Project Report on Ccna

7/31/2019 Project Report on Ccna

1/69

1

CHAPTER 2

THEORITICAL BACKGROUND

2.1 INTRODUCTION TO CCNA

CCNA is the acronym for the Cisco Certified Network Associate certification from Cisco.

In speech and in writing, this certification is properly referred to by the initials CCNA rather

than the full name.

CCNA certification is a second-level Cisco Career certification that indicates a foundation in

apprentice knowledge of networking. CCNA certification validates the ability to install,

configure, operate, and troubleshoot medium-size routed and switched networks, including

implementation and verification of connections to remote sites in a WAN

To become a CCNA, a passing score on the 640-802 exams must be achieved, or

combined passing scores on both the ICND1 640-822 and ICND2 640-816 exams. Passing

the ICND1 grants you the Cisco Certified Entry Networking Technician (CCENT). Passing

scores are set by using statistical analysis and are subject to change. At the completion of

the exam, candidates receive a score report along with a score breakout by exam sectionand the passing score for the given exam. Cisco does not publish exam passing scores

because exam questions and passing scores are subject to change without notice.


2/69

2

CHAPTER 2

2.1 ROUTERS

Router is a networking device whose software and hardware are usually tailored to the

tasks of routing and forwarding information. For example, on the Internet, information is

directed to various paths by routers.

Routers connect two or more logical subnets, which do not necessarily map one-to-one to

the physical interfaces of the router.The term "layer 3 switch" often is used interchangeably

with router, but switch is a general term without a rigorous technical definition. In marketing

usage, it is generally optimized for Ethernet LAN interfaces and may not have other

physical interface types. In comparison, a network hub does not do any routing, instead

every packet it receives on one network line gets forwarded to all the other network lines.

Types of routers

Routers may provide connectivity inside enterprises, between enterprises and the Internet,and inside Internet Service Providers (ISP). The largest routers (for example the Cisco

CRS-1 or Juniper T1600) interconnect ISPs, are used inside ISPs, or may be used in very

large enterprise networks. The smallest routers provide connectivity for small and home

offices.

Routers for Internet connectivity and internal use

Routers intended for ISP and major enterprise connectivity will almost invariably exchange

routing information with the Border Gateway Protocol (BGP). RFC 4098 defines several

types of BGP-speaking routers:

Edge Router: Placed at the edge of an ISP network, it speaks external BGP (eBGP)

to a BGP speaker in another provider or large enterprise Autonomous System (AS).


3/69

3

Subscriber Edge Router: Located at the edge of the subscriber's network, it speaks

eBGP to its provider's AS(s). It belongs to an end user (enterprise) organization.

Inter-provider Border Router: Interconnecting ISPs, this is a BGP speaking router

that maintains BGP sessions with other BGP speaking routers in other providers'ASes.

Core router: A router that resides within the middle or backbone of the LAN network

rather than at its periphery.

Within an ISP: Internal to the provider's AS, such a router speaks internal BGP

(iBGP) to that provider's edge routers, other intra-provider core routers, or the

provider's inter-provider border routers.

"Internet backbone:" The Internet does not have a clearly identifiable backbone, as

did its predecessors. See default-free zone (DFZ). Nevertheless, it is the major ISPs'

routers that make up what many would consider the core. These ISPs operate all

four types of the BGP-speaking routers described here. In ISP usage, a "core" router

is internal to an ISP, and used to interconnect its edge and border routers. Core

routers may also have specialized functions in virtual private networks based on a

combination of BGP and Multi-Protocol Label Switching (MPLS)

Routers are also used for port forwarding for private servers.


4/69

4

2.2 INTERNETWORKING OVERVIEW

In this we learnt that,

Line configuration is the manner in which the devices are attached to the communicationlinks.

Two types of line configuration are:

1) Point to point

2) Multipoint

Topology : it is the way in which the devices are connected together in the network.

These are:

1) Bus

2) Star

3) Ring

4) Tree

5) Mesh

2.3 BUS

In computer architecture, a bus is a subsystem that transfers data between computer

components inside a computer or between computers.

Early computer buses were literally parallel electrical buses with multiple connections, but

the term is now used for any physical arrangement that provides the same logical

functionality as a parallel electrical bus. Modern computer buses can use both parallel and

bit-serial connections, and can be wired in either a multidrug (electrical parallel) or daisy

chain topology, or connected by switched hubs, as in the case of USB.


5/69

5

2.3.1 STAR

Star networks are one of the most common computer network topologies. In its simplest

form, a star network consists of one central switch, hub or computer, which acts as a

conduit to transmit messages. Thus, the hub and leaf nodes, and the transmission lines

between them, form a graph with the topology of a star. If the central node is passive, the

originating node must be able to tolerate the reception of an echo of its own transmission,

delayed by the two-way transmission time (i.e. to and from the central node) plus any delay

generated in the central node. An active star network has an active central node that

usually has the means to prevent echo-related problems.

The star topology reduces the chance of network failure by connecting all of the systems to

a central node. When applied to a bus-based network, this central hub rebroadcasts all

transmissions received from any peripheral node to all peripheral nodes on the network,

sometimes including the originating node. All peripheral nodes may thus communicate withall others by transmitting to, and receiving from, the central node only. The failure of a

transmission line linking any peripheral node to the central node will result in the isolation of

that peripheral node from all others, but the rest of the systems will be unaffected.
http://en.wikipedia.org/wiki/File:NetworkTopology-Star.pnghttp://en.wikipedia.org/wiki/File:NetworkTopology-Bus.png


6/69

6

2.3.2 Ring

A ring network is a network topology in which each node connects to exactly two other

nodes, forming a single continuous pathway for signals through each node - a ring. Data

travels from node to node, with each node along the way handling every packet.

Because a ring topology provides only one pathway between any two nodes, ring networks

may be disrupted by the failure of a single link. A node failure or cable break might isolate

every node attached to the ring. FDDI networks overcome this vulnerability by sending data

on a clockwise and a counterclockwise ring: in the event of a break data is wrapped back

onto the complementary ring before it reaches the end of the cable, maintaining a path to

every node along the resulting "C-Ring". 802.5 networks -- also known as IBM Token Ringnetworks -- avoid the weakness of a ring topology altogether: they actually use a star

topology at thephysicallayer and a Multistation Access Unit to imitate a ring at the datalink

layer.

Many ring networks add a "counter-rotating ring" to form a redundant topology. Such "dual

ring" networks include Spatial Reuse Protocol, Fiber Distributed Data Interface (FDDI), and

Resilient Packet Ring

2.3.3 Tree
http://en.wikipedia.org/wiki/File:NetworkTopology-Ring.png


7/69

7

The type of network topology in which a central 'root' node (the top level of the hierarchy) is

connected to one or more other nodes that are one level lower in the hierarchy (i.e., the

second level) with a point-to-point link between each of the second level nodes and the top

level central 'root' node, while each of the second level nodes that are connected to the toplevel central 'root' node will also have one or more other nodes that are one level lower in

the hierarchy (i.e., the third level) connected to it, also with a point-to-point link, the top level

central 'root' node being the only node that has no other node above it in the hierarchy (The

hierarchy of the tree is symmetrical.)

2.3.4 Mesh

The value of fully meshed networks is proportional to the exponent of the number of

subscribers, assuming that communicating groups of any two endpoints, up to and

including all the endpoints, is approximated by Reeds law.

Fully connected
http://en.wikipedia.org/wiki/File:NetworkTopology-FullyConnected.pnghttp://en.wikipedia.org/wiki/File:NetworkTopology-Tree.png


8/69

8

The type of network topology in which each of the nodes of the network is connected

to each of the other nodes in the network with a point-to-point link this makes it

possible for data to be simultaneously transmitted from any single node to all of the

other nodes.Note: The physical fully connected mesh topology is generally too costly and

complex for practical networks, although the topology is used when there are only a

small number of nodes to be interconnected.

Partially connected

The type of network topology in which some of the nodes of the network are

connected to more than one other node in the network with a point-to-point link this

makes it possible to take advantage of some of the redundancy that is provided by a

physical fully connected mesh topology without the expense and complexity required

for a connection between every node in the network.

Note: In most practical networks that are based upon the physical partially

connected mesh topology, all of the data that is transmitted between nodes in the

network takes the shortest path (or an approximation of the shortest path) between

nodes, except in the case of a failure or break in one of the links, in which case the

data takes an alternate path to the destination. This requires that the nodes of the

network possess some type of logical 'routing' algorithm to determine the correct

path to use at any particular time

CHAPTER 3
http://en.wikipedia.org/wiki/File:NetworkTopology-Mesh.png


9/69

9

DEFINITION OF PROBLEM

3.1 THE TYPES OF NETWORK

1) LAN

2) MAN

3) WAN

4) CAN

3.1.1 LAN

A local area network (LAN) is a computer network covering a small physical area, like a

home, office, or small group of buildings, such as a school, or an airport. The defining

characteristics of LANs, in contrast to wide-area networks (WANs), include their usually

higher data-transfer rates, smaller geographic place, and lack of a need for leased

telecommunication lines.

ARCNET, Token Ring and many other technologies have been used in the past, and G.hn

may be used in the future, but Ethernet over twisted pair cabling, and Wi-Fi are the twomost common technologies currently in us

3.1.2 MAN

Metropolitan area networks, orMANs, are large computer networks usually spanning a

city. They typically use wireless infrastructure or Optical fiber connections to link their sites.

The IEE 802-2001 standard describes a MAN as being:


10/69

10

A MAN is optimized for a larger geographical area than a LAN, ranging from several

blocks of buildings to entire cities. MANs can also depend on communications

channels of moderate-to-high data rates. A MAN might be owned and operated by a

single organization, but it usually will be used by many individuals and

organizations. MANs might also be owned and operated as public utilities. They will

often provide means for internetworking of local networks. Metropolitan area

networks can span up to 50km, devices used are modem and wire/cable

3.1.3 WAN

Wide Area Network (WAN) is a computer network that covers a broad area (i.e.,

any network whose communications links cross metropolitan, regional, or national

boundaries. This is in contrast with personal area networks (PANs), local area

networks (LANs), campus area networks (CANs), or metropolitan area networks

(MANs) which are usually limited to a room, building, campus or specific

metropolitan area (e.g., a city) respectively. The largest and most well-known

example of a WAN is the Internet.

3.1.4 CAN

Campus area network (CAN) is a computer network that interconnects local area

networks throughout a limited geographical area, such as a university campus, a

corporate campus, or a military base. It could be considered a metropolitan areanetwork that is specific to a campus setting. A campus area network is, therefore,

larger than a local area network but smaller than a wide area network. The term is

sometimes used to refer to university campuses, while the term corporate area

network is used to refer to corporate campuses instead.


11/69

11

CHAPTER 4

SYSTEM ANALYSIS AND USER REQUIREMENT

4.1 MODES OF TRANSMISSION

1) Simplex

2) Duplex

3) Full duplex

OSI : The open system Interconnection is the layered model for the network systems, which

enables computers in the network to communicate with each other.

The seven layers of the OSI model :

1) Application


12/69

12

2) Presentation

3) Session

4) Transport

5) Network

6) Data link

7) Physical

UTP Connections: The cables used for cabling the RJ-45 connect are, Straight-Through

Cables, Cross-Over Cables and Twisted Pair Cables.

Two types of cables can be used with Ethernet LAN interfaces:

1) A straight-through, or patch cable, with the order of the colored pins the same

on each end of the cable

2) A crossover cable, with pin 1 connected to pin 3, and pin 2 connected to pin 6

Straight-through cables are used for:

3) Switch-to-router

4) Switch-to-PC

5) Hub-to-PC

6) Hub-to-server

Crossover cables are used for:

7) Switch-to-switch

8) PC-to-PC

9) Switch-to-hub

10) Hub-to-hub


13/69

13

11) Router-to-router

12) Router-to-server

4.2 IP ADDRESSING

Classification of IP addresses

1) Class A: consists of a an 8 bit network number and a 24 bit network bit host number.

Its range from 1 to 126. Addresses beginning with 127 are reserved for loopback

addressing. IP address 0.0.0.0 is reserved and not included as a Class A IP address.

2) Class B: Consists of a 16 bit network number and a 16 bit host number. Class B IP

addresses range from 128 to 191 decimals.

3) Class C: Consists of a 8 bit network number and a 24 bit host number. Class C IP

addresses range from 192 to 223 decimals.

4) Class D: Consists of multicast addresses. Multicasting is a produced by which the

data packets can be sent to selected recipients over the network. Range from 224 to

239.

5) Class E: Known as reserved IP addresses. Range from 240 to 255.

Subnet Mask

A subnet mask is basically used to identify the network bits and host bits I the IP

address.

The Subnet mask starting with the bit 0 or ending with the bit 1.

How to calculate network and host requirements using the following formulae:

2 power x => numbers of networks, where X refers to number of subnet bits.

2 power Y => hosts on largest segment, where Y represents the host bit.


14/69

14

X + Y


15/69

15

This shows the version of the system bootstrap software, stored in ROM

memory, that was initially used to boot up the router.

4.3.3 LOCATION OF IOS

System image file is "flash:c2600-i-mz.122-28.bin"

This shows where the bootstrap program is located and loaded the Cisco IOS,

and the complete filename of the IOS image.

CHAPTER 6

METHODOLOGY ADOPTED AND DETAILS OF HARDWARE AND

SOFTWARE USED

6.1 CPU AND AMOUNT OF RAM

cisco 2621 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of

memory

6.2 INTERFACES


16/69

16

2 FastEthernet/IEEE 802.3 interface(s)

2 Low-speed serial(sync/async) network interface(s)

This section of the output displays the physical interfaces on the router. In thisexample, the Cisco 2621 router has two FastEthernet interfaces and two low-

speed serial interfaces.

6.3 AMOUNT OF NVRAM

32K bytes of non-volatile configuration memory.

This is the amount of NVRAM on the router. NVR

6.4 AMOUNT OF FLASH

16384K bytes of processor board System flash (Read/Write)

6.5 CONFIGURATION REGISTER

Configuration register is 0x2102

The last line of the show version command displays the current configured value of the

software configuration register in hexadecimal


17/69

17

How we can we configure on live router or on Boson software:

Password can be configured for entering privileged EXEC mode.

Router(config)#enable secret class

Passwords can also be configured for the console and Telnet lines. The command

login enables password checking on the line. If you do not enter the command login

on the console line, the user will be granted access to the line without entering a

password.

R1(config)#line console 0

R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#exit


18/69

18

R1(config)#line vty 0 4

R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#exit

OUTCOME:

The outcome of entering these commands

R1(config)# line vty 0 4

R1(config-line)# password check123

R1(config-line)# login

sets the password to be used for connecting to this router via Telnet

R1#show startup-config

This command displays the startup configuration file stored in NVRAM. This is the

configuration that the router will use on the next reboot. This configuration does not

change unless the current running configuration is saved to NVRAM with the copy

running-config startup-config command.

IP ROUTING

The routing of data packets from one network segment to another

For example from from one subnet to another subnet

A router (gateway) is often involved in the routing process


19/69

19

Computer A will analyze (AND)the data packet against its subnet masks

The data is to be sent to another subnet

Broadcast for the hardware address (eg: CC) of the gateway (IP address is alreadyknown)

Using ARP

On receiving the hardware address, send the data packet to the gateway (router) to

be forwarded to its destination subnet

The router will now be able to deliver the data packet to its destination in the other

subnet

An analysis of the data packet (ANDing) will determine the destination subnet

The gateway will broadcast for the hardware address of the receiving host (IP

already known)

On receiving a response, the packet will be forwarded to the destination host


20/69

20

Major Routing Methods:

Static routing

Routing tables are hand maintained at the router

Dynamic routing

Routing tables are dynamically maintained by the routing protocol

RIP (Routing Information Protocol)

Open Shortest Path First (OSPF) protocol

Static and dynamic routings may be integrated

Entries in to routing table:


21/69

21

Network ID (Address)

Network (subnet) mask

Next hop (Gateway address)

Interface

Network interface for forwarding the data packet

Metric

Cost of each route for the selection of the best hop

Dynamic Routing Protocols I

RIP

Autonomous Systems:

An autonomous system is a region of the Internet that is administered by a single

entity.

Examples of autonomous regions are:

UVAs campus network

MCIs backbone network

Regional Internet Service Provider

Routing is done differently within an autonomous system (intradomain

routing) and between autonomous system (interdomain routing).


22/69

22

Intradomain:

Intradomain Routing

Routing within an AS

Ignores the Internet outside the AS

Protocols for Intradomain routing are also called Interior Gateway Protocols or

IGPs.

Popular protocols are

RIP (simple, old)

OSPF (better)

Interdomain Routing

Routing between ASs

Assumes that the Internet consists of a collection of interconnected ASs

Normally, there is one dedicated router in each AS that handles interdomain traffic.

Protocols for interdomain routing are also called Exterior Gateway Protocols or

EGPs.

E t h e r n e t

R o u t e r

E t h e r n e t

E t h e r n e t

R o u t e r R o u t e r

E t h e r n e t

E t h e r n e t

E t h e r n e tR o u t e r

R o u t e r

R o u t e r

A u t o n o m o u s

S y s te m 2

A u t o n o m o u s

S y s te m 1


23/69

23

Routing protocols:

EGP

BGP (more recent)

CHAPTER 9

PROCESS INVOLVED AND ALGORITHM

9.1 Approaches to Shortest Path Routing

There are two basic routing algorithms found on the Internet.


24/69

24

9.1.1 Distance Vector Routing

Each node knows the distance (=cost) to its directly connected neighbors

A node sends periodically a list of routing updates to its neighbors.

If all nodes update their distances, the routing tables eventually converge

New nodes advertise themselves to their neighbors

9.1.2 Link State Routing

Each node knows the distance to its neighbors

The distance information (=link state) is broadcast to all nodes in the network

Each node calculates the routing tables independently

9.2 What Is Enhanced IGRP (EIGRP)?

Enhanced IGRP supports:

Rapid convergence

Reduced bandwidth usage

Multiple network-layer support

Uses Diffused Update Algorithm (DUAL) to select loop-free routes and enable

fast convergence

Up to six unequal paths to a remote network (4 by default


25/69

25

Configuring EIGRP for IP

If you use the same AS number for EIGRP as IGRP, EIGRP will automatically redistribute

IGRP into EIGRP.

9.3 Introducing OSPF

Open standard

Shortest path first (SPF) algorithm

Link-state routing protocol (vs. distance vector)

Can be used to route between ASs


26/69

26

9.4 Types of OSPF Routers

OSPF Example


27/69

27

9.5 Configuring Wildcards

If we want to advertise a partial octet (subnet), we need to use wildcards.

0.0.0.0 means all octets match exactly

0.0.0.255 means that the first three match exactly, but the last octet can be

any value

Access Control Lists (ACLs)

List of conditions to test the traffic

Router can permit or deny( like a filter)

Provides Security

Bandwidth Management

Come in two Types

STANDARD and EXTENDED

What is ACL?

A List of Criteria to which all Packets are compared.


28/69

28

Is this Packet from Network 10.5.2.0

Yes - Forward the Packet

No - Check with Next Statement

Is this a Telnet Protocol Packet from 25.25.0.0

Yes - Forward the Packet

No - Check Next Statement

Deny All Other Traffic

ACL Operations

Packets are compared to Each Statement in an Access-list SEQUENTIALLY- From the

Top Down.

The sooner a decision is made the better.

Well written Access-lists take care of the most abundant type of traffic first.

All Access-lists End with an Implicit Deny All statement

Standard ACL

Are given a # from 1-99

Filtering based only on Source Address

Should be applied closest to the Destination

Extended ACL

Are given a # from 100-199


29/69

29

Much more flexible and complex

Can filter based on:

Source address

Destination address

Session Layer Protocol (ICMP, TCP, UDP..)

Port Number (80 http, 23 telnet)

Should be applied closest to the Source

Implementing ACLs

Step 1 - Create the Access-list

Step 2 -Apply the Access-list to an Interface

Must be in interface config mode (config-if)#

IP access-group # in/out (routers point of view)

Remember the Implicit Deny All at the end of each access-list.

Two Approaches:

1. List the traffic you know you want to permit

Deny all other traffic

2. List the traffic you want to deny

Permit all other traffic (permit any)


30/69

30

A(config)#access-list 5 deny 172.22.5.2 0.0.0.0


A(config)#access-list 5 permit any

So what does this access list do?

Deny any host 172.22.5.2

Deny any host 172.22.5.3

All other traffic can go



A(config)#access-list 5 permit any



31/69

31

Why does the last line have no affect?

How could we correct this situation?

Extended ACL

Standard : Closed to source

Extended: Closed to destination


32/69

32

Restricted ACL access


33/69

33

TELNET

Restricting Telnet Access to the Router

Besides using standard IP ACLs to filter traffic as it enters and/or leaves an interface, you

can also use them to restrict telnet access to your router. First, you need to create a

standard ACL that has a list of permit statements that allow your corresponding network

administrators telnet access; include the IP addresses of their PCs in this list. Next, you

need to activate your ACL. However, you will not do this on any of the routers interfaces. If

you were to activate this ACL on an interface, it would allow any type of traffic from your

administrators but drop allother traffic. When someone telnets into your router, the router

associates this connection with a virtual terminal (VTY) line. Therefore, youll apply your

standard ACL to the VTYs, like this:

Router (config)# line vty 0 4

Router (config-line) # access-class standard_ACL_# in|out

Remember that your router supports five telnets by default (04). You can configure all VTY

simultaneously by specifying the beginning and ending line numbers after the vty

parameter. If you dont apply the restriction to all of your VTYs, then youre leaving a

backdoor into your router, which might cause a security problem. Heres a simple example

of using a standard ACL to filter telnet traffic to a router:

Router (config) # access-list 99 permit 192.168.1.0 0.0.0.255

Router (config) # line vty 0 4

Router (config-line) # access-class 99 in


34/69

34

In this example, only traffic from 192.168.1.0/24 is allowed to telnet in this router. Because

of the implicit deny at the end of access-list 99, all other telnets to this router will be

dropped.

CHAPTER 13

USER/OPERATIONAL MANUAL

13.1 Introduction to the Cisco IOS

.

13.1.1 Bringing Up a Router

When you first bring up a Cisco router, it will run a power-on self-test (POST). If it passes, it will then

look for and load the Cisco IOS from flash memoryif an IOS file is present. In case you dont know,

flash memory is an electronically erasable programmable read-only memoryan EEPROM. The IOS

then proceeds to load and looks for a valid configurationthe startup config thats stored by default

in nonvolatile RAM, or NVRAM. The following messages appear when you first boot or reload a

router:

System Bootstrap, Version 12.2(13)T, RELEASE SOFTWARE (fc1)

Copyright (c) 2000 by cisco Systems, Inc.

C2600 platform with 32768 Kbytes of main memory

This is the first part of the router boot process output. Its information about the bootstrap program that

first runs the POST, and then tells the router how to load, which by default is to find the IOS in flash

memory. The next part, shown below, shows us that the IOS is being decompressed into RAM:

program load complete, entry point: 0x80008000, size: 0x43b7fc Self decompressing the image :

After the IOS is decompressed into RAM, the IOS is then loaded and starts running the router, as

shown below

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-I-M), Version 12.2(13),

RELEASE SOFTWARE (fc1)


35/69

35

Copyright (c) 1986-2001 by cisco Systems, Inc.

Compiled Tue 17-Dec-03 04:55 by kellythw

Image text-base: 0x80008088, data-base: 0x8080853C

Once the IOS is loaded, the information learned from the POST will be displayed next, as shown here:

cisco 2621 (MPC860) processor (revision 0x101) with

26624K/6144K bytes of memory.

Processor board ID JAD050697JB (146699779)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

2 FastEthernet/IEEE 802.3 interface(s)

1 Serial network interface(s)

Once the IOS is loaded, and up and running, a valid configuration will be loaded from NVRAM. If

there isnt a configuration in NVRAM, the router will go into setup mode a step-by-step process to

help you configure the router. You can also enter setup mode at any time from the command line by

typing the command setup

from something called privileged mode, which Ill get to in a minute. Setup mode only covers some

very global commands, but it can be really helpful

13.1.2 Logging into the Router

After the interface status messages appear and you press Enter, the Router> prompt will appear. This is

called user exec mode (user mode) and is mostly used to view statistics, but its also a stepping-stone to

logging into privileged mode. You can only view and change the configuration of a Cisco router in

privileged exec mode (privileged mode), which you get into with the enable command. Heres how you

would do that:

Router>


36/69

36

Router>enable

Router#

You now end up with a Router# prompt, which indicates youre in privileged mode, where you can

both view and change the routers configuration. You can go back from privileged mode into usermode by using the disable command, as seen here:

Router#disable

Router>

At this point, you can type logout to exit the console:

Router>logout

13.1.3 Overview of Router Modes

To configure from a CLI, you can make global changes to the router by typing configure terminal (or

config t for short), which puts you in global configuration mode and changes whats known as the

running-config. A global command (a command run from global config) is one that is set once and

affects the entire router.

Router#config

13.2 Gathering Basic Routing Information

The show version command will provide basic configuration for the system hardware as

well as the software version, the names and sources of configuration files, and the boot

images. Here is an example:

Router#sh version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-BIN-M), Version 12.2(13)T1,RELEASE SOFTWARE(fc1)

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2003 by cisco Systems, Inc.

Compiled Sat 04-Jan-03 05:58 by ccai


37/69

37

Image text-base: 0x80008098, data-base: 0x80C4AD94

13.3 Address Translation Overview

13.3.1 Running Out of Addresses

To solve the addressing problem a new addressing format was developed called IPv6.

Whereas the current IP addressing scheme (IPv4) uses 32 bits to represent addresses,

IPv6 uses 128 bits for addressing, creating billions of extra addresses.

13.3.2 Address Translation

A second standard, RFC 1631, was created and was defined as Network Address

Translation (NAT), which allows you to change an IP address in a packet to a differentaddress. When communicating to devices in a public network, your device needs to use a

source address that is a public address. Address translation allows you to translate your

internal private addresses to public addresses before these packets leave your network.

Here are some common reasons that you might need to employ address translation:

You have to use private addressing because your ISP didnt assign you enough public

addresses.

You are using public addresses but have changed ISPs, and your new ISPwont support

these public addresses.


38/69

38

You are merging two companies together and they are using the same address space, for

instance, 10.0.0.0, which creates routing and reachability issues.

You want to assign the same IP address to multiple machines so that users on the

Internet see this offered service as a single logical computer.

13.4 Types of Address Translation

Address translation comes in a variety of types, like Network Address Translation (NAT),

Port Address Translation (PAT), dynamic address translation, and static address

translation.

13.5 Network Address Translation


39/69

39

Network Address Translation (NAT) translates one IP address to another. This can source

address or a destination address. There are two basic implementations of NAT: static and

dynamic. The following two sections cover the mechanics of these implementations.

Static NAT With static NAT, a manual translation is performed by an address translation

device, translating one IP address to a different one. Typically, static NAT is used to

translate destination IP addresses in packets as they come into your network, but you can

translate source addresses also. Figure 14-1 shows a simple example of outside users

trying to access an inside web server. In this example, you want Internet users to access an

internal web server, but this server is using a private address (10.1.1.1). This creates a

problem, since if an outside user would put a private address in the destination IP address

field, their ISP would drop this. Therefore, the web server needs to be presented as a

having a public address. This is defined in the address translation device (in our case, this

is a Cisco router).The web server is assigned an inside global IP address of 200.200.200.1

on the router, and your DNS server advertises this address to the outside users. When

outside users send packets to the 200.200.200.1 address, the router examines its

translation table for a matching entry. In this case, it sees that 200.200.200.1maps to

10.1.1.1. The router then changes the destination IP address to 10.1.1.1 and forwards it to

the inside web server. Likewise, when the web server sends traffic out to the publicnetwork, the router compares the source IPaddress to entries in its translation table, and if it

finds a match, it changes the inside local IP address (private source address--10.1.1.1) to

the inside global IP address(public source address--200.200.200.1).


40/69

40

Dynamic NAT With static address translation, you need to manually build the translations.

Typically, static translation is done for inside resources that outside people want to access.

When inside users access outside resources, dynamic NAT is typically used. In this

situation, the address assigned to the internal user isnt that important, since outsidedevices dont directly access your internal usersthey just return traffic to them that the

inside user requested. With dynamic NAT, you must manually define two sets of addresses

on your address translation device. One set defines which inside addresses are allowed to

be translated, and the other defines what these addresses are to be translated to. When an

inside user sends traffic through the address translation device, say a router, it examines

the source IP address and compares it to the internal local address pool. If it finds a match,


41/69

41

then it determines which inside global address pool it should use for the translation. It then

dynamically picks an address in the global address pool that is not currently assigned to an

inside device. The router adds this entry in its address translation table, and the packet is

then sent to the outside world. If no entry is found in the local address pool, then theaddress is not translated and forwarded to the outside world in its original state.

13.5 Port Address Translation

One problem with static or dynamic NAT is that it provides only a one-to-one address

translation. Therefore, if you have 5,000 internal devices with private addresses, and all

5,000 devices try to reach the Internet simultaneously, you need 5,000 public addresses in

your inside global address pool. If you have only 1,000 public addresses, only the first

1,000 devices are translated and the remaining 4,000 wont be able to reach outside

destinations. To overcome this problem, you can use a process called address overloading.

There are actually many terms used to describe this process, including Port Address

Translation (PAT) and Network Address Port Translation (NAPT).

Using the Same IP Address With PAT, all machines that go through the address

translation device have the same IP address assigned to them, and so the source port

numbers are used to differentiate the different connections. If two devices have the same

source port number, the translation device changes one of them to ensure uniqueness.

When you look at the translation table in the address

Translation device, youll see the following items:

Inside local IP address (original source private IP)

Inside local port number (original source port number)

Inside global IP address (translated public source IP)

Inside global port number (new source port number)

Outside global IP address (destination public address)


42/69

42

Outside global port number (destination port number)

Advantages of Address Translation

As mentioned at the beginning of this part of the chapter, address translation devices are

typically used to give you an almost inexhaustible number of addresses as well as to hide

your internal network addressing scheme. Another advantage of address translation is that

if you change ISPs or merge with another company, you can keep your current scheme and

make any necessary changes on your address translation device or devices, making your

address management easier. Another big advantage that address translation provides is

that it gives you tighter control over traffic entering and leaving your network

Disadvantages of Address Translation

Even though address translation solves many problems and has many advantages, it also

has its share of disadvantages. Here are the three main issues with address translation:

Each connection has an added delay.

Troubleshooting is more difficult.

Not all applications work with address translation.

Since address translation changes the contents of packets and, possibly, segment headers,

as well as computing any necessary new checksum values, extra processing is required on

each packet. This extra processing, obviously, will affect the throughput and speed of your

connections.


43/69

43

Static NAT

As mentioned earlier in this chapter, static NAT is typically used when devices on the

outside of your network want to access resources, such as web, DNS, and email servers,

on the inside. Here are the two commands to define the static translations for NAT:

Router (config) # ip nat inside source static

inside_local_source_IP_address

inside_global_source_IP_address

Router (config) # ip nat outside source static

outside_global_destination_IP_address

outside_local_destination_IP_address

The inside and outside parameters specify the direction in which translation will occur. For

instance, the inside keyword specifies that the inside source local IP addresses are

translated to an inside global IP address. The outside keyword changes the outside

destination global IP address to an outside localaddress.After you configure your

translations; you must specify which interfaces on your router are considered to be on the

inside and which ones are on the outside. This is done with the following configuration:

Router (config) # interface type [slot_#/] port_#

Router (config-if) # ip nat inside|outside

Specify inside for interfaces connected to the inside of your network and outside for

interfaces connected to external networks. Figure 14-3 for this example. In this example, an

internal web server (10.1.1.1) will be assigned a global IP address of 200.200.200.1.Heres

the configuration:

Router (config) # ip nat inside source static


44/69

44

192.168.1.1 200.200.200.1

Router (config) # interface ethernet 0

Router (config-if) # ip nat inside

Router (config-if) # exit

Router (config) # interface serial 0

Router (config-if) # ip nat outside

Dynamic NAT

When you are configuring dynamic NAT, youll need to configure three things: what inside

addresses are to be translated, what global addresses will be used for the dynamic

translation, and what interfaces are involved in the translation. To specify what internal

devices will have their source address translated, use the following command:

Router (config) # ip nat inside source

list standard_IP_ACL_#

pool NAT_pool_name


45/69

45

The ip nat inside source list command requires you to configure a standard IP ACL that

has a list of the inside source addresses that will be translatedany addresses listed with a

permit statement will be translated, and any addresses listed with a deny, or the implicit

deny, statement will not be translated. Following this is the name of the address pool. Thisties together the address pool youll use that contains your global source IP addresses. To

create the pool of source inside global IP addresses, use this command:

Router(config)# ip nat pool NAT_pool_name

beginning_inside_global_IP_address

ending_inside_global_IP_address

netmask subnet_mask_of_addresses

The pool name that you specify references the inside addresses that will be translated from

the ip nat inside source list command. Next, list the beginning and ending IP addresses in

the pool, followed by the subnet mask for the addresses Figure 14-3 to illustrate how

dynamic NAT is configured. In this example, the two PCs will have dynamic NAT performed

on them.

Router(config)# ip nat inside source list 1 pool nat-pool

Router(config)# access-list 1 permit 192.168.1.10 0.0.0.0


Router(config)# ip nat pool nat-pool 200.200.200.2

200.200.200.3 netmask 255.255.255.0

Router(config)# interface ethernet 0

Router(config-if)# ip nat inside

Router(config-if)# exit

Router(config)# interface serial 0

Router(config-if)# ip nat outside


46/69

46

PAT Configuration

The last example showed an example of dynamic NAT. This section covers how toconfigure PAT on your router. This configuration requires three basic translation

commands. The first thing you specify

is which inside devices will have their source addresses translated.

Router(config)# ip nat inside source

list standard_IP_ACL_#

pool NAT_pool_name overload

Next, you specify the global pool to use. Again, youll use the same command as you used

in dynamic NAT:

Router(config)# ip nat pool NAT_pool_name

beginning_inside_global_IP_address

ending_inside_global_IP_address

netmask subnet_mask_of_addresses

You can specify more than one address to use in PAT, or you can specify a single address

(use the same address for the beginning and ending addresses). And last you have to tell

the IOS which interfaces are inside and outside, respectively, in terms of the ip nat inside

and ip nat outside commands. Lets use Figure 14-3 to illustrate how PAT is configured. In

this example, only a single IP address is placed in the address pool (200.200.200.2):

Router(config)# ip nat inside source list 1 pool

nat-pool overload




47/69

47

Router(config)# ip nat pool nat-pool 200.200.200.2

200.200.200.2

netmask 255.255.255.0

Router(config)# interface ethernet 0

Router(config-if)# ip nat inside

Router(config-if)# exit

Router(config)# interface serial 0

Router(config-if)# ip nat outside

Wide Area Networking Overview

Typically, LAN connections are within a company and WAN connections allow you to

connect to remote sites. A derivative of WAN solutions is the metropolitan area network

(MAN). MANs sometimes use high-speed LAN connections in a small geographic area

between different companies, or divisions within a company.

Connection Types

Leased-Line Connections

A leased-line connection is basically a dedicated circuit connection between two sites. It

simulates a single cable connection between the local and remote sites. Leased lines are

best suited when both of these conditions hold:

The distance between the two sites is small, making them cost-effective.

You have a constant amount of traffic between two sites and need to guarantee

bandwidth for certain applications.


48/69

48

Even though leased lines can provide guaranteed bandwidth and minimal delay for

connections, other available solutions, such as ATM, can provide the same features. The

main disadvantage of leased lines is their costthey are the most expensive WAN solution.

Leased lines use synchronous serial connections, with their data rates ranging from2,400bps all the way up to 45 Mbps, in what is referred to as a DS3 connection. Asynchronous

serial connection allows you to simultaneously send and receive information without having

to wait for any signal from the remote side. Nor does a synchronous connection need to

indicate when it is beginning to send something or the end of a transmission. These two

things, plus how clocking is done, aretheIf you purchase a leased line, you will need the

following equipment:

DTEA router with a synchronous serial interface: this provides the data link framing and

terminates the WAN connection.

DCE A CSU/DSU to terminate the carriers leased-line connection: this provides the

clocking and synchronization for the connection.

Circuit-Switched Connections


49/69

49

Circuit-switched connections are dialup connections, as are used by a PC with a modem

when dialing up an ISP. Circuit-switched connections include the following types:

Asynchronous serial connections these include analog modem dialup connections and

the standard telephone system, which is commonly referred to as Plain Old Telephone

Service (POTS) by the telephone carriers.

Synchronous serial connections these include digital ISDN BRI and PRIdialup

connections; they provide guaranteed bandwidth. Asynchronous serial connections are the

cheapest form of WAN services but are also the most unreliable of the services. For

instance, every time you make a connection using an analog modem, there is no guarantee

of the connection rate youll get

WAN Interfaces on Cisco Routers


50/69

50

Cisco supports a wide variety of serial cables for their serial router interfaces. Here are

some of the cable types supported for synchronous serial interfaces: EIA/TIA-232, EIA/TIA-

449, EIA/TIA-530, V.35, and X.21.The end that connects to the DCE device is defined by

these standards. However, the end that connects to the Cisco router is proprietary innature. Ciscos cables have two different end connectors that connect to the serial

interfaces

of their routers:

DB-60 Has 60 pins

DB-26 Has 26 pins and is flat, like a USB cable

Note that these connectors are for synchronous serial connections. Cisco has other cable

types, typically RJ-45, for asynchronous connections.

Encapsulation Method

There are many different methods for encapsulating data for serial connections.Table 15-2

shows the most common ones.


51/69

51

HDLC

Based on ISO standards, the HDLC (High-Level Data Link Control) protocol can be used

with synchronous and asynchronous connections and defines the frame type and

interaction between two devices at the data link layer.

Configuring HDLC

As mentioned in the preceding section, the default encapsulation on Ciscos synchronous

serial interfaces is HDLC. The configuration is:

Router(config)# interface serial [module_#/]port_#

Router(config-if)# encapsulation hdlc

Notice that you must be in the serial interface to change its data link layer

After you have configured HDLC, use the show interfaces command to view the data link

layer encapsulation:

Router# show interfaces serial 1

Serial1 is up, line protocol is up

Hardware is MCI Serial

Internet address is 192.168.2.2 255.255.255.0

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation HDLC, loopback not set, keepalive set (10 sec)

Last input 0:00:02, output 0:00:00, output hang never

Last clearing of "show interface" counters never

Output queue 0/40, 0 drops; input queue 0/75, 0 drops


52/69

52

VTP

How VTP work:-

VTP advertisements are sent as multicast frames

VTP servers and clients synchronized to latest revision number

VTP advertisement are sent every five minutes or when there is a

change

There are three operating mode of vtp:-

1. Server mode: - can create VLANs, Modify VLANs, and Delete VLANs.

If switch is in server mode then it can Send or forward advertisements &

Synchronize. Saved in NVRAM

2. Client mode: - cant create VLANs, Modify VLANs, and Delete VLANs. It can Send

or forward advertisements & Synchronize. Not saved in NVRAM.


53/69

53

3. Transparent mode: - can create VLANs, Modify VLANs, and Delete VLANs.

It can Send or forward advertisements & but not Synchronize. Save

in NVRAM.

VTP Pruning: - VTP pruning makes more efficient use of trunk bandwidth by reducing

unnecessary flooded traffic. Broadcast and unknown unicast frames on a VLAN are

forwarded over a trunk link only if the switch on the receiving end of the trunk has ports in

that VLAN. In other words, VTP pruning allows switches to prevent broadcasts and

unknown unicasts from flowing to switches that do not have any ports in that VLAN.

Access Port: - A port which belonging from single VLAN called Access po


54/69

54

ARYA COLLEGE LAN SCENARIO


55/69

55

CHAPTER 11

PRINT OUT OF THE CODE SHEET

11.1 ROUTER CONFIGURATION

11.1.1 ROUTER_1 (MAIN SERVER)

server#enable

server#show running-config

Building configuration...

Current configuration : 1103 bytes

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname server

interface FastEthernet0/0

ip address 5.5.5.1 255.0.0.0

duplex auto

speed auto


ip address 6.6.6.1 255.0.0.0

duplex auto

speed auto

interface Serial2/0

ip address 1.1.1.1 255.0.0.0

interface Serial3/0


56/69

56

ip address 2.2.2.1 255.0.0.0

interface Serial4/0

ip address 3.3.3.1 255.0.0.0

clock rate 64000

interface Serial5/0

ip address 4.4.4.1 255.0.0.0

clock rate 64000


ip address 7.7.7.1 255.0.0.0

duplex auto

speed auto


ip address 8.8.8.1 255.0.0.0

duplex auto

speed auto


no ip address

duplex auto

speed auto

router eigrp 1

network 1.0.0.0

network 2.0.0.0

network 3.0.0.0

network 4.0.0.0

network 5.0.0.0


57/69

57

network 6.0.0.0

network 7.0.0.0

network 8.0.0.0

network 9.0.0.0

network 192.168.0.0

no auto-summary

line vty 0 4

login

!

11.1.2 ROUTER_2 (BLOCK_A)

Router>enable

Router#show running-config



!

version 12.2




!

hostname Router

!


58/69

58


ip address 192.168.10.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.11.1 255.255.255.0

duplex auto

speed auto

!

interface Serial2/0

ip address 3.3.3.2 255.0.0.0

!

interface Serial3/0

no ip address

shutdown

!


ip address 192.168.12.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.13.1 255.255.255.0

duplex auto


59/69

59

speed auto

!


ip address 192.168.14.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.15.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.20.1 255.255.255.0

duplex auto

speed auto

!


no ip address

duplex auto

speed auto

!

router eigrp 1

network 3.0.0.0

network 192.168.10.0


60/69

60

network 192.168.11.0

network 192.168.12.0

network 192.168.13.0

network 192.168.14.0

network 192.168.15.0

network 192.168.20.0

no auto-summary

11.1.3 ROUTER_3 (BLOCK_B)

Router>enable




!

version 12.2




!

hostname Router

!


ip address 192.168.6.1 255.255.255.0

duplex auto


61/69

61

speed auto

!


ip address 192.168.7.1 255.255.255.0

duplex auto

speed auto

!

interface Serial2/0

ip address 2.2.2.2 255.0.0.0

clock rate 64000

!

interface Serial3/0

no ip address

shutdown

!


ip address 192.168.8.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.9.1 255.255.255.0

duplex auto

speed auto

!


62/69

62

router eigrp 1

network 2.0.0.0

network 192.168.6.0

network 192.168.7.0

network 192.168.8.0

network 192.168.9.0

no auto-summary

!

11.1.4 ROUTER_4 (BLOCK_C)

Router>enable




version 12.2




hostname Router

!


ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto


63/69

63

!


ip address 192.168.2.1 255.255.255.0

duplex auto

speed auto

!

interface Serial2/0

ip address 1.1.1.2 255.0.0.0

clock rate 64000

!

interface Serial3/0

no ip address

shutdown

!


ip address 192.168.3.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.4.1 255.255.255.0

duplex auto

speed auto

!



64/69

64

ip address 192.168.5.1 255.255.255.0

duplex auto

speed auto

!

router eigrp 1

network 1.0.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

no auto-summary

ROUTER_5 (INTERNET_SERVER)

Router>enable




!

version 12.2




!


65/69

65

hostname Router

!


ip address 192.168.16.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.17.1 255.255.255.0

duplex auto

speed auto

!

interface Serial2/0

ip address 4.4.4.2 255.0.0.0

!

interface Serial3/0

no ip address

shutdown

!


ip address 192.168.18.1 255.255.255.0

duplex auto

speed auto

!



66/69

66

ip address 192.168.19.1 255.255.255.0

duplex auto

speed auto

!


ip address 192.168.20.1 255.255.255.0

duplex auto

speed auto

!


no ip address

duplex auto

speed auto

!


no ip address

duplex auto

speed auto

!

router eigrp 1

network 4.0.0.0

network 192.168.16.0

network 192.168.17.0

network 192.168.18.0

network 192.168.19.0


67/69

67

network 192.168.20.0

no auto-summary

!

CHAPTER 14

CONCLUSION

With the advancement in computer networking strategies across the globe; a new

wave of hope has swept across application providers in the global imperative market

today. Networking hold the potential to provide an effective solution to users

important problems and understanding of the technologies with a provision of a user

friendly environment to suit user needs. I have tried to learn about the networking.

In this attempt I contributed my best and came to know about many new things,

which increased my knowledge in this field. I saw many communicating devices. The

project is an attempt to make use of the available technology and resources for

fulfilling the requirements in the best possible manner. Overall it was a wonderful

experience for me and relishing moment of my lifetime.


68/69

68

CHAPTER 15

FUTURE ENHANCEMENT

This training can be used for the small or large organization.

Further improvements in the system could make more and more efficient.

In the future, more and more companies and new organizations need to be

connected to the big networks as well as with the internet and one should also know a

fact that among the professions in the software industry, the networking professional is the

person who is paid the most.

There aren't many companies to look beyond as there is Cisco, the biggest

networking company in the world.


69/69

69

CHAPTER 16

REFERENCES

16.1 Sybex CCNA 640-802 cracked

16.2 CCNA 640-802 study guide

Project Report on Ccna

Documents