1

CHAPTER 2 THEORITICAL BACKGROUND

2.1 INTRODUCTION TO CCNA CCNA is the acronym for the Cisco Certified Network Associate certification from Cisco. In speech and in writing, this certification is properly referred to by the initials CCNA rather than the full name. CCNA certification is a second-level Cisco Career certification that indicates a foundation in apprentice knowledge of networking. CCNA certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN To become a CCNA, a passing score on the 640-802 exams must be achieved, or combined passing scores on both the ICND1 640-822 and ICND2 640-816 exams. Passing the ICND1 grants you the Cisco Certified Entry Networking Technician (CCENT). Passing scores are set by using statistical analysis and are subject to change. At the completion of the exam, candidates receive a score report along with a score breakout by exam section and the passing score for the given exam. Cisco does not publish exam passing scores because exam questions and passing scores are subject to change without notice.

CHAPTER 2

2.1 ROUTERS Router is a networking device whose software and hardware are usually tailored to the tasks of routing and forwarding information. For example, on the Internet, information is directed to various paths by routers. Routers connect two or more logical subnets, which do not necessarily map one-to-one to the physical interfaces of the router.The term "layer 3 switch" often is used interchangeably with router, but switch is a general term without a rigorous technical definition. In marketing usage, it is generally optimized for Ethernet LAN interfaces and may not have other physical interface types. In comparison, a network hub does not do any routing, instead every packet it receives on one network line gets forwarded to all the other network lines. Types of routers Routers may provide connectivity inside enterprises, between enterprises and the Internet, and inside Internet Service Providers (ISP). The largest routers (for example the Cisco CRS-1 or Juniper T1600) interconnect ISPs, are used inside ISPs, or may be used in very large enterprise networks. The smallest routers provide connectivity for small and home offices. Routers for Internet connectivity and internal use Routers intended for ISP and major enterprise connectivity will almost invariably exchange routing information with the Border Gateway Protocol (BGP). RFC 4098 defines several types of BGP-speaking routers:

Edge Router: Placed at the edge of an ISP network, it speaks external BGP (eBGP) to a BGP speaker in another provider or large enterprise Autonomous System (AS).

Subscriber Edge Router: Located at the edge of the subscriber's network, it speaks eBGP to its provider's AS(s). It belongs to an end user (enterprise) organization. Inter-provider Border Router: Interconnecting ISPs, this is a BGP speaking router that maintains BGP sessions with other BGP speaking routers in other providers' ASes.

Core router: A router that resides within the middle or backbone of the LAN network rather than at its periphery. Within an ISP: Internal to the provider's AS, such a router speaks internal BGP (iBGP) to that provider's edge routers, other intra-provider core routers, or the provider's inter-provider border routers. "Internet backbone:" The Internet does not have a clearly identifiable backbone, as did its predecessors. See default-free zone (DFZ). Nevertheless, it is the major ISPs' routers that make up what many would consider the core. These ISPs operate all four types of the BGP-speaking routers described here. In ISP usage, a "core" router is internal to an ISP, and used to interconnect its edge and border routers. Core routers may also have specialized functions in virtual private networks based on a combination of BGP and Multi-Protocol Label Switching (MPLS) Routers are also used for port forwarding for private servers.

2.2 INTERNETWORKING OVERVIEW In this we learnt that, Line configuration is the manner in which the devices are attached to the communication links. Two types of line configuration are: 1) Point to point 2) Multipoint Topology : it is the way in which the devices are connected together in the network. These are: 1) Bus 2) Star 3) Ring 4) Tree 5) Mesh 2.3 BUS In computer architecture, a bus is a subsystem that transfers data between computer components inside a computer or between computers. Early computer buses were literally parallel electrical buses with multiple connections, but the term is now used for any physical arrangement that provides the same logical functionality as a parallel electrical bus. Modern computer buses can use both parallel and bit-serial connections, and can be wired in either a multidrug (electrical parallel) or daisy chain topology, or connected by switched hubs, as in the case of USB.

2.3.1 STAR Star networks are one of the most common computer network topologies. In its simplest form, a star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. Thus, the hub and leaf nodes, and the transmission lines between them, form a graph with the topology of a star. If the central node is passive, the originating node must be able to tolerate the reception of an echo of its own transmission, delayed by the two-way transmission time (i.e. to and from the central node) plus any delay generated in the central node. An active star network has an active central node that usually has the means to prevent echo-related problems. The star topology reduces the chance of network failure by connecting all of the systems to a central node. When applied to a bus-based network, this central hub rebroadcasts all transmissions received from any peripheral node to all peripheral nodes on the network, sometimes including the originating node. All peripheral nodes may thus communicate with all others by transmitting to, and receiving from, the central node only. The failure of a transmission line linking any peripheral node to the central node will result in the isolation of that peripheral node from all others, but the rest of the systems will be unaffected.

2.3.2 Ring A ring network is a network topology in which each node connects to exactly two other nodes, forming a single continuous pathway for signals through each node - a ring. Data travels from node to node, with each node along the way handling every packet. Because a ring topology provides only one pathway between any two nodes, ring networks may be disrupted by the failure of a single link. A node failure or cable break might isolate every node attached to the ring. FDDI networks overcome this vulnerability by sending data on a clockwise and a counterclockwise ring: in the event of a break data is wrapped back onto the complementary ring before it reaches the end of the cable, maintaining a path to every node along the resulting "C-Ring". 802.5 networks -- also known as IBM Token Ring networks -- avoid the weakness of a ring topology altogether: they actually use a star topology at the physical layer and a Multistation Access Unit to imitate a ring at the datalink layer. Many ring networks add a "counter-rotating ring" to form a redundant topology. Such "dual ring" networks include Spatial Reuse Protocol, Fiber Distributed Data Interface (FDDI), and Resilient Packet Ring

2.3.3 Tree

The type of network topology in which a central 'root' node (the top level of the hierarchy) is connected to one or more other nodes that are one level lower in the hierarchy (i.e., the second level) with a point-to-point link between each of the second level nodes and the top level central 'root' node, while each of the second level nodes that are connected to the top level central 'root' node will also have one or more other nodes that are one level lower in the hierarchy (i.e., the third level) connected to it, also with a point-to-point link, the top level central 'root' node being the only node that has no other node above it in the hierarchy (The hierarchy of the tree is symmetrical.)

2.3.4 Mesh The value of fully meshed networks is proportional to the exponent of the number of subscribers, assuming that communicating groups of any two endpoints, up to and including all the endpoints, is approximated by Reeds law.

Fully connected

The type of network topology in which each of the nodes of the network is connected to each of the other nodes in the network with a point-to-point link this makes it possible for data to be simultaneously transmitted from any single node to all of the other nodes. Note: The physical fully connected mesh topology is generally too costly and complex for practical networks, although the topology is used when there are only a small number of nodes to be interconnected.

Partially connected The type of network topology in which some of the nodes of the network are connected to more than one other node in the network with a point-to-point link this makes it possible to take advantage of some of the redundancy that is provided by a physical fully connected mesh topology without the expense and complexity required for a connection between every node in the network. Note: In most practical networks that are based upon the physical partially connected mesh topology, all of the data that is transmitted between nodes in the network takes the shortest path (or an approximation of the shortest path) between nodes, except in the case of a failure or break in one of the links, in which case the data takes an alternate path to the destination. This requires that the nodes of the network possess some type of logical 'routing' algorithm to determine the correct path to use at any particular time

CHAPTER 3

DEFINITION OF PROBLEM
3.1 THE TYPES OF NETWORK 1) LAN 2) MAN 3) WAN 4) CAN 3.1.1 LAN A local area network (LAN) is a computer network covering a small physical area, like a home, office, or small group of buildings, such as a school, or an airport. The defining characteristics of LANs, in contrast to wide-area networks (WANs), include their usually higher data-transfer rates, smaller geographic place, and lack of a need for leased telecommunication lines. ARCNET, Token Ring and many other technologies have been used in the past, and G.hn may be used in the future, but Ethernet over twisted pair cabling, and Wi-Fi are the two most common technologies currently in us 3.1.2 MAN Metropolitan area networks, or MANs, are large computer networks usually spanning a city. They typically use wireless infrastructure or Optical fiber connections to link their sites.

The IEE 802-2001 standard describes a MAN as being:

10

A MAN is optimized for a larger geographical area than a LAN, ranging from several blocks of buildings to entire cities. MANs can also depend on communications channels of moderate-to-high data rates. A MAN might be owned and operated by a single organization, but it usually will be used by many individuals and organizations. MANs might also be owned and operated as public utilities. They will often provide means for internetworking of local networks. Metropolitan area networks can span up to 50km, devices used are modem and wire/cable

3.1.3 WAN Wide Area Network (WAN) is a computer network that covers a broad area (i.e., any network whose communications links cross metropolitan, regional, or national boundaries. This is in contrast with personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs) which are usually limited to a room, building, campus or specific metropolitan area (e.g., a city) respectively. The largest and most well-known example of a WAN is the Internet.

3.1.4 CAN Campus area network (CAN) is a computer network that interconnects local area networks throughout a limited geographical area, such as a university campus, a corporate campus, or a military base. It could be considered a metropolitan area network that is specific to a campus setting. A campus area network is, therefore, larger than a local area network but smaller than a wide area network. The term is sometimes used to refer to university campuses, while the term corporate area network is used to refer to corporate campuses instead.

11

CHAPTER 4 SYSTEM ANALYSIS AND USER REQUIREMENT

4.1 MODES OF TRANSMISSION 1) Simplex 2) Duplex 3) Full duplex OSI : The open system Interconnection is the layered model for the network systems, which enables computers in the network to communicate with each other. The seven layers of the OSI model : 1) Application

12

2) Presentation 3) Session 4) Transport 5) Network 6) Data link 7) Physical UTP Connections: The cables used for cabling the RJ-45 connect are, Straight-Through Cables, Cross-Over Cables and Twisted Pair Cables. Two types of cables can be used with Ethernet LAN interfaces: 1) A straight-through, or patch cable, with the order of the colored pins the same on each end of the cable 2) A crossover cable, with pin 1 connected to pin 3, and pin 2 connected to pin 6 Straight-through cables are used for: 3) Switch-to-router 4) Switch-to-PC 5) Hub-to-PC 6) Hub-to-server Crossover cables are used for: 7) Switch-to-switch 8) PC-to-PC 9) Switch-to-hub 10) Hub-to-hub

13

11) Router-to-router 12) Router-to-server

4.2 IP ADDRESSING Classification of IP addresses

1) Class A: consists of a an 8 bit network number and a 24 bit network bit host number.

Its range from 1 to 126. Addresses beginning with 127 are reserved for loopback addressing. IP address 0.0.0.0 is reserved and not included as a Class A IP address.
2) Class B: Consists of a 16 bit network number and a 16 bit host number. Class B IP

addresses range from 128 to 191 decimals.

3) Class C: Consists of a 8 bit network number and a 24 bit host number. Class C IP

addresses range from 192 to 223 decimals.

4) Class D: Consists of multicast addresses. Multicasting is a produced by which the

data packets can be sent to selected recipients over the network. Range from 224 to 239.
5) Class E: Known as reserved IP addresses. Range from 240 to 255.

Subnet Mask A subnet mask is basically used to identify the network bits and host bits I the IP address. The Subnet mask starting with the bit 0 or ending with the bit 1.

How to calculate network and host requirements using the following formulae: 2 power x => numbers of networks, where X refers to number of subnet bits. 2 power Y => hosts on largest segment, where Y represents the host bit.

14

X + Y <= total host bits.

Assembling and cabling Cisco Devices ROM is a form of permanent storage. Cisco devices use ROM to store: The bootstrap instructions Basic diagnostic software Scaled-down version of IOS

4.3 FLASH MEMORY Flash memory does not lose its contents when the router loses power or is restarted. The output from the show version command includes: 4.3.1 IOS VERSION Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5) This is the version of the Cisco IOS software in RAM and that is being used by the router. 4.3.2 ROM BOOTSTRAP PROGRAM ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)

15 This shows the version of the system bootstrap software, stored in ROM

memory, that was initially used to boot up the router. 4.3.3 LOCATION OF IOS System image file is "flash:c2600-i-mz.122-28.bin" This shows where the bootstrap program is located and loaded the Cisco IOS, and the complete filename of the IOS image.

CHAPTER 6 METHODOLOGY ADOPTED AND DETAILS OF HARDWARE AND SOFTWARE USED

6.1 CPU AND AMOUNT OF RAM cisco 2621 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory

6.2 INTERFACES

16

2 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) This section of the output displays the physical interfaces on the router. In this example, the Cisco 2621 router has two FastEthernet interfaces and two lowspeed serial interfaces. 6.3 AMOUNT OF NVRAM 32K bytes of non-volatile configuration memory. This is the amount of NVRAM on the router. NVR 6.4 AMOUNT OF FLASH 16384K bytes of processor board System flash (Read/Write) 6.5 CONFIGURATION REGISTER Configuration register is 0x2102 The last line of the show version command displays the current configured value of the software configuration register in hexadecimal

17

How we can we configure on live router or on Boson software:

Password

can

be

configured

for

entering

privileged

EXEC

mode.

Router(config)#enable secret class Passwords can also be configured for the console and Telnet lines. The command login enables password checking on the line. If you do not enter the command login on the console line, the user will be granted access to the line without entering a password. R1(config)#line console 0 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#exit

18

R1(config)#line vty 0 4 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#exit OUTCOME:

The

outcome line

of

entering vty 0

these 4 check123

commands

R1(config)# R1(config-line)# R1(config-line)# login

password

sets the password to be used for connecting to this router via Telnet

R1#show startup-config
This command displays the startup configuration file stored in NVRAM. This is the

configuration that the router will use on the next reboot. This configuration does not change unless the current running configuration is saved to NVRAM with the copy running-config startup-config command.

IP ROUTING
The routing of data packets from one network segment to another For example from from one subnet to another subnet

A router (gateway) is often involved in the routing process

19

Computer A will analyze (AND)the data packet against its subnet masks The data is to be sent to another subnet

Broadcast for the hardware address (eg: CC) of the gateway (IP address is already known) Using ARP

On receiving the hardware address, send the data packet to the gateway (router) to be forwarded to its destination subnet

The router will now be able to deliver the data packet to its destination in the other subnet

An analysis of the data packet (ANDing) will determine the destination subnet The gateway will broadcast for the hardware address of the receiving host (IP already known)

On receiving a response, the packet will be forwarded to the destination host

20

Major Routing Methods: Static routing Routing tables are hand maintained at the router

Dynamic routing Routing tables are dynamically maintained by the routing protocol RIP (Routing Information Protocol) Open Shortest Path First (OSPF) protocol

Static and dynamic routings may be integrated

Entries in to routing table:

21

Network ID (Address) Network (subnet) mask Next hop (Gateway address) Interface Network interface for forwarding the data packet

Metric Cost of each route for the selection of the best hop

Dynamic RIP Autonomous Systems:

Routing

Protocols

An autonomous system is a region of the Internet that is administered by a single entity.

Examples of autonomous regions are:

UVAs campus network MCIs backbone network Regional Internet Service Provider Routing is done differently within an autonomous system (intradomain routing) and between autonomous system (interdomain routing).

22

E th e rn e t

E th e rn e t

A u to n o m o u s S y s te m 1

R o u te r

E t h e rn e t

R o u te r

R o u te r R o u ter E t h e rn e t

Intradomain:
E th e rn e t

Intradomain Routing

R ou te r

A u to n o m o u s S y s te m 2

R o u E trh e rn e t te

Routing within an AS Ignores the Internet outside the AS Protocols for Intradomain routing are also called Interior Gateway Protocols or IGPs.

Popular protocols are RIP (simple, old) OSPF (better)

Interdomain Routing

Routing between ASs Assumes that the Internet consists of a collection of interconnected ASs Normally, there is one dedicated router in each AS that handles interdomain traffic. Protocols for interdomain routing are also called Exterior Gateway Protocols or EGPs.

23

Routing protocols:

EGP BGP (more recent)

CHAPTER 9 PROCESS INVOLVED AND ALGORITHM

9.1 Approaches to Shortest Path Routing There are two basic routing algorithms found on the Internet.

24

9.1.1 Distance Vector Routing Each node knows the distance (=cost) to its directly connected neighbors A node sends periodically a list of routing updates to its neighbors. If all nodes update their distances, the routing tables eventually converge New nodes advertise themselves to their neighbors

9.1.2 Link State Routing Each node knows the distance to its neighbors The distance information (=link state) is broadcast to all nodes in the network Each node calculates the routing tables independently

9.2 What Is Enhanced IGRP (EIGRP)? Enhanced IGRP supports: Rapid convergence Reduced bandwidth usage Multiple network-layer support Uses Diffused Update Algorithm (DUAL) to select loop-free routes and enable fast convergence Up to six unequal paths to a remote network (4 by default

25

Configuring EIGRP for IP

If you use the same AS number for EIGRP as IGRP, EIGRP will automatically redistribute IGRP into EIGRP. 9.3 Introducing OSPF Open standard Shortest path first (SPF) algorithm Link-state routing protocol (vs. distance vector) Can be used to route between ASs

26

9.4 Types of OSPF Routers

OSPF Example

27

9.5 Configuring Wildcards If we want to advertise a partial octet (subnet), we need to use wildcards. 0.0.0.0 means all octets match exactly 0.0.0.255 means that the first three match exactly, but the last octet can be any value

Access Control Lists (ACLs)

List of conditions to test the traffic Router can permit or deny( like a filter) Provides Security Bandwidth Management Come in two Types STANDARD and EXTENDED

What is ACL?
A List of Criteria to which all Packets are compared.

28

Is this Packet from Network 10.5.2.0 Yes - Forward the Packet No - Check with Next Statement Is this a Telnet Protocol Packet from 25.25.0.0 Yes - Forward the Packet No - Check Next Statement Deny All Other Traffic ACL Operations Packets are compared to Each Statement in an Access-list SEQUENTIALLY- From the Top Down. The sooner a decision is made the better. Well written Access-lists take care of the most abundant type of traffic first. All Access-lists End with an Implicit Deny All statement

Standard ACL
Are given a # from 1-99 Filtering based only on Source Address Should be applied closest to the Destination

Extended ACL
Are given a # from 100-199

29

Much more flexible and complex Can filter based on: Source address Destination address Session Layer Protocol (ICMP, TCP, UDP..) Port Number (80 http, 23 telnet) Should be applied closest to the Source

Implementing ACLs Step 1 - Create the Access-list Step 2 -Apply the Access-list to an Interface Must be in interface config mode (config-if)# IP access-group # in/out (routers point of view) Remember the Implicit Deny All at the end of each access-list. Two Approaches: 1. List the traffic you know you want to permit Deny all other traffic 2. List the traffic you want to deny Permit all other traffic (permit any)

30

A(config)#access-list 5 deny 172.22.5.2 0.0.0.0 A(config)#access-list 5 deny 172.22.5.3 0.0.0.0 A(config)#access-list 5 permit any So what does this access list do?

Deny any host 172.22.5.2 Deny any host 172.22.5.3 All other traffic can go

A(config)#access-list 5 deny 172.22.5.2 0.0.0.0 A(config)#access-list 5 deny 172.22.5.3 0.0.0.0 A(config)#access-list 5 permit any A(config)#access-list 5 deny 172.22.5.4 0.0.0.0

31

Why does the last line have no affect? How could we correct this situation? Extended ACL

Standard : Closed to source Extended: Closed to destination

32

Restricted

ACL

access

33

TELNET
Restricting Telnet Access to the Router
Besides using standard IP ACLs to filter traffic as it enters and/or leaves an interface, you can also use them to restrict telnet access to your router. First, you need to create a standard ACL that has a list of permit statements that allow your corresponding network administrators telnet access; include the IP addresses of their PCs in this list. Next, you need to activate your ACL. However, you will not do this on any of the routers interfaces. If you were to activate this ACL on an interface, it would allow any type of traffic from your administrators but drop all other traffic. When someone telnets into your router, the router associates this connection with a virtual terminal (VTY) line. Therefore, youll apply your standard ACL to the VTYs, like this: Router (config)# line vty 0 4 Router (config-line) # access-class standard_ACL_# in|out Remember that your router supports five telnets by default (04). You can configure all VTY simultaneously by specifying the beginning and ending line numbers after the vty parameter. If you dont apply the restriction to all of your VTYs, then youre leaving a backdoor into your router, which might cause a security problem. Heres a simple example of using a standard ACL to filter telnet traffic to a router: Router (config) # access-list 99 permit 192.168.1.0 0.0.0.255 Router (config) # line vty 0 4 Router (config-line) # access-class 99 in

34

In this example, only traffic from 192.168.1.0/24 is allowed to telnet in this router. Because of the implicit deny at the end of access-list 99, all other telnets to this router will be dropped.

CHAPTER 13 USER/OPERATIONAL MANUAL

13.1 Introduction to the Cisco IOS
.

13.1.1 Bringing Up a Router When you first bring up a Cisco router, it will run a power-on self-test (POST). If it passes, it will then look for and load the Cisco IOS from flash memoryif an IOS file is present. In case you dont know, flash memory is an electronically erasable programmable read-only memoryan EEPROM. The IOS then proceeds to load and looks for a valid configurationthe startup config thats stored by default in nonvolatile RAM, or NVRAM. The following messages appear when you first boot or reload a router:

System Bootstrap, Version 12.2(13)T, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. C2600 platform with 32768 Kbytes of main memory

This is the first part of the router boot process output. Its information about the bootstrap program that first runs the POST, and then tells the router how to load, which by default is to find the IOS in flash memory. The next part, shown below, shows us that the IOS is being decompressed into RAM: program load complete, entry point: 0x80008000, size: 0x43b7fc Self decompressing the image : After the IOS is decompressed into RAM, the IOS is then loaded and starts running the router, as shown below Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-I-M), Version 12.2(13), RELEASE SOFTWARE (fc1)

35

Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Tue 17-Dec-03 04:55 by kellythw Image text-base: 0x80008088, data-base: 0x8080853C

Once the IOS is loaded, the information learned from the POST will be displayed next, as shown here:

cisco 2621 (MPC860) processor (revision 0x101) with 26624K/6144K bytes of memory. Processor board ID JAD050697JB (146699779) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 1 Serial network interface(s)

Once the IOS is loaded, and up and running, a valid configuration will be loaded from NVRAM. If there isnt a configuration in NVRAM, the router will go into setup mode a step-by-step process to help you configure the router. You can also enter setup mode at any time from the command line by typing the command setup from something called privileged mode, which Ill get to in a minute. Setup mode only covers some very global commands, but it can be really helpful 13.1.2 Logging into the Router After the interface status messages appear and you press Enter, the Router> prompt will appear. This is called user exec mode (user mode) and is mostly used to view statistics, but its also a stepping-stone to logging into privileged mode. You can only view and change the configuration of a Cisco router in privileged exec mode (privileged mode), which you get into with the enable command. Heres how you would do that: Router>

36

Router>enable Router# You now end up with a Router# prompt, which indicates youre in privileged mode, where you can both view and change the routers configuration. You can go back from privileged mode into user mode by using the disable command, as seen here: Router#disable Router> At this point, you can type logout to exit the console: Router>logout

13.1.3 Overview of Router Modes To configure from a CLI, you can make global changes to the router by typing configure terminal (or config t for short), which puts you in global configuration mode and changes whats known as the running-config. A global command (a command run from global config) is one that is set once and affects the entire router. Router#config

13.2 Gathering Basic Routing Information

The show version command will provide basic configuration for the system hardware as well as the software version, the names and sources of configuration files, and the boot images. Here is an example: Router#sh version Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-BIN-M), Version 12.2(13)T1,RELEASE SOFTWARE(fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Sat 04-Jan-03 05:58 by ccai

37

Image text-base: 0x80008098, data-base: 0x80C4AD94 13.3 Address Translation Overview 13.3.1 Running Out of Addresses To solve the addressing problem a new addressing format was developed called IPv6. Whereas the current IP addressing scheme (IPv4) uses 32 bits to represent addresses, IPv6 uses 128 bits for addressing, creating billions of extra addresses. 13.3.2 Address Translation A second standard, RFC 1631, was created and was defined as Network Address Translation (NAT), which allows you to change an IP address in a packet to a different address. When communicating to devices in a public network, your device needs to use a source address that is a public address. Address translation allows you to translate your internal private addresses to public addresses before these packets leave your network.

Here are some common reasons that you might need to employ address translation: You have to use private addressing because your ISP didnt assign you enough public addresses. You are using public addresses but have changed ISPs, and your new ISPwont support these public addresses.

38

You are merging two companies together and they are using the same address space, for instance, 10.0.0.0, which creates routing and reachability issues. You want to assign the same IP address to multiple machines so that users on the Internet see this offered service as a single logical computer.

13.4 Types of Address Translation Address translation comes in a variety of types, like Network Address Translation (NAT), Port Address Translation (PAT), dynamic address translation, and static address translation.

13.5 Network Address Translation

39

Network Address Translation (NAT) translates one IP address to another. This can source address or a destination address. There are two basic implementations of NAT: static and dynamic. The following two sections cover the mechanics of these implementations. Static NAT With static NAT, a manual translation is performed by an address translation device, translating one IP address to a different one. Typically, static NAT is used to translate destination IP addresses in packets as they come into your network, but you can translate source addresses also. Figure 14-1 shows a simple example of outside users trying to access an inside web server. In this example, you want Internet users to access an internal web server, but this server is using a private address (10.1.1.1). This creates a problem, since if an outside user would put a private address in the destination IP address field, their ISP would drop this. Therefore, the web server needs to be presented as a having a public address. This is defined in the address translation device (in our case, this is a Cisco router).The web server is assigned an inside global IP address of 200.200.200.1 on the router, and your DNS server advertises this address to the outside users. When outside users send packets to the 200.200.200.1 address, the router examines its translation table for a matching entry. In this case, it sees that 200.200.200.1maps to 10.1.1.1. The router then changes the destination IP address to 10.1.1.1 and forwards it to the inside web server. Likewise, when the web server sends traffic out to the public network, the router compares the source IPaddress to entries in its translation table, and if it finds a match, it changes the inside local IP address (private source address--10.1.1.1) to the inside global IP address(public source address--200.200.200.1).

40

Dynamic NAT With static address translation, you need to manually build the translations. Typically, static translation is done for inside resources that outside people want to access. When inside users access outside resources, dynamic NAT is typically used. In this situation, the address assigned to the internal user isnt that important, since outside devices dont directly access your internal usersthey just return traffic to them that the inside user requested. With dynamic NAT, you must manually define two sets of addresses on your address translation device. One set defines which inside addresses are allowed to be translated, and the other defines what these addresses are to be translated to. When an inside user sends traffic through the address translation device, say a router, it examines the source IP address and compares it to the internal local address pool. If it finds a match,

41

then it determines which inside global address pool it should use for the translation. It then dynamically picks an address in the global address pool that is not currently assigned to an inside device. The router adds this entry in its address translation table, and the packet is then sent to the outside world. If no entry is found in the local address pool, then the address is not translated and forwarded to the outside world in its original state.

13.5 Port Address Translation

One problem with static or dynamic NAT is that it provides only a one-to-one address translation. Therefore, if you have 5,000 internal devices with private addresses, and all 5,000 devices try to reach the Internet simultaneously, you need 5,000 public addresses in your inside global address pool. If you have only 1,000 public addresses, only the first 1,000 devices are translated and the remaining 4,000 wont be able to reach outside destinations. To overcome this problem, you can use a process called address overloading. There are actually many terms used to describe this process, including Port Address Translation (PAT) and Network Address Port Translation (NAPT). Using the Same IP Address With PAT, all machines that go through the address translation device have the same IP address assigned to them, and so the source port numbers are used to differentiate the different connections. If two devices have the same source port number, the translation device changes one of them to ensure uniqueness. When you look at the translation table in the address Translation device, youll see the following items: Inside local IP address (original source private IP) Inside local port number (original source port number) Inside global IP address (translated public source IP) Inside global port number (new source port number) Outside global IP address (destination public address)

42

Outside global port number (destination port number)

Advantages of Address Translation

As mentioned at the beginning of this part of the chapter, address translation devices are typically used to give you an almost inexhaustible number of addresses as well as to hide your internal network addressing scheme. Another advantage of address translation is that if you change ISPs or merge with another company, you can keep your current scheme and make any necessary changes on your address translation device or devices, making your address management easier. Another big advantage that address translation provides is that it gives you tighter control over traffic entering and leaving your network

Disadvantages of Address Translation

Even though address translation solves many problems and has many advantages, it also has its share of disadvantages. Here are the three main issues with address translation: Each connection has an added delay. Troubleshooting is more difficult. Not all applications work with address translation. Since address translation changes the contents of packets and, possibly, segment headers, as well as computing any necessary new checksum values, extra processing is required on each packet. This extra processing, obviously, will affect the throughput and speed of your connections.

43

Static NAT
As mentioned earlier in this chapter, static NAT is typically used when devices on the outside of your network want to access resources, such as web, DNS, and email servers, on the inside. Here are the two commands to define the static translations for NAT: Router (config) # ip nat inside source static inside_local_source_IP_address inside_global_source_IP_address Router (config) # ip nat outside source static outside_global_destination_IP_address outside_local_destination_IP_address The inside and outside parameters specify the direction in which translation will occur. For instance, the inside keyword specifies that the inside source local IP addresses are translated to an inside global IP address. The outside keyword changes the outside destination global IP address to an outside localaddress.After you configure your translations; you must specify which interfaces on your router are considered to be on the inside and which ones are on the outside. This is done with the following configuration: Router (config) # interface type [slot_#/] port_# Router (config-if) # ip nat inside|outside Specify inside for interfaces connected to the inside of your network and outside for interfaces connected to external networks. Figure 14-3 for this example. In this example, an internal web server (10.1.1.1) will be assigned a global IP address of 200.200.200.1.Heres the configuration: Router (config) # ip nat inside source static

44

192.168.1.1 200.200.200.1 Router (config) # interface ethernet 0 Router (config-if) # ip nat inside Router (config-if) # exit Router (config) # interface serial 0 Router (config-if) # ip nat outside

Dynamic NAT
When you are configuring dynamic NAT, youll need to configure three things: what inside addresses are to be translated, what global addresses will be used for the dynamic translation, and what interfaces are involved in the translation. To specify what internal devices will have their source address translated, use the following command: Router (config) # ip nat inside source list standard_IP_ACL_# pool NAT_pool_name

45

The ip nat inside source list command requires you to configure a standard IP ACL that has a list of the inside source addresses that will be translatedany addresses listed with a permit statement will be translated, and any addresses listed with a deny, or the implicit deny, statement will not be translated. Following this is the name of the address pool. This ties together the address pool youll use that contains your global source IP addresses. To create the pool of source inside global IP addresses, use this command: Router(config)# ip nat pool NAT_pool_name beginning_inside_global_IP_address ending_inside_global_IP_address netmask subnet_mask_of_addresses The pool name that you specify references the inside addresses that will be translated from the ip nat inside source list command. Next, list the beginning and ending IP addresses in the pool, followed by the subnet mask for the addresses Figure 14-3 to illustrate how dynamic NAT is configured. In this example, the two PCs will have dynamic NAT performed on them. Router(config)# ip nat inside source list 1 pool nat-pool Router(config)# access-list 1 permit 192.168.1.10 0.0.0.0 Router(config)# access-list 1 permit 192.168.1.11 0.0.0.0 Router(config)# ip nat pool nat-pool 200.200.200.2 200.200.200.3 netmask 255.255.255.0 Router(config)# interface ethernet 0 Router(config-if)# ip nat inside
Router(config-if)# exit Router(config)# interface serial 0 Router(config-if)# ip nat outside

46

PAT Configuration
The last example showed an example of dynamic NAT. This section covers how to configure PAT on your router. This configuration requires three basic translation commands. The first thing you specify is which inside devices will have their source addresses translated. Router(config)# ip nat inside source list standard_IP_ACL_# pool NAT_pool_name overload Next, you specify the global pool to use. Again, youll use the same command as you used in dynamic NAT: Router(config)# ip nat pool NAT_pool_name beginning_inside_global_IP_address ending_inside_global_IP_address netmask subnet_mask_of_addresses You can specify more than one address to use in PAT, or you can specify a single address (use the same address for the beginning and ending addresses). And last you have to tell the IOS which interfaces are inside and outside, respectively, in terms of the ip nat inside and ip nat outside commands. Lets use Figure 14-3 to illustrate how PAT is configured. In this example, only a single IP address is placed in the address pool (200.200.200.2): Router(config)# ip nat inside source list 1 pool nat-pool overload Router(config)# access-list 1 permit 192.168.1.10 0.0.0.0 Router(config)# access-list 1 permit 192.168.1.11 0.0.0.0

47

Router(config)# ip nat pool nat-pool 200.200.200.2 200.200.200.2 netmask 255.255.255.0 Router(config)# interface ethernet 0 Router(config-if)# ip nat inside Router(config-if)# exit Router(config)# interface serial 0 Router(config-if)# ip nat outside

Wide Area Networking Overview

Typically, LAN connections are within a company and WAN connections allow you to connect to remote sites. A derivative of WAN solutions is the metropolitan area network (MAN). MANs sometimes use high-speed LAN connections in a small geographic area between different companies, or divisions within a company.

Connection Types

Leased-Line Connections
A leased-line connection is basically a dedicated circuit connection between two sites. It simulates a single cable connection between the local and remote sites. Leased lines are best suited when both of these conditions hold: The distance between the two sites is small, making them cost-effective. You have a constant amount of traffic between two sites and need to guarantee bandwidth for certain applications.

48

Even though leased lines can provide guaranteed bandwidth and minimal delay for connections, other available solutions, such as ATM, can provide the same features. The main disadvantage of leased lines is their costthey are the most expensive WAN solution. Leased lines use synchronous serial connections, with their data rates ranging from2,400 bps all the way up to 45 Mbps, in what is referred to as a DS3 connection. Asynchronous serial connection allows you to simultaneously send and receive information without having to wait for any signal from the remote side. Nor does a synchronous connection need to indicate when it is beginning to send something or the end of a transmission. These two things, plus how clocking is done, aretheIf you purchase a leased line, you will need the following equipment: DTE A router with a synchronous serial interface: this provides the data link framing and terminates the WAN connection. DCE A CSU/DSU to terminate the carriers leased-line connection: this provides the clocking and synchronization for the connection.

Circuit-Switched Connections

49

Circuit-switched connections are dialup connections, as are used by a PC with a modem when dialing up an ISP. Circuit-switched connections include the following types: Asynchronous serial connections these include analog modem dialup connections and the standard telephone system, which is commonly referred to as Plain Old Telephone Service (POTS) by the telephone carriers. Synchronous serial connections these include digital ISDN BRI and PRIdialup connections; they provide guaranteed bandwidth. Asynchronous serial connections are the cheapest form of WAN services but are also the most unreliable of the services. For instance, every time you make a connection using an analog modem, there is no guarantee of the connection rate youll get

WAN Interfaces on Cisco Routers

50

Cisco supports a wide variety of serial cables for their serial router interfaces. Here are some of the cable types supported for synchronous serial interfaces: EIA/TIA-232, EIA/TIA449, EIA/TIA-530, V.35, and X.21.The end that connects to the DCE device is defined by these standards. However, the end that connects to the Cisco router is proprietary in nature. Ciscos cables have two different end connectors that connect to the serial interfaces of their routers: DB-60 Has 60 pins DB-26 Has 26 pins and is flat, like a USB cable Note that these connectors are for synchronous serial connections. Cisco has other cable types, typically RJ-45, for asynchronous connections.

Encapsulation Method
There are many different methods for encapsulating data for serial connections.Table 15-2 shows the most common ones.

51

HDLC Based on ISO standards, the HDLC (High-Level Data Link Control) protocol can be used with synchronous and asynchronous connections and defines the frame type and interaction between two devices at the data link layer.

Configuring HDLC
As mentioned in the preceding section, the default encapsulation on Ciscos synchronous serial interfaces is HDLC. The configuration is: Router(config)# interface serial [module_#/]port_# Router(config-if)# encapsulation hdlc Notice that you must be in the serial interface to change its data link layer After you have configured HDLC, use the show interfaces command to view the data link layer encapsulation: Router# show interfaces serial 1 Serial1 is up, line protocol is up Hardware is MCI Serial Internet address is 192.168.2.2 255.255.255.0 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 0:00:02, output 0:00:00, output hang never
Last clearing of "show interface" counters never Output queue 0/40, 0 drops; input queue 0/75, 0 drops <--output omitted-->

52

VTP
How VTP work: VTP advertisements are sent as multicast frames VTP servers and clients synchronized to latest revision number VTP advertisement are sent every five minutes or when there is a change There are three operating mode of vtp:-

1. Server mode: - can create VLANs, Modify VLANs, and Delete VLANs.
If switch is in server mode then it can Send or forward advertisements & Synchronize. Saved in NVRAM

2. Client mode: - cant create VLANs, Modify VLANs, and Delete VLANs. It can Send
or forward advertisements & Synchronize. Not saved in NVRAM.

53

3. Transparent mode: - can create VLANs, Modify VLANs, and Delete VLANs.
It can Send or forward advertisements & but not Synchronize. Save in NVRAM.

VTP Pruning: - VTP pruning makes more efficient use of trunk bandwidth by reducing unnecessary flooded traffic. Broadcast and unknown unicast frames on a VLAN are forwarded over a trunk link only if the switch on the receiving end of the trunk has ports in that VLAN. In other words, VTP pruning allows switches to prevent broadcasts and unknown unicasts from flowing to switches that do not have any ports in that VLAN.

Access Port: - A port which belonging from single VLAN called Access po

54

ARYA COLLEGE LAN SCENARIO

55

CHAPTER 11 PRINT OUT OF THE CODE SHEET

11.1 ROUTER CONFIGURATION

11.1.1 ROUTER_1 (MAIN SERVER) server#enable server#show running-config Building configuration... Current configuration : 1103 bytes version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname server interface FastEthernet0/0 ip address 5.5.5.1 255.0.0.0 duplex auto speed auto interface FastEthernet1/0 ip address 6.6.6.1 255.0.0.0 duplex auto speed auto interface Serial2/0 ip address 1.1.1.1 255.0.0.0 interface Serial3/0

56

ip address 2.2.2.1 255.0.0.0 interface Serial4/0 ip address 3.3.3.1 255.0.0.0 clock rate 64000 interface Serial5/0 ip address 4.4.4.1 255.0.0.0 clock rate 64000 interface FastEthernet6/0 ip address 7.7.7.1 255.0.0.0 duplex auto speed auto interface FastEthernet7/0 ip address 8.8.8.1 255.0.0.0 duplex auto speed auto interface FastEthernet8/0 no ip address duplex auto speed auto router eigrp 1 network 1.0.0.0 network 2.0.0.0 network 3.0.0.0 network 4.0.0.0 network 5.0.0.0

57

network 6.0.0.0 network 7.0.0.0 network 8.0.0.0 network 9.0.0.0 network 192.168.0.0 no auto-summary line vty 0 4 login !

11.1.2 ROUTER_2 (BLOCK_A)

Router>enable Router#show running-config Building configuration...

Current configuration : 1267 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router !

58

interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 192.168.11.1 255.255.255.0 duplex auto speed auto ! interface Serial2/0 ip address 3.3.3.2 255.0.0.0 ! interface Serial3/0 no ip address shutdown ! interface FastEthernet4/0 ip address 192.168.12.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet5/0 ip address 192.168.13.1 255.255.255.0 duplex auto

59

speed auto ! interface FastEthernet6/0 ip address 192.168.14.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet7/0 ip address 192.168.15.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet8/0 ip address 192.168.20.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet9/0 no ip address duplex auto speed auto ! router eigrp 1 network 3.0.0.0 network 192.168.10.0

60

network 192.168.11.0 network 192.168.12.0 network 192.168.13.0 network 192.168.14.0 network 192.168.15.0 network 192.168.20.0 no auto-summary

11.1.3 ROUTER_3 (BLOCK_B) Router>enable Router#show running-config Building configuration...

Current configuration : 867 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! interface FastEthernet0/0 ip address 192.168.6.1 255.255.255.0 duplex auto

61

speed auto ! interface FastEthernet1/0 ip address 192.168.7.1 255.255.255.0 duplex auto speed auto ! interface Serial2/0 ip address 2.2.2.2 255.0.0.0 clock rate 64000 ! interface Serial3/0 no ip address shutdown ! interface FastEthernet4/0 ip address 192.168.8.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet5/0 ip address 192.168.9.1 255.255.255.0 duplex auto speed auto !

62

router eigrp 1 network 2.0.0.0 network 192.168.6.0 network 192.168.7.0 network 192.168.8.0 network 192.168.9.0 no auto-summary !

11.1.4 ROUTER_4 (BLOCK_C) Router>enable Router#show running-config Building configuration...

Current configuration : 979 bytes version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption hostname Router ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto

63

! interface FastEthernet1/0 ip address 192.168.2.1 255.255.255.0 duplex auto speed auto ! interface Serial2/0 ip address 1.1.1.2 255.0.0.0 clock rate 64000 ! interface Serial3/0 no ip address shutdown ! interface FastEthernet4/0 ip address 192.168.3.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet5/0 ip address 192.168.4.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet6/0

64

ip address 192.168.5.1 255.255.255.0 duplex auto speed auto ! router eigrp 1 network 1.0.0.0 network 192.168.1.0 network 192.168.2.0 network 192.168.3.0 network 192.168.4.0 network 192.168.5.0 no auto-summary

ROUTER_5 (INTERNET_SERVER)
Router>enable Router#show running-config Building configuration...

Current configuration : 1107 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption !

65

hostname Router ! interface FastEthernet0/0 ip address 192.168.16.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 192.168.17.1 255.255.255.0 duplex auto speed auto ! interface Serial2/0 ip address 4.4.4.2 255.0.0.0 ! interface Serial3/0 no ip address shutdown ! interface FastEthernet4/0 ip address 192.168.18.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet5/0

66

ip address 192.168.19.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet6/0 ip address 192.168.20.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet7/0 no ip address duplex auto speed auto ! interface FastEthernet8/0 no ip address duplex auto speed auto ! router eigrp 1 network 4.0.0.0 network 192.168.16.0 network 192.168.17.0 network 192.168.18.0 network 192.168.19.0

67

network 192.168.20.0 no auto-summary !

CHAPTER 14 CONCLUSION
With the advancement in computer networking strategies across the globe; a new wave of hope has swept across application providers in the global imperative market today. Networking hold the potential to provide an effective solution to users important problems and understanding of the technologies with a provision of a user friendly environment to suit user needs. I have tried to learn about the networking. In this attempt I contributed my best and came to know about many new things, which increased my knowledge in this field. I saw many communicating devices. The project is an attempt to make use of the available technology and resources for fulfilling the requirements in the best possible manner. Overall it was a wonderful experience for me and relishing moment of my lifetime.

68

CHAPTER 15 FUTURE ENHANCEMENT

This training can be used for the small or large organization. Further improvements in the system could make more and more efficient. In the future, more and more companies and new organizations need to be

connected to the big networks as well as with the internet and one should also know a fact that among the professions in the software industry, the networking professional is the person who is paid the most.

There aren't many companies to look beyond as there is Cisco, the biggest

networking company in the world.

69

CHAPTER 16 REFERENCES
16.1 16.2 Sybex CCNA 640-802 cracked CCNA 640-802 study guide