Final Report 11

8/6/2019 Final Report 11

1/62

PROJECT REPORT

On

Implementing Enterprise LAN & WAN

During

(January,2011 June,2011)

For the partial fulfillment for the award degree

MCA(MASTERS OF COMPUTER SCIENCE AND APPLICATIONS)

Department Of Computer Science And Applications(DCSA)

Submitted To:- Submitted To:-

Mrs.Anu Gupta Amanpreet Singh

DCSA MCA-III(Evening)

Panjab University,Chandigarh. Roll No-3


2/62

Table of Contents

Contents Page Number

Acknowledgment 4

y Company profile

y Objective 5

y Project Modules:

Networking

What is ComputerNetwork??

Types ofNetworks

LAN/WAN/PAN/HAN/MAN/VPN

Networking DevicesROUTER

SWITCHES

HUB

BRIDGE

Basic Networking Cables

Routing

Static and Dynamic

Administrative Distance

Configuring Default Routes

Verifying Static RoutePath Determination Graph

Routing Protocols

Routing and Routed

Distance vector and Link State

Types of Routing

RIP/IGRP/OSPF/EIGRP

DHCP

Introduction

DORA process

ACL

Concept

How to apply ACL

Types of ACL

InterVLAN

Understanding InterVLAN

Basic Router Configuration Tasks

NAT


3/62

Concept

Working

Frame Relay

Introduction

Devices

Frame Relay OperationsDLCI

LMI

DLCI Mapping to Network Address

Configuring Frame Relay Sub-Interface

Linux

8


4/62

ACKNOWLEDGEMENT

At the very outset, I am highly indebted to DEPARTMENT OF COMPUTER

SCIENCE & APPLICATIONS(DCSA) ,PANJAB UNIVERSITY for giving us

an opportunity to carry out our major project at their esteemed organization . I

would specially thank , Mrs.Anu Gupta for giving time and guidance throughout

our project without whom it would have been impossible to attain success.

I Amanpreet Singh, regards to the entire faculty of DEPARTMENT OF

COMPUTER SCIENCE & APPLICATIONS(DCSA) , PANJAB

UNIVERSITY from where i have learnt the basics of Computer Science and

whose informal discussions and able guidance became light for me in the entire

duration of this work.


5/62


6/62

Company Profile

Simplifying IT

Netmax Technologies is a leader in network support, embedded systems, and

software & web development services. Netmax Technologies group of companies

is divided into two: Netmax Technologies (Core) & Netmax Web solutions.

Netmax Technologies (Core) takes care of IT support, embedded systems R& D &

Implementation services, whereas Netmax web solutions is a web & software

development company that takes care of Software development & web service

solutions.

It offers a vast portfolio of IT solutions to customers spread across Punjab,

Haryana & Himachal Pradesh. Netmax Technologies is a pioneer in the field of IT

education in north India.

Netmax Technologies was set up in 2001 by young Indian entrepreneurs. It haspioneered the concept of high quality IT education in North India and has trained

over 10,000 plus networking, embedded systems & software professionals in the

country. In 2001, Netmax Technologies set up education centre in Chandigarh

(Punjab) and followed them with centers in Patiala, Jalandhar, Ludhiana &

Bhatinda in the years that followed. In 2005, Netmax Technologies introduced

corporate training programs which as an initiative were highly appreciated by the

industry and corporate alike.


7/62

Area of Focus:

Netmax Technologies focus areas include network support, networkimplementation, embedded system research & development and robotics. Netmax

Technologies addresses the needs of well-defined industry segments such as

BPOs, IT & ITES, and government Agencies like CSIO & TBRL etc. It has

alliances with global IT majors such as Microsoft, CISCO and Red Hat.

Project Requirements

LAN Hardware:

Core Layer Switches: catalyst 3550

Distribution Layer : catalyst 2960

Access Layer : Access point and Cisco 2950

WAN Hardware:

Routers: Cisco 1841 integrated services router

1 FE Card

1 WIC 1T card


8/62

Server Hardware requirements:-

The following table lists the minimum and recommended hardware requirements

for deploying Linux and Windows Servers.

Main Difference will be in file system used by the OS. Linux will use ext3 and

windows will use NTFS file system.:-

Component Minimum Recommended

Processor 2.5 gigahertz (GHz) Dual processors that

are each 3 GHz or

faster

RAM 1 gigabyte (GB) 2 GB

Disk EXT-3 File System

/NTFS

EXT-3 File

System/NTFS

Drive DVD drive DVD drive or the

source copied to a

local or network-

accessible drive

Display 1024 768 1024 768 or higher

resolution monitor


9/62

Network 56 kilobits per second

(Kbps) connection

between client

computers and server

512Kbps or faster

connection between

client computers and

server

Objective

The Enterprise network is the lifeblood of any Small to Medium

Enterprise (SME) with more than one site or supply chain partner. It

enables access to business information and allows for profitable and

effective communication flows between employees in different

enterprise sites. Network enterprise network equipment are mature

and ubiquitous, but the quality of services provided by similar networks

varies from city to city and from country to country. In particular, the

quality variation gap between most of the cities in some developing

nations and their counterparts in advanced nations is very wide. This is

due to the lack in developing nations of an adequate IT infrastructure,

which is taken for granted in developed nations. Planning an enterprise

network in a developing nation is almost like planning it in the middle

of a desert. This project briefly discusses the architecture of an


10/62

enterprise network. It examines the barriers to planning, designing and

implementing an enterprise network. This project also covers the

methods to implement enterprise level networks.

In this project we will start from working Basics of routers and

switches then covering the Routing technologies required to route data

between branches. In large LAN it is required to perform segmentation.

So we have to implement technologies like VLAN, TRUNKING, STP,

PORT SECURITY & INTER-VLAN etc.

After that we have implement WAN and Frame-relay is

considered a good choice because it connects multiple location using

single interface of router and reduce the hardware costs. So we have to

study and implement FRAME-RELAY.

In this project the servers like MAIL SERVER, DNS SERVER, APACHE

SERVER, SQUIRRELMAIL are configured in the LINUX. The main

objective to configuring the servers in the LINUX is that LINUX provides

more stability then WINDOWS.


11/62

FEASIBILITY STUDY

The various issues related to feasibility study are as follows:-1. Technology

The various technologies used for this project are:-

Cisco Packet Tracer

ACL

Frame Relay

Routing

Switching


12/62

InterVLAN

Redhat Linux Operating System version 5.0

Squirrelmail server

ThunderBird

2. EconomicThe technological and system requirements of the project would not require much

of a cost. As we are doing the project at student level for the partial fulfillment of

MCA degree so the technologies mentioned were taken through the internet.

Moreover Redhat allows it to be used everywhere and anywhere in the globe

without anypayment.

3. ScheduleThe project is divided in a time span of 6 months so the project completion will not

be an issue.

The project deadline will be easily met and all the activities necessary to be

performed will be completed within the fixed time.


13/62


14/62

INTERNETWORKING BASICS

What is Computer Network?

A computer networkallows sharing of resources and information among

interconnected devices. In the 1960s, the Advanced Research Projects Agency

(ARPA) started funding the design of the Advanced Research Projects AgencyNetwork (ARPANET) for the United States Department of Defence. It was the first

computer network in the world. [1] Development of the network began in 1969,

based on designs developed during the 1960s.

Computer networks can be used for a variety of purposes:


15/62

y Facilitating communications. Using a network, people can communicate

efficiently and easily via email, instant messaging, chat rooms, telephone,

video telephone calls, and video conferencing.

y

Sharing hardware. In a networked environment, each computer on a networkmay access and use hardware resources on the network, such as printing a

document on a shared network printer.

y Sharing files, data, and information. In a network environment, authorized

user may access data and information stored on other computers on the

network. The capability of providing access to data and information on

shared storage devices is an important feature of many networks.

y

Sharing software. Users connected to a network may run applicationprograms on remote computers.

y Information preservation.

y Security.

y Speed up.

Types of networks

Local area network(LAN)

LAN stands for Local Area Network. The scope of the LAN is within one building,

one school or within one lab. In LAN (Hub), media access method is used

CSMA/CD in which each computer sense the carrier before sending the data over

the n/w. if carrier is free then you can transmit otherwise you have to wait or you

have to listen. In multiple access each computer have right that they can access

each other. If two computers sense the carrier on same time then the collision


16/62

occur. Each computer, in the network, aware about the collision. Now this stop

transmitting and they will use back off algorithm. In which random number is

generated. This number or algorithm is used by each computer. Who has short

number or small number, he has first priority to transmit the data over the network

and other computers will wait for their turn.

Wide Area Netrwork(WAN)

WAN stands for Wide Area Network, in which two local area networks are

connected through public n/w. it may be through telecommunication infrastructure

or dedicated lines. For e.g: - ISDN lines, Leased lines etc.In which we can use

WAN devices and WAN technology. You can also connect with your remote area

through existing Internetwork called Internet.

Personal area network(PAN)

A personal area network (PAN) is a computer network used for communication

among computer and different information technological devices close to one

person. Some examples of devices that are used in a PAN are personal computers,

printers, fax machines, telephones, PDAs, scanners, and even video game consoles.

A PAN may include wired and wireless devices. The reach of a PAN typically

extends to 10 meters.[4] A wired PAN is usually constructed with USB and

Firewire connections while technologies such as Bluetooth and infraredcommunication typically form a wireless PAN.

Home area network(HAN)

A home area network (HAN) is a residential LAN which is used for

communication between digital devices typically deployed in the home, usually asmall number of personal computers and accessories, such as printers and mobile

computing devices. An important function is the sharing of Internet access, often a

broadband service through a CATV or Digital Subscriber Line (DSL) provider. It

can also be referred to as an office area network (OAN).


17/62

Metropolitan area network(MAN)

A Metropolitan area network is a large computer network that usually spans a city

or a large campus.

Virtual private network(VPN)

A virtual private network (VPN) is a computer network in which some of the links

between nodes are carried by open connections or virtual circuits in some larger

network (e.g., the Internet) instead of by physical wires. The data link layer

protocols of the virtual network are said to be tunnelled through the larger network

when this is the case. One common application is secure communications through

the public Internet, but a VPN need not have explicit security features, such as

authentication or content encryption. VPNs, for example, can be used to separate

the traffic of different user communities over an underlying network with strong

security features.

DEVICES

Router Switches

Hub Bridge


18/62

ROUTING

Routing is the process that a router uses to forward packets toward the destination

network. A router makes decisions based upon the destination IP address of a

packet. All devices along the way use the destination IP address to point the packetin the correct direction so that the packet eventually arrives at its destination. In

order to make the correct decisions, routers must learn the direction to remote

networks.

STATIC ROUTING

Use a programmed route that a network administrator enters into the router.

DYNAMIC ROUTING

Uses a route that a routing protocoladjusts automatically for topology or taffic

changes.

Configuring Static Routes by Specifying Outgoing Interfaces

Configuring Static Routes by Specifying Next-Hop Addresses


19/62

Configuring Static Routes by Specifying Next-Hop Addresses

Routers Configuration


20/62

Routing Protocols


21/62

Routing protocols includes the following processes for sharing route information

allows routers to communicate with other routers to update and maintain the

routing tables

Examples of routing protocols that support the IP routed protocol are:

RIP, IGRP,

OSPF, BGP,

and EIGRP.

Routed Protocols

Protocols used at the network layer that transfer data from one host to another

across a router are called routed or routable protocols. The Internet Protocol (IP)

and Novell's Internetwork Packet Exchange (IPX) are examples of routed

protocols. Routers use routing protocols to exchange routing tables and share

routing information. In other words, routing protocols enable routers to route

routed protocols e.x. IPX(Internet Packet Exchanger) and IP(Internet Protocol ).

IGP and EGP

Categories of Routing Protocols

Most routing algorithms can be classified into one of two categories:


22/62

distance vector

link-state

The distance vector routing approach determines the direction (vector) and

distance to any link in the internetwork.

The link-state approach, also called shortest path first, recreates the exact topology

of the entire internetwork.

Comparing Routing Methods

TYPES OF ROUTING PROTOCOLS


23/62

RIPv1

CHARACTERISTICS


24/62

Configuring RIP Example

IGRP

Interior Gateway Routing Protocol (IGRP) is a proprietary protocol developed byCisco.

Some of the IGRP key design characteristics emphasize the following:

It is a distance vector routing protocol.

Routing updates are broadcast every 90 seconds.

Bandwidth, load, delay and reliability are used to

create a composite metric.

IGRP Stability Features

IGRP has a number of features that are designed to enhance its stability, such as:

Holddowns


25/62

Split horizons

Poison reverse updates

Holddowns

Holddowns are used to prevent regular update messages from inappropriately

reinstating a route that may not be up.

Split horizons

Split horizons are derived from the premise that it is usually not useful to send

information about a route back in the direction from which it came.

Poison reverse updates

Split horizons prevent routing loops between adjacent routers, but poison reverse

updates are necessary to defeat larger routing loops.

Today, IGRP is showing its age, it lacks support for variable length subnet masks

(VLSM). Rather than develop an IGRP version 2 to correct this problem, Cisco has

built upon IGRP's legacy of success with Enhanced IGRP.

OSPF (Open Shortest Path First) Protocol

OSPF is a Link-State Routing Protocols

Link-state (LS) routers recognize much more information about the

network than their distance-vector counterparts,Consequently LS

routers tend to make more accurate decisions.

Link-state routers keep track of the following:


26/62

Their neighbours

All routers within the same area

Best paths toward a destination

Neighbor table:

Also known as the adjacency database

(list of recognized neighbors)

Topology table:

Typically referred to as LSDB

(routers and links in the area or network)

All routers within an area have an identical LSDB

Routing table:

Commonly named a forwarding database

(list of best paths to destinations)

Configuring Basic OSPF: Single Area

Router(config)#

router ospfprocess-id

Router(config-router)#

networkaddress inverse-maskarea [area-id]

Router OSPF subordinate command that defines the interfaces (by

network number) that OSPF will run on. Each network number must

be defined to a specific area.

Configuring OSPF on Internal Routers of a Single Area


27/62

EIGRP

Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietaryrouting protocol based on Interior Gateway Routing Protocol (IGRP).

Unlike IGRP, which is a classful routing protocol, EIGRP supports CIDR and

VLSM.


28/62

Compared to IGRP, EIGRP boasts faster convergence times, improved scalability,

and superior handling of routing loops.

Furthermore, EIGRP can replace Novell Routing Information Protocol (RIP) and

AppleTalk Routing Table Maintenance Protocol (RTMP), serving both IPX andAppleTalk networks with powerful efficiency.

EIGRP is often described as a hybrid routing protocol, offering the best of distance

vector and link-state algorithms.

Configuring EIGRP

DHCP


29/62

Dynamic Host Configuration Protocol automates network-parameter assignment to

network devices from one or more DHCP servers. Even in small networks, DHCP

is useful because it makes it easy to add new machines to the network.

When a DHCP-configured client (a computer or any other network-aware device)connects to a network, the DHCP client sends a [[Broadcasting

(computing)|broadcast]] query requesting necessary information from a DHCP

server. The DHCP server manages a pool of IP addresses and information about

client configuration parameters such as [[default gateway]], [[domain name]], the

[[name server]]s, other servers such as [[time server]]s, and so forth. On receiving

a valid request, the server assigns the computer an IP address, a lease (length of

time the allocation is valid), and other IP configuration parameters, such as the

[[subnet mask]] and the [[default gateway]]. The query is typically initiated

immediately after [[booting]], and must complete before the client can initiate

[[Internet Protocol|IP]]-based communication with other hosts.

Depending on implementation, the DHCP server may have three methods of

allocating IP-addresses:

''Dynamic Allocation'': A [[network administrator]] assigns a range of IP

addresses to DHCP, and each client computer on the LAN is configured to request

an IP address from the DHCP [[Server (computing)|server]] during network

initialization. The request-and-grant process uses a lease concept with a

controllable time period, allowing the DHCP server to reclaim (and then

reallocate) IP addresses that are not renewed.

''Automatic Allocation'': The DHCP server permanently assigns a free IP address

to a requesting client from the range defined by the administrator. This is like

dynamic allocation, but the DHCP server keeps a table of past IP address

assignments, so that it can preferentially assign to a client the same IP address that

the client previously had.

''Static Allocation'': The DHCP server allocates an IP address based on a table

with [[MAC address]]/[[IP address]] pairs, which are manually filled in (perhaps


30/62

by a [[network administrator]]). Only requesting clients with a MAC address listed

in this table will be allocated an IP address. This feature (which is not supported by

all DHCP servers) is variously called ''Static DHCP Assignment'' (by [[DD-

WRT]]), ''fixed-address'' (by the dhcpd documentation), ''Address Reservation'' (by

Netgear), ''DHCP reservation'' or ''Static DHCP'' (by Cisco/[[Linksys]]), and ''IPreservation'' or ''MAC/IP binding'' (by various other router manufacturers).

DORA PROCESS

DHCP operations fall into four basic phases: IP discovery, IP lease offer, IP

request, and IP lease acknowledgement.

DHCP clients and servers on the same subnet communicate via UDP broadcasts. If

the client and server are on different subnets, IP discovery and IP request messages

are sent via UDP broadcasts, but IP lease offer and IP lease acknowledgement

messages are [[unicast]].

DHCP discovery

The client broadcasts messages on the physical subnet to discover available DHCP

servers. Network administrators can configure a local router to forward DHCP

packets to a DHCP server from a different subnet. This client-implementation

creates a [[User Datagram Protocol]] (UDP) packet with the broadcast destination

of 255.255.255.255 or the specific subnet broadcast address.

A DHCP client can also request its last-known IP address (in the example below,

192.168.1.100). If the client remains connected to a network for which this IP is

valid, the server might grant the request. Otherwise, it depends whether the server

is set up as authoritative or not. An authoritative server will deny the request,

making the client ask for a new IP address immediately. A non-authoritative server

simply ignores the request, leading to an implementation-dependent timeout for the

client to give up on the request and ask for a new IP address.


31/62

DHCP offer

When a DHCP server receives an IP lease request from a client, it reserves an IP

address for the client and extends an IP lease offer by sending a DHCPOFFER

message to the client. This message contains the client's MAC address, the IP

address that the server is offering, the subnet mask, the lease duration, and the IP

address of the DHCP server making the offer.

The server determines the configuration based on the client's hardware address as

specified in the CHADDR (Client Hardware Address) field. Here the server,

192.168.1.1, specifies the IP address in the YIADDR (Your IP Address) field.

DHCP request

A client can receive DHCP offers from multiple servers, but it will accept only one

DHCP offer and broadcast a DHCP request message. Based on the Transaction ID

field in the request, servers are informed whose offer the client has accepted. When

other DHCP servers receive this message, they withdraw any offers that they might

have made to the client and return the offered address to the pool of available

addresses. The DHCP request message is broadcast, instead of being unicast to aparticular DHCP server, because the DHCP client has still not received an IP

address. Also, this way one message can let all other DHCP servers know that

another server will be supplying the IP address without missing any of the servers

with a series of unicast messages.

DHCP acknowledgement

When the DHCP server receives the DHCPREQUEST message from the client, the

configuration process enters its final phase. The acknowledgement phase involvessending a DHCPACK packet to the client. This packet includes the lease duration

and any other configuration information that the client might have requested. At

this point, the IP configuration process is completed.

Snapshot Of DHCP


32/62


33/62

ACL (Acceess Control List)

Access Control List is a list of conditions that are used to control the network

traffic or packet filtering.We can use ACL for filtering the unwanted packets when

implementing security policy.

Applying ACLs

You can define ACLs without applying them. But, the ACLs have no effect until

they are applied to the interface of the router. It is a good practice to apply the

ACL on the interface closest to the source of the traffic. As shown in this example,

when you try to block traffic from source to destination, you can apply an inbound

ACL to E0 on router A instead of an outbound list to E1 on router C. An access-listhas a deny ip any any implicitly at the end of any access-list. If traffic is related to

a DHCP request and if it is not explicity permitted, the traffic is dropped because

when you look at DHCP request in IP, the source address is s=0.0.0.0

(Ethernet1/0), d=255.255.255.255, len 604, rcvd 2 UDP src=68, dst=67. Note that

the source IP address is 0.0.0.0 and destination address is 255.255.255.255. Source

port is 68 and destination 67. Hence, you should permit this kind of traffic in your

access-list else the traffic is dropped due to implicit deny at the end of the

statement.

Note: For UDP traffic to pass through, UDP traffic must also be permited

explicitly by the ACL.

Define In, Out, Inbound, Outbound, Source, and Destination

The router uses the terms in, out, source, and destination as references. Traffic onthe router can be compared to traffic on the highway. If you were a law

enforcement officer in Pennsylvania and wanted to stop a truck going from

Maryland to New York, the source of the truck is Maryland and the destination of

the truck is New York. The roadblock could be applied at the PennsylvaniaNew

York border (out) or the MarylandPennsylvania border (in).


34/62

Types of IP ACLs

This section of the document describes ACL types.

Standard ACLs

Standard ACLs are the oldest type of ACL. They date back to as early as Cisco

IOS Software Release 8.3. Standard ACLs control traffic by the comparison of the

source address of the IP packets to the addresses configured in the ACL.

This is the command syntax format of a standard ACL.

access-list access-list-number{permit|deny}{host|source source-wildcard|any}

In all software releases, the access-list-numbercan be anything from 1 to 99. In

Cisco IOS Software Release 12.0.1, standard ACLs begin to use additional

numbers (1300 to 1999). These additional numbers are referred to as expanded IP

ACLs. Cisco IOS Software Release 11.2 added the ability to use list name in

standard ACLs.

Asource/source-wildcardsetting of 0.0.0.0/255.255.255.255 can be specified

as any. The wildcard can be omitted if it is all zeros. Therefore, host 10.1.1.2

0.0.0.0 is the same as host 10.1.1.2.

After the ACL is defined, it must be applied to the interface (inbound or

outbound). In early software releases, out was the default when a keyword out or in

was not specified. The direction must be specified in later software releases.

interface

ip access-group number {in|out}

This is an example of the use of a standard ACL in order to block all traffic except

that from source 10.1.1.x.

interface Ethernet0/0

ip address 10.1.1.1255.255.255.0


35/62

ip access-group 1 in

access-list 1 permit 10.1.1.0 0.0.0.255

Extended ACLs

Extended ACLs were introduced in Cisco IOS Software Release 8.3. Extended

ACLs control traffic by the comparison of the source and destination addresses of

the IP packets to the addresses configured in the ACL.

This is the command syntax format of extended ACLs. Lines are wrapped here for

spacing considerations.

IP

access-list access-list-number

[dynamic dynamic-name [timeout minutes]]

{deny|permit}protocol source source-wildcard

destination destination-wildcard[precedenceprecedence][tos tos] [log|log-input] [time-range time-range-name]

ICMP

access-listaccess-list-number[dynamic dynamic-name [timeout minutes]]

{deny|permit} icmpsource source-wildcard

destination destination-wildcard

[icmp-type [icmp-code] |icmp-message]

[precedenceprecedence] [tos tos] [log|log-input][time-range time-range-name]

TCP

access-list access-list-number[dynamic dynamic-name [timeout minutes]]

{deny|permit} tcpsource source-wildcard[operator [port]]

destination destination-wildcard[operator [port]]

[established] [precedenceprecedence] [tos tos][log|log-input] [time-range time-range-name]


36/62

UDP

access-list access-list-number

[dynamic dynamic-name [timeout minutes]]

{deny|permit} udpsource source-wildcard[operator [port]]

destination destination-wildcard[operator [port]]

[precedenceprecedence] [tos tos] [log|log-input][time-range time-range-name]

INTER-VLAN

Understanding How InterVLAN Routing Works

Network devices in different VLANs cannot communicate with one another

without a router to route traffic between the VLANs. In most networkenvironments, VLANs are associated with individual networks or subnetworks.

For example, in an IP network, each subnetwork is mapped to an individual

VLAN. In a Novell IPX network, each VLAN is mapped to an IPX network

number. In an AppleTalk network, each VLAN is associated with a cable rangeand AppleTalk zone name.

Configuring VLANs helps control the size of the broadcast domain and keeps local

traffic local. However, when an end station in one VLAN needs to communicate

with an end station in another VLAN, interVLAN communication is required. This

communication is supported by interVLAN routing. You configure one or more

routers to route traffic to the appropriate destination VLAN.

shows a basic interVLAN routing topology. Switch A is in VLAN 10 and Switch Bis in VLAN 20. The router has an interface in each VLAN.

Fig:-Basic InterVLAN Routing Topology


37/62

When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it

sends a packet addressed to that host. Switch A forwards the packet directly toHost B, without sending it to the router.

When Host A sends a packet to Host C in VLAN 20, Switch A forwards the packet

to the router, which receives the traffic on the VLAN 10 interface. The router

checks the routing table, determines the correct outgoing interface, and forwards

the packet out the VLAN 20 interface to Switch B. Switch B receives the packetand forwards it to Host C.

shows another common scenario, interVLAN routing over a single trunk

connection to the router. The switch has ports in multiple VLANs. InterVLAN

routing is performed by a Cisco 7505 router connected to the switch through a full-duplex Fast Ethernet trunk link.

NAT

Short forNetworkAddress Translation, an Internet standard that enables a local-

area network (LAN) to use one set of IP addresses for internal traffic and a second

set of addresses for external traffic. A NATbox located where the LAN meets the

Internet makes all necessary IP address translations.

NAT serves three main purposes:

Provides a type of firewall by hiding internal IP addresses

Enables a company to use more internal IP addresses. Since they're used

internally only, there's no possibility of conflict with IP addresses used by

other companies and organizations.

Allows a company to combine multiple ISDN connections into a single

Internet connection.


38/62

How Network Address Translation Works??

Network Address Translation helps improve security by reusing IP

addresses. The NAT router translates traffic coming into and leaving the

private network. See more pictures of computer networking.

If you are reading this article, you are most likely connected to the Internet

and viewing it at the HowStuffWorks Web site. There's a very good chance

that you are using Network Address Translation (NAT) right now.

The Internet has grown larger than anyone ever imagined it could be.

Although the exact size is unknown, the current estimate is that there are


39/62

about 100 million hosts and more than 350 million users actively on the

Internet. That is more than the entire population of the United States! In fact,

the rate of growth has been such that the Internet is effectively doubling in

size each year.

So what does the size of the Internet have to do with NAT? Everything! For

a computer to communicate with other computers and Web servers on the

Internet, it must have an IP address. An IP address (IP stands for Internet

Protocol) is a unique 32-bit number that identifies the location of your

computer on a network. Basically, it works like your street address -- as a

way to find out exactly where you are and deliver information to you.

When IP addressing first came out, everyone thought that there were plenty

of addresses to cover any need. Theoretically, you could have 4,294,967,296

unique addresses (232

). The actual number of available addresses is smaller(somewhere between 3.2 and 3.3 billion) because of the way that the

addresses are separated into classes, and because some addresses are set

aside for multicasting, testing or other special uses.


40/62

Frame Relay

Frame Relay is an industry-standard, switched data link layer protocol that handles

multiple virtual circuits using High-Level Data Link Control (HDLC)

encapsulation between connected devices. In many cases, Frame Relay is more

efficient than X.25, the protocol for which it is generally considered a replacement.

The following figure illustrates a Frame Relay frame (ANSI T1.618).

As an interface between user and network equipment, Frame Relay provides a

means for statistically multiplexing many logical data conversations (referred to as

virtual circuits) over a single physical transmission link. This contrasts with


41/62

systems that use only time-division-multiplexing (TDM) techniques for supporting

multiple data streams. Frame Relay's statistical multiplexing provides more

flexible and efficient use of available bandwidth. It can be used without TDM

techniques or on top of channels provided by TDM systems.

Another important characteristic of Frame Relay is that it exploits the recent

advances in wide-area network (WAN) transmission technology. Earlier WAN

protocols, such as X.25, were developed when analog transmission systems and

copper media were predominant. These links are much less reliable than the fiber

media/digital transmission links available today. Over links such as these, link-

layer protocols can forego time-consuming error correction algorithms, leaving

these to be performed at higher protocol layers. Greater performance and efficiency

is therefore possible without sacrificing data integrity. Frame Relay is designed

with this approach in mind. It includes a cyclic redundancy check (CRC) algorithm

for detecting corrupted bits (so the data can be discarded), but it does not include

any protocol mechanisms for correcting bad data (for example, by retransmitting it

at this level of protocol).

Frame Relay has replaced X.25 as the packet-switching technology of choice

in many nations, particularly the United States.

First standardized in 1990, Frame Relay streamlines Layer 2 functions and

provides only basic error checking rather than error correction.

This low-overhead approach to switching packets increases performance and

efficiency.

Modern fiber optic links and digital transmission facilities offer much lower

error rates than their copper predecessors.

For that reason, the use of X.25 reliability mechanisms at Layer 2 and Layer

3 is now generally regarded as unnecessary overhead.

This module presents Frame Relay technology, including its benefits and

requirements.


42/62

Frame Relay is an International Telecommunications Union (ITU-T) and

American National Standards Institute (ANSI) standard that defines the

process for sending data over a packet-switched network.

It is a connection-oriented data-link technology that is optimized to provide

high performance and efficiency.

Modern telecommunications networks are characterized by relatively error-

free digital transmission and highly reliable fiber infrastructures.

Frame Relay takes advantage of these technologies by relying almost

entirely on upper-layer protocols to detect and recover from errors.

Frame Relay does not have the sequencing, windowing, and

retransmission mechanisms that are used by X.25.

Without the overhead associated with comprehensive error detection, the

streamlined operation of Frame Relay outperforms X.25.

Typical speeds range from 56 kbps up to 2 Mbps, although higher speeds are

possible. (45 Mbps)

The network providing the Frame Relay service can be either a carrier-

provided public network or a privately owned network.

Like X.25, Frame Relay defines the interconnection process between the

customer's data terminal equipment (DTE), such as the router, and the

service provider's data communication equipment (DCE).


43/62

Frame Relay does not define the way the data is transmitted within the

service provider's network once the traffic reaches the provider's switch.

Therefore, a Frame Relay provider could use a variety of technologies, such

as Asynchronous Transfer Mode (ATM) or Point-to-Point Protocol (PPP), tomove data from one end of its network to another.

Frame Relay devices DTE


44/62

DTEs generally are considered to be terminating equipment for a specific

network and typically are located on the premises of the customer.

The customer may also own this equipment.

Examples of DTE devices are:

routers

Frame Relay Access Devices (FRADs).

A FRAD is a specialized device designed to provide a connection between a

LAN and a Frame Relay WAN.

Frame Relay devices DCE


45/62

DCEs are carrier-owned internetworking devices.

The purpose of DCE equipment is to provide clocking and switching

services in a network.

In most cases, these are packet switches, which are the devices that actually

transmit data through the WAN


46/62

DLCI

RTA can use only one of three configured PVCs to reach RTB.

In order for router RTA to know which PVC to use, Layer 3 addresses must

be mapped to DLCI numbers.

RTA must map Layer 3 addresses to the available DLCIs.

RTA maps the RTB IP address 1.1.1.3 to DLCI 17.

Once RTA knows which DLCI to use, it can encapsulate the IP packet witha Frame Relay frame, which contains the appropriate DLCI number to reach

that destination.


47/62

Cisco routers support two types of Frame Relay headers, encapsulation.

One type is cisco, which is a 4-byte header.

The second is itef, which is a 2-byte header that conforms to the IETF

standards.

The Cisco proprietary 4-byte header is the default and cannot be used if the

router is connected to another vendor's equipment across a Frame Relay

network.

LMI Local Management Interface


48/62

LMI is a signaling standard between theDTE and the Frame Relay

switch.

LMI is responsible for managing the connection and maintaining

the status between devices.

LMI includes:

A keepalive mechanism, which verifies that data is flowing

A multicast mechanism, which provides the network server (router)with its local DLCI.

A status mechanism, which provides an ongoing status on the DLCIs

known to the switch


49/62

The three types of LMIare not compatible with each others.

The LMI type must match between the provider Frame Relay switch and

the customer DTE device.

In Cisco IOS releases prior to 11.2, the Frame Relay interface must be

manually configured to use the correct LMI type, which is furnished by the

service provider.

If using Cisco IOS Release 11.2 or later, the router attempts to

automatically detect the type of LMI used by the provider switch.

This automatic detection process is called LMI autosensing.

No matter which LMI type is used, when LMI autosense is active, it sends

out a full status request to the provider switch.

Frame Relay devices can now listen in on both DLCI 1023 (Cisco LMI) and

DLCI 0 (ANSI and ITU-T) simultaneously.

The order is ansi, q933a, cisco and is done in rapid succession to

accommodate intelligent switches that can handle multiple formats

simultaneously.

The Frame Relay switch uses LMI to report the status of configured

PVCs.

The three possible PVC states are as follows:


50/62

Active state Indicates that the connection is active and that

routers can exchange data.

Inactive state Indicates that the local connection to the Frame

Relay switch is working, but the remote router connection to theFrame Relay switch is not working.

Deleted state Indicates that no LMI is being received from the

Frame Relay switch, or that there is no service between the CPE

router and Frame Relay switch.

DLCI Mapping to Network Address

Manual

RTA will know how to reach RTB from

the routing information; however, it will

need to use a statically or dynamically

configure frame map to encapsulate the

frame at layer 2 with the correct DLCI


51/62

Manual: Administrators use a frame relay map statement.

Dynamic

Inverse Address Resolution Protocol (I-ARP) provides a given

DLCI and requests next-hop protocol addresses for a specific

connection.

The router then updates its mapping table and uses the information in

the table to forward packets on the correct route.

Switching

Switches occupy the same place in the network as hubs. Unlike hubs, switches

examine each packet and process it accordingly rather than simply repeating the

signal to all ports. Switches map the Ethernet addresses of the nodes residing on

each network segment and then allow only the necessary traffic to pass through the

switch. When a packet is received by the switch, the switch examines the

destination and source hardware addresses and compares them to a table of

network segments and addresses. If the segments are the same, the packet is

dropped ("filtered"); if the segments are different, then the packet is "forwarded" to

the proper segment. Additionally, switches prevent bad or misaligned packets from

spreading by not forwarding them.

MAC Address Table


52/62

Switch Cofiguration


53/62


54/62

Vlans


55/62

VTP(VLAN Trunking Protocols)

With the help of VTP,we can simplify the process of creating the Vlans.In multiple

switches,we can configure one switch as VTP Server and all the switches will be

configured as VTP clients.We will create the vlans on VTP Server switch.The

Server will send periodic updates to the VTP client switches.The client will create

the vlan from the updates received from the server

VTP Servers Configuration


56/62


57/62

MODULE-2

INTRODUCTION OF REDHAT

Red hat is an open source having OS family UNIX like having an update method

of YUM means all the packages are installed through YUM which is a server

created in the Red hat and its package manager is RPM having all the files of Red

hat.

Red Hat Enterprise Linux (RHEL) is a Linux distribution produced by Red Hat and

targeted toward the commercial markets. Red Hat Enterprise Linux is released in

server versions for x86, x86-64, Itanium, PowerPC and IBM System z, and

desktop versions for x86 and x86-64. All of Red Hat's official support and train,

and the Red Hat Certification Program center around the Red Hat Enterprise Linux

platform.


58/62

INTRODUCTION OF THE MODULE

1. Sendmail is used to safely move the emails between hosts, usually utilizing the

SMTP(Simple Management Transport protocol) whose port no is 25 as it is

highly configurable, which allows us to control almost every aspect of how

email is handled, including the protocol to be used.

2. Package to be installed for it is sendmail*/squirrel*/bind*/caching*.

3. However, for receiving the mails, package to be installed is dovecot*.

4. This dovecot works using pop (post office protocol) whose port no is 110,pop3

and imap (Internet mail access protocol) whose port no is 143.

DNS


59/62

SQUIRRELMAIL

SquirrelMail is a web-based email application started by Nathan and Luke

Ehresman and written in the PHP scripting language. It can be installed on almost

all web servers as long as PHP is present and the web server has access to

an IMAP and SMTP server.

SquirrelMail outputs valid HTML 4.0 for its presentation, making it compatible

with a majority of current web browsers. SquirrelMail uses a plugin architecture to

accommodate additional features around the core application, and over 200 plugins

are available on the SquirrelMail website.Licensed under the GNU General Public License, SquirrelMail is free software. It

is currently available in over 50 languages. SquirrelMail is included in the

repositories of many major GNU/Linux distributions and is independently

downloaded by tens of thousands of people every month.

It includes built-in pure PHP support for the IMAP and SMTP protocols, and all

pages are rendered in pure HTML 4.0 for maximum compatibility across browsers.

It has very few requirements, and is very easy to configure and install.

There are several mailing lists available. Several of the developers are available for

live chat on IRC. A bug tracking system is available for reporting bugs or

submitting patches. For administrators or companies official and third party

commercial support is available.


60/62

Work breakdown structure:-

1.Sendmail It is used for sending mails to the user.

Package to be installed is-

postfix*/sendmail*

(* represents all the files)

Configuration File-/etc/postfix/main.cf

2. Dovecot-It is used for receiving mails by the user.


dovecot*

(* represents all the files)

Configuration File-/etc/dovecot.conf

3. Http- http server is also created in this project to develop the squirrelmail server

as the web page is to be form in the squirrelmail server.


http* (* represents all the files)

Configuration File-/etc/httpd/conf/httpd.conf

4.bind*/Caching*-These are used to install the DNS Server.


61/62

4. Squirrelmail-It is also used for sending mails to the server but also include extra

features like Sent, Trash, Drafts etc.


squirrelmail*(* represents all the files)

Configuration File-/sq/squirrel/config/config.php

5.PHP- As the pages formed in Squirrelmail are web pages formed in php so PHP

is also to be install in the project.


php*(* represents all the files)


62/62

Final Report 11

Documents

Transcript of Final Report 11