NETWORKING TECHNOLOGIES REPORT

ABSTRACT

The report is prepare during industrial training as a part of summer internship program conducted after the end term of 6th semester B.Tech program. This period provided me an opportunity to give theoretical knowledge a practical implementation. The report is a result of seven weeks industrial training that I underwent at CDAC, Mohali. Joining CDAC as a trainee gave me an excellent platform at the onset of my professional carrier. I whole heartedly thank the organization and especially their Network Department for provided me an opportunity to work on the Router, switches (layer 2 and layer 3) & hubs and hence bringing out the best in me, alongside developing my talents & improving my skills, not just technically but also laying a firm foundation for all round personality development. Co-operating and working with a team helped me explore my potential & perform better. This report deals with the network scenario and how the connection is made in the university and organizations. The report also includes the pictorial scenario of network using Edraw.

SEC, Sikar

Page 1

NETWORKING TECHNOLOGIES REPORT

Chapter 1 Introduction 1) Networking Basics:1.1) What is Network?

A network is a group of computer connected together in a way that allows information to be exchanged between the computers.

1.2) Network Classification: A network is classified into three parts according to geographical area they occupies:a)LAN:-Local Area Network:-It is a high speed data network that covers a relatively small geographic area it typically connects workstation,PC,printers,servers and other devices. LANs offer computer user may advantages including shared access to device and applications, file exchange between connected users. Its range is 10 km. b) WAN:- Wide Area Network:-A computer network that shared a relative large geographical areas. Typically a WAN consists of two or more Local Area Network.

1.3) Network Topologies: A topology is a way of laying out the network.

SEC, Sikar

Page 2

NETWORKING TECHNOLOGIES REPORT

Network Topologies

Physical

Logical

Bus

Star

Ring

Mash

Hybrid

Ethernet

Token Ring

FDDI

Fig 1.1 Network Topology

Its a 2 level hierarchical Structure in which the diagrammatic view of each and every network is shown and its types are shown in fig 1.1. Two types of topologies are present 1.)Physical: Physical is also divided into 5 types as shown in above fig. 2.)Logical: Logical is divided into 3 types as shown in fig.

SEC, Sikar

Page 3

NETWORKING TECHNOLOGIES REPORT

Chapter 2 Network Models

2) Network Model: It is a model we used to develop our network it is mainly classified into two parts.

2.1) OSI Reference Model:-

Fig.2.1 Layer Structure

Application Layer: Provides network services to application processes (such as electronic mail, file transfer, and terminal emulation)

Presentation Layer: Data representation Ensures data is readable by receiving system Format of data

SEC, Sikar

Page 4

NETWORKING TECHNOLOGIES REPORT

Negotiates data transfer syntax for application layer

Session Layer: - Inter-host communication Establishes, manages, and terminates sessions between applications

Transport Layer: End-to-end connection reliability Concerned with data transport issues between hosts Data transport reliability Establishes, maintains, and terminates virtual circuits Fault detection and recovery Information flow control

Network Layer: Addresses and best path Provides connectivity and path selection between two end systems Domain of routing

Data Link Layer: Access to media Provides reliable transfer of data across media Physical addressing, network topology, error notification, flow control

Physical Layer: Binary transmission Wires, connectors, data rates

SEC, Sikar

Page 5

NETWORKING TECHNOLOGIES REPORT

2.2) TCP/IP

A suite of protocols Rules of that information dictate are how sent packets across

multiple networks Addressing Error checking

Fig. 2.2 sender and receiver layering

SEC, Sikar

Page 6

NETWORKING TECHNOLOGIES REPORT

TCP/IP Layer: Application layer File Transfer Protocol (FTP) Remote Login (Telnet) E-mail (SMTP)

Transport layer Transport Control Protocol (TCP) User Datagram Protocol (UDP)

Network layer Internet Protocol (IP)

Data link & physical layer LAN Ethernet, Token Ring, FDDI, etc. WAN Serial lines, Frame Relay, X.25, etc.

SEC, Sikar

Page 7

NETWORKING TECHNOLOGIES REPORT

Chapter 3 Transmission Media

3) Transmission Media: -Means through which data are transmitted and received.
Transmission media can be understood by the following hierarchy.

Transmission Media

Wired

Wire Less

Twisted Pair

Coaxial

Fiber Optic

Infra-red

Radio Wave

Fig.3.1 Transmission

SEC, Sikar

Page 8

NETWORKING TECHNOLOGIES REPORT

Chapter 4 Internet Protocols

4) IP address
IP address is a 32 bit network address.

4.1) Public and Private IP address: It is mainly classified into two parts as given below hierarchy: -

IP address

Public

Private

4.2) Class of IP Address: It is divided into various classes namely Class A, Class B, Class C, Class D and Class E. TCP/IP defines Class D for experimental purpose. TCP /IP address contains two addresses embedded within one IP address; Network address and host address as shown in figure

NETWORK ADDRESS

HOST ADDRESS

0 BIT

32 BIT

SEC, Sikar

Page 9

NETWORKING TECHNOLOGIES REPORT

Class A consists of 8-bit network ID and 24-bit host ID. Class B consists of 16bit network ID and 16-bit of host ID. And Class C consists of 24-bit of network ID and 8-bit of host ID.

Address Class

Starting Bits

Range of First Mask Value Octal

Valid Hosts

Class A

1 TO 127

255.0.0.0

256*256*256-2 =16,777,214

Class B

10

128 TO 191

255.255.0.0

256*256-2= 65,534

Class C Class D Class E

110 1110 1111

192 TO 223 224 TO 239 240 TO 255

255.255.255.0

256-2=254

Reserved for multicasting Reserved development for research and

Fig. 4.1 Class of IP Address 4.3) Sub-netting:Sub-netting is process of dividing a network into small small parts. It called subnet and the process called Sub-netting. In this process, we increase the network bit from barring the host bit. In the Sub-netting, the no. of network become more in host with reduce. Sub-netting of different class:Class A: 255.0.0.0 Class B: 255.255.0.0 Class C: 255.255.2

SEC, Sikar

Page 10

NETWORKING TECHNOLOGIES REPORT

Chapter 5 Networking Devices

5) Basic Networking Devices

5.1) Hub: Hub is centralized device, which is used to connect multiple workstations. There are two types of Hub: (i) Active Hub (ii) Passive Hub 5.2) Repeater: Repeaters are those devices which are used in the network to amplify a weak signal into strong signal. 5.3) Bridges: -Bridge is a hardware device, which is used to provide LAN segmentation means it is used for break the collision domain. We can use bridge between two different topologies. It has fewer ports. Each port has an own buffer memory. It works on Data Link Layer of OSI model. It also read Mac address and stores it in its filter table. In case of bridge there is one broadcast domain.

5.4) Switch: -It is used to connect multiple workstations. It has special kind of memory called mac address/filter/lookup table. Switch reads mac addresses. Switch stores mac addresses in its filter address table. Switch when receives frame, it reads the destination mac address and consult with its filter table. If he has entry in its filter table then he forwards the frame to that particular mac address, if not found then it performs broadcasting to all its connected nodes. We can perform LAN segmentation by using switches. There are two types of switches: -

(i) Manageable switches (can be configured with console cable).

SEC, Sikar

Page 11

NETWORKING TECHNOLOGIES REPORT

(ii) Non-manageable switches. 5.5) Router: Router is hardware device, which is used to communicate two different networks. Router performs routing and path determination. It does not perform broadcast information. 5.6) Remote Access Device: These are those devices used if we dont want to use wire to connect our devices by the help of some physical media.

SEC, Sikar

Page 12

NETWORKING TECHNOLOGIES REPORT

Chapter 6 Project Report

1) Project NameNETWORKING IN A COLLEGE

2) Project Goal
Our project is a project in which we are going to make a network in a college campus. The main goal of our project is to make a network which is capable of connecting the whole college in an efficient and in a well-mannered which solve out the entire problem regarding networking in a college campus. To be succeeding in this goal I use lots of latest technology like ACL, VLAN, and VTP etc. In the following network my main concern is security I give much effort in my network on the security of the network through a new concept called switch port security. To overcome the above goal hear is the following project.

SEC, Sikar

Page 13

NETWORKING TECHNOLOGIES REPORT

3) Flow Chart

Fig.6.1 Flow chart of College Networking system

SEC, Sikar

Page 14

NETWORKING TECHNOLOGIES REPORT

Description:The above shown flow chart is the flow chart which gives whole flow of the data in a network. In the above chart I start my flow chart with the user entity. When someone come in the network than he/she have three networks reception, account, hostel. When users communicate with the reception he/she get option to go in graduate or in post graduate. From the graduate we have mainly five networks ME, ECE, CS&IT, EE, and Library. These are used most of the time by student. While on the other hand we have post graduate network. In this network we have classified the network in four networks i.e. PGDM, M.Tech, M.B.A. and Library.

SEC, Sikar

Page 15

NETWORKING TECHNOLOGIES REPORT

4) ER Diagram

SEC, Sikar

Page 16

NETWORKING TECHNOLOGIES REPORT

Description:The ER diagram tells about the entities and attributes used in the project,which entity is related to another entity by the means of relationships and all the entities are having some sort of accessibility to another entity. Entities: 1) Student 2) Accounts 3) Reception 4) Library 5) Personnel 6) Hostel Attributes: 1) Graduate 2) Post Graduate 3) Girls Hostel 4) Boys Hostel 5) Engineering 6) Teaching Staff 7) Non-Teaching Staff Sub Attributes: 1) CS 2) IT 3) EE 4) ME 5) M.Tech 6) PGDM 7) MBA

SEC, Sikar

Page 17

NETWORKING TECHNOLOGIES REPORT

5) Scenario

SEC, Sikar

Page 18

NETWORKING TECHNOLOGIES REPORT

Description:The above shown is the original network scenario we made. This scenario is made on the simulator we used i.e. packet tracer. We used in this network mainly two routers of the series 1841 as by cisco. I used four switches in this network of the series 2950-24. I used one access point in this network to give the wi-fi network in the whole network of the series Access Point-PT-N. In the above scenario I logically divide each switch in mainly two or three parts by using VLAN where ever needed so that I neednt use an extra switch. For the security point of view I used ACL at routers. I used two servers one for the principal and other for the reception.

SEC, Sikar

Page 19

NETWORKING TECHNOLOGIES REPORT

Software need:1.) Cisco Packet Tracer 2.) Edraw soft Cisco Packet Tracer
It is a packet tracer given by Cisco to overcome the problem of cost for learning the ciscodeviced Networks If we have to experiment with the original devices then It will be very costly and a new learner may also damage an expensive equipment, so simulator is the idea to solve this problem. Packet tracer simulation software can be used to teach complex CCNA level networking concepts and to supplement classroom equipment.With Packet Tracer 5.3 instructors and students can design build configure And troubleshoot networks using virtual equipment It provides a common environment for instructors to demonstrate technologies and configurations making it extremely useful for lectures group and individual labs homework and competitions

Features of packet Tracer

Logical and physical workspace Real time mode Simulation mode Global event list Improved GUI Multiple languages Physical Interfaces Knowledge representation
Page 20

SEC, Sikar

NETWORKING TECHNOLOGIES REPORT

Activity wizard

2)EdrawSoft:A component is an object designed for a particular requirement. It is that constituent of a system that offers a predefined service or event and is able to connect to other components. A software component is a part of composition with contractually specified interfaces, can also be arranged autonomously and is subject to composition by third parties. The purpose of designing component software is to homogenize the interfaces between softwares so that they are able to work without any glitch. A Library is an anthology of subroutines that are used to develop software. A library usually comprises of code and data that provides services to various individual programs thus allowing code and data to be shared and modified in a modular fashion. Executables and libraries create references known as links to each other via a process known as linking done by a linker. Network Diagram is ideal for network engineers and network designers who need to draw detail network documentation. Edraw Network Diagram is rather a lightweight yet incredibly powerful, who works in the following network diagram fields: basic network diagrams, Cisco network topology, logical network diagrams, physical network diagrams, LAN diagrams, WAN diagrams, LDAP, active directory and more. Build-in network diagram icons representing computers, network devices plus smart connectors help design diagram network, create accurate network diagrams and documentation to be used in your network diagram project. Quickly and easily draw detailed computer network diagrams. Edraw is the idea network drawing software that helps to create professional-looking network diagrams in minutes. It provides special libraries of templates and detailed symbols, graphics and shapes for devices such as switches, hubs, printers, servers, mainframes, routers, and face plates for computer and telecommunications network. It can also export to graphics formats, PDF, and HTML with hyperlinks. It can create customized libraries of network components, and can draw detailed network diagram showing placements of network equipment and their logical and physical connection and arrangement. Edraw enables sharing network diagrams on the web or in a business presentation enhancing business communication. It provide four sets of network diagram icons. Logical network diagram symbols, physical network devices, vertical view network diagrams and Cisco network diagram icons.

SEC, Sikar

Page 21

NETWORKING TECHNOLOGIES REPORT

It Include thousands of ready-made graphics and templates for computers, servers, hubs, switches, printers, mainframes, routers, cables, fax and more. A bundle of network diagram examples and templates. Network drawing does not need to start a new. Just drag the ready-made network symbols from the libraries and drop them on your page. Network drawing couldn't be easier! we don't need to be an artist to create great-looking results! Edraw helps us align and arrange everything perfectly. Distinct colors, fonts, shapes, styles, pictures, text and symbol for each object of the diagram are available.

SEC, Sikar

Page 22

NETWORKING TECHNOLOGIES REPORT

Concepts used 1) Device Name: - Switch

Definition: -A network switch or switching hub is a computer networking device that connects segments. The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer (layer 2) of the OSI model. Switches that additionally process data at the network layer (Layer 3) and above are often referred to as Layer 3 switches or multilayer switches. Working: - When switches receive data from one of connected devices, it forward data only to the port on which the destinated system is connected. It uses the media access Control (MAC) address of the device to determine the correct port. The MAC address is a unique number that is programmed in to every Network Interface Card (NIC).Consider, device A wants to send data to device B. When device A passes the data, switch receives it. Switch than checks the MAC address of the destination system. It then transfers data to device B only instead of broadcasting to all the devices. By forwarding data only to the system to which the data is addressed, switch decreases the amount of traffic on each network link.

SEC, Sikar

Page 23

NETWORKING TECHNOLOGIES REPORT

Function Performed on Switch: 1) Basic Configuration: -

switch>enable switch# switch#disable switch>exit 1.1)

User mode, same as a router Privileged mode Leaves privileged mode Leaves user mode Command Mode:-

1.2 )Setting Host Names: config t (config)#hostname Switch Switch(config)# 2) VLAN: Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which make them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration. Vlan Configuration is given below:Same method as the router

SEC, Sikar

Page 24

NETWORKING TECHNOLOGIES REPORT

3) VTP: VTP is a VLAN Trunking protocol. It is a Layer 2 Messaging Protocol. We need it for:-

1. for Low Administration.

2. Security. Its function is to pass information Of VLAN into a VTP Domain. VTP stands for Vlan Trunking Protocol. Its used for saving time if multiple switches having same vlan to configure. There are 3 parts 1) Client 2) Server 3) Transparent To understand VTP we have the following configuration: -

Switch(config)#intfa 0/1 Switch(config-if)#switchport trunk Switch(config-if)#switchport encapsulation dot1q Switch(config)#vtp client Switch(config)#vtp server trunk mode

Enters interface mode Turns port to Trunking mode

Sets encapsulation type to Dot1Qthis is the default encapsulation type Changes the switch to VTP client mode Changes the switch to default VTP server mode

Switch(config)#vtp transparent

Changes the switch to VTP transparent mode

Switch(config)#vtp domain CNAP

Sets the name of the VTP management

SEC, Sikar

Page 25

NETWORKING TECHNOLOGIES REPORT

domain to CNAP Switch(config)#vtp password cisco Switch#showvtp Sets the VTP password to Cisco Displays all VTP information

Inter-VLAN Communication: Router-on-a-Stick Router(config)#intfa 0/0 Router(config-if)#no shut Router(config-if)#intfa 0/0.1 Enters interface mode for interface fa 0/0 Turns the interface on Creates subinterface 0/0.1

Router(config-subif)#encapsulation dot1q 1 Assigns the native VLAN (usually VLAN 1) native Router(config-subif)#ip 192.168.1.1 255.255.255.0 Router(config-subif)#intfa 0/0.10 Router(config-subif)#encapsulation 10 Router(config-subif)#ip 192.168.10.1 255.255.255.0 Router(config-subif)# Router# address Assigns an IP address to the subinterface Creates subinterface 0/0.10 dot1q Assigns VLAN 10 to this subinterface to this logical subinterface address Assigns an IP address to the subinterface

SEC, Sikar

Page 26

NETWORKING TECHNOLOGIES REPORT

2) Device Name: - Router

Definition:-A router is a device that forwards data packets between telecommunications networks, creating an overlay internetwork. A router is connected to two or more data lines from different networks. When data comes in on one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey or drops the packet. A data packet is typically forwarded from one router to another through networks that constitute the internetwork until it gets to its destination node. The most familiar type of routers are home and small office routers that simply pass data, such as web pages and email, between the home computers and the owner's cable or DSL modem, which connects to the Internet (ISP). However more sophisticated routers range from enterprise routers, which connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. A router has interfaces for different physical types of network connections, (such as copper cables, fiber optic, or wireless transmission). It also contains firmware for different networking protocol standards. Each network interface uses this specialized computer software to enable data packets to be forwarded from one protocol transmission system to another. Working: - Routers understand these Ethernet and IP addresses. Routers are primarily interested in the destination IP address of the packet you are sending to the router. The router takes this destination (say it is 63.248.129.2) and looks that up in its routing table. Here is an example of a routing table: Location-A# show ip route 10.0.0.0/24 is subnetted, 2 subnets R 10.2.2.0 [120/1] via 63.248.129.2, 00:00:16, Serial0

SEC, Sikar

Page 27

NETWORKING TECHNOLOGIES REPORT

10.1.1.0 is directly connected, Ethernet0

63.0.0.0/30 is subnetted, 1 subnets C 63.248.129.0 is directly connected, Serial0

Location-A# Routes in the routing table are learned from either static routes (entered by you) or dynamic routes. Using the routing table, the router tries to find the best route for your traffic. There may be only one route. Often, this is a "default route" (a.k.a. "gateway of last resort"). The default route just says: "If there are no better routes to send this traffic, send it here." Just about every home and small business user has just a single Internet connection. In that case, they have a default route and all traffic is sent to their Internet service provider (ISP). In the case of ISPs, however, there may be many places they can send this traffic. Their routers must compare many hundreds of thousands of routes and select the best one for your traffic. This happens in milliseconds. And to get your traffic through the Internet and back, it may pass through hundreds of routers. To you, it appears almost instantaneously (depending on many factors). If it doesn't find a valid route for your traffic, the router discards (yes, throws away) your traffic and sends an ICMP "destination unreachable" message back to you. When the router does find the best route and is ready to send your traffic, it has to do a number of things: 1. Perform Network Address Translation (NAT). NAT isn't a traditional router function, but many routers today perform NAT. This is especially true for home and small business routers that function as "all in one" devices. Many companies have dedicated firewalls that also perform NAT. With NAT, your private source IP address is translated into a public source IP address. If the router is performing PAT (NAT overload), then the public source IP address is shared among many devices. 2. Replace your source MAC address with the router's MAC address. The ARP protocol is used to connect your computer's source MAC address to your IP address. The ARP protocol is a broadcast-oriented protocol, and routers discard broadcasts. This means that ARP
SEC, Sikar Page 28

NETWORKING TECHNOLOGIES REPORT

doesn't work through routers. Because of this, the router must replace your source MAC address with the router's MAC address. The router also adds the destination host or nexthop router's MAC address to the data link header. 3. Encapsulate the packet for the protocol of the WAN. Routers often perform protocol conversion. Say, for example, you have a router that has a PPP T1 connection to the Internet and is connected to the LAN using Ethernet. The Ethernet frames must be de-encapsulated, modified, then re-encapsulated in Ethernet, then PPP, before they can be sent across the PPP link. On the other side of the link, the destination router is performing all of these same tasks, but in reverse. This happens for every packet sent and every response received. To see a real production routing table from an ISP, you can telnet to public Cisco route servers around the world. From here, you can do a show ip route and see what a real ISP's routing table looks like.

SEC, Sikar

Page 29

NETWORKING TECHNOLOGIES REPORT

Function Performed on Router: 1) Basic Configuration: 1.1) Router Modes User mode Privileged mode Global configuration mode Interface mode Subinterface mode Line mode Router configuration mode

Router> Router# Router(config)# Router(config-if)# Router(config-subif)# Router(config-line)# Router(config-router)#

Router(config)#enable password cisco

Sets enable password

Router(config)#enable secret class

Sets enable secret password

Router(config)#line con 0 Router(config-line)#password console Router(config-line)#login

Enters console-line mode Sets console-line mode password to console Enables password checking at login

Router(config)#line vty 0 4

Enters vty line mode for all five vty lines Sets vty password to telnet

SEC, Sikar

Page 30

NETWORKING TECHNOLOGIES REPORT

Router(config-line)#password telnet Router(config-line)#login 1.2) 1.3) Configuring Passwords Configuring Hostname

Enables password checking at login

Router(config)#hostname Cisco Cisco(config)#

Name can be any word you choose

1.4)

Show Commands

Router#show ?

Lists all show commands available

Router#show interfaces Displays statistics for all interfaces Router#show interface Displays statistics for a specific interface, in this case Serial 0 serial 0 Router#showip interface brief Router#show controllers serial 0 Router#show clock Router#show hosts Displays a summary of all interfaces, including status and IP address assigned Displays statistics for interface hardware. Statistics display if the clock rate is set and if the cable is DCE, DTE, or not attached Displays time set on device Displays local host-to-IP address cache. These are the names and addresses of hosts on the network to which you can connect Router#show users Router#show history Router#show flash Router#show version Displays all users connected to device Displays history of commands used at this edit level Displays info about Flash memory Displays info about loaded software version

SEC, Sikar

Page 31

NETWORKING TECHNOLOGIES REPORT

Router#showarp Router#show protocols Router#show config

Displays the ARP table Displays status of configured Layer 3 protocols

startup- Displays configuration saved in NVRAM

Router#show running- Displays configuration currently running in RAM config

2) Configuring Interfaces: 2.1) Configuring a Serial Interface

Router(config)#int s0/0 Router(config-if)#description Link to ISP

Moves to interface Serial 0/0 mode Optional descriptor of the link is locally significant

Router(config-if)#ip 255.255.255.0

address

192.168.10.1 Assigns address and subnet mask to interface

Router(config-if)#clock rate 56000 Router(config-if)#no shut

Assigns a clock rate for the interface Turns interface on

2.2) Configuring an Ethernet/Fast Ethernet Interface Router(config)#int fa0/0 Router(config-if)#description Accounting LAN Moves to Fast Ethernet 0/0 interface mode Optional descriptor of the link is locally significant Router(config-if)#ip address 192.168.20.1 Assigns address and subnet mask to interface

SEC, Sikar

Page 32

NETWORKING TECHNOLOGIES REPORT

255.255.255.0 Router(config-if)#no shut Turns interface on

Access Control List:An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file. The Cisco access control list (ACL) is probably the most commonly used object in the IOS. It is not only used for packet filtering (a type of firewall) but also for selecting types of traffic to be analyzed, forwarded, or influenced in some way. 3.1) ACL Keywords:-

Any Used in place of 0.0.0.0 255.255.255.255, will match any address that it is compared against Host Used in place of 0.0.0.0 in the wildcard mask; this will match only one specific address

3.2) Access Control List Types:Cisco ACLs are divided into types. Standard IP, Extended IP,IPX, Appletalk, etc. Here we will just go over the standard and extended access lists for TCP/IP.As you create ACLs you assign a number to each list, however, each type of list is limited to an assigned range of numbers. This makes it very easy to determine what type of ACL you will be working with. 3.2.1) Standard ACLs:

SEC, Sikar

Page 33

NETWORKING TECHNOLOGIES REPORT

A standard IP ACL is simple; it filters based on source address only. You can filter a source network or a source host, but you cannot filter based on the destination of a packet, the particular protocol being used such as the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), or on the port number. You can permit or deny only source traffic. Creating Standard ACLs Router(config)#access-list 10 permit Read this line to say: All packets with a source IP address of 172.16.0.0 0.0.255.255 172.16.x.x will be permitted to continue through the internetwork access-list 10 ACL command Arbitrary number between 1 and 99, designating this as a standard IP ACL Permit 172.16.0.0 0.0.255.255 Packets that match this statement will be allowed to continue Source IP address to be compared to Wildcard mask

Router(config)#access-list 10 deny host Read this line to say: All packets with a source IP address of 172.17.0.1 access-list 10 172.17.0.1 will be dropped and discarded ACL command Number between 1 and 99, designating this as a standard IP ACL Deny Host 172.17.0.1 Packets that match this statement will be dropped and discarded Keyword Specific host address

SEC, Sikar

Page 34

NETWORKING TECHNOLOGIES REPORT

Router(config)#access-list 10 permit Read this line to say: All packets with a source IP address of 172.16.0.0 0.0.255.255 172.16.x.x will be permitted to continue through the internetwork Router(config)#access-list 10 permit Read this line to say: All packets with any source IP address any access-list 10 will be permitted to continue through the internetwork ACL command Number between 1 and 99, designating this as a standard IP ACL Permit Any Packets that match this statement will be allowed to continue Keyword to mean all IP addresses Applying a Standard ACL to an Interface Router(config)#int fa0/0 Router(config-if)#ip access-group 10 in Takes all access list lines that are defined as being part of group 10 and applies them in an inbound manner. Packets going into the router from FA0/0 will be checked

3.2.2) Extended ACLs: An extended ACL gives you much more power than just a standard ACL. Extended IP ACLs check both the source and destination packet addresses. They can also check for specific protocols, port numbers, and other parameters, which allow administrators more flexibility and control. Creating Extended ACLs

SEC, Sikar

Page 35

NETWORKING TECHNOLOGIES REPORT

Router(config)#access-list 110 permit tcp Read this line to say: HTTP packets with a 172.16.0.0 0.0.0.255 192.168.100.0 source IP address of 172.16.0.x will be permitted to travel to destination address of 192.168.100.x access-list 110 ACL command Number is between 100 and 199, designating this as an extended IP ACL Permit Packets that match this statement will be allowed to continue Tcp 172.16.0.0 0.0.0.255 192.168.100.0 0.0.0.255 Eq 80 Protocol must be TCP Source IP address to be compared to Wildcard mask Destination IP address to be compared to Wildcard mask Operand, means "equal to" Port 80, indicating HTTP traffic

0.0.0.255 eq 80

Router(config)#access-list

110

deny Read this line to say: Telnet packets with any source IP address will be dropped if they are addressed to specific host 192.168.100.7

tcpany 192.168.100.7 0.0.0.0 eq 23

access-list 110

ACL command Number is between 100 and 199, designating this as an extended IP ACL

Deny

Packets that match this statement will be dropped and discarded

SEC, Sikar

Page 36

NETWORKING TECHNOLOGIES REPORT

Router(config)#access-list 110 permit tcp Read this line to say: HTTP packets with a 172.16.0.0 0.0.0.255 192.168.100.0 source IP address of 172.16.0.x will be permitted to travel to destination address of 192.168.100.x Tcp Any 192.168.100.7 0.0.0.0 Eq 23 Protocol must be TCP protocol Any source IP address Destination IP address to be compared to Wildcard mask; address must match exactly Operand, means "equal to" Port 23, indicating Telnet traffic

0.0.0.255 eq 80

3.2.3)Named ACLs: One of the disadvantages of using IP standard and IP extended ACLs is that you reference them by number, which is not too descriptive of its use. With a named ACL, this is not the case because you can name your ACL with a descriptive name. The ACL named DenyMike is a lot more meaningful than an ACL simply numbered 1. There are both IP standard and IP extended named ACLs.

Another advantage to named ACLs is that they allow you to remove individual lines out of an ACL. With numbered ACLs, you cannot delete individual statements. Instead, you will need to delete your existing access list and re-create the entire list. Creating Named ACLs Router(config)#ip access-list extended Creates serveraccess Router(config-ext-nacl)#permit any host 131.108.101.99 eqsmtp Router(config-ext-nacl)#permit an extended named ACL called

serveraccess tcp Permits mail packets from any source to reach host 131.108.101.99 udp Permits DNS packets from any source to reach host

SEC, Sikar

Page 37

NETWORKING TECHNOLOGIES REPORT

Router(config)#ip access-list extended Creates serveraccess any host 131.108.101.99 eq domain

an

extended

named

ACL

called

serveraccess 131.108.101.99

Router(config-ext-nacl)#deny ip any Denies all other packets from going anywhere. If any log any packets do get denied, then log the results for me to look at later Router(config-ext-nacl)#exit Router(config)#intfa 0/0 Router(config-if)#ip serveraccess out Applies this ACL to the Fast Ethernet interface 0/0 access-group in an outbound direction

3.3) Verifying ACLs

Router#showip interface Router#show access-lists Router#show number Router#show access-listname Router#show run

Displays any ACLs applied to that interface Displays contents of all ACLs on the router

access-listaccess-list- Displays contents of ACL by the number specified Displays contents of ACL by the name specified Displays all ACLs and interface assignments

3.4) Activating an Access Control List Now that you have created these ACLs they are useless until you declare them to be used in some way. As of right now they are an inactive list doing nothing. Our next article will coverapplying ACLs on interfaces and how to specify if the ACL is for incoming or outgoing traffic on that interface.

SEC, Sikar

Page 38

NETWORKING TECHNOLOGIES REPORT

3.5) Universal fact about Access control list Ls on the same interface.

3.6) Access List Ranges:1. ACLs come in two varieties: Numbered and named 2. Each of these references to ACLs supports two types of filtering: standard and extended. 3. Standard IP ACLs can filter only on the source IP address inside a packet. 4. Whereas an extended IP ACLs can filter on the source and destination IP addresses in the packet. 5. There are two actions an ACL can take: permit or deny. 6. Statements are processed top-down. 7. Once a match is found, no further statements are processedtherefore, order is important. 8. If no match is found, the imaginary implicit deny statement at the end of the ACL drops the packet. An ACL should have at least one permit statement; otherwise, all traffic will be dropped because of the hidden implicit deny statement at the end of every ACL. No matter what type of ACL you use, though, you can have only one ACL per protocol, per interface, per direction. For example, you can have one IP ACL inbound on an interface and another IP ACL outbound on an interface, but you cannot have two inbound IP AC

Type IP Standard IP Extended IP Standard Expanded Range IP Extended Expanded Range

Range 199 100199 13001999 20002699

SEC, Sikar

Page 39

NETWORKING TECHNOLOGIES REPORT

Conclusion
My experience throughout the training was a big learning curve for my career. Being with the professionals was a great opportunity for me. My utmost effort was to master the skill to as much extent as it can be. I got hands on experience this summer; working on the real equipment during their internships was as interesting as it can get. The Industrial training programme was exhaustive and covering the latest in technologies. The first week we were taught about the basics of Computer Hardware which we were already thorough with, courtesy the excellent faculty and innovative teaching style of our college. Therefore the first week was a brush upon the ideas which were somewhat weakened during the holidays. The second week was a step in the more detailed realms of Operating System. We were taken into greater depths of the knowledge pool and we were allowed to explore on our own the new possibilities and new ways to overcome our own doubts and questions. The third and fourth weeks were full of new advanced concepts of Networking that were introduced to us. It was challenging at first, but once we discovered where the root of all doubt liesit was able to make peace with the new concepts. The fifth and sixth week consisted of Project Making. It was the time to showcase everything that we have learnt past four weeks into a single project. We got much help from our supervisors at CDAC and some co-trainees. The professionalism was exemplary. Overall these six weeks have given a new direction to my career and a new direction as to how to think in the right man

SEC, Sikar

Page 40

NETWORKING TECHNOLOGIES REPORT

BIBLIOGRAPHY

[1] Todd Lammle, Cisco certified Network associate Study guide , Seventh Edition. Command Guide, http://.computer.org/cspress/instruct.htm

[2]

SEC, Sikar

Page 41