Quest group of Engineering and Technology

Networking Technology

Summer Internship Report

(June 13th 2011 July 22nd 2011)

Summer Training Venue- Centre for

Development of Advanced Computing, Mohali, Punjab

Submitted to :by :-

Prepared

Preface
The report is prepare during industrial training as a part of summer internship program conducted after the end term of 4th semester B.Tech program. This period provided me an opportunity to give theoretical knowledge a practical implementation. The report is a result of seven weeks industrial training that I underwent at CDAC, Mohali. Joining CDAC as a trainee gave me an excellent platform at the onset of my professional carrier. I whole heartedly thank the organization and especially their Network Department for provided me an opportunity to work on the Router, switches (layer 2 and layer 3) & hubs and hence bringing out the best in me, alongside developing my talents & improving my skills, not just technically but also laying a firm foundation for all round personality development. Co-operating and working with a team helped me explore my potential & perform better. This report deals with the network scenario and how the connection is made in the university and organizations. The report also includes the pictorial scenario of network using Edraw.

Acknowledgement
It is a great sense of satisfaction and a matter of privilege for me to work at CDAC, Mohali. I wish to express my heartiest thanks to CDAC for providing me the opportunity to undergo training in the esteemed organization. Under such a good environment, systematic work approach and target oriented task, management of this division provided me with the much-desired training experience needed for the future software professional career. It is my pleasure to thank Mr. Vijay Kumar to whom I owe a lot giving me an opportunity to pursue my training in this organization. I would like to thank Mr. Apoorv Kumar my faculty guide, for this help cooperation and by being interactive during the reviewing of my project for the various designs and performance issue.

Mr. Vijay Kumar Sharma CDAC, Mohali Mohali

Mr. Apoorv CDAC,

Venue of Training-CDAC Mohali

Profile
Centre for Development of Advanced Computing , Mohali (erstwhile CEDTI) was established in May 1989, as a Scientific Society of the Ministry of Communications and Information Technology (MCIT), Government of India. In December 2002, CEDTI, Mohali was merged with C-DAC, another society of MCIT with a primary mandate for R&D. C-DAC Mohali, an ISO 9001:2000 certified institute, is a Research & Development institution for design, development and deployment of world class IT and electronics solutions for economic and human advancements. C-DAC Mohali is a dynamic, growing institution, focused on the development of cutting edge solutions in the following domains:

Health Informatics Multilingual Technologies Professional Electronics Software Technologies Cyber Forensics and Security Multimedia Technologies

C-DAC Mohali operates from its own impressive building having a covered area of approximately 4300 sq. mts. The centre is located in the ELTOP (Electronics Town of Punjab) Complex amidst a large number of industries, manufacturing electronic products relating to computers, peripherals, communication equipment and components, offering a great professional challenge to the faculty and staff of the Centre. Two decades ago C-DAC Mohali (erstwhile CEDTI Mohali) started as a leading HR developer and training Institute for Information Technology (IT) sector in the northern region. It has continued to grow and offer various courses. The Centre has earned a brand for quality training programmes. Along with various diploma courses, C-DAC Mohali also offers high-end courses like M.Tech in VLSI as well as ME in Electronic Product Design Technology (EPDT). Short term value added courses designed for knowledge based skill development have also received enormous response. Present R&D activities cover projects on Health Informatics including

telemedicine, e-Governance, e-Security, BOSS / Linux Server, Language technology, Black Box for automobiles and Various RFID based Applications.

Health Care
Health care, or healthcare, is the prevention, treatment, and management of illness and the preservation of mental and physical well being through the services offered by the medical, nursing, and allied health professions. Health care embraces all the goods and services designed to promote health. The organized provision of such services may constitute a health care system. Hence, Health informatics or medical informatics is the intersection of information science, computer science and health care. It deals with the resources, devices and methods required to optimize the acquisition, storage, retrieval and use of information in health and biomedicine. Health informatics tools include not only computers but also clinical guidelines, formal medical terminologies, and information and communication systems.
Telemedicine & Healthcare Services

Telemedicine, a good combination of medicine and modern technology is raising new hopes in health care. Telemedicine means providing medical Assistance at a distance with the help of Information and communication Technologies. Telemedicine enables a physician or specialist at one site to deliver e-health, diagnose patients, give intra-operative assistance, provide therapy or consult with another physicians or paramedical personnel at a remote site. Telemedicine is not another technology but a process that focuses on the individual to provide greater access and increased knowledge on e-health. It empowers the individual to manage his/her own personal health, and integrates information to allow the smooth flow of services and products throughout the health care system. There are four main components of Telemetric, all of which are applicable to e-health:

Remote database access/update Tele-monitoring Tele-Video Conferencing Case Handling/Message Passing

Healthcare in C-DAC Mohali

Since the Telemedicine department of C-DAC came into existence, we have won laurels winning many projects. The telemedicine departments first major project was Telemedicine and its Implementation which started in the year 1999 and was successfully accomplished in 2003. It was sponsored by the Department of Information Technology (DIT). It has been implemented successfully at 6 sites connected over ISDN lines for expert consultation using the Telemedicine integrated desktop software Sanjeevani. The second major project was Telemedicine in Himachal Pradesh which was started in 2005 and till now 24 Primary Health care centers in rural and remote areas have been connected over ISDN lines using Telemedicine Application Sanjeevani. Apart from this, we received another project from Department of Information Technology (DIT) with the collaboration with Punjab Health Systems Corporation under the project named Punjab Telemedicine in 2006. Here also, 5 sites have been connected and further processing for better facilities and wider coverage is going on. A successful gala in the field of Telemedicine is "e-Sanjeevani", an integrated web based Telemedicine Solution which is an outcome of the research & development over the existing desktop application Sanjeevani. To provide multi specialty health care to the common man at the most affordable cost. Presently the development is being carried on the project TELEOPTHOMOLOGY which is a project sponsored by the Ministry of health and Family Welfare, Government of India in 2007. This project has been christened as "TeleOphthalmology" Software. The most recent proposal to join the wall of fame of C-DACs Telemedicine Department is the Business Research & Development project being developed for our client.
Technology Used

Telemedicine department in C-DAC, Mohali uses different kinds of technology to build most of the telemedicine applications in use. The first, called store and forward, involves acquiring medical data (like medical images etc) and then transmitting this data to a doctor or medical specialist at a convenient time for assessment offline. It does not require the presence of both parties at the same time. Dermatology, radiology, and pathology are common specialties that are conducive to asynchronous telemedicine. This is typically used for non-emergent situations, when a diagnosis or consultation may be made in the next 24 - 48 hours and sent back.

Real time telemedicine could be as simple as a telephone call or as complex as robotic surgery. It requires the presence of both parties at the same time and a communications link between them that allows a real-time interaction to take place. Video-conferencing equipment is one of the most common forms of technologies used in synchronous telemedicine. Also there are peripheral devices which can be attached to computers or the video-conferencing equipment which can aid in an interactive examination.

Telemedicine Solutions

C-DAC Mohali has implemented its Telemedicine Solution named Sanjeevani in Microsoft Visual Basic 6.0 with the database support of Microsoft SQL Server 2005 and e-Sanjeevani in Microsoft .net technologies with the back end support of Microsoft SQL Server 2005. For better view and enhancement of images C-DAC Mohali has developed its product Image Enhancer for brightness, contrast, zoom, region of interest annotation etc. CDAC Mohali has also developed a webbased application Health Care Management System in Microsoft .net technologies with the back end support of Microsoft SQL Server 2005.
Research and Development

C-DAC Mohali strives for the betterment of providing healthcare services through its innovative practices, its technology programmes and its commitment to knowledge development with research and development activities. C-DAC Mohali is a dynamic, growing organization, focused on the development of radical new technologies that span a diverse set of telemedicine standard applications through research in various industry standards like HL7, DICOM in the field medical informatics.
Training

C-DAC Mohali provides training to health care professionals for effective use of telemedicine solutions both on-site and remotely through the use of tele-health equipment with the help of training specialist. C-DAC Mohali is rooted in an unparalleled reputation for training design and development. We use our research, human factors, and training expertise in this subject area to develop a package of multilevel training programs that will optimize the utilization of our telemedicine solutions.

Multi Lingual Technologies

C-DAC Mohali is taking initiative to preserve & enhance the heritage of traditional embroideries of India through developing the tools for best use in the field of fashion industry. You will soon find all the information regarding Indian Embroidery on a single portal. C-DAC Mohali is taking initiative to preserve & enhance the heritage of traditional embroideries of India through developing the tools for best use in the field of fashion industry.

BOSS(Bharat Operating System Solutions)

Bharat Operating System Solutions GNU/Linux distribution developed by C-DAC (Centre for Development of Advanced Computing) derived from Debian for enhancing the use of Free/ Open Source Software throughout India. BOSSGNU/Linux - a key deliverable of NRCFOSS has upgraded from Entry level server to advanced server. It supports Intel and AMD x86/x86-64 architecture. BOSS GNU/Linux advanced server has unique features such as Web server, proxy server, Database server, Mail server, Network server, File and Print server, SMS server, LDAP server. BOSS GNU/Linux advanced server is comprised with administration tool such as webmin which is a web based interface, Gadmin, PHP myadmin, PHP LDAP admin, PG admin. The Beta Release of BOSS GNU/Linux Version 4.0 is coupled with GNOME Desktop Environment with wide Indian language support & packages, relevant for use in the Government domain. This release aims more at the security part and comes with an easy to use application to harden your Desktop. Currently BOSS GNU/Linux Desktop is available in all the Official Indian Languages such as Assamese, Bengali, Gujarati, Hindi, Kannada, Malayalam, Marathi, Oriya, Punjabi, Sanskrit, Tamil, Telugu, Bodo, Urdu, Kashmiri, Maithili, Konkani, Manipuri which will enable the mainly non-English literate users in the country to be exposed to ICT and to use the computer more effectively. The accessibility of BOSS Linux will have a constructive impact on the digital divide in India as more people can now have access to software in their local language to use the Internet and other information and communications technology (ICT) facilities. Community Information centers (CICs) and internet cafes will also benefit from BOSS GNU/Linux as this software can be utilized to power these outlets and is affordable and easy to install, use and support.

E-Governance Projects

In the present system of democracy, elected officials, and the institutions, have been the traditional means of governing the interests of society, managing economic and social resources for development. E-governance is the application of information & communication technologies to transform the efficiency, effectiveness, transparency and accountability of informational & transactional exchanges with in government, between govt. & govt. agencies of National, State, Municipal & Local levels, citizen & businesses, and to empower citizens through access & use of information. A large number of Government departments have been engaged in the deployment of information and communication technologies to increase the efficiency and improved quality of the work. E-governance is said to be only 20% technology and 80% management. As e-government principles and practices have been applied in the past few years it has been clear that fundamental governance issues determine the workability of the application of e-services delivery and e-programs. The widespread access to the Internet has prompted delivery of information and services to the citizens electronically. The interaction between citizens or business and a government agency/department can take place at a service centre closer to the client.

In India
India is a country of diverse social and cultural needs, with twenty-two constitutionally recognized languages and with many variations of dialects. The success of e-Governance initiatives is determined by efficient delivery of citizen centric services and better access to knowledge and information. In India, the digital divide is also evident. National E-Governance Plan (NeGP) is one of the most ambitions programs of the Government of India aimed at pervasively spreading E-Governance in the country. The plan essentially consists of 10 core policies, 5 integrated service projects that cut across departments, 9 Mission Mode Projects (MMPs) in the Central Sector and 12 in the State Sector.

International participation in CDAC Mohali

Indian Technical and Economic Cooperation programme popularly known as "ITEC" was launched in 1964 as a bilateral programme of assistance of the Government of India. Under ITEC and its corollary SCAAP (Special Commonwealth Assistance for Africa Programme) 156 countries in Asia, East Europe, Central Asia, Africa and Latin America are invited to share in the Indian Developmental experience acquired over five decades of Indias existence as a free Nation. ITEC is about cooperation and partnership for mutual benefit. It is response oriented and it addresses the needs of developing countries.

Training:
Ever since the inception of ITEC programme, training of thousands of nominees of ITEC Partner countries have been the most successful cooperation programme and is highly appreciated by the recipient countries. Training, both civilian and defence personnel, constitute about 40 percent of annual ITEC programme budget.

Civilian Training:
Each year the Ministry of External Affairs emanels institutions, and training courses are identified. Thereafter, through Indian Missions abroad the information about the courses are disseminated to the Foreign Offices and other concerned departments of ITEC partner countries. Applications of the nominees of these countries, duly recommended by the Heads of Missions/Posts are then sent both to the MEA and the Institutions concerned. After scrutinizing the eligibility of such candidates, approvals for joining the courses are given by the TC Division. Government of India bears the entire expenditure for ITEC/SCAAP trainings in India, which include airfare, tuition fees, living allowances, medical expenses, book grants. C-DAC Mohali is conducting the Course since 1999 in the Area of Hardware networking, Software like Multimedia, Linux programming, Bio- medical, Telemedicine. , CDAC ,Mohali have trained around 2000 participants under ITEC/SCAAP. Under this Programm CDAC Mohali presently Conduct 11 nos of Courses for the civilians of the 156 countries.

My Experience
My experience throughout the training was a big learning curve for my career. Being with the professionals was a great oppourtunity for me. My utmost effort was to master the skill to as much extent as it can be. I got hands on experience this summer ;working on the real equipment during their internships was as interesting as it can get. The Industrial training programme was exhaustive and covering the latest in technologies. The first week we were taught about the basics of Networking which we were already thorough with, courtesy the excellent faculty and innovative teaching style of our college. Therefore the first week was a brush upon the ideas which were somewhat weakened during the holidays. The second week was a step in the more detailed realms of networking technologies. We were taken into greater depths of the knowledge pool and we were allowed to explore n our own the new possibilities and new ways to overcome our own doubts and questions. The third and fourth weeks were full of new advanced concepts that were introduced to us. It was challenging at first, but once we discovered where the root of all doubt liesit was able to make peace with the new concepts. The fifth and sixth week consisted of Project Making. It was the time to showcase everything that we have learnt past four weeks into a single project. We got much help from our supervisors at CDAC and some co-trainees. The professionalism was exemplary. Overall these six weeks have given a new direction to my career and a new direction as to how to think in the right manner.

ROUTER
A router is a device that forwards data packets between telecommunications networks, creating an overlay internetwork. A router is connected to two or more data lines from different networks. When data comes in on one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey or drops the packet. A data packet is typically forwarded from one router to another through networks that constitute the internetwork until it gets to its destination node. The most familiar type of routers are home and small office routers that simply pass data, such as web pages and email, between the home computers and the owner's cable or DSL modem, which connects to the Internet (ISP). However more sophisticated routers range from enterprise routers, which connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. A router has interfaces for different physical types of network connections, (such as copper cables, fiber optic, or wireless transmission). It also contains firmware for different networking protocol standards. Each network interface uses this specialized computer software to enable data packets to be forwarded from one protocol transmission system to another.

FUNCTION OF ROUTER
Router Terminology
Routers used to be called "gateways," which is why the term "default gateway" means the router in your network (see default gateway). In older Novell terminology, routers were also called "network-layer bridges." For more details on the routable protocol layer (network layer 3), see OSI model and TCP/IP abc's. See layer 3 switch, route server, router cluster and routing protocol.

Route Forwarding Routing tables hold the data for making forwarding decisions. Although this is a simple example, routing tables become very complex. Static routing uses fixed tables, but dynamic routing uses routing protocols that let routers exchange data with each other.

TYPES OF ROUTERS
Enterprise routers
All sizes of routers may be found inside enterprises. The most powerful routers are usually found in ISPs, academic and research facilities. Large businesses may also need more powerful routers to cope with ever increasing demands of intranet data traffic. A three-layer model is in common use, not all of which need be present in smaller networks. Access

Linksys by Cisco WRT54GL SoHo Router

A screenshot of the LuCI web interface used by OpenWrt. Here it is being used to configure Dynamic DNS. Access routers, including 'small office/home office' (SOHO) models, are located at customer sites such as branch offices that do not need hierarchical routing of their own. Typically, they are optimized for low cost. Some SOHO routers are capable of running alternative free Linux-based firmwares like Tomato, OpenWrt or DD-WRT.

Distribution
Distribution routers aggregate traffic from multiple access routers, either at the same site, or to collect the data streams from multiple sites to a major enterprise location. Distribution routers are often responsible for enforcing quality of service across a WAN, so they may have considerable memory installed, multiple WAN interface connections, and substantial onboard data processing routines. They may also provide connectivity to groups of file servers or other external networks. Security External networks must be carefully considered as part of the overall security strategy. Separate from the router may be a firewall or VPN handling device, or the router may include these and other security functions. Many companies produced security-oriented routers, including Cisco Systems' PIX and ASA5500 series, Juniper's Netscreen, Watchguard's Firebox, Barracuda's variety of mailoriented devices, and many others.

WORKING OF ROUTER
Routers understand these Ethernet and IP addresses. Routers are primarily interested in the destination IP address of the packet you are sending to the router. The router takes this destination (say it is 63.248.129.2) and looks that up in its routing table. Here is an example of a routing table: Location-A# show ip route 10.0.0.0/24 is subnetted, 2 subnets R C 10.2.2.0 [120/1] via 63.248.129.2, 00:00:16, Serial0 10.1.1.0 is directly connected, Ethernet0

63.0.0.0/30 is subnetted, 1 subnets C 63.248.129.0 is directly connected, Serial0

Location-A# Routes in the routing table are learned from either static routes (entered by you) or dynamic routes. Using the routing table, the router tries to find the best route for your traffic. There may be only one route. Often, this is a "default route" (a.k.a. "gateway of last resort"). The default route just says: "If there are no better routes to send this traffic, send it here."

Just about every home and small business user has just a single Internet connection. In that case, they have a default route and all traffic is sent to their Internet service provider (ISP). In the case of ISPs, however, there may be many places they can send this traffic. Their routers must compare many hundreds of thousands of routes and select the best one for your traffic. This happens in milliseconds. And to get your traffic through the Internet and back, it may pass through hundreds of routers. To you, it appears almost instantaneously (depending on many factors). If it doesn't find a valid route for your traffic, the router discards (yes, throws away) your traffic and sends an ICMP "destination unreachable" message back to you. When the router does find the best route and is ready to send your traffic, it has to do a number of things:
1. Perform Network Address Translation (NAT). NAT isn't a traditional router

function, but many routers today perform NAT. This is especially true for home and small business routers that function as "all in one" devices. Many companies have dedicated firewalls that also perform NAT. With NAT, your private source IP address is translated into a public source IP address. If the router is performing PAT (NAT overload), then the public source IP address is shared among many devices. 2. Replace your source MAC address with the router's MAC address. The ARP protocol is used to connect your computer's source MAC address to your IP address. The ARP protocol is a broadcast-oriented protocol, and routers discard broadcasts. This means that ARP doesn't work through routers. Because of this, the router must replace your source MAC address with the router's MAC address. The router also adds the destination host or next-hop router's MAC address to the data link header. 3. Encapsulate the packet for the protocol of the WAN. Routers often perform protocol conversion. Say, for example, you have a router that has a PPP T1 connection to the Internet and is connected to the LAN using Ethernet. The Ethernet frames must be de-encapsulated, modified, then re-encapsulated in Ethernet, then PPP, before they can be sent across the PPP link. On the other side of the link, the destination router is performing all of these same tasks, but in reverse. This happens for every packet sent and every response received. To see a real production routing table from an ISP, you can telnet to public Cisco route servers around the world. From here, you can do a show ip route and see what a real ISP's routing table looks like.

BRIDGES
A bridge connects two or more networks, or segments of the same network. These networks may use different physical and data link protocols. For example, you can install a bridge to connect a small lab of Macintosh computers using LocalTalk to the school's main Ethernet network. Bridges filter network traffic. They examine each set of data, transmitting only appropriate data to each connected segment. (Hubs, by contrast, broadcast all information to each connected computer, whether or not that computer is the intended recipient.) In this manner, bridges help reduce overall network traffic. Bridges are relatively simple and efficient traffic regulators. However, in most networks they have been replaced by their less expensive or more powerful cousinshubs, switches, and routers. Most bridges operate by examining incoming or outgoing signals for information at OSI level 2.

Network Switch
A network switch or switching hub is a computer networking device that connects network segments. The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer (layer 2) of the OSI model. Switches that additionally process data at the network layer (Layer 3) and above are often referred to as Layer 3 switches or multilayer switches.

Functions of a Switch

The network switch plays an integral part in most modern Ethernet local area networks (LANs). Mid-to-large sized LANs contain a number of linked managed switches. Small office/home office (SOHO) applications typically use a single switch, or an all-purpose converged device such as a gateway to access small office/home broadband services such as DSL or cable internet. In most of these cases, the end-user device contains a router and components that interface to the particular physical broadband technology. User devices may also include a telephone interface for VoIP. An Ethernet switch operates at the data link layer of the OSI model to create a separate collision domain for each switch port. With 4 computers (e.g., A, B, C, and D) on 4 switch ports, A and B can transfer data back and forth, while C and D also do so simultaneously, and the two conversations will not interfere with one another. In the case of a hub, they would all share the bandwidth and run in half duplex, resulting in collisions, which would then necessitate retransmissions. Using a switch is called microsegmentation. This allows computers to have dedicated bandwidth on a point-to-point connections to the network and to therefore run in full duplex without collisions.

Switches may operate at one or more layers of the OSI model, including data link, network, or transport (i.e., end-to-end). A device that operates simultaneously at more than one of these layers is known as a multilayer switch. In switches intended for commercial use, built-in or modular interfaces make it possible to connect different types of networks, including Ethernet, Fibre Channel, ATM, ITU-T G.hn and802.11. This connectivity can be at any of the layers mentioned. While Layer 2 functionality is adequate for bandwidth-shifting within one technology, interconnecting technologies such as Ethernet and token ring are easier at Layer 3. Interconnection of different Layer 3 networks is done by routers. If there are any features that characterize "Layer-3 switches" as opposed to general-purpose routers, it tends to be that they are optimized, in larger switches, for high-density Ethernet connectivity. In some service provider and other environments where there is a need for a great deal of analysis of network performance and security, switches may be connected between WAN routers as places for analytic modules. Some vendors provide firewall, network intrusion detection, and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules.

In other cases, the switch is used to create a mirror image of data that can go to an external device. Since most switch port mirroring provides only one mirrored stream, network hubscan be useful for fanning out data to several read-only analyzers, such as intrusion detection systems and packet sniffers.

Layer specific functions

While switches may learn about topologies at many layers, and forward at one or more layers, they do tend to have common features. Other than for highperformance applications, modern commercial switches use primarily Ethernet interfaces, which can have different input and output bandwidths of 10, 100, 1000 or 10,000 megabits per second. At any layer, a modern switch may implement power over Ethernet (PoE), which avoids the need for attached devices, such as an VoIP phone or wireless access point, to have a separate power supply. Since switches can have redundant power circuits connected to uninterruptible power supplies, the connected device can continue operating even when regular office power fails.

Layer 1(Physical Layer)

A network hub, or repeater, is a simple network device. Hubs do not manage any of the traffic that comes through them. Any packet entering a port is broadcast out or "repeated" on every other port, except for the port of entry. Since every packet is repeated on every other port, packet collisions affect the entire network, limiting its capacity. There are specialized applications where a hub can be useful, such as copying traffic to multiple network sensors. High end switches have a feature which does the same thing called port mirroring. By the early 2000s, there was little price difference between a hub and a low-end switch.

Layer 2(Data Link Layer)

A "layer 2 switch" remains more of a marketing term than a technical term, the products that were introduced as "switches" tended to use microsegmentation and Full duplex to prevent collisions among devices connected to Ethernet. By using an internal forwarding plane much faster than any interface, they give the impression of simultaneous paths among multiple devices. Once a bridge learns the topology through a spanning tree protocol, it forwards data link layer frames using a layer 2 forwarding method. There are four forwarding methods a bridge can use, of which the second through fourth method were performance-increasing methods when used on "switch" products with the same input and output port bandwidths: Store and forward: The switch buffers and verifies each frame before forwarding it.
1. 2.

Cut through: The switch reads only up to the frame's hardware address before starting to forward it. Cut-through switches have to fall back to store and forward if the outgoing port is busy at the time the packet arrives. There is no error checking with this method. Fragment free: A method that attempts to retain the benefits of both store and forward and cut through. Fragment free checks the first 64 bytes of the frame, where addressinginformation is stored. According to Ethernet specifications, collisions should be detected during the first 64 bytes of the frame, so frames that are in error because of a collision will not be forwarded. This way the frame will always reach its intended destination. Error checking of the actual data in the packet is left for the end device.
3.

Adaptive switching: A method of automatically selecting between the other three modes.
4.

While there are specialized applications, such as storage area networks, where the input and output interfaces are the same bandwidth, this is rarely the case in general LAN applications. In LANs, a switch used for end user access typically concentrates lower bandwidth (e.g., 10/100 Mbit/s) into a higher bandwidth (at least 1 Gbit/s). Alternatively, a switch that provides access to server ports usually connects to them at a much higher bandwidth than is used by end user devices.

Layer 3(Network Layer)

Within the confines of the Ethernet physical layer, a layer 3 switch can perform some or all of the functions normally performed by a router. The most common layer-3 capability is awareness of IP multicast through IGMP snooping. With this

awareness, a layer-3 switch can increase efficiency by delivering the traffic of a multicast group only to ports where the attached device has signaled that it wants to listen to that group.

Layer 4(Transport Layer)

While the exact meaning of the term Layer-4 switch is vendor-dependent, it almost always starts with a capability for network address translation, but then adds some type of load distribution based on TCP sessions. The device may include a stateful firewall, a VPN concentrator, or be an IPSec security gateway.

Layer 7(Application Layer)

Layer 7 switches may distribute loads based on URL or by some installationspecific technique to recognize application-level transactions. A Layer-7 switch may include a web cacheand participate in a content delivery network.

Types of Switches
Desktop, not mounted in an enclosure, typically intended to be used in a home or office environment outside of a wiring closet Rack mounted Chassis with swappable "switch module" cards. e.g. Alcatel's OmniSwitch 9000; Cisco Catalyst switch 4500 and 6500; 3Com 7700, 7900E, 8800. DIN rail mounted, normally seen in industrial environments or panels

Configuration based
Unmanaged switches These switches have no configuration interface or options. They are plug and play. They are typically the least expensive switches, found in home, SOHO, or small businesses. They can be desktop or rack mounted. Managed switches These switches have one or more methods to modify the operation of the switch. Common management methods include: a command-line interface (CLI) accessed via serial console, telnet or Secure Shell, an embedded Simple Network Management Protocol (SNMP) agent allowing management from a remote console or management station, or a web interface for management from a web browser. Examples of configuration changes that one can do from a managed switch include: enable features such asSpanning Tree Protocol, set port bandwidth, create or modify Virtual LANs (VLANs), etc

Access Control List

An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file. The Cisco access control list (ACL) is probably the most commonly used object in the IOS. It is not only used for packet filtering (a type of firewall) but also for selecting types of traffic to be analyzed, forwarded, or influenced in some way.

Access Control List Types

Cisco ACLs are divided into types. Standard IP, Extended IP,IPX, Appletalk, etc. Here we will just go over the standard and extended access lists for TCP/IP. As you create ACLs you assign a number to each list, however, each type of list is limited to an assigned range of numbers. This makes it very easy to determine what type of ACL you will be working with.

Standard ACLs:
A standard IP ACL is simple; it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny onlysource traffic.

Extended ACLs:
An extended ACL gives you much more power than just a standard ACL. Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control.

Named ACLs:
One of the disadvantages of using IP standard and IP extended ACLs is that you reference them by number, which is not too descriptive of its use. With a named ACL, this is not the case because you can name your ACL with a descriptive name. The ACL named DenyMike is a lot more meaningful than an ACL simply numbered 1. There are both IP standard and IP extended named ACLs. Another advantage to named ACLs is that they allow you to remove individual lines out of an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to delete your existing access list and re-create the entire list.

Activating an Access Control List

Now that you have created these ACLs they are useless until you declare them to be used in some way. As of right now they are an inactive list doing nothing. Our next article will coverapplying ACLs on interfaces and how to specify if the ACL is for incoming or outgoing traffic on that interface.

Universal fact about Access control list

1. ACLs come in two varieties:Numbered and named 2. Each of these references to ACLs supports two types of filtering: standard 3. 4. 5.

6.

and extended. Standard IP ACLs can filter only on the source IP address inside a packet. Whereas an extended IP ACLs can filter on the source and destination IP addresses in the packet. There are two actions an ACL can take: permit or deny. Statements are processed top-down.

7. Once a match is found, no further statements are processedtherefore, order is important. 8. If no match is found, the imaginary implicit deny statement at the end of the ACL drops the packet. 9. An ACL should have at least one permit statement; otherwise, all traffic will be dropped because of the hidden implicit deny statement at the end of every ACL. No matter what type of ACL you use, though, you can have only one ACL per protocol, per interface, per direction. For example, you can have one IP ACL inbound on an interface and another IP ACL outbound on an interface, but you cannot have two inbound IP ACLs on the same interface. Access List Ranges Type IP Standard IP Extended IP Standard Expanded Range IP Extended Expanded Range Range 199 100199 13001999 20002699

Network Address Translation

In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. The simplest type of NAT provides a one to one translation of IP addresses. RFC 2663 refers to this type of NAT as basic NAT. It is often also referred to as one-toone NAT. In this type of NAT only the IP addresses, IP header checksum and any higher level checksums that include the IP address need to be changed. The rest of the packet can be left untouched (at least for basic TCP/UDP functionality, some higher level protocols may need further translation). Basic NATs can be used when there is a requirement to interconnect two IP networks with incompatible addressing. However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space. To avoid ambiguity in the handling of returned packets a one-to-many NAT must alter higher level information such as TCP/UDP ports in outgoing communications and must maintain a translation table so that return packets can be correctly translated back. RFC 2663 uses the term NAPT (network address and port translation) for

this type of NAT. Other names include PAT (port address translation), IP masquerading, NAT Overload and many-to-one NAT. Since this is the most common type of NAT it is often referred to simply as NAT. As described, the method enables communication through the router only when the conversation originates in the masqueraded network, since this establishes the translation tables. For example, a web browser in the masqueraded network can browse a website outside, but a web browser outside could not browse a web site in the masqueraded network. However, most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network. In the mid-1990s NAT became a popular tool for alleviating the consequences of IPv4 address exhaustion. It has become a standard, indispensable feature in routers for home and small-office Internet connections. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address Network address translation has serious drawbacks on the quality of Internet connectivity and requires careful attention to the details of its implementation. In particular all types of NAT break the originally envisioned model of IP end-to-end connectivity across the Internet and NAPT makes it difficult for systems behind a NAT to accept incoming communications. As a result, NAT traversal methods have been devised to alleviate the issues encountered Methods of Port translation There are several ways of implementing network address and port translation. In some application protocols that use IP address information, the application running on a node in the masqueraded network needs to determine the external address of the NAT, i.e., the address that its communication peers detect, and, furthermore, often needs to examine and categorize the type of mapping in use. Usually this is done because it is desired to set up a direct communications path (either to save the cost of taking the data via a server or to improve performance) between two clients both of which are behind separate NATs. For this purpose, the Simple traversal of UDP over NATs (STUN) protocol was developed (RFC 3489, March 2003). It classified NAT implementation as full cone NAT, (address) restricted cone NAT, port restricted cone NAT or symmetric NAT and proposed a methodology for testing a device accordingly. However, these procedures have since been deprecated from standards status, as the methods have proven faulty and inadequate to correctly assess many devices. New methods have been

standardized in RFC 5389 (October 2008) and the STUN acronym now represents the new title of the specification: Session Traversal Utilities for NAT.

Advantages of PAT
In addition to the advantages provided by NAT: PAT (Port Address Translation) allows many internal hosts to share a single external IP address. Users who do not require support for inbound connections do not consume public IP addresses.

Spanning Tree Protocol

The Spanning Tree Protocol (STP) is a network protocol that ensures a loopfree topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and ensuing broadcast radiation. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links. STP is a Data Link Layer protocol. It is standardized as IEEE 802.1D. As the name suggests, it creates a spanning tree within a mesh networkof connected layer2 bridges (typically Ethernet switches), and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes. The collection of bridges in a local area network (LAN) can be considered a graph whose nodes are bridges and LAN segments (or cables), and whose edges are the interfaces connecting the bridges to the segments. To break loops in the LAN while maintaining access to all LAN segments, the bridges collectively compute a spanning tree. The spanning tree is not necessarily a minimum cost spanning tree. A network administrator can reduce the cost of a spanning tree, if necessary, by altering some of the configuration parameters in such a way as to affect the choice of the root of the spanning tree. The spanning tree that the bridges compute using the Spanning Tree Protocol can be determined using the following rules. The example network at the right, below, will be used to illustrate the rules.

1. An example network. The numbered boxes represent bridges (the number represents the bridge ID). The lettered clouds represent network segments.

2. The smallest bridge ID is 3. Therefore, bridge 3 is the root bridge.

3. Assuming that the cost of traversing any network segment is 1, the least cost path from bridge 4 to the root bridge goes through network segment c. Therefore, the root port for bridge 4 is the one on network segment c.

4. The least cost path to the root from network segment e goes through bridge 92. Therefore the designated port for network segment e is the port that connects bridge 92 to network segment e.

5. This diagram illustrates all port states as computed by the spanning tree algorithm. Any active port that is not a root port or a designated port is a blocked port.

6. After link failure the spanning tree algorithm computes and spans new leastcost tree. Select a root bridge. The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID. Each bridge has a unique identifier (ID) and a configurable priority number; the bridge ID contains both numbers. To compare two bridge IDs, the priority is compared first. If two bridges have equal priority, then the MAC addresses are compared. For example, if switches A

(MAC=0200.0000.1111) and B (MAC=0200.0000.2222) both have a priority of 10, then switch A will be selected as the root bridge. If the network administrators would like switch B to become the root bridge, they must set its priority to be less than 10. Determine the least cost paths to the root bridge. The computed spanning tree has the property that messages from any connected device to the root bridge traverse a least cost path, i.e., a path from the device to the root that has minimum cost among all paths from the device to the root. The cost of traversing a path is the sum of the costs of the segments on the path. Different technologies have different default costs for network segments. An administrator can configure the cost of traversing a particular network segment. The property that messages always traverse least-cost paths to the root is guaranteed by the following two rules. Least cost path from each bridge. After the root bridge has been chosen, each bridge determines the cost of each possible path from itself to the root. From these, it picks one with the smallest cost (a least-cost path). The port connecting to that path becomes the root port (RP) of the bridge. Least cost path from each network segment. The bridges on a network segment collectively determine which bridge has the least-cost path from the network segment to the root. The port connecting this bridge to the network segment is then thedesignated port (DP) for the segment. Disable all other root paths. Any active port that is not a root port or a designated port is a blocked port (BP). Breaking ties for root ports. When multiple paths from a bridge are least-cost paths, the chosen path uses the neighbor bridge with the lower bridge ID. The root port is thus the one connecting to the bridge with the lowest bridge ID. For example, in figure 3, if switch 4 were connected to network segment d, there would be two paths of length 2 to the root, one path going through bridge 24 and the other through bridge 92. Because there are two least cost paths, the lower bridge ID (24) would be used as the tie-breaker in choosing which path to use. Breaking ties for designated ports. When more than one bridge on a segment leads to a least-cost path to the root, the bridge with the lower bridge ID is used to forward messages to the root. The port attaching that bridge to the network segment is thedesignated port for the segment. In figure 4, there are two least cost paths from network segment d to the root, one going through bridge 24 and the other through bridge 92. The lower bridge ID is 24, so the tie breaker dictates that the designated port is the port through which network segment d is connected to bridge 24. If bridge IDs were equal, then the bridge with the lowest

MAC address would have the designated port. In either case, the loser sets the port as being blocked. The final tie-breaker. In some cases, there may still be a tie, as when two bridges are connected by multiple cables. In this case, multiple ports on a single bridge are candidates for root port. In this case, the path which passes through the port on the neighbor bridge that has the lowest port priority is used.

Project Report
Concepts used
1. DHCP
Short for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address. Many ISPs use dynamic IP addressing for dial-up users.

2.Back up of IOS
There are several methods to choose from in order to back up and restore a configuration:

3.VLAN

Use a TFTP server Use an FTP server Use a Terminal Emulation Program Backup Configuration to a TFTP Server

Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.

4.VTP
VTP is a VLAN Trunking protocol.It is a Layer 2 Messageing Protocol. We need it for :1. For Low Administration. 2. Securty. Its function is to pass information Of VLAN into a VTP Domain. VTP stands for Vlan Trunking Protocal. Its used for saving time if multiple switches having same vlan to configure. There are 3 parts
1) Client 2) Server 3) Transparent

5.IP Routing
IP Routing is an umbrella term for the set of protocols that determine the path that data follows in order to travel across multiple networks from its source to its destination. Data is routed from its source to its destination through a series of routers, and across multiple networks. The IP Routing protocols enable routers to build up a forwarding table that correlates final destinations with next hop addresses. These protocols include:

6.ACL

BGP (Border Gateway Protocol) IS-IS (Intermediate System - Intermediate System) OSPF (Open Shortest Path First) RIP (Routing Information Protocol)

An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program). Microsoft Windows NT/2000, Novell's NetWare, Digital's OpenVMS, and UNIX-based systems are among the operating systems that use access control lists. The list is implemented differently by each operating system.

7.NAT
Short for Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses for external traffic.

8.PAT
Short for Port Address Translation, a type of network address translation. During PAT, each computer on LAN is translated to the same IP address, but with a different port number assignment.

9.Frame Relay
A packet-switching protocol for connecting devices on a Wide Area Network (WAN). Frame Relay networks in the U.S. support data transfer rates at T-1 (1.544 Mbps) and T-3 (45 Mbps) speeds. In fact, you can think of Frame Relay as a way of utilizing existing T-1 and T-3 lines owned by a service provider. Most telephone companies now provide Frame Relay service for customers who want connections at 56 Kbps to T-1 speeds. (In Europe, Frame Relay speeds vary from 64 Kbps to 2 Mbps. In the U.S., Frame Relay is quite popular because it is relatively inexpensive

Scenario
The simulation of JUET network has been done in the project. An overview of the

total network can be seen in the image below-

The project displays the connectivity in our campus and tries to display its connectivity in JUIT Solan and JIIT Noida Campus. The simulation has the following image:

On Packet Tracer the connections have been shown like this :-

In a working closet, the image would look like this :

Bibliography
1. Study material provided during training. 2. www.wikipedia.com 3. www.google.com 4. Netcert.tripod.com