| Date post: | 03-Oct-2015 |
| Category: |
Documents |
| Upload: | pardeep-sharma |
| View: | 215 times |
| Download: | 0 times |
CAPSTONE PROJECT REPORT
(Project Term August-December, 2013)
(Access Control List In VLAN Environment)(Networking)Submitted by
(Pardeep sharma ) Registration Number: 10803336(Manik kamboj) Registration Number: (Navdeep singh) Registration Number: (Manbir singh)
Project Group Number .Under the Guidance of Navjot Kaur () (Lecturer) Discipline of Computer Science and Information TechnologyLovely Professional University, PhagwaraAugust to December, 2013DECLARATION
We hereby declare that the project work entitled (ACL In VLAN Environment) is an authentic record of our own work carried out as requirements of Capstone Project (Part-I) for the award of degree of B.Tech in CSE (Diploma-B.Tech-MBA) from Lovely Professional University, Phagwara, under the guidance of Navjot Kaur(14), during August to December, 2013).
Project Group Number: Name of Student 1: Pardeep Sharma Registration Number: 10803336
Name of Student 2: Manik Kamboj Registration Number:
Name of Student 3: Navdeep Singh Registration Number:
Name of Student 4: Manbir Singh Registration Number:
CERTIFICATE
This is to certify that the declaration statement made by this group of students is correct to the best of my knowledge and belief. The Capstone Project Proposal based on the technology / tool learnt is fit for the submission and partial fulfillment of the conditions for the award of B.Tech in CSE from Lovely Professional University, Phagwara.
Name : ..
U.ID :
Designation : .
Signature of Faculty Mentor
ACKNOWLEDGEMENT
I would like to thank my guide Mrs. Navjot Kaur who guided me , taught me and helped me completing my Six Month Capstone Project. I would also like to thank my family and friends for supporting me completing my training. I acknowledge thatI have completed this project report by myself and I have not copied this report from anybody. First of all, I would like to thank the supreme power, the Almighty God for his blessings showered on us that were able to complete this project work in this topic relevant to the present time.I also thank our beloved parents who supported us emotionally & financially to prepare this project report. Their motivation is unmatchable. I pay our deep gratitude to faculty for their motivation and supervision. Thank You,
Reg. No. 10803336
Reg. No.
Reg. No. Reg. No.
ABSTRACT
Contents1. Internetworking Concepts2. Ip Addressing(IPv4)3. Introduction to routers4. Basic and Advance Configuration of router5. Routing6. ACL (Access Control List)7. NAT(Network Address Translation)/PAT(Port Address Translation)8. Switching(a) VLAN(b) STP(c) VTP9. WAN Connection(a) SDLC(b) Frame-Relay10 . IPv6
INTERNETWORKING CONCEPTS Internetworking is a combination of INTER and Networking. It means communicating a computer in a network with other networks through the use of gateways that provide a method of routing information between the networks. It is simply known as internet.
INTRODUCTION TO NETWORK A network is a system that transmits any combination of voice, video and or data between users. A network can be defined by its geographical dimensions and by which the user,s PC access it.
Requirement of Networking1. Resource Sharing2. High Reliability3. ScalabilityTypes of Network1. LAN2. MAN3. WANTwo architectural models are commonly used to describe the protocols and methods used in internetworking. 1. OSI Model2. TCP/IP
OSI Model Description
Cables: LAN Cable (a) UTP -> Unshielded Twisted Pair(b) STP -> Shielded Twisted PairTwo types of cables (a) Straight Cable (b) Cross Over CableCategory of devices(a) DTE (Data Terminal Equipment)(b) DCE (Data Communication Equipment) DTE devices such as PCs, hosts and Routers.DCE devices such as Hub, Switch. For communication between DTE and DCE devices
DTEDTE :->Cross Over Cable is used.DCEDCE:->Cross Over Cable is used.DTEDCE:->Straight cable is used.
COLOR CODING for straight and cross over cable
For Straight Cable1. White/Green2. Green3. White/Orange4. Blue5. White/Blue6. Orange7. White/Brown8. BrownFor Cross Over1. W/Orange2. Orange3. W/Green 4. Blue5. W/Blue6. Green7. W/Brown8. Brown
IP ADDRESSING: Every machine on the network has its own unique identity number called the IP address. e.g 10.1.1.25.There are two versions of ip addresses that are used now a days.i.e IPv4 and IPv6. IPv6 is used at server ends in INDIA.Each IP address is split into two sections:-1. Network Address2. Host AddressIp addresses are divided into five classes1. Class A is having network id of 8 bit and host id of 24 bit.2. Class B is having network id of 16 bit and host id of 16 bit.3. Class C is having network id of 24 bit and host id of 8 bit.4. Class D is used for multicasting .5. Class E is used for research work.Range of Classes:-1. Class A= 0-1262. Class B=128-1913. Class C= 192-2234. Class D= 224-2395. Class E=240-255
Private IP
It is not necessary that every time we make a network we are connected to some.ISP (Internet Service Provider). So in that case we require some private IP alsowhich can be used in indigenous networks .In each class a range of IP addresses have been defined for this purpose. CLASS A 10.0.0.1 to 10.255.255.244CLASS B 172.16.0.1 to 172.34.255.254CLASS C 192.168.0.0/16
Loopback- The IP address 127.0.0.1 is used as the loopback address. Thismeans that it is used by the host computer to send a message back to itself. It iscommonly used for troubleshooting and network testing.There is a concept called Subnetting that is used to divide a network into its sub parts. Subnetting is of two types FLSM and VLSMFLSM: Fixed LAN subnet Mask. VLSM: Variable LAN Subnet Mask.
SUBNETTING: There are lots of reasons in favor of subnetting, including the following benefits:
Reduced network traffic Optimized network performance Simplified management Facilitated spanning of large geographical distance
By default subnet mask for Class A is 255.0.0.0.By default subnet mask for Class B is 255.255.0.0By default subnet mask for Class C is 255.255.255.0By default subnet mask for Class D is 255.255.255.255ROUTERS: Establishing a computer network requires the installation of several hardware and software components. The data is sent to the next network points in the form of packets; this transfer of packets is carried through routers.
Types of routers:1. 2620XM2. 2621XM3. 2811
Routers of 2600 series are used in IPv4 for communication and 2800 series are used in IPv6 for communication. When multiple routers are used in interconnected networks, the routers exchange information about destination addresses, using a dynamic routing protocol. Each router builds up a table listing the preferred routes between any two systems on the interconnected networks. A router has interfaces for different physical types of network connections, (such as copper cables, fiber optic, or wireless transmission). Routers may also be used to connect two or more logical groups of computer devices known as subnets, each with a different sub-network address. The subnets addresses recorded in the router do not necessarily map directly to the physical interface connections.[2] A router has two stages of operation called planes:[3] Control plane: A router records a routing table listing what route should be used to forward a data packet, and through which physical interface connection. It does this using internal pre-configured addresses, called static routes.Forwarding plane: The router forwards data packets between incoming and outgoing interface connections. It routes it to the correct network type using information that the packet header contains. It uses data recorded in the routing table control plane.
2500 and 2600 series are also known as Middle Age Router.
Practical Introduction to routers Routers operates mostly through CLI i.e. , Command Line InterfaceComponents of a router1. Processor2. RAM3. NVRAM4. Flash Memory5. ROM
1. Processor: It is used for processing related to routing. Processors are mostly made by Motorola Company.2. RAM: It is a volatile memory. In RAM there is a file named Running-Config that contains all the data of RAM. In Running-Config all the files are the files are stored temporarily.3. NVRAM: It is a Non-Volatile memory. In NVRAM the data is permanently stored. There is a file named Startup-Config that contains the data. When we copy the data from running-config to startup-config then after the data is permanently stored.4. Flash Memory: It contains the IOS of the router. IOS stands for INTERNETWORK OPERATING SYSTEM5.ROM: ROM contains the following (a) POST(Power ON Self Test) Program (b) Bootstrap Program (c) Mini OS used for trouble shooting
Booting sequence of Router1. POST program will check all hardware and memory status of router.2. Booting files will load into the RAM from ROM3. Bootstrap Program will load the IOS into RAM from Flash memory.4. It will prepare a list of hardware and software components of a router.5. It will copy the Startup-config into Running-config file from NVRAM to RAM6. It will ask to configure Startup-config file.
ADVANTAGES OF USING ROUTER:
1. There are two advantages of using routers in the network:2. They dont forward broadcasts by default3. They can filter the network based on layer 3 (Network Layer) information (eg. IP Address)
FUNCTIONS OF ROUTERS:
1. Packet switching2. Packet filtering3. Internetwork communication4. Path selection
2500 Series RouterIt contains following ports1. AUI(Attachment Unit Interface)- It has 15 pins used for LAN connection.2. Serial 0- It has 60 pins and is used to connect router to another router through serial cable. It has two ends i.e. DTE and DCE. 3. Serial 1- It has 60 pins.4. BRI(Basic Rate Interface) - It is a RJ-45 connector and is used for connection through telephone lines.5. Console-It is a RJ-45 connector and is used for accessing the router for configuration. Rolled over cable or console cable is used to connect PC and router. Hyperterminal service is used for this service.6. AUX-It is a RJ-45 connector. It is used for modem connection.
Modes of Router1. User Execution mode Router>2. Privilage Execution mode Router#3. Third ModeRouter(config)#
In user execution mode we will use only one command
Router>enableAfter the above command we will enter into the second mode.After entering second mode we will type Configure terminal to enter into the third mode. After entering the third mode we can configure new settings for the router.Exit command is used for going back to the previous mode.
Here is a list of commands that are in router for various purposes.
For changing the name of the router we type the command as followingThis command works on third mode .
e.g Router(config)#hostname name Here name is the name of the router that we want to change.
Router(config)#hostname R1It will give output as:R1(config)#
To show details of all the interfaces of routersR1# show ip interface briefIn routers status of all the interfaces is by default Administratively down. For assigning Ip addresses to interfacesR1(config)# interface fastethernet 0/0R1(config-if)#ip address 10.1.1.1 255.0.0.0 The above command is used for assigning ip address to the fastethernet 0/0 interface and 255.0.0.0 is the subnet mask of the of given ip address. As the given subnet is the by default for CLASS A ip address. If we do not provide subnet mask along with ip address it will give the following error.INCOMPLETE COMMAND
For changing the status from administratively down to up.R1(config-if)# no shutdownAfter this command a message will be displayed.The same command can be used to configure ip addresses to other interfaces.
To see the configuration in RAMR1#show running config
TYPES OF ROUTER PASSWORDS
1. Enable Password2. Enable Secret Password3. Line Console4. Telnet Password/Line vty password5. Auxillary Password
1. Enable Password: This password is applicable when we want to enter into the second mode.Command: enable password passHere pass is the password that we have assigned.2. Enable Secret Password: Used in same place as enable passwordCommand: enable secret pass_name The main difference between enable password and enable secret password is that enable secret password is stored in the encrypted form in the RAM for temporary storage and in NVRAM for permanent storage.
3. Line Console Password:This password is asked when we access router through console cable.It is asked before entering into the first mode.
In third mode ::R1(config)#line console 0R1(config-line)#password pass_nameThis password is not enabled yet.
R1(cconfig-line)#loginThis command is used to enable the console password as the console password is by default disabled.
4. Line vty password or Telnet password:To apply telnet on the router,we firstly have to apply telnet password and enable password or enable secret password.Command: R1(config)#line vty 0 15 R1(config-line)#password pass_name R1(config)#enable secret pass_nameNow we have access over the telnet service.
5. Auxillary password:This password is used to protect access of router through modem.Command:R1(config)#line console 0 R1(config-line)#password pass_nameHere line console 0 is used in packet tracer and line aux 0 is used in case of real routers. AND 0 indicates single user.To save configuration and passwordsR1(config)#copy running-config startup-configORR1(config)#w ROUTINGDefinition: Process of selecting best path from multiple available paths or routes and then forwarding the data over that best route.Types : 1. Static Routing2. Dynamic Routing
In static routing route is decided by the administrator and it is used in small routers. Where-else in dynamic routing route is decided by routing protocols. In dynamic routing route can also be defined by administrator bnuut in case of complicated networks.There are mainly two things to do in routing. i.e, Data scheduling and Data forwarding.
There are two types of protocols.1. Routing Protocols:These are used for best route selection and the examples of these are RIP,OSPF,EIGRP
2. Routed Protocols: These are used for best route selection and the examples for these are IPv4,IPv6,Apple talk.
STATIC ROUTING:
R3(config)#ip route 11.0.0.0 255.0.0.0 50.1.1.2R3(config)#ip route 12.0.0.0 255.0.0.0 50.1.1.2R3(config)#ip route 60.0.0.0 255.0.0.0 50.1.1.2
The above commands are used for telling the router 3 that there are other ip addresses also exists. AND same commands are used for router 4 and 5 but the ip address will change.
There is a command for checking the routing table.Router# show ip route
DYNAMIC ROUTING
In dynamic routing there is term called AS or AUTONOMOUS SYSTEM i.e if we have many routers in a system and only there is only one admin and only one policy for all routers then the system is called as Autonomous system. And if we have different policies the the system is called as autonomous system.
Two types of routing protocols1. IGP: Interior Gateway Protocol and it is used in AS.2. EGP: Exterior Gateway Protocol and it is used in different AS.
IGP is further is further divided into three protocols1. Distant Vector Routing Protocol2. Link State Routing Protocol3. Hybrid Routing Protocol
Distant Vector Routing Protocol is further divided into.1. RIP: Routing Information Protocol2. IGRP: Interior Gateway Routing Protocol
Link State Routing Protocol is divided into1. OSPF: Open Shortest Path First2. IS-IS: Intermediate SystemHybrid Routing Protocol has further one part : EIGRP: Enhanced Interior Gateway Routing Protocol
RIP(Routing Information Protocol) It is a distance vector protocol. It measures distance according to number of hopes/router. Metrics used is HOP Count. It can support only 15 hopes at maximum. It sends full routing update after every 30 seconds. It is a vendor neutral protocol. Updates are send to directly connected hopes.
RIP has two versions RIPv1 RIPv2 1. It does not support subnetting. It supports subnetting.2. It cannot understand classless IP. It can understand classless IP.3. It does not send network ID or It sends network ID or subnet mask network subnet mask information. Information.Broadcast address:255.255.255.255 Multicast Address: 224.0.0.9 for advertising for advertising its network. Its network.
Commands used in RIP R1(config)#router rip For enabling RIP R1(config-router)#Network network_address R1(config-router)#Network network_addressand so on according to the number of physical connection to the router and same commands for other routers.To show the routing table0 OSPF(Open Shortest Path First): It sends subnet status of every link with its neighbour(s).Features1. It is a link state routing protocol.2. It uses Link State Advertise message to share routing information.3. It sends full routing update only first time after that update only related to network changing will be sent.
4. It sends routing update message after 30 minutes but if any change occurs in the network it can send routing update before 30 minutes also.5. It uses bandwidth metrics.6. It uses SPF/Dijkstra Algorithm.7. It uses two addresses for multicasting 224.0.0.5 and 224.0.0.6 for advertising its network.8. It is also vendor neutral.
There are three types of table in OSPF1. Neighbour Table2. Database/Topology Table3. Routing Table
Neighbour Table: For being a neighbour following conditions should be met1. Hello Interval Time: It should be same. e.g. Router1 will send Hello manage to router2 and vice versa for checking connectivityHello message contain: 1. Hello Interval Time2. Dead Interval Time3. RID-Router ID If the interval time is not same, then these cannot be the neighbour whether directly connected.
Dead Interval Time should be same.It router1 sends message and router2 does not reply for another 10 sec then router1 sends hello message again to router2 and so on for another 30 seconds i.e. four messages will be sent for confirmation otherwise it will be considered DEAD INTERVAL TIME. Subnet should be same. Routers can communicate directly or indirectly.Types of Links:-1. P2P:- eg Serial Connection and it has direct connectivity.2. Multipoint:-Any router can share information with any router indirectly.There is a head called DR or Designated router and sub head called BDR or Backup Designated Router. If any router want to share information other than DR and BDR then that router will send information to DR and BDR and then DR will send that information to other routers.BDR will work in the absence of DR or when DR gets corrupted.
224.0.0.5 is used for sending message to DR and BDR.224.0.0.6 is used for sending message to other routers by DR and BDR.
Election of DR and BDR1. OSPF Priority Value: The router having maximum OSPF priority value will be elected as DR and second maximum OSPF priority value will be elected BDR. All routers are having by default OSPF priority value 1.2. Routers are having maximum 32 bit RID value. It appears same as IP address. The router having the maximum RID value will be elected as DR. Admin never configure RID value.3. We have one logical interface known as LOOPBACK INTERFACE, we can assign IP to loopback interface . We normally dont assign IP to loopback interface, then the maximum IP address on any physical interface will be considered as RID value.Database/Topology Table: Entry related to all possible routers to reach destination networks will be entered in topology table.Routing Table: Entry related to best route from all available route to reach a destination network.WILD CARD MASK: It also defines netwrk ID as same as subnet mask. If we are having network having 8 bits then it is represented as 0.255.255.255.We have a term called as PROCESS-ID that is used to run the OSPF running at the initial stage. It can vary from 1 to 65535. It can be different on all routers but also can be same. We have also got one more thing called AREA that tells about the area in which the particular network lies.
Commands used in OSPFR1(config)# router ospf 100 area area_numHere 100 is the process id.
R1(config-router)# network network_address wildcard_mask area_numbere.g. R(config-router)# network 10.0.0.0 0.255.255.255 area 0
and same commands for other routers. This is simple case when we have less number of routers. But the situation becomes more complex when we have large number of routers then there will be intense load on router and maximum time will be utilised in making tables only and its original task will be ignored.AREA HIERARCHY MODEL
EIGRP (Extended Interior Routing Protocol) It is a hybrid routing protocol. i.e from Distant Vector and Link State. It supports 255 hops but by default the number is 100. It sends update whenever it gets update or triggered update. It supports hop but it does not use number of hopes as its metrics.
It uses Bandwidth, Delay, Load, Reliability metrics for choosing its path. But by default it uses bandwidth and delay. It uses DUAL or diffusing/spread update algorithm. Multicast Address: 224.0.0.10 It is a vendor based protocol.
ACL(Access Control List)To assign controls or access controls to any user. Types of ACL StandardExtended1. Basic ACLAdvanced ACL2. We cannot block a particular We can block a particular service service.3. It uses only source address.It uses both source & destination4. We should apply it nearWe should apply it near source destination address. address.5. It is represented by numbers It is represented by numbers between 1-99. 100-199.
NAT or Network Address TranslationIt is used to translate the local IP address on a network with the global or public IP address.Requirement of NAT when..1. When we are connect to the internet and our hosts dont have global unique IP address . We are using private addresses.2. We change our network to another ISP and that require to renumber our network. Then using the NAT we didnt need to change our IP address.3. We need to merge two internets with duplicate addresses.4. No any host from the foreign network can access our local network. Local network security.Terms used in NAT Inside Local: Name of inside source address before translation. Outside Local: Name of destination host before translation. Inside Global: Name of Inside host after Translation. Outside Global: Name of outside destination host after translation.
Types of NAT 1. Static NAT: It is a type of NAT that is designed to allow One-to-One mapping between the local IP addresses and global IP address.2. Dynamic NAT: This gives the ability to map an unregistered IP address with a registered ip address from out of pool of ip address. We dont have to statically configure our router to map an inside address with outside address like in static NAT. But we have sufficient number of IP address for every user who is going to transfer packets with internet.
PAT or PORT ADDRESS TRANSLATION:-Port Address Translation (PAT) is a special kind of Network Address Translation (NAT). It can provide an excellent solution for a company that has multiple systems that need to access the Internet but that has only a public IP addresses. PAT is commonly known as NAT overload (or sometimes just overload). In this configuration, you have multiple clients on your inside network wanting to access an outside network (usually the Internet). You have few public IP addresses, many more than the number of clients, so you have to overload that real Internet IP address. In other words, you are mapping many inside clients to a single Internet IP address (many to one).PAT FeaturesPAT uses unique source port numbers on the inside global IP address to distinguish between translations.
Relation between NAT & PAT NAT was designed to be a solution to the lack of public IP addresses available on the Internet. The basic concept of NAT is that it allows inside/internal hosts to use the private address spaces (10/8, 172.16/12, and 192.168/16 networksseeRFC1918), go through the internal interface of a router running NAT, and then have the internal addresses translated to the router's public IP address on the external interface that connects to the Internet.If you dig into NAT a little deeper, you will discover that there are really three ways to configure it. From these configurations, you can perform a variety of functions. The three configurations are: STATIC NAT POOLED NAT PAT
To configure PAT/NAT correctly the first time, you need to understand the Cisco NAT terminology and how your IP networks/addresses map to each of the entities listed below:
Inside local address The IP address assigned to a host on the inside network. This is the address configured as a parameter of the computer OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider. Inside global address A legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world. Outside local address The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside. Outside global address The IP address assigned to a host on the outside network by the host owner. The address is allocated from a globally routable address or network space.
Switches are of two types1) Managed2) UnmanagedManaged switch supports SNMP (Simple Network Management Protocol)
Different switching Principles:-
1. Store-and-forward:- The switch fully receives all bits in the frame before forwarding the frame .
2. Cut-through:- The switch performs the address table lookup as soon as thedestination address field in the header is received. The first bits in the frame canbe sent out the outbound port before the final bits in the incoming frame arereceived.
3. Fragment Free:- This performs like cut-through switching, but the switch waitsfor 64 bytes to be received before forwarding the first bytes of the outgoingframe. According to Ethernet specifications, collisions should be detected duringthe first 64 bytes of the frame; frames in error because of a collision will not beforwarded.
In switching we have the main concept - VLAN
VLAN or Virtual LAN1. A VLAN is a logical grouping of networks users and resources connected to administratively defined ports on a switch.2. VLAN allows us to break broadcast domain in a pure switched internetwork.3. VLAN allow us to create smaller broadcast domains within a layer 2 switched based internetwork.Network adds, moves and changes are achieved by configuring a port into the appropriate VLAN. Group of users needing high security can be put into a VLAN so that no users outside of the VLAN can communicate with them. VLANs are independent from their physical or logical locations. VLANs can enhance network security. These increase number of broadcast domains and decrease the size of each broadcast domain. All the devices in a VLAN are a member of same broadcast domain and receive all broadcast address. The broadcasts, by default, are filtered from all ports on a switch that are not member of the same VLAN. This is one of the prime benefit that we get with a VLAN based switched network, otherwise we would have faced serious problem if all our users were in same broadcast domain.In a flat network anyone connecting to the physical network could access the network resources located that physical LAN. In order to observe any/all traffic happening in that network one has to simply plug a network analyzer into the hub. Users can join any workgroup by just plugging their workstations into the existing hub. By building VLANs and creating multiple broadcast groups, administrators can now have control over each port and user. Since VLANs can be created in accordance with the network resources a user requires, a switch can be configured to inform a network management station of any unauthorized access to network resources. During inter VLAN communication, we can implement restrictions on a router to achieve it. By assigning switch ports or users to VLAN groups on a switch or group of switches, we gain flexibility to add only the users we want into that broadcast domain regardless of their physical location. When a VLAN becomes to big, we can create more VLANs to keep broadcasts from consuming too much bandwidth.
References
Study Notes that were made during training and the book given by Jetking Institute for reference.
