Professional Documents
Culture Documents
After that, where the 2nd router is connected to the the 3rd one ,from
that other office of the same company is started and its network is
also different. The 3rd router is connected to core switch and that
switch is connected to layer-2 switch and that switch is connected to
the computers.
3
But there is only 1 server for the two offices and all the data will
store in that server and can access the server which has
authentication .
Static Routing
Vlan Concept
Intervlan concept
DHCP (Dynamic host configuration Protocol)
ACL (Access-Control list)
Etherchannel
Default Routing
OSPF (Open shortest path first)
EIGRP (Enhance interior gateway routing protocol)
Redistribution
Port Security
Telnet
SSH
Privilege level
Static Routing
Static routing is a Routing Protocol which is used to give the route or
direction where the traffic will be forward.It is statically or manually
configure the router the path of direction.
4
Static routing is a form of routing that occurs when a router uses a
manually-configured routing entry, rather than information from a
dynamic routing traffic.[1] In many cases, static routes are manually
configured by a network administrator by adding in entries into
a routing table, though this may not always be the case
dynamic routing, static routes are fixed and do not change if the
network is changed or reconfigured. Static routing and dynamic
routing are not mutually exclusive. Both dynamic routing and static
routing are usually used on a router to maximise routing efficiency
and to provide backups in the event that dynamic routing
information fails to be exchanged. Static routing can also be used
in stub networks, or to provide a gateway of last resort.
5
Configuration
Router>enable
Router#configure terminal
VLAN
VLAN stands for virtual local area network.Vlan is used to divide the
broadcast domain of switch by configuration. Vlan concept is used,
when there is 5 department and 10 users and each deparments have
6
2 users.
So rather than using 5 switch we will use 1 switch and breaks into 5
vlans.we have to create 5 vlans like vlan 10,vlan 20,vlan 30,vlan
40,vlan 50 and configure the vlan command on switch.In my secenrio
there is 2 vlan so configuration is given below -:
So rather than using 5 switch we will use 1 switch and breaks into 5
vlans.we have to create 5 vlans like vlan 10,vlan 20,vlan 30,vlan
40,vlan 50 and configure the vlan command on switch.
Vlan 10
Vlan 20
Exit
Switch>enable
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#vlan 20
7
Switch(config-vlan)#exit
Switch>enable
Switch#configure terminal
Switch(config)#interface fastethernet0/1
Switch(config)#interface fastethernet0/2
8
A VLAN allows several networks to work virtually as one LAN. One of
the most beneficial elements of a VLAN is that it removes latency in
the network, which saves network resources and increases network
efficiency. In addition, VLANs are created to provide segmentation
and assist in issues like security, network management and
scalability.
9
Allowing network administrators to apply additional security to
network communication
Making expansion and relocation of a network or a network
device easier
Providing flexibility because administrators are able to
configure in a centralized environment while the devices might
be located in different geographical locations
Decreasing the latency and traffic load on the network and the
network devices, offering increased performance
10
Intervlan
Now Layer-2 switch is connected to layer-3 switch
I have also created vlan 10 and vlan 20 on layer-3 switch. Now after
creating vlan we have to create trunk port on both the switches
11
routing, the router interfaces can be connected to separate VLANs.
Switch>enable
Switch#configure terminal
Switch>enable
Switch#configure terminal
12
Switch(config-if)#switchport mode access
Router configuration -:
Router>enable
Router#configure terminal
Router(config-if)#no shutdown
Router(config)#exit
13
Router>enable
Router#configure terminal
Router(config-if)#no shutdown
Router(config)#exit0
Router1 configuration -:
Router>enable
Router#configure terminal
Router(config-if)#no shutdown
Router(config)#exit
14
Router>enable
Router#configure terminal
Router(config-if)#no shutdown
Router(config)#exit
route 0 has also gave ip route that any network of any subnet mask
15
gateway and given a static route that any packet comes of any
network it will forward to 192.168.1.1 which is of router 0 ip now
DHCP
DHCP stands for dynamic host configuration protocol and i have
applied DHCP on layer-3 switch.we can apply DHCP either on router
or layer-3 switch.
16
DHCP Configuration -:
Switch>enable
Switch#configure terminal
Switch(dhcp-config)#default-router 192.168.10.1
Switch(dhcp-config)#default-router 192.168.20.1
Switch(dhcp-config)#dns-server 8.8.8.8
17
ACL
ACL stands for Access-Control list. I have applied ACL on router for
computer 192.168.10.2 .
ACL is apply to deny any host or computer that it cannot access the
server.I have just applied on 1 pc and i can also apply ACL to whole
network which result is that any ip address of any network will be
denied.It means any pc cannot take access of server.But i have
applied it on only for 1 pc. So instead of this 1 pc all pc will be
allowed to take access of server.
ACL features –
1. The set of rules defined are matched serial wise i.e matching
starts with the first line, then 2nd, then 3rd and so on.
2. The packets are matched only until it matches the rule. Once a
rule is matched then no further comparison takes place and that
rule will be performed.
18
There is an implicit deny at the end of every ACL, i.e., if no condition
or rule matches then the packet will be discarded.
Once the access-list is is built, then it should be applied to inbound or
outbound of the interface:
Inbound access lists – When an access list is applied on inbound
packets of the interface then first the packets will processed
according to the access list and then routed to the outbound
interface.
Types of ACL –
19
ACL Configuration -:
Router>enable
Router# configure terminal
Router (config) # access-list 1 deny host 192.168.10.2
Router (config) # access-list 1 permit any
Router (config) # ip access-list standard deny
Router ( config ) # deny 192.0.0.0 0.255.255.255
Router (config) # deny host 192.168.10.2
Router (config) # permit any
Router (config) #interface gigabit ethernet 0/1
Router (config-if) #ip access-group 1 out
18
20
Ethernet channel or Ether-channel
LACP is not Cisco proprietary it means the device may or may not be
of Cisco proprietary and there is also 2 modes -:
ACTIVE and PASSIVE
ACTIVE means it will initiate for the message first and also reply for
the message.
PASSIVE means it will initiate for the message first and also reply for
the message.
Switch>enable
Switch#configure terminal
...
DEFAULT ROUTING
In computer networking, the default route is a setting on a
computer that defines the packet forwarding rule to use when
no specific route can be determined for a given Internet
Protocol (IP) destination address
It means ,we will set a default route on router or switch that any ip
address of any subnet mask will go to the ISP or any destination
address which client wants to give.
23
COMMAND –
Router ( config ) #ip route 0.0.0.0 0.0.0.0 100.100.100.1
Routers connect networks using the Internet Protocol (IP), and OSPF
(Open Shortest Path First) is a router protocol used to find the best
path for packets as they pass through a set of connected networks.
OSPF is designated by the Internet Engineering Task Force (IETF) as
one of several Interior Gateway Protocols (IGPs) -- that is,
protocolsaimed at traffic moving around within a larger autonomous
system network like a single enterprise's network, which may in turn
be made up of many separate local area networks linked through
routers
2. INIT – In this state, hello packet have been received from the
other router.
3. 2WAY – In the 2WAY state, both the routers have received the
hello packets from other routers. Bidirectional connectivity has
been established.
27
received DBD is more updated than its own DBD then the router
will send LSR to the other router stating what links are needed.
The other router replies with the LSU containing the updates
that are needed. In return to this, the router replies with the
Link State Acknowledgement.
OSPF Configuration-:
Router1 configuration -:
Router>enable
Router#configure terminal
Router (config) #router ospf 1
28
.
29
EIGRP and IGRP can interoperate because the metric (criteria used
for selecting a route) used with one protocol can be translated into
the metrics of the other protocol. EIGRP can be used not only for
Internet Protocol (IP) networks but also for AppleTalk and
Novell NetWare networks
-Open Standard
-Network layer protocol
-AD value 90,170
30
EIGRP is a classless, distance-vector protocol that uses the concept of
AS to describe a set of contiguous router that run the same routing
EIGRP has default hop count =100 with a maximum 255. EIGRP
doesn’t reply on hop count like RIP does.
PARAMETERS or NEIGHBOURSHIP -:
AS number
K-value
Hello or ACK
TIMERS IN EIGRP -:
Hello -5seconds
Hold down -15 seconds
EIGRP Message -:
Hello
Update
Acknowledgement
Query
Reply
31
EIGRP COMMAND
Router eigrp 1
Network 192.168.10.0
Network 192.168.20.0
Exit
30
32
REDISTRIBUTION
Often, using a single routing protocol in an organisation is
preferred but there are some conditions in which we have to
use multi protocol routing. These conditions include multiple
administrator running multiple protocols, company mergers or
usage of multi-vendors devices. Therefore, we have to
advertise a route learned through a routing protocol or by any
other means (like static route or directly connected route) in
different routing protocol. This process is called redistribution.
Redistribution is used in the large organisation , when there are
. 33
REDISTRIBUTION COMMAND
Router eigrp 1
Redistribute ospf 1 metric 1 1 1 1 1
Router ospf 1
Redistribute eigrp 1 subnets tag 1
Router ospf 1
Redistribution static subnets tag 1
Router eigrp 1
Redistribution static metric 1 1 1 1 1
PORT SECURITY
Attackers task is comparatively very easy when they can enter
the network they want to attack. Ethernet LANs are very much
vulnerable to attack as the switch ports are open to use by
default. Various attacks such as Dos attack at layer 2, address
spoofing can take place. If the administrator has control over
the network then obviously the network is safe. To take total
control over the switch ports, user can use feature called port-
security.
Port Security helps secure the network by preventing unknown
devices from forwarding packets. When a link goes down, all
dynamically locked addresses are freed. The port security feature
offers the following benefits:
You can limit the number of MAC addresses on a given port.
Packets that have a matching MAC address (secure packets) are
34
forwarded; all other packets (unsecure packets) are restricted.
Port security –
protect –
restrict –
shut down –
Sticky –
36
TELNET
37
o The main task of the internet is to provide services to users. For
example, users want to run different application programs at
the remote site and transfers a result to the local site. This
requires a client-server program such as FTP, SMTP. But this
would not allow us to create a specific program for each
demand.
o The better solution is to provide a general client-server
program that lets the user access any application program on a
38
remote computer. Therefore, a program that allows a user to
log on to a remote computer. A popular client-server program
Telnet is used to meet such demands. Telnet is an abbreviation
for Terminal Network.
39
Remote login
40
Network Virtual Terminal (NVT)
TELNET COMMAND
SSH
44
SSH COMMAND
PRIVILEGE LEVEL
Cisco Internetwork Operating System (IOS) currently has 16
privilege levels that range from 0 through 15. Users have
access to limited commands at lower privilege levels compared
45
to higher privilege levels. To illustrate this, think of being on a
mountain, when you're at the bottom (Level 0) you see very
little around you. As soon as you make your way to the top of
the mountain (Level 15), you see a whole lot more, having
access to commands assigned to level 15 and below. Using the
command "show privilege" allows the user to determine what
privilege level a user is currently assigned, here are two
examples:
Router>
Router>show privilege
Current privilege level is 1
Router>
Router>enable 15
Router#
Router# show privilege
Now comes the fun part, we can create the "middle ground" by
defining arbitrary roles through customization of privilege levels 2
through 14. For this example, we'll enable privilege level 2, then
47
reassign both "Ping" and "Reload" commands.
Router>
Router>enable 15
Router#
Router# configure terminal
Router (config)#enable secret level 2 0 cisco123! (I've enabled level
2 with password or cisco123!)
Router (config)#
Now, let's take the "ping" and "reload" commands and reassign
them to level 2:
.
After applying the changes, users must have a minimum privilege
level of 2 or above to execute "ping" and "reload", let's check the
results:
Router>
Router>show privilege
Current privilege level is 1
Router>ping
Translating "ping"
Translating "ping"
Translating "ping"
48
% Unknown command or computer name, or unable to find computer
address (Failure, the "ping" command is unavailable. We've
essentially changed the privilege level requirements for this command
to work.)
Router>
With the use of the "enable 2" command, we elevate our privilege
level specifically to level 2:
Router>
Router>show privilege
Current privilege level is 1
Router>enable 2
Password: Enter the password "cisco123!"
Router# (Notice the command prompt has changed from ">" to "#",
however, let’s check the privilege level to confirm we were indeed
assigned privilege level 2)
49
50
AIM
In my architecture, there is two office of a company on different
location and my Aim is to provide communication between these
devices. It must to ping from each other or any device like computer
to server.
I have made some policies according to the client like -:
VLAN
INTERVLAN ROUTING
STATIC ROUTING
DEFAULT ROUTING
OSPF
EIGRP
REDISTRIBUTION
ACL AND DHCP
ETHERCHANNEL
PORT SECURITY
TELNET
SSH
PRIVILEGE LEVEL