NETWORKING BASICS
What is a Computer Network?
A computer network allows sharing of resources and information among interconnected
devices. In the 1960s, the Advanced Research Projects Agency (ARPA) started funding the
design of the Advanced Research Projects Agency Network (ARPANET) for the United States
Department of Defense. It was the first computer network in the world.[1] Development of the
network began in 1969, based on designs developed during the 1960s.
Computer networks can be used for a variety of purposes:
Facilitating communications. Using a network, people can communicate efficiently and
easily via email, instant messaging, chat rooms, telephone, video telephone calls, and
video conferencing.
Sharing hardware. In a networked environment, each computer on a network may access
and use hardware resources on the network, such as printing a document on a shared
network printer.
Sharing files, data, and information. In a network environment, authorized user may
access data and information stored on other computers on the network. The capability of
providing access to data and information on shared storage devices is an important
feature of many networks.
Sharing software. Users connected to a network may run application programs on remote
computers.
Information preservation.
Security.
Speed up.
What is a Networking?
Networking is a common synonym for developing and maintaining contacts and personal
connections with a variety of people who might be helpful to you and your career.
Networking is the practice of linking two or more computing devices together for the purpose of
sharing data. Networks are built with a mix of computer hardware and computer software. It is
an especially important aspect of career management in the financial services industry, since it is
helps you keep abreast of:
Types of networks
Local area network
A local area network (LAN) is a network that connects computers and devices in a limited
geographical area such as home, school, computer laboratory, office building, or closely
positioned group of buildings. Each computer or device on the network is a node. Current wired
LANs are most likely to be based on Ethernet technology, although new standards like ITU-T
G.hn also provide a way to create a wired LAN using existing home wires (coaxial cables, phone
lines and power lines)
Personal area network
A personal area network (PAN) is a computer network used for communication among computer
and different information technological devices close to one person. Some examples of devices
that are used in a PAN are personal computers, printers, fax machines, telephones, PDAs,
scanners, and even video game consoles. A PAN may include wired and wireless devices. The
reach of a PAN typically extends to 10 meters.[4] A wired PAN is usually constructed with USB
and Firewire connections while technologies such as Bluetooth and infrared communication
typically form a wireless PAN.
Home area network
A home area network (HAN) is a residential LAN which is used for communication between
digital devices typically deployed in the home, usually a small number of personal computers
and accessories, such as printers and mobile computing devices. An important function is the
sharing of Internet access, often a broadband service through a CATV or Digital Subscriber Line
(DSL) provider. It can also be referred to as an office area network (OAN).
Wide area network
A wide area network (WAN) is a computer network that covers a large geographic area such as a
city, country, or spans even intercontinental distances, using a communications channel that
combines many types of media such as telephone lines, cables, and air waves. A WAN often
uses transmission facilities provided by common carriers, such as telephone companies. WAN
technologies generally function at the lower three layers of the OSI reference model: the physical
layer, the data link layer, and the network layer.
Campus Network
A campus network is a computer network made up of an interconnection of local area networks
(LAN's) within a limited geographical area. The networking equipments (switches, routers) and
transmission media (optical fiber, copper plant, Cat5 cabling etc.) are almost entirely owned (by
the campus tenant / owner: an enterprise, university, government etc.).
In the case of a university campus-based campus network, the network is likely to link a variety
of campus buildings including; academic departments, the university library and student
residence halls.
Metropolitan area network
A Metropolitan area network is a large computer network that usually spans a city or a large
campus.
Virtual private network
A virtual private network (VPN) is a computer network in which some of the links between
nodes are carried by open connections or virtual circuits in some larger network (e.g., the
Internet) instead of by physical wires. The data link layer protocols of the virtual network are
said to be tunneled through the larger network when this is the case. One common application is
secure communications through the public Internet, but a VPN need not have explicit security
features, such as authentication or content encryption. VPNs, for example, can be used to
separate the traffic of different user communities over an underlying network with strong
security features.
What is network topology?
Network topology is the layout pattern of interconnections of the various elements (links, nodes,
etc.) of a computer network.[1][2] Network topologies may be physical or logical. Physical
topology means the physical design of a network including the devices, location and cable
installation. Logical topology refers to how data is actually transferred in a network as opposed
to its physical design.
Various topologies ::
Bus topology
Many devices connect to a single cable "backbone". If the backbone is broken, the entire
segment fails. Bus topologies are relatively easy to install and don't require much cabling
compared to the alternatives.
Ring Topology
In a ring network, every device has exactly two neighbours for communication purposes. All
messages travel through a ring in the same direction. Like the bus topology, a failure in any cable
or device breaks the loop and will take down the entire segment. A disadvantage of the ring is
that if any device is added to or removed from the ring, the ring is broken and the segment fails
until it is "reforged" (by dwarfish goldsmiths?) It is also considerably more expensive than
other topologies.
Star Topology
A star network has a central connection point - like a hub or switch. While it takes more cable,
the benefit is that if a cable fails, only one node will be brought down.
All traffic emanates from the hub of the star. The central site is in control of all the nodes
attached to it. The central hub is usually a fast, self contained computer and is responsible for
routing all traffic to other nodes. The main advantages of a star network is that one
malfunctioning node does not affect the rest of the network. However this type of network can be
prone to bottleneck and failure problems at the central site.
Tree Topology
Also known as the 'Hierarchical topology', the tree topology is a combination of bus and star
topologies. They are very common in larger networks. A typical scenario is: a file server is
connected to a backbone cable (e.g. coaxial) that runs through the building, from which switches
are connected, branching out to workstations.
Mesh topology
In the topologies shown above, there is only one possible path from one node to another node. If
any cable in that path is broken, the nodes cannot communicate.
Mesh topology uses lots of cables to connect every node with every other node. It is very
expensive to wire up, but if any cable fails, there are many other ways for two nodes to
communicate. Some WANs, like the Internet, employ mesh routing. In fact the Internet was
deliberately designed like this to allow sites to communicate even during a nuclear war.
Hybrid Topology
Hybrid network is the combination of different topologies such as star, Ring, Mesh, Bus etc. For
example, if a department uses a Bus network, second department uses the ring network, third
department uses the Mesh network and fourth department uses the star network. All the networks
of different types (of four departments) can be connected together through a central hub (in the
form of star network) as shown in the figure below.
Basic networking devices
Computer networking devices are units that mediate data in a computer network. Computer
networking devices are also called network equipment, Intermediate Systems (IS) or
InterWorking Unit (IWU). Units which are the last receiver or generate data are called hosts or
data terminal equipment.
Routers
A router is a communication device that is used to connect two logically and physically different
networks, two LANs, two WANs and a LAN with WAN. The main function of the router is to
sorting and the distribution of the data packets to their destinations based on their IP addresses.
Routers provides the connectivity between the enterprise businesses, ISPs and in the internet
infrastructure, router is a main device. Cisco routers are widely used in the world. Every router
has routing software, which is known as IOS. Router operates at the network layer of the OSI
model. Router does not broadcast the data packets.
We have two types of router:
1.Hardware
2.software. – this router is provided by RRAS SERVICE.
Switches
Like the router, a switch is an intelligent device that maps the IP address with the MAC address
of the LAN card. Unlike the hubs, a switch does not broadcast the data to all the computers, it
sends the data packets only to the destined computer. Switches are used in the LAN, MAN and
WAN. In an Ethernet network, computers are directly connected with the switch via twisted pair
cables. In a network, switches use the three methods to transmit the data i.e. store and forward,
cut through and fragment free.
We have two types of switch.
1.Mangeable switch: it has console port by using this we can mange this switch according to
our need .
2.non-mangeable : it ha no console port we use this switch as we purchase it.
Hubs
The central connecting device in a computer network is known as a hub. There are two types of
a hub i.e. active hub and passive hub. Every computer is directly connected with the hub. When
data packets arrives at hub, it broadcast them to all the LAN cards in a network and the destined
recipient picks them and all other computers discard the data packets. Hub has five, eight,
sixteen and more ports and one port is known as uplink port, which is used to connect with the
next hub.
Modems
A modem is a communication device that is used to provide the connectivity with the internet.
Modem works in two ways i.e. Modulation and Demodulation. It converts the digital data into
the analogue and analogue to digital.
LAN Cards
LAN cards or network adapters are the building blocks of a computer network. No computer can
communicate without a properly installed and configured LAN card. Every LAN card is
provided with a unique IP address, subnet mask, gateway and DNS (if applicable). An UTP/STP
cable connects a computer with the hub or switch. Both ends of the cable have the RJ-45
connectors one is inserted into the LAN card and one in the hub/switch. LAN cards are inserted
into the expansion slots inside the computer. Different LAN cards support different speed from
10/100 to 10/1000.
Ethernet = speed 10mbps
Fast Ethernet = 100mbps
Giga Ethernet = 1000mbps
Fastgiga Ethernet = 10000mbps
Network Repeater
A repeater connects two segments of your network cable. It retimes and regenerates the signals
to proper amplitudes and sends them to the other segments. When talking about, ethernet
topology, you are probably talking about using a hub as a repeater. Repeaters require a small
amount of time to regenerate the signal. This can cause a propagation delay which can affect
network communication when there are several repeaters in a row. Many network architectures
limit the number of repeaters that can be used in a row. Repeaters work only at the physical layer
of the OSI network model.
Bridge
A bridge reads the outermost section of data on the data packet, to tell where the message is
going. It reduces the traffic on other network segments, since it does not send all packets.
Bridges can be programmed to reject packets from particular networks. Bridging occurs at the
data link layer of the OSI model, which means the bridge cannot read IP addresses, but only the
outermost hardware address of the packet. In our case the bridge can read the ethernet data which
gives the hardware address of the destination address, not the IP address. Bridges forward all
broadcast messages. Only a special bridge called a translation bridge will allow two networks of
different architectures to be connected. Bridges do not normally allow connection of networks
with different architectures.
The hardware address is also called the MAC (media access control) address. To determine the
network segment a MAC address belongs to, bridges use one of:
Transparent Bridging - They build a table of addresses (bridging table) as they receive packets. If
the address is not in the bridging table, the packet is forwarded to all segments other than the one
it came from. This type of bridge is used on ethernet networks.
Source route bridging - The source computer provides path information inside the packet. This is
used on Token Ring networks.
Gateway
A gateway can translate information between different network data formats or network
architectures. It can translate TCP/IP to AppleTalk so computers supporting TCP/IP can
communicate with Apple brand computers. Most gateways operate at the application layer, but
can operate at the network or session layer of the OSI model. Gateways will start at the lower
level and strip information until it gets to the required level and repackage the information and
work its way back toward the hardware layer of the OSI model. To confuse issues, when talking
about a router that is used to interface to another network, the word gateway is often used. This
does not mean the routing machine is a gateway as defined here, although it could be.
Network Models
When dealing with networking, you may hear the terms "network model" and "network layer"
used often. Network models define a set of network layers and how they interact. There are
several different network models depending on what organization or company started them. The
most important two are:
The TCP/IP Model - This model is sometimes called the DOD model since it was designed for
the department of defense It is also called the internet model because TCP/IP is the protocol used
on the internet.
OSI Network Model - The International Standards Organization (ISO) has defined a standard
called the Open Systems Interconnection (OSI) reference model. This is a seven layer
architecture listed in the next section.
Layers in the TCP/IP model
Application Layer (process-to-process): This is the scope within which applications create user
data and communicate this data to other processes or applications on another or the same host.
The communications partners are often called peers. This is where the "higher level" protocols
such as SMTP, FTP, SSH, HTTP, etc. operate.
Transport Layer (host-to-host): The Transport Layer constitutes the networking regime
between two network hosts, either on the local network or on remote networks separated by
routers.
Internet Layer (internetworking): The Internet Layer has the task of exchanging datagrams
across network boundaries. It is therefore also referred to as the layer that establishes
internetworking, indeed, it defines and establishes the Internet. This layer defines the addressing
and routing structures used for the TCP/IP protocol suite.
Link Layer: This layer defines the networking methods with the scope of the local network link
on which hosts communicate without intervening routers. This layer describes the protocols used
to describe the local network topology and the interfaces needed to affect transmission of
Internet Layer datagrams to next-neighbor hosts.
OSI Model
The OSI, or Open System Interconnection, model defines a networking framework for
implementing protocols in seven layers. Control is passed from one layer to the next, starting at
the application layer in one station, and proceeding to the bottom layer, over the channel to the
next station and back up the hierarchy.
Application (Layer 7)
This layer supports application and end-user processes. Communication partners are identified,
quality of service is identified, user authentication and privacy are considered, and any
constraints on data syntax are identified.
Presentation (Layer 6)
This layer provides independence from differences in data representation (e.g., encryption) by
translating from application to network format, and vice versa.
Session (Layer 5)
This layer establishes, manages and terminates connections between applications. The session
layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the
applications at each end. It deals with session and connection coordination.
Transport (Layer 4)
This layer provides transparent transfer of data between end systems, or hosts, and is responsible
for end-to-end error recovery and flow control. It ensures complete data transfer.
Network (Layer 3)
This layer provides switching and routing technologies, creating logical paths, known as virtual
circuits, for transmitting data from node to node.
Data Link (Layer 2)
At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol
knowledge and management and handles errors in the physical layer, flow control and frame
synchronization. The data link layer is divided into two sub layers: The Media Access Control
(MAC) layer and the Logical Link Control (LLC) layer.
Physical (Layer 1)
This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network
at the electrical and mechanical level. .
TCP/IP Model vs OSI Model
Sr.
No.TCP/IP Reference Model OSI Reference Model
1 Defined after the advent of Internet. Defined before advent of internet.
2Service interface and protocols were not clearly
distinguished before
Service interface and protocols are
clearly distinguished
3 TCP/IP supports Internet working Internet working not supported
4 Loosely layered Strict layering
5 Protocol Dependant standard Protocol independent standard
6 More Credible Less Credible
7TCP reliably delivers packets, IP does not
reliably deliver packetsAll packets are reliably delivered
Basic Networking Cables
Networking Cables are used to connect one network device to other or to connect two or more
computers to share printer, scanner etc. Different types of network cables like Coaxial
cable, Optical fiber cable, Twisted Pair cables are used depending on the
network's topology, protocol and size. The devices can be separated by a few meters (e.g.
via Ethernet) or nearly unlimited distances (e.g. via the interconnections of the Internet).
While wireless may be the wave of the future, most computer network today still utilize cables to
transfer signals from one point to another
Twisted pair
Twisted pair cabling is a type of wiring in which two conductors (the forward and return
conductors of a single circuit) are twisted together for the purposes of canceling
out electromagnetic interference (EMI) from external sources; for instance, electromagnetic
radiation from unshielded twisted pair (UTP) cables, and crosstalk between neighboring pairs. It
was invented by Alexander Graham Bell.
Unshielded twisted pair cable with different twist rates Shielded
twisted pair
Advantages
It is a thin, flexible cable that is easy to string between walls.
More lines can be run through the same wiring ducts.
UTP costs less per meter/foot than any other type of LAN cable.
Disadvantages
Twisted pair’s susceptibility to electromagnetic interference greatly depends on the pair
twisting schemes (usually patented by the manufacturers) staying intact during the
installation. As a result, twisted pair cables usually have stringent requirements for maximum
pulling tension as well as minimum bend radius. This relative fragility of twisted pair cables
makes the installation practices an important part of ensuring the cable’s performance.
In video applications that send information across multiple parallel signal wires, twisted pair
cabling can introduce signaling delays known as skew which results in subtle color defects
and ghosting due to the image components not aligning correctly when recombined in the
display device
Optical fiber cable
An optical fiber cable is a cable containing one or more optical fibers. The optical fiber
elements are typically individually coated with plastic layers and contained in a protective tube
suitable for the environment where the cable will be deployed.
An optical fiber is a single, hair-fine filament drawn from molten silica glass. These fibers are
replacing metal wire as the transmission medium in high-speed, high-capacity communications
systems that convert information into light, which is then transmitted via fiber optic cable.
Currently, American telephone companies represent the largest users of fiber optic cables, but
the technology is also used for power lines, local access computer networks, and video
transmission.
Coaxial cable
Coaxial cable, or coax, is an electrical cable with an inner conductor surrounded by a flexible,
tubular insulating layer, surrounded by a tubular conducting shield. The term coaxial comes from
the inner conductor and the outer shield sharing the same geometric axis. Coaxial cable was
invented by English engineer and mathematician Oliver Heaviside, who first patented the design
in 1880.[1]
Coaxial cable is used as a transmission line for radio frequency signals, in applications such as
connectingradio transmitters and receivers with their antennas, computer network (Internet)
connections, and distributingcable television signals. One advantage of coax over other types of
radio transmission line is that in an ideal coaxial cable the electromagnetic field carrying the
signal exists only in the space between the inner and outerconductors. This allows coaxial cable
runs to be installed next to metal objects such as gutters without the power losses that occur in
other types of transmission lines, and provides protection of the signal from
externalelectromagnetic interference.
Straight Cable
You usually use straight cable to connect different type of devices. This type of cable will be
used most of the time and can be used to:
1) Connect a computer to a switch/hub's normal port.
2) Connect a computer to a cable/DSL modem's LAN port.
3) Connect a router's WAN port to a cable/DSL modem's LAN port.
4) Connect a router's LAN port to a switch/hub's uplink port. (normally used for expanding
network)
5) Connect 2 switches/hubs with one of the switch/hub using an uplink port and the other one
using normal port.
Crossover Cable
A crossover cable connects two devices of the same type, for example DTE-DTE or DCE-DCE,
usually connected asymmetrically (DTE-DCE), by a modified cable called a crosslink. Such
distinction of devices was introduced by IBM
Sometimes you will use crossover cable, it's usually used to connect same type of devices. A
crossover cable can be used to:
1) Connect 2 computers directly.
2) Connect a router's LAN port to a switch/hub's normal port. (normally used for expanding
network)
3) Connect 2 switches/hubs by using normal port in both switches/hubs
We use two types of cable in networking :
1. straight cable
2. cross cable
Colour cording of cable:
Straight:
1. orange white 1.orange white
2. orange 2.orange
3. green white 3.green white
4. blue 4. blue
5. blue white 5. blue white
6. green 6. green
7. brown white 7. brown white
8. brown 8. Brown
Cross cable:
1 3
2 6
3 1
6 2
1. orange white 1.green white
2. orange 2.green
3. green white 3.orange white
4. blue 4. blue
5. blue white 5. blue white
6. green 6. orange
7. brown white 7. brown white
8. brown 8. Brown
Colour coding for cables
T-568B Straight-Through Ethernet Cable
RJ-45 Crossover Ethernet Cable
INSTALLING CABLES
In today networks, UTP CABLES are commonly used to connect computers in a network.
Depending on the color codings, we have different cables like straight cable, cross cable and roll-
over cable.
STRAIGHT CABLE
The cable used between the PC and the hub/switch is called straight cable.
Straight cable can be used between
PC - SWITCH
PC- HUB
HUB(UPLINK PORT) - HUB
According to TIA/EIA(Telecommunications industry standard/Electronics industry standard),we
have the following
two standards for making straight cable:
CROSS-OVER CABLE
The cable used to connect two PCs is called cross-over cable.
Cross cable can be used between:
PC - PC
HUB - HUB
SWITCH - SWITCH
ROUTER - PC
ROLL-OVER CABLE
The cable used between a hardware router and a PC is called roll-over cable.
In this cable,the color coding used in one end is reversed in the other end.
DATA TRAVELL ONLY GREEN OR ORANGE PAIR OF CABLE.
ADDRESSING IN COMPUTER NETWORKING
There are two kinds of addresses used in networks:
1.Physical address
2.Logical address
PHYSICAL ADDRESS
1.It is also called hardware address or MAC address.MAC stands for media access control.
2.It is present in the chip of a NIC card.
3.It is unique for every NIC card and cannot be changed.
4.It is 48 bits.Out of 48 bits,24 bits of address is given by the manufacturer of NIC card and the
remaining 24 bits of address is defined as per instructions given by IEEE.
5.IEEE stands for Institute of Electronics and Electrical Engineers.
LOGICAL ADDRESS
1.It is also called software address.
2.It is given by the user and can be changed anytime.
3.Several schemes or protocols are used to define logical address in a computer.
4.These protocols are :
TCP/IP (TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL)
IPX/SPX (Internetwork Packet Exchange/Sequential Packet EXchange)
NetBeuI
DLC (Data Link Control)
AppleTalk
PROTOCOL is a set of rules which in communication between computers.
TCP/IP
1.It has become industry-standard
2.It was developed by DOD(Department of Defence) of USA.
3.It is used both in Internet(public network) and Intranet(private network).
4.It is of 32 bits.
5.Currently used version is IP v4.
6.IP v6 is also available.
7.It has four fields or octetes.
8.Each octet is of 8 bits.
9.It can be repesented by
w.x.y.z
10.Minimum value of a octet is 0 and maximum is 255
11.Eaxh octet or field can have decimal values ranging from 0 to 255.
12.According to the value of w or first field, we have five classes of TCP/IP Addresses.
The first three classes are only used for computer addressing in a network.
IP ADDERSSING
IP (INTERNER PROTOCOL) ip stands on internet protocol it is 32 bit.it is divided in 4 octet
each octet contain 8 bit.it is numerical identification of computer on network .it is divided in to
two parts one is network and second is host .we use private ip address in LAN which is provided
by IANA(INTERNET ASSIGNING NUMBRING AUTHOURTIY). The minimum value (per
octet) is 0 and the maximum value is 255.IP address are divided in five classes.
1. Network ID : it represent no. of on bit that is (1).
2. Host ID : it represent the no. of off bit that is (0).
class Range N/W ID Host/ID Subnet Mask Total IP Valid IP
A 1-126 8 24 255.0.0.0 16777216 16777214
B 128-191 16 16 255.255.0.0 65536 65534
C 192-223 24 8 255.255.255.0 256 254
D 224-239 it is reserved for multicasti.
E 240-255 it is reserved for research /scientific use.
We use only first three class which is provide by IANA in LAN .
IP Addresses are divided into two parts:
1. Private IP address
2. Public (live) IP address.
Range of private IP address: 10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
Range of public IP address: 1.0.0.0 to 9.255.255.255
11.0.0.0 to 126.255.255.255
128.0.0.0 to 172.15.255.255
172.32.0.0 to 192.167.255.255
192.169.0.0 to 223.255.255.255
And another range is called APIPA (Automatic private internet protocol addressing ) range is
169.254.0.0 to 169.254.255.255.
we can assign the IP address by using two methods:
(1) Statically or manually
(2) Dynamically (by using DHCP server- dynamic host configuration protocol)
But in case of your computer has no IP address then IP address is assigned to the computer from
APIPA
Range . but communication is not possible when computer has IP address from APIPA.
127.0.0.1 it is the loop back address it is used for self communication and for troubleshooting
perpose.
Subnet mask: subnet mask is also 32 bit address, which tell us how many bits are used for
network and how many bits are used for host address.
In subnet mask network bits are always 1 and host bits are always 0.
IP Address invalid or reserve IP Address:
When we are going to assign IP Address to our computer interface then we have to follow some
rules:
Rules: -
1. All Host bits cannot be 0 (10.0.0.0), because it represent network address which is reserved for
router.
2. All Host bit cannot be 1 (10.255.255.255.), because it is broadcast address of that network
(10th)network.
3. All bits cannot be 0 (0.0.0.0), because this address is reserved for default routing.
Default routing is used in case of stub n/w (means our network has no exit point).
4. All bits cannot be 1 (255.255.255.255), because it reserved for Broadcasting
127.0.0.1 – this is loopback address, which is used for self-communication or troubleshooting
purpose.
C:\> IPCONFIG (this command is use for IP check).
C:\> IPCONFIG /ALL (This cmd is show all detail of your interface.).
Ping – Packet Internet Groper
This command is used to check the connectivity with other computer. Ping is performed with in
network or outside the network. In this process four packets are send to destination address and
four packets received from the destination address. ICMP (Internet control massage protocol ) is
used for this process.
ICMP
Internet Control Messaging Protocol is used by ping and traceroute utilities.
Ping (Packet Internet Groper) enables you to validate that an IP address exists and can accept
requests. The following transmissions are used by the Ping utility:
. Ping sends an echo request packet to receive the echo response.
. Routers send Destination Unreachable messages when they can’t reach the destination
network and they are forced to drop the packet. The router that drops the packet sends
the ICMP DU message.
C:\> ping (IP of destination) for e.g 10.0.0.1
C:\> ping (IP of destination ) –t (for continue).
Press ctrl+c to stop ping.
1.Reply from Destination :
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
1. Minimum = 0ms, Maximum = 0ms, Average = 0ms
This massage appear when destination computer properly configured and connected with same
netwok ip address.
2.Request time out (R.T.O):- This massage appear when Destination computer has some
problem .For e.g : IP address does not exit, network cable unplugged, computer shutdown,
interconnection firewall enable.
3.Destination host unreachable :- This massage appear when our computer desire to
communicate with another n/w but our computer has no gateway IP address.
4.Reply from gateway but Destination host unreachable:-This massage appear when
computer desire to communicate with another network computer but our router has no route
information in its routing table for Destination n/w.
5.Hardware error:- This massage appears when during communication our network goes
unplugged.
6.Negoshating IP sequirty:- This massage appears when our computer has IP-Sec service
enabled with sequre communication rule negoshation.
PROJECT DESCRIPTION
We have designed a network Scienario in which we have used the concepts of
routers,switches,servers,NAT,Access list,Vlan,server publishing,we have given detail study of
above topics....
Routing
Routing is the process of selecting paths in a network along which to send network traffic.
Routing is performed for many kinds of networks, including the telephone network (Circuit
switching) , electronic data networks (such as the Internet), and transportation networks. This
article is concerned primarily with routing in electronic data networks using packet
switching technology.
In packet switching networks, routing directs packet forwarding, the transit of logically
addressed packets from their source toward their ultimate destination through
intermediate nodes, typically hardware devices called routers, bridges, gateways, firewalls,
or switches. General-purpose computers can also forward packets and perform routing, though
they are not specialized hardware and may suffer from limited performance. The routing process
usually directs forwarding on the basis of routing tables which maintain a record of the routes to
various network destinations. Thus, constructing routing tables, which are held in the
router's memory, is very important for efficient routing. Most routing algorithms use only one
network path at a time, but multipath routing techniques enable the use of multiple alternative
paths.
Types of routing
Static routing
Static routing is a data communication concept describing one way of configuring path
selection of routers in computer networks. It is the type of routing characterized by the absence
of communication between routers regarding the current topology of the network.[1] This is
achieved by manually adding routes to the routing table. The opposite of static routing isdynamic
routing, sometimes also referred to as adaptive routing.
Example
To configure a static route to network 10.10.20.0/24, pointing to a next-hop router with the IP
address of 192.168.100.1, type: (Note that this example is written in the Cisco IOScommand line
syntax and will only work on certain Cisco routers[2])
Router> enable
Router# configure terminal
Router(config)# ip route 10.10.20.0 255.255.255.0 192.168.100.1
The other option is to define a static route with reference to the outgoing interface which is
connected to the next hop towards the destination network.
Router> enable
Router# configure terminal
Router(config)# ip route 10.10.20.0 255.255.255.0 Serial 0/0
Dynamic Routing
Dynamic routing performs the same function as static routing except it is more robust. Static
routing allows routing tables in specific routers to be set up in a static manner so network routes
for packets are set. If a router on the route goes down the destination may become unreachable.
Dynamic routing allows routing tables in routers to change as the possible routes change. There
are several protocols used to support dynamic routing including RIP and OSPF
Default routing
.A default route, also known as the gateway of last resort, is the network route used by
a router when no other known route exists for a given IP packet's destination address. All the
packets for destinations not known by the router's routing table are sent to the default route. This
route generally leads to another router, which treats the packet the same way: If the route is
known, the packet will get forwarded to the known route. If not, the packet is forwarded to the
default-route of that router which generally leads to another router. And so on. Each router
traversal adds a one-hop distance to the route.
ROUTING PROTOCOLS
Routed protocols:
TCP/IP, IPX-SPX are protocols which are used in a Local Area Network (LAN) so computers
can communicate between with each other and with other computers on the Internet.
Chances are that in your LAN you are most probably running TCP/IP. This protocol is what we
call a "routed" protocol. The term "routed" refers to something which can be passed on from one
place (network) to another. In the example of TCP/IP, this is when you construct a data packet
and send it across to another computer on the Internet
Routing protocols:
Dynamic Routing
EIGRP
Routed and Routing
ProtocolsRouted Routing
IP IPX
Apple
Interior Gateway Protocols
Exterior Gateway Protocols
Dist-V
Link-S
Hybrid
RIPv1,2
RTMP
Novell RIP
IGRP
NLSP
OSPF
IS-IS
BGPv4
Routing protocols were created for routers. These protocols have been designed to allow the
exchange of routing tables, or known networks, between routers. There are a lot of different
routing protocols, each one designed for specific network sizes, so I am not going to be able to
mention and analyse them all, but I will focus on the most popular.
Dynamic Routing Protocols
There are 3 types of Dynamic routing protocols, these differ mainly in the way that they discover
and make calculations about routes (click to select):
1) Distance Vector
2) Link State
3) Hybrid
Distance Vector routers compute the best path from information passed to them from
neighbors
Link State routers each have a copy of the entire network map
Link State routers compute best routes from this local map
DISTANCE VECTOR ROUTING PROTOCOLS
Distance Vector routing protocols use frequent broadcasts (255.255.255.255 or FF:FF:FF:FF) of
their entire routing table every 30 sec. on all their interfaces in order to communicate with their
neighbours. The bigger the routing tables, the more broadcasts. This methodology limits
significantly the size of network on which Distance Vector can be used.
RIPV1:
Routing Information Protocol (RIP) is a true Distance-Vector routing protocol. It sends the
complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to
determine the best way to a remote network, but it has a maximum allowable hop count of 15,
meaning that 16 is deemed unreachable. RIP works well in small networks, but it is inefficient on
large networks with slow WAN links or on networks with large number of routers installed.
RIP comes in two different versions. RIP version 1 uses only classful routing, which means that
all devices in the network must use the same subnet mask. This is because RIP version 1 does
not include the subnet mask when it sends updates. RIP v1 uses broadcasts (255.255.255.255).
RIP version 2 does, however, and this is what we call classless routing (check the Subnetting
section for more details). RIP v2 uses multicasts (224.0.0.9) to update its routing tables.
COMMANDS:-
Configure RIP:
Use the following command to enable RIP on RouterA:
RouterA(config)#router rip
Configure the router to receive and send only RIP Version 2 packets using the following
command:
RouterA(config-router)#version 2
Use the following commands to specify the networks directly connected to the router:
RouterA(config-router)#network 192.168.11.0
RouterA(config-router)#network 192.168.22.0
Interior Gateway Protocol - IGRP
Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary Distance-Vector routing
protocol. This means that all your routers must be Cisco routers in order to use IGRP in your
network, keep in mind that Windows 2000 now supports it as well because they have bought a
licence from Cisco to use the protocol !
Cisco created this routing protocol to overcome the problems associated with RIP.
IGRP has a maximum hop count of 255 with a default of 100. This is helpful in larger networks
and solves the problem of there being only 15 hops maximum possible in
a RIP network. IGRPalso uses a different metric from RIP. IGRP uses bandwidth and delay of
the line by default as a metric for determining the best route to an internetwork. This is called a
composite metric. Reliability, load and Maximum Transmission Unit (MTU) can also be used,
although they are not used by default.
COMMANDS:-
RouterA#configure terminal
Enter configuration commands, one per line. End with Cntl/z
RouterA#(config)#router igrp AS no.
RouterA#(config-router)#network ip address
RouterA#(config-router)#exit
Link State Routing Protocols
Link State protocols, unlike Distance Vector broadcasts, use multicast. Link State routing
protocols do not view networks in terms of adjacent routers and hop counts, but they build a
comprehensive view of the overall network which fully describes the all possible routes along
with their costs. Using the SPF (Shortest Path First) algorithm, the router creates a "topological
database" which is a hierarchy reflecting the network routers it knows about. It then puts it's self
on the top of this hierarchy, and has a complete picture from it's own perspective.
Link State protocols in comparison to Distance Vector protocols have:
Big memory requirements
Shortest path computations require many CPU circles
If network is stable little bandwidth is used; react quickly to topology changes
Announcements cannot be “filtered”. All items in the database must be sent to neighbors
All neighbors must be trusted
Authentication mechanisms can be used to avoid undesired adjacencies
No split horizon techniques are possible
Open Shortest Path First (OSPF) Routing Protocol
Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol
(IP) networks by the interior gateway protocol (IGP) working group of the Internet
Engineering Task Force (IETF). The working group was formed in 1988 to design an
IGP based on the shortest path first (SPF) algorithm for use in the Internet. Similar to the
Interior Gateway Routing Protocol (IGRP), OSPF was created because in the mid-1980s,
the Routing Information Protocol (RIP) was increasingly unable to serve large,
heterogeneous internetworks.
OSPF is a classless routing protocol, which means that in its updates, it includes the
subnet of each route it knows about, thus, enabling variable-length subnet masks. With
variable-length subnet masks, an IP network can be broken into many subnets of various
sizes. This provides network administrators with extra network-configuration
flexibility.These updates are multicasts at specific addresses (224.0.0.5 and 224.0.0.6).
OSPF has two primary characteristics:
1) The protocol is open (non proprietary), which means that its specification is in the
public domain. The OSPF specification is published as Request For Comments (RFC)
1247.
2) The second principal characteristic is that OSPF is based on the SPF algorithm, which
sometimes is referred to as the Dijkstra algorithm, named for the person credited with its
creation.
COMMANDS:-
Router#config terminal
Router(config)#router ospf process-id
Router(config-router)#network network-number mask area area-id
Example:
Router(config-router)#network 192.168.10.0 255.255.255.0 area
0.0.0.0
Hybrid Routing Protocols
Hybrid Routing, commonly referred to as balanced-hybrid routing, is a combination of distance-
vector routing, which works by sharing its knowledge of the entire network with its neighbors
and link-state routing which works by having the routers tell every router on the network about
its closest neighbours
Eigrp
.Enhanced Interior Gateway Routing Protocol (EIGRP) is another Cisco proprietary, hybrid (has
feature of Distance Vector and Link State protocols), interior gateway protocol (IGP) used by
routers to exchange routing information. EIGRP uses a composite metric composed of
Bandwidth, Delay, Reliability, and Loading to determine the best path between two locations.
EIGRP can route IP, IPX and Appletalk. Along with IS-IS, it is one of the few multi-protocol
routing protocols.
The Diffusing Update Algorithm (DUAL) is the heart of EIGRP. In essence, DUAL always
keeps a backup route in mind, in case the primary route goes down. DUAL also limits how many
routers are affected when a change occurs to the network.
There is no maximum allowable number of hops. In a EIGRP network, each router multi-casts
"hello" packs to discover its adjacent neighbor. This adjcency database is shared with other
router to build a topology database. From the topology database the best route (Successor) and
the second best route (Feasible Successor) is found.
EIGRP is classless, meaning it does include the subnet mask in routing updates. However, by
default 'auto-summary' is enable. You must disable if you want subnet information from other
major networks.
The EIGRP metric is a can be a complex calculation, but by default it only uses bandwidth and
delay to determine the best path.
COMMANDS:-
Router#config terminal
Router (config)# router eigrp AS
Router (config-router)# network X.X.X.X
Network Address Translation (NAT)
The NAT Concept
NAT is not only used for networks that connect to the Internet. You can use NAT even
between private networks as we will see in the pages to follow, but because most
networks use it for their Internet connection, we are focusing on that.
The NAT concept is simple: it allows a single device to act as an Internet gateway for
internal LAN clients by translating the clients' internal network IP Addresses into the IP
Address on theNAT-enabled gateway device.
In other words, NAT runs on the device that's connected to the Internet and hides the rest
of your network from the public, thus making your whole network appear as one device
(or computer, if you like) to the rest of the world.
NAT is transparent to your network, meaning all internal network devices are not
required to be reconfigured in order to access the Internet. All that's required is to let your
network devices know that the NAT device is the default gateway to the Internet.
NAT is secure since it hides your network from the Internet. All communications from
your private network are handled by the NAT device, which will ensure all the
appropriate translations are performed and provide a flawless connection between your
devices and the Internet.
As you can see, we have a simple network of 4 hosts (computers) and one router that connects
this network to the Internet. All hosts in our network have a private Class C IP Address,
including the router's private interface (192.168.0.1), while the public interface that's connected
to the Internet has a real IP Address (203.31.220.134).
The NAT Table
The NAT table is the heart of the whole NAT operation, which takes place within the router (or
any NAT-enabled device) as packets arrive and leave its interfaces. Each connection from
the internal (private) network to the external (public-Internet) network, and vice versa, is tracked
and a special table is created to help the router determine what to do with all incoming packets
on all of its interfaces; in our example there are two. This table, known as the NAT table, is
populated gradually as connections are created across the router and once these connections are
closed the entries are deleted, making room for new entries.
TYPES OF NAT:
Static Network Address Translation
Static NAT (also called inbound mapping) is the first mode we're going to talk about and also
happens to be the most uncommon between smaller networks.
Static NAT was mainly created to allow hosts on your private network to be direcly accessible
via the Internet using real public IPs; we'll see in great detail how this works and is
maintained. Static NAT is also considered a bit dangerous because a misconfiguration to your
firewall or other NAT-enabled device can result in the full exposure of the machine on your
private network to which the public IP Address maps, and we'll see the security risks later on this
page.
As mentioned in the introduction, Static NAT allows the mapping of public IP Addresses to
hosts inside the internal network. In simple english, this means you can have a computer on your
private network that exists on the Internet with its own real IP.
The diagram below has been designed to help you understand exactly how Static NAT works:
Dynamic Network Address Translation
Dynamic NAT is the second NAT mode we're going to talk about. Dynamic NAT, just
like Static NAT, is not that common in smaller networks but you'll find it used within larger
corporations with complex networks.
The way Dynamic NAT differentiates from Static NAT is that where Static NAT provides a one-
to-one internal to public static IP mapping, Dynamic NAT does the same but without making the
mapping to the public IP static and usually uses a group of available public IPs.
With Dynamic NAT, we also map our internal IP Addresses to real public IP Addresses, but the
mapping is not static, meaning that for each session our internal hosts communicate with the
Internet, their public IP Addresses remain the same, but are likely to change. These IPs are taken
from a pool of public IP Addresses that have been reserved by our ISP for our public network.
The diagram above is our example network and shows our router, which is configured to
perform Dynamic NAT for the network. We requested 4 public IPs from our ISP
(203.31.218.210 to 203.31.218.213), which will be dynamically mapped by our router to our
internal hosts. In this particular session our workstation, with IP Address 192.168.0.1, sends a
request to the Internet and is assigned the public IP address 203.31.218.210. This mapping
between the workstation's private and public IP Address will remain until the session finishes.
The router is configured with a special NAT timeout and, after this timeout is reached (no traffic
sent/received during that time), the router will expire the particular mapping and reuse it for a
different internal host.
Network Address Translation Overload
NAT Overload is the most common NAT method used throughout all networks that connect to
the Internet. This is because of the way it functions and the limitations it can overcome, and we'll
explore all of these in the next two pages.
Whether you use a router, firewall appliance, Microsoft's Internet sharing ability or any 3rd party
program that enables all your home computers to connect to the Internet via one connection,
you're using NAT Overload.
This NAT mode is also know by other names, like NAPT (Network Address Port Translation),
IP Masquerading and NAT with PAT (Port Address Translation). The different names logically
come from the way NAT Overload works, and you'll understand this by the time we're finished
with the topic.
NAT Overload is a mix of Static & Dynamic NAT with a few enhancements thrown in (PAT-
Port Address Translation) to make it work the way we need. By now you understand how
bothStatic & Dynamic NAT work so we won't get into the details again. NAT Overload takes a
Static or Dynamic IP Address that is bound to the public interface of the gateway (this could be a
PC, router or firewall appliance) and allows all PCs within the private network to access the
Internet.
If you find yourself wondering how this is possible with one only IP Address, you will be happy
to find that the answer lies within PAT.
The diagram below shows you how a single session is handled by a NAT Overload enabled
device:
So we have a host on a private network, its IP Address is 192.168.0.1 and it's sending a packet to
the Internet, more specifically to IP Address 200.0.0.1, which we're assuming is a server. The
Port, which is 23, tells us that it's trying to telnet to 200.0.0.1, since this is the default port telnet
uses.
As the original packet passes through the router, the Source IP Address field is changed by the
router from 192.168.0.1 to 203.31.218.100. However, notice that the ports are not ‘changed.
COMMANDS:
access-list 1 permit your_lan_address_range
example: access-list 1 permit 192.168.1.0
Now that we defined the addresses that are allowed to use the NAT address we enable the actual
NAT:
ip nat inside source list access-list number interface overload
example: ip nat inside source list 1 dialer0 overload
This command states that it will use the addresses from the access-list we defined in step 1 and
NAT it to the Public IP address on the interface, e.g. serial 0, dialer 0, ethernet 1,… The overload
keyword specifies that multiple LAN addresses can be NAT’d to that address. The router uses
the TCP and UDP ports of the hosts [LAN addresses] to translate the public IP address back to
the originating local host address.
The last steps we need to configure is to tell the router which our inside and outsideaddresses.
This is achieved using the following commands:
- for the inside
conf t
interface ethernet | fastethernet number
ip nat inside
- for the outside, assume we are dealing with an xDSL router
conf t
interface dialer0
ip nat outside
Now that NAT is configured we can check to see which addresses are being used by using
the show ip nat translations commands.
INTERNET CONNECTION SHARING
ICS provides networked computers with the ability to share a single connection to the Internet.
If you have multiple computers, you can use ICS to allow you and others on your local area
network (LAN) to perform different tasks simultaneously. For example, one person can send and
receive e-mail messages, while another person downloads a file, and another person browses the
Internet. You can also gain access to your corporate e-mail accounts from a client computer
while others on your LAN cannot. You can use Web-enabled programs (such as downloading
updates) as well as Microsoft NetMeeting and other video conferencing programs.
Internet Connection Sharing Components
DHCP Allocator - A simplified DHCP service that assigns the IP address, gateway, and
name server on the local network.
DNS Proxy - Resolves names on behalf of local network clients and forwards queries.
Network Address Translation (NAT) - Maps a set of private addresses to a set of public
addresses. NAT tracks private-source IP addresses and public-destination IP addresses
for outbound flows. It changes the IP address information and edits the required IP
header information dynamically.
Auto-dial - Automatically dials connections.
Application programming interfaces (APIs) - For configuration, status, and dial control
for programs.
How to use Internet Connection Sharing
To use Internet Connection Sharing to share your Internet connection, the host computer must
have one network adapter that is configured to connect to the internal network, and one network
adapter or modem that is configured to connect to the Internet.
On the host computer
On the host computer, follow these steps to share the Internet connection:
1. Log on to the host computer as Administrator or as Owner.
2. Click Start, and then click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click the connection that you use to connect to the Internet. For example, if you
connect to the Internet by using a modem, right-click the connection that you want
under Dial-up.
6. Click Properties.
7. Click the Advanced tab.
8. Under Internet Connection Sharing, select the Allow other network users to connect
through this computer's Internet connection check box.
9. If you are sharing a dial-up Internet connection, select the Establish a dial-up
connection whenever a computer on my network attempts to access the
Internet check box if you want to permit your computer to automatically connect to the
Internet.
10. Click OK. You receive the following message:
When Internet Connection Sharing is enabled, your LAN adapter will be set to use IP
address 192.168.0.1. Your computer may lose connectivity with other computers on
your network. If these other computers have static IP addresses, it is a good idea to set
them
to obtain their IP addresses automatically. Are you sure you want to enable Internet
Connection Sharing?
11. Click Yes.
On the client computer
To connect to the Internet by using the shared connection, you must confirm the LAN adapter IP
configuration, and then configure the client computer. To confirm the LAN adapter IP
configuration, follow these steps:
1. Log on to the client computer as Administrator or as Owner.
2. Click Start, and then click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click Local Area Connection, and then click Properties.
6. Click the General tab, click Internet Protocol (TCP/IP) in the This connection uses
the following items list, and then click Properties.
7. In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP address
automatically (if it is not already selected), and then click OK.
Note You can also assign a unique static IP address in the range of 192.168.0.2 to
192.168.0.254. For example, you can assign the following static IP address, subnet mask,
and default gateway:
8. IP Address 192.168.0.2
9. Subnet mask 255.255.255.0
10. Default gateway 192.168.0.1
11. In the Local Area Connection Properties dialog box, click OK.
12. Quit Control Panel.
12.
SWITCHING:
What is a VLAN?
As I said, a VLAN is a virtual LAN. In technical terms, a VLAN is a broadcast domain created
by switches. Normally, it is a router creating that broadcast domain. With VLAN’s, a switch can
create the broadcast domain.
This works by, you, the administrator, putting some switch ports in a VLAN other than 1, the
default VLAN. All ports in a single VLAN are in a single broadcast domain.
Because switches can talk to each other, some ports on switch A can be in VLAN 10 and other
ports on switch B can be in VLAN 10. Broadcasts between these devices will not be seen on any
other port in any other VLAN, other than 10. However, these devices can all communicate
because they are on the same VLAN. Without additional configuration, they would not be able to
communicate with any other devices, not in their VLAN.
How can devices on different VLAN’s communicate?
Devices on different VLAN’s can communicate with a router or a Layer 3 switch. As each
VLAN is its own subnet, a router or Layer 3 switch must be used to route between the subnets.
What is a trunk port?
When there is a link between two switches or a router and a switch that carries the traffic of more
than one VLAN, that port is a trunk port.
A trunk port must run a special trunking protocol. The protocol used would be Cisco’s
proprietary Inter-switch link (ISL) or the IEEE standard 802.1q.
How do I create a VLAN?
Configuring VLAN’s can vary even between different models of Cisco switches. Your goals, no
matter what the commands are, is to:
Create the new VLAN’s
Put each port in the proper VLAN
Let’s say we wanted to create VLAN’s 5 and 10. We want to put ports 2 & 3 in VLAN 5
(Marketing) and ports 4 and 5 in VLAN 10 (Human Resources). On a Cisco 2950 switch, here is
how you would do it:
At this point, only ports 2 and 3 should be able to communicate with each other and ports 4 & 5
should be able to communicate. That is because each of these is in its own VLAN. For the device
on port 2 to communicate with the device on port 4, you would have to configure a trunk port to
a router so that it can strip off the VLAN information, route the packet, and add back the VLAN
information.
What do VLAN’s offer?
VLAN’s offer higher performance for medium and large LAN’s because they limit broadcasts.
As the amount of traffic and the number of devices grow, so does the number of broadcast
packets. By using VLAN’s you are containing broadcasts.
VLAN’s also provide security because you are essentially putting one group of devices, in one
VLAN, on their own network.
INTER VLAN ROUTING:
Applicable Network Scenarios
As shown in the figure below, the addition of a router makes it possible to send traffic between
VLANs
while still containing broadcast traffic within VLAN boundaries.
The router uses IP subnets to move traffic between VLANs. Each VLAN has a different IP
subnet, and
there is a one-to-one correspondence of VLAN and IP subnet boundaries. If a host is in a given
IP subnet,
it is also in a given VLAN, and vice-versa.
Access Control List, ACL is a listing containing one or more ACE that tells a computer
operating system or other network device what rights users have to each item on a computer or
network device. For example, an ACL may specify if a user or the users group have access to a
file or folder on that computer or network.
Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of
criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL
does not take effect until it is expressly applied to an interface with the ip access-group
command. Packets can be filtered as they enter or exit an interface.
If a packet enters or exits an interface with an ACL applied, the packet is compared against the
criteria of the ACL. If the packet matches the first line of the ACL, the appropriate “permit” or
“deny” action is taken. If there is no match, the second line’s criterion is examined. Again, if
there i
Each of these rules has some powerful implications when filtering IP and IPX packets with
access lists.
There are two types of access lists used with IP and IPX:
Standard access lists
These use only the source IP address in an IP packet to filter the network. This basically permits
or denies an entire suite of protocols. IPX standards can filter on both source and
destination IPX address.
Extended access lists
These check for both source and destination IP address, protocol field in the Network layer
header, and port number at the Transport layer header. IPX extended access lists use source and
destination IPX addresses, Network layer protocol fields, and socket numbers in the Transport
layer header.
Define In, Out, Inbound, Outbound, Source, and Destination
The router uses the terms in, out, source, and destination as references. Traffic on the router can
be compared to traffic on the highway. If you were a law enforcement officer in Pennsylvania
and wanted to stop a truck going from Maryland to New York, the source of the truck is
Maryland and the destination of the truck is New York. The roadblock could be applied at the
Pennsylvania–New York border (out) or the Maryland–Pennsylvania border (in).
When you refer to a router, these terms have these meanings.
Out—Traffic that has already been through the router and leaves the interface. The
source is where it has been, on the other side of the router, and the destination is where it
goes.
In—Traffic that arrives on the interface and then goes through the router. The source is
where it has been and the destination is where it goes, on the other side of the router.
Inbound —If the access list is inbound, when the router receives a packet, the Cisco IOS
software checks the criteria statements of the access list for a match. If the packet is
permitted, the software continues to process the packet. If the packet is denied, the
software discards the packet.
Outbound—If the access list is outbound, after the software receives and routes a packet
to the outbound interface, the software checks the criteria statements of the access list for
a match. If the packet is permitted, the software transmits the packet. If the packet is
denied, the software discards the packet.
Standard IP Access Lists
Standard IP access lists filter the network by using the source IP address in an IP packet.
You create a standard IP access list by using the access list numbers 1–99.
Here is an example of the access list numbers that you can use to filter your network.
The different protocols that you can use with access lists depend on your IOS version.
RouterA(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<200-299> Protocol type-code access list
<300-399> DECnet access list
<400-499> XNS standard access list
<500-599> XNS extended access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
By using the access list numbers between 1–99, you tell the router that you want to create a
standard IP access list.
RouterA(config)#access-list 10 ?
deny Specify packets to reject
permit Specify packets to forward
After you choose the access list number, you need to decide if you are creating a permit or deny
list. For this example, you will create a deny statement:
RouterA(config)#access-list 10 deny ?
Hostname or A.B.C.D Address to match
any Any source host
host A single host address
The next step requires a more detailed explanation. There are three options available. You can
use the any command to permit or deny any host or network, you can use an IP address to
specify or match a specific network or IP host, or you can use the host command to specify a
specific host only.
Here is an example of using the host command:
RouterA(config)#access-list 10 deny host 172.16.30.2
This tells the list to deny any packets from host 172.16.30.2. The default command is host. In
other words, if you type access-list 10 deny 172.16.30.2, the router assumes you
mean host 172.16.30.2.
However, there is another way to specify a specific host: you can use wildcards. In fact, to
specify a network or a subnet, you have no option but to use wildcards in the access list.
Extended IP Access Lists
In the standard IP access list example, notice how you had to block the whole subnet from
getting to the finance department. What if you wanted them to gain access to only a certain
server on the Finance LAN, but not to other network services, for obvious security reasons? With
a standard IP access list, you can’t allow users to get to one network service and not another.
However, extended IP access lists allow you to do this. Extended IP access lists allow you to
choose your IP source and Destination address as well as the protocol and port number, which
identify the upper-layer protocol or application. By using extended IP access lists, you can
effectively allow users access to a physical LAN and stop them from using certain services.
Here is an example of an extended IP access list. The first command shows the access list
numbers available. You’ll use the extended access list range from 100 to 199.
At this point, you need to decide what type of list entry you are making. For this example, you’ll
choose a deny list entry.
RouterA(config)#access-list 110 ?
deny Specify packet
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward
Once you choose the access list type, you must choose a Network layer protocol field entry. It is
important to understand that if you want to filter the network by Application layer, you must
choose an entry here that allows you to go up through the OSI model. For example, to filter by
Telnet or FTP, you must choose TCP here. If you were to choose IP, you would never leave the
Network layer, and you would not be allowed to filter by upper-layer applications.
RouterA(config)#access-list 110 deny ?
<0-255> An IP protocol number
eigrp Cisco's EIGRP routing protocol
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
igrp Cisco's IGRP routing protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
Once you choose to go up to the Application layer through TCP, you will be prompted for the
source IP address of the host or network. You can choose the any command to allow any source
address.
RouterA(config)#access-list 110 deny tcp ?
A.B.C.D Source address
any Any source host
host A single source host
After the source address is selected, the destination address is chosen.
RouterA(config)#access-list 110 deny tcp any ?
A.B.C.D Destination address
any Any destination host
eq Match only packets on a given port number
gt Match only packets with a greater port number
host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
In the example below, any source IP address that has a destination IP address of 172.16.30.2 has
been denied.
RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 ?
eq Match only packets on a given port number
established Match established connections
fragments Check fragments
gt Match only packets with a greater port number
log Log matches against this entry
log-input Log matches against this entry, including input interface
lt Match only packets with a lower port number
neq Match only packets not on a given port number
precedence Match packets with given precedence value
range Match only packets in the range of port numbers
tos Match packets with given TOS value
Now, you can press Enter here and leave the access list as is. However, you can be even more
specific: once you have the host addresses in place, you can specify the type of service you are
denying. The following help screen gives you the options. You can choose a port number oruse
the application or even the program name.
RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq ?
<0-65535> Port number
Monitoring IP Access Lists
It is important to be able to verify the configuration on a router. The following commands can be
used to verify the configuration:
show access-list Displays all access lists and their parameters configured on the router.
This command does not show you which interface the list is set on.
show access-list 110 Shows only the parameters for the access list 110. This command
does not show you the interface the list is set on.
show ip access-list Shows only the IP access lists configured on the router.
show ip interface Shows which interfaces have access lists set.
show running-config Shows the access lists and which interfaces have access lists set.
Servers
A server is primarily a program that runs on a machine, providing a particular and specific
service to other machines connected to the machine on which it is found.
Nowadays, server functionality has become so rich, complex and varied in nature that there are
whole very powerful computers dedicated to being exclusively servers. This has led many non-
technical people to denote servers as being machines that run services.
A network server is a computer designed to process requests and deliver data to other (client)
computers over a local network or the Internet. Network servers typically are configured with
additional processing, memory and storage capacity to handle the load of servicing clients.
DHCP SERVER
DHCP (Dynamic Host Configuration Protocol) is a protocol that allows a central
computer to automatically assign the TCP/IP network configuration to
individual work-stations on a private network.
With DHCP enabled it suffices to enable the "Obtain an IP address
automatically" in the TCP/IP configuration on the private network. The DHCP
Server then takes over the responsibility of assigning the TCP/IP parameters,
significantly lowering the task of network maintenance
How Does DHCP Work?
At boot time the computer has no network parameters assigned to it. The
following list provides an overview of the typical network parameters:
IP address and network mask �
Default route/gateway ñ an IP address which will be used for forwarding �
packets whose destinations are beyond local network
DNS servers for resolving Internet names (e.g. internet.com) to IP �
addresses
Workstation parameters, e.g., domain name or workgroup/workstation �
name
Static routes �
IP forwarding setting �
MTU size �
Other settings (a complete list can be found in the DHCP RFCs)�
Static configuration� .
With static configuration, the client computer uses pre-configured network parameters. The
disadvantages of this approach include the possibility of IP address conflicts and the
administrative issues possible when manually configuring many internal clients.
DHCP configuration (automatic� ).
With automatic configuration, the computer obtains its network parameters from the DHCP
Server. This way the IP addresses are automatically managed and accordingly address conflicts
are avoided. If manual and automatic network configurations are used together, the administrator
must ensure that the DHCP Server wonít assign IP addresses used by manually-configured
computers
How to configure the DHCP server.
Once you have considered the implications of DHCP in your network, you are ready to get
started with the simple configuration.
For a small network, the configuration of the DHCP Server is not very challenging and the InJoy
DHCP Server Plugin is deliberately designed to be extremely simple. In fact, in the InJoy
Firewallô, you can immediately enable the DHCP Server and have it operational in less than a
minute. Here is how.
DNS SERVER
The Domain Name System (DNS) is a standard technology for managing the names of Web sites
and other Internet domains. DNS technology allows you to type names into your Web browser
like compnetworking.about.com and your computer to automatically find that address on the
Internet. A key element of the DNS is a worldwide collection of DNS servers. What, then, is a
DNS server?
Answer: A DNS server is any computer registered to join the Domain Name System. A DNS
server runs special-purpose networking software, features a public IP address, and contains a
database of network names and addresses for other Internet hosts.
DNS Root Servers
DNS servers communicate with each other using private network protocols. All DNS servers are
organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the
complete database of Internet domain names and their corresponding IP addresses. The Internet
employs 13 root servers that have become somewhat famous for their special role. Maintained by
various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of
these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm,
Sweden.
DNS Server Hierarchy
The DNS is a distributed system, meaning that only the 13 root servers contain the complete
database of domain names and IP addresses. All other DNS servers are installed at lower levels
of the hierarchy and maintain only certain pieces of the overall database.
Most lower level DNS servers are owned by businesses or Internet Service Providers (ISPs). For
example, Google maintains various DNS servers around the world that manage the google.com,
google.co.uk, and other domains. Your ISP also maintains DNS servers as part of your Internet
connection setup.
Top Related