CHAPTER-1 ORGANIZATION PROFILE

1.1 Introduction
Centre for Electronic Governance is an Autonomous body of the Government of Rajasthan under the Department of Technical Education. Foundation stone of CEG was laid down on 8th December 2006 at Khaitan Polytechnic College, Jaipur. The Rajasthan is the second state that is running this program after the highly acclaimed and successful program “Jawahar Knowledge Centre” in Andhra Pradesh. The CEG has been established with a sole aim to provide a conducive environment for creating industry employable IT professionals by the way of arranging seminars lecturers, vocational trainings and industry relevant software trainings. At the same time it provides a readymade platform for interaction between the industry and the trained workforce. Rajasthan is considered to be one of the most peaceful and law abiding state with high growth rate. The state is developing in all fields in general and technical higher education in particular. In last decade itself more than 50 higher technical education institutes in the field of engineering have started operating.

1.2 Features

To promote interaction between the Government, Technical Institutes and the Industries. To provide conducive environment for learning by doing in colleges. To promote the dissemination of knowledge fostering the innovative thoughts of the Students. To empower students living in the rural areas so as to bridge the urban - Rural gap. 1

• •

• • • • •

To organize seminars and lectures of eminent professionals and scientists. To produce readily employable graduates by imparting industry grade skills. To produce industry ready IT professionals. To help in updating the Curriculum as per the needs of the Industries. To perform such other functions and to carry out such other duties as the society may deem proper or as may be assigned to it by the State Government from time to time.

1.3 Aims and Objectives
• • • • •

Campus Placement Mission (CPM) Campus Placement Related Skills (CPRS) Graduate Placement Mission (GPM) Training for Students Training for Faculty

1.4 Collaborating Partners of CEG
• • • • • • • • •

CISCO Career Net Consulting V Combined CAD Technology Sun Microsystems India Pvt Ltd NIIT GENPACT BPO, Jaipur QAInfoTech Delhi Oracle India Pvt. Ltd Red hat India Pvt. Ltd

1.5 Future Plans
  Enhance more training for economical week section SC/ST/ OBC Signing more MOU with industries / organization.

2

         

Enhance placement activity. Academic support to various and other Institutions. Establish more number of KDC. Faculty training program on cutting edge technologies. The number of KDC after five years will be increased from 17 to 30. The number of students placed in Companies will be 100%. The intake capacity at each KDCs will be increased from 50 to 100. To establish Various Industry Certification Examination Testing Centre. The Mentors at the KDCs will be trained in new technologies in Industries. The training of the students can be arranged in various companies and industries, apart from CEG. Large number of e-governance projects can be carried out at CEG and KDC as well.

1.6 ORGANIZATION STRUCTURE
Marching with a vision to excel, CEG, Jaipur took an initiative and has a MoU with Cisco Systems Inc., USA. CEG , since its inception has been catering to the needs of the Industry by and large, in continuation to the MoU, took a step ahead to start a Regional Academy to promote the Networking related Training Programmes at the CEG centre. The main objective of this MoU is to groom Networking Professionals in tune with the Industry and Academic perspectives. Cisco Systems Inc. USA is a worldwide leader in networking for the Internet and is committed to working with educational institutions around the globe to ensure that today’s students master the necessary skills for success in the Internet driven global context. Launched in October 1997 with 64 educational institutions in seven states, the Networking Academy has spread to more than 150 countries. Since its inception, over 1.6 Million students have enrolled at more than 10,000 Academies located in high schools,

3

and the International Telecommunication Union. colleges. government and community organizations form an ecosystem to deliver the range of services and support needed to grow tomorrow's global workforce. the Academy curriculum has expanded with ecosystem-partner sponsored courses. The Academy infrastructure is designed to deliver a rich. gender. the CATC Instructors train Regional Academy Instructors and the Regional Academy Instructors train the Local Academy Instructors who then educate students. Through community feedback and electronic assessment. anywhere learning for all students. and community-based organizations. Optional courses include: IT Essentials: PC Hardware and Software and IT Essentials: Network Operating Systems. Educational institutions may play a role at one or more of these training levels. Cisco's partners from business. The Internet has the power to change the way 4 .technical schools. socio-economic status. Interested educational institutions are given the designation of Networking Academy at the level of training that they will be providing in the program. or race. Initially created to prepare students for the Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP) degrees. With the United Nations Development Program. Utilizing this three-tier training model helps to provide instructors the training they need in close proximity to where they are located. universities. and personalized curriculum to students around the world. There are currently three possible tiers of training. Industry experts at Cisco Systems train the Instructor Trainers at the Cisco Academy Training Centers (CATCs). regardless of location. Cisco has made the Academy program available to students in Least Developed Countries to help them build their country's economies. interactive. The Networking Academy program continually raises the bar on e-learning and educational processes. The Internet enables anytime. the United States Agency for International Development. and Panduit Network Infrastructure Essentials sponsored by Panduit Corporation. the Academy program adapts curriculum to improve outcomes and student achievement.

opportunities. and the Cisco Networking Academy Program is in the forefront of this transformation. work. and play. Through the following curricula. REGIONAL ACADEMY at CEG is a strong initiative by Government of Rajasthan and Cisco Networking Academy to bring wide awareness and training of valuable Networking Technology skills. * * IT Essentials: PC Hardware and Software ( Hindi/English) CCNP and CCNA Security 5 . the above efforts will be met: * Cisco Certified Network Associate (CCNA) Discovery – Foundational networking knowledge and practical experience.people learn. * Cisco Certified Network Associate (CCNA) Exploration – Comprehensive overview of networking from fundamentals to advanced applications and services. cutting edge and upcoming trends in the Networking Domain.

such as loss of privacy. theft of information. the types of potential threats to network security are always evolving. The student block is presently not connected to the network.2 EXISTING SYSTEM The current system has many deficiencies and is inefficient. The library is also facing the same problem. and even legal liability. more transparent. 2. finding the balance between being isolated and open is critical. As e-business and Internet applications continue to grow. and more flexible. If the security of the network is compromised. there could be serious consequences. In addition.1 INTRODUTION Computer networks have grown in both size and importance in a very short time.CHAPTER-2 PROJECT DESCRIPTION 2. Thus they are not getting facilities of the internet. The database of the 6 . Good monitoring mechanisms are the basis of successful development programs and schemes. the rise of mobile commerce and wireless networks demands that security solution become seamlessly integrated. It does not provide facilities for proper monitoring. To make the situation even more challenging.

library should be maintained so that student gets the appropriate information about books. Conceiving of network security solutions begins with an appreciation of the complete scope of computer crime.3 PROBLEM DEFINITION Deficiencies with current System • • • • • • • • • • • • • • • Insider abuse of network access Virus Mobile device theft Phishing where an organization is fraudulently represented as the sender Instant messaging misuse Denial of service Unauthorized access to information Bots within the organization Theft of employee data Abuse of wireless network System penetration Financial fraud Password sniffing Key logging Website defacement As security measures have improved over the years. 2. 7 . while new ones have emerged. Classroom computers should also have e books to help students. some of the most common types of attacks have diminished in frequency.

Adding WAN access introduces other considerations. There are a variety of WAN technologies to meet the different needs of businesses and many ways to scale the network." A security policy can be as simple as a brief Acceptable Use Policy for network resources. 2. such as network security and address management.When an enterprise grows to include branch offices. or it can be several hundred pages long and detail every element of connectivity and associated policies. a single LAN network is no longer sufficient to meet its business requirements. A security policy meets these goals: • • • Informs users. RFC2196 states that a "security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.4 PROPOSED SYSTEM 2.1 AIM:-Developing a Security Policy The first step any organization should take to protect its data and itself from a liability challenge is to develop a security policy. designing a WAN and choosing the correct carrier network services is not a simple matter. configure.4. and audit computer systems and networks for compliance with the policy 8 . A policy is a set of principles that guide decision-making processes and enable leaders in an organization to distribute authority confidently. Wide area network (WAN) access has become essential for larger businesses today. staff. or global operations. and managers of their obligatory requirements for protecting technology and information assets Specifies the mechanisms through which these requirements can be met Provides a baseline from which to acquire. Consequently. e-commerce services.

2 Common Security Appliances and Applications Security is a top consideration whenever planning a network. The document consists of 12 sections: • • • • • • • • • • • • Risk assessment Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition. A firewall by itself is no longer adequate for securing a network. For this reason. This document refers specifically to information technology and outlines a code of practice for information security management. the one device that would come to mind for network security was the firewall. development. ISO/IEC 27002 is intended to be a common basis and practical guideline for developing organizational security standards and effective security management practices. and maintenance Information security incident management Business continuity management Compliance 2. and VPN is necessary. In the past. intrusion prevention. 9 . the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002. An integrated approach involving firewall.4.Assembling a security policy can be daunting if it is undertaken without guidance.

2. SSL VPN. the PIX firewall was the one device that a secure network would deploy.2.Regulates network access. The devices that allow an organization to deploy VPN are Cisco ISR routers with Cisco IOS VPN solution.An integrated approach to security. Cisco IOS software provides built-in Cisco IOS Firewall. Devices that provide threat control solutions are: Cisco ASA 5500 Series Adaptive Security Appliances Integrated Services Routers (ISR) Network Admission Control Cisco Security Agent for Desktops Cisco Intrusion Prevention Systems 2.4 Cisco IOS Software on Cisco Integrated Services Routers (ISRs) Cisco provides many of the required security measures for customers within the Cisco IOS software.5 Cisco ASA 5500 Series Adaptive Security Appliance At one time. and the necessary devices to make it happen.3 Network admission control (NAC)-Provides a roles-based method of preventing unauthorized access to a network. Cisco offers a NAC appliance. and IPS services.2.4. 2.2. 2. 2.4. such as worms and viruses. prevents intrusions. IPsec.4. 10 . The PIX has evolved into a platform that integrates many different security features. follows these building blocks: 2.2 Secure communications-Secures network endpoints with VPN.4.4. and the Cisco 5500 ASA and Cisco Catalyst 6500 switches. and protects assets by counteracting malicious traffic.2. isolates infected systems.1 Threat control.

called the Cisco Adaptive Security Appliance (ASA). and day. 2.2. The Cisco ASA integrates firewall.2. A security policy includes the following: 11 . the Security Wheel. To begin the Security Wheel process. has proven to be an effective approach. voice security.4. and point-of-service (POS) computing systems. an inline intrusion prevention system is provided by the Cisco IPS 4200 series sensors. spyware. and content security services in one device. This sensor identifies.6 Cisco IPS 4200 Series Sensors For larger networks.zero attacks To assist with the compliance of a security policy.4.4. The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis. SSL and IPsec VPN. desktop. and stops malicious traffic on the network. a continuous process.7 Cisco NAC Appliance The Cisco NAC appliance uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. classifies. IPS.8 Cisco Security Agent (CSA) Cisco Security Agent software provides threat protection capabilities for server. rootkits. 2.2. first develop a security policy that enables the application of security measures. 2. CSA defends these systems against targeted attacks.

This is called a risk analysis. 2. Identifies the network infrastructure with current maps and inventories. Documents the resources to be protected.5 OBJECTIVE The security policy is the hub upon which the four steps of the Security Wheel are based. The steps are secure.• • • • Identifies the security objectives of the organization. the harder it is for attackers to gain access. Identifies the critical resources that need to be protected. Step 1: Secure Secure the network by applying the security policy and implementing the following security solutions: • • • • • Threat defense Stateful inspection and packet filtering-Filter network traffic to allow only valid traffic and services. and human resources. Disable unnecessary services-The fewer services that are enabled. test. finance. Intrusion prevention systems-Deploy at the network and host level to actively stop malicious traffic. monitor. Vulnerability patching-Apply fixes or measures to stop the exploitation of known vulnerabilities. Step 2: Monitor 12 . and improve. such as research and development.

This method requires less attention from network security administrators than active methods. Passive methods include using IDS devices to automatically detect intrusion. An added benefit of network monitoring is the verification that the security measures implemented in step 1 of the Security Wheel have been configured and are working properly. The most commonly used active method is to audit host-level log files. the functionality of the security solutions implemented in step 1 and the system auditing and intrusion detection methods implemented in step 2 are verified. or Nmap are useful for periodically testing the network security measures at the network and host level. These systems can detect security violations in real time and can be configured to automatically respond before an intruder does any damage. This analysis contributes to developing and implementing improvement mechanisms that augment the security policy and results in adding items to step 1.Monitoring security involves both active and passive methods of detecting security violations. System administrators must enable the audit system for every host on the network and take the time to check and interpret the log file entries. Specifically. Vulnerability assessment tools such as SATAN. To keep a network as secure as possible. the cycle of the Security Wheel must be continually repeated. Step 4: Improve The improvement phase of the Security Wheel involves analyzing the data collected during the monitoring and testing phases. Nessus. Step 3: Test In the testing phase of the Security Wheel. Most operating systems include auditing functionality. because new network vulnerabilities and risks are emerging every day. the security measures are proactively tested. 13 .

The security policy should be adjusted as new security vulnerabilities and risks are discovered. port-capacity requirements and other features. we need to first find out what type of service is available? It won’t do us any good to design a large Frame Relay network only to discover that Frame Relay is only supported in half the locations we need.1 SELECTING HARDWARE PRODUCTS We can use the Cisco three-layer model to determine what type of product to buy for our internetwork. After our research and find out about the different options available through our service provider. We can then match Cisco products to your academic requirements. we can choose the Cisco product that fits your requirements. IDSs can be used to implement improvements to the security. and then consider issues like ease of installation. If we have remote offices or other WAN needs. start by gathering information about where devices need to operate in the internetworking hierarchy. 14 . CHAPTER-3 SYSTEM REQUIREMENTS & SPECIFICATIONS 3. To select the correct Cisco products for our network.With the information collected from the monitoring and testing phases. By understanding the services required at each layer and what functions the internetworking devices perform.

A) Hubs Before we buy any hub.and 100Mbps auto-ensingports. We need to consider our usage before buying and implementing a technology. xDSL is the new front-runner to take over as the fastest. if our users at a remote branch are connected to the office more than three to four hours a day. Cisco 1500 Micro Hub Cisco 1528 Micro Hub 10/100 Cisco FastHub100 Cisco FastHub200 Cisco FastHub300 Cisco FastHub400 Any of these hubs can be stacked together to give us more port density.while the middle-of-the-road one offers both 10. we should consider just buying a switch. and ISDN.544Mbps. then we might get away with ISDN or dial-up connectivity. we need to know which users can use a shared 10Mbps or shared 100Mbps network. different hub products Cisco offers. If they connect infrequently. These are the selection issues we need to know:  Business requirements for 10. typically: dial-up asynchronous connections.or 100Mbps  Port density  Management  Ease of operation 15 . cheapest WAN technology. which are the most popular WAN technologies.We have a few options. then we need either Frame Relay or a leased line. The lower-end model of hubs Cisco offers supports only 10Mbps. If we are going to spend enough to buy a high-end hub. most reliable. Frame Relay. The higher-end hubs offer network-management port and console connections. For example. However. leased lines up to 1.

B) Routers A key criterion when selecting router products is knowing what feature sets us need to meet our requirements. and DECnet? The other features we need to think about when considering different product-selection criteria are port density and interface speeds. Frame Relay. As we get Fig 2.1 BOOTING OF ROUTER 16 . and VPN support? How about IPX. AppleTalk. For example. do we need IP.

They are difficult to configure and maintain. The Cisco 800 series router has mostly replaced the Cisco 700 series because the 700 series does not run the Cisco IOS. In fact.000 for a loaded system. A stripped-down 12000 series switch with no cards or power supplies starts at about $12. Cisco 700/800 series Cisco 1600/1700 series Cisco 2500 series Cisco 2600 series Cisco 3600 series Cisco 4000 series Cisco 7000 series Cisco 12000 GSR series AS 5000 series We can tell how much a product is going to cost by looking at the model number. The main selections involved in choosing Cisco routers are listed below:  Scale of routing features needed  Port density and variety requirements  Capacity and performance  Common user interface Table 2.000. I hope Cisco will soon stop selling the 700 series routers altogether. we see more ports and faster speeds. The price can end up at well over $100.1 17 . For example.into the higher-end models. the new 12000 series model is Cisco’s first gigabit switch and has enormous capability and functionality.

can be optimized for less forwarding 1 Hub Bridge Switch Router 1 per router interface 1 per router interface No No C) Switches It seems like switch prices are dropping almost daily. 18 . Bridge. My point is that with switch prices becoming reasonable. FragmentFree No Layer 3 Store-andforward Yes 1 1 N/A Segment 1 1 per bridge port Yes Yes 1 per switch port Yes Yes.Comparison between Hub. cut-through. Now we can buy a complete Catalyst 5000 with a 10/100 card and supervisor module for about $7500 or so.000.It is now easier to install switches in our network. ATM (asynchronous transfer mode) is also a consideration. We must consider whether we need 10/100 or 1000Mbps for each desktop or to connect between switches. About four years ago a 12-port 10/100 switch card for the Catalyst 5000 series switch was about $15. however. Switch & Router Feature Number of broadcast domains Number of collision domains Forwards LAN broadcasts? Forwards LAN multicasts OSI layer used when making forwarding decision Internal processing variants Frame/packet fragmentation allowed? Multiple concurrent equal-cost paths to same destination allowed? N/A No No Yes N/A N/A N/A Layer 2 Storeandforward No Layer 2 Store-and-forward.

The lower-end models start at 12 ports. and the higher-end models can provide hundreds of switched ports per switch. Ethernet is a media access method that is specified at the Data Link layer and uses specific Physical layer cabling and signaling techniques. we need to understand the LAN Physical layer implementation of Ethernet.100 or even 1000Mbps _ Need for trunking and interswitch links _ Workgroup segmentation (VLANs) _ Port density needs _ Different user interfaces 3. who needs ATM? The next criteria to consider are port density.with Gigabit Ethernet out and 10Gbps links just around the corner. It is important to be able to differentiate between the types of connectors that can be used to connect an Ethernet 19 . 3.3 Assembling and Cabling Devices To understand the types of cabling used to assemble and cable Cisco devices.2 Different switches available Cisco 1548 Micro Switch 10/100 Catalyst 1900/2820 series Catalyst 2900 series XL Catalyst 2900 series Catalyst 3000 series Catalyst 8500 series Catalyst 5000 series The selection issues you need to know when choosing a Cisco switch are listed below: _ Business requirements for 10.

Also.3u (FastEthernet) and 802.1 Cabling the Ethernet Local Area Network Ethernet was first implemented by a group called DIX (Digital.network together. which the IEEE used to create the IEEE 802.3 committee to two new committees known as 802. They created and implemented the first Ethernet LAN specification. It would certainly be great to run Gigabit Ethernet to each desktop and 10Gbps between switches. By mixing and matching the different types of Ethernet media methods today.3. The following bullet points provide a general understanding of where we can use the different Ethernet media in your hierarchical network: • Use 10Mbps switches at the access layer to provide good performance at a low price. and fiber physical media. 20 . No servers should be at 10Mbps if possible. These are both specified on twisted-pair and fiber physical media. we can create a cost-effective network that works great.3 committee. • • Use Fast Ethernet between access layer and distribution layer switches. When designing our LAN. we should be implementing the fastest media we can afford between the core switches. Intel. and Xerox). Use Fast Ethernet (or Gigabit if applicable) between distribution layer switches and the core. twistedpair. Dual links between distribution and core switches are recommended for redundancy and load balancing.10Mbps links would create a bottleneck. I’ll discuss the different unshielded twisted-pair cabling used today in an Ethernet LAN. This was a 10Mbps network that ran on coax. 3.3q (Gigabit Ethernet). 100Mbps links can be used for high-bandwidth– consuming clients or servers. The IEEE extended the 802. it is important to understand the different types of Ethernet media available.

5 and 50-micron core. Up to 2500 meters with repeaters and 1024 users for all segments. Uses an ST or SC connector. • 10BaseT EIA/TIA category 3. up to 100 meters long. One user per segment. 6. called thinnet. • • • 1000BaseCX Copper shielded twisted-pair that can only run up to 25 meters. The EIA/TIA (Electronic Industries Association and the newer Telecommunications Industry Association) is the standards body that creates the Physical layer specifications for Ethernet. Up to 185 meters and 30 hosts per segment. Uses a physical and logical bus with AUI connectors. The EIA/TIA specifies that Ethernet use a registered jack (RJ) connector with a 4 5 wiring sequence on unshielded twisted-pair (UTP) cabling (RJ-45). Uses a physical and logical bus with AUI connectors.2 Ethernet Media and Connector Requirements It’s important to understand the difference between the media access speeds Ethernet provides. Uses an RJ-45 connector with a physical star topology and a logical bus.5/125-micron multimode fiber. One user per segment. uses a 780-nanometer laser and can go up to 260 meters. or 5. 4. Up to 500 meters and 208 users per segment. • 100BaseFX Uses fiber cabling 62. it’s also important to understand the connector requirements for each implementation before making any decision. using two-pair unshielded twisted-pair (UTP) wiring. The following bullet points outline the different Ethernet media requirements: • • 10Base2 50-ohm coax.3. 21 . • 100BaseTX EIA/TIA category 5. However. which are duplex media-interface connectors. Point-to-point topology up to 400 meters long. Uses an RJ-45 MII connector with a physical star topology and a logical bus. 10Base5 50-ohm coax called thicknet. 1000BaseSX MMF using 62. or 7 UTP two-pair wiring. 1000BaseT Category 5. four-pair UTP wiring up to 100 meters long. up to 100 meters long.3.

the wires on both cable ends are in the same order. the farther the digital signal can Supposedly travel without interference.3 UTP Connections (RJ-45) The RJ-45 connector is clear so we can see the eight colored wires that connect to the connector’s pins.4 Straight-Through In a UTP implementation of a straight-through cable. 3. since it was incompatible with Ethernet signaling techniques (it used a polling media access method). The more twists per inch. We can determine that the wiring is a straight-through cable by holding both ends of the UTP cable side by side and seeing that the order of the wires on both ends is identical. categories 5 and 6 have many more twists per inch than category 3 UTP does. These wires are twisted into four pairs. The RJ-45 connector is crimped onto the end of the wire. 1300-nanometer laser and can go from 3 km up to 10 km. The UTP cable has twisted wires inside that eliminate cross talk.• • 1000BaseLX Single-mode fiber that uses a 9-micron core. Unshielded cable can be used since digital signal protection comes from the twists in the wire. For example. 22 . 100VG-AnyLAN is a twisted-pair technology that was the first 100Mbps LAN. and the pin locations of the connector are numbered from the left. Different types of wiring are used when building internetworks. 3.3. We will need to use either a straight-through or crossover cable. However.3. it was not typically used and is essentially dead. The other four wires are grounded and are called ring. 8 to 1. Four wires (two pairs) carry the voltage and are considered tip.

look at the port and see if it is marked with an “X. Pin 1 on one side connects to pin 3 on the other side.6 Cabling the Wide Area Network To connect our wide area network (WAN).5 Crossover In the implementation of a crossover.” Use a crossover when both ports are designated with an “X” or when neither port has an “X.3. and pin 2 connects to pin 6 on the opposite end.We can use a straight-through cable for the following tasks:  Connecting a router to a hub or switch  Connecting a server to a hub or switch  Connecting workstations to a hub or switch 3. 23 . for both tip and ring.” 3. Transmit to Receive and Receive to Transmit on each side. Cisco serial connections support almost any type of WAN service.” Use a straight-through cable when only one port is designated with an “X. We can use a crossover cable for the following tasks:  Connecting uplinks between switches  Connecting hubs to switches  Connecting a hub to another hub  Connecting a router interface to another router interface  Connecting two PCs together without a hub or switch When trying to determine the type of cable needed for a port. we need to understand the WAN Physical layer implementation provided by Cisco as well as the different WAN serial connectors. the wires on each end of the cable are crossed. The typical WAN connections are dedicated leased lines using High-Level Data Link Control (HDLC).3.

Typically.they’ll always tell us it tests 24 .3.544Mbps (T1). The CSU/DSU then plugs into a demarcation location (demarc) and is the service provider’s last responsibility. and EIA-530. The type of connector we have on the other end of the cable depends on our service provider or end-device requirements. but ISDN has different pinouts and specifications at the Physical layer. PPP. for example.Point-to-Point Protocol (PPP). The different ends available are EIA/TIA-232. All WANs use serial transmission. over a single channel. the demarc is a jack that has an RJ-45 female connector located close to our equipment.21 (used in X. Data Terminal Equipment (DTE) and connect into Data Communication Equipment (DCE). Cisco routers use a proprietary 60-pin serial connector. Integrated Services Digital Network (ISDN).25). Typical speeds are anywhere from 2400bps to 1.35 (used to connect to a CSU/DSU). EIA/TIA-449. V. Parallel transmission can pass at least 8 bits at a time. which is one bit at a time. and Frame Relay. which we must buy from Cisco or a provider of Cisco equipment. If we report a problem to our service provider.3.7 Serial Transmission WAN serial connectors use serial transmission. The amount of data that can be carried within these frequencies is called bandwidth. Serial links are described in frequency or cycles-per-second (hertz). by default. 3. HDLC. and Frame Relay can use the same Physical layer specifications. Bandwidth is the amount of data in bits-per-second that the serial channel can carry.8 Data Terminal Equipment and Data Communication Equipment Router interfaces are. X. 3. a Channel Service Unit/Data Service Unit (CSU/DSU).

The difference between the two is that the U interface is already a two-wire ISDN convention that can plug right into the ISDN local loop. ISDN BRI routers come with either a U interface or what is known as an S/T interface. 2600. 1700. through the provider’s wiring and switches. and higher routers have modular interfaces that allow us to buy what we need now and add almost any type of interface we may need later. 3.4 Integrated Services Digital Network (ISDN) Connections Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) is two B (Bearer) channels of 64k each and one D (Data) channel of 16k for signaling and clocking.9 Fixed and Modular Interfaces The fixed routers. such as the 2500 series. 3. The U interface has a built-in NT 1 device.fine up to the demarc and that the problem must be the CPE. FastEthernet. but the 2600 and up provide many serials. Most Cisco router BRI interfaces are marked with a U or an S/T. 3600. have set interfaces that can’t be changed. The idea behind a WAN is to be able to connect two DTE networks together through a DCE network. all the way to the CSU/DSU at the other end. The 2501 router has two serial connections and one 10BaseT AUI interface However.3. 25 . the 1600. then we need to buy a router that has an S/T interface. The DCE network includes the CSU/DSU. The S/T interface is a four-wire interface and needs a Network Termination type 1 (NT 1) to convert from a four-wire to the two-wire ISDN specification. The network’s DCE device provides clocking to the DTE connected interface (the router’s serial interface). or Customer Premise Equipment. and even voice-module availability. which is our responsibility. The 1600 and 1700 are limited and have both fixed and modular ports. If our service provider uses an NT 1 device.

which allow us to connect to a device and configure.S.048) in Europe.1Console Connections All Cisco devices are shipped with console cables and connectors.Primary Rate Interface (PRI) provides T1 speeds (1. category 5. 26 . verify. The cable used to connect between a PC is a rollover cable with RJ-45 connectors. and monitor it. flip it over. and reattach a new connector. cut the end off.544Mbps) in the U. 3. It is important to avoid plugging a console cable or other LAN cable into a BRI interface on a router.4. because it will probably ruin the interface. and E1 speeds (2. straight-through cable. The ISDN BRI interface uses an RJ-45. The pinouts for a rollover cable are as follows: 1–8 2–7 3–6 4–5 5–4 6–3 7–2 8–1 We can see that we just take a straight-through RJ-45 cable.

and IP Telephony. Devices interconnected by medium to provide services must be governed by rules. On some routers. addressing and routing mechanisms that ensure our 27 . Protocols are the rules that the networked devices use to communicate with each other. e-mail. The industry standard in networking today is a set of protocols called TCP/IP (Transmission Control Protocol/Internet Protocol). CHAPTER -4 SYSTEM DESIGNING 4. Most routers also have an aux port. not an auto-sense mode. and no flow control. It is TCP/IP protocols that specify the formatting. TCP/IP is used in home and business networks. Most Cisco devices now support RJ-45 console connections. which is an auxiliary port used to connect a modem. as well as being the primary protocol of the Internet. no parity. This will give us console access to a remote router that might be down and that we cannot telnet into. 8 data bits. or it won’t work. we can then dial this modem and connect the router to the aux port. instant messaging. or protocols. Some of these services include the World Wide Web.1 ELEMENTS OF THE NETWORK Human beings often seek to send and receive a variety of message using computer applications. the Catalyst 5000 series switch still uses a DB25 connector. 1 stop bit. we need to verify that the terminal emulation program is emulating a VT100 dumb-terminal mode. these applications require services be provided by the network.Typically. Set up the terminal emulation program to run 9600bps. we will use the DB9 connector to attach to our PC and use a com port to communicate via HyperTerminal. However.

1 The Messages In the first step of its journey from the computer to its destination. All types of messages must be converted to bits. Wireless networks allow the use of networked devices anywhere in an office or home. video. Local networks can be installed in homes or businesses. our instant message gets converted into a format that can be transmitted on the network. Outside the office or home. even outdoors.1. and passes information from one network to another. it is ready to be sent onto the network for delivery. One of the critical components in any size network is the router. Routers in a network work to ensure that the message gets to its destination in the most efficient and quickest manner. Once our instant message is converted to bits. where they enable computers and other devices to share information with each other and to use a common connection to the Internet.1. or computer data. the computer must be connected to a wired or wireless local network. 4. airwaves and satellite stations that might exist between the source and destination devices. 4. A router joins two or more networks. like a home network and the Internet. No matter what the original message format was: text.1. binary coded digital signals. before being sent to their destinations.2 The Devices There are numerous components that make it possible for our instant message to be directed across the miles of wires. 4. 28 . The elements of networks are connected by rules to deliver a message. voice.3 The Medium To send instant message to its destination.messages are delivered to the correct recipient. underground cables.

caused the OSI Protocol Suite development and acceptance to lag behind.5 The Rules Important aspects of networks that are neither devices nor media are rules. businesses. Distributed on devices throughout the network. These rules are the standards and protocols that specify how the messages are sent. these services facilitate online communication tools such as e-mail. and IP protocols are all important sets of rules that enable our communication to occur. connect the computers and other devices that make up the networks. For example. The vision was that this set of protocols would be used to develop an international network that would not be dependent on proprietary systems. such as are required to support professional-quality multimedia. The wires. chat rooms. 4. bulletin/discussion boards. TCP. called cables. hotel rooms.1. Unfortunately. 4.4 The Services Network services are computer programs that support the human network.1.wireless networking is available in public hotspots.2 The OSI Model:Initially the OSI model was designed by the International Organization for Standardization (ISO) to provide a framework on which to build a suite of open systems protocols. 4. the speed at which the TCP/IP based Internet was adopted. Ethernet is the most common wired networking technology. the XMPP. in the case of Jabber instant messaging. and how they are interpreted at the destination devices. such as coffee shops. how they are directed through the network. Although few of the protocols developed using the OSI specifications are in 29 . and airports. Wired networks are best for moving large amounts of data at high speeds. and the rate at which it expanded. and instant messaging. or protocols.

At the Network Access Layer. It also describes the interaction of each layer with the layers directly above and below it. Fig 4. The OSI Layers 1 and 2 discuss the necessary procedures to access the media and the physical means to send data over a network. it only describes the handoff from the Internet Layer to the physical network protocols. the TCP/IP protocol suite does not specify which protocols to use when transmitting over a physical medium. The protocols that make up the TCP/IP protocol suite can be described in terms of the OSI reference model. As a reference model. the OSI model provides an extensive list of functions and services that can occur at each layer. In the OSI model.widespread use today. the Network Access layer and the Application layer of the TCP/IP model are further divided to describe discreet functions that need to occur at these layers.1 Troubleshooting Application layer Problems 30 . the seven-layer OSI model has made major contributions to the development of other protocols and products for all types of new networks.

OSI Model Layer 3. error recovery. the Transport layer of the OSI model. At this layer. and sequencing. 31 . the Network layer. These functions include acknowledgement. Layer 4.The key parallels between the two network models occur at the OSI model Layers 3 and 4. The Internet Protocol (IP) is the TCP/IP suite protocol that includes the functionality described at Layer 3. the TCP/IP protocols Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) provide the necessary functionality. almost universally is used to discuss and document the range of processes that occur in all data networks to address and route messages through an internetwork. is often used to describe general services or functions that manage individual conversations between source and destination hosts.

Systems that have interfaces to more than one network require a unique IP address for each network interface.3 Classful IP Addressing When IP was first standardized in September 1981.2 OSI MODEL 4. 32-bit Internet address value. 32 . while the second part identifies the particular host on the given network. The OSI model Layers 5. 6 and 7 are used as references for application software developers and vendors to produce products that need to access networks for communications. The first part of an Internet address identifies the network on which the host resides. Fig 4.The TCP/IP Application layer includes a number of protocols that provide specific functionality to a variety of end user applications. the specification required that each system attached to an IP-based Internet be assigned a unique. This creates the two-level addressing hierarchy.

1 Primary Address Classes To provide the flexibility required to support networks of varying sizes. This is often referred to as classful addressing. if the first two bits of an IP address are 1-0. Similarly. The other three octets are each used to identify each host. any two hosts on different networks must have different network prefixes but may have the same host number. IP addresses with a first octet from 1 to 126 are part of this class. Class A Networks (/8 Prefixes) This class is for very large networks. Each class fixes the boundary between the network prefix and the host number at a different point within the 32-bit address.43 Class B Networks (/16 Prefixes) 33 . Class B. Net 54.In recent years. and Class C. For example. All hosts on a given network share the same network prefix but must have a unique host number.54. the Internet designers decided that the IP address space should be divided into three address classesClass A. 4. the network number field has been referred to as the network prefix because the leading portion of each IP address identifies the network number. the dividing point falls between the 15th and 16th bits. One of the fundamental features of classful IP addressing is that each address contains a self-encoding key that identifies the dividing point between the network prefix and the host number.3. such as a major international company. This simplified the routing system during the early years of the Internet because the original routing protocols did not supply a deciphering key or mask with each route to identify the length of the network prefix. Host or Node 24.

5 percent (or one eighth) of the total IPv4 unicast address space. IP addresses with a first octet from 128 to191 are part of this class. A good example is a large college campus. Class B addresses also include the second octet as part of the Net identifier.912) addresses. A maximum of 2. Other Classes In addition to the three most popular classes.4 Subnetting Basically it is a process of subdividing networks into smaller subnets.152 (221 ) /24 networks can be defined with up to 254 (28-2) hosts per network. Class E addresses have their leading four bits set to 1-1-1-1 and are reserved for experimental use.C resp. it represents 12. followed by an 8-bit host number.Class B is used for medium-sized networks. In case we have 2-3 small networks but we cant buy IP address for each and every network. The other two octets are used to identify each host Class C Networks (/24 Prefixes) Each Class C network address has a 24-bit network prefix.870. Class C networks are now referred to as “/24s” since they have a 24-bit network prefix. So here we use the basic concept of SUBNETTING i.097. For this we take some bits of host address and use them for network address so we have different independent networks Address Format when Subnetting Is Used (class A.B. Since the entire /24 address block contains 229 (536. 4. there are two additional classes.): 8 Network 24-x Subnet x Host 34 . with the three highest order bits set to 1-1-0 and a 21-bit network number.e using one public IP address we will give them IP address and make them independent networks. Class D addresses have their leading four bits set to 1-1-1-0 and are used to support IP Multicasting.

00110000.00000100 is ANDed with 11111111.1 Defining the Subnet Mask / Extended Prefix Length The first step in defining the subnet mask is to determine the number of bits required to define the six subnets.11111111.255.0 is the subnet address 0.00000000 here first two octets represents Network address and third octet represents subnet address. 4 (22).0.16 Network 24 16-x Subnet 8-x x Host x Network Subnet Host And due to this mask changes to subnet mask and now the network address also includes subnet address.0 And an IP address for a computer is given as 142.48.240.4. Example If subnet mask is 255.0. 8 (23).4 is the host address of the computer 10001110.00000000 and output is 10001110.11110000.0. Since a network address can only be subnetted along binary boundaries.52. and different house number (Host address). 4.00010000.4. 16 (24). subnets must be created in blocks of powers of two [2 (21). It can be compared with a postal address as there is only one ZIP code (Network address).4 142. and so on].00110100.00010000. it is impossible to define an IP address block such that it contains 35 . Thus. different streets (Subnet address).16.0 is network address 0.16. • The size of the global Internet routing table does not grow because the site administrator does not need to obtain additional address space and the routing advertisements for all of the subnets are combined into a single routing table entry.

RFC 1009 specified how a subnetted network could use more than one subnet mask. Since 8 = 23. A 27-bit extended network prefix can be expressed in dotted-decimal notation as 255.6 Routing Protocols 36 . 4.exactly six subnets. the organization is subnetting a /24 so it will need three more bits. 4. since the all-0s and all-1s host addresses cannot be allocated. RIP-1 Permits Only a Single Subnet Mask When using RIP-1.255. subnet masks have to be uniform across the entire network prefix. In this example. the network administrator must define a block of 8 (23) and have two unused subnets that can be reserved for future growth. How does a RIP-1 based router know what mask to apply to a route when it learns a new route from a neighbor? If the router has a subnet of the same network number assigned to a local interface. A 27-bit extended network prefix leaves 5 bits to define host addresses on each subnet. or a /27. This means that each subnetwork with a 27-bit prefix represents a contiguous block of 25 (32) individual IP addresses. it assumes that the learned subnetwork was defined using the same mask as the locally configured interface. RIP-1 allows only a single subnet mask to be used within each network number because it does not provide subnet mask information as part of its routing table update messages. When an IP network is assigned more than one subnet mask. as the extended network prefix. there are 30 (25-2) assignable host addresses on each subnet.224. However. For this example. RIP-1 is forced to make assumptions about the mask that should be applied to any of its learned routes. it is considered a network with (VLSM) since the extended network prefixes have different lengths.5 Variable Length Subnet Masks (VLSM) In 1987. three bits are required to enumerate the eight subnets in the block. In the absence of this information.255.

To be able to route packets. Routers route traffic to all the networks in our internetwork.Static and Dynamic 1. the following: • • • • • Destination address Neighbor routers from which it can learn about remote networks Possible routes to all remote networks The best route to each remote network How to maintain and verify routing information Dynamic routing is the process of routing protocols running on the router communicating with neighbor routers. The ip route commandThe command for configuring a static route is ip route. If static routing is used. then we are not routing. the dynamic routing protocols automatically inform all routers about the change. at a minimum. The complete syntax for configuring a static route is: Router (config) #ip route prefix mask {ip-address | interface-type interface-number [ipaddress]} [distance] [name] [permanent] [tag] Router (config) #ip route network-address subnet-mask {ip-address | exit-interface} 37 .Routing is used for taking a packet from one device and sending it through the network to another device on a different network. 4. a router must know. If our network has no routers. The routers then update each other about all the networks they know about.6.1 Routing:. If a change occurs in the network. the administrator is responsible for updating all changes by hand into all routers.

255.2 Let's examine each element in this output: ip route .16.Static route command 172.Serial 0/0/0 interface IP address on Router. Installing a Static Route in the Routing Table R#debug ip routing R#config terminal R (config) #ip route 172.2.255. 00:20:15: RT: add 172.0 172.1.2.Destination network address of the remote network to be added to the routing table  Subnet-mask .Subnet mask of remote network 172.255. Verifying the Static RouteThe output from debug ip routing shows that this route has been added to the routing table.0 255.16.16.255.Network address of remote network 255.2.0 . static metric [1/0] Entering show ip route on R shows the new routing table. The actual next-hop router's IP address is commonly used for this parameter.The following parameters are used:  Network-address . 2. This is beyond the scope of this course. The ip-address parameter is commonly referred to as the "next-hop" router's IP address.2. but we've added this point to maintain technical accuracy. The subnet mask can be modified to summarize a group of networks.Subnet mask of the remote network to be added to the routing table.16.16.2 .0 .0/24 via 172.1. Output: 38 . as long as it is resolvable in the routing table.1.16. the ip-address parameter could be any IP address. which is the "next-hop" to this network 3. However.

this is displayed in the line above.16. R's static route for the 192. Verifying Static Route Changes We deleted and reconfigured the static routes for all three routers.or to other aspects of the network .2 Configuring a Static Route with an Exit Interface Let's investigate another way to configure the same static routes.Administrative distance and metric for the static route via 172.16.2.2. This static route requires a second routing table lookup to resolve the 172.2 .16. Currently.IP address of the next-hop router.168.2. the IP address of Routers Serial 0/0/0 interface Any packets with a destination IP address that have the 24 left-most bits matching 172.1.0 will use this route.0 .16.0/24 network is configured with the next-hop IP address of 172. However.2.1.2.S .Routing table code for static route 172.255. note the following line: ip route 192.2.168. The running configuration contains the current router configuration .0 172.the commands and parameters that the router is currently using.2 nexthop IP address to an exit interface.Subnet mask for this route.6. known as the parent route [1/0] .16. Verifying the Static Route Configuration Whenever changes are made to static routes . 39 . which allows the routing table to resolve the exit interface in a single search instead of two searches. In the running configuration. Verify the changes by examining the running configuration. 4.2. most static routes can be configured with an exit interface.verify that the changes took effect and that they produce the desired results.Network address for the route /24 .16.255.0 255.

A link-state interior routing protocol 5.A distance vector interior routing protocol 2.0 255.BGP .255.6.A path vector exterior routing protocol 4. 2.IS-IS .3.3 Configuring a Summary Route To implement the summary route. we can test that packets from each router are reaching their destination and that the return path is also working properly. The most commonly used routing protocols are: 1. 4.255.IGRP .0 serial0/0/1 R (config) #no ip route 172.RIP .ping The ultimate test is to route packets from source to destination.2 IOS and later) 3.0 serial0/0/1 Next.0 255.1.0 serial0/0/1 R (config) #no ip route 172.EIGRP .The distance vector interior routing developed by Cisco (deprecated from 12.A link-state interior routing protocol 4.16.255.252.6.16.The advanced distance vector interior routing protocol developed by Cisco 6.show ip route Static routes with exit interfaces have been added to the routing table and that the previous static routes with next-hop addresses have been deleted.255.0 255.0 255.1.0.16.255.0 serial0/0/1 Routing protocols can be classified into different groups according to their characteristics.255.16.255.2.OSPF . we will configure the summary static route: R (config) #ip route 172. we must first delete the three current static routes: R (config) #no ip route 172. Using the ping command.4 Routing protocols are two types 40 .

4. Link state routing protocols 4. 4. EIGRP has these key characteristics: • • It can perform unequal cost load balancing. It uses Diffusing Update Algorithm (DUAL) to calculate the shortest path. Distance vector routing protocols include RIP. IGRP is the predecessor of EIGRP and is now obsolete. load and reliability are used to create a composite metric. delay.4. by default. by default.3 EIGRP Enhanced IGRP (EIGRP) is a Cisco proprietary distance vector routing protocol. If the hop count for a network is greater than 15.6. and EIGRP.6. Routing updates are broadcast every 90 seconds.1.1.1.6. IGRP has the following key design characteristics:• • • Bandwidth. Distance vector routing protocols 2. • Routing updates are broadcast or multicast every 30 seconds. RIP cannot supply a route to that network.6. 4.1.1 RIP RIP has the following key characteristics:• • Hop count is used as the metric for path selection.4.4.2 IGRP Interior Gateway Routing Protocol (IGRP) is a proprietary protocol developed by Cisco. Dynamic routing is the most common choice for large networks. 4. 41 . IGRP.1 Distance vector routing protocols Dynamic routing protocols help the network administrator overcome the time-consuming and exacting process of configuring and maintaining static routes.

Integrated IS-IS.1 OSPF OSPF was designed by the IETF (Internet Engineering Task Force) OSPF Working Group.2. 42 .2 IS-IS IS-IS was designed by ISO (International Organization for Standardization) and is described in ISO 10589.• There are no periodic updates as with RIP and IGRP.2 Link state routing protocols:4. OSPF is a classless routing protocol. The development of OSPF began in 1987 and there are two current versions in use: OSPFv2: OSPF for IPv4 networks (RFC 1247 and RFC 2328) OSPFv3: OSPF for IPv6 networks (RFC 2740) 4. The first incarnation of this routing protocol was developed at DEC (Digital Equipment Corporation) and is known as DECnet Phase V.4. It does not impose a hopcount restriction and permits its domain to be subdivided for easier management.6.6. Later. Routing updates are sent only when there is a change in the topology. which still exists today. we will configure the mask as part of our OSPF configuration. Therefore. OSPF is specifically designed to operate with larger networks. OSPF's major advantages over RIP are its fast convergence and its scalability to much larger network implementations. Radia Perlman was the chief designer of the IS-IS routing protocol.3 OSPF Open Shortest Path First (OSPF) is a recent entry into the Internet interior routing scene. 4. more enterprise networks are beginning to use IS-IS.2.4.6.4. IS-IS was originally designed for the OSI protocol suite and not the TCP/IP protocol suite. Although IS-IS has been known as the routing protocol used mainly by ISPs and carriers. 4. or Dual IS-IS. included support for IP networks.4.2.6.

CHAPTER -5 43 . 4.Hello packets are used to establish and maintain adjacency with other OSPF routers. 5. LSU .When an LSU is received.Receiving routers can then request more information about any entry in the DBD by sending a Link-State Request (LSR).Link-State Update (LSU) packets are used to reply to LSRs as well as to announce new information. Hello .OSPF packet typesEach packet serves a specific purpose in the OSPF routing process: 1.The Database Description (DBD) packet contains an abbreviated list of the sending router's link-state database and is used by receiving routers to check against the local link-state database. LSAck . DBD . 3. LSUs contain seven different types of Link-State Advertisements (LSAs). the router sends a Link-State Acknowledgement (LSAck) to confirm receipt of the LSU. 2. LSR .

either as hard copy or on the network on a protected website. Pinging to other PCs in the network also initiates the MAC address auto-discovery process. Network configuration documentation provides a logical diagram of the network and detailed information about each component.1 INTRODUCTION To efficiently diagnose and correct network problems. This information is called the network baseline and is captured in documentation such as configuration tables and topology diagrams. a network engineer needs to know how a network has been designed and what the expected performance for this network should be under normal operating conditions. • The telnet command is used to log in remotely to a device for accessing configuration information. This information should be kept in a single location. we may have to gather information directly from routers and switches. 44 .TESTING OF NETWORK 5. Commands that are useful to the network documentation process include: • The ping command is used to test connectivity with neighboring devices before logging in to them. Network documentation should include these components: • • • Network configuration table End-system configuration table Network topology diagram When we document our network.

more remote devices (through learned routes).2 TESTING NETWORK PERFORMANCE Establishing a network performance baseline requires collecting key performance data from the ports and devices that are essential to network operation. This information helps to determine the "personality" of the network and provides answers to the following questions: 1. What thresholds should be set for the devices that need to be monitored? 5. no standard exists to measure the optimum nature of network traffic and congestion levels.• • The show ip interface brief command is used to display the up or down status and IP address of all interfaces on a device. How does the network perform during a normal or average day? 2. Where are the underutilized and over-utilized areas? 3. Where are the most errors occurring? 4. • The show cdp neighbor detail command is used to obtain detailed information about directly connected Cisco neighbor devices. The collected data reveals the true nature of congestion or potential congestion in a network. and the routing protocols that have been configured. In addition. 5. analysis after an initial baseline tends to reveal hidden problems. The baseline also provides insight into whether the current network design can deliver the required policies. Can the network deliver the identified policies? Measuring the initial performance and availability of critical network devices and links allows a network administrator to determine the difference between abnormal behavior and proper network performance as the network grows or traffic patterns change. The show ip route command is used to display the routing table in a router to learn the directly connected neighbors. 45 . Without a baseline.

the Fluke Network Super Agent module enables administrators to automatically create and review reports using its Intelligent Baselines feature. 5.2 The stages of the general testing process are: Stage 1 Gather symptoms . Symptoms may appear in many different forms. Stage 2 Isolate the problem . 5. end systems. While gathering symptoms. or a set of related problems.1 Measuring Network Performance Data Sophisticated network management software is often used to baseline large and complex networks.2.Troubleshooting begins with the process of gathering and documenting symptoms from the network. and user complaints.2. the network administrator may gather and document more symptoms depending on the problem characteristics that are identified. and users. the network administrator examines the characteristics of the problems at the logical layers of the network so that the most likely cause can be selected. 46 . is identified. To do this. including alerts from the network management system. questions should be used as a method of localizing the problem to a smaller range of possibilities. In addition. console messages. the network administrator determines which network components have been affected and how the functionality of the network has changed compared to the baseline. For example.The problem is not truly isolated until a single problem. This feature compares current performance levels with historical observations and can automatically identify performance problems and applications that do not provide expected levels of service.It may also reveal areas in the network that are underutilized and quite often can lead to network redesign efforts based on quality and capacity observations. At this stage.

Determine if the problem is at the core. we need to contact an administrator for the external system before gathering additional network symptoms. and documenting a solution. and the network administrator returns to gathering symptoms and isolating the problem. Part of the policy should include documenting every important piece of information. Step 4. we can move onto the next stage. or access layer of the network.Stage 3 Correct the problem . Gather symptoms from suspect devices . the attempted solution is documented. Analyze existing symptoms . distribution. If the network administrator determines that the corrective action has created another problem. 5. A troubleshooting policy should be established for each stage. Each step in this process is briefly described here: Step 1. Start with 47 . Step 2. If the problem is outside the boundary of our control.Having isolated and identified the cause of the problem.Analyze symptoms gathered from the trouble ticket. analyze the existing symptoms and use our knowledge of the network topology to determine which pieces of equipment are the most likely cause. lost Internet connectivity outside of the autonomous system. or end systems affected by the problem to form a definition of the problem.Using a layered troubleshooting approach. users. A policy provides a consistent manner in which to perform each stage. At the identified layer.If the problem is within our system. Narrow the scope . Determine ownership . gather hardware and software symptoms from the suspect devices. the network administrator works to correct the problem by implementing.3 Gathering Symptoms To determine the scope of the problem gather (document) the symptoms. testing. Step 3. for example. the changes are removed.

the most likely possibility, and use knowledge and experience to determine if the problem is more likely a hardware or software configuration problem. Step 5. Document symptoms - Sometimes the problem can be solved using the documented symptoms. If not, begin the isolating phase of the general troubleshooting process.

Fig 5.1 Command List

5.4 Hardware Testing Tools

5.4.1 Network Analysis Module

48

A network analysis module (NAM) can be installed in Cisco Catalyst 6500 series switches and Cisco 7600 series routers to provide a graphical representation of traffic from local and remote switches and routers. The NAM is a embedded browser-based interface that generates reports on the traffic that consumes critical network resources. In addition, the NAM can capture and decode packets and track response times to pinpoint an application problem to the network or the server.

5.4.2 Digital Multimeters
Digital multimeters (DMMs) are test instruments that are used to directly measure electrical values of voltage, current, and resistance. In network troubleshooting, most of the multimedia tests involve checking power-supply voltage levels and verifying that network devices are receiving power.

5.4.3 Cable Testers
Cable testers are specialized, handheld devices designed for testing the various types of data communication cabling. Cabling testers can be used to detect broken wires, crossedover wiring, shorted connections, and improperly paired connections. These devices can be inexpensive continuity testers, moderately priced data cabling testers, or expensive time-domain reflectometers (TDRs). TDRs are used to pinpoint the distance to a break in a cable. These devices send signals along the cable and wait for them to be reflected. The time between sending the signal and receiving it back is converted into a distance measurement. The TDR function is normally packaged with data cabling testers. TDRs used to test fiber optic cables are known as optical time-domain reflectometers (OTDRs). Fig 5.2 TOPOLOGY DIAGRAM OF NETWORK

5.4.4 Cable Analyzers
49

Cable analyzers are multifunctional handheld devices that are used to test and certify copper and fiber cables for different services and standards. The more sophisticated tools include advanced troubleshooting diagnostics that measure distance to performance

defect (NEXT, RL), identify corrective actions, and graphically display crosstalk and impedance behavior. Cable analyzers also typically include PC-based software. Once field data is collected the handheld device can upload its data and up-to-date and accurate reports can be created.

CHAPTER -6 SECURITY
50

This has effectively lowered the entry-level requirements for attackers. and networking knowledge to make use of rudimentary tools and basic attacks. Some of the most common terms are as follows: White hat-An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed.2 The Increasing Threat to Security Over the years. As time went on. and even legal liability. attackers no longer required the same level of sophisticated knowledge. 51 .1 Introduction Computer networks have grown in both size and importance in a very short time. As e-business and Internet applications continue to grow. To make the situation even more challenging. They are ethically opposed to the abuse of computer systems. there could be serious consequences.6. A white hat generally focuses on securing IT systems. and more flexible. If the security of the network is compromised. theft of information. attacks. and attackers' methods and tools improved. such as loss of privacy. the types of potential threats to network security are always evolving. People who previously would not have participated in computer crime are now able to do so. whereas a black hat (the opposite) would like to break into them. and exploits have evolved. network attack tools and methods have evolved. various terms have been coined to describe the individuals involved. more transparent. In addition. 6. As the types of threats. the rise of mobile commerce and wireless networks demands that security solution become seamlessly integrated. In 1985 an attacker had to have sophisticated computer. programming. finding the balance between being isolated and open is critical.

These are the most commonly reported acts of computer crime that have network security implications: 1. Virus 3. Spammer-An individual who sends large quantities of unsolicited e-mail messages. usually through a payphone. such as credit card numbers or passwords. Phisher-Uses e-mail or other means to trick others into providing sensitive information. Cracker-A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent. Phishing where an organization is fraudulently represented as the sender 5. A common goal of phreaking is breaking into the phone network. Phreaker-An individual who manipulates the phone network to cause it to perform a function that is not allowed. Black hat-Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use.1 Types of Computer Crime As security measures have improved over the years. Conceiving of network security solutions begins with an appreciation of the complete scope of computer crime. Mobile device theft 4. A cracker is an example of a black hat. Spammers often use viruses to take control of home computers and use them to send out their bulk messages. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information. while new ones have emerged.2. More recently. Insider abuse of network access 2. 6.Hacker-A general term that has historically been used to describe a computer programming expert. Instant messaging misuse 52 . some of the most common types of attacks have diminished in frequency. to make free long distance calls. this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent. usually for personal or financial gain.

Sabotage Note: In certain countries. systems on the outside of a firewall should never be absolutely trusted by systems on the inside of a firewall. For example. One example of this is using one-time passwords. Key logging 15. Unauthorized access to information 8. Website defacement 16. Theft of customer or employee data 10. • • Authentication-Give access to authorized users only. Telecom fraud 20. Abuse of wireless network 11. Denial of service 7.6. Exploiting the DNS server of an organization 19. Misuse of a public web application 17. Bots within the organization 9. some of these activities may not be a crime. Trust and identity-Implement tight constraints on trust levels within a network.3 Secure connectivity • • VPNs-Encrypt network traffic to prevent unwanted disclosure to unauthorized or malicious individuals. 53 . Password sniffing 14. System penetration 12. 6. but are still a problem. Policy enforcement-Ensure that users and end devices are in compliance with the corporate policy. Financial fraud 13. Theft of proprietary information 18.

If we do not 54 . or processed in other ways. forwarded. As each packet comes through an interface with an associated ACL. looking for a pattern matching the incoming packet.1 The Role of Routers in Network Security We know that we can build a LAN by connecting devices with basic Layer 2 LAN switches. Knowing the roles that routers fulfill in the network helps us understand their vulnerabilities.4 ACL An ACL is a router configuration script that controls whether a router permits or denies packets to pass based on criteria found in the packet header.6. it can be a potential aid to them. By default. Routers fulfill the following roles: • • Advertise networks and filter who can use them. We can then use a router to route traffic between different networks based on Layer 3 IP addresses. Traffic that enters the router is routed according to the routing table. If an attacker can compromise and access a router. one line at a time. Provide access to network segments and subnetworks. ACLs can be configured to control access to a network or subnet. the ACL is checked from top to bottom. ACLs are also used for selecting types of traffic to be analyzed. The ACL enforces one or more corporate security policies by applying a permit or deny rule to determine the fate of the packet. 6. a router does not have any ACLs configured and therefore does not filter traffic. Routers are definite targets for network attackers.3. ACLs are among the most commonly used objects in Cisco IOS software. Router security is a critical element in any security deployment.

per interface: • • One ACL per protocol-To control traffic flow on an interface. One ACL per direction-ACLs control traffic in one direction at a time on an interface. or between a less controlled area of our own network and a more sensitive area of your network.4.use ACLs on the router. for example. 6. We can configure one ACL per protocol. all packets that can be routed through the router pass through the router to the next network segment. Configure ACLs on border routers-routers situated at the edges of our networks. Use ACLs on a router positioned between two parts of our network to control traffic entering or exiting a specific part of our internal network. Here are some guidelines for using ACLs: • • • Use ACLs in firewall routers positioned between our internal network and an external network such as the Internet. • One ACL per interface-ACLs control traffic for an interface. Two separate ACLs must be created to control inbound and outbound traffic.1 The Three Ps A general rule for applying ACLs on a router can be recalled by remembering the three Ps. We can configure ACLs on an interface to filter inbound traffic. per direction. or both. an ACL must be defined for each protocol enabled on the interface. Writing ACLs can be a challenging and complex task. The router in the example has two interfaces configured 55 . • Configure ACLs for each network protocol configured on the border router interfaces. outbound traffic. Every interface can have multiple protocols and directions defined. This provides a very basic buffer from the outside network. Fast Ethernet 0/0.

one statement at a time. otherwise. and packets that exit outbound interfaces of the router. • Outbound ACLs-Incoming packets are routed to the outbound interface. Instead of proceeding into or out of an interface. times two for each direction. This final test condition matches all other packets and results in a "deny" instruction. times two for the number of ports.2 How ACLs Work ACLs define the set of rules that give added control for packets that enter inbound interfaces. 56 . However.for IP: AppleTalk and IPX. per direction. there can be only one ACL per protocol. They evaluate packets against the ACL. • Inbound ACLs-Incoming packets are processed before they are routed to the outbound interface. and per interface. and then they are processed through the outbound ACL. We can apply an ACL to multiple interfaces. ACLs do not act on packets that originate from the router itself. the ACL blocks all traffic. it is then processed for routing. ACLs are configured either to apply to inbound traffic or to apply to outbound traffic. Because of this statement. This final statement is often referred to as the "implicit deny any statement" or the "deny all traffic" statement. 6. If the packet is permitted by the tests. from the top down. This router could possibly require 12 separate ACLs-one ACL for each protocol. An inbound ACL is efficient because it saves the overhead of routing lookups if the packet is discarded. an ACL should have at least one permit statement in it. packets that relay through the router. A final implied statement covers all packets for which conditions did not test true. the router drops all of these remaining packets.4. ACL statements operate in sequential order.

If there is no ACL or the packet is accepted. Therefore. the packet is now tested against the statements in the list. If an ACL exists. • For outbound lists. "to permit" means to send the packet to the output buffer. If the packet is accepted in the interface. the packet is encapsulated in the new Layer 2 protocol and forwarded out the interface to the next device. it is either accepted or rejected. 6.4. the router checks whether the destination interface has an ACL. the frame information is stripped off and the router checks for an ACL on the inbound interface.• • If the outbound interface is not grouped to an outbound ACL.2. and "to deny" means to discard the packet. the packet is sent directly to the outbound interface. If the outbound interface is grouped to an outbound ACL. it is then checked against routing table entries to determine the destination interface and switched to that interface. the packet is either accepted or rejected. The Implied "Deny All Traffic" Criteria Statement At the end of every access list is an implied "deny all traffic" criteria statement. the packet is permitted or denied. • • If the packet matches a statement. the packet is tested against the statements in the list. If an ACL exists. Based on the ACL tests. • If the packet matches a statement. It is also sometimes referred to as the "implicit deny any" statement. if a packet does 57 . the packet is not sent out on the outbound interface until it is tested by the combination of ACL statements that are associated with that interface. • Next.1 ACL Routing and ACL Processes on a Router • If the frame address is accepted.

Because the software stops testing conditions after the first match.4. all other traffic is blocked with this ACL. 6. If no conditions match. destination TCP or UDP ports. source and IP address.2. The first match determines whether the software accepts or rejects the address.2 Extended ACLs Extended ACLs filter IP packets based on several attributes. 6.2. and optional protocol type information for finer granularity of control.168. The example allows all traffic from network 192. protocol type.0/24 network to any destination host port 80 (HTTP). destination IP address.4. 6. The destination of the packet and the ports involved are not covered.30. The implied "deny all traffic" is the default behavior of ACLs and cannot be changed. standard and extended. Extended ACLs are created in global configuration mode. For example.2. the address is rejected.168.1 Standard ACLs Standard ACLs allow us to permit or deny traffic from source IP addresses.2.0/24 network. it is automatically blocked. A standard ACL is a sequential collection of permit and deny conditions that apply to IP addresses. Cisco IOS software tests addresses against the conditions one by one.4. Standard ACLs are created in global configuration mode.The two main tasks involved in using ACLs are as follows: 58 .2.not match any of the ACL entries. Because of the implied "deny any" at the end.30. the order of the conditions is critical. source TCP or UDP ports. The destination of the packet and the ports involved do not matter. ACL 103 permits traffic originating from any address on the 192. for example.2 There are two types of Cisco ACLs.

in case we are wondering why numbers 200 to 1299 are skipped. place them as close to the destination as possible. a number does not inform us the purpose of the ACL. FIG 6. The basic rules are: Locate extended ACLs as close as possible to the source of the traffic denied. Step 2. Every ACL should be placed where it has the greatest impact on efficiency.Step 1. numbers 600 to 699 are used by AppleTalk. For this reason. Regarding numbered ACLs. and numbers 800 to 899 are used by IPX. This course focuses only on IP ACLs. The proper placement of an ACL to filter undesirable traffic makes the network operate more efficiently. Using numbered ACLs is an effective method for determining the ACL type on smaller networks with more homogeneously defined traffic. However. Create an access list by specifying an access list number or name and access conditions. For example. it is because those numbers are used by other protocols. Because standard ACLs do not specify destination addresses. This way. we can use a name to identify a Cisco ACL.1 DFD SHOWING HOW ACL WORKS 59 . traffic that will be denied at a remote destination should not use network resources along the route to that destination. ACLs can act as firewalls to filter packets and eliminate unwanted traffic. Apply the ACL to interfaces or terminal lines. undesirable traffic is filtered without crossing the network infrastructure. For example. Where we place ACLs can reduce unnecessary traffic. starting with Cisco IOS Release 11.2.

The system is 60 . The system has reached a steady state where all the bugs have been eliminated.Standard ACL Logic Chapter -7 CONCLUSION The network designed using simulators fully meets the objectives of the system.

as the course of CCNA is the basis of three level of Cisco certified network associate. troubleshooting. Thus. you might be needed to prepare for and clear the examinations of CCNA for being CCNA certified. Cisco Certified Network Associate (CCNA) is the basic level of the certification of CISCO. you will learn regarding the networking basics like installation. in the end we would like to conclude that a network design has become a need for every organization and sooner or later everyone will be compelled to apply it due to its numerous advantages. Therefore. the system is very easy to operate and work with the system solves the problem it was intended to solve as the requirement specification phase. it is important for you to clear the certification of CCNA. configuration. it is suggested that you register for CISCO CCNA training. Furthermore. The project developed is within the state of art and the defects can easily be reduced to a level matching the application’s needs. the established competitive state of affairs makes it tricky for every individual to acquire a job easily. The level of CCNA is appropriate for assisting field technicians and desk engineer 61 . which is offered by several institutions around the UK. In such situations. After this. To acquire the certification of CCNA. it turns out to be crucial to be well educated and have professional qualifications for making a successful career.operating at the high level of efficiency and all the packets are reaching to its correct destination. Network designing has been designed by keeping user friendliness in top priority i. The network traffic is also maintained through analyzers. By registering for the examination of CCNA. management and maintenance of IP and non-IP networks. there are no requirements for taking the CCNA examinations. Key Learning In the present day’s market of jobs.e. if you are arranging for a career in networking. which is considered as the one of the most sought after fields all over the world. design.

Have the Professional approach towards networking. hub.Advantages : 1. Industry-Oriented REFERENCES • • www.com. 2. 4. Potential to configure any network. 3. switch.sybex. Understand the basic fuctioning of CISCO router.com 62 . http://compnetworking.about.

• • • www. Protocols.cisco. • Data Communications and Networking. Miller 63 . Comer • Data and Network Communications.Behrouz A Forouzan. And Architecture By Douglas E.com http://www. BY: .networktutorials. • Internetworking With TCP/IP: Principles.A.info www.info BOOKS REFERRED • Cisco Certified Network Associate By: .M.networktutorials. Tata McGraw Hill By: . Thomson Learning.Todd Lammle Study Guide • Interconnecting Cisco Network Devices By:-ICND Pub.

Sign up to vote on this title
UsefulNot useful