY:

CHEC ISDN STATUS:

CHENNAI ROUTER ISDN STATUS:

MUMAI ROUTER ISDN STATUS:
http://3.bp.blogspot.com/-4_AvI_WEBrA/UnTof9bhkUI/AAAAAAAABnQ/SH0P2SjnXFI/s1600/CHENNAI+ISDN.PNGhttp://4.bp.blogspot.com/-6PbH7WPRVEk/UnTn8qcgfZI/AAAAAAAABnI/P98x9Fvq1BE/s1600/AFTER+CHENNAI+PING.PNG


143/143

PING ET0EEN T0O ROUTERS:
http://1.bp.blogspot.com/-mJqFQPqAv40/UnTqTOrEboI/AAAAAAAABns/aod_3rwHCq4/s1600/AFTER+PING.PNGhttp://4.bp.blogspot.com/-bPg1uk2qnhE/UnTqPAFJ9NI/AAAAAAAABnk/4ITuSnJz500/s1600/AFTER+CHENNAI+PING.PNGhttp://2.bp.blogspot.com/-clbVzBbhvtA/UnTpp1ng93I/AAAAAAAABnc/QKvYvVe4Y30/s1600/MUMBAI+ISDN+STATUS.PNG

Lab Manual -Network Design Case Study

Documents