Nat report 1

68
SIX WEEKS INDUSTRIAL TRAINING REPORT On CCNAIn partial fulfillment of the degree of Bachelor of Technology in Electronics and communication Engineering AT NETMAX TECHNOLOGIES PATIALASubmitted to Page | 1

description

 

Transcript of Nat report 1

Page 1: Nat report 1

SIX WEEKS INDUSTRIAL TRAINING REPORT

On

“CCNA”

In partial fulfillment of the degree of Bachelor of Technology in Electronics and communication Engineering

AT“NETMAX TECHNOLOGIES PATIALA”

Submitted to

Guided by Submitted by

Mr. Barinder Singh

DEPARTMENT OF ELECTRONICS AND COMMUNICATION

ENGINEERINGRIMT-INSTITUTE OF ENGINEERING AND TECHNOLOGY

MANDI GOBINDGARH-147301

Page | 1

Page 2: Nat report 1

ACKNOWLEDGEMENT

While presenting this report I would like to express my deep sense of gratitude to entire

NETMAX staff that were indispensable part of my training giving me unending guidance,

inspiration, encouragement and providing me excellent environment throughout my training at

NETMAX TECHNOLOGIES. The training was an extremely productive & enriching

experience, not only technically but also from providing some practical skills.

I am extremely thankful to Mr.Barinder Singh who had devoted a lot of time in guiding and

supervising me during my training.

I must place my gratitude towards Prof. Rajneesh Talwar (H.O.D. of E.C.E. Dept.) for their

valuable advice and guidance in carrying out this enjoyable and productive experience, which

provided me a great opportunity to search new horizons.

Ashima MalhotraAshima Malhotra

PREFACE

Page | 2

Page 3: Nat report 1

Technology has rapidly grown in past two-three decades. An engineer without practical

knowledge and skills cannot survive in this technical era. Theoretical knowledge does matter but

it is the practical knowledge that is the difference between the best and the better. Organizations

also prefer experienced engineers than fresher ones due to practical knowledge and industrial

exposure of the former. The practical training is highly conductive for solid foundation for:-

1. Knowledge and personality

2. Exposure to industrial environment.

3. Confidence building.

4. Enhancement of creativity.

Page | 3

Page 4: Nat report 1

TABLE OF CONTENTS

Sr. No. DESCRIPTION PAGE NO.

1. COMPANY PROFILE 32

2. INTRODUCTION TO CCNA 35

3. BASIC 35

4. IP ADDRESS V4 49

5. IP ROUTING 51

6. LAN SWITCHING 63

7. ACL 68

8. NAT 72

9. PROJECT 76

10. REFERCENCES 83

Page | 4

Page 5: Nat report 1

INTRODUCTION

NETMAX TECHNOLOGIES, SCO 52, 2ND FLOOR LEELA BHAWAN PATIALA .

COMPANY PROFILE

NETMAX TECHNOLOGIES as an organization is established in 2001 in the field of Network Support, Network training, Software training and Embedded systems. In Education, we have strategic alliance with Pearson VUE and Prometric. We are authorized Testing Partner of REDHAT & CISCO. We are also NOVELL EDUCATION PARTNER with which we provide NOVELL and SUSE LINUX courses. NetMax Technologies also conduct courses in CADENCE based design tools.

NETMAX TECHNOLOGIES also provide Technical Research & Development support and consultancy to some electronics companies.Our clients for R&D support in field of embedded systems:

Recorders and Medicare Ltd Chandigarh. TELEBOX India Ltd. Lotus Machines Pvt. Ltd. Chandigarh. Impearl Electronics Pvt. Ltd. Chandigarh. KANTA Electrical Ltd. Mohali.

The partial list of our client for network field is as below: CEDTI, Mohali Premier ISP, Chandigarh Innovative solutions, Chandigarh Emmtel ISP, Chandigarh NIPER, Mohali Navik Technologies, Chandigarh Software Technology Parks India, Mohali Glide Internet Services Rana Group IDS HFCL Infotel Ltd. Targus Technologies Pvt Ltd STPI, Mohali BBMB The Tribune

Page | 5

Page 6: Nat report 1

Ind Swift

OUR TEAM

We are a strong technical team of certified professionals for catering to these solutions and have presence in Chandigarh and Punjab. We have skilled team of engineers who are experienced in design, programming. We are having more than 15 engineers who are having prestigious certifications like CCNA, CCNP, CCSP, CCSA, MCSE, RHCE,C++,C,JAVA & PhP, MySql Programming.

Support Area (network solutions): LINUX / UNIX networks SUN networks CISCO devices (Routers, Switches, Firewalls, Cache Engine, RAS etc) Bandwidth Manager software and hardware Radio Links Security Solutions

NETMAX TECHNOLOGIES provide the following Courses in IT & Embedded Systems given below:

Network Training: CISCO CCNA, CCNP RED HAT LINUX 5 WINDOWS 2000, 2003 (MCP,MCSA & MCSE) MCITP 2008.

Software Training: C++ C JAVA ( CORE JAVA & ADVANCE JAVA) ASP.NET PHP My sql Programming.

We provide Technical support and consultancy to electronics companies in the field of Embedded micro controllers like 8 bit and 16 bit family based embedded system design, analog systems design(including signal conditioning circuits, filter design, etc) ,precision signal amplifier design for applications like ECG, low power design, precision temperature measurement etc .Power electronics including dc/dc converters, ac/dc converters,thyristor firing based circuit, battery charging and monitor circuits etc. Application of Embedded systems and analog control systems in industrial as well as home automation.Our core strengths are our commitment, technical expertise and cost effective solutions. We ensure high service levels and prompt support availability leading to lower downtime.

Page | 6

Page 7: Nat report 1

NETMAX TECHNOLOGIES is a leader in education services and developer of innovative embedded solutions. To meet the demands of Post PC era, NeTmax provides complete solutions as well as design-to-order services to satisfy our customers.

NETMAX TECHNOLOGIES:

BARINDER SINGH, 9914713373 HARPREET SINGH, 9814900118

HEAD OFFICE:

NETMAX TECHNOLOGIES, SCO 58-59, Sector 34A, Chandigarh.0172-4644644

Branch Office:

NETMAX TECHNOLOGIES, SCO 52 2ND FLOOR LEELA BHAWAN PATIALA.0175- 5018351,9914713373, 9814900118.

Page | 7

Page 8: Nat report 1

INTRODUCTION TO CCNA

What is Network?

In one network more than one computer connected with each other through centralized device. They can share files and resources with each other.

LAN

LAN stands for Local Area Network. The scope of the LAN is within one building, one school or within one lab. In LAN (Hub), media access method is used CSMA/CD in which each computer sense the carrier before sending the data over the n/w. if carrier is free then you can transmit otherwise you have to wait or you have to listen. In multiple access each computer have right that they can access each other. If two computers sense the carrier on same time then the collision occur. Each computer, in the network, aware about the collision. Now this stop transmitting and they will use back off algorithm. In which random number is generated. This number or algorithm is used by each computer. Who has short number or small number, he has first priority to transmit the data over the network and other computers will wait for their turn.

WAN

WAN stands for Wide Area Network, in which two local area networks are connected through public n/w. it may be through telecommunication infrastructure or dedicated lines. For e.g: - ISDN lines, Leased lines etc.In which we can use WAN devices and WAN technology. You can also connect with your remote area through existing Internetwork called Internet.

Devices

Hub

Hub is centralized device, which is used to connect multiple workstations. There are two types of Hub: -

(i) Active Hub(ii) Passive Hub

it has no special kind of memory. It simply receives the frame (data) and forwards it to all its nodes except the receiving node. It always performs broadcasting. In case of hub, there is one collision domain and one broadcast domain. In case of hub, the media access method is used CSMA/CD (Carrier Sense Multiple Access/Collision Detection).

(i) Active Hub In Active hub, it receives the frame regenerate and then forward to all its nodes.

Page | 8

Page 9: Nat report 1

(ii) Passive Hub In Passive hub, it simply receives the frame and forward to all its connected nodes.

You cannot perform LAN segmentation using hub.

Switch

Switch is also used to connect multiple workstations. Switch is more intelligent than hub. It has special kind of memory called mac address/filter/lookup table. Switch reads mac addresses. Switch stores mac addresses in its filter address table. Switch when receives frame, it reads the destination mac address and consult with its filter table. If he has entry in its filter table then he forwards the frame to that particular mac address, if not found then it performs broadcasting to all its connected nodes.

Every port has its own buffer memory. A port has two queues one is input queue and second is output queue. When switch receives the frame, the frame is received in input queue and forward from output queue. So in case of switch there is no chance or place for collisions. In case of switch, the media access method is used CSMA/CA (Carrier Sense Multiple Access/ Collision Avoidance). Switches provide more efficiency, more speed and security.

There are two types of switches: -

(i) Manageable switches (can be configured with console cable).

(ii) Non-manageable switches.

We can perform LAN segmentation by using switches.

Bridge

Bridge is a hardware device, which is used to provide LAN segmentation means it is used for break the collision domain. It has same functionality as performed by switch. We can use bridge between two different topologies. It has fewer ports. Each port has a own buffer memory. It works on Data Link Layer of OSI model. It also read mac address and stores it in its filter table. In case of bridge there is one broadcast domain.

Router

Router is hardware device, which is used to communicate two different networks. Router performs routing and path determination. It does not perform broadcast information. There are two types of routers: -

(i) Hardware Routers are developed by Cisco, HP.

(ii) Software Routers is configured with the help of routing and remote access. This feature is offered by Microsoft. This feature is by default installed, but you have to enable or configure it.

Hardware routers are dedicated routers. They are more efficient.

But in case of software routers, it has less features, slow performance. They are not very much efficient.

Page | 9

Page 10: Nat report 1

Lan Card

Lan card is media access device. Lan card provide us connectivity in the network. There is a RJ45 (Registered Jack) connector space on the Lan card. RJ45 is used in UTP cable. There is another led which is also called heartbeat of Lan card. When any activity occur it may be receiving or transmitting any kind of data. This led start blinking and also tell us the status of lan card.

LAN Topologies

BUS Topology

Cable Type – Coaxial

Connector Type – BNC (Bayonet Neill-Concelman), T type, Terminator

Coaxial – Thick Maximum length – 500 meters

N/w devices 100

Coaxial – Thin Maximum length – 185 meters

N/w devices 30

Page | 10

Page 11: Nat report 1

Star Topology

Cable type - UTP

Connector type - RJ45

Maximum Length – 100 meters (with proper color coding)

UTP (Unshielded Twisted Pair)

STP (Shielded Twisted Pair)

In case of hub media access method will be CSMA/CD.

Page | 11

Page 12: Nat report 1

Ring Topology

Cable - UTP

There is token ring method used, so there is no collision chance.

Ethernet Family

Speed Base band10 Base 2 200-meter Coaxial cable10 Base 5 500-meter Thick Coaxial cable10 Base T 100 meter Twisted Pair (UTP)10/100(present) Base TX 100 meter UTP100 Base T4 100 meter UTP 4 Pairs used100 Base FX up to 4 kms Fiber Optic1000(Server) Base TX 100 meter UTP1000 Base FX up to 10 kms Fiber Optic10000 Base FX Fiber Optic

Color

Green – Green white

Orange – Orange white

Blue – Blue white

Brown – Brown white

Green cable has maximum twists.

Page | 12

Page 13: Nat report 1

Pin Configuration

Cross Straight

1 3 1 1

2 6 2 2

3 1 3 3

6 2 6 6

Straight Cable

1 Orange white - Orange white

2 Orange - Orange

3 Green white - Green white

4 Blue - Blue

5 Blue white - Blue white

6 Green - Green

7 Brown white - Brown white

8 Brown - Brown

Cross Cable

1 Orange white - Green white

2 Orange - Green

3 Green white - Orange white

4 Blue - Blue

5 Blue white - Blue white

6 Green - Orange

7 Brown white - Brown white

8 Brown - Brown

Page | 13

Page 14: Nat report 1

RJ45 Connector

OSI (Open Systems Interconnection) Model

OSI model is the layer approach to design, develop and implement network. OSI provides following advantages: -

(i) Designing of network will be standard base.(ii) Development of new technology will be faster.(iii) Devices from multiple vendors can communicate with each other.(iv) Implementation and troubleshooting of network will be easy.

(1) Application Layer: - Application layer accepts data and forward into the protocol stack. It creates user interface between application software and protocol stack.

(2) Presentation Layer: -This layer decides presentation format of the data. It also able to performs other function like compression/decompression and encryption/decryption.

(3) Session Layer: -This layer initiate, maintain and terminate sessions between different applications. Due to this layer multiple application software can be executed at the same time.

(4) Transport Layer: -Transport layer is responsible for connection oriented and connection less communication. Transport layer also performs other functions like

a. Error checkingb. Flow Control

BufferingWindowingMultiplexing

c. Sequencingd. Positive Acknowledgemente. Response

Page | 14

Page 15: Nat report 1

(5) Network Layer

This layer performs function like logical addressing and path determination. Each networking device has a physical address that is MAC address. But logical addressing is easier to communicate on large size network.

Logical addressing defines network address and host address. This type of addressing is used to simplify implementation of large network. Some examples of logical addressing are: - IP addresses, IPX addresses etc.

(6) Data Link Layer

The functions of Data Link layer are divided into two sub layersa. Logical Link Controlb. Media Access Control

(i) Logical Link Control defines the encapsulation that will be used by the NIC to delivered data to destination. Some examples of Logical Link Control are ARPA (Ethernet), 802.11 wi-fi.

(ii) Media Access Control defines methods to access the shared media and establish the identity with the help of MAC address. Some examples of Media Access Control are CSMA/CD, Token Passing.

(7) Physical Layer

Physical Layer is responsible to communicate bits over the media this layer deals with the standard defined for media and signals. This layer may also perform modulation and demodulation as required.

Router Architecture

Page | 15

Page 16: Nat report 1

Incomplete IOS

IOS

Startup Configuration

Non-Volatile RAM

Router Access Modes

When we access router command prompt the router will display different modes. According to the modes, privileges and rights are assigned to the user.

User mode

Page | 16

Processor

Memory Controller

BIOS ROM

NVRAM

RAM

Flash RAM O/S

I/O Controlle

LAN

WAN

Page 17: Nat report 1

In this mode, we can display basic parameter and status of the router we can test connectivity and perform telnet to other devices. In this mode we are not enable to manage & configure router.

Privileged mode

In this mode, we can display all information, configuration, perform administration task, debugging, testing and connectivity with other devices. We are not able to perform here configuration editing of the router.

The command to enter in this mode is ‘enable’. We have to enter enable password or enable secret password to enter in this mode. Enable secret has more priority than enable password. If both passwords are configured then only enable secret will work.

Global configuration

This mode is used for the configuration of global parameters in the router. Global parameters applied to the entire router.For e.g: - router hostname or access list of routerThe command enter in this mode is ‘configure terminal’.

Line configuration mode

This mode is used to configure lines like console, vty and auxiliary. There are main types of line that are configured.(i) Console router(config)#line console 0

(ii) Auxiliary router(config)#line aux 0

(iii) Telnet or vty router(config)#line vty 0 4

Interface configuration mode

This mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI etc.Router(config)#interface <type> <number>Router(config)#interface serial 1

Routing configuration mode

This mode is used to configure routing protocol like RIP, EIGRP, OSPF etc.

Page | 17

Page 18: Nat report 1

Router(config)#router <protocol> [<option>]Router(config)#router ripRouter(config)#router eigrp 10

Configuring Password

There are five types of password available in a router

(1) Console Password router#configure terminal router(config)#line console 0 router(config-line)#password <word> router(config-line)#login router(config-line)#exit

to erase password do all steps with no command.

(2) Vty Passwordrouter>enablerouter#configure terminalrouter(config)#line vty 0 4router(config-line)#password <word>router(config-line)#loginrouter(config-line)#exit

(3) Auxiliary Passwordrouter#configure terminalrouter(config)#line Aux 0router(config-line)#password <word>router(config-line)#loginrouter(config-line)#exit

(4) Enable Passwordrouter>enablerouter#configure terminalrouter(config)#enable password <word>router(config)#exit

(5) Enable Secret PasswordEnable Password is the clear text password.

Router>enableRouter#configure terminalRouter(config)#enable secret <word>Router(config)#exit

Page | 18

Page 19: Nat report 1

Encryption all passwords

All passwords other than enable secret password are clear text password. We can encrypt all passwords using level 7 algorithm. The command to encrypt all password are

Router#configure terminalRouter(config)#service password-encryption

Managing Configuration

There are two types of configuration present in a router(1) Startup Configuration(2) Running Configuration

(1) Startup configuration is stored in the NVRAM. Startup configuration is used to save settings in a router. Startup configuration is loaded at the time of booting in to the Primary RAM.

(2) Running Configuration is present in the Primary RAM wherever we run a command for configuration, this command is written in the running configuration.

To save configuration

Router#copy running-configuration startup-configuration OrRouter#write

To display running-configuration

Router#show running-configuration

To display startup configuration

Router#show startup-configuration

To erase old configuration

Router#erase startup-configurationConfiguring HostName

Router#configure terminalRouter#hostname <name><name>#exit or end or /\z

Configuration Interfaces

Page | 19

Page 20: Nat report 1

Interfaces configuration is one of the most important part of the router configuration. By default, all interfaces of Cisco router are in disabled mode. We have to use different commands as our requirement to enable and configure the interface.

Configuring IP, Mask and Enabling the Interface

Router#configure terminalRouter(config)#interface <type> <no>Router(config-if)#ip address <ip> <mask>Router(config-if)#no shutdownRouter(config-if)#exit

To configure Interface description

Router#configure terminalRouter(config)#interface <type> <no>Router(config-if)#description <line>

To display interface status

Router#show interfaces (to show all interfaces)Router#show interface <type> <no>

This command will display following parameters about an interface1) Status2) Mac address 3) IP address4) Subnet mask5) Hardware type / manufacturer6) Bandwidth7) Reliability8) Delay9) Load ( Tx load

Rx load)10) Encapsulation11) ARP type (if applicable)12) Keep alive

Configuring secondary IP

Router#config terminalRouter(config)#interface <type> <no>Router(config-if)#IP address 192.168.10.5 255.255.255.0Router(config-if)#IP address 192.168.10.18 255.255.255.0 secondaryRouter(config-if)#no shutdown (to enable the interface because they always shutdown)

Page | 20

Page 21: Nat report 1

Router(config-if)#exit

Router#show run (to display secondary IP)

To display commands present in history

Router#show history

To display history size

Router#show terminal

Configuring Banners

Banners are just a message that can appear at different prompts according to the type. Different banners are: -

Message of the day (motd)This banner appear at every access method

IP Address v4

IP address is a 32-bit address. It is divided into four octets. Each octet has 8 bits. It has two parts one is network address and second is host address. in local area network, we can used private IP address, which is provided by IANA (Internet Assigning Numbering Authority). IP addresses are divided into five classes.

Page | 21

Page 22: Nat report 1

Class Range N/w bits Host bits Subnet mask Total IP Valid IP

A 1 – 126 8 24 255.0.0.0 16777216 16777214

B 128 – 191 16 16 255.255.0.0 65536 65534

C 192 – 223 24 8 255.255.255.0 256 254

D 224 – 239 it is reserved for multicast.

E 240 – 255 it is reserved for research/scientific use.

We can use first three classes. IANA provides private IP addresses from first three classes.

Class Private IP Range

A 10.0.0.0 – 10.255.255.255

B 172.16.0.0 – 172.31.255.255

C 192.168.0.0 – 192.168.255.255

Subnet Mask

Subnet mask is also 32-bit address, which tell us how many bits are used for network and how many bits are used for host address.

In Subnet mask Network bits are always 1 and Host bits are always 0.

IP Addresses invalid or reserve IP Addresses

When we are going to assign IP addresses to our computers then we have to follow some rules.

Rules: -

(1) All Host bits cannot be 0 (10.0.0.0), because it represent network address which is reserved for router.

(2) All Host bits cannot be 1 (10.255.255.255), because this is broadcast address of that network (10th network).

(3) All bits cannot be 0 (0.0.0.0), because this address is reserved for Default routing. Default routing is used in case of Stub n/w (means our network has one exit point).

(4) All bits cannot be 1 (255.255.255.255), because this is reserved for Broadcasting.

(5) 127.0.0.1 - This is Loopback address, which is used for self-communication or troubleshooting purpose.

C:\>ipconfig

C:\>ipconfig/all

Page | 22

Page 23: Nat report 1

It shows all detail.

IP Routing

When we want to connect two or more networks using different n/w addresses then we have to use IP Routing technique. The router will be used to perform routing between the networks. A router will perform following functions for routing.

(1) Path determination(2) Packet forwarding

Page | 23

Page 24: Nat report 1

(1) Path determination The process of obtaining path in routing table is called path determination. There are three different methods to which router can learn path.i) Automatic detection of directly connected n/w.ii) Static & Default routingiii) Dynamic routing

(2) Packet forwarding It is a process that is by default enable in router. The router will perform packet forwarding only if route is available in the routing table.

Static Routing

In this routing, we have to use IP route commands through which we can specify routes for different networks. The administrator will analyze whole internetwork topology and then specify the route for each n/w that is not directly connected to the router.

Steps to perform static routing

(1) Create a list of all n/w present in internetwork.(2) Remove the n/w address from list, which is directly connected to n/w.(3) Specify each route for each routing n/w by using IP route command.

Router(config)#ip route <destination n/w> <mask> <next hop ip>

Next hop IP it is the IP address of neighbor router that is directly connected our router.

Static Routing Example: -

Router#conf terRouter(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2

Advantages of static routing

(1) Fast and efficient.(2) More control over selected path.(3) Less overhead for router.

Disadvantages of static routing

(1) More overheads on administrator.(2) Load balancing is not easily possible.(3) In case of topology change routing table has to be change manually.

Page | 24

Page 25: Nat report 1

Alternate command to specify static route

Static route can also specify in following syntax: -Old Router(config)#ip route 172.16.0.0 255.255.0.0 172.25.0.2OrRouter(config)#ip route 172.16.0.0 255.255.0.0 serial 0

Default Routing

Default routing means a route for any n/w. these routes are specify with the help of following syntax: -Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop>

Or<exit interface>

To display routing table

Router#sh ip route

To check all the interface of a router

Router#sh interface brief

Dynamic Routing

In dynamic routing, we will enable a routing protocol on router. This protocol will send its routing information to the neighbor router. The neighbors will analyze the information and write new routes to the routing table.

The routers will pass routing information receive from one router to other router also. If there are more than one path available then routes are compared and best path is selected. Some examples of dynamic protocol are: -RIP, IGRP, EIGRP, OSPF

Types of Dynamic Routing Protocols

According to the working there are two types of Dynamic Routing Protocols.(1) Distance Vector(2) Link State

According to the type of area in which protocol is used there are again two types of protocol: -

Page | 25

Page 26: Nat report 1

(1) Interior Routing Protocol(2) Exterior Routing Protocol

Autonomous system

Autonomous system is the group of contiguous routers and n/w, which will share their routing information directly with each other. If all routers are in single domain and they share their information directly with each other then the size of routing updates will depend on the no. of n/w present in the Internetwork. Update for each n/w may take 150 – 200 bytes information. For example: - if there are 1000 n/ws then size of update will be

200*1000 = 200000 bytesThe routing information is send periodically so it may consume a large amount of bandwidth in our n/w.

Domain

Protocols

Distance Vector Routing

The Routing, which is based on two parameters, that is distance and direction is called Distance Vector Routing. The example of Distance Vector Routing is RIP & IGRP.

Operation: -

Page | 26

Interior Routing

Exterior RoutingBorder Routing

AS 200AS

AS

Page 27: Nat report 1

(1) Each Router will send its directly connected information to the neighbor router. This information is send periodically to the neighbors.

(2) The neighbor will receive routing updates and process the route according to following conditions: - (i) If update of a new n/w is received then this information is stored in routing table. (ii) If update of a route is received which is already present in routing table then route will be refresh that is route times is reset to zero. (iii) If update is received for a route with lower metric then the route, which is already present in our routing table. The router will discard old route and write the new route in the routing table. (iv) If update is received with higher metric then the route that is already present in routing table, in this case the new update will be discard.

(3) A timer is associated with each route. The router will forward routing information on all interfaces and entire routing table is send to the neighbor. There are three types of timers associated with a route.

Configuring RIPRouter#conf terRouter(config)#router ripRouter(config-router)#network <own net address>Router(config-router)#network <own net address>----------------------------

Page | 27

Page 28: Nat report 1

Router(config-router)#exit

172.16.0.6

10.0.0.1 172.16.0.5 175.2.1.1

200.100.100.12

Router(config-router)#network 10.0.0.0Router(config-router)#network 172.16.0.0Router(config-router)#network 200.100.100.0

175.2.0.0 via 172.16.0.6

Configuring IGRP

Router(config)#router igrp <as no>(1 – 65535)Router(config-router)#network <net address>Router(config-router)#network <net address>Router(config-router)#exit

Serial E1 modem Serial E1

2048 k 2048 k256 k

Page | 28

R1

Page 29: Nat report 1

sync

Configuring following options in IGRP as same as in case of RIP: -

(1) Neighbor (2) Passive interface(3) Timer(4) Distance (AD)(5) Maximum path

Link State Routing

This type of routing is based on link state. Its working is explain as under

(1) Each router will send Hello packets to all neighbors using all interfaces.(2) The router from which Hello reply receive are stored in the neighborship table. Hello packets are send periodically to maintain the neighbor table.

Page | 29

Page 30: Nat report 1

(3) The router will send link state information to the all neighbors. Link state information from one neighbor is also forwarded to other neighbor.(4) Each router will maintain its link state database created from link state advertisement received from different routers.(5) The router will use best path algorithm to store the path in routing table.

Problems of Link State Routing

The main problems of link state routing are: -(1) High bandwidth consumption.(2) More hardware resources required that is processor and memory (RAM)

The routing protocols, which use link state routing are: -(1) OSPF(2) EIGRP

Enhanced Interior Gateway Routing Protocol

Features: -* Cisco proprietary* Hybrid protocol

Link StateDistance Vector

* Multicast Updates usingAddress 224.0.0.10

* Support AS* Support VLSM* Automatic Route Summarization* Unequal path cost load balancing* Metric (32 bit composite)

BandwidthDelayLoadReliabilityMTU

* Neighbor Recovery* Partial updates* Triggered updates* Backup Route

Configuring EIGRP

Router(config)#router eigrp <as no>Router(config-router)#network <net addr.>Router(config-router)#network <net addr.>Router(config-router)#exit

Page | 30

Page 31: Nat report 1

OSPF Terminology

Already known topics in this: -(1) Hello packets(2) LSA (Link State Advertisement)(3) Neighbor(4) Neighbor table(5) Topology table (LSA database)

Router ID

Router ID is the highest IP address of router interfaces. This id is used as the identity of the router. It maintaining link state databases. The first preference for selecting router ID is given to the Logical interfaces. If logical interface is not present then highest IP of physical interface is selected as router id.

Highest ip is router id of a router

50.0.0.6

11.0.0.2 13.0.0.1

Area

Area is the group of routers & n/ws, which can share their routing information directly with each other.

Adjacency

A router is called adjacency when neighbor relationship is established. We can also say adjacency relationship is formed between the routers.

OSPF Hierarchical Model Area 0

Page | 31

Page 32: Nat report 1

Area 20 Area 70 Area 90

Area Router (Autonomous System Border Router – ASBR)

A router, which has all interfaces member of single area, is called area router.

Page | 32

br br br

abr abr abr

asbr ar ar ar

ar ar ar

Page 33: Nat report 1

Backbone Area

Area 0 is called backbone area. All other areas must connect to the backbone area for communication.

Backbone Router

A router, which has all interfaces members of area 0, is called backbone router.

Area Border Router

A router, which connects an area with area 0, is called area border router.

LSA Flooding in OSPF

If there are multiple OSPF routers on multi access n/w then there will be excessive no. of LSA generated by the router and they can choke bandwidth of the network.

L K M N

A B C D

A B C D

B A A A NeighborC C B BD D D CL K M N

This problem is solved with the help of electing a router as designated router and backup designated router.

Designated Router

Page | 33

Page 34: Nat report 1

A router with highest RID (router id) will be designated router for a particular interface. This router is responsible for receiving LSA from non-DR router and forward LSA to the all DR router.

Backup Designated Router

This router will work as backup for the designated router. In BDR mode, it will receive all information but do not forward this information to other non-DR router.

Commands to configure OSPF

Router#conf terRouter(config)#router ospf <process no>Router(config-router)#network <net address> <wild mask> area <area id>Router(config-router)#network <net address> <wild mask> area <area id>Router(config-router)#exit

Wild Mask – Complement of subnet mask

Example 255.255.0.0 0.0.255.255

255.255.255.255 - Subnet mask

Wild mask

255.255.255.255 - 255.255.192.0 subnet mask

0.0.63.255 wild mask

Page | 34

Page 35: Nat report 1

Area 0

200.100.100.33/30 200.100.100.34/30

200.100.100.66/27 200.100.100.160/26

R1Router(config)#router ospf 33Router(config-router)#network 200.100.100.32 0.0.0.3 area 0Router(config-router)#network 200.100.100.64 0.0.0.31 area 0Router(config-router)#exit

R2Router(config)#router ospf 2Router(config-router)#network 200.100.100.32 0.0.0.3 area 0Router(config-router)#network 200.100.100.128 0.0.0.63 area 0Router(config-router)#exit

Access Control ListACL are the basic security feature that is required in any network to control the flow of traffic. Most of time our network may have servers and clients for which traffic control is required.

We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality of Service), Prioritize traffic and interesting traffic for ISDN.

Classification Access Control List: -

Types of ACL based on Protocol: -(1) IP Access Control List(2) IPX Access Control List

Page | 35

R1 R2

Page 36: Nat report 1

(3) Appletalk Access Control List

Types of ACL based on Feature: -(1) Standard ACL(2) Extended ACL

Types of ACL based on Access mode: -(1) Numbered ACL(2) Named ACL

Types of ACL based on Order of rules: -(1) Deny, permit(2) Permit, deny

IP Standard ACL (Numbered)In Standard ACL, we are only able to specify source address for the filtering of packets. The syntax to create IP standard ACL are: -

Router#conf terRouter(config)#access-list <no> <permit|deny> <source>Router(config)#exit

<source> Single pc host 192.168.10.5192.168.10.5192.168.10.5 0.0.0.0

N/w 200.100.100.0 0.0.0.255

Subnet 200.100.100.32 0.0.0.15

Applying ACL on interface

Router#conf terRouter(config)#interface <type> <no>Router(config-if)#ip access-group <ACL no.> <in|out>Router(config-if)#exit

Internet

Page | 36

Router

Page 37: Nat report 1

Router(config)#access-list 25 permit 192.168.10.32 0.0.0.31Router(config)#access-list 25 permit 192.168.10.64 0.0.0.3Router(config)#access-list 25 permit 192.168.10.68Router(config)#access-list 25 permit 192.168.10.69Router(config)#access-list 25 permit 192.168.10.70

Router(config)#interface serial 0Router(config-if)#ip access-group 25 out

IP Standard ACL (Named)In Numbered ACL editing feature is not available that is we are not able to delete single rule from the ACL. In Named ACL editing feature is available.

Router#config terRouter(config)#ip access-list standard <name>Router(config-std-nacl)#<deny|permit> <source>Router(config-std-nacl)#exit

Router#conf terRouter(config)#ip access-list standard abcRouter(config-std-nacl)#deny 172.16.0.16Router(config-std-nacl)#deny 172.16.0.17Router(config-std-nacl)#deny 172.16.0.18Router(config-std-nacl)#permit anyRouter(config-std-nacl)#exit

To modify the ACL

Router#conf terRouter(config)#ip access-list standard abcRouter(config-std-nacl)#no deny 172.16.0.17Router(config-std-nacl)#exit

Page | 37

Page 38: Nat report 1

IP Extended ACL (Numbered)Extended ACL are advanced ACL. ACL, which can control traffic flow on the basis of five different parameters that are: -(i) Source address(ii) Destination address(iii) Source port(iv) Destination port(v) Protocol (layer 3/layer 4)

The syntax to create Extended ACL

Router#conf terRouter(config)#access-list <no> <deny|permit> <protocol> <source> [<s.port>]

<destination> [<d.port>]router(config)#exit

To display ACL

Router#show access-lists orRouter#show access-list <no>

To display ACL applied on interface

Router#show ip interface

Router#show ip interface <type> <no>Router#show ip interface Ethernet 0Time-Based ACLsIn this you can specify a certain time of day and week and then identity that particular period by giving it a name referenced by a task. The reference function will fall under whatever time constraints you have dictated. The time period is based upon the router’s clock, but it is highly recommended that using it in conjunction with Network Time Protocol (NTP) synchronization.

Router#conf terRouter(config)#time-range no-httpRouter(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00Router(config-time-range)#exit

Router(config)#time-range tcp-yesRouter(config-time-range)#periodic weekend 06:00 to 12:00

Page | 38

Page 39: Nat report 1

Router(config-time-range)#exit

Router(config)ip access-list extended timeRouter(config-ext-nacl)#deny tcp any any eq www time-range no-httpRouter(config-ext-nacl)#permit tcp any any time-range tcp-yes

Router(config-ext-nacl)#interface f0/0Router(config-if)#ip access-group time inRouter(config-if)#do show time-range

Network Address Translation

NAT is the feature that can be enable in a Router, Firewall or a Pc. With the help of NAT, we are able to translate network layer addresses that are IP addresses of packets. With the help of Port Address Translation, we are also able to translate port no.s present in transport layer header.

There are two reasons due to which we use NAT: -

(1) Conserve Live IP address On Internet, there are limited no of IP addresses. If our Pc wants to communicate on Internet then it should have a Live IP address assigned by our ISP. So that IP address request will depend on no. of PCs that we want to connect on Internet. Due to this, there will be a lot of wastage in IP

Page | 39

Page 40: Nat report 1

addresses. To reduce wastage, we can share live IP addresses between multiple PCs with the help of NAT.

(2) NAT enhances the network security by hiding PC & devices behind NAT.

Working of NAT & PAT

10.0.0.5

10.0.0.6 10.0.0.1 200.100.100.12

10.0.0.7

10.0.0.8

Port Translation1100

Page | 40

NAT

Internet

Switch

10.0.0.5200.100.100.12

10.0.0.6200.100.100.12

10.0.0.7200.100.100.12

10.0.0.8200.100.100.12

Page 41: Nat report 1

Types of NAT

Static NAT

This NAT is used for servers in which one Live IP is directly mapped to one Local IP. This NAT will forward on the traffic for the Live IP to the Local PC in the n/w.

Static NAT 200.1.1.5 = 192.168.10.6

Live 200.1.1.5

Local 192.168.10.6

Dynamic NAT

Dynamic NAT is used for clients, which want to access Internet. The request from multiple client IPs are translated with the Live IP obtained from the Pool. It is also called Pool Based Dynamic NAT.

Pool => 200.1.1.8 – 200.1.1.12/28Local address => 172.16.X.XExcept => 172.16.0.5

172.16.0.6 172.16.0.7

Page | 41

Router Internet

Router

Internet

Page 42: Nat report 1

Web Server DNS Full access 172.16.X.X 172.16.0.5 172.16.0.6 172.16.0.7

Configuring NAT

Router#conf terRouter(config)#int serial 0Router(config-if)#ip nat outsideRouter(config-if)#int eth 0Router(config-if)#ip nat insideRouter(config-if)#exit

Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53

Router(config)#access-list 30 deny 172.16.0.5Router(config)#access-list 30 deny 172.16.0.6Router(config)#access-list 30 deny 172.16.0.7Router(config)#access-list 30 permit anyRouter(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240Router(config)#ip nat inside source list 30 pool abc overload

NAT + PAT

Command for Basic NAT

Router(config)#ip nat inside source list 30 interface serial 0 <exiting interface name>

To display NAT translation

Page | 42

Page 43: Nat report 1

Router#sh ip nat translations(after ping any address, it shows ping details)

To clear IP NAT Translation

Router#clear ip nat Translation *

SECURING PRIVATE ENVIORNMENT BY USING NAT

PROJECT REPORT

Page | 43

Page 44: Nat report 1

The project is based on network addressing translation(nat). The beauty of configuring nat on routers is that it can help users access internet on private ip address which are otherwise excluded by internet service provider(isp).We have used inter VLAN technology to make work efficient between 3 different and independent organisations. The vlans have been divided into web servers and internet clients.

DESCRIPTIONWe have three organisations. Org1, org2 and org3.Each organisation comprises a router, to route the data from and to isp. There are manageable switches in each organisation and we have created separate vlans for servers and internet clients.If we want the communication between the internet clients and servers then we configure inter vlan concept on the router. And if we want to block some internet clients cannot access our servers then we create acl for that particular user.These organisations are linked externally to an isp which provides live(public) ip addresses to each organisation, and isp also provides the internet connections to others.

Page | 44

Page 45: Nat report 1

CONFIGURATIONFOR ORG1

%SYS-5-CONFIG_I: Configured frROUTER ORG1Router>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG1ORG1(config)#line console 0ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exitORG1(config)#line vty 0 4

Page | 45

Page 46: Nat report 1

ORG1(config-line)#password netORG1(config-line)#loginORG1(config-line)#exitORG1(config)#enable password netORG1(config)#enable secret net1ORG1(config)#int f0/0ORG1(config-if)#no sh

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG1(config-if)#exitORG1(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 10.0.0.1 255.0.0.0ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int f0/0.2

ORG1(config-subif)#encapsulation dot1q 3ORG1(config-subif)#ip nat insideORG1(config-subif)#ip address 192.168.10.1 255.255.255.240ORG1(config-subif)#no shORG1(config-subif)#exitORG1(config)#int s0/0/0ORG1(config-if)#ip nat outsideORG1(config-if)#clock rate 64000ORG1(config-if)#ip address 200.10.10.5 255.255.255.252ORG1(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG1(config-if)#exitORG1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0

We have place our web server in the private area so that the internet client cannot directly access it. So, we have configured static nat and open port number 80(http) only.

Page | 46

Page 47: Nat report 1

ORG1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80

In our organisation our clients want to access internet so we will configure dynamic nat with overload for clients.

ORG1(config)#access-list 20 permit anyORG1(config)#ip nat pool netmax 200.10.10.18 200.10.10.18 netmask 255.255.255.240ORG1(config)#ip nat inside source list 20 pool netmax overloadORG1(config)#exit

ORG1#wrBuilding configuration...[OK]ORG1#

SWITCH

Page | 47

Page 48: Nat report 1

Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr

FOR ORG2ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG2ORG2(config)#line console 0ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exit

Page | 48

Page 49: Nat report 1

ORG2(config)#line vty 0 4ORG2(config-line)#password netORG2(config-line)#loginORG2(config-line)#exitORG2(config)#enable password netORG2(config)#enable secret net1ORG2(config)#int f0/0ORG2(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG2(config-if)#exitORG2(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 10.0.0.1 255.0.0.0ORG2(config-subif)#no shORG2(config-subif)#exitORG2(config)#int f0/0.2

ORG2(config-subif)#encapsulation dot1q 3ORG2(config-subif)#ip nat insideORG2(config-subif)#ip address 192.168.10.1 255.255.255.240ORG2(config-subif)#no shORG2(config-subif)#exitORG2(config)#int s0/0/0ORG2(config-if)#ip nat outsideORG2(config-if)#clock rate 64000ORG2(config-if)#ip address 200.10.10.9 255.255.255.252ORG2(config-if)#no sh%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG2(config-if)#exitORG2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG2(config)#ip nat inside source static 10.0.0.2 200.10.10.33ORG2(config)#access-list 20 permit anyORG2(config)#ip nat pool netmax 200.10.10.34 200.10.10.36 netmask 255.255.255.240ORG2(config)#ip nat inside source list 20 pool netmaxORG2(config)#exit%SYS-5-CONFIG_I: Configured from console by console

Page | 49

Page 50: Nat report 1

ORG2#wrBuilding configuration...[OK]ORG2#

SWITCH

Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added: Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr

Page | 50

Page 51: Nat report 1

FOR ORG3ROUTERRouter>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname ORG3ORG3(config)#line console 0ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#line vty 0 4ORG3(config-line)#password netORG3(config-line)#loginORG3(config-line)#exitORG3(config)#enable password netORG3(config)#enable secret net1ORG3(config)#int f0/0ORG3(config-if)#no sh%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to upORG3(config-if)#exitORG3(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-subif)#encapsulation dot1q 2ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 10.0.0.1 255.0.0.0ORG3(config-subif)#no shORG3(config-subif)#exitORG3(config)#int f0/0.2ORG3(config-subif)#encapsulation dot1q 3ORG3(config-subif)#ip nat insideORG3(config-subif)#ip address 192.168.10.1 255.255.255.240ORG3(config-subif)#no shORG3(config-subif)#exitORG3(config)#int s0/0/0

Page | 51

Page 52: Nat report 1

ORG3(config-if)#ip nat outsideORG3(config-if)#clock rate 64000ORG3(config-if)#ip address 200.10.10.13 255.255.255.252ORG3(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to downORG3(config-if)#exitORG3(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0ORG3(config)#ip nat inside source static 10.0.0.2 200.10.10.50ORG3(config)#access-list 20 permit anyORG3(config)#ip nat pool netmax 200.10.10.51 200.10.10.51 netmask 255.255.255.240ORG3(config)#ip nat inside source list 20 pool netmax overloadORG3(config)#exit%SYS-5-CONFIG_I: Configured from console by consoleORG3#wrBuilding configuration...[OK]ORG3#

SWITCH

Switch>enSwitch#vlan database% Warning: It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode.Switch(vlan)#vlan 2 name serverVLAN 2 added:

Page | 52

Page 53: Nat report 1

Name: serverSwitch(vlan)#vlan 3 name clientsVLAN 3 added: Name: clientsSwitch(vlan)#exitAPPLY completed.Exiting....Switch#config tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#int f0/1Switch(config-if)#switchport access vlan 2Switch(config-if)#exitSwitch(config)#int range f0/2 - 3Switch(config-if-range)#switchport access vlan 3Switch(config-if-range)#exitSwitch(config)#int f0/24Switch(config-if)#switchport mode trunkSwitch(config-if)#exitSwitch(config)#exitSwitch#wr

REFERENCES

Wikipedia Google www.edu.ac.in NETMAX TECHNOLOGIES CISCO

Page | 53