network configuration of lan with man

8/13/2019 Network configuration of LAN with MAN

http://slidepdf.com/reader/full/network-configuration-of-lan-with-man 1/78

1

Chapter-1

Introduction to Organization

HCL Info Systems Limited

HCL Infosystems Ltd., a listed subsidiary of HCL, is an India-based hardware and systems

integrator. It has a presence in 170 locations and 300 service centres throughout India. Its

manufacturing facilities are based in Chennai, Pondicherry and Uttarakhand. It is headquartered

at Noida.

History

With its origins in 1976, HCL Infosystems Ltd is one of the pioneers in the Indian IT market.

HCL Peripherals (a unit of HCL Infosystems Ltd.), founded in the year 1983, is a manufacturer

of computer peripherals in India of Display Products, Thin Client solutions, Information and

Interactive Kiosks and a range of Networking products & Solutions. HCL Peripherals has two

Manufacturing facilities, one in Pondicherry (Electronics) and the other in Chennai

(Mechanical). The company has been given ISO: 27001 certifications.

HCL ERC (Enterprise Response Center) was started to give outstanding support to its customers,

at Pondicherry, in 2007, . It has grown and team of domain experts working in it.

The company operates under three primary segments namely Computer Systems and related

products and services, Telecommunication & Office Automation and Internet and related

services.

Computer Systems and related products and services

Telecommunication & Office Automation

Internet and Related Services



2

HCL Infosystems is ranked #1 in IDC-Dataquest Customer Satisfaction Survey 2011, third year

in a row. DQ-IDC ranks the company #2 Domestic ICT company. It has been selected as

Business Super brands of India by the Super Brands Council. The company has been awarded

with the CMMI (Capability Maturity Model Integration) Maturity Level 5 certification for its

Jaipur Development centre in 2011.

The 35 year old enterprise, founded in 1976, is one of India's original IT garage start ups. Its

range of offerings span R&D and Technology Services, Enterprise and Applications Consulting,

Remote Infrastructure Management, BPO services, IT Hardware, Systems Integration and

Distribution of Technology and Telecom products in India. The HCL team comprises 88,000

professionals of diverse nationalities, operating across 31 countries including 500 points of

presence in India. HCL has global partnerships with several leading Fortune 1000 firms,including several IT and Technology majors.

Courses



3

Networking courses

HCE (HCL CERTIFIED ENTERPRISE ENGINEER)

In Today is IT scenario, there is a huge requirement of IT professionals with a firm grasp of

Hardware and Networking Concepts. With the role of an IT professional not restricted to one

technology alone, the industry requires one to have all-round knowledge of computer hardware

& networking concepts and technologies. The average salaries of such network professionals

which have done a complete course range to more than $90,000 per annum. The course is a great

value addition to the candidates who have completed their graduation in Applied Sciences and

Engineering, and IT field.

Taking into consideration the Industry requirements HCL has come up with an Industry Ready

Course known as HCEE (known as HCE+). The various course contents are-

Course Contents & Unique Features

i. Basic Hardware and Server Technology.

ii. Advanced Networking and Security.

iii. System Engineering on Microsoft Technologies.

iv. Networking Technology & Devices.

v. Linux Administration & Security

vi. Service Desk Institute.

vii. Advanced Storage Technology.

HCNE (NETWORK ENGINEER)

With roles of an IT professionals not just constrained to one technology only, Industry demands

people to have al-round knowledge of Computer Hardware and Networking Concepts ranging to

various Technologies. The average salaries of such network professionals which have done a

complete course range to more than $90,000 per annum.

The course creates great job prospects for the candidates who have a keen inclination towards

making their career in managing IT Infrastructure along with their graduation such that when

they complete the course with graduation they are industry ready and the most sought after

professionals.



4

Course Contents & Unique Features

Taking into consideration the Industry requirements HCL has come up with an Industry Ready

Course known as HCE plus. The various course contents are:

i. Basic Hardware and Server Technology

ii. Advanced Networking and Security

iii. System Engineering on Microsoft Technologies

iv. Networking Technology & Devices

v. Linux Administration & Security

vi. Notebook Technology.

vii. Wireless Network Administration.

HCSA (SYSTEM ADMINISTRATOR)

With the role of an IT professional not restricted to one technology alone, the industry requires

one to have all-round knowledge of computer hardware & networking concepts and technologies

The average salaries of such network professionals which have done a complete course range to

more than $90,000 per annum. The course creates great job prospects for the candidates who

have a keen inclination towards making their career in managing IT Infrastructure along with

their graduation such that when they complete the course with graduation they are industry ready

and the most sought after professionals.

HCSP (SYSTEM PROFESSIONAL)

With the role of an IT professional not restricted to one technology alone, the industry requires

one to have all-round knowledge of computer hardware & networking concepts and

technologies. The average salaries of such network professionals which have done a complete

course range to more than $90,000 per annum. The course creates great job prospects for the

candidates who have a keen inclination towards making their career in managing ITInfrastructure along with their graduation such that when they complete the course with

graduation they are industry ready and the most sought after professionals.



5



6

CHAPTER-2

Literature Review

2.1 Network Essentials

1. Networking

Networking is the concept of sharing resources and services. A network of computers is a

group of interconnected systems sharing resources and interacting using a shared

communications link. A network , therefore, is a set of interconnected systems with

something to share. The shared resource can be data, a printer, a fax modem, or a service

such as a database or an email system. The individual systems must be connected through

a pathway (called the transmission medium) that is used to transmit the resource orservice between the computers. All systems on the pathway must follow a set of common

communication rules for data to arrive at its intended destination and for the sending and

receiving systems to understand each other. The rules governing computer

communication are called protocols. All networks must have the following:

i. A resource to share (resource)

ii. A pathway to transfer data (transmission medium)

iii. A set of rules governing how to communicate (protocols)

The two main reasons for using computer networking are to provide services and to

reduce equipment costs. The following are specific reasons for networking PCs:

i. Sharing files

ii. Sharing printers and other devices

iii. Enabling centralized administration and security of the resources within the

system

iv. Supporting network applications such as electronic mail and database services.

Networks come in all shapes and sizes. Network administrators often classify networks

according to geographical size. The following are the most common size classifications:

Local Area Networks (LANs)



7

A local area network (LAN) is a group of computers and network communication

devices interconnected within a geographically limited area, such as a building or

a campus. LANs are characterized by the following:

They transfer data at high speeds (higher bandwidth).

They exist in a limited geographical area.

Connectivity and resources, especially the transmission media, usually are

managed by the company running the LAN.

Wide Area Networks (WANs)

A wide area network (WAN) interconnects LANs. A WAN can be located entirely

within a state or a country, or it can be interconnected around the world. WANs

are characterized by the following:

They exist in an unlimited geographical area.

They usually interconnect multiple LANs.

They often transfer data at lower speeds (lower bandwidth).

Connectivity and resources, especially the transmission media, usually are

managed by a third-party carrier such as a telephone or cable company.

Fig 2.1 LAN with WAN

Intranet

An intranet is basically a network that is local to a company. In other words, users

from within this company can find all of their resources without having to go

outside of the company. An intranet can include LANs, private WANs and

MANs.



8

Extranet

An extranet is an extended intranet, where certain internal services are made

available to known external users or external business partners at remote

locations.

Internet

An internet is used when unknown external users need to access

internal resources in your network. In other words, your company might have a

web site that sells various products, and you want any external user to be able to

access this service.

2) Network Architecture

The network architecture basically consists of the way the devices are connected to each

other in a network. It is mainly of two types-

i. Peer to Peer Model

Peer-to-peer (P2P) refers to a computer network in which each computer in the

network can act as a client or server for the other computers in the network,

allowing shared access to files and peripherals without the need for a central

server. P2P networks can be set up in the home, a business or over the Internet.

Each network type requires all computers in the network to use the same or a

compatible program to connect to each other and access files and other resourcesfound on the other computer. P2P networks can be used for sharing content such

as audio, video, data or anything in digital format.

ii. Client Server Model

The client/server model is a computing model that acts as distributed

application which partitions tasks or workloads between the providers of a

resource or service, called servers, and service requesters, called clients. Often

clients and servers communicate over a computer network on separate hardware,

but both client and server may reside in the same system. A server machine is a

host that is running one or more server programs which share their resources with

clients. A client does not share any of its resources, but requests a server's content

or service function. Clients therefore initiate communication sessions with servers

which await incoming requests.



9

Functions such as email exchange, web access and database access are built on

the client/server model. Many business applications being written today use the

client – server model, as do the Internet's main application protocols, such

as HTTP, SMTP, Telnet, and DNS.

Fig 2.2 Peer to Peer and Client Server Model

3) Network Topology

Network topology is the layout pattern of interconnections of the various elements

(links, nodes, etc.) of a computer or biological network. Network topologies may be

physical or logical. Physical topology refers to the physical design of a network

including the devices, location and cable installation. Logical topology refers to how data

is actually transferred in a network as opposed to its physical design.

A local area network (LAN) is one example of a network that exhibits both a physical

topology and a logical topology. There are two basic categories of network topologies:

a) Physical topologies- The shape of the cabling layout used to link devices is called

the physical topology of the network. This refers to the layout of cabling, the

locations of nodes, and the interconnections between the nodes and the cabling.

The physical topology of a network is determined by the capabilities of the



10

network access devices and media, the level of control or fault tolerance desired,

and the cost associated with cabling or telecommunications circuits.

The basic Physical Topologies are-

Bus Topology

In local area networks where bus topology is used, each node is connected

to a single cable. Each computer or server is connected to the single bus

cable. A signal from the source travels in both directions to all machines

connected on the bus cable until it finds the intended recipient. If the

machine address does not match the intended address for the data, the

machine ignores the data. Alternatively, if the data matches the machine

address, the data is accepted. Since the bus topology consists of only one

wire, it is rather inexpensive to implement when compared to other

topologies. However, the low cost of implementing the technology is

offset by the high cost of managing the network. Additionally, since only

one cable is utilized, it can be the single point of failure. If the network

cable is terminated on both ends and when without termination data

transfer stop and when cable breaks, the entire network will be down.

Star Topology

In local area networks with a star topology, each network host isconnected to a central hub with a point-to-point connection. The network

does not necessarily have to resemble a star to be classified as a star

network, but all of the nodes on the network must be connected to one

central device. All traffic that traverses the network passes through the

central hub. The hub acts as a signal repeater. The star topology is

considered the easiest topology to design and implement. An advantage of

the star topology is the simplicity of adding additional nodes. The primary

disadvantage of the star topology is that the hub represents a single point

of failure.

Although most networks that are based upon the physical star topology are

commonly implemented using a special device such as a hub or switch as

the central node (i.e., the 'hub' of the star), it is also possible to implement



11

a network that is based upon the physical star topology using a computer

or even a simple common connection point as the 'hub' or central node.

Ring Topology

A network topology that is set up in a circular fashion in which data

travels around the ring in one direction and each device on the right acts as

a repeater to keep the signal strong as it travels. Each device incorporates a

receiver for the incoming signal and a transmitter to send the data on to the

next device in the ring. The network is dependent on the ability of the

signal to travel around the ring.

Mesh Topology

The number of connections in a full mesh = n(n - 1) / 2.

The physical fully connected mesh topology is generally too costly and

complex for practical networks, although the topology is used when there

are only a small number of nodes to be interconnected.

The Partially connected type of network topology in which some of the

nodes of the network are connected to more than one other node in the

network with a point-to-point link – this makes it possible to take

advantage of some of the redundancy that is provided by a physical fully

connected mesh topology without the expense and complexity required fora connection between every node in the network.

Tree Topology

Tree topology is a combination of Bus and Star topology.

Each node in the network having a specific fixed number, of nodes

connected to it at the next lower level in the hierarchy, the number, being

referred to as the 'branching factor' of the hierarchical tree. This tree has

individual peripheral nodes.

A network that is based upon the physical hierarchical topology must have

at least three levels in the hierarchy of the tree, since a network with a

central 'root' node and only one hierarchical level below it would exhibit

the physical topology of a star.

Such a type of network topology is very useful and highly recommended.



12

Hybrid Topology

Hybrid topology is a combination of Bus, Star and ring topology.

Hybrid networks use a combination of any two or more topologies in such

a way that the resulting network does not exhibit one of the standard

topologies (e.g., bus, star, ring, etc.). For example, a tree network

connected to a tree network is still a tree network topology. A hybrid

topology is always produced when two different basic network topologies

are connected. Two common examples for Hybrid network are: Star-Ring

network and Star-Bus network

Fig 2.3 Basic Network Topologies

b) Logical topologies-The logical topology, in contrast, is the way that the signals

act on the network media, or the way that the data passes through the network

from one device to the next without regard to the physical interconnection of the

devices. For example, the original twisted pair Ethernet using repeater, hubs was a

logical bus topology with a physical star topology layout. Token Ring is a logical

ring topology, but is wired a physical star from the Media Access Unit.

The logical classification of network topologies describes the path that

the data takes between nodes being used as opposed to the

actual physical connections between nodes.

4) Networking Hardware



13

Networking hardware or networking equipment typically refers to devices facilitating

the use of a computer network. Computer networking devices are units that

mediate data in a computer network. The various Networking devices are-

i. Network interface cards

A network card, network adapter, or NIC (network interface card) is a piece

of computer hardware designed to allow computers to physically access a

networking medium. It provides a low-level addressing system through the use

of MAC addresses.

Each Ethernet network interface has a unique MAC address which is usually

stored in a small memory device on the card, allowing any device to connect to

the network without creating an address conflict. Ethernet MAC addresses are

composed of six octets. Uniqueness is maintained by the IEEE, which manages

the Ethernet address space by assigning 3-octet prefixes to equipment

manufacturers.

Fig 2.4 Network Interface Card (Network and Wireless LAN)

ii. Repeaters and hubs

A repeater is an electronic device that receives a signal, cleans it of unnecessary

noise, regenerates it, and retransmits it at a higher power level, or to the other side

of an obstruction, so that the signal can cover longer distances without

degradation. In most twisted pair Ethernet configurations, repeaters are required

for cable that runs longer than 100 meters. A repeater with multiple ports is

known as a hub. Repeaters work on the Physical Layer of the OSI model.

Repeaters require a small amount of time to regenerate the signal. This can cause

a propagation delay which can affect network communication when there are

several repeaters in a row. Many network architectures limit the number of



14

repeaters that can be used in a row (e.g. Ethernet's 5-4-3 rule). Today, repeaters

and hubs have been made mostly obsolete by switches.

Fig 2.5 Hub- 4 Port and 8 Ports

iii. Bridges

A bridge is used to join two network segments together; it allows computers on

either segment to access resources on the other. They can also be used to divide

large networks into smaller segments. Bridges have all the features of repeaters,

but can have more nodes, and since the network is divided, there is fewer

computers competing for resources on each segment thus improving network

performance.

Fig 2.6 Bridge

iv. Switches

Switches are a special type of hub that offers an additional layer of intelligence to

basic, physical-layer repeater hubs. A switch must be able to read the MAC

address of each frame it receives. This information allows switches to repeat

incoming data frames only to the computer or computers to which a frame is

addressed. This speeds up the network and reduces congestion.

Fig 2.7 Switch



15

v. Routers

A router is an internetworking device that forwards packets between networks by

processing information found in the datagram or packet (Internet protocol

information from Layer 3 of the OSI Model). In many situations, this information

is processed in conjunction with the routing table (also known as forwarding

table). Routers use routing tables to determine what interface to forward packets

(this can include the "null" also known as the "black hole" interface because data

can go into it, however, no further processing is done for said data).

Fig 2.8 Router

vi. Firewalls

A firewall is an important aspect of a network with respect to security. It typically

rejects access requests from unsafe sources while allowing actions from

recognized ones. The vital role firewalls play in network security grows in

parallel with the constant increase in 'cyber' attacks for the purpose of

stealing/corrupting data, planting viruses, etc.

Fig 2.9 Overview of Firewall



16

2.2 Microsoft Certified Systems Engineer or MCSE

MCSE stands for the certification course "Microsoft Certified Systems Engineer". The MCSE

program began with Windows NT 3.1 and is today one of the most widely known Microsoft

certification programs. It is available for the Platforms viz., Windows NT 4.0, Windows 2000Server and Windows Server 2003. Microsoft has, in effect, discontinued the MCSE certifications

for future versions of Windows, replacing the single Platform MCSE award with a plethora of

other more narrowly focused certifications.

Each platform MCSE award required passing a different set of examinations. MCSE qualified

individuals will have the ability to provide business solutions by appropriate design and

implementation of the requisite infrastructure. MCSE Certification Program is useful for

Technical Support & Systems Engineers, Technical Consultants, Network and Systems Analysts

and also for regular Software Engineers / Software Professionals.

1) Windows Server 2003 Standard Edition RC2 Installation

The idea behind this article is to give an overview of the Windows Server 2003 Standard

Edition installation procedure as it is currently laid out under the current build, which is RC2

3718.main.021114-1947. That the name used throughout is different than what will show up

in many of the screen shots. This is because the name of Windows .NET Server 2003 has

been changed recently to Windows Server 2003.

a) Windows Server 2003 Family Version Overview

Windows Server 2003 Web Server Edition is designed specifically for low end and entry

level Web hosting environments, providing a specific platform for deploying Web

services and applications.

It is designed with the day to day needs of the average business in mind and is the

progressive replacement for the Windows NT4 Server / Windows 2000 Server line of

server operating systems.

It is designed specifically for the needs of larger customers, as their needs surpass the

functional levels of Windows Server 2003 Standard Edition.



17

b) Hardware Requirements for Windows Server 2003 Standard Edition:

The minimum system requirements for Windows Server 2003 Standard Edition is as

follows:

The minimum supported processor speed is 133 MHz

The minimum recommended processor speed is 550 MHz

Windows Server 2003 Standard Edition supports a maximum of four CPUs per

server.

The minimum amount of RAM supported is 128MB.

The minimum amount of RAM recommended is 256MB.

The maximum amount of RAM supported by Windows Server 2003 is 4GB.

The minimum amount of space required for installation is approximately 1.5GB.

Additional space may be required under the following circumstances;

When a FAT16 partition is in use, it requires 100 MB to 200 MB more free disk

space than other supported file systems because of cluster sizes. NTFS is the

recommended file system for any Server deployment.

If you are installing Windows Server 2003 Standard Edition from a network

share, you will need approximately 100 MB to 200 MB more space than if you

ran the Setup from the CD-ROM because setup needs to use that space for TEMP

files that are associated with the installation. Also, the drive will need to have a

formatted partition before the installation process starts so those files can be

initially copied. If the partition does not exist beforehand, the over the network

installation will fail.

Keyboard and mouse (or other pointing devices) are also on the minimum

requirements list.

Direct upgradation to Windows Server 2003 Standard Edition can be from the

following versions of Windows: Windows NT Server 4.0 with Service Pack 5 or later

Windows NT Server 4.0, Terminal Server Edition, with Service Pack 5 or later.

Windows 2000 Server.



18

Remote Storage is not included on Windows Server 2003 Standard Edition. If you are

using Windows 2000 Server with Remote Storage, you will not be able to upgrade the

system to Windows Server 2003 Standard Edition.

You cannot upgrade from Windows 9x, ME, Windows NT Workstation, Windows

2000 Professional and Windows XP Home or Professional directly to any of the

Windows Server 2003 versions.

Clean Install of Windows Server 2003 (RC2)

After performing the standard BIOS configurations to allow booting from the CD-

ROM you can load the bootable disk and begin the installation.

The first screen you'll see will be the black “Setup is inspecting your computer‟s

hardware configuration.” (If there is an active partition on any of the installedhard drives in the system, you will see a "Press any key to boot from the CD"

message before you reach this screen.)

After the drivers load, the Windows Setup screen appears and Setup copies the

required temporary files to the local hard drive after you acknowledge the location

of the setup files.

After the file copy is complete, the Setup Program will append any existing

boot.ini file (or write a new one) and will reboot and continue the installation

from the locally copied temporary files.

After the system restarts and continues past the splash screen, you'll arrive at the

Windows .NET Standard Server Setup screen where you will select ENTER to

continue with a normal installation.

Fig 2.10 Welcome to Setup



19

After you enter past that screen you will come to the license agreement screen

where you would agree to the license by hitting F8. (The 360 day license that you

see noted here is due to the fact that RC2 is designed with this built in limitation.)

Fig 2.11 Windows License agreement

You will then arrive at the partition selection screen. The hardware layout of your

system and whether or not you have any existing partitions installed will affect

what this next screen displays.

Fig 2.12 Windows Setup

You will need just a little more than 1 GB of free space on a hard drive to install

the operating system and about 300 to 400 MB more available afterwards for the

swapfile. This is why the Disk Space for Setup is pegged at 1.5 GB. After

selecting the partition and hitting ENTER, you arrive at the file system selection

screen as shown below.



20

You will need to pick a previously partitioned space of the hard drive that has

enough free space, use an existing section of unpartitioned space that has enough

room for the total installation or you will need to delete existing partitions and

then choose that space to create a new partition.

Fig 2.13 Windows Setup-Partitioning of Disk

Setup continues from here by copying files to the default installation folder

<DRIVE LETTER>\Windows. As with Windows XP Professional, you can only

select the installation path drive letter and not the name of the system root folder

during a standard installation. If you started an upgrade from within an existing

operating system and choose New Installation, you would be able to go to the

Setup options page and select the Advanced button and edit the installation path

of the system files.

Fig 2.14 Setup Options



21

Fig 2.15 Advanced Options

When this section of the installation is finished the system will reboot. Once thesystem comes up again the GUI will engage and display the current status of the

final phases of setup.

During this attended installation, the Setup program will pause for needed user

input, such as the Regional and Language Option page as shown below.

Fig 2.16 Regional and Language Settings

After making any changes or accepting the defaults, Setup will continue to the

Personalize your Software screen, where you would enter your personal

information as you would like it to be shown on subsequent software installs.

After this point you are directed to choose a licensing mode. All of the Windows

Server 2003 brands support either the Per Server option where each connection to



22

the server must have its own license or Per Device or Per User licensing option

where each person or device must have a client access license.

After you have made your licensing choice and continued, the next window that

will prompt you for information will be the Computer Name and Administrator

Password screen where you will choose the name of the system.

Computer names should be 15 characters or less and they can contain letters (A

through Z), numbers (0 through 9), and hyphens (-), but no spaces or periods (.).

While the names can contain numbers, they cannot consist entirely of numbers.

The maximum allowable length for a computer name is 63 characters.

This same screen is where you will need to enter the password to be used with the

default Administrator account.

Fig 2.17 Check Upgrade

The results screen will appear with any pertinent information after a few

moments.

Fig 2.18 Report System Compatibility



23

Regardless of whether you intentionally run the pre-installation compatibility

check step ahead of time or not, the Setup Wizard checks hardware and software

compatibility at the beginning of a "standard" installation or upgrade and displays

a report if there are any known incompatibilities.

Fig 2.19 Windows Upgrade Advisor

As you can see, an error is generated as I am not allowed to upgrade from

Windows 2000 Professional to Windows Server 2003.

This does not prevent you from installing Windows Server 2003 as a clean

installation in this particular instance.

For security reasons you should supply a password for the Administrator account.

If you are allowed to leave the Administrator password blank and continue, this

would tell the system that there is no password for this account and this is very

insecure to have in any environment.

After entering the password and verifying it, you would select NEXT to continue

and arrive to the screen where you can set the date, time, and time zone settings.

This is also where you would specify whether the system should automatically

adjust for daylight saving time or not.

The next screen is the Specifying Networking Settings where you can allow the

Typical Settings to be applied. You can also select to Customize the settings now

as well.

The next step of the installation process after Specifying Networking Settings is

the Specifying the Workgroup or Domain Name screen where you would choose

to either have your Windows Server 2003 built as a standalone server in a

workgroup or a member server in a domain.

If you are going to add the server to an existing domain you would need to supply

the necessary credentials at this time if an account for the server hadn't already

been created.



24

If you choose to add the server to a workgroup you need only to supply the name

of the workgroup.

This is the final interactive step. The Setup program will continue for a few more

minutes on its own. Once it has completed, the setup program will reboot the

server and upon restart it will await user input at the logon screen.

The Configure Your Server Wizard appears on the screen the first time you log on

locally to the server with the administrator account.

You can enable the Configure Your Server Wizard to finish installing optional

components that you chose during setup or add additional components as well.

There are options to configure domain controllers or member servers, file servers,

print servers, Web and media servers, application servers, and networking and

communications servers, all through this wizard.

d) Windows 2003 Service Pack 1 Installation

Microsoft has released Service Pack 1 for Windows Server 2003. The main new features

and changes the service pack will make to your server, Active Directory, and server

applications are listed below.

Security Configuration Wizard:

The Security Configuration Wizard (SCW) is a new feature with Windows 2003SP1, and probably the single largest addition to the OS in the Service Pack. The

main function of the SCW is to reduce the attack surface of the server. It guides

the creation of security policies and setting up minimum functionality depending

on the server role. After installing SP1, the SCW needs to be installed via the

Windows Components window of Add or Remove Programs control panel. The

SCW will then appear in the Administrative Tools folder. The SCW will allow

you to either;

i. Create a new Security policy.

ii. Edit an existing Security policy.

iii. Apply an existing Security policy.

iv. Rollback the last applied Security policy

http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx#_blank

http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx#_blank



25

When creating a new security policy, the SCW has almost 200 different server

roles, which can be added to the policy to define the minimum services, ports and

other functional requirements while providing maximum security. Roles, features,

options, services and ports can be selected and de-selected as required as can

outbound authentication methods, registry settings and audit policies. The final

policy is saved to an XML file which can then be used and modified across

servers and server roles running the SCW.

Access Based Enumeration:

To enable this feature you will need to download and install an additional

component in the form of a msi (abeu.msi) file from the Microsoft Download site.

When it is installed, a new tab will appear on shared folders named “Access

Based Enumeration”.

When enabled, this will change the view users will have of files and folders when

accessing shares held on the Windows 2003 server. Only files and folders the

users have permissions to access will be displayed, and nothing else. Prior to

enabling this change, users could see all files and folders, regardless of

permissions, but would not be able to open denied folders or files.

Add or Remove Programs Filter:

A new tick box has been added to the Add or Remove Programs control panel,called Show Updates. With SP1, only installed programs will display until this

check box is ticked. It will then display both programs and updates together. This

feature can be used by any software vendor, not just Microsoft updates..

Device\Physical Memory Change:

The Device\Physical Memory object is used by applications to access physical

memory. This would be used by applications attempting to read BIOS data. Pre-

SP1 this was controlled by an Access Control List. Service Pack 1 changes this

and now denies all access at User Mode level regardless of user context or

application.

Workgroup

i. A workgroup is Microsoft's terminology for a peer-to-peer Windows

computer network.



26

ii. Microsoft operating systems in the same workgroup may allow each other

access to their files, printers, or Internet connection. Members of different

workgroups on the same local area network and TCP/IP network can only

directly access resources in workgroups to which they are joined.

iii. If you are not joined to a specific workgroup but your computer is in the

same IP address range (for example 10.0.0.[x] OR 192.168.1.[x]) you can

still access shared resources by typing the IP address or computer name,

into the address bar. For example typing \\server or \\192.168.1.2. Would

give you access to [server's] shared files and printers.

Fig 2.20

iv. Network capabilities of Windows for Workgroups

v. In computer networking, a workgroup is a collection of computers on a

local area network (LAN) that share common resources and

responsibilities. Workgroups provide easy sharing of files, printers and

other network resources. Being a peer-to-peer (P2P) network design, each

workgroup computer may both share and access resources if configured to

do so.

vi. The Microsoft Windows family of operating systems supports assigning of

computers to named workgroups.

vii. Workgroups are designed for small LANs in homes, schools, and small

businesses. A Windows Workgroup, for example, functions best with 15



27

or fewer computers. As the number of computers in a workgroup grows,

workgroup LANs eventually become too difficult to administer and should

be replaced with alternative solutions like domains or other client/server

approaches.

Remote Desktop Connection:

Remote Desktop Connection (RDC, also called Remote Desktop, formerly

known as Microsoft Terminal Services Client , or MSTSC ) is the client

application for Remote Desktop Services. It allows a user to remotely log in to a

networked computer running the terminal services server. RDC presents the

desktop interface (or application GUI) of the remote system, as if it was accessed

locally. With version 6.0, if the Desktop Experience component is plugged into

the remote server, the chrome of the applications will resemble the local

applications, rather than the remote one. The protocol also support rendering the

UI in full 24-bit color, as well as resource redirection for printers, COM ports,

disk drives, mice and keyboards.

Fig 2.21 Remote Desktop Connection

In addition to regular username/password for authorizing for the remote session,

RDC also supports using smart cards for authorization With RDC 6.0, the

resolution of a remote session can be set independently of the settings at the

http://en.wikipedia.org/wiki/File:Remote_Desktop_Connection.png



28

remote computer. In addition, a remote session can also span multiple monitors at

the client system, independent of the multi-monitor settings at the server. It also

redirects plug and play devices such as cameras, portable music players, and

scanners, so that input from these devices can be used by the remote applications

as well. Desktop Protocol, only the applications can be viewed this way, not any

media.

Windows Remote Assistance

Windows Remote Assistance is a feature of Windows XP and later that allows a

user to temporarily control a remote Windows computer over a network or the

Internet to resolve issues. As it can be inconvenient for system administrators to

personally visit the affected computer, Remote Assistance allows them to

diagnose and often repair problems with a computer without ever personally

visiting it.

It supports session pausing, built-in diagnostics, chat and file transfer and XML-

based logging. It has been reworked to use less bandwidth for low-speed

connections. NAT traversals are also supported, so a session can be established

even if the user is behind a NAT device. Remote Assistance is configurable using

Group Policy and supports command-line switches so that custom shortcuts can

be deployed.



29

Fig 2.22 Windows Remote Assistance

In Windows 7, Windows Remote Assistance is based on RDP 7 and uses PNRP

when connecting using the Easy Connect option. With Easy Connect , only a

password needs to be shared instead of an invitation file, and two computers can

establish a P2P connection over the LAN (Local Area Network) or the Internet

(WAN) without a relay server.

Windows 7 adds the following new enhancements to Remote Assistance:

i. Easy Connect, a new method for soliciting RA that uses the peer-to-peer

collaboration infrastructure to simplify RA user interactions.

ii. An improved RA connection wizard that makes it easier than ever for

users to solicit or offer help.

iii. New command-line arguments for the RA executable (Msra.exe).

Home folders:

Home folders are separate folders where users save their data and protect their

data from other users every user can have one home folder either on the server on

the local machine. If the home folder is in the server an administrator can secure it



30

and back-up. If the home folders are created in the local machine backing up is

not that easy.

i. Creating a user home folder in a server :

On member server –

Create a home folder for user1

Share it

Permissions

Remove everyone

Add administrator and user1

Give full control for both

Apply ok

Open ADUC

Create a user a/c

Go to user properties Connect home folder

Select the drive letter

To mention the path

Ex: sys1\u1\home\u1

Apply ok

Verifying: On client machine

Log in as user

Open my computer

We should notice an extra drive letter

Go to cmd prompt

We should not get the drive letter we have assigned.

ii. Creating a local home folder:

On member server –

Login as administrator

Create a folder in any drive

Share it

Permissions Remove everyone

Add administrator &u2

Give full access

Apply – ok

Verifying:

Move on to client machine



31

Login as user

Go to command prompt.

We should notice the local folder

Active Directory

Active Directory (AD) is a directory service created by Microsoft for Windowsdomain networks. It is included in most Windows Server operating systems.

Server computers on which Active Directory is running are called domain

controllers.

Active Directory serves as a central location for network administration and

security. It is responsible for authenticating and authorizing all users and

computers within a network of Windows domain type, assigning and enforcing

security policies for all computers in a network and installing or updating

software on network computers. For example, when a user logs into a computer

that is part of a Windows domain, it is Active Directory that verifies his or her

password and specifies whether he or she is a system administrator or normal user

Print Server

A print server, or printer server, is a device that connects printers to client

computers over a network. It can accept print jobs from the computers and send

the jobs to the appropriate printers.

Print servers may support a variety of industry-standard or proprietary printing

protocols including Internet Printing Protocol, Line Printer Daemon protocol,

Microsoft Network Printing protocol, NetWare, NetBIOS/NetBEUI, or Jet Direct.

A print server may be a networked computer with one or more shared printers.

Alternatively a print server may be a dedicated device on the network, with

connections to the LAN and one or more printers. Dedicated server appliances

tend to be fairly simple in both configuration and features. Print server

functionality may be integrated with other devices such as a wireless router, a

firewall, or both. A printer may have a built-in print server.

Drive Mapping

Drive mapping is how Microsoft Windows and OS/2 associate a local drive letter

(A through Z) with a shared storage area to another computer over a network.

After a drive has been mapped, a software application on a client's computer can



32

read and write files from the shared storage area by accessing that drive, just as if

that drive represented a local physical hard disk drive.

Shared Folder

My Shared Folder is a default folder in which several P2P programs store their

downloaded items. The actual directory on the hard disk, that this folder

corresponds to may differ between these programs and may also be changed by

the user. Any user with a P2P-client can download files from the My Shared

Folder belonging to any other person connected to that client at that time.

Offline Files &folders

i. Offline Files is a feature of Windows, introduced in Windows 2000, which

maintains a client side cache of files shared over a network. It locally

caches shared files marked for offline access, and uses the cached copy

whenever the network connection to the remote files is interrupted.

ii. Files are synchronized on a per-share basis and encrypted on a per-user

basis and users can force Windows to work in offline mode or online

mode through the Work Offline/Online button in Explorer, or sync

manually from the Sync Center. Even if a single file is unavailable, other

files in the same share and other shares are available as the transition is

now at the share level instead of server level. Offline Files areconfigurable through Group Policy and provide better interoperability with

DFS.

iii. In Windows XP, Offline Files could not be enabled when Fast User

Switching was enabled. This restriction applied because Offline Files were

synchronized at log off and Fast User Switching does not completely log

off users. In Windows Vista, this restriction no longer applies as Offline

Files runs as a Windows service that performs synchronization for the user

at opportune times such as logon and offline to online transitions.

Synchronization does not occur continuously in the background, nor does

it occur at log off.



33

Microsoft Exchange Server

Microsoft Exchange Server is the server side of a client – server, collaborative

application product developed by Microsoft. It is part of the Microsoft Servers

line of server products and is used by enterprises using Microsoft infrastructure

products. Exchange's major features consist of electronic mail, calendaring,

contacts and tasks; that work with Microsoft Outlook on PC and Mac, wireless

synchronization of email, calendar, contacts with major mobile devices and

browser-based access to information; and support for data storage.

i. Exchange Server 2003

Exchange Server 2003 (v6.5, code name Titanium) debuted on September

28, 2003. Exchange Server 2003 (currently at Service Pack 2) can be run

on Windows 2000 Server (only if Service Pack 4 is first installed) and 32-

bit Windows Server 2003; although some new features only work with the

latter. Like Windows Server 2003, Exchange Server 2003 has many

compatibility modes to allow users to slowly migrate to the new system.

This is useful in large companies with distributed Exchange Server

environments who cannot afford the downtime and expense that comes

with a complete migration.

Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating

systems. Group Policy is a set of rules that control the working environment of

user and computer accounts. Group Policy provides the centralized management

and configuration of operating systems, applications, and users' settings in an

Active Directory environment. In other words, Group Policy in part controls what

users can and cannot do on a computer system. Although Group Policy is more

often seen in use for enterprise environments, it is also common in schools,

smaller businesses, and other kinds of smaller organizations. Group Policy is

often used to restrict certain actions that may pose potential security risks, for

example: to block access to the Task Manager, restrict access to certain folders,

disable the downloading of executable files, and so on.

Local Group Policy



34

Local Group Policy (LGP) is a more basic version of the Group Policy used by

Active Directory. In versions of Windows before Windows Vista, LGP can

configure the Group Policy for a single local computer, but unlike Active

Directory Group Policy, cannot make policies for individual users or groups. It

also has far fewer options overall than Active Directory Group Policy.

Domain Name Server

In computing, a domain name server is a program or computer server that

implements a name-service protocol. It maps a human-recognizable identifier to a

system-internal, often numeric, identification or addressing component.

The most prominent types of name servers in operation today are the name

servers of the Domain Name System (DNS), one of the two principal name spaces

of the Internet. The most important function of these DNS servers is the

translation (resolution) of humanly memorable domain names and hostnames into

the corresponding numeric Internet Protocol (IP) addresses, the second principal

Internet name space which is used to identify and locate computer systems and

resources on the Internet.

NAT (Network Address Translation)

In computer networking, network address translation (NAT) is the process of

modifying IP address information in IP packet headers while in transit across atraffic routing device.

The simplest type of NAT provides a one to one translation of IP addresses. RFC

2663 refers to this type of NAT as basic NAT. It is often also referred to as one-

to-one NAT. In this type of NAT only the IP addresses, IP header checksum and

any higher level checksums that include the IP address need to be changed. The

rest of the packet can be left untouched (at least for basic TCP/UDP functionality,

some higher level protocols may need further translation). Basic NATs can be

used when there is a requirement to interconnect two IP networks with

incompatible addressing.

SNAT (Static Network Address Translati on)

The meaning of the term SNAT varies by vendor. Many vendors have

proprietary definitions for SNAT. A common expansion is source NAT, the



35

counterpart of Destination NAT (DNAT). Microsoft uses the acronym for

Secure NAT, in regard to the ISA Server. For Cisco Systems, SNAT means

stateful NAT.

Dynamic Network Address Translati on

Dynamic NAT, just like static NAT, is not common in smaller networks but is

found within larger corporations with complex networks. The way dynamic

NAT differs from static NAT is that where static NAT provides a one-to-one

internal to public static IP address mapping, dynamic NAT doesn't make the

mapping to the public IP address static and usually uses a group of available

public IP addresses.

Roaming user profile

A roaming user profile is a concept in the Microsoft Windows NT family of

operating systems that allows a user with a computer joined to a Windows Server

domain to log on to any computer on the same network and access their

documents and have a consistent desktop experience, such as applications

remembering toolbar positions and preferences, or the desktop appearance staying

the same.

DHCP (Dynamic Host Configure Protocol)

The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for hosts on Internet Protocol (IP) networks. Computers that are

connected to IP networks must be configured before they can communicate with

other hosts. The most essential information needed is an IP address, and a default

route and routing prefix. DHCP eliminates the manual task by a network

administrator. It also provides a central database of devices that are connected to

the network and eliminates duplicate resource assignments.

In addition to IP addresses, DHCP also provides other configuration information,

particularly the IP addresses of local caching DNS resolvers, network boot

servers, or other service hosts. DHCP is used for IPv4 as well as IPv6.

RIS (Remote Installation Services)

RIS, Remote Installation Services is a Microsoft-supplied server that allows PXE

BIOS-enabled computers to remotely execute boot environment variables.



36

On Windows 2003, two services are required to provide Remote Installation

Services: DHCP and Remote Installation Service. The Remote Installation Server

doubles as a proxy DHCP server to provide Boot Server and Filename

instructions to clients. Remote Installation Service utilizes UDP port 4011 to

provide clients the contents of each page the OS Chooser displays. Additionally,

this service can provide drivers to clients; it is often used to provide the

workstation's network card driver, which is required to launch the OS Chooser

and mount the share where images are stored.

IIS (Internet information services)

Internet Information Services (IIS) – formerly called Internet Information Server

– is a web server application and set of feature extension modules created by

Microsoft for use with Microsoft Windows. It is the most used web server after

Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS, FTP, FTPS, SMTP and

NNTP. It is an integral part of Windows Server family of products, as well as

certain editions of Windows XP, Windows Vista and Windows 7. IIS is not

turned on by default when Windows is installed.

Features-

The architecture of IIS 7 is modular. Modules, also called extensions, can be

added or removed individually so that only modules required for specificfunctionality have to be installed. These modules are individual features that the

server uses to process requests and include the following:

i. HTTP modules – Used to perform tasks specific to HTTP in the request-

processing pipeline, such as responding to information and inquiries sent

in client headers, returning HTTP errors, and redirecting requests.

ii. Security modules – Used to perform tasks related to security in the

request-processing pipeline, such as specifying authentication schemes,

performing URL authorization, and filtering requests.

iii. Content modules – Used to perform tasks related to content in the

request-processing pipeline, such as processing requests for static files,

returning a default page when a client does not specify a resource in a

request, and listing the contents of a directory.



37

iv. Compression modules – Used to perform tasks related to compression in

the request-processing pipeline, such as compressing responses, applying

Gzip compression transfer coding to responses, and performing pre-

compression of static content.

v. Caching modules – Used to perform tasks related to caching in the

request-processing pipeline, such as storing processed information in

memory on the server and using cached content in subsequent requests for

the same resource.

vi. Logging and Diagnostics modules – Used to perform tasks related to

logging and diagnostics in the request-processing pipeline, such as passing

information and processing status to HTTP.sys for logging, reporting

events, and tracking requests currently executing in worker processes.

Security

Earlier versions of IIS were hit with a number of vulnerabilities, especially the

CA-2001-13 which led to the infamous Code Red worm; however, both versions

6.0 and 7.0 currently have no reported issues with this specific vulnerability. In

IIS 6.0 Microsoft opted to change the behavior of pre-installed ISAPI handlers,

many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing

the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web ServiceExtensions" that prevents IIS from launching any program without explicit

permission by an administrator. In the current release, IIS 7, the components are

provided as modules so that only the required components have to be installed,

thus further reducing the attack surface. In addition, security features are added

such as Request Filtering, which rejects suspicious URLs based on a user-defined

rule set.

Software deployment

Software deployment is all of the activities that make a software system available

for use.

The general deployment process consists of several interrelated activities with

possible transitions between them. These activities can occur at the producer site

or at the consumer site or both. Because every software system is unique, the



38

precise processes or procedures within each activity can hardly be defined.

Deployment activities

i. Release- The release activity follows from the completed development

process. It includes all the operations to prepare a system for assembly and

transfer to the customer site. Therefore, it must determine the resources

required to operate at the customer site and collect information for

carrying out subsequent activities of deployment process.

ii. Install and Activate- Activation is the activity of starting up the

executable component of software. For simple system, it involves

establishing some form of command for execution. For complex systems,

it should make all the supporting systems ready to use. In larger software

deployments, the working copy of the software might be installed on a

production server in a production environment.

iii. Deactivate- Deactivation is the inverse of activation, and refers to shutting

down any executing components of a system. Deactivation is often

required to perform other deployment activities, e.g., a software system

may need to be deactivated before an update can be performed. The

practice of removing infrequently used or obsolete systems from service is

often referred to as application retirement or application decommissioning.

iv. Adapt- The adaptation activity is also a process to modify a software

system that has been previously installed.

v. Update- The update process replaces an earlier version of all or part of a

software system with a newer release.

vi. Built-In- Mechanisms for installing updates are built into some software

systems. Automation of these update processes ranges from fully

automatic to user initiated and controlled. Norton Internet Security is an

example of a system with a semi-automatic method for retrieving and

installing updates to both the antivirus definitions and other components of

the system.

vii. Version tracking-Version tracking systems help the user find and install

updates to software systems installed on PCs and local networks.



39

Web based version tracking systems notify the user when updates are

available for software systems installed on a local system. For example:

Version Tracker Pro checks software versions on a user's computer and

then queries its database to see if any updates are available.

viii. Uninstall- Un-installation is the inverse of installation. It is the removal of

a system that is no longer required. It also involves some reconfiguration

of other software systems in order to remove the uninstalled system‟s files

and dependencies.

ix. Retire- Ultimately, a software system is marked as obsolete and support

by the producers is withdrawn. It is the end of the life cycle of a software

product.

Routing and Remote Access Service (RRAS):-

Routing and Remote Access Service (RRAS) is a Microsoft API and server

software make it possible to create applications to administer the routing and

remote access service capabilities of the operating system, to function as a

network router, and developers can also use RRAS to implement routing

protocols. The RRAS server functionality follows and builds upon the Remote

Access Service (RAS).2) IP Addressing

An IP (Internet Protocol) address is a unique identifier for a node or host connection on an IP

network. An IP address is a 32 bit binary number usually represented as 4 decimal values,

each representing 8 bits, in the range 0 to 255 (known as octets) separated by decimal points.

This is known as "dotted decimal" notation.

Example: 140.179.220.200

It is sometimes useful to view the values in their binary form.

141.179.220.200

10001100.10110011.11011100.11001000

Every IP address consists of two parts, one identifying the network and one identifying the

node. The Class of the address and the subnet mask determine which part belongs to the

network address and which part belongs to the node address.



40

Address Classes

There are 5 different address classes. You can determine which class any IP address is in by

examining the first 4 bits of the IP address.

Class A addresses begin with 0xxx, or 1 to 126 decimal.

Class B addresses begin with 10xx, or 128 to 191 decimal.

Class C addresses begin with 110x, or 192 to 223 decimal.

Class D addresses begin with 1110, or 224 to 239 decimal.

Class E addresses begin with 1111, or 240 to 254 decimal.

Addresses beginning with 01111111, or 127 decimal, are reserved for loopback and for

internal testing on a local machine; [You can test this: you should always be able to

ping 127.0.0.1, which points to yourself] Class D addresses are reserved for multicasting;

Class E addresses are reserved for future use. They should not be used for host addresses.

Now we can see how the Class determines, by default, which part of the IP address belongs

to the network ( N, in blue) and which part belongs to the node (n, in red).

Class A -- NNNNNNNN.nnnnnnnn.nnnnnnnn.nnnnnnnn

Class B -- NNNNNNNN. NNNNNNNN.nnnnnnnn.nnnnnnnn

Class C -- NNNNNNNN. NNNNNNNN. NNNNNNNN.nnnnnnnn

In the example, 140.179.220.200 is a Class B address so by default the Network part of the

address (also known as the Network Address) is defined by the first two octets (140.179.x.x)

and the node part is defined by the last 2 octets (x.x.220.200).

In order to specify the network address for a given IP address, the node section is set to all

"0"s. In our example, 140.179.0.0 specifies the network address for 140.179.220.200. When

the node section is set to all "1"s, it specifies a broadcast that is sent to all hosts on the

network. 140.179.255.255 specifies the example broadcast address. Note that this is true

regardless of the length of the node section.

Private Subnets

There are three IP network addresses reserved for private networks. The addresses

are 10.0.0.0, Subnet Mask 255.0.0.0, 172.16.0.0, Subnet Mask 255.240.0.0,

and 192.168.0.0, Subnet Mask 255.255.0.0. These addresses are also

notated 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16; this notation will be explained later in

this tutorial. They can be used by anyone setting up internal IP networks, such as a lab or



41

home LAN behind a NAT or proxy server or a router. It is always safe to use these because

routers on the Internet by default will never forward packets coming from these addresses.

These addresses are defined in RFC 1918.

3) Subnetting

Subnetting an IP Network can be done for a variety of reasons, including organization, use of

different physical media (such as Ethernet, FDDI, WAN, etc.), preservation of address space,

and security. The most common reason is to control network traffic. In an Ethernet network,

all nodes on a segment see all the packets transmitted by all the other nodes on that segment.

Performance can be adversely affected under heavy traffic loads, due to collisions and the

resulting retransmissions. A router is used to connect IP networks to minimize the amount of

traffic each segment must receive.

Subnet Masking

Applying a subnet mask to an IP address allows you to identify the network and node

parts of the address. The network bits are represented by the 1s in the mask, and the node

bits are represented by the 0s. Performing a bitwise logical AND operation between the

IP address and the subnet mask results in the Network Address or Number.

For example, using our test IP address and the default Class B subnet mask, we get:

10001100.10110011.11110000.11001000 140.179.240.200 Class B IP Address

11111111.11111111.00000000.00000000 255.255.000.000 Default Class B SubnetMask

10001100.10110011.00000000.00000000 140.179.000.000 Network Address

Default subnet masks:

Class A - 255.0.0.0 - 11111111.00000000.00000000.00000000

Class B - 255.255.0.0 - 11111111.11111111.00000000.00000000

Class C - 255.255.255.0 - 11111111.11111111.11111111.00000000

More Restrictive Subnet Masks

Additional bits can be added to the default subnet mask for a given Class to further

subnet, or break down, a network. When a bitwise logical AND operation is performed

between the subnet mask and IP address, the result defines the Subnet Address (also

called the Network Address or Network Number ). There are some restrictions on the

subnet address.



42

Node addresses of all "0"s and all "1"s are reserved for specifying the local network

(when a host does not know its network address) and all hosts on the network (broadcast

address), respectively. This also applies to subnets. A subnet address cannot be all "0"s or

all "1"s. This also implies that a 1 bit subnet mask is not allowed.

To calculate the number of subnets or nodes, use the formula (2n-2) where n = number of

bits in either field, and 2n represents 2 raised to the nth power. Multiplying the number of

subnets by the number of nodes available per subnet gives you the total number of nodes

available for your class and subnet mask. Also, note that although subnet masks with

non-contiguous mask bits are allowed, they are not recommended.

Example:

10001100.10110011.11011100.11001000 140.179.220.200 IP Address

11111111.11111111.11100000.00000000 255.255.224.000 Subnet Mask

10001100.10110011.11000000.00000000 140.179.192.000 Subnet Address

10001100.10110011.11011111.11111111 140.179.223.255 Broadcast Address

In this example a 3 bit subnet mask was used. There are 6 (23-2) subnets available with

this size mask (remember that subnets with all 0's and all 1's are not allowed). Each

subnet has 8190 (213-2) nodes. Each subnet can have nodes assigned to any address

between the Subnet address and the Broadcast address.Subnetting always reduces the number of possible nodes for a given network. There are

complete subnet tables available here for Class A, Class B and Class C. These tables list

all the possible subnet masks for each class, along with calculations of the number of

networks, nodes and total hosts for each subnet.

CIDR - Classless Inter Domain Routing

The reason is CIDR -- Classless Inter Domain R outing was invented several years ago to

keep the internet from running out of IP addresses. The "classful" system of allocating IP

addresses can be very wasteful; anyone who could reasonably show a need for more that

254 host addresses was given a Class B address block of 65533 host addresses. Even

more wasteful were companies and organizations that were allocated Class A address

blocks, which contain over 16 Million host addresses! Only a tiny percentage of the



43

allocated Class A and Class B address space has ever been actually assigned to a host

computer on the Internet.

People realized that addresses could be conserved if the class system was eliminated. By

accurately allocating only the amount of address space that was actually needed, the

address space crisis could be avoided for many years. This was first proposed in 1992 as

a scheme called Supernetting. Under supernetting, the classful subnet masks are

extended so that a network address and subnet mask could, for example, specify multiple

Class C subnets with one address. For example, If I needed about 1000 addresses, I could

supernet 4 Class C networks together:

192.60.128.0 (11000000.00111100.10000000.00000000) Class C subnet address




--------------------------------------------------------

192.60.128.0 (11000000.00111100.10000000.00000000) Supernetted Subnet address

255.255.252.0 (11111111.11111111.11111100.00000000) Subnet Mask

192.60.131.255 (11000000.00111100.10000011.11111111) Broadcast address

In this example, the subnet 192.60.128.0 includes all the addresses from 192.60.128.0 to

192.60.131.255. As you can see in the binary representation of the subnet mask, the

Network portion of the address is 22 bits long, and the host portion is 10 bits long.

Under CIDR, the subnet mask notation is reduced to simplified shorthand. Instead of

spelling out the bits of the subnet mask, it is simply listed as the number of 1s bits that

start the mask. In the above example, instead of writing the address and subnet mask as

192.60.128.0, Subnet Mask 255.255.252.0

The network address would be written simply as:

192.60.128.0/22Which indicates starting address of the network, and number of 1s bits (22) in the

network portion of the address. If you look at the subnet mask in binary

(11111111.11111111.11111100.00000000), you can easily see how this notation works.



44

2.3 Cisco Certified Network Associate or CCNA

1) Router

Router is hardware device, which is used to communicate two different networks. Router

performs routing and path determination. It does not perform broadcast information.

There are two types of routers: -

(i) Hardware Routers are developed by Cisco, HP.

(ii) Software Routers is configured with the help of routing and remote

access. This feature is offered by Microsoft. This feature is by default

installed, but you have to enable or configure it.

Hardware routers are dedicated routers. They are more efficient. But in case of software

routers, it has fewer features, slow performance. They are not very much efficient.

2) Lan Card

LAN card is media access device. LAN card provide us connectivity in the network.

There is a RJ45 (Registered Jack) connector space on the LAN card. RJ45 is used in UTP

cable. There is another led which is also called heartbeat of Lan card. When any activity

occur it may be receiving or transmitting any kind of data. This led start blinking and also

tell us the status of lan card.

LAN Topologies BUS Topology

Cable Type – Coaxial

Connector Type – BNC (Bayonet Neill-Concelman), T type, Terminator

Coaxial – Thick Maximum length – 500 meters N/w devices 100

Coaxial – Thin Maximum length – 185 meters N/w devices 30

Fig 2.23



45

Star Topology

Cable type - UTP

Connector type - RJ45

Maximum Length – 100 meters (with proper color coding)

UTP (Unshielded Twisted Pair)

Fig 2.24 UTP

STP (Shielded Twisted Pair)

Fig 2.25 STP

In case of hub media access method will be CSMA/CD.

Ethernet Family

Speed Base band

10 Base 2 200-meter Coaxial cable

10 Base 5 500-meter Thick Coaxial cable

10 Base T 100 meter Twisted Pair (UTP)

10/100(present) Base TX 100 meter UTP

100 Base T4 100 meter UTP 4 Pairs used

100 Base FX up to 4 kms Fiber Optic

1000(Server) Base TX 100 meter UTP

1000 Base FX up to 10 kms Fiber Optic

10000 Base FX Fiber Optic



46

Color

Green – Green white

Orange – Orange white

Blue – Blue white

Brown – Brown white

Green cable has maximum twists.

Pin Configuration

Cross Straight

1 3 1 1

2 6 2 2

3 1 3 3

6 2 6 6

Straight Cable

1 Orange white - Orange white

2 Orange - Orange

3 Green white - Green white

4 Blue - Blue

5 Blue white - Blue white

6 Green - Green

7 Brown white - Brown white

8 Brown - Brown

Cross Cable

1 Orange white - Green white

2 Orange - Green

3 Green white - Orange white

4 Blue - Blue

5 Blue white - Blue white

6 Green - Orange

7 Brown white - Brown white

8 Brown - Brown



47

RJ45 Connector

Fig 2.26 RJ45

3) OSI (Open Systems Interconnection) Model

OSI model is the layer approach to design, develop and implement network. OSI

provides following advantages: -

(i) Designing of network will be standard base.

(ii) Development of new technology will be faster.

(iii) Devices from multiple vendors can communicate with each other.

(iv) Implementation and troubleshooting of network will be easy.

The seven Layers of OSI model are explained as-

i) Application Layer: - Application layer accepts data and forward into the protocol stack.

It creates user interface between application software and protocol stack.

ii) Presentation Layer: - This layer decides presentation format of the data. It also able to

performs other function like compression/decompression and encryption/decryption.

iii) Session Layer: - This layer initiate, maintain and terminate sessions between different

applications. Due to this layer multiple application software can be executed at the same

time.

iv) Transport Layer: - Transport layer is responsible for connection oriented and

connection less communication. Transport layer also performs other functions like

Error checking, Flow Control, Buffering, Windowing

Multiplexing, Sequencing, Positive Acknowledgement, Response

v) Network Layer: - This layer performs function like logical addressing and path

determination. Each networking device has a physical address that is MAC address. But

logical addressing is easier to communicate on large size network.



48

Logical addressing defines network address and host address. This type of addressing is

used to simplify implementation of large network. Some examples of logical addressing

are: - IP addresses, IPX addresses etc.

Fig 2.27 Seven Layers of OSI Model and their Functions

vi) Data Link Layer: - The functions of Data Link layer are divided into two sub layers-



49

Logical Link Control defines the encapsulation that will be used by the NIC to

delivered data to destination. Some examples of Logical Link Control are ARPA

(Ethernet), 802.11, Wi-Fi.

Media Access Control defines methods to access the shared media and establish

the identity with the help of MAC address. Some examples of Media Access

Control are CSMA/CD, Token Passing.

vii) Physical Layer: - Physical Layer is responsible to communicate bits over the media this

layer deals with the standard defined for media and signals. This layer may also perform

modulation and demodulation as required.

4) Router Configuration

I. Router Access Modes

When we access router command prompt the router will display different modes.

According to the modes, privileges and rights are assigned to the user.

User mode-In this mode, we can display basic parameter and status of the router

we can test connectivity and perform telnet to other devices. In this mode we are

not enable to manage & configure router.

Privileged mode-In this mode, we can display all information, configuration,

perform administration task, debugging, testing and connectivity with other

devices. We are not able to perform here configuration editing of the router.

The command to enter in this mode is „enable‟. We have to enter enable password

or enable secret password to enter in this mode. Enable secret has more priority

than enable password. If both passwords are configured then only enable secret

will work.

Global configuration-This mode is used for the configuration of global

parameters in the router. Global parameters applied to the entire router . For eg: -

router hostname or access list of router. The command Enter in this mode is „configure terminal‟.

II. Line configuration mode

This mode is used to configure lines like console, vty and auxiliary. There are

main types of line that are configured.

(i) Console- Router(config)#line console 0



50

(ii) Auxiliary- Router(config)#line aux 0

(iii) Telnet or vty- Router(config)#line vty 0 4

III. Interface configuration mode

This mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI

etc.

Router (config) #interface <type> <number>

Router (config) #interface serial 1

IV. Routing configuration mode

This mode is used to configure routing protocol like RIP, EIGRP, OSPF etc.

Router (config) #router <protocol> [<option>]

Router (config) #router rip

Router (config) #router eigrp 10

V. Configuring Password

There are five types of password available in a router

(1) Console PasswordRouter#configure terminal

Router(config)#line console 0

Router(config-line)#password <word>

Router(config-line)#login

Router(config-line)#exit

To erase password do all steps with no command.

(2) Vty PasswordRouter>enable

Router#configure terminal

Router(config)#line vty 0 4




(3) Auxi li ary PasswordRouter#configure terminal

Router(config)#line Aux 0



51




(4) Enable PasswordRouter>enable


Router(config)#enable password <word>

Router(config)#exit

(5) Enable Secret PasswordEnable Password is the clear text password.

Router>enable


Router(config)#enable secret <word>

Router(config)#exit

(6) Encryption all passwordsAll passwords other than enable secret password are clear text password. We

can encrypt all passwords using level 7 algorithms. The command to encrypt

all passwords are-


Router(config)#service password-encryption

VI. Managing Configuration

There are two types of configuration present in a router

(1) Startup Configuration

(2) Running Configuration

Startup configuration is stored in the NVRAM. Startup configuration is used to

save settings in a router. Startup configuration is loaded at the time of booting in

to the Primary RAM.

Running Configuration is present in the Primary RAM wherever we run a

command for configuration; this command is written in the running configuration.

To save confi guration

Router#copy running-configuration startup-configuration



52

Or

Router#write

To display runni ng-conf iguration Router#show running-configuration

To display startup conf igurati on

Router#show startup-configuration

To erase old confi guration

Router#erase startup-configuration

Configuring Host Name


Router#hostname <name>

<name>#exi t or end or /\z

VII. Configuration Interfaces

Interfaces configuration is one of the most important part of the router

configuration. By default, all interfaces of Cisco router are in disabled mode. We

have to use different commands as our requirement to enable and configure the

interface.

Configuring IP, Mask and Enabling the Interface


Router(config)#interface <type> <no>

Router(config-if)#ip address <ip> <mask>

Router(config-if)#no shutdown

Router(config-if)#exit

To conf igure I nterface description


Router(config)#interface <type> <no.>

Router(config-if)#description <line>

To display interface status

Router#show interfaces (to show all interfaces)

Router#show interface <type> <no.>

This command will display following parameters about an interface

1) Status



53

2) Mac address

3) IP address

4) Subnet mask

5) Hardware type / manufacturer

6) Bandwidth

7) Reliability

8) Delay

9) Load ( Tx load, Rx load)

10) Encapsulation

11) ARP type (if applicable)

12) Keep alive

Configuring secondary IP

Router#config terminal



54


Router(config-if)#IP address 192.168.10.5 255.255.255.0

Router(config-if)#IP address 192.168.10.18 255.255.255.0 secondary

Router(config-if)#no shutdown (to enable the interface because they

always shutdown)


Router#show run (to display secondary IP)

To display commands present i n history

Router#show history

To display history size

Router#show terminal

VIII. Configuring Banners

Banners are just a message that can appear at different prompts according to the

type. Different banners are: -

Message of the day (motd)-This banner appear at every access method.

5) IP Routing

When we want to connect two or more networks using different n/w addresses then we

have to use IP Routing technique. The router will be used to perform routing between the

networks. A router will perform following functions for routing.

I. Path determination

The process of obtaining path in routing table is called path determination. There

are three different methods to which router can learn path.

Automatic detection of directly connected networks.

Static & Default routing

Dynamic routing

II. Packet forwarding

It is a process that is by default enable in router. The router will perform packet

forwarding only if route is available in the routing table.

III. Static Routing

In this routing, we have to use IP route commands through which we can specify

routes for different networks. The administrator will analyze whole internetwork



55

topology and then specify the route for each n/w that is not directly connected to

the router.

Steps to perform static routing-

a. Create a list of all n/w present in internetwork.

b. Remove the n/w address from list, which is directly connected to n/w.

c. Specify each route for each routing n/w by using IP route command.

Router(config)#ip route <destination n/w> <mask> <next hop ip>

Next hop IP it is the IP address of neighbor router that is directly

connected our router.

Static Routing Example: -

Router#conf ter

Router(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2

Advantages of static routing

a. Fast and efficient.

b. More control over selected path.

c. Less overhead for router.

Disadvantages of static routing

a. More overheads on administrator.

b. Load balancing is not easily possible.

c. In case of topology change routing table has to be change

manually.

IV. Default Routing

Default routing means a route for any n/w. these routes are specify with the help

of following syntax: -

Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop>

To display routing table

Router#show ip route

To check all the in terf ace of a router

Router#show interface brief



56

V. Dynamic Routing

In dynamic routing, we will enable a routing protocol on router. This protocol will

send its routing information to the neighbor router. The neighbors will analyze the

information and write new routes to the routing table.

The routers will pass routing information receive from one router to other router

also. If there are more than one path available then routes are compared and best

path is selected. Some examples of dynamic protocol are: -RIP, IGRP, EIGRP,

and OSPF

Configuring RIP

Router#conf ter

Router(config)#router rip

Router(config-router)#network <own net address>

Router(config-router)#network <own net address>

Router(config-router)#exit

Example- Router(config-router)#network 10.0.0.0

Router(config-router)#network 172.16.0.0

Router(config-router)#network 200.100.100.0

175.2.0.0 via 172.16.0.6

VI. Configuring IGRP

Router(config)#router igrp <as no>(1 – 65535)

Router(config-router)#network <net address>

Router(config-router)#network <net address>




57

VII. Link State Routing

This type of routing is based on link state. The router will send link state

information to the all neighbors. Link state information from one neighbor is also

forwarded to other neighbor.

Each router will maintain its link state database created from link state

advertisement received from different routers.

The router will use best path algorithm to store the path in routing table.

Problems of Link State Routing

The main problems of link state routing are: -

High bandwidth consumption.

More hardware resources required that is processor and memory (RAM)

The routing protocols, which use link state routing are: -

a. EIGRP (Enhanced Interior Gateway Routing Protocol)

Features: -

Cisco proprietary

Hybrid protocol

Link State

Distance Vector

Multicast Updates using

Address 224.0.0.10

Support AS

Support VLSM

Automatic Route Summarization

Unequal path cost load balancing

Confi guring EIGRP: -

Router(config)#router eigrp <as no>

Router(config-router)#network <net addr.>

Router(config-router)#network <net addr.>


b. OSPF Terminology



58

Router ID-Router ID is the highest IP address of router interfaces. This id

is used as the identity of the router. It maintains link state databases. The

first preference for selecting router ID is given to the Logical interfaces. If

logical interface is not present then highest IP of physical interface is

selected as router id.

Backup Designated Router-This router will work as backup for the

designated router. In BDR mode, it will receive all information but do not

forward this information to other non-DR router.

Confi guring OSPF-

Router#conf ter

Router(config)#router ospf <process no>

Router(config-router)#network <net address> <wild mask> area <area id>

Router(config-router)#network <net address> <wild mask> area <area id>


Wild Mask – Complement of subnet mask

Example 255.255.255.255

- 255.255.192.0 subnet mask

0.0.63.255 wild mask

Example of OSPF Routing-

Router(config)#router ospf 33

Router(config-router)#network 200.100.100.32 0.0.0.3 area 0

Router(config-router)#network 200.100.100.64 0.0.0.31 area 0


6) LAN Switching

Ethernet switches are used in LAN to create Ethernet n/ws. Switches forward the traffic

on the basis of MAC address. Switches maintain a Mac Addresse table in which mac

addresses and port no.s are used to perform switching decision. Working of bridge and

switch is similar to each other.

Classif ication of switches



59

Switches are classified according to the following criteria: -

Types of switches based on working: -

Store & Forward-This switch receives entire frame then perform error checking

and start forwarding data to the destination.

Cut through-This switch starts forwarding frame as soon as first six bytes of the

frame are received.

Fragment-free-This switch receives 64 bytes of the frame, perform error checking

and then start forwarding data.

Adaptive cut-through-It changes its mode according the condition. If it see there

are errors in many frames then it changes to Store & Forward mode from Cut

through or Fragment-free.

Types of switches based on management: -

Manageable switches

Non-Manageable switches

Semi-Manageable switches

Types of switches based on OSI layer: -

Layer 2 switches (only switching)

Layer 3 switches (switching & routing)

Types of switches based on command mode (only in Cisco): -

IOS based

CLI based

Type of switches based on hierarchical model: -

Core layer switches

Distribution layer switches

Access layer switches

Qual iti es of switch

- No. of ports

- Speed of ports

- Type of media

- Switching or wire speed or throughput

Basic Switch Admini stration



60

IOS based switches are similar to the routers. We can perform following function on

switches in a similar manner as performed on router.

(1) Access switch using console

(2) Commands to enter & exit from different mode

(3) Commands to configure passwords

(4) Manage configuration

(5) Backup IOS and configuration

(6) Configuring and resolving hostnames

(7) Managing telnet

(8) Configuring CDP

(9) Configuring time clock

(10) Configuring Banners

(11) Command line shortcuts and editing shortcuts

(12) Managing history

(13) Configure logging

(14) Boot system commands

Following function and options are not similar in router and switch.

(1) Default hostname is „Switch‟

(2) Auxiliary port is not present

(3) VTY ports are mostly 0 to 15

(4) By default interfaces are enabled

(5) IP address cannot be assign to interfaces

(6) Routing configuration mode is not present

(7) Interface no. starts from 1

(8) Web access is by default enabled

(9) Configuration registry is not present in similar manner

(10) Flash memory may contain multiple files and startup-configuration is also

saved in flash

Configuring I P and Gateway on switch

We can configure IP address on switch for web access or telnet IP address

is required for the administration of the switch. If we have to access switch



61

from remote n/w then we will configure default gateway in addition to IP

address.

IP address is assigned to the logical interface of switch with following

command:-

Switch(config)#interface vlan 1

Switch(config)#IP address <ip> <mask>

Switch(config)#no sh

Switch(config)#exit

Configuring Gateway

Switch(config)#ip default-gateway <ip>

Switch(config)#exit

Breaking Switch Password

1. Power off switch press mode button present in front of switch then

power on the switch.

2. Keep mode button press until „Switch:‟ prompt appears on console.

3. In switch monitor mode, type following commands: -

flash_init

load_helper

rename flash:config.text flash:<anyname>

dir flash:

boot

4. After booting switch will prompt to enter in initial configuration

dialog. Enter „no‟ here and type.

Switch>enable

Rename flash:<anyname> Flash:config.text

Configure memory

Change password and save config. Then copy run start_config.

Logical Segmentation of Network

To perform logical segmentation, we have to create VLAN in the network. With the help

of VLAN, we can logically divide the broadcast domain of the network.



62

VLAN (Virtual LAN)- VLAN provides Virtual Segmentation of Broadcast Domain in the

network. The devices, which are member of same Vlan, are able to communicate with

each other. The devices of different Vlan may communicate with each other with routing.

So that different Vlan devices will use different n/w addresses. Vlan provides following

advantages: -

(1) Logical Segmentation of network

(2) Enhance network security

Creating port based Vlan

In port based Vlan, first we have to create a Vlan on manageable switch then we have to

add ports to the Vlan.

Commands to create Vlan

Switch#config ter

Switch(config)#vlan <no> [name <word>]

Switch(config)#exit [optional]

Or

Switch#vlan database

Switch(vlan)#vlan <no> [name <word>]

Switch(vlan)#exit

Commands to conf igure ports for a Vlan

By default, all ports are member of single vlan that is Vlan1. we can

change vlan membership according to our requirement.

Switch#conf ter

Switch(config)#interface <type> <no>

Switch(config-if)#switchport access vlan <no>

Switch(config-if)#exit

Commands to conf igur e mul tiple ports in a vlan

Switch#config ter

Switch(config)#interface range <type> <slot/port no-port no>

Switch(config-if)#switchport access vlan <no>




63

Example: - Suppose we want to add interface fast Ethernet 0/10 to

0/18 in vlan5

Switch#config ter

Switch(config)#interface range fastethernet 0/10 – 18

Switch(config-if)#switchport access vlan 5


To Di sable web access in switch

Switch#config ter

Switch(config)#no ip http server

To display mac address table

Switch#show mac-address-table

Vlan Mac address type ports

20 00-08-a16-ab-6a-7b dynamic fa0/7

To Di splay Vlan and port membership

Switch#show vlan

Trunking

When there are multiple switches then we have to use trunk links to connect one switch

with other. If we are not using trunk links then we have to connect one cable from each

vlan to the corresponding vlan of the other switch.

Switches will perform trunking with the help of frame tagging. The trunk port will send

data frames by adding a Vlan id information to the frame, at the receiving end vlan id

information is removing from the end and according to the tag data is delivered to the

corresponding vlan.

Configuring Trunking- In cisco switches all switch ports may be

configured in three modes-Trunk desirable (default), Trunk on, Trunk off.

Switch#conf ter

Switch(config)#interface <type> <no>

Switch(config-if)#switchport mode <trunk|access|auto>

Switch(config-if)#exit on off desirable



64

To conf igure Vlans allowed on Trunk - By default all Vlans are allowed

on Trunk port. We can add/remove a particular Vlan from trunk port with

following command

Switch#config ter

Switch(config)#interface <type> <no.>

Switch(config-if)#switchport trunk allowed vlan all

To display trunk interfaces

Switch#show interface trunk

Switch#show interface <type> <no.> trunk

I nter Vlan Communication

After creating Vlans, each Vlan has own broadcast domain. If we want communication

from one Vlan to another Vlan then we need to perform routing. There are three methods

for inter vlan communication.

Inter Vlan using multi-interface router

In this case, we have to connect one interface of router in each Vlan. This

interface will act as gateway for the corresponding vlan. Each Vlan has to use

different n/w addresses. Data from one Vlan to another Vlan will travel by router.

Configuration on Router

Router#config ter



65

Router(config)#interface fastethernet 0/0

Router(config-if)#no ip address

Router(config-if)#no sh


Router(config)#interface fastethernet 0/0.1

Router(config-if)#encapsulation dot1q 1

Router(config-if)#ip address 10.0.0.1 255.0.0.0













Configuration on Core switch

a. Configure switch as VTP server

b. Create Vlans

c. Configure interface connected to router as Trunk

d. Configure interfaces connected to other switches as trunk (if

required)

Configuration on Distri bution layer switches

a. Configure switch as VTP client

b. Configure required interface as Trunk (optional)

c. Add ports to Vlan

Configuration on Pc

Configure IP and Gateway



66

To configure ports for forwarding mode directly

Switch#config ter

Switch(config)#interface <type> <no.>

Switch(config-if)#switchport host

7) Access Control List

ACL are the basic security feature that is required in any network to control the flow of

traffic. Most of time our network may have servers and clients for which traffic control is

required.

We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality

of Service), Prioritize traffic and interesting traffic for ISDN. Classification Access

Control List: -

Types of ACL based on Protocol : -

(1) IP Access Control List

(2) IPX Access Control List

(3) AppleTalk Access Control List

Types of ACL based on F eature : -

(1) Standard ACL

(2) Extended ACL

Types of ACL based on Access mode : -

(1) Numbered ACL

(2) Named ACL

Types of ACL based on Order of r ules : -

(1) Deny, permit

(2) Permit, deny

I P Standard ACL (Numbered)

In Standard ACL, we are only able to specify source address for the

filtering of packets. The syntax to create IP standard ACL are: -

Router#conf ter

Router(config)#access-list <no> <permit|deny> <source>

Router(config)#exit



67

<source> Single pc host 192.168.10.5

192.168.10.5

192.168.10.5 0.0.0.0

N/w 200.100.100.0 0.0.0.255

Subnet 200.100.100.32 0.0.0.15

Applying ACL on interf ace

Router#conf ter


Router(config-if)#ip access-group <ACL no.> <in|out>


Internet

Router(config)#access-list 25 permit 192.168.10.32 0.0.0.31

Router(config)#access-list 25 permit 192.168.10.64 0.0.0.3

Router(config)#access-list 25 permit 192.168.10.68



Router(config)#interface serial 0

Router(config-if)#ip access-group 25 out

Router



68

I P Standard ACL (Named)

In Numbered ACL editing feature is not available that is we are not able to

delete single rule from the ACL. In Named ACL editing feature is

available.

Router#config ter

Router(config)#ip access-list standard <name>

Router(config-std-nacl)#<deny|permit> <source>

Router(config-std-nacl)#exit

Router#conf ter

Router(config)#ip access-list standard abc

Router(config-std-nacl)#deny 172.16.0.16



Router(config-std-nacl)#permit any


To modif y the ACL

Router#conf ter

Router(config)#ip access-list standard abc

Router(config-std-nacl)#no deny 172.16.0.17


I P Extended ACL (Numbered)

Extended ACL are advanced ACL. ACL, which can control traffic flow on

the basis of five different parameters that are: -

(i) Source address

(ii) Destination address

(iii) Source port

(iv) Destination port

(v) Protocol (layer 3/layer 4)

To display ACL

Router#show access-lists or

Router#show access-list <no.>



69

To display ACL applied on interface

Router#show ip interface

Router#show ip interface <type> <no>

Router#show ip interface Ethernet 0

9) Network Address Translation

NAT is the feature that can be enable in a Router, Firewall or a Pc. With the help of

NAT, we are able to translate network layer addresses that are IP addresses of packets.

With the help of Port Address Translation, we are also able to translate port no.s present

in transport layer header.

There are two reasons due to which we use NAT: -

(1) Conserve Live IP address-On Internet, there are limited no of IP addresses. If our Pc

wants to communicate on Internet then it should have a Live IP address assigned by our

ISP. So that IP address request will depend on no. of PCs that we want to connect on

Internet. Due to this, there will be a lot of wastage in IP addresses. To reduce wastage, we

can share live IP addresses between multiple PCs with the help of NAT.

(2) NAT enhances the network security by hiding PC & devices behind NAT.

Types of NAT-

Static NAT-This NAT is used for servers in which one Live IP is directly mapped

to one Local IP. This NAT will forward on the traffic for the Live IP to the LocalPC in the n/w.

Dynamic NAT-Dynamic NAT is used for clients, which want to access Internet.

The request from multiple client IPs are translated with the Live IP obtained from

the Pool. It is also called Pool Based Dynamic NAT.

Confi guring NAT

Router#conf ter

Router(config)#int serial 0

Router(config-if)#ip nat outside

Router(config-if)#int eth 0

Router(config-if)#ip nat inside




70

Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3

Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80

Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53

Router(config)#access-list 30 deny 172.16.0.5



Router(config)#access-list 30 permit any

Router(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask

255.255.255.240

Router(config)#ip nat inside source list 30 pool abc overload

NAT + PAT

Command for Basic NAT

Router(config)#ip nat inside source list 30 interface seen

<exiting interface name>



71

Chapter-3

Project Methodology

Network Configuration of LAN with WAN

The project is based on the concepts of networking. It includes configuring different network

devices like Router, Switch, Bridge & connecting it with Hubs & PCs by using different types of

connecting wires by allocating the IP Addresses to all the interfaces after the subneting of

network ID. The beauty of configuring network devices is that it helps users access the network

with few constraints like allowing some to access the website but not allowing them to access the

mail server on the internet on private IP address which are otherwise excluded by internet service

provider (ISP).

We have used Routing between the various centers of a Company in different cities. Inter VLAN

technology is used to make work efficient between 2 different departments in one center.



72

DESCRIPTION

We have six different centers of a organization. We have purchased a network id and divide that

network id into number of small network ids by using Variable Length Subnet Mask (VLSM).

We have used six Routers & applied various configuration settings on each router.

On Router4 we have configured NAT with translates private range of IPs into public range.

Extended Access Control List has been applied to Router 3 between Laptop 7 and Network of

Router 4 with Laptop 12 and 13. Telnet service has been denied by the network. Switch 3

connected with Router 2 is used to create Inter VLANs between two different departments of

center in a single city.

Configuration

1. Router 0

%SYS-5-CONFIG_I: Configured for ROUTER0

Router>en

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname Patiala

Patiala(config)#line console 0

Patiala(config-line)#password city

Patiala(config-line)#login

Patiala(config-line)#exit

Patiala(config)#line vty 0 4

Patiala(config-line)#password city

Patiala(config-line)#login

Patiala(config-line)#exit

Patiala(config)#enable password city

Patiala(config)#enable secret cityPatiala(config)#int f0/0

Patiala(config-if)#ip address 192.168.2.1 255.255.255.0

Patiala(config-if)#no sh

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

Patiala(config-if)#exit



73

Patiala(config)#int s0/0/0

Patiala(config-if)# ip address 192.168.3.1 255.255.255.0


Patiala(config-if)#clock rate 64000


Patiala(config)#int s0/0/1

Patiala(config-if)# ip address 192.168.4.1 255.255.255.0


Patiala(config-if)#clock rate 64000


Patiala(config)#router rip

Patiala(config-router)#network 192.168.2.0

Patiala (config-router)#network 192.168.4.0





Patiala (config-router)# exit

Patiala (config)# router ospf 100

Patiala (config-router)#network 192.168.3.0 0.0.0.15 area 0

Patiala (config-router)#network 192.168.2.0 0.0.0.15 area 0

Patiala (config-router)#exit

Patiala(config)#exit

Patiala# write

2. Router 3


Router>en

Router#config t


Router(config)#hostname Ludhiana

Ludhiana (config)#line console 0



74

Ludhiana (config-line)#password city

Ludhiana (config-line)#login

Ludhiana (config-line)#exit

Ludhiana (config)#line vty 0 4

Ludhiana (config-line)#password city

Ludhiana (config-line)#login

Ludhiana (config-line)#exit

Ludhiana (config)#enable password city

Ludhiana (config)#enable secret city

Ludhiana (config)#int f0/0

Ludhiana (config-if)#ip address 192.168.6.1 255.255.255.0

Ludhiana (config-if)#no sh

Ludhiana (config-if)#exit

Ludhiana (config)#int s0/0/0

Ludhiana (config-if)# ip address 192.168.4.2 255.255.255.0


Ludhiana (config-if)#clock rate 64000



Ludhiana (config-if)#ip address 192.168.7.2 255.255.255.0














75



Ludhiana (config)# router eigrp 10

Ludhiana (config-router)# network 192.168.4.0


Ludhiana (config-router)#exit

Ludhiana (config)#router rip

Ludhiana (config)# network 192.168.2.0










Ludhiana (config-router)#exit

Ludhiana (config)#ip access-list extended city

Ludhiana (config)#deny tcp 192.168.6.4 0.0.0.1 192.168.10.1 255.255.255.0 eq 23

Ludhiana (config)# permit ip any any

Ludhiana (config)#int f0/0

Ludhiana (config-if)# ip access-group city in


Ludhiana (config)#exit

Ludhiana#write

3. Router 4


Router>en

Router#config t




76

Router(config)#hostname Jalandhar

Jalandhar (config)#line console 0

Jalandhar (config-line)#password city

Jalandhar (config-line)#login

Jalandhar (config-line)#exit

Jalandhar (config)#line vty 0 4

Jalandhar (config-line)#password city

Jalandhar (config-line)#login

Jalandhar (config-line)#exit

Jalandhar (config)#enable password city

Jalandhar (config)#enable secret city

Jalandhar (config)#int f0/0

Jalandhar (config-if)# ip address 192.168.10.1 255.255.255.0

Jalandhar (config-if)#no sh

Jalandhar (config-if)#exit


Jalandhar (config-if)#ip address 192.168.12.1 255.255.255.0



Jalandhar (config)#int s0/0/0



Jalandhar (config-if)#clock rate 64000





Jalandhar (config-if)# clock rate 64000


Jalandhar (config)#router rip

Jalandhar (config-router)# network 192.168.2.0



77

Jalandhar (config-router)#network 192.168.3.0













Jalandhar (config-router)#exit


Jalandhar (config-if)#ip nat inside



Jalandhar (config-if)#ip nat outside

Jalandhar (config)#exit

Jalandhar (config)#ip access-list standard 10

Jalandhar (config)#permit 192.168.12.0 0.0.0.15

Jalandhar (config)# ip nat pool city 202.20.20.3 202.20.20.10 netmask 255.255.255.0

Jalandhar (config)# ip nat inside source list 10 pool city

Jalandhar (config)#exit

Jalandhar#write

network configuration of lan with man

Documents