SIX WEEKS SUMMER TRAINING (CAP 300) REPORT

on

Routing and switching Essentials

(Networking Domain)

Submitted by

Ankush Prabhakar
Registration No 11509700
Programme and Section -124-L and D1401

Under the Guidance of

Gulshan Kumar (Assistant Professor, LPU)
Deepak Prashar (Assistant Professor, LPU)
Cisco Networking Academy, Lovely Professional University

LOVELY FACULTY OF TECHNOLOGY & SCIENCES

Lovely Professional University, Phagwara
(15 June-30July, 2016)

1|Page

DECLARATION

I hereby declare that I have completed my six-week summer training at Cisco Networking Academy
from 16-06-2016 to 30-07-2016 under the guidance of Gulshan Kumar. I have declared that I have
worked with full dedication during these six weeks of training and my learning outcomes fulfil the
requirements of training for the award of degree of B.C.A, Lovely Professional University, Phagwara.

Ankush Prabhakar

Date: 31-07-2016

2|Page

ACKNOWLEDGEMENT

I would like to express my special thanks of gratitude to my teacher Cisco Networking

Academy as well as the Lovely Professional University who gave me the golden opportunity
to do this wonderful project on the topic Text and Multimedia Encryption, which also helped
me in doing a lot of Research and I came to know about so many new things. I am really
thankful to them.
Secondly I would also like to thank my parents and friends who helped me a lot in finishing
this training within the limited time. I would like to extend my sincere appreciation to my
colleagues Ashwin Singh, Shradhey Tripathi and Chandan Panthee who offered many
suggestions throughout the training.
I am really thankful to all of them who directly or indirectly contribute to my training

3|Page

INDEX
S.No.

Contents

Page No.

1.

Acknowledgement

2.

Organization Overview

3.

Technology Learnt

4.

Reason for Choosing this Training

11

5.

Learning Outcomes

12

Basic Switch configuration

Common
Switches

DHCP Spoofing

14

VLAN- a switch technology

15

Routing Concepts

17

Routing Dynamically

19

Access control List

22

NAT

25

Security

Attacks

12
on

13

6.

Gantt Chart

28

7.

Bibliography

29

8.

Future Scope

30

4|Page

1: Organization Overview: -

The whole training program is done under Cisco Networking Academy in Lovely
Professional University. Cisco Networking Academy is an IT skills and career building
program for learning institutions and individuals worldwide. More than 5.5 million people
have joined the Networking Academy and become a force for change in the global economy
since 1997.

From secondary schools to universities to community organizations, more than 9000

institutions in 170+ countries offer the Networking Academy curriculum. It is the flagship
program of Cisco Corporate Social Responsibility (CSR) efforts. Together, they are building
the workforce of tomorrow.

LPU houses a CISCO NET Academy in its premises, for providing the Latest Technology
Experience to its students. This academy provides the latest courses on the Networking
domain to its students inside the campus to keep them updated about the latest advancements.
The support provided by CISCO for the course includes:

Establishment of Latest Technology Labs

Train the Trainer Program

Student Engagement

5|Page

2. Technology Learnt: -

I have completed two modules (courses) in Cisco Networking Academy during summers: 1. Introduction to Networks
2. Routing and Switching Essentials (CCNA)

First module gives the advanced and fundamental concepts of networking technology. It
provides complete understanding of both the practical and conceptual skills that build the
foundation for understanding basic networking. It consists following:

Examine human versus network communication and see the parallels between them

Be introduced to the two major models used to plan and implement networks: OSI
and TCP/IP

Gain an understanding of the "layered" approach to networks

Examine the OSI and TCP/IP layers in detail to understand their functions and
services

Become familiar with the various network devices and network addressing schemes

Discover the types of media used to carry data across the network

Second module focuses on learning the architecture, components, and operations of routers
and switches in a small network. This course is about how to configure a router and a switch
for basic functionality. It consists of following:

Describe enhanced switching technologies such as VLANs, VLAN Trunking Protocol

(VTP), Rapid Spanning Tree Protocol (RSTP), Per VLAN Spanning Tree Protocol
(PVSTP), and 802.1q

Configure and troubleshoot basic operations of a small switched network

Configure and verify static routing and default routing

Configure and troubleshoot basic operations of routers in a small routed network

Configure and troubleshoot VLANs and inter-VLAN routing

Configure, monitor, and troubleshoot ACLs for IPv4 and IPv6

6|Page

Among all of the essentials for human existence, the need to interact with others ranks just
below our need to sustain life. Communication is almost as important to us as our reliance on
air, water, food, and shelter.
In todays world, through the use of networks, we are connected like never before. People
with ideas can communicate instantly with others to make those ideas a reality. News events
and discoveries are known worldwide in seconds. Individuals can even connect and play
games with friends separated by oceans and continents.

The globalization of the Internet has ushered in new forms of communication that empower
individuals to create information that can be accessed by a global audience.
Some forms of communication include:

Texting Texting enables instant real-time communication between two or more

people.

Social Media Social media consists of interactive websites where people and
communities create and share user-generated content with friends, family, peers, and
the world.

Collaboration Tools - Without the constraints of location or time zone, collaboration

tools allow individuals to communicate with each other, often across real-time
interactive video. The broad distribution of data networks means that people in remote
locations can contribute on an equal basis with people in the heart of large population
centres.

Blogs - Blogs, which is an abbreviation of the word weblogs, are web pages that are
easy to update and edit. Unlike commercial websites, blogs give anyone a means to
communicate their thoughts to a global audience without technical knowledge of web
design.

Wikis - Wikis are web pages that groups of people can edit and view together.
Whereas a blog is more of an individual, personal journal, a wiki is a group creation.
As such, it may be subject to more extensive review and editing. Many businesses use
wikis as their internal collaboration tool.

7|Page

Podcasting - Podcasting allows people to deliver their audio recordings to a wide

audience. The audio file is placed on a website (or blog or wiki) where others can
download it and play the recording on their computers, laptops, and other mobile
devices.

Peer-to-Peer (P2P) File Sharing Peer-to-Peer file sharing allows people to share
files with each other without having to store and download them from a central server.
The user joins the P2P network by simply installing the P2P software. P2P file
sharing has not been embraced by everyone. Many people are concerned about
violating the laws of copyrighted materials.

The Internet is used for traditional forms of entertainment. We listen to recording artists,
preview or view motion pictures, read entire books, and download material for future offline
access. Live sporting events and concerts can be experienced as they are happening, or
recorded and viewed on demand.

Networks enable the creation of new forms of entertainment, such as online games. Players
participate in any kind of online competition that game designers can imagine. We compete
with friends and foes around the world as if we were all in the same room.

Even offline activities are enhanced using network collaboration services. Global
communities of interest have grown rapidly. We share common experiences and hobbies well
beyond our local neighbourhood, city, or region. Sports fans share opinions and facts about
their favourite teams. Collectors display prized collections and get expert feedback about
them.

Modern networks continue to evolve to keep pace with the changing way organizations carry
out their daily business. Users now expect instant access to company resources from
anywhere and at any time. These resources not only include traditional data but also video
and voice. There is also an increasing need for collaboration technologies that allow real-time
sharing of resources between multiple remote individuals as though they were at the same
physical location.

8|Page

Different devices must seamlessly work together to provide a fast, secure, and reliable
connection between hosts. LAN switches provide the connection point for end users into the
enterprise network and are also primarily responsible for the control of information within the
LAN environment. Routers facilitate the movement of information between LANs and are
generally unaware of individual hosts. All advanced services depend on the availability of a
robust routing and switching infrastructure on which they can build. This infrastructure must
be carefully designed, deployed, and managed to provide a necessary stable platform.

Different devices must seamlessly work together to provide a fast, secure, and reliable
connection between hosts. LAN switches provide the connection point for end users into the
enterprise network and are also primarily responsible for the control of information within the
LAN environment. Routers facilitate the movement of information between LANs and are
generally unaware of individual hosts. All advanced services depend on the availability of a
robust routing and switching infrastructure on which they can build. This infrastructure must
be carefully designed, deployed, and managed to provide a necessary stable platform.

Switches are used to connect multiple devices together on the same network. In a properly
designed network, LAN switches are responsible for directing and controlling the data flow at
the access layer to networked resources. Switches operate at the access layer where client
network devices connect directly to the network and IT departments want uncomplicated
network access for the users. It is one of the most vulnerable areas of the network because it
is so exposed to the user. Switches need to be configured to be resilient to attacks of all types
while they are protecting user data and allowing for high speed connections. Port security is
one of the security features Cisco managed switches provide.

Networks allow people to communicate, collaborate, and interact in many ways. Networks
are used to access web pages, talk using IP telephones, participate in video conferences,
compete in interactive gaming, shop using the Internet, complete online coursework, and
more.
Ethernet switches function at the data link layer, Layer 2, and are used to forward Ethernet
frames between devices within the same network.

9|Page

However, when the source IP and destination IP addresses are on different networks, the
Ethernet frame must be sent to a router. A router connects one network to another network.
The router is responsible for the delivery of packets across different networks. The
destination of the IP packet might be a web server in another country or an email server on
the local area network.

The router uses its routing table to determine the best path to use to forward a packet. It is the
responsibility of the routers to deliver those packets in a timely manner. The effectiveness of
internetwork communications depends, to a large degree, on the ability of routers to forward
packets in the most efficient way possible.

When a host sends a packet to a device on a different IP network, the packet is forwarded to
the default gateway because a host device cannot communicate directly with devices outside
of the local network. The default gateway is the destination that routes traffic from the local
network to devices on remote networks. It is often used to connect a local network to the
Internet.

10 | P a g e

11 | P a g e

Reason for choosing this training: -

Imagine a world without the Internet. No more Google, YouTube, instant messaging,
Facebook, Wikipedia, online gaming, Netflix, iTunes, and easy access to current information.
No more price comparison websites, avoiding lines by shopping online, or quickly looking up
phone numbers and map directions to various locations at the click of a button. How different
would our lives be without all of this? That was the world we lived in just 15 to 20 years ago.
But over the years, data networks have slowly expanded and been repurposed to improve the
quality of life for people everywhere.

Also I choose my specialization networks and security. Its beneficial for me to do training
according to my specialization . In coming holidays I will give CCNA exam so internship in
networking is best for me.

12 | P a g e

3. Learning Outcomes:

Basic switching concepts and the operation of Cisco switches

Switches are used to connect multiple devices together on the same network. In a properly
designed network, LAN switches are responsible for directing and controlling the data flow at
the access layer to networked resources.

Cisco switches are self-configuring and no additional configurations are necessary for them
to function out of the box. However, Cisco switches run Cisco IOS, and can be manually
configured to better meet the needs of the network. This includes adjusting port speed,
bandwidth, and security requirements. Additionally, Cisco switches can be managed both
locally and remotely. To remotely manage a switch, it needs to have an IP address and default
gateway configured.

The beauty of Cisco switches is that we can remotely access and manages switches which
removes the overhead of manual configuration of network administrator. So, to gain remote
access of switch we need to do following steps:

13 | P a g e

Common Security Attacks on Switches:

MAC Address Flooding: - MAC address flooding attack (CAM table flooding
attack) is a type of network attack where an attacker connected to a switch port floods
the switch interface with very large number of Ethernet frames with different fake
source MAC address. MAC address tables are limited in size. MAC flooding attacks
make use of this limitation to overwhelm the switch with fake source MAC addresses
until the switch MAC address table is full.
Solution: - One way to mitigate MAC address table overflow attacks is to configure
port security.
Concepts of Port Security: - The goal of Port Security is to prevent a network attacker
from sending large number of Ethernet Frames with forged fake source MAC
addresses to a Switch interface. This goal is achieved by the following settings, which
are related with a switch interface.
1) Enable Port Security Feature. Port security is disabled by default. "switch port portsecurity" (at interface configuration mode) command can be used to enables Port
Security.

2) Specify a maximum number of MAC addresses allowed on that interface.

Remember, it is possible that more than one genuine devices are connected to a
switch interface (Example: a phone and a computer).

3) Define the MAC Addresses of known devices, which are going to access the
network via that interface. We can do this by either hardcoding the MAC addresses of
known devices (statically define the known MAC addresses) or configure "sticky"
MAC Address. Sticky MAC addresses ("switchport port-security mac-address
sticky") will allow us to enter dynamically learned MAC addresses to running config.
The default number of known secure MAC addresses is one.

4) Specify an action to do when a violation occurred on above conditions.

14 | P a g e

DHCP SPOOFING: - Two types of DHCP attacks can be performed against a switched
network: DHCP starvation attacks and DHCP spoofing. In DHCP starvation attacks, an
attacker floods the DHCP server with DHCP requests to use up all the available IP addresses
that the DHCP server can issue. After these IP addresses are issued, the server cannot issue
any more addresses, and this situation produces a denial-of-service (DoS) attack as new
clients cannot obtain network access.

In DHCP spoofing attacks, an attacker configures a fake DHCP server on the network to
issue IP addresses to clients. The normal reason for this attack is to force the clients to use
false Domain Name System (DNS) or Windows Internet Naming Service (WINS) servers and
to make the clients use the attacker, or a machine under the control of the attacker, as their
default gateway.

15 | P a g e

Solution to DHCP spoofing is DHCP snooping: - DHCP snooping is a DHCP security

feature which provides protection from DHCP starvation attacks by filtering untrusted DHCP
messages.
DHCP snooping feature identifies Switch Ports as "trusted" and "untrusted". DHCP snooping
feature can be used to differentiate between untrusted interfaces (where DHCP clients are
connected) and trusted interfaces (where a DHCP server or another switches are connected).

Trusted ports can send DHCP requests and acknowledgments.

Untrusted ports can only forward DHCP requests only.

DHCP snooping enables the switch to build a DHCP binding table that maps a client MAC
address, IP address, VLAN, and port ID.

16 | P a g e

VLAN Switching Technology: Within a switched internetwork, VLANs provide segmentation and organizational flexibility.
VLANs provide a way to group devices within a LAN. A group of devices within a VLAN
communicate as if they were attached to the same wire. VLANs are based on logical
connections, instead of physical connections.
VLANs allow an administrator to segment networks based on factors such as function,
project team, or application, without regard for the physical location of the user or device.

After creating a VLAN, the next step is to assign ports to the VLAN. An access port can
belong to only one VLAN at a time.

Now for verifying VLAN Information show vlan command is used in privileged mode.

17 | P a g e

Routing Concepts: - Networks allow people to communicate, collaborate, and interact in

many ways. Networks are used to access web pages, talk using IP telephones, participate in
video conferences, compete in interactive gaming, shop using the Internet, complete online
coursework, and more. Ethernet switches function at the data link layer, Layer 2, and are used
to forward Ethernet frames between devices within the same network. However, when the
source IP and destination IP addresses are on different networks, the Ethernet frame must be
sent to a router.

A router connects one network to another network. The router is responsible for the delivery
of packets across different networks. The destination of the IP packet might be a web server
in another country or an email server on the local area network. The router uses its routing
table to determine the best path to use to forward a packet. It is the responsibility of the
routers to deliver those packets in a timely manner. The effectiveness of internetwork
communications depends, to a large degree, on the ability of routers to forward packets in the
most efficient way possible.

When a host sends a packet to a device on a different IP network, the packet is forwarded to
the default gateway because a host device cannot communicate directly with devices outside
of the local network. The default gateway is the destination that routes traffic from the local
network to devices on remote networks. It is often used to connect a local network to the
Internet.

Routing Decisions: - A primary function of a router is to determine the best path to use to
send packets. To determine the best path, the router searches its routing table for a network
address that matches the destination IP address of the packet.
The routing table search results in one of three path determinations:

Directly connected network - If the destination IP address of the packet belongs to a

device on a network that is directly connected to one of the interfaces of the router,
that packet is forwarded directly to the destination device. This means that the
destination IP address of the packet is a host address on the same network as the
interface of the router.

18 | P a g e

Remote network - If the destination IP address of the packet belongs to a remote

network, then the packet is forwarded to another router. Remote networks can only be
reached by forwarding packets to another router.

No route determined - If the destination IP address of the packet does not belong to
either a connected or remote network, the router determines if there is a Gateway of
Last Resort available. A Gateway of Last Resort is set when a default route is
configured on a router. If there is a default route, the packet is forwarded to the
Gateway of Last Resort. If the router does not have a default route, then the packet is
discarded.

The logic flowchart in the figure illustrates the router packet forwarding decision process.

19 | P a g e

Routing Dynamically: - Routing protocols are used to facilitate the exchange of routing
information between routers. A routing protocol is a set of processes, algorithms, and
messages that are used to exchange routing information and populate the routing table with
the routing protocol's choice of best paths. The purpose of dynamic routing protocols
includes:

Discovery of remote networks

Maintaining up-to-date routing information

Choosing the best path to destination networks

Ability to find a new best path if the current path is no longer available

The main components of dynamic routing protocols include:

Data structures - Routing protocols typically use tables or databases for its
operations. This information is kept in RAM.

Routing protocol messages - Routing protocols use various types of messages to

discover neighbouring routers, exchange routing information, and other tasks to learn
and maintain accurate information about the network.

Algorithm - An algorithm is a finite list of steps used to accomplish a task. Routing

protocols use algorithms for facilitating routing information and for best path
determination.

20 | P a g e

Routing protocols can be classified into different groups according to their characteristics.
Specifically, routing protocols can be classified by their:

Purpose - Interior Gateway Protocol (IGP) or Exterior Gateway Protocol (EGP)

Operation - Distance vector, link-state protocol, or path-vector protocol

Behaviour - Classful (legacy) or classless protocol

For example, IPv4 routing protocols are classified as follows:

RIPv1 (legacy) - IGP, distance vector, classful protocol

IGRP (legacy) - IGP, distance vector, classful protocol developed by Cisco

(deprecated from 12.2 IOS and later)

RIPv2 - IGP, distance vector, classless protocol

EIGRP - IGP, distance vector, classless protocol developed by Cisco

OSPF - IGP, link-state, classless protocol

IS-IS - IGP, link-state, classless protocol

BGP - EGP, path-vector, classless protocol

21 | P a g e

Access Control List:- An ACL is a series of IOS commands that control whether a
router forwards or drops packets based on information found in the packet header. ACLs are
among the most commonly used features of Cisco IOS software.
When configured, ACLs perform the following tasks:

Limit network traffic to increase network performance. For example, if corporate

policy does not allow video traffic on the network, ACLs that block video traffic
could be configured and applied. This would greatly reduce the network load and
increase network performance.

Provide traffic flow control. ACLs can restrict the delivery of routing updates. If
updates are not required because of network conditions, bandwidth is preserved.

Provide a basic level of security for network access. ACLs can allow one host to
access a part of the network and prevent another host from accessing the same area.
For example, access to the Human Resources network can be restricted to authorized
users.

Filter traffic based on traffic type. For example, an ACL can permit email traffic, but
block all Telnet traffic.

Screen hosts to permit or deny access to network services. ACLs can permit or deny a
user to access file types, such as FTP or HTTP.

22 | P a g e

Types of ACL:- Since 1993, most administrators have used two basic ACLs: standard and
extended ACLs. Standard IP ACLs can filter on only the source IP address in an IP packet
header, whereas an extended IP ACL can filter on the following:

Source IP address

Destination IP address

TCP/IP protocol, such as IP (all TCP/IP protocols), ICMP, OSPF, TCP, UDP, and
others TCP/IP protocol information, such as TCP and UDP port numbers, TCP code
flags, and ICMP messages

Given the differences between these two types of ACLs, standard ACLs typically are used for
the following configuration tasks on a router:

Restricting access to a router through the VTY lines (Telnet and SSH)

Restricting access to a router through HTTP or HTTPS

Filtering routing updates

Extended ACLs, on the other hand, commonly are used to filter traffic between interfaces on
the router, mainly because of their flexibility in matching on many different fields at Layers
2, 3, and 4.

23 | P a g e

24 | P a g e

A NAT (Network Address Translation or Network Address Translator) is

the virtualization of Internet Protocol (IP) addresses. NAT helps improve security and
decrease the number of IP addresses an organization needs.
The main advantage of NAT (Network Address Translation) is that it can prevent the
depletion of IPv4 addresses:

NAT (Network Address Translation) can provide an additional layer of

security by making the oringinal source and destination addresses hidden.
NAT (Network Address Translation) provides increased flexibility when
connecting to the public Internet.
NAT (Network Address Translation) allows to use your own private IPv4
addressing system and prevent the internal address changes if you change the
service provider.

Types of NAT:Static NAT (Network Address Translation) - Static NAT (Network Address Translation) is
one-to-one mapping of a private IP address to a public IP address. Static NAT (Network
Address Translation) is useful when a network device inside a private network needs to be
accessible from internet.

25 | P a g e

Dynamic NAT (Network Address Translation) - Dynamic NAT can be defined as mapping
of a private IP address to a public IP address from a group of public IP addresses called as
NAT pool. Dynamic NAT establishes a one-to-one mapping between a private IP address to a
public IP address. Here the public IP address is taken from the pool of IP addresses
configured on the end NAT router. The public to private mapping may vary based on the
available public IP address in NAT pool.

PAT (Port Address Translation) - Port Address Translation (PAT) is another type of
dynamic NAT which can map multiple private IP addresses to a single public IP address by
using a technology known as Port Address Translation.

26 | P a g e

Here when a client from inside network communicate to a host in the internet, the router
changes the source port (TCP or UDP) number with another port number. These port
mappings are kept in a table. When the router receive from internet, it will refer the table
which keep the port mappings and forward the data packet to the original sender.

27 | P a g e

GANTT CHART
Days

Introduction
To
Networks

1-5
6-8
8-12
13-17
18-25
26-29
30-37

28 | P a g e

Network
Protocols
and
Communicat
ion

Basic
VLAN and
Switch
Inter VLAN
concepts
routing
and
configurati
on

Routing
Concepts

Access
Control
List

DHCP and
NAT
concepts

Bibliography: -

I took help from the following sources:

http://www.omnisecu.com/ccna-security/what-is-mac-flooding-attack-how-toprevent-mac-flooding-attack.php

https://www.netacad.com/group/landing/v2/learn/

http://www.ciscozine.com/how-a-dhcp-server-works-and-how-to-configure-it-on-acisco-router/

http://www.ciscopress.com/articles/article.asp?p=24090&seqNum=3

29 | P a g e

Future Scope: -

The Internet is used for traditional forms of entertainment. We listen to recording artists,
preview or view motion pictures, read entire books, and download material for future offline
access. Live sporting events and concerts can be experienced as they are happening, or
recorded and viewed on demand.

Networks enable the creation of new forms of entertainment, such as online games. Players
participate in any kind of online competition that game designers can imagine. We compete
with friends and foes around the world as if we were all in the same room.

Even offline activities are enhanced using network collaboration services. Global
communities of interest have grown rapidly. We share common experiences and hobbies well
beyond our local neighbourhood, city, or region. Sports fans share opinions and facts about
their favourite teams. Collectors display prized collections and get expert feedback about
them. Whatever form of recreation we enjoy; networks are improving our experience.

30 | P a g e