You are on page 1of 46

TWO MONTHS INDUSTRIAL TRAINING

REPORT
On
“Networking Technology and devices”

In partial fulfillment of the degree of Bachelor of Technology in Electronics &


Communication Engineering

AT

“North West Institute of Engineering Technology”

Guided by Submitted by
Ravinderjeet Singh Roll No. - 15113354
Branch – E.C.E (4th Sem)

DEPARTMENT OF ELECTRONICS & COMMUNICATION


ENGINEERING
NORTH WEST INSTITUTE OF ENGINEERING & TECHNOLOGY,
DHUDIKE(MOGA)
ACKNOWLEDGEMENT

While presenting this report I would like to express my deep sense of gratitude to entire

Tata CMC academy staff that were indispensable part of my training giving me unending

guidance, inspiration, encouragement and providing me excellent environment throughout my

training at Tata CMC academy. The training was an extremely productive & enriching

experience, not only technically but also from providing practical skills.

I am extremely thankful to Mr. Ravinderjeet Singh who had devoted a lot of time in guiding and

supervising me during my training.

I must place my gratitude towards Mr. Balkrishan Nangla (H.O.D. of C.S.E. Dept.) for their

valuable advice and guidance in carrying out this enjoyable and productive experience, which

provided me a great opportunity to search new horizons.


PREFACE

Technology has rapidly grown in past two-three decades. An engineer without practical
knowledge and skills cannot survive in this technical area. Theoretical knowledge does matter
but it is the practical knowledge that is the difference between the best and the better.
Organizations also prefer experienced engineers than fresher ones due to practical knowledge
and industrial exposure of the former. The practical training is highly conductive for solid
foundation for:-

1. Knowledge and personality

2. Exposure to industrial environment.

3. Confidence building.

4. Enhancement of creativity.

5. Practicality
TABLE OF CONTENTS

Sr. No. DESCRIPTION PAGE NO.

1. COMPANY PROFILE

2. BASIC

3. IP ADDRESS V4

4. IP ROUTING

5. LAN SWITCHING

6. ACL

7. NAT

8. PROJECT

9. REFERCENCES
COMPANY PROFILE
What is Network?
In one network more than one computer connected with each other through centralized device.
They can share files and resources with each other.
LAN
LAN stands for Local Area Network. The scope of the LAN is within one building, one school
or within one lab. In LAN (Hub), media access method is used CSMA/CD in which each
computer sense the carrier before sending the data over the n/w. if carrier is free then you can
transmit otherwise you have to wait or you have to listen. In multiple access each computer have
right that they can access each other. If two computers sense the carrier on same time then the
collision occur. Each computer, in the network, aware about the collision. Now this stop
transmitting and they will use back off algorithm. In which random number is generated. This
number or algorithm is used by each computer. Who has short number or small number, he has
first priority to transmit the data over the network and other computers will wait for their turn.
WAN
WAN stands for Wide Area Network, in which two local area networks are connected through
public n/w. it may be through telecommunication infrastructure or dedicated lines. For e.g: -
ISDN lines, Leased lines etc.
In which we can use WAN devices and WAN technology. You can also connect with your
remote area through existing Internetwork called Internet.
Devices
Hub
Hub is centralized device, which is used to connect multiple workstations. There are two types of
Hub: -
(i) Active Hub
(ii) Passive Hub
it has no special kind of memory. It simply receives the frame (data) and forwards it to all its
nodes except the receiving node. It always performs broadcasting. In case of hub, there is one
collision domain and one broadcast domain. In case of hub, the media access method is used
CSMA/CD (Carrier Sense Multiple Access/Collision Detection).
(i) Active Hub
In Active hub, it receives the frame regenerate and then forward to all its nodes.

(ii) Passive Hub


In Passive hub, it simply receives the frame and forward to all its connected nodes.

You cannot perform LAN segmentation using hub.


Switch

Switch is also used to connect multiple workstations. Switch is more intelligent than hub. It has
special kind of memory called mac address/filter/lookup table. Switch reads mac addresses.
Switch stores mac addresses in its filter address table. Switch when receives frame, it reads the
destination mac address and consult with its filter table. If he has entry in its filter table then he
forwards the frame to that particular mac address, if not found then it performs broadcasting to
all its connected nodes.

Every port has its own buffer memory. A port has two queues one is input queue and
second is output queue. When switch receives the frame, the frame is received in input queue and
forward from output queue. So in case of switch there is no chance or place for collisions. In case
of switch, the media access method is used CSMA/CA (Carrier Sense Multiple Access/ Collision
Avoidance). Switches provide more efficiency, more speed and security.
There are two types of switches: -
(i) Manageable switches (can be configured with console cable).
(ii) Non-manageable switches.
We can perform LAN segmentation by using switches.
Bridge
Bridge is a hardware device, which is used to provide LAN segmentation means it is used for
break the collision domain. It has same functionality as performed by switch. We can use bridge
between two different topologies. It has fewer ports. Each port has a own buffer memory. It
works on Data Link Layer of OSI model. It also read mac address and stores it in its filter table.
In case of bridge there is one broadcast domain.
Router
Router is hardware device, which is used to communicate two different networks. Router
performs routing and path determination. It does not perform broadcast information. There are
two types of routers: -
(i) Hardware Routers are developed by Cisco, HP.
(ii) Software Routers is configured with the help of routing and remote access. This feature is
offered by Microsoft. This feature is by default installed, but you have to enable or configure it.
Hardware routers are dedicated routers. They are more efficient.
But in case of software routers, it has less features, slow performance. They are not very much
efficient.
Lan Card
Lan card is media access device. Lan card provide us connectivity in the network. There is a
RJ45 (Registered Jack) connector space on the Lan card. RJ45 is used in UTP cable. There is
another led which is also called heartbeat of Lan card. When any activity occur it may be
receiving or transmitting any kind of data. This led start blinking and also tell us the status of lan
card.
LAN Topologies
BUS Topology
Cable Type – Coaxial
Connector Type – BNC (Bayonet Neill-Concelman), T type, Terminator
Coaxial – Thick Maximum length – 500 meters
N/w devices 100
Coaxial – Thin Maximum length – 185 meters
N/w devices 30

Star Topology
Cable type - UTP
Connector type - RJ45
Maximum Length – 100 meters (with proper color coding)
UTP (Unshielded Twisted Pair)

STP (Shielded Twisted Pair)

In case of hub media access method will be CSMA/CD.


Ring Topology
Cable - UTP
There is token ring method used, so there is no collision chance.

Ethernet Family

Speed Base band

10 Base 2 200-meter Coaxial cable


10 Base 5 500-meter Thick Coaxial cable
10 Base T 100 meter Twisted Pair (UTP)
10/100(present) Base TX 100 meter UTP
100 Base T4 100 meter UTP 4 Pairs used
100 Base FX up to 4 kms Fiber Optic
1000(Server) Base TX 100 meter UTP
1000 Base FX up to 10 kms Fiber Optic
10000 Base FX Fiber Optic
Color
Green – Green white
Orange – Orange white
Blue – Blue white
Brown – Brown white
Green cable has maximum twists.
Pin Configuration
Cross Straight
1 3 1 1
2 6 2 2
3 1 3 3
6 2 6 6
Straight Cable
1 Orange white - Orange white
2 Orange - Orange
3 Green white - Green white
4 Blue - Blue
5 Blue white - Blue white
6 Green - Green
7 Brown white - Brown white
8 Brown - Brown

Cross Cable
1 Orange white - Green white
2 Orange - Green
3 Green white - Orange white
4 Blue - Blue
5 Blue white - Blue white
6 Green - Orange
7 Brown white - Brown white
8 Brown - Brown
RJ45 Connector

OSI (Open Systems Interconnection) Model


OSI model is the layer approach to design, develop and implement network. OSI provides
following advantages: -
(i) Designing of network will be standard base.
(ii) Development of new technology will be faster.
(iii) Devices from multiple vendors can communicate with each other.
(iv) Implementation and troubleshooting of network will be easy.

(1) Application Layer: -


Application layer accepts data and forward into the protocol stack. It creates user
interface between application software and protocol stack.

(2) Presentation Layer: -


This layer decides presentation format of the data. It also able to performs other function
like compression/decompression and encryption/decryption.

(3) Session Layer: -


This layer initiate, maintain and terminate sessions between different applications. Due to
this layer multiple application software can be executed at the same time.

(4) Transport Layer: -


Transport layer is responsible for connection oriented and connection less
communication. Transport layer also performs other functions like
a. Error checking
b. Flow Control
Buffering
Windowing
Multiplexing
c. Sequencing
d. Positive Acknowledgement
e. Response

(5) Network Layer

This layer performs function like logical addressing and path determination. Each
networking device has a physical address that is MAC address. But logical addressing is
easier to communicate on large size network.

Logical addressing defines network address and host address. This type of addressing is
used to simplify implementation of large network. Some examples of logical addressing
are: - IP addresses, IPX addresses etc.
(6) Data Link Layer
The functions of Data Link layer are divided into two sub layers
a. Logical Link Control
b. Media Access Control

(i) Logical Link Control defines the encapsulation that will be used by the NIC to
delivered data to destination. Some examples of Logical Link Control are
ARPA (Ethernet), 802.11 wi-fi.
(ii) Media Access Control defines methods to access the shared media and
establish the identity with the help of MAC address. Some examples of Media
Access Control are CSMA/CD, Token Passing.

(7) Physical Layer

Physical Layer is responsible to communicate bits over the media this layer deals with the
standard defined for media and signals. This layer may also perform modulation and
demodulation as required.
Router
Router Access Modes
When we access router command prompt the router will display different modes. According to
the modes, privileges and rights are assigned to the user.
User mode
In this mode, we can display basic parameter and status of the router we can test connectivity and
perform telnet to other devices. In this mode we are not enable to manage & configure router.
Privileged mode
In this mo dede, we can display all information, configuration, perform administration task,
debugging, testing and connectivity with other devices. We are not able to perform here
configuration editing of the router.
The command to enter in this mode is ‘enable’. We have to enter enable password
or enable secret password to enter in this mode. Enable secret has more priority than enable
password. If both passwords are configured then only enable secret will work.
Global configuration
This mode is used for the configuration of global parameters in the router. Global parameters
applied to the entire router.
For e.g: - router hostname or access list of router
The command enter in this mode is ‘configure terminal’.
Line configuration mode
This mode is used to configure lines like console, vty and auxiliary. There are main types of line
that are configured.
(i) Console
router(config)#line console 0

(ii) Auxiliary
router(config)#line aux 0

(iii) Telnet or vty


router(config)#line vty 0 4
Interface configuration mode
This mode is used to configure router interfaces. For e.g:- Ethernet, Serial, BRI etc.
Router(config)#interface <type> <number>
Router(config)#interface serial 1
Routing configuration mode

This mode is used to configure routing protocol like RIP, EIGRP, OSPF etc.

Router(config)#router <protocol> [<option>]


Router(config)#router rip
Router(config)#router eigrp 10

Configuring Password

There are five types of password available in a router


(1) Console Password
router#configure terminal
router(config)#line console 0
router(config-line)#password <word>
router(config-line)#login
router(config-line)#exit
to erase password do all steps with no command.
(2) Vty Password
router>enable
router#configure terminal
router(config)#line vty 0 4
router(config-line)#password <word>
router(config-line)#login
router(config-line)#exit
(3) Auxiliary Password
router#configure terminal
router(config)#line Aux 0
router(config-line)#password <word>
router(config-line)#login
router(config-line)#exit
(4) Enable Password
router>enable
router#configure terminal
router(config)#enable password <word>
router(config)#exit
(5) Enable Secret Password
Enable Password is the clear text password.
Router>enable
Router#configure terminal
Router(config)#enable secret <word>
Router(config)#exit
Encryption all passwords
All passwords other than enable secret password are clear text password. We can encrypt all
passwords using level 7 algorithm. The command to encrypt all password are
Router#configure terminal
Router(config)#service password-encryption
Managing Configuration
There are two types of configuration present in a router
(1) Startup Configuration
(2) Running Configuration
(1) Startup configuration is stored in the NVRAM. Startup configuration is used to save settings
in a router. Startup configuration is loaded at the time of booting in to the Primary RAM.
(2) Running Configuration is present in the Primary RAM wherever we run a command for
configuration, this command is written in the running configuration.
To save configuration
Router#copy running-configuration startup-configuration
Or
Router#write

To display running-configuration

Router#show running-configuration

To display startup configuration

Router#show startup-configuration

To erase old configuration

Router#erase startup-configuration
Configuring HostName
Router#configure terminal
Router#hostname <name>
<name>#exit or end or /\z

Configuration Interfaces

Interfaces configuration is one of the most important part of the router configuration. By default,
all interfaces of Cisco router are in disabled mode. We have to use different commands as our
requirement to enable and configure the interface.

Configuring IP, Mask and Enabling the Interface

Router#configure terminal

Router(config)#interface <type> <no>


Router(config-if)#ip address <ip> <mask>
Router(config-if)#no shutdown
Router(config-if)#exit

To configure Interface description


Router#configure terminal

Router(config)#interface <type> <no>

Router(config-if)#description <line>

To display interface status

Router#show interfaces (to show all interfaces)


Router#show interface <type> <no>

This command will display following parameters about an interface


1) Status
2) Mac address
3) IP address
4) Subnet mask
5) Hardware type / manufacturer
6) Bandwidth
7) Reliability
8) Delay
9) Load ( Tx load
Rx load)
10) Encapsulation
11) ARP type (if applicable)
12) Keep alive

Configuring secondary IP

Router#config terminal
Router(config)#interface <type> <no>
Router(config-if)#IP address 192.168.10.5 255.255.255.0
Router(config-if)#IP address 192.168.10.18 255.255.255.0 secondary
Router(config-if)#no shutdown (to enable the interface because they always shutdown)
Router(config-if)#exit

Router#show run (to display secondary IP)

To display commands present in history

Router#show history

To display history size

Router#show terminal

Configuring Banners
Banners are just a message that can appear at different prompts according to the type. Different
banners are: -

Message of the day (motd)


This banner appear at every access method
IP Address v4
IP address is a 32-bit address. It is divided into four octets. Each octet has 8 bits. It has two parts
one is network address and second is host address. in local area network, we can used private IP
address, which is provided by IANA (Internet Assigning Numbering Authority). IP addresses are
divided into five classes.
Class Range N/w bits Host bits Subnet mask Total IP Valid IP
A 1 – 126 8 24 255.0.0.0 16777216 16777214
B 128 – 191 16 16 255.255.0.0 65536 65534
C 192 – 223 24 8 255.255.255.0 256 254
D 224 – 239 it is reserved for multicast.
E 240 – 255 it is reserved for research/scientific use.
We can use first three classes. IANA provides private IP addresses from first three classes.
Class Private IP Range
A 10.0.0.0 – 10.255.255.255
B 172.16.0.0 – 172.31.255.255
C 192.168.0.0 – 192.168.255.255

Subnet Mask
Subnet mask is also 32-bit address, which tell us how many bits are used for network and how
many bits are used for host address.
In Subnet mask Network bits are always 1 and Host bits are always 0.
When we are going to assign IP addresses to our computers then we have to follow some rules.
Rules: -
(1) All Host bits cannot be 0 (10.0.0.0), because it represent network address which is reserved
for router.
(2) All Host bits cannot be 1 (10.255.255.255), because this is broadcast address of that network
(10th network).
(3) All bits cannot be 0 (0.0.0.0), because this address is reserved for Default routing. Default
routing is used in case of Stub n/w (means our network has one exit point).
(4) All bits cannot be 1 (255.255.255.255), because this is reserved for Broadcasting.
(5) 127.0.0.1 - This is Loopback address, which is used for self-communication or
troubleshooting purpose.
C:\>ipconfig
C:\>ipconfig/all
It shows all detail.

IP Routing
When we want to connect two or more networks using different n/w addresses then we have to
use IP Routing technique. The router will be used to perform routing between the networks. A
router will perform following functions for routing.
(1) Path determination
(2) Packet forwarding

(1) Path determination


The process of obtaining path in routing table is called path determination. There are three
different methods to which router can learn path.
i) Automatic detection of directly connected n/w.
ii) Static & Default routing
iii) Dynamic routing

(2) Packet forwarding


It is a process that is by default enable in router. The router will perform packet forwarding
only if route is available in the routing table.

Static Routing

In this routing, we have to use IP route commands through which we can specify routes for
different networks. The administrator will analyze whole internetwork topology and then specify
the route for each n/w that is not directly connected to the router.

Steps to perform static routing

(1) Create a list of all n/w present in internetwork.


(2) Remove the n/w address from list, which is directly connected to n/w.
(3) Specify each route for each routing n/w by using IP route command.

Router(config)#ip route <destination n/w> <mask> <next hop ip>

Next hop IP it is the IP address of neighbor router that is directly connected our router.

Static Routing Example: -


Router#conf ter
Router(config)#ip route 10.0.0.0 255.0.0.0 192.168.10.2

Advantages of static routing

(1) Fast and efficient.


(2) More control over selected path.
(3) Less overhead for router.

Disadvantages of static routing

(1) More overheads on administrator.


(2) Load balancing is not easily possible.
(3) In case of topology change routing table has to be change manually.

Alternate command to specify static route

Static route can also specify in following syntax: -


Old
Router(config)#ip route 172.16.0.0 255.255.0.0 172.25.0.2
Or
Router(config)#ip route 172.16.0.0 255.255.0.0 serial 0

Default Routing
Default routing means a route for any n/w. these routes are specify with the help of following
syntax: -
Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop>
Or
<exit interface>

To display routing table

Router#sh ip route

To check all the interface of a router

Router#sh interface brief


Dynamic Routing
In dynamic routing, we will enable a routing protocol on router. This protocol will send its
routing information to the neighbor router. The neighbors will analyze the information and write
new routes to the routing table.
The routers will pass routing information receive from one router to other router also. If
there are more than one path available then routes are compared and best path is selected. Some
examples of dynamic protocol are: -
RIP, IGRP, EIGRP, OSPF

Types of Dynamic Routing Protocols

According to the working there are two types of Dynamic Routing Protocols.
(1) Distance Vector
(2) Link State

According to the type of area in which protocol is used there are again two types of protocol: -
(1) Interior Routing Protocol
(2) Exterior Routing Protocol

Configuring RIP
Router#conf ter
Router(config)#router rip
Router(config-router)#network <own net address>
Router(config-router)#network <own net address>
--------------
--------------
Router(config-router)#exit
172.16.0.6

10.0.0.1 172.16.0.5 175.2.1.1


R
1 200.100.100.12

Router(config-router)#network 10.0.0.0
Router(config-router)#network 172.16.0.0
Router(config-router)#network 200.100.100.0

175.2.0.0 via 172.16.0.6


Configuring IGRP

Router(config)#router igrp <as no>(1 – 65535)


Router(config-router)#network <net address>
Router(config-router)#network <net address>
Router(config-router)#exit

Serial E1 modem Serial E1

2048 k 2048 k
256 k
sync

Configuring following options in IGRP as same as in case of RIP: -

(1) Neighbor
(2) Passive interface
(3) Timer
(4) Distance (AD)
(5) Maximum path

Link State Routing

This type of routing is based on link state. Its working is explain as under

(1) Each router will send Hello packets to all neighbors using all interfaces.
(2) The router from which Hello reply receive are stored in the neighborship table. Hello packets
are send periodically to maintain the neighbor table.
(3) The router will send link state information to the all neighbors. Link state information from
one neighbor is also forwarded to other neighbor.
(4) Each router will maintain its link state database created from link state advertisement
received from different routers.
(5) The router will use best path algorithm to store the path in routing table.
Problems of Link State Routing

The main problems of link state routing are: -


(1) High bandwidth consumption.
(2) More hardware resources required that is processor and memory (RAM)

The routing protocols, which use link state routing are: -


(1) OSPF
(2) EIGRP

Enhanced Interior Gateway Routing Protocol

Features: -
* Cisco proprietary
* Hybrid protocol
Link State
Distance Vector
* Multicast Updates using
Address 224.0.0.10
* Support AS
* Support VLSM
* Automatic Route Summarization
* Unequal path cost load balancing
* Metric (32 bit composite)
Bandwidth
Delay
Load
Reliability
MTU
* Neighbor Recovery
* Partial updates
* Triggered updates
* Backup Route

Configuring EIGRP
Router(config)#router eigrp <as no>
Router(config-router)#network <net addr.>
Router(config-router)#network <net addr.>
Router(config-router)#exit
OSPF Terminology

Already known topics in this: -


(1) Hello packets
(2) LSA (Link State Advertisement)
(3) Neighbor
(4) Neighbor table
(5) Topology table (LSA database)

Router ID

Router ID is the highest IP address of router interfaces. This id is used as the identity of the
router. It maintaining link state databases. The first preference for selecting router ID is given to
the Logical interfaces. If logical interface is not present then highest IP of physical interface is
selected as router id.

Backup Designated Router


This router will work as backup for the designated router. In BDR mode, it will receive all
information but do not forward this information to other non-DR router.

Commands to configure OSPF

Router#conf ter
Router(config)#router ospf <process no>
Router(config-router)#network <net address> <wild mask> area <area id>
Router(config-router)#network <net address> <wild mask> area <area id>
Router(config-router)#exit

Wild Mask – Complement of subnet mask

Example 255.255.0.0
0.0.255.255

255.255.255.255
- Subnet mask

Wild mask

255.255.255.255
- 255.255.192.0 subnet mask

0.0.63.255 wild mask


R1
Router(config)#router ospf 33
Router(config-router)#network 200.100.100.32 0.0.0.3 area 0
Router(config-router)#network 200.100.100.64 0.0.0.31 area 0
Router(config-router)#exit

R2
Router(config)#router ospf 2
Router(config-router)#network 200.100.100.32 0.0.0.3 area 0
Router(config-router)#network 200.100.100.128 0.0.0.63 area 0
Router(config-router)#exit

LAN Switching

Ethernet switches are used in LAN to create Ethernet n/ws. Switches forward the traffic on the
basis of MAC address. Switches maintain a Mac Addresse table in which mac addresses and port
no.s are used to perform switching decision. Working of bridge and switch is similar to each
other.
Classification of switches
Switches are classified according to the following criteria: -

Types of switches based on working

(1) Store & Forward


This switch receives entire frame then perform error checking and start forwarding data to
the destination.

(2) Cut through


This switch starts forwarding frame as soon as first six bytes of the frame are received.

(3) Fragment-free
This switch receives 64 bytes of the frame, perform error checking and then start forwarding
data.

(4) Adaptive cut-through


It changes its mode according the condition. If it see there are errors in many frames then it
changes to Store & Forward mode from Cut through or Fragment-free.

Types of switches based on management

(1) Manageable switches


(2) Non-Manageable switches
(3) Semi-Manageable switches
Types of switches based on OSI layer

(1) Layer 2 switches (only switching)


(2) Layer 3 switches (switching & routing)

Types of switches based on command mode (only in Cisco)

(1) IOS based


(2) CLI based

Type of switches based on hierarchical model

(1) Core layer switches


(2) Distribution layer switches
(3) Access layer switches

Qualities of switch

- No. of ports
- Speed of ports
- Type of media
- Switching or wire speed or throughput

Basic Switch Administration

IOS based switches are similar to the routers. We can perform following function on switches in
a similar manner as performed on router.
(1) Access switch using console
(2) Commands to enter & exit from different mode
(3) Commands to configure passwords
(4) Manage configuration
(5) Backup IOS and configuration
(6) Configuring and resolving hostnames
(7) Managing telnet
(8) Configuring CDP
(9) Configuring time clock
(10) Configuring Banners
(11) Command line shortcuts and editing shortcuts
(12) Managing history
(13) Configure logging
(14) Boot system commands

Following function and options are not similar in router and switch.
(1) Default hostname is ‘Switch’
(2) Auxiliary port is not present
(3) VTY ports are mostly 0 to 15
(4) By default interfaces are enabled
(5) IP address cannot be assign to interfaces
(6) Routing configuration mode is not present
(7) Interface no. starts from 1
(8) Web access is by default enabled
(9) Configuration registry is not present in similar manner
(10) Flash memory may contain multiple files and startup-configuration is also saved in flash

Configuring IP and Gateway on switch

We can configure IP address on switch for web access or telnet IP address is required for the
administration of the switch. If we have to access switch from remote n/w then we will configure
default gateway in addition to IP address.
IP address is assigned to the logical interface of switch with following command:-
Switch(config)#interface vlan 1
Switch(config)#IP address <ip> <mask>
Switch(config)#no sh
Switch(config)#exit

Old Switches

Switch(config)#ip address <ip> <mask>


Switch(config)#exit

Configuring Gateway

Switch(config)#ip default-gateway <ip>


Switch(config)#exit

Breaking Switch Password

(1) Power off switch press mode button present in front of switch then power on the switch.
(2) Keep mode button press until ‘Switch:’ prompt appears on console.
(3) In switch monitor mode, type following commands: -
flash_init
load_helper
rename flash:config.text flash:<anyname>
dir flash:
boot
(4) After booting switch will prompt to enter in initial configuration dialog. Enter ‘no’ here and
type.
Switch>enable
Rename flash:<anyname> Flash:config.text
Configure memory
Change password and save config. Then copy run start_config.

Logical Segmentation of Network

To perform logical segmentation, we have to create VLAN in the network. With the help of
VLAN, we can logically divide the broadcast domain of the network.

VLAN (Virtual LAN)


VLAN provides Virtual Segmentation of Broadcast Domain in the network. The devices, which
are member of same Vlan, are able to communicate with each other. The devices of different
Vlan may communicate with each other with routing. So that different Vlan devices will use
different n/w addresses. Vlan provides following advantages: -
(1) Logical Segmentation of network
(2) Enhance network security

Creating port based Vlan

In port based Vlan, first we have to create a Vlan on manageable switch then we have to add
ports to the Vlan.

Commands to create Vlan

Switch#config ter
Switch(config)#vlan <no>
[name <word>]
Switch(config)#exit optional

Or

Switch#vlan database
Switch(vlan)#vlan <no>
[name <word>]
Switch(vlan)#exit

Commands to configure ports for a Vlan

By default, all ports are member of single vlan that is Vlan1. we can change vlan membership
according to our requirement.
Switch#conf ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport access vlan <no>
Switch(config-if)#exit
Commands to configure multiple ports in a vlan

Switch#conf ter
Switch(config)#interface range <type> <slot/port no (space)–(space) port no>
Switch(config-if)#switchport access vlan <no>
Switch(config-if)#exit

Example: - Suppose we want to add interface fast Ethernet 0/10 to 0/18 in vlan5
Switch#config ter
Switch(config)#interface range fastethernet 0/10 – 18
Switch(config-if)#switchport access vlan 5
Switchconfig-if#exit

In 1900 & Compatible switches

Switch#config ter

Switch(config)#interface <type> <no>


Switch(config-if)#vlan-membership static <vlan no>
Switch(config-if)#exit

To Disable web access in switch

Switch#config ter
Switch(config)#no ip http server

To display mac address table

Switch#sh mac-address-table

Vlan Mac address type ports


20 00-08-a16-ab-6a-7b dynamic fa0/7

To Display Vlan and port membership

Switch#sh vlan

Trunking

When there are multiple switches then we have to use trunk links to connect one switch with
other. If we are not using trunk links then we have to connect one cable from each vlan to the
corresponding vlan of the other switch.
Switches will perform trunking with the help of frame tagging. The trunk port will send data
frames by adding a Vlan id information to the frame, at the receiving end vlan id information is
removing from the end and according to the tag data is delivered to the corresponding vlan.
There are two protocols to perform frame tagging.
(1) Inter switch link (cisco prop)
(2) IEEE 802.1 q

Configuring Trunking

In cisco switches all switch ports may be configured in three modes

(1) Trunk desirable (default)


(2) Trunk on
(3) Trunk off

Switch#conf ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport mode <trunk|access|auto>
Switch(config-if)#exit on off desirable

To configure Vlans allowed on Trunk

By default all Vlans are allowed on Trunk port. We can add/remove a partucular Vlan from trunk
port with following command
Switch#config ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport trunk allowed vlan all
Remove <vlan>
Add <vlan>
Except <vlan>

To display trunk interfaces

Switch#sh interface trunk


Switch#sh interface <type> <no> trunk

Inter Vlan Communication

After creating Vlans, each Vlan has own broadcast domain. If we want communication from one
Vlan to another Vlan then we need to perform routing. There are three methods for inter vlan
communication.
(1) Inter Vlan using multi-interface router
(2) Inter Vlan using router on a stick method
(3) Inter Vlan using layer 3 switch
1751, 2621 routers supports Vlan
(1) Inter Vlan using multi-interface router
In this case, we have to connect one interface of router in each Vlan. This interface will act as
gateway for the corresponding vlan. Each Vlan has to use different n/w addresses. Data from one

Vlan to another Vlan will travel by router.


Router
10.0.0.1 12.0.0.1
E0 E2
E1
11.0.0.1

Vlan1 Vlan3
Vlan5
1, 3, 5 T T
T
1 3 1 3 5 1 3
N/w 5
10.x.x.x 11.x.x.x 5 12.x.x.x
Gateway 10.0.0.1 11.0.0.1 12.0.0.1
(2) Inter Vlan using router on a stick method
In this method a special router is used for Inter Vlan. In this router, we can create one
interface for each Vlan. The physical interface of router will be connected on trunk port switch.
This router will route traffic on the same interface by swapping vlan id information with the help
of frame tagging protocol.

Router Fa 0/0.1 – 10.0.0.1 -> Vlan1


Fa 0/0.2 – 11.0.0.1 -> Vlan3
Fa 0/0.3 – 12.0.0.1 -> Vlan5
Fa 0/0

Trunk
T T
Vlan 1, 3, 5
T

T T T
1 3 5 1 3 5 1 3 5

N/w 10.x.x.x 11.x.x.x 12.x.x.x


Gateway 10.0.0.1 11.0.0.1 12.0.0.1
Configuration on Router
Router#config ter
Router(config)#interface fastethernet 0/0
Router(config-if)#no ip address
Router(config-if)#no sh
Router(config-if)#exit

Router(config)#interface fastethernet 0/0.1


Router(config-if)#encapsulation dot1q 1
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit

Router(config)#interface fastethernet 0/0.2


Router(config-if)#encapsulation dot1q 3
Router(config-if)#ip address 11.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit

Router(config)#interface fastethernet 0/0.3


Router(config-if)#encapsulation dot1q 5
Router(config-if)#ip address 12.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit

Access Control List


ACL are the basic security feature that is required in any network to control the flow of traffic.
Most of time our network may have servers and clients for which traffic control is required.
We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality
of Service), Prioritize traffic and interesting traffic for ISDN.

Classification Access Control List: -

Types of ACL based on Protocol: -


(1) IP Access Control List
(2) IPX Access Control List
(3) Appletalk Access Control List

Types of ACL based on Feature: -


(1) Standard ACL
(2) Extended ACL

Types of ACL based on Access mode: -


(1) Numbered ACL
(2) Named ACL
Types of ACL based on Order of rules: -
(1) Deny, permit
(2) Permit, deny
IP Standard ACL (Numbered)
In Standard ACL, we are only able to specify source address for the filtering of packets. The
syntax to create IP standard ACL are: -

Router#conf ter
Router(config)#access-list <no> <permit|deny> <source>
Router(config)#exit

<source> Single pc host 192.168.10.5


192.168.10.5
192.168.10.5 0.0.0.0

N/w 200.100.100.0 0.0.0.255

Subnet 200.100.100.32 0.0.0.15

Applying ACL on interface

Router#conf ter
Router(config)#interface <type> <no>
Router(config-if)#ip access-group <ACL no.> <in|out>
Router(config-if)#exit

Internet

Router

Router(config)#access-list 25 permit 192.168.10.32 0.0.0.31


Router(config)#access-list 25 permit 192.168.10.64 0.0.0.3
Router(config)#access-list 25 permit 192.168.10.68
Router(config)#access-list 25 permit 192.168.10.69
Router(config)#access-list 25 permit 192.168.10.70

Router(config)#interface serial 0
Router(config-if)#ip access-group 25 out

IP Standard ACL (Named)


In Numbered ACL editing feature is not available that is we are not able to delete single rule
from the ACL. In Named ACL editing feature is available.

Router#config ter
Router(config)#ip access-list standard <name>
Router(config-std-nacl)#<deny|permit> <source>
Router(config-std-nacl)#exit
Router#conf ter
Router(config)#ip access-list standard abc
Router(config-std-nacl)#deny 172.16.0.16
Router(config-std-nacl)#deny 172.16.0.17
Router(config-std-nacl)#deny 172.16.0.18
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit

To modify the ACL

Router#conf ter
Router(config)#ip access-list standard abc
Router(config-std-nacl)#no deny 172.16.0.17
Router(config-std-nacl)#exit

IP Extended ACL (Numbered)


Extended ACL are advanced ACL. ACL, which can control traffic flow on the basis of five
different parameters that are: -
(i) Source address
(ii) Destination address
(iii) Source port
(iv) Destination port
(v) Protocol (layer 3/layer 4)

The syntax to create Extended ACL

Router#conf ter
Router(config)#access-list <no> <deny|permit> <protocol> <source> [<s.port>]
<destination> [<d.port>]
router(config)#exit
To display ACL

Router#show access-lists or
Router#show access-list <no>

To display ACL applied on interface

Router#show ip interface

Router#show ip interface <type> <no>


Router#show ip interface Ethernet 0
Time-Based ACLs
In this you can specify a certain time of day and week and then identity that particular period by
giving it a name referenced by a task. The reference function will fall under whatever time
constraints you have dictated. The time period is based upon the router’s clock, but it is highly
recommended that using it in conjunction with Network Time Protocol (NTP) synchronization.

Router#conf ter
Router(config)#time-range no-http
Router(config-time-range)#periodic <Wednesday|weekdays|weekend> 06:00 to 12:00
Router(config-time-range)#exit

Router(config)#time-range tcp-yes
Router(config-time-range)#periodic weekend 06:00 to 12:00
Router(config-time-range)#exit

Router(config)ip access-list extended time


Router(config-ext-nacl)#deny tcp any any eq www time-range no-http
Router(config-ext-nacl)#permit tcp any any time-range tcp-yes

Router(config-ext-nacl)#interface f0/0
Router(config-if)#ip access-group time in
Router(config-if)#do show time-range

Network Address Translation

NAT is the feature that can be enable in a Router, Firewall or a Pc. With the help of NAT, we are
able to translate network layer addresses that are IP addresses of packets. With the help of Port
Address Translation, we are also able to translate port no.s present in transport layer header.
There are two reasons due to which we use NAT: -

(1) Conserve Live IP address


On Internet, there are limited no of IP addresses. If our Pc wants to communicate on Internet
then it should have a Live IP address assigned by our ISP. So that IP address request will depend
on no. of PCs that we want to connect on Internet. Due to this, there will be a lot of wastage in IP
addresses. To reduce wastage, we can share live IP addresses between multiple PCs with the help
of NAT.

(2) NAT enhances the network security by hiding PC & devices behind NAT.

Types of NAT

Static NAT

This NAT is used for servers in which one Live IP is directly mapped to one Local IP. This NAT
will forward on the traffic for the Live IP to the Local PC in the n/w.

Static NAT
200.1.1.5 = 192.168.10.6
Internet
Route
r
Live 200.1.1.5

Local 192.168.10.6

Dynamic NAT

Dynamic NAT is used for clients, which want to access Internet. The request from multiple
client IPs are translated with the Live IP obtained from the Pool. It is also called Pool Based
Dynamic NAT.
Pool => 200.1.1.8 – 200.1.1.12/28
Local address => 172.16.X.X
Except => 172.16.0.5 Internet
172.16.0.6
172.16.0.7

Route
r

Web Server DNS Full access 172.16.X.X


172.16.0.5 172.16.0.6 172.16.0.7

Configuring NAT

Router#conf ter
Router(config)#int serial 0
Router(config-if)#ip nat outside
Router(config-if)#int eth 0
Router(config-if)#ip nat inside
Router(config-if)#exit

Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3


Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4 80
Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4 53

Router(config)#access-list 30 deny 172.16.0.5


Router(config)#access-list 30 deny 172.16.0.6
Router(config)#access-list 30 deny 172.16.0.7
Router(config)#access-list 30 permit any
Router(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask 255.255.255.240
Router(config)#ip nat inside source list 30 pool abc overload

NAT + PAT
Command for Basic NAT

Router(config)#ip nat inside source list 30 interface seen


<exiting interface name>

To display NAT translation

Router#sh ip nat translations


(after ping any address, it shows ping details)

To clear IP NAT Translation

Router#clear ip nat Translation *


DESIGN A PRESALES PROPOSAL FOR NETWORK SETUP IN AN ORGANIZATION

PROJECT REPORT
The project is based on the concepts of networking. It includes configuring different network
devices like Router, Switch, Bridge & connecting it with Hubs & PCs by using different types of
connecting wires by allocating the IP Addresses to all the interfaces after the sebneting of
network id . The beauty of configuring network devices is that it helps users access the network
with few constraints like allowing some to access the website but not allowing them to access the
mail server on the internet on private IP address which are otherwise excluded by internet service
provider (ISP).
We have used inter VLAN technology to make work efficient between 4 different and
independent departments .

DESCRIPTION
We have four different departments in a organization. We have purchased a network id and
devide that network id into number of small network ids by using Variable Length
Subnetmask(VLSM).
We have used Wi-Fi in our campus by using Wirelee Router. We have used 5
Routers & apply various configuration settings on each router.
On Router1 we have configured NAT with translates private range of IPs into
public range. We have used Router 2 as Internet Service Provider (ISP). Extented Access Control
List has been applied to Router 3.Router 4 is used only to connect Campus LAB with the
network. Switch 2 connected with Router 5 is used to create VLANs.
We also have a separate network in our cafeteria and we have used a PC as a
router to connect that network to the campus network.

CONFIGURATION
FOR ROUTER1
%SYS-5-CONFIG_I: Configured for ROUTER1
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname ROUTER1
ROUTER1(config)#line console 0
ROUTER1(config-line)#password net
ROUTER1(config-line)#login
ROUTER1(config-line)#exit
ROUTER1(config)#line vty 0 4
ROUTER1(config-line)#password net
ROUTER1(config-line)#login
ROUTER1(config-line)#exit
ROUTER1(config)#enable password net
ROUTER1(config)#enable secret net1
ROUTER1(config)#int f0/0
ROUTER1(config-if)#no sh

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up


ROUTER1(config-if)#exit
ROUTER1(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-


subif)#encapsulation dot1q 2
ROUTER1(config-subif)#ip nat inside
ROUTER1(config-subif)#ip address 10.0.0.1 255.0.0.0
ROUTER1(config-subif)#no sh
ROUTER1(config-subif)#exit
ROUTER1(config)#int f0/0.2

ROUTER1(config-subif)#encapsulation dot1q 3
ROUTER1(config-subif)#ip nat inside
ROUTER1(config-subif)#ip address 192.168.10.1 255.255.255.240
ROUTER1(config-subif)#no sh
ROUTER1(config-subif)#exit
ROUTER1(config)#int s0/0/0
ROUTER1(config-if)#ip nat outside
ROUTER1(config-if)#clock rate 64000
ROUTER1(config-if)#ip address 200.10.10.5 255.255.255.252
ROUTER1(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down


ROUTER1(config-if)#exit
ROUTER1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0
We have place our web server in the private area so that the internet client cannot directly access
it. So, we have configured static nat and open port number 80(http) only.
ROUTER1(config)#ip nat inside source static tcp 10.0.0.2 80 200.10.10.17 80

In our Routeranisation our clients want to access internet so we will configure dynamic nat with
overload for clients.

ROUTER1(config)#access-list 20 permit any


ROUTER1(config)#ip nat pool abc 200.10.10.18 200.10.10.18 netmask 255.255.255.240
ROUTER1(config)#ip nat inside source list 20 pool abc overload
ROUTER1(config)#exit

FOR SWITCH 1

Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 2 name server
VLAN 2 added:
Name: server
Switch(vlan)#vlan 3 name clients
VLAN 3 added:
Name: clients
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#int range f0/2 - 3
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit
Switch(config)#int f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#exit
Switch#wr

FOR ROUTER2

Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname ROUTER2
ROUTER2(config)#line console 0
ROUTER2(config-line)#password net
ROUTER2(config-line)#login
ROUTER2(config-line)#exit
ROUTER2(config)#line vty 0 4
ROUTER2(config-line)#password net
ROUTER2(config-line)#login
ROUTER2(config-line)#exit
ROUTER2(config)#enable password net
ROUTER2(config)#enable secret net1
ROUTER2(config)#int f0/0
ROUTER2(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
ROUTER2(config-if)#exit
ROUTER2(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-


subif)#encapsulation dot1q 2
ROUTER2(config-subif)#ip nat inside
ROUTER2(config-subif)#ip address 10.0.0.1 255.0.0.0
ROUTER2(config-subif)#no sh
ROUTER2(config-subif)#exit
ROUTER2(config)#int f0/0.2

ROUTER2(config-subif)#encapsulation dot1q 3
ROUTER2(config-subif)#ip nat inside
ROUTER2(config-subif)#ip address 192.168.10.1 255.255.255.240
ROUTER2(config-subif)#no sh
ROUTER2(config-subif)#exit
ROUTER2(config)#int s0/0/0
ROUTER2(config-if)#ip nat outside
ROUTER2(config-if)#clock rate 64000
ROUTER2(config-if)#ip address 200.10.10.9 255.255.255.252
ROUTER2(config-if)#no sh
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down
ROUTER2(config-if)#exit
ROUTER2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0
ROUTER2(config)#ip nat inside source static 10.0.0.2 200.10.10.33
ROUTER2(config)#access-list 20 permit any
ROUTER2(config)#ip nat pool abc 200.10.10.34 200.10.10.36 netmask 255.255.255.240
ROUTER2(config)#ip nat inside source list 20 pool abc
ROUTER2(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
ROUTER2#wr
Building configuration...
[OK]
ROUTER2#
FOR SWITCH 2

Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 2 name server
VLAN 2 added:
Name: server
Switch(vlan)#vlan 3 name clients
VLAN 3 added:
Name: clients
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#int range f0/2 - 3
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit
Switch(config)#int f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#exit
Switch#wr

FOR ROUTER3
Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname ROUTER3
ROUTER3(config)#line console 0
ROUTER3(config-line)#password net
ROUTER3(config-line)#login
ROUTER3(config-line)#exit
ROUTER3(config)#line vty 0 4
ROUTER3(config-line)#password net
ROUTER3(config-line)#login
ROUTER3(config-line)#exit
ROUTER3(config)#enable password net
ROUTER3(config)#enable secret net1
ROUTER3(config)#int f0/0
ROUTER3(config-if)#no sh
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
ROUTER3(config-if)#exit
ROUTER3(config)#int f0/0.1

%LINK-5-CHANGED: Interface FastEthernet0/0.1, changed state to upRouter(config-


subif)#encapsulation dot1q 2
ROUTER3(config-subif)#ip nat inside
ROUTER3(config-subif)#ip address 10.0.0.1 255.0.0.0
ROUTER3(config-subif)#no sh
ROUTER3(config-subif)#exit
ROUTER3(config)#int f0/0.2
ROUTER3(config-subif)#encapsulation dot1q 3
ROUTER3(config-subif)#ip nat inside
ROUTER3(config-subif)#ip address 192.168.10.1 255.255.255.240
ROUTER3(config-subif)#no sh
ROUTER3(config-subif)#exit
ROUTER3(config)#int s0/0/0
ROUTER3(config-if)#ip nat outside
ROUTER3(config-if)#clock rate 64000
ROUTER3(config-if)#ip address 200.10.10.13 255.255.255.252
ROUTER3(config-if)#no sh

%LINK-5-CHANGED: Interface Serial0/0/0, changed state to down


ROUTER3(config-if)#exit
ROUTER3(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0
ROUTER3(config)#ip nat inside source static 10.0.0.2 200.10.10.50
ROUTER3(config)#access-list 20 permit any
ROUTER3(config)#ip nat pool abc 200.10.10.51 200.10.10.51 netmask 255.255.255.240
ROUTER3(config)#ip nat inside source list 20 pool abc overload
ROUTER3(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
ROUTER3#wr
Building configuration...
FOR SWITCH 3
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 2 name server
VLAN 2 added:
Name: server
Switch(vlan)#vlan 3 name clients
VLAN 3 added:
Name: clients
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#int range f0/2 - 3
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit
Switch(config)#int f0/24
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#exit
Switch#wr

REFERENCES

 Wikipedia
 Google
 www.edu.ac.in
 CISCO

You might also like