CCN Lab Manual Full

Fatima Jinnah Women University
Department of Software Engineering
Lab Manual
Computer Communication and Networks
Submitted by:
Asma Ali
Registration #
2016-BSE-031
Submitted to:
Sir. Ayyaz Mehmood Khan
Date of Submission
26-December-2018
Lab #01
Hands on Practice of Basic Commands on Desktop

You just need to follow the underwrite instructions.
1. Verify the connectivity of your workstation to the internet.
2. Open the Command Prompt of the operating system using either of the following methods:
 Click on Start>All Programs >Accessories>Command Prompt OR
 Click on Start>Run, enter cmd (short for command) and click on ok. A Command Prompt screen
should open.
3. Type ipconfig (short for IP configuration) and press Enter the screen will show the IP address, subnet
mask, and default gateway for your computer’s connection.\
Notice the values in the Command Prompt. The IP address and the default gateways should be in the same
network or subnet, otherwise this host would not be able to communicate outside the network.
InFig.3, the subnet mask tells us that the first three octets of the IP address and the default gateway must be
the same in order to be in the same network.
4. Check more detailed TCP/IP configuration information:

Type ipconfig /allandpressEnter.What arethe DNS andDHCPserveraddresses?Whatare
theirfunctions?WhatistheMAC of the networkinterfacecard?
5. PingtheIPaddressofanothercomputer.NotethatforthepingandtracertcommandstoworkthePC firewalls
havetobe disabled.Whydoyouthinkthis is so?
6. AsktheIPaddressoftheworkstationthatisbeingusedbyanothergroupofstudents.Thentypeping,space, andthe
IPaddressthatyoureceived,thenpressEnter.Noticetheoutputs.
Fig.2 shows a successful result of a ping to a given IP address.
Ping the IP address of the gateway router from the details that have been observed in the output of
step 4 above. If the ping is successful, it means that there is a physical connectivity to the router on the
local network and probably the rest of the world.
7. Ping the Loop back IP address of your computer. Type the following command: ping 127.0.0.1. The IP
address 127.0.0.1 is reserved for loop back testing. If the ping is successful, then TCP/IP is properly
installed and functioning on this computer.
8. You can also ping using names like websites. Ping the IP address of the FJWU website. Type ping
space and www.fjwu.edu.pk then press Enter. Notice the outputs. A DNS server will resolve the name
to an IP address and the ping will be successful only in the existence of the DNS server.
9. Trace the route to the Cisco website. Type tracert www.fjwu.edu.pk and press enter. In a successful
output, you will see listings of all routers the tracert requests had to pass through to get to the
destination.
Lab Evaluation:
Answer the following basic questions.
1. What is the IP address of your machine?
2. How many hops to the university website? Why so many hops?
Over maximum of 30 hops
3. Why do you think we need to be connected to the internet for today’s Lab?
Internet is required for IP (Internet Protocol) packet switching—delivering actual packets of data to a
computer using IP address. If there is no Internet then the computer is not present on the network
4. Use tracert command to access Department of Computer Science of your university and discuss the
results?
Lab #02
Intro to Packet Tracer, Console password, Vty password

A. Configure Develop Basic LAN infrastructure.
B. Implement Basic LAN Infrastructure on Packet Tracer
How to connect two computers via LAN:
How to connect two computers in Windows XP. This will let you share files and folders, printers, play
network games, etc...
Steps:
1. Connect the two computers together either with a Crossover cable or a Hub/Switch to the Ethernet card in
your computer.
2. Set the IP address on both computers. Go to Start > Control Panel > Network Connections (choose switch
to classic view if you cannot see network connections)
3. Look for your Local Area Connection Ethernet adapter, right-click and choose properties.
4. Select Internet Protocol TCP/IP and choose properties. Setup the IP as 192.168.1.1 and the subnet mask
of 255.255.255.0 on the first computer and 192.168.1.2 on the second with the same subnet mask.
5. Choose OK then OK/close again.
Task1:
What is Difference between Straight Through & Cross-over cables?
Straight through Cable Cross-Over Cable

This type of cable will be used most of the time It's usually used to connect same type of devices. A
and can be used to: crossover cable can be used to:
1) Connect a computer to a switch/hub's normal 1) Connect two computers directly.

port.
2) Connect a router's LAN port to a switch/hub's
2) Connect a computer to a cable/DSL modem's normal port. (Normally used for expanding network)
LAN port.
3) Connect two switches/hubs by using normal port
3) Connect a router's WAN port to a cable/DSL in both switches/hubs.
modem's LAN port.
In you need to check how crossover cable looks like,
4) Connect a router's LAN port to a both side (side A and side B) of cable have wire
switch/hub's uplink port. (Normally used for arrangement with following different color.
expanding network)
This cable (either straight cable or cross cable) has
5) Connect two switches/hubs with one of the total 8 wires (or we can say lines), i.e. four twisted
switch/hub using an uplink port and the other pairs (4x2=8) with different color codes. Right now
one using normal port. just forget about color codes. It doesn’t matter what
color is given to the cable (but there is a standard).
In straight cable connectivity is like as follow In cross cable connectivity is like as follows
RJ451 Connected to RJ452 RJ451 Connected to RJ452

Task2:
Implement LAN environment on Cisco Packet Tracer.
Ping Result:
Lab #03
IP Addressing/Schemes & Classes of IP AddressesSwitchport Security

Physical address: Physical address is a network port address of a device. It is built-in address and it can’t
be changed.
Logical address: Logical address can be changed according to the requirements. If computer is in our
domain.
How it is assign?
Department of defense USA develop it to communicate their computers. They develop TCP/IP software. IP
was a 32-bit number. They develop 4 octants of 8-bit. Each octant has a 8 binary numbers. We see our IP in
decimal numbers; it is conversion of 32-bit binary number. There is 1 decimal no against 8 binary numbers.
IP versions:
There are two versions of IP’s.
 Version 4 (IPv4)
 Version 6 (IPv6)
Version 4 (IPv4): Decimal conversion of 32-bit binary no.
Version 6 (IPv6): Hexadecimal conversion of 128-bit binary no.
There are limited no of valid IP addresses in IPv4. Due to growing no of users in world we need more IP
addresses, so IPv4 was developed. IPv6 has large no valid IP addresses.
Structure of IP: Binary= 11111111. 11111111. 11111111. 11111111
=27x 1+26x1+25x1+24 x1+23x1+22x1+21x1+20x1=128+64+32+16+8+4+2+1=255
So, decimal conversion of above binary no IP is:

11111111. 11111111. 11111111. 11111111=255.255.255.255
It is the biggest IP address.
If the IP address in binary is 00000000.00000000.00000000.00000000 then it is the smallest IP address and
its decimal equivalent is 0.0.0.0.
Range of IP address:
Range of LAN is called network. If we divide a network in to different sub-networks then it is called sub
netting.
IP address can be any no between 0 and 255 depending upon the requirements.
IP Classes:
The Classes of IP depends upon the range.
There are 5 classes of IPv4. Each class has its usage depending upon the environment.
 Class A: It ranges from IP address 1.0.0.1 to 126.255.255.254. The 1 st octant can never be zero,
because it is not a positive number. The 1st and last value of IP cannot be ‘0’ and ‘255’
simultaneously.
 Class B: It ranges from IP address 128.0.0.1 to 191.255.255.254.
 Class C: It ranges from IP address 192.0.0.1 to 223.255.255.254.
 Class D: It ranges from IP address 224.0.0.1 to 239.255.255.254.
 Class E: It ranges from IP address 240.0.0.1 to 254.255.255.254.
Another range is 127.X.X.X. It is loop back IP.
The network of the whole world depends upon the class A, Class B, Class C. Class E is for scientist’s
research purposes.Class D is for multitasking. As Class E and Class D are reserve classes so we cannot give
IPs to computers from these classes.
IP sub-net mask:
As each IP has a range, the subnet mask was developed to extract or differentiate between the valid and
invalid IP addresses. The subnet mask for Class A is 255.0.0.0, for Class B is 255.255.0.0 and for Class C is
255.255.255.0. In Class A the last three fields of subnet-mask cannot be changed. Similarly in Class B last 2
and in Class C the last field cannot be changed.
 No of networks and IP addresses in Class A:
We can make only 127 networks and16 million IP’s in class A. First of all we change the 1 st field of
IP from ‘0’ to ‘254’. Then we start changing 2nd field of IP and also change the 1st row side by side.
When the 1strow reach to no ‘254’ we do an increment of one no in 2 nd and this processes is repeated
until the 2nd row reach to no ‘255’. When it reaches 255 we start changing 3 rd row and repeat the
above process until the 3rd row reach the no ‘255’. When we change the last row we, change the
network and make a new network. For example if we make a network “10.0.0.1” and apply the
above mentioned process to obtain valid IP’s ,then the last valid IP of this network will be
10.255.255.254. When we will change the 4th field of IP it will become a new network and the whole
above process will be applied to it to obtain the valid IP’s. The new network will be 11.0.0.1.
 No of networks and IP addresses in Class B:
We can make 16000 networks and each network can have 65000 IP’s in class B. the process of
making valid IP’s is same as in Class A. The only difference is that we can make changes only in 1 st
and 2nd field for obtaining valid IP’s and for obtaining valid networks we can change the last 2 fields
of IP.
 No of networks and IP addresses in Class C:
We can make 2 million networks and each network can have only 254 IP’s in class C. The process
of making valid IP’s is same as in Class A& Class B. The only difference is that we can make
changes only in 1st field for obtaining valid IP’s and for obtaining valid networks we can change the
last 3 fields of IP.
Types of IP’s:
There are two types of IP’s.
 Private IP
 Public IP
Private IP’s have defined ranges while Public IP’s have undefined ranges. We can access public IP’s easily
on internet but access to private in not possible for everyone. Each class has pre-defined public and private
networks.
 For Class A: There is only 1 private network and its IP’s ranges from 10.0.0.1 to 10.255.255.254.
Except this network IP’s, all network’s IP in class ‘A’ are public IPs.
 For Class B:There is also only 1 private network in class ‘B’ and its IP’s ranges from 172.16.X.X
to 172.16.255.254
 For Class C:In class ‘C’ more than 1 networks are private and their IP’s ranges from 192.168.X.Xto
192.168.255.254.
Lab# 04
Virtual Lans
Issues with LANs
This arrangement gets the job done in that each device can communicate with any other device, but as the
size of the network grows, several problems will occur. What if the organization’s security policy dictates
that sensitive data on computers in the Accounting department should not be accessible by other
departments? In this design, we have no easy way to enforce that policy.
Another problem that will occur as this network grows is excessive broadcast traffic. Do the computers in
the Marketing department really need to process network broadcasts that occur when computers in the
Accounting and Human Resources departments attempt to communicate with the printers? No they don’t,
but in this design, we have no way to isolate broadcast traffic.
One approach to resolving these issues would be to divide our network into multiple LANs, as shown in
Figure 2. By connecting the devices in each department to their own switch, we have created additional
broadcast domains that isolate broadcast traffic within each department. We have also addressed security
concerns by making sure that computers in one department cannot access sensitive data in another
department. We may have addressed our security concern a little too well, because now computers in one
department can never access computers in another department and the folks in the Marketing department
cannot access a printer. That’s not ideal either. Notice also that we now would have to purchase, install, and
maintain three separate pieces of hardware where one might do the job.
Introducing the VLAN
A solution to these and other problems is the Virtual Local Area Network, or VLAN. VLAN technology is
included in the feature sets of most modern Ethernet switches. A VLAN behaves just like a LAN in all
respects but with additional flexibility. By using VLAN technology, it is possible to subdivide a single
physical switch into several logical switches. VLANs are implemented by using the appropriate switch
configuration commands to create the VLANs and assign specific switch interfaces to the desired VLAN.
In Figure we see a network in which VLANs have been implemented. This network is logically equivalent
to the network shown in Figure 2, but only one physical switch is required. Switch interfaces for devices in
the Accounting department have been assigned to VLAN 10, devices in the Marketing department are
connected to switch interfaces in VLAN 20, and the HR department uses VLAN 30.
Switches implement VLANs by adding a VLAN tag to the Ethernet frames as they enter the switch. The
VLAN tag contains the VLAN ID and other information, which is determined by the interface from which
the frame enters the switch. The switch uses VLAN tags to ensure that each Ethernet frame is confined to
the VLAN to which it belongs based on the VLAN ID contained in the VLAN tag. The VLAN tags are
removed as the frames exit the switch on the way to their destination.
VIRTUAL TRUNKING PROTOCOL
This topic describes the features that VLAN Trunking Protocol (VTP) offers to support VLANs. To help
you understand the basic concept, this is a summary of what VTP is:
“VTP allows a network manager to configure a switch so that it will propagate VLAN configurations
to other switches in the network”
VTP minimizes misconfigurations and configuration inconsistencies that can cause problems, such as
duplicate VLAN names or incorrect VLAN-type specifications. VTP helps you simplify management of the
VLAN database across multiple switches.VTP is a Cisco-proprietary protocol and is available on most of
the Cisco switches.
Task:
Topology:
Configuration of Switches:
Switch 1:
Switch>enable
Switch#confter
Switch#conf terminal
Enter configuration commands, one per line.
Switch(config)#vlan 10
Switch(config-vlan)#name sara
Switch(config-vlan)#exit
Switch(config-vlan)#name asma
Switch(config-vlan)#name tamsal
Switch(config)#exit
Switch(config)#vtp domain admin
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#interface fa0/1
Switch(config-if)#switchport mode trunk Ping Results:
Switch(config-if)#switchport trunk allowed vlan 10,20,30
Switch(config-if)#exit
Switch(config)#interface range fa0/2-7
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#exit
Switch 2:
Switch>enable
Switch#confter
Enter configuration commands, one per line. End with CNTL/Z.
Domain name already set to admin.
Switch(config)#vtp mode client
Setting device to VTP CLIENT mode.
Switch(config)#exit
Switch 4:
Switch>enable
Switch#conf term
Enter configuration commands, one per line
Changing VTP domain name from NULL to admin
Switch(config)#interface
Switch(config)#interface fast
Switch(config)#interface fastEthernet
Switch(config)#interface fastEthernet 0/18
Switch(config-if)#switchport mode trunk
Switch(config)#exit
Switch#
Switch 5:
Switch>enable
Switch#conf term
Switch(config)#exit
Switch#
Lab #05
Inter Vlan Routing
Inter-VLAN routing as a process of forwarding network traffic from one VLAN to another VLAN using a
router or layer3 device (e.g; Router or L3 Switch).
In the previous labs, we learned about how to configure VLANs on a network switch. To allow devices
connected to the various VLANs to communicate with each other, you need to connect a router.
As we’ve learned that each VLAN is a unique broadcast domain, so, computers on separate VLANs are, by
default, not able to communicate. There is a way to permit these computers to communicate; it is called
inter-VLAN routing.
One of the ways of the ways to carry out inter-VLAN routing is by connecting a router to the switch
infrastructure. VLANs are associated with unique IP subnets on the network.
This subnet configuration enables the routing process in a multi-VLAN environment. When using a router
to facilitate inter-VLAN routing, the router interfaces can be connected to separate VLANs. Devices on
those VLANs communicate with each other via the router.
The figure above show a traditional inter-VLAN routing:

1 Traffic from PC1 on VLAN10 is routed through router R1 to reach PC3 on VLAN 20.
2. PC1 and PC3 are on different VLANs and have IP addresses on different subnets.
3. Router R1 has a separate interface configured for each of the VLANs.
Task:
Configuration:
Switch 1:
Switch>enable
Switch#confter
Switch(config-vlan)#name sara
Switch(config)#
Switch(config-vlan)#name asma
Switch(config)#
Switch(config-vlan)#name tamsal
Switch(config)#
Switch(config)#exit
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#interface fa0/1
Switch#confter
Switch(config-if-range)#exit Ping Result:
Switch(config)#interface range fa0/8-12 Ping Vlan 20 PC from Vln 10 Pc
Switch(config-if-range)#exit.
Switch 2:
Switch>enable
Switch#confter
Domain name already set to admin.
Switch(config)#exit
Switch 3:
Same as like in switch 2.
Switch 5:
Switch>enable
Switch#conf term
Switch(config)#exit
Router:
Router>enable
Router#confter
Router#conf terminal
Router(config)#interface fa0/0
Router(config-if)#no shutdown
Router(config-if)#interface fa0/0.10
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.10.2 255.255.255.0
Router(config-subif)#exit
Router(config)#interface fa0/0.20
Router(config)#
Router(config)#interface fa0/0.30
Router(config)#exit
Lab #06
Switching (Switch Port Security & Spanning Tree Protocol)
Port Security
By default, all interfaces on a Cisco switch are turned on. That means that an attacker could connect to your
network through a wall socket and potentially threaten your network. If you know which devices will be
connected to which ports, you can use the Cisco security feature called port security. By using port security,
a network administrator can associate specific MAC addresses with the interface, which can prevent an
attacker to connect his device. This way you can restrict access to an interface so that only the authorized
devices can use it. If anunathorized device is connected, you can decide what action the switch will take, for
example discarding the traffic and shutting down the port.
To configure port security, three steps are required:
1. define the interface as an access interface by using the switchport mode access interface

subcommand
2. enable port security by using the switchport port-security interface subcommand
3. define which MAC addresses are allowed to send frames through this interface by using
the switchport port-security mac-address MAC_ADDRESS interface subcommand or using
the swichport port-security mac-address sticky interface subcommand to dynamically learn the
MAC address of the currently connected host
Two steps are optional:
1. define what action the switch will take when receiving a frame from an unathorized device by using
the port security violation {protect | restrict | shutdown} interface subcommand. All three options
discards the traffic from the unauthorized device. The restrict and shutdown options send a log
messsages when a violation occurs. Shut down mode also shuts down the port.
2. define the maximum number of MAC addresses that can be used on the port by using the switchport
port-security maximum NUMBER interface submode command
Switchport port-security mac address
We have two options static and dynamic to associate mac address with interfaces
In static method we have to manually define exact host mac address with switchport port-security mac-
address MAC_address command. This is the most secure method but it needs a lot of manual works. We
need to enter all mac addresses manually that is too much tedious job.
In dynamic mode we use sticky feature that allows interface to learn mac address automatically. Interface
will learn mac addresses until it reaches maximum number of allowed hosts.
switchport port-security violation
We need to specify what action; it should take in security violation. Three possible modes are available:
Protect: - This mode will only work with sticky option. In this mode frames from non-allowed address
would be dropped. It will not make log entry for dropped frames. Interface will learn address until it reach
maximum allowed number. Any additionally learned addresses would be dropped while keeping interface
operational.
Restrict: - In restrict mode frames from non-allowed address would be dropped. But in this mode, switch
will make a log entry and generate a security violation alert.
Shutdown: - In this mode switch will generate the violation alert and disable the port. Only way to re-
enable the port is to manually enter no shutdown command. This is the default violation mode.
Lab Task:
Implement Switchport Security for different workstations based on above study.
FOR PC1
Switch(config)#interface fastEthernet 0/1 Topology:
Switch(config-if)#swit
Switch(config-if)#switchport mode
Switch(config-if)#switchport mode acc
Switch(config-if)#switchport mode access
Switch(config-if)#swityc
Switch(config-if)#switchport port
Switch(config-if)#switchport port-security sec
Switch(config-if)#switchport port-security po
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac
Switch(config-if)#switchport port-security mac-address 0090.21AC.1531
Switch(config-if)#do write
Building configuration...
[OK]
FOR PC2
Switch(config-if)#switchport mode
Switch(config-if)#switchport mode acc
Switch(config-if)#switchport mode access
Switch(config-if)#switc
Switch(config-if)#switchport port
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac
Switch(config-if)#switchport port-security mac-address 00E0.F912.4911
Switch(config-if)#switchport port-security vio
Switch(config-if)#switchport port-security violation shut
Switch(config-if)#switchport port-security violation shutdown
WHEN PC REPLACE
Lab #07
Analysis of the Network Traffic Using Wireshark Tool
When you run the Wireshark program, the Wireshark graphical user interface shown in Figure 2 will be
displayed. Initially, no data will be displayed in the various windows. The Wireshark interface has five
major components:
 The command menus are standard pull down menus located at the top of the window. Of interest to
us now are the File and Capture menus. The File menu allows you to save captured packet data or
open a file containing previously captured packet data, and exit the Wireshark application. The
Capture menu allows you to begin packet capture.
 The packet-listing window displays a one-line summary for each packet captured, including the
packet number (assigned by Wireshark; this is not a packet number contained in any protocol’s
header), the time at which the packet was captured, the packet’s source and destination addresses,
the protocol type, and protocol-specific information contained in the packet. The packet listing can
be sorted according to any of these categories by clicking on a column name.
 The packet-header details window provides details about the packet selected (highlighted) in the
packet listing window. (To select a packet in the packet listing window, place the cursor over the
packet’s one-line summary in the packet listing window and click with the left mouse button.).
These details include information about the Ethernet frame (assuming the packet was sent/received
over an Ethernet interface) and IP datagram that contains this packet. The amount of Ethernet and
IP-layer detail displayed can be expanded or minimized by clicking on the plus-or-minus boxes to
the left of the Ethernet frame or IP datagram line in the packet details window. If the packet has been
carried over TCP or UDP, TCP or UDP details will also be displayed, which can similarly be
expanded or minimized. Finally, details about the highest level protocol that sent or received this
packet are also provided.
 The packet-contents window displays the entire contents of the captured frame, in both ASCII and
hexadecimal format.
Task: Watch the traffic of searching something on internet
Lab #08
Static Routing
Task:
Router 0:
Router>enable
Router#config ter
Router#config terminal
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ip address 192.168.2.200 255.255.255.0
Router(config-if)#exit
Router(config)#ip route 192.168.1.0 255.255.255.0 gigabitEthernet 0/0
%Default route without gateway, if not a point-to-point interface, may impact performance
Router(config)#ip route 192.168.4.0 255.255.255.0 giga
Router(config)#exit
Router 1:
Router>enable
Router#config ter
Router(config)#interface giga
Router(config)#exit
Router#exit
Router 2:
Router>enable
Router(config-if)#ip address 192.168.3.300 255.255.255.0\
% Invalid input detected at '^' marker.
% Invalid input detected at '^' marker.
Router(config)#exit
Output:
Lab # 09
Dynamic Routing
A dynamic routing table is created, maintained, and updated by a routing protocol running on the router.
Examples of routing protocols include RIP (Routing Information Protocol), EIGRP (Enhanced Interior
Gateway Routing Protocol), and OSPF (Open Shortest Path First). Specific dynamic routing protocols are
covered in great detail in other guides.
Routers do share dynamic routing information with each other, which increases CPU, RAM, and bandwidth
usage. However, routing protocols are capable of dynamically choosing a different (or better) path when
there is a change to the routing infrastructure.
Do not confuse routing protocols with routed protocols:
 A routed protocol is a Layer 3 protocol that applies logical addresses to devices and routes data
between networks (such as IP)
 A routing protocol dynamically builds the network, topology, and next hop information in routing
tables (such as RIP, EIGRP, etc.) Static vs. Dynamic Routing v1.21 – Aaron Balchunas
The following briefly outlines the advantages and disadvantages of dynamic routing:
Advantages of Dynamic Routing
 Simpler to configure on larger networks
 Will dynamically choose a different (or better) route if a link goes down
 Ability to load balance between multiple links
Disadvantages of Dynamic Routing
 Updates are shared between routers, thus consuming bandwidth
 Routing protocols put additional load on router CPU/RAM
 The choice of the “best route” is in the hands of the routing protocol, and not the network
administrator
Dynamic Routing Categories
There are two distinct categories of dynamic routing protocols:
 Distance-vector protocols
 Link-state protocols
Examples of distance-vector protocols include RIP and IGRP. Examples of link-state protocols include
OSPF and IS-IS.
EIGRP exhibits both distance-vector and link-state characteristics, and is considered a hybrid protocol.
Distance-vector Routing Protocols
All distance-vector routing protocols share several key characteristics:
 Periodic updates of the full routing table are sent to routing neighbors.
 Distance-vector protocols suffer from slow convergence, and are highly susceptible to loops.
 Some form of distance is used to calculate a route’s metric.
 The Bellman-Ford algorithm is used to determine the shortest path.
A distance-vector routing protocol begins by advertising directly-connected networks to its neighbors.
These updates are sent regularly (RIP – every 30 seconds; IGRP – every 90 seconds).
Neighbors will add the routes from these updates to their own routing tables. Each neighbor trusts this
information completely, and will forward their full routing table (connected and learned routes) to every
other neighbor. Thus, routers fully (and blindly) rely on neighbors for route information, a concept known
as routing by rumor.
There are several disadvantages to this behavior. Because routing information is propagated from neighbor
to neighbor via periodic updates, distance-vector protocols suffer from slow convergence. This, in addition
to blind faith of neighbor updates, results in distance-vector protocols being highly susceptible to routing
loops.
Distance-vector protocols utilize some form of distance to calculate a route’s metric. RIP uses hopcount as
its distance metric, and IGRP uses a composite of bandwidth and delay.
Link-State Routing Protocols
Link-state routing protocols were developed to alleviate the convergence and loop issues of distance-vector
protocols. Link-state protocols maintain three separate tables:
 Neighbor table – contains a list of all neighbors, and the interface each neighbor is connected off of.
Neighbors are formed by sending Hello packets.
 Topology table – otherwise known as the “link-state” table, contains a map of all links within an
area, including each link’s status.
 Shortest-Path table – contains the best routes to each particular destination (otherwise known as the
“routing” table”)
Link-state protocols do not “route by rumor.” Instead, routers send updates advertising the state of their
links (a link is a directly-connected network).
All routers know the state of all existing links within their area, and store this information in a topology
table. All routers within an area have identical topology tables.
The best route to each link (network) is stored in the routing (or shortest-path) table. If the state of a link
changes, such as a router interface failing, an advertisement containing only this link-state change will be
sent to all routers within that area. Each router will adjust its topology table accordingly, and will calculate a
new best route if required.
By maintaining a consistent topology table among all routers within an area, link-state protocols can
converge very quickly and are immune to routing loops.
Additionally, because updates are sent only during a link-state change, and contain only the change (and not
the full table), link-state protocols are less bandwidth intensive than distance-vector protocols. However, the
three link-state tables utilize more RAM and CPU on the router itself.
Link-state protocols utilize some form of cost, usually based on bandwidth,to calculate a route’s metric. The
Dijkstra formula is used to determine the shortest path.
Task1: Implement RIPv1 on last lab topology.
ROUTER 1:
Router#en
Router#conf ter
Router(config)#int fa0/0
Router(config)#router rip
Router(config-router)#version 1
Router(config-router)#network 192.168.1.0
ROUTER 2:
Router>en
Router#conf ter
Router(config-router)#do write
[OK]
ROUTER 3:
Router>en
Router#conf ter
Output:
PC 0 :192.168.1.1 PC1:192.168.4.1
PC0: PC1:
Task 02: Implement below topology for RIPv2.

Router 0:
Router>enable
Router(config-router)#no auto-summary
Router(config-router)#exit
Router 1:
Router>enable
Router#config ter
Router(config)#interface gigabitEthernet 0/0 Output:
Router(config-if)#no shutdown PC0: 192.168.1.61 PC1: 192.168.1.125
Router(config)#interface gigabitEthernet 0/1 PC2: 192.168.1.189
Router(config)#exit PC0:
Router#config ter
Router(config-router)#do write PC1:
Router(config)#exit
Router 2:
Router>enable
Router#config te
Router(config-if)#ip address 192.168.1.126
Router(config-if)#exit PC 2:
Router(config-if)#ip address 192.168.1.194
Router(config-router)#netwrok 192.168.1.64
Router(config)#exit
Lab #10
OSPF(Open Shortest Path First)
OSPF (Open Shortest Path First) is a link state routing protocol. Because it is an open standard, it is
implemented by a variety of network vendors. OSPF will run on most routers that doesn’t necessarily have
to be Cisco routers (unlike EIGRP which can be run only on Cisco routers).
Here are the most important features of OSPF:
 a classless routing protocol

 supports VLSM, CIDR, manual route summarization, equal cost load balancing
 incremental updates are supported
 uses only one parameter as the metric – the interface cost.
 the administrative distance of OSPF routes is, by default, 110.
 uses multicast addresses 224.0.0.5 and 224.0.0.6 for routing updates.
Routers running OSPF have to establish neighbor relationships before exchanging routes. Because OSPF is
a link state routing protocol, neighbors don’t exchange routing tables. Instead, they exchange information
about network topology. Each OSPF router then runs SPF algorithm to calculate the best routes and adds
those to the routing table. Because each router knows the entire topology of a network, the chance for a
routing loop to occur is minimal.
Each OSPF router stores routing and topology information in three tables:
 Neighbor table – stores information about OSPF neighbors

 Topology table – stores the topology structure of a network
 Routing table – stores the best routes
OSPF neighbors
OSPF routers need to establish a neighbor relationship before exchanging routing updates. OSPF neighbors
are dynamically discovered by sending Hello packets out each OSPF-enabled interface on a router. Hello
packets are sent to the multicast IP address of 224.0.0.5.
The process is explained in the following figure:
Routers R1 and R2 are directly connected. After OSFP is enabled both routers send Hellos to each other to
establish a neighbor relationship. You can verify that the neighbor relationship has indeed been established
by typing the show ipospf neighbors command.
In the example above, you can see that the router-id of R2 is 2.2.2.2. Each OSPF router is assigned a router
ID. A router ID is determined by using one of the following:
1. Using the router-id command under the OSPF process.

2. Using the highest IP address of the router’s loopback interfaces.
3. Using the highest IP address of the router’s physical interfaces.
By default, OSPF sends hello packets every 10 second on an Ethernet network (Hello interval). A dead
timer is four times the value of the hello interval, so if a routers on an Ethernet network doesn’t receive at
least one Hello packet from an OSFP neighbor for 40 seconds, the routers declares that neighbor to be
down.
OSPF neighbor states
Before establishing a neighbor relationship, OSPF routers need to go through several state changes. These
states are explained below.
1. Init state – a router has received a Hello message from the other OSFP router
2. 2-way state – the neighbor has received the Hello message and replied with a Hello message of his own
3. Exstart state – beginning of the LSDB exchange between both routers. Routers are starting to exchange
link state information.
4. Exchange state – DBD (Database Descriptor) packets are exchanged. DBDs contain LSAs headers.
Routers will use this information to see what LSAs need to be exchanged.
5. Loading state – one neighbor sends LSRs (Link State Requests) for every network it doesn’t know
about. The other neighbor replies with the LSUs (Link State Updates) which contain information about
requested networks. After all the requested information have been received, other neighbor goes through the
same process
6. Full state – both routers have the synchronized database and are fully adjacent with each other.
OSPF areas
OSPF uses the concept of areas. An area is a logical grouping of contiguous networks and routers. All
routers in the same area have the same topology table, but they don’t know about routers in the other areas.
The main benefits of creating areas is that the size of the topology and the routing table on a router is
reduced, less time is required to run the SPF algorithm and routing updates are also reduced.
Each area in the OSPF network has to connect to the backbone area (area 0). All router inside an area must
have the same area ID to become OSPF neighbors. A router that has interfaces in more than one area (area 0
and area 1, for example) is called Area Border Router (ABR). A router that connects an OSPF network to
other routing domains (EIGRP network, for example) is called Autonomous System Border Router
(ASBR).
NOTE
In OSPF, manual route summarization is possible only on ABRs and ASBRs.
To better understand the concept of areas, consider the following example.
All routers are running OSPF. Routers R1 and R2 are inside the backbone area (area 0). Router R3 is an
ABR, because it has interfaces in two areas, namely area 0 and area 1. Router R4 and R5 are inside area
Router R6 is an ASBR, because it connects OSFP network to another routing domain (an EIGRP domain in
this case). If the R1’s directly connected subnet fails, router R1 sends the routing update only to R2 and R3,
because all routing updates all localized inside the area.
LSA, LSU and LSR
The LSAs (Link-State Advertisements) are used by OSPF routers to exchange topology information. Each
LSA contains routing and toplogy information to describe a part of an OSPF network. When two neighbors
decide to exchange routes, they send each other a list of all LSAs in their respective topology database. Each
router then checks its topology database and sends a Link State Request (LSR) message requesting all LSAs
not found in its topology table. Other router responds with the Link State Update (LSU) that contains all
LSAs requested by the other neighbor.
The concept is explained in the following example:
After configuring OSPF on both routers, routers exchange LSAs to describe their respective topology
database. Router R1 sends an LSA header for its directly connected network 10.0.1.0/24. Router R2 check
its topology database and determines that it doesn’t have information about that network. Router R2 then
sends Link State Request message requesting further information about that network. Router R1 responds
with Link State Update which contains information about subnet 10.0.1.0/24 (next hop address, cost…).
Router 0:
Router>enable
Router#configter
Router(config)#int serial 0/0/0
Router(config)#int serial 0/0/1
Router(config-if)#clock rate 64000
Router(config)#router ospf 1
Router(config-router)#network 10.1.1.0 0.0.0.3 area 0
Router 1:
Router>enable
Router(config)#intgiga 0/1
Router(config)#inter serial 0/0/0
Router(config-if)#clock rate
Router(config-if)#clock rate 64000
Router 2:
Router>
Router>enable
Router#configter
Router(config)#interface serial 0/0/1
Router 3:
Router>enable
Router#configter
Router 4:
Ping Results:
Router>enable
Router#configter Router 0:
Router(config)#interface giga 0/1
Router(config)#router ospf 1 Router 6:
Router 5:
Router>enable
Enter configuration commands, one per
Router(config)#intgigabitEthernet 0/0
Router(config)#interface loopback 0
Router 6:
Router(config)#intgiga 0/0
Router(config)#interface loopback 0
Lab #11
Enhanced Interior gateway Routing Protocol
EIGRP (Enhanced Interior Gateway Routing Protocol)is an advanced distance vector routing protocol.
This protocol is an evolution of an earlier Cisco protocol called IGRP, which is now considered obsolete.
EIGRP supports classless routing and VLSM, route summarization, incremental updates, load balacing and
many other useful features. It is a Cisco propriatery protocol, so all routers in a network that is running
EIGRP must be Cisco routers.
Routers running EIGRP must become neighbors before exchanging routing information. To dynamically
discover neighbors, EIGRP routers use the multicast address of 224.0.0.10. Each EIGRP router stores
routing and topology information in three tables:
 Neighbor table – stores information about EIGRP neighbors

 Topology table – stores routing information learned from neighboring routers
 Routing table – stores the best routes

Administrative distance of EIGRP is 90, which is less than both the administrative distance of RIP and the
administrative distance of OSPF, so EIGRP routes will be preferred over these routes. EIGRP uses Reliable
Transport Protocol (RTP) for sending messages.
EIGRP calculates its metric by using bandwidth, delay, reliability and load. By default, only bandwidth and
delay are used when calulating metric, while reliability and load are set to zero.
EIGPR uses the concept of autonomous systems. An autonomous system is a set of EIGRP enabled routers
that should become EIGRP neighbors. Each router inside an autonomous system must have the same
autonomous system number configured, otherwise routers will not become neighbors.
EIGRP Neighbors
EIGRP must establish neighbor relationships with other EIGRP neighboring routers before exchanging
routing information. To establish a neighbor relationships, routers send hello packets every couple of
seconds. Hello packets are sent to the multicast address of 224.0.0.10.
NOTE
On LAN interfaces hellos are sent every 5 seconds. On WAN interfaces every 60 seconds.
The following fields in a hello packet must be the identical in order for routers to become neighbors:
 ASN (autonomous system number)

 subnet number
 K values (components of metric)

Routers send hello packets every couple of seconds to ensure that the neighbor relationship is still active. By
default, routers considers the neighbor to be down after a hold-down timer has expired. Hold-down timer is,
by default, three times the hello interval. On LAN network the hold-down timer is 15 seconds.
Feasible and reported distance

Two terms that you will often encounter when working with EIGRP are feasible and reported distance. Let’s
clarify these terms:
 Feasible distance (FD) – the metric of the best route to reach a network. That route will be listed in
the routing table.
 Reported distance (RD) – the metric advertised by a neighboring router for a specific route. It other
words, it is the metric of the route used by the neighboring router to reach the network.
To better understand the concept, consider the following example.
EIGRP has been configured on R1 and R2. R2 is directly connected to the subnet 10.0.1.0/24 and advertises
that subnet into EIGRP. Let’s say that R2’s metric to reach that subnet is 28160. When the subnet is
advertised to R1, R2 informs R1 that its metric to reach 10.0.1.0/24 is 10. From the R1’s perspective that
metric is considered to be the reported distance for that route. R1 receives the update and adds the metric
to the neighbor to the reported distance. That metric is called the feasible distance and is stored in R1’s
routing table (30720 in our case).
The feasible and reported distance are displayed in R1’s EIGRP topology table:
Successor and feasible successor
Another two terms that appear often in the EIGRP world are successor and feasible successor. A successor
is the route with the best metric to reach a destination. That route is stored in the routing table. A feasible
successor is a backup path to reach that same destination that can be used immediately if the successor route
fails. These backup routes are stored in the topology table.
For a route to be chosen as a feasible successor, one condition must be met:
 the neighbor’s advertised distance (AD) for the route must be less than the successor’s feasible
distance (FD).
EIGRP topology table
EIGRP toplogy table contains all learned routes to a destination. The table holds all routes received from a
neighbor, successors and feasible successors for every route, and interfaces on which updates were received.
The table also holds all locally connected subnets included in an EIGRP process.
Best routes (the successors) from the topology table are stored in the routing table. Feasible successors are
only stored in the topology table and can be used immediately if the primary route fails.
Consider the following network topology.

EIGRP is running on all three routers. Routers R2 and R3 both connect to the subnet 10.0.1.0/24 and
advertise that subnet to R1. R1 receives both updates and calulates the best route. The best path goes
through R2, so R1 stores that route in the routing table. Router R1 also calculates the metric of the route
through R3. Let’s say that advertised distance of that route is less then feasible distance of the best route.
The feasibility condition is met and router R1 stores that route in the topology table as a feasible successor
route. The route can be used immediately if the primary route fails.
Configuring EIGRP 1
EIGRP configuration closely resembles RIP configuration. Only two steps are required:
 enabling EIGRP by using the router eigrp ASN_NUMBER command

 telling EIGRP which networks to advertise by using one or more network statements

The first command, router eigrp ASN_NUMBER, enables EIGRP on a router. ASN_NUMBER represents an

autonomous system number and has to be the same on all routers running EIGRP, otherwise routers won’t
become neighbors. The second command, network SUBNET, enables EIGRP on selected interfaces and
specifies which networks will be advertised. By default, the networkcommand takes a classful network
number as the parameter.
To illustrate a configuration of EIGRP, we will use the following network:
The network depicted above consists of only two routers. Each router has a directly connected subnet that
needs to be advertised through EIGRP. The following figure show the EIGRP configuration on R1 and R2:
You can verify that routers have become neighbors by using the show ip eigrp neighbors command on
either router:
The command above lists all EIGRP neighbors. The address field lists the neighboring router RID (router
ID). The interface field shows on which local interface the neighbor relationship has been formed.
You can verify that routes are indeed being exchanged by using the show ip route command on both routers:
R1:
R2:
NOTE
The D character at the beginning of a line in a routing table indicates that the route has been learned via
EIGRP.
Configuring EIGRP 2
By default, the network command uses a classful network as the parameter. All interfaces inside that classful
network will participate in the EIGRP process.To enable EIGRP only on specific interfaces, a wildcard
mask can be used. The syntax of the command is:
(router-eigrp) network WILDCARD_MASK
Consider the following example.

Router R1 has two directly connected subnets, 10.0.0.0/24 and 10.0.1.0/24. We want to enable EIGRP only
on the subnet connected to the interface Fa0/0. If we enter the network 10.0.0.0 command under the EIGRP
configuration mode, both subnets will be included in EIGRP process because we’ve used a classful network
number in the network command. To configure EIGRP only on interface Fa0/0, the network 10.0.0.0
0.0.0.255command can be used. This will enable EIGRP only on interfaces starting with 10.0.0.X.
By using the command show ip protocols, you can verify that only the network 10.0.0.0/24 is included in
EIGRP:
TASK:
Configure EIGRP on below topology:
Router 0:
Router>enable
Router(config)#interface fastEthernet 0/1
Router#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/6/33 ms
Router#config ter
Router(config)#interface fast
Router(config)#exit
Router 1:
Router>enable
Router#config ter
Router(config)#router eigrp 1
Router(config-router)#network 192.168.1.244 0.0.0.3
Router 2:
Router>enable
Router(config)#inter serial 0/0/0
Bad mask 0xFFFFFCFC for address 192.168.1.253
Router(config)#do wr
[OK]
Router 3:
Router>enable
Router#config ter
Router(config-router)#exit Ping Results:
Router(config)#do wr Router 5:
Building configuration... Router#ping 10.0.0.2
[OK] Router#ping 10.0.0.1
Router 4:
Router>enable Type escape sequence to abort.
Router#config terminal Sending 5, 100-byte ICMP Echos to 10.0.0.1,
Enter configuration commands, one per line. End with CNTL/Z. timeout is 2 seconds:
Router(config)#interface fastEthernet 0/0 .....
Router(config-if)#ip address 192.168.1.9 255.255.255.252 Success rate is 0 percent (0/5)
Router(config-if)#exit Router#ping 192.168.1.5
Router(config)#interface fast 0/1
Router(config-if)#ip address 192.168.1.6 255.255.255.252 Type escape sequence to abort.
Router(config-if)#no shutdown Sending 5, 100-byte ICMP Echos to 192.168.1.5,
Router(config)#router eigrp 1 timeout is 2 seconds:
Router(config-router)#network 192.168.1.4 0.0.0.3 !!!!!
Router(config-router)#network 192.168.1.8 0.0.0.3 Success rate is 100 percent (5/5), round-trip
Router(config-router)#exit min/avg/max = 0/0/1 ms
Building configuration... Router 0:
[OK] Router#ping 192.168.1.254
Router 5: Type escape sequence to abort.
Router>enable Sending 5, 100-byte ICMP Echos to
Router#config terminal 192.168.1.254, timeout is 2 seconds:
Enter configuration commands, one per line. End with CNTL/Z. !!!!!
Router(config)#interface fastEthernet 0/0 Success rate is 100 percent (5/5), round-trip
Router(config-if)#ip address 192.168.1.10 255.255.255.252 min/avg/max = 0/2/9 ms
Router(config-if)#no shutdown Router#ping 192.168.1.9
Router(config-if)#exit Type escape sequence to abort.
Router(config)#interface serial 0/0/0 Sending 5, 100-byte ICMP Echos to 192.168.1.9,
Router(config-if)#ip address 192.168.1.254 255.255.255.252 timeout is 2 seconds:
Router(config-if)#no shutdown !!!!!
Router(config)#interface fast 0/1 Success rate is 100 percent (5/5), round-trip
Router(config-if)#ip address 20.0.0.2 255.0.0.0 min/avg/max = 0/0/2 ms
Router(config)#router eigrp
[OK]
Router(config)#exit
Lab 12
Router Distribution
R1:
R1>en
R1#conf ter
R1(config)#int fa0/0
R1(config-if)#ip add 172.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip add 172.168.13.1 255.255.255.0
R1(config-if)#ip add 172.168.13.1 255.255.255.0
R1(config-if)#exit
R1(config)#int loopback 0
R1(config-if)#ip add 10.10.10.1 255.255.255.0
R1(config-if)#exit
R1(config)#router eigrp 100
R1(config-router)#network 172.168.12.0 0.0.0.255
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#do write
[OK]
R2:
R2>en
R2#conf ter
R2(config-if)#ip add 172.168.12.2 255.255.255.0
R2(config-if)#
R2(config-if)#exit
R2(config-if)#ip add 172.168.23.1 255.255.255.0
R2(config-if)#exit
R2(config-if)#ip add 10.10.20.1 255.255.255.0
R2(config-if)#exit
R2(config)#do write
[OK]
R3:
R3>en
R3#conf ter
R3(config-if)#ip add 172.168.13.2 255.255.255.0
R3(config-if)#exit
R3(config-if)#ip add 172.168.23.2 255.255.255.0
R3(config-if)#exit
R3(config-if)#ip add 10.10.30.1 255.255.255.0
R3(config-if)#exit
R3(config-if)#ip add 10.10.40.1 255.255.255.0
R3(config-if)#exit
R3(config-if)#ip add 10.10.50.1 255.255.255.0
R3(config-if)#exit
R3(config)#int se0/0/0
R3(config-if)#clock rate 72000
R3(config-if)#ip add 192.168.2.1 255.255.255.0
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
R3(config-if)#exit
R3(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.168.13.1 (FastEthernet0/0) is up: new adjacency
R3(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 172.168.23.1 (FastEthernet0/1) is up: new adjacency
R3(config-router)#no auto-summary
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 192.168.2.0 0.0.0.255 area 0
R3(config-router)#redistribute ospf 1 metric 1544 20000 255 1 1500
R3(config-router)#
R3(config-router)#redistribute eigrp 100 subnets
R3(config)#do write
[OK]
R4:
R4>en
R4#conf ter
R4(config)#int se0/0/0
R4(config-if)#ip add 192.168.2.2 255.255.255.0
R4(config-if)#int loopback 0
R4(config-if)#ip add 192.168.100.1 255.255.255.0
R4(config-if)#exit
R4(config-if)#ip add 192.168.200.1 255.255.255.0
R4(config-if)#exit
R4(config-if)#ip add 4.4.4.4 255.255.255.255
R4(config-if)#exit
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 192.168.2.0 0.0.0.255 area0
R4(config)#exit
Output

CCN Lab Manual Full

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

CCN Lab Manual Full

Caricato da

Copyright:

Formati disponibili

Fatima Jinnah Women University

Department of Software Engineering

Hands on Practice of Basic Commands on Desktop

4. Check more detailed TCP/IP configuration information:

Intro to Packet Tracer, Console password, Vty password

Straight through Cable Cross-Over Cable

1) Connect a computer to a switch/hub's normal 1) Connect two computers directly.

RJ451 Connected to RJ452 RJ451 Connected to RJ452

IP Addressing/Schemes & Classes of IP AddressesSwitchport Security

=27x 1+26x1+25x1+24 x1+23x1+22x1+21x1+20x1=128+64+32+16+8+4+2+1=255

So, decimal conversion of above binary no IP is:

Introducing the VLAN

VIRTUAL TRUNKING PROTOCOL

The figure above show a traditional inter-VLAN routing:

To configure port security, three steps are required:

1. define the interface as an access interface by using the switchport mode access interface

switchport port-security violation

Implement Switchport Security for different workstations based on above study.

Analysis of the Network Traffic Using Wireshark Tool

Task 02: Implement below topology for RIPv2.

Here are the most important features of OSPF:

 a classless routing protocol

 Neighbor table – stores information about OSPF neighbors

The process is explained in the following figure:

1. Using the router-id command under the OSPF process.

The concept is explained in the following example:

 Neighbor table – stores information about EIGRP neighbors

 ASN (autonomous system number)

Feasible and reported distance

Successor and feasible successor

For a route to be chosen as a feasible successor, one condition must be met:

Consider the following network topology.

 enabling EIGRP by using the router eigrp ASN_NUMBER command

The first command, router eigrp ASN_NUMBER, enables EIGRP on a router. ASN_NUMBER represents an

To illustrate a configuration of EIGRP, we will use the following network:

(router-eigrp) network WILDCARD_MASK

Consider the following example.

Configure EIGRP on below topology:

Potrebbero piacerti anche