IITCaseStudy PDF

Building Intelligent Networks
A Case Study
A Case StudyOfOf
INDIAN
INDIANINSTITUTE
INSTITUTEOF
OFTECHNOLOGY
TECHNOLOGY
KHARAGPUR
KHARAGPUR
Dedicated to the Service of the Nation
Implemented By
Implemented By
HCL COMNET LIMITED
HCL COMNET LIMITED
Confidential & Proprietary Documents Page 1 15/12/2002

ALL rights reserved by HCL COMNET Ltd.
DOCUMENT DETAILS
Document Title IIT Kharagpur Case Study
Version 1.0
Date 15/12/2002
Sukanta Das, Sr. Engineer WAN Operation
Created by E-mail: SukantaD@hclcomnet.co.in
Mr. Bhaskar Dasgupta, National Project Manager
Project Manager E-Mail: b_dasgupta@hclcomnet.co.in
Partha Goswami, RM - TSG

E-mail: ParthaG@hclcomnet.co.in
Sudipto Chowdhury, Network Specialist
Project Members E-mail: SudiptoC@hclcomnet.co.in
Abhijit Datta, Sr. Engineer-WAN Operation
E-Mail: AbhijitD@hclcomnet.co.in
Sukanta Das, Sr. Engineer-WAN Operation
E-Mail: SukantaD@hclcomnet.co.in
Reference www.cisco.com
Modified by
Suggestion /
Comments
Revision History:
Revision Number Date Changes

1.0 27/12/2002 -

TABLE OF CONTENTS
Sl No Content Details Page No

1 Introduction 4
2 Institute History 4
3 Campus Location 5
4 The Networking Era 5
5 Campus Map 6
6 The Need 6
7 Network Design 7-8
8 Project Overview 8-9
9 How we have implemented the Entire Network 10
10 IIT Kharagpur Campus Network Schematic 11
11 Central Network Room Schematic 11
12 Network Schematic of some Departments 12-16
13 Network Schematic of some Hostel/Halls 17-19
14 Configuration details of Central Network Equipments 20-64
(A) Academic CORE Switch 20-26
(B) Academic DISTRIBUTION Switch 27-39
(C) Hostel CORE 1 40-46
(D) Hostel CORE 2 47-52
(E) Thaicom Gateway Router 7507 53-56
(F) Cisco PIX Firewall with Failover 57-59
(G) Cisco Catalyst 5509 VSNL Router 60-62
(H) Cache Engine 63-64
15 COMPUTER Sc. 2948 GL3 Distribution Switch Configuration 65-75
16 Access/Edge Switch Configuration of some Departments 76-87
(A) ARCHITECTURE 76-78
(B) IE & M 79-81
(C) NAVAL 82-84
(D) CRF 85-87
17 Distribution Switch Configuration details of some Hostels 88-102
(A) NEHRU Hall of Residence 88-94
(B) PATEL Hall of Residence 95-102
18 Some Important Feature of the Network 103-119
# Redundancy of Supervisor Engine 103-104
# QOS Implementation 105-108
# Cache-Engine Implementation 109-119
19 Network Components installed across the Network 120
20 Appreciation Letter & Sign-Off 121-123
21 Glossary 124-148
(1) Cisco Catalyst 6500 Series Data sheet 124
(2) Catalyst 600 Family Gigabit Ethernet Module Data Sheet 125
(3) Switch Fabric Module Data Sheet 128
(4) Distributed Forwarding Card for the Catalyst 6500 Data Sheet 130
(5) Catalyst 6000 Intrusion Detection System Module Data Sheet 133
(6) Configuring Catalyst 6509 Switch as DHCP Server 136

1. INTRODUCTION
IIT Kharagpur located about 125 KM south of Calcutta, is Indias Premier Technology
Institution. Established in 1951, the institute boasts of 18 Academic Departments
and 5 Centers of excellence. The vast campus, spanning over 2100 Acres has a self-
contained township of over 15,000 inhabitants. Currently there are about 450
Faculty, 2200 Employees and 4000 Students on the campus.
IIT Kharagpur has best of computing platforms of the like HCL/HP/COMPAQ/IBM/

SUN/DIGITAL/SGI/PARAM. There are about 200+ Servers and 200+ High-end
Workstation and 5500+ PCs in the whole network. These are used for high end
computing and R&D activities along with the associated general activities in the
campus.
2. INSTITUTE HISTORY
The history of the IIT system dates back to 1946 when a committee was set up by
Hon'ble Sir Jogendra Singh, Member of the Viceroy's Executive Council, Department
of Education, Health and Agriculture to consider the setting up of Higher Technical
Institutions for post war industrial development in India. The 22 member committee
headed by Sri N.R.Sarkar, in its report, recommended the establishment of four
Higher Technical Institutions in the Eastern, Western, Northern and Southern
regions, possibly on the lines of the Massachusetts Institute of Technology, USA,
with a number of secondary institutions affiliated to it. The report also urged the
speedy establishment of all the four institutions with the ones in the East and the
West to be started immediately. The committee also felt that such institutes would
not only produce undergraduates but they should be engaged in research, producing
research workers and technical teachers as well. The standard of the graduates
should be at par with those from first class institutions abroad. They felt that the
proportion of undergraduates and postgraduate students should be 2:1.
With the above recommendations of the Sarkar committee in view, the first Indian
Institute of Technology was born in May 1950 in Hijli, Kharagpur, in the eastern part
of India.
Initially the IIT started functioning from 5, Esplanade East, Calcutta and very soon
shifted to Hijli in Sept. 1950. The present name 'Indian Institute of Technology' was
adopted before the formal inauguration of the Institute on August 18, 1951, by
Maulana Abul Kalam Azad.
IIT Kharagpur started its journey in the old Hijli Detention Camp where some of our
great freedom fighters toiled and sacrificed their lives for the independence of our
country.
The history of IIT Kharagpur is thus intimately linked with the history of the Hijli
Detention Camp. This is possibly one of the very few Institutions all over the world,
which started life in a prison house.

Pandit Nehru in his first convocation address in 1956 said "Here in the place of that
Hijli Detention Camp stands the fine monument of India, representing India's urges,
Indias future in the making. This picture seems to me symbolical of the changes
that are coming to India."
3. CAMPUS LOCATION
The Indian Institute of Technology, Kharagpur is located 116 kms. west of the
metropolis of Calcutta. Kharagpur is extremely well connected by rail to all the four
metropolis as it lies on the Howrah Bombay, Howrah Madras and Delhi-Puri line.
Regular train services to Hyderabad and Bangalore are also available. Fast and
regular suburban trains connect Kharagpur to Calcutta.
The Institute is situated 4 kms. from the Kharagpur railway station. Autorickshaws
and Taxis provide reliable, fast and the round the clock transport between the
station and the campus. The Institute also provides regular bus services to the
station.
4. IIT Kharagpur NETWORKING ERA (1994 2001)
HCL Comnet set up the first ATM network for IIT Kharagpur in 1996. The network
was built with 3 Centralized 100 OC-3 ATM switches on the Core running PNNI
routing. The departments had installed a Centralized 100 ATM switch with UNI
routing to the core, also acting as a LANE server version. IIT decided to move from
ATM to Gigabit Ethernet backbone. This task was handed over to CMC. However,
CMC failed to live upto IITs expectations. IIT got the product but not the integration
expertise.
HCL Comnet swung back to action again with a tie up with Cisco and got a preferred
partner status in the East due to high technical know-how and network design skills.
The Academic Campus network Upgradation & Expansion contract was given to HCL
Comnet for designing state of the art Multiservice Network for Student Campus
Network.
The next phase was to integrate the Student Campus Network with the Academic
Network. A classic ATM & IP integration was developed as a solution, as ATM was
still being extensively used in the existing network, for research and development
activities. IIT also froze its plans for setting up a new state of the art at Computer
Center. HCL Comnet designed a state of the art Networking Infrastructure for the
new building encompassing the entire Data Center & Telecom infrastructure for IIT
campus.
HCL Comnet also installed a Satellite Earth Station for providing 5 Mbps of raw
Internet bandwidth from International Network Access Point (NAP) from Thaicom.

5. CAMPUS MAP
6. THE NEED
IIT Kharagpur wanted to computerize its student campus to provide high-speed

network connectivity. The idea was to facilitate training, technical education,
information sharing through high-speed Internet access, e-mails and access to
existing IIT campus network. The network had to be flexible to allow access from
each and every students room of the hostel and provide unrestricted access without
necessitating presence at specific physical location.

7. THE NETWORK DESIGN
The network designed for IIT-Kharagpur is a Multiservice Switched network, which

can be used for converging Data, Voice & Video over the IP network. The network is
modular and Hierarchical with a Multi-Layer model.
Core Layer:
(A) High-speed transport.

(B) Redundant with dual homing from the Distribution.
(C) OSPF routing with load balancing.
Distribution Layer:
(A) L3/L4 switching enabling Policy based Networking.

(B) Content Engine at Edges for Content delivery networking.
(C) Gigabit speed connectivity to the Access layer.
(D) Fast converging routing protocol for optimal IP traffic management.
(E) Inter VLAN routing and VACLs.
Access Layer:
(A) 10/100 Mbps Fast Ethernet access to the desktop.

(B) Inline power for powering IP phones over copper cables.
(C) Layer 2 Qos.
Server Farm:
(A) High-speed access to centralized computing resources.

(B) Accelerated Server Load Balancing.
(C) WCCP 2 support for web redirection.
(D) Real time Intrusion Monitoring.
(E) Faster access through Giga Etherchannel.
Video Services:
(A) Multiservice Video streaming services.

(B) Video on demand.
(C) Archive for Media files.
Content Delivery Services:
(A) Smart content pushing.

(B) Pre-emptive content delivery.
(C) Reduce the access time.
(D) Centralized Content Manager.
(E) Local caching or frequently accessed content.

(F) Saves costly Internet Bandwidth.
Gateway Router:
(A) Load sharing & Load balancing.

(B) Network based application recognition.
(C) Committed access rate & WAN traffic shaping.
(D) WAN probe for bandwidth monitoring of Satellite bandwidth.
8. PROJECT OVERVIEW
Phase I - Academic Part: HCL COMNET installed high speed ATM backbone in the
year of 1997. It was done by ATM switches and managed HUBs.
Latter in the year of 1999 backbone link speed was upgraded to Gigabit Ethernet by
CMC. There two no of Cisco 6006 switches was used as Core switch. The Edge
switches were Cisco 2924 MXL to provide the main departmental distribution. The
edge access device was Hub. The Internet was terminated at Cisco 5509 switch. The
existing ATM network was also integrated at the Cisco 5509 switch.
In the year of 2001 the network was upgraded with forcing functionality.
a) Network upgraded from layer II to layer III by changing the supervisory

engine of existing 6006 switch.
b) New 6506 switch also installed for the distribution, which does the
interdepartmental VLAN routing.
c) Six major department distribution switch upgraded by layer III Cisco 2948
switch.
d) To enhance the multiple VLAN in a single department, previous 2924 MXL
switch replaced by 3524 switch.
e) Previous departmental 10 base FL link upgraded to Gigabit Ethernet by
replacing the Hub by redundant 2924 MXL switch.
f) To integrate multiple Distribution switch at CIC, one Core switch (Cisco 6509)
has been installed at central network room.
Each year lightning was damaging the lot of active components. It was identified
that Surges are mainly coming from the external copper wire such as UTP and
Thick Ethernet. These kinds of links have been upgraded to Optical fiber to avoid
repeated problem. We have also installed stand alone UPS on input of the switch
where central UPS power is not available.
Phase II Hostel/Foundation Part: The student hostels with computer center

and server farm were integrated through high-speed Gigabit infrastructure. The
hostel was interlinked with Layer-3 aggregation Switch and local Servers. Edge
switches, which connect to the student workstation, aggregated the end connection
to the Distribution Switch (Cat-6509). Two high-speed Layer-3 Core Switches were
installed at central site for redundancy. The Core switches facilitated high-speed
transport for the Campus infrastructure. Common Servers in the network were

connected to a high-speed Server-Farm (Cat-6506) switch. An intrusion detection

system ensured security on the server-farm switch. An ATM MPOA server was
deployed to integrate the existing R&D ATM network into Gigabit network.
The voice, video and data application were integrated with a converged Internet
Protocol (IP) solution to provide high-availability network with video server facility
for lectures and self study materials.
High-speed Content Engines were deployed all the hostels for caching multimedia
information. A central Content Distribution Manager provided centralized control,
push-pull facility and content management across the network.
Redundant Firewall (PIX-525) was installed for secure access to Internet as well as
Intranet. Access to the Core network was controlled at the Distribution switches
through access control list. Cisco Secure Policy Manager was used to manage the
security policy across the network. The Trend Micro Enterprise Suite yet to be
installed for centralized Virus Control.
Modular, Cost-effective, Growth was proposed in End connections, bandwidth and

application. The current network infrastructure is scalable to 10 Gigabit Ethernet
Network.

9. How we have implemented the Entire Network
We had set-up one test bed in Mechanical Dept of IIT Kharagpur for implementing
of Hostel Network & connect the same network with Academic network.
TEST BED SET-UP
VLAN 600
3/1 (10.200.3.1) 3/1 (10.200.3.2)

Core Core
Switch(1) Switch(2)
6509 3/3 (10.200.5.1) 6509
3/2 (10.200.2.2)
3/2 (10.200.1.2) 3/3 (10.200.4.1)

1
60
VL
AN
AN
VL
VLA 60
N 3
60
02 4
N6 3/1 (10.200.4.2)
3/1 (10.200.1.1) VLA
3/2 (10.200.2.1) 3/2 (10.200.5.2)

Distribution Distribution
Switch Switch
6509 Area 0 6509
Ar
ea
2 a1
A re
Edge Switch 3524
Port no 1 12 Port no 13 24
VLAN 700 - 710 VLAN 711 - 720

10. IIT Kharagpur CAMPUS NETWORK SCHEMATIC
Ed g e Sw it ch
De pa rt me nt
M a jo r De pa rt me n t s Dist rib ut io n Sw it ch
2 M b ps VS NL Link
C is co 2 9 4 8 - L3
VS N L R o u t e r
C isco 5 5 0 9
A T M S w it c h
De pt. Dis trib u t io n S w it che s

C isco 4 00 6
C OR E 1
E d g e S w itch
D e p a rtme n t C OR E 2 C OR E 3
5 M b ps
C isco P IX w it h Th a ico m Lin k
F a ilo v e r
Server Farm
C a che E n gin e
To t a l 1 4 H o st e l Dis t rib ut ion Sw it ch C is co 7 5 0 7
Se rve rs
G a t e w ay R o ute r
C o n te n t En gine
Ed ge Sw it ch E d g e S w it ch E d g e S w itch E d g e S w itch
Ho s te l Ho st e l
11. CENTRAL NETWORK ROOM SCHEMATIC
CS E , L ib ra r y , M e c h a n ic a l,
Che m ic a l, E le c t r ic a l w he r e
Ca t - 294 8 h a s be e n ins t a lle d
V s nl L in k
C is c o - 5 5 09 A T M S w it c h
4/ 16
C- D O T H UB
4/ 15
Fa ilo v e r
Po rt
Po r t - 11 A x 100 Tx
Rx
P IX
18 - 23 Ca t - 192 4
1-6
Po r t- 9
3/ 1
3/ 3
3/ 2
Sa t e llit e M o de m
A c a d e m ic C O R E
650 9
C E - 59 0
DV B Re c e iv e r
F. E 1 / 0 / 0
S 1/ 1/ 0
3/ 15
3/ 13
G 0/ 1 Ne t w o r k La b
3/ 16 Ca t - 352 4
3/ 16
F. E 4/ 0/ 0
T ha ic o m Ga t e w a y
D is t rib ut io n
Ho s t e l C O R E - 1 Ho s t e l C O R E - 2 Ro ut e r - 7 50 7
6 50 6
650 9 650 9
Ot h e r De p a r t me n t s
1 4 Ho s t e l D is t . S w it c he s

12. NETWORK SCHEMATIC Of SOME DEPARTMENTS
L I B R AR Y
6 C o r e S M F fr o m C IC
Ca t 2 9 4 8 L3 S w it c h
1 0 . 1 7 . 1 .2
E L E C T R O N IC L IB R A R Y
M A Z E NI N E FL O O R
Ca t 1 9 2 4 S w it c h
1 0 . 1 7 . 2 .1 C a t 1 9 2 4 S w it c h
1 0 . 1 7 . 3 .1
8 Po rt H UB 8 Port H UB 8 Po r t H UB
Ch a ir m a n R o o m Ne a r G a t e K. K . P a n d a R o o m
ELECTRICAL
12 Core SMF fro m CIC
TDM Lab
TDM Lab
16 Port HUB
6 Core SMF towards TDM Lab
Co mputer Contro l La b
Cat 2948 L3 Switch
10.9.1.2 N 23 7 Energy Lab, Gnd Floor
16 Port HUB 12 Port Hub
SA I Lab Po wer Syste m La b Po wer Syste m La b

Cat 1924 Switch Cat 1924 Switch 8 Port HUB
10.9.3.1 10.9.2.1

CIVIL
6 Core M M F
A UI/ FL
Cat 35 24 X L EN Cat 19 24 S w itch
(10. 19. 1.1) (10. 19. 5.1)
Co mputer Ro o m Structural Lab
Cat 19 24 S w itch
(10. 19. 4.1)
2 n d Floor
Enviro n me nt al Lab
Cat 19 24 S w itch
(10. 19. 3.1)
Con nected fro m Cry oge n ic Co mputer Ro o m
8 Port HUB
Trans portation Lab
Cat 19 24 S w itch
(10. 19. 2.1)
Fou ndat ion Engg .
10 Core SMF fro m CIC ARCHITECHTURE & SMT
FMT - 1
FMT - 2 SMT
Mult ime d ia La b 1st Floor
Access VLA N 1 8 from 6 Core SMF towards CET

CIC Dis tribution 4/15
F 0/23 G 0/1
FMT
Co mputer Ro o m
Ground Floor
Cat-2924 MXL Access VLA N 4 0 from

(10.27.1.2) CIC Dis tribution 4/14
G 0/1
Fr o m F 0/24
UP- Lin k Crossover UTP Cab le

E 0/ 24
Cat-2924 MXL
Roo m C-206
(10.54.1.1)
1st Floor
Cat-1924
(10. 27.2.1)
8 Port HUB
Library Roo m
Ground Floor
A RCHITECTURE

CRF & NAVAL

12 Core SMF from CIC
NA VAL Computer Room, 1st Floor
1 12
1 6
ST - ST
ST - SC
Trunk- VLA N 11
ST - SC
F 0/24
1 6 CIC Dist. 4/10
F 0/23 G 0/1
6 Core SMF towards Nava l
Cat 3524 XL EN
(10.24.1.1)
Access- VLA N 17 from
CIC Distribut ion 4/11 UP- Link Crossover UTP Cable
G 0/1 F 0/24
Fiber Opt ic La b
Ground Floor Cat 1924
(10.24.2.1)
Cat 2924 MX L
(10.42.1.2)
UP- Link Crossover UTP Cable
CRF
16 Port HUB
OSTC 1st Floor
M IN IN G , FO U N DR Y , W ATE R W O RK S
6 Co r e S M F fr o m C IC FO U ND R Y
6 Co r e S M F
M I NI N G
To w a r ds Fo u ndr y
S T - SC
To wa rds W a t e r W o rks
MC
FO - UT P
A cce s s V LA N 1 6
MC
fr o m C IC D is t . 4/ 8
UT P - FO
G 1/ 1
MC
UT P - FO 6 Co r e S M F
Ca t 29 24 M X L
(10. 32. 1.2)
MC
8 Po rt HU B 8 Po rt HU B 8 Po rt HU B FO - UT P
HOD R o o m Pro f. J .Bs R oo m R es ea rc h
S cho la r R oom
W A TER W O R KS

12 Core S M F fro m C IC
IEM & VGSOM
6 Core t owar ds V GS O M
V GS OM Gn d Floor
Co mput er La b
Cat 35 24 X L EN
(10. 43. 1.1)
6 Core Fiber t owards IS R O
Board Roo m
Dea ns Roo m
IEM G nd Floor 2 nd Floor
1 s t Floor
C om pute r La b
Cat 35 24 X L EN Cat 19 24 S w it ch
Cat 19 24 S w itch
(10. 29. 1.1) (10. 43. 3.1)
(10. 43. 2.1)
Ca t 19 24 S w it ch
(10. 29. 2.1)
8 Port HUB
Prof. D. Chate r jee
8 Port HUB
IEM Gn d Floor 2 nd Floor
Res earch Sc ho la r La b
Wor ks tat ion Lab 1 s t Floor
IE & M Cat 19 24 S w itch VGSOM

(10. 29. 3.1)
CRYOGENIC & Foundation Engg.(CIVIL)

CRY O GE NIC
1 6 Foundat ion Engg . (CIV IL)
6 Core SMF towards F. Engg.

SC - SC
1 6
1 6
Trunk VLA N 23/24 fro m

ST - ST
CIC Dist. 3/8
ST - ST
F 0/24
Co mputer Ro o m MC
1st Floor FO - UTP
MC
UTP - FO
A ccess VLA N 24
Cat-2924 MXL E N
F 0/23
(10.36. 1.2)
Cat-1924
(10.19.2.1)
UP- Link Crossover UTP Cable
PED Lab
1st Floor
Cat-1924
(10. 36. 2.1)
Cryogenic : VLA N 23
Foundat ion Engg .(Civ il) : VLA N 24

Aerospace & Material Sc.
12 Core S M F fro m C IC
A ER OS PA CE W IND LA B MA TER IA L SC.
6 Core M M F to wards W ind LA B
Cat 29 24 MX L
(10. 39. 1.1)
Cat 35 24 X L EN A UI/ FL Mat. Sc. Co mputer Roo m
(10. 25. 1.1) 16 Port Sy nopt ic HUB
A erospace Co mp uter Lab W IND LA B
A UI/ FL
Cat 19 24 S w it ch
(10. 25. 2.1)
A erospace Co mp ute r Lab
Physics Mathematics - Chemistry
6 Core S MF fro m CIC

MA THEMA TICS CHEMIS TRY

PHYSICS
Cat 29 24 MX L
Cat 35 24 X L EN (10.28.1.2)
(10.33.1.1) Che mistry Co mputer LA B
Co mputer Ro o m
Cat 35 24 X L EN
(10.23.1.1) 12 Core SMF to wards Te leco m
MA TH - LA B - 1
Cat 1924 Switch

(10.33.2.1) Cat 19 24 Switch Cat 19 24 S witch
Phys ics - OFFICE (10.23. 2.1) (10. 23.3.1)
MA TH - LA B - 1 MA TH - LA B - 2
Cat 1924 Switch

(10.23.4.1)
Not yet Installed

13. NETWORK SCHEMATIC Of SOME HOSTELS
BCR
BCR HALL
HALL
MGT IP: 10. 200 .1 . 102 PORT 3 / 11

PORT 3 / 11
IP ADD 10. 200. 31.0 IP ADD 10. 200. 32. 0
VLAN 632
6509 CORE 1 VLAN 631 PORT 3 / 16 6509 CORE 2
PORT 3 / 15 IP ADD 10. 200. 32. 0
IP ADD 10. 200. 31. 0
6509 DISTRIBUTION
3/ 1
3/ 2 3 / 10
3/ 3 3/ 4 3/ 9
3/ 5 3/ 6 3/ 7 3/ 8
1.E-BLOCK 1.E-BLOCK 1.S-BLOCK 1.S-BLOCK 1.NE- 1.NE- 1.NW- 1.NW- 1.W-BLOCK 1.W-BLOCK
2.GND FL 2.1ST+2ND FL 2.GND FL 2.1ST+2ND BLOCK BLOCK BLOCK BLOCK 2.GND FL 2.1ST+2ND
3.VLAN NO 3.VLAN NO 3.VLAN NO FL.. 3.VLAN 2.GND FL 2.1ST+2ND 2.GND FL 2.1ST+2ND 3.VLAN NO FL . 3.VLAN
750 . 751 . 752 . NO 3.VLAN NO FL . 3.VLAN 3.VLAN NO FL . 3.VLAN 758 . NO
4.MGT IP- 4.MGT IP- 4.MGT IP- 753 . 754 . NO 756 . NO 4.MGT IP- 759 .
10.200.1.1 10.200.1.3 10.200.1.4 4.MGT IP- 4.MGT IP- 755 . 4.MGT IP- 757 . 10.200.1.10.H 4.MGT IP-
5.HOST 5.HOST 5.HOST 10.200.1.5 10.200.1.6. 4.MGT IP- 10.200.1.8. 4.MGT IP- OST NAM E 10.200.1.11.H
NAM E NAM E NAM E 5.HOST HOST 10.200.1.7. HOST 10.200.1.9. OST NAM E
BCR_E_GN BCR_E_1ST. BCR_S_GND NAM E NAM E HOST NAM E HOST BCR_W_GN BCR_W_1ST
D. . BCR_S_1ST. BCR_NE_G NAM E BCR_NW_G NAM E D. .
ND. BCR_NE_1S ND. BCR_NW_1S
T. T.
AZAD
AZAD HALL
HALL
MGT IP: 10. 200 .1 . 101 PORT 3 / 1

PORT 3 / 1
IP ADD 10. 200. 11.0 IP ADD 10. 200. 12. 0
VLAN 612
PORT 3 / 15 IP ADD 10. 200. 12. 0
IP ADD 10. 200. 11. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
1.A-BLOCK 1.B-BLOCK 1.B-BLOCK 1.B-BLOCK 1.C-BLOCK 1.D-BLOCK 1.D-BLOCK

2.GND FL 2.GND FL 2.1S T FL 2.2ND FL 2.1S T FL 2.GND FL 2.2ND FL
3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO
830 . 831 . 832 . 833 . 1.C-BLOCK 835 . 1.C-BLOCK 837 . 839 .
4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 1.D-BLOCK 4.MGT IP-
2.GND FL 2.2ND FL
10.200.1.100 10.200.1.88 10.200.1.89 10.200.1.90 10.200.1.93. 10.200.1.96. 2.1S T FL 10.200.1.99.
3.VLAN NO 3.VLAN NO
5.HOS T 5.HOS T 5.HOS T 5.HOS T HOS T HOS T 3.VLAN NO HOS T
834 . 836 .
NAME NAME NAME NAME NAME NAME 838 . NAME
4.MGT IP- 4.MGT IP-
AZAD_ A_G AZAD_B_GN AZAD_B_1S AZAD_B_2N AZAD_C_1S AZAD_D_G 4.MGT IP- AZAD_D_2
10.200.1.91. 10.200.1.94.
ND. D. T. D. T. ND. 10.200.1.97. ND.
10.200.1.92. 10.200.1.95.
10.200.1.98
HOS T NAME HOS T NAME
AZAD_C_GN AZAD_C_2N HOS T NAME
AZAD_D_1ST
D D
.AZAD_D_1ST
AZAD_C_GN AZAD_C_2N
1
D1. D1.

MBM
MBM &
& SN
SN HALL
HALL
MGT IP: 10. 200 .1 . 107 PORT 3 / 12

PORT 3 / 12
IP ADD 10. 200. 33.0 IP ADD 10. 200. 34. 0
VLAN 634
PORT 3 / 15 IP ADD 10. 200. 34. 0
IP ADD 10. 200. 33. 0
6509 DISTRIBUTION
3/1
3/7
3/2
3/3 3/6
3/4 3/5
1.A-BLOCK 1.B-BLOCK 1.S-BLOCK 1.S-BLOCK 1.N-BLOCK 1.N-BLOCK 1.W-BLOCK

2.VLAN NO 2.VLAN NO 2.GND+1ST 2.2ND FL 2.GND+1ST 2.2ND FL 2.VLAN NO
740 . 741 . FL. 3.VLAN NO FL . 3.VLAN NO 746 .
3.MGT IP- 3.MGT IP- 3.VLAN NO 743 . 3.VLAN NO 745 . 4.MGT IP-
10.200.1.56 10.200.1.57 742 . 4.MGT IP- 744 . 4.MGT IP- 10.200.1.62
4.HOST 4.HOST 4.MGT IP- 10.200.1.59 4.MGT IP- 10.200.1.61 5.HOST
NAME: NAME: 10.200.1.58 5.HOST 10.200.1.60 5.HOST NAME
MBM_A. MBM_B. 5.HOST NAME 5.HOST NAME SN_W.
NAME SN_S_2ND. NAME SN_N_2ND.
SN_S_GND. SN_N_GND.
IG
IG &
& MT
MT HALL
HALL
MGT IP: 10. 200 .1 . 115 PORT 3 / 13

PORT 3 / 13
IP ADD 10. 200. 35.0 IP ADD 10. 200. 36. 0
VLAN 636
PORT 3 / 15 IP ADD 10. 200. 36. 0
IP ADD 10. 200. 35. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
1.F-BLOCK 1.F-BLOCK 1.G-BLOCK 1.G-BLOCK 1.H-BLOCK 1.H-BLOCK

2.GND FL 2.2ND FL 2.GND FL 2.2ND FL 2.GND FL 2.2ND FL
3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO
805 . 806 . 807 . 808 . 809 . 810 .
4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 1.A-BLOCK 1.B-BLOCK 1.C-BLOCK
10.200.1.63 10.200.1.64 10.200.1.65 10.200.1.66 10.200.1.67. 10.200.1.68. 2.GND FL 2.GND FL 2.GND FL
5.HOS T 5.HOS T 5.HOS T 5.HOS T HOS T HOS T 3.VLAN NO 3.VLAN NO 3.VLAN NO
NAME NAME NAME NAME NAME NAME 811 . 812. 813 .
IG_F_GND. IG_F_2ND. IG_G_GND. IG_G_2ND. IG_H_GND. IG_H_2ND. 4.MGT IP- 4.MGT IP- 4.MGT IP-
10.200.1.69. 10.200.1.71. 10.200.1.73.
10.200.1.70. 10.200.1.72 10.200.1.74.
HOS T NAME HOS T NAME HOS T NAME
MT_A_GND MT_B_GND MT_C_GND
MT_A_GND1. .MT_B_GND1 MT_C_GND1.

NEHRU
NEHRU HALL
HALL
MGT IP: 10. 200 .1 . 108 PORT 3 / 2

PORT 3 / 2
IP ADD 10. 200. 13.0 IP ADD 10. 200. 14. 0
VLAN 614
PORT 3 / 15 IP ADD 10. 200. 14. 0
IP ADD 10. 200. 13. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
1.A-BLOCK 1.B-BLOCK 1.B-BLOCK 1.B-BLOCK 1.C-BLOCK 1.D-BLOCK 1.D-BLOCK

2.GND FL 2.GND FL 2.1ST FL 2.2ND FL 2.1ST FL 2.GND FL 2.2ND FL
3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO
815 . 816 . 817 . 818 . 1.C-BLOCK 820 . 1.C-BLOCK 822 . 1.C-BLOCK 823 .
4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 2.GND FL 4.MGT IP- 2.2ND FL 4.MGT IP- 2.2ND FL 4.MGT IP-
10.200.1.75 10.200.1.76 10.200.1.77 10.200.1.78 3.VLAN NO 10.200.1.81. 3.VLAN NO 10.200.1.84. 3.VLAN NO 10.200.1.85.
5.HOS T 5.HOST 5.HOST 5.HOST 819 . HOST 821 . HOST 824 . HOST
NAME NAME NAME NAME 4.MGT IP- NAME 4.MGT IP- NAME 4.MGT IP- NAME
NEHRU_A_ NEHRU_B_G NEHRU_B_ NEHRU_B_ 10.200.1.79. NEHRU_C_ 10.200.1.82. NEHRU_D_ 10.200.1.86. NEHRU_D_
GND. ND. 1ST. 2ND. 10.200.1.80. 1ST. 10.200.1.83. GND. 10.200.1.87. 2ND.
HOST NAME HOS T NAME HOST NAME
NEHRU_C_G NEHRU_C_2 NEHRU_D_1S
ND ND T
NEHRU_C_G NEHRU_C_2 NEHRU_D_1S
ND1. ND1. T1.
PATEL
PATEL HALL
HALL
MGT IP: 10. 200 .1 . 109 PORT 3 / 3

PORT 3 / 3
IP ADD 10. 200. 15.0 IP ADD 10. 200. 16. 0
VLAN 616
PORT 3 / 15 IP ADD 10. 200. 16. 0
IP ADD 10. 200. 15. 0
6509 DISTRIBUTION
3/1
3/2 3 / 10
3/3 3/4 3/9
3/5 3/6 3/7 3/8
1.A-BLOCK 1.B-BLOCK 1.B-BLOCK 1.B-BLOCK 1.C-BLOCK 1.D-BLOCK 1.D-BLOCK 1.D-BLOCK

2.GND FL 2.GND FL 2.1ST FL 2.2ND FL 2.1ST FL 2.GND FL 2.1ST FL 2.2ND FL
3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO 3.VLAN NO
785 . 786 . 787 . 788 . 1.C-BLOCK 790 . 1.C-BLOCK 792 . 793 . 794 .
4.MGT IP- 4.MGT IP- 4.MGT IP- 4.MGT IP- 2.GND FL 4.MGT IP- 2.2ND FL 4.MGT IP- 4.MGT IP- 4.MGT IP-
10.200.1.53 10.200.1.54 10.200.1.42 10.200.1.43 3.VLAN NO 10.200.1.46. 3.VLAN NO 10.200.1.50. 10.200.1.51. 10.200.1.52.
5.HOS T 5.HOST 5.HOST 5.HOST 789 . HOST 791 . HOST HOST NAME HOST
NAME NAME NAME NAME 4.MGT IP- NAME 4.MGT IP- NAME PATEL_D_1ST NAME
PATEL_A_ PATEL_B_G PATEL_B_1 PATEL_B_2 10.200.1.44. PATEL_C_1 10.200.1.48. PATEL_D_ . PATEL_D_2
GND. ND. ST. ND. 10.200.1.45. S T. 10.200.1.49. GND. ND.
HOST NAME HOS T NAME
PATEL_C_G PATEL_C_2N
ND D
PATEL_C_G PATEL_C_2N
ND1. D1.

14. CONFIGURATION DETAILS OF CENTRAL NETWORK EQUIPMENTS
(A) Academic CORE Cisco Catalyst 6509 Switch:
Console> (enable) show config

This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
..................
..................
..................
..................
.................
..
begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#time: Thu Dec 19 2002, 03:25:14
!
#version 6.1(3)
!
!
#system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A
DK: 40
!
set password $2$0GhI$SVVAsoF8Uk5E5KgUsNiVM1
set enablepass $2$bD0w$qTOAn.ueBMmhNvHxpo7B10
!
#errordetection
set errordetection portcounter enable
!
#!
#snmp
set snmp community read-write patel
set snmp rmon enable
set snmp trap enable module
set snmp trap enable chassis
set snmp trap enable bridge
set snmp trap enable repeater
set snmp trap enable vtp
set snmp trap enable auth
set snmp trap enable ippermit
set snmp trap disable vmps
set snmp trap enable entity
set snmp trap enable config
set snmp trap enable stpx
set snmp trap enable syslog
set snmp trap 10.211.1.101 patel

!
#vtp
set vtp domain FOUNDATION_CORE1
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active
set vlan 3 name gsst type ethernet mtu 1500 said 100003 state active
set vlan 8 name CET type ethernet mtu 1500 said 100008 state active
set vlan 13 name chemical type ethernet mtu 1500 said 100013 state active
set vlan 24 name civil type ethernet mtu 1500 said 100024 state active
set vlan 38 name csestaff type ethernet mtu 1500 said 100038 state active
set vlan 39 name csefaculty type ethernet mtu 1500 said 100039 state active
set vlan 100 name cic_server type ethernet mtu 1500 said 100100 state active
set vlan 500 name cicdist type ethernet mtu 1500 said 100500 state active
set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active
set vlan 502 name library type ethernet mtu 1500 said 100502 state active
set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active
set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active
set vlan 507 name Foundation_core type ethernet mtu 1500 said 100507 state activ
e
set vlan 508 name academic_core type ethernet mtu 1500 said 100508 state active
set vlan 509 name Newcic_dist type ethernet mtu 1500 said 100509 state active
set vlan 605 name serverfarm type ethernet mtu 1500 said 100605 state active
set vlan 640 name hall_server type ethernet mtu 1500 said 100640 state active
set vlan 641 name contentengine type ethernet mtu 1500 said 100641 state active
set vlan 645 name Thaicom type ethernet mtu 1500 said 100645 state active
set vlan 650 name Firewall type ethernet mtu 1500 said 100650 state active
set vlan 721 name d1_2_core type ethernet mtu 1500 said 100721 state active
set vlan 722 name d2_2_core type ethernet mtu 1500 said 100722 state active
set vlan 761 name RP type ethernet mtu 1500 said 100761 state active
set vlan 900 name mech204 type ethernet mtu 1500 said 100900 state active
set vlan 901 name mech205 type ethernet mtu 1500 said 100901 state active
set vlan 910 name 7500 type ethernet mtu 1500 said 100910 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st
p ibm
set vlan 800,999
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti
ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off
!
#ip
set interface sc0 1 10.200.1.253/255.255.255.0 10.200.1.255
set ip route 0.0.0.0/0.0.0.0 10.200.1.2

!
#set boot command
set boot config-register 0x2
set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin
!

#qos
set qos enable
!
# default port status is enable
!
!
#module 1 : 2-port 1000BaseX Supervisor
set vlan 650 1/1-2
set port trap 1/1-2 enable
set trunk 1/1 on isl 1-1005,1025-4094
!
!
#module 3 : 16-port 1000BaseX Ethernet
set vlan 650 3/16
set udld enable 3/10-11,3/15-16
clear trunk 3/1 2-507,509-639,642-760,762-1005,1025-4094
set trunk 3/1 on isl 1,508,640-641,761
clear trunk 3/2 2-506,508-639,642-760,762-1005,1025-4094
set trunk 3/2 on isl 1,507,640-641,761
clear trunk 3/3 1025-4094
set trunk 3/3 on isl 1-1005
clear trunk 3/4 1-500,502-1005,1025-4094
set trunk 3/4 on isl 501
clear trunk 3/5 1,3-37,40-497,500-502,504-644,646-1005,1025-4094
set trunk 3/5 on isl 2,38-39,498-499,503,645
clear trunk 3/7 2-99,101-604,606-639,642-799,801-1005,1025-4094
set trunk 3/7 on isl 1,100,605,640-641,800
clear trunk 3/8 1,3-99,101-503,505-639,641-1005,1025-4094
set trunk 3/8 on isl 2,100,504,640
clear trunk 3/9 1,3-501,503-1005,1025-4094
set trunk 3/9 on isl 2,502
clear trunk 3/10 1025-4094
clear trunk 3/11 1-1005,1025-4094
set trunk 3/11 auto negotiate
clear trunk 3/12 1-1005,1025-4094
clear trunk 3/13 1025-4094
clear trunk 3/14 1-1005,1025-4094
clear trunk 3/15 1-1005,1025-4094
clear trunk 3/16 1-909,911-1005,1025-4094
set port qos 3/1-16 policy-source local
!


set vlan 650 4/15-16
set udld enable 4/14
set port qos 4/15-16 vlan-based
!
#module 5 : 0-port Switch Fabric Module
!
#module 6 empty
!
#module 7 empty
!
#module 8 empty
!
#module 9 empty
!
#module 15 : 1-port Multilayer Switch Feature Card
!
end
Trying Router-15...
Connected to Router-15.
Escape character is '^]'.
NEWCIC_CORE>en
Password:
NEWCIC_CORE#sh run
Building configuration...
Current configuration : 3459 bytes

!
! No configuration change since last restart
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname NEWCIC_CORE
!
boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1
enable password core1
!
clock calendar-valid
ip subnet-zero
ip wccp web-cache
!
!
no ip finger
!
ip multicast-routing

!
!
!
interface Vlan13
description chem
ip address 10.20.1.2 255.255.0.0
ip helper-address 10.17.32.156
ip nat inside
!
interface Vlan100
description CICSERVER_VLAN
ip address 10.2.1.2 255.255.0.0
!
interface Vlan498
description interdep1_vlan
ip address 10.3.16.2 255.255.255.0
!
interface Vlan499
description interdep2_vlan
ip address 10.3.17.2 255.255.255.0
!
interface Vlan500
description connectivity to CIC_dist
ip address 10.151.1.2 255.255.0.0
ip directed-broadcast
!
interface Vlan501
description electrical distribution
ip address 10.150.1.2 255.255.0.0
!
interface Vlan502
description library_distribution
ip address 10.152.1.2 255.255.0.0
!
interface Vlan503
description core_csc_vlan
ip address 10.153.1.2 255.255.0.0
!
interface Vlan504
description core_mech_vlan
ip address 10.154.1.2 255.255.0.0
ip pim dense-mode
!
interface Vlan507
description Newciccore_to_Foundationcore
ip address 10.200.7.1 255.255.255.0
ip pim dense-mode
!
interface Vlan508

description ** ACADEMIC CORE TO FOUNDATION CORE1 **

ip address 10.200.8.1 255.255.255.0
ip pim dense-mode
!
interface Vlan509
description ** ACADEMIC CORE TO FOUNDATION CORE2 **
ip address 10.200.9.1 255.255.255.0
ip pim dense-mode
!
interface Vlan605
description ** TEST BED CONNECTIVITY **
ip address 10.200.6.1 255.255.255.0
!
interface Vlan641
ip address 10.129.50.2 255.255.255.0
ip route-cache same-interface
!
interface Vlan645
description THAICOM
ip address 61.11.251.1 255.255.255.0 secondary
ip address 203.192.37.1 255.255.255.0
no ip redirects
no ip unreachables
!
interface Vlan650
description firewall_vlan
ip address 10.250.1.4 255.255.255.0
ip access-group 160 out
ip wccp web-cache redirect out
ip pim dense-mode
!
router ospf 109
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
network 61.11.251.0 0.0.0.255 area 251
network 202.131.126.0 0.0.0.255 area 126
network 202.131.127.0 0.0.0.255 area 127
network 203.192.37.0 0.0.0.255 area 37
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.250.1.2 150
ip route 10.100.11.225 255.255.255.255 10.200.9.2
no ip http server
!
access-list 160 permit ip 10.107.15.0 0.0.0.255 any

access-list 160 permit ip 10.96.0.0 0.31.255.255 any time-range halltime

snmp-server community public RO
!
!
line con 0
transport input none
line vty 0 4
login
!
time-range halltime
periodic weekdays 0:00 to 8:00
periodic weekend 0:00 to 23:59
!
end

(B) Academic DISTRIBUTION Cisco Catalyst 6509 Switch:
Console> (enable) sh config

.........
..................
..................
..................
..................
..................
..................
begin
!
!
!
#time: Thu Dec 19 2002, 04:30:49
!
#version 6.1(1b)
!
!
#errordetection
!
#!
#vtp
set vtp domain NEWCICDIST
set vlan 3 name gsst_private_ip type ethernet mtu 1500 said 100003 state active
set vlan 4 name math type ethernet mtu 1500 said 100004 state active
set vlan 5 name CIC_VLAN type ethernet mtu 1500 said 100005 state active
set vlan 6 name vgsom type ethernet mtu 1500 said 100006 state active
set vlan 7 name physics type ethernet mtu 1500 said 100007 state active
set vlan 9 name chemistry type ethernet mtu 1500 said 100009 state active
set vlan 10 name IEM type ethernet mtu 1500 said 100010 state active
set vlan 11 name naval type ethernet mtu 1500 said 100011 state active
set vlan 12 name aerospace type ethernet mtu 1500 said 100012 state active
set vlan 13 name chemical type ethernet mtu 1500 said 100013 state active
set vlan 14 name matsc type ethernet mtu 1500 said 100014 state active
set vlan 15 name metal type ethernet mtu 1500 said 100015 state active
set vlan 16 name mining type ethernet mtu 1500 said 100016 state active
set vlan 17 name crf type ethernet mtu 1500 said 100017 state active
set vlan 18 name architecture type ethernet mtu 1500 said 100018 state active
set vlan 19 name step type ethernet mtu 1500 said 100019 state active
set vlan 20 name GEOLOGY type ethernet mtu 1500 said 100020 state active
set vlan 21 name RTC type ethernet mtu 1500 said 100021 state active
set vlan 22 name HUMANITY type ethernet mtu 1500 said 100022 state active
set vlan 23 name CRYOGENIC type ethernet mtu 1500 said 100023 state active

set vlan 24 name CIVIL type ethernet mtu 1500 said 100024 state active
set vlan 25 name Agriculture_PHTC type ethernet mtu 1500 said 100025 state activ
e
set vlan 26 name infocell type ethernet mtu 1500 said 100026 state active
set vlan 30 name PCLAB1 type ethernet mtu 1500 said 100030 state active
set vlan 31 name PCLAB2 type ethernet mtu 1500 said 100031 state active
set vlan 32 name WORKSTATION type ethernet mtu 1500 said 100032 state active
set vlan 33 name TERMINAL type ethernet mtu 1500 said 100033 state active
set vlan 34 name STAFF type ethernet mtu 1500 said 100034 state active
set vlan 35 name VLSI type ethernet mtu 1500 said 100035 state active
set vlan 36 name ADVLSI type ethernet mtu 1500 said 100036 state active
set vlan 37 name MEDIALAB type ethernet mtu 1500 said 100037 state active
set vlan 38 name CSESTAFF type ethernet mtu 1500 said 100038 state active
set vlan 39 name CSEFACULTY type ethernet mtu 1500 said 100039 state active
set vlan 40 name smt type ethernet mtu 1500 said 100040 state active
set vlan 50 name abcd type ethernet mtu 1500 said 100050 state active
set vlan 51 name LAB1_SIT type ethernet mtu 1500 said 100051 state active
set vlan 52 name SERVER1s_SIT type ethernet mtu 1500 said 100052 state active
set vlan 53 name SERVER1p_SIT type ethernet mtu 1500 said 100053 state active
set vlan 54 name LAB2_SIT type ethernet mtu 1500 said 100054 state active
set vlan 55 name SERVER2s_SIT type ethernet mtu 1500 said 100055 state active
set vlan 56 name SERVER2p_SIT type ethernet mtu 1500 said 100056 state active
set vlan 57 name INCUBIT_SIT type ethernet mtu 1500 said 100057 state active
set vlan 58 name FACULTY_SIT type ethernet mtu 1500 said 100058 state active
set vlan 59 name STAFF_SIT type ethernet mtu 1500 said 100059 state active
set vlan 60 name PROJECT_SIT type ethernet mtu 1500 said 100060 state active
set vlan 61 name FPGA_SIT type ethernet mtu 1500 said 100061 state active
set vlan 100 name CICSERVER type ethernet mtu 1500 said 100100 state active
set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active
set vlan 500 name CIC_to_core type ethernet mtu 1500 said 100500 state active
set vlan 505 name CORE_NEWCICDIST type ethernet mtu 1500 said 100505 state activ
e
set vlan 506 name NEWCIC_SERVER2948 type ethernet mtu 1500 said 100506 state act
ive
set vlan 509 name NEWCICCORE_NEWCICDIST type ethernet mtu 1500 said 100509 state
active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active
set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active
set vlan 872 name RCC_VLAN type ethernet mtu 1500 said 100872 state active
e stp ieee
p ibm
!
#ip
set interface sc0 1 10.200.1.251/255.255.255.0 10.200.1.255

set ip route 0.0.0.0/0.0.0.0 10.200.1.2

!
#set boot command
set boot system flash bootflash:cat6000-sup.6-1-1b.bin
!
!
!
set vlan 2 1/1-2
set trunk 1/1 off negotiate 1-1005,1025-4094
!
set vlan 2 2/2
clear trunk 2/1 4-7,9-499,501-1005,1025-4094
set trunk 2/1 on isl 1-3,8,500
!
set vlan 2 3/1,3/10
set vlan 8 3/5
set vlan 9 3/6
set vlan 14 3/11
set vlan 15 3/12
set vlan 16 3/13
set vlan 17 3/14
set vlan 18 3/15
set vlan 19 3/16
set vlan 50 3/2-4,3/7-9
set port name 3/1 OLD_CIC_ACCESS
set port name 3/2 PCLAB1_RACK1A_TRUNK
set port name 3/3 PCLAB1_RACK2_TRUNK
set port name 3/6 WKSTLAB_RACK1_TRUNK
set port name 3/7 WKSTLAB_RACK2_TRUNK
set port name 3/8 CRYOGENIC_TRUNK
set port name 3/11 VLSI_GND_TRUNK
set port name 3/12 CET_TRUNK
set port name 3/13 ACADEMIC_CORE_TRUNK
set port name 3/14 AdvVLSI_GND_TRUNK
set port name 3/15 RCC_TRUNK
set port name 3/16 NETWORK-ROOM_TRUNK
clear trunk 3/1 1-1005,1025-4094


set trunk 3/6 on isl 1-1005,1025-4094
set trunk 3/8 on isl 1-1005,1025-4094
clear trunk 3/9 2,4-37,40-1005,1025-4094
set trunk 3/9 on isl 1,3,38-39
clear trunk 3/10 1025-4094
set trunk 3/10 off isl 1-1005
clear trunk 3/11 2-34,36-1005,1025-4094
clear trunk 3/12 2-7,9-1005,1025-4094
set trunk 3/13 on isl 1-1005,1025-4094
set trunk 3/14 on isl 1-1005,1025-4094
set trunk 3/15 on isl 1-1005,1025-4094
set trunk 3/16 on isl 1-1005,1025-4094
!
set vlan 2 4/6-7,4/9-10,4/12
set vlan 9 4/16
set vlan 14 4/5
set vlan 16 4/8
set vlan 17 4/11
set vlan 18 4/15
set vlan 25 4/1-2,4/4
set vlan 40 4/14
clear trunk 4/3 3-22,25-32,34-99,101-644,646-1005,1025-4094
set trunk 4/3 on dot1q 1-2,23-24,33,100,645
clear trunk 4/4 1-11,13-1005,1025-4094
set trunk 4/5 off isl 1-1005,1025-4094
clear trunk 4/6 1,3-9,11-1005,1025-4094
clear trunk 4/7 1-5,7-1005,1025-4094
clear trunk 4/8 1-1005,1025-4094
set trunk 4/8 off negotiate
clear trunk 4/9 1,3-6,8-1005,1025-4094
clear trunk 4/10 1-10,12-1005,1025-4094
clear trunk 4/11 1025-4094
clear trunk 4/12 1,3-25,27-1005,1025-4094

clear trunk 4/13 2,4-37,40-1005,1025-4094

set trunk 4/13 on dot1q 1,3,38-39
set trunk 4/14 off isl 1-1005,1025-4094
set trunk 4/15 off isl 1-1005,1025-4094
set trunk 4/16 off isl 1-1005,1025-4094
!
set port name 5/1 SIT-RACK5_TRUNK
set port name 5/5 MEDIALAB-ROOM2_TRUNK
set trunk 5/1 on isl 1-1005,1025-4094
set trunk 5/2 on isl 1-1005,1025-4094
set trunk 5/3 on isl 1-1005,1025-4094
set trunk 5/4 on isl 1-1005,1025-4094
set trunk 5/5 on isl 1-1005,1025-4094
!
set vlan 2 6/3,6/7
set vlan 15 6/6
set vlan 19 6/2
set trunk 6/1 on isl 1-1005,1025-4094
set trunk 6/2 off isl 1-1005,1025-4094
set trunk 6/3 off isl 1-1005,1025-4094
set trunk 6/4 on isl 1-1005,1025-4094
set trunk 6/5 on isl 1-1005,1025-4094
clear trunk 6/6 1-1005,1025-4094
set trunk 6/8 on isl 1-1005,1025-4094
!
!
end
Console> (enable)
Console> (enable) session 15
Trying Router-15...
ACADEMIC_DISTRIBUTION>en
Password:
Password:
ACADEMIC_DISTRIBUTION#sh run
Current configuration:
!
version 12.1

!
hostname ACADEMIC_DISTRIBUTION
!
boot system flash bootflash:c6msfc2-isv-mz.121-3a.E4
!
ip subnet-zero
ip cef distributed
ip name-server 144.16.192.1
!
!
!
!
interface Vlan2
description ernet_vlan
ip address 144.16.197.150 255.255.240.0
no ip redirects
no ip unreachables
ip nat outside
!
interface Vlan3
description gssst_vlan
ip address 10.44.1.2 255.255.0.0
ip nat inside
!
interface Vlan4
description math_vlan
ip address 10.23.1.2 255.255.0.0
ip nat inside
!
interface Vlan5
description cic_vlan
ip address 10.1.1.10 255.255.0.0
!
interface Vlan6
description vgsom
ip address 10.43.1.2 255.255.0.0
ip nat inside
!
interface Vlan7
description physics

ip address 10.33.1.2 255.255.0.0

ip nat inside
!
interface Vlan8
description CET
ip address 10.35.1.2 255.255.0.0
ip nat inside
!
interface Vlan9
description chemistry
ip address 10.28.1.2 255.255.0.0
ip nat inside
!
interface Vlan10
description IEM
ip address 10.29.1.2 255.255.0.0
ip nat inside
!
interface Vlan11
description naval
ip address 10.24.1.2 255.255.0.0
ip nat inside
!
interface Vlan12
description aerospace
ip address 10.25.1.2 255.255.0.0
ip nat inside
!
interface Vlan14
description matsc
ip address 10.39.1.2 255.255.0.0
ip nat inside
!
interface Vlan15
description metal
ip address 10.31.1.2 255.255.0.0
ip nat inside
!
interface Vlan16
description mining
ip address 10.32.1.2 255.255.0.0
ip nat inside
!

interface Vlan17
description crf
ip address 10.42.1.2 255.255.0.0
ip nat inside
!
interface Vlan18
description architecture
ip address 10.27.1.2 255.255.0.0
ip nat inside
!
interface Vlan19
description step
ip address 10.49.1.2 255.255.0.0
ip nat inside
!
interface Vlan20
description GEOLOGY
ip address 10.21.1.2 255.255.0.0
ip nat inside
!
interface Vlan21
description RTC
ip address 10.38.1.2 255.255.0.0
ip nat inside
!
interface Vlan22
description HUMANITY
ip address 10.30.1.2 255.255.0.0
ip nat inside
!
interface Vlan23
description CRYOGENIC
ip address 10.36.1.2 255.255.0.0
!
interface Vlan24
description CIVIL
ip address 10.19.1.2 255.255.0.0
ip nat inside
!
interface Vlan25
description Agriculture_PHTC
ip address 10.26.1.2 255.255.0.0
ip nat inside

!
interface Vlan26
description infocell
ip address 10.15.1.2 255.255.0.0
ip nat inside
!
interface Vlan30
description PCLAB1
ip address 10.3.18.2 255.255.255.0
!
interface Vlan31
description PCLAB2
ip address 10.3.19.2 255.255.255.0
!
interface Vlan32
description WORKSTATION
ip address 10.3.124.2 255.255.255.0
!
interface Vlan33
description TERMINAL
ip address 10.3.32.2 255.255.255.0
!
interface Vlan34
description STAFF
ip address 10.3.132.2 255.255.255.0
!
interface Vlan35
description VLSI
ip address 10.3.36.2 255.255.255.0
!
interface Vlan36
description advanced vlsi
ip address 10.55.1.2 255.255.0.0
ip nat inside
!
interface Vlan37
description medialab
ip address 10.3.140.2 255.255.255.0
!
interface Vlan40
description SCHOOL OF MEDICAL TECHNOLOGY
ip address 10.54.1.2 255.255.0.0
ip nat inside
!
interface Vlan51
description LAB1_SIT
ip address 10.14.1.2 255.255.255.0
!
interface Vlan52
description SERVER1s_SIT
ip address 10.14.2.2 255.255.255.0

!
interface Vlan53
description SERVER1p_SIT
ip address 10.14.3.2 255.255.255.0
!
interface Vlan54
description LAB2_SIT
ip address 10.14.4.2 255.255.255.0
!
interface Vlan55
description SERVER2s_SIT
ip address 10.14.5.2 255.255.255.0
!
interface Vlan56
description SERVER2p_SIT
ip address 10.14.6.2 255.255.255.0
!
interface Vlan57
description INCUBIT_SIT
ip address 10.14.7.2 255.255.255.0
!
interface Vlan58
description FACULTY_SIT
ip address 10.14.8.2 255.255.255.0
!
interface Vlan59
description STAFF_SIT
ip address 10.14.9.2 255.255.255.0
!
interface Vlan60
description PROJECT_SIT
ip address 10.14.10.2 255.255.255.0
!
interface Vlan61
description FPGA_SIT
ip address 10.14.11.2 255.255.255.0
!
interface Vlan100
no ip address
shutdown
!
interface Vlan500
ip address 10.151.1.1 255.255.0.0
ip nat inside
!
interface Vlan505
description NEWCICDIST_ACADEMICCORE
ip address 10.155.1.1 255.255.255.0
!
interface Vlan506

description NEWCICDIST_SERVER2948
ip address 10.155.2.1 255.255.255.0
!
interface Vlan509
description newcicdisribution to newciccore
ip address 10.200.9.2 255.255.255.0
ip nat inside
!
interface Vlan872
description NewCICDist_To_RCC
ip address 10.107.10.2 255.255.255.0
!
router ospf 109
redistribute rip subnets
network 10.0.0.0 0.255.255.255 area 0
!
router rip
redistribute ospf 109
passive-interface Vlan509
network 10.0.0.0
network 144.16.0.0
network 202.141.127.0
network 203.197.98.0
default-metric 10
!
ip nat inside source static 10.43.1.5 144.16.192.146


ip classless
ip route 0.0.0.0 0.0.0.0 10.151.1.2 150
ip route 61.11.237.101 255.255.255.255 10.5.18.64
ip route 61.11.237.102 255.255.255.255 10.5.18.65
ip route 61.11.237.103 255.255.255.255 10.5.18.66
ip route 61.11.237.104 255.255.255.255 10.5.18.67
ip route 144.16.192.10 255.255.255.255 10.32.1.4
ip route 144.16.192.25 255.255.255.255 10.9.1.4
ip route 144.16.192.41 255.255.255.255 10.27.1.4
ip route 144.16.192.50 255.255.255.255 10.21.1.4
ip route 144.16.192.72 255.255.255.255 10.5.19.45
ip route 144.16.192.73 255.255.255.255 10.19.1.4
ip route 144.16.192.89 255.255.255.255 10.20.1.4
ip route 144.16.192.97 255.255.255.255 10.24.1.4
ip route 144.16.192.105 255.255.255.255 10.39.1.4
ip route 144.16.192.110 255.255.255.255 10.15.1.4
ip route 144.16.192.112 255.255.255.255 10.55.32.81
ip route 144.16.192.113 255.255.255.255 10.25.1.4
ip route 144.16.192.121 255.255.255.255 10.26.1.4
ip route 144.16.192.135 255.255.255.255 10.33.1.4
ip route 144.16.192.136 255.255.255.255 10.28.1.4
ip route 144.16.192.145 255.255.255.255 10.43.1.4
ip route 144.16.192.146 255.255.255.255 10.43.1.5
ip route 144.16.192.147 255.255.255.255 10.29.1.4
ip route 144.16.192.220 255.255.255.255 10.20.251.4
ip route 144.16.192.221 255.255.255.255 10.35.1.4
ip route 144.16.192.241 255.255.255.255 10.44.1.4
ip route 144.16.194.6 255.255.255.255 10.26.32.6
ip route 144.16.195.125 255.255.255.255 10.38.1.4
ip route 144.16.195.140 255.255.255.255 10.17.32.1
ip route 144.16.195.141 255.255.255.255 10.17.32.2
ip route 144.16.195.142 255.255.255.255 10.17.32.3
ip route 144.16.195.143 255.255.255.255 10.17.32.4
ip route 144.16.195.156 255.255.255.255 10.17.32.7
ip route 144.16.195.170 255.255.255.255 10.17.32.8
ip route 144.16.195.171 255.255.255.255 10.17.32.9
ip route 144.16.195.186 255.255.255.255 10.17.32.5
ip route 144.16.196.219 255.255.255.255 10.25.1.5
ip route 144.16.200.149 255.255.255.255 10.49.32.100
ip route 144.16.204.0 255.255.255.0 10.151.1.2

ip route 144.16.205.0 255.255.255.0 10.151.1.2

ip route 203.197.98.28 255.255.255.255 10.17.40.1
no ip http server
!
!
line con 0
line vty 0 3
login
line vty 4
password core1
login
!
end

(C) Hostel CORE-1 Cisco Catalyst 6509 Switch:

..................
..................
..................
..................
begin
!
!
!
#time: Thu Dec 19 2002, 03:33:41
!
#version 6.1(3)
!
!
DK: 40
!
set password $2$6N5L$LZX0ZPI5zI1MPfvOBqkhB.
set enablepass $2$2G43$TSmhaizDkCW.eVKSrR.kO1
!
#errordetection
!
#!
#vtp
set vtp domain IITKGP
set vlan 3 name gsst type ethernet mtu 1500 said 100003 state active
set vlan 100 name CICSERVER type ethernet mtu 1500 said 100100 state active
set vlan 500 name Dist_CIC type ethernet mtu 1500 said 100500 state active
set vlan 502 name dist_lib type ethernet mtu 1500 said 100502 state active
set vlan 505 name core_newcicdist type ethernet mtu 1500 said 100505 state activ
e
set vlan 508 name newcic_core2 type ethernet mtu 1500 said 100508 state active
set vlan 610 name academic_foundationcore1 type ethernet mtu 1500 said 100610 st
ate active
set vlan 611 name azad_foundationcore1 type ethernet mtu 1500 said 100611 state

active
set vlan 613 name nehru_foundationcore1 type ethernet mtu 1500 said 100613 state
active
set vlan 615 name patel_fundationcore1 type ethernet mtu 1500 said 100615 state
active
set vlan 617 name hb_foundationcore1 type ethernet mtu 1500 said 100617 state ac
tive
set vlan 619 name jcb_foundationcore1 type ethernet mtu 1500 said 100619 state a
ctive
set vlan 621 name llr_foundationcore1 type ethernet mtu 1500 said 100621 state a
ctive
set vlan 623 name vs_foundationcore1 type ethernet mtu 1500 said 100623 state ac
tive
set vlan 627 name rk_foundationcore1 type ethernet mtu 1500 said 100627 state ac
tive
set vlan 629 name rp_foundationcore1 type ethernet mtu 1500 said 100629 state ac
tive
set vlan 631 name bcr_foundationcore1 type ethernet mtu 1500 said 100631 state a
ctive
set vlan 633 name mbm_foundationcore1 type ethernet mtu 1500 said 100633 state a
ctive
set vlan 635 name ig_foundationcore1\ type ethernet mtu 1500 said 100635 state a
ctive
set vlan 640 name hallserver type ethernet mtu 1500 said 100640 state active
set vlan 641 name content_engine type ethernet mtu 1500 said 100641 state active
e stp ieee
p ibm
!
#ip
set interface sc0 1 10.200.1.250/255.255.255.0 10.200.1.255
set ip route 0.0.0.0/0.0.0.0 10.200.1.2

!
#set boot command
!
#qos
set qos enable
set qos policed-dscp-map 0,32:0
set qos policed-dscp-map 1:1




set qos policer aggregate qos_tcp rate 480000 policed-dscp erate 480000 drop bur
st 32000
set qos policer aggregate qos_udp rate 320000 policed-dscp erate 320000 drop bur
st 32000
set qos policer aggregate QPM_3_6 rate 0 policed-dscp erate 0 drop burst 32
!
!
!
!
!
set trunk 3/6 on isl 1-1005,1025-4094
set trunk 3/7 on isl 1-1005,1025-4094
set trunk 3/8 on isl 1-1005,1025-4094
set trunk 3/9 on isl 1-1005,1025-4094
set trunk 3/10 on isl 1-1005,1025-4094
set trunk 3/11 on isl 1-1005,1025-4094
set trunk 3/12 on isl 1-1005,1025-4094
set trunk 3/13 on isl 1-1005,1025-4094
set trunk 3/15 on isl 1-1005,1025-4094
set trunk 3/16 on isl 1-1005,1025-4094
set port qos 3/1-12 vlan-based
!
#module 4 empty
!
!
!
#module 7 empty
!
#module 8 empty
!

#module 9 empty
!
!
end
Console> (enable)
Trying Router-15...
User Access Verification
Password:
HOSTEL_CORE1>en
Password:
HOSTEL_CORE1#sh run
!
version 12.1
!
hostname HOSTEL_CORE1
!
boot system flash bootflash:c6msfc2-is-mz.121-3a.E4
enable secret 5 $1$xC32$s16mUY/jmUbObKNDXjXgV.
enable password line test
!
ip subnet-zero
ip cef
!
redundancy
high-availability
config-sync
!
!
!
interface Vlan1
ip address 10.200.2.2 255.255.255.0 secondary alt ip address 10.200.2.210 255.2
55.255.0 secondary
ip address 10.200.1.2 255.255.255.0 alt ip address 10.200.1.210 255.255.255.0
no ip redirects
no ip unreachables
!
interface Vlan505

description Academic Core to New CIC Distribution

!
interface Vlan508
description Academic Core to New CIC Core
ip pim dense-mode
!
interface Vlan610
description academic 3/16 to foundation core1
ip pim dense-mode
!
interface Vlan611
description AZAD TO FOUNDATION CORE1
ip pim dense-mode
!
interface Vlan613
description NEHRU TO FOUNDATION CORE1
ip pim dense-mode
!
interface Vlan615
description PATEL TO FOUNDATION CORE1
ip pim dense-mode
!
interface Vlan617
description HB TO FOUNDATION CORE1
ip pim dense-mode
!
interface Vlan619
description JCB TO FOUNDATION CORE1
ip pim dense-mode
!
interface Vlan621
description LLR TO HOSTEL_CORE1
ip pim dense-mode
!
interface Vlan623
description VS TO HOSTEL_CORE1
ip pim dense-mode
!
interface Vlan627
description RK TO HOSTEL_CORE1


ip pim dense-mode
!
interface Vlan629
description RP TO HOSTEL_CORE1
ip pim dense-mode
!
interface Vlan631
description BCR TO HOSTEL_CORE1
ip pim dense-mode
!
interface Vlan633
description CORE1 3/12 TO MBM DISTRIBUTION VLAN
ip pim dense-mode
!
interface Vlan635
description IG TO FOUNDATION CORE1
ip pim dense-mode
!
interface Vlan640
description SERVER VLAN
!
router ospf 109
network 10.0.0.0 0.255.255.255 area 0
!
ip classless
ip route 10.100.11.225 255.255.255.255 10.200.8.1
no ip http server
!
!
line con 0
line vty 0 4
password core1
login
!
end

(D) Hostel CORE-2 Cisco Catalyst 6509 Switch:
Console> (enable) sh run

Unknown command "show run". Use 'show help' for more info.
..................
..................
begin
!
!
!
#time: Thu Dec 19 2002, 03:41:47
!
#version 6.1(3)
!
!
DK: 40
!
set password $2$bJyL$x1Ypmg4x8qkDz5p7o0T6t.
set enablepass $2$xEvD$5AcnVDw3l.c87KWIdgnMn/
!
#errordetection
!
#!
#vtp
set vtp domain FOUNDATION_CORE2
set vlan 3 name gssst type ethernet mtu 1500 said 100003 state active
set vlan 8 name cet type ethernet mtu 1500 said 100008 state active
set vlan 100 name cicserver type ethernet mtu 1500 said 100100 state active
set vlan 500 name dist_cic type ethernet mtu 1500 said 100500 state active
set vlan 502 name library type ethernet mtu 1500 said 100502 state active
set vlan 507 name newcic_core type ethernet mtu 1500 said 100507 state active
set vlan 610 name ACADEMIC_FOUNDATIONCORE1 type ethernet mtu 1500 said 100610 st
ate active
set vlan 611 name AZAD_FOUNDATIONCORE1 type ethernet mtu 1500 said 100611 state

active
set vlan 612 name AZAD_FOUNDATIONCORE2 type ethernet mtu 1500 said 100612 state
active
set vlan 613 name NEHRU_FOUNDATIONCORE1 type ethernet mtu 1500 said 100613 state
active
set vlan 614 name NEHRU_FOUNDATIONCORE2 type ethernet mtu 1500 said 100614 state
active
set vlan 615 name PATEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100615 state
active
set vlan 616 name PATEL_FOUNDATIONCORE2 type ethernet mtu 1500 said 100616 state
active
set vlan 617 name HB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100617 state ac
tive
set vlan 619 name JCB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100619 state a
ctive
set vlan 620 name JCB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100620 state a
ctive
set vlan 621 name LLR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100621 state a
ctive
set vlan 622 name LLR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100622 state a
ctive
set vlan 623 name VS_FOUNDATIONCORE1 type ethernet mtu 1500 said 100623 state ac
tive
set vlan 624 name VS_FOUNDATIONCORE2 type ethernet mtu 1500 said 100624 state ac
tive
set vlan 625 name GOKHEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100625 stat
e active
set vlan 626 name HB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100626 state ac
tive
set vlan 627 name RK_FOUNDATIONCORE1 type ethernet mtu 1500 said 100627 state ac
tive
set vlan 628 name RK_FOUNDATIONCORE2 type ethernet mtu 1500 said 100628 state ac
tive
set vlan 629 name RP_FOUNDATIONCORE1 type ethernet mtu 1500 said 100629 state ac
tive
set vlan 630 name RP_FOUNDATIONCORE2 type ethernet mtu 1500 said 100630 state ac
tive
set vlan 631 name BCR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100631 state a
ctive
set vlan 632 name BCR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100632 state a
ctive
set vlan 633 name CORE1_MBM type ethernet mtu 1500 said 100633 state active
set vlan 634 name MBM_FOUNDATIONCORE2 type ethernet mtu 1500 said 100634 state a
ctive
set vlan 635 name IG_FOUNDATIONCORE1 type ethernet mtu 1500 said 100635 state ac
tive
set vlan 636 name IG_FOUNDATIONCORE2 type ethernet mtu 1500 said 100636 state ac
tive
set vlan 640 name server type ethernet mtu 1500 said 100640 state active
set vlan 641 name content_engine type ethernet mtu 1500 said 100641 state active

set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active
set vlan 900 name TEST type ethernet mtu 1500 said 100900 state active
e stp ieee
p ibm
set vlan 760-761,776,847,871
!
#ip
set interface sc0 1 10.200.1.254/255.255.255.0 10.200.1.255
set ip route 0.0.0.0/0.0.0.0 10.200.1.2

!
#dns
set ip dns server 10.128.2.2 primary
set ip dns enable
set ip dns domain net.iitkgp.ernet.in
!
#set boot command
!
#mls
set mls statistics protocol 0
set mls nde flow include source 10.200.1.254/255.255.255.255 destination 10.200.
1.200/255.255.255.255
!
#qos
set qos enable
set qos policer aggregate qos_tcp1 rate 480000 policed-dscp erate 480000 drop bu
rst 32000
set qos policer aggregate qos_udp1 rate 320000 policed-dscp erate 320000 drop bu
rst 32000
clear qos acl all
#qos_vlan1
set qos acl ip qos_vlan1 dscp 0 aggregate qos_tcp1 tcp any any
set qos acl ip qos_vlan1 dscp 0 aggregate qos_udp1 udp any any
#
commit qos acl all
#
set qos acl map qos_vlan1 612,614,616,620,622,624,626,628,630,632,634,636
!
#port channel
set port channel 2/1-2 781
!
!
!

set vlan 650 1/1

set udld enable 1/1-2
set trunk 1/2 on isl 1-1005,1025-4094
set port qos 1/2 vlan-based
!
set trunk 2/1 on isl 1-1005,1025-4094
set trunk 2/2 on isl 1-1005,1025-4094
set port channel 2/1-2 mode on
#module 3 empty
!
set udld enable 4/6,4/8,4/10,4/12,4/15-16
set trunk 4/1 on isl 1-1005,1025-4094
set trunk 4/2 on isl 1-1005,1025-4094
set trunk 4/3 on isl 1-1005,1025-4094
set trunk 4/4 on isl 1-1005,1025-4094
set trunk 4/5 on isl 1-1005,1025-4094
set trunk 4/6 on isl 1-1005,1025-4094
set trunk 4/7 on isl 1-1005,1025-4094
set trunk 4/8 on isl 1-1005,1025-4094
!
!
!
#module 7 empty
!
#module 8 empty
!
#module 9 empty
!
!
end
Console> (enable)
Trying Router-15...
HOSTEL_CORE2>en
HOSTEL_CORE2#sh run
!
!
version 12.1


!
hostname HOSTEL_CORE2
boot system flash bootflash:c6msfc2-is-mz.121-3a.E4
!
ip subnet-zero
ip cef
!
redundancy
high-availability
config-sync
!
interface Vlan507
description Foundation Core1 to New CIC Core
ip pim dense-mode
!
interface Vlan612
description AZAD TO FOUNDATION CORE2
!
interface Vlan614
!
interface Vlan616
description PATEL TO FOUNDATION CORE2
!
interface Vlan620
description JCB TO FOUNDATION CORE2
ip pim dense-mode
!
interface Vlan622
description LLR TO FOUNDATION CORE2
!
interface Vlan624
description VS TO FOUNDATION CORE2
!
interface Vlan626
description HB TO FOUNDATION CORE2
!
interface Vlan628
description RK TO FOUNDATIONCORE2

!
interface Vlan630
description RP TO FOUNDATION CORE2
!
interface Vlan632
description BCR TO FOUNDATION CORE2
!
interface Vlan634
description MBM TO FOUNDATION CORE2
!
interface Vlan636
description IG TO FOUNDATION CORE2
!
interface Vlan900
!
router ospf 109
network 10.0.0.0 0.255.255.255 area 0
!
ip classless
no ip http server
!
access-list 10 permit 10.51.1.100
!
line con 0
line vty 0 4
login
!
time-range halltime
!
end

(E) THAICOM Gateway Router Cisco 7507:
Router#sh run

!
!
version 12.2
no service single-slot-reload-enable
!
hostname Router
!
enable secret 5 $1$r1XD$UyWDrgbaCS7/iYGMXobyu0
!
ip subnet-zero
ip wccp web-cache
!
ip cef distributed
!
class-map match-all Upstream_control
match access-group 108
class-map match-all Downstream_control
class-map match-all hostel_weekend
class-map match-all academic_weekend
class-map match-all academic_daytime
class-map match-all academic_nighttime
class-map match-all hostel_daytime
class-map match-all hostel_nighttime
!
!
policy-map bw_control
class academic_nighttime
police 496000 124000 124000 conform-action transmit exceed-action drop
class academic_weekend
class hostel_daytime
class hostel_nighttime


class hostel_weekend
class academic_daytime
policy-map academic_daytime
policy-map CET_BW_Downstream
class Downstream_control
policy-map CET_BW_Upstream
class Upstream_control
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet1/0/0
description CONNECTION TO DVB RECEIVER
ip address 61.11.237.254 255.255.255.252
ip route-cache flow
half-duplex
!
interface Serial1/1/0
ip address 203.192.34.226 255.255.255.252
ip wccp web-cache redirect out
no keepalive
no fair-queue
ignore-dcd
serial restart-delay 0
!
no ip address
shutdown
!
no ip address
shutdown
!
no ip address
shutdown
!
interface FastEthernet4/0/0

ip address 61.11.237.1 255.255.255.128

ip route-cache same-interface
half-duplex
!
interface Hssi4/1/0
no ip address
shutdown
!
interface Hssi4/1/1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1/1/0
ip route 10.0.0.0 255.0.0.0 61.11.237.3
ip route 61.11.251.0 255.255.255.0 61.11.237.3
ip route 202.131.126.0 255.255.255.0 61.11.237.3
ip route 202.131.127.0 255.255.255.0 61.11.237.3
ip route 203.192.37.0 255.255.255.0 61.11.237.3
no ip http server
ip pim bidir-enable
!
access-list 101 permit ip any 10.96.0.0 0.31.255.255 time-range daytime
access-list 103 permit ip any 10.96.0.0 0.31.255.255 time-range nighttime
access-list 105 permit ip any 10.96.0.0 0.31.255.255 time-range weekend
access-list 107 permit ip any host 61.11.237.110
access-list 108 permit ip host 61.11.237.110 any


snmp-server engineID local 000000090200000652D67020
!
!
!
line con 0
line aux 0
line vty 0 3
password dalmia12
login
line vty 4
login
!
time-range daytime
!
time-range halltime
!
time-range nighttime
!
time-range weekend
!
end

(F) Cisco PIX Firewall with Failover:
pixfirewall# write terminal

: Saved
:
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 intf2 security10
nameif gb-ethernet0 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
no names
access-list acl_out permit icmp any any
access-list acl_out permit ip any host 61.11.237.101
access-list acl_in permit icmp any any
access-list acl_in permit ip host 10.129.100.190 any
access-list acl_in deny tcp any host 64.71.146.185 eq www
access-list acl_in permit ip any host 61.11.237.1
access-list acl_in permit ip any host 61.11.237.4


access-list acl_in permit tcp any any eq www
access-list acl_in permit tcp any any eq https
access-list acl_in permit tcp any any eq 210
pager lines 24
logging host inside 10.250.1.100
interface ethernet0 10baset
interface gb-ethernet0 1000sxfull
mtu outside 1500
mtu intf2 1500
mtu inside 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
mtu intf6 1500
ip address outside 61.11.237.3 255.255.255.128
ip address intf2 172.16.2.1 255.255.255.0
ip address inside 10.250.1.2 255.255.255.0
ip address intf3 172.16.3.1 255.255.255.0
ip address intf4 172.16.4.1 255.255.255.0
ip address intf5 172.16.5.1 255.255.255.0
ip address intf6 172.16.6.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 61.11.237.2
failover ip address intf2 172.16.2.2
failover ip address inside 10.250.1.3
pdm history enable
arp timeout 14400
global (outside) 1 61.11.237.14
nat (inside) 0 61.11.251.0 255.255.255.0 0 0
nat (inside) 0 202.131.126.0 255.255.255.0 0 0

nat (inside) 0 202.131.127.0 255.255.255.0 0 0

nat (inside) 0 203.192.37.0 255.255.255.0 0 0
nat (inside) 2 144.16.192.0 255.255.240.0 0 0
nat (inside) 1 10.96.0.0 255.224.0.0 0 0
nat (inside) 3 10.0.0.0 255.192.0.0 0 0
nat (inside) 4 10.128.0.0 255.128.0.0 0 0
static (inside,outside) 61.11.237.18 10.128.2.2 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
route outside 0.0.0.0 0.0.0.0 61.11.237.1 1
route inside 10.0.0.0 255.0.0.0 10.250.1.4 1
route inside 61.11.251.0 255.255.255.0 10.250.1.4 1
route inside 144.16.192.0 255.255.240.0 10.250.1.4 1
route inside 202.131.126.0 255.255.255.0 10.250.1.4 1
route inside 202.131.127.0 255.255.255.0 10.250.1.4 1
route inside 203.192.37.0 255.255.255.0 10.250.1.4 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute uauth 0:04:00 inactivity
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
no floodguard enable
no sysopt route dnat
telnet 10.250.1.100 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:9be391a075cae827d7c1da9b5e040b6b
: end
[OK]

(G) Cisco Catalyst 5509 VSNL Router:
sh run
!
version 11.2
no service udp-small-servers
no service tcp-small-servers
!
hostname vmerry
!
enable secret 5 $1$85RL$Q3n/PXK68HlDyMMA9iFV0/
enable password catalyst
!
!
interface Serial0/0
ip address 202.54.55.165 255.255.255.252
ip access-group 117 in
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
no logging event subif-link-status
bandwidth 2000
tx-queue-limit 32767
fair-queue 1000 256 0
transmit-buffers backing-store
hold-queue 1000 in
hold-queue 1000 out
!
interface Serial0/1
ip address 202.54.55.165 255.255.255.252
ip accounting output-packets
bandwidth 2048
shutdown
no fair-queue
!
interface Serial0/2
no ip address
shutdown
!
interface Serial0/3
no ip address


shutdown
!
interface Vlan1
ip address 144.16.192.3 255.255.224.0
bandwidth 1000000
hold-queue 1000 in
hold-queue 1000 out
!
interface Vlan2
no ip address
shutdown
!
router igrp 1
redistribute static
network 202.141.127.0
network 203.197.98.0
!
no ip classless
ip default-network 0.0.0.0
ip route 0.0.0.0 0.0.0.0 202.54.55.166
ip route 10.0.0.0 255.0.0.0 Vlan1
ip route 144.16.0.0 255.255.0.0 202.54.55.166
ip route 144.16.193.0 255.255.255.0 Vlan1
ip route 144.16.194.0 255.255.255.0 Vlan1
ip route 144.16.195.0 255.255.255.0 Vlan1
ip route 144.16.196.0 255.255.255.0 Vlan1
ip route 144.16.197.0 255.255.255.0 Vlan1
ip route 144.16.198.0 255.255.255.0 Vlan1
ip route 144.16.199.0 255.255.255.0 Vlan1
ip route 144.16.200.0 255.255.255.0 Vlan1
ip route 144.16.201.0 255.255.255.0 Vlan1
ip route 144.16.202.0 255.255.255.0 Vlan1
ip route 144.16.203.0 255.255.255.0 Vlan1
ip route 144.16.204.0 255.255.255.0 Vlan1
ip route 144.16.205.0 255.255.255.0 Vlan1
ip route 144.16.206.0 255.255.255.0 Vlan1
ip route 144.16.207.0 255.255.255.0 Vlan1
ip route 202.141.127.0 255.255.255.0 Vlan1
ip route 203.197.98.0 255.255.255.0 Vlan1


access-list 115 deny ip 202.141.127.0 0.0.0.255 any
access-list 115 deny ip 203.197.98.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0 4
password cmc
login
!
end
vmerry#logout

(H) Cisco CACHE ENGINE CE-590:
Cisco Content Engine
CE-590 login: admin

Password:
Last login: Mon Dec 23 15:40:00 from 61.11.237.15
System Initialization Finished.
CE-590#sh run
hostname CE-590
!
!
!
!
!
!
!
primary-interface FastEthernet 0/0
!
interface FastEthernet 0/0
ip address 61.11.237.4 255.255.255.128
exit
interface FastEthernet 0/1
shutdown
exit
!
!
ip default-gateway 61.11.237.1
!
!
!
!
!
!
!
!
!
!
!
!
!
wccp router-list 1 61.11.237.1
wccp web-cache router-list-num 1
wccp version 2
!
!
rule enable
rule block url-regex .*\cmd.exe

rule block url-regex .*/root.exe

rule block url-regex .*/readme\.eml
rule block url-regex .*/default\.ida
rule block url-regex ^http://.*/cmd\.exe
rule block url-regex ^http://.*/root\.exe
rule block url-regex ^http://.*/default\.ida
!
!
transaction-logs enable
!
!
username admin password 1 bVmDmMMmZAPjY
username admin privilege 15
!
snmp-server community public
!
!
!
authentication login local enable primary
authentication configuration local enable primary
!
!
!
!
!
!
!
CE-590#

15. Computer Sc. Cisco 2948 GL3 Distribution Switch Configuration
CSE#show run
!
version 12.0
no service pad
!
hostname CSE
!
enable secret 5 $1$YqdA$k1bFzARKI.qyeUhh2QOfe.
!
ip subnet-zero
bridge irb
!
!
!
interface FastEthernet1
description THAICOM
no ip address
bridge-group 10
!
description THAICOM
no ip address
bridge-group 10
!
description Valid_IP
no ip address
bridge-group 8
!
description Valid_IP
no ip address
bridge-group 8
!
description Student_net
no ip address
bridge-group 1
!

no ip address
bridge-group 1
!
no ip address
bridge-group 1
!
no ip address
bridge-group 1
!
no ip address
bridge-group 1
!
no ip address
bridge-group 1
!
no ip address
bridge-group 1
!
no ip address
bridge-group 1
!
no ip address
bridge-group 1
!
no ip address

bridge-group 1
!
description staff_net
no ip address
bridge-group 2
!
no ip address
bridge-group 2
!
no ip address
bridge-group 2
!
no ip address
bridge-group 2
!
no ip address
bridge-group 2
!
no ip address
bridge-group 2
!
no ip address
bridge-group 2
!
no ip address
bridge-group 2
!

no ip address
bridge-group 2
!
no ip address
bridge-group 2
!
description server_net
no ip address
bridge-group 3
!
no ip address
bridge-group 3
!
no ip address
!
no ip address
bridge-group 3
!
no ip address
bridge-group 3
!
no ip address
bridge-group 3
!
no ip address
bridge-group 3
!

no ip address
bridge-group 3
!
no ip address
bridge-group 3
!
no ip address
bridge-group 3
!
description proj1_net
no ip address
bridge-group 4
!
no ip address
bridge-group 4
!
no ip address
bridge-group 4
!
no ip address
bridge-group 4
!
no ip address
bridge-group 5
!
no ip address
bridge-group 5
!

interface FastEthernet40.1
description project1net connected to 2924_hardwarelab
encapsulation isl 494
no ip redirects
bridge-group 4
!
description staffnet connected to 2924_hardwarelab
no ip redirects
bridge-group 2
!
no ip address
bridge-group 5
!
description staffnet connected to 2924_dtp room
no ip redirects
bridge-group 2
!
description studentnet connected to 2924_dtp room
no ip redirects
bridge-group 1
!
description project1net connected to 2924_dtp room
no ip redirects
bridge-group 4
nterface FastEthernet42
no ip address
bridge-group 5
nterface FastEthernet42.1
description STUDENT_NET CONNECTED TO 2924 SWITCH1
no ip redirects

bridge-group 1
description STAFF_NET CONNECTED TO 2924 SWITCH1
no ip redirects
bridge-group 2
description SERVER_NET CONNECTED TO 2924 SWITCH1
no ip redirects
bridge-group 3
description PROJECT1_NET CONNECTED TO 2924 SWITCH1
no ip redirects
bridge-group 4
description interdepartmental_1
no ip address
bridge-group 6
no ip address
bridge-group 6
no ip address
bridge-group 6
no ip address
bridge-group 6
description project1net connected to 2924_ab roo
no ip redirects

bridge-group 4
description staffnet connected to 2924_ab room
no ip redirects
bridge-group 2
no ip address
bridge-group 7
no ip address
bridge-group 7
nterface GigabitEthernet49
no ip address
nterface GigabitEthernet49.1
description Valid_ip
encapsulation isl 2
no ip redirects
bridge-group 8
description CSC_Core_Vlan
no ip redirects
bridge-group 9
description interdepartmental2_vlan
no ip redirects
bridge-group 7
description interdepartmental1_vlan
no ip redirects
bridge-group 6

description THAICOM VLAN
no ip redirects
bridge-group 10
description staffnet
no ip redirects
bridge-group 2
no ip redirects
bridge-group 4
nterface GigabitEthernet50
no ip address
shutdown
nterface BVI1
description student_net
ip address 10.5.16.2 255.255.255.0
nterface BVI2
ip address 10.5.17.2 255.255.255.0
nterface BVI3
ip address 10.5.18.2 255.255.255.0
nterface BVI4
ip address 10.5.19.2 255.255.255.0
nterface BVI5
ip address 10.5.20.2 255.255.255.0

nterface BVI6
no ip address
!
interface BVI8
description Valid_vlan
no ip address
!
interface BVI9
ip address 10.153.1.1 255.255.0.0
!
interface BVI10
no ip address
!
router ospf 109
redistribute rip subnets
network 10.0.0.0 0.255.255.255 area 0
!
router rip
redistribute ospf 109
passive-interface BVI9
network 10.0.0.0
default-metric 10
!
ip classless
ip forward-protocol udp xdmcp
ip forward-protocol udp ntp
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 route ip
bridge 3 route ip
bridge 4 route ip
bridge 5 route ip
bridge 6 route ip
bridge 7 route ip
bridge 8 route ip
bridge 9 route ip


bridge 10 route ip
!
line con 0
line aux 0
line vty 0 4
password cse5
login
!
end

16. ACCESS/EDGE Switch Configuration details of some Departments
(A) ARCHITECTURE:
Architecture# sh run
!
version 11.2
no service pad
!
hostname Architecture
!
enable secret 5 $1$gb8n$ews.tHRVMYkEhSkk.4YlU.
enable password arch
!
!
!
!
interface VLAN1
no ip address
no ip route-cache
shutdown
!
interface VLAN18
ip address 10.27.1.1 255.255.0.0
no ip route-cache
!
interface FastEthernet0/1
switchport access vlan 18
!
!
!
!
!
!


!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
interface GigabitEthernet1/1
!
snmp-server community private RW
snmp-server chassis-id 0x10
!
line con 0
stopbits 1
line vty 0 4
password arch27
login
line vty 5 9
login
!
end
_______________________________________________
Configuration of 1924 installed at Architecture.

_______________________________________________
Catalyst 1900 - IP Configuration
Ethernet Address: 00-06-28-D9-B6-00
----------------------- Settings ---------------------------------------

[I] IP address 10.27.2.1
[S] Subnet mask 255.255.0.0
[G] Default gateway 10.27.1.2
[B] Management bridge group 1 (always)
[M] IP address of DNS server 1 0.0.0.0
[N] IP address of DNS server 2 0.0.0.0
[D] Domain name
[R] Use Routing Information Protocol Enabled
----------------------- Actions ----------------------------------------

[P] Ping
[C] Clear cached DNS entries
[X] Exit to previous menu

(B) IE & M:
IEM# sh run
!
version 12.0
no service pad
!
hostname IEM
!
enable secret 5 $1$qDLu$7L.O.t7hdeZiEMUbAk6bh1
!
!
!
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
switchport trunk allowed vlan 1,10,1002-1005
switchport mode trunk
!
!
interface VLAN1

no ip address
no ip route-cache
shutdown
!
interface VLAN10
ip address 10.29.1.1 255.255.0.0
no ip route-cache
!
snmp-server engineID local 000000090200000628F1D100
!
line con 0
stopbits 1
line vty 0 4
password iem29
login
line vty 5 15
password iem29
login
!
end

(C) NAVAL:
NAVAL# sh run
!
version 12.0
no service pad
!
hostname NAVAL
!
enable secret 5 $1$EZdN$2Zwnhv0ktj48jUb8gJ1HJ.
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
!

!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
switchport trunk allowed vlan 1,11,1002-1005
switchport mode trunk

!
!
interface VLAN1
no ip address
no ip route-cache
shutdown
!
interface VLAN11
ip address 10.24.1.1 255.255.0.0
no ip route-cache
!
snmp-server engineID local 0000000902000006530F3940
!
line con 0
stopbits 1
line vty 0 4
password naval24
login
line vty 5 15
password naval24
login
!
end

(D) CRF:
CRF# sh run
!
version 11.2
no service pad
!
hostname CRF
!
enable secret 5 $1$MyCd$gtAw7RYfT5bu1q5hxQ6aA/
!
!
!
!
interface VLAN1
no ip address
no ip route-cache
shutdown
!
interface VLAN17
ip address 10.42.1.1 255.255.0.0
no ip route-cache
!
!
!
!
!
!
!
!

!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

snmp-server chassis-id 0x10
!
line con 0
stopbits 1
line vty 0 4
password crf42
login
line vty 5 9
login
!
end

17. DISTRIBUTION Switch Configuration details of some Hostel
(A) NEHRU Hall Distribution Cisco Catalyst 6509 Switch:
Cisco Systems Console
Enter password:
Console> en
Enter password:
..................
..................
..................
begin
!
!
!
#time: Thu Sep 12 2002, 04:45:58
!
#version 6.1(3)
!
!
DK: 40
!
set password $2$0o8Z$Uzhvc1xPbFk4WnBzZ03zI0
set enablepass $2$CBqb$n64swmlNxNXQ9QOVlxpSO0
!
#errordetection
!
#!
#vtp
set vtp domain NEHRU
set vlan 613 name NEHRU_CORE1 type ethernet mtu 1500 said 100613 state active
set vlan 614 name NEHRU_CORE2 type ethernet mtu 1500 said 100614 state active
set vlan 815 name NEHRU_A_GND type ethernet mtu 1500 said 100815 state active
set vlan 816 name NEHRU_B_GND type ethernet mtu 1500 said 100816 state active
set vlan 817 name NEHRU_B_1ST type ethernet mtu 1500 said 100817 state active
set vlan 818 name NEHRU_B_2ND type ethernet mtu 1500 said 100818 state active
set vlan 819 name NEHRU_C_GND type ethernet mtu 1500 said 100819 state active
set vlan 820 name NEHRU_C_1ST type ethernet mtu 1500 said 100820 state active
set vlan 821 name NEHRU_C_2ND type ethernet mtu 1500 said 100821 state active

set vlan 822 name NEHRU_D_GND type ethernet mtu 1500 said 100822 state active
set vlan 823 name NEHRU_D_1ST type ethernet mtu 1500 said 100823 state active
set vlan 824 name NEHRU_D_2ND type ethernet mtu 1500 said 100824 state active
e stp ieee
p ibm
set vlan 640-641
!
#ip
set interface sc0 1 10.200.1.108/255.255.255.0 10.200.1.255
set ip route 0.0.0.0/0.0.0.0 10.200.1.2

!
#set boot command
!
!
!
set vlan 640 1/1
!
#module 2 empty
!
set udld enable 3/13
clear trunk 3/1 2-814,816-1005,1025-4094
clear trunk 3/2 2-815,817-1005,1025-4094
clear trunk 3/3 2-816,818-1005,1025-4094
clear trunk 3/4 2-639,642-817,819-1005,1025-4094
set trunk 3/4 on isl 1,640-641,818
clear trunk 3/5 2-818,820-1005,1025-4094
clear trunk 3/6 2-819,821-1005,1025-4094
clear trunk 3/7 2-820,822-1005,1025-4094
clear trunk 3/8 2-821,823-1005,1025-4094
clear trunk 3/9 2-822,824-1005,1025-4094
clear trunk 3/10 2-823,825-1005,1025-4094


set trunk 3/13 on isl 1-1005,1025-4094
clear trunk 3/15 2-612,614-639,642-1005,1025-4094
set trunk 3/15 on isl 1,613,640-641
clear trunk 3/16 2-613,615-1005,1025-4094
!
#module 4 empty
!
!
#module 6 empty
!
#module 7 empty
!
#module 8 empty
!
#module 9 empty
!
!
#module 16 empty
end
Console> (enable)
Enter password:
Console> session 15
Trying Router-15...
NEHRU>en
Password:
NEHRU#sh run

!
version 12.1
!
hostname NEHRU

!
!
ip subnet-zero
!
!
no ip finger
ip domain-name nehru.iitkgp.ernet.in
ip dhcp database ftp://dhcplog:dhcplog@10.129.100.14/router-dhcp write-delay 120
ip dhcp excluded-address 10.108.1.1 10.108.1.31
!
ip dhcp pool NEHRU
network 10.108.0.0 255.255.0.0
domain-name nehru.iitkgp.ernet.in
dns-server 10.129.100.14 10.128.2.2 144.16.192.55
netbios-name-server 10.129.100.14 10.128.2.2
netbios-node-type h-node
!
ip dhcp pool NEHRU_A_GND
network 10.108.1.0 255.255.255.0
default-router 10.108.1.2
!
ip dhcp pool NEHRU_B_GND
network 10.108.2.0 255.255.255.0
!
ip dhcp pool NEHRU_B_1ST
network 10.108.3.0 255.255.255.0
!
ip dhcp pool NEHRU_B_2ND
network 10.108.4.0 255.255.255.0
!
ip dhcp pool NEHRU_C_GND
network 10.108.5.0 255.255.255.0

!
ip dhcp pool NEHRU_C_1ST
network 10.108.6.0 255.255.255.0
!
ip dhcp pool NEHRU_C_2ND
network 10.108.7.0 255.255.255.0
!
ip dhcp pool NEHRU_D_GND
network 10.108.8.0 255.255.255.0
!
ip dhcp pool NEHRU_D_1ST
network 10.108.10.0 255.255.255.0
!
ip dhcp pool NEHRU_D_2ND
network 10.108.9.0 255.255.255.0
!
!
!
!
interface Vlan613
ip address 10.200.13.2 255.255.255.0
ip pim dense-mode
!
interface Vlan614
ip address 10.200.14.2 255.255.255.0
ip pim dense-mode
!
interface Vlan815
description NEHRU TO BLOCK A GROUND FLOOR
ip address 10.108.1.2 255.255.255.0
ip pim dense-mode
!
interface Vlan816
description NEHRU TO BLOCK B GROUND FLOOR
ip address 10.108.2.2 255.255.255.0
ip pim dense-mode
!
interface Vlan817
description NEHRU TO BLOCK B 1ST FLOOR
ip address 10.108.3.2 255.255.255.0

ip pim dense-mode
!
interface Vlan818
description NEHRU TO BLOCK B 2ND FLOOR
ip address 10.108.4.2 255.255.255.0
ip pim dense-mode
!
interface Vlan819
description NEHRU TO BLOCK C GND FLOOR
ip address 10.108.5.2 255.255.255.0
ip pim dense-mode
!
interface Vlan820
description NEHRU TO BLOCK C 1ST FLOOR
ip address 10.108.6.2 255.255.255.0
ip pim dense-mode
!
interface Vlan821
description NEHRU TO BLOCK C 2ND FLOOR
ip address 10.108.7.2 255.255.255.0
ip pim dense-mode
!
interface Vlan822
description NEHRU TO BLOCK D GND FLOOR
ip address 10.108.8.2 255.255.255.0
ip pim dense-mode
!
interface Vlan823
description NEHRU TO BLOCK D 2ND FLOOR
ip address 10.108.9.2 255.255.255.0
ip pim dense-mode
!
interface Vlan824
description NEHRU TO BLOCK D 1ST FLOOR
ip address 10.108.10.2 255.255.255.0
ip pim dense-mode
!
router ospf 109
network 10.108.0.0 0.0.255.255 area 108
network 10.200.0.0 0.0.255.255 area 0
!
ip classless

ip route 0.0.0.0 0.0.0.0 10.200.13.1 150

no ip http server
!
access-list 8 deny 144.16.192.1
access-list 8 permit any
!
!
line con 0
line vty 0 4
login
!
end

(B) PATEL+Zakir Hussain Hall Distribution Cisco Catalyst 6509 Switch:

Enter password:
patel-core> en
Enter password:
Enter password:
patel-core> (enable) sh config
..................
..................
.................
begin
!
!
!
#time: Wed Sep 9 2002, 20:08:29
!
#version 6.1(3)
!
!
DK: 40
!
set password $2$C6Z6$fZgFmnuHFcchsaWsOQXxH/
set enablepass $2$ge4N$yenql99eAru6gsajnw7el0
!
#errordetection
!
#!
#vtp
set vtp domain PATEL
set vlan 615 name PATEL_CORE1 type ethernet mtu 1500 said 100615 state active
set vlan 616 name PATEL_CORE2 type ethernet mtu 1500 said 100616 state active
set vlan 785 name PATEL_A_GND type ethernet mtu 1500 said 100785 state active
set vlan 786 name PATEL_B_GND type ethernet mtu 1500 said 100786 state active
set vlan 787 name PATEL_B_1ST type ethernet mtu 1500 said 100787 state active
set vlan 788 name PATEL_B_2ND type ethernet mtu 1500 said 100788 state active
set vlan 789 name PATEL_C_GND type ethernet mtu 1500 said 100789 state active
set vlan 790 name PATEL_C_1ST type ethernet mtu 1500 said 100790 state active
set vlan 791 name PATEL_C_2ND type ethernet mtu 1500 said 100791 state active

set vlan 792 name PATEL_D_GND type ethernet mtu 1500 said 100792 state active
set vlan 793 name PATEL_D_1ST type ethernet mtu 1500 said 100793 state active
set vlan 794 name PATEL_D_2ND type ethernet mtu 1500 said 100794 state active
set vlan 852 name PATEL_ZH1 type ethernet mtu 1500 said 100852 state active
e stp ieee
p ibm
set vlan 640-641
!
#ip
set interface sc0 1 10.200.1.109/255.255.255.0 10.200.1.255
set ip route 0.0.0.0/0.0.0.0 10.200.1.2

!
#dns
set ip dns server 10.128.2.2 primary
set ip dns enable
set ip dns domain net.iitkgp.ernet.in
!
#set boot command
!
!
!
set vlan 640 1/1
set trunk 1/2 on isl 1-1005,1025-4094
!
#module 2 empty
!
clear trunk 3/1 2-639,642-784,786-1005,1025-4094
set trunk 3/1 on isl 1,640-641,785
clear trunk 3/2 2-785,787-1005,1025-4094
clear trunk 3/3 2-786,788-1005,1025-4094
clear trunk 3/4 2-787,789-1005,1025-4094
clear trunk 3/5 2-788,790-1005,1025-4094


clear trunk 3/6 2-789,791-1005,1025-4094
clear trunk 3/7 2-790,792-1005,1025-4094
clear trunk 3/8 2-791,793-1005,1025-4094
clear trunk 3/9 2-792,794-1005,1025-4094
clear trunk 3/10 2-793,795-1005,1025-4094
clear trunk 3/11 2-851,857-1005,1025-4094
set trunk 3/11 on isl 1,852-856
clear trunk 3/12 2-851,857-1005,1025-4094
clear trunk 3/13 2-851,857-1005,1025-4094
clear trunk 3/14 2-851,857-1005,1025-4094
clear trunk 3/15 2-614,616-639,642-1005,1025-4094
set trunk 3/15 on isl 1,615,640-641
clear trunk 3/16 2-615,617-855,857-1005,1025-4094
set trunk 3/16 on isl 1,616,856
!
#module 4 empty
!
!
#module 6 empty
!
#module 7 empty
!
#module 8 empty
!
#module 9 empty
!
!
#module 16 empty
end
patel-core> (enable)
PATEL#
1w0d: %DHCPD-3-WRITE_ERROR: DHCP could not write bindings to
ftp://dhcp:address@
10.129.100.15/patel-dhcp.
PATEL#
PATEL#
PATEL#sh run


!
version 12.1
!
hostname PATEL
!
netbios name-cache cache-add-name
netbios name-cache name-len 16
!
ip subnet-zero
!
!
no ip finger
ip domain-list iitkgp.ernet.in.
ip domain-name patel.iitkgp.ernet.in
ip dhcp database ftp://dhcp:address@10.129.100.15/patel-dhcp write-delay 120
!
ip dhcp pool PATEL_A_GND
network 10.109.1.0 255.255.255.0
!
ip dhcp pool PATEL_B_GND
network 10.109.2.0 255.255.255.0
!
ip dhcp pool PATEL_B_1ST
network 10.109.3.0 255.255.255.0

!
ip dhcp pool PATEL_B_2ND
network 10.109.4.0 255.255.255.0
!
ip dhcp pool PATEL_C_GND+GND1
network 10.109.5.0 255.255.255.0
!
ip dhcp pool PATEL_C_1ST
network 10.109.6.0 255.255.255.0
!
ip dhcp pool PATEL_C_2ND+2ND1
network 10.109.7.0 255.255.255.0
!
ip dhcp pool PATEL_D_GND
network 10.109.8.0 255.255.255.0
!
ip dhcp pool PATEL_D_1ST
network 10.109.9.0 255.255.255.0
!
ip dhcp pool PATEL_D_2ND
network 10.109.10.0 255.255.255.0
!
ip dhcp pool PATEL
network 10.109.0.0 255.255.0.0
domain-name patel.iitkgp.ernet.in
dns-server 10.129.100.15 10.128.2.2 144.16.192.55
!
ip dhcp pool ZH_1_GND
network 10.114.1.0 255.255.255.0
!
network 10.114.2.0 255.255.255.0
!
network 10.114.3.0 255.255.255.0
!

network 10.114.4.0 255.255.255.0

!
network 10.114.5.0 255.255.255.0
!
ip dhcp pool patel
!
ip dhcp pool ZH
network 10.114.0.0 255.255.255.0
domain-name zh.iitkgp.ernet.in
dns-server 10.128.2.2 144.16.192.55
netbios-name-server 10.128.2.2
!
!
!
!
interface Vlan615
description PATEL TO CIC CORE1
ip address 10.200.15.2 255.255.255.0
ip pim dense-mode
!
interface Vlan616
description PATEL TO CIC CORE2
ip address 10.200.16.2 255.255.255.0
ip pim dense-mode
!
interface Vlan785
description PATEL TO BLOCK A GROUND FLOOR
ip address 10.109.1.2 255.255.255.0
ip pim dense-mode
!
interface Vlan786
description PATEL TO BLOCK B GROUND FLOOR
ip address 10.109.2.2 255.255.255.0
ip pim dense-mode
!
interface Vlan787
description PATEL TO BLOCK B 1ST FLOOR
ip address 10.109.3.2 255.255.255.0
ip pim dense-mode
!

interface Vlan788
description PATEL TO BLOCK B 2ND FLOOR
ip address 10.109.4.2 255.255.255.0
ip pim dense-mode
!
interface Vlan789
description PATEL TO BLOCK C GROUND FLOOR
ip address 10.109.5.2 255.255.255.0
ip pim dense-mode
!
interface Vlan790
description PATEL TO BLOCK C 1ST FLOOR
ip address 10.109.6.2 255.255.255.0
ip pim dense-mode
!
interface Vlan791
description PATEL TO BLOCK C 2ND FLOOR
ip address 10.109.7.2 255.255.255.0
ip pim dense-mode
!
interface Vlan792
description PATEL TO BLOCK D GND FLOOR
ip address 10.109.8.2 255.255.255.0
ip pim dense-mode
!
interface Vlan793
description PATEL TO BLOCK D 1ST FLOOR
ip address 10.109.9.2 255.255.255.0
ip pim dense-mode
!
interface Vlan794
description PATEL TO BLOCK D 2ND FLOOR
ip address 10.109.10.2 255.255.255.0
ip pim dense-mode
!
interface Vlan852
description PATEL TO ZH BLOCK 1 GROUND FLOOR
ip address 10.114.1.2 255.255.255.0
ip pim dense-mode
!
interface Vlan853

ip address 10.114.2.2 255.255.255.0

ip pim dense-mode
!
interface Vlan854
ip address 10.114.3.2 255.255.255.0
ip pim dense-mode
!
interface Vlan855
ip address 10.114.4.2 255.255.255.0
ip pim dense-mode
!
interface Vlan856
ip address 10.114.5.2 255.255.255.0
ip pim dense-mode
!
router ospf 109
summary-address 10.109.0.0 255.255.0.0
network 10.109.0.0 0.0.255.255 area 109
network 10.114.0.0 0.0.255.255 area 114
network 10.200.0.0 0.0.255.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.200.15.1 150
no ip http server
!
access-list 9 permit any
!
!
line con 0
line vty 0 4
login
!
end

18. Some Important feature of the Network
# Redundancy of Supervisor Engine.
# QoS Implementation.
# Cache-Engine Implementation.
# Redundancy of Supervisor Engine.
SUPERVISOR ENGINE REDUNDANCY REQUIREMENTS
For redundant operation, the following requirements must be met:
The active and standby supervisor engines must be in slots

1 & 2.
Each supervisor engine must have the resources to run the
switch on its own,which means all supervisor engine
resources are duplicated.In other words, each supervisor
engine has its own flash device and console port
connections.
Both supervisor engines must have the same system image.

SYNCHRONIZING THE SUPERVISOR ENGINES
1.Enter into session 15 of the switch.

2.Give Alternate ip addresses for each vlan which are specified in that module.
3.No interface should be shut down administratively.It should be made up by
giving a no shut command or it can be deleted if it does not have any use.
4.Go to config prompt.give the command "redundancy",under this "high-
availability" and under high availability give "config-sync".Then give wr m
to save.
5.Then go to session 16 and give the same set of commands as mentioned in
point no. 4.
6.After giving the above set of commands you can not make any changes in
session 16 from session 16 prompt.Whatever you change in session 15 it will
replicate the same thing in session 16.
7.Go to switch mode and give reset 1(primary supervisor engine).Then module
2 will automatically take over as primary.If module 1 comes up,it will remain
secondary till module 2 fails.Please remember module 1 corresponds to session
15 and module 2 to session 16.
TESTBED DIAGRAM REDUNDANCY IN CORE SWITCH
Supervisor Engine- 2 Supervisor Engine- 1

10.161.1.2 10.162.1.1
Vlan 721 Vlan 722
10.161.1.2 10.162.1.2
Vlan 712
10. 211.1.1
Distribution 2 Core Switch Distribution 1
Switchover from one to another Access

Supervisor engine takes only 2
min 45 seconds Ping 10.161.1.2 -t

# QoS Implementation.
G AT E W AY R O UTE R
S 0 - 2 03. 192 . 34 . 22 6 / 3 0
E1
61. 11. 237. 1/ 25 E 0 - 61. 11. 237. 254 / 30
M O DE M
E1 - 61. 11. 237. 253 / 30

D VB RE CE IVE R
61. 11. 237. 3 / 25
F IR EW ALL
10. 250. 1. 4 / 24
10. 250. 1. 2 / 24 Firew all Vlan
C OR E
10. 200. 10. 1

D ISTR IB UTION 1
10. 101. 0. 0 10. 200. 10. 2 D ISTR IB UTION 1
C OR E 10. 1. 0. 0
D IST 2
D IST n Policies are applied

10. 115. 0. 0
D IST n
10.50.0.0
HAL L N E TW OR K
10. 0. 0 . 0 / 10
10. 9 6. 0 . 0 / 255 . 22 4. 0 . 0
AC AD E M IC NE TW OR K
L in k U t iliz a t io n R e p o rt w h e n th e re is n o P o lic y

PO L IC Y IM PL EM EN TATIO N
Traffic policy im plem ented f or all traffic com ing to the
1/1 p ort of th e core sw itch w hich is conn ected to f irew all
V LA N
#qos
set qo s e nable
set qo s policer a ggregate qo s_te st rate 2000 burst 2000 drop
set qo s acl ip tcp_co nt d scp 0 aggregate qo s_te st tcp any a ny
co mmit qo s acl all
set port qos 1/1 vla n-ba sed
set qo s acl map tcp_co nt 650
Link Utilization Report when Policy is applied

Sha p ing is no t P o s s ib le w it h C a t O S
Student Internet Access Control Using The Time Range

time-range halltime

APPLICATION WISE BANDWIDTH DISTRIBUTION

# Cache-Engine Implementation.
I nternet
C o nte nt E n gine V la n C o n f
Int V la n 6 4 1
Ip : 1 0.1 29. 50. 2 F IREW
IR EW ALL
Ip r o ut e-
e - ca c h e sa m e-
e- F irew a ll V la n
int erfa c e
FIR E W AL L V L AN
CONF
Int V la n 6 5 0
IP : 1 0.2 5 0.1.4
Ip w cc p w eb-
eb -
o ut ca c h e r e d ir ect
SERV
VEE RFA
R FA R M F O UN D AT IO N C ORE
H all D ist
CDM D ifferen t H alls
C a ch e E ng in e C o n fig
H all Ac c es s
W ccp ro uter - lis t 1 1 0.1 2 9.5 0.2
W ccp w e b-
b - ca c h e ro ut er-
er - list
list-- nu m 1 C E - 507
W ccp ve rsio n 2
Content Delivery M anager
The Cisco CD M is the policy m an age r of t he learning net w ork. It

enables net w ork adm inistrators to configure b and w idth an d
distrib ution settin gs such that conte nt w ill not interfere w it h othe r
netw ork traffic.
Through a g rap hical W eb-brow ser-bas ed us er, the netw ork adm inist rator
can enab le content provide rs across the com pa ny to im port and distribute
rich lea rnin g or com m unications using the netw o rk setting s he ld by the
CDM .
The CDM en able s the adm inistrator to m o nitor the health of the e ntire
delivery netw ork, includ ing all th e Cisco Cont ent Eng ine s located at end -
user sites.

CISCO
CIS CO Content E ngine
Engine
The Cisco Content Engines st ream live or on-dem an d content to the

learn er's d esktop. T he learner sim ply logs on to a W eb pag e or
application s uch as a Learning M ana gem ent Syst em or Virtua l
Collaboration syst em an d acces ses all th e h igh-band w idth m edia ove r
the local-a rea netw o rk.
Cisco CEs w ork in conjunction with t he ex isting n etw ork infrast ructure
to localize traffic, rather tha n pull rich files over t he W AN . By
stream ing rich m edia locally, enterprises can no w delive r hig her-
bandw idth a nd su bseq uently high er-im pact inform ation to th e le arn er.
Content eng ine s can also b e used to cache static or stream ing W e b
content from sites such as Ya hoo.co m or CN N .com for better n etwork
perform a nce, and eve n to block or filte r nonprod uctive, nonbusines s
W eb sites fo r im proved p roductivity.
PERFORM ANCE CONSIDERATION OF H TTP CACH ING
Transactions per Seconds
Concurrent Connections
D isk Space

TRANSACTIONS PER SECONDS
It is referred to as requests/sec or URLs/sec. It is a m easure of the

num ber of new HTTP Transactions per second that a cache is capab le of
dealing with in a second. TPS is som etim e s m easured in term s of HTTP
requests p er second or in term s of m eg abits per second.
Mbit/sec = TPS * Average HTTP object size(bytes) * bits in a byt e(8)
---------------------------------------------------------------- ----
bits in a m egabit(1,000,00
egabit(1,000,000) 0)
Suppose tod ay on the internet w e observe an average object size o n the
internet of aro und 8.5 kbytes. If som e overhead is included for IP
packetization(IP headers), TCP fram ing(TCP headers) along with the the
HTTP headers associated w ith a request, we end up with an av erag e
around 10 kbytes, so we end up with every m egabit of HTTP traffic
traffic is
approxim ately eq ual to 10
1 0 TPS of sustained HTTP traffic.
CONCURRENT CONNECTIONS
The total number of Concurrent connections is the total no of HT TP

flows the CE can service at any single point in time. That is, how
how long it
takes to do wnload the average HTTP object.
Max concurrent connections Req = TPS * Avg HTTP flow hold time(s ec)
As an example, if the average http flow hold time is 3 seconds(typically
seconds(typically
what w e observe on the internet today), and we are servicing 150 TPS,
we end up with the CE servicing an average total of 450 concurrent
concurrent
connections at any point in time.
Max concurrent connections req = 150(TPS) * 3(sec/request)
= 450 concurrent connection
Generally speaking the maximum number of concurrent connections
that a CE supports is significantly higher than required.

DISK SPACE
In order to allo w a CE to function that is, cache content objects need
to spend some period of time in the CE. The minimum cache storag e
time should be around 24 hours, preferably up to 72 hours, to maximize
maximize
cache savings.
Cache Storag
Storagee required for 24 Hours =
Avg TPS * Avg Object size(bytes) * seconds in 24 hours * (1 -anticip ated
byte hit rate)
---------------------------------------------------------------- --------------------
Bytes in a gigabytes
W orking in the assumption that we are going to see a daily average average of
100 TPS (~10 mbit/sec)an average HTTP object size of 9.5 kbytes and
an anticipated cache hit ratio of 35% , we end up with
Cache Storag
Storagee req for 24 hours = 100*9500*86400*(1-
100*9500*86400*(1-0.35)
---------------------------------
1, 000, 000, 000
= 53. 352 gigabytes
So the min number of CE req for 24 hours caching = 7 (Hard disk
capacity of each CE is 8 G B).
Content Engine Home Page

Savings Statistics
Savings Statistics
Performance Statistics
Savings Statistics

DISK SPACE CONSUMED
In our case Avg TPS = 7*6 = 42

avg object size = 6046.7 bytes.
Cach e Storage required for 24 Hours =
42* 6046.7 * 86400* 0.65

---------------------------------------
1, 000, 000, 000
Savings Statistics
Savings Statistics
= 14.26 gigabytes
Performance Statistics Requests/Second
Savings Statistics
Savings Statistics

Performance Statistics Requests/Second
Savings Statistics
Savings Statistics
Content Engine As a Proxy Server
Savings Statistics
Savings Statistics

C on tent
ten t Engin e As a Pro xy Server
Proxy
Savings Statistics
Savings Statistics
U R L Filtering U sing W EB SEN SE
Savings Statistics
Savings Statistics

Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics

Savings Statistics
Savings Statistics
Savings Statistics
Savings Statistics

Caching Benefits
Optimizing the Storage

Lower Response Time
Increased Availability
Savings Statistics
Savings Statistics
WAN Bandwidth Saving

19. Network Components installed across the Network
(A) ACADEMIC AREA:
Sl. Equipment Name Description Quantity

No
1 Cisco Catalyst 6506 Switch Server Farm Switch 1
2 Cisco CDM 4650 Content Distribution Manager 1
3 Cisco IPTV IPTV Servers 3
4 Cisco Catalyst 6006 Switch Distribution Switch 2
5 Cisco 4006 Switch L2 Supervisor Engine 3
6 Cisco 2949 GL3 Switch L3 Switch installed at major 10
depts.
7 Cisco 3524 XL-EN Switch L2 Switch with L3 Functionality 27
8 Cisco 3524 PWR-XL Switch Above with IP telephony feature 10
9 Cisco 2924 MXL Switch L2 Switch with Fiber Port 30
10 Cisco 2924 XL-EN Switch L2 Switch with L3 Functionality 30
w/o Fiber Port
11 Cisco 1924 Switch Access Switch 80
(B) HOSTEL/FOUNDATION AREA:

No
1 Cisco Catalyst 6509 Switch Hostel Distribution Switch 14
2 Cisco CE-507 AV-CDN Content Engine 14
3 Cisco 3524 PWR-XL Switch Access Switch 163
4 Cisco 3512 PWR-XL Switch Access Switch 8
(C) CENTRAL NETWORK ROOM:

No
1 Cisco Catalyst 6509 Switch Core Switch 3
2 Cisco Catalyst 6506 Switch Departmental Distribution Switch 1
3 Cisco 7500 Router Thaicom Gateway Router 1
4 Cisco 5509 Switch/Router VSNL Router 1
5 Cisco PIX 525 Firewall with failover 1
6 Cisco CE - 590 Cache Engine 1
7 DVB Receiver Thaicom Rx Path 1
8 Radyne Modem (SCPC) Thaicom Tx Path 1

20. Appreciation Letter and Signoff from IIT-Kharagpur.
(A) Network Signoff from IIT-Academic

(B) Appreciation Letter form IIT-Foundation


21. GLOSSARY
1. Data Sheet
Cisco Catalyst 6500 Series
Overview
The Cisco Catalyst 6500 Series delivers secure, converged services from the wiring closet to the
WAN edge. Providing scalable intelligent multilayer switching performance for both enterprise and
service provider networks, the Cisco Catalyst 6500 Series supports 48 to 576 10/100 Ethernet port
configurations, delivering 210 million packets-per-second throughput across network cores and
multiple gigabit-per-second trunks. Designed to maximize network uptime and investment
protection, the Cisco Catalyst 6500 Series supports an unparalleled range of services, including data
and voice integration and LAN, WAN, and, metropolitan-area network (MAN) convergence.
Operational consistency is achieved by sharing a common set of modules (Cisco Catalyst 6500 Series
modules and Cisco 7600 Series WAN port adapters), the Cisco Catalyst Operating System (CatOS),
and Cisco IOS Software, including the command-line interface (CLI) and network management
tools, across four modular chassis that can be deployed anywhere in the network. By integrating
advanced multigigabit Layer 2-7 services such as security and content into a converged network, the
Cisco Catalyst 6500 Series optimizes IT infrastructure utilization and maximizes return on
investment. Together with the Cisco Catalyst 4500, 3550, and 2950 series switches, Cisco Systems
delivers the widest range of intelligent switching solutions, enabling multimedia, mission-critical data
and voice applications in both corporate intranets and the Internet end to end (refer to Figure 1).
Figure 1: The Cisco Catalyst 6500 Series
WS-6503, WS-C6506, WS-C6509, WS-C6509-NEBS, and WS-C6513
The Cisco Catalyst 6500 Series delivers exceptional scalability, price, and performance, supporting a
wide range of interface densities, performance, and high-availability options, including:
Flexible 3-, 6-, 9-, and 13-slot chassis configurations that allow one platform to be deployed
in wiring closet, core, data center, and WAN edge
Fast 2-3 second stateful failover of redundant supervisors and integrated services
Scalable high-performance switching fabric and forwarding engine architecture currently

delivering up to 210 Mpps
Interface options from 10 Mbps to 10 Gbps Ethernet and DS0 to OC-48 WAN interfaces as
well as integrated services modules
Advanced wire-rate quality-of-service (QoS) and access-control-list (ACL) policy management

Feature-rich CatOS and Cisco IOS Software choices supported on all supervisor forwarding
engines
Common CLI with Cisco Catalyst 5000/5500 Series for operational consistency and easy
migration
Industry's highest-performance Layer 4-7 content switching capabilities, including integrated

server load balancing with 200,000 concurrent connections per second
Integrated multigigabit network security (firewall, intrusion detection, Secure Sockets Layer
[SSL], and virtual private network [VPN]) and network analysis modules (NAMs)
User-upgradable IP telephony support for up to 576 ports with high-density public switched
telephone network (PSTN) or private branch exchange (PBX) gateway (8 T1 or E1s per
module) and traditional phone or fax support (24 foreign exchange station [FXS] ports per
module) for maximum investment protection
As a key component of Cisco AVVID (Architecture for Voice, Video and Integrated Data), the Cisco
Catalyst 6500 Series provides unprecedented business agility by enabling the enterprise to rapidly
deploy new Internet business applications in order to boost revenue and reduce operational costs.
Network policy can be applied end to end based on Layer 2, 3, and 4 information such as specific
users, IP addresses, or applications. Coupled with application intelligence, QoS mechanisms, and
security, customers can more effectively use their network for increased client services such as
multicast and workforce optimization, e-commerce, e-learning, as well as more cost-effective
corporate communication and supply-chain management applications without sacrificing network
performance.
The Cisco Catalyst 6500 Series provides a powerful e-commerce solution by combining these
capabilities with the integrated multigigabit SSL services module and the industry's highest-
performance content switching module. Secure Hypertext Transfer Protocol (HTTPS) content
requests are secured by offloading the SSL processing from Web servers to the Cisco Catalyst 6500
Series SSL service module and load balanced across multiple servers via the content switching
module, allowing the servers to handle peak traffic demands without degrading the user experience.
Table 1 lists the features of the Cisco Catalyst 6500 Series.
2. Data Sheet
Catalyst 6000 Family Gigabit Ethernet Modules
Overview
The Catalyst 6500 and 6000 Series meet the demands of today's most demanding and fast-
growing enterprise and service-provider networks with high-performance gigabit ethernet switching
modules. Available in 8- or 16-port versions, the Catalyst 6500 Series and 6000 Series Gigabit
Ethernet switching modules are ideal for deployment in gigabit backbone and server-farm
configurations or for aggregation of high-density 10/100-megabits per second (mbps) wiring closets.
Up to eight gigabit ethernet modules can be added to a single nine-slot catalyst 6000 family, for a
maximum of 130 gigabit ports per platform.
Product Description
Gigabit Ethernet Modules for the Catalyst 6000 Family
The Catalyst 6000 family, consisting of the Catalyst 6000 series and 6500 series, delivers a scalable,
industry-leading Gigabit Ethernet solution for today's growing enterprise and service-provider
networks. The Catalyst 6000 series delivers 32 Gigabits per second (Gbps) of backplane bandwidth,
while the Catalyst 6500 series is scalable to 256 Gbps. The Catalyst 6000 family 8- and 16-port
Gigabit Ethernet modules are IEEE standards compliant and support full-duplex operation. The

Catalyst 6000 family provides industry leading port density of up to 194 Gigabit ports in a 13-slot
chassis,
The 8-port modules (WS-X6408-GBIC, WS-X6408A-GBIC) can be configured with shortwave

(SX), longwave/long-haul (LX/LH), and extended-range (ZX) gigabit interface converters (GBICs). All
Gigabit Ethernet ports on these modules have SC-type connectors for multimode fiber (MMF) or
single-mode fiber (SMF).
Designed for a wide range of Gigabit Ethernet applications, the 16-port Gigabit Ethernet modules are
available in a variety of interfaces: small form factor MT-RJ connectors, SX, LX/LH, and ZX GBICs,
and RJ-45 connectors for Category 5 copper cabling.
Figure 1: 16-Port 10/100/1000 BASE-T Module (WS-X6516-GE-TX)
Figure 2: 16-Port GBIC-based Gigabit Ethernet Module (WS-X6416-GBIC)
Figure 3: 16-Port RJ-45 Gigabit Ethernet Module (WS-X6316-GE-TX)
Figure 4: 16-Port MT-RJ Gigabit Ethernet Module (WS-X6416-GE-MT)
Switch Fabric-Enabled Modules for the Catalyst 6500 Series

The Catalyst 6500 series is scalable to 256 Gbps of switching bandwidth using a cross-bar switching
fabric architecture. New fabric-enabled Gigabit Ethernet modules support the 256-Gbps platform,
delivering a new level of system performance for gigabit switching. Up to 176 fabric-enabled Gigabit
Ethernet ports can be supported in a single 13-slot chassis.
Designed to meet the growing demand of gigabit switching applications in both the enterprise and
service-provider networks, a wide range of 16-port fabric-enabled Gigabit Ethernet modules are
available for the Catalyst 6500 series 256-Gbps platform. These fabric-enabled gigabit modules come
with either a single or dual interfaces to the switching fabric with centralized or distributed

forwarding capabilities, providing excellent scalability and performance. These fabric-enabled gigabit
modules all support the GBIC interfaces (SX, LX/LH, and ZX), or Category 5 RJ-45 copper interfaces
providing further flexibility in system design.
The Catalyst 6500 series 256-Gbps platform supports hardware-based Cisco Express Forwarding
(CEF), as well as distributed CEF for maximum control-plane and forwarding performance. This is
ideally suited for gigabit switching applications such as e-commerce, Web hosting, and content
delivery in enterprise and service-provider networks. All fabric-enabled Gigabit Ethernet modules can
support distributed forwarding. For those modules utilizing centralized forwarding, the distributed-
forwarding capabilities can be added later via a daughter-card field upgrade, providing maximum
system flexibility and scalability.
Figure 5: 16-port Fabric-Enabled GBIC-based Gigabit Ethernet Module, Single Fabric

Interface (WS-X6516-GBIC)
Figure 6: Distributed Forwarding Daughter Card (WS-F6K-DFC)
Figure 7: 16-port Fabric-Enabled GBIC-based Gigabit Ethernet Module with Distributed

Forwarding Dual Fabric Interfaces (WS-X6816-GBIC

3. Data Sheet
Switch Fabric Module
Overview
The Cisco Catalyst 6500 Series switch fabric modules, including the new Switch Fabric Module 2
(WS-X6500-SFM2) and the Switch Fabric Module (WS-C6500-SFM), in combination with the
Supervisor Engine 2, deliver an increase in available system bandwidth from the existing 32Gbps to
256 Gbps. This significant increase in available bandwidth ensures that the Cisco Catalyst 6500
Series continues to deliver not only best-in-class bandwidth, but also the performance and advanced
services required for today's most advanced networks.
Both the Switch Fabric Module 2 and the Switch Fabric Module provide frameworks for delivering
high-bandwidth architecture. These switch fabric modules are key enablers for the optional
distributed forwarding architecture that facilitates convergence of high traffic volumes at different
parts of the network. The Switch Fabric Module 2 and the Switch Fabric Module enable a new
architecture that allows 30 Mpps of Cisco Express Forwarding (CEF)-based central forwarding
performance on Supervisor Engine 2 and up to 210 Mpps of distributed forwarding performance. The
higher bandwidth and performance enabled by the switch fabric modules, coupled with advanced
services such as quality of service (QoS) and security in hardware via access control lists (ACLs),
make the Cisco Catalyst 6500 Series the premier platform for service providers and enterprises (see
Figure 1 and Figure 2.).
Figure 1: Switch Fabric Module2
Figure 2: Switch Fabric Module1
Key Features and Benefits

Computer networks have evolved into mission-critical resources that span a wide variety of
industries and geographic distances. Networks are now a tool for supporting critical applications such
as supply chain management, training, HR activities, and e-commerce. These usage trends have led
to the evolution of networks to span greater distances-to interconnect functions within the same
organization, partners, and customers. As distance requirements have grown, the Catalyst 6500
Series continues to increase its value by providing support for advanced network services and local-
area network (LAN), metropolitan-area network (MAN), and wide-area network (WAN) interfaces in
a variety of configurations.

As networks continue to provision higher bandwidth applications, the Catalyst 6500 Series maximizes
scalability by enabling enhanced services without compromising performance. The switch fabric
modules utilize a crossbar architecture to deliver 256-Gbps total capacity with a high-speed point-to-
point connection to each line card. This provides a mechanism to forward packets between all point-
to-point connections between the slots simultaneously. Many ports can thus be simultaneously
transmitting and receiving data providing much higher aggregate throughput (see Figure 3).
Figure 3: Connection between Crossbar Fabrics and Linecards in a

Redundant Configuration
The new Switch Fabric Module 2 (WS-X6500-SFM2) is supported in all Catalyst 6500 Series products,
while the Switch Fabric Module (WS-C6500-SFM) is supported in the Catalyst 6506 and Catalyst
6509. The new Switch Fabric Module 2 can be used in slots 7 or 8 in the Catalyst 6513. The new
Switch Fabric Module 2 and the Switch Fabric Module can be used in either slot 5 or 6 in the Catalyst
6506 and Catalyst 6509.
High Availability
Two switch fabric modules can be configured in a system for high availability. When installed in a
redundant configuration, failover time between fabrics is a few seconds and the full system
bandwidth of 256 Gbps remains available even following the failure of the active switch fabric
module. This minimizes the impact of outages to preserve high availability of mission-critical
applications in different network environments. In a single switch fabric module configuration with
modules supporting both bus and fabric interfaces, the system can fail over to the 32-Gbps
backplane bus if the switch fabric module fails, providing a highly available platform to host mission-
critical applications.
Scalable Performance
When populated with a switch fabric module, a Supervisor Engine 2 with Multilayer Switch Feature
Card (MSFC) 2, and fabric-enabled line cards, a Catalyst 6500 chassis can perform centralized Layer
2 and Layer 3 switching at 30 Mpps. When equipped with a Distributed Forwarding Card (DFC), each
fabric-enabled card can perform localized switching and increases total system performance up to
210 Mpps. This allows the Catalyst 6500 Series to significantly scale performance while continuing to
enable a host of advanced network services. This industry-leading performance, combined with the
host of advanced network services and wide array of interfaces to support LAN/MAN/WAN
connectivity, enables the Catalyst 6500 Series to deliver premier end-to-end solutions for large-scale
enterprise and service provider applications.(Traffic Flow between Two Fabric-Enabled Cards
Intelligent Services
Growing emphasis and reliance by enterprises upon high-bandwidth applications such as streaming
data, audio and video has led to an increase in multicast traffic. As high-bandwidth access to homes
becomes universal, there will also be an increasing demand for video streaming applications hosted
by service providers. This makes it imperative that networking equipment for both service providers
and enterprises incorporates features to forward multicast traffic at wire rate. The switch fabric
modules incorporate built-in capabilities to handle multicast in an optimal fashion.
The switch fabric modules use highly efficient packet forwarding for unicast, broadcast, and
multicast traffic. The switch fabric modules use a 3X overspeed architecture to handle
multidestination traffic. This architecture, coupled with multicast replication performed in hardware
on the Supervisor Engine and distributed switching line cards, allows service providers and

enterprises to deploy high-bandwidth interactive and broadcast video applications without any
performance penalty.
Flexible Migration Options
Investment Protection
The switch fabric modules offer full investment protection to existing customers by providing a
migration path that allows a gradual transition to the new architecture. All existing line cards can be
inserted in the same chassis as the switch fabric module, allowing customers to gain increased
benefits of the new architecture while using existing cards. This compatibility enables customers to
continue to use the diverse interface types offered in the current solution and begin to deploy the
new fabric-enabled cards for performance enhancement through distributed forwarding and
increased bandwidth.
Low Cost of Ownership

The switch fabric modules facilitate a scalable, high performance, and intelligent network
architecture that allows line cards to be intermixed in Catalyst 6500 Series systems to provide
maximum investment protection while reducing the total cost of ownership to the customer.
4. Data Sheet
Distributed Forwarding Card for the Catalyst 6500
The distributed forwarding card (DFC) for the Catalyst 6500 series delivers high-speed
distributed services and forwarding for deployment in data-center backbones and
server-farm aggregation. The DFC complements the centralized forwarding of the
Catalyst 6500 Supervisor Engine 2 by distributing the centralized forwarding intelligence
down to each DFC-enabled line-card module. This provides localized forwarding and
service decisions on each line card and accelerates the forwarding performance of the
Catalyst 6500 series to 100+ Mpps. (See Figure 1.)
Figure 1: Distributed Forwarding Card (Cisco WSFSK-DFC Daughter Card 32284-12)
Key Benefits
Scalable Performance for Service Providers and Enterprises
The DFC works in conjunction with the Switch Fabric Module, Supervisor Engine 2 with Multilayer
Switch Feature Card (MSFC) 2, and fabric-enabled cards (cards with a connection to the Switch
Fabric Module) to provide a framework for distributed Cisco Express Forwarding (CEF)-based

forwarding architecture. It is required to run supervisor IOS to support distributed forwarding as it is

not supported via Catalyst OS. While classic line cards cannot directly participate in distributed
forwarding, CEF capabilities can still be utilized based on the centralized capabilities offered by
Supervisor Engine 2.
Although CEF is a Layer 3 forwarding mechanism, the Catalyst 6500 series solution also uses a
similar centralized and distributed mechanism for Layer 2 forwarding. This card is available as a
field-upgradable option on most of the new fabric-enabled line cards if one is not already installed.
Please refer to the Data Sheet for Gigabit Ethernet Cards on the Catalyst 6000 page:
http://www.cisco.com/go/6000.
CEF is a scalable, distributed, Layer 3 mechanism that allows the Catalyst 6000 family to meet the
dynamic requirements of service-provider and enterprise networks. This technology first evolved to
accommodate a large number of short-duration flows resulting from Web-based and interactive
applications. Service providers and large enterprises tend to have a large number of flows due to
Web-hosting and e-commerce applications, and they are the biggest beneficiaries of this technology.
In a traditional flow-based system, a cache is created using the routing table when the first packet
of the flow arrives. All subsequent packets in the flow use the cached entry. This is an efficient
mechanism when network conditions are relatively static, and when many different flows are
destined for the same destination. The cached entries are kept current as they are aged out or when
network topology changes occur.
Scalable Control-Plane Performance

In a dynamically changing environment, as is prevalent on the Internet, a CEF or Forwarding
Information Base (FIB)-based mechanism is best used to avoid a continuous cache churn. The FIB
table essentially mirrors the routing table and eliminates the need to maintain a cache table except
for accounting purposes. This mechanism is also inherently less CPU intensive than a cache-based
mechanism. In a distributed CEF (dCEF) environment, as implemented in Catalyst 6000 family, a
copy of the FIB is downloaded to each card, thereby allowing the switching performance of the
switch to scale to over 100 Mpps. Pushing forwarding decisions to each line card also relieves the
MSFC2 of any switching decisions, leaving the CPU free to perform routing functions, management,
network services, and so on.
The DFC replicates Layer 2 and 3 forwarding logic in hardware as well as a bus on each line card; it
is capable of a minimum of 15 Mpps of local switching. On a line card with a single serial connection
to the fabric, packets switched between two ports will be directly forwarded via the local forwarding
logic. On a line card with dual channel connections to the fabric, traffic between two ports would
either be locally switched or transmitted across the fabric using local forwarding logic but it will
never have to be centrally switched via the supervisor. Line cards that are DFC enabled are capable
of making forwarding decisions locally. This enables traffic flows to occur in parallel between line
cards, without being limited by centralized forwarding scalability. If there is a mixture of classic and
new fabric-enabled line cards in the system, the frame will be switched centrally by the supervisor if
there is a flow between classic and fabric-enabled cards. But, if the flow is between two fabric-
enabled cards with distributed forwarding, even when there is a classic card in the chassis, the
packet will be directly switched between cards without going through the supervisor. This card is an
essential component in enhancing scalability of the Catalyst 6000 family because, with each
individual card performing local switching, the total forwarding performance of the switch reaches
100 Mpps.
Distributed Intelligent Network Services

The central FIB is downloaded to each line card equipped with a DFC, allowing switching decisions to
be fully distributed (See Figure 2). The DFC maintains the most recent FIB and adjacency tables for
Layer 2 and 3 forwarding. In a dynamic routing environment, like a service-provider backbone, the
routing changes are automatically downloaded to each card, thereby providing accurate routing. It
also contains the logic to perform enhanced security services in hardware, so there is no
performance penalty for using features such as policy-based routing (PBR), extended and reflexive
access control lists (ACLs), unicast Reverse Path Forwarding (RPF), and transmission control protocol

(TCP) intercept. This is especially useful in e-commerce and Web-hosting applications where security
and protection of servers and Web content is a key concern.
Figure 2: Local Forwarding via Distributed Forwarding Card
An MSFC2 is essential for creating the central FIB and hence must be configured in the chassis to
enable CEF as well as distributed forwarding.Because a replica of the central FIB must be
downloaded onto the line card, it offers the same DRAM options as the MSFC2. The DFC ships with
128 MB of DRAM and offers 256- and 512-MB upgrade options. The DRAM option required on DFC
will be dependent upon the route table size amount of DRAM on the MSFC2 to ensure that the local
line card is able to store the entire FIB located on Supervisor Engine 2. A failure to synchronize all
FIBs would lead to conflicting forwarding information and may lead to problems. The memory
requirements for the FIB are listed in table below:
Table 1 Memory Requirements
Product Route Table Size Route Table SizeFLM: Route Table SizeFLM:
FLM1 50K VLSM2: 32 150 KVLSM: 64K 250KVLSM: 150K
K
Supervisor 128MB 256MB 512MB

Engine 2
MSFC2 128MB 256MB 512MB
DFC 128MB 128MB 256MB
Even though this distributed FIB mechanism does not require a cache to forward packets, a NetFlow
table is still created and maintained for accounting purposes. Each line card will have a NetFlow
table that can be exported as flows are aged out. Service-provider networks often utilize the NetFlow
Data Export mechanism to keep track of the customer packet flows for billing and accounting
purposes. In addition to providing performance scalability, DFC also helps scale control-plane

performance because, instead of cache maintenance, CPU cycles can now be used for routing and
enhanced services, intelligent services like IOS-Server Load balancing (IOS-SLB) and management.
Investment Protection
The DFC also provides full investment protection by giving customers the option to install this
feature card as a field-replaceable unit in most cases. This also offers modularity in price because
customers do not need to upgrade if the functionality is not required. The Catalyst 6500 series
continues to offer full support for not only the new fabric-enabled line cards, but also the classic line
cards, and line cards equipped with the DFC. These line cards may be intermixed within a single
chassis to provide maximum flexibility and investment protection.
Line-Card Support
Line cards currently supporting distributed forwarding via this card are listed below:
Table 2 Distributed Forwarding Capable Line Cards
Switch Switch Fabric Distributed Local Switching

Fabric Interface Forwarding Performance
Enabled
WS- Yes Single serial Yes, with DFC as an 15 Mpps

X6516- channel to the orderable option
GBIC switch fabric
WS- Yes Dual Serial Yes 24 Mpps

X6816- Channel to the
GBIC switch fabric
Software Requirements
A DFC is only supported in the Supervisor IOS mode and is not supported in Catalyst OS. To enable
distributed forwarded an MSFC2 and Supervisor IOS are both required. The software version
required to support distributed forwarding is listed below:
Supervisor IOS Version 12.1(5) E
5. Data Sheet
Catalyst 6000 Intrusion Detection System Module
Internet and E-businesses are forcing organizations into an era of open and trusted communications.
This openness at the same time, brings its share of vulnerabilities and problems, pushing both
enterprises and service providers to take steps to guard their valuable data from intruders, hackers,
and insiders. At the same time, demand for higher network performance is driving the migration of
traditionally shared networks to switched networks. As we start deploying more and more content
aware services in the switched infrastructure, the need for security and intrusion detection is greater
than ever to ensure reliability for Internet commerce and Web applications. With most of the
Intrusion Detection System (IDS) products on the market today, devices must be placed on the
Switched Port Analyzer (SPAN) port to monitor network traffic. Although the SPAN port can provide
access to network traffic, it does have certain limitations (for example, limited number of SPAN
sessions, trunked traffic). The Catalyst 6000 IDS module is designed specifically to address

switched environments by integrating the IDS functionality directly into the switch and taking traffic
right off the switch backplane, thus bringing both switching and security functionality into the same
chassis.
Figure 1: Catalyst 6000 Intrusion Detection System Module
Organizations continue to deploy firewalls as their central gatekeepers to prevent unauthorized users
from entering their networks. However, network security is in many ways similar to physical security
in that no one technology serves all needsrather, a layered defense provides the best results.
Organizations are increasingly looking to additional security technologies to counter risk and
vulnerability that firewalls alone cannot address. Intrusion detection systems provide around-the-
clock network surveillance. They analyze the packet data streams within the network, searching for
unauthorized activity, such as attacks by hackers, enabling users to respond immediately to security
breaches. Using a physical analogy, IDS systems are equivalent to video cameras and motion
sensors; they detect unauthorized or suspicious activity.
Cisco Systems, the worldwide leader in networking for the Internet, addresses the need for intrusion
detection in switched local-area network (LANs) with an integrated solution with the IDS module, in
addition to the complete family of Cisco Secure IDS appliance sensors, for its award-winning, high-
performance Catalyst 6000 switch series. The IDS module allows security and network
administrators to monitor network traffic right off the switch backplane rather than using external
IDS sensors connected to a switch SPAN port. This allows more granular access to the network
traffic and overcomes some of the limitations that external IDS sensors connected to SPAN ports
have.
Similar to how the Cisco Secure IDS appliance sensors operate, the IDS module detects
unauthorized activity traversing the network, such as attacks by hackers, and will send alarms to a
management console with details of the detected event. The security or network administrator
specifies the network traffic that must be inspected by the IDS module using the Catalyst OS virtual
LAN (VLAN) access control list (ACL) capture feature or SPAN functionality, allowing for very granular
traffic monitoring. In addition, the IDS module can be managed and monitored by the same
management console as the Cisco Secure IDS sensors, allowing customers to deploy both appliance
sensors and the IDS module to monitor critical subnets throughout their enterprise network.
Application
Intrusion Detection has become the fundamental enabling requirement for the successful content
networking and web hosting architecture. The IDS module is designed specifically to provide security
and network administrators the flexibility to monitor traffic flowing through their Catalyst 6000 family
switches throughout the network. The IDS module can help identify the denial of service attacks
including the distributed denial of service attacks (DDos).

Figure 2: Catalyst 6500 W/IDS Module
With the widest range of attack recognition, IDS module provides best of the breed real time
intrusion detection solution available in the industry today. Because of the type and volume of traffic
at the network core, the IDS module is most effective in the distribution and access layers of the
network.
Key Features and Benefits

The IDS module can be deployed in any Catalyst 6000 family chassis; it offers the following benefits:
Part of a Cisco end-to-end solutionThe IDS module is a necessary component to an

effective, defense-in-depth security strategy to complement other deployed security
mechanisms (for example, firewalls, encryption, and authentication).
Integrated solutionThis IDS module is completely integrated within the Catalyst 6000,
occupying a single slot. This is particularly suited for deployments where rack space is at a
premium. The IDS is also fully integrated into the Cisco Secure IDS management
infrastructure for operational consistency and support.
Transparent operationThe IDS module does not impact switch performance. It is a passive
monitoring module that inspects copies of packets and is not in the switch-forwarding path.
Investment protectionWith the addition of the IDS module card to its portfolio, Cisco
continues to demonstrate investment protection in its switched infrastructure. The IDS
module enables customers to perform both security monitoring and switching functions
within the same chassis.
Real-time intrusion detectionThe IDS module provides real-time, around-the-clock network

surveillance. Designed to address the increased requirements for security visibility, denial-of-
service protection, antihacking detection, and e-commerce business defenses, the IDS
module monitors network traffic off the switch backplane and alarms on malicious or
unauthorized activity.
Comprehensive attack recognition/signature coverage The IDS module detects a wide

range of attacks, and the signature engine on the IDS module can be easily updated with
new "hacker signatures" without any impact on the switch. The IDS module engine also
includes sophisticated IP fragmentation reassembly intelligence.

Ability to monitor multiple VLANs simultaneouslyThe IDS module can monitor traffic on
multiple VLANs simultaneously (both ISL and 802.1q encoded) using either the VLAN ACL
capture feature or SPAN functionality. The capability overcomes some of the traditional
limitations of operating IDSs in switched environments.
Low cost of ownershipThe IDS module is simple to install, configure, and maintain. Because
it is completely interoperable with other Cisco Secure IDS devices and management
consoles, the IDS module is simply an extension of the classic switching environment and
security operations framework.
Performance Summary
Monitor 100 Mbps of traffic
Approximately 47,000 packets per second, with a new flow arrival rate of 1000 per second
Catalyst Switch Platform Requirements
Requires Catalyst Operating System Version 6.1(1) or higher (not supported in native Cisco
IOS software)
Policy feature card (PFC) required for VLAN ACL "capture" functionality
Compatible with both Supervisor 1A and Supervisor 2 engines
Not compatible with the crossbar switch fabric
Compatible with both multilayer switch feature card (MSFC) and MSFC2, but not required
IDS Management Platforms (Required)
Cisco Secure Policy Manager (CSPM) v2.2 and higher, or
Cisco Secure Intrusion Detection Director
6. Configuring Catalyst 6509 Switch as DHCP Server
Configuring DHCP
This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP). For a
complete description of the DHCP commands listed in this chapter, refer to the "DHCP Commands"
chapter of the Cisco IOS IP and IP Routing Command Reference publication. To locate
documentation of other commands that appear in this chapter, use the command reference master
index or search online.
As explained in RFC 2131, Dynamic Host Configuration Protocol, DHCP provides configuration
parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-
specific configuration parameters from a DHCP server to a host and a mechanism for allocating
network addresses to hosts. DHCP is built on a client/server model, where designated DHCP server
hosts allocate network addresses and deliver configuration parameters to dynamically configured
hosts.
DHCP supports three mechanisms for IP address allocation:

Automatic allocationDHCP assigns a permanent IP address to a client.
Dynamic allocationDHCP assigns an IP address to a client for a limited period of time (or
until the client explicitly relinquishes the address).
Manual allocationThe network administrator assigns an IP address to a client and DHCP is

used simply to convey the assigned address to the client.
The format of DHCP messages is based on the format of Bootstrap Protocol (BOOTP) messages,
which ensures support for BOOTP relay agent functionality and interoperability between BOOTP
clients and DHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on
each physical network segment. BOOTP is explained in RFC 951, Bootstrap Protocol (BOOTP), and
RFC 1542, Clarifications and Extensions for the Bootstrap Protocol.
DHCP Server Overview
The Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages
IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP
server cannot satisfy a DHCP request from its own database, it can forward the request to one or
more secondary DHCP servers defined by the network administrator.
Figure 14 shows the basic steps that occur when a DHCP client requests an IP address from a DHCP
server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCP
server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a
domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message.
Figure 14: DHCP Request for an IP Address from a DHCP Server
Note A DHCP client may receive offers from multiple DHCP servers and can accept any one of
the offers; however, the client usually accepts the first offer it receives. Additionally, the offer
from the DHCP server is not a guarantee that the IP address will be allocated to the client;
however, the server usually reserves the address until the client has had a chance to formally
request the address.
The client returns a formal request for the offered IP address to the DHCP server in a
DHCPREQUEST broadcast message. The DHCP server confirms that the IP address has been
allocated to the client by returning a DHCPACK unicast message to the client.
Note The formal request for the offered IP address (the DHCPREQUEST message) that is sent
by the client is broadcast so that all other DHCP servers that received the DHCPDISCOVER
broadcast message from the client can reclaim the IP addresses that they offered to the client.
If the configuration parameters sent to the client in the DHCPOFFER unicast message by the
DHCP server are invalid (a misconfiguration error exists), the client returns a DHCPDECLINE
broadcast message to the DHCP server.
The DHCP server will send to the client a DHCPNAK denial broadcast message, which means the
offered configuration parameters have not been assigned, if an error has occurred during the
negotiation of the parameters or the client has been slow in responding to the DHCPOFFER
message (the DHCP server assigned the parameters to another client) of the DHCP server.

The Cisco IOS DHCP server feature offers the following benefits:
Reduced Internet access costs
Using automatic IP address assignment at each remote site substantially reduces Internet
access costs. Static IP addresses are considerably more expensive to purchase than are
automatically allocated IP addresses.
Reduced client configuration tasks and costs
Because DHCP is easy to configure, it minimizes operational overhead and costs associated
with device configuration tasks and eases deployment by nontechnical users.
Centralized management
Because the DHCP server maintains configurations for several subnets, an administrator only
needs to update a single, central server when configuration parameters change.
Before you configure the Cisco IOS DHCP server feature, complete the following tasks:
Identify an external File Transport Protocol (FTP), Trivial File Transfer Protocol (TFTP), or
remote copy protocol (rcp) server that you will use to store the DHCP bindings database.
Identify the IP addresses that you will enable the DHCP server to assign, and the IP
addresses that you will exclude.
Identify DHCP options for devices where necessary, including:
o Default boot image name
o Default router(s)
o Domain Name System (DNS) server(s)
o NetBIOS name server
Decide on a NetBIOS node type (b, p, m, or h).
Decide on a DNS domain name.
DHCP Configuration Task List

The DHCP server database is organized as a tree. The root of the tree is the address pool for natural
networks, branches are subnetwork address pools, and leaves are manual bindings to clients.
Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore,
common parameters, for example the domain name, should be configured at the highest (network
or subnetwork) level of the tree.
Note Inherited parameters can be overridden. For example, if a parameter is defined in both
the natural network and a subnetwork, the definition of the subnetwork is used.
Address leases are not inherited. If a lease is not specified for an IP address, by default, the
DHCP server assigns a one-day lease for the address.
To configure the Cisco IOS DHCP server feature, first configure a database agent or disable conflict
logging, then configure IP addresses that the DHCP server should not assign (excluded addresses)

and should assign (a pool of available IP addresses) to requesting clients. These configuration tasks
are explained in the following sections. Each task in the following list is identified as required or
optional.
Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging (Required)
Excluding IP Addresses (Required)
Configuring a DHCP Address Pool (Required)
Configuring Manual Bindings (Optional)
Configuring a DHCP Server Boot File (Optional)
Configuring the Number of Ping Packets (Optional)
Configuring the Timeout Value for Ping Packets (Optional)
Enabling the Cisco IOS DHCP Server and Relay Agent Features (Optional)
Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging
A DHCP database agent is any host, for example, an FTP, TFTP, or RCP server that stores the DHCP
bindings database. You can configure multiple DHCP database agents and you can configure the
interval between database updates and transfers for each agent. To configure a database agent and
database agent parameters, use the following command in global configuration mode:
Command Purpose
Router(config)# ip Configures the database agent and the interval between

database updates and database transfers.
dhcp database url
[timeout seconds | write-delay
seconds]
If you choose not to configure a DHCP database agent, disable the recording of DHCP address
conflicts on the DHCP server. To disable DHCP address conflict logging, use the following command
in global configuration mode:
Command Purpose
Router(config)# no ip dhcp Disables DHCP address conflict logging.
conflict logging
Excluding IP Addresses
The DHCP server assumes that all IP addresses in a DHCP address pool subnet are available for
assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign
to clients. To do so, use the following command in global configuration mode:

Command Purpose
Router(config)# ip Specifies the IP addresses that the DHCP server should not assign to
DHCP clients.
dhcp excluded-
address
low-address [high-
address]
Configuring a DHCP Address Pool

You can configure a DHCP address pool with a name that is a symbolic string (such as
"engineering") or an integer (such as 0). Configuring a DHCP address pool also places you in DHCP
pool configuration modeidentified by the (config-dhcp)# promptfrom which you can configure
pool parameters (for example, the IP subnet number and default router list). To configure a DHCP
address pool, complete the required tasks in the following sections.
Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration Mode
To configure the DHCP address pool name and enter DHCP pool configuration mode, use the
following command in global configuration mode:
Command Purpose
Router(config)# Creates a name for the DHCP server address pool and places you in DHCP pool
ip configuration mode (identified by the config-dhcp# prompt).
dhcp pool name
Configuring the DHCP Address Pool Subnet and Mask

To configure a subnet and mask for the newly created DHCP address pool, which contains the range
of available IP addresses that the DHCP server may assign to clients, use the following command in
DHCP pool configuration mode:
Command Purpose
Router(config- Specifies the subnet network number and mask of the DHCP address pool.
dhcp)# The prefix length specifies the number of bits that comprise the address
prefix. The prefix is an alternative way of specifying the network mask of the
network client. The prefix length must be preceded by a forward slash (/).
network-number
[mask | /prefix-
length]

Note You can not configure manual bindings within the same pool that is configured with the
network command. To configure manual bindings, see the "Configuring Manual Bindings"
section.
Configuring the Domain Name for the Client

The domain name for a DHCP client places the client in the general grouping of networks that make
up the domain. To configure a domain name string for the client, use the following command in
Command Purpose
Router(config-dhcp)# Specifies the domain name for the client.
domain-name domain
Configuring the Domain Name System IP Servers for the Client

DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. To
configure the DNS IP servers that are available to a DHCP client, use the following command in
Command Purpose
Router(config- Specifies the IP address of a DNS server that is available to a DHCP client. One
dhcp)# IP address is required; however, you can specify up to eight IP addresses in
one command line.
dns-server
address
[address2 ...
address8]
Configuring the NetBIOS Windows Internet Naming Service IP Servers for the Client
Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients
use to correlate host names to IP addresses within a general grouping of networks. To configure the
NetBIOS WINS servers that are available to a Microsoft DHCP client, use the following command in
Command Purpose
Router(config- Specifies the NetBIOS WINS server that is available to a Microsoft DHCP
dhcp)# client. One address is required; however, you can specify up to eight
addresses in one command line.
netbios-name-server
address [address2 ...
address8]

Configuring the NetBIOS Node Type for the Client

The NetBIOS node type for Microsoft DHCP clients can be one of four settings: broadcast, peer-to-
peer, mixed, or hybrid. To configure the NetBIOS node type for a Microsoft DHCP, use the following
command in DHCP pool configuration mode:
Command Purpose
Router(config-dhcp)# Specifies the NetBIOS node type for a Microsoft DHCP client.
netbios-node-type type
Configuring the Default Router for the Client

After a DHCP client has booted, the client begins sending packets to its default router. The IP
address of the default router should be on the same subnet as the client. To configure a default
router for a DHCP client, use the following command in DHCP pool configuration mode:
Command Purpose
Router(config-dhcp)# Specifies the IP address of the default router for a DHCP client. One IP
address is required, although you can specify up to eight addresses in one
default-router command line.
address [address2 ...
address8]
Configuring the Address Lease Time

By default, each IP address assigned by a DHCP server comes with a one-day lease, which is the
amount of time that the address is valid. To change the lease value for an IP address, use the
following command in DHCP pool configuration mode:
Command Purpose
Router(config-dhcp)# Specifies the duration of the lease. The default is a one-day lease.
lease {days
[hours][minutes] | infinite}

Configuring Manual Bindings

An address binding is a mapping between the IP address and MAC address of a client. The IP
address of a client can be assigned manually by an administrator or assigned automatically from a
pool by a DHCP server.
Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts
that are found in the DHCP database. Manual bindings are stored in NVRAM on the DHCP server.
Manual bindings are just special address pools. There is no limit on the number of manual bindings
but you can only configure one manual binding per host pool.
Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of
hosts that are found in the DHCP database. Automatic bindings are stored on a remote host called a
database agent. The bindings are saved as text records for easy maintenance.
To configure a manual binding, first create a host pool, then specify the IP address of the client and
hardware address or client identifier. The hardware address is the MAC address. The client identifier,
which is required for Microsoft clients (instead of hardware addresses), is formed by concatenating
the media type and the MAC address of the client. Refer to the "Address Resolution Protocol
Parameters" section of RFC 1700, Assigned Numbers, for a list of media type codes.
To configure manual bindings, use the following commands beginning in global configuration mode:
Command Purpose
Step 1 Router(config)# Creates a name for the a DHCP server address pool and places you
ip in DHCP pool configuration modeidentified by the (config-dhcp)#
dhcp pool name prompt.
Step 2 Router(config- Specifies the IP address and subnet mask of the client.
dhcp)# The prefix length specifies the number of bits that comprise the
host address address prefix. The prefix is an alternative way of specifying the
[mask| /prefix- network mask of the client. The prefix length must be preceded by
length] a forward slash (/).
Step 3 Router(config- Specifies a hardware address for the client.

dhcp)# Specifies the distinct identification of the client in dotted-
hardware- hexadecimal notation, for example, 01b7.0813.8811.66, where 01
address represents the Ethernet media type.
hardware-
address type
or
Router(config-
dhcp)#
client-identifier
unique-identifier
Step 4 Router(config- (Optional) Specifies the name of the client using any standard
dhcp)# ASCII character. The client name should not include the domain
client-name name. For example, the name mars should not be specified as
name mars.cisco.com.

Configuring a DHCP Server Boot File

The boot file is used to store the boot image for the client. The boot image is generally the operating
system the client uses to load. To specify a boot file for the DHCP client, use the following command
in DHCP pool configuration mode:
Command Purpose
Router(config-dhcp)# Specifies the name of the file that is used as a boot image.
bootfile filename
Configuring the Number of Ping Packets

By default, the DHCP server pings a pool address twice before assigning the address to a requesting
client. If the ping is unanswered, the DHCP server assumes (with a high probability) that the address
is not in use and assigns the address to the requesting client. To change the number of ping packets
the DHCP server should send to the pool address before assigning the address, use the following
command in global configuration mode:
Command Purpose
Router(config)# ip Specifies the number of ping packets the DHCP server sends to a pool
dhcp address before assigning the address to a requesting client. The default is
two packets.
ping packets
number
Configuring the Timeout Value for Ping Packets

By default, the DHCP server waits 500 milliseconds before timing out a ping packet. To change the
amount of time the server waits, use the following command in global configuration mode:
Command Purpose
Router(config)# ip Specifies the amount of time the DHCP server must wait before timing
dhcp ping out a ping packet. The default 500 milliseconds.
timeout milliseconds

Enabling the Cisco IOS DHCP Server and Relay Agent Features
By default, the Cisco IOS DHCP server and relay agent features are enabled on your router. To
reenable these features if they are disabled, use the following command in global configuration
mode:
Command Purpose
Router(config)# Enables the CiscoIOS DHCP server and relay features on your router.
Use the no form of this command to disable the Cisco IOS DHCP server and
service dhcp relay features.
Monitoring and Maintaining the DHCP Server

To clear DHCP server variables, use the following commands in privileged EXEC mode, as needed:
Command Purpose
Router# clear Deletes an automatic address binding from the DHCP database. Specifying
ip dhcp address clears the automatic binding for a specific (client) IP address, whereas
specifying asterisk (*) clears all automatic bindings.
binding
address | *
Router# clear Clears an address conflict from the DHCP database. Specifying address clears the
ip dhcp conflict for a specific IP address whereas specifying an asterisk (*) clears
conflicts for all addresses.
conflict
address | *
Router# clear Resets all DHCP server counters to 0.

ip dhcp
server
statistics
To enable DHCP server debugging, use the following command in privileged EXEC mode:
Command Purpose
Router# debug ip dhcp server {events | Enables debugging on the DHCP server.
packets | linkage}

To display DHCP server information, use the following commands in EXEC mode, as needed:
Command Purpose
Router> show ip Displays a list of all bindings created on a specific DHCP server.
dhcp
binding [address]
Router> show ip Displays a list of all address conflicts recorded by a specific DHCP server.
dhcp
conflict [address]
Router# show ip Displays recent activity on the DHCP database.

dhcp Note Use this command in privileged EXEC mode.
database [url]
Router> show ip Displays count information about server statistics and messages sent and
dhcp received.
server statistics
Configuration Examples
This section provides the following configuration examples:
DHCP Database Agent Configuration Example
DHCP Address Pool Configuration Example
Manual Bindings Configuration Example
DHCP Database Agent Configuration Example

The following example stores bindings on host 172.16.4.253. The file transfer protocol is FTP. The
server should wait 2 minutes (120 seconds) before writing database changes.
ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120
DHCP Address Pool Configuration Example

In the following example, three DHCP address pools are created: one in network 172.16.0.0, one in
subnetwork 172.16.1.0, and one in subnetwork 172.16.2.0. Attributes from network 172.16.0.0,
such as the domain name, DNS server, NetBIOS name server, and NetBIOS node type, are inherited
in subnetworks 172.16.1.0 and 172.16.2.0. In each pool, clients are granted 30-day leases and all
addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for
assigning to clients. Table 5 lists the IP addresses for the devices in three DHCP address pools.

Table 5: DHCP Address Pool Devices
Pool 0 (Network Pool 1 (Subnetwork Pool 2 (Subnetwork

172.16.0.0) 172.16.1.0) 172.16.2.0)
Device IP Address Device IP Address Device IP Address
Default - Default 172.16.1.100 Default 172.16.2.100

routers routers 172.16.1.101 routers 172.16.2.101
DNS server 172.16.1.102

172.16.2.102
NetBIOS name 172.16.1.103

server
172.16.2.103
NetBIOS node h-node

type
ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120
ip dhcp pool 0
network 172.16.0.0 /16
domain-name cisco.com
dns-server 172.16.1.102 172.16.2.102
ip dhcp pool 1
network 172.16.1.0 /24
default-router 172.16.1.100 172.16.1.101

lease 30
ip dhcp pool 2
network 172.16.2.0 /24
default-router 172.16.2.100 172.16.2.101
lease 30
Manual Bindings Configuration Example
The following example creates a manual binding for a client named Mars.cisco.com. The MAC
address of the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254.
ip dhcp pool Mars
host 172.16.2.254
hardware-address 02c7.f800.0422 ieee802
client-name Mars
Because attributes are inherited, the previous configuration is equivalent to the following:
ip dhcp pool Mars
host 172.16.2.254 mask 255.255.255.0
hardware-address 02c7.f800.0422 ieee802
client-name Mars
default-router 172.16.2.100 172.16.2.101
domain-name cisco.com
dns-server 172.16.1.102 172.16.2.102


IITCaseStudy PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IITCaseStudy PDF

Uploaded by

Copyright:

Available Formats

Building Intelligent Networks

Dedicated to the Service of the Nation

Confidential & Proprietary Documents Page 1 15/12/2002

Document Title IIT Kharagpur Case Study

Partha Goswami, RM - TSG

Revision Number Date Changes

Confidential & Proprietary Documents Page 2 15/12/2002

Sl No Content Details Page No

Confidential & Proprietary Documents Page 3 15/12/2002

IIT Kharagpur has best of computing platforms of the like HCL/HP/COMPAQ/IBM/

Confidential & Proprietary Documents Page 4 15/12/2002

4. IIT Kharagpur NETWORKING ERA (1994 2001)

Confidential & Proprietary Documents Page 5 15/12/2002

IIT Kharagpur wanted to computerize its student campus to provide high-speed

Confidential & Proprietary Documents Page 6 15/12/2002

7. THE NETWORK DESIGN

The network designed for IIT-Kharagpur is a Multiservice Switched network, which

(A) High-speed transport.

(A) L3/L4 switching enabling Policy based Networking.

(A) 10/100 Mbps Fast Ethernet access to the desktop.

(A) High-speed access to centralized computing resources.

(A) Multiservice Video streaming services.

Content Delivery Services:

(A) Smart content pushing.

Confidential & Proprietary Documents Page 7 15/12/2002

(F) Saves costly Internet Bandwidth.

(A) Load sharing & Load balancing.

a) Network upgraded from layer II to layer III by changing the supervisory

Phase II Hostel/Foundation Part: The student hostels with computer center

Confidential & Proprietary Documents Page 8 15/12/2002

connected to a high-speed Server-Farm (Cat-6506) switch. An intrusion detection

Modular, Cost-effective, Growth was proposed in End connections, bandwidth and

Confidential & Proprietary Documents Page 9 15/12/2002

9. How we have implemented the Entire Network

TEST BED SET-UP

3/1 (10.200.3.1) 3/1 (10.200.3.2)

3/2 (10.200.1.2) 3/3 (10.200.4.1)

3/2 (10.200.2.1) 3/2 (10.200.5.2)

Edge Switch 3524

Confidential & Proprietary Documents Page 10 15/12/2002

10. IIT Kharagpur CAMPUS NETWORK SCHEMATIC

De pt. Dis trib u t io n S w it che s

11. CENTRAL NETWORK ROOM SCHEMATIC

Confidential & Proprietary Documents Page 11 15/12/2002

12. NETWORK SCHEMATIC Of SOME DEPARTMENTS

SA I Lab Po wer Syste m La b Po wer Syste m La b

Confidential & Proprietary Documents Page 12 15/12/2002

10 Core SMF fro m CIC ARCHITECHTURE & SMT

Access VLA N 1 8 from 6 Core SMF towards CET

Cat-2924 MXL Access VLA N 4 0 from

UP- Lin k Crossover UTP Cab le

Confidential & Proprietary Documents Page 13 15/12/2002

CRF & NAVAL

NA VAL Computer Room, 1st Floor

6 Core SMF towards Nava l

UP- Link Crossover UTP Cable

Confidential & Proprietary Documents Page 14 15/12/2002

6 Core Fiber t owards IS R O

IE & M Cat 19 24 S w itch VGSOM

CRYOGENIC & Foundation Engg.(CIVIL)

6 Core SMF towards F. Engg.

Trunk VLA N 23/24 fro m

Confidential & Proprietary Documents Page 15 15/12/2002

description ACADEMIC CORE TO FOUNDATION CORE1