CHAPTER-1 ORGANIZATION PROFILE

1.1 Introduction
Centre for Electronic Governance is an Autonomous body of the Government of Rajasthan under the Department of Technical Education. Foundation stone of CEG was laid down on 8th December 2006 at Khaitan Polytechnic College, Jaipur. The Rajasthan is the second state that is running this program after the highly acclaimed and successful program Jawahar Knowledge Centre in Andhra Pradesh. The CEG has been established with a sole aim to provide a conducive environment for creating industry employable IT professionals by the way of arranging seminars lecturers, vocational trainings and industry relevant software trainings. At the same time it provides a readymade platform for interaction between the industry and the trained workforce. Rajasthan is considered to be one of the most peaceful and law abiding state with high growth rate. The state is developing in all fields in general and technical higher education in particular. In last decade itself more than 50 higher technical education institutes in the field of engineering have started operating.

1.2 Features

To promote interaction between the Government, Technical Institutes and the Industries. To provide conducive environment for learning by doing in colleges. To promote the dissemination of knowledge fostering the innovative thoughts of the Students. To empower students living in the rural areas so as to bridge the urban - Rural gap. 1

To organize seminars and lectures of eminent professionals and scientists. To produce readily employable graduates by imparting industry grade skills. To produce industry ready IT professionals. To help in updating the Curriculum as per the needs of the Industries. To perform such other functions and to carry out such other duties as the society may deem proper or as may be assigned to it by the State Government from time to time.

1.3 Aims and Objectives

Campus Placement Mission (CPM) Campus Placement Related Skills (CPRS) Graduate Placement Mission (GPM) Training for Students Training for Faculty

1.4 Collaborating Partners of CEG

CISCO Career Net Consulting V Combined CAD Technology Sun Microsystems India Pvt Ltd NIIT GENPACT BPO, Jaipur QAInfoTech Delhi Oracle India Pvt. Ltd Red hat India Pvt. Ltd

1.5 Future Plans

Enhance more training for economical week section SC/ST/ OBC Signing more MOU with industries / organization.

Enhance placement activity. Academic support to various and other Institutions. Establish more number of KDC. Faculty training program on cutting edge technologies. The number of KDC after five years will be increased from 17 to 30. The number of students placed in Companies will be 100%. The intake capacity at each KDCs will be increased from 50 to 100. To establish Various Industry Certification Examination Testing Centre. The Mentors at the KDCs will be trained in new technologies in Industries. The training of the students can be arranged in various companies and industries, apart from CEG. Large number of e-governance projects can be carried out at CEG and KDC as well.

1.6 ORGANIZATION STRUCTURE

Marching with a vision to excel, CEG, Jaipur took an initiative and has a MoU with Cisco Systems Inc., USA. CEG , since its inception has been catering to the needs of the Industry by and large, in continuation to the MoU, took a step ahead to start a Regional Academy to promote the Networking related Training Programmes at the CEG centre. The main objective of this MoU is to groom Networking Professionals in tune with the Industry and Academic perspectives. Cisco Systems Inc. USA is a worldwide leader in networking for the Internet and is committed to working with educational institutions around the globe to ensure that todays students master the necessary skills for success in the Internet driven global context. Launched in October 1997 with 64 educational institutions in seven states, the Networking Academy has spread to more than 150 countries. Since its inception, over 1.6 Million students have enrolled at more than 10,000 Academies located in high schools,

technical schools, colleges, universities, and community-based organizations. Interested educational institutions are given the designation of Networking Academy at the level of training that they will be providing in the program. There are currently three possible tiers of training. Industry experts at Cisco Systems train the Instructor Trainers at the Cisco Academy Training Centers (CATCs), the CATC Instructors train Regional Academy Instructors and the Regional Academy Instructors train the Local Academy Instructors who then educate students. Utilizing this three-tier training model helps to provide instructors the training they need in close proximity to where they are located. Educational institutions may play a role at one or more of these training levels. Cisco's partners from business, government and community organizations form an ecosystem to deliver the range of services and support needed to grow tomorrow's global workforce. Initially created to prepare students for the Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP) degrees, the Academy curriculum has expanded with ecosystem-partner sponsored courses. Optional courses include: IT Essentials: PC Hardware and Software and IT Essentials: Network Operating Systems; and Panduit Network Infrastructure Essentials sponsored by Panduit Corporation. The Internet enables anytime, anywhere learning for all students, regardless of location, socio-economic status, gender, or race. With the United Nations Development Program, the United States Agency for International Development, and the International Telecommunication Union, Cisco has made the Academy program available to students in Least Developed Countries to help them build their country's economies. The Networking Academy program continually raises the bar on e-learning and educational processes. Through community feedback and electronic assessment, the Academy program adapts curriculum to improve outcomes and student achievement. The Academy infrastructure is designed to deliver a rich, interactive, and personalized curriculum to students around the world. The Internet has the power to change the way

people learn, work, and play, and the Cisco Networking Academy Program is in the forefront of this transformation. REGIONAL ACADEMY at CEG is a strong initiative by Government of Rajasthan and Cisco Networking Academy to bring wide awareness and training of valuable Networking Technology skills, opportunities, cutting edge and upcoming trends in the Networking Domain. Through the following curricula, the above efforts will be met: * Cisco Certified Network Associate (CCNA) Discovery Foundational networking

knowledge and practical experience. * Cisco Certified Network Associate (CCNA) Exploration Comprehensive overview

of networking from fundamentals to advanced applications and services. * * IT Essentials: PC Hardware and Software ( Hindi/English) CCNP and CCNA Security

CHAPTER-2 PROJECT DESCRIPTION

2.1 INTRODUTION
Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving. As e-business and Internet applications continue to grow, finding the balance between being isolated and open is critical. In addition, the rise of mobile commerce and wireless networks demands that security solution become seamlessly integrated, more transparent, and more flexible.

2.2 EXISTING SYSTEM

The current system has many deficiencies and is inefficient. It does not provide facilities for proper monitoring. Good monitoring mechanisms are the basis of successful development programs and schemes. The student block is presently not connected to the network. Thus they are not getting facilities of the internet. The library is also facing the same problem. The database of the

library should be maintained so that student gets the appropriate information about books. Classroom computers should also have e books to help students.

2.3 PROBLEM DEFINITION

Deficiencies with current System Insider abuse of network access Virus Mobile device theft Phishing where an organization is fraudulently represented as the sender Instant messaging misuse Denial of service Unauthorized access to information Bots within the organization Theft of employee data Abuse of wireless network System penetration Financial fraud Password sniffing Key logging Website defacement

As security measures have improved over the years, some of the most common types of attacks have diminished in frequency, while new ones have emerged. Conceiving of network security solutions begins with an appreciation of the complete scope of computer crime.

When an enterprise grows to include branch offices, e-commerce services, or global operations, a single LAN network is no longer sufficient to meet its business requirements. Wide area network (WAN) access has become essential for larger businesses today. There are a variety of WAN technologies to meet the different needs of businesses and many ways to scale the network. Adding WAN access introduces other considerations, such as network security and address management. Consequently, designing a WAN and choosing the correct carrier network services is not a simple matter.

2.4 PROPOSED SYSTEM 2.4.1 AIM:-Developing a Security Policy

The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy. A policy is a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. RFC2196 states that a "security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide." A security policy can be as simple as a brief Acceptable Use Policy for network resources, or it can be several hundred pages long and detail every element of connectivity and associated policies. A security policy meets these goals: Informs users, staff, and managers of their obligatory requirements for protecting technology and information assets Specifies the mechanisms through which these requirements can be met Provides a baseline from which to acquire, configure, and audit computer systems and networks for compliance with the policy

Assembling a security policy can be daunting if it is undertaken without guidance. For this reason, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002. This document refers specifically to information technology and outlines a code of practice for information security management. ISO/IEC 27002 is intended to be a common basis and practical guideline for developing organizational security standards and effective security management practices. The document consists of 12 sections: Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition, development, and maintenance Information security incident management Business continuity management Compliance

2.4.2 Common Security Appliances and Applications

Security is a top consideration whenever planning a network. In the past, the one device that would come to mind for network security was the firewall. A firewall by itself is no longer adequate for securing a network. An integrated approach involving firewall, intrusion prevention, and VPN is necessary.

An integrated approach to security, and the necessary devices to make it happen, follows these building blocks:

2.4.2.1 Threat control- Regulates network access, isolates infected systems, prevents
intrusions, and protects assets by counteracting malicious traffic, such as worms and viruses. Devices that provide threat control solutions are: Cisco ASA 5500 Series Adaptive Security Appliances Integrated Services Routers (ISR) Network Admission Control Cisco Security Agent for Desktops Cisco Intrusion Prevention Systems

2.4.2.2 Secure communications-Secures network endpoints with VPN. The

devices that allow an organization to deploy VPN are Cisco ISR routers with Cisco IOS VPN solution, and the Cisco 5500 ASA and Cisco Catalyst 6500 switches.

2.4.2.3 Network admission control (NAC)-Provides a roles-based method of

preventing unauthorized access to a network. Cisco offers a NAC appliance.

2.4.2.4 Cisco IOS Software on Cisco Integrated Services Routers (ISRs)

Cisco provides many of the required security measures for customers within the Cisco IOS software. Cisco IOS software provides built-in Cisco IOS Firewall, IPsec, SSL VPN, and IPS services.

2.4.2.5 Cisco ASA 5500 Series Adaptive Security Appliance

At one time, the PIX firewall was the one device that a secure network would deploy. The PIX has evolved into a platform that integrates many different security features,

10

called the Cisco Adaptive Security Appliance (ASA). The Cisco ASA integrates firewall, voice security, SSL and IPsec VPN, IPS, and content security services in one device.

2.4.2.6 Cisco IPS 4200 Series Sensors

For larger networks, an inline intrusion prevention system is provided by the Cisco IPS 4200 series sensors. This sensor identifies, classifies, and stops malicious traffic on the network.

2.4.2.7 Cisco NAC Appliance

The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources.

2.4.2.8 Cisco Security Agent (CSA)

Cisco Security Agent software provides threat protection capabilities for server, desktop, and point-of-service (POS) computing systems. CSA defends these systems against targeted attacks, spyware, rootkits, and day- zero attacks To assist with the compliance of a security policy, the Security Wheel, a continuous process, has proven to be an effective approach. The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis. To begin the Security Wheel process, first develop a security policy that enables the application of security measures. A security policy includes the following: 11

Identifies the security objectives of the organization. Documents the resources to be protected. Identifies the network infrastructure with current maps and inventories. Identifies the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis.

2.5 OBJECTIVE
The security policy is the hub upon which the four steps of the Security Wheel are based. The steps are secure, monitor, test, and improve. Step 1: Secure Secure the network by applying the security policy and implementing the following security solutions: Threat defense Stateful inspection and packet filtering-Filter network traffic to allow only valid traffic and services. Intrusion prevention systems-Deploy at the network and host level to actively stop malicious traffic. Vulnerability patching-Apply fixes or measures to stop the exploitation of known vulnerabilities. Disable unnecessary services-The fewer services that are enabled, the harder it is for attackers to gain access. Step 2: Monitor

12

Monitoring security involves both active and passive methods of detecting security violations. The most commonly used active method is to audit host-level log files. Most operating systems include auditing functionality. System administrators must enable the audit system for every host on the network and take the time to check and interpret the log file entries. Passive methods include using IDS devices to automatically detect intrusion. This method requires less attention from network security administrators than active methods. These systems can detect security violations in real time and can be configured to automatically respond before an intruder does any damage. An added benefit of network monitoring is the verification that the security measures implemented in step 1 of the Security Wheel have been configured and are working properly. Step 3: Test In the testing phase of the Security Wheel, the security measures are proactively tested. Specifically, the functionality of the security solutions implemented in step 1 and the system auditing and intrusion detection methods implemented in step 2 are verified. Vulnerability assessment tools such as SATAN, Nessus, or Nmap are useful for periodically testing the network security measures at the network and host level. Step 4: Improve The improvement phase of the Security Wheel involves analyzing the data collected during the monitoring and testing phases. This analysis contributes to developing and implementing improvement mechanisms that augment the security policy and results in adding items to step 1. To keep a network as secure as possible, the cycle of the Security Wheel must be continually repeated, because new network vulnerabilities and risks are emerging every day.

13

With the information collected from the monitoring and testing phases, IDSs can be used to implement improvements to the security. The security policy should be adjusted as new security vulnerabilities and risks are discovered.

CHAPTER-3 SYSTEM REQUIREMENTS & SPECIFICATIONS

3.1 SELECTING HARDWARE PRODUCTS

We can use the Cisco three-layer model to determine what type of product to buy for our internetwork. By understanding the services required at each layer and what functions the internetworking devices perform. We can then match Cisco products to your academic requirements. To select the correct Cisco products for our network, start by gathering information about where devices need to operate in the internetworking hierarchy, and then consider issues like ease of installation, port-capacity requirements and other features. If we have remote offices or other WAN needs, we need to first find out what type of service is available? It wont do us any good to design a large Frame Relay network only to discover that Frame Relay is only supported in half the locations we need. After our research and find out about the different options available through our service provider, we can choose the Cisco product that fits your requirements.

14

We have a few options, typically: dial-up asynchronous connections, leased lines up to 1.544Mbps, Frame Relay, and ISDN, which are the most popular WAN technologies. However, xDSL is the new front-runner to take over as the fastest, most reliable, cheapest WAN technology. We need to consider our usage before buying and implementing a technology. For example, if our users at a remote branch are connected to the office more than three to four hours a day, then we need either Frame Relay or a leased line. If they connect infrequently, then we might get away with ISDN or dial-up connectivity.

A) Hubs
Before we buy any hub, we need to know which users can use a shared 10Mbps or shared 100Mbps network. The lower-end model of hubs Cisco offers supports only 10Mbps,while the middle-of-the-road one offers both 10- and 100Mbps auto-ensingports. The higher-end hubs offer network-management port and console connections. If we are going to spend enough to buy a high-end hub, we should consider just buying a switch. different hub products Cisco offers. Cisco 1500 Micro Hub Cisco 1528 Micro Hub 10/100 Cisco FastHub100 Cisco FastHub200 Cisco FastHub300 Cisco FastHub400 Any of these hubs can be stacked together to give us more port density. These are the selection issues we need to know: Business requirements for 10- or 100Mbps Port density Management Ease of operation 15

B) Routers
A key criterion when selecting router products is knowing what feature sets us need to meet our requirements. For example, do we need IP, Frame Relay, and VPN support? How about IPX, AppleTalk, and DECnet? The other features we need to think about when considering different product-selection criteria are port density and interface speeds. As we get Fig 2.1 BOOTING OF ROUTER

16

into the higher-end models, we see more ports and faster speeds. For example, the new 12000 series model is Ciscos first gigabit switch and has enormous capability and functionality. Cisco 700/800 series Cisco 1600/1700 series Cisco 2500 series Cisco 2600 series Cisco 3600 series Cisco 4000 series Cisco 7000 series Cisco 12000 GSR series AS 5000 series We can tell how much a product is going to cost by looking at the model number. A stripped-down 12000 series switch with no cards or power supplies starts at about $12,000. The price can end up at well over $100,000 for a loaded system. The Cisco 800 series router has mostly replaced the Cisco 700 series because the 700 series does not run the Cisco IOS. In fact, I hope Cisco will soon stop selling the 700 series routers altogether. They are difficult to configure and maintain. The main selections involved in choosing Cisco routers are listed below: Scale of routing features needed Port density and variety requirements Capacity and performance Common user interface

Table 2.1

17

Comparison between Hub, Bridge, Switch & Router Feature Number of broadcast domains Number of collision domains Forwards LAN broadcasts? Forwards LAN multicasts OSI layer used when making forwarding decision Internal processing variants Frame/packet fragmentation allowed? Multiple concurrent equal-cost paths to same destination allowed? N/A No No Yes N/A N/A N/A Layer 2 Storeandforward No Layer 2 Store-and-forward, cut-through, FragmentFree No Layer 3 Store-andforward Yes 1 1 N/A Segment 1 1 per bridge port Yes Yes 1 per switch port Yes Yes; can be optimized for less forwarding 1 Hub Bridge Switch Router 1 per router interface 1 per router interface No No

C) Switches
It seems like switch prices are dropping almost daily. About four years ago a 12-port 10/100 switch card for the Catalyst 5000 series switch was about $15,000. Now we can buy a complete Catalyst 5000 with a 10/100 card and supervisor module for about $7500 or so. My point is that with switch prices becoming reasonable,It is now easier to install switches in our network. We must consider whether we need 10/100 or 1000Mbps for each desktop or to connect between switches. ATM (asynchronous transfer mode) is also a consideration; however,

18

with Gigabit Ethernet out and 10Gbps links just around the corner, who needs ATM? The next criteria to consider are port density. The lower-end models start at 12 ports, and the higher-end models can provide hundreds of switched ports per switch.

3.2 Different switches available

Cisco 1548 Micro Switch 10/100 Catalyst 1900/2820 series Catalyst 2900 series XL Catalyst 2900 series Catalyst 3000 series Catalyst 8500 series Catalyst 5000 series The selection issues you need to know when choosing a Cisco switch are listed below: _ Business requirements for 10,100 or even 1000Mbps _ Need for trunking and interswitch links _ Workgroup segmentation (VLANs) _ Port density needs _ Different user interfaces

3.3 Assembling and Cabling Devices

To understand the types of cabling used to assemble and cable Cisco devices, we need to understand the LAN Physical layer implementation of Ethernet. Ethernet is a media access method that is specified at the Data Link layer and uses specific Physical layer cabling and signaling techniques. It is important to be able to differentiate between the types of connectors that can be used to connect an Ethernet

19

network together. Ill discuss the different unshielded twisted-pair cabling used today in an Ethernet LAN.

3.3.1 Cabling the Ethernet Local Area Network

Ethernet was first implemented by a group called DIX (Digital, Intel, and Xerox). They created and implemented the first Ethernet LAN specification, which the IEEE used to create the IEEE 802.3 committee. This was a 10Mbps network that ran on coax, twistedpair, and fiber physical media. The IEEE extended the 802.3 committee to two new committees known as 802.3u (FastEthernet) and 802.3q (Gigabit Ethernet). These are both specified on twisted-pair and fiber physical media. When designing our LAN, it is important to understand the different types of Ethernet media available. It would certainly be great to run Gigabit Ethernet to each desktop and 10Gbps between switches. By mixing and matching the different types of Ethernet media methods today, we can create a cost-effective network that works great. The following bullet points provide a general understanding of where we can use the different Ethernet media in your hierarchical network: Use 10Mbps switches at the access layer to provide good performance at a low price. 100Mbps links can be used for high-bandwidth consuming clients or servers. No servers should be at 10Mbps if possible. Use Fast Ethernet between access layer and distribution layer switches.10Mbps links would create a bottleneck. Use Fast Ethernet (or Gigabit if applicable) between distribution layer switches and the core. Also, we should be implementing the fastest media we can afford between the core switches. Dual links between distribution and core switches are recommended for redundancy and load balancing.

20

3.3.2 Ethernet Media and Connector Requirements

Its important to understand the difference between the media access speeds Ethernet provides. However, its also important to understand the connector requirements for each implementation before making any decision. The EIA/TIA (Electronic Industries Association and the newer Telecommunications Industry Association) is the standards body that creates the Physical layer specifications for Ethernet. The EIA/TIA specifies that Ethernet use a registered jack (RJ) connector with a 4 5 wiring sequence on unshielded twisted-pair (UTP) cabling (RJ-45). The following bullet points outline the different Ethernet media requirements: 10Base2 50-ohm coax, called thinnet. Up to 185 meters and 30 hosts per segment. Uses a physical and logical bus with AUI connectors. 10Base5 50-ohm coax called thicknet. Up to 500 meters and 208 users per segment. Uses a physical and logical bus with AUI connectors. Up to 2500 meters with repeaters and 1024 users for all segments. 10BaseT EIA/TIA category 3, 4, or 5, using two-pair unshielded twisted-pair (UTP) wiring. One user per segment; up to 100 meters long. Uses an RJ-45 connector with a physical star topology and a logical bus. 100BaseTX EIA/TIA category 5, 6, or 7 UTP two-pair wiring. One user per segment; up to 100 meters long. Uses an RJ-45 MII connector with a physical star topology and a logical bus. 100BaseFX Uses fiber cabling 62.5/125-micron multimode fiber. Point-to-point topology up to 400 meters long. Uses an ST or SC connector, which are duplex media-interface connectors. 1000BaseCX Copper shielded twisted-pair that can only run up to 25 meters. 1000BaseT Category 5, four-pair UTP wiring up to 100 meters long. 1000BaseSX MMF using 62.5 and 50-micron core; uses a 780-nanometer laser and can go up to 260 meters.

21

1000BaseLX Single-mode fiber that uses a 9-micron core, 1300-nanometer laser and can go from 3 km up to 10 km. 100VG-AnyLAN is a twisted-pair technology that was the first 100Mbps LAN.

However, since it was incompatible with Ethernet signaling techniques (it used a polling media access method), it was not typically used and is essentially dead.

3.3.3 UTP Connections (RJ-45)

The RJ-45 connector is clear so we can see the eight colored wires that connect to the connectors pins. These wires are twisted into four pairs. Four wires (two pairs) carry the voltage and are considered tip. The other four wires are grounded and are called ring. The RJ-45 connector is crimped onto the end of the wire, and the pin locations of the connector are numbered from the left, 8 to 1. The UTP cable has twisted wires inside that eliminate cross talk. Unshielded cable can be used since digital signal protection comes from the twists in the wire. The more twists per inch, the farther the digital signal can Supposedly travel without interference. For example, categories 5 and 6 have many more twists per inch than category 3 UTP does. Different types of wiring are used when building internetworks. We will need to use either a straight-through or crossover cable.

3.3.4 Straight-Through
In a UTP implementation of a straight-through cable, the wires on both cable ends are in the same order. We can determine that the wiring is a straight-through cable by holding both ends of the UTP cable side by side and seeing that the order of the wires on both ends is identical.

22

We can use a straight-through cable for the following tasks: Connecting a router to a hub or switch Connecting a server to a hub or switch Connecting workstations to a hub or switch

3.3.5 Crossover
In the implementation of a crossover, the wires on each end of the cable are crossed. Transmit to Receive and Receive to Transmit on each side, for both tip and ring. Pin 1 on one side connects to pin 3 on the other side, and pin 2 connects to pin 6 on the opposite end. We can use a crossover cable for the following tasks: Connecting uplinks between switches Connecting hubs to switches Connecting a hub to another hub Connecting a router interface to another router interface Connecting two PCs together without a hub or switch When trying to determine the type of cable needed for a port, look at the port and see if it is marked with an X. Use a straight-through cable when only one port is designated with an X. Use a crossover when both ports are designated with an X or when neither port has an X.

3.3.6 Cabling the Wide Area Network

To connect our wide area network (WAN), we need to understand the WAN Physical layer implementation provided by Cisco as well as the different WAN serial connectors. Cisco serial connections support almost any type of WAN service. The typical WAN connections are dedicated leased lines using High-Level Data Link Control (HDLC),

23

Point-to-Point Protocol (PPP), Integrated Services Digital Network (ISDN), and Frame Relay. Typical speeds are anywhere from 2400bps to 1.544Mbps (T1). HDLC, PPP, and Frame Relay can use the same Physical layer specifications, but ISDN has different pinouts and specifications at the Physical layer.

3.3.7 Serial Transmission

WAN serial connectors use serial transmission, which is one bit at a time, over a single channel. Parallel transmission can pass at least 8 bits at a time. All WANs use serial transmission. Cisco routers use a proprietary 60-pin serial connector, which we must buy from Cisco or a provider of Cisco equipment. The type of connector we have on the other end of the cable depends on our service provider or end-device requirements. The different ends available are EIA/TIA-232, EIA/TIA-449, V.35 (used to connect to a CSU/DSU), X.21 (used in X.25), and EIA-530. Serial links are described in frequency or cycles-per-second (hertz). The amount of data that can be carried within these frequencies is called bandwidth. Bandwidth is the amount of data in bits-per-second that the serial channel can carry.

3.3.8 Data Terminal Equipment and Data Communication Equipment

Router interfaces are, by default, Data Terminal Equipment (DTE) and connect into Data Communication Equipment (DCE), for example, a Channel Service Unit/Data Service Unit (CSU/DSU). The CSU/DSU then plugs into a demarcation location (demarc) and is the service providers last responsibility. Typically, the demarc is a jack that has an RJ-45 female connector located close to our equipment. If we report a problem to our service provider,theyll always tell us it tests

24

fine up to the demarc and that the problem must be the CPE, or Customer Premise Equipment, which is our responsibility. The idea behind a WAN is to be able to connect two DTE networks together through a DCE network. The DCE network includes the CSU/DSU, through the providers wiring and switches, all the way to the CSU/DSU at the other end. The networks DCE device provides clocking to the DTE connected interface (the routers serial interface).

3.3.9 Fixed and Modular Interfaces

The fixed routers, such as the 2500 series, have set interfaces that cant be changed. The 2501 router has two serial connections and one 10BaseT AUI interface However, the 1600, 1700, 2600, 3600, and higher routers have modular interfaces that allow us to buy what we need now and add almost any type of interface we may need later. The 1600 and 1700 are limited and have both fixed and modular ports, but the 2600 and up provide many serials, FastEthernet, and even voice-module availability.

3.4 Integrated Services Digital Network (ISDN) Connections

Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) is two B (Bearer) channels of 64k each and one D (Data) channel of 16k for signaling and clocking. ISDN BRI routers come with either a U interface or what is known as an S/T interface. The difference between the two is that the U interface is already a two-wire ISDN convention that can plug right into the ISDN local loop. The S/T interface is a four-wire interface and needs a Network Termination type 1 (NT 1) to convert from a four-wire to the two-wire ISDN specification. The U interface has a built-in NT 1 device. If our service provider uses an NT 1 device, then we need to buy a router that has an S/T interface. Most Cisco router BRI interfaces are marked with a U or an S/T. 25

Primary Rate Interface (PRI) provides T1 speeds (1.544Mbps) in the U.S. and E1 speeds (2.048) in Europe. The ISDN BRI interface uses an RJ-45, category 5, straight-through cable. It is important to avoid plugging a console cable or other LAN cable into a BRI interface on a router, because it will probably ruin the interface.

3.4.1Console Connections
All Cisco devices are shipped with console cables and connectors, which allow us to connect to a device and configure, verify, and monitor it. The cable used to connect between a PC is a rollover cable with RJ-45 connectors. The pinouts for a rollover cable are as follows: 18 27 36 45 54 63 72 81 We can see that we just take a straight-through RJ-45 cable, cut the end off, flip it over, and reattach a new connector.

26

Typically, we will use the DB9 connector to attach to our PC and use a com port to communicate via HyperTerminal. Most Cisco devices now support RJ-45 console connections. However, the Catalyst 5000 series switch still uses a DB25 connector. Set up the terminal emulation program to run 9600bps, 8 data bits, no parity, 1 stop bit, and no flow control. On some routers, we need to verify that the terminal emulation program is emulating a VT100 dumb-terminal mode, not an auto-sense mode, or it wont work. Most routers also have an aux port, which is an auxiliary port used to connect a modem. we can then dial this modem and connect the router to the aux port. This will give us console access to a remote router that might be down and that we cannot telnet into.

CHAPTER -4 SYSTEM DESIGNING

4.1 ELEMENTS OF THE NETWORK

Human beings often seek to send and receive a variety of message using computer applications; these applications require services be provided by the network. Some of these services include the World Wide Web, e-mail, instant messaging, and IP Telephony. Devices interconnected by medium to provide services must be governed by rules, or protocols. Protocols are the rules that the networked devices use to communicate with each other. The industry standard in networking today is a set of protocols called TCP/IP (Transmission Control Protocol/Internet Protocol). TCP/IP is used in home and business networks, as well as being the primary protocol of the Internet. It is TCP/IP protocols that specify the formatting, addressing and routing mechanisms that ensure our

27

messages are delivered to the correct recipient. The elements of networks are connected by rules to deliver a message.

4.1.1 The Messages

In the first step of its journey from the computer to its destination, our instant message gets converted into a format that can be transmitted on the network. All types of messages must be converted to bits, binary coded digital signals, before being sent to their destinations. No matter what the original message format was: text, video, voice, or computer data. Once our instant message is converted to bits, it is ready to be sent onto the network for delivery.

4.1.2 The Devices

There are numerous components that make it possible for our instant message to be directed across the miles of wires, underground cables, airwaves and satellite stations that might exist between the source and destination devices. One of the critical components in any size network is the router. A router joins two or more networks, like a home network and the Internet, and passes information from one network to another. Routers in a network work to ensure that the message gets to its destination in the most efficient and quickest manner.

4.1.3 The Medium

To send instant message to its destination, the computer must be connected to a wired or wireless local network. Local networks can be installed in homes or businesses, where they enable computers and other devices to share information with each other and to use a common connection to the Internet. Wireless networks allow the use of networked devices anywhere in an office or home, even outdoors. Outside the office or home,

28

wireless networking is available in public hotspots, such as coffee shops, businesses, hotel rooms, and airports. Ethernet is the most common wired networking technology. The wires, called cables, connect the computers and other devices that make up the networks. Wired networks are best for moving large amounts of data at high speeds, such as are required to support professional-quality multimedia.

4.1.4 The Services

Network services are computer programs that support the human network. Distributed on devices throughout the network, these services facilitate online communication tools such as e-mail, bulletin/discussion boards, chat rooms, and instant messaging.

4.1.5 The Rules

Important aspects of networks that are neither devices nor media are rules, or protocols. These rules are the standards and protocols that specify how the messages are sent, how they are directed through the network, and how they are interpreted at the destination devices. For example, in the case of Jabber instant messaging, the XMPP, TCP, and IP protocols are all important sets of rules that enable our communication to occur.

4.2 The OSI Model:Initially the OSI model was designed by the International Organization for Standardization (ISO) to provide a framework on which to build a suite of open systems protocols. The vision was that this set of protocols would be used to develop an international network that would not be dependent on proprietary systems. Unfortunately, the speed at which the TCP/IP based Internet was adopted, and the rate at which it expanded, caused the OSI Protocol Suite development and acceptance to lag behind. Although few of the protocols developed using the OSI specifications are in

29

widespread use today, the seven-layer OSI model has made major contributions to the development of other protocols and products for all types of new networks. As a reference model, the OSI model provides an extensive list of functions and services that can occur at each layer. It also describes the interaction of each layer with the layers directly above and below it. The protocols that make up the TCP/IP protocol suite can be described in terms of the OSI reference model. In the OSI model, the Network Access layer and the Application layer of the TCP/IP model are further divided to describe discreet functions that need to occur at these layers. At the Network Access Layer, the TCP/IP protocol suite does not specify which protocols to use when transmitting over a physical medium; it only describes the handoff from the Internet Layer to the physical network protocols. The OSI Layers 1 and 2 discuss the necessary procedures to access the media and the physical means to send data over a network.

Fig 4.1 Troubleshooting Application layer Problems

30

The key parallels between the two network models occur at the OSI model Layers 3 and 4. OSI Model Layer 3, the Network layer, almost universally is used to discuss and document the range of processes that occur in all data networks to address and route messages through an internetwork. The Internet Protocol (IP) is the TCP/IP suite protocol that includes the functionality described at Layer 3. Layer 4, the Transport layer of the OSI model, is often used to describe general services or functions that manage individual conversations between source and destination hosts. These functions include acknowledgement, error recovery, and sequencing. At this layer, the TCP/IP protocols Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) provide the necessary functionality.

31

The TCP/IP Application layer includes a number of protocols that provide specific functionality to a variety of end user applications. The OSI model Layers 5, 6 and 7 are used as references for application software developers and vendors to produce products that need to access networks for communications.

Fig 4.2 OSI MODEL

4.3 Classful IP Addressing

When IP was first standardized in September 1981, the specification required that each system attached to an IP-based Internet be assigned a unique, 32-bit Internet address value. Systems that have interfaces to more than one network require a unique IP address for each network interface. The first part of an Internet address identifies the network on which the host resides, while the second part identifies the particular host on the given network. This creates the two-level addressing hierarchy.

32

In recent years, the network number field has been referred to as the network prefix because the leading portion of each IP address identifies the network number. All hosts on a given network share the same network prefix but must have a unique host number. Similarly, any two hosts on different networks must have different network prefixes but may have the same host number.

4.3.1 Primary Address Classes

To provide the flexibility required to support networks of varying sizes, the Internet designers decided that the IP address space should be divided into three address classesClass A, Class B, and Class C. This is often referred to as classful addressing. Each class fixes the boundary between the network prefix and the host number at a different point within the 32-bit address. One of the fundamental features of classful IP addressing is that each address contains a self-encoding key that identifies the dividing point between the network prefix and the host number. For example, if the first two bits of an IP address are 1-0, the dividing point falls between the 15th and 16th bits. This simplified the routing system during the early years of the Internet because the original routing protocols did not supply a deciphering key or mask with each route to identify the length of the network prefix. Class A Networks (/8 Prefixes) This class is for very large networks, such as a major international company. IP addresses with a first octet from 1 to 126 are part of this class. The other three octets are each used to identify each host. Net 54. Host or Node 24.54.43

Class B Networks (/16 Prefixes)

33

Class B is used for medium-sized networks. A good example is a large college campus. IP addresses with a first octet from 128 to191 are part of this class. Class B addresses also include the second octet as part of the Net identifier. The other two octets are used to identify each host Class C Networks (/24 Prefixes) Each Class C network address has a 24-bit network prefix, with the three highest order bits set to 1-1-0 and a 21-bit network number, followed by an 8-bit host number. Class C networks are now referred to as /24s since they have a 24-bit network prefix. A maximum of 2,097,152 (221 ) /24 networks can be defined with up to 254 (28-2) hosts per network. Since the entire /24 address block contains 229 (536,870,912) addresses, it represents 12.5 percent (or one eighth) of the total IPv4 unicast address space. Other Classes In addition to the three most popular classes, there are two additional classes. Class D addresses have their leading four bits set to 1-1-1-0 and are used to support IP Multicasting. Class E addresses have their leading four bits set to 1-1-1-1 and are reserved for experimental use.

4.4 Subnetting
Basically it is a process of subdividing networks into smaller subnets. In case we have 2-3 small networks but we cant buy IP address for each and every network. So here we use the basic concept of SUBNETTING i.e using one public IP address we will give them IP address and make them independent networks. For this we take some bits of host address and use them for network address so we have different independent networks Address Format when Subnetting Is Used (class A,B,C resp.): 8 Network 24-x Subnet x Host

34

16 Network 24

16-x Subnet 8-x

x Host x

Network Subnet Host And due to this mask changes to subnet mask and now the network address also includes subnet address. Example If subnet mask is 255.255.240.0 And an IP address for a computer is given as 142.16.52.4 142.16.0.0 is network address 0.0.48.0 is the subnet address 0.0.4.4 is the host address of the computer 10001110.00010000.00110100.00000100 is ANDed with 11111111.11111111.11110000.00000000 and output is 10001110.00010000.00110000.00000000 here first two octets represents Network address and third octet represents subnet address. It can be compared with a postal address as there is only one ZIP code (Network address), different streets (Subnet address), and different house number (Host address). The size of the global Internet routing table does not grow because the site administrator does not need to obtain additional address space and the routing advertisements for all of the subnets are combined into a single routing table entry.

4.4.1 Defining the Subnet Mask / Extended Prefix Length

The first step in defining the subnet mask is to determine the number of bits required to define the six subnets. Since a network address can only be subnetted along binary boundaries, subnets must be created in blocks of powers of two [2 (21), 4 (22), 8 (23), 16 (24), and so on]. Thus, it is impossible to define an IP address block such that it contains

35

exactly six subnets. For this example, the network administrator must define a block of 8 (23) and have two unused subnets that can be reserved for future growth. Since 8 = 23, three bits are required to enumerate the eight subnets in the block. In this example, the organization is subnetting a /24 so it will need three more bits, or a /27, as the extended network prefix. A 27-bit extended network prefix can be expressed in dotted-decimal notation as 255.255.255.224. A 27-bit extended network prefix leaves 5 bits to define host addresses on each subnet. This means that each subnetwork with a 27-bit prefix represents a contiguous block of 25 (32) individual IP addresses. However, since the all-0s and all-1s host addresses cannot be allocated, there are 30 (25-2) assignable host addresses on each subnet.

4.5 Variable Length Subnet Masks (VLSM)

In 1987, RFC 1009 specified how a subnetted network could use more than one subnet mask. When an IP network is assigned more than one subnet mask, it is considered a network with (VLSM) since the extended network prefixes have different lengths. RIP-1 Permits Only a Single Subnet Mask When using RIP-1, subnet masks have to be uniform across the entire network prefix. RIP-1 allows only a single subnet mask to be used within each network number because it does not provide subnet mask information as part of its routing table update messages. In the absence of this information, RIP-1 is forced to make assumptions about the mask that should be applied to any of its learned routes. How does a RIP-1 based router know what mask to apply to a route when it learns a new route from a neighbor? If the router has a subnet of the same network number assigned to a local interface, it assumes that the learned subnetwork was defined using the same mask as the locally configured interface.

4.6 Routing Protocols

36

Routing is used for taking a packet from one device and sending it through the network to another device on a different network. If our network has no routers, then we are not routing. Routers route traffic to all the networks in our internetwork. To be able to route packets, a router must know, at a minimum, the following: Destination address Neighbor routers from which it can learn about remote networks Possible routes to all remote networks The best route to each remote network How to maintain and verify routing information

Dynamic routing is the process of routing protocols running on the router communicating with neighbor routers. The routers then update each other about all the networks they know about. If a change occurs in the network, the dynamic routing protocols automatically inform all routers about the change. If static routing is used, the administrator is responsible for updating all changes by hand into all routers.

4.6.1 Routing:- Static and Dynamic

1. The ip route commandThe command for configuring a static route is ip route. The complete syntax for configuring a static route is: Router (config) #ip route prefix mask {ip-address | interface-type interface-number [ipaddress]} [distance] [name] [permanent] [tag] Router (config) #ip route network-address subnet-mask {ip-address | exit-interface}

37

The following parameters are used: Network-address - Destination network address of the remote network to be added to the routing table Subnet-mask - Subnet mask of the remote network to be added to the routing table. The subnet mask can be modified to summarize a group of networks. The ip-address parameter is commonly referred to as the "next-hop" router's IP address. The actual next-hop router's IP address is commonly used for this parameter. However, the ip-address parameter could be any IP address, as long as it is resolvable in the routing table. This is beyond the scope of this course, but we've added this point to maintain technical accuracy. 2. Installing a Static Route in the Routing Table R#debug ip routing R#config terminal R (config) #ip route 172.16.1.0 255.255.255.0 172.16.2.2 Let's examine each element in this output: ip route - Static route command 172.16.1.0 - Network address of remote network 255.255.255.0 - Subnet mask of remote network 172.16.2.2 - Serial 0/0/0 interface IP address on Router, which is the "next-hop" to this network 3. Verifying the Static RouteThe output from debug ip routing shows that this route has been added to the routing table. 00:20:15: RT: add 172.16.1.0/24 via 172.16.2.2, static metric [1/0] Entering show ip route on R shows the new routing table. Output:

38

S - Routing table code for static route 172.16.1.0 - Network address for the route /24 - Subnet mask for this route; this is displayed in the line above, known as the parent route [1/0] - Administrative distance and metric for the static route via 172.16.2.2 - IP address of the next-hop router, the IP address of Routers Serial 0/0/0 interface Any packets with a destination IP address that have the 24 left-most bits matching 172.16.1.0 will use this route.

4.6.2 Configuring a Static Route with an Exit Interface

Let's investigate another way to configure the same static routes. Currently, R's static route for the 192.168.2.0/24 network is configured with the next-hop IP address of 172.16.2.2. In the running configuration, note the following line: ip route 192.168.2.0 255.255.255.0 172.16.2. This static route requires a second routing table lookup to resolve the 172.16.2.2 nexthop IP address to an exit interface. However, most static routes can be configured with an exit interface, which allows the routing table to resolve the exit interface in a single search instead of two searches. Verifying the Static Route Configuration Whenever changes are made to static routes - or to other aspects of the network - verify that the changes took effect and that they produce the desired results. Verifying Static Route Changes We deleted and reconfigured the static routes for all three routers. The running configuration contains the current router configuration - the commands and parameters that the router is currently using. Verify the changes by examining the running configuration.

39

1.show ip route Static routes with exit interfaces have been added to the routing table and that the previous static routes with next-hop addresses have been deleted. 2.ping The ultimate test is to route packets from source to destination. Using the ping command, we can test that packets from each router are reaching their destination and that the return path is also working properly.

4.6.3 Configuring a Summary Route

To implement the summary route, we must first delete the three current static routes: R (config) #no ip route 172.16.1.0 255.255.255.0 serial0/0/1 R (config) #no ip route 172.16.2.0 255.255.255.0 serial0/0/1 R (config) #no ip route 172.16.3.0 255.255.255.0 serial0/0/1 Next, we will configure the summary static route: R (config) #ip route 172.16.0.0 255.255.252.0 serial0/0/1 Routing protocols can be classified into different groups according to their characteristics. The most commonly used routing protocols are: 1.RIP - A distance vector interior routing protocol 2.IGRP - The distance vector interior routing developed by Cisco (deprecated from 12.2 IOS and later) 3.OSPF - A link-state interior routing protocol 4.IS-IS - A link-state interior routing protocol 5.EIGRP - The advanced distance vector interior routing protocol developed by Cisco 6.BGP - A path vector exterior routing protocol

4.6.4 Routing protocols are two types

40

1. Distance vector routing protocols 2. Link state routing protocols

4.6.4.1 Distance vector routing protocols

Dynamic routing protocols help the network administrator overcome the time-consuming and exacting process of configuring and maintaining static routes. Dynamic routing is the most common choice for large networks. Distance vector routing protocols include RIP, IGRP, and EIGRP. 4.6.4.1.1 RIP RIP has the following key characteristics: Hop count is used as the metric for path selection. If the hop count for a network is greater than 15, RIP cannot supply a route to that network. Routing updates are broadcast or multicast every 30 seconds, by default.

4.6.4.1.2 IGRP Interior Gateway Routing Protocol (IGRP) is a proprietary protocol developed by Cisco. IGRP has the following key design characteristics: Bandwidth, delay, load and reliability are used to create a composite metric. Routing updates are broadcast every 90 seconds, by default. IGRP is the predecessor of EIGRP and is now obsolete.

4.6.4.1.3 EIGRP Enhanced IGRP (EIGRP) is a Cisco proprietary distance vector routing protocol. EIGRP has these key characteristics: It can perform unequal cost load balancing. It uses Diffusing Update Algorithm (DUAL) to calculate the shortest path.

41

There are no periodic updates as with RIP and IGRP. Routing updates are sent only when there is a change in the topology.

4.6.4.2 Link state routing protocols:4.6.4.2.1 OSPF OSPF was designed by the IETF (Internet Engineering Task Force) OSPF Working Group, which still exists today. The development of OSPF began in 1987 and there are two current versions in use: OSPFv2: OSPF for IPv4 networks (RFC 1247 and RFC 2328) OSPFv3: OSPF for IPv6 networks (RFC 2740) 4.6.4.2.2 IS-IS IS-IS was designed by ISO (International Organization for Standardization) and is described in ISO 10589. The first incarnation of this routing protocol was developed at DEC (Digital Equipment Corporation) and is known as DECnet Phase V. Radia Perlman was the chief designer of the IS-IS routing protocol. IS-IS was originally designed for the OSI protocol suite and not the TCP/IP protocol suite. Later, Integrated IS-IS, or Dual IS-IS, included support for IP networks. Although IS-IS has been known as the routing protocol used mainly by ISPs and carriers, more enterprise networks are beginning to use IS-IS. 4.6.4.2.3 OSPF Open Shortest Path First (OSPF) is a recent entry into the Internet interior routing scene. OSPF is specifically designed to operate with larger networks. It does not impose a hopcount restriction and permits its domain to be subdivided for easier management. OSPF is a classless routing protocol. Therefore, we will configure the mask as part of our OSPF configuration. OSPF's major advantages over RIP are its fast convergence and its scalability to much larger network implementations.

42

OSPF packet typesEach packet serves a specific purpose in the OSPF routing process: 1. Hello - Hello packets are used to establish and maintain adjacency with other OSPF routers. 2. DBD - The Database Description (DBD) packet contains an abbreviated list of the sending router's link-state database and is used by receiving routers to check against the local link-state database. 3. LSR - Receiving routers can then request more information about any entry in the DBD by sending a Link-State Request (LSR). 4. LSU - Link-State Update (LSU) packets are used to reply to LSRs as well as to announce new information. LSUs contain seven different types of Link-State Advertisements (LSAs). 5. LSAck - When an LSU is received, the router sends a Link-State Acknowledgement (LSAck) to confirm receipt of the LSU.

CHAPTER -5

43

TESTING OF NETWORK

5.1 INTRODUCTION
To efficiently diagnose and correct network problems, a network engineer needs to know how a network has been designed and what the expected performance for this network should be under normal operating conditions. This information is called the network baseline and is captured in documentation such as configuration tables and topology diagrams. Network configuration documentation provides a logical diagram of the network and detailed information about each component. This information should be kept in a single location, either as hard copy or on the network on a protected website. Network documentation should include these components: Network configuration table End-system configuration table Network topology diagram

When we document our network, we may have to gather information directly from routers and switches. Commands that are useful to the network documentation process include: The ping command is used to test connectivity with neighboring devices before logging in to them. Pinging to other PCs in the network also initiates the MAC address auto-discovery process. The telnet command is used to log in remotely to a device for accessing configuration information. 44

The show ip interface brief command is used to display the up or down status and IP address of all interfaces on a device. The show ip route command is used to display the routing table in a router to learn the directly connected neighbors, more remote devices (through learned routes), and the routing protocols that have been configured.

The show cdp neighbor detail command is used to obtain detailed information about directly connected Cisco neighbor devices.

5.2 TESTING NETWORK PERFORMANCE

Establishing a network performance baseline requires collecting key performance data from the ports and devices that are essential to network operation. This information helps to determine the "personality" of the network and provides answers to the following questions: 1. How does the network perform during a normal or average day? 2. Where are the underutilized and over-utilized areas? 3. Where are the most errors occurring? 4. What thresholds should be set for the devices that need to be monitored? 5. Can the network deliver the identified policies? Measuring the initial performance and availability of critical network devices and links allows a network administrator to determine the difference between abnormal behavior and proper network performance as the network grows or traffic patterns change. The baseline also provides insight into whether the current network design can deliver the required policies. Without a baseline, no standard exists to measure the optimum nature of network traffic and congestion levels. In addition, analysis after an initial baseline tends to reveal hidden problems. The collected data reveals the true nature of congestion or potential congestion in a network.

45

It may also reveal areas in the network that are underutilized and quite often can lead to network redesign efforts based on quality and capacity observations.

5.2.1 Measuring Network Performance Data

Sophisticated network management software is often used to baseline large and complex networks. For example, the Fluke Network Super Agent module enables administrators to automatically create and review reports using its Intelligent Baselines feature. This feature compares current performance levels with historical observations and can automatically identify performance problems and applications that do not provide expected levels of service.

5.2.2 The stages of the general testing process are:

Stage 1 Gather symptoms - Troubleshooting begins with the process of gathering and documenting symptoms from the network, end systems, and users. In addition, the network administrator determines which network components have been affected and how the functionality of the network has changed compared to the baseline. Symptoms may appear in many different forms, including alerts from the network management system, console messages, and user complaints. While gathering symptoms, questions should be used as a method of localizing the problem to a smaller range of possibilities. Stage 2 Isolate the problem - The problem is not truly isolated until a single problem, or a set of related problems, is identified. To do this, the network administrator examines the characteristics of the problems at the logical layers of the network so that the most likely cause can be selected. At this stage, the network administrator may gather and document more symptoms depending on the problem characteristics that are identified.

46

Stage 3 Correct the problem - Having isolated and identified the cause of the problem, the network administrator works to correct the problem by implementing, testing, and documenting a solution. If the network administrator determines that the corrective action has created another problem, the attempted solution is documented, the changes are removed, and the network administrator returns to gathering symptoms and isolating the problem. A troubleshooting policy should be established for each stage. A policy provides a consistent manner in which to perform each stage. Part of the policy should include documenting every important piece of information.

5.3 Gathering Symptoms

To determine the scope of the problem gather (document) the symptoms. Each step in this process is briefly described here: Step 1. Analyze existing symptoms - Analyze symptoms gathered from the trouble ticket, users, or end systems affected by the problem to form a definition of the problem. Step 2. Determine ownership - If the problem is within our system, we can move onto the next stage. If the problem is outside the boundary of our control, for example, lost Internet connectivity outside of the autonomous system, we need to contact an administrator for the external system before gathering additional network symptoms. Step 3. Narrow the scope - Determine if the problem is at the core, distribution, or access layer of the network. At the identified layer, analyze the existing symptoms and use our knowledge of the network topology to determine which pieces of equipment are the most likely cause. Step 4. Gather symptoms from suspect devices - Using a layered troubleshooting approach, gather hardware and software symptoms from the suspect devices. Start with

47

the most likely possibility, and use knowledge and experience to determine if the problem is more likely a hardware or software configuration problem. Step 5. Document symptoms - Sometimes the problem can be solved using the documented symptoms. If not, begin the isolating phase of the general troubleshooting process.

Fig 5.1 Command List

5.4 Hardware Testing Tools

5.4.1 Network Analysis Module

48

A network analysis module (NAM) can be installed in Cisco Catalyst 6500 series switches and Cisco 7600 series routers to provide a graphical representation of traffic from local and remote switches and routers. The NAM is a embedded browser-based interface that generates reports on the traffic that consumes critical network resources. In addition, the NAM can capture and decode packets and track response times to pinpoint an application problem to the network or the server.

5.4.2 Digital Multimeters

Digital multimeters (DMMs) are test instruments that are used to directly measure electrical values of voltage, current, and resistance. In network troubleshooting, most of the multimedia tests involve checking power-supply voltage levels and verifying that network devices are receiving power.

5.4.3 Cable Testers

Cable testers are specialized, handheld devices designed for testing the various types of data communication cabling. Cabling testers can be used to detect broken wires, crossedover wiring, shorted connections, and improperly paired connections. These devices can be inexpensive continuity testers, moderately priced data cabling testers, or expensive time-domain reflectometers (TDRs). TDRs are used to pinpoint the distance to a break in a cable. These devices send signals along the cable and wait for them to be reflected. The time between sending the signal and receiving it back is converted into a distance measurement. The TDR function is normally packaged with data cabling testers. TDRs used to test fiber optic cables are known as optical time-domain reflectometers (OTDRs). Fig 5.2 TOPOLOGY DIAGRAM OF NETWORK

5.4.4 Cable Analyzers

49

Cable analyzers are multifunctional handheld devices that are used to test and certify copper and fiber cables for different services and standards. The more sophisticated tools include advanced troubleshooting diagnostics that measure distance to performance

defect (NEXT, RL), identify corrective actions, and graphically display crosstalk and impedance behavior. Cable analyzers also typically include PC-based software. Once field data is collected the handheld device can upload its data and up-to-date and accurate reports can be created.

CHAPTER -6 SECURITY
50

6.1 Introduction
Computer networks have grown in both size and importance in a very short time. If the security of the network is compromised, there could be serious consequences, such as loss of privacy, theft of information, and even legal liability. To make the situation even more challenging, the types of potential threats to network security are always evolving. As e-business and Internet applications continue to grow, finding the balance between being isolated and open is critical. In addition, the rise of mobile commerce and wireless networks demands that security solution become seamlessly integrated, more transparent, and more flexible.

6.2 The Increasing Threat to Security

Over the years, network attack tools and methods have evolved. In 1985 an attacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks. As time went on, and attackers' methods and tools improved, attackers no longer required the same level of sophisticated knowledge. This has effectively lowered the entry-level requirements for attackers. People who previously would not have participated in computer crime are now able to do so. As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe the individuals involved. Some of the most common terms are as follows: White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.

51

Hacker-A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. Black hat-Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat. Cracker-A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent. Phreaker-An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls. Spammer-An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. Phisher-Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.

6.2.1 Types of Computer Crime

As security measures have improved over the years, some of the most common types of attacks have diminished in frequency, while new ones have emerged. Conceiving of network security solutions begins with an appreciation of the complete scope of computer crime. These are the most commonly reported acts of computer crime that have network security implications: 1. Insider abuse of network access 2. Virus 3. Mobile device theft 4. Phishing where an organization is fraudulently represented as the sender 5. Instant messaging misuse 52

6. Denial of service 7. Unauthorized access to information 8. Bots within the organization 9. Theft of customer or employee data 10. Abuse of wireless network 11. System penetration 12. Financial fraud 13. Password sniffing 14. Key logging 15. Website defacement 16. Misuse of a public web application 17. Theft of proprietary information 18. Exploiting the DNS server of an organization 19. Telecom fraud 20. Sabotage Note: In certain countries, some of these activities may not be a crime, but are still a problem.

6.3 Secure connectivity

VPNs-Encrypt network traffic to prevent unwanted disclosure to unauthorized or malicious individuals. Trust and identity-Implement tight constraints on trust levels within a network. For example, systems on the outside of a firewall should never be absolutely trusted by systems on the inside of a firewall. Authentication-Give access to authorized users only. One example of this is using one-time passwords. Policy enforcement-Ensure that users and end devices are in compliance with the corporate policy.

53

6.3.1 The Role of Routers in Network Security

We know that we can build a LAN by connecting devices with basic Layer 2 LAN switches. We can then use a router to route traffic between different networks based on Layer 3 IP addresses. Router security is a critical element in any security deployment. Routers are definite targets for network attackers. If an attacker can compromise and access a router, it can be a potential aid to them. Knowing the roles that routers fulfill in the network helps us understand their vulnerabilities. Routers fulfill the following roles: Advertise networks and filter who can use them. Provide access to network segments and subnetworks.

6.4 ACL
An ACL is a router configuration script that controls whether a router permits or denies packets to pass based on criteria found in the packet header. ACLs are among the most commonly used objects in Cisco IOS software. ACLs are also used for selecting types of traffic to be analyzed, forwarded, or processed in other ways. As each packet comes through an interface with an associated ACL, the ACL is checked from top to bottom, one line at a time, looking for a pattern matching the incoming packet. The ACL enforces one or more corporate security policies by applying a permit or deny rule to determine the fate of the packet. ACLs can be configured to control access to a network or subnet. By default, a router does not have any ACLs configured and therefore does not filter traffic. Traffic that enters the router is routed according to the routing table. If we do not

54

use ACLs on the router, all packets that can be routed through the router pass through the router to the next network segment. Here are some guidelines for using ACLs: Use ACLs in firewall routers positioned between our internal network and an external network such as the Internet. Use ACLs on a router positioned between two parts of our network to control traffic entering or exiting a specific part of our internal network. Configure ACLs on border routers-routers situated at the edges of our networks. This provides a very basic buffer from the outside network, or between a less controlled area of our own network and a more sensitive area of your network. Configure ACLs for each network protocol configured on the border router interfaces. We can configure ACLs on an interface to filter inbound traffic, outbound traffic, or both.

6.4.1 The Three Ps

A general rule for applying ACLs on a router can be recalled by remembering the three Ps. We can configure one ACL per protocol, per direction, per interface: One ACL per protocol-To control traffic flow on an interface, an ACL must be defined for each protocol enabled on the interface. One ACL per direction-ACLs control traffic in one direction at a time on an interface. Two separate ACLs must be created to control inbound and outbound traffic. One ACL per interface-ACLs control traffic for an interface, for example, Fast Ethernet 0/0. Writing ACLs can be a challenging and complex task. Every interface can have multiple protocols and directions defined. The router in the example has two interfaces configured 55

for IP: AppleTalk and IPX. This router could possibly require 12 separate ACLs-one ACL for each protocol, times two for each direction, times two for the number of ports.

6.4.2 How ACLs Work

ACLs define the set of rules that give added control for packets that enter inbound interfaces, packets that relay through the router, and packets that exit outbound interfaces of the router. ACLs do not act on packets that originate from the router itself. ACLs are configured either to apply to inbound traffic or to apply to outbound traffic. Inbound ACLs-Incoming packets are processed before they are routed to the outbound interface. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet is discarded. If the packet is permitted by the tests, it is then processed for routing. Outbound ACLs-Incoming packets are routed to the outbound interface, and then they are processed through the outbound ACL. ACL statements operate in sequential order. They evaluate packets against the ACL, from the top down, one statement at a time. A final implied statement covers all packets for which conditions did not test true. This final test condition matches all other packets and results in a "deny" instruction. Instead of proceeding into or out of an interface, the router drops all of these remaining packets. This final statement is often referred to as the "implicit deny any statement" or the "deny all traffic" statement. Because of this statement, an ACL should have at least one permit statement in it; otherwise, the ACL blocks all traffic. We can apply an ACL to multiple interfaces. However, there can be only one ACL per protocol, per direction, and per interface.

56

If the outbound interface is not grouped to an outbound ACL, the packet is sent directly to the outbound interface. If the outbound interface is grouped to an outbound ACL, the packet is not sent out on the outbound interface until it is tested by the combination of ACL statements that are associated with that interface. Based on the ACL tests, the packet is permitted or denied.

For outbound lists, "to permit" means to send the packet to the output buffer, and "to deny" means to discard the packet.

6.4.2.1 ACL Routing and ACL Processes on a Router

If the frame address is accepted, the frame information is stripped off and the router checks for an ACL on the inbound interface. If an ACL exists, the packet is now tested against the statements in the list. If the packet matches a statement, the packet is either accepted or rejected. If the packet is accepted in the interface, it is then checked against routing table entries to determine the destination interface and switched to that interface. Next, the router checks whether the destination interface has an ACL. If an ACL exists, the packet is tested against the statements in the list. If the packet matches a statement, it is either accepted or rejected. If there is no ACL or the packet is accepted, the packet is encapsulated in the new Layer 2 protocol and forwarded out the interface to the next device. The Implied "Deny All Traffic" Criteria Statement At the end of every access list is an implied "deny all traffic" criteria statement. It is also sometimes referred to as the "implicit deny any" statement. Therefore, if a packet does

57

not match any of the ACL entries, it is automatically blocked. The implied "deny all traffic" is the default behavior of ACLs and cannot be changed.

6.4.2.2 There are two types of Cisco ACLs, standard and extended. 6.4.2.2.1 Standard ACLs Standard ACLs allow us to permit or deny traffic from source IP addresses. The destination of the packet and the ports involved do not matter. The example allows all traffic from network 192.168.30.0/24 network. Because of the implied "deny any" at the end, all other traffic is blocked with this ACL. Standard ACLs are created in global configuration mode. 6.4.2.2.2 Extended ACLs Extended ACLs filter IP packets based on several attributes, for example, protocol type, source and IP address, destination IP address, source TCP or UDP ports, destination TCP or UDP ports, and optional protocol type information for finer granularity of control. For example, ACL 103 permits traffic originating from any address on the 192.168.30.0/24 network to any destination host port 80 (HTTP). Extended ACLs are created in global configuration mode. A standard ACL is a sequential collection of permit and deny conditions that apply to IP addresses. The destination of the packet and the ports involved are not covered. Cisco IOS software tests addresses against the conditions one by one. The first match determines whether the software accepts or rejects the address. Because the software stops testing conditions after the first match, the order of the conditions is critical. If no conditions match, the address is rejected.The two main tasks involved in using ACLs are as follows:

58

Step 1. Create an access list by specifying an access list number or name and access conditions. Step 2. Apply the ACL to interfaces or terminal lines. Using numbered ACLs is an effective method for determining the ACL type on smaller networks with more homogeneously defined traffic. However, a number does not inform us the purpose of the ACL. For this reason, starting with Cisco IOS Release 11.2, we can use a name to identify a Cisco ACL. Regarding numbered ACLs, in case we are wondering why numbers 200 to 1299 are skipped, it is because those numbers are used by other protocols. This course focuses only on IP ACLs. For example, numbers 600 to 699 are used by AppleTalk, and numbers 800 to 899 are used by IPX. The proper placement of an ACL to filter undesirable traffic makes the network operate more efficiently. ACLs can act as firewalls to filter packets and eliminate unwanted traffic. Where we place ACLs can reduce unnecessary traffic. For example, traffic that will be denied at a remote destination should not use network resources along the route to that destination. Every ACL should be placed where it has the greatest impact on efficiency. The basic rules are: Locate extended ACLs as close as possible to the source of the traffic denied. This way, undesirable traffic is filtered without crossing the network infrastructure. Because standard ACLs do not specify destination addresses, place them as close to the destination as possible. FIG 6.1 DFD SHOWING HOW ACL WORKS

59

Standard ACL Logic

Chapter -7 CONCLUSION

The network designed using simulators fully meets the objectives of the system. The system has reached a steady state where all the bugs have been eliminated. The system is

60

operating at the high level of efficiency and all the packets are reaching to its correct destination. The network traffic is also maintained through analyzers. The project developed is within the state of art and the defects can easily be reduced to a level matching the applications needs. Network designing has been designed by keeping user friendliness in top priority i.e. the system is very easy to operate and work with the system solves the problem it was intended to solve as the requirement specification phase. Thus, in the end we would like to conclude that a network design has become a need for every organization and sooner or later everyone will be compelled to apply it due to its numerous advantages.

Key Learning
In the present days market of jobs, the established competitive state of affairs makes it tricky for every individual to acquire a job easily. In such situations, it turns out to be crucial to be well educated and have professional qualifications for making a successful career. Therefore, if you are arranging for a career in networking, which is considered as the one of the most sought after fields all over the world, it is important for you to clear the certification of CCNA. To acquire the certification of CCNA, it is suggested that you register for CISCO CCNA training, which is offered by several institutions around the UK. After this, you might be needed to prepare for and clear the examinations of CCNA for being CCNA certified. Cisco Certified Network Associate (CCNA) is the basic level of the certification of CISCO. By registering for the examination of CCNA, you will learn regarding the networking basics like installation, design, troubleshooting, configuration, management and maintenance of IP and non-IP networks. Furthermore, as the course of CCNA is the basis of three level of Cisco certified network associate, there are no requirements for taking the CCNA examinations. The level of CCNA is appropriate for assisting field technicians and desk engineer

61

Advantages : 1. Understand the basic fuctioning of CISCO router, switch, hub. 2. Have the Professional approach towards networking. 3. Potential to configure any network. 4. Industry-Oriented

REFERENCES

www.sybex.com, http://compnetworking.about.com

62

www.cisco.com http://www.networktutorials.info www.networktutorials.info

BOOKS REFERRED Cisco Certified Network Associate By: - Todd Lammle

Study Guide

Interconnecting Cisco Network Devices By:-ICND Pub.

Data Communications and Networking, Tata McGraw Hill By: - Behrouz A Forouzan.

Internetworking With TCP/IP: Principles, Protocols, And Architecture By Douglas E. Comer

Data and Network Communications, Thomson Learning. BY: - M.A. Miller

63