Project Report

NETWORKING BASICS

What is a Computer Network?

A computer network allows sharing of resources and information among interconnected

devices. In the 1960s, the Advanced Research Projects Agency (ARPA) started funding the

design of the Advanced Research Projects Agency Network (ARPANET) for the United States

Department of Defense. It was the first computer network in the world.[1] Development of the

network began in 1969, based on designs developed during the 1960s.

Computer networks can be used for a variety of purposes:

Facilitating communications. Using a network, people can communicate efficiently and

easily via email, instant messaging, chat rooms, telephone, video telephone calls, and

video conferencing.

Sharing hardware. In a networked environment, each computer on a network may access

and use hardware resources on the network, such as printing a document on a shared

network printer.

Sharing files, data, and information. In a network environment, authorized user may

access data and information stored on other computers on the network. The capability of

providing access to data and information on shared storage devices is an important

feature of many networks.

Sharing software. Users connected to a network may run application programs on remote

computers.

Information preservation.

Security.

Speed up.

What is a Networking?

Networking is a common synonym for developing and maintaining contacts and personal

connections with a variety of people who might be helpful to you and your career.

Networking is the practice of linking two or more computing devices together for the purpose of

sharing data. Networks are built with a mix of computer hardware and computer software. It is

an especially important aspect of career management in the financial services industry, since it is

helps you keep abreast of:

Types of networks

Local area network

A local area network (LAN) is a network that connects computers and devices in a limited

geographical area such as home, school, computer laboratory, office building, or closely

positioned group of buildings. Each computer or device on the network is a node. Current wired

LANs are most likely to be based on Ethernet technology, although new standards like ITU-T

G.hn also provide a way to create a wired LAN using existing home wires (coaxial cables, phone

lines and power lines)

Personal area network

A personal area network (PAN) is a computer network used for communication among computer

and different information technological devices close to one person. Some examples of devices

that are used in a PAN are personal computers, printers, fax machines, telephones, PDAs,

scanners, and even video game consoles. A PAN may include wired and wireless devices. The

reach of a PAN typically extends to 10 meters.[4] A wired PAN is usually constructed with USB

and Firewire connections while technologies such as Bluetooth and infrared communication

typically form a wireless PAN.

Home area network

A home area network (HAN) is a residential LAN which is used for communication between

digital devices typically deployed in the home, usually a small number of personal computers

and accessories, such as printers and mobile computing devices. An important function is the

sharing of Internet access, often a broadband service through a CATV or Digital Subscriber Line

(DSL) provider. It can also be referred to as an office area network (OAN).

Wide area network

A wide area network (WAN) is a computer network that covers a large geographic area such as a

city, country, or spans even intercontinental distances, using a communications channel that

combines many types of media such as telephone lines, cables, and air waves. A WAN often

uses transmission facilities provided by common carriers, such as telephone companies. WAN

technologies generally function at the lower three layers of the OSI reference model: the physical

layer, the data link layer, and the network layer.

Campus Network

A campus network is a computer network made up of an interconnection of local area networks

(LAN's) within a limited geographical area. The networking equipments (switches, routers) and

transmission media (optical fiber, copper plant, Cat5 cabling etc.) are almost entirely owned (by

the campus tenant / owner: an enterprise, university, government etc.).

In the case of a university campus-based campus network, the network is likely to link a variety

of campus buildings including; academic departments, the university library and student

residence halls.

Metropolitan area network

A Metropolitan area network is a large computer network that usually spans a city or a large

campus.

Virtual private network

A virtual private network (VPN) is a computer network in which some of the links between

nodes are carried by open connections or virtual circuits in some larger network (e.g., the

Internet) instead of by physical wires. The data link layer protocols of the virtual network are

said to be tunneled through the larger network when this is the case. One common application is

secure communications through the public Internet, but a VPN need not have explicit security

features, such as authentication or content encryption. VPNs, for example, can be used to

separate the traffic of different user communities over an underlying network with strong

security features.

What is network topology?

Network topology is the layout pattern of interconnections of the various elements (links, nodes,

etc.) of a computer network.[1][2] Network topologies may be physical or logical. Physical

topology means the physical design of a network including the devices, location and cable

installation. Logical topology refers to how data is actually transferred in a network as opposed

to its physical design.

Various topologies ::

Bus topology

Many devices connect to a single cable "backbone". If the backbone is broken, the entire

segment fails. Bus topologies are relatively easy to install and don't require much cabling

compared to the alternatives.

Ring Topology

In a ring network, every device has exactly two neighbours for communication purposes. All

messages travel through a ring in the same direction. Like the bus topology, a failure in any cable

or device breaks the loop and will take down the entire segment. A disadvantage of the ring is

that if any device is added to or removed from the ring, the ring is broken and the segment fails

until it is "reforged" (by dwarfish goldsmiths?) It is also considerably more expensive than

other topologies.

Star Topology

A star network has a central connection point - like a hub or switch. While it takes more cable,

the benefit is that if a cable fails, only one node will be brought down.

All traffic emanates from the hub of the star. The central site is in control of all the nodes

attached to it. The central hub is usually a fast, self contained computer and is responsible for

routing all traffic to other nodes. The main advantages of a star network is that one

malfunctioning node does not affect the rest of the network. However this type of network can be

prone to bottleneck and failure problems at the central site.

Tree Topology

Also known as the 'Hierarchical topology', the tree topology is a combination of bus and star

topologies. They are very common in larger networks. A typical scenario is: a file server is

connected to a backbone cable (e.g. coaxial) that runs through the building, from which switches

are connected, branching out to workstations.

Mesh topology

In the topologies shown above, there is only one possible path from one node to another node. If

any cable in that path is broken, the nodes cannot communicate.

Mesh topology uses lots of cables to connect every node with every other node. It is very

expensive to wire up, but if any cable fails, there are many other ways for two nodes to

communicate. Some WANs, like the Internet, employ mesh routing. In fact the Internet was

deliberately designed like this to allow sites to communicate even during a nuclear war.

Hybrid Topology

Hybrid network is the combination of different topologies such as star, Ring, Mesh, Bus etc. For

example, if a department uses a Bus network, second department uses the ring network, third

department uses the Mesh network and fourth department uses the star network. All the networks

of different types (of four departments) can be connected together through a central hub (in the

form of star network) as shown in the figure below.

Basic networking devices

Computer networking devices are units that mediate data in a computer network. Computer

networking devices are also called network equipment, Intermediate Systems (IS) or

InterWorking Unit (IWU). Units which are the last receiver or generate data are called hosts or

data terminal equipment.

Routers

A router is a communication device that is used to connect two logically and physically different

networks, two LANs, two WANs and a LAN with WAN. The main function of the router is to

sorting and the distribution of the data packets to their destinations based on their IP addresses.

Routers provides the connectivity between the enterprise businesses, ISPs and in the internet

infrastructure, router is a main device. Cisco routers are widely used in the world. Every router

has routing software, which is known as IOS. Router operates at the network layer of the OSI

model. Router does not broadcast the data packets.

We have two types of router:

1.Hardware

2.software. – this router is provided by RRAS SERVICE.

Switches

Like the router, a switch is an intelligent device that maps the IP address with the MAC address

of the LAN card. Unlike the hubs, a switch does not broadcast the data to all the computers, it

sends the data packets only to the destined computer. Switches are used in the LAN, MAN and

WAN. In an Ethernet network, computers are directly connected with the switch via twisted pair

cables. In a network, switches use the three methods to transmit the data i.e. store and forward,

cut through and fragment free.

We have two types of switch.

1.Mangeable switch: it has console port by using this we can mange this switch according to

our need .

2.non-mangeable : it ha no console port we use this switch as we purchase it.

Hubs

The central connecting device in a computer network is known as a hub. There are two types of

a hub i.e. active hub and passive hub. Every computer is directly connected with the hub. When

data packets arrives at hub, it broadcast them to all the LAN cards in a network and the destined

recipient picks them and all other computers discard the data packets. Hub has five, eight,

sixteen and more ports and one port is known as uplink port, which is used to connect with the

next hub.

Modems

A modem is a communication device that is used to provide the connectivity with the internet.

Modem works in two ways i.e. Modulation and Demodulation. It converts the digital data into

the analogue and analogue to digital.

LAN Cards

LAN cards or network adapters are the building blocks of a computer network. No computer can

communicate without a properly installed and configured LAN card. Every LAN card is

provided with a unique IP address, subnet mask, gateway and DNS (if applicable). An UTP/STP

cable connects a computer with the hub or switch. Both ends of the cable have the RJ-45

connectors one is inserted into the LAN card and one in the hub/switch. LAN cards are inserted

into the expansion slots inside the computer. Different LAN cards support different speed from

10/100 to 10/1000.

Ethernet = speed 10mbps

Fast Ethernet = 100mbps

Giga Ethernet = 1000mbps

Fastgiga Ethernet = 10000mbps

Network Repeater

A repeater connects two segments of your network cable. It retimes and regenerates the signals

to proper amplitudes and sends them to the other segments. When talking about, ethernet

topology, you are probably talking about using a hub as a repeater. Repeaters require a small

amount of time to regenerate the signal. This can cause a propagation delay which can affect

network communication when there are several repeaters in a row. Many network architectures

limit the number of repeaters that can be used in a row. Repeaters work only at the physical layer

of the OSI network model.

Bridge

A bridge reads the outermost section of data on the data packet, to tell where the message is

going. It reduces the traffic on other network segments, since it does not send all packets.

Bridges can be programmed to reject packets from particular networks. Bridging occurs at the

data link layer of the OSI model, which means the bridge cannot read IP addresses, but only the

outermost hardware address of the packet. In our case the bridge can read the ethernet data which

gives the hardware address of the destination address, not the IP address. Bridges forward all

broadcast messages. Only a special bridge called a translation bridge will allow two networks of

different architectures to be connected. Bridges do not normally allow connection of networks

with different architectures.

The hardware address is also called the MAC (media access control) address. To determine the

network segment a MAC address belongs to, bridges use one of:

Transparent Bridging - They build a table of addresses (bridging table) as they receive packets. If

the address is not in the bridging table, the packet is forwarded to all segments other than the one

it came from. This type of bridge is used on ethernet networks.

Source route bridging - The source computer provides path information inside the packet. This is

used on Token Ring networks.

Gateway

A gateway can translate information between different network data formats or network

architectures. It can translate TCP/IP to AppleTalk so computers supporting TCP/IP can

communicate with Apple brand computers. Most gateways operate at the application layer, but

can operate at the network or session layer of the OSI model. Gateways will start at the lower

level and strip information until it gets to the required level and repackage the information and

work its way back toward the hardware layer of the OSI model. To confuse issues, when talking

about a router that is used to interface to another network, the word gateway is often used. This

does not mean the routing machine is a gateway as defined here, although it could be.

Network Models

When dealing with networking, you may hear the terms "network model" and "network layer"

used often. Network models define a set of network layers and how they interact. There are

several different network models depending on what organization or company started them. The

most important two are:

The TCP/IP Model - This model is sometimes called the DOD model since it was designed for

the department of defense It is also called the internet model because TCP/IP is the protocol used

on the internet.

OSI Network Model - The International Standards Organization (ISO) has defined a standard

called the Open Systems Interconnection (OSI) reference model. This is a seven layer

architecture listed in the next section.

Layers in the TCP/IP model

Application Layer (process-to-process): This is the scope within which applications create user

data and communicate this data to other processes or applications on another or the same host.

The communications partners are often called peers. This is where the "higher level" protocols

such as SMTP, FTP, SSH, HTTP, etc. operate.

Transport Layer (host-to-host): The Transport Layer constitutes the networking regime

between two network hosts, either on the local network or on remote networks separated by

routers.

Internet Layer (internetworking): The Internet Layer has the task of exchanging datagrams

across network boundaries. It is therefore also referred to as the layer that establishes

internetworking, indeed, it defines and establishes the Internet. This layer defines the addressing

and routing structures used for the TCP/IP protocol suite.

Link Layer: This layer defines the networking methods with the scope of the local network link

on which hosts communicate without intervening routers. This layer describes the protocols used

to describe the local network topology and the interfaces needed to affect transmission of

Internet Layer datagrams to next-neighbor hosts.

OSI Model

The OSI, or Open System Interconnection, model defines a networking framework for

implementing protocols in seven layers. Control is passed from one layer to the next, starting at

the application layer in one station, and proceeding to the bottom layer, over the channel to the

next station and back up the hierarchy.

Application (Layer 7)

This layer supports application and end-user processes. Communication partners are identified,

quality of service is identified, user authentication and privacy are considered, and any

constraints on data syntax are identified.

Presentation (Layer 6)

This layer provides independence from differences in data representation (e.g., encryption) by

translating from application to network format, and vice versa.

Session (Layer 5)

This layer establishes, manages and terminates connections between applications. The session

layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the

applications at each end. It deals with session and connection coordination.

Transport (Layer 4)

This layer provides transparent transfer of data between end systems, or hosts, and is responsible

for end-to-end error recovery and flow control. It ensures complete data transfer.

Network (Layer 3)

This layer provides switching and routing technologies, creating logical paths, known as virtual

circuits, for transmitting data from node to node.

Data Link (Layer 2)

At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol

knowledge and management and handles errors in the physical layer, flow control and frame

synchronization. The data link layer is divided into two sub layers: The Media Access Control

(MAC) layer and the Logical Link Control (LLC) layer.

Physical (Layer 1)

This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network

at the electrical and mechanical level. .

TCP/IP Model vs OSI Model

Sr.

No.TCP/IP Reference Model OSI Reference Model

1 Defined after the advent of Internet. Defined before advent of internet.

2Service interface and protocols were not clearly

distinguished before

Service interface and protocols are

clearly distinguished

3 TCP/IP supports Internet working Internet working not supported

4 Loosely layered Strict layering

5 Protocol Dependant standard Protocol independent standard

6 More Credible Less Credible

7TCP reliably delivers packets, IP does not

reliably deliver packetsAll packets are reliably delivered

Basic Networking Cables

Networking Cables are used to connect one network device to other or to connect two or more

computers to share printer, scanner etc. Different types of network cables like Coaxial

cable, Optical fiber cable, Twisted Pair cables are used depending on the

network's topology, protocol and size. The devices can be separated by a few meters (e.g.

via Ethernet) or nearly unlimited distances (e.g. via the interconnections of the Internet).

While wireless may be the wave of the future, most computer network today still utilize cables to

transfer signals from one point to another

Twisted pair

Twisted pair cabling is a type of wiring in which two conductors (the forward and return

conductors of a single circuit) are twisted together for the purposes of canceling

out electromagnetic interference (EMI) from external sources; for instance, electromagnetic

radiation from unshielded twisted pair (UTP) cables, and crosstalk between neighboring pairs. It

was invented by Alexander Graham Bell.

Unshielded twisted pair cable with different twist rates Shielded

twisted pair

Advantages

It is a thin, flexible cable that is easy to string between walls.

More lines can be run through the same wiring ducts.

UTP costs less per meter/foot than any other type of LAN cable.

Disadvantages

Twisted pair’s susceptibility to electromagnetic interference greatly depends on the pair

twisting schemes (usually patented by the manufacturers) staying intact during the

installation. As a result, twisted pair cables usually have stringent requirements for maximum

pulling tension as well as minimum bend radius. This relative fragility of twisted pair cables

makes the installation practices an important part of ensuring the cable’s performance.

In video applications that send information across multiple parallel signal wires, twisted pair

cabling can introduce signaling delays known as skew which results in subtle color defects

and ghosting due to the image components not aligning correctly when recombined in the

display device

Optical fiber cable

An optical fiber cable is a cable containing one or more optical fibers. The optical fiber

elements are typically individually coated with plastic layers and contained in a protective tube

suitable for the environment where the cable will be deployed.

An optical fiber is a single, hair-fine filament drawn from molten silica glass. These fibers are

replacing metal wire as the transmission medium in high-speed, high-capacity communications

systems that convert information into light, which is then transmitted via fiber optic cable.

Currently, American telephone companies represent the largest users of fiber optic cables, but

the technology is also used for power lines, local access computer networks, and video

transmission.

Coaxial cable

Coaxial cable, or coax, is an electrical cable with an inner conductor surrounded by a flexible,

tubular insulating layer, surrounded by a tubular conducting shield. The term coaxial comes from

the inner conductor and the outer shield sharing the same geometric axis. Coaxial cable was

invented by English engineer and mathematician Oliver Heaviside, who first patented the design

in 1880.[1]

Coaxial cable is used as a transmission line for radio frequency signals, in applications such as

connectingradio transmitters and receivers with their antennas, computer network (Internet)

connections, and distributingcable television signals. One advantage of coax over other types of

radio transmission line is that in an ideal coaxial cable the electromagnetic field carrying the

signal exists only in the space between the inner and outerconductors. This allows coaxial cable

runs to be installed next to metal objects such as gutters without the power losses that occur in

other types of transmission lines, and provides protection of the signal from

externalelectromagnetic interference.

Straight Cable

You usually use straight cable to connect different type of devices. This type of cable will be

used most of the time and can be used to:

1) Connect a computer to a switch/hub's normal port.

2) Connect a computer to a cable/DSL modem's LAN port. 

3) Connect a router's WAN port to a cable/DSL modem's LAN port.

4) Connect a router's LAN port to a switch/hub's uplink port. (normally used for expanding

network)

5) Connect 2 switches/hubs with one of the switch/hub using an uplink port and the other one

using normal port.

Crossover Cable

A crossover cable connects two devices of the same type, for example DTE-DTE or DCE-DCE,

usually connected asymmetrically (DTE-DCE), by a modified cable called a crosslink. Such

distinction of devices was introduced by IBM

Sometimes you will use crossover cable, it's usually used to connect same type of devices. A

crossover cable can be used to:

1) Connect 2 computers directly.

2) Connect a router's LAN port to a switch/hub's normal port. (normally used for expanding

network)

3) Connect 2 switches/hubs by using normal port in both switches/hubs

We use two types of cable in networking :

1. straight cable

2. cross cable

Colour cording of cable:

Straight:

1. orange white 1.orange white

2. orange 2.orange

3. green white 3.green white

4. blue 4. blue

5. blue white 5. blue white

6. green 6. green

7. brown white 7. brown white

8. brown 8. Brown

Cross cable:

1 3

2 6

3 1

6 2

1. orange white 1.green white

2. orange 2.green

3. green white 3.orange white

4. blue 4. blue

5. blue white 5. blue white

6. green 6. orange

7. brown white 7. brown white

8. brown 8. Brown

Colour coding for cables

T-568B Straight-Through Ethernet Cable

RJ-45 Crossover Ethernet Cable

INSTALLING CABLES

In today networks, UTP CABLES are commonly used to connect computers in a network.

Depending on the color codings, we have different cables like straight cable, cross cable and roll-

over cable.

STRAIGHT CABLE

The cable used between the PC and the hub/switch is called straight cable.

Straight cable can be used between

PC - SWITCH

PC- HUB

HUB(UPLINK PORT) - HUB

According to TIA/EIA(Telecommunications industry standard/Electronics industry standard),we

have the following

two standards for making straight cable:

CROSS-OVER CABLE

The cable used to connect two PCs is called cross-over cable.

Cross cable can be used between:

PC - PC

HUB - HUB

SWITCH - SWITCH

ROUTER - PC

ROLL-OVER CABLE

The cable used between a hardware router and a PC is called roll-over cable.

In this cable,the color coding used in one end is reversed in the other end.

DATA TRAVELL ONLY GREEN OR ORANGE PAIR OF CABLE.

ADDRESSING IN COMPUTER NETWORKING

There are two kinds of addresses used in networks:

1.Physical address

2.Logical address

PHYSICAL ADDRESS

1.It is also called hardware address or MAC address.MAC stands for media access control.

2.It is present in the chip of a NIC card.

3.It is unique for every NIC card and cannot be changed.

4.It is 48 bits.Out of 48 bits,24 bits of address is given by the manufacturer of NIC card and the

remaining 24 bits of address is defined as per instructions given by IEEE.

5.IEEE stands for Institute of Electronics and Electrical Engineers.

LOGICAL ADDRESS

1.It is also called software address.

2.It is given by the user and can be changed anytime.

3.Several schemes or protocols are used to define logical address in a computer.

4.These protocols are :

TCP/IP (TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL)

IPX/SPX (Internetwork Packet Exchange/Sequential Packet EXchange)

NetBeuI

DLC (Data Link Control)

AppleTalk

PROTOCOL is a set of rules which in communication between computers.

TCP/IP

1.It has become industry-standard

2.It was developed by DOD(Department of Defence) of USA.

3.It is used both in Internet(public network) and Intranet(private network).

4.It is of 32 bits.

5.Currently used version is IP v4.

6.IP v6 is also available.

7.It has four fields or octetes.

8.Each octet is of 8 bits.

9.It can be repesented by

w.x.y.z

10.Minimum value of a octet is 0 and maximum is 255

11.Eaxh octet or field can have decimal values ranging from 0 to 255.

12.According to the value of w or first field, we have five classes of TCP/IP Addresses.

The first three classes are only used for computer addressing in a network.

IP ADDERSSING

IP (INTERNER PROTOCOL) ip stands on internet protocol it is 32 bit.it is divided in 4 octet

each octet contain 8 bit.it is numerical identification of computer on network .it is divided in to

two parts one is network and second is host .we use private ip address in LAN which is provided

by IANA(INTERNET ASSIGNING NUMBRING AUTHOURTIY). The minimum value (per

octet) is 0 and the maximum value is 255.IP address are divided in five classes.

1. Network ID : it represent no. of on bit that is (1).

2. Host ID : it represent the no. of off bit that is (0).

class Range N/W ID Host/ID Subnet Mask Total IP Valid IP

A 1-126 8 24 255.0.0.0 16777216 16777214

B 128-191 16 16 255.255.0.0 65536 65534

C 192-223 24 8 255.255.255.0 256 254

D 224-239 it is reserved for multicasti.

E 240-255 it is reserved for research /scientific use.

We use only first three class which is provide by IANA in LAN .

IP Addresses are divided into two parts:

1. Private IP address

2. Public (live) IP address.

Range of private IP address: 10.0.0.0 to 10.255.255.255

172.16.0.0 to 172.31.255.255

192.168.0.0 to 192.168.255.255

Range of public IP address: 1.0.0.0 to 9.255.255.255

11.0.0.0 to 126.255.255.255

128.0.0.0 to 172.15.255.255

172.32.0.0 to 192.167.255.255

192.169.0.0 to 223.255.255.255

And another range is called APIPA (Automatic private internet protocol addressing ) range is

169.254.0.0 to 169.254.255.255.

we can assign the IP address by using two methods:

(1) Statically or manually

(2) Dynamically (by using DHCP server- dynamic host configuration protocol)

But in case of your computer has no IP address then IP address is assigned to the computer from

APIPA

Range . but communication is not possible when computer has IP address from APIPA.

127.0.0.1 it is the loop back address it is used for self communication and for troubleshooting

perpose.

Subnet mask: subnet mask is also 32 bit address, which tell us how many bits are used for

network and how many bits are used for host address.

In subnet mask network bits are always 1 and host bits are always 0.

IP Address invalid or reserve IP Address:

When we are going to assign IP Address to our computer interface then we have to follow some

rules:

Rules: -

1. All Host bits cannot be 0 (10.0.0.0), because it represent network address which is reserved for

router.

2. All Host bit cannot be 1 (10.255.255.255.), because it is broadcast address of that network

(10th)network.

3. All bits cannot be 0 (0.0.0.0), because this address is reserved for default routing.

Default routing is used in case of stub n/w (means our network has no exit point).

4. All bits cannot be 1 (255.255.255.255), because it reserved for Broadcasting

127.0.0.1 – this is loopback address, which is used for self-communication or troubleshooting

purpose.

C:\> IPCONFIG (this command is use for IP check).

C:\> IPCONFIG /ALL (This cmd is show all detail of your interface.).

Ping – Packet Internet Groper

This command is used to check the connectivity with other computer. Ping is performed with in

network or outside the network. In this process four packets are send to destination address and

four packets received from the destination address. ICMP (Internet control massage protocol ) is

used for this process.

ICMP

Internet Control Messaging Protocol is used by ping and traceroute utilities.

Ping (Packet Internet Groper) enables you to validate that an IP address exists and can accept

requests. The following transmissions are used by the Ping utility:

. Ping sends an echo request packet to receive the echo response.

. Routers send Destination Unreachable messages when they can’t reach the destination

network and they are forced to drop the packet. The router that drops the packet sends

the ICMP DU message.

C:\> ping (IP of destination) for e.g 10.0.0.1

C:\> ping (IP of destination ) –t (for continue).

Press ctrl+c to stop ping.

1.Reply from Destination :

Reply from 10.1.1.1: bytes=32 time<1ms TTL=255

Reply from 10.1.1.1: bytes=32 time<1ms TTL=255

Reply from 10.1.1.1: bytes=32 time<1ms TTL=255

Reply from 10.1.1.1: bytes=32 time<1ms TTL=255

Ping statistics for 10.0.0.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

1. Minimum = 0ms, Maximum = 0ms, Average = 0ms

This massage appear when destination computer properly configured and connected with same

netwok ip address.

2.Request time out (R.T.O):- This massage appear when Destination computer has some

problem .For e.g : IP address does not exit, network cable unplugged, computer shutdown,

interconnection firewall enable.

3.Destination host unreachable :- This massage appear when our computer desire to

communicate with another n/w but our computer has no gateway IP address.

4.Reply from gateway but Destination host unreachable:-This massage appear when

computer desire to communicate with another network computer but our router has no route

information in its routing table for Destination n/w.

5.Hardware error:- This massage appears when during communication our network goes

unplugged.

6.Negoshating IP sequirty:- This massage appears when our computer has IP-Sec service

enabled with sequre communication rule negoshation.

PROJECT DESCRIPTION

We have designed a network Scienario in which we have used the concepts of

routers,switches,servers,NAT,Access list,Vlan,server publishing,we have given detail study of

above topics....

Routing

Routing is the process of selecting paths in a network along which to send network traffic.

Routing is performed for many kinds of networks, including the telephone network (Circuit

switching) , electronic data networks (such as the Internet), and transportation networks. This

article is concerned primarily with routing in electronic data networks using packet

switching technology.

In packet switching networks, routing directs packet forwarding, the transit of logically

addressed packets from their source toward their ultimate destination through

intermediate nodes, typically hardware devices called routers, bridges, gateways, firewalls,

or switches. General-purpose computers can also forward packets and perform routing, though

they are not specialized hardware and may suffer from limited performance. The routing process

usually directs forwarding on the basis of routing tables which maintain a record of the routes to

various network destinations. Thus, constructing routing tables, which are held in the

router's memory, is very important for efficient routing. Most routing algorithms use only one

network path at a time, but multipath routing techniques enable the use of multiple alternative

paths.

Types of routing

Static routing

Static routing is a data communication concept describing one way of configuring path

selection of routers in computer networks. It is the type of routing characterized by the absence

of communication between routers regarding the current topology of the network.[1] This is

achieved by manually adding routes to the routing table. The opposite of static routing isdynamic

routing, sometimes also referred to as adaptive routing.

Example

To configure a static route to network 10.10.20.0/24, pointing to a next-hop router with the IP

address of 192.168.100.1, type: (Note that this example is written in the Cisco IOScommand line

syntax and will only work on certain Cisco routers[2])

Router> enable

Router# configure terminal

Router(config)# ip route 10.10.20.0 255.255.255.0 192.168.100.1

The other option is to define a static route with reference to the outgoing interface which is

connected to the next hop towards the destination network.

Router> enable

Router# configure terminal

Router(config)# ip route 10.10.20.0 255.255.255.0 Serial 0/0

Dynamic Routing

Dynamic routing performs the same function as static routing except it is more robust. Static

routing allows routing tables in specific routers to be set up in a static manner so network routes

for packets are set. If a router on the route goes down the destination may become unreachable.

Dynamic routing allows routing tables in routers to change as the possible routes change. There

are several protocols used to support dynamic routing including RIP and OSPF

Default routing

.A default route, also known as the gateway of last resort, is the network route used by

a router when no other known route exists for a given IP packet's destination address. All the

packets for destinations not known by the router's routing table are sent to the default route. This

route generally leads to another router, which treats the packet the same way: If the route is

known, the packet will get forwarded to the known route. If not, the packet is forwarded to the

default-route of that router which generally leads to another router. And so on. Each router

traversal adds a one-hop distance to the route.

ROUTING PROTOCOLS

Routed protocols:

TCP/IP, IPX-SPX are protocols which are used in a Local Area Network (LAN) so computers

can communicate between with each other and with other computers on the Internet.

Chances are that in your LAN you are most probably running TCP/IP. This protocol is what we

call a "routed" protocol. The term "routed" refers to something which can be passed on from one

place (network) to another. In the example of TCP/IP, this is when you construct a data packet

and send it across to another computer on the Internet

Routing protocols:

Dynamic Routing

EIGRP

Routed and Routing

ProtocolsRouted Routing

IP IPX

Apple

Interior Gateway Protocols

Exterior Gateway Protocols

Dist-V

Link-S

Hybrid

RIPv1,2

RTMP

Novell RIP

IGRP

NLSP

OSPF

IS-IS

BGPv4

Routing protocols were created for routers. These protocols have been designed to allow the

exchange of routing tables, or known networks, between routers. There are a lot of different

routing protocols, each one designed for specific network sizes, so I am not going to be able to

mention and analyse them all, but I will focus on the most popular.

Dynamic Routing Protocols

There are 3 types of Dynamic routing protocols, these differ mainly in the way that they discover

and make calculations about routes (click to select):

1) Distance Vector

2) Link State

3) Hybrid

Distance Vector routers compute the best path from information passed to them from

neighbors

Link State routers each have a copy of the entire network map

Link State routers compute best routes from this local map

DISTANCE VECTOR ROUTING PROTOCOLS

Distance Vector routing protocols use frequent broadcasts (255.255.255.255 or FF:FF:FF:FF) of

their entire routing table every 30 sec. on all their interfaces in order to communicate with their

neighbours. The bigger the routing tables, the more broadcasts. This methodology limits

significantly the size of network on which Distance Vector can be used.

RIPV1:

Routing Information Protocol (RIP) is a true Distance-Vector routing protocol. It sends the

complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to

determine the best way to a remote network, but it has a maximum allowable hop count of 15,

meaning that 16 is deemed unreachable. RIP works well in small networks, but it is inefficient on

large networks with slow WAN links or on networks with large number of routers installed.

RIP comes in two different versions. RIP version 1 uses only classful routing, which means that

all devices in the network must use the same subnet mask. This is because RIP version 1 does

not include the subnet mask when it sends updates. RIP v1 uses broadcasts (255.255.255.255).

RIP version 2 does, however, and this is what we call classless routing (check the Subnetting

section for more details). RIP v2 uses multicasts (224.0.0.9) to update its routing tables.

COMMANDS:-

Configure RIP:

Use the following command to enable RIP on RouterA: 

RouterA(config)#router rip

Configure the router to receive and send only RIP Version 2 packets using the following

command:

RouterA(config-router)#version 2

Use the following commands to specify the networks directly connected to the router:

RouterA(config-router)#network 192.168.11.0

RouterA(config-router)#network 192.168.22.0 

Interior Gateway Protocol - IGRP

Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary Distance-Vector routing

protocol. This means that all your routers must be Cisco routers in order to use IGRP in your

network, keep in mind that Windows 2000 now supports it as well because they have bought a

licence from Cisco to use the protocol !

Cisco created this routing protocol to overcome the problems associated with RIP.

IGRP has a maximum hop count of 255 with a default of 100. This is helpful in larger networks

and solves the problem of there being only 15 hops maximum possible in

a RIP network. IGRPalso uses a different metric from RIP. IGRP uses bandwidth and delay of

the line by default as a metric for determining the best route to an internetwork. This is called a

composite metric. Reliability, load and Maximum Transmission Unit (MTU) can also be used,

although they are not used by default.

COMMANDS:-

RouterA#configure terminal

Enter configuration commands, one per line. End with Cntl/z

RouterA#(config)#router igrp AS no.

RouterA#(config-router)#network ip address

RouterA#(config-router)#exit

Link State Routing Protocols

Link State protocols, unlike Distance Vector broadcasts, use multicast. Link State routing

protocols do not view networks in terms of adjacent routers and hop counts, but they build a

comprehensive view of the overall network which fully describes the all possible routes along

with their costs. Using the SPF (Shortest Path First) algorithm, the router creates a "topological

database" which is a hierarchy reflecting the network routers it knows about. It then puts it's self

on the top of this hierarchy, and has a complete picture from it's own perspective.

Link State protocols in comparison to Distance Vector protocols have:

Big memory requirements

Shortest path computations require many CPU circles

If network is stable little bandwidth is used; react quickly to topology changes

Announcements cannot be “filtered”. All items in the database must be sent to neighbors

All neighbors must be trusted

Authentication mechanisms can be used to avoid undesired adjacencies

No split horizon techniques are possible

Open Shortest Path First (OSPF) Routing Protocol

Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol

(IP) networks by the interior gateway protocol (IGP) working group of the Internet

Engineering Task Force (IETF). The working group was formed in 1988 to design an

IGP based on the shortest path first (SPF) algorithm for use in the Internet. Similar to the

Interior Gateway Routing Protocol (IGRP), OSPF was created because in the mid-1980s,

the Routing Information Protocol (RIP) was increasingly unable to serve large,

heterogeneous internetworks.

OSPF is a classless routing protocol, which means that in its updates, it includes the

subnet of each route it knows about, thus, enabling variable-length subnet masks. With

variable-length subnet masks, an IP network can be broken into many subnets of various

sizes. This provides network administrators with extra network-configuration

flexibility.These updates are multicasts at specific addresses (224.0.0.5 and 224.0.0.6).

OSPF has two primary characteristics:

1) The protocol is open (non proprietary), which means that its specification is in the

public domain. The OSPF specification is published as Request For Comments (RFC)

1247.

2) The second principal characteristic is that OSPF is based on the SPF algorithm, which

sometimes is referred to as the Dijkstra algorithm, named for the person credited with its

creation.

COMMANDS:-

Router#config terminal

Router(config)#router ospf process-id

Router(config-router)#network network-number mask area area-id

Example:

Router(config-router)#network 192.168.10.0 255.255.255.0 area

0.0.0.0

Hybrid Routing Protocols

Hybrid Routing, commonly referred to as balanced-hybrid routing, is a combination of distance-

vector routing, which works by sharing its knowledge of the entire network with its neighbors

and link-state routing which works by having the routers tell every router on the network about

its closest neighbours

Eigrp

.Enhanced Interior Gateway Routing Protocol (EIGRP) is another Cisco proprietary, hybrid (has

feature of Distance Vector and Link State protocols), interior gateway protocol (IGP) used by

routers to exchange routing information. EIGRP uses a composite metric composed of

Bandwidth, Delay, Reliability, and Loading to determine the best path between two locations.

EIGRP can route IP, IPX and Appletalk. Along with IS-IS, it is one of the few multi-protocol

routing protocols.

The Diffusing Update Algorithm (DUAL) is the heart of EIGRP. In essence, DUAL always

keeps a backup route in mind, in case the primary route goes down. DUAL also limits how many

routers are affected when a change occurs to the network.

There is no maximum allowable number of hops. In a EIGRP network, each router multi-casts

"hello" packs to discover its adjacent neighbor. This adjcency database is shared with other

router to build a topology database. From the topology database the best route (Successor) and

the second best route (Feasible Successor) is found.

EIGRP is classless, meaning it does include the subnet mask in routing updates. However, by

default 'auto-summary' is enable. You must disable if you want subnet information from other

major networks.

The EIGRP metric is a can be a complex calculation, but by default it only uses bandwidth and

delay to determine the best path.

COMMANDS:-

Router#config terminal

Router (config)# router eigrp AS

Router (config-router)# network X.X.X.X

Network Address Translation (NAT)

The NAT Concept

NAT is not only used for networks that connect to the Internet. You can use NAT even

between private networks as we will see in the pages to follow, but because most

networks use it for their Internet connection, we are focusing on that.

The NAT concept is simple: it allows a single device to act as an Internet gateway for

internal LAN clients by translating the clients' internal network IP Addresses into the IP

Address on theNAT-enabled gateway device.

In other words, NAT runs on the device that's connected to the Internet and hides the rest

of your network from the public, thus making your whole network appear as one device

(or computer, if you like) to the rest of the world.

NAT is transparent to your network, meaning all internal network devices are not

required to be reconfigured in order to access the Internet. All that's required is to let your

network devices know that the NAT device is the default gateway to the Internet.

NAT is secure since it hides your network from the Internet. All communications from

your private network are handled by the NAT device, which will ensure all the

appropriate translations are performed and provide a flawless connection between your

devices and the Internet.

As you can see, we have a simple network of 4 hosts (computers) and one router that connects

this network to the Internet. All hosts in our network have a private Class C IP Address,

including the router's private interface (192.168.0.1), while the public interface that's connected

to the Internet has a real IP Address (203.31.220.134).

The NAT Table

The NAT table is the heart of the whole NAT operation, which takes place within the router (or

any NAT-enabled device) as packets arrive and leave its interfaces. Each connection from

the internal (private) network to the external (public-Internet) network, and vice versa, is tracked

and a special table is created to help the router determine what to do with all incoming packets

on all of its interfaces; in our example there are two. This table, known as the NAT table, is

populated gradually as connections are created across the router and once these connections are

closed the entries are deleted, making room for new entries.

TYPES OF NAT:

Static Network Address Translation

Static NAT (also called inbound mapping) is the first mode we're going to talk about and also

happens to be the most uncommon between smaller networks.

Static NAT was mainly created to allow hosts on your private network to be direcly accessible

via the Internet using real public IPs; we'll see in great detail how this works and is

maintained. Static NAT is also considered a bit dangerous because a misconfiguration to your

firewall or other NAT-enabled device can result in the full exposure of the machine on your

private network to which the public IP Address maps, and we'll see the security risks later on this

page.

As mentioned in the introduction, Static NAT allows the mapping of public IP Addresses to

hosts inside the internal network. In simple english, this means you can have a computer on your

private network that exists on the Internet with its own real IP.

The diagram below has been designed to help you understand exactly how Static NAT works:

Dynamic Network Address Translation

Dynamic NAT is the second NAT mode we're going to talk about. Dynamic NAT, just

like Static NAT, is not that common in smaller networks but you'll find it used within larger

corporations with complex networks.

The way Dynamic NAT differentiates from Static NAT is that where Static NAT provides a one-

to-one internal to public static IP mapping, Dynamic NAT does the same but without making the

mapping to the public IP static and usually uses a group of available public IPs.

With Dynamic NAT, we also map our internal IP Addresses to real public IP Addresses, but the

mapping is not static, meaning that for each session our internal hosts communicate with the

Internet, their public IP Addresses remain the same, but are likely to change. These IPs are taken

from a pool of public IP Addresses that have been reserved by our ISP for our public network.

The diagram above is our example network and shows our router, which is configured to

perform Dynamic NAT for the network. We requested 4 public IPs from our ISP

(203.31.218.210 to 203.31.218.213), which will be dynamically mapped by our router to our

internal hosts. In this particular session our workstation, with IP Address 192.168.0.1, sends a

request to the Internet and is assigned the public IP address 203.31.218.210. This mapping

between the workstation's private and public IP Address will remain until the session finishes.

The router is configured with a special NAT timeout and, after this timeout is reached (no traffic

sent/received during that time), the router will expire the particular mapping and reuse it for a

different internal host.

Network Address Translation Overload

NAT Overload is the most common NAT method used throughout all networks that connect to

the Internet. This is because of the way it functions and the limitations it can overcome, and we'll

explore all of these in the next two pages.

Whether you use a router, firewall appliance, Microsoft's Internet sharing ability or any 3rd party

program that enables all your home computers to connect to the Internet via one connection,

you're using NAT Overload.

This NAT mode is also know by other names, like NAPT (Network Address Port Translation),

IP Masquerading and NAT with PAT (Port Address Translation). The different names logically

come from the way NAT Overload works, and you'll understand this by the time we're finished

with the topic.

NAT Overload is a mix of Static & Dynamic NAT with a few enhancements thrown in (PAT-

Port Address Translation) to make it work the way we need. By now you understand how

bothStatic & Dynamic NAT work so we won't get into the details again. NAT Overload takes a

Static or Dynamic IP Address that is bound to the public interface of the gateway (this could be a

PC, router or firewall appliance) and allows all PCs within the private network to access the

Internet.

If you find yourself wondering how this is possible with one only IP Address, you will be happy

to find that the answer lies within PAT.

The diagram below shows you how a single session is handled by a NAT Overload enabled

device:

So we have a host on a private network, its IP Address is 192.168.0.1 and it's sending a packet to

the Internet, more specifically to IP Address 200.0.0.1, which we're assuming is a server. The

Port, which is 23, tells us that it's trying to telnet to 200.0.0.1, since this is the default port telnet

uses.

As the original packet passes through the router, the Source IP Address field is changed by the

router from 192.168.0.1 to 203.31.218.100. However, notice that the ports are not ‘changed.

COMMANDS:

access-list 1 permit your_lan_address_range

example: access-list 1 permit 192.168.1.0

Now that we defined the addresses that are allowed to use the NAT address we enable the actual

NAT:

ip nat inside source list access-list number interface overload

example: ip nat inside source list 1 dialer0 overload

This command states that it will use the addresses from the access-list we defined in step 1 and

NAT it to the Public IP address on the interface, e.g. serial 0, dialer 0, ethernet 1,… The overload

keyword specifies that multiple LAN addresses can be NAT’d to that address. The router uses

the TCP and UDP ports of the hosts [LAN addresses] to translate the public IP address back to

the originating local host address.

The last steps we need to configure is to tell the router which our inside and outsideaddresses.

This is achieved using the following commands:

- for the inside

conf t

interface ethernet | fastethernet number

ip nat inside

- for the outside, assume we are dealing with an xDSL router

conf t

interface dialer0

ip nat outside

Now that NAT is configured we can check to see which addresses are being used by using

the show ip nat translations commands.

INTERNET CONNECTION SHARING

ICS provides networked computers with the ability to share a single connection to the Internet.

If you have multiple computers, you can use ICS to allow you and others on your local area

network (LAN) to perform different tasks simultaneously. For example, one person can send and

receive e-mail messages, while another person downloads a file, and another person browses the

Internet. You can also gain access to your corporate e-mail accounts from a client computer

while others on your LAN cannot. You can use Web-enabled programs (such as downloading

updates) as well as Microsoft NetMeeting and other video conferencing programs.

Internet Connection Sharing Components

DHCP Allocator - A simplified DHCP service that assigns the IP address, gateway, and

name server on the local network.

DNS Proxy - Resolves names on behalf of local network clients and forwards queries.

Network Address Translation (NAT) - Maps a set of private addresses to a set of public

addresses. NAT tracks private-source IP addresses and public-destination IP addresses

for outbound flows. It changes the IP address information and edits the required IP

header information dynamically.

Auto-dial - Automatically dials connections.

Application programming interfaces (APIs) - For configuration, status, and dial control

for programs.

How to use Internet Connection Sharing

To use Internet Connection Sharing to share your Internet connection, the host computer must

have one network adapter that is configured to connect to the internal network, and one network

adapter or modem that is configured to connect to the Internet.

On the host computer

On the host computer, follow these steps to share the Internet connection:

1. Log on to the host computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.

3. Click Network and Internet Connections.

4. Click Network Connections.

5. Right-click the connection that you use to connect to the Internet. For example, if you

connect to the Internet by using a modem, right-click the connection that you want

under Dial-up.

6. Click Properties.

7. Click the Advanced tab.

8. Under Internet Connection Sharing, select the Allow other network users to connect

through this computer's Internet connection check box.

9. If you are sharing a dial-up Internet connection, select the Establish a dial-up

connection whenever a computer on my network attempts to access the

Internet check box if you want to permit your computer to automatically connect to the

Internet.

10. Click OK. You receive the following message:

When Internet Connection Sharing is enabled, your LAN adapter will be set to use IP

address 192.168.0.1. Your computer may lose connectivity with other computers on

your network. If these other computers have static IP addresses, it is a good idea to set

them

to obtain their IP addresses automatically. Are you sure you want to enable Internet

Connection Sharing?

11. Click Yes.

On the client computer

To connect to the Internet by using the shared connection, you must confirm the LAN adapter IP

configuration, and then configure the client computer. To confirm the LAN adapter IP

configuration, follow these steps:

1. Log on to the client computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.

3. Click Network and Internet Connections.

4. Click Network Connections.

5. Right-click Local Area Connection, and then click Properties.

6. Click the General tab, click Internet Protocol (TCP/IP) in the This connection uses

the following items list, and then click Properties.

7. In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP address

automatically (if it is not already selected), and then click OK.

Note You can also assign a unique static IP address in the range of 192.168.0.2 to

192.168.0.254. For example, you can assign the following static IP address, subnet mask,

and default gateway:

8. IP Address 192.168.0.2

9. Subnet mask 255.255.255.0

10. Default gateway 192.168.0.1

11. In the Local Area Connection Properties dialog box, click OK.

12. Quit Control Panel.

12.

SWITCHING:

What is a VLAN?

As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created

by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can

create the broadcast domain.

This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the

default VLAN. All ports in a single VLAN are in a single broadcast domain.

Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other

ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any

other port in any other VLAN, other than 10. However, these devices can all communicate

because they are on the same VLAN. Without additional configuration, they would not be able to

communicate with any other devices, not in their VLAN.

How can devices on different VLAN’s communicate?

Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each

VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.

What is a trunk port?

When there is a link between two switches or a router and a switch that carries the traffic of more

than one VLAN, that port is a trunk port.

A trunk port must run a special trunking protocol. The protocol used would be Cisco’s

proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.

How do I create a VLAN?

Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no

matter what the commands are, is to:

Create the new VLAN’s

Put each port in the proper VLAN

Let’s say we wanted to create VLAN’s 5 and 10. We want to put ports 2 & 3 in VLAN 5

(Marketing) and ports 4 and 5 in VLAN 10 (Human Resources). On a Cisco 2950 switch, here is

how you would do it:

At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 & 5

should be able to communicate. That is because each of these is in its own VLAN. For the device

on port 2 to communicate with the device on port 4, you would have to configure a trunk port to

a router so that it can strip off the VLAN information, route the packet, and add back the VLAN

information.

What do VLAN’s offer?

VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts.

As the amount of traffic and the number of devices grow, so does the number of broadcast

packets. By using VLAN’s you are containing broadcasts.

VLAN’s also provide security because you are essentially putting one group of devices, in one

VLAN, on their own network.

INTER VLAN ROUTING:

Applicable Network Scenarios

As shown in the figure below, the addition of a router makes it possible to send traffic between

VLANs

while still containing broadcast traffic within VLAN boundaries.

The router uses IP subnets to move traffic between VLANs. Each VLAN has a different IP

subnet, and

there is a one-to-one correspondence of VLAN and IP subnet boundaries. If a host is in a given

IP subnet,

it is also in a given VLAN, and vice-versa.

 Access Control List, ACL is a listing containing one or more ACE that tells a computer

operating system or other network device what rights users have to each item on a computer or

network device. For example, an ACL may specify if a user or the users group have access to a

file or folder on that computer or network.

Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of

criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL

does not take effect until it is expressly applied to an interface with the ip access-group

command. Packets can be filtered as they enter or exit an interface.

If a packet enters or exits an interface with an ACL applied, the packet is compared against the

criteria of the ACL. If the packet matches the first line of the ACL, the appropriate “permit” or

“deny” action is taken. If there is no match, the second line’s criterion is examined. Again, if

there i

Each of these rules has some powerful implications when filtering IP and IPX packets with

access lists.

There are two types of access lists used with IP and IPX:

Standard access lists

These use only the source IP address in an IP packet to filter the network. This basically permits

or denies an entire suite of protocols. IPX standards can filter on both source and

destination IPX address.

Extended access lists 

These check for both source and destination IP address, protocol field in the Network layer

header, and port number at the Transport layer header. IPX extended access lists use source and

destination IPX addresses, Network layer protocol fields, and socket numbers in the Transport

layer header.

Define In, Out, Inbound, Outbound, Source, and Destination

The router uses the terms in, out, source, and destination as references. Traffic on the router can

be compared to traffic on the highway. If you were a law enforcement officer in Pennsylvania

and wanted to stop a truck going from Maryland to New York, the source of the truck is

Maryland and the destination of the truck is New York. The roadblock could be applied at the

Pennsylvania–New York border (out) or the Maryland–Pennsylvania border (in).

When you refer to a router, these terms have these meanings.

Out—Traffic that has already been through the router and leaves the interface. The

source is where it has been, on the other side of the router, and the destination is where it

goes.

In—Traffic that arrives on the interface and then goes through the router. The source is

where it has been and the destination is where it goes, on the other side of the router.

Inbound —If the access list is inbound, when the router receives a packet, the Cisco IOS

software checks the criteria statements of the access list for a match. If the packet is

permitted, the software continues to process the packet. If the packet is denied, the

software discards the packet.

Outbound—If the access list is outbound, after the software receives and routes a packet

to the outbound interface, the software checks the criteria statements of the access list for

a match. If the packet is permitted, the software transmits the packet. If the packet is

denied, the software discards the packet.

Standard IP Access Lists

Standard IP access lists filter the network by using the source IP address in an IP packet. 

You create a standard IP access list by using the access list numbers 1–99.

Here is an example of the access list numbers that you can use to filter your network. 

The different protocols that you can use with access lists depend on your IOS version.

        RouterA(config)#access-list ?

        <1-99>                   IP standard access list

        <100-199>              IP extended access list

        <200-299>              Protocol type-code access list

        <300-399>              DECnet access list

        <400-499>              XNS standard access list

        <500-599>              XNS extended access list

        <600-699>              Appletalk access list

        <700-799>              48-bit MAC address access list

        <800-899>              IPX standard access list

        <900-999>              IPX extended access list

        <1000-1099>           IPX SAP access list

        <1100-1199>           Extended 48-bit MAC address access list

        <1200-1299>           IPX summary address access list

By using the access list numbers between 1–99, you tell the router that you want to create a

standard IP access list.

        RouterA(config)#access-list 10 ?

                deny             Specify packets to reject

                                    permit Specify packets to forward

After you choose the access list number, you need to decide if you are creating a permit or deny

list. For this example, you will create a deny statement: 

        RouterA(config)#access-list 10 deny ?

                Hostname or A.B.C.D           Address to match

                any                                  Any source host

                host                                 A single host address

The next step requires a more detailed explanation. There are three options available. You can

use the any command to permit or deny any host or network, you can use an IP address to

specify or match a specific network or IP host, or you can use the host command to specify a

specific host only.

Here is an example of using the host command:

        RouterA(config)#access-list 10 deny host 172.16.30.2

This tells the list to deny any packets from host 172.16.30.2. The default command is host. In

other words, if you type access-list 10 deny 172.16.30.2, the router assumes you

mean host 172.16.30.2.

However, there is another way to specify a specific host: you can use wildcards.  In fact, to

specify a network or a subnet, you have no option but to use wildcards in the access list.

Extended IP Access Lists

In the standard IP access list example, notice how you had to block the whole subnet from

getting to the finance department. What if you wanted them to gain access to only a certain

server on the Finance LAN, but not to other network services, for obvious security reasons? With

a standard IP access list, you can’t allow users to get to one network service and not another.

However, extended IP access lists allow you to do this. Extended IP access lists allow you to

choose your IP source and Destination address as well as the protocol and port number, which

identify the upper-layer protocol or application.  By using extended IP access lists, you can

effectively allow users access to a physical LAN and stop them from using certain services.

Here is an example of an extended IP access list. The first command shows the access list

numbers available. You’ll use the extended access list range from 100 to 199.

At this point, you need to decide what type of list entry you are making.  For this example, you’ll

choose a deny list entry.

RouterA(config)#access-list 110 ?

        deny             Specify packet

        dynamic        Specify a DYNAMIC list of PERMITs or DENYs

        permit Specify packets to forward

Once you choose the access list type, you must choose a Network layer protocol field entry. It is

important to understand that if you want to filter the network by Application layer, you must

choose an entry here that allows you to go up through the OSI model. For example, to filter by

Telnet or FTP, you must choose TCP here. If you were to choose IP, you would never leave the

Network layer, and you would not be allowed to filter by upper-layer applications.

        RouterA(config)#access-list 110 deny ?

                <0-255>        An IP protocol number

                eigrp             Cisco's EIGRP routing protocol

                gre               Cisco's GRE tunneling

                icmp             Internet Control Message Protocol

                igmp             Internet Gateway Message Protocol

                igrp              Cisco's IGRP routing protocol

                ip                 Any Internet Protocol

                ipinip             IP in IP tunneling

                nos               KA9Q NOS compatible IP over IP tunneling

                ospf              OSPF routing protocol

                tcp               Transmission Control Protocol

                udp              User Datagram Protocol

Once you choose to go up to the Application layer through TCP, you will be prompted for the

source IP address of the host or network. You can choose the any command to allow any source

address.

        RouterA(config)#access-list 110 deny tcp ?

                A.B.C.D         Source address

                any              Any source host

                host             A single source host

After the source address is selected, the destination address is chosen.

        RouterA(config)#access-list 110 deny tcp any ?

                A.B.C.D         Destination address

                any              Any destination host

                eq                Match only packets on a given port number

                gt                Match only packets with a greater port number

                host             A single destination host

                lt                 Match only packets with a lower port number

                neq              Match only packets not on a given port number

                range            Match only packets in the range of port numbers

In the example below, any source IP address that has a destination IP address of 172.16.30.2 has

been denied.

        RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 ?

                eq                          Match only packets on a given port number

                established              Match established connections

                fragments                Check fragments

                gt                          Match only packets with a greater port number

                log                         Log matches against this entry

                log-input                 Log matches against this entry, including input interface

                lt                           Match only packets with a lower port number

                neq                        Match only packets not on a given port number

                precedence             Match packets with given precedence value

                range                     Match only packets in the range of port numbers

                tos                         Match packets with given TOS value

Now, you can press Enter here and leave the access list as is. However, you can be even more

specific: once you have the host addresses in place, you can specify the type of service you are

denying. The following help screen gives you the options. You can choose a port number oruse

the application or even the program name.

        RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq ?

                    <0-65535>     Port number

Monitoring IP Access Lists

It is important to be able to verify the configuration on a router. The following commands can be

used to verify the configuration:

show access-list Displays all access lists and their parameters configured on the router.

This command does not show you which interface the list is set on.

show access-list 110 Shows only the parameters for the access list 110. This command

does not show you the interface the list is set on.

show ip access-list Shows only the IP access lists configured on the router.

show ip interface Shows which interfaces have access lists set.

 show running-config Shows the access lists and which interfaces have access lists set.

Servers

 A server is primarily a program that runs on a machine, providing a particular and specific

service to other machines connected to the machine on which it is found.

Nowadays, server functionality has become so rich, complex and varied in nature that there are

whole very powerful computers dedicated to being exclusively servers. This has led many non-

technical people to denote servers as being machines that run services.

A network server is a computer designed to process requests and deliver data to other (client)

computers over a local network or the Internet. Network servers typically are configured with

additional processing, memory and storage capacity to handle the load of servicing clients.

DHCP SERVER

DHCP (Dynamic Host Configuration Protocol) is a protocol that allows a central

computer to automatically assign the TCP/IP network configuration to

individual work-stations on a private network.

With DHCP enabled it suffices to enable the "Obtain an IP address

automatically" in the TCP/IP configuration on the private network. The DHCP

Server then takes over the responsibility of assigning the TCP/IP parameters,

significantly lowering the task of network maintenance

How Does DHCP Work?

At boot time the computer has no network parameters assigned to it. The

following list provides an overview of the typical network parameters:

IP address and network mask �

Default route/gateway ñ an IP address which will be used for forwarding �

packets whose destinations are beyond local network

DNS servers for resolving Internet names (e.g. internet.com) to IP �

addresses

Workstation parameters, e.g., domain name or workgroup/workstation �

name

Static routes �

IP forwarding setting �

MTU size �

Other settings (a complete list can be found in the DHCP RFCs)�

Static configuration� .

With static configuration, the client computer uses pre-configured network parameters. The

disadvantages of this approach include the possibility of IP address conflicts and the

administrative issues possible when manually configuring many internal clients.

DHCP configuration (automatic� ).

With automatic configuration, the computer obtains its network parameters from the DHCP

Server. This way the IP addresses are automatically managed and accordingly address conflicts

are avoided. If manual and automatic network configurations are used together, the administrator

must ensure that the DHCP Server wonít assign IP addresses used by manually-configured

computers

How to configure the DHCP server.

Once you have considered the implications of DHCP in your network, you are ready to get

started with the simple configuration.

For a small network, the configuration of the DHCP Server is not very challenging and the InJoy

DHCP Server Plugin is deliberately designed to be extremely simple. In fact, in the InJoy

Firewallô, you can immediately enable the DHCP Server and have it operational in less than a

minute. Here is how.

DNS SERVER

The Domain Name System (DNS) is a standard technology for managing the names of Web sites

and other Internet domains. DNS technology allows you to type names into your Web browser

like compnetworking.about.com and your computer to automatically find that address on the

Internet. A key element of the DNS is a worldwide collection of DNS servers. What, then, is a

DNS server?

Answer: A DNS server is any computer registered to join the Domain Name System. A DNS

server runs special-purpose networking software, features a public IP address, and contains a

database of network names and addresses for other Internet hosts.

DNS Root Servers

DNS servers communicate with each other using private network protocols. All DNS servers are

organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the

complete database of Internet domain names and their corresponding IP addresses. The Internet

employs 13 root servers that have become somewhat famous for their special role. Maintained by

various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of

these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm,

Sweden.

DNS Server Hierarchy

The DNS is a distributed system, meaning that only the 13 root servers contain the complete

database of domain names and IP addresses. All other DNS servers are installed at lower levels

of the hierarchy and maintain only certain pieces of the overall database.

Most lower level DNS servers are owned by businesses or Internet Service Providers (ISPs). For

example, Google maintains various DNS servers around the world that manage the google.com,

google.co.uk, and other domains. Your ISP also maintains DNS servers as part of your Internet

connection setup.