ccna training document

7/27/2019 Ccna Training Document

1/65

Red AppleMG Road,VIJAYAWADA-10 AP. Ph: 92903-56810, 91-866-2474763

Web:www.redapple.net.in e-mail: [email protected]

CCNA TRAINING DOCUMENT

Schedule

I week Basics of Networking

IP Address

Subnet Mask

Broadcast IP AddressOSI Model

Routing Fundamentals

Sub-netting

II week and after -- CISCO

Command Line Interface(CLI)Routing Static and Dynamic (RIP, IGRP, OSPF, EIGRP)

Remote Management Telnet + CDP

Access-List

NAT

WANprotocols (PPP, HDLC, FR)

Technologies ISDN, FR

Switching

Booting BackupConfig, IOS
http://www.redapple.net.in/http://www.redapple.net.in/http://www.redapple.net.in/


2/65



1. NETWORKING-BASICS

Network Connection of Computers

Ethernet

Ethernet uses only one cable that is used to connect all over the world

RJ45/CAT 5/CAT 6/10 baset. Earlier Token ring was used in Ethernet.

Types

1. Broadcast Multi-Access: All systems are connected to the network and

only the addressed system receives the packets. First messages are

broadcasted, addresses are received and then the packets are unicasted.

2. Point-to-point: Only two computers are connected. Address is not

mandatory (But is present).It is not broadcasted.

Routers: Router is an intelligent device that receives data (packet) and checks

from where it comes and where it goes (in the best route).Router is a CISCO

product.

RJ45 RJ11 RJ11 RJ45

Router Telecom

Ethernet (Fibre Optics)

R R ServerFO

O


3/65



Data in a network is packed such that it travels in a any media such as RJ45,fibre

optics etc.,

Note: CCNA tells about

How to connect computers? How hosts systems talks to each other, when and why?

How it interacts with the router and how router talks to the outer world?

Networks are divided as the private (illegal, reserved, non-routable) and

public (Legal) networks. The private networks are secured leased lines that areover a particular area-used internally only. The public networks are world wide.

Router Router Ethernet

Computers will have two addresses:1. Logical Address IP Address2. Physical Address Hardware address

-- MAC address

-- Ethernet address-- Permanent address

MAC Address Media Access Control Address. No two network cards will have

the same MAC addresses.

E.g.: 0010ab 1234cd

Vendor Card No.Code

Operating System: OS interfaces between the hardware and the software. The

software program that binds itself to the machine components

We need a protocol to transfer data between two systems else your system will be

a stand-alone system. In order for two systems to communicate NOS (Network

Operating Systems) is needed.

TCP/IP is used to transfer data between systems. It is not a single protocol

instead it is a stack of protocols.

R R

Private

secured

leased line

Public

network

Server


4/65



TCP Transmission Control Protocol

UDP User Datagram Protocol

IP Internet Protocol

ARP Address Resolution Protocol

RARP Reverse Address Resolution Protocol

ICMP Internet Control Messaging Protocol

IGMP - Internet Group Messaging Protocol

2. IP ADDRESS

Quality of IP Address (Borrowed from the Human & Telecom networks)

1. Identification and Location

2. Same length

3. Network is divided based on the size

IP Address 32 bit address

Divided into 4 octets

0-255 0-255 0-255 0-255

Each octet is of,

This ranges from 00000000 . 11111111 i.e. from 0 to 255.

IP Address has two parts.

1. Location (NID Network ID)

2. Identification (HID - Host ID)

TCP UDP

IP ARP RARP ICMP IGMP

27 26 25 24 23 22 21 20222222222222222222222

22128 64 32 16 8 4 2 1


5/65



Network Classifications

Class A

NID HID

(Network ID) (Host ID)

NID 8 bits.

HID 24 bits.

Network ID

There 8 bits and so - 28 networks are possible = 256 networks. These 0-255 values infirst octet are shared among other classes also. We have values ranging in 0-127 for

Class A.

I octet

MSB LSB

128 64 32 16 8 4 2 1

MSB Most Significant BitLSB Least Significant Bit

128(MSB) is reserved for Class A as 0 always.

0.0.0.0 Reserved for representing any network.

127.0.0.0 Loop Back Address.

.

Thus Class A can have 1-126 networks.

E.g. 10.0.0.0 is a Class A Network

Host ID

If the hosts IDs are 0 then it represents the Network and not the host. If the hosts

IDs are 1 then it represents the Broadcast address for the particular network.

E.g.

0 0 0 0 0 0 0 0

1 1 1 1 1 1 1


6/65



10.0.0.0 ----------- Network Address(All HID 0)

10.0.0.1 ----------- First Host IP Address(All HID

0except the least)

10.255.255.254 ----------- Last Host IP Address(All HID

1except the least)

10.255.255.255 ----------- Broadcast IP Address(All HID 1)

Class B

NID HID

(Network ID) (Host ID)

NID 16 bits.

HID 16 bits.

Network ID:

I octet

MSB LSB

128 64 32 16 8 4 2 1

Two bits are reserved for Class B.

The other bits can be from 000000 to 111111.

NID has 2 octets out of which two 2 bits are reserved.

216 - 2 = 214 = 16384 networks for Class B.

E.g. 172.16.0.0 is a Class B network.

Host ID

If the hosts IDs are 0 then it represents the Network and not the host. If the hostsIDs are 255 then it represents the Broadcast address for the particular network.

E.g.

170.27.0.0 ----------- Network Address

170.27.0.1 ----------- First Host IP Address

170.27.255.254 ----------- Last Host IP Address

170.27.255.255 ----------- Broadcast IP Address

Class C

1 0 0 0 0 0 0 0

1 1 1 1 1 1


7/65



NID HID(Network ID) (Host ID)

NID 24 bits.

HID 8 bits.

Network ID

I octet

MSB LSB

128 64 32 16 8 4 2 1

The last three bits are reserved for Class C.

The others can be from 00000 to 11111.

NID has 3 octets out of which two 3 bits are reserved.

224 3 = 221 = 2097152 networks for Class C.

E.g. 202.14.0.0 is a Class C network.

Host ID

If the hosts IDs are 0 then it represents the Network and not the host. If the hostsIDs are 255 then it represents the Broadcast address for the particular network.

E.g.

194.21.16.0 ----------- Network Address

194.21.16.1 ----------- First Host IP Address

194.21.16.254 ----------- Last Host IP Address

194.21.16.255 ----------- Broadcast IP Address

Class D: Class D can have 224 239 networks. They are used for Multicasting.Class E: Class E can have 240 255 networks. They are used for Research purposes.

Note: From the above given addresses some addresses are reserved for the private

networks. They are,

10.0.0.0 --------- A

172.16.0.0 to 172.31.0.0 --------- B

192.168.0.0 to 192.168.255.0 --------- C

Broadcasting:

1 1 0 0 0 0 0 0

1 1 1 1 1


8/65


Web:www.redapple.net.in e-mail: [email protected] involves delivering a message from one sender to many recipients. This

broadcast is 'limited' in that it does not reach every node on the Internet, only nodes on

the LAN.Broadcast address is found by ORing the IP address and the bit complement of the

subnet mask.

E.g. : Let 190.16.4.9 be the IP address(Class B network).

The subnet mask for class B network is 255.255.0.0

---bit complement is 0.0.255.255

190.16.4.9 ---- 10111110000100000000010000001001

0.0.255.255 ---- 00000000000000001111111111111111

190.16.255.255 ---- 10111110000100001111111111111111

SUMMARY

Class N/w

Bits

Host

bits

Range- I

octet

MSB

fixed

No of

n/ws

No of

hosts

FHID LHI

D

BC

Addr

Subnet

mask

A 8 24 1-126 0 126 224-2 X.0.0.1 X.255

.255.254

X.255.2

55.255

255.0.0.0

B 16 16 128-191 10 216-2=214 216-2 X.Y.0.1 X.Y.2

55.25

4

X.Y.25

5.255

255.

255.0.0

C 24 8 192-223 110 224-3=221 28-2 X.Y.Z.1 X.Y.

Z.254

X.Y.Z.2

55

255. 255.

255.0

D 224-239

E 240-255

All

HIDs 1

NID-1

HID-0

4. OSI REFERENCE MODEL

OSI Open Systems Interconnection.This is designed by the ISO(International StandardOrganisations).This model is developed from the TCP/IP Model given by the

DoD,Department of Defence,US.


9/65


Web:www.redapple.net.in e-mail: [email protected] Systems: Irrespective of the plaltform ,open to any platform.

The OSI Model comprises of 7 layers.

OSI Model

(International Standard Organisation)

TCP/IP Model

(Department of Defence,US)

PHYSICAL LAYER

Physical layer is about the physical connections/media between the networks.

Connections may be bound or unbound.

Bound UTP, STP, Coaxial, Fibre optics..Unbound Infrared rays, Blue tooth, Radio waves, Micro waves

UTP Unsheilded Twisted Pair.

10 base T10 base 10

100 base 10

Bandwidth Signal Length of the

Frequency cable

87.5 m (accurately)

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

4

3

2

1

AMP


10/65


Web:www.redapple.net.in e-mail: [email protected] cable

Ethernet Cross over and Straight Through CablesThere are 8 pins in the cables and or of different colours to identfy.

PIN N0 WIRE COLOR CROSSED-OVER STRAIGHT-THROUGH

1 Orange/White 3 1

2 Orange 6 2

3 Green/White 1 3

4 Blue 4 4

5 Blue/White 5 5

6 Green 2 67 Brown/White 7 7

8 Brown 8 8

If there are more then two systems,connecting them to each and every systems are

not possible.In such cases we use Hub or Switches to connect the systems.

Hub(Concentrator):Hubs operate on the physical layer.Hubs are nothing

but a repeater, that sends copy to all the systems during communicaton.A

hub can contain multiple ports.

HUB

1 3 4 5

HUB

2 4 6 8


11/65



In a hub with 8 ports, each connected to a system.If system-1 has to send data tosystem-8 it sends data to system-8 and also to all other systems that are connected to the

hub. If the data transfer rate is 10 mbps that is shared to send data to all the systems.

Full Duplex

If transmission takes place in one line and data is received in another line,it is said to be in Full Duplex.

Half Duplex

If transmission and received in same line, it is said to be in Half Duplex.

DATA LINK LAYER All the systems in the network are identified and are ready to send the data.

This layer concentrates on

How the data look like? Format.

To whom the data is being sent and from where it is coming?

It checks for any collision or error? Error Detection.Error Detection is

done by CSMA/CD(Carrier Sense Multilpe Access/Collision Detection)

that continuously senses the line to check if there is any error or collision.

Network Interface Card(NIC) contains the MAC(Media Access Control)

Address.

Sub Layers of Data Link Layer:

LLC Logical Link Control:It is concerned with managing the

traffic over the networkWhile carrying the packet from the Data link layer to the network

layer it should also carry data saying that it is a IP packet logical

link between Datalink layer and the Network layer.

10.0.0.0

I

P

A

T

IP

X


12/65



MAC Media Access Control: It is concerned with sharing thephysical connection to the network among several computers. Each

computer has its own MAC address.

Frame in the Data link layer consists the To and From MAC address.

Most popular layer-2 component is the Switch.

Switch: A network switch is a small hardware device that joins multiple

computers together within one LAN Technically, network switches

operate at layer 2 i.e Data Link Layer.A switch unlike hub sends data only to the specific system that

requested the data.Switch maintains the MAT (MAC Address Table) to look up the

MAC address of the hosts to which it needs to send the data. First time it

broadcasts and there after it maintains the addresses.

Port Number MAC address

NETWORK LAYER

This layer concentrates on routing the packet to the destination in the best route.

Packtes in the network layer contains the To and From IP address.

In the following figure there are 4 data links between the the two networks.

10.0.0.0 20.0.0.0 40.0.0.0 60.0.0.0

Router1 Router2 Router3

Router


13/65


Web:www.redapple.net.in e-mail: [email protected] LAYER

This layer is a software layer(A transport layer product is introduced now.)

The role of the transport layer is to provide a reliable, end-to-end data transport

between source and destination machines. This layer concentrates on,

Segments: The exchanged between the communicating hosts are called thesegments. This layer packetizes(i.e. turns into segments). The size of the

segment ranges to less than or equal to the MTU(Maximum Transmission

Unit=1500 bytes).

Sequence numbers

Check sum Acknowledgement

Error checking

Windowing

3-way handshake

Port numbers

HTTP-80

FTP-21- CONTROL,20 - DATA

SMTP-25

TELNET-23

POP3-110

The connection may be connection oriented or connectionless.

Connection oriented

Establishes a connection

Transmits data

Ends connection

TCP/IP provides a reliable and connection-oriented service.

Connectionless:

Data delivery

Error checkingUDP provides an unreliable and connection-less service.

SESSION LAYER

The session layer allows users on different machines to establish sessions between

them. A session management takes place whenever a session opens and ends.

If the port is inactive for a particular period of time the port is reset (the session is

closed).


14/65



Source Quench: It is a message from one host to another host saying that to

reduce the speed of data transfer. It is one way to control data flow over the

network.

PRESENTATION LAYER This layer is concerned with the presentation of data that is transferred between

two application processes.

It ensures that the date exchanged between them has a common meaning Shared

semantics.(common presentation style)

Data are transferred in Binary or ASCII format .

If any compression or encryption are needed they are also agreed upon.]\

APPLICAION LAYER

This layer ensures that it provides service for an application program tocommunicate with other application program in the network.

This layer concentrates on,

Communication partners

Quality of service

User authentication

Constraints on data.

NOTE:

1.Encapsulation-Give the right information to the right user.

2.Disdavantage of TCP/IP communication? Acknowledgement

PLDL

NL

TL

SL

PL

AL


15/65



3. Which takes part in all layers of OSI model?

a. Router

b. Amplifier

c. Bridge

d. Network Management station

e. Network host

f. Web Server

Ans : d,e and f takes part in all layer activities.They are all hosts.

5. ROUTING FUNDAMENTALS

Concepts

Routing Table

Default Gateway

Windows DOS Commands

Ipconfig

Ipconfig /all

Route Print Route Add

Route Delete

Ping

arp a

tracert

Protocols

ICMP

ARP

ROUTING TABLEA routing table is a database in which a routing protocolstores information about

the network layertopology of the intranet work (The IP Addresses are looked up herebefore the packets are being routed).

Routing table can be built in two ways:

1. Manual

Route add MASK

(Forwarding Router)

E.g. Route add 30.0.0.0 MASK 255.0.0.0 10.0.0.1
http://www.redapple.net.in/http://www.redapple.net.in/http://www.tech-faq.com/routing-protocols.shtmlhttp://www.tech-faq.com/network-layer.shtmlhttp://www.tech-faq.com/routing-protocols.shtmlhttp://www.tech-faq.com/network-layer.shtmlhttp://www.redapple.net.in/


16/65


Web:www.redapple.net.in e-mail: [email protected]. Default Gateway

PING command: Sends a packet through the internet to grope the destination host. Echo

Request and Reply are the two pairs in ICMP message. The ICMP checks whether thereis an error during communication.

Echo Request

Echo Reply

50.0.0.2 70.0.0.1 90.0.0.1

50.0.0.0 70.0.0.0

30.0.0.0 R1 R2 R3 90.0.0.030.0.0.1 50.0.0.1 70.0.0.2

While pinging a host from the source,If the host/network is not configured with

the router and if it does not identify the destination system in the routingtable,then the following ICMP message is generated,

Destination Host Unreachable

While pinging a host from the source,If the host is connected and configured to

the router, the host sends all its messages to the router and then forwarded to the

destination. Now if the router is enable to identify the destination IP Address inthe routing table,then the following ICMP message isgenerated,

Reply from ; bytes=32 time=10ms TTL=128

While pinging a host from the source,If the destination host is not connected to

the network or if the cable is loosely connected or if the destination host does not

respond to the source request then thefollowing ICMP error message isgenerated,

Request timed out

arp a


17/65


Web:www.redapple.net.in e-mail: [email protected] command is used to obtain the MAC address of the destination host.

C:\>arp -a

Interface: 9.184.45.180 --- 0x2Internet Address Physical Address Type

9.184.45.1 00-00-0c-07-ac-2d dynamic9.184.45.15 00-0d-60-8c-9d-93 dynamic

9.184.45.100 00-0d-60-fb-e4-ed dynamic

9.184.45.184 00-11-25-48-14-22 dynamic

C:\>arp d 10.0.0.1

Deletes the MAC address of the particular host.

tracertThe tracert command is used to visually see a network packet being sent and

received and the amount of hops required for that packet to get to its destination.

C:\>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options:-d Do not resolve addresses to hostnames.

-h maximum_hops Maximum number of hops to search for target.

-j host-list Loose source route along host-list.

-w timeout Wait timeout milliseconds for each reply.

C:\>tracert 9.184.45.148

Tracing route to 9.184.45.148 over a maximum of 30 hops

1 *


18/65



5

C 211.0.0.0 211.0.0.1 211.0.0.254 211.0.0.255 255.255.255.0

6. SUBNETTING

Subnetting is the process of subdividing your networks into subnets that are

meaningful, for the effective management of IP Address.With the help of mathematicalfunctions we divide network itno subnets. Due to this congestion is controlled.

a. If 9.0.0.5 sends a packet to 9.0.0.3 hub copies and sends the packet to all the otherhosts also(Broadcasts).Once it broadcasts it receives the MAC address, it unicasts to

every hosts.Here packet is received by only the destination that matches the To

address(MAC address).

9.0.0.2 9.0.0.3

9.0.0.5 9.0.0.4

HUB

b. In case if a hub is replaced by the switch, intially it broadcasts and receives the MAC

address.After that the switch sends the packet only to the particular destination host and

doesnot send copies to other systems.

c. In case if a router is replaced with the switch/hub, broadcasting and unicasting takes

place.But it ensures that the MAC address doesnot cross the particular network/LAN.

Divide the following network consisting of 2 subnets

CLASS NETWORK FHID LHID BroadCast SubnetMask

A 10.0.0.0 10.0.0.1 10.255.255.25

4

10.255.255.25

5

255.0.0.0

To get 2 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.

2n-2>=no of subnets


19/65


Web:www.redapple.net.in e-mail: [email protected] to get two subnets, we need to borrow 2 bits from the host id.

128 64

NID HID

Therefore the subnets are,

10.64.0.0 and 10.128.0.0

Class Subnet FHID LHID BroadCast SubnetMask

A 10.64.0.0 10.64.0.1 10.127.255.254 10.127.255.255 255.192.0.0

A 10.128.0.0 10.128.0.1 10.191.255.254 10.191.255.255 255.192.0.0

64+(32+16+8+4+2+1)=64+63=127 128+64=192

128+63=191

Total no of host id bits=24 -2(borrowed)=22.

So, The no of hosts possible in each subnet = 222-2 = 4194304-2 = 4194302 hosts



A 10.0.0.0 10.0.0.1 10.255.255.254

10.255.255.255

255.0.0.0

To get 6 subnets,

21-2=2-2=0 subnets

22-2=4-2=2 subnets.

23-2=8-2=6 subnets

Hence to get 6 subnets, we need to borrow 3 bits from the host id.

128 64 32

NID HID

Therefore the subnets are, 10.32.0.0

10.64.0.010.96.0.0

10.128.0.0

2n-2>=no of subnets


20/65



10.192.0.0


A 10.32.0.0 10.32.0.1 10.63.255.254 10.63.255.255 255.224.0.0A 10.64.0.0 10.64.0.1 10.95.255.254 10.95.255.255 255.224.0.0

A 10.96.0.0 10.96.0.1 10.127.255.254 10.127.255.255 255.224.0.0

A 10.128.0.0 10.128.0.1 10.159.255.254 10.159.255.255 255.224.0.0

A 10.160.0.0 10.160.0.1 10.191.255.254 10.191.255.255 255.224.0.0

A 10.192.0.0 10.192.0.1 10.223.255.254 10.223.255.255 255.224.0.0

32+(16+8+4+2+1)=32+31=63 128+64+32=224

Total no of host id bits=24 -3(borrowed)=21.So, The no of hosts possible in each subnet = 221-2 = 2097152-2 = 2097150 hosts.



A 10.0.0.0 10.0.0.1 10.255.255.25

4

10.255.255.25

5

255.0.0.0

To get 14 subnets,

21-2=2-2=0 subnets

22-2=4-2=2 subnets.

23-2=8-2=6 subnets

24-2=16-2=14 subnets


128 64 32 16

NID HID

Therefore the subnets are,10.16.0.0

10.32.0.0

10.48.0.0|

10.224.0.0

2n-2>=no of subnets


21/65




A 10.16.0.0 10.16.0.1 10.31.255.254 10.31.255.255 255.240.0.0

A 10.32.0.0 10.32.0.1 10.47.255.254 10.47.255.255 255.240.0.0

A 10.48.0.0 10.48.0.1 10.63.255.254 10.63.255.255 255.240.0.0.. ................ . .. ..

A 10.208.0.0 10.208.0.1 10.223.255.254 10.223.255.255 255.240.0.0

A 10.224.0.0 10.224.0.1 10.239.255.254 10.239.255.255 255.240.0.0

16+(8+4+2+1)=16+15=31 128+64+32+16=240


So, The no of hosts possible in each subnet = 220-2 = 1048576-2 = 1048574 hosts.

How many bits you need to borrow to get 23 subnets.

To get 23 subnets,

21-2=2-2=0 subnets

22-2=4-2=2 subnets.

23-2=8-2=6 subnets

24-2=16-2=14 subnets25-2=32-2=30 subnets


128 64 32 16 8

NID HID

Therefore the subnets are,10.8.0.0

10.16.0.0

10.24.0.0

2n-2>=no of subnets


22/65


Web:www.redapple.net.in e-mail: [email protected]|

10.184.0.0

|10.240.0.0


A 10.8.0.0 10.8.0.1 10.15.255.254 10.15.255.255 255.248.0.0

A 10.16.0.0 10.16.0.1 10.23.255.254 10.23.255.255 255.248.0.0

A 10.24.0.0 10.24.0.1 10.31.255.254 10.31.255.255 255.248.0.0

.. ................ . .. ..

A 10.184.0.0 10.184.0.1 10.191.255.254 10.191.255.255 255.248.0.0

. ..

A 10.240.0.0 10.240.0.1 10.247.255.254 10.247.255.255 255.248.0.0

8+(4+2+1)=8+7=15 128+64+32+16+8=248



How many bits you need to borrow to get 45 subnets.

To get 45 subnets,

21-2=2-2=0 subnets

22-2=4-2=2 subnets.

23-2=8-2=6 subnets24-2=16-2=14 subnets

25-2=32-2=30 subnets

26-2=64-2=62 subnets


128 64 32 16 8 4

NID HID

Therefore the subnets are,

10.4.0.010.8.0.0

2n-2>=no of subnets


23/65



|

10.180.0.0|

10.248.0.0


A 10.4.0.0 10.4.0.1 10.7.255.254 10.7.255.255 255.252.0.0

A 10.8.0.0 10.8.0.1 10.11.255.254 10.11.255.255 255.252.0.0

A 10.12.0.0 10.12.0.1 10.15.255.254 10.15.255.255 255.252.0.0

.. ................ . .. ..

A 10.180.0.0 10.180.0.1 10..183.254 10.183.255.255 255.252.0.0

. ..

A 10.248.0.0 10.248.0.1 10.251.255.254 10.252.255.255 255.252.0.0

4+(2+1)=4+3=7 128+64+32+16+8+4=252



Divide the following network consisting of 75 and 150 subnets

CLASS NETWORK FHID LHID BroadCast SubnetMask A 10.0.0.0 10.0.0.1 10.255.255.25

410.255.255.255

255.0.0.0

To get 2 subnets,

21-2=2-2=0 subnets22-2=4-2=2 subnets.

23-2=8-2=6 subnets

24-2=16-2=14 subnets.

25

-2=32-2=30 subnets26-2=64-2=62 subnets.

27-2=128-2=126 subnets28-2=256-2=254 subnets


And to get 150 subnets, we need to borrow 8 bits from the host id.

128 64 32 16 8 4 2

NID HID

2n-2>=no of subnets


24/65


25/65


Web:www.redapple.net.in e-mail: [email protected] get 9 subnets,

21-2=2-2=0 subnets

22-2=4-2=2 subnets.

23-2=8-2=6 subnets24-2=16-2=14 subnets


128 64 32 16

NID HID


170.0.32.0170.0.48.0

|

170.0.128.0

170.0.144.0

Class Subnet FHID LHID BroadCast SubnetMask B 170.0.16.0 170.0.16.1 170.0.31.254 170.0.31.255 255.255.240.0

B 170.0.32.0 170.0.32.1 170.0.47.254 170.0.47.255 255.255.240.0

B 170.0.48.0 170.0.48.1 170.0.79.254 170.0.79.255 255.255.240.0

B . . . . ..

B 170.0.128.0 170.0.128.1 170.0.143.254 170.0.143.255 255.255.240.0

B 170.0.144.0 170.0.144.1 170.0.175.254 170.0.175.255 255.255.240.0

16+(8+4+2+1)=16+15=31 128+64+32+16=240

Total no of host id bits=16 -4(borrowed)=14




B 170.0.0.0 170.0.0.1 170.0.255.25

4

170.0.255.25

5

255.255.0.0

To get 99 subnets,

2n-2>=no of subnets

2n-2>=no of subnets


26/65



21-2=2-2=0 subnets22-2=4-2=2 subnets.

23-2=8-2=6 subnets

24-2=16-2=14 subnets

25-2=32-2=30 subnets26-2=64-2=60 subnets

27-2=128-2=126 subnets


128 64 32 16 8 4 2

NID HID


170.0.4.0170.0.6.0

|

170.0.250.0

170.0.252.0


B 170.0.2.0 170.0.2.1 170.0.3.254 170.0.3.255 255.255.240.0

B 170.0.4.0 170.0.4.1 170.0.5.254 170.0.5.255 255.255.240.0

B 170.0.6.0 170.0.6.1 170.0.7.254 170.0.7.255 255.255.240.0

B . . . . ..

B 170.0.250.0 170.0.250.1 170.0.251.254 170.0.251.255 255.255.240.0

B 170.0.252.0 170.0.252.1 170.0.253.254 170.0.253.255 255.255.240.0

2+(1)=2+1=3 128+64+32+16+8+4+2=254


So, The no of hosts possible in each subnet = 29-2 =512-2 = 510 hosts.-----------------------------------------------------------------------------------------------------------

-



C 200.0.0.0 200.0.0.1 200.0.0.254 200.0.0.255 255.255.255.0

To get 2 subnets,


27/65



21-2=2-2=0 subnets

22-2=4-2=2 subnets.


128 64

NID HID


200.0.0.128


C 200.0.0.64 200.0.0.65 200.0.0.126 200.0.0.127 255.255.255.192

C 200.0.0.128 200.0.0.129 200.0.0.190 200.0.0.191 255.255.255.192

64+(32+16+8+4+2+1)=64+63=127 128+64=192

Note:127 is the Broadcast id.


So, The no of hosts possible in each subnet = 26-2 =64-2 =62 hosts.

Divide the following network consisting of 23 hosts.

To get 2 subnets,

28-2=256-2=254 hosts

27-2=128-2=126 hosts26-2=64-2=62 hosts

25-2=-32-2=30 hosts-----------------23-2=-8-2=6 subnets

24-2=16-2=14 hosts

Hence to get 23 hosts, we need to borrow 3 bits from the host id so that 5 bits will be left.

128 64 32

2n-2>=no of subnets

2no of bits left-2>=no of hosts

2No of bits left

-2 >= No of hosts2No of bits borrowed 2 >= No of subnets


28/65


Web:www.redapple.net.in e-mail: [email protected] HID


192.168.1.64

192.168.1.96

|192.168.1.192(we borrow 3 bits and so 32*6 =192)


C 192.168.1.32 192.168.1.33 192.168.1.62 192.168.1.63 255.255.255.224

C 192.168.1.64 192.168.1.65 192.168.1.94 192.168.1.95 255.255.255.224

C 192.168.1.192 192.168.1.193 192.168.1.222 192.168.1.223 255.255.255.224

32+(16+8+4+2+1)=32+31=63 128+64+32=192

Total no of host id bits= 8-3(borrowed)=5

So, The no of hosts possible in each subnet = 25-2 =32-2 =30 hosts in each subnet.

Divide the following network consisting of 11 hosts.

To get 2 subnets,

28-2=256-2=254 hosts27-2=128-2=126 hosts

26-2=64-2=62 hosts

25-2=-32-2=30 hosts24-2=16-2=14 hosts---------------------24-2=-16-2=14

23-2=8-2=6 hosts

Hence to get 11 hosts, we need to borrow 4 bits from the host id so that 4 bits will be left.

128 64 32 16

NID HID

Therefore the subnets are, 192.168.1.16192.168.1.32

192.168.1.48

|192.168.224.(we borrow 3 bits and so 16*14=224)

2no of bits left-2>=no of hosts


29/65




C 192.168.1.16 192.168.1.17 192.168.1.30 192.168.1.31 255.255.255.240

C 192.168.1.32 192.168.1.33 192.168.1.46 192.168.1.47 255.255.255.240

C . . ... .. .C 192.168.1.224 192.168.1.225 192.168.1.254 192.168.1.255 255.255.255.240

16+(8+4+2+1)=16+15=31 128+64+32+16=240



Divide the following network consisting of 17 subnets.

To get 2 subnets,

21-2=2-2=0 subnets

22-2=4-2=2 subnets

23-2=8-2=6 subnets24-2=16-2=14 subnets

25-2=32-2=30 subnets

Hence to get 17 subnets, we need to borrow 5 bits from the host id.128 64 32 16 8

NID HID


192.168.1.16

192.168.1.24

|192.168.1.136(we borrow 5 bits and so 8*17=136)

|

192.168.1.240(we borrow 5 bits and so 8*30=240)


C 192.168.1.8 192.168.1.9 192.168.1.14 192.168.1.15 255.255.255.248

C 192.168.1.16 192.168.1.17 192.168.1.22 192.168.1.23 255.255.255.248

C . . ... .. ..

C 192.168.1.240 192.168.1.241 192.168.1.246 192.168.1.247 255.255.255.248

8+(4+2+1)=8+7=15 128+64+32+16+8=248

Total no of host id bits= 8-5(borrowed)=3So, The no of hosts possible in each subnet = 23-2 =8-2 =6 hosts in each subnet.

2no of bits borrowed-2>=no of subnets


30/65



Divide the following network consisting of 50 subnets.

To get 2 subnets,

21-2=2-2=0 subnets

22-2=4-2=2 subnets

23-2=8-2=6 subnets24-2=16-2=14 subnets

25-2=32-2=30 subnets

26-2=64-2=62 subnets


128 64 32 16 8 4

NID HID


192.168.1.8

192.168.1.12|


|



C 192.168.1.4 192.168.1.5 192.168.1.6 192.168.1.7 255.255.255.252

C 192.168.1.8 192.168.1.9 192.168.1.10 192.168.1.11 255.255.255.252

C . . ... .. ..

C 192.168.1.248 192.168.1.249 192.168.1.250 192.168.1.251 255.255.255.252

4+(2+1)=4+3=7 128+64+32+16+8+4=252



NOTE : Subnetting Principle

Donot change your NID

Borrow HID bits to Nid

Octet structure and bit values will not changes

Rules for FHID, LHID, BC and SNM will not change.

2no of bits borrowed-2>=no of subnets


31/65


32/65



Serial port/WAN port

Power point

To enter the hyperterminal

Programs Acessories CommunicationHyperterminal

(Hypetterminal window opens)

-prompts for the screen name(not the router name)

-connect to window select com1 ok

-com1 properties window select restore default ok

-save and exit Once you switch on the router (if new router that is not configured / brand new

router) it will prompt as ,

Would u like to enter initial configuretion dialog[yes/no]:

(if pressed no )

press return to get started(enter)

Router>

(this is the first prompt in the router.This is called the user mode or the

user execution mode)

Router> enable (enter)

Router#(this is called the priviliged mode/enabled mode /priviliged

executable mode not every one can enter restrictions provided)

cisco commands are not case sensitive

The user and the priviliged mode are not configurable mode , they are executable

only . we can see all the configurations that exists and no new configurationsadded or no troubleshooting.

U can find the errors in these two modes but cannot be rectified.

Router#show running-config(enter)

(this command displays the currently running configuration)

Router#copy xxx

Router#configure terminal(enter)

Router(config)#(this is the global configuration mode-where u can make new

configurations)

To change the hostname

Router(config)#hostname abc(enter)

abc(config)#

Specific configuration mode

Router(config)#interface ethernet 0/fastethernet 0/serial 0/serial 1(enter)

Router(config-if)#

Console


33/65



Router(config)#Line console 0(enter)

Router(config-line)#

To set username and password to the router(for the user and priviliged mode)(For console)

To set password for the user mode,

Router(config-line)#password xxxx

Router(config-line)#login

-enter the pasword-specify that in the line console mode.

press return to get started

u will be prompted for the password

password: (once u enter the password and press enter)

Router>

To set username & password for the user mode,

Router(config)#username xxxx password xxxx

Router(config-line)#login local

-enter the username and password in the global confifuration mode-specify that in the line console as login local

-By default the password would be displyed in the above.For to displaythe encrypted password

Router(config)#service password-encryption

To set password for the privileged mode,Router(config)#enable password/secret xxxx-enter the username and password in the global configuration mode

-specify that in the line console as login(Optional)

To exit from each mode we can use exit or (ctrl + z)

Press Return to get started

User mode

Disable Exit

Enable mode

Exit

Global configuration mode ----------- ctrl z

Exit

Specific configuration mode


34/65



2. STATIC ROUTING (L eased Line )

V.35

Router Router

Network Telecom Network

companyFig-a

Two networks that are geographically apart are connected with the help of the

telecom company.

The network cable given by the telecom company to the LAN is the RJ11

cable.But the cable to the router is the RJ45 cable.Hene there should be amediator to synchronize the flow. So, Modem is used for that process.

R R


35/65



RJ11 RJ45

Telecom

Company

Fig-a can be represented as,

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0

E0 S0 S0 E0HOR BOR

How to give IP address to the Router and configure it?

Administratively by default all the interfaces are shutdown,when is router is on.

So it is important to give no shutdown.Unless interfaces are not shutdown it is

not possible to ping a system(from any mode-user or privileged).

To check the IP address

Router#sh run

Router#sh interface

Router#sh interface e 0

Router#sh interface s 0

Router#sh ip interface brief

To check the routing table

Router#sh ip route

Note: By default router is DTE(Data terminal Euipment).It is mandatory to give the

clock rate for the DCE end,inorder to synchronize the data flow.

RModem

R

2

R

1


36/65



To debug IP packet

Router#debug ip packet

To stop debugging the IP packet

Router#no debug ip packet

To stop all debuggings

Router#undebug all (u all)

3. DYNAMIC ROUTING

40.0.0.0 50.0.0.0

80.0.0.0

20.0.0.0 30.0.0.010.0.0.0 70.0.0.0

60.0.0.0

In the above figure there are 3 different paths to travel from 10.0.0.0 network to

70.0.0.0 network.

Based on the parameters like distance, bandwidth, no. of hops etc., the best path is

chosen.This work is done by the router based on the routing table.

The routing protocols helps the router to find the best path.

R R

R

R R


37/65



Dynamic routing

Distance Link State

Vector Protocols

Prorocols

RIP OSPF

IGRP IS-IS

BGP

EIGRP(Hybrid)

RIP Routing Information Protocol

IGRP Interior Gateway Routing Protocol

EIGRP Enhanced Interior Gateway Routing Protocol

IGRP & EIGRP works on the cisco Router only(Cisco proprietary).

Routing Protocols build the routing table automatically.

Distance Vector protcols:

RIP decide upon the best route based on the distance and direction(of flow ofpacket in terms of E0 and S0) and IGRP decide upon the best route based on

the distance,bandwidth and delay.

Routing table is broacasted after a particular time.

RIP every 30 sec

IGRP every 90 sec.

Every time whether or not the table is changed it is broacasted. Thisunneccessarily occupies the bandwidth.

Each router knew only the adjacent routers.


38/65



Link state protocols:

Complex protocols

They decide upon the best route based on the bandwidth, delay, load, MTU,

and reliability.

For the first time it broadcasts the table and there after only the state in

send.When there is a change in the table it is broadcasted.

Each router knew the whole topology of the network.

RIP Routing Information Protocols

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1 30.0.0.2 40.0.0.110.0.0.0 40.0.0.0

E0 S0 S0 S1 S0 E0

Ipaddress int hops Ipaddress int hops Ipaddress int hops

During Routing Table broadcasts RIP of R1says to the adjacent router R2 that it is

1 hop for R2.

Assume that there is a problem in cable between R3 and 40.0.0.0 network.Now

the 40.0.0.0 entry in R3 will be removed.R2 broadcasts its known addresses to

R3. With all the addresses R2 sends 40.0.0.0 also with the hop count as 2 though

S1.Again R3 will send its addresses to R2.Now 40.0.0.0 network with hop count 2in R3 will be sent to R2 with hop count 3. This repeats as non stop process and

results in Routing Loops.

To avoid this a maximum hop was set,

RIP 16

C 10.0.0.0 E0 0

C 20.0.0.0 S0 0

C 20.0.0.0 S0 0

C 30.0.0.0 S1 0

C 30.0.0.0 S0 0

C 40.0.0.0 E0 0

R 30.0.0.0 S0 1

R 40.0.0.0 S0 2

R 10.0.0.0 S0 1

R 40.0.0.0 S1 1

R 20.0.0.0 S0 1

R 10.0.0.0 S0 2

R2

R

1R3


39/65


Web:www.redapple.net.in e-mail: [email protected] 100

But when the network is down it was unneccessary for 16 hop counts. So to

overcome that it was decided that router should not broadcast a network in thesame direction from where it was received.This is called Split horizon.

40(3) 10(1) 40(2) 10(2) 40(1) 10(3)

10.0.0.0 40.0.0.020.0.0.0 30.0.0.0

20(1) 20(2)30(1) 20(1)

30(2) 30(1)

R1 will not advertise its route forR3 back to R2. On the surface, this seems redundant

since R2 will never use R1's route because it costs more than R2's route to R3. However,

ifR2's route to R3 goes down, R2 could end up using R1's route, which goes through

R2; R1 would send the packet right back to R2, creating a loop. With split horizon, this

particular routing loop cannot happen.

This logic did not suit the network with mesh topology. To overcome this ,

1. Route poisoning-Route poisoning is a method of preventing a network

from sending packets through a route that has become invalid. When thepath between two routers in a network goes bad, all the routers in the

network are informed immediately. However, it is possible for this

information to be lost, causing some routers to once again attempt to send

packets over the bad route. This requires that they be informed again thatthe route is invalid, and again, this information can be lost.(Routing Loop)

Route poisoning and reverse poisoning are routing loop preventiontechniques used by distance vector routing protocols.

Route poisoning is setting a route's metric to infinity (i.e. max hops+1).

2. Poison reverse allows routers to break the split horizon rule by

advertising information learned from an interface out the sameinterface. However, it can advertise routes learned from an interface

out the same interface with a 16 hop count, which indicates a

destination unreachable, "poisoning" the route. Routers with a route

R

2

R

1R

3


40/65


Web:www.redapple.net.in e-mail: [email protected] a better metric (hop count) to the network ignore the destination

unreachable update.

Poison reverse is the process of breaking the split horizon rule andsending a poisoned route back over the same interface from which it was

learned

Hold-down time:A function that prevents a router from being updated for aspecified period in order to give other nodes some time to reconfigure and prevent

a routing loop. When a router is notified of a route failure, it starts the hold-down

timer. In the meantime, if a notification of a route is received from its neighborwith equal or better metrics than the route that failed, the router stops the timer

and updates its routing table. If the new route metrics are inferior, it keeps the

timer running and does not update (possibly down).

Note:No of hops doesnot represent the no of routers a packet has to cross.

4.CONFIGURING RIP AND IGRP

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 20.0.0.0 30.0.0.0

Note: 123 is the autonomous systems number.It may range from 1 to 65535.A very large

network is difficult to manage.Hence the network is divivded into autonomous systemsand are numbered. It is also done to manage the network and for administrationconvenience. Routers with the same autonomous systems will only communicate.

RIP considered only the distance and direction for routing.Since it was not

efficient IGRP came up that considerd bandwidth,distance,load,delay and other

factors into consideration.

Router chooses the best administrative distance if two routing protocols are giving

the route to a network.Lesser the administrative distance better the path.

RIP and IGRP also have the following differences.

R

2

R

1


41/65



RIP IGRP

Update Interval 30 60

Hold-down timer 180 280Invalid after 180 270

Flushed after 240 630

To check the dynamic routing protocols

Router#sh ip protocols

To display the dynamic changes made in the routing table.

Router#debug ip routing

Router#debug ip ripRouter#debug ip igrp transactions

Router#clear ip route *

5. TELNET (CISCO MANGEMENT PROTOCOLS)

Telnet is the generic service that comes with the TCP/IP to manage the routersautomatically from anywhere.

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0

20.0.0.0

To configure Telnet and set password,

If password is not configured in R2 and if tried to telnet R2(20.0.0.2)User mode

R1#telnet 20.0.0.2

Router will show information as,

Password required,but none set

Connection to 20.0.0.2 is closed

R

2

R

1


42/65



If password is configured in R2 and if u try to telnet R2(20.0.0.2)

R1>telnet 20.0.0.2

User access verification

Password:

If secret not enabled for the privileged mode.

R2>enable

No password set

If the secret password is set

R2>enable Password:

R2# If there are more than 2 sessions opened.Migration can be done within sesssions

by,Disconnecting the sessions

R2>exit

R1#

Suspend a session

R2>(Press) ctrl + shift + 6 and xR1#

To display the sessions opened by a particular user.

R1#sh sessions

To move to the last session

R1#(enter)(enter)

To move to a particular session

R1#session no.(enter)(enter)

To display the users logged on.

R1#sh users

Line no Console IP Address

0 Console

2 Vty 0 20.0.0.1

3 Vty 2 20.0.0.2


43/65



CDP-Cisco Delivery Protocol:This is a layer-2 protocol. It is used to get informationregarding the directly connected cisco devices(neighboring)

R1#sh cdp

R1#sh cdp neighbors

R1#sh cdp neighbors detail(device IP address is obtained by this command)

CDP runs every 60 sec.

Hold time 180 sec.

To check CDP dynamically

R1(config)#cdp run

To stop CDP running dynamically

R1(config)#no cdp run

To change timer and hold timer To check CDP dynamically

R1(config)#cdp time

R1(config)#cdp holdtime

Note: Telnet allows only 5 sessions(vty 0 4).If the 6 th session is tried to opened an

error message is displayed.

R1#telnet 20.0.0.2

Trying Telnet 20.0.0.2

% connection refused by remote host.

6.ACCESS CONTROL LISTS(ACL)

Firewall: A firewall is a hardware/software designed to prevent unauthorised acces

from or to private networks.Types of firewall techniques,

Packet filter-Looks at eachpacket entering or leaving the network

and accepts or rejects it based on user-defined rules.

Application gateway-Applies security mechanisms to specific

applications, such as FTP and Telnetservers.
http://www.redapple.net.in/http://www.redapple.net.in/http://www.webopedia.com/TERM/f/packet.htmlhttp://www.webopedia.com/TERM/f/FTP.htmlhttp://www.webopedia.com/TERM/f/Telnet.htmlhttp://www.webopedia.com/TERM/f/firewall.html#%23http://www.webopedia.com/TERM/f/packet.htmlhttp://www.webopedia.com/TERM/f/FTP.htmlhttp://www.webopedia.com/TERM/f/Telnet.htmlhttp://www.webopedia.com/TERM/f/firewall.html#%23http://www.redapple.net.in/


44/65



Circuit-level gateways-Applies security mechanisms when a TCP

orUDP connection is established. Once the connection has been

made, packets can flow between the hosts without further checking.

Proxy-server-Checks all messages entering and leaving the

network. Theproxy servereffectively hides the true networkaddresses.

When there are only two networks telecom network provides a dedicated line andthere is no need of a firewall here.

But when the networks are connected to the internet we need a firewall.

LAN1 Internet LAN2

Hackers Partners Other Users

There are multiple users accessing the internet and there are hackers who try to access thesecured data.To overcome this firewall is used and is made to sit at the gateway(Router).

VPN-Virtual Private NetworkIt is a private communications networkused within a company, or by several

companies or organizations, to communicate confidentially over a publicly accessible

network.

Basically, a VPN is a private network that uses a public network (usually the

Internet) to connect remote sites or users together. Instead of using a dedicated,

real-world connection such as leased line, a VPN uses virtual connections

routed through the Internet from the companys private network to the remote site

or employee.

Destination

VPN

R1

R2

R

1

R

2
http://www.redapple.net.in/http://www.redapple.net.in/http://www.webopedia.com/TERM/f/TCP.htmlhttp://www.webopedia.com/TERM/f/UDP.htmlhttp://www.webopedia.com/TERM/f/proxy_server.htmlhttp://en.wikipedia.org/wiki/Communications_networkhttp://computer.howstuffworks.com/router.htmhttp://www.webopedia.com/TERM/f/TCP.htmlhttp://www.webopedia.com/TERM/f/UDP.htmlhttp://www.webopedia.com/TERM/f/proxy_server.htmlhttp://en.wikipedia.org/wiki/Communications_networkhttp://computer.howstuffworks.com/router.htmhttp://www.redapple.net.in/


45/65



Source Internet

Hackers Partners Other Users

IDS-Intrusion Detection System-An Intrusion Detection System is used to detect all types

of malicious network traffic and computer usage.It is used to provide security inside the

network.

Essentials for security,

Clearly defined entity

Given in time

Admin decides upon the entity and security implements it.

A good router will have two gateways.An access control lists has the follwing format.

Action SIP SWCM SPNO DIP DWCM DPNO Protocol Interface Directio

*Deny 10.0.0.0 0.255.255.25

5

>1023 30.0.0.1

0

0.0.0.0 80 TCP E0 in

Deny 10.0.0.1

0

0.0.0.0 >1023 30.0.0.1

0

0.0.0.0 80 TCP E0 in

Permit 20.0.0.25

0.0.0.0 >1023 30.0.0.10

0.0.0.0 80 TCP E0 in

*- This field is the definition field that is specified for the network.

The following are the original entries that should be matched to the defined entry.

By default all the IPs are denied once a list is created, ermission should be

specified explicitly. This is called as the implicit deny(for both incoming and

outgoing packets.)

WCM-Wild Card Mask: This represents the bits to be compared with the IP

address.Only if the IP address matches with the defined data is forwarded.

If to be Checked 0

If to be ignored 1

Consider the following example,


46/65



In out

E0 S0 S0 E0

LAN1 LAN2

Out in30.0.0.0 10.0.0.0

Assume a packet moves from LAN1 to LAN2. For R1 binding can be done at E0 or at

S0.If the packet is binded at E0, it is called as in-bound and if it binded at S0, it is called

the out-bound.Similarly if packet moves from LAN2 to LAN1.For R1, the binding may be at S0(in-

bound) or at E0(out-bound).

How do ACLs work in Cisco Routers?

ACLs

Standard Extended(1 99) (100 199)

Standard ACL Action ,ACL number,Source IP, SWCM(Source Wild Card

Mask) are the parameters considered. To configure standard ACL,

R1(config)#Access-list

R1(config)#Access-list 5 deny 30.0.0.10 0.0.0.0

R1(config)#Access-list 5 permit 30.0.0.15 0.0.0.0

Once u specify the list binding should be done at the interface required.

R1(config)#int e 0

R1(config-if)#ip Access-group 5 in

Redefining the action for an IP is not possible in standard ACL.

Extended ACL Action ,ACL number,Source IP, SWCM(Source Wild Card

Mask), Destination IP, DWCM, Protocol, interface and the destination portnumber are the parameters considered. To configure extended ACL,

Once u specify the list binding should be done at the interface required.

To display the ACL

R

1

R

2


47/65



R1#sh Access-list

R1#sh ip Access-list

In Extended ACL

Port no. can be replaced by the port names.

Log gives information about the port no of source, number of packets send, number

of matches made etc.,

Note-1: The above given ACLs were numbered Extended ACLs.There is also named

ACLs, were u can access the ACL with the names

Note-2: For an interface at any time there are minimum of two binds(in and

out).Hence for 10 interfaces there will be a minimum of 20 binds.

7.NETWORK ADDRESS TRANSLATION(NAT)

The process ofnetwork address translation (NAT, also known as network

masquerading orIP-masquerading) involves re-writing the source and/or destinationaddresses ofIPpackets as they pass through a routerorfirewall. Most systems using

NAT do so in order to enable multiple hosts on aprivate networkto access the Internet

using a single public IP address.

Consider,

Original NAT in Source

Translated NAT in Router

From To10.0.0.1

0

30.0.0.20

30.0.0.2

0

10.0.0.10
http://www.redapple.net.in/http://www.redapple.net.in/http://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Packethttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Node_(networking)http://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Packethttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Node_(networking)http://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Internethttp://www.redapple.net.in/


48/65



Source 10.0.0.10

Destination 30.0.0.20

When packet comes from the source to the router,it tranlates the original address

to 20.0.0.3(any IP that is public-should be purchased) and sends to the

destination.Now the destintion knew the source as 20.0.0.3 and replies to that

address. The router when it receives the packet it directs to the 10.0.0.10 bychecking to the NAT table.Port number is kept track.This process is called

Natting.

But if there are multiple sytems requesting from the same port there is a

problem.In this process the port number is translated into a random number andpacket is routed to the destination. This process is called the Patting.

NAT

Dynamic Static

-Many to one -one to one

-IP pool NAT

NAT table has the following format,

Original Translated

From To From port Router To port To From

10.0.0.1

030.0.0.2

0

30.0.0.2

010.0.0.1

0

1045 R1 10001 30.0.0.2

020.0.0.2

3

20.0.0.23

30.0.0.20

10.0.0.2

5

30.0.0.2

0

30.0.0.2

0

10.0.0.2

5

1045 R1 12678 30.0.0.2

0

20.0.0.2

3

20.0.0.23

30.0.0.20

To From

30.0.0.2

0

20.0.0.23

20.0.0.2

3

30.0.0.20


49/65



NAT table is maintained by the router in the RAM. Without configuring RIP

router should be able identify all the websites(using NAT table).

Consider the following figure

20.0.0.2

Private

10.0.0.10 Public30.0.0.20

Inside local Inside global

When a packet comes through (in)E0, check the source list 5(ACL) which

gives the source and SWCM, then forward with S0 interface address and

overload for all systems.

When a packet comes through (in)E0,check the source list 5(ACL) , got to the

pool R1ACL,check the address to be translated(20.0.0.23-20.0.0.30,anyaddress can be assigned to the source IP) and overload for all systems.

1. Static NAT

R1(config)#IP NAT inside source list static 10.0.0.10 20.0.0.23

When a packet comes from 10.0.0.10 through E0(in), then source is translated

to only one address always(20.0.0.23)

Once if u try to ping the Internet the output will be as,

NAT : S = 10.0.0.1020.0.0.23, D = 30.0.0.20[47892]S = 30.0.0.20, D = 20.0.0.23 10.0.0.10[47892]

47892 is the translated port.

To debug NAT

R

1

IR


50/65



R1#debug ip NAT

To display translations

R1#sh ip nat translations

To clear translations

R1#clear ip NAT translations *

8.OSPF & EIGRP

OSPF- Open Shortest Path First

EIGRP-Enhanced Interior Gateway Protocol

Distane Vector Protocols Link State Protocol

Distance is considered BW,delay, load, MTU

Routing Table Broadcasted State of the Link is sent

Adjacent Routers are studied Entire topology is studied

SNO OSPF EIGRP

1 Link state Hybrid(DV + LS)

2 Open protocol(Works on any routers)

Works only on the Cisco Routers

3 Supports only IP protocol Supports multiple protocols like

IP,IPX,Apple Talk etc.,

4 Cost = 108 / Bandwidth Cost calculated based on the Bandwidth,

Delay etc.,

5 Link State Advertisement(LSA) is

made.

(State Link is broadcasted)

Routing Table is broacasted

6 Uses Shortest Path First algorithm-

Dijsktras algorithm to find the best

path(Shortest path)

Uses DUAL(Diffusing Update

Algorithm) is used to find the best path.

7 For every 10 sec a Hello packet is send For every 5 sec a Hello packet is send

8 For every 30 min LSA is made(BC) Whenerver there is a change in the

Routing table it is broacasted.

9 When the Link goes down OSPF needs

to run the SPF algorithm again

When the link goes down EIGRP

proceeds with the Next Best Path.

10 Area is used for administrativeconvinience of a large network

Autonomous System is used foradministrative convinience of a large

network


51/65



In router when RIP is configured, it sends the hop count to its adjacent routers.

But when OSPF is configured in a router,1. A Hello signal is send to all the neighbors of a router in all possible

connections.They can talk if other routers configures with the same

protocol. With the received information a Neighbors Table is constructed.

RB S0 20.0.0.1

RC S1 30.0.0.1

At the end each router will knew about their neighbors.2. Once the neighbors are found they are added in a topology table.Now the

link state is calculated and entered in the table.

Link State is calculated as

After the table is fully constructed, a Link State Advertisement(LSA) ismade i.e the link state is advertised to all the routers in the network.Finalliy all the routers

will knew the entire topology of the network.(all neighbor routers will have identical

information).Note: If two routers are said to have identical information, they are said to maintain

adjacency.

Based on this topology table a topology is being developed. Each router keeps itself as the root and structures the tree(paths).

3. Based on the topology tree a Routing table is developed which has the bestpath calculated from the Shortest Path First (SPF) algorithm.

In OSPF,if the link goes down, router tries to calculate the

alternative path and if it is not able to find,says to the neighbor thatthe link is down. The best path is calculated again with the SPF

algorithm.

In EIGRP, there three distances maintained

Interface Cost

Ethernet Cost = 108/10*106 10

FastEthernet Cost = 108/100*106 1

Serial Cost = 108/1.544*106 64

Cost =108/Bandwidth


52/65



Reported Distance(Received Distance)

Distance got from neighbors

Feasible Distance First best path

Feasible Successor Next best path(In the topology table)

When the link goes down, the router proceeds with the feasible

successor(i.e.the next best path).

Broadcast Multiaccess

Consider the following figure,

40.0.0.1 30.0.0.1

10.0.0.1 10.0.0.2

50.0.0.1 20.0.0.1

10.0.0.6 10.0.0.3

10.0.0.05 10.0.0.4

60.0.0.1 70.0.0.1

In the above figure, if the router sends its link state to its neighbor and the samis

done with all the routers.Finally all will receive multiple copies of the link andresults in a LSA Flooding.

To overcome this flooding election is being conducted among the routers and Designated Router-DR

Back up Designated Router-BDR

Other BDRs.

But there are some issues in this election

1. Who will be the DR?2. How to be elected and managed?

DR is elected based on the Priority and Router-ID.

For OSPF the priority is 1.

HUB/SWITCH

R1

R2

R3

R4

R5

R6


53/65



If the priority is same, the next criteria is the router-

id. The router that has the highest IP address will be elected the router-

id.

In some case if the router with the lowest IP address

wants to be the DR. Here we cant change the IP address but we canassign a dummy IP address by Loopback.

R1(config)#int loopback 0

R1(config-if)#IP address 75.0.0.1 255.0.0.0

R1 is reassigned with the dummy address 75.0.0.1 which is the router-id.

Now the election is between the router-ids and R1 is elected the DR and (thenext highest router-id 70.0.0.1)R4 is elected the BDR.

Once when the election is over all the links are sent to DR/BDR and from there

are forwareded to the other BDRs.

Even when DR and BDR are elected there is and issue that how the link is

received by DR/BDR.

Multicast addressFor OSPF 224.0.0.6 DR

224.0.0.5 BDR

For EIGRP 224.0.0.10

Even in point-to-point flooding takes place.

To solve this the network is divided into autonomous systems in EIGRP and areas

in the case of OSPF.

R

0

R0


54/65



R0 Backnone Area. There should be one Backbone in a network.

Routers connected to the backbone areaArea Border Router.

When the is broadcasted it is filtered and forwarded in the hierarchial structure.

Only routers in the same area will communicate.

Note: When two similar networks are seperated contiguous network.Because whenrouting table is broadcasted subnetmask is not sent.So RIP cant differentiate between the

10.6.0.0/16 and 10.5.0.0/15, since it is a classfull protocol.

10.6.0.0/16 20.0.0.1 20.0.0.2 10.5.0.0/15

Here a classless protocol(OSPF,EIGRP,RIP V2) should be used,where the

subnetmask is sent along with the IP address.

Variable Length SubnetMask(VLSM):

In a network if there arise situation where large number of subnets and host are

wasted, the concept of VLSM is used where different subnet mask is used.

How to configure OSPF and EIGRP?

When there is a choice os OSPF and EIGRP, EIGRP is chosen considering the

administrative distance.Lower the distance better the performance.

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0

R

2

R

1

R

2

R

1


55/65



OSPF

R1(config)#router OSPF

[Process-id 1 to 65535]

R1(config-router)#network area

R1(config)#router OSPF 15

R1(config-router)#network 10.0.0.0 0.255.255.255 area 0


R2(config)#router OSPF 12



There can be more than one processess in a OSPF protocol.

Between two OSPF routers the process-ids need not be the same. The area numbers should be the same.

EIGRP

R1(config)#router EIGRP

[Process-id 1 to 65535]

R1(config-router)#network

R1(config)#router EIGRP 123

R1(config-router)#network 10.0.0.0R1(config-router)#network 20.0.0.0

R2(config)#router EIGRP 123

R2(config-router)#network 10.0.0.0

R2(config-router)#network 20.0.0.0

The autonomous system numbers should be the same while communicating

between the EIGRPs.

For OSPF


56/65



Hello time 10 sec

Dead time 40 sec

Wait time 40 sec

Retransmit time 5 sec

sh ip ospf interface e 0

sh ip ospf int f 0

sh ip ospf int s 0

sh ip ospf neighbor shows neighbor router-id.

sh ip protocols

For OSPF

sh ip eigrp neighbors

sh ip eigrp topology

P Passive A Active

U Update

R Reply

r Reply-state

Note: The advantage of EIGRP over OSPF is the feasible successor in the topology table.

Routing Information Protocol Version 2 (RIP V2).

The basic functionality of the protocol is very much similar to the RIP V1 protocol. TheRIP V2 protocol has some additional features that are not supported by RIP V1 protocol.

They are as listed below :

i. The RIP V2 is a Classless Protocol.

ii. Uses Multicast address instead of Broadcast address.

iii. Supports VLSM.

iv. Performs Auto-summarization.

v. Every routing table update can be authenticated.

1. RIP V2 is a classless protocol; RIP V1 is a classful protocol.

a. Classful Protocol :- Supports networks with default Subnet Mask.

b. Classless Protocol :- Supports subnetted networks, It carries the information of subnet mask

i.e, the no. of bits for network id.


57/65


Web:www.redapple.net.in e-mail: [email protected]. RIP V2 uses Multicast Address; RIPV1 uses Broadcast Address. In RIPV1 Universal

Broadcast(255.255.255.255) is used to send routing table updates for every 30 secs, whereas

RIPV2 uses Multicast (224.0.0.9).

3. RIPV2 allows Authentication, it authenticates the source from which the routing updates are

originated, so that flooding of routing update can be avoided.

4. RIPV2 supports VLSM - it can be abbreviated as Variable Length Subnet Mask. VLSM is

used to conserve ip addresses and helps proper summarization. RIPV1 does not support this.

9.WAN PROTOCOLS

In a LAN all the systems are connected by the same cable and technology. The datalink

layer prepares data accorcing to the physical layer.(when there is a change in the physical

layer, preparation os data in the datalink layer also changes). WAN operates at the datalink layer.

WAN technology operates at the physical layer and WAN software operates at the

datalink layer.

At the datalink layer data preparation is done by some protocols and some of them

are

HDLC High level DataLink Control

PPP Point-to-Point Protocol

Frame-Relay

PPP HDLC

Open to all network devices Works only on the Cisco devices

Supports multiple protocols Supports multiple protocols

User authentication is possibleTwo protocols:

1.PAP-Password Authentication Protocol

2.CHAP-Challenge Handshake Authentication

Protocol.

User authentication is not possible

NOTE: SLIP Serial Link Interface Protocol.

Open to all devices

Supports only to IP protocol

Not used anywhere at present

PAP:

When the username and pwd are matched in the HOR Database,BOR is

allowed.It is Authentication Request.

HO

R

BO

RMy name is BOR.My password

is XXX.I want to talk


58/65



Three-way Handshake:

I want to talk to u(SYN)

S,u can(SYN/ACK)

Ok(ACK)

CHAP

I want to talk to u

Give me password(Challenge)

Response(Password sent as Message Digest-MD)

Message Digest(Message Integrity) is one of the forms of Encryption

Eg: if packet sent is 1000.It is performed with Hash function(HF).

1000(pkt) + HF =Message Digest

Quality of MD:

1. MD I an one-way process.

2. It is always constant.3. A small change will result in a big change in MD.

Once MD reaches the destination, HF is applied over the MD to get the

original message.

How to configure to PPP?

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1

10.0.0.0 30.0.0.0

Client Server

BOR HOR

R

2

R

1


59/65



HOR(config)#int s 0

HOR(config-if)#encapsulation PPP

HOR(config-if)#exit

When encapsulation is done only in one routerlink state goes up and

down ie R1--- PPP, R2---HDLC.

BOR(config)#int s 0

BOR(config-if)#encapsulation PPP

BOR(config-if)#exit

Username HOR(config)#username BORpassword 123 BOR(config)#username HORpassword 123

CHAP HOR(config)#int s 0

HOR(config-if)#PPP

authentication CHAP

BOR(config)#int s 0

BOR(config-if)#PPP

authentication CHAP

Username HOR(config)#username BOR

password 123

BOR(config)#username HOR

password 321

PPP HOR(config)#int s 0HOR(config-if)#PPPauthentication PAP

HOR(config-if)#PPP PAP sent-

username HOR password 321

BOR(config)#int s 0BOR(config-if)#PPPauthentication PAP

BOR(config-if)#PPP PAP sent-

username BOR password 123

To check the encapsulation in the serial interface

HOR#sh int s 0

To debug PPP athentication

HOR#debug PPP authentication

10.ISDN(Integrated Services Digital Network)

ISDN is an example for Circuit switching Network.Here the circuit doesnt existsphysically but get connected when required.When needed to transmit data the user can

dial-up, get connected ,finish the work and get disconnected.

Data and voice are integrated into one services digital network. So the user canaccess the network and telephone at the same time.

X YZA


60/65



LAN 1 LAN 2

Data

System

OR/AND

Service Provoiders

Voice

Digital Phone

Basic Rate Access(BRI):

Data For signall link purposes

Barer To telephone/SystemBarer To telephone/System

Total bandwidth = 144

For voice/data = 12816 For link purposes

Primary Access Data(PRI):

Data For link purposes

Barer For voice/data

Modem


61/65



Data - 1*64 = 64

Barer - 23*64 = 1472

NOTE:In Dedicated line there is a G703 switch in the telecom service provider.In ISDNthere is ISDN switch.

TE-1: Terminal Equipment type-1

4 pair 2 pair Router

BRI0 S/T U

Network Terminal

Adapter-1

Service Proivder

Digital Phone TE1 Isdn Switch

TE-2(Terminal Equipment type-2)

Router R S/T U

R

R

Digital Service Provider Phone

System ISDN Switch

TE2

NT1R

TAR NT1


62/65



U User Mode

S/T Switch and Transfer

R Rate

TA Terminal Adapter

Demarcation Point: It is the point at which the adminstrative control of the

service provider stops and the administrative control of the user starts.

How to configure ISDN?

10.0.0.1 20.0.0.1 20.0.0.2 30.0.0.1E0 BRI0 BRI0

10.0.0.0 Service Provider 30.0.0.0

The link is up only if the ISDN switch is specified.

11. FRAME-RELAY

Frame-relay is an example of a Packet Switched Network. This networkenables end-stations to dynamically share the connection and the available bandwidth.

Here bandwidth is concentrated and not the connectivity.

The Frame Relay frame is transmitted to its destination by way of virtual

circuits (logical paths from an originating point in the network) to adestination point.

TDM-Time Division Multiplexing-In this process users doesnt knew

whether others are sending data or not.Each user is allotted with a time

slot and are to transmit only in that time slot.

STDM-Statistical TDM-In this process all the users knew whether others

are sending information or idle.If they are idle that particular user in turn

can use the full bandwidth and transmit data.

CIR-Frame relay connections are often given a Committed Information

Rate (CIR) and an allowance ofburstablebandwidth known as the

Extended Information Rate (EIR). The provider guarantees that the

connection will always support the CIR rate, and sometimes the EIR rateshould there be adequate bandwidth. Frames that are sent in excess of the

CIR are marked as "discard

ccna training document

Documents