Basics of Networking

Network
Interconnection of two or more devices is called as a
network
The communication between two or more
interconnected devices is called networking.
An internetwork is a connection of two or more networks
Internetworking Means communication between
different networks.


Types of Network

LAN(Local Area Network)

Local Area Networks are used to connect networking
devices that are in a very close geographical area such as
a floor of a building, a building itself or within a campus.












MAN (Metropolitan Area Network)

Metropolitan Area Network are used to connect
networking devices that may span around the entire city.





WAN (Wide Area Network)

Wide Area Network which connects two or more LANS
present at different geographical locations.







Basic Requirements to form a network
NIC (Network Interface Card) also called as LAN card.
Media
Networking devices (Hub, Switch, Router, etc.)
Protocols
Logical Address (IP address)

NIC(Network Interface Card)
NIC is the interface between the computer and the
network.
It is also known as the LAN Card or Ethernet Card.
Ethernet cards have a unique 48 bit address called as
MAC(Media access control) address
- MAC address is also called as Physical address or
hardware address.
- The 48 bit MAC address is represented as 12 Hexa-
decimal digits.
Network cards are available in different speeds
- Ethernet(10 Mbps)
- Fast Ethernet (100 Mbps)
- Gigabit Ethernet (1000 Mbps)


Media

- UTP Cable








CO-Axial
Cable









Fiber Optic
Networking Devices

The various types of networking devices are:
Repeater
Hub
Switch
Router

HUB/Reapeater
It is not an intelligent device.
It works with bits.
Uses broadcast for communication.
Bandwidth is shared.
Half-duplex communication.










Switch
It is an intelligent device.
It maintains MAC address table (hardware address).
Each port of the switch has fixed bandwidth.
It Works with Flooding and unicast.
Supports full duplex communication.









Router
It is an intelligent device.
It works with logical addressing.
It works with fixed bandwidth

Introduction to Routers
Router is an internetworking device.
- It enables communication between two or more
different logical networks.
It is a Network Layer (layer 3 Device)
It comes from the word ROUTE.
- Hence it is also a device that finds the best route
(path) between any two networks.
The router is the default gateway for a network.

Interfaces of a Router
LAN Interface
- AUI (Attachment Unit Interface)
- RJ 45 Ethernet/Fastethernet
WAN Interface
- Normal Serial Interface
- Smart Serial Interface
Administrator Interface
- Console
- Auxiliary


Internal Components of a Router
ROM (Read Only Memory)
- It Contains a bootstrap program which searches and
loads the operating system.
- It is similar to the BIOS of a PC
- It also contains a mini IOS for advance
troubleshooting.
Flash Memory
- The Internetwork Operating System (IOS) is stored
here.
- IOS is a cisco proprietary Operating System.
- The minimum size of flash is 8MB.
NVRAM (Non Volatile Random Access Memory)
- NVRAM is similar to a hard disk.
- It is also known as permanent storage.
- The startup Configuration is stored here.
- The size of the NVRAM is 32 KB.
RAM (Random Access Memory)
- It is also called as the main memory.
- It is a temporary storage.
- The running configuration is stored here.
- The minimum size of RAM is 2MB


Boot Sequence




Console Connectivity
Connect a rollover cable to the console port of the router
(RJ 45 Connector).
Connect the other end of the rollover cable to the RJ-45
to DB-9 converter.
Attach the female DB-9 converter to the com port of a
computer.
Open an emulation software on the computer.

Emulation Software
Establish a HyperTerminal Connection with a Device
1. On the Windows Start menu, select Run The Run dialog
appears.







2. In the Open: field, type hypertrm.exe, and click OK












3. HyperTerminal then appears, open to the Connection
Description dialog.












4. On the Connection Description screen, for Name type
"Cisco" and select an icon for the definition, and click OK.
The Connect To dialog appears.








5. On the Connect To dialog, select your primary COM port
(COM2 in the example above) for the Connect using:
field, and click OK. (The Country/region:, Area code: and
Phone number: fields are not used.) The COMn
Properties dialog appears.









6. On the COMn Properties dialog, make the following
selections, then click OK:
Bits per sec: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow control: none
Initial Switch & Router Configuration
A brand new router does not have any
configuration. Initial configuration has to be done
first.
As part of initial configuration the following
configuration needs to be done.
1. Hostname
2. IP address to LAN interface
3. Passwords
- Console
- Auxiliary
- Vty (telnet)
- Enable
Save the configuration
To configure cisco router ios commands are used.
There are different ios modes for various
configuration.
The IOS modes are:
1. User Mode:
Router>
Router is the default hostname and can be
changed, > symbol implies user mode.
This is the first mode user interacts with the
IOS. It is a restricted mode and support only
a very few basic commands.
2. Privilege Mode
Router#
# symbol implies privilege mode. This mode
has full administrative rights. This mode is
generally used for advance troubleshooting
using show and debug command. This is
also called as the EXEC mode.

3. Global Configuration Mode
Router(config)
(config)# sysmbol implies global
configuration mode. Configuration of the
router starts from this mode. In this mode
configuration that affect the complete router
are given.
4. Interface configuration mode
Router(config-if)#
(config-if) symbol implies interface
configuration mode. This mode is used to
configure a specific interface.


5. Line configuration mode
Router(config-line)#
(config-line) symbol implies line
configuration mode. This mode is used to
configure telnet, console and auxiliary.
6. Router Mode
Router(config-router)#
(config-router)# symbol implies router
mode. This mode is used to configure
different dynamic routing protocols

Note-: Most of the steps are identical on a switch and a
router. That is why We are presenting, router's configuration
only. You have to repeat them on the switch yourself. If the
configuration of the switch is different, it is presented as well.







Configure the host names on both the switch and the
router
If your prompt shows the user mode '>' you must enter
the privileged mode first by typing 'enable':

Router>enable
Router#

Then, in order to set the host name on the router you
must enter the 'config mode' (you can abreviate the
command to 'conf t'):

Router#configure terminal
Router(config)#

Finally, you type in:

Router(config)#hostname R1
R1(config)#






When you mistype the command in the 'enabled mode'
the IOS is trying to resolve this name to ip address.
Disable that name resolution.
R1(config)#no ip domain-lookup

Protect the 'privileged exec mode' with clear text
password
R1(config)#enable password cisco_enable
Encrypt the password with 'over-shoulder' algorithm.

R1(config)#service password-encryption

Protect the access to the console port 0
In order to do that you have to change the context
from 'config mode' to 'line console 0' mode. Pay attention to
the prompt! The 'login' keyword is going to prompt the user
for the password.

Note:- the 'no login' command would allow the user to access
the console 0 WITHOUT asking for the password even if one
was configured.


R1(config)#line console 0
R1(config-line)#password cisco_console
R1(config-line)#login

Configure the console port 0, so it disconnects you after
5 min. 30 sec. of idleness.
We're still in console 0 prompt so, we can continue
configuring console 0.

R1(config-line)#exec-timeout 5 30
R1(config-line)#

If you wanted the console line 0 to never disconnect you
during the time of idleness, you would use: exec-timeout
0 0.

Secure access to the 'privileged exec mode'. Disable the
previous method and configure the same password using
MD5 algorithm to encrypt the password

R1(config-line)#exit
R1(config)#no enable password
R1(config)#enable secret cisco_enable

Enable the router's interface FastEthernet1/0.

R1(config)#interface f1/0
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no shutdown

Enable the interface facing the Internet Serial0/1

R1(config-if)#interface s0/1
R1(config-if)#ip address 172.31.1.1 255.255.255.252
R1(config-if)#no shutdown

Enable the remote access to your devices via telnet.

R1(config-if)#line vty 0 4
R1(config-if)#password cisco_remote
R1(config-if)#login







Configure ssh as the remote access method rather than
telnet

a) Configure system domain-name. Without the domain
name, IOS cannot generate rsa keys used for encryption
and decryption (public/private). The domain name can be
any name you choose to use (here: ccna.local) but
company's real name is a good idea.

R1(config-line)#exit
R1(config)#ip domain-name ccna.local
R1(config)#

b) When you type the below command the system will
ask you what should be the length of the keys. Choose
1024 value. IOS will take a few seconds to generate them
and automatically start SSH server. Wait till it's done.

R1(config)#crypto key generate rsa
R1(config)#

c) Create a user account that will be used for ssh access
(here: user=admin, password=S3cr3t).

R1(config)#username admin password cisco_remote

d) Enable ssh protcol and disable telnet on vty lines 0 4.
Make sure that ssh will use locally created user (admin)
for ssh connections. This is done using 'login local'
command.

R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local
R1(config-line)#end
R1#

Save the configuration on both switch and the router so
it is available after reload/power cycle

R1#copy running-config startup-config








VLAN (Virtual LAN)



Vlan provide layer 2 security.
Divides a single broadcast domain into multiple
broadcast domains
By default all ports of the switch are in VLAN1.
VLAN1 is knows as Administrative vlan or
management vlan.
2 Types of vlan configuration
- Static vlan
- Dynamic vlan


Static VLAN
- Static vlans are port based hence ther are also called as
port based vlans.
- Ports have to be manually assigned to a vlan.
- A port can be a member of a single vlan.
Dynamic VLAN
- Dynamic vlans are based on the mac address of a
device
- Switch acutomatically assigns the port to a vlan
- Each port can be a member of multiple vlans
- For dynamic vlan configuration a software called
vmps (vlan management policy server) is needed


VLAN Configuration Steps

Switch# configure terminal

Switch(config)# vlan <vlan no>

Switch(config-vlan)# name <vlan name>

Switch(config-vlan)# end
Switch(config)# interface <type> <no>

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan <vlan no>

Switch(config-if)# end

Switch# show vlan
Switch#show mac-address-table

Trunking Configuration


Switch(config)# interface <type> <no>
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan
<all|no>







VLAN Trunking Protocol (VTP)

VTP is a cisco proprietary protocol.
It is used to share the vlan configuration with multiple
switches.
The new VLAN needs to be added only on one switch
and the configuration will automatically be sent to all the
other switches.
VTP only works when trunking is configured on
fasthernet or higher port
Note:- switches should be configure with same domain
name. Domain Names are case sensitive.
VTP Modes
Server Mode
Client Mode
Transparent Mode





VTP Configuration
Switch(config)#vtp domain <name>
Switch(config)#vtp mode <server/client/transparent>
Switch(config)#vtp password <passowrd>
Switch#show vtp status

Port Security
Port Security is used to control network access based on
the following
- MAC Address
- Number of MAC address per port
If any violation takes place the following actions can be
configured
- Shutdown
- Restrict
- Protect
Violation Modes
Shutdown
- The port becomes error disabled and the
port LED turns off.

Protect
Frames with unknown source mac address are dropped.
It does not notifies that a security violation has occurred.
Restrict
Frames with unknown source address are dropped it
gives a notification that security violation has occurred

Port Security Configuration
SW1(config)#interface <type> <no>
SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security maximum <no of mac
address>
SW1(config-if)#switchport port-security mac-address < mac
address/sticky>
SW1(config-if)#SW1(config-if)#switchport port-security
violation <shutdonw/protect/restrict>
SW1(config-if)#SW1(config-if)#switchport port-security
SW1#show port security
ACL (Access Control List)
It provides layer 3 and layer 4 security
Controls the flow of traffic from one network to another.
Filters packets (Packet Filtering Firewall)
Terminology
Deny : Blocking a network/subnet/host/service
Permit: Allowing a network/subnet/host/service
Source Address: The address from where the
request starts
Destination Address: The address where the request
ends
Inbound: traffic coming ino the interface
Outbound: Traffic going out of the interface
Protocols: IP (Internet Protocol)
- TCP
- UDP
- ICMP
Operators:
- Eq (equal to)
- Neq (not equal to)
- It (less than)
- Gt (greater than)
Services: HTTP(80), FTP (20,21), TELNET (23)
Wildcard Mask
Tells the router which addressing bits must match
to the address given in the ACL statement
Its the inverse of the subnet mask, hence is also
called as inverse mask.
A bit value of 0 indicates Must match
A bit value 1 indicates ignore
Wildcard mask for a host will be always 0.0.0.0

A wild card mask can be calculated using the
formula

GLOBAL SUBNET MASK
- SUBNET MASK
-------------------------------------------------
WILD CARD MASK
-------------------------------------------------

EX:- 255.255.255.255
- 255.255.255.0
0.0.0.255

Working of Access List
Works in a sequential order from top to bottom.
If a match is found it does not check further
There should be at least one permit statement
An implicit deny blocks all traffic by default when there is
no match (an invisible statement).
New entries are automatically added to the bottom can
have one access list per interface per direction
Removing of specific state in a access-list is not possible

Types of access list

Standard (Named, Numbered)
Extended(Named, Numbered)
Standard Access List
The access list number range is 1-99
Can filter a network, subnet or host
Two way communication is stopped
All services are blocked or allowed
Filters traffic based only on the source address
Implemented closest to the destination

Extended Access list
The access-list number range is 100-199
Can filter a network, subnet mask, host and service.
One way communication is stopped
Selected services can be blocked or allowed.
Filters traffic based on the source address,
destination address and services.
Implemented closest to the source.

Syntax for Standard Access list configuration
Step 1 - Create an ACL statement in the global config
R4(config)#access-list <no> deny/permit <source ip >
< source wildcard mask>
R 4(config)#access-list 1 permit any
R4(config)#

Step 2 - Apply the ACL on the interface
R4(config)#int <type> <no>
R4(config-if)#ip access-group <no> in/out

Example of standard access list
R4(config)#access-list 1 deny 192.168.1.10 0.0.0.0
R 4(config)#access-list 1 permit any
R4(config)#interfae Ethernet 0/0
R4(config-if)#ip access-group 1 in


Syntax for Extended Access list configuration
Step 1 - Create an ACL statement in the global config
R4(config)#access-list <no> deny/permit <protocol>
<source ip > <source wildcard mask> <destination ip >
<destination wildcard mask> <operator> <port>
R 4(config)#access-list 101 permit ip any any
R4(config)#

Step 2 - Apply the ACL on the interface
R4(config)#int <type> <no>
R4(config-if)#ip access-group <no> in/out
Example of extended access list
R4(config)#access-list 101 deny tcp 10.0.0.0
0.255.255.255 192.168.2.10 0.0.0.0 eq www
R 4(config)#access-list 1 permit ip any any
R4(config)#interfae Ethernet 0/0
R4(config-if)#ip access-group 101 in