final report 11
TRANSCRIPT
-
8/6/2019 Final Report 11
1/62
PROJECT REPORT
On
Implementing Enterprise LAN & WAN
During
(January,2011 June,2011)
For the partial fulfillment for the award degree
MCA(MASTERS OF COMPUTER SCIENCE AND APPLICATIONS)
Department Of Computer Science And Applications(DCSA)
Submitted To:- Submitted To:-
Mrs.Anu Gupta Amanpreet Singh
DCSA MCA-III(Evening)
Panjab University,Chandigarh. Roll No-3
-
8/6/2019 Final Report 11
2/62
Table of Contents
Contents Page Number
Acknowledgment 4
y Company profile
y Objective 5
y Project Modules:
Networking
What is ComputerNetwork??
Types ofNetworks
LAN/WAN/PAN/HAN/MAN/VPN
Networking DevicesROUTER
SWITCHES
HUB
BRIDGE
Basic Networking Cables
Routing
Static and Dynamic
Administrative Distance
Configuring Default Routes
Verifying Static RoutePath Determination Graph
Routing Protocols
Routing and Routed
Distance vector and Link State
Types of Routing
RIP/IGRP/OSPF/EIGRP
DHCP
Introduction
DORA process
ACL
Concept
How to apply ACL
Types of ACL
InterVLAN
Understanding InterVLAN
Basic Router Configuration Tasks
NAT
-
8/6/2019 Final Report 11
3/62
Concept
Working
Frame Relay
Introduction
Devices
Frame Relay OperationsDLCI
LMI
DLCI Mapping to Network Address
Configuring Frame Relay Sub-Interface
Linux
8
-
8/6/2019 Final Report 11
4/62
ACKNOWLEDGEMENT
At the very outset, I am highly indebted to DEPARTMENT OF COMPUTER
SCIENCE & APPLICATIONS(DCSA) ,PANJAB UNIVERSITY for giving us
an opportunity to carry out our major project at their esteemed organization . I
would specially thank , Mrs.Anu Gupta for giving time and guidance throughout
our project without whom it would have been impossible to attain success.
I Amanpreet Singh, regards to the entire faculty of DEPARTMENT OF
COMPUTER SCIENCE & APPLICATIONS(DCSA) , PANJAB
UNIVERSITY from where i have learnt the basics of Computer Science and
whose informal discussions and able guidance became light for me in the entire
duration of this work.
-
8/6/2019 Final Report 11
5/62
-
8/6/2019 Final Report 11
6/62
Company Profile
Simplifying IT
Netmax Technologies is a leader in network support, embedded systems, and
software & web development services. Netmax Technologies group of companies
is divided into two: Netmax Technologies (Core) & Netmax Web solutions.
Netmax Technologies (Core) takes care of IT support, embedded systems R& D &
Implementation services, whereas Netmax web solutions is a web & software
development company that takes care of Software development & web service
solutions.
It offers a vast portfolio of IT solutions to customers spread across Punjab,
Haryana & Himachal Pradesh. Netmax Technologies is a pioneer in the field of IT
education in north India.
Netmax Technologies was set up in 2001 by young Indian entrepreneurs. It haspioneered the concept of high quality IT education in North India and has trained
over 10,000 plus networking, embedded systems & software professionals in the
country. In 2001, Netmax Technologies set up education centre in Chandigarh
(Punjab) and followed them with centers in Patiala, Jalandhar, Ludhiana &
Bhatinda in the years that followed. In 2005, Netmax Technologies introduced
corporate training programs which as an initiative were highly appreciated by the
industry and corporate alike.
-
8/6/2019 Final Report 11
7/62
Area of Focus:
Netmax Technologies focus areas include network support, networkimplementation, embedded system research & development and robotics. Netmax
Technologies addresses the needs of well-defined industry segments such as
BPOs, IT & ITES, and government Agencies like CSIO & TBRL etc. It has
alliances with global IT majors such as Microsoft, CISCO and Red Hat.
Project Requirements
LAN Hardware:
Core Layer Switches: catalyst 3550
Distribution Layer : catalyst 2960
Access Layer : Access point and Cisco 2950
WAN Hardware:
Routers: Cisco 1841 integrated services router
1 FE Card
1 WIC 1T card
-
8/6/2019 Final Report 11
8/62
Server Hardware requirements:-
The following table lists the minimum and recommended hardware requirements
for deploying Linux and Windows Servers.
Main Difference will be in file system used by the OS. Linux will use ext3 and
windows will use NTFS file system.:-
Component Minimum Recommended
Processor 2.5 gigahertz (GHz) Dual processors that
are each 3 GHz or
faster
RAM 1 gigabyte (GB) 2 GB
Disk EXT-3 File System
/NTFS
EXT-3 File
System/NTFS
Drive DVD drive DVD drive or the
source copied to a
local or network-
accessible drive
Display 1024 768 1024 768 or higher
resolution monitor
-
8/6/2019 Final Report 11
9/62
Network 56 kilobits per second
(Kbps) connection
between client
computers and server
512Kbps or faster
connection between
client computers and
server
Objective
The Enterprise network is the lifeblood of any Small to Medium
Enterprise (SME) with more than one site or supply chain partner. It
enables access to business information and allows for profitable and
effective communication flows between employees in different
enterprise sites. Network enterprise network equipment are mature
and ubiquitous, but the quality of services provided by similar networks
varies from city to city and from country to country. In particular, the
quality variation gap between most of the cities in some developing
nations and their counterparts in advanced nations is very wide. This is
due to the lack in developing nations of an adequate IT infrastructure,
which is taken for granted in developed nations. Planning an enterprise
network in a developing nation is almost like planning it in the middle
of a desert. This project briefly discusses the architecture of an
-
8/6/2019 Final Report 11
10/62
enterprise network. It examines the barriers to planning, designing and
implementing an enterprise network. This project also covers the
methods to implement enterprise level networks.
In this project we will start from working Basics of routers and
switches then covering the Routing technologies required to route data
between branches. In large LAN it is required to perform segmentation.
So we have to implement technologies like VLAN, TRUNKING, STP,
PORT SECURITY & INTER-VLAN etc.
After that we have implement WAN and Frame-relay is
considered a good choice because it connects multiple location using
single interface of router and reduce the hardware costs. So we have to
study and implement FRAME-RELAY.
In this project the servers like MAIL SERVER, DNS SERVER, APACHE
SERVER, SQUIRRELMAIL are configured in the LINUX. The main
objective to configuring the servers in the LINUX is that LINUX provides
more stability then WINDOWS.
-
8/6/2019 Final Report 11
11/62
FEASIBILITY STUDY
The various issues related to feasibility study are as follows:-1. Technology
The various technologies used for this project are:-
Cisco Packet Tracer
ACL
Frame Relay
Routing
Switching
-
8/6/2019 Final Report 11
12/62
InterVLAN
Redhat Linux Operating System version 5.0
Squirrelmail server
ThunderBird
2. EconomicThe technological and system requirements of the project would not require much
of a cost. As we are doing the project at student level for the partial fulfillment of
MCA degree so the technologies mentioned were taken through the internet.
Moreover Redhat allows it to be used everywhere and anywhere in the globe
without anypayment.
3. ScheduleThe project is divided in a time span of 6 months so the project completion will not
be an issue.
The project deadline will be easily met and all the activities necessary to be
performed will be completed within the fixed time.
-
8/6/2019 Final Report 11
13/62
-
8/6/2019 Final Report 11
14/62
INTERNETWORKING BASICS
What is Computer Network?
A computer networkallows sharing of resources and information among
interconnected devices. In the 1960s, the Advanced Research Projects Agency
(ARPA) started funding the design of the Advanced Research Projects AgencyNetwork (ARPANET) for the United States Department of Defence. It was the first
computer network in the world. [1] Development of the network began in 1969,
based on designs developed during the 1960s.
Computer networks can be used for a variety of purposes:
-
8/6/2019 Final Report 11
15/62
y Facilitating communications. Using a network, people can communicate
efficiently and easily via email, instant messaging, chat rooms, telephone,
video telephone calls, and video conferencing.
y
Sharing hardware. In a networked environment, each computer on a networkmay access and use hardware resources on the network, such as printing a
document on a shared network printer.
y Sharing files, data, and information. In a network environment, authorized
user may access data and information stored on other computers on the
network. The capability of providing access to data and information on
shared storage devices is an important feature of many networks.
y
Sharing software. Users connected to a network may run applicationprograms on remote computers.
y Information preservation.
y Security.
y Speed up.
Types of networks
Local area network(LAN)
LAN stands for Local Area Network. The scope of the LAN is within one building,
one school or within one lab. In LAN (Hub), media access method is used
CSMA/CD in which each computer sense the carrier before sending the data over
the n/w. if carrier is free then you can transmit otherwise you have to wait or you
have to listen. In multiple access each computer have right that they can access
each other. If two computers sense the carrier on same time then the collision
-
8/6/2019 Final Report 11
16/62
occur. Each computer, in the network, aware about the collision. Now this stop
transmitting and they will use back off algorithm. In which random number is
generated. This number or algorithm is used by each computer. Who has short
number or small number, he has first priority to transmit the data over the network
and other computers will wait for their turn.
Wide Area Netrwork(WAN)
WAN stands for Wide Area Network, in which two local area networks are
connected through public n/w. it may be through telecommunication infrastructure
or dedicated lines. For e.g: - ISDN lines, Leased lines etc.In which we can use
WAN devices and WAN technology. You can also connect with your remote area
through existing Internetwork called Internet.
Personal area network(PAN)
A personal area network (PAN) is a computer network used for communication
among computer and different information technological devices close to one
person. Some examples of devices that are used in a PAN are personal computers,
printers, fax machines, telephones, PDAs, scanners, and even video game consoles.
A PAN may include wired and wireless devices. The reach of a PAN typically
extends to 10 meters.[4] A wired PAN is usually constructed with USB and
Firewire connections while technologies such as Bluetooth and infraredcommunication typically form a wireless PAN.
Home area network(HAN)
A home area network (HAN) is a residential LAN which is used for
communication between digital devices typically deployed in the home, usually asmall number of personal computers and accessories, such as printers and mobile
computing devices. An important function is the sharing of Internet access, often a
broadband service through a CATV or Digital Subscriber Line (DSL) provider. It
can also be referred to as an office area network (OAN).
-
8/6/2019 Final Report 11
17/62
Metropolitan area network(MAN)
A Metropolitan area network is a large computer network that usually spans a city
or a large campus.
Virtual private network(VPN)
A virtual private network (VPN) is a computer network in which some of the links
between nodes are carried by open connections or virtual circuits in some larger
network (e.g., the Internet) instead of by physical wires. The data link layer
protocols of the virtual network are said to be tunnelled through the larger network
when this is the case. One common application is secure communications through
the public Internet, but a VPN need not have explicit security features, such as
authentication or content encryption. VPNs, for example, can be used to separate
the traffic of different user communities over an underlying network with strong
security features.
DEVICES
Router Switches
Hub Bridge
-
8/6/2019 Final Report 11
18/62
ROUTING
Routing is the process that a router uses to forward packets toward the destination
network. A router makes decisions based upon the destination IP address of a
packet. All devices along the way use the destination IP address to point the packetin the correct direction so that the packet eventually arrives at its destination. In
order to make the correct decisions, routers must learn the direction to remote
networks.
STATIC ROUTING
Use a programmed route that a network administrator enters into the router.
DYNAMIC ROUTING
Uses a route that a routing protocoladjusts automatically for topology or taffic
changes.
Configuring Static Routes by Specifying Outgoing Interfaces
Configuring Static Routes by Specifying Next-Hop Addresses
-
8/6/2019 Final Report 11
19/62
Configuring Static Routes by Specifying Next-Hop Addresses
Routers Configuration
-
8/6/2019 Final Report 11
20/62
Routing Protocols
-
8/6/2019 Final Report 11
21/62
Routing protocols includes the following processes for sharing route information
allows routers to communicate with other routers to update and maintain the
routing tables
Examples of routing protocols that support the IP routed protocol are:
RIP, IGRP,
OSPF, BGP,
and EIGRP.
Routed Protocols
Protocols used at the network layer that transfer data from one host to another
across a router are called routed or routable protocols. The Internet Protocol (IP)
and Novell's Internetwork Packet Exchange (IPX) are examples of routed
protocols. Routers use routing protocols to exchange routing tables and share
routing information. In other words, routing protocols enable routers to route
routed protocols e.x. IPX(Internet Packet Exchanger) and IP(Internet Protocol ).
IGP and EGP
Categories of Routing Protocols
Most routing algorithms can be classified into one of two categories:
-
8/6/2019 Final Report 11
22/62
distance vector
link-state
The distance vector routing approach determines the direction (vector) and
distance to any link in the internetwork.
The link-state approach, also called shortest path first, recreates the exact topology
of the entire internetwork.
Comparing Routing Methods
TYPES OF ROUTING PROTOCOLS
-
8/6/2019 Final Report 11
23/62
RIPv1
CHARACTERISTICS
-
8/6/2019 Final Report 11
24/62
Configuring RIP Example
IGRP
Interior Gateway Routing Protocol (IGRP) is a proprietary protocol developed byCisco.
Some of the IGRP key design characteristics emphasize the following:
It is a distance vector routing protocol.
Routing updates are broadcast every 90 seconds.
Bandwidth, load, delay and reliability are used to
create a composite metric.
IGRP Stability Features
IGRP has a number of features that are designed to enhance its stability, such as:
Holddowns
-
8/6/2019 Final Report 11
25/62
Split horizons
Poison reverse updates
Holddowns
Holddowns are used to prevent regular update messages from inappropriately
reinstating a route that may not be up.
Split horizons
Split horizons are derived from the premise that it is usually not useful to send
information about a route back in the direction from which it came.
Poison reverse updates
Split horizons prevent routing loops between adjacent routers, but poison reverse
updates are necessary to defeat larger routing loops.
Today, IGRP is showing its age, it lacks support for variable length subnet masks
(VLSM). Rather than develop an IGRP version 2 to correct this problem, Cisco has
built upon IGRP's legacy of success with Enhanced IGRP.
OSPF (Open Shortest Path First) Protocol
OSPF is a Link-State Routing Protocols
Link-state (LS) routers recognize much more information about the
network than their distance-vector counterparts,Consequently LS
routers tend to make more accurate decisions.
Link-state routers keep track of the following:
-
8/6/2019 Final Report 11
26/62
Their neighbours
All routers within the same area
Best paths toward a destination
Neighbor table:
Also known as the adjacency database
(list of recognized neighbors)
Topology table:
Typically referred to as LSDB
(routers and links in the area or network)
All routers within an area have an identical LSDB
Routing table:
Commonly named a forwarding database
(list of best paths to destinations)
Configuring Basic OSPF: Single Area
Router(config)#
router ospfprocess-id
Router(config-router)#
networkaddress inverse-maskarea [area-id]
Router OSPF subordinate command that defines the interfaces (by
network number) that OSPF will run on. Each network number must
be defined to a specific area.
Configuring OSPF on Internal Routers of a Single Area
-
8/6/2019 Final Report 11
27/62
EIGRP
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco-proprietaryrouting protocol based on Interior Gateway Routing Protocol (IGRP).
Unlike IGRP, which is a classful routing protocol, EIGRP supports CIDR and
VLSM.
-
8/6/2019 Final Report 11
28/62
Compared to IGRP, EIGRP boasts faster convergence times, improved scalability,
and superior handling of routing loops.
Furthermore, EIGRP can replace Novell Routing Information Protocol (RIP) and
AppleTalk Routing Table Maintenance Protocol (RTMP), serving both IPX andAppleTalk networks with powerful efficiency.
EIGRP is often described as a hybrid routing protocol, offering the best of distance
vector and link-state algorithms.
Configuring EIGRP
DHCP
-
8/6/2019 Final Report 11
29/62
Dynamic Host Configuration Protocol automates network-parameter assignment to
network devices from one or more DHCP servers. Even in small networks, DHCP
is useful because it makes it easy to add new machines to the network.
When a DHCP-configured client (a computer or any other network-aware device)connects to a network, the DHCP client sends a [[Broadcasting
(computing)|broadcast]] query requesting necessary information from a DHCP
server. The DHCP server manages a pool of IP addresses and information about
client configuration parameters such as [[default gateway]], [[domain name]], the
[[name server]]s, other servers such as [[time server]]s, and so forth. On receiving
a valid request, the server assigns the computer an IP address, a lease (length of
time the allocation is valid), and other IP configuration parameters, such as the
[[subnet mask]] and the [[default gateway]]. The query is typically initiated
immediately after [[booting]], and must complete before the client can initiate
[[Internet Protocol|IP]]-based communication with other hosts.
Depending on implementation, the DHCP server may have three methods of
allocating IP-addresses:
''Dynamic Allocation'': A [[network administrator]] assigns a range of IP
addresses to DHCP, and each client computer on the LAN is configured to request
an IP address from the DHCP [[Server (computing)|server]] during network
initialization. The request-and-grant process uses a lease concept with a
controllable time period, allowing the DHCP server to reclaim (and then
reallocate) IP addresses that are not renewed.
''Automatic Allocation'': The DHCP server permanently assigns a free IP address
to a requesting client from the range defined by the administrator. This is like
dynamic allocation, but the DHCP server keeps a table of past IP address
assignments, so that it can preferentially assign to a client the same IP address that
the client previously had.
''Static Allocation'': The DHCP server allocates an IP address based on a table
with [[MAC address]]/[[IP address]] pairs, which are manually filled in (perhaps
-
8/6/2019 Final Report 11
30/62
by a [[network administrator]]). Only requesting clients with a MAC address listed
in this table will be allocated an IP address. This feature (which is not supported by
all DHCP servers) is variously called ''Static DHCP Assignment'' (by [[DD-
WRT]]), ''fixed-address'' (by the dhcpd documentation), ''Address Reservation'' (by
Netgear), ''DHCP reservation'' or ''Static DHCP'' (by Cisco/[[Linksys]]), and ''IPreservation'' or ''MAC/IP binding'' (by various other router manufacturers).
DORA PROCESS
DHCP operations fall into four basic phases: IP discovery, IP lease offer, IP
request, and IP lease acknowledgement.
DHCP clients and servers on the same subnet communicate via UDP broadcasts. If
the client and server are on different subnets, IP discovery and IP request messages
are sent via UDP broadcasts, but IP lease offer and IP lease acknowledgement
messages are [[unicast]].
DHCP discovery
The client broadcasts messages on the physical subnet to discover available DHCP
servers. Network administrators can configure a local router to forward DHCP
packets to a DHCP server from a different subnet. This client-implementation
creates a [[User Datagram Protocol]] (UDP) packet with the broadcast destination
of 255.255.255.255 or the specific subnet broadcast address.
A DHCP client can also request its last-known IP address (in the example below,
192.168.1.100). If the client remains connected to a network for which this IP is
valid, the server might grant the request. Otherwise, it depends whether the server
is set up as authoritative or not. An authoritative server will deny the request,
making the client ask for a new IP address immediately. A non-authoritative server
simply ignores the request, leading to an implementation-dependent timeout for the
client to give up on the request and ask for a new IP address.
-
8/6/2019 Final Report 11
31/62
DHCP offer
When a DHCP server receives an IP lease request from a client, it reserves an IP
address for the client and extends an IP lease offer by sending a DHCPOFFER
message to the client. This message contains the client's MAC address, the IP
address that the server is offering, the subnet mask, the lease duration, and the IP
address of the DHCP server making the offer.
The server determines the configuration based on the client's hardware address as
specified in the CHADDR (Client Hardware Address) field. Here the server,
192.168.1.1, specifies the IP address in the YIADDR (Your IP Address) field.
DHCP request
A client can receive DHCP offers from multiple servers, but it will accept only one
DHCP offer and broadcast a DHCP request message. Based on the Transaction ID
field in the request, servers are informed whose offer the client has accepted. When
other DHCP servers receive this message, they withdraw any offers that they might
have made to the client and return the offered address to the pool of available
addresses. The DHCP request message is broadcast, instead of being unicast to aparticular DHCP server, because the DHCP client has still not received an IP
address. Also, this way one message can let all other DHCP servers know that
another server will be supplying the IP address without missing any of the servers
with a series of unicast messages.
DHCP acknowledgement
When the DHCP server receives the DHCPREQUEST message from the client, the
configuration process enters its final phase. The acknowledgement phase involvessending a DHCPACK packet to the client. This packet includes the lease duration
and any other configuration information that the client might have requested. At
this point, the IP configuration process is completed.
Snapshot Of DHCP
-
8/6/2019 Final Report 11
32/62
-
8/6/2019 Final Report 11
33/62
ACL (Acceess Control List)
Access Control List is a list of conditions that are used to control the network
traffic or packet filtering.We can use ACL for filtering the unwanted packets when
implementing security policy.
Applying ACLs
You can define ACLs without applying them. But, the ACLs have no effect until
they are applied to the interface of the router. It is a good practice to apply the
ACL on the interface closest to the source of the traffic. As shown in this example,
when you try to block traffic from source to destination, you can apply an inbound
ACL to E0 on router A instead of an outbound list to E1 on router C. An access-listhas a deny ip any any implicitly at the end of any access-list. If traffic is related to
a DHCP request and if it is not explicity permitted, the traffic is dropped because
when you look at DHCP request in IP, the source address is s=0.0.0.0
(Ethernet1/0), d=255.255.255.255, len 604, rcvd 2 UDP src=68, dst=67. Note that
the source IP address is 0.0.0.0 and destination address is 255.255.255.255. Source
port is 68 and destination 67. Hence, you should permit this kind of traffic in your
access-list else the traffic is dropped due to implicit deny at the end of the
statement.
Note: For UDP traffic to pass through, UDP traffic must also be permited
explicitly by the ACL.
Define In, Out, Inbound, Outbound, Source, and Destination
The router uses the terms in, out, source, and destination as references. Traffic onthe router can be compared to traffic on the highway. If you were a law
enforcement officer in Pennsylvania and wanted to stop a truck going from
Maryland to New York, the source of the truck is Maryland and the destination of
the truck is New York. The roadblock could be applied at the PennsylvaniaNew
York border (out) or the MarylandPennsylvania border (in).
-
8/6/2019 Final Report 11
34/62
Types of IP ACLs
This section of the document describes ACL types.
Standard ACLs
Standard ACLs are the oldest type of ACL. They date back to as early as Cisco
IOS Software Release 8.3. Standard ACLs control traffic by the comparison of the
source address of the IP packets to the addresses configured in the ACL.
This is the command syntax format of a standard ACL.
access-list access-list-number{permit|deny}{host|source source-wildcard|any}
In all software releases, the access-list-numbercan be anything from 1 to 99. In
Cisco IOS Software Release 12.0.1, standard ACLs begin to use additional
numbers (1300 to 1999). These additional numbers are referred to as expanded IP
ACLs. Cisco IOS Software Release 11.2 added the ability to use list name in
standard ACLs.
Asource/source-wildcardsetting of 0.0.0.0/255.255.255.255 can be specified
as any. The wildcard can be omitted if it is all zeros. Therefore, host 10.1.1.2
0.0.0.0 is the same as host 10.1.1.2.
After the ACL is defined, it must be applied to the interface (inbound or
outbound). In early software releases, out was the default when a keyword out or in
was not specified. The direction must be specified in later software releases.
interface
ip access-group number {in|out}
This is an example of the use of a standard ACL in order to block all traffic except
that from source 10.1.1.x.
interface Ethernet0/0
ip address 10.1.1.1255.255.255.0
-
8/6/2019 Final Report 11
35/62
ip access-group 1 in
access-list 1 permit 10.1.1.0 0.0.0.255
Extended ACLs
Extended ACLs were introduced in Cisco IOS Software Release 8.3. Extended
ACLs control traffic by the comparison of the source and destination addresses of
the IP packets to the addresses configured in the ACL.
This is the command syntax format of extended ACLs. Lines are wrapped here for
spacing considerations.
IP
access-list access-list-number
[dynamic dynamic-name [timeout minutes]]
{deny|permit}protocol source source-wildcard
destination destination-wildcard[precedenceprecedence][tos tos] [log|log-input] [time-range time-range-name]
ICMP
access-listaccess-list-number[dynamic dynamic-name [timeout minutes]]
{deny|permit} icmpsource source-wildcard
destination destination-wildcard
[icmp-type [icmp-code] |icmp-message]
[precedenceprecedence] [tos tos] [log|log-input][time-range time-range-name]
TCP
access-list access-list-number[dynamic dynamic-name [timeout minutes]]
{deny|permit} tcpsource source-wildcard[operator [port]]
destination destination-wildcard[operator [port]]
[established] [precedenceprecedence] [tos tos][log|log-input] [time-range time-range-name]
-
8/6/2019 Final Report 11
36/62
UDP
access-list access-list-number
[dynamic dynamic-name [timeout minutes]]
{deny|permit} udpsource source-wildcard[operator [port]]
destination destination-wildcard[operator [port]]
[precedenceprecedence] [tos tos] [log|log-input][time-range time-range-name]
INTER-VLAN
Understanding How InterVLAN Routing Works
Network devices in different VLANs cannot communicate with one another
without a router to route traffic between the VLANs. In most networkenvironments, VLANs are associated with individual networks or subnetworks.
For example, in an IP network, each subnetwork is mapped to an individual
VLAN. In a Novell IPX network, each VLAN is mapped to an IPX network
number. In an AppleTalk network, each VLAN is associated with a cable rangeand AppleTalk zone name.
Configuring VLANs helps control the size of the broadcast domain and keeps local
traffic local. However, when an end station in one VLAN needs to communicate
with an end station in another VLAN, interVLAN communication is required. This
communication is supported by interVLAN routing. You configure one or more
routers to route traffic to the appropriate destination VLAN.
shows a basic interVLAN routing topology. Switch A is in VLAN 10 and Switch Bis in VLAN 20. The router has an interface in each VLAN.
Fig:-Basic InterVLAN Routing Topology
-
8/6/2019 Final Report 11
37/62
When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it
sends a packet addressed to that host. Switch A forwards the packet directly toHost B, without sending it to the router.
When Host A sends a packet to Host C in VLAN 20, Switch A forwards the packet
to the router, which receives the traffic on the VLAN 10 interface. The router
checks the routing table, determines the correct outgoing interface, and forwards
the packet out the VLAN 20 interface to Switch B. Switch B receives the packetand forwards it to Host C.
shows another common scenario, interVLAN routing over a single trunk
connection to the router. The switch has ports in multiple VLANs. InterVLAN
routing is performed by a Cisco 7505 router connected to the switch through a full-duplex Fast Ethernet trunk link.
NAT
Short forNetworkAddress Translation, an Internet standard that enables a local-
area network (LAN) to use one set of IP addresses for internal traffic and a second
set of addresses for external traffic. A NATbox located where the LAN meets the
Internet makes all necessary IP address translations.
NAT serves three main purposes:
Provides a type of firewall by hiding internal IP addresses
Enables a company to use more internal IP addresses. Since they're used
internally only, there's no possibility of conflict with IP addresses used by
other companies and organizations.
Allows a company to combine multiple ISDN connections into a single
Internet connection.
-
8/6/2019 Final Report 11
38/62
How Network Address Translation Works??
Network Address Translation helps improve security by reusing IP
addresses. The NAT router translates traffic coming into and leaving the
private network. See more pictures of computer networking.
If you are reading this article, you are most likely connected to the Internet
and viewing it at the HowStuffWorks Web site. There's a very good chance
that you are using Network Address Translation (NAT) right now.
The Internet has grown larger than anyone ever imagined it could be.
Although the exact size is unknown, the current estimate is that there are
-
8/6/2019 Final Report 11
39/62
about 100 million hosts and more than 350 million users actively on the
Internet. That is more than the entire population of the United States! In fact,
the rate of growth has been such that the Internet is effectively doubling in
size each year.
So what does the size of the Internet have to do with NAT? Everything! For
a computer to communicate with other computers and Web servers on the
Internet, it must have an IP address. An IP address (IP stands for Internet
Protocol) is a unique 32-bit number that identifies the location of your
computer on a network. Basically, it works like your street address -- as a
way to find out exactly where you are and deliver information to you.
When IP addressing first came out, everyone thought that there were plenty
of addresses to cover any need. Theoretically, you could have 4,294,967,296
unique addresses (232
). The actual number of available addresses is smaller(somewhere between 3.2 and 3.3 billion) because of the way that the
addresses are separated into classes, and because some addresses are set
aside for multicasting, testing or other special uses.
-
8/6/2019 Final Report 11
40/62
Frame Relay
Frame Relay is an industry-standard, switched data link layer protocol that handles
multiple virtual circuits using High-Level Data Link Control (HDLC)
encapsulation between connected devices. In many cases, Frame Relay is more
efficient than X.25, the protocol for which it is generally considered a replacement.
The following figure illustrates a Frame Relay frame (ANSI T1.618).
As an interface between user and network equipment, Frame Relay provides a
means for statistically multiplexing many logical data conversations (referred to as
virtual circuits) over a single physical transmission link. This contrasts with
-
8/6/2019 Final Report 11
41/62
systems that use only time-division-multiplexing (TDM) techniques for supporting
multiple data streams. Frame Relay's statistical multiplexing provides more
flexible and efficient use of available bandwidth. It can be used without TDM
techniques or on top of channels provided by TDM systems.
Another important characteristic of Frame Relay is that it exploits the recent
advances in wide-area network (WAN) transmission technology. Earlier WAN
protocols, such as X.25, were developed when analog transmission systems and
copper media were predominant. These links are much less reliable than the fiber
media/digital transmission links available today. Over links such as these, link-
layer protocols can forego time-consuming error correction algorithms, leaving
these to be performed at higher protocol layers. Greater performance and efficiency
is therefore possible without sacrificing data integrity. Frame Relay is designed
with this approach in mind. It includes a cyclic redundancy check (CRC) algorithm
for detecting corrupted bits (so the data can be discarded), but it does not include
any protocol mechanisms for correcting bad data (for example, by retransmitting it
at this level of protocol).
Frame Relay has replaced X.25 as the packet-switching technology of choice
in many nations, particularly the United States.
First standardized in 1990, Frame Relay streamlines Layer 2 functions and
provides only basic error checking rather than error correction.
This low-overhead approach to switching packets increases performance and
efficiency.
Modern fiber optic links and digital transmission facilities offer much lower
error rates than their copper predecessors.
For that reason, the use of X.25 reliability mechanisms at Layer 2 and Layer
3 is now generally regarded as unnecessary overhead.
This module presents Frame Relay technology, including its benefits and
requirements.
-
8/6/2019 Final Report 11
42/62
Frame Relay is an International Telecommunications Union (ITU-T) and
American National Standards Institute (ANSI) standard that defines the
process for sending data over a packet-switched network.
It is a connection-oriented data-link technology that is optimized to provide
high performance and efficiency.
Modern telecommunications networks are characterized by relatively error-
free digital transmission and highly reliable fiber infrastructures.
Frame Relay takes advantage of these technologies by relying almost
entirely on upper-layer protocols to detect and recover from errors.
Frame Relay does not have the sequencing, windowing, and
retransmission mechanisms that are used by X.25.
Without the overhead associated with comprehensive error detection, the
streamlined operation of Frame Relay outperforms X.25.
Typical speeds range from 56 kbps up to 2 Mbps, although higher speeds are
possible. (45 Mbps)
The network providing the Frame Relay service can be either a carrier-
provided public network or a privately owned network.
Like X.25, Frame Relay defines the interconnection process between the
customer's data terminal equipment (DTE), such as the router, and the
service provider's data communication equipment (DCE).
-
8/6/2019 Final Report 11
43/62
Frame Relay does not define the way the data is transmitted within the
service provider's network once the traffic reaches the provider's switch.
Therefore, a Frame Relay provider could use a variety of technologies, such
as Asynchronous Transfer Mode (ATM) or Point-to-Point Protocol (PPP), tomove data from one end of its network to another.
Frame Relay devices DTE
-
8/6/2019 Final Report 11
44/62
DTEs generally are considered to be terminating equipment for a specific
network and typically are located on the premises of the customer.
The customer may also own this equipment.
Examples of DTE devices are:
routers
Frame Relay Access Devices (FRADs).
A FRAD is a specialized device designed to provide a connection between a
LAN and a Frame Relay WAN.
Frame Relay devices DCE
-
8/6/2019 Final Report 11
45/62
DCEs are carrier-owned internetworking devices.
The purpose of DCE equipment is to provide clocking and switching
services in a network.
In most cases, these are packet switches, which are the devices that actually
transmit data through the WAN
-
8/6/2019 Final Report 11
46/62
DLCI
RTA can use only one of three configured PVCs to reach RTB.
In order for router RTA to know which PVC to use, Layer 3 addresses must
be mapped to DLCI numbers.
RTA must map Layer 3 addresses to the available DLCIs.
RTA maps the RTB IP address 1.1.1.3 to DLCI 17.
Once RTA knows which DLCI to use, it can encapsulate the IP packet witha Frame Relay frame, which contains the appropriate DLCI number to reach
that destination.
-
8/6/2019 Final Report 11
47/62
Cisco routers support two types of Frame Relay headers, encapsulation.
One type is cisco, which is a 4-byte header.
The second is itef, which is a 2-byte header that conforms to the IETF
standards.
The Cisco proprietary 4-byte header is the default and cannot be used if the
router is connected to another vendor's equipment across a Frame Relay
network.
LMI Local Management Interface
-
8/6/2019 Final Report 11
48/62
LMI is a signaling standard between theDTE and the Frame Relay
switch.
LMI is responsible for managing the connection and maintaining
the status between devices.
LMI includes:
A keepalive mechanism, which verifies that data is flowing
A multicast mechanism, which provides the network server (router)with its local DLCI.
A status mechanism, which provides an ongoing status on the DLCIs
known to the switch
-
8/6/2019 Final Report 11
49/62
The three types of LMIare not compatible with each others.
The LMI type must match between the provider Frame Relay switch and
the customer DTE device.
In Cisco IOS releases prior to 11.2, the Frame Relay interface must be
manually configured to use the correct LMI type, which is furnished by the
service provider.
If using Cisco IOS Release 11.2 or later, the router attempts to
automatically detect the type of LMI used by the provider switch.
This automatic detection process is called LMI autosensing.
No matter which LMI type is used, when LMI autosense is active, it sends
out a full status request to the provider switch.
Frame Relay devices can now listen in on both DLCI 1023 (Cisco LMI) and
DLCI 0 (ANSI and ITU-T) simultaneously.
The order is ansi, q933a, cisco and is done in rapid succession to
accommodate intelligent switches that can handle multiple formats
simultaneously.
The Frame Relay switch uses LMI to report the status of configured
PVCs.
The three possible PVC states are as follows:
-
8/6/2019 Final Report 11
50/62
Active state Indicates that the connection is active and that
routers can exchange data.
Inactive state Indicates that the local connection to the Frame
Relay switch is working, but the remote router connection to theFrame Relay switch is not working.
Deleted state Indicates that no LMI is being received from the
Frame Relay switch, or that there is no service between the CPE
router and Frame Relay switch.
DLCI Mapping to Network Address
Manual
RTA will know how to reach RTB from
the routing information; however, it will
need to use a statically or dynamically
configure frame map to encapsulate the
frame at layer 2 with the correct DLCI
-
8/6/2019 Final Report 11
51/62
Manual: Administrators use a frame relay map statement.
Dynamic
Inverse Address Resolution Protocol (I-ARP) provides a given
DLCI and requests next-hop protocol addresses for a specific
connection.
The router then updates its mapping table and uses the information in
the table to forward packets on the correct route.
Switching
Switches occupy the same place in the network as hubs. Unlike hubs, switches
examine each packet and process it accordingly rather than simply repeating the
signal to all ports. Switches map the Ethernet addresses of the nodes residing on
each network segment and then allow only the necessary traffic to pass through the
switch. When a packet is received by the switch, the switch examines the
destination and source hardware addresses and compares them to a table of
network segments and addresses. If the segments are the same, the packet is
dropped ("filtered"); if the segments are different, then the packet is "forwarded" to
the proper segment. Additionally, switches prevent bad or misaligned packets from
spreading by not forwarding them.
MAC Address Table
-
8/6/2019 Final Report 11
52/62
Switch Cofiguration
-
8/6/2019 Final Report 11
53/62
-
8/6/2019 Final Report 11
54/62
Vlans
-
8/6/2019 Final Report 11
55/62
VTP(VLAN Trunking Protocols)
With the help of VTP,we can simplify the process of creating the Vlans.In multiple
switches,we can configure one switch as VTP Server and all the switches will be
configured as VTP clients.We will create the vlans on VTP Server switch.The
Server will send periodic updates to the VTP client switches.The client will create
the vlan from the updates received from the server
VTP Servers Configuration
-
8/6/2019 Final Report 11
56/62
-
8/6/2019 Final Report 11
57/62
MODULE-2
INTRODUCTION OF REDHAT
Red hat is an open source having OS family UNIX like having an update method
of YUM means all the packages are installed through YUM which is a server
created in the Red hat and its package manager is RPM having all the files of Red
hat.
Red Hat Enterprise Linux (RHEL) is a Linux distribution produced by Red Hat and
targeted toward the commercial markets. Red Hat Enterprise Linux is released in
server versions for x86, x86-64, Itanium, PowerPC and IBM System z, and
desktop versions for x86 and x86-64. All of Red Hat's official support and train,
and the Red Hat Certification Program center around the Red Hat Enterprise Linux
platform.
-
8/6/2019 Final Report 11
58/62
INTRODUCTION OF THE MODULE
1. Sendmail is used to safely move the emails between hosts, usually utilizing the
SMTP(Simple Management Transport protocol) whose port no is 25 as it is
highly configurable, which allows us to control almost every aspect of how
email is handled, including the protocol to be used.
2. Package to be installed for it is sendmail*/squirrel*/bind*/caching*.
3. However, for receiving the mails, package to be installed is dovecot*.
4. This dovecot works using pop (post office protocol) whose port no is 110,pop3
and imap (Internet mail access protocol) whose port no is 143.
DNS
-
8/6/2019 Final Report 11
59/62
SQUIRRELMAIL
SquirrelMail is a web-based email application started by Nathan and Luke
Ehresman and written in the PHP scripting language. It can be installed on almost
all web servers as long as PHP is present and the web server has access to
an IMAP and SMTP server.
SquirrelMail outputs valid HTML 4.0 for its presentation, making it compatible
with a majority of current web browsers. SquirrelMail uses a plugin architecture to
accommodate additional features around the core application, and over 200 plugins
are available on the SquirrelMail website.Licensed under the GNU General Public License, SquirrelMail is free software. It
is currently available in over 50 languages. SquirrelMail is included in the
repositories of many major GNU/Linux distributions and is independently
downloaded by tens of thousands of people every month.
It includes built-in pure PHP support for the IMAP and SMTP protocols, and all
pages are rendered in pure HTML 4.0 for maximum compatibility across browsers.
It has very few requirements, and is very easy to configure and install.
There are several mailing lists available. Several of the developers are available for
live chat on IRC. A bug tracking system is available for reporting bugs or
submitting patches. For administrators or companies official and third party
commercial support is available.
-
8/6/2019 Final Report 11
60/62
Work breakdown structure:-
1.Sendmail It is used for sending mails to the user.
Package to be installed is-
postfix*/sendmail*
(* represents all the files)
Configuration File-/etc/postfix/main.cf
2. Dovecot-It is used for receiving mails by the user.
Package to be installed is-
dovecot*
(* represents all the files)
Configuration File-/etc/dovecot.conf
3. Http- http server is also created in this project to develop the squirrelmail server
as the web page is to be form in the squirrelmail server.
Package to be installed is-
http* (* represents all the files)
Configuration File-/etc/httpd/conf/httpd.conf
4.bind*/Caching*-These are used to install the DNS Server.
-
8/6/2019 Final Report 11
61/62
4. Squirrelmail-It is also used for sending mails to the server but also include extra
features like Sent, Trash, Drafts etc.
Package to be installed is-
squirrelmail*(* represents all the files)
Configuration File-/sq/squirrel/config/config.php
5.PHP- As the pages formed in Squirrelmail are web pages formed in php so PHP
is also to be install in the project.
Package to be installed is-
php*(* represents all the files)
-
8/6/2019 Final Report 11
62/62