Training On Network: PREPARED BY: Vishal Bedi
Training On Network: PREPARED BY: Vishal Bedi
confidential
confidential
What is Network
A network is a group of computers that are connected by communication facilities for exchanging informations. Connections can be permanent by cable or temporary through telephone or other communications links The transmission media can be wireline ( UTP,Fibre) etc or wireless ( satelite) Networks may be classified according to a wide variety of characteristics. Networks are often classified as Local Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), Personal Area Network (PAN), Virtual Private Network (VPN), Campus Area Network (CAN), Storage Area Network (SAN), etc. depending on their scale, scope and purpose. Usage, trust levels and access rights often differ between these types of network - for example
confidential
, LANs tend to be designed for internal use by an organization's internal systems and employees in individual physical locations (such as within building, or cluster of building).Nodes are connected through cable which may be either twisted pair or coaxial cable. while WANs may connect physically separate parts of an organization to each other and may include connections to third parties. Data is transmitted over common pathways called a backbone. It is made up of Lan linked by dial up connections ( phone or ISDN) ,lease line ,fibre ,microwave towers and communication satelite. MAN is has broader scope then Lan. Man is within the entire city. Example of Networking devices Lan Card Hub Switch ( L2 & L3) Router etc
confidential
confidential
confidential
LAYER 1Repeater
confidential
Hub
Connects a group of Hosts
confidential
Disadvantages
Cannot connect different network architectures Do not reduce network traffic Limited number Do not segment networks
confidential
Bridge
Switch
confidential
LAYER 2Bridge
Advantages/Disadvantages of Bridges
Advantages
Can extend the network Reduce network traffic Reduce network collisions May connect different network architectures
Disadvantages
Extra processing makes them slower than repeaters Do not filter broadcast traffic More expensive than repeaters
confidential
LAYER 2Switch
The Cloud
Connects multiple LAN segments. Can be called a multi-port bridge. Switches packet to correct LAN segment based on the MAC address.
confidential
Advantages/Disadvantages of Switches
Advantages
Increase available network bandwidth Increase network performance Decrease packet collisions
Disadvantages
Significantly more expensive than bridges Harder to troubleshoot network problems Broadcast traffic can be difficult to manage
confidential
Router
Routers are used to connect networks together Route packets of data from one network to another Cisco became the de facto standard of routers because of their high-quality router products Routers, by default, break up a broadcast domain
15
confidential
confidential
Bus Topology
A bus topology uses a single backbone cable that is terminated at both ends.
17
confidential
Ring Topology
A ring topology connects one host to the next and the last host to the first.
This creates a physical ring of cable.
18
confidential
Star Topology
A star topology connects all cables to a central point of concentration.
19
confidential
Star Topology
An extended star topology links individual stars together by connecting the hubs and/or switches.This topology can extend the scope and coverage of the network.
20
confidential
MESH TOPOLOGY
A mesh topology is implemented to provide as much protection as possible from interruption of service. Each host has its own connections to all other hosts. Although the Internet has multiple paths to any one location, it does not adopt the full mesh topology.
21
confidential
OVERVIEW
THE NEED FOR STANDARDS OSI - ORGANISATION FOR STANDARDISATION THE OSI REFERENCE MODEL A LAYERED NETWORK MODEL THE SEVEN OSI REFERENCE MODEL LAYERS SUMMARY
confidential
The ISO recognised there was a need to create a NETWORK MODEL that would help vendors create interoperable network implementations.
confidential
confidential
The OSI model describes how information or data makes its way from application programmes (such as spreadsheets) through a network medium (such as wire) to another application programme located on another network.
confidential
confidential
confidential
confidential
confidential
LAYER 7: APPLICATION
The application layer is the OSI layer that is closest to the user. It provides network services to the users applications. It differs from the other layers in that it does not provide services to any other OSI layer, but rather, only to applications outside the OSI model. Examples of such applications are spreadsheet programs, word processing programs, and bank terminal programs.
The application layer establishes the availability of intended communication partners, synchronizes and establishes agreement on procedures for error recovery and control of data integrity.
confidential
LAYER 6: PRESENTATION
The presentation layer ensures that the information that the application layer of one system sends out is readable by the application layer of another system. If necessary, the presentation layer translates between multiple data formats by using a common format. Provides encryption and compression of data.
confidential
LAYER 5: SESSION
The session layer defines how to start, control and end conversations (called sessions) between applications. This includes the control and management of multiple bidirectional messages using dialogue control. It also synchronizes dialogue between two hosts' presentation layers and manages their data exchange. The session layer offers provisions for efficient data transfer. Examples :- SQL, ASP(AppleTalk Session Protocol).
confidential
LAYER 4: TRANSPORT
The transport layer regulates information flow to ensure end-to-end connectivity between host applications reliably and accurately. The transport layer segments data from the sending host's system and reassembles the data into a data stream on the receiving host's system.
confidential
LAYER 4: TRANSPORT
The boundary between the transport layer and the session layer can be thought of as the boundary between application protocols and data-flow protocols. Whereas the application, presentation, and session layers are concerned with application issues, the lower four layers are concerned with data transport issues. Layer 4 protocols include TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
confidential
LAYER 3: NETWORK
Defines end-to-end delivery of packets. Defines logical addressing so that any endpoint can be identified. Defines how routing works and how routes are learned so that the packets can be delivered. The network layer also defines how to fragment a packet into smaller packets to accommodate different media. Routers operate at Layer 3. Examples :- IP, IPX, AppleTalk.
confidential
confidential
confidential
LAYER 1: PHYSICAL
The physical layer deals with the physical characteristics of the transmission medium. It defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems. Such characteristics as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, physical connectors, and other similar attributes are defined by physical layer specifications. Examples :- EIA/TIA-232, RJ45, NRZ.
confidential
SUMMARY
There was no standard for networks in the early days and as a result it was difficult for networks to communicate with each other. The International Organisation for Standardisation (ISO) recognised this. and researched various network schemes, and in 1984 introduced the Open Systems Interconnection (OSI) reference model. The OSI reference model has standards which ensure vendors greater compatibility and interoperability between various types of network technologies.
confidential
SUMMARY
The OSI reference model organizes network functions into seven numbered layers.
Each layer provides a service to the layer above it in the protocol specification and communicates with the same layers software or hardware on other computers.
Layers 1-4 are concerned with the flow of data from end to end through the network and Layers 5-7 are concerned with services to the applications.
confidential
confidential
confidential
Ethernet Messages
Preamble Dest.
8 6 6 2 Type
Data
64-1500 4 CRC
Source
confidential
Ethernet Frames
Few points to note about the Ethernet Frame are: a.) Preamble indicates the start of a new frame b.) Source and Destination are the MAC (hardware) addresses c.) Type field indicates the type of frame being carried on the wire d.) Data field is the area where the actual payload is carried e.) CRC field is used for error checking.
confidential
Ethernet Addressing
MAC Address (Medium Access Control) 48 bit address Uniquely associated with hardware Special address for broadcast. Naming Need to associate machine name with address. Address Resolution Protocol (ARP) Used to find out who is who.
confidential
ARP
Basic process:
Machine A wants to send message to Machine B Machine A sends ARP request to the Broadcast address asking Machine B to identify itself.
confidential
Ethernet: CSMA/CD
Carrier sense, multiple access / collision detect Multiple access: everyone talks on the same wire Carrier sense: listen to the wire before talking Collision detect: make sure that message is sent without interruptions. CSMA/CD is called a MAC protocol Set of rules for how to send messages on a sharedmedium.
confidential
What does this mean? Messages have to have a minimum length. Length must be long enough such that entire wire is filled before message is over. Length of wire is limited
confidential
Coaxial
Thin net 10base2 10 mbps bw Baseband Tech Upto 185 mts Thicknet 10base5 10 mbps bw Baseband Tech Upto 500 mts
49
Twisted Pair STP (shielded TP) 2 pair (voice) 4 pair (date & voice) UTP (unshielded TP) 2 pair (voice) 4 pair (Computer)
Fibre Optic
Single mode Only one light signal pass through the cable Multi mode Multiple light signals pass through the cable
confidential
Unshielded Twisted Pair Cable (UTP) most popular maximum length 100 m prone to noise
Voice transmission of traditional telephone For data up to 4Mbps, 4 pairs half-duplex For data up to 10Mbps, 4 pairs half-duplex For data up to 20 Mbps, 4 pairs full-duplex For data up to 100 Mbps, 4 pairs full-duplex For data up to 1000 Mbps, 4 pairs full-duplex
confidential
Communication Modes
Simplex
Half Duplex
Full Duplex
51
confidential
Type of Transmission
52
confidential
Straight-Thru or Crossover
Use straight-through cables for the following cabling: Switch to router Switch to PC or server Hub to PC or server
Use crossover cables for the following cabling: Switch to switch Switch to hub Hub to hub Router to router PC to PC Router to PC
53
confidential
IP
Internet Protocol (IP) Developed to provide internetworking. Built on top of LAN protocol. Two major components: Messaging Addressing and Routing IP Service Model Network protocol independent Best-effort Stateless routing Decentralized control
confidential
IP Classification
Class MSB of 1st Octet A 0 B 10 C 110 D 1110 E 1111
Decimal Range
1 to 126
Network vs. Host N.H.H.H No. of Network No. of Host 281 = 27 = 128-2 =126 224 = 167771262 = 16777124
255.0.0.0
n.a
n.a
SOHO / ROHO
Multicasting
Subnetting
Dividing a single IP networking into administrative networks is called subnetting To create a subnet hosts bits are burrowed into the network part Create a subnet divides the network into three parts
56
confidential
IPv4
IPv6
~ =
3.4 * 1038 possible addressable nodes 340,282,366,920,938,463,374,607,432,768,211,456 5 * 1028 addresses per person
~ =
57
confidential
IP Messaging
Variable Header Data
Whats in the header: Source and Destination IP Addresses Length of data Time to live (TTL) Other stuff
confidential
IP Routing Basics
What is a router? One machine connected to two or more networks. IP Routing is done hop-by-hop Each network has at least one router. Messages intended for machines not on LAN sent to router. Router forwards message on to next router. Eventually gets to router that is connected to same LAN as destination machine.
confidential
Introduction to Routers
A router is a special type of computer. It has the same basic components as a standard desktop PC. However, routers are designed to perform some very specific functions. Just as computers need operating systems to run software applications, routers need the Internetwork Operating System software (IOS) to run configuration files. These configuration files contain the instructions and parameters that control the flow of traffic in and out of the routers. The many parts of a router are shown below:
60
confidential
Perform power-on self test (POST). Load and run bootstrap code. Find the Cisco IOS software. Load the Cisco IOS software. Find the configuration. Load the configuration. Run the configured Cisco IOS software.
61
confidential
Boot Process
Rommon1> OR >
NVRAM Startup-Config
confidential
63
confidential
64
confidential
66
confidential
Router Modes
Router> Router>enable Router# Router#configure terminal Router(config)# Router(config)#interface {e0 s0/0} Router(config-if)# Router(config)# line {con aux vty} 0 Router(config-line)# User Executive mode
67
confidential
Saving Configurations
Configurations in two locations - RAM and NVRAM. The running configuration is stored in RAM. Any configuration changes to the router are made to the running-configuration and take effect immediately after the command is entered. The startup-configuration is saved in NVRAM and is loaded into the router's running-configuration when the router boots up. To save the running-configuration to the startup configuration, type the following from privileged EXEC mode (i.e. at the "Router#" prompt.)
confidential
Password
Passwords restrict access to routers. Passwords should always be configured for virtual terminal lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.
69
confidential
Setting Password
Console Password
Auxiliary Password
confidential
# show startup-config # show running-config # show version # show flash # show interfaces # show interfaces s 0 # show history # show terminal # terminal history size 25 # show ip interface brief
71
OR OR OR OR OR OR OR OR OR
#sh start #sh run #sh ver #sh flash #sh int #sh int s 0 #sh history #sh terminal #sh ip int brief
confidential
Encrypting Passwords
Only the enable secret password is encrypted by default Need to manually configure the user-mode and enable passwords for encryption To manually encrypt your passwords, use the service passwordencryption command
72
confidential
Disable Passwords
IIHT(config)# no enable password IIHT(config)# no enable secret For the Console IIHT(config)# line con 0 IIHT(config-line)# no password IIHT(config)# line vty 0 4 IIHT(config-line)# no password
73
confidential
Interface Configuring
IIHT(config)#interface [int-type] [int-no.] IIHT(config-if)#description connection to lan IIHT(config-if)#ip address 172.16.10.1 255.255.255.0 IIHT(config-if)#bandwidth 64 (kbps)
confidential
Configuring route
Static Route
IIHT(config)#ip route [destination network] [destination mask] [exit interface or next hop address] [Administrative Distance] [Permanent] Eg. IIHTA(config)#ip route 10.3.0.0 255.255.0.0 10.2.0.2
Default Route
IIHT(config)#ip route [any network] [any mask] [exit interface or next hop address] [Administrative Distance] [Permanent] Eg. IIHTA(config)#ip route 0.0.0.0 0.0.0.0 serial 0
75
confidential
RIP Configuration
IIHT(config)#router rip IIHT(config-router)#version 1 or 2 IIHT(config-router)#network [network-to-route] IIHT(config-router)#passive-interface [int-type] [int-no.] IIHT(config-router)#maximum-path [no.]
EIGRP Route
IIHT(config)#router eigrp [autonomous system no.] IIHT(config-router)#network [network-to-route] IIHT(config-router)#passive-interface [int-type] [int-no.] IIHT(config-router)#maximum-path [no.] IIHT(config-router)#variance [variance multiplier]
76
confidential
OSPF Route
IIHT(config)#router ospf [process id] IIHT(config-router)#network [network-to-route] [wildcard mask] area [area-id] IIHT(config-router)#passive-interface [int-type] [int-no.] IIHT(config-router)#maximum-path [no.] IIHT(config-router)#router-id [id no.]
77
confidential
Characteristic RIPv1
Type of protocol
Classfull Classless VLSM Support Auto Summary Manual Routing Update
RIPv2 IGRP
DV
Yes Yes Yes Yes Yes Periodic Multicast [224.0.0.9] [30sec]
EIGRP
Hybrid DV
Yes Yes Yes Yes Yes Unicast & Multicast [224.0.0.10]
OSPF
Link State
Yes Yes Yes No Yes Multicast To DR/BDR 224.0.0.5 From DR 224.0.0.6
confidential
DV
Yes No No Yes No Periodic Broadcast [30sec]
78
Characteristic RIPv1
Route Metric Hop Count
RIPv2 IGRP
Hop Count
Bellman Ford
EIGRP OSPF
Composite Metric* x 256
DUAL
Composite Metric*
Bellman Ford
Routing Algorithm
Bellman Ford
No. of Tables
1. Routing
1. Routing
1. Routing
16 hops 15 120 R
16 hops 15 120 R
Characteristic RIPv1
Load Balancing Equal cost
RIPv2 IGRP
Equal Cost
Slow (240 sec)
EIGRP OSPF
Equal and Unequal cost
Fastest
Equal Cost
Route Conveyance
Backup route
Cisco Proprietary Suitable for
No
No Small Networks
No
No Small to medium Network Yes RIPng
No
Yes Small to medium (only Cisco) Networks No N.A.
Yes
Yes Huge (only Cisco) Networks Yes EIGRPv6
No
No Huge Networks
No N.A.
yes OSPFv3
80
confidential
Why is Link-State better than Distance-Vector ? Link-state algorithms consider the state of the links to calculate the Best Path to the destination. Distance-Vector algorithms consider the number of hops to calculate the Best Path to the destination. Link-State considers the Bandwidth of the links from the source to the destination before taking a decision. Distance-Vector just considers the number of hops to the destination, the less the number of hops the better the route. Convergence is faster in Link-State Protocols Distance-Vector has a limitation on the max diameter your network can expand.
confidential
Does this mean that Distance-Vector Routing Protocols are not useful ? Definitely not, they are useful. Used according to the network size and requirements. Usually found in smaller sized networks. Routing Protocols that use Distance-Vector Algorithm. RIP v1/v2 IGRP
confidential
Some ACL decision points are source and destination addresses, protocols, and upper-layer port numbers.
83
confidential
Manage IP traffic as network access grows Filter packets as they pass through the router
confidential
Limit network traffic and increase network performance. Provide traffic flow control. Provide a basic level of security for network access. Decide which types of traffic are forwarded or blocked at the router interfaces For example: Permit e-mail traffic to be routed, but block all telnet traffic. If ACLs are not configured on the router, all packets passing through the router will be allowed onto all parts of the network.
85
confidential
Standard IP access lists should be applied closest to the destination. Extended IP access lists should be applied closest to the source. Use the inbound or outbound interface reference as if looking at the port from inside the router. Statements are processed sequentially from the top of list to the bottom until a match is found, if no match is found then the packet is denied. There is an implicit deny at the end of all access lists. This will not appear in the configuration listing. Access list entries should filter in the order from specific to general. Specific hosts should be denied first, and groups or general filters should come last. Never work with an access list that is actively applied. New lines are always added to the end of the access list. A no access-list x command will remove the whole list. It is not possible to selectively add and remove lines with numbered ACLs. Outbound filters do not affect traffic originating from the local router.
confidential
ACLs
Different access list for Telnet Implicit deny at bottom All restricted statements should be on first There are two types
Standard Extended
87
confidential
Standard IP lists (1-99) test conditions of all IP packets from source addresses. Extended IP lists (100-199) test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports. Standard IP lists (1300-1999) (expanded range). Extended IP lists (2000-2699) (expanded range).
confidential
Standard ACLs
The full syntax of the standard ACL command is:
Router(config)#access-list access-list-number permit} source [source-wildcard ] {deny |
The no form of this command is used to remove a standard ACL. This is the syntax: Router(config)#no access-list access-list-number
Config# Access-list 1 deny 192.168.1.0 0.0.0.255 Config# access-list 1 permit any
89
confidential
Wildcard Mask
Access-list 99 permit 192.168.1.1 wildcard mask All 32 bits of an IP Address can be filtered Wildcard inverse mask 0=must match 1= ignore
0.255.255.255
255.255.255.255
192.0-255.0-255.0-255
0-255.0-255.0-255.0-255 (any)
90
confidential
Extended ACLs
Extended ACLs are used more often than standard ACLs because they provide a greater range of control. Extended ACLs check the source and destination packet addresses as well as being able to check for protocols and port numbers. At the end of the extended ACL statement, additional precision is gained from a field that specifies the optional Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number. Logical operations may be specified such as, equal (eq), not equal (neq), greater than (gt), and less than (lt), that the extended ACL will perform on specific protocols. Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000 to 2699 in recent IOS).
91
confidential
92
confidential
Named ACLs
IP named ACLs were introduced in Cisco IOS Software Release 11.2, allowing standard and extended ACLs to be given names instead of numbers. The characteristics of named accesslist: Identify an ACL using an alphanumeric name. You can delete individual statements in a named access list Named access lists must be specified as standard or extended You can use the ip access-list command to create named access lists.
Named ACLs are not compatible with Cisco IOS releases prior to Release 11.2.
The same name may not be used for multiple ACLs.
93
confidential
94
confidential
LAYER 3Router
The Cloud
Can be used to connect different Layer 2 devices and different topologies. Makes decisions based on network addresses (IP Addresses).
confidential
confidential
Know These! Each device not only operates at its layer, but all layers below it
confidential
VLANs
A VLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch. Ability to create smaller broadcast domains within a layer 2 switched internetwork by assigning different ports on the switch to different subnetworks. Frames broadcast onto the network are only switched between the ports logically grouped within the same VLAN By default, no hosts in a specific VLAN can communicate with any other hosts that are members of another VLAN, For Inter VLAN communication you need routers
99
confidential
VLANs
VLAN implementation combines Layer 2 switching and Layer 3 routing technologies to limit both collision domains and broadcast domains. VLANs can also be used to provide security by creating the VLAN groups according to function and by using routers to communicate between VLANs. A physical port association is used to implement VLAN assignment. Communication between VLANs can occur only through the router.
This limits the size of the broadcast domains and uses the router to determine whether one VLAN can talk to another VLAN.
NOTE: This is the only way a switch can break up a broadcast domain!
100
confidential
If we need to break the broadcast domain we need to connect a router By using VLANs we can divide Broadcast domain at Layer-2
A group of users needing high security can be put into a VLAN so that no users outside of the VLAN can communicate with them. As a logical grouping of users by function, VLANs can be considered independent from their physical locations.
101
confidential
VLAN Memberships
VLAN assigned based on hardware addresses into a database, is called a dynamic VLAN
102
confidential
103
confidential
Static VLANs
Most secure Easy to set up and monitor Works well in a network where the movement of users within the network is controlled
104
confidential
Dynamic VLANs
A dynamic VLAN determines a nodes VLAN assignment automatically Using intelligent management software, you can base VLAN assignments on hardware (MAC) addresses. Dynamic VLAN need VLAN Management Policy Server (VMPS) server
105
confidential
VLAN Operation
across
confidential
Types of Links
Access links This type of link is only part of one VLAN Its referred to as the native VLAN of the port. Any device attached to an access link is unaware of a VLAN Switches remove any VLAN information from the frame before its sent to an access-link device. Trunk links Trunks can carry multiple VLANs These carry the traffic of multiple VLANs
A trunk link is a 100- or 1000Mbps point-to-point link between two switches, between a switch and router.
107
confidential
There are two frame tagging methods Inter-Switch Link (ISL) IEEE 802.1Q Inter-Switch Link (ISL) proprietary to Cisco switches used for Fast Ethernet and Gigabit Ethernet links only IEEE 802.1Q Created by the IEEE as a standard method of frame tagging it actually inserts a field into the frame to identify the VLAN If youre trunking between a Cisco switched link and a different brand of switch, you have to use 802.1Q for the trunk to work.
108
confidential
Benefits of VTP
Consistent VLAN configuration across all switches in the network Accurate tracking and monitoring of VLANs Dynamic reporting of added VLANs to all switches in the VTP domain
109
confidential
VTP Modes
Sends/forwards advertisements
Synchronizes Saved in NVRAM Creates VLANs Forwards advertisements Synchronizes Not saved in NVRAM Modifies VLANs Deletes VLANs Forwards advertisements Does not synchronize Saved in NVRAM
110
confidential
VLAN to VLAN
If you want to connect between two VLANs you need a layer 3 device
111
confidential
10.0.0.1 20.0.0.1
9
1 2 3 4 10.0.0.2
FA0/0
24
20.0.0.2
12 1 2 3 4 10.0.0.3 20.0.0.3
Create two VLAN's on each switches #vlan database sw(vlan)#vlan 2 name red sw(vlan)#vlan 3 name blue sw(vlan)#exit sw#config t sw(config)#int fastethernet 0/1 sw(config-if)#switch-portaccess vlan 2 sw(config)#int fastethernet 0/4 sw(config-if)#switch-portaccess vlan 3 To see Interface status #show112 interface status
Trunk Port Configuration sw#config t sw(config)#int fastethernet 0/24 sw(config-if)#switchport trunk encapsulation dot1q sw(config-if)#switchport mode trunk
Router Configuration R1#config t R1(config)#int fastethernet 0/0.1 R1(config-if)#encapsulation dot1q 2 R1(config-if)#ip address 10..0.0.1 255.0.0.0 R1(config-if# No shut R1(config-Iif)# EXIT R1(config)#int fastethernet 0/0.2 R1(config-if)# encapsulation dot1q 3 R1(config-if)#ip address 20..0.0.1 255.0.0.0 R1(config-if# No shut Router-Switch Port to be made as Trunk sw(config)#int fastethernet 0/9 sw(config-if)#switchport trunk enacapsulation dot1q sw(config-if)#switchport mode trunk
confidential
confidential
10.0.0.1 20.0.0.1
9
1 2 3 4 10.0.0.2
FA0/0
24
20.0.0.2
12 1 2 3 4 10.0.0.3 20.0.0.3
Create two VLAN's on each switches #vlan database sw(vlan)#vlan 2 name red sw(vlan)#vlan 3 name blue sw(vlan)#exit sw#config t sw(config)#int fastethernet 0/1 sw(config-if)#switch-portaccess vlan 2 sw(config)#int fastethernet 0/4 sw(config-if)#switch-portaccess vlan 3 To see Interface status #show114 interface status
Trunk Port Configuration sw#config t sw(config)#int fastethernet 0/24 sw(config-if)#switchport trunk encapsulation dot1q sw(config-if)#switchport mode trunk
Router Configuration R1#config t R1(config)#int fastethernet 0/0.1 R1(config-if)#encapsulation dot1q 2 R1(config-if)#ip address 10..0.0.1 255.0.0.0 R1(config-if# No shut R1(config-Iif)# EXIT R1(config)#int fastethernet 0/0.2 R1(config-if)# encapsulation dot1q 3 R1(config-if)#ip address 20..0.0.1 255.0.0.0 R1(config-if# No shut Router-Switch Port to be made as Trunk sw(config)#int fastethernet 0/9 sw(config-if)#switchport trunk enacapsulation dot1q sw(config-if)#switchport mode trunk
confidential
confidential
10.0.0.1 20.0.0.1
9
1 2 3 4 10.0.0.2
FA0/0
24
20.0.0.2
12 1 2 3 4 10.0.0.3 20.0.0.3
Create two VLAN's on each switches #vlan database sw(vlan)#vlan 2 name red sw(vlan)#vlan 3 name blue sw(vlan)#exit sw#config t sw(config)#int fastethernet 0/1 sw(config-if)#switch-portaccess vlan 2 sw(config)#int fastethernet 0/4 sw(config-if)#switch-portaccess vlan 3 To see Interface status #show116 interface status
Trunk Port Configuration sw#config t sw(config)#int fastethernet 0/24 sw(config-if)#switchport trunk encapsulation dot1q sw(config-if)#switchport mode trunk
Router Configuration R1#config t R1(config)#int fastethernet 0/0.1 R1(config-if)#encapsulation dot1q 2 R1(config-if)#ip address 10..0.0.1 255.0.0.0 R1(config-if# No shut R1(config-Iif)# EXIT R1(config)#int fastethernet 0/0.2 R1(config-if)# encapsulation dot1q 3 R1(config-if)#ip address 20..0.0.1 255.0.0.0 R1(config-if# No shut Router-Switch Port to be made as Trunk sw(config)#int fastethernet 0/9 sw(config-if)#switchport trunk enacapsulation dot1q sw(config-if)#switchport mode trunk
confidential
confidential
confidential
confidential
confidential
user
confidential
confidential
confidential
confidential
HOME
confidential
confidential
confidential
confidential
confidential
VPN Advantages:
1- Private & secure connectivity between multiple, geographically dispersed, locations of a single enterprise 2- Transport of voice, video and data between all locations 3- Provides increased productivity through sharing of information 4- Aggregate purchasing power of all branch locations
confidential
VPN Advantages:
5- Access to third party databases via HQ subscription
6- Single Internet access gateway at the HQ provides enhanced security management 7- All locations share additional utilities via corporate/branch resources, i.e.: customer service, software utilities, training
confidential
confidential
INTERNET
MCN MAN
INTERNET DATA CENTER (IDC)
BAN
MA RING
BAN
GIGABIT ETHERNET RING
BAN
BAN RING
10/100 BASET
BA RING
confidential
LEGENDS
ENTERPRISE/RESIDENTIAL BUILDING HOME USER SOHO
confidential
confidential
THIS IS ACHIEVED BY CREATING AN END TO END MPLS TUNNEL FROM THE BAN .
SECIRITY CONCERNS ARE TAKEN CARE BY THE SEPARATE MPLS LABEL . SWITCHED PATH FOR EACH CUSTOMER.
confidential
CORE NETWORK
THE CORE NETWORK OF RELIANCE IS OF HIGH END ROUTERS LOCATED ACROSS ALL MAJOR CITIES.
THE FORAWRDING HERE IS DONE BY MPLS. FOR REACHABILITY INFORMATION THESE ROUTERS RUN OSPF,BGP. FOR QOS AND TRAFFIC ENGINNERING RSVP-TE IS IMPLEMENTED
confidential
THIS SERVICE IS AIMED AT BIG ENTERPRISE CUSTOMERS WHO WANTS A HIGH SPEED CONNECTIVITY FROM THE PROVIDER FOR ITS ENTERPRISE CONENCTIVITY. E.G. TLS (ANY TO ANY),P2P,P2MP. PREFERABLY THESE CUSTOMER WOULD WANT TO MANAGE THEIR ROUTING AND OTHER APPLICATIONS THEMSELVES. THE ENTERPRISE CUSTOMERS BEING IDENTIFIED BY A VLAN ID ( Layer2 Information) at THE BN .SP devices forwards customer frames based on VLAN ID. Others method are DLCI,MAC,VPI/VCI etc.
CONNECTIVITY IS ACHIEVED THROUGH LAYER 2 VPN SPECIFICATIONS OVER MPLS AS MENTIONED IN MARTINI,LASSERE-VKOMPELLA DRAFT.
THE CHALLENGE HERE IS TO PROVIDE HIGH BANDWIDTH,SECURITY AND AVAILABILITY. E.g Ethernet, Frame Relay, ATM etc.
confidential
LAYER 3 VPN
THIS SERVICE IS AIMED SMALL AND MEDIUM SIZED ENTERPRISES WHO WANT TO OUT SOURCE THEIR NETWORK REQUIREMENTS ENTIRELY TO THE SERVICE PROVIDER. THE SERVICE PROVIDER HERE NEEDS TO TAKE CARE OF THE CUSTOMERS ALL CONNECTIVITY NEEDS. E.G. CONNECTIVITY, AVAILABILITY AS COMMITED IN THE SLA,SECURITY ETC. THE CPE TYPICALLY WILL ACT AS A CE ROUTER AND THE BAN AS A PE. LIKE LAYER2 VPN,HERE TOO THE FORWARDING TECHNOLOGY IS BASED ON MPLS SWITCHING.THE CORE ROUTER WILL ACT AS A P HERE. NOTE :- CE- CUSTOMER EDGE,PE- PROVIDER EDGE, P- PROVIDER. THE LAYER 3 VPN SERVICES OVER MPLS ARE PROVIDED ON THE BASIS OF RFC 2547 .
confidential
THANK YOU
confidential