capstone project report
DESCRIPTION
networking project ciscoTRANSCRIPT
-
1 | P a g e
PROJECT REPORT
On
CAMPUS ENTERPRISE NETWORK
Submitted in the partial fulfillment of the requirement for the award of degree of
Bachelors of Technology
In
Electronics & Communication Engineering
Under the Guidance of
Mr. Sonit Singh
Designation
(Lecturer/Assistant Professor)
Submitted by:
Roop Kanwal (10900033)
Divya pahwa (10901208)
Manik Garg (10900871)
Ramandeep Kaur(10901210)
Mayank Shah (10900154)
Department of Electronics & Comm. Engineering
Lovely professional University
Phagwara-140401, Punjab (India)
-
2 | P a g e
DECLARATION
We, students of B. Tech under Department of ELECTRONICS AND COMMUNICATION,
hereby declare that all the information furnished in this capstone project report is based on
our own intensive work and is genuine.
This report, to the best of my knowledge, contains part of my work which has been submitted
for the award of my degree from Lovely Professional University, Phagwara, under the
guidance of Mr. Sonit Singh (during August to December, 2012).
Name of Students:
Roop Kanwal (10900033)
Divya Pahwa (10901208)
Manik Garg(10900871)
Ramandeep Kaur(10901210)
Mayank Shah(10900154)
-
3 | P a g e
Ref: _________ Dated:________
Certificate
This is to certify that the declaration statement made by this group of students is correct to the
best of my knowledge and belief. The Capstone Project Proposal based on the technology /
tool learnt is fit for the submission and partial fulfillment of the conditions for the award of
B.Tech in Electronics and Communication Engineering from Lovely Professional University,
Phagwara.
Name : ..
U.ID :
Designation : .
Signature of Faculty Mentor
-
4 | P a g e
ACKNOWLEDGEMENT
We are highly indebted to Faculty of L.P.U, Electronics and Communication Engineering
Department, who have given us all the necessary technical guidance in carrying out this
Project.
This is humble effort to express sincere gratitude toward those who have guided and helped
us to complete this project.
A project report is major milestone during the study period of a student. We could have faced
many problems but our mentor helped us with patient approach and their positive criticism.
A warm thanks to our project-in-charge Mr. Sonit Singh, for the valuable support and
constant encouragement that led to the completion of our project. He provided us his valuable
time and basic information regarding the project.
Finally, we thank all the people who directly or indirectly helped us through the course pf our
Project. Without the help of these people, our project report could have been never so
informative and successful.
Roop Kanwal(10900033)
Divya Pahwa(10901208)
Manik Garg(10900871)
Ramandeep Kaur(10901210)
Mayank Shah(10900154)
-
5 | P a g e
ABSTRACT
The project which is creating a complex network which is similar to daily life networks
implemented in the offices, colleges, enterprises and organizations. This report presents an
overview of the campus network architecture and includes descriptions of various design
considerations, topologies, technologies, configuration design guidelines, and other
considerations relevant to the design of highly available, full-service campus switching
fabric. It is also intended to serve as a guide to direct readers to more specific campus design
best practices and configuration examples for each of the specific design options. It can be
used as a manual for further designing of more complex networks by the network
administrators and designers.
FLOW CHART
Fig. 1
-
6 | P a g e
TABLE OF CONTENTS
References
Chapter 1 Introduction Page No.
1.1 Aim of Project 7-14
1.2 Need of Networking 7
1.3 Basic Terminologies 7-8
1.4 Network Types 8
1.5 Various Topologies 8-9
1.6 Network Models 9-12
1.7 TCP/IP model vs.OSI model 12-14
Chapter 2 Key features of project 15-21
2.1 Objective of Campus network 15
2.2 Design Approach 16-18
2.3 Software Used 18-19
2.4 Router and switches Used 19-21
Chapter 3 Techniques used in project 22-26
3.1 VLAN 22-23
3.2 Trunking 23
3.3 VTP 23-24
3.4 Inter-VLAN 24
3.5 STP 24-25
3.6 Default Routing 25
3.7 NAT 25-26
3.8 ACL 26
Chapter 4 Configuration and snapshots 27-33
Chapter 5 Conclusion and Future work 34
-
7 | P a g e
Chapter 1
INTRODUCTION
1.1 Aim of the project
The aim of the project is to design a complex network which can be implemented in practical
daily life situations using different networking techniques and protocols combined known as
CAMPUS ENTERPRISE NETWORK.
1.2 What is Networking?
Networking is the practice of linking two or more computing devices together for the purpose
of sharing data. Networking is a common synonym for developing and maintaining contacts
and personal connections with a variety of people. Networks are built with a mix of computer
hardware and computer software.
1.3 Why we need Networking?
Computer networks can be used for a variety of purposes:
(a). Facilitating communications. Using a network, people can communicate efficiently and
easily via email, instant messaging, chat rooms, telephone, video telephone calls, and video
conferencing.
(b). Sharing hardware. In a networked environment, each computer on a network may access
and use hardware resources on the network, such as printing a document on a shared network
printer.
(c). Sharing files, data, and information. In a network environment, authorized user may
access data and information stored on other computers on the network. The capability of
providing access to data and information on shared storage devices is an important feature of
many networks.
(d). Sharing software. Users connected to a network may run application programs on remote
computers.
(e). Speed up.
1.4 Basic terminologies:
As were entering into this new world of networking we were introduced with new terms and
devices for better understanding.
-
8 | P a g e
(a.) Internet Protocol (IP): principal communications protocol used for relaying datagrams
(also known as network packets) across an internetwork using the Internet Protocol Suite.
(b.) Protocol: Rules determining the format and transmission of data over a network.
(c.) Network: A group of computers and devices that can communicate with each other and
share resources.
(d.) Domain: A group of computers and devices on a network that are administered as a unit.
(e.)Collision: An attempt by two devices to transmit over the network at the same time
usually resulting in the data being lost.
(f.) Packet: The unit of data sent across a network. Data is broken up into packets for sending
over a packet switching network.
(g.)Hardware (MAC) address: A unique address associated with a particular network
device.
(h.) IP address: A 32-bit address assigned to hosts using the TCP/IP protocol. Each
computer/device on the public Internet has a unique IP address. An example of an IP address
is 192.168.1.2.
(i.) Server: A computer that handles requests for data, email, files, and other network
services from other computers.
(j.)Bandwidth: the rated throughput capacity of a given network media or protocol. The
amount of data that can be transmitted in a fixed amount of time.
(k.) Gateway: A device on network as an entrance to other network and routes traffic.
1.5 Network Types
(a.)Local area network
A local area network (LAN) is a network that connects computers and devices in a limited
geographical area such as home, school, computer laboratory, office building, or closely
positioned group of buildings. Each computer or device on the network is a node.
(b.)Personal area network
A personal area network (PAN) is a computer network used for communication among
computer and different information technological devices close to one person. Some
examples of devices that are used in a PAN are personal computers, printers, fax machines,
telephones, PDAs, scanners, and even video game consoles. A PAN may include wired and
wireless devices. The reach of a PAN typically extends to 10 meters.
-
9 | P a g e
(c.)Home area network
A home area network (HAN) is a residential LAN which is used for communication between
digital devices typically deployed in the home, usually a small number of personal computers
and accessories, such as printers and mobile computing devices.
(d.)Wide area network
A wide area network (WAN) is a computer network that covers a large geographic area such
as a city, country, or spans even intercontinental distances, using a communications channel
that combines many types of media such as telephone lines, cables, and air waves. WAN
technologies generally function at the lower three layers of the OSI reference model: the
physical layer, the data link layer, and the network layer.
(e.)Campus Network
A campus network is a computer network made up of an interconnection of local area
networks (LAN's) within a limited geographical area. The networking equipments (switches,
routers) and transmission media (optical fiber, copper plant, Cat5 cabling etc.) are almost
entirely owned (by the campus tenant / owner: an enterprise, university, government etc.).
In the case of a university campus-based campus network, the network is likely to link a
variety of campus buildings including; academic departments, the university library and
student residence halls.
(f.)Metropolitan area network
A Metropolitan area network is a large computer network that usually spans a city or a large
campus.
(g.)Virtual private network
A virtual private network (VPN) is a computer network in which some of the links between
nodes are carried by open connections or virtual circuits in some larger network (e.g., the
Internet) instead of by physical wires. The data link layer protocols of the virtual network are
said to be tunneled through the larger network. One common application is secure
communications through the public Internet, but a VPN need not have explicit security
features, such as authentication or content encryption. VPNs, for example, can be used to
separate the traffic of different user communities over an underlying network with strong
security features.
1.6 Network topology and types
Network topology is the layout pattern of interconnections of the various elements (links,
nodes, etc.) of a computer network. Network topologies may be physical or logical. Physical
-
10 | P a g e
topology means the physical design of a network including the devices, location and cable
installation. Logical topology refers to how data is actually transferred in a network as
opposed to its physical design.
(a.)Bus topology
Fig. 2
Many devices connect to a single cable "backbone". If the backbone is broken, the entire
segment fails. Bus topologies are relatively easy to install and don't require much cabling
compared to the alternatives.
(b.)Ring Topology
Fig. 3
In a ring network, every device has exactly two neighbours for communication purposes. All
messages travel through a ring in the same direction. A disadvantage of the ring is that if any
device is added to or removed from the ring, the ring is broken and the segment fails until it is
"reformed". It is also considerably more expensive than other topologies.
(c.)Star Topology
Fig. 4
-
11 | P a g e
A star network has a central connection point - like a hub or switch. While it takes more
cable, the benefit is that if a cable fails, only one node will be brought down.
All traffic emanates from the hub of the star. The central site is in control of all the nodes
attached to it. The central hub is usually a fast, self contained computer and is responsible for
routing all traffic to other nodes. The main advantages of a star network are that one
malfunctioning node does not affect the rest of the network.
(d.)Tree Topology
Fig. 5
It is also known as the 'Hierarchical topology', the tree topology is a combination of bus and
star topologies. They are very common in larger networks. A typical scenario is: a file server
is connected to a backbone cable (e.g. coaxial) that runs through the building, from which
switches are connected, branching out to workstations.
(e.)Mesh topology
Fig. 6
-
12 | P a g e
Mesh topology uses lots of cables to connect every node with every other node. It is very
expensive to wire up, but if any cable fails, there are many other ways for two nodes to
communicate.
(f.)Hybrid Topology
Fig. 7
Hybrid network is the combination of different topologies such as star, Ring, Mesh, Bus etc.
For example, if a department uses a Bus network, second department uses the ring network,
third department uses the Mesh network and fourth department uses the star network. All the
networks of different types (of four departments) can be connected together through a central
hub (in the form of star network) as shown in the figure.
1.7 Network Models
There are several different network models depending on what organization or company
started them. The most important two are:
(a.)The TCP/IP Model - .It is occasionally known as the DoD (department of defense)
model due to the foundational influence of the ARPANET in the 1970s (operated by DARPA,
an agency of the United States Department of Defense) and is also called the internet model
because TCP/IP is the protocol used on the internet. TCP/IP provides end-to-end connectivity
specifying how data should be formatted, addressed, transmitted,routed and received at the
destination. It has four abstraction layers, each with its own protocols. From lowest to
highest, the layers are:
Layers in the TCP/IP model
Application Layer (process-to-process): This is the scope within which applications create
user data and communicate this data to other processes or applications on another or the same
host. The communications partners are often called peers. This is where the "higher level"
protocols such as SMTP, FTP, SSH, HTTP, etc. operate.
-
13 | P a g e
Transport Layer (host-to-host): The Transport Layer constitutes the networking regime
between two network hosts, either on the local network or on remote networks separated by
routers.
Internet Layer (internetworking): The Internet Layer has the task of exchanging datagrams
across network boundaries. It is therefore also referred to as the layer that establishes
internetworking; indeed, it defines and establishes the Internet. This layer defines the
addressing and routing structures used for the TCP/IP protocol suite.
Link Layer: This layer defines the networking methods with the scope of the local network
link on which hosts communicate without intervening routers. This layer describes the
protocols used to describe the local network topology and the interfaces needed to affect
transmission of Internet Layer datagrams to next-neighbor hosts.
(b.)OSI Network Model - When networks first came into existence computers could
communicate with computers made by the same manufacturers only,so a company running an
IBM PC could communicate with all it's PC only if they are from the same manufacturer
IBM but this limitation barrier was broken by International Organization for Standards (ISO)
by creating open system interconnections reference model (OSI) in 1970.The OSI model was
made to help vendors to create inter-operable network devices and software in the form of
protocols so that different vendor networks could work with each other. The OSI is not a
physical model though it is a set of guidelines that application developers can use to create
applications that run on a network.
Layers in OSI model
The OSI, or Open System Interconnection, model defines a networking framework for
implementing protocols in seven layers. Control is passed from one layer to the next, starting
at the application layer in one station, and proceeding to the bottom layer, over the channel to
the next station and back up the hierarchy.
Application (Layer 7)
This layer supports application and end-user processes. Communication partners are
identified, quality of service is identified, user authentication and privacy are considered, and
any constraints on data syntax are identified.
Presentation (Layer 6)
This layer provides independence from differences in data representation (e.g., encryption) by
translating from application to network format, and vice versa.
-
14 | P a g e
Session (Layer 5)
This layer establishes, manages and terminates connections between applications. The session
layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between
the applications at each end. It deals with session and connection coordination.
Transport (Layer 4)
This layer provides transparent transfer of data between end systems, or hosts, and is
responsible for end-to-end error recovery and flow control. It ensures complete data transfer.
Network (Layer 3)
This layer provides switching and routing technologies, creating logical paths, known as
virtual circuits, for transmitting data from node to node.
Data Link (Layer 2)
At this layer, data packets are encoded and decoded into bits. It furnishes transmission
protocol knowledge and management and handles errors in the physical layer, flow control
and frame synchronization. The data link layer is divided into two sub layers: The Media
Access Control (MAC) layer and the Logical Link Control (LLC) layer.
Physical (Layer 1)
This layer conveys the bit stream - electrical impulse, light or radio signal -- through the
network at the electrical and mechanical level.
1.8 TCP/IP Model v/s OSI Model
Sr.
No. TCP/IP Reference Model OSI Reference Model
1 Defined after the advent of Internet. Defined before advent of internet.
2 Service interface and protocols were
not clearly distinguished before
Service interface and protocols are
clearly distinguished
3 TCP/IP supports Internet working Internetworking not supported
4 Loosely layered Strict layering
5 Protocol Dependent standard Protocol independent standard
6 More Credible Less Credible
7 TCP reliably delivers packets, IP does
not reliably deliver packets All packets are reliably delivered
-
15 | P a g e
Chapter 2
KEY FEATURES OF THE PROJECT
2.1 Introduction of Campus Network:
The enterprise campus is usually understood as that portion of the computing infrastructure
that provides access to network communication services and resources to end users and
devices spread over a single geographic location. It might span a single floor, building or
even a large group of buildings spread over an extended geographic area. Some networks will
have a single campus that also acts as the core or backbone of the network and provide
interconnectivity between other portions of the overall network. The campus core can often
interconnect the campus access, the data center and WAN portions of the network. In the
largest enterprises, there might be multiple campus sites distributed worldwide with each
providing both end user access and local backbone connectivity.
The campus network, as defined for the purposes of the enterprise design guides, consists of
the integrated elements that comprise the set of services used by a group of users and end-
station devices that all share the same high-speed switching communications fabric. These
include the packet-transport services (both wired and wireless), traffic identification and
control (security and application optimization), traffic monitoring and management,
and overall systems management and provisioning. These basic functions are implemented
in such a way as to provide and directly support the higher-level services provided by the IT
organization for use by the end user community. These functions include:
Non-Stop High Availability Services
Access and Mobility Services
Application Optimization and Protection Services
Visualization Services
Security Services
Operational and Management Services
-
16 | P a g e
2.2 Design Principles:
Any successful architecture or system is based on a foundation of solid design theory and
principles. Designing a campus network is no different than designing any large, complex
system. Set of fundamental engineering principles serves to ensure that the campus design
provides for the balance of availability, security, flexibility, and manageability. These
principles are summarized in the brief sections that follow:
(a.)Hierarchy
(b.)Modularity
(c.)Resiliency
(d.)Flexibility
(a.)Hierarchy:
Any large complex system must be built using a set of modularized components that can be
assembled in a hierarchical and structured manner. Dividing any task or system into
components provides a number of immediate benefits. Each of the components or modules
can be designed with some independence from the overall design and all modules can be
operated as semi-independent elements providing for overall higher system availabilityas
well as for simpler management and operations. By dividing the campus system into
subsystemsor building blocksand assembling them into a clear order, we achieve a
higher degree of stability, flexibility, and manageability for the individual pieces of the
campus and the campus as a whole. Campus is traditionally defined as a three-tier
hierarchical model comprising the core, distribution, and access layers as shown in figure.
The key principle of the hierarchical design is that each element in the hierarchy has a
specific set of functions and services that it offers and a specific role to play in each of the
design.
Access: the access layer is the first tier or edge of the campus. It is the place where
end devices (PCs, printers, cameras, and the like) attach to the wired portion of the
campus network. It is also the place where devices that extend the network out one
more level are attachedIP phones and wireless access points (APs) being the prime
two key examples of devices that extend the connectivity out one more layer from the
actual campus access switch.
-
17 | P a g e
Distribution: It is an aggregation point for all of the access switches and acts as an
integral member of the access-distribution block providing connectivity and policy
services for traffic flows within the access-distribution block.It defines a
summarization boundary for network control plane protocols (EIGRP, OSPF,
Spanning Tree) and serves as the policy boundary between the devices and data flows
within the access-distribution block and the rest of the network. In providing all these
functions the distribution layer participates in both the access-distribution block and
the core. As a result, the configuration choices for features in the distribution layer are
often determined by the requirements of the access layer or the core layer, or by the
need to act as an interface to both.
Core: the campus core is in some ways the simplest yet most critical part of the
campus. It provides a very limited set of services and is designed to be highly
available and operate in an always-on mode non-stop 7x24x365 service.
Fig. 8
(b.) Modularity:
The modules of the system are the building blocks that are assembled into the larger campus.
The advantage of the modular approach is largely due to the isolation that it can provide.
Failures that occur within a module can be isolated from the remainder of the network,
providing for both simpler problem detection and higher overall system availability. Network
changes, upgrades, or the introduction of new services can be made in a controlled and staged
fashion, allowing greater flexibility in the maintenance and operation of the campus network.
When a specific module no longer has sufficient capacity or is missing a new function or
service, it can be updated or replaced by another module that has the same structural role in
the overall hierarchical design.
(c.)Resiliency: A basic feature of resiliency is the ability for the system to remain available
for use under both normal and abnormal conditions. Normal conditions include such events
-
18 | P a g e
as change windows and normal or expected traffic flows and traffic patterns. Abnormal
conditions include hardware or software failures, extreme traffic loads, unusual traffic
patterns, denial-of-service (DoS) events whether intentional or unintentional, and any other
unplanned event.
(d.)Flexibility: networks have become larger and more complex, while the business
environment and its underlying communication requirements continue to evolve. The result is
that network designs must allows for an increasing degree of adaptability or flexibility. The
ability to modify portions of the network, add new services, or increase capacity without
going through a major fork-lift upgrade are key considerations to the effectiveness campus
designs.
2.3 Software Used:
(a.)Cisco Packet Tracer:
Fig. 9
Cisco Packet Tracer is a powerful network simulation program that allows students to
experiment with network behavior. Packet Tracer provides simulation, visualization,
authoring, assessment, and collaboration capabilities and facilitates the teaching and learning
of complex technology concepts. The current version of Packet Tracer supports an array of
simulated Application Layer protocols, as well as basic routing with RIP, OSPF, and EIGRP .
Features:
Cisco Packet Tracer includes the following features:
Makes teaching easier by providing a free, multiuser environment for instructors to easily
teach complex technical concepts.
-
19 | P a g e
Makes learning easier by providing a realistic network simulation and visualization
environment.
Provides authoring of learning activities, tasks, labs, and complex assessments.
Supports lectures, group and individual labs, homework, assessments, case studies, games,
and competitions.
Supplements real equipment and enables extended learning opportunities beyond physical
classroom limitations.
Simulates continuous real-time updates of underlying network logic and activities.
Empowers students to explore concepts, conduct experiments, and test their understanding.
Promotes social learning through a network-capable (peer-to-peer) application with
opportunities for multiuser competition, remote instructor-student interactions, social
networking, and gaming.
(b.)Supported Protocols:
2.4 Network devices used specifications :
Sr.no Device Type Specification Vendor
1 Router Wireless,wired WRT300N,2620XM,2621XM Linksys,Cisco
2 Switch Multilayer,single
layer
Catalyst 3560,Catalyst 2960 Cisco
3 End
points
Laptops,personal
computers
Inbuilt in software as nodes
4 Servers Mail server and
DNS server
Inbuilt in software as devices
-
20 | P a g e
(a.)Linksys WRT300N Details:
Device type: Wireless router 4 port-switch (Integrated).
Data link protocol:Ethernet,fast Ethernet,IEEE802.11 b,g,n.
Encryption Algorithm:WPA,WPA2,128-bit WEP, 64-bit WEP.
Features :MIMO technology ,Full duplex capability,Firewall protection ,MAC address
filtering,Firmware upgradable,Stateful Packet Inspection (SPI),DHCP support ,NAT
support.
Interfaces:WAN : 1 x Ethernet 10Base-T/100Base-TX - RJ-45,LAN : 4 x Ethernet
10Base-T/100Base-TX - RJ-45.
(b.) Cisco 2620/21 Ethernet, Fast Ethernet Router:
Device type:Wired router.
Data link protocol:Ethernet,Fast Ethernet,IEEE802.3,802.3u.
Features:Auto-sensing per device,Modular design,Manageable,NAT support .
Interfaces:Management : 1.0 x Auxiliary - RJ-45 - 1.0,2.0 x Console - RJ-45 - 1.0,
1.0 x Ethernet 10Base-T/100Base-TX - RJ-45 - 2.0 .
(c.) Catalyst 3560-24PS :
Device type: Switch-24 ports-Layer
Compliant Protocols:IEEE 802.3af,802.3x,802.1Q,802.1w, 802.1p,802.3z,802.3,
802.1x,802.1D,802.3ab
Features:Layer 2 switching,Layer 3 switching,DHCP server,Full duplex capability,
VLAN support,Trivial File Transfer Protocol (TFTP) support,Dynamic Trunking
Protocol (DTP) support,DHCP snooping,DHCP support,Trunking,Access Control List
(ACL) support,IP-routing,
Interfaces:24 x Ethernet 10Base-T/100Base-TX - RJ-45 - PoE,1 x Console - RJ-45
Management.
(d.) Catalyst 2960-24-TT:
Device type:Switch - 24 ports.
Compliant Protocols::IEEE 802.3af,802.3x,802.1Q,802.1w, 802.1p,802.3z,802.3,
802.1x,802.1D,802.3ab.
-
21 | P a g e
Features:Layer 2 switching,IPv6 support,VLAN support,Multiple Spanning Tree
Protocol (MSTP) support,Port Security,MAC Address Notification,Dynamic Trunking
Protocol (DTP) support,ARP support,BOOTP support,DHCP snooping,Dynamic IP
address assignment,Broadcast Storm Control,Access Control List (ACL) support.
Interfaces:24xEthernet 10Base-T/100Base-TX - RJ-45,2 x Ethernet10BaseT/100Base-
TX/1000Base-T RJ-45.
-
22 | P a g e
Chapter 3
TECHNIQUES USED IN THE NETWORK
3.1 VLAN (Virtual Lan)
A virtual local area network (VLAN) is a logical grouping of network users and resources
connected to administratively defined ports on a layer 2 switch. VLAN is a single broadcast
domain. All devices connected to the VLAN receive broadcasts sent by any other VLAN
members. By default, all switch ports are member of single broadcast domain. It means that if
one pc sends information, all the devices share it. Thus this slows down speed. To solve this
problem, we use VLAN concept. However, devices connected to a different VLAN will not
receive those same broadcasts. If we want to communicate between two VLANS, we need
layer 3 switches. By using VLANs within the campus model, we can control traffic patterns
and control user access easier than in the traditional campus network.
Fig. 10
TYPES:
(a). Static VLANs
In a static VLAN, the administrator assigns switch ports to the VLAN, and the association
does not change until the administrator changes the port assignment. This is the typical way
of creating VLANs, and it is the most secure. This type of VLAN configuration is easy to set
-
23 | P a g e
up and monitor, working well in a network where the movement of users within the network
is maintained by basically just locking the network closet doors. Using network management
software to configure the ports can be helpful but is not mandatory.
(b). Dynamic VLANs
If the administrator wants to do a little more work up front and assign all devices hardware
addresses into a database, hosts in an internetwork can be assigned VLAN assignments
dynamically. Using intelligent management software, you can enable hardware (MAC)
addresses, protocols, or even applications to create dynamic VLANs.
3.2 TRUNKING
Trunk links are point-to-point, 100 or 1000Mbps links between two switches, between a
switch and a router, or between a switch and a server. Trunked links carry the traffic of
multiple VLANs, from 1 to 1,005 at a time. Trunk links are most beneficial when switches
are connected to other switches or switches are connected to routers. A trunk link is not
assigned to particular VLAN. Instead one, many or all active VLANs can be transported
between switches using a single physical trunk link.
3.3 VTP (VLAN trunking protocol)
VLAN Trunk Protocol (VTP) is created to manage all the configured VLANs across a
switched internetwork and to maintain consistency throughout the network. VTP allows an
administrator to add, delete, and rename VLANs, and these changes would then be
propagated to all switches. VTP provides the following benefits to a switched network:
(a.) Consistent configuration of VLANs across all switches in the network
(b.) Allowing VLANs to be trunked over mixed networks
(c.) Accurate tracking and monitoring of VLANs
(d.) Dynamic reporting when VLANs are added to all switches
(e.) Plug-and-play VLAN adding to the switched network
To allow VTP to manage VLANs across the network, we must first create a VTP server. All
servers that need to share VLAN information must use the same domain name, and a switch
can be in only one domain at a time. This means that a switch can share VTP domain
information only with switches configured in the same VTP domain. A VTP domain can be
used if we have more than one switch connected in a network. If all switches in the network
-
24 | P a g e
are in only one VLAN, then VTP doesnt need to be used. VTP information is sent between
switches via a trunk port between the switches.
There are three different modes of operation within a VTP domain: server, client, and
transparent.
Server: VTP server mode is the default for all Catalyst switches. There is at least one server
in VTP domain to propagate VLAN information throughout the domain. The following must
be completed within server mode:
Create, add, or delete VLANs on a VTP domain.
Change VTP information.
Any change made to a switch in server mode is advertised to the entire VTP domain.
Client: VTP clients receive information from VTP servers and send and receive updates, but
they cannot make any changes. No ports on a client switch can be added to a new VLAN
before the VTP server notifies the client switch about the new VLAN.
Transparent: VTP transparent switches do not participate in the VTP domain, but they will
still forward VTP advertisements through the configured trunk links. VTP transparent
switches can add and delete VLANs because they keep their own database and do not share it
with other switches. Transparent switches are considered locally significant.
3.4 INTER-VLAN
It is concept of exchanging information between different VLAN where we require layer 3
switches or router.
3.5 STP (Spanning tree protocol)
The Spanning Tree Protocol executes an algorithm called the spanning tree algorithm. This
algorithm chooses a reference point in the network and calculates the redundant paths to that
reference point. After it finds all the links in the network, the spanning-tree algorithm chooses
one path on which to forward frames and shuts down the other redundant links to stop any
network loops from occurring in the network. It does this by electing a root bridge that will
decide on the network topology. There can be only one Root Bridge in any given network.
The root bridge ports are called designated ports, and designated ports operate in what is
called forwarding state. Forwarding state ports send and receive traffic. Ports that are
determined to have the lowest-cost path to the root bridge are called the designated ports. The
-
25 | P a g e
other port or ports on the bridge are considered non designated ports and will not send or
receive traffic. This is called blocking mode.
The ports on a bridge or switch running the STP can transition through four different states:
Blocking: Wont forward frames; listens to BPDU. All ports are in blocking state by default
when the switch is powered on.
Listening: Listens to BPDUs to make sure no loops occur on the network before passing data
frames.
Learning: Learns MAC addresses and builds a filter table, but does not forward frames.
Forwarding: Bridge port is able to send and receive data. A port will never be placed in
forwarding state unless there are no redundant links or the port determines that it has the best
path to the root bridge.
3.6 DEFAULT ROUTING
It is used when router do not want to match destination in routing table. In default routing,
there is no need of mentioning destination address.
3.7 NAT
Fig. 11
NAT (Network Address Translation or Network Address Translator) is the translation of an
Internet Protocol address used within one network to a different IP address known within
another network. One network is designated the inside network and the other is the outside.
This helps ensure security since each outgoing or incoming request must go through a
translation process that also offers the opportunity to qualify or authenticate the request or
match it to a previous request. NAT also conserves on the number of global IP addresses that
-
26 | P a g e
a company needs and it lets the company use a single IP address in its communication with
the world.
3.8 ACL(Access control list)
Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of
criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL
does not take effect until it is expressly applied to an interface with the ip access-group
command. Packets can be filtered as they enter or exit an interface. If a packet enters or exits
an interface with an ACL applied, the packet is compared against the criteria of the ACL. If
the packet matches the first line of the ACL, the appropriate permit or deny action is
taken. If there is no match, the second lines criterion is examined.
There are two types of access lists used with IP and IPX:
Standard access lists
These use only the source IP address in an IP packet to filter the network. This basically
permits or denies an entire suite of protocols. IPX standards can filter on both source and
destination IPX address.
Extended access lists
These lists check for both source and destination IP addresses, protocol field in the Network
layer header, and port number at the Transport layer header. IPX extended access lists use
source and destination IPX addresses, Network layer protocol fields, and socket numbers in
the Transport layer header.
Fig. 12
-
27 | P a g e
Chapter 4
CONFIGURATION AND SNAPSHOTS
1. VLAN
We have created 8 Vlans:
Staff Vlan 10->10.1.1.0/24
CSE Vlan 20->10.1.2.0/24
ECE Vlan 30->10.1.3.0/24
IT Vlan 40->10.1.4.0/24
MBA Vlan 50->10.1.5.0/24
Admin Vlan 60-> 10.1.6.0/24
Canteen Vlan 70->10.1.7.0/24
Hostel Vlan 80->10.1.8.0/24
Commands to create Vlan:
Switch(config)#Interface f0/0
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access VLAN
Taking the example of switch 1:
Snapshot 1
Using the command :
Switch#show VLAN
-
28 | P a g e
Snapshot 2
2. TRUNKING
Commands for creating trunk port:
Switch(config)#interface f0/0
Switch(config-if)#switchport trunk encapsulation dot1q
Using command on switch 1:
Switch#show interface trunk
Snapshot 3
-
29 | P a g e
3. VTP
Commands to make a switch as VTP server:
Switch(config)#vtp mode server
Switch(config)#vtp domain lpu
Switch(config)#vtp password 123
Using command on switch 0:
Switch(config)#show vtp status
Snapshot 4
Snapshot 5
-
30 | P a g e
4. DEFAULT ROUTING
Commands:
Router(config)#interface f0/0
Router(config-if)#ip route 0.0.0.0 0.0.0.0 95.15.1.100
Router(config-if)#no shutdown
Using command on router 0:
Router#show ip route
Snapshot 6
Snapshot 7
-
31 | P a g e
5. NAT
Commands used:
Router(config)#ip nat pool lpu 95.15.1.1 95.15.1.10 netmask 255.255.255.0
Router(config)# access list 1 permit 10.1.0.0 0.0.255.255
Router(config)#ip nat inside source list 1 pool lpu overload
Router(config)#int s0/0
Router(config)#ip nat outside
Using commond on router 0:
Router#show run
Snapshot 8
Snapshot 9
6. STP
Command for creating STP:
Switch(config)#spanning-tree vlan 10 priority 4096
By changing the Vlan ID we could configure STP for different Vlans.
Using command on switch 0:
Switch# show spanning tree
-
32 | P a g e
Snapshot 10
Snapshot 11
7. ACL
In the project, considering the real world scenario, the facebook server is denied for hostel
and permitted to rest of the departments.
Commands used:
Router(config)#ip access-list extended block
Router(config)#deny tcp 10.1.8.0 0.0.0.255 150.1.1.2 0.0.0.0 eq 80
Router(config)#permit any any
-
33 | P a g e
Router(config)#int f0/0.8
Router(config-if)#ip access-group block in
Using command on router 0:
Router#show run
Snapshot 12
Snapshot 13
-
34 | P a g e
Chapter 5
CONCLUSION AND FUTURE SCOPE
CONCLUSION:
By designing this network we have implemented the practical scenario of an enterprise. By
designing the network we got a glimpse or rather get our hands on the real life problems
faced in it. We get to know about the various specifications and minute detailing while
designing the network. We had certain constrains while designing the network which we need
to keep in mind while designing the network. This report could work as a guideline for the
network designers for further designing of a network of similar kind.
FUTURE SCOPE:
This project was aimed at designing a complex practical enterprise network with all the
possible services used in an organization or in a company. We can explore this further
network by explaining about the security issues faced by a network in a company. We could
discuss the various attacks the network is prone to by hacker and we could explains these
attacks and find out the loopholes in the protocols and measures to prevent it. We could also
work on the packet walk of the the packets of the in the network and work on the sniffing of
the packets and extract useful information from it. We could also work on the encryption
algorithm in the layers and protocols.
-
35 | P a g e
References:
[1]http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/product_data_sheet0
9186a00801f3d7d.html
[2]http://reviews.cnet.com/routers/cisco-2621-ethernet-fast/4507-3319_7-112030.html
[3]http://reviews.cnet.com/routers/linksys-wrt300n-router/4507-3319_7-31851121.html
[4]http://www.cisco.com/web/learning/netacad/course_catalog/docs/Cisco_PacketTracer_AA
G.pdf
[5]http://www.cisco.com/web/learning/netacad/downloads/pdf/PacketTracer5_0_Brochure_0
707.pdf
[6]http://ieeexplore.ieee.org/ielx5/49/32439/01514524.pdftp=&arnumber=1514524&isnumbe
r=32439
[7]http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1514531
[8]Todd lamle,(2008) CCNA STUDY GUIDE,Sybex