Submitted in partial fulfillment of the Requirements for the award of the degree


Bachelor of Technology


This project was one of the most productive & knowledgeable experience in my engineering carrier. I have learned so many new things during this project like how to work in a group ,leadership, how to use different skills and knowledge, group discussion etc. It provided me a golden opportunity to improve my basic skills and practical aspects which is the primary requirement of the today’s companies and organizations. It gives me an immense pleasure to thank those people who have contributed directly or indirectly during the completion of this project. I would like to express my gratitude to MR. ASHUTOSH Sir for all time cooperation in guiding this project into final shape. Last but not the least, I wish to thank our College Principal and H.O.D. Sir to encourage me to complete this project.




This is to certify that the project report entitled “ NETWORK SYSTEM” Submitted by SUMIT CAHNDEL, in the partial fulfillment of the requirement of the course of NETWORKING AND TECHNOLOGY in INFORMATION TECHNOLOGY embodies the Work done by them under my guidance.

Project Incharge & Guide:



Sr. No. 1 2 Topic Training Organization detail Introduction to Computer Networking Principles Building Blocks: The basic components of a network 3 4 5 6 7 8 9 10 11 12 OSI Model TCP/IP Cisco IOS Routing Table STP TCP/IP VLAN Access-Lists Network Address Translation Bibliography 19 - 21 22 - 25 26 - 30 31 - 32 33 - 34 35 - 36 37 - 38 39 - 40 41 - 44 45 - 45 Page 05 - 05 06 - 18

The entire software maintenance and development task is done by this very organization. growing institution. focused on the development of cutting edge solutions in the following domains: • • • • • Health Informatics Multilingual Technologies Software Technologies Cyber Forensics and Security Multimedia Technologies The organization inculcates the tangible need of flexible nature of software market. It is a national level government organization that provides training to young individuals in the field of Information Technology and Computer Science field. . They make to work in some of the live projects of the state. It has various plans to implement and to share with trainees. So this is overall training to an individual here at DIT National Informatics Centre is the major player for the spread of IT in the State and Districts. The IT requirements at the District are being fulfilled by the District Informatics Centres of NIC established in each District. DIT is a dynamic.5|Page CHAPTER-1 TRAINING ORGANISATION DETAIL Department of Information Technology is the state level organization that provides all the software needs to the state of Himachal Pradesh.

from an end user's point of view there are two basic types:  Local-Area Networks (LANs) The computers are geographically close together (that is. Other Definitions: Topology The geometric arrangement of computer system is termed as a topology. star. and ring.6|Page CHAPTER. Common topologies include bus. However. Another popular LAN protocol for PCs is the IBM token-ring network. Architecture . the following characteristics are also used to categorize different types of networks. One of the most popular protocols for LANs is called Ethernet. Protocol The protocol defines a common set of rules and signals that computers on the network use to communicate. which access shared network resources. The computer that provides resources to other computers on a network is known as server. are known as nodes. In the network the individual computers.  Wide-Area Networks (WANs) The computers are farther apart and are connected by telephone lines or radio waves. Types of Networks: There are many different types of networks. in the same building).2 Computer Network A computer network is interconnection of various computer systems located at different places. In computer network two or more computers are linked together with a medium and data communication devices for the purpose of communication data and sharing resources. In addition to these types.

and ARCnets being the most common for PCs. Computers on a network are sometimes called nodes.7|Page Networks can be broadly classified as using either peer-to-peer or client/server architecture. Most LANs as shown in Figure connect workstations and personal computers. However. Users can also use the LAN to communicate with each other. Computers and devices that allocate resources for a network are called servers. . such as laser printers. There are many different types of LANs-token-ring networks. but the distance are limited. but it is also able to access data and devices anywhere on the LAN. one LAN can be connected to other LANS over any distance via telephone lines and radio waves. by sending e-mail or engaging in chart sessions. A Typical LAN LANs are capable of transmitting data at very fast rates. A system of LANs connected in this way is called a wide-area network (WAN). Ethernets. LANs LAN is a computer network that spans a relatively small area. much faster than data can be transmitted over a telephone line. as well as data. Each node (individual computer) in a LAN has its own CPU with which it executes programs. and there is also a limit on the number of computers that can be attached to a single LAN. This means that many users can share expensive devices. Most LANs are confined to a single building or group of buildings.

8|Page WANs A WAN is a computer network that spans a relatively large geographical area. such as the telephone system. The largest WAN in existence is the Internet. across the country. a single shared. proper network design aims to keep most traffic local—that is. between an individual user or very small branch office and a central network. who then connects the campus to the Internet. Computers connected to a widearea network are often connected through public networks. They can also be connected through leased lines or satellites. Multiple users within a campus might choose to rely on a router to connect to the ISP. or around the world. contained within one site—rather than allowing that traffic. “Remote access” refers to a simple connection. For example. Network Topologies . dedicated WAN services such as T1 lines don’t compare (with bandwidth of 1. DCE DTE WAN Connection WANs connect users and LANs spread between various sites. Today’s fastest analogue modem runs at 56 kilobits per second (Kbps) (kilo means “thousand”) —less than one percent of the speed of an Ethernet link.5 Mbps. In general. Even the more expensive. a T1 lines has only 15 percent of the capacity of a single Ethernet link). usually dialled up over telephone lines as needed. Typically. For this reason. A WAN consists of two or more local-area networks (LANs). Your campus gains access to the Internet through some type of remote connection. LAN speeds are much greater than WAN and remote access speeds.Ethernet connection runs at 10 Mbps (mega means “million”). A single user can use a modem to dial up an Internet service provider (ISP). whether in the same city.

the computer will come back to you to allow you to do so. Time-sharing can also be purchased from an outside service. Common topologies include star. . Many organizations use the star network or a variation of it in a time-sharing system. Access and control of star network typically is maintained by a polling system. ring and bus. Star Network The star network as shown in Fig 5. many people in a large organization can use a centralized computing facility. all of the nodes are connected in a closed loop. That is. because the CPU operates so much faster than terminals. such as bus networks. with each node reading those messages addressed to it.6 is frequently used to connect one or more small computers or peripheral devices to a large host computer or CPU. One of the advantages of ring networks is that they can span larger distance than other types of networks. you will probably not even notice that the CPU is away. In a time-sharing setup. the message is routed through the central communications controller. in which several users are able to share a central processor. Messages travel around the ring. with no central host computer or communications controller. By establishing time-sharing. because each node regenerates messages as they pass through it. If you are sitting at a terminal and cannot complete your task during the time slice. If the user of one microcomputer wants to send a document or message to a user at another computer. topology is the geometric arrangement of the computers in a network. Star network is frequently used in a LAN to connect several microcomputers to a central unit that works as a communications controller. Ring Network The ring network is a Local Area Network (LAN) whose topology is a ring . called a time slice.can be as simple as a circle or point-to-point connections of computers at dispersed locations. which is an economical way to operate for a small company that cannot afford its own large computer. Actually. Polling means that the central computer or communications controller "polls" or asks each device in the network if it has a message to send and then allows each in turn to transmit data. each terminal receives a fixed amount of the CPU's time.9|Page As we have seen earlier. Another common use of the star network is the feasibility of connecting several microcomputers to a mainframe computer that allows access to an organization's database.

but if two or more terminals initiate messages simultaneously. because the Token-Ring network is designed to link all types of computers together. IBM's Token-Ring network is thought by some observers to be a watershed event comparable to the development of the IBM PCV itself. or a combination of hardware and software. and may define precise mechanisms as well. Network Architecture The term architecture can refer to either hardware or software.10 | P a g e Access and control of ring networks are typically maintained by a "token-passing" system. they must stop and transmit again at different intervals. whereby if a line is unused. Open architectures use off-the-shelf components and conform to approved standards. A system with a closed architecture. network architectures can be broadly classified as using either peer-to-peer or client/server architecture. on the other hand. making it difficult to connect the system to other systems. All communications are carried on a common cable or bus and are available to each device on the network. The architecture of a system always defines its broad outlines. is one whose design is proprietary. including not only personal computers but also possible mini computes and mainframes. . An open architecture allows the system to be connected easily to devices and programs made by other manufacturers. a terminal or device can transmit its message at will. As we have seen before. Access and control of bus networks are typically maintained by a method called contention. Bus Network Bus networks are similar to ring network that the ends are not connected.

provides only a conceptual framework for communication between computers. . Actual communication is defined by various communication protocols. accept and use to be able to talk to each other. a protocol is a formal set of rules. Client/Server Architecture This is network architecture in which each computer or process on the network is either a client or a server. and any other network communication model.11 | P a g e Peer-to-peer Architecture This is a type of network in which each workstation has equivalent capabilities and responsibilities. a protocol is a standard procedure and format that two data communication devices must understand. Servers are powerful computers or processors dedicated to managing disk drives (file servers). In other words. conventions and data structure that governs how computers and other network devices exchange information over a network. Network Protocol Overview The OSI model. in which some workstations are dedicated to serving the others. devices. or network traffic (network servers). such as files. Clients rely on servers for resources. In the context of data communication. but they usually do not offer the same performance under heavy loads. Peer-to-peer networks are generally simpler and less expensive. and even processing power. printers (print servers). This differs from client/server architecture. Clients are less powerful PCs workstations on which users run applications. but the model itself does not provide specific methods of communication.

IETF uses RFCs (Request for Comments) to define protocols and updates to the protocols. To develop a complete technology that is useful for the industry. A wide variety of communication protocols exists. depending on how you categorize it. The protocols for data communication cover all areas as defined in the OSI model. LAN and WAN protocols are also critical protocols in network communications. taken together. Detailed rules and procedures of a protocol or protocol group are often defined by a lengthy document. For example. In addition to standards for individual protocols in transmission. Because of this. which is the heart of Internetworking communications. Typically. each part accomplishing a particular sub-task and interacting with the other parts of the protocol only in a small number of well-defined ways. For example. these form a protocol suite. very often a group of protocols is required in the same layer or across many different layers. there is no one black and white answer. there is some argument as to where the distinctions between layers are drawn. These protocols were defined by many different standard organizations throughout the world and by technology vendors over years of technology evolution and development. One of the most popular protocol suites is TCP/IP. Voice over IP (VOIP). or both. Many protocols rely on others for operation.12 | P a g e In modern protocol design. Protocols can be implemented either in hardware or software or a mixture of both. such as fiber optic and copper cables. Protocols could be grouped into suites (or families. In real-world protocols. Layering allows the parts of a protocol to be designed and tested without a combinatorial explosion of cases. the Internet Protocol. which introduces complexity to understanding protocols relevant to the OSI 7 layer model. Layering also permits familiar protocols to be adapted to unusual circumstances. is responsible for exchanging information between routers so that the routers can select the proper path for network traffic. For example. For example. the Gigabit Ethernet . A protocol may perform the functions of one or more of the OSI layers. Layering is a design principle which divides the protocol design into a number of smaller parts. with the higher layers being implemented in software. The header and/or trailer at each layer reflect the structure of the protocol. the OSI model is only loosely defined. there are now also interface standards for different layers to talk to the ones above or below (usually operating system specific). Today's new technologies are based on the accumulation over years of technologies. the protocols which define the network communication are highly inter-related. which may be either still existing or obsolete. protocols are "layered" according to the OSI 7 layer model or a similar layered model. The LAN protocols suite is for the physical and data link layers of communications over various LAN media such as Ethernet wires and wireless radio waves. a group of protocols developed by many vendors and standard organizations. has many protocols across the 4 top layers in the OSI model. or origin of the protocol introduction. A protocol may belong to one or multiple protocol suites. or stacks) by their technical functions. The WAN protocol suite is for the lowest three layers and defines communication over various wide-area media. However. many routing protocols use other network protocols to exchange information between routers. while TCP is responsible for ensuring the data packets are transmitted across the network reliably and error free. The IP. keeping each design relatively simple. the lower layers are implemented in hardware. Different protocols often describe different aspects of a single communication. Network communication has slowly evolved.

Fiber Twisted Pair Twisted Pair Fiber Twisted Pair. which is mainly deployed in European countries. In 1998. Infrastructure The internet backbone is a conglomeration of multiple. the Internet exchange points and network access points that interchange Internet traffic between the countries. Compare the Network Protocols Protocol Ethernet Fast Ethernet Local Talk Token Ring FDDI ATM Cable Twisted Pair. The backbone is able to re route traffic in case of a failure. Delta Telecom. Most recent protocols are designed by the IETF for Internetworking communications and by the IEEE for local area networking (LAN) and metropolitan area networking (MAN).16 Mbps 100 Mbps 155-2488 Mbps Topology Linear Bus. Tree Star Linear Bus or Star Star-Wired Ring Dual ring Linear Bus. strategically interconnected networks and core routers in the Internet.488 Mbps or faster by the mid 2000's. The ITU-T contributes mostly to wide area networking (WAN) and telecommunications protocols. ISO has its own suite of protocols for internetworking communications. The trunk line consists of many fiber optic cables bundled together to increase the capacity.23 Mbps 4 Mbps . Internet traffic from this line goes through . However the changing technologies allowed for 41 percent of backbones to have data rates of 2. These data routes are hosted by commercial.3z is a LAN (Local Area Network) protocol and it can also be used in MAN (Metropolitan Area Network) communications.13 | P a g e protocol IEEE 802. Fiber Twisted Pair. Star. It is typically a fiber optic trunk line. all of the United States backbone networks had utilized the slowest data rate of 45 Mbps. academic and other high-capacity network centers. The data speeds of backbone lines have changed with the times. primarily governed by the principle of settlement-free peering. Fiber Speed 10 Mbps 100 Mbps . has recently developed a very efficient trunk line with possible speeds of to 1. Star. Traffic interchange between the Internet service providers (often Tier 1 networks) participating in the Internet backbone exchange traffic by privately negotiated interconnection agreements.6 terabits per second. An Azerbaijani based telecommunication company. government. Coaxial. Tree INTERNET BACKBONE The Internet backbone refers to the principal data routes between large. The FCC currently defines "high speed" as any connection with data speeds that exceed 200 kilobits per second. redundant networks owned by numerous companies. continents and across the oceans of the world.

people can send e-mail. Novell NetWare. printers. Twisted-pair . but wireless communication between networked computers and peripherals is also possible •Network operating system software—such as Microsoft Windows 95 or Windows NT. have a hub or a switch to act as a connection point between When their computers are joined in a network. they are also immune to crosstalk and other forms of EM interference which plague electrical transmission. allowing them to cover long distances with few repeaters. AppleShare etc. or conduct videoconferences in real time with other remote users on the network. Iraq and Georgia. and CD-ROM drives. Fiber-optic cables are the medium of choice for internet backbone providers for many reasons. people can share files and peripherals such as modems. tape backup drives. they suffer relatively little attenuation. When networks at multiple locations are connected using services available from phone companies. Fiber-optics allow for fast data speeds and large bandwidth. share links to the global Internet. Most networks—even those with just two computers.14 | P a g e the countries of Iran. The Building Blocks: Basic Components of Networks Every network includes: • At least two computers • A network interface on each computer (the device that lets the computer talk to the network— usually called a network interface card [NIC] or adapter) • A connection medium—usually a wire or cable.

Fast Ethernet requires at least the higher-grade UTP Category 5 wiring. all new wiring installations should be Category 5. though in some very demanding environments. Ethernet can useUTP Category 3 wiring. you need to ensure that your NICs will support the type of cabling you will use—twisted-pair(also called 10BaseT). or adapters. For instance. Fiber-optic cable is the most reliable wiring but also the most expensive. As a result. Network interface cards Network interface cards (NICs). the NIC is usually in the credit card sized PC card (PCMCIA) format. which is installed in a slot. However.In addition. and UTP Category 5 (also called 10Base2) wire is the current networking standards. or a mixture of both. coaxial (also called 10Base2). With portable and notebook computers. Coaxial resembles round cable TV wiring. while 10/100 NICs cost about the same and can work with either Ethernet or higher-performance Fast Ethernet connections .15 | P a g e This wire comes in several “standards. Fiber-optic Usually reserved for connections between backbone” devices in larger networks. Ethernet NICs support only Ethernet connections.” Unshielded twisted pair (UTP) Category 3 wire (also called 10BaseT) is often used for your phone lines. highly fault resistant cable is used to connect desktop workstations to the network and to link adjacent buildings. Hubs . are usually installed inside a computer’s case.

16 | P a g e Hubs. sharing the hub’s bandwidth or data-carrying capacity. based on information in each packet’s header.” eight-port Ethernet switch can support eight 10-Mbps conversations at once. routers are smarter still. a switch can support multiple “conversations” and move much more traffic through the network than a hub. data can move across the cable or transmission medium in just one direction at a time.” routers can help ensure that packets are travelling the most efficient paths to their destinations. Switches Switches are smarter than hubs and offer more bandwidth. Based on a network roadmap called a “routing table. Routers Compared to switches and bridges. word processing documents. If a link between two routers goes down. As more users are added to a segment.” Examples include IP (Internet Protocol). To insulate the transmission from the other ports. Routers use a more complete packet “address” to which router or workstation should receive each packet. such as telephone communication. All users connected to a single hub or stack of connected hubs are in the same segment. they compete for a finite amount of bandwidth devoted to that segment. dispersed networks. With half-duplex communications. the IPX® (Internet Packet Exchange Protocol). the switch establishes a temporary connection between the source and destination then terminates the connection when the conversation is done. the sending router can determine an alternate route to keep traffic moving. graphics. A switch forwards data packets only to the appropriate port for the intended recipient. A “full-duplex. A single eight-port Ethernet hub provides a total of 10 megabits per second (Mbps) of data-carrying capacity shared among all users on the hub. “Full-duplex” refers to simultaneous two-way communications. These WAN services. but they provide interfaces— or “sockets”—for connecting to wide-area network (WAN) services. in computer speak— networks that use different “protocols. or repeaters. are simple devices that interconnect groups of users. Routers not only connect networks in a single location or set of buildings. or print requests—to all of their remaining ports. Hubs forward any data packets they receive over one port from one workstation—including e-mail. . for a total data-carrying capacity of 160 Mbps. Routers also provide links between networks that speak different languages—or. As such. which are offered by telecommunications companies to connect geographically. spreadsheets. and AppleTalk.

and users are forced to wait. an Ethernet workstation can send data packets only when no other packets are travelling on the network. As more people try to use the network. or 100 Mbps. Simply put. Networking Technologies Overview If multiple stations sense an opening and start sending at the same time. but too many can start to cause the network to slow down.” Otherwise. and they can travel at higher speeds. Then. applications take longer to open. At 60 percent or higher bandwidth usage.17 | P a g e Ethernet and Fast Ethernet Ethernet has been around since the late 1970s and remains the leading network technology for local-area networks (LANs). Switched Fast Ethernet also would be a multilane highway. Collisions are normal occurrences. Shared Ethernet is like a single-lane highway with a 10Mbps speed limit (see diagrams below). just as a person might wait for another to speak during conversation. What would Switched Ethernet look like? A multilane highway with a speed limit of 10 Mbps in each lane. Ethernet is based on carrier sense multiple access with collision detection (CSMA/CD). there is more room for cars. collision rates begin to cause congestion. that is. causing a snowball effect. errors. when the network is “quiet. and subsequent retransmits grows quickly. the number of collisions. a “collision” occurs. Ethernet Cabling . Fast Ethernet (or 100BaseT) works the same way—through collision detection—but it provides 10 times the bandwidth. but with a speed limit of 100 Mbps in each lane. the original application that sent the packet has to start again. Shared Fast Ethernet is like a much wider highway with a 100-Mbps speed limit. Files take longer to print. it waits to transmit. After 16 consecutive failed attempts. each station waits a random amount of time and tries to send its packet again. Ethernet’s bandwidth or data-carrying capacity (also called throughput) is 10 Mbps. When more than 50 percent of the network’s total bandwidth is used. the network can slow dramatically or even grind to a halt.

CHAPTER 3 . divided as follows: 20 ft. there are restrictions on maximum cable length for both 10. and is terminated with an RJ45 type connector. The UTP cable contains eight conductors.) or 100 meters (m) in length. A normal straight-through UTP Ethernet cable follows the EIA568B standard wiring as described below. (6 m) between the hub and the patch panel (if used) 295 ft. (3 m) from the wall outlet to the desktop device The patch panel and other connecting hardware must meet the requirements for 100-Mbps operation (Category 5).5 inch (1. This rating will be printed on the cable jacket. or Cat 5. In addition.18 | P a g e Although Ethernet networks originally used thick or thin coaxial cable. by the Electronic Industry Association (EIA). A twisted pair Ethernet network operating at 10 Mbits/second (10BASE-T) will often tolerate low-quality cables. (90 m) from the wiring closet to the wall outlet 10 ft. A Category 5 cable will meet specified requirements regarding loss and crosstalk. Only 0. most installations currently use unshielded twisted pair (UTP) cabling. but at 100 Mbits/second (10BASETx) the cable must be rated as Category 5. arranged in four twisted pairs.and 100Mbits/second networks.5 cm) of untwist in the wire pair is allowed at any termination point. Category 5 Cable Quality Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 feet (ft.

repeaters. cable specifications. A layer provides services to its upper layer while receiving services from the layer below. such as a copper or optical cable. Layer 1: Physical Layer The Physical Layer defines electrical and physical specifications for devices. For example. These are signals operating over the physical cabling (such as copper and optical fiber) or over a radio link.  Participation in the process whereby the communication resources are effectively shared among multiple users. This includes the layout of pins. hubs. voltages. network adapters. Layer 2: Data Link Layer . it defines the relationship between a device and a transmission medium. It is a way of sub-dividing a communications system into smaller parts called layers. On each layer.  Modulation or conversion between the representation of digital data in user equipment and the corresponding signals transmitted over a communications channel. host bus adapters (HBA used in storage area networks) and more. Similar communication functions are grouped into logical layers.19 | P a g e OSI MODEL The Open Systems Interconnection model (OSI model) was a product of the Open Systems Interconnection effort at the International Organization for Standardization. The major functions and services performed by the Physical Layer are:  Establishment and termination of a connection to a communications medium. an instance provides service to the instances at the layer above and requests service from the layer below. In particular. contention resolution and flow control.

In modern practice. while maintaining the quality of service requested by the Transport Layer (in contrast to the data link layer which connects hosts within the same network). was developed independently of the ISO work in IEEE Project 802. Originally. such as X. . The Network Layer performs network routing functions. Layer 3: Network Layer The Network Layer provides the functional and procedural means of transferring variable length data sequences from a source host on one network to a destination host on a different network. Routers operate at this layer—sending data throughout the extended network and making the Internet possible. This means that the Transport Layer can keep track of the segments and retransmit those that fail. is present in data link protocols such as Point-to-Point Protocol (PPP). Careful analysis of the Network Layer indicated that the Network Layer could have at least three sub layers: • • • Sub network Access – that considers protocols that deal with the interface to networks. Sub network Independent Convergence – which handles transfer across multiple networks. This is a logical addressing scheme – values are chosen by the network engineer. and report delivery errors. The addressing scheme is not hierarchical. providing reliable data transfer services to the upper layers. its flow control and acknowledgment mechanisms are rarely used.20 | P a g e The Data Link Layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical Layer. which included broadcast-capable multi-access media. and might also perform fragmentation and reassembly. Layer 4: Transport Layer The Transport Layer provides transparent transfer of data between end users. not flow control using sliding window. and error control. The Transport layer also provides.2 LLC layer is not used for most protocols on the Ethernet.25. and. The Transport Layer controls the reliability of a given link through flow control. Local area network architecture. Some protocols are state and connection-oriented. Sub network Dependent Convergence – when it is necessary to bring the level of a transit network up to the level of networks on either side. the IEEE 802. segmentation/segmentation. and on other local area networks. on local area networks. Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the Transport Layer. characteristic of wide area media in the telephone system. this layer was intended for point-to-point and point-to-multipoint media. IEEE work assumed sub layering and management functions not required for WAN use. typical examples of Layer 4 are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). only error detection. the acknowledgement of the successful data transmission and sends the next data if no errors occurred.

termination. It establishes. adjournment. This layer provides independence from data representation (e. If a mapping is available. manages and terminates the connections between the local and remote application. When determining resource availability. the application layer must decide whether sufficient network or the requested communication exists.. and passed down the stack.21 | P a g e Layer 5: Session Layer The Session Layer controls the dialogues (connections) between computers. Some examples of application layer implementations also include: • On OSI stack: • • • FTAM File Transfer and Access Management Protocol X. which is a property of the Transmission Control Protocol. half-duplex. This layer interacts with software applications that implement a communicating component. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls. or simplex operation. which means that both the OSI application layer and the user interact directly with the software application. presentation service data units are encapsulated into session protocol data units. and restart procedures.400 Mail Common management information protocol (CMIP) CHAPTER 4 TCP/IP . and establishes check pointing. encryption) by translating between application and network formats. It provides for full-duplex. Layer 6: Presentation Layer The Presentation Layer establishes context between Application Layer entities. and also for session check pointing and recovery. Layer 7: Application Layer The Application Layer is the OSI layer closest to the end user. In synchronizing communication.g. This layer formats and encrypts data to be sent across a network. The OSI model made this layer responsible for graceful close of sessions. It is sometimes called the syntax layer. The presentation layer transforms data into the form that the application accepts. in which the higher-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. Such application programs fall outside the scope of the OSI model. all communication between applications requires cooperation that is managed by the application layer. which is not usually used in the Internet Protocol Suite.

namely the scope of the software application. the following binary address: 11000011 00100010 00001100 00000111 is normally written as: 195. Individual users and small organizations may obtain their addresses either from the IANA or from an Internet service provider (ISP). or in the description of tunneling protocols. including network and host sections of the address for each address type. the end-to-end transport connection. . The first part of the address identifies the network. which is used by the TCP/IP software to identify the address class. Blocks of addresses are assigned to organizations by the Internet Assigned Numbers Authority (IANA).The Internet Protocol (IP) uses a 32-bit address structure. In addition. Presentation Layer. the internetworking range. OSPF). as well as parts of OSI's Network Layer. For example. These address classes have different ways of determining the network and host sections of the address. the software can correctly identify the host section of the address.22 | P a g e In the TCP/IP model of the Internet. Internet Protocol (IP) Addresses Because TCP/IP networks are interconnected across the world. the 32 bits of the address are subdivided into two parts. Its end-to-end Transport Layer includes the graceful close function of the OSI Session Layer as well as the OSI Transport Layer. and the second part identifies the host node or station on the network.. The dividing point may vary depending on the address range and the application. while the Link Layer includes the OSI Data Link and Physical Layers.g. and most of the Session Layer. TCP/IP does recognize four broad layers of functionality which are derived from the operating scope of their contained protocols. protocols are deliberately not as rigidly designed into strict layers as the OSI model. Such examples exist in some routing protocols (e. each computer on the Internet must have a unique address (called an IP address) to make sure that transmitted data reaches the correct destination. The presumably strict peer layering of the OSI model as it is usually described does not present contradictions in TCP/IP. although the tunnel host protocol may well be a Transport or even an Application Layer protocol in its own right. separated by decimal points.7 The latter version is easier to remember and easier to enter into your computer. These comparisons are based on the original seven-layer protocol model as defined in ISO 7498. After the address class has been determined. Each address type begins with a unique bit pattern. and lastly the scope of the direct links to other nodes on the local network.34. as it is permissible that protocol usage does not follow the hierarchy implied in a layered model. However. in which each group of eight bits is written in decimal form.12. these layers are nevertheless often compared with the OSI layering scheme in the following way: The Internet Application Layer includes the OSI Application Layer. The address is usually written in dot notation (also called dotted-decimal notation). The figure below shows the three main address classes. rather than refinements in such things as the internal organization of the Network Layer document. There are five standard classes of IP addresses. Even though the concept is different from the OSI model. allowing for different numbers of hosts on a network. which provide a Link Layer for an application. The internetworking layer (Internet Layer) is a subset of the OSI Network Layer (see above).

” In the example.237) combined with: 11111111 11111111 11111111 00000000 (255.254.0. This number is appended to the IP address.x.255. • Class C Class C addresses can have up to 254 hosts on a network. • Class B Class B addresses can have up to 65.0 to 239. When combined (using an AND operator) with the Class C netmask.0.168.x to 223. B. Net mask In each of the address classes previously described. . as “/n. when logically combined (using an AND operator) with an IP address. For example.170.170.0) equals: 11000000 10101000 10101010 00000000 (192.1. following a backward slash (/).354 hosts on a network.x. They use an 8-bit network number and a 24-bit node number. indicating that the netmask is 24 ones followed by 8 zeros. the address could be written as 192.1. • Class D Class D addresses are used for multicasts (messages sent to many hosts).x to 191. A Class C address uses a 24-bit network number and an 8-bit node number. only the network portion of the address remains: 11000000 10101000 10101010 11101101 (192.23 | P a g e The five address classes are: • Class A Class A addresses can have up to 16. respectively. A Class B address uses a 16-bit network number and a 16-bit node number.214 hosts on a single network.x.237/24. Class A addresses are in this range: 1.x. yields the network address. the netmask may also be expressed in terms of the number of ones from the left.0) As a shorter alternative to dotted-decimal notation.255.x.x. • Class E Class E addresses are for experimental use.254.777. as shown here.255.255. the netmasks for Class A. A netmask is a 32-bit quantity that. 255.0.237 is a Class C IP address whose network portion is the upper 24 bits.170.255. and C addresses are 255. and 255. This partitioning scheme can also be expressed by a netmask associated with the IP address.x to 126. Class D addresses are in this range: 224.0.x.255. For instance. Class B addresses are in this range: 128. the size of the two parts (network address and host address) is implied by the class.0.255.x.x.0. Class C addresses are in this range: 192.255. the address

24 | P a g e .

or as an ARP table maps IP addresses to MAC addresses. All stations (computers. ARP is used. The destination IP address for the chosen station is included as part of the message so that only the station with this IP address responds to the ARP request.0 . when using Network Address Translation.168. However. To send data between LAN devices.172. Just as a telephone directory maps names to phone numbers. This addressing is very helpful at the application level.0 . Each device on an Ethernet network has a unique MAC address.0. the IANA has reserved the following three blocks of IP addresses specifically for private networks: 10. If a device sends data to another station on the network and the destination MAC address is not yet recorded.255.0.255 192.255.255 Choose your private network number from this range.0.255 172. maintain their own DNS servers and allow their customers to use the servers to look up addresses. which is described below).10.0 . you must convert the IP address of the destination device to its MAC address.com. which is a 48-bit number assigned to each device by the manufacturer. it first contacts a DNS server to obtain the IP address of the resource. Internet Protocol uses the Address Resolution Protocol (ARP) to resolve MAC addresses. Domain Name System (DNS) Server Many of the resources on the Internet can be addressed by simple descriptive names such as http://www.255. Many large organizations. Private IP Addresses If you’re local network is isolated from the Internet (for example.25 | P a g e Media Access Control (MAC) Addresses and Address Resolution Protocol An IP address alone cannot be used to deliver data from one LAN device to another. you can assign any IP addresses to the hosts without problems. CHAPTER 5 .16.0.NETGEAR.31. All other stations discard the request.168. An ARP request is broadcast onto the network. When a computer accesses a resource by its descriptive name.192. but the descriptive name must be translated to an IP address in order for a user to actually contact the resource. a DNS server maps descriptive names of network resources to IP addresses. The computer sends the desired message using the IP address. such as ISPs.255. The technique that associates the IP address with a MAC address is known as address resolution. NAT. for example) on the network receive and read the request.

Enter the command disable to exit from the privileged EXEC mode and return to user EXEC mode. The user EXEC commands are a subset of the privileged EXEC commands. The prompt helps you identify which mode you are in and. therefore. The unprivileged user mode is called user EXEC mode. Each command mode provides a different group of related commands. • Setup – Enter configuration information at the prompts. Privileged EXEC Mode: Privileged commands include the following: • Configure – Changes the software configuration. how to enter the modes.26 | P a g e Cisco Inter-network Operating System Cisco IOS Modes of Operation The Cisco IOS software provides access to several different command modes. Configuration Mode . The commands available in user EXEC mode are a subset of the commands available in privileged EXEC mode. The privileged mode is called privileged EXEC mode and requires a password. For security purposes. which commands are available to you User EXEC Mode: When you are connected to the router. and the resulting prompts. The following table describes some of the most commonly used modes. the Cisco IOS software provides two levels of access to commands: user and privileged. • Debug – Display process and hardware event messages. you are started in user EXEC mode.

enter a question mark in place of a keyword or argument. type in those characters followed immediately by the question mark (?). Getting Help In any command mode. To disable IP routing. enter the no ip routing command and enter ip routing to re-enable it. • copy running-config startup-config – copy the running configuration to the startup configuration. Use caution with configuration mode because all changes you enter take effect immediately. IP routing is enabled by default. you can get a list of available commands by entering a question mark (?). you must save the changes to memory because if you do not they will be lost if there is a system reload or power outage. Router>? To obtain a list of commands that begin with a particular character sequence. • show startup-config – display the startup configuration. enter the command configure terminal and exit by pressing Ctrl-Z. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. use the no form to disable a feature or function. In general. For example. To enter configuration mode. line settings.27 | P a g e Configuration mode has a set of sub modes that you use for modifying interface settings. For example. • configure terminal – modify the running configuration manually from the terminal. Note: Almost every configuration command also has a no form. you can abbreviate the show command to sh. Router#configure ? memory Configure from NV memory network Configure from a TFTP network host terminal Configure from the terminal You can also abbreviate commands and keywords by entering just enough characters to make the command unique from other commands.] Configuration Files Any time you make changes to the router configuration. Router#co? configure connect copy To list keywords or arguments. Use the following privileged mode commands to work with configuration files. and so forth. routing protocol settings. • copy startup-config running-config – copy the startup configuration to the running configuration. There are two types of configuration files: the running (current operating) configuration and the startup configuration. . Include a space before the question mark. • show running-config – display the running configuration.

IP Address Configuration Take the following steps to configure the IP address of an interface.1 255. • copy running-config tftp – store the running configuration on a TFTP server. Router(config)#no router rip Other useful commands • Specify a RIP Version . use the no router rip command.168.0 Note: To turn off RIP. • copy tftp running-config – load a configuration file stored on a Trivial File Transfer Protocol (TFTP) server into the running configuration. Router(config-router)#network network-number Example: Router(config-router)#network 192. Step 1: Enter privileged EXEC mode: Router>enable password Step 2: Enter the configure terminal command to enter global configuration mode. Router#config terminal Step 3: Enter the interface type slot/port (for Cisco 7000 series) or interface type port (for Cisco 2500 series) to enter the interface configuration mode.0 Step 5: Exit the configuration mode by pressing Ctrl-Z Router(config-if)#[Ctrl-Z] Routing Protocol Configuration Routing Information Protocol (RIP) Step 1: Enter privileged EXEC mode: Router>enable password Step 2: Enter the configure terminal command to enter global configuration mode.255. Example. Router#config terminal Step 3: Enter the router rip command Router(config)#router rip Step 4: Add the network number to use RIP and repeat this step for all the numbers. Example: Router (config)#interface ethernet 0/1 Step 4: Enter the IP address and subnet mask of the interface using the ip address ipaddress subnetmask command. | P a g e • erase startup-config – erase the startup-configuration in NVRAM.255. Router (config-if)#ip address 192.

0 Repeat this step for all the network numbers. Router#config terminal Step 3: Enter the router ospf command and follow by the process-id.29 | P a g e By default. Router(config)#router ospf process-id Pick the process-id which is not being used. Router(config)#show process Step 4: Add the network number. To control which RIP version an interface sends. To determine what ids are being used.0. use one of the following commands: Open Shortest Path First (OSPF) Step 1: Enter privileged EXEC mode: Router>enable password Step 2: Enter the configure terminal command to enter global configuration mode. use the following command. The mask tells which bits to use from the network-number. To turn off OSPF. Example: Router(config-router)#network 192. issue the show process command. use one of the following commands in interface configuration mode: To control how packets received from an interface are processed.0. the software receives RIP version 1 and version 2 packets.10. and the area-id is used for determining areas in an OSPF configuration. mask and area-id Router(config-router)#network network-number mask area area-id The network-number identifies the network using OSPF.255. but sends only version 1 packets.255.0 255. Router(config)#no router ospf process-id Other useful commands Configure OSPF Interface Parameters .0 area 0.168.

Set the number of seconds that a router’s hello packets must not have been seen before its neighbors declare the OSPF router down. in seconds. However. you may find a transceiver connected to an AUI port looks like the following: CHAPTER 6 . Specify the number of seconds between link state advertisement retransmissions for adjacencies belonging to an OSPF interface. Set the estimated number of seconds it takes to transmit a link state update packet on an OSPF interface. between the hello packets that a router sends on an OSPF interface. but some interface parameters must be consistent across all routers in an attached network. Command ip ospf cost cost ip ospf retransmit-interval seconds Purpose Explicitly specify the cost of sending a packet on an OSPF interface.30 | P a g e You are not required to alter any of these parameters. Set router priority to help determine the OSPF designated router for a network. Specify the length of time. ip ospf transmit-delay seconds ip ospf priority number ip ospf hello-interval seconds ip ospf dead-interval seconds How to read router/link status Status of router and links can be easily determined by power LED of router and link LED of each interface (if any).

a node will send an IP packet to a gateway in the LAN. the simple algorithm of relaying packets to their destination's next hop thus suffices to deliver data anywhere in a network. first. which then decides how to route the "package" of data to the correct destination. and in some cases. Difficulties with routing tables The need to record routes to large numbers of devices using limited storage space represents a major challenge in routing table construction. Routing tables are generally not used directly for packet forwarding in modern router architectures. Whenever a node needs to send data to another node on a network. Hop-by-hop is the fundamental characteristic of the IP Internetwork layer and the OSI Network Layer.31 | P a g e ROUTING TABLE In computer networking a routing table. each routing table lists. Routing . Assuming that the routing tables are consistent. in contrast to the functions of the IP End-to-End and OSI Transport Layers. they are used to generate the information for a smaller forwarding table which contains only the routes which are chosen by the routing algorithm as preferred routes for packet forwarding. instead. This is particularly problematic in the hop-by-hop routing model in which the net effect of inconsistent tables in several different routers could be to forward packets in an endless loop. Most nodes do not try to figure out which route(s) might work. Each gateway will need to keep track of which way to deliver various packages of data. and allows the gateway to provide this information to the node requesting the information. Since in a network each node presumably possesses a valid routing table. instead. it has to send it via other nodes along a proper route to the destination node. With hop-by-hop routing. and refer to the entire routing/forwarding information subsystem as the "routing table". metrics associated with those routes. the next hop. The routing table contains information about the topology of the network immediately around it. the address of the next device along the path to that destination. The construction of routing tables is the primary goal of routing protocols. like a map. In the Internet. the currently dominant address aggregation technology is a bitwise prefix matching scheme called Classless Inter-Domain Routing (CIDR). Static routes are entries made in a routing table by non-automatic means and which are fixed rather than being the result of some network topology 'discovery' procedure. Basics A routing table utilizes the same idea that one does when using a map in package delivery. often in a compressed or pre-compiled format that is optimized for hardware storage and lookup. and for this it uses a Routing Table. Current router architecture separates the Control Plane function of the routing table from the Forwarding Plane function of the forwarding table. The remainder of this article will ignore this implementation detail. for all reachable destinations. routing tables must be consistent among the various nodes or routing loops can develop. A routing table is a database which keeps track of paths. or Routing Information Base (RIB). If the node cannot directly connect to the destination node. it must know where to send it. is a data structure in the form of a table-like object stored in a router or a networked computer that lists the routes to particular network destinations.

eth1 for the second Ethernet card. and their avoidance is a major design goal of routing protocols.e. etc. CHAPTER 7 SWITCHES . the U flag indicates that an IP route is up.32 | P a g e Loops have historically plagued routing. Contents of routing tables The routing table consists of at least three information fields:The network id: i. is the address of the next station to which the packet is to be sent on the way to its final destination Depending on the application and implementation. the cost or metric of the path through which the packet is to be sent Next hop: The next hop. the destination network id Cost: i. it can also contain additional values that refine path selection: Quality of service associated with the route. For example.e. or gateway. links to filtering criteria/access lists associated with the route Interface: such as eth0 for the first Ethernet card.

Interconnection of different Layer 3 networks is done by routers. network. This connectivity can be at any of the layers mentioned. In some service provider and other environments where there is a need for a great deal of analysis of . In switches intended for commercial use. which would then necessitate retransmissions. built-in or modular interfaces make it possible to connect different types of networks. it tends to be that they are optimized. Using a switch is called micro segmentation. Role of switches in networks Switches may operate at one or more layers of the OSI model. in larger switches. end-to-end). interconnecting technologies such as Ethernet and token ring are easier at Layer 3.e. In most of these cases. A. User devices may also include a telephone interface for VoIP. the end-user device contains a router and components that interface to the particular physical broadband technology. and D) on 4 switch ports. Mid-to-large sized LANs contain a number of linked managed switches. resulting in collisions. ATM. C. In the case of a hub. or an all-purpose converged device such as a gateway to access small office/home broadband services such as DSL or cable internet.g.11. and the two conversations will not interfere with one another. This allows computers to have dedicated bandwidth on a point-to-point connection to the network and to therefore run in full duplex without collisions. B.. ITU-T G. including Ethernet.33 | P a g e Function The network switch plays an integral part in most modern Ethernet local area networks (LANs).hn and 802. If there are any features that characterize "Layer-3 switches" as opposed to general-purpose routers. they would all share the bandwidth and run in half duplex. for high-density Ethernet connectivity. or transport (i. An Ethernet switch operates at the data link layer of the OSI model to create a separate collision domain for each switch port. Small office/home office (SOHO) applications typically use a single switch. While Layer 2 functionality is adequate for bandwidth-shifting within one technology. while C and D also do so simultaneously. including data link. Fibre Channel. A and B can transfer data back and forth. With 4 computers (e. A device that operates simultaneously at more than one of these layers is known as a multilayer switch..

Switch A Switched Network Basic functions performed: • • Address learning Forwarding based on the learned addresses CHAPTER 8 STP  STP is a bridge-to-bridge protocol used to maintain a loop-free network. Some vendors provide firewall.34 | P a g e network performance and security. . network intrusion detection. Since most switch port mirroring provides only one mirrored stream. network hubs can be useful for fanning out data to several read-only analyzers. switches may be connected between WAN routers as places for analytic modules. the switch is used to create a mirror image of data that can go to an external device. such as intrusion detection systems and packet sniffers. In other cases. and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules.

STP establishes a root bridge. STP provides a loop-free redundant network topology by placing certain ports in the blocking state  One root bridge per broadcast domain  One root port per no root bridge  One designated port per segment  No designated ports are unused Spanning Tree Protocol Root Bridge Selection .  When STP is enabled. the root bridge has the lowest BID. and  With STP. which is made up of the bridge priority and the MAC address. every bridge in the network goes through the blocking state and the transitory states of listening and learning at power up. a root port.  RSTP significantly speeds the recalculation of the spanning tree when the network topology changes. If properly configured.  If the network topology changes.35 | P a g e  To maintain a loop-free network topology. designated ports. the ports then stabilize to the forwarding or blocking state. STP maintains connectivity by transitioning some blocked ports to the forwarding state.

CHAPTER 9 .  When the network topology changes.36 | P a g e  BPDU (default = sent every two seconds  Root bridge = bridge with the lowest bridge ID  Spanning tree transits each port through several different states: Spanning Tree Convergence  Convergence occurs when all the switch and bridge ports have transitioned to either the forwarding or the blocking state. switches and bridges must recomputed STP. which disrupts user traffic.

the network administrator must manually make a port-to-VLAN assignment for the new connection. . VLANs address issues such as scalability. For example. In an environment employing VLANs. or obtain an address from a different DHCP server. Establishing VLAN memberships The two common approaches to assigning VLAN membership are as follows: • Static VLANs • Dynamic VLANs Static VLANs are also referred to as port-based VLANs. By using VLANs. switches may not bridge IP traffic between VLANs as it would violate the integrity of the VLAN broadcast domain. if a DHCP server is plugged into a switch it will serve any host on that switch that is configured to get its IP from a DHCP server. security. the device automatically assumes the VLAN of the port. By using VLANs you can easily split the network up so some hosts won't use that DHCP server and will obtain link-local addresses. compared with IP subnets which are layer 3 constructs. A VLAN has the same attributes as a physical local area network (LAN). By definition.37 | P a g e VLAN A virtual local area network. virtual LAN or VLAN. VLANs and IP subnets provide independent Layer 2 and Layer 3 constructs that map to one another and this correspondence is useful during the network design process. VLANs provide the flexibility to adapt to changes in network requirements and allow for simplified administration. a one-to-one relationship often exists between VLANs and IP subnets. although it is possible to have multiple subnets on one VLAN. Static VLAN assignments are created by assigning ports to a VLAN.) Uses VLANs are created to provide the segmentation services traditionally provided by routers in LAN configurations. However unlike a physically separate network. parallel collection of network cables and equipment which are kept separate from the primary network. and untangling when exit from VLAN. regardless of their physical location. This is also useful if someone wants to create multiple layer 3 networks on the same layer 2 switch. and network management. If the user changes ports and needs access to the same VLAN. It virtualizes VLAN behaviors (configuring switch ports. Routers in VLAN topologies provide broadcast filtering. tagging frames when entering VLAN. and traffic flow management. is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain. security. VLANs are layer 2 constructs. two separate one-gigabit VLANs using a single one-gigabit interconnection can suffer both reduced throughput and congestion. lookup MAC table to switch/flood frames to trunk links. As a device enters the network. one can control traffic patterns and react quickly to relocations. address summarization. it would be necessary to install a separate. LAN membership can be configured through software instead of physically relocating devices or connections. To physically replicate the functions of a VLAN. VLANs must share bandwidth. but it allows for end stations to be grouped together even if they are not located on the same network switch.

for example. the device queries a database for VLAN membership. VTP provides a mapping scheme that enables seamless trunking within a network employing mixed-media technologies. VTP provides the following benefits: • VLAN configuration consistency across the network • Mapping scheme that allows a VLAN to be trunked over mixed media • Accurate tracking and monitoring of VLANs • Dynamic reporting of added VLANs across the network • Plug-and-play configuration when adding new VLANs As beneficial as VTP can be. deletion. it does have disadvantages that are normally related to the spanning tree protocol (STP) as a bridging loop propagating throughout the network can occur. These inconsistencies can result in security violations. With a VLAN Management Policy Server (VMPS). a VTP domain must first be set up. an administrator can assign switch ports to VLANs dynamically based on information such as the source MAC address of the device connected to the port or the username used to log onto that device. VTP (VLAN Trunking Protocol) maintains VLAN configuration consistency across the entire network.38 | P a g e Dynamic VLANs are created through the use of software. A VTP domain for a network is a set of all contiguously trunked switches with the same VTP domain name. They also could become internally disconnected when they are mapped from one LAN type to another. As a device enters the network. VTP is responsible for synchronizing VLAN information within a VTP domain and reduces the need to configure the same VLAN information on each switch. and renaming of VLANs on a network-wide basis from a centralized switch in the VTP server mode. and a switch can participate in only one VTP management domain. VTP effectively creates more opportunities for a bridging loop to occur. VTP uses Layer 2 trunk frames to manage the addition. Using VTP.10 VLANs. Cisco switches run an instance of STP for each VLAN. Before creating VLANs on the switch that will be propagated via VTP. Switches in different domains do not share VTP information. Cisco VLAN Trunking Protocol (VTP) On Cisco Devices. All switches in the same management domain share their VLAN information with each other. each Catalyst Family Switch advertises the following on its trunk ports: CHAPTER 10 ACCESS-LISTS . Ethernet to ATM LANE ELANs or FDDI 802. VTP minimizes the possible configuration inconsistencies that arise when changes are made. and since VTP propagates VLANs across the campus LAN. because VLANs can cross connect when duplicate names are used.

16. type in: Access-list [access-list-number] [deny/permit] [source-ip-address interface [interface-number] ip access-group [number of list] in/out . deny 172. Numbered Standard Access Control Lists Numbers between 1 and 99.16.0. standard or extended.0.2 and 172. 1300 and 1999 or named explicitly with 'ip access-list standard name' can be used as a Standard ACL.39 | P a g e Standard Access Control Lists (ACL) is Cisco IOS-based commands used to filter packets on Cisco routers based on the source IP Address of the packet. If it does.0. Names are easier to remember than numbers. the name of an ACL is given as either a number or a name. Access List Rules Regardless of the type of access list you create.0. you must follow certain rules.0. Once again. If the packet matches the second statement.5. is associated with a named ACL.5. Either way.0.5. you must create and apply access lists sequentially and must remember that they end with an implicit deny. If you wish to remove an access-list.0 Router_A(config)#access-list 1 deny 172. you use the no access-list (list #) command. A standard ACL is concerned with only one factor.0. while allowing all other traffic. T he destination is not Considered. The number used in this range doesn't affect how the ACL is processed or which ACL is more important to the router. the router discards the packet. Creating Numbered Standard Access Control Lists From Global Configuration mode. the router discards the packet.16. the router applies the second statement.2 0. The number takes the place of a name you might give to a specific rule.5.3 0.16. For instance.0 statement.5.0. the router first checks an arriving packet to determine if it matches the deny 172.3. The list is applied sequentially from the top down as the router checks the packets arriving at the interface where this access list is applied. not a number. The number in no way corresponds to a list of pre-defined ACLs Named Standard Access Control Lists The difference between Named and Numbered ACLs is that a name. the router applies the final permit any statement.0 Router_A(config)#access-list 1 permit any The previous example is a standard IP access list that denies the hosts 172.0. The information below shows the correct procedure for typing this command. to remove the above list. in order to check if the packets match the permit and deny statements. the source IP address of the packet. If it does not.3 0. you enter global configuration mode and type the no access-list command. For example. Router_A(config)#access-list 1 deny 172.5. and the packet is forwarded through the interface. Extended Access Control Lists have the ability to filter packets based on source and destination IP addresses. if the packet does not meet the rules of the first two lines. In the process of applying the access list.

0. It's very possible that many new administrators will find themselves inadvertently blocked from the same router on which they're applying the access list. the router that is being configured. You cannot remove individual statements once they are entered. An access list begins to work the second it's applied to an interface. Note that the access-list must be defined. Creating Named Standard Access Control Lists From Global configuration mode type: ip access-list standard [name] deny [source ip or keyword any] [wildcard mask or keyword any] OR permit [source ip or keyword any] [wildcard mask or keyword any] Problems with Access Lists I.0. When making changes. or out of. | P a g e Example: access-list 5 permit 11. An access-list by itself (not assigned to an interface) doesn't do anything at all.0 0.2 III. using the no access-list command. "in" or "out" refer to the traffic into. .3. Before you even begin the process of creating access lists on your router. you must plan exactly what needs to be filtered and where it needs to be filtered.255 access-list 5 permit 10. One of the most common problems associated with access lists is a lack of planning. II.5. Finally. you must remove the list. network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device.0 0. and then retype the commands.0.1. Another troublesome area is the sequential nature in which you must enter the lists into the router.255 int fa0/0 ip access-group 5 in The above example permits traffic from two specific networks. many new network administrators find themselves in trouble when they Telnet into a router and begin applying an access list. CHAPTER 11 Network address translation In computer networking. and assigned an interface. 20 permit 1.0.

It has become a standard. . The rest of the packet can be left untouched (at least for basic TCP/UDP functionality. RFC 2663 refers to this type of NAT as basic NAT. IP masquerading. NAT Overload and many-to-one NAT. usually consisting of private IP addresses. a web browser in the masqueraded network can browse a website outside. behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space. For example.41 | P a g e The simplest type of NAT provides a one to one translation of IP addresses. NAT traversal methods have been devised to alleviate the issues encountered. some higher level protocols may need further translation). To avoid ambiguity in the handling of returned packets. It is often also referred to as one-to-one NAT. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network. In the mid-1990s NAT became a popular tool for alleviating the consequences of IPv4 address exhaustion. In particular all types of NAT break the originally envisioned model of IP end-to-end connectivity across the Internet and NAPT makes it difficult for systems behind a NAT to accept incoming communications. Other names include PAT (port address translation). However. As a result. the method enables communication through the router only when the conversation originates in the masqueraded network. since this establishes the translation tables. most NAT devices today allow the network administrator to configure translation table entries for permanent use. Since this is the most common type of NAT it is often referred to simply as NAT. As described. However it is common to hide an entire IP address space. a one-to-many NAT must alter higher level information such as TCP/UDP ports in outgoing communications and must maintain a translation table so that return packets can be correctly translated back. Basic NATs can be used when there is a requirement to interconnect two IP networks with incompatible addressing. indispensable feature in routers for home and small-office Internet connections. IP header checksum and any higher level checksums that include the IP address need to be changed. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address Network address translation has serious drawbacks on the quality of Internet connectivity and requires careful attention to the details of its implementation. but a web browser outside could not browse a web site in the masqueraded network. In this type of NAT only the IP addresses.

This is not a completely solved problem. TCP and UDP. even with such basic protocols as TCP and UDP. have a checksum that covers all the data they carry. The major transport layer protocols. One solution is for the receiving NAT to reassemble the entire segment and then recomputed a checksum calculated across all packets. IP packets have a checksum in each packet header. and also recognize and recomputed the TCP/UDP header using the retranslated addresses and pseudo-header. Typically the NAT device may function as the default gateway for the internal host. The receiving NAT must recomputed the IP checksum on every packet it passes to the destination host. As soon as the protocol stack is traversed. depending on whether the payload is interpreted by a host on the "inside" or "outside" of translation. such as ICMP. which provides error detection only for the header. may or may not correctly parse protocols that are totally concerned with IP information. the protocols will break unless NAT takes action beyond the network layer. it must recomputed the TCP/UDP header checksum based on the translated IP addresses. However the external host is only aware of the public IP address for the NAT device and the particular port being used to communicate on behalf of a specific internal host. Typically the internal host is aware of the true IP address and TCP or UDP port of the external host. and put that checksum into the TCP/UDP header of the first packet of the fragmented set of packets. IP datagrams may become fragmented and it is necessary for a NAT to reassemble these fragments to allow correct recalculation of higher-level checksums and correct tracking of which packets belong to which connection.42 | P a g e Visibility of Operation NAT operation is typically transparent to both the internal and external hosts. not the original ones. For an originating NAT to pass TCP or UDP successfully. NAT and TCP/UDP "Pure NAT". as well as the TCP/UDP header. . plus a "pseudo-header" that contains the source and destination IP addresses of the packet carrying the TCP/UDP header. operating on IP alone.

43 | P a g e The originating host may perform Maximum transmission unit (MTU) path discovery to determine the packet size that can be transmitted without fragmentation. and then set the don't fragment (DF) bit in the appropriate packet header field. Configuring Static Translation Router(config)# ip nat inside source static local-ip global-ip Establishes static translation between an inside local address and an inside global address Router(config-if)# ip nat inside Marks the interface as connected to the inside Router(config-if)# ip nat outside Marks the interface as connected to the outside Enabling Static NAT: Address Mapping Example .

44 | P a g e Configuring Dynamic Translation EXAMPLE: WAN .

com .45 | P a g e BIBLIOGRAPHY Books: CCNA 6th Edition (Todd Lammle) Network security fundamental Sites: www.google.