SUMMER TRAINING REPORT ON

COMPUTER NETWORKING

Guidance

Of
Prepared By Pawan Sharma
B.Tech. Third Year (Information Tech & Engg.) GHEC Kumarhatti

Under Guidance of Mr. M.D.Mishra

Solan (shimla)

Summer Training e!ort "n Com!uter #etwor$ing

TABLE OF CONTENT
i %c$now&edgement ii Certificate iii Ta'&e of Content i( %'out the Com!an) *. Introduction to #etwor$ing +efinition e,uirement of #etwor$ing -. T)!e. of #etwor$ /%# (/oca& %rea #etwor$) 0%# (0ide %rea #etwor$) 1. #etwor$ 2ode&. "SI 2ode& 3. Ca'&e. Twi.ted Ca'&e Coa4ia& Ca'&e 5i're "!tic 6. #etwor$ing +e(ice. #etwor$ Interface Card Hu' Switch outer 7. IP %ddre..ing Introduction Pri(ate IP 2a.$ing
Summer Training e!ort "n Com!uter #etwor$ing

Su'netting E4am!&e 8. /%# So&ution e,uirement So&ution S!ecification Sheet 9. outer Interna& Com!onent. #etwor$ Interface. Configuring Configuring u.ing Con.o&e outing Protoco&. IP IG P %cce.. /i.t :. 5irewa&& Introduction Techno&ogie. Configuring *;. 0/%# Standard. To!o&ogie. Infra.tructure #etwor$ %dhoc #etwor$ **. Intru.ion +etection S).tem (I+S) HI+S #I+S Techni,ue. *-. Integrated Ser(ice. +igita& #etwor$ (IS+#) Channe&. Interface. 5unctiona& Grou! eference Point. *1.
*3.

0%# So&ution Se&f E(a&uation

Summer Training e!ort "n Com!uter #etwor$ing

Summer Training e!ort "n Com!uter #etwor$ing

INTRODUCTION TO NETWORKING
Definition :A network is a system that transmits any com ination of !oice" !ideo and#or data etween users. A network can e defined y its $eo$raphical dimensions and y which the user%s P& access it. A network consists of a'

(he net o!" o#e!atin$ %&%te' ()indows *(#+,,,(M#-p) on the user%s P& (client) and ser!er. (he ca)*e% connectin$ all network de!ices (user%s P&" ser!er" peripherals" etc.).

All supportin$ network co'#onent% (hu s" routers and switches" etc.). Computer Network means an interconnected collection of autonomous computers.

Re+ui!e'ent of Net o!"in$

Re%ou!ce %,a!in$. (o make all pro$rams" e/uipment" and especially data a!aila le to anyone on the network without re$ard to the physical location of the resource and the user. -i$, !e*ia)i*it&. As all files could e replicated on two or three machines" so if one of them is una!aila le (due to hardware failure)" the other copies could e used. .ca*a)i*it&. 0t is the a ility to increase system performance $radually as the workload $rows 1ust y addin$ more processors. A computer network can pro!ide a powerful co''unication 'ediu' alon$ widely separated employees. (he use of networks to enhance human.to.human communication will pro a ly pro!e more important than technical $oals such as impro!ed relia ility. (hese are the re/uirement with respect to companies ut computer networkin$ is re/uired e!en in the normal day to day life as we ha!e to access the internet to $et information a out what all new happenin$ in the world" to ha!e communication with people stayin$ far away usin$ the e mail ser!ice. (hese are the reasons that forced the in!enterors to in!ent the networkin$ de!ices" models and protocols etc. And the birth of Networking took place in 1844 when for the first time Samuel Morse send the first tele$raph messa$e. Summer Training e!ort "n Com!uter #etwor$ing

T/PE. OF NETWORK.
LAN (LOCAL AREA NETWORK0
(hese are pri!ately owned networks within a sin$le uildin$ or campus of up to a few a kilometers in si2e. 3A*%s are distin$uished from other networks y three characteristics' 4) (heir si2e. +) (heir transmission technolo$y. 5) (heir topolo$y. 3A*%s are restricted in si2e" which means that the worst.case transmission time is ounded and known in ad!ance. 3A*%s often use a transmission technolo$y consistin$ of a sin$le ca le to which all the machines are attached. 3A*s run at speeds of 4, to 4,, M ps" ha!e low delays" and make !ery few errors.

LAN .ETUP
IEEE has produced se!eral standards for 3A*s. (hese standards collecti!ely known as IEEE 123 . 06667,+.5 (6thernet)" 06667,+.8 ((oken Bus)" 06667,+.9 ((oken :in$)

Summer Training e!ort "n Com!uter #etwor$ing

WAN (WIDE AREA NETWORK0

0t is a &omputer network that spans a relati!ely lar$e $eo$raphical area" often a country or continent. (ypically a )A* consists of two or more 3ocal Area *etwork. &omputers connected to )A* are often connected throu$h pu lic networks such as telephone systems. (hey can also e connected throu$h leased lines or satellites. (he lar$est )A* in e;istence is 0nternet. )A*s run at speed of ma;imum + to 4, M ps.

WAN .ETUP <or most )A*s" the lon$ distance andwidth is relati!ely slow' on the order of kilo its per second (k ps) as opposed to me$a its per second (M ps) for local.area networks (3A*s). <or e;ample" an 6thernet 3A* has a 4, M ps andwidth= a )A* usin$ part or all of a (4 carrier has a andwidth of 4.988 M ps . (hree types of approaches are used to connect )A*s' 4) &ircuit switchin$" which pro!ides a fi;ed connection (at least for the duration of a call or session)" so that each packet takes the same path. 6;amples of this approach include 0SD*" Switched 9>" and Switched (4. +) Packet switchin$" which esta lishes connections durin$ the transmission process so that different packets from the same transmission may take different routes and may arri!e out of se/uence at the destination. 6;amples of this approach are -.+9" frame relay" and A(M. 5) 3eased lines" which can pro!ide a dedicated connection for pri!ate use Summer Training e!ort "n Com!uter #etwor$ing

NETWORK MODELS
La&e!in$ Conce#t% and Benefit%
Many enefits can e $ained from the process of reakin$ up the functions or tasks of networkin$ into smaller chunks" called layers, and definin$ standard interfaces etween these layers. (he layers reak a lar$e" comple; set of concepts and protocols into smaller pieces" makin$ it easier to talk a out" to implement with hardware and software" and to trou leshoot. (he followin$ list summari2es the enefits of layered protocol Specifications' ?umans can more easily discuss and learn a out the many details of a protocol specification. Standardi2ed interfaces amon$ layers facilitate modular en$ineerin$. A etter en!ironment for interopera ility is created. @ne !endor can write software that implements hi$her layersAfor e;ample" a )e rowserAand another can write software that implements the lower layersAfor e;ample" Microsoft%s uilt.in (&P#0P software in its operatin$ systems. :educed comple;ity allows easier pro$ram chan$es and faster product e!olution. @ne layer uses the ser!ices of the layer immediately elow it. (herefore" remem erin$ what each layer does is easier. (<or e;ample" the network layer needs to deli!er data from end to end. (o do this" it uses data links to forward data to the ne;t successi!e de!ice alon$ that end.to.end path.)

O.I NETWORK MODEL

(he @S0 model descri es how information makes its way from application pro$rams throu$h a network medium to another application pro$ram in other computer. 0t di!ides one i$ pro lem in to se!en smaller pro lems . 6ach pro lem is addressed y one of the se!en layers of the @S0 model.

Summer Training e!ort "n Com!uter #etwor$ing

Functions of Network La ers in !rief"

APPLICATION LA/ER
Used for applications specifically written to run o!er the network Allows access to network ser!ices that support applications= Directly represents the ser!ices that directly support user applications ?andles network access" flow control and error reco!ery 6;ample apps are file transfer" e.mail" *et B0@S. ased applications

PRE.ENTATION LA/ER
(ranslates from application to network format and !ice.!ersa All different formats from all sources are made into a common uniform format that the rest of the @S0 model can understand :esponsi le for protocol con!ersion" character con!ersion" data encryption # decryption" e;pandin$ $raphics commands" data compression Sets standards for different systems to pro!ide seamless communication from multiple protocol stacks *ot always implemented in a network protocol

Summer Training e!ort "n Com!uter #etwor$ing

.E..ION LA/ER
6sta lishes" maintains and ends sessions across the network :esponsi le for name reco$nition (identification) so only the desi$nated parties can participate in the session Pro!ides synchroni2ation ser!ices y plannin$ check points in the data stream BC if session fails" only data after the most recent checkpoint need e transmitted Mana$es who can transmit data at a certain time and for how lon$ 6;amples are interacti!e lo$in and file transfer connections" the session would connect and re.connect if there was an interruption= reco$ni2e names in sessions and re$ister names in history

TRAN.PORT LA/ER
Additional connection elow the session layer Mana$es the flow control of data etween parties across the network Di!ides streams of data into chunks or packets= the transport layer of the recei!in$ computer reassem les the messa$e from packets D(rainD is a $ood analo$y BC the data is di!ided into identical units Pro!ides error.checkin$ to $uarantee error.free data deli!ery" with on losses or duplications Pro!ides acknowled$ment of successful transmissions= re/uests retransmission if some packets don%t arri!e error.free Pro!ides flow control and error.handlin$ (&P" A:P" :A:P=

NETWORK LA/ER
(ranslates lo$ical network address and names to their physical address (e.$. computer name BBC MA& address) :esponsi le for addressin$ and determinin$ routes for sendin$ Mana$in$ network pro lems such as packet switchin$" data con$estion and routin$ 0f router can%t send data frame as lar$e as the source computer sends" the network layer compensates y reakin$ the data into smaller units. At the recei!in$ end" the network layer reassem les the data (hink of this layer stampin$ the addresses on each train car IP= A:P= :A:P" 0&MP= :0P= @S<P<

Summer Training e!ort "n Com!uter #etwor$ing

DATA LINK LA/ER

(urns packets into raw its 4,,4,4 and at the recei!in$ end turns its into packets. ?andles data frames etween the *etwork and Physical layers (he recei!in$ end packa$es raw data from the Physical layer into data frames for deli!ery to the *etwork layer :esponsi le for error.free transfer of frames to other computer !ia the Physical 3ayer (his layer defines the methods used to transmit and recei!e data on the network. 0t consists of the wirin$" the de!ices use to connect the *0& to the wirin$" the si$nalin$ in!ol!ed to transmit # recei!e data and the a ility to detect si$nalin$ errors on the network media

Lo$ica* Lin" Cont!o*

6rror correction and flow control Mana$es link control and defines SAPs

P-/.ICAL LA/ER
(ransmits raw it stream o!er physical ca le Defines ca les" cards" and physical aspects Defines *0& attachments to hardware" how ca le is attached to *0& +efine. techni,ue. to tran.fer 'it .tream to ca'&e

IP ADDRESSING 6!ery machine on the internet has a uni/ue identifyin$ num er" called an 0P Address. A typical= 0P address looks like this' +4>.+E.>4.89 0P ADD:6SS is a 5+. it num er" usually written in dotted decimal form" that uni/uely identifies an interface of some computer. (his 5+. it num er is di!ided into 8 octets each separated y a decimal. @ut so many !alues certain !alues are restricted for use as typical 0P address. <or e;ample" the 0P address ,.,.,., is reser!ed for the default network and the address +99.+99.+99.+99is used for roadcast. 6ach 0P address is split into + sections' 4) *etwork address +) ?ost address

Summer Training e!ort "n Com!uter #etwor$ing

0ndi!idual 0P address in same network all ha!e a different !alue in the host part of address" ut they ha!e identical !alue in network part" 1ust as in town there are different street address ut same F0P code. (here are fi!e 0P classes' C*a%% A G (his class is for !ery lar$e networks" such as a ma1or international company. 0P addresses with a first octet from 4 to 4+> are part of this class. (he other three octets are each used to identify each host. *et 98. ?ost or *ode +8.98.85

Loo#)ac". (he 0P address 4+E.,.,.4 is used as the loop ack address. (his means that it is used y the host computer to send a messa$e ack to itself. 0t is commonly used for trou leshootin$ and network testin$. C*a%% B. &lass B is used for medium.si2ed networks. A $ood e;ample is a lar$e colle$e campus. 0P addresses with a first octet from 4+7 to4H4 are part of this class. &lass B addresses also include the second octet as part of the *et identifier. (he other two octets are used to identify each host. *et 489.+8 ?ost or *ode 95.4H7

C*a%% C. &lass & addresses are commonly used for small to mid.si2e usiness. 0P addresses with a first octet from4H+ to ++5 are part of this class. &lass & addresses also include the second and third octets as part of *et identifier. (he last octet is used to identify each host. *et 4H>.98.58 ?ost or *ode 7>

C*a%% D. 0t is used for multicast. 0t has first it !alue of 4" second it !alue of 4" third it !alue of 4 and fourth it !alue of ,. (he other +7 its are used to identify the $roup of computers the multicast messa$es is intended for. *et ++8 C*a%% E. 0t is used for e;perimental purpose only. *et +8,. Summer Training e!ort "n Com!uter #etwor$ing ?ost or *ode +5.89.4,9 ?ost or *ode +8.98.489

P!i4ate IP
0t is not necessary that e!ery time we make a network we are connected to some 0SP (0nternet Ser!ice Pro!ider). So in that case we re/uire some pri!ate 0P also which can e used in indi$enous networks .0n each class a ran$e of 0P addresses ha!e een defined for this purpose &3ASS A &3ASS B &3ASS & 4,.,.,.4 to 4,.+99.+99.+88 4E+.4>.,.4 to 4E+.58.+99.+98 4H+.4>7.,.,#4>

MA.KING
&omputers use a mask to define si2e of network and host part of an address. Mask is a 5+. it num er written in dotted decimal form. 0t pro!ides us the network address when we perform a Boolean A*D of mask with the 0P address. 0t also define num er of host its in an address. &lass of addres s A B & Si2e of network Part of address" in its 7 4> +8 Si2e of ?ost Part of address" in its +8 4> 7 Default Mask for 6ach &lass of *etwork +99.,.,., +99.+99.,., -66.-66.-66.;

.UBNETTING
Basically it is a process of su di!idin$ networks into smaller su nets. 0n case we ha!e +.5 small networks ut we cant uy 0P address for each and e!ery network. So here we use the asic concept of SUB*6((0*G i.e usin$ one pu lic 0P address we will $i!e them 0P address and make them independent networks. <or this we take some its of host address and use them for network address so we ha!e different independent networks Address <ormat when Su nettin$ 0s Used (class A"B"& resp.)' 7 *etwork +8.; Su net ; ?ost

4> 4>.; ; *etwork Su net ?ost +8 7.; ; *etwork Su net ?ost And due to this mask chan$es to su net mask and now the network address also includes su net address. Summer Training e!ort "n Com!uter #etwor$ing

E5a'#*e 0f su net mask is +99.+99.+8,., And an 0P address for a computer is $i!en as 48+.4>.9+.8 48+.4>.,., is network address ,.,.87., is the su net address ,.,.8.8 is the host address of the computer 4,,,444,.,,,4,,,,.,,44,4,,.,,,,,4,, is A*Ded with 44444444.44444444.4444,,,,.,,,,,,,, and output is 4,,,444,.,,,4,,,,.,,44,,,,.,,,,,,,, here first two octets represents *etwork address and third octet represents su net address. 0t can e compared with a postal address as there is only one F0P code (*etwork address)" different streets (Su net address)" and different house num er (?ost address).

.o'e te!'ino*o$ie% Net o!"in$ 'ode*%:

t,o%e

a!e

u%ed

it,

#o$$ision Do%ain& It i. the grou! of PC=. in which co&&i.ion wi&& occur when two PC wi&& tran.mit data .imu&taneou.&). !roa'cast Do%ain& It i. the grou! of PC=. tho.e wi&& recei(e .ame 'roadca.t me..age. #SMA(#D )#arrier Sense Mu$ti*$e Access( #o$$ision Detection+& In thi. !rotoco& when a PC want. to tran.mit an) !ac$et it .en.e the carrier i.e the !ath >if no other PC i. u.ing the carrier then on&) it .end.. If two PC. .tart. .ending data .imu&taneou.&) co&&i.ion wi&& occur. Both PC. wi&& wait for .ome random time and then initiate the .ame !roce... MAC (Media Access Control) . The I 8!".# ( thernet) and 8!".$ (Token %ing) are the MAC s&b la'ers of these two (AN data) link protocols. Burned-in address: The *)b'te address assigned b' the +endor ,aking the card. It is &s&all' b&rned in to a %-M or .%-M on the (AN card and begins with a #)b'te organi/ationall' &ni0&e identifier (-1I) assigned b'
Summer Training e!ort "n Com!uter #etwor$ing

the I

Locally administered address: Thro&gh config&ration2 an address that is &sed instead of the b&rned)in address. Unicast address: 3anc' ter, for a MAC that represents a single (AN interface.

PA..I6E COMPONENT.
Passi!e components are those de!ices which are used to pro!ide connecti!ity etween different networkin$ de!ices. 0t includes &a les Patch Panel Patch &ord 0#@ o; :acks :I.89 &onnectors

CABLE.
There are different Ca'&ing o!tion. de!ending on the acce.. method ? T i%ted #ai!
(he wires are twisted around each other to minimi2e interference from other twisted pairs in the ca le. (wisted pair ca les are a!aila le unshielded (U(P) or shielded (S(P). U(P is the most common type and uses a :I.89 &onnector. (ypical len$ths are up to 4,,m. (wisted pair network uses a star topolo$y.

Summer Training e!ort "n Com!uter #etwor$ing

Coa5ia*
&oa;ial ca le uses B*& connectors. (he ma;imum ca le len$ths are around 9,,m. &oa;ial networks use a sin$le us topolo$y

Fi)e! O#tic
U(P and &o.a;ial ca les are not capa le for dri!in$ the data si$nals for lon$ distance i.e. U(P is capa le of transmittin$ up to a distance 4,, meters only By usin$ the <i er ca les it is possi le to send the data a out 4, kilometers. <i er optic ca le uses S&" S(" 3& connectors (most common in use is S& connector) 0n fi er ca les the data is con!erted to li$ht si$nals and the si$nal is made to propa$ate throu$h the fi er ca le. (here are two types of <i re optic ca le a!aila le. 4. Sin$le mode' 0n this mode typical len$th is up to 4+km and data rate is 4,,,M ps. (he core diameter is a out H.+9 nm ca le is known as 4,,, ase 3ca le. +. Multi mode' (his mode is further cate$orised in two' 4) S-' (ypical len$th is up to 9,,m and data rate is 4,,,M ps. +) <-' (ypical len$th is up to ++,m and data rate is 4,,M ps.

Summer Training e!ort "n Com!uter #etwor$ing

PATC- PANEL
A patch panel pro!ides a con!enient place to terminate (connect) all of the ca le comin$ from different locations into the wirin$ closet. )e connect the ca les comin$ from !arious locations willin$ to connect to switch throu$h the patch panel.

*66D @< PA(&? PA*63 )e can la el the patch panel so we know that which wire elon$s to which location. Wit,out a #atc, #ane*7 it i% c,aotic8 0f we want to disconnect a station from the switch" itJs a lot easier if thereJs a la el. Most ca lin$ is wired Dstrai$ht.throu$hD from end to end. But sometimes we need to cross.wire some of the pairs etween switch and station" like with a ca le modem" or cross.wire to connect two switches. )ith a patch panel" all of this cross.wirin$ is done in the patch ca le. 0f you ha!e to make any chan$es" like mo!in$ a station or switch" you 1ust mo!e the patch ca le with it" instead of ha!in$ to reterminate the ca le run.

Summer Training e!ort "n Com!uter #etwor$ing

PATC- CORD

RACK
)e ha!e to mount the patch panel somehow. (he est way is to uy a rack. Basically" a rack is a pair of !ertical rails with holes drilled in them so that we can mount patch panels" hu s" and other network e/uipment. Thi. made it ea.) to

acce.. the 'ac$ of the !atch !ane& and other networ$ing com!onent..

Ca)*in$ Guide*ine%
(he :I.89 ports on the switch support automatic MD0#MD0.- operation" so wecan use standard strai$ht.throu$h twisted.pair ca les to connect to any other network de!ice (P&s" ser!ers" switches" routers" or hu s). )e use only twisted.pair ca les with :I.89 connectors that conform to <&& standards. &onnectin$ to P&s" Ser!ers" ?u s and Switches 4. Attach one end of a twisted.pair ca le se$ment to the de!ice%s :I.89 connector. Makin$ (wisted.Pair &onnections

+. (he port where we are connectin$ the :I.89 is a network card" attach the other end of the ca le se$ment to a modular wall outlet that is connected Summer Training e!ort "n Com!uter #etwor$ing

to the wirin$ closet . @therwise" attach the other end to an a!aila le port on the switch. Make sure each twisted pair ca le does not e;ceed 4,, meters (5+7 ft) in len$th. Wi!in$ C*o%et Connection% (oday" the punch.down lock is an inte$ral part of many of the newer e/uipment racks. 0t is actually part of the patch panel. 0nstructions for makin$ connections in the wirin$ closet with this type of e/uipment follow. 4. Attach one end of a patch ca le to an a!aila le port on the switch" and the other end to the patch panel. +. 0f not already in place" attach one end of a ca le se$ment to the ack of the patch panel where the punch.down lock is located" and the other end to a modular wall outlet. 5. 3a el the ca les to simplify future trou leshootin$.

NETWORKING DE,I#ES
Summer Training e!ort "n Com!uter #etwor$ing

*etworkin$ de!ices do !arious kind of 1o s like transferrin$ the data to si$nals" pro!idin$ connecti!ity to different network de!ices" transferrin$ the data in form of packets or frames form one de!ice to other. (hese are the central connections for all the network e/uipments and handles a data type known as frame or packet. Actually frames# packet contain data and the destination address of where it is $oin$. )hen a frame is recei!ed" it is amplified and then transmitted on to port of destination P&. But different networkin$ components do this 1o in diff form at diff layers.

NETWORK INTERFACE CARD

A *etwork 0nterface &ard (*0&) is a circuit oard that plu$s into oth clients and ser!ers and controls the e;chan$e of data etween them (A specific software Kdri!erL must e installed dependin$ on the make of the *0&. A physical transmission medium" such as twisted pair or coa;ial ca le interconnects all network interface cards to network hu s or switches. 6thernet and (oken :in$ are common network interface cards. (oday%s cards supports 4, ase( and 4,, ase( with automatic reco$nition.

-UB
)hen the need for interconnectin$ more then + de!ices to$ether then a de!ice known as hu comes to picture. Basically hu is a layer one de!ice. i.e. it operates on the physical layer of the @S0 model. 0t is desi$ned to do roadcastin$ i.e when it $ets any frame it roadcasts it to e!ery port irrespecti!e that whether it is destined for that port or not. ?u has no way of distin$uishin$ which port a frame should e sent. Broadcastin$ results in lot of traffic on the network which lead to poor network response. 0f two P& simultaneously transmit there data packets and oth are connected to a ?UB" then collision will occur" so we can say" it creates a sin$le collision domain. @n the other hand all P&s connected to a hu will $et a same messa$e so a sin$le roadcast domain will e created. A 4,,#4,,, M ps hu must share its andwidth with each and e!ery one of its ports. So when only one P& is roadcastin$" it will ha!e access to the ma; a!aila le andwidth. 0f" howe!er" multiple P&%s are roadcastin$" then that andwidth will need to e di!ided etween all of these systems" which will de$rade the performance. (hey are usually ?alf.Duple; in nature.

Summer Training e!ort "n Com!uter #etwor$ing

.WITC?u s are capa le of 1oinin$ more than two P& ut ha!in$ some demerits like if two P& would want to communicate at a time then there would e a collision and the oth P& would ha!e to send the data once a$ain. (his shortcomin$ of ?u is o!ercame y Switches. Switches are intelli$ent de!ices which work on the 3ayer+ of the @S0 model. Basically a switch keeps a record of MA& addresses of all the de!ices connected to it. Usin$ this information" it uilds a MA& address ta le. So when a frame is recei!ed" it knows e;actly which port to send it to" which increases the network response time. Basic )orkin$ Principle of Switch. 4. At the time of initiali2in$ the switch the MA& address ta le is yet to e uilt up. )hen a frame is send y some of the P&" it reco$nises the source MA& address and update the MA& address ta le. +. 0f the destination is a!aila le in the MA& ta le then forward to the correspondin$ P&. 5. 0f the destination MA& address is not present in the ta le then forwards in all the port a!aila le e;pect the incomin$ one. (he desi$nated P& will respond for the data and it will send the acknowled$e for the data recei!ed. (his acknowled$ed data will e e;amined y the switch and the MA& address ta le would e up dated accordin$ly. 0f two P& simultaneously transmit there data packets and oth are connected to a S)0(&?" then collision will not occur" so we can say" it creates a multiple collision domain. (he switch supports roadcast. ?ence we can call switches create sin$le roadcast domain and multiple collision domains. A 4,,#4,,,M ps switch will allocate a full 4,,#4,,, M ps to each of its ports. So re$ardless of the no of P&%s transmittin$ user will always ha!e access to ma; amt of andwidth. (hey are usually <ull.Duple; in nature.

Switches are of two types 4) Mana$ed +) Unmana$ed Mana$ed switch supports S*MP (Simple *etwork Mana$ement Protocol) Summer Training e!ort "n Com!uter #etwor$ing

Different switchin$ Principles'. 4. .to!e-and-fo! a!d:- (he switch fully recei!es all its in the frame (store) efore forwardin$ the frame (forward). (his allows the switch to check the <&S efore forwardin$ the frame. (<&S is in the 6thernet trailer.) +. Cut-t,!ou$,'. (he switch performs the address ta le lookup as soon as the destination address field in the header is recei!ed. (he first its in the frame can e sent out the out ound port efore the final its in the incomin$ frame are recei!ed. (his does not allow the switch to discard frames that fail the <&S check. (<&S is in the 6thernet trailer.) 5. F!a$'ent F!ee'. (his performs like cut.throu$h switchin$" ut the switch waits for >8 ytes to e recei!ed efore forwardin$ the first ytes of the out$oin$ frame. Accordin$ to 6thernet specifications" collisions should e detected durin$ the first >8 ytes of the frame= frames in error ecause of a collision will not e forwarded. (he <&S still cannot e checked. Brid$e is another de!ice like switch which also operates asin$ on the MA& address. But the Basic difference etween the rid$e and the switch is that rid$e works on software ases" ut the switch works on hardware asic. (he Switch works on AS0&s ( Application Specific 0nte$rated &ircuits)

ROUTER
Switch and the ?u can only interconnect de!ices in a sin$le 3A*. <or interconnectin$ two 3A* or two or more different networks anther de!ice known as router is used. 0ts main 1o is to route ( sends ) packets to other networks and to do the routin$ ( esta lishin$ paths etween networks ) it uses the 0P address. A router is typically connected to at least two networks" commonly two 3A*%s or )A*%s or a 3A* and its 0SP%s network. :outers are located at $ateways" the places where two or more networks connect. :outers to determine the est path for forwardin$ the packet are usin$ forwardin$ ta les. 0t is a layer 5 de!ice i.e it operates at network layer of @S0 model. (he workin$ principle of the router is totally different from a switch. :outer makes a ta le known as !outin$ ta)*e7 which contains all the 0P address in the network" the information for 0P address router o tains directly ( all confi$ured 0P address on it ) or indirectly ( from nei$h our routers ). )hen a packet is recei!ed it compares the destination 0P address of the packet with the a!aila le 0P addresses in its :outin$ ta le. 0f the 0P address is not a!aila le in the routin$ ta le then it simply discard the packet instead of floodin$ in all the ports like a switch.(Detailed 0nformation a out router in chap )

Summer Training e!ort "n Com!uter #etwor$ing

Co'#a!i%on )et een -u)7 B!id$e7 . itc, 9 Route! Featu!e Nu')e! of )!oadca%t do'ain% Nu')e! of co**i%ion do'ain% Fo! a!d% LAN )!oadca%t%: Fo! a!d% LAN 'u*tica%t% O.I *a&e! u%ed ,en 'a"in$ fo! a!din$ deci%ion Inte!na* #!oce%%in$ 4a!iant% F!a'e;#ac"et f!a$'entation a**o ed: Mu*ti#*e concu!!ent e+ua*-co%t #at,% to %a'e de%tination a**o ed: -u) Se$ment 4 4 B!id$e 4 4 per rid$e port Mes . itc, 4 4 per switch port Mes Mes= can e optimi2ed for less forwardin$ Route! 4 per router interface 4 per router interface *o

*#A

Mes

*o

*#A

3ayer + Store. and. forward *o

*#A *#A

3ayer + Store.and. forward" cut. throu$h" <ra$ment<re e *o

3ayer 5 Store. and. forward Mes

*#A

*o

*o

Mes

Summer Training e!ort "n Com!uter #etwor$ing

LAN .OLUTION
CU.TOMER RE<UIREMENT
(here is a company" which has + offices. And the offices are +,, meters apart. (he connecti!ity etween these two offices is the main re/uirement to e fulfilled. 0n each office there are three different departments each department at different floor. 0n uildin$ 0st At each floor there are +, users and also at 5rd floor there are 3 .e!4e!%8 0n uildin$ 00nd At floor 4st and +nd there are +, users each. And at 5rd floor there are 8, users. (he andwidth re/uirement of each user is 4,, M ps while the re/uirement for the ser!er is 4 G ps. andwidth

All floors must e connected to a central switch to e placed at 00nd floor in office +nd. And connecti!ity should e !ia optical fi er. 6!erywhere there should e structured ca lin$. 6!ery switch should e pro!ide with one GB0& slot for future connecti!ity of ser!er. 6!ery where smart and mana$ed switch should e used.

Summer Training e!ort "n Com!uter #etwor$ing

.OLUTION
By lookin$ at the re/uirement it is clear that we re/uire a switch that has $ot +, ports and also + GB0& slots (one for optical fi er connecti!ity and one free slot is demanded for future use). Neepin$ this point into consideration we can use ?&3 +8 Port Mana$ed Stacka le Switch as this switch has $ot +8 ports and + GB0& slots and this switch is mana$ed switch also. And with this +8 port switch we will use +8 port ?&3 made Patch Panel And for connecti!ity of patch panel with switch we re/uire 5 ft Patch &ord. As structured ca lin$ is must so we re/uire U(P ca le and 0#@ o; and to connect P&s with 0#@ o; we re/uire Eft Patch &ord. ?ere we will use &at9e U(P ca le ecause andwidth re/uirement is 4,, M ps (his trend of connectin$ the users to the switch will e followed at each and e!ery floor ut at floor 5rd of uildin$ 00nd there are 8, user so here instead of 4 switch we re/uire + switches. At 5rd floor of uildin$ 4st + ser!ers are also present whose andwidth re/uirement is 4G ps. So now we ha!e two options either to connect with U(P ca le or <i er optic ca le. But here we will use fi er optic as we are already usin$ it so thee is no need to waste money on U(P &at > &a le. So here we will simply use the fi er optic patch cord to connect the ser!er to switch. *ow only one thin$ is left i.e. connection of switches to a central switch placed at +nd floor of 00nd uildin$. As the connection re/uirement is !ia optical fi er so we at central location we re/uire a switch ha!in$ all its ports as GB0& slots and no of ports should not e more than 7 as there are only E +8 port switches in use (one optical ca le line from each switch) *ow here as the distance etween the two offices is only +,, meters so here we will use multimode optical fi er and that too <- type and as the ca le is to e laid in open so outdoor armored ca le will e use. Summer Training e!ort "n Com!uter #etwor$ing

(he connecti!ity dia$ram" the ill of material and the specification sheet for the solution is $i!en in the followin$ pa$es.

.PECIFICATION .-EET
-CL-3=TM.-3.-W
-CL 3= Po!t Mana$ed .tac"a)*e . itc, .TANDARD.- 06667,+.5 (6thernet) " 06667,+.5a (<ast 6thernet)" 06667,+.+a (Gi$a it 6thernet)" 06667,+.52 (4,,,Base S-#3-) PORT.- +8 port auto ne$otiation 4, ase (#4,, ase (+optional modular e;pansion ports (4,,, ase.(" 4,,, ase 3-#S-#<-) MAC Add!e%%e%. 8N BANDWIDT-- 4+G ps .WITC-ING RATE- >.>M ps .NMP(.i'#*e Net o!" Mana$e'ent P!otoco*0- Mes" and supports :<&449E WEB MANAGEABLE- Mes

PC-C>2?-E
CAT ? e CABLE 6nhanced &A( 9 59, M?2 U(P Bulk &a le 8 Pairs Solid Grey 3en$th' 5,9 Meters

PC-@P3=-E
Summer Training e!ort "n Com!uter #etwor$ing

PATC- PANEL Unshielded +8 Port :I.89 1ack for performance O rated 4,, M ps <ully &omplied to e &A( 9 (9>7A#B standards 4.>mm metallic Patch Panel 4HJJ :ack Mount frame 4U <ully powder coated Black

PC-MC>-GE
> ft8 #atc, co!d 5 ft. 6nhance &A(.9 59, M?2 Grey Patch &ord U(P twisted pair with Black Sna$less <lan$e Boot

PC-MCA-GE
A ft8 #atc, co!d E ft. 6nhance &A(.9 59, M?2 Grey Patch &ord U(P twisted pair with Black Sna$less <lan$e Boot.

PF-CMB-A-OM3
outdoo! a!'ou!ed Fi)e! o#tic ca)*e - Mu*ti'ode Con%t!uction: &orru$ated steel tape armoured ca le construction Multimode G >+.9#4+9Pm ca le No of Co!e% G > fi re core ca les. Len$t,. 4 meter

PF-PM.C-.C->D-?2
.C-.C Du#*e5 Patc, co!d Mu*ti'ode Patc, Co!d% ca)*e C 9,#4+9Pm Multi mode Patc, Co!d% connecto!% CS&#S( &onnectors MM patch cords Summer Training e!ort "n Com!uter #etwor$ing

OFC Patc, co!d is duple; type of 5mtrs len$th

PF-CO.C-M
.C Connecto! Mu*ti 'ode Ea%& connection 9 di%connection C Pull .. Push type

PF-CP.C-M
.C Cou#*e! C '' (Inc*uded in t,e Fi)e! Patc, Pane*0 Lo In%e!tion *o%% T&#e G S& . S& type

PF-LIU-D3U
D3 Co!e LIU ( Line In%e!tion Unit 0 )all mount 4+ way <i re Iack Panel Base Unit Q 4+ MM S& couplers with panel

PF-LIU-BU
B Co!e LIU (Line In%e!tion Unit0 )all mount > way <i re Iack Panel Base Unit Q > MM S& couplers with panel.

Summer Training e!ort "n Com!uter #etwor$ing

ROUTER
:@U(6: 0*(6:*A3 &@MP@*6*(S
3ike a computer" a router has a &PU that !aries in performance and capa ilities dependin$ upon router platform. 0t has typically 8 types of memory in it.' ROM. 0t is used to store the router%s ootstrap startup pro$ram" operatin$ system software" and power.on dia$nostic tests pro$rams. )e can also up$rade our :@M FLA.- MEMOR/. 0t holds operatin$ systems ima$e(s). <lash memory is erasa le" repro$ramma le :@M. @ur 0@S software is present in this memory and we can up$rade it also. <lash content is retained e!en when we switch off or restart the router. RAM . 0t is used to store operational information such as routin$ ta les" router%s runnin$ confi$uration file. :AM also pro!ides cachin$ and packet ufferin$ capa ilities. 0ts content is lost when we switch off or restart the router. )hen we confi$ure the router at that time actually we are writin$ in :AM. N6RAM . 0t is used to store the router%s startup confi$uration file. 0t does not lose data when power is switched off. So the contents of startup confi$uration files are maintained e!en when we switch off or restart the router.

:@U(6:%S *6()@:N 0*(6:<A&6S

Summer Training e!ort "n Com!uter #etwor$ing

Et,e!net o! To"en Rin$ inte!face are confi$ured to allow connection to a 3A*. .&nc,!onou% %e!ia* inte!face% are confi$ured to allow connections to )A*s. I.DN BRI inte!face% are confi$ured to allow connection to an 0SD* )A*. All cisco routers ha!e a con%o*e #o!t that pro!ides an 60A#(0A.+5+ asynchronous serial connection. &onsole port can e connected to computers serial connection to $ain terminal access to router. Most routers also ha!e an au5i*ia!& #o!t that is !ery similar to console port ut" is typically used for modem connection for remote router mana$ement.

CONFIGURING T-E ROUTER

(here are three methods for confi$urin$ the router' 4) (hrou$h console port'. (he console port is used for confi$urin$ a router locally with the help of a P& or a 3aptop. (he console port of the router is connected to the serial i.e &@M port of the router. (he detailed confi$uration is $i!en in the section. +) (hrou$h the AU- port'. (he au; ( au;iliary ) port is accessed from a modem located faraway from a router throu$h the PS(* ( Pu lic Switched (elephone *etwork ) and the confi$uration is done.

5) (hrou$h (elnet'. 3ine !ty ( !irtual terminal ) , to 8 are used for the confi$urin$ the router y telnet. Summer Training e!ort "n Com!uter #etwor$ing

Confi$u!in$ Route! t,!ou$, Con%o*e #o!t

)e use ?yper(erminal Pro$ram to open a con%o*e %e%%ion and lo$ into the router locally. (his console connection allows to connect to and to communicate with router without ha!in$ to connect to the network to which it elon$s. *ow" the P& ecomes the console that allows to enter commands and communicate directly with the router. (o set up a console session" we use the workstation%s )indows ?yper(erminal (terminal emulation) pro$ram. *ow first of all we confi$ure the &@M port settin$s" then lo$ into the router to interact with the 0@S command line interface (&30). (hese are the com port settin$s' H>,, 7 * 4 @n#off After pressin$ enter or @N to accept these settin$s" we came across a window. (his is a session window. lank

(he <ollowin$ steps are adopted to access a router throu$h the console port with a )indows ased P&. Access ?yper terminal'. Start Menu Pro$rams Accessories &ommunication ?yperterminal &onnect to the de!ice of the P&

Summer Training e!ort "n Com!uter #etwor$ing

C"2 * Setting

- *er ter%ina$ Screen

Summer Training e!ort "n Com!uter #etwor$ing

Afte! connectin$ t,e !oute! t,at #!ocedu!e% i** )e ado#ted8 Route!E ena)*e

i** )oot and afte! )ootin$ t,e fo**o in$

*ow automatically prompt askin$ for password will appear on the screen like this' Pa%% o!d: *ow write password o!er here. (his is done to secure access to router. After this Route!F will appear on the screen this shows that we are in pri!ile$ed mode and now we try to enter in confi$uration mode. Route!F confi$u!e te!'ina* (his is done to enter confi$uration mode. *ow starts the confi$uration of router *ow we will assi$n 0P address to each and !ery interface connected to router. Su net mask should e $i!en with a proper care. <ollowin$ steps are to e followed' <or confi$urin$ et,e!net inte!face' Route!F confi$ terminal Route! (confi$0F interface ethernet , Summer Training e!ort "n Com!uter #etwor$ing

Route! (confi$-if0F ip address ++5.7.494.4 +99.+99.+99., Route! (confi$-if0F no shutdown Route! (confi$-if0Fe;it <or confi$urin$ %e!ia* inte!face' Route! (confi$0F interface serial , Route! (confi$-if0F ip address +,8.+,8.E.4 +99.+99.+99., Route! (confi$-if0F no shutdown Route! (confi$-if0Fe;it Route! (confi$0F interface serial 4 Route! (confi$-if0F ip address 4HH.>.45.+ +99.+99.+99., Route! (confi$-if0F no shutdown Route!(confi$-if0F e;it

ROUTING PROTOCOL.
ROUTING INFORMATION PROTOCOL (RIP0 :0P is a dynamic" distance !ector routin$ protocol. :0P uses UDP port 9+, for route updates. :0P calculates the est route ased on hop count. (his makes :0P !ery fast to con!er$e :0P sends full ta le updates at re$ular inter!als specified y the route.update timer (5, seconds is the default). (his means that a :0P router summari2es all routes it knows alon$ classful oundaries and sends the summary information to all other :0P routin$ de!ices. :0P updates can contain up to +9 messa$es. :0P (0M6:S (0M6: u#date ti'eout F*u%, D6<AU3( &@*(:@3S 5, sec. 0nter!al etween route update ad!ertisements 47, sec. 0nter!al a route should stay Jli!eJ in the routin$ ta le. (his counter is reset e!ery time the router hears an update for this route. +8, sec. ?ow lon$ to wait from the time the route was recei!ed to delete a route (>, seconds after timeout).

(he routin$.update timer controls the time etween routin$ updates. Default is usually 5, seconds" plus a small random delay to pre!ent all :0P routers from sendin$ updates simultaneously. (he route.timeout timer controls when a route is no lon$er a!aila le. (he default is usually 47, seconds. 0f a router has not seen the route in an update durin$ this specified inter!al" it is dropped from the routerJs announcements. (he route is maintained lon$ enou$h for the router to ad!ertise the route as down (hop count of 4>). (he route.flush timer controls how lon$ efore a route is completely flushed from the routin$ ta le. (he default settin$ is usually 4+, seconds. Summer Training e!ort "n Com!uter #etwor$ing

BA.IC RIP CONFIGURATION Accordin$ to the recollection of 0netDaemon" confi$urin$ a &isco router for a asic :0P confi$uration would look somethin$ like this' routerC ena le Password' routerR conf t router(confi$)Rinterface ethernet , router(confi$.if)R ip address 4H+.4>7.8+.4 router(confi$.if)R interface ethernet 4 router(confi$.if)R ip address 4H+.4>7.85.4 router(confi$.if)R e;it router(confi$)R router rip router(confi$.router)R network 4H+.4>7.8+., router(confi$.router)R network 4H+.4>7.85., router(confi$.router)R e;it router(confi$.router)R S2 routerR (he e;ample a o!e assumes that the interfaces that will e runnin$ :0P ha!e 0P addresses on them that fall within the 4H+.4>7.8+.," and 4H+.4>7.85., class & ran$es. IGRP 0G:P is a distance.!ector routin$ protocol that considers a composite metric which" y default" uses andwidth and delay as parameters instead of hop count. 0G:P is not limited to the 49.hop limit of :0P. 0G:P has a ma;imum hop limit of 4,," y default" and can e confi$ured to support a network diameter of +99. )ith 0G:P" routers usually select paths with a lar$er minimum.link andwidth o!er paths with a smaller hop count. 3inks do not ha!e a hop count. (hey are e;actly one hop. 0G:P is a!aila le only on &isco routers 0G:P will load. alance traffic if there are se!eral paths with e/ual cost to the destination 0G:P sends its routin$ ta le to its nei$h ors e!ery H, seconds. 0G:PJs default update period of H, seconds is a enefit compared to :0P" which can consume e;cessi!e andwidth when sendin$ updates e!ery 5, seconds. 0G:P uses an in!alid timer to mark a route as in!alid after +E, seconds (three times the update timer). As with :0P" 0G:P uses a flush timer to remo!e a route from the routin$ ta le= the default flush timer is set to >5, seconds (se!en times the update period and more than 4, minutes). 0f a network $oes down or the metric for the network increases" the route is placed in holddown. (he router accepts no new chan$es for the route until the holddown timer e;pires. (his setup pre!ents routin$ loops in the network. (he default holddown timer is +7, seconds (three times the update timer plus 4, seconds). Summer Training e!ort "n Com!uter #etwor$ing

IGRP Ti'e! Update 0n!alid ?olddown <lush

Defau*t Ti'e H, seconds +E, seconds +7, seconds >5, seconds

IP ACCE.. LI.T
0P access lists cause a router to discard some packets ased on criteria defined y the network en$ineer. (he $oal of these filters is to pre!ent unwanted traffic in the networkAwhether to pre!ent hackers from penetratin$ the network" or 1ust to pre!ent employees from usin$ systems that they should not e usin$. Ney features of access lists' T Packets can e filtered as they enter an interface" efore the routin$ decision. T Packets can e filtered efore they e;it an interface" after the routin$ decision. T Deny is the term used in &isco 0@S software to imply that the packet will e filtered. T Permit is the term used in &isco 0@S software to imply that the packet will not e filtered. T (he filterin$ lo$ic is confi$ured in the access list. T At the end of e!ery access list is an implied Kdeny all trafficL statement. (herefore" if a packet does not match any of your access list statements" it is locked. Access lists ha!e two ma1or steps in their lo$ic' matchin$ and action. Matchin$ lo$ic e;amines each packet and determines whether it matches the acce%%-*i%t statement. As soon as an acce%%-*i%t statement is matched" there are two actions to choose from' deny and permit. Deny means to discard the packet" and permit implies that the packet should continue on its way.

Summer Training e!ort "n Com!uter #etwor$ing

FIREWALL
As the limits of networkin$ is increasin$ unfolded so the dan$er of information leakin$ in and leakin$ out increases. So a mechanism is re/uired to keep $ood its in and ad its out. And for this we use <0:6)A33. A firewall is a de!ice of some kind that separates and protects our network . in most cases" from the 0nternet. 0t restricts traffic to only what is accepta le" and monitors that what is happenin$. 6!ery firewall has at least two network interfaces" one for the network it is intended to protect" and one for the network it is e;posed to. A firewall sits at the 1unction point or $ateway etween the two networks" usually a pri!ate network and a pu lic network such as the 0nternet. 0t may e a ,a!d a!e de4ice or a %oft a!e #!o$!a' runnin$ on a secure host computer. ?ardware de!ice means a physical de!ise connected at the $ateway which checks e!ery incomin$ or out$oin$ packet. Software pro$ram means that software is loaded in computer that determines as what to allow and what to re1ect. A firewall e;amines all traffic routed etween the two networks to see if it meets certain criteria. A firewall filters oth in ound and out ound traffic.

Tec,no*o$ie%
(here are three different types of firewall technolo$ies' 4) Packet <ilterin$ +) Pro;y 5) Stateful 0nspection

Pac"et Fi*te!in$ A packet filterin$ firewall simply inspects incomin$ traffic at the transport layer of the @S0 model. (he packet filterin$ firewall analy2es (&P or UDP packets and compare them to a set of esta lished rules called as Access &ontrol 3ist (A&3). Packet filterin$ inspects packet nly for followin$ elements Source 0P address Source Port Destination 0P address Destination Port Protocol

P!o5& Summer Training e!ort "n Com!uter #etwor$ing

)hen a firewall is installed then no P& makes direct connection to the outside world. 0n that case they use pro;y i.e each P& first of all sends re/uest to pro;y which then forwards the re/uest to the internet or outside world for connection or data transfer. .tatefu* In%#ection 0t is a com ination of Packet filterin$ and pro;y ser!ices. (his is the most secure technolo$y and pro!ides the most functionality ecause connections are not only applied to A&3" ut are lo$$ed into a static ta le. After a connection is esta lished" all session data is compared to the static ta le. 0f the session data does not match the state ta le information for that connection" then connection is dropped.

CONFIGURING T-E FIREWALL

<i!e asic commands are used to do a asic confi$urin$ of the firewall. interface nameif ip.address nat $lo al Inte!face Co''and (he interface command identifies the interface hardware card" sets the speed of the interface and ena les the interface all in one command. SM*(A-: interface hardware_id hardware_speed [shutdown] hardware_id indicates interface%s physical location on the firewall. Hardware_speed indicates connection speed. (here are !arious options pro!ided to us y the firewall re$ardin$ speed. D222%5fu**ASets full.duple; Gi$a it 6thernet. D222)a%e%5ASets half.duple; Gi$a it 6thernet D222autoAAutomatically detects ands ne$otiates full#half duple; D2fu**ASets 4,M ps full.duple; 6thernet D22fu**ASets 4,,M ps full.duple; 6thernet. Shutdown (his parameter administrati!ely shuts down the interface. na'eif co''and 0t is used to name an interface and assi$n security le!el from 4 to HH. (he outside and inside interfaces are named y default and ha!e default security !alues of , and 4,," respecti!ely. By default" the interfaces ha!e their hardware 0D. 6thernet , is the outside interface" and 6thernet 4 is the inside interface SM*(A-: nameif hardware_id if_name security_level hardware_id 0ndicates the interface%s physical location on the <irewall. if_name (he name y which we refer to this interface. security_level A numerical !alue from 4 to HH indicatin$ the security le!el. 6;amples' nameif ethernet, outside security, Summer Training e!ort "n Com!uter #etwor$ing

nameif ethernet4 inside security4,, nameif ethernet+ dm2 security+, )e can see the confi$uration y usin$ %,o

na'eif command.

i# add!e%% Co''and All the interfaces must e confi$ured with an 0P address. (he i# add!e%% command is used to confi$ure 0P addresses on the interfaces. (he i# add!e%% command inds a lo$ical address (0P address) to the hardware 0D. SM*(A-' ip address if_name ip_address [netmaskU if_name (he interface name that was confi$ured usin$ the na'eif command. ip_address (he interface%s 0P address. net'a%" (he appropriate network mask. 0f the mask !alue is not entered" the firewall assi$ns a classful network mask. 6;ample' ip address inside 4,.4,.4,.48 +99.+99.+99., )e can see the confi$uration y usin$ %,o i# command. nat Co''and (he nat (*etwork Address (ranslation) command translates a set of 0P addresses to another set of 0P addresses. SM*(A-' nat ( if_name nat_id local_ip [netmask] (if_name (he internal network interface name. nat_id (he 0D num er to match with the $lo al address pool. local_ip (he 0P address that is translated. (his is usually the inside network 0P address. net'a%" *etwork mask for the local 0P address. (here are two types of *A(in$' *) Static' <or e;. (here is a $oo$le ser!er and we don%t want to make its 0P address pu lic so we chan$e its 0P address usin$ nat command in firewall and now user will lo$on to this new 0P . (his results in more security as e!ery time it has to pass throu$h firewall. +) Dynamic' 0f there are lots of P&%s in a network and all want to access the internet " it is not easy that e!ery P& is ein$ pro!ided with independent pu lic 0P so at firewall le!el we chan$e e!ery P&%s p!t 0p with pu lic 0P. 6;amples' nat (inside) 4 4,.4,.4,., +99.+99.+99., nat (inside) 4 4E+.4>.4., +99.+99.+99.,

$*o)a* Co''and Summer Training e!ort "n Com!uter #etwor$ing

(he $*o)a* command is used to define the address or ran$e of addresses that the addresses defined y the nat command are translated into. 0t is important that the nat_id e identical to the nat_id used in the nat command. (he nat_id pairs the 0P address defined y the $*o)a* and nat commands so that network translation can take place. SM*(A-' !lo"al ( if_name nat_id !lo"al_ip # !lo"al_ip$!lo"al_ip [netmask] (if_name (he e;ternal network where you use these $lo al addresses. nat_id 0dentifies the $lo al address and matches it with the nat command it is pairin$ with. !lo"al_ip A sin$le 0P address. )hen a sin$le 0P address is specified" the firewall automatically performs Port Address (ranslation (PA(). $*o)a*Gi#-$*o)a*Gi# Defines a ran$e of $lo al 0P addresses to e used y the firewall to *A(. net'a%" (he network mask for the $lo al 0P address(es).

INTRU.ION DETECTION ./.TEM (ID.0

An 0DS is a security counter measure. 0t monitors network traffic and monitors for suspicious acti!ity and alerts the system or network administrator. 0n some cases the 0DS may also respond to anomalous or malicious traffic y takin$ action such as lockin$ the user or source 0P address from accessin$ the network A firewall simply locks openin$s into your network#system" ut cannot distin$uish etween $ood# ad acti!ity. (herefore" if you need to allow an openin$ to a system (like a we .ser!er)" then a firewall cannot protect a$ainst intrusion attempts a$ainst this openin$. 0n contrast" intrusion detection systems can monitor for hostile acti!ity on these openin$s.

-ID.
?ost 0ntrusion Detection Systems run on indi!idual hosts or de!ices on the network. A ?0DS monitors the in ound and out ound packets from the de!ice only and will alert the user or administrator of suspicious acti!ity if detected

NID.
*etwork 0ntrusion Detection Systems are placed at a strate$ic point or points within the network to monitor traffic to and from all de!ices on the network. 0deally you would scan all in ound and out ound traffic" howe!er doin$ so mi$ht create a ottleneck that would impair the o!erall speed of the network. )hen an unauthori2ed user lo$s in successfully" or attempts to lo$ in" they are est tracked with host. ased 0DS. ?owe!er" detectin$ the unauthori2ed user efore their lo$ on attempt is est accomplished with network. ased 0DS. (here are four asic techni/ues used to detect intruders' 4) Anomaly detection +) misuse detection (si$nature detection) 5) tar$et monitorin$ Summer Training e!ort "n Com!uter #etwor$ing

Ano'a*& Detection Desi$ned to unco!er a normal patterns of eha!ior the 0DS esta lishes a aseline of normal usa$e patterns" and anythin$ that widely de!iates from it $ets fla$$ed as a possi le intrusion. An e;ample of this would e if a user lo$s on and off of a machine +, times a day instead of the normal 4 or +. Also" if a computer is used at +',, AM when normally no one outside of usiness hours should ha!e access" this should raise some suspicions. At another le!el" anomaly detection can in!esti$ate user patterns" such as profilin$ the pro$rams e;ecuted daily. 0f a user in the $raphics department suddenly starts accessin$ accountin$ pro$rams or compilin$ code" the system can properly alert its administrators.

Mi%u%e Detection o! .i$natu!e Detection this method uses specifically known patterns of unauthori2ed eha!ior to predict and detect su se/uent similar attempts. (hese specific patterns are called si$natures. <or host. ased intrusion detection" one e;ample of a si$nature is Dthree failed lo$ins.D Ta!$et Monito!in$ (hese systems do not acti!ely search for anomalies or misuse" ut instead look for the modification of specified files. (his is more of a correcti!e control" desi$ned to unco!er an unauthori2ed action after it occurs in order to re!erse it. @ne way to check for the co!ert editin$ of files is y computin$ a crypto$raphic hash eforehand and comparin$ this to new hashes of the file at re$ular inter!als. (his type of system is the easiest to implement" ecause it does not re/uire constant monitorin$ y the administrator. 0nte$rity checksum hashes can e computed at whate!er inter!als you wish" and on either all files or 1ust the mission#system critical files Pa%%i4e ID. A passi!e 0DS simply detects and alerts. )hen suspicious or malicious traffic is detected an alert is $enerated and sent to the administrator or user and it is up to them to take action to lock the acti!ity or respond in some way. Reacti4e ID. A reacti!e 0DS will not only detect suspicious or malicious traffic and alert the administrator" ut will take pre.defined proacti!e actions to respond to the threat. (ypically this means lockin$ any further network traffic from the source 0P address or user. 0DS is re/uired to e properly confi$ured to reco$ni2e what is normal traffic on your network !s. what mi$ht e malicious traffic and you" or the administrators responsi le for respondin$ to 0DS alerts" need to understand what the alerts mean and how to effecti!ely respond. Summer Training e!ort "n Com!uter #etwor$ing

WAN .OLUTION
RE<UIREMENT
(here is one &B& (&entral Billin$ &enter) which is re/uired to e connected with +7 BG& (Bill Generation &enter). As with each BG& location further locations are connected so it is re/uired to use a router at each location. &B& :outer must ha!e these specifications' 8 num ers of4,#4,, fast 6thernet interfaces. +, num er of V.59 interface to recei!e the data from comin$ BG& Via optical fi er# 3ease line + num ers of 0SD* B:0 ports. <our num ers of synchronous serial interfaces for >8 k ps lease line connecti!ity. BG& :outer must ha!e these specifications' + port 4,#4,, M ps 6thernet 0nterface. Sufficient port Serial )A* 0nterfaces. Al the BG& locations are to e connected to the central location ha!in$ a point to point connecti!ity. (he BG& location are ha!in$ a leased line connecti!ity of 4+7 N ps which can e up $rada le to + M ps. (he leased 3ine connecti!ity is to e pro!ided BM a 0SP.

.OLUTION
As per the re/uirement the proposed solution is to ha!e point to point connecti!ity etween the central location and the +7 BG& locations. (here is a &isco 4784 :outer at each of the BG& location. (hey are connected to a + M ps 3eased 3ine Modem Pair." ?&3.Gateway G+M.+)" throu$h the serial port. (he modem at the customer end is connected to a modem at the 0SP side. 3ike this way the central location ha!in$ a &isco 5789 :outer is connected to +7 nos of + M ps 3eased 3ine modem pair. (he connecti!ity dia$ram and the ill of material re/uired for the solution is $i!en in the followin$ pa$es.

Summer Training e!ort "n Com!uter #etwor$ing

WLAN (WIRELE.. LAN0

0n a traditional 3A* each computer physically connects to the network !ia wires and a network port. A )ireless 3ocal Area *etwork ()3A*) is a network that pro!ides the same ser!ices ut without the need for physical connections etween the computers and the network. )ireless 3A*s offer many ad!anta$es o!er traditional wired networks" such as mo ility" fle;i ility" scala ility and speed" simplicity and reduced cost of installation. A )3A* typically uses radio wa!es" which allow network P& cards plu$$ed into a P&#laptop to connect to a traditional 6thernet 3A*. 0666 de!eloped the 7,+.44 standards to pro!ide wireless networkin$ technolo$y like the wired 6thernet.

.TANDARD.
0666 de!eloped the 7,+.44 standards to pro!ide wireless networkin$ technolo$y. )ith time.to.time de!elopment in the field of technolo$y three standards has een finali2ed. 7,+.44(a)" 7,+.44( )" 7,+.44($) 7,+.44( ) 44M #s 9.9M #s +.8 G?F 9E m 4,,W 4,,W 5 7,+.44(a) 98 M #s ++.+> M #s 9 G?F 4+m 4+,W +,,,W 7 7,+.44($) 98 M #s 4E.++ M #s +.8 G?F 4Hm 44,W 9,,W 8

Ma;. it rate#:aw net <re/uency Band :an$e O Ma;. rate Unit &ost &o!era$e &ost *o. of channels

0666 7,+.44a standard is the most widely adopted one ecause it operates at licensed 9 G?F and while other are unlicensed and also it pro!ides ma;. nof channels and ma;. it rate than any other standards.

TOPOLOGIE.
(here are two topolo$ies on which )3A* works' 4) 0nfrastructure *etwork +) Ad hoc *etwork 0*<:AS(:U&(U:6 *6()@:N Summer Training e!ort "n Com!uter #etwor$ing

0t is useful for pro!idin$ wireless co!era$e of uildin$ or campus areas. (his is a topolo$y used when there are many access points in a sin$le location. By deployin$ multiple Access Points (APs) with o!erlappin$ co!era$e areas" or$ani2ations can achie!e road network co!era$e. . A laptop or other mo ile de!ice may mo!e from AP to AP while maintainin$ access to the resources of the 3A*. 6ach client is e/uipped with wireless network interface card (*0&) that consists of the radio transcei!er and the lo$ic to interact with the client machine and software. )hile the AP is essentially a radio transcei!er on one side and the wired ack one on the other.

AD?@& *6()@:N Summer Training e!ort "n Com!uter #etwor$ing

(his topolo$y is used when we ha!e to interconnect mo ile de!ices that are in the same area (e.$." in the same room). 0n this architecture" client stations are $rouped into a sin$le $eo$raphic area and can e 0nternet.worked without access to the wired 3A* (infrastructure network). (he ad hoc confi$uration is similar to a peer.to.peer office network in which no node is re/uired to function as a ser!er. 0n ad hoc there is no need of any AP as all de!ices are wirelessly connected to each other.

Summer Training e!ort "n Com!uter #etwor$ing

Inte$!ated .e!4ice% Di$ita* Net o!" (I.DN0

0SD*%s primary $oal is the inte$ration of !oice and non!oice ser!ices. 0SD* is actually a set of communication protocols proposed y telephone companies that allows them to carry a $roup of di$ital ser!ices that simultaneously con!ey data" te;t" !oice" music" $raphics" and !ideo to end users" and it was desi$ned to achie!e this o!er the telephone systems already in place. (here are two types of channels' 4) B channel +) D channel B channel Bearer channels (B channels) are used to transport data. B channels are called earer channels ecause they ear the urden of transportin$ the data. B channels operate at speeds of up to >8 k ps. D channel D channels are used for si$nalin$. (hey are used to esta lish the session efore the data is actually transfer.

I.DN INTERFACE.
(ypes of 0SD* interfaces' 4) Basic :ate 0nterface (B:0) +) Primary :ate 0nterface (P:0). Both B:0 and P:0 pro!ide multiple di$ital earer channels o!er which temporary connections can e made and data can e sent. BRI: %SD& 'asic (ate %nterface (B:0" also known as +BQ4D) ser!ice pro!ides two B channels and one D channel. (he B:0 B.channel ser!ice operates at >8N ps and carries data" while the B:0 D.channel ser!ice operates at 4>N ps and usually carries control and si$nalin$ information. PRI: Accordin$ to American standards " the 0SD* Primary (ate %nterface (P:0" also known as +5BQD4) ser!ice deli!ers +5 >8N ps B channels and one >8N ps D channel for a total it rate of up to 4.988M ps. And accordin$ to 6uropean standards" 0SD* pro!ides 5, >8N ps B channels and one >8N ps D channel for a total it rate of up to +.,87M ps.

I.DN Function G!ou#% and Refe!ence Point%

Summer Training e!ort "n Com!uter #etwor$ing

@ Function $!ou#AA set of functions implemented y a de!ice and software

T Refe!ence #ointA(he interface etween two function $roups" includin$ ca lin$ details

:outer A is ordered with an 0SD* B:0 U reference point" referrin$ to the 0.85, reference point definin$ the interface etween the customer premises and the 0SP. :outer B is ou$ht with an 0SD* B:0 S#( interface" implyin$ that it must e ca led to a function $roup *(4 de!ice. An *(4 function $roup de!ice must e connected to the 0SP line throu$h a U reference point= the S#( interface defines the connection to :outer B. :outer B is called a (64 ((erminal 6/uipment 4) function $roup de!ice. *on.0SD* e/uipment is called a (6+ ((erminal 6/uipment +) de!ice and is attached usin$ the : reference point to a terminal adapter ((A) function $roup de!ice. Alternati!ely" a (64 can connect usin$ an S reference point to an *(+ function $roup"

Summer Training e!ort "n Com!uter #etwor$ing

Function G!ou#%: *) TED (Te!'ina* E+ui#'ent D0 0SD*.capa le four.wire ca le. Understands

si$nalin$ and +BQD. Uses an S reference point. +) TE3 (Te!'ina* E+ui#'ent 30: 6/uipment that does not understand 0SD* protocols and specifications (no 0SD* awareness). Uses an : reference point" typically an :S.+5+ or V.59 ca le" to connect to a (A 5) TA (Te!'ina* ada#te!0: 6/uipment that uses : and S reference points. &an e thou$ht of as the (64 function $roup on ehalf of a (6+. 8) NTD (Net o!" Te!'ination0: &onnects with a U reference point (two.wire) to the 0SP. &onnects with ( or S reference points to other customer premises e/uipment.

Refe!ence Point%:
R . T U . etween (6+ and (A. etween (64 or (A and *(+. etween *(+ and *(4. etween *(4 and 0SP.

Summer Training e!ort "n Com!uter #etwor$ing