ccna training
DESCRIPTION
CCNA Training reportTRANSCRIPT
IT Department
TRAINING REPORTONCCNA ROUTING & SWITCHINGCOMPLETED ATWIPRO INFOTECH PVT LTD , GURGAONSUBMITTED IN PARTIAL FULFILMENT OF THE REQUIREMENTFOR THE AWARD OF THE DEGREE OF
BACHELOR OF TECHNOLOGY(Electronics and Communication Engineering )
SUBMITTED BYxyz(University Roll No.-0000)Under the supervision ofABC(Assistant Professor)SUBMITTED TODepartment of Electronics and CommunicationEngineering
GURGAON INSTITUTE OF TECHNOLOGY AND MANAGEMENT , GURGAON(Affiliated to Maharishi Dayana1nd University,Rohtak)JUNE 2015
Date: 30th May 2015
TO WHOMSOEVER IT MAY CONCERN
This is to certify that Mr xyz Student from Gurgaon Institute of Technology and Management, Haryana, has successfully completed her industrial training in Wipro Infotech From 10th Jan 2015 till 10th June 2015.
We wish her good luck in all her future endeavors.
For WIPRO INFOTECH
Simranpal Jaggi
Sr. Executive Human ResourcesWipro Limited
CERTIFICATE This is certified that Ms.xyz carried out the training work on CCNA Routing and Switching under my guidance. she is the sole author of this reportand the work carried out by her is novel and better than the previous work in the field ofCommunication Engineering. The parameters presented in this dissertation are very useful for futureworks in the field of communication engineering. She has given her best efforts in carrying out thebest results with the available resources in the existing environment.
This is also certified that the matter embodied in this dissertation has not been submitted earlier inany institute/ university for the award of any degree or diploma to the best of my knowledge andbelief.
I wish her best of luck for her future career.
Supervisor H.O.D. Er. Devender saini Prof. Bijender M'Dia Department of Electronics & Comm. Depratment of Electronics &comm. Gurgaon Institute of Tech &Mang.
ACKNOWLEDGEMENT
An endeavor over a long period can be successful only with advice and guidance of our well-wishers. I take opportunity to express my deep gratitude and appreciation to all those who encouraged me to successfully complete this project. It is my pleasure to acknowledge the help that I had received from different individuals during my projectcompletion.My sincere appreciation and gratitude to respected Mr. Kamal Thakur, Director, GurgaonInstitute of Technology and Management, Gurgaon for his encouragement and unstintedsupport. I would like to acknowledge the continuous guidance and incessant support rendered by Prof.Bijender MDia, Head of Department, ECE not only for this project but also in my overall careerdevelopment.My sincere and wholehearted gratitude to Er. Devender Saini (Assistant Professor) forhisinvaluable and untiring guidance and supervision throughout this session.
I express my special and profound gratitude to my guide Mr. Zubair Ahmed and the entire training department of Manager IT WIPRO, without whose cooperation, observation and keen interest this project would not have seen the daylightI am highly grateful to them for providing computer facility and cooperation and encouragement throughout this work and making me inspire to take up this work.Last but not the least, I express my ineptness toward family and friends, whose moral support and confidence nourished me with the determination to work hard leading to the making of this dissertation work a success.
DECLARATION
I hereby certify the work which is being presented in the project entitled CCNA Routing And Switching by xyz in partial fulfillment of requirementsfor the award of degree B.Tech (ECE) submitted in the Department of Electronics &Communications at Gurgaon Institute of Technology & Management, Gurgaon affiliated to Maharshi Dayanand University, Rohtak under the supervision of Er. Devender Saini(Assistant Professor), Department of ECE, GITM, Gurgaon. The matter presented in this projecthas not been submitted by me in any other University/ Institute for the award of any Degree/diploma.xyz011-ECE-000
ABSTRACT
This Project describes the architecture, components, and operations of routers and switches in a small network. How to configure a router and a switch for basic functionality. By the end of this project, we will be able to configure and troubleshoot routers and switches and resolve common issues with RIPv1, RIPv2, single-area and multi-area OSPF, virtual LANs, and inter-VLAN routing in both IPv4 and IPv6 networks.We will be able to perform the following functions:Understand and describe basic switching concepts and the operation of Cisco switches,Configure and troubleshoot basic operations of a small switched network,Understand and describe the purpose, nature, and operations of a router, routing tables, and the route lookup process Configure and verify static routing and default routing ,Understand and describe how VLANs create logically separate networks and how routing occurs between them,Understand and describe dynamic routing protocols, distance vector routing protocols, and link-state routing protocols,Configure and troubleshoot basic operations of routers in a small routed network:Routing Information Protocol (RIPv1 and RIPv2),Open Shortest Path First (OSPF) protocol (single-area OSPF) ,Configure and troubleshoot VLANs and inter-VLAN routing,Configure, monitor, and troubleshoot ACLs for IPv4 and IPv6,Understand and describe the operations and benefits of Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) for IPv4 and IPv6,Understand and describe the operations and benefits of Network Address Translation (NAT),Configure and troubleshoot NAT operations
CONTENTS
Page No
Company Profile 1-2
Chapter 1 : Introduction to Networking 3-4
1.1 Definition3
1.2 Requirements of Networikng3
1.3 Types of Networks 3
1.3.1 LAN3
1.3.2 WAN4
Chapter 2: OSI Model 5-6
2.1 OSI layer function 6
Chapter 3: Introduction To TCP/IP 7-8
3.1 Five layer protocol stack7
3.2 TCP/IP8
Chapter 4:Protocols 9
4.1 Telnet terminal evaluation9
4.2 File transfer protocol(FTP)9
4.3 TFTP(Trivial file transfer protocol)9
4.4 NFS(Network file system)9
4.5 SMTP(Simple mail transfer protocol)9
4.6 LPD(Line Printer Daemon)9
Chapter 5:IP Addressing 10
5.1 Address Classes10
5.2 Subnetting10
5.3 Subnet masking10
Chapter 6:Types of routing 11-21
6.1 Static routing11
6.2 Dynamic routing12
6.3 Various routing protocols12
6.4 RIP13
6.4.1 RIP version 113
6.4.2 RIP version 213
6.4.3 Features of RIP14
6.5 Difference between RIP v1 and RIP v215
6.6 Confugring RIP15
6.6.1 RIP advanced configuration16
6.7 EIGRP16
6.7.1 Basic operation16
6.7.2 Basic commands for configuring EIGRP16
6.8 OSPF17
6.9 Areas and Border Routers17
6.9.1 Area type18
6.9.1.1 Backbone area18
6.9.1.2 Stub Area18
6.9.1.3 Not so stubby area18
6.9.1.4 Totally stubby area18
6.9.1.5 Not so stubby totally stubby area18
6.10 Redistribution router into OSPF 19
6.11 Border gateway protocol20-21
Chapter 7:Swithingtifr 22
7.1 Network Switch22
7.2 Role of switch in a network22
Chapter 8:Spanning Tree Protocol 23-25
8.1 STP timers23
8.2 Selecting a root bridge23
8.3 Root guard24
8.4 Port fast24
8.5 BPDU guard25
8.6 Configuration25
8.7 BPDU filter 25
Chapter 9: VLAN 26-28
9.1 Trunk port 27
9.2 VLAN trunk port27
9.2.1 VTP modes27
9.3 VTP password28
Chapter 10:ACL 29-35
10.1 ACL configuration guidelines29
10.2 Frame Relay29
10.3 DLCI30
10.4 How frame relay works30
10.5 Tunneling31
10.6 DHCP32
10.7 SSH32
10.8 Telnet33
10.9 Route mapping 34-35
Chapter 11:NAT 36-37
11.1 Dynamic NAT37
11.2 PAT37
Chapter 12:IPV6 38
Chapter 13:Overview of the project 39-52
13.1 Snapshot of project39
13.2 Configuration of routers40-42
13.3 Host route router configuration42-45
13.4 Configuration of switch45-47
13.5 ISPs Router configuration47-50
13.6 Configuration of ASBR50-52
Conclusion 53
References54
List of Figures
Fig 1.3.1: LAN Fig 1.3.2: WAN Fig 2.1: Architecture of OSI Model Fig 3.1: TCP/IP Model Fig 6.1: Static Rounting Fig 6.1.1: Host Rounting Fig 6.6: RIP Fig 6.10: Redistributing Routes into OSPF Fig 6.11: Border Gateway Protocol Fig 7.1: Network Switch Fig 8.1: Spannig Network Protocol Fig 8.2: Selecting a route Bridge Fig 8.6: Spanning Tree Portfast Bpduguard Fig 9.0: VLAN Fig 9.1: Trunk Port Fig 9.3: VTP Password Fig 10.2: Frame Relay Fig 10.4: How Frame Relay Works Fig 10.6: DHCP Fig 12.0: IPV6 Fig 13.1: Snapshot Of The Project
COMPANY PROFILE
Wipro Ltd (NYSE:WIT) is a global information technology, consulting and outsourcing company with 145,000 employees serving over 900 clients in 60 countries. The company posted revenues of $6.9 billion for the financial year ended Mar 31, 2013.Wipro helps customers to do business better leveraging our industry-wide experience, deep technology expertise, comprehensive portfolio of services and a vertically aligned business model. Our 55+ dedicated emerging technologies Centers of Excellence enable us to harness the latest technology for delivering business capability to our clients.MilestonesWipro, one of the world's most trusted brands, is a name with a long history. Here's a snapshot of our journey to date: Established in 1945 as Western India Vegetable Products Limited in Amalner, MaharashtraIPO for capital in February 1946 Ventured in to the fledgling IT industry in 1981 Established software products and exports subsidiary, Wipro Systems Ltd. in 1983 Pioneers in marketing indigenous Personal Computers in 1985 Established a Joint venture with GE in 1989 Entered IT services in the 1990s - we were among the pioneers in developing the ODC (Offshore Development Center) concept Software business assessed at SEI-CMM Level 5 in 1998 Listed on NYSE in 2000 (NYSE:WIT) The first company in the world to be assessed at PCMM Level 5 in 2001 Entered the BPO business in 2002Entered the Eco-energy business in 2008Wipro Enterprises LimitedWipro Enterprises Limited(Formerly Azim Premji Custodial Services Private Limited), was incorporated under the Provisions of Companies Act, 1956, is headquartered in Bangalore, India. The Company primarily carries on the businesses of Consumer care products, Domestic & Commercial lighting and Infrastructure engineering which were transferred pursuant to the Scheme of Arrangement of Wipro Limited (Wipro) with effect from March 31, 2013, with the appointed date as onApril 1, 2012.Wipro Enterprises Limited comprises of two main divisions:1. Wipro Consumer Care and Lighting(WCCLG)2. Wipro Infrastructure Engineering(WIN)Wipro Consumer Care and Lighting (WCCLG)is among the top fastest growing FMCG companies in India. It has a strong brand presence in personal care and skin care products in South-East Asia and Middle-East apart from significant market share in identified segments. Today WCCLG has global workforce of 8300 serving over 40 countries.WCCLG business includes multiple product ranges from Personal care (Soaps, Toiletries), Baby care, Wellness Electrical wire devices, Lighting and Modular Office furniture.Wipro Infrastructure Engineering (WIN)is the largest independent hydraulic cylinder manufacturer in the world, delivering around 2 million cylinders to OEMs in different geographies. WIN has global workforce of over 1,700 committed and skilled people, and 14 state-of-the-art manufacturing facilities across India, Northern Europe, Eastern Europe, US, Brazil and China. WIN specializes in designing and manufacturing custom Hydraulic Cylinders (double acting, single acting and telescopic cylinders) Actuators and Precision engineered components for infrastructure and related industries such as Construction & Earthmoving Material/Cargo Handling & Forestry Truck Hydraulic Farm & Agriculture Mining and Aerospace & DefenseWIPRO INFOTECHWipro Infotech is a leading manufacturer of computer hardware and provider of IT services in India and the Middle East region. Part of Wipro Ltd, the $6.98 billion conglomerate and global leader in technology enabled solutions, the company leverages on the parent's philosophy of 'Applying Thought' to enable business results by being a transformation catalyst.Backed by our strong quality processes and rich experience managing global clients across various business verticals, we align IT strategies to your business goals. From simple changes in process to innovative solutions, we help our customers harness the power of IT to achieve profitable growth, market leadership, customer delight and sustainability. Along with our best of breed technology partners, Wipro Infotech also helps you with your hardware and IT infrastructure needs.IT services portfolio includes : consulting systems integration application development and maintenance technology infrastructure services package implementation and R&D services among othersWipro Infotech maintains offices across India, and has operations in Middle East. We also have a joint venture with DAR Al Riyadh Group in Saudi Arabia.Businesses today are looking for domain specific integrated technology solutions that can help improve asset productivity. With over 20 years of experience and strong alliances, Wipro Infrastructure Technology Solutions helps cater to your IT infrastructure providing latest technology products and services at competitive costs.Our enterprise products are customized based on a requirement analysis of your IT environment and include the following: Networking Solutions Platforms & Storage Enterprise Information Security Emerging Technologies Enterprise Management Contact Centre Infrastructure
CHAPTER 1 INTRODUCTION TO NETWORKING1.1 Definition :-A network is a system that transmits any combination of voice, video and/or data between users. A network can be defined by its geographical dimensions and by which the users PC access it.A network consists of a: The network operating system (Windows NT/2000TM/Xp) on the users PC (client) and server. The cables connecting all network devices (users PC, server, peripherals, etc.). All supporting network components (hubs, routers and switches, etc.). Computer Network means an interconnected collection of autonomous computers. 1.2 Requirement of Networking Resource sharing- To make all programs, equipment, and especially data available to anyone on the network without regard to the physical location of the resource and the user.High reliability- As all files could be replicated on two or three machines, so if one of them is unavailable (due to hardware failure), the other copies could be used.Scalability- It is the ability to increase system performance gradually as the workload grows just by adding more processors. A computer network can provide a powerful communication medium along widely separated employees.The use of networks to enhance human-to-human communication will probably prove more important than technical goals such as improved reliability.These are the requirement with respect to companies but computer networking is required even in the normal day to day life as we have to access the internet to get information about what all new happening in the world, to have communication with people staying far away using the e mail service.These are the reasons that forced the inventerors to invent the networking devices, models and protocols etc.And the birth of Networking took place in 1844 when for the first time Samuel Morse send the first telegraph message. 1.3 TYPES OF NETWORKS1.3.1 LAN (Local Area Network)These are privately owned networks within a single building or campus of up to a few a kilometers in size. LANs are distinguished from other networks by three characteristics: 1) Their size. 2) Their transmission technology. 3) Their topology.LANs are restricted in size, which means that the worst-case transmission time is bounded and known in advance. LANs often use a transmission technology consisting of a single cable to which all the machines are attached. LANs run at speeds of 10 to 100 Mbps, have low delays, and make very few errors IEEE has produced several standards for LANs. These standards collectively known as IEEE 802 . IEEE802.3 (Ethernet), IEEE802.4 (Token Bus), IEEE802.5 (Token Ring)1.3.2 WAN (Wide Area Network)It is a Computer network that spans a relatively large geographical area, often a country or continent. Typically a WAN consists of two or more Local Area Network. Computers connected to WAN are often connected through public networks such as telephone systems. They can also be connected through leased lines or satellites. The largest WAN in existence is Internet. WANs run at speed of maximum 2 to 10 Mbps.For most WANs, the long distance bandwidth is relatively slow: on the order of kilobits per second (kbps) as opposed to megabits per second (Mbps) for local-area networks (LANs). For example, an Ethernet LAN has a 10 Mbps bandwidth; a WAN using part or all of a T1 carrier has a bandwidth of 1.544 Mbps . 1) Circuit switching, which provides a fixed connection (at least for the duration of a call or session), so that each packet takes the same path. Examples of this approach include ISDN, Switched 56, and Switched T1.2) Packet switching, which establishes connections during the transmission process so that different packets from the same transmission may take different routes and may arrive out of sequence at the destination. Examples of this approach are X.25, frame relay, and ATM.3) Leased lines, which can provide a dedicated connection for private use
CHAPTER 2 OSI Model (Open Systems Interconnection)The OSI model is the very heart of networking with every layer performing a specific task in order to facilitate data communications. In the world of networking the first four (4) layers are the focus. They define the following: What type and speed of LAN and WAN media to be implemented How data is sent across the media What type of addressing schemes will be used How data will be reliably sent across the network and how flow control will be accomplished What type of routing protocol will be implemented Why a Layered Network Model..? Reduces complexity Standardizes interfaces Facilitates modular engineering Ensures interoperable technology Accelerates evolution Simplifies teaching and learning The OSI model - Seven numbered layers indicate distinct functions. In the Transmission Control Protocol/Internet Protocol (TCP/IP), the distinct functions fit into five named layers. This separation of networking functions is called "layering".
2.1 OSI Layer Functions:-1. PHYSICAL Layer (Binary transmission) This layer provides the electrical, mechanical, procedural, and functional means for activating and maintaining the physical link between systems. This layer uses the physical media like twisted pair, coaxial, and fiber-optic cable. 2. DATA LINK Layer (Access to media) This layer provides physical transmission across the medium. It handles error notification, network topology, and flow control. This layer uses the Media Access Control (MAC) address. 3. NETWORK Layer (Addresses and best path) This layer determines the best way to move data from one place to another. The router operates at this layer. This layer uses the IP addressing scheme. 4. TRANSPORT Layer (End-to-end connections) This layer segments and reassembles data into a data stream. This layer uses the TCP protocol.5. SESSION Layer (Inter-host communication) This layer establishes, maintains, and manages sessions between applications. 6. PRESENTATION Layer (Data representation) This layer provides data representation and code formatting. It ensures that the data that arrives from the network can be used by the application, and it ensures that information sent by the application can be transmitted on the network. 7. APPLICATION Layer (Network processes to applications) The application layer provides network services to user applications. For example, a word processing application is serviced by file transfer services at this layer. [Media Layers] (Layers 1, 2 & 3)Control physical delivery of messages over the network[Host Layers] (Layers 4, 5, 6 & 7)Provide for accurate data delivery between computer
CHAPTER 3 Introduction to TCP/IP TCP and IP were developed by a Department of Defence (DOD) research project to connect a number different networks designed by different vendors into a network of networks (the "Internet"). It was initially successful because it delivered a few basic services that everyone needs (file transfer, electronic mail, remote logon) across a very large number of client and server systems. Several computers in a small department can use TCP/IP (along with other protocols) on a single LAN. The IP component provides routing from the department to the enterprise network, then to regional networks, and finally to the global Internet. On the battlefield a communications network will sustain damage, so the DOD designed TCP/IP to be robust and automatically recover from any node or phone line failure. This design allows the construction of very large networks with less central management. However, because of the automatic recovery, network problems can go undiagnosed and uncorrected for long periods of time. As with all other communications protocol, TCP/IP is composed of layers: IP - is responsible for moving packet of data from node to node. IP forwards each packet based on a four byte destination address (the IP number). The Internet authorities assign ranges of numbers to different organizations. The organizations assign groups of their numbers to departments. IP operates on gateway machines that move data from department to organization to region and then around the world. TCP - is responsible for verifying the correct delivery of data from client to server. Data can be lost in the intermediate network. TCP adds support to detect errors or lost data and to trigger retransmission until the data is correctly and completely received. Sockets - is a name given to the package of subroutines that provide access to TCP/IP on most systems.
3.1 Five Layer protocol stack:- Application Layer (telnet, ftp, http ...) Transport Layer (TCP, UDP ports) Internet Layer (IP addresses, subnets, routing) Link Layer (Ethernet, PPP) Physical Layer (NIC, hubs, switches, routers, cabling)
3.2 TCP/ IP A suite of protocolsTCP Rules that dictate how packets of information are sent across multiple networks Addressing Error checkingIP Determines where packets are routed based on their destination addresses Breaks packets into smaller packets and reassembles them.
CHAPTER 4 PROTOCOLSThe Process / Application layer protocols4.1Telnet Terminal Emulation allows a user on a remote client machine called the Telnet client, to access the resources of another machine, the Telnet Server [ virtual terminal ][Port no. 23]4.2 File Transfer Protocol FTP is a program operating as protocol Used for file transfer between two systems Can access both directories and files and can accomplish certain types of directory operations. FTP uses Telnet to transparently log on to FTP server. Uses authentication secured with user names and passwords.** Directory Manipulation Typing file contents Copying file between hosts It cant execute remote files as programs. [ port no. 21]
4.3 TFTP Trivial File Transfer Protocol Stock version of FTP Fast No directory-browsing abilities Sends or receive much smaller blocks of data than FTP No authentication, so its insecure [port no. 69]
4.4 NFS Network File System protocol specializing in file sharing allows two different types of file system to interoperate port no
4.5 SMTP Simple Mail Transfer Protocol Used to send mail or e-mail POP 3 used to receive mail [ port no. 110] Port no. 25
4.6 LPD Line Printer Daemon designed for printer sharing LPD along with LPR [ Link Printer Program] Allows print jobs to be spooled and sent to network printers using TCP/IP Port no.
CHAPTER 5 IP AddressingAn IP (Internet Protocol) address is a unique identifier for a node or host connection on an IP network. An IP address is a 32 bit binary number usually represented as 4 decimal values, each representing 8 bits, in the range 0 to 255 (known as octets) separated by decimal points. This is known as "dotted decimal" notation.
5.1 Address Classes
There are 5 different address classes. You can determine which class any IP address is in by examining the first 4 bits of the IP address. Class A addresses begin with 0xxx, or 1 to 126 decimal. Class B addresses begin with 10xx, or 128 to 191 decimal. Class C addresses begin with 110x, or 192 to 223 decimal. Class D addresses begin with 1110, or 224 to 239 decimal. Class E addresses begin with 1111, or 240 to 254 decimal.Addresses beginning with 01111111, or 127 decimal, are reserved for loopback and for internal testing on a local machine Class D addresses are reserved for multicasting. Class E addresses are reserved for future use.
5.2 SubnettingSubnetting an IP Network can be done for a variety of reasons, including organization, use of different physical media (such as Ethernet, FDDI, WAN, etc.), preservation of address space, and security. The most common reason is to control network traffic. In an Ethernet network, all nodes on a segment see all the packets transmitted by all the other nodes on that segment. Performance can be adversely affected under heavy traffic loads, due to collisions and the resulting retransmissions. A router is used to connect IP networks to minimize the amount of traffic each segment must receive.
5.3 Subnet MaskingApplying a subnet mask to an IP address allows you to identify the network and node parts of the address. Performing a bitwise logical AND operation between the IP address and the subnet mask results in the Network Address or Number.
CHAPTER 6 Types of Routing Types of Routing:1) STATIC ROUTING2) DYNAMIC ROUTING 6.1 STATIC ROUTINGStatic routing is a concept describing one way of configuring path selection of routers in computer networks. It is the type of routing characterized by the absence of communication between routers regarding the current topology of the network. This is achieved by manually adding routes to the routing table. The opposite of static routing is dynamic routing, sometimes also referred to as adaptive routing.In these systems, routes through a data network are described by fixed paths (statically). These routes are usually entered into the router by the system administrator. An entire network can be configured using static routes, but this type of configuration is not fault tolerant. When there is a change in the network or a failure occurs between two statically defined nodes, traffic will not be rerouted. This means that anything that wishes to take an affected path will either have to wait for the failure to be repaired or the static route to be updated by the administrator before restarting its journey. Most requests will time out (ultimately failing) before these repairs can be made. There are, however, times when static routes can improve the performance of a network. Some of these include stub networks and default routes.Here in this fig. source network is 10.0.0.0 and the destination network is 30.0.0.0and the next hope address which comes on the path is 20.0.0.2To configure a static route to network 30.0.0.0, pointing to a next-hop router with the IP address of 20.0.0.2#ip route 30.0.0.0 255.0.0.0 20.0.0.Host Routing When a host using a routable protocol wants to send data to another host, it must first obtain the internetwork address of the destination. The destination internetwork address is obtained through an address resolution process whereby the sending host obtains the destination inter network address by referencing its logical nameOnce the destination internetwork address has been obtained, the source network and the destination network addresses are compared. When the source and destination hosts are on the same network, the packets are sent directly to the destination host by the source without the use of a router . The source host sends the packet to the destination by addressing the packet to the destination's physical address. This is known as a direct delivery. In a direct delivery, the destination internetwork address and the destination physical address are for the same end system.Conversely, when the source and destination hosts are on different networks, the packets to the destination cannot be directly delivered by the source. Instead, the source delivers them to an intermediate router by addressing the packet to the router's physical address. This is known as an indirect delivery. In an indirect delivery, the destination internetwork address and the destination physical address are not for the same end system.During an indirect delivery, the sending host forwards the packet to a router on its network by determining the router corresponding to the first hop or by discovering the entire path from the source to the destination.
How to configure Host Route:#ip route 30.0.0.4 255.255.255.255 40.0.0.2#ip route 30.0.0.0 255.0.0.0 20.0.0.26.2 DYNAMIC ROUTINGDynamic routing protocols are supported by software applications running on the routing device (the router) which dynamically learn network destinations and how to get to them and also advertise those destinations to other routers. This advertisement function allows all the routers to learn about all the destination networks that exist and how to to those networks.A router using dynamic routing will 'learn' the routes to all networks that are directly connected to the device. Next, the router will learn routes from other routers that run the same routing protocol (RIP, RIP2, EIGRP, OSPF, IS-IS, BGP etc). Each router will then sort through it's list of routes and select one or more 'best' routes for each network destination the router knows or has learned. Dynamic routing protocols will then distribute this 'best route' information to other routers running the same routing protocol, thereby extending the information on what networks exist and can be reached. This gives dynamic routing protocols the ability to adapt to logical network topology changes, equipment failures or network outages 'on the fly'.6.3 The various routing protocol that can be used are:1. RIP (routing information protocol) is a distance vector routing protocol. It sends complete routing table out to all other members in an interval of 30 seconds. It uses hop count as a metric and by default hop count is set to 15..2. EIGRP Key capabilities that distinguish EIGRP from other routing protocols include fast convergence, support for variable-length subnet mask, support for partial updates, and support for multiple network layer protocols. A router running EIGRP stores all its neighbors' routing tables so that it can quickly adapt to alternate routes. If no appropriate route exists, EIGRP queries its neighbors to discover an alternate route. EIGRP does not make periodic updates. Instead, it sends partial updates only when the metric for a route changes.
3. OSPF is a link-state routing protocol that calls for the sending of link-state advertisements (LSAs) to all other routers within the same hierarchical area. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm to calculate the shortest path to each node.
6.4 Routing Information ProtocolThe Routing Information Protocol (RIP) is a distance-vector routing protocol, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination. The maximum number of hops allowed for RIP is 15. This hop limit, however, also limits the size of networks that RIP can support. A hop count of 16 is considered an infinite distance and used to deprecate inaccessible, inoperable, or otherwise undesirable routes in the selection process.RIP implements the split horizon, route poisoning and hold down mechanisms to prevent incorrect routing information from being propagated.RIP uses the User Datagram Protocol (UDP) as its transport protocol, and is assigned the reserved port number 5206.4.1 RIP version 1 The original specification of RIP, defined in RFC 1058,[4] uses classful routing. The periodic routing updates do not carry subnet information, lacking support for variable length subnet masks (VLSM). This limitation makes it impossible to have different-sized subnets inside of the same network class. In other words, all subnets in a network class must have the same size. There is also no support for router authentication, making RIP vulnerable to various attacks.6.4.2 RIP version 2 Due to the deficiencies of the original RIP specification, RIP version 2 (RIPv2) was developed. It included the ability to carry subnet information, thus supporting Classless Inter-Domain Routing (CIDR). To maintain backward compatibility, the hop count limit of 15 remained. RIPv2 has facilities to fully interoperate with the earlier specification if all Must Be Zero protocol fields in the RIPv1 messages are properly specified. In addition, a compatibility switch feature allows fine-grained interoperability adjustments.In an effort to avoid unnecessary load on hosts that do not participate in routing, RIPv2 multicasts the entire routing table to all adjacent routers at the address 224.0.0.9, as opposed to RIPv1 which uses broadcast. Unicast addressing is still allowed for special applications. RIP version 2 supports following new features: -(1) Support VLSM (send mask in updates)(2) Multicast updates using address 224.0.0.9(3) Support authentication6.4.3 Features of RIP* Distance Vector * Open standard * Broadcast Updates at (255.255.255.255) * Metric is Hop Count*TimersUpdate 30 secInvalid 180 secHold 180 secFlush 240 sec* Loop ControlSplit HorizonTriggered UpdatesMaximum Hop CountHold Down* Maximum Hop Count 15* Administrative Distance 120* Equal Path Cost Load Balancing* Maximum Load path is 6 and Default is 4* Does not support VLSM* Does not support Autonomous system* Does auto route summarization
6.5 Diffrence Between RIP V1 and RIP V2RIP Version 1RIP Version 2
Distance VectorDistance Vector
Maximum hop count of 15Maximum hop count of 15
Classful routing protocolClassless routing protocol
No support for VLSM/CIDRSupports VLSM/CIDR networks
Perform Broadcast255.255.255.255Perform Multicast224.0.0.9
No support for discontiguousSupport discontiguous networks
6.6 Confugring RIPRouter#conf tRouter(config)#router ripRouter(config-router)#network Router(config-router)#network Router(config-router)#exit6.6.1 RIP advanced configuration6.6.1.1 Passive InterfacesAn interface, which is not able to send routing updates but able to receive routing update only is called Passive Interface. We can declare an interface as passive with following commands: Router#conf tRouter(config)#router ripRouter(config-router)#Passive-interface Router(config-router)#exit
6.7 Enhanced Interior Gateway Routing Protocol EIGRP is an enhanced version of IGRP. The same distance vector technology found in IGRP is also used in EIGRP, and the underlying distance information remains unchanged. The convergence properties and the operating efficiency of this protocol have improved significantly. This allows for an improved architecture while retaining existing investment in IGRP.The convergence technology is based on research conducted at SRI International. The Diffusing Update Algorithm (DUAL) is the algorithm used to obtain loopfreedom at every instant throughout a route computation. This allows all routers involved in a topology change to synchronize at the same time. Routers that are not affected by topology changes are not involved in the recomputation. The convergence time with DUAL rivals that of any other existing routing protocol.EIGRP has been extended to be networklayerprotocol independent, thereby allowing DUAL to support other protocol suites.
6.7.1 Basic operation EIGRP stores data in three tables: Neighbor Table: Stores data about the neighboring routers, i.e. those directly accessible through directly connected interfaces. Topology Table: Confusingly named, this table does not store an overview of the complete network topology; rather, it effectively contains only the aggregation of the routing tables gathered from all directly connected neighbors. This table contains a list of destination networks in the EIGRP-routed network together with their respective metrics. Also for every destination, a successor and a feasible successor are identified and stored in the table if they exist. Every destination in the topology table can be marked either as "Passive", which is the state when the routing has stabilized and the router knows the route to the destination, or "Active" when the topology has changed and the router is in the process of (actively) updating its route to that destination. Routing table: Stores the actual routes to all destinations; the routing table is populated from the topology table with every destination network that has its successor and optionally feasible successor identified (if unequal-cost load-balancing is enabled using the variance command). The successors and feasible successors serve as the next hop routers for these destinations.Unlike most other distance vector protocols, EIGRP does not rely on periodic route dumps in order to maintain its topology table. Routing information is exchanged only upon the establishment of new neighbour adjacencies, after which only changes are sent. Also, it uses route tagging.6.7.2 Basic Commands for configuring EIGRP:Router#conf tRouter(config)#router eigrp 1Router(config-router)#network Router(config-router)#network
Router(config-router)#exit6.8 Open Shortest Path FirstOpen Shortest Path First, an interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm. Routers use link-state algorithms to send routing information to all nodes in an internetwork by calculating the shortest path to each node based on a topography of the Internet constructed by each node. Each router sends that portion of the routing table (keeps track of routes to particular network destinations) that describes the state of its own links, and it also sends the complete routing structure (topography). The advantage of shortest path first algorithms is that they results in smaller more frequent updates everywhere. They converge quickly, thus preventing such problems as routing loops and Count-to-Infinity (when routers continuously increment the hop count to a particular network). This makes for a stable network. The disadvantage of shortest path first algorithms is that they require a lot of CPU power and memory. In the end, the advantages out weigh the disadvantages. OSPF Version 2 is defined in RFC 1583. It is rapidly replacing RIP on the Internet. 6.9 Areas and Border Routers As previously mentioned, OSPF uses flooding to exchange linkstate updates between routers. Any change in routing information is flooded to all routers in the network. Areas are introduced to put a boundary on the explosion of linkstate updates. Flooding and calculation of the Dijkstra algorithm on a router is limited to changes within an area. All routers within an area have the exact linkstate database. Routers that belong tomultiple areas, and connect these areas to the backbone area are called area border routers (ABR). ABRs must therefore maintain information describing the backbone areas and other attached areas.An area is interface specific. A router that has all of its interfaces within the same area is called an internal router (IR). A router that has interfaces in multiple areas is called an area border router (ABR). Routers that act as gateways (redistribution)between OSPF and other routing protocols (IGRP, EIGRP, ISIS, RIP, BGP, Static) or other instances of the OSPF routing process are called autonomous system boundary router (ASBR).Any router can be an ABR or an ASBR.6.9.1 Area types An OSPF domain is divided into areas that are labeled with 32-bit area identifiers. The area identifiers are commonly, but not always, written in the dot-decimal notation of an IPv4 address. However, they are not IP addresses and may duplicate, without conflict, any IPv4 address. The area identifiers for IPv6 implementations of OSPF (OSPFv3) also use 32-bit identifiers written in the same notation. While most OSPF implementations will right-justify an area number written in a format other than dotted decimal format, it is wise to always use dotted-decimal formats. Most implementations expand area 1 to the area identifier 0.0.0.1, but some have been known to expand it as 1.0.0.0.Areas are logical groupings of hosts and networks, including their routers having interfaces connected to any of the included networks. Each area maintains a separate link state database whose information may be summarized towards the rest of the network by the connecting router. Thus, the topology of an area is unknown outside of the area. This reduces the amount of routing traffic between parts of an autonomous system.Several special area types are defined.6.9.1.1 Backbone area The backbone area (also known as area 0 or area 0.0.0.0) forms the core of an OSPF network. All other areas are connected to it, and inter-area routing happens via routers connected to the backbone area and to their own associated areas. It is the logical and physical structure for the 'OSPF domain' and is attached to all nonzero areas in the OSPF domain. Note that in OSPF the term Autonomous System Boundary Router (ASBR) is historic, in the sense that many OSPF domains can coexist in the same Internet-visible autonomous system.The backbone area is responsible for distributing routing information between nonbackbone areas. The backbone must be contiguous, but it does not need to be physically contiguous; backbone connectivity can be established and maintained through the configuration of virtual links.All OSPF areas must connect to the backbone area. This connection, however, can be through a virtual link. For example, assume area 0.0.0.1 has a physical connection to area 0.0.0.0. Further assume that area 0.0.0.2 has no direct connection to the backbone, but this area does have a connection to area 0.0.0.1. Area 0.0.0.2 can use a virtual link through the transit area 0.0.0.1 to reach the backbone. To be a transit area, an area has to have the transit attribute, so it cannot be stubby in any way.6.9.1.2 Stub area A stub area is an area which does not receive route advertisements external to the autonomous system (AS) and routing from within the area is based entirely on a default route. An ABR deletes type 4, 5 LSAs from internal routers, sends them a default route of 0.0.0.0 and turns itself into a default gateway. This reduces LSDB and routing table size for internal routers.Modifications to the basic concept of stub areas exist in the not-so-stubby area (NSSA). In addition, several other proprietary variations have been implemented by systems vendors, such as the totally stubby area (TSA) and the NSSA not so stubby area, both an extension in Cisco Systems routing equipment.6.9.1.3 Not-So-Stubby Area A Not-So-Stubby Area (NSSA) is a type of stub area that can import autonomous system external routes and send them to other areas, but still cannot receive AS-external routes from other areas. NSSA is an extension of the stub area feature that allows the injection of external routes in a limited fashion into the stub area. A case study simulates an NSSA getting around the Stub Area problem of not being able to import external addresses. It visualizes the following activities: the ASBR imports external addresses with a type 7 LSA, the ABR converts a type 7 LSA to type 5 and floods it to other areas, the ABR acts as an "ASBR" for other areas. The ABR's do not take type 5 LSA's and then convert to type 7 LSA's for the area.Proprietary extensions Several vendors (Cisco, Juniper, Alcatel-Lucent, Huawei, Quagga), now implement the below two extensions to stub and NSSA area and although not covered by RFC they are considered by many to be standard features in OSPF implementations.
6.9.1.4 Totally stubby areaA totally stubby area is similar to a stub area. However, this area does not allow summary routes in addition to not having external routes, that is, inter-area (IA) routes are not summarized into totally stubby areas. The only way for traffic to get routed outside of the area is a default route which is the only Type-3 LSA advertised into the area. When there is only one route out of the area, fewer routing decisions have to be made by the route processor, which lowers system resource utilization.Occasionally, it is said that a TSA can have only one ABR.
6.9.1.5 Not So Stubby Totally Stubby AreaAn addition to the standard functionality of an NSSA, the totally stubby NSSA is an NSSA that takes on the attributes of a TSA, meaning that type 3 and 4 summary routes are not flooded into this type of area. It is also possible to declare an area both totally stubby and not-so-stubby, which means that the area will receive only the default route from area 0.0.0.0, but can also contain an autonomous system boundary router (ASBR) that accepts external routing information and injects it into the local area, and from the local area into area 0.0.0.0.Redistribution into an NSSA area creates a special type of LSA known as TYPE 7, which can exist only in an NSSA area. An NSSA ASBR generates this LSA, and an NSSA ABR router translates it into type 5 LSA which gets propagated into the OSPF domain.A newly acquired subsidiary is one example of where it might be suitable for an area to be simultaneously not-so-stubby and totally stubby if the practical place to put an ASBR is on the edge of a totally stubby area. In such a case, the ASBR does send externals into the totally stubby area, and they are available to OSPF speakers within that area. In Cisco's implementation, the external routes can be summarized before injecting them into the totally stubby area. In general, the ASBR should not advertise default into the TSA-NSSA, although this can work with extremely careful design and operation, for the limited special cases in which such an advertisement makes sense.By declaring the totally stubby area as NSSA, no external routes from the backbone, except the default route, enter the area being discussed. The externals do reach area 0.0.0.0 via the TSA-NSSA, but no routes other than the default route enter the TSA-NSSA. Routers in the TSA-NSSA send all traffic to the ABR, except to routes advertised by the ASBR.
6.10 Redistributing Routes into OSPF Redistributing routes into OSPF from other routing protocols or from static will cause these routes to become OSPF external routes. To redistribute routes into OSPF, use the following command in router configuration mode:redistribute protocol [processid] [metric value] [metrictype value] [routemap maptag] [subnets]
Note: The above command should be on one line.
The protocol and processid are the protocol that we are injecting into OSPF and its processid if it exits. The metric is the cost we are assigning to the external route. If no metric is specified, OSPF puts a default value of 20 when redistributing routes from all protocols except BGP routes, which get a metric of 1. The metrictype is discussed in the next paragraph.The routemap is a method used to control the redistribution of routes between routing domains. The format of a route map is:routemap maptag [[permit | deny] | [sequencenumber]]When redistributing routes into OSPF, only routes that are not subnetted are redistributed if the subnets keyword is not specified.
Basic Commands of Configuring OSPF:Router>enableRouter#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface serial 0/0/0Router(config-if)#ip address Router(config-if)#no shutdownRouter(config-if)#exitRouter(config)#interface fastethernet 0/0Router(config-if)#ip address Router(config-if)#no shutdownRouter(config-if)#exitR4(config)#router ospf 1R4(config-router)#network area 0R4(config-router)#network area 0R4(config-router)#6.11 Border Gateway ProtocolBorder Gateway Protocol (BGP) is the protocol which is used to make core routing decisions on the Internet; it involves a table of IP networks or "prefixes" which designate network reachability among autonomous systems (AS). BGP is a path vector protocol or a variant of a Distance-vector routing protocol. BGP does not involve traditional Interior Gateway Protocol (IGP) metrics, but routing decisions are made based on path, network policies and/or rule-sets. For this reason, it is more appropriately termed a reachability protocol rather than routing protocol.BGP was created to replace the Exterior Gateway Protocol (EGP) to allow fully decentralized routing in order to transition from the core ARPAnet model to a decentralized system that included the NSFNET backbone and its associated regional networks. This allowed the Internet to become a truly decentralized system. Since 1994, version four of the BGP has been in use on the Internet. All previous versions are now obsolete. The major enhancement in version 4 was support of Classless Inter-Domain Routing and use of route aggregation to decrease the size of routings. Since January 2006, version 4 is codified in RFC 4271, which went through more than 20 drafts based on the earlier RFC 1771 version 4. RFC 4271 version corrected a number of errors, clarified ambiguities and brought the RFC much closer to industry practices.Most Internet service providers must use BGP to establish routing between one another (especially if they are multihomed). Therefore, even though most Internet users do not use it directly, BGP is one of the most important protocols of the Internet. Compare this with Signaling System 7 (SS7), which is the inter-provider core call setup protocol on the PSTN. Very large private IP networks use BGP internally. An example would be the joining of a number of large OSPF (Open Shortest Path First) networks where OSPF by itself would not scale to size. Another reason to use BGP is multihoming a network for better redundancy, either to multiple access points of a single ISP (RFC 1998) or to multiple ISPs.
Basic Commands of configuring bgp:
Router>enableRouter#configure terminalRouter(config)#router bgp 100Router(config-if)#neighbor remote-as 100Router(config-if)#exitRouter(config)#router bgp 100Router(config-if)# neighbor remote-as 200Router(config-if)#exit
CHAPTER 7 SWITCHINGEvery time in computer network you access the internet or another computer network outside your immediate location, your messages are sent through a maze of transmission media and connection devices. The mechanism for moving information between different computer network and network segment is called switching in computer network. For example:- whenever a telephone called is placed, there are numerous junctions in the communication path that perform this movement of data from one network onto another network.
7.1 Network SwitchA network switch is a computer networking device that links network segments or network devices. The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer (layer 2) of the OSI model. Switches that additionally process data at the network layer (layer 3) and above are often called layer-3 switches or multilayer switches.7.2 Role of switches in a network Switches may operate at one or more layers of the OSI model, including data link and network. A device that operates simultaneously at more than one of these layers is known as a multilayer switch.In switches intended for commercial use, built-in or modular interfaces make it possible to connect different types of networks, including Ethernet, Fibre Channel, ATM, ITU-T G.hn and 802.11. This connectivity can be at any of the layers mentioned. While layer-2 functionality is adequate for bandwidth-shifting within one technology, interconnecting technologies such as Ethernet and token ring is easier at layer 3.Devices that interconnect at layer 3 are traditionally called routers, so layer-3 switches can also be regarded as (relatively primitive) routers. Where there is a need for a great deal of analysis of network performance and security, switches may be connected between WAN routers as places for analytic modules. Some vendors provide firewall, network intrusion detection, and performance analysis modules that can plug into switch ports. Some of these functions may be on combined modules. In other cases, the switch is used to create a mirror image of data that can go to an external device. Since most switch port mirroring provides only one mirrored stream, network hubs can be useful for fanning out data to several read-only analyzers, such as intrusion detection systems and packet sniffers.
CHAPTER 8 SPANNING TREE PROTOCOLThe Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.Spanning Tree Protocol (STP) is standardized as IEEE 802.1D. As the name suggests, it creates a spanning tree within a network of connected layer-2 bridges (typically Ethernet switches), and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes.STP is based on an algorithm that was invented by Radia Perlman while she was working for Digital Equipment Corporation.
8.1 Spanning Tree Protocol Timers
There are several STP timers, as this list shows:Hello Time : The hello time is the time between each bridge protocol data unit (BPDU) that is sent on a port. This time is equal to 2 seconds (sec) by default, but you can tune the time to be between 1 and 10 sec.Forward Delay: The forward delay is the time that is spent in the listening and learning state. This time is equal to 15 sec by default, but you can tune the time to be between 4 and 30 sec.Max Age: The max age timer controls the maximum length of time that passes before a bridge port saves its configuration BPDU information. This time is 20 sec by default, but you can tune the time to be between 6 and 40 sec.
8.2 Selecting a Root Bridge The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID. Each bridge has a configurable priority number and a MAC Address; the bridge ID contains both numbers combined together - Bridge priority + MAC (32768.0200.0000.1111). The Bridge priority default is 32768 and can only be configured in multiples of 4096(Spanning tree uses the 12 bits extended system ID). To compare two bridge IDs, the priority is compared first, as if looking at a real number anything less than 32768...will become the target of being the root. If two bridges have equal priority then the MAC addresses are compared; for example, if switches A (MAC=0200.0000.1111) and B (MAC=0200.0000.2222) both have a priority of 32768 then switch A will be selected as the root bridge. If the network administrators would like switch B to become the root bridge, they must set its priority to be less than 32768 or configure the spanning tree a root primary/secondary. When configuring the root primary and root secondary the switch will automatically change the priority accordingly, 24577 and 28673 respectively with the default configuration.
8.3 ROOT GAURDWhen the root ports receives the BPDU when lower BID value they forcefully become designated port and come in listening state but if they receive the bpdu with high bid value they function normally.If Root Guard is implemented on root port at the root bridge. It will protect the existence of the root bridge of all the vlans of which that trunk is member.8.4 PORT FASTSpanning Tree Protocol (STP) convergence (Layer 2 convergence) happens when bridges and switches have transitioned to either the forwarding or blocking state. Normal Spanning Tree Protocol (STP) convergence (Layer 2 convergence) time is 50 seconds and the end user traffic is blocked until Root Port and/or Designated Port reach the forwarding state.We can use the feature called PortFast to speed up convergence on ports which are connected to a workstation or a server (which will not cause layer 2 loops). PortFast feature should be used only to connect a single workstation to a switch port to avoid layer 2 switching loop. Spanning-tree PortFast feature causes a port to enter the forwarding state immediately, bypassing the listening and learning states.When Spanning Tree Protocol (STP) is running, PortFast ports on the same switch can forward traffic between each other, but need to wait for Spanning Tree Convergence to communicate with a port on which the PortFast feature is disabled (normally a port connected to another switch).8.5 BPDU GAURDBPDUs are the messages exchanged between switches to calculate the spanning tree topology. BPDU filter is a feature used to filter sending or receiving BPDUs on a switchport.It is extremely useful on those ports which are configured as portfast ports as there is no need to send or receive any BPDU messages on of these ports.BPDU filter can be configured globally or under the interface level. When configured globally all portfast enabled ports stop sending and receiving BPDUs, but if a BPDU is received on the port it gets out of the portfast state and normally participate in the spanning tree calculations.STP configures meshed topology into a loop-free, tree-like topology. When the link on a bridge port goes up, STP calculation occurs on that port. The result of the calculation is the transition of the port into forwarding or blocking state. The result depends on the position of the port in the network and the STP parameters. This calculation and transition period usually takes about 30 to 50 seconds. At that time, no user data pass via the port. Some user applications can time out during the period. In order to allow immediate transition of the port into forwarding state, enable the STP PortFast feature. PortFast immediately transitions the port into STP forwarding mode upon linkup. The port still participates in STP. So if the port is to be a part of the loop, the port eventually transitions into STP blocking mode. As long as the port participates in STP, some device can assume the root bridge function and affect active STP topology. To assume the root bridge function, the device would be attached to the port and would run STP with a lower bridge priority than that of the current root bridge. If another device assumes the root bridge function in this way, it renders the network suboptimal. This is a simple form of a denial of service (DoS) attack on the network. The temporary introduction and subsequent removal of STP devices with low (0) bridge priority cause a permanent STP recalculation. The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the active topology predictable. The devices behind the ports that have STP PortFast enabled are not able to influence the STP topology. At reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state,& a message appears on console. Bridge A has priority 8192 and is the root for the VLAN. Bridge B has priority 16384 and is the backup root bridge for the same VLAN. Bridges A and B, which a Gigabit Ethernet link connects, make up a core of the network. Bridge C is an access switch and has PortFast configured on the port that connects to device D. If the other STP parameters are default, the bridge C port that connects to bridge B is in STP blocking state. Device D (PC) does not participate in STP. The dashed arrows indicate the flow of STP BPDUs.In Figure 2, device D has started to participate in STP. For example, a Linux-based bridge application is launched on a PC. If the priority of the software bridge is 0 or any value below the priority of the root bridge, the software bridge takes over the root bridge function. The Gigabit Ethernet link that connects the two core switches transitions into blocking mode. The transition causes all the data in that VLAN to flow via the 100-Mbps link. If more data flow via the core in the VLAN than the link can accommodate, the drop of frames occurs. The frame drop leads to a connectivity outage. The STP PortFast BPDU guard feature prevents such a situation. The feature disables the port as soon as bridge C receives the STP BPDU from device D. 8.6 Configuration You can enable or disable STP PortFast BPDU guard on a global basis, which affects all ports that have PortFast configured. By default, STP BPDU guard is disabled. Issue this command in order to enable STP PortFast BPDU guard on the switch: (config)# spanning-tree portfast bpduguard When STP BPDU guard disables the port, the port remains in the disabled state unless the port is enabled manually..
8.7 BPDU FILTEROn the port where BPDU filter is enabled will allow the end devices to connect any time but if any switch is connected to this port then the port will loose its port fast capability and become a normal port and will participate in spanning tree process.
CHAPTER 9 VLAN(Virtual Local Area Network)In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN or VLAN.This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for various VLANs.Grouping hosts with a common set of requirements regardless of their physical location by VLAN can greatly simplify network design. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together more easily even if they are not on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections. Most enterprise-level networks today use the concept of virtual LANs. Without VLANs, a switch considers all interfaces on the switch to be in the same broadcast domain.To physically replicate the functions of a VLAN would require a separate, parallel collection of network cables and equipment separate from the primary network. However, unlike physically separate networks, VLANs share bandwidth, so VLAN trunks may require aggregated links and/or quality of service priorization.
9.1 TRUNK PORTA trunk port is a port that is assigned to carry traffic for all the VLANs that are accessible by a specific switch, a process known as trunking. Trunk ports mark frames with unique identifying tags - either 802.1Q tags or Interswitch Link (ISL) tags - as they move between switches. Therefore, every single frame can be directed to designatedVLAN.
An Ethernet interface can either function as a trunk port or as an access port, but not both at the same time. A trunk port is capable of having more than one VLAN set up on the interface. As a result, it is able to carry traffic for numerous VLANs at the same time.
To configure the Trunk Port :Switch(config)#int f0/1Switch(config-if)#switchport mode trunk
9.2 VLAN Trunk Protocol (VTP) VLAN on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP is a Ciscoproprietary protocol that is available on most of the Cisco Catalyst series products.Note: This document does not cover VTP Version 3. VTP Version 3 differs from VTP Version 1 (V1) and Version 2 (V2), and it is only available on Catalyst OS (CatOS) 8.1(1) or later. VTP Version 3 incorporates many changes from VTP V1 and V2. Make certain that you understand the differences between VTP Version 3 and earlier versions before you alter your network configuration.
9.2.1 VTP Modes You can configure a switch to operate in any one of these VTP modes:
Server VTP : Server mode, you can create, modify, and delete VLANs and specify otherconfiguration parameters, such as VTP version and VTP pruning, for the entire VTP domain. VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links. VTP server is the default mode.
Client VTP : Clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client.
Transparent VTP : Transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements, but transparent switches do forward VTP advertisements that they receive out their trunk ports in VTP Version 2.
9.3 VTP Password If you configure a password for VTP, you must configure the password on all switches in the VTP domain.The password must be the same password on all those switches. The VTP password that you configure is translated by algorithm into a 16byte word (MD5 value) that is carried in all summaryadvertisement VTP packets.
CHAPTER 10 ACL(Access Control List)
An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file.When a subject requests an operation on an object in an ACL-based security model, the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. A key issue in the definition of any ACL-based security model is determining how access control lists are edited, namely which users and processes are granted ACL-modification access. ACL models may be applied to collections of objects as well as to individual entities within the system's hierarchy.
10.1 Access List Configuration Guidelines:- Access list numbers indicate which protocol is filtered.
One access list per interface, per protocol, per direction is allowed.
The order of access list statements controls testing.
Place the most restrictive statements at the top of list.
There is an implicit deny any statement as the last access list test. Every list needs at least one permit statement.
Create access lists before applying them to interfaces.
Any time a new entry is added to the access list, it will be placed at the bottom of the list.
Access lists filter traffic going through the router; they do not apply to traffic originating from the router.
You cannot remove one line from an access list. If you try to do this, you will remove the entire list.
10.2 Frame Relay It is a standardized wide area network technology that specifies the physical and logical link layers of digital telecommunications channels using a packet switching methodology. Originally designed for transport across Integrated Services Digital Network (ISDN) infrastructure, it may be used today in the context of many other network interfaces. Network providers commonly implement Frame Relay for voice (VoFR) and data as an encapsulation technique, used between local area networks (LANs) over a wide area network (WAN). Each end-user gets a private line (or leased line) to a Frame Relay The Frame Relay network handles the transmission over a frequently-changing path transparent to all end-user extensively-used WAN protocols. It is less expensive than leased lines and that is one reason for its popularity. The extreme simplicity of configuring user equipment in a Frame Relay network offers another reason for Frame Relay's popularity.With the advent of Ethernet over fiber optics, MPLS, VPN and dedicated broadband services such as cable modem and DSL, the end may loom for the Frame Relay protocol and encapsulation. However many rural areas remain lacking DSL and cable modem services. In such cases the least expensive type of non-dial-up connection remains a 64-kbit/s frame-relay line. Thus a retail chain, for instance, may use Frame Relay for connecting rural stores into their corporate WAN. 10.3 DLCIA data link connection identifier (DLCI) is a Frame Relay 10 bit wide link-local virtual circuit identifier used to assign frames to a specific PVC or SVC. Frame Relay networks use DLCIs to statistically multiplex frames. DLCIs are preloaded into each switch and act as road signs to the traveling frames. Frame Relay VCs use Data-Link Connection Identifiers (DLCI - pronounced "del-see") as their addresses. Unlike other Cisco technologies, VCs have only a single DLCI in their header. They do not have a source and destination. DLCIs have local significance only. DLCI numbers are not advertised to other routers, and other routers can use the same DLCI numbers without causing connectivity issues.
Cisco uses the term global addressing to describe a technique by which a router in a frame relay network is reached via the same DLCI number from each router in the network. For example, in a 25-router Network, the same DLCI number would be used to reach "Router A" by each router.
Global Addressing is an organizational tool that does not affect the fact that DLCIs have local significance only.
The locally significant DLCI must be mapped to the destination router's IP address. There are two options for this, Inverse ARP and static mapping.Frame relay is a technique used to transport data from locations to location, just like T-1 lines or ISDN connections do. In frame relay, there are a number of locations on the network that can send and receive data. These connections are known as Ports. Each location that needs access to the frame system, needs to have one of these ports. Every port in a Frame Relay system has an Address. This address is Unique to the port at that specific location. The port is connected to the equipment that handles the Data on one side, to the Frame Relay Cloud on the other side. The equipment that handles the data can send data out the frame relay port. This happens in the form of Packets, or Frames. Each frame is built up of two parts; the actual Data and the Control block. These frames are sent over Virtual Connections. The frame network itself should be imagined as a cloud. Every Frame Relay Access Port runs into this Cloud. Inside the cloud, there are a lot of different ways to get from one port to another. These ways are all interconnected by Frame Switches. These switches can make informed decisions on the traffic flow over each part of each route. Together, they figure out what router to send a packet over to get it fast and reliable from the source to the destination port.
10.4 How Frame Relay Works In Frame Relay implementation, the connection between a DTE (router) device and a DCE (Frame Relay switch) device consists of both a physical layer component and a link layer component: The physical component defines the mechanical and electrical specifications for the connection between the devices. ii. The link layer component defines the protocol that establishes the connection between the DTE device, such as a router, and the DCE device, such as a switch. When interconnection between LANs are implementedusing frame relay, the LAN Gateway router (DTE) is connected to the Frame Relay switch (DCE)through a serialconnectionsuch as a T1/E1 leased line, at the nearest point-of-presence (POP) or WAN edgeNetwork switches move frames from one DTE across the network and deliver frames to other DTEs via DCEs. Other network computing equipment that is not on a LAN may also send data across a Frame Relay network by using a Frame Relay access device (FRAD) as the DTE.
The FRAD is sometimes referred to as a Frame Relay assembler/dissembler and is a dedicated appliance or a router that is configured to support Frame Relay. It is located on the customer's premises and connects to a switch port on the service provider's network. In turn, the service provider interconnects the Frame Relay switches.
i.)The DTE (router) sends frames to the DCE (Frame relay Switches) on the WAN edgeii.)The frames moves from switch to switch across the WAN to the destination DCE (frame relay switch) on the WAN edgeiii.)The destination DCE delivers the frames to the destination DTE 10.5 TUNNELINGComputer networks use a tunneling protocol when one network protocol (the delivery protocol) encapsulates a different payload protocol. By using tunneling one can (for example) carry a payload over an incompatible delivery-network, or provide a secure path through an untrusted network.Tunneling typically contrasts with a layered protocol model such as those of OSI or TCP/IP. The delivery protocol usually (but not always) operates at a higher level in the model than does the payload protocol, or at the same level.To understand a particular protocol stack, network engineers must understand both the payload and delivery protocol sets.As an example of network layer over network layer, Generic Routing Encapsulation (GRE), a protocol running over IP (IP Protocol Number 47), often serves to carry IP packets, with RFC 1918 private addresses, over the Internet using delivery packets with public IP addresses. In this case, the delivery and payload protocols are compatible, but the payload addresses are incompatible with those of the delivery network.In contrast, an IP payload might believe it sees a data link layer delivery when it is carried inside the Layer 2 Tunneling Protocol (L2TP), which appears to the payload mechanism as a protocol of the data link layer. L2TP, however, actually runs over the transport layer using User Datagram Protocol (UDP) over IP. The IP in the delivery protocol could run over any data-link protocol from IEEE 802.2 over IEEE 802.3 (i.e., standards-based Ethernet) to the Point-to-Point Protocol (PPP) over a dialup modem link.Tunneling protocols may use data encryption to transport insecure payload protocols over a public network (such as the Internet), thereby providing VPN functionality. IPsec has an end-to-end Transport Mode, but can also operate in a tunneling mode through a trusted security gateway.10.6 DHCPDHCP (Dynamic Host Configuration Protocol) is a communications protocol that lets network administrators centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization's network. Using the Internet Protocol, each machine that can connect to the Internet needs a unique IP address, which is assigned when an Internet connection is created for a specific computer. Without DHCP, the IP address must be entered manually at each computer in an organization and a new IP address must be entered each time a computer moves to a new location on the network. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network.DHCP uses the concept of a "lease" or amount of time that a given IP address will be valid for a computer. The lease time can vary depending on how long a user is likely to require the Internet connection at a particular location. It's especially useful in education and other environments where users change frequently. Using very short leases, DHCP can dynamically reconfigure networks in which there are more computers than there are available IP addresses. The protocol also supports static addresses for computers that need a permanent IP address, such as Web servers.DHCP is an extension of an earlier network IP management protocol, Bootstrap Protocol (BOOTP). DHCP is a more advanced protocol, but both configuration management protocols are commonly used and DHCP can handle BOOTP client requests. Some organizations use both protocols, but understanding how and when to use them in the same organization is important. Some operating systems, including Windows NT/2000, come with DHCP servers. A DHCP or BOOTP client is a program that is located in (and perhaps downloaded to) each computer so that it can be configured.
10.7 SSH
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively). The protocol specification distinguishes between two major versions that are referred to as SSH-1 and SSH-2. The best-known application of the protocol is for access to shell accounts on Unix-like operating systems, but it can also be used in a similar fashion for accounts on Windows. It was designed as a replacement for Telnet and other insecure remote shell protocols such as the Berkeley rsh and rexec protocols, which send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis.[2] The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet. SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on. Usage SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols.[1] SSH uses the client-server model. The standard TCP port 22 has been assigned for contacting SSH servers,.[4]An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, most distributions of GNU/Linux, OpenBSD, FreeBSD, NetBSD, Solaris and OpenVMS. Notably, Windows is one of the few modern desktop/server OSs that does not include SSH by default. Proprietary, freeware and open source versions of various levels of complexity and completeness exist. SSH is important in cloud computing to solve connectivity problems, avoiding the security issues of exposing a cloud-based virtual machine directly on the Internet. An SSH tunnel can provide a secure path over the Internet, through a firewall to a virtual machine.
10.8 TELNETTelnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network (such as the Internet). Using telnet client software on your computer, you can make a connection to a telnet server (i.e., the remote host). Once your telnet client establishes a connection to the remote host, your client becomes a virtual terminal, allowing you to communicate with the remote host from your computer. In most cases, you'll need to log into the remote host, which requires that you have an account on that system. Occasionally, you can log in as guest or public without having an account.Telnet clients are available for all major operating systems.Telnet is an old computer protocol (set of programmatic rules). Telnet is famous for being the original Internet when the Net first launched in 1969. Telnet stands for 'telecommunications network', and was built to be form of remote control to manage mainframe computers from distant terminals. In those original days of large mainframe computers, telnet enabled research students and professors to 'log in' to the university mainframe from any terminal in the building. This remote login saved researchers hours of walking each semester. While telnet pales in comparison to modern networking technology, it was revolutionary in 1969, and telnet helped pave the way for the eventual World Wide Web in 1989. While telnet technology is very old, it is still in some use today by purists. Telnet has evolved into a new modern version of remote control called 'SSH', something that many modern network administrators use today to manage linux and unix computers from a distance.
Telnet is a text-based computer protocol. Unlike Firefox or Google Chrome screens, telnet screens are very dull to look at. Very different from Web pages that sport fancy images, animation, and hyperlinks, telnet is about typing on a keyboard. Telnet commands can be rather cryptic commands, with example commands being 'z' and 'prompt% fg'. Most modern users would find telnet screens to be very archaic and slowTelnet is a user command and an underlying TCP/IP protocol for accessing remote computers. Through Telnet, an administrator or another user can access someone else's computer remotely. On the Web, HTTP and FTP protocols allow you to request specific files from remote computers, but not to actually be logged on as a user of that computer. With Telnet, you log on as a regular user with whatever privileges you may have been granted to the specific application and data on that computer.A Telnet command request looks like this (the computer name is made-up): telnet the.libraryat.whatis.edu The result of this request would be an invitation to log on with a userid and a prompt for a password. If accepted, you would be logged on like any user who used this computer every day.10.9 ROUTE MAPING
This document describes commands that you can use to configure route-maps that are applied with the redistribute command of dynamic routing protocols. This document also includes tips on route-map functions and advice on when route-map configuration is most beneficial.The route-map function is a generic mechanism of Cisco IOS software configuration. You can apply it to many different tasks, for example, policy-based routing (PBR) and Border Gateway Protocol (BGP) neighbor update modification. One of the most common uses of route-maps is to apply them to routes that are redistributed between dynamic routing protocols. This document examines the possibilities of route-maps, when you configure this type of redistribution.
What are Route-Maps? Route-maps have many features in common with widely known access control lists (ACLs). These are some of the traits common to both mechanisms:
They are an ordered sequence of individual statements, each has a permit or deny result. Evaluation of ACL or route-maps consists of a list scan, in a predetermined order, and an evaluation of the criteria of each statement that matches. A list scan is aborted once the first statement match is found and an action associated with the statement match is performed. They are generic mechanismscriteria matches and match interpretation are dictated by the way they are applied. The same route-map applied to different tasks might be interpreted differently.These are some of the differences between route-maps and ACLs: Route-maps frequently use ACLs as matching criteria. The main result from the evaluation of an access list is a yes or no answeran ACL either permits or denies input data. Applied to redistribution, an ACL determines if a particular route can (route matches ACLs permit statement) or can not (matches deny statement) be redistributed. Typical route-maps not only permit (some) redistributed routes but also modify information associated with the route, when it is redistributed into another protocol. Route-maps are more flexible than ACLs and can verify routes based on criteria which ACLs can not verify. For example, a route-map can verify if the type of route is internal or if it