A

TRAINING REPORT

ON

“NETWORKING (CCNA)”

Submitted in the partial fulfillment of the requirements of Degree in

Bachelor of Technology

In

Computer Science & Engineering

By

Sachin (17CS59)

Under the Supervision

Of
Mr. J.k. Gothwal Sir
HOD of CSE Department

DEPARTMENT OF COMPUTER SCIENCE ENGINEERING

RAO PAHLAD SINGH COLLEGE OF ENGINEERING AND TECHNOLOGY

BALANA, MOHINDERGARH,

INDIRA GANDHI UNIIVERSITY ,MEERPUR ,REWARI (2017-2021)

 CANDIDATE’S DECLARATION

I, Sachin bearing roll number 17CS59 a student of B.Tech (8th sem) hereby declare that
I own the full responsibility for the information, result etc. provided in this training titled
“NETWORKING” submitted to Rao Pahlad Singh College of Engineering and
Technology Balana,Mohindergarh,for award of Bachelor of Technology (Computer
Science & Engineering ) degree. I have taken care of all respects to honour the
intellectual property rights and have acknowledged the contributions of other for using
them in this report purpose. I further declared that in case of any violation of intellectual
property rights or copyright I as the candidate would be fully responsible for the same.
My supervisor and institute should not be held for full or partial violation of copyright if
found at any stage of my degree.

Name of Candidate: Sachin

Roll No:17CS59
 CERTIFICATE BY THE SUPERVISOR

It is certified that this training report titled “NETWORKING” by Mrs SWATI in the
partial fulfillment of requirement for the award of Bachelor of Technology (Computer
Science & Engineering.) submitted to Rao Pahlad Singh College of Engineering &
Technology Balana,Mohindergarh is a record of student’s own work carried out under my
supervision and guidance. This report has not been submitted to any other University or
Institution for award of degree. The work contained in this report is at par with university
standards. I wish him/her good luck and success in life.

Name of Supervisor: SWATI

Company Name: EME TECHNOLOGIES

 ACKNOWLEDGMENTS

First of all I would like to thank Almighty one who has always guided me to work on the
right path in life. Without his grace this would never come to be today’s reality.
I would like to express my deepest gratitude toward my Supervisor SWATI
for showing great interest in my training work. This work could not have been finished
without his valuable comments and inspiring guidance. He provided me the right balance of
guidance and independence in my dissertation work. I am immensely indebted to him for his
advice both in technical and non-technical matters. He has always been willing to take the
time to help me and offer advice.
I would also like to thank all the faculty members of the CSE
department for their direct or indirect help in completion of my dissertation.
Finally, I would like to thank my parents, siblings and friends for their great
emotional support, care and encouragement during my dissertation.

Name of Candidate : SACHIN

Roll No:17CS59
1.1 ABOUT THE ORGANIZATION

1.1.1 Introduction about EME Technologies

EME Technologies a software company is managed by a team of dedicated, committed

and highly qualified software & hardware professional. The company is fortunate
enough to have been associated with expert and experienced faculty in the fields of
Software, Hardware and Web Technologies, Embedded System, PCB
Designing,Networking,Autocad,automationandmanymore.

One of the areas of our specializations is Project study, analysis, development and its
live implementation. The computer faculty in our computer institute has hands-on
experience in software development and has a proven track record in training and
guiding the students.

They take intensive care from the very first step of selecting the Project title and
encouraging the student to venture a distinct project, involve themselves in the Project
by putting their own effort, time and subject to write programs to execute the same.

In case of any problems, the faculty in-charge willingly guides the student and helps
them in successfully executing the Project. Faculty give their support 24/7 toclient.

The institute’s objectives is to empower the future computer Professionals by providing

them decent work atmosphere, individual attention, creating confidence in them by
encouraging them take-up the Project on their own, right from selection of topic until its
implementation, facilitating its submission, under the supervision and guidance of
experienced and expert faculty. EME delivers an integrated portfolio of solutions and
services reflecting a broad range of technology and business practices.
1.1.2 EME-Overview

The “EME Technologies”, is located in Mohali in 7 Phase and in Chandigarh.

EMETECHNOLOGIES are Offshore Outsourcing Consultants with a leading edge
technology focus on delivering the best and most cost-effective solutions to their clients
in various areas of web development services and solutions.

The team at EME Technologies consists of over 30 highly skilled professionals

associated with Information Technology. EME Technologies delivers total solutions for
software development and maintenance needs, serving companies from the smallest of
start-ups to the largest of the Global 2000. We specialize in offshore software
development and web applications.

At EME Technologies a talented group of designers and interface engineers are masters
at effectively conveying a consistent corporate message and brand while concentrating
on ensuring a pleasant and useful user experience. They help in effectively market the
company by utilizing their skills in web strategy, creative interface design, corporate
branding and logo design, online marketing strategy and copywriting.

1.1.3 Vertical practices

1.1.3.1 Service Practices

The various types of services that are offered by this company are as follows

1.1.3.1.1. Custom web applications

1.1.3.1.2. Web designing
1.1.3.1.3. Complete e-business solutions
1.1.3.1.4. Ecommerce business
1.1.3.1.5. SEO Service
1.1.3.1.6. Web Data Mining
1.1.3.1.7. Training and Consulting Services for the
Development of Embedded Systems

1.3.1.1.1. Custom application development

It is meant for designing a software that has been designed and programmed for a
specific function/need. Custom application development is capable of producing
practically any feature you may desire for your site.
EMETECHNOLOGIES provide total flexibility in terms of Custom application
development - the process is essentially "Client Driven". It is important to remember
that a well-designed database should provide the end product that is tailored to meet
both your professional and practical business needs and therefore serve its intended
purpose

1.3.1. 1.2. Web Designing

EMETECHNOLOGIES has a team of experienced multi media and web designers for
professional web site designing who work closely with our programming team to
integrate the various components with a consistent look and feel that represents your
corporate brand image. We know the importance of a "first web impression" in web site
design and our experienced team will advise you on how best to take advantage of
changing trends and expectations

1.3.1. 1.3. Complete e-business solutions

EME Technologies ' Complete e-business solutions offer a powerful combination of

design and technology. This comprehensive set of online e-commerce technology is
designed to help you make the most of your new or existing business. Their complete e-
business solutions will help you increase your sales and improve your bottom line.

1.3.1. 1.4. E-commerce business development

Their shopping cart solutions are all you need to be a successful online store. Meet any
growing e- commerce requirements with our shopping cart solutions for all sectors of
the market. With the advent of technology, business has increased manifold.

If you are not updating your business in accordance to the changing scenario then a
realization factor might follow showing your performance during the past time. There
cannot be any short cut to success for your retail business. All you can do is to provide
best offer to your customers by using Ecommerce solutions.

1.3.1. 1.5. Search Engine Optimization Firm

It offers the facility of Optimizing and Positioning of your website in the Major Search
Engines. They initiate the SEO Service process by determining the Keyword/Phrase
that best describe your Website/Business. Then they build META Tags, for the few
search engines that still use these.

The placement and maintenance of your website is monitored through out the year.
This becomes even more important whenever the search engines changes their
specifications. Maintenance is an extremely important aspect of a quality web site, not
just for the benefit of search engines, but also for overall accuracy of your company's
information.

1.3.1. 1.6. Web Data mining

It is a proven technology for advanced analysis that detects key patterns and trends. But
the time-consuming complexity of preparing Web data with the business context
necessary for data mining has hampered its use in Web analysis—until now.

EME Technologies creates, maintains, and runs Internet robots that retrieve data from
the Web. The robots feed extractors that pick out useful information and can deliver it
to you in a format for processing and analysis.

1.3.1. 1.7. Training and Consulting Services for the Development of Embedded
Systems

EME Technologies is pioneer in Establishing Embedded systems in Chandigarh. Our

expertise covers several microcontroller architectures and their development tool
chains. In addition we focus on topics such as time-to-market, quality improvement ,
complete PCB Designing and embedded applications using Atmel MCS51,Atmel
AVR,Microchip PICcontroller, NXP ARM,Arduino and Raspberry pi Our training and
consulting services include prototyping and customized software and hardware
developments.Training, consulting or prototyping services include applications on
technologies from Atmel , microchip , NXP , Maxim etc.

Embedded Systems Development involve Microcontroller families, these

Microcontroller families require programming in Embedded C language.

EME is providing embedded system Development services and Training in Embedded

systems, Robotics, VLSI,AUTOCAD since 2010
 1. NETWORKING BASICS
1.1 COMPUTER NETWORK

A computer network allows sharing of resources and information among interconnected

devices. In the 1960s, the Advanced Research Projects Agency (ARPA) started funding the
design of the Advanced Research Projects Agency Network (ARPANET) for the United
States Department of Defense. It was the first computer network in the world. Development
of the network began in 1969, based on designs developed during the 1960s.

Computer networks can be used for a variety of purposes:

• Facilitating communications. Using a network, people can communicate efficiently

and easily via email, instant messaging, chat rooms, telephone, video telephone calls,
and video conferencing.

• Sharing hardware. In a networked environment, each computer on a network may

access and use hardware resources on the network, such as printing a document on a
shared network printer.

• Sharing files, data, and information. In a network environment, authorized user may
access data and information stored on other computers on the network. The capability
of providing access to data and information on shared storage devices is an important
feature of many networks.

• Sharing software. Users connected to a network may run application programs on

remote computers.

• Information preservation.

• Security.

• Speed up.

1.2 NETWORKING

Networking is a common synonym for developing and maintaining contacts and personal
connections with a variety of people who might be helpful to you and your career.
Networking is the practice of linking two or more computing devices together for the purpose
of sharing data. Networks are built with a mix of computer hardware and computer software.
It is an especially important aspect of career management in the financial services industry,
since it is helps you keep abreast of:

1.3 TYPES OF NETWORKS

• Local Area Network

A Local Area Network (LAN) is a network that connects computers and devices in a limited
geographical area such as home, school, computer laboratory, office building, or closely
positioned group of buildings. Each computer or device on the network is a node. Current
wired LANs are most likely to be based on Ethernet technology, although new standards like
ITU-T G.hn also provide a way to create a wired LAN using existing home wires (coaxial
cables, phone lines and power lines)

• Personal Area Network

A personal area network (PAN) is a computer network used for communication among
computer and different information technological devices close to one person. Some
examples of devices that are used in a PAN are personal computers, printers, fax machines,
telephones, PDAs, scanners, and even video game consoles. A PAN may include wired and
wireless devices. The reach of a PAN typically extends to 10 meters. A wired PAN is usually
constructed with USB and Firewire connections while technologies such as Bluetooth and
infrared communication typically form a wireless PAN.

• Home Area Network

A home area network (HAN) is a residential LAN which is used for communication between
digital devices typically deployed in the home, usually a small number of personal computers
and accessories, such as printers and mobile computing devices. An important function is the
sharing of Internet access, often a broadband service through a CATV or Digital Subscriber
Line (DSL) provider. It can also be referred to as an office area network (OAN).
 • Wide Area Network

A wide area network (WAN) is a computer network that covers a large geographic area such
as a city, country, or spans even intercontinental distances, using a communications channel
that combines many types of media such as telephone lines, cables, and air waves. A WAN
often uses transmission facilities provided by common carriers, such as telephone companies.
WAN technologies generally function at the lower three layers of the OSI reference model:
the physical layer, the data link layer, and the network layer.

• Campus Network

A campus network is a computer network made up of an interconnection of local area

networks (LAN's) within a limited geographical area. The networking equipments (switches,
routers) and transmission media (optical fiber, copper plant, Cat5 cabling etc.) are almost
entirely owned (by the campus tenant / owner: an enterprise, university, government etc.).

In the case of a university campus-based campus network, the network is likely to link a
variety of campus buildings including; academic departments, the university library and
student residence halls.

• Metropolitan Area Network

A Metropolitan area network is a large computer network that usually spans a city or a large
campus.

• Virtual Private Network

A virtual private network (VPN) is a computer network in which some of the links between
nodes are carried by open connections or virtual circuits in some larger network (e.g., the
Internet) instead of by physical wires. The data link layer protocols of the virtual network are
said to be tunneled through the larger network when this is the case. One common application
is secure communications through the public Internet, but a VPN need not have explicit
security features, such as authentication or content encryption. VPNs, for example, can be
used to separate the traffic of different user communities over an underlying network with
strong security features.
 2. NETWORK TOPOLOGY

Network topology is the layout pattern of interconnections of the various elements (links,
nodes, etc.) of a computer network. Network topologies may be physical or logical. Physical
topology means the physical design of a network including the devices, location and cable
installation. Logical topology refers to how data is actually transferred in a network as
opposed to its physical design.

Various topologies::

❖ Bus topology

Many devices connect to a single cable "backbone". If the backbone is broken, the entire
segment fails. Bus topologies are relatively easy to install and don't require much cabling
compared to the alternatives.

Fig: 2.1

❖ Ring Topology

In a ring network, every device has exactly two neighbours for communication purposes. All
messages travel through a ring in the same direction. Like the bus topology, a failure in any
cable or device breaks the loop and will take down the entire segment. A disadvantage of the
ring is that if any device is added to or removed from the ring, the ring is broken and the
segment fails until it is "reforged" (by dwarfish goldsmiths?) It is also considerably more
expensive than other topologies.
 Fig: 2.2

❖ Star Topology

A star network has a central connection point - like a hub or switch. While it takes more
cable, the benefit is that if a cable fails, only one node will be brought down.

All traffic emanates from the hub of the star. The central site is in control of all the nodes
attached to it. The central hub is usually a fast, self-contained computer and is responsible for
routing all traffic to other nodes. The main advantages of a star network is that one
malfunctioning node does not affect the rest of the network. However this type of network
can be prone to bottleneck and failure problems at the central site.

Fig: 2.3
 ❖ Tree Topology

Also known as the 'Hierarchical topology', the tree topology is a combination of bus and star
topologies. They are very common in larger networks. A typical scenario is: a file server is
connected to a backbone cable (e.g. coaxial) that runs through the building, from which
switches are connected, branching out to workstations.

Fig: 2.4

❖ Mesh topology

In the topologies shown above, there is only one possible path from one node to another
node. If any cable in that path is broken, the nodes cannot communicate.

Mesh topology uses lots of cables to connect every node with every other node. It is very
expensive to wire up, but if any cable fails, there are many other ways for two nodes to
communicate. Some WANs, like the Internet, employ mesh routing. In fact the Internet was
deliberately designed like this to allow sites to communicate even during a nuclear war.
 Fig: 2.5

❖ Hybrid Topology

Hybrid network is the combination of different topologies such as star, Ring, Mesh, Bus etc.
For example, if a department uses a Bus network, second department uses the ring network,
third department uses the Mesh network and fourth department uses the star network. All the
networks of different types (of four departments) can be connected together through a central
hub (in the form of star network) as shown in the figure above.

Fig: 2.6
 3. BASIC NETWORKING DEVICES

Computer networking devices are units that mediate data in a computer network. Computer
networking devices are also called network equipment, Intermediate Systems (IS) or
InterWorking Unit (IWU). Units which are the last receiver or generate data are called hosts
or data terminal equipment.

• 3.1 Routers

A router is a communication device that is used to connect two logically and physically
different networks, two LANs, two WANs and a LAN with WAN. The main function of the
router is to sorting and the distribution of the data packets to their destinations based on their
IP addresses. Routers provides the connectivity between the enterprise businesses, ISPs and
in the internet infrastructure, router is a main device. Cisco routers are widely used in the
world. Every router has routing software, which is known as IOS. Router operates at the
network layer of the OSI model. Router does not broadcast the data packets.

We have two types of router:

1. Hardware
2. Software. – This router is provided by RRAS SERVICE.

Fig: 3.1

• 3.2 Switches

Like the router, a switch is an intelligent device that maps the IP address with the MAC
address of the LAN card. Unlike the hubs, a switch does not broadcast the data to all the
computers, it sends the data packets only to the destined computer. Switches are used in the
LAN, MAN and WAN. In an Ethernet network, computers are directly connected with the
switch via twisted pair cables. In a network, switches use the three methods to transmit the
data i.e. store and forward, cut through and fragment free.
We have two types of switch.
1. Mangeable Switch: It has console port by using this we can manage this switch according
to our need.
2. Non-Mangeable Switch: It has no console port we use this switch as we purchase it.

Fig: 3.2

• 3.3 Hubs

The central connecting device in a computer network is known as a hub. There are two types
of a hub i.e. active hub and passive hub. Every computer is directly connected with the hub.
When data packets arrives at hub, it broadcast them to all the LAN cards in a network and the
destined recipient picks them and all other computers discard the data packets. Hub has five,
eight, sixteen and more ports and one port is known as uplink port, which is used to connect
with the next hub.

Fig: 3.3
 • 3.4 Modems

A modem is a communication device that is used to provide the connectivity with the
internet. Modem works in two ways i.e. Modulation and Demodulation. It converts the
digital data into the analogue and analogue to digital.

Fig: 3.4

• 3.5 LAN Cards

LAN cards or network adapters are the building blocks of a computer network. No computer
can communicate without a properly installed and configured LAN card. Every LAN card is
provided with a unique IP address, subnet mask, gateway and DNS (if applicable). An
UTP/STP cable connects a computer with the hub or switch. Both ends of the cable have the
RJ-45 connectors one is inserted into the LAN card and one in the hub/switch. LAN cards
are inserted into the expansion slots inside the computer. Different LAN cards support
different speed from 10/100 to 10/1000.

Ethernet = speed 10mbps

Fast Ethernet = 100mbps
Giga Ethernet = 1000mbps
Fastgiga Ethernet = 10000mbps
 Fig: 3.5

• 3.6 Network Repeater

A repeater connects two segments of your network cable. It retimes and regenerates the
signals to proper amplitudes and sends them to the other segments. When talking about,
ethernet topology, you are probably talking about using a hub as a repeater. Repeaters require
a small amount of time to regenerate the signal. This can cause a propagation delay which
can affect network communication when there are several repeaters in a row. Many network
architectures limit the number of repeaters that can be used in a row. Repeaters work only at
the physical layer of the OSI network model.

Fig: 3.6
 • 3.7 Bridge

A bridge reads the outermost section of data on the data packet, to tell where the message is
going. It reduces the traffic on other network segments, since it does not send all packets.
Bridges can be programmed to reject packets from particular networks. Bridging occurs at the
data link layer of the OSI model, which means the bridge cannot read IP addresses, but only
the outermost hardware address of the packet. In our case the bridge can read the ethernet
data which gives the hardware address of the destination address, not the IP address. Bridges
forward all broadcast messages.

Fig: 3.7

The hardware address is also called the MAC (media access control) address

• 3.8 Gateway

A gateway can translate information between different network data formats or network
architectures. It can translate TCP/IP to AppleTalk so computers supporting TCP/IP can
communicate with Apple brand computers. Most gateways operate at the application layer,
but can operate at the network or session layer of the OSI model. Gateways will start at the
lower level and strip information until it gets to the required level and repackage the
information and work its way back toward the hardware layer of the OSI model. To confuse
issues, when talking about a router that is used to interface to another network, the word
gateway is often used. This does not mean the routing machine is a gateway as defined here,
although it could be.
 4. NETWORK MODELS

When dealing with networking, you may hear the terms "network model" and "network
layer" used often. Network models define a set of network layers and how they interact.
There are several different network models depending on what organization or company
started them. The most important two are:

TCP/IP Model: - This model is sometimes called the DOD model since it was designed for
the department of defence. It is also called the internet model because TCP/IP is the protocol
used on the internet.

OSI Network Model: - The International Standards Organization (ISO) has defined a
standard called the Open Systems Interconnection (OSI) reference model. This is a seven
layer architecture listed in the next section.

Fig: 4.1
4.1 Layers in the TCP/IP model

• Application Layer (process-to-process): This is the scope within which applications

create user data and communicate this data to other processes or applications on
another or the same host. The communications partners are often called peers. This is
where the "higher level" protocols such as SMTP, FTP, SSH, HTTP, etc. operate.
• Transport Layer (host-to-host): The Transport Layer constitutes the networking
regime between two network hosts, either on the local network or on remote networks
separated by routers.
• Internet Layer (internetworking): The Internet Layer has the task of exchanging
datagrams across network boundaries. It is therefore also referred to as the layer that
establishes internetworking, indeed, it defines and establishes the Internet. This layer
defines the addressing and routing structures used for the TCP/IP protocol suite.
• Link Layer: This layer defines the networking methods with the scope of the local
network link on which hosts communicate without intervening routers. This layer
describes the protocols used to describe the local network topology and the interfaces
needed to affect transmission of Internet Layer datagrams to next-neighbor hosts.

4.2 Layers in OSI Model

The OSI, or Open System Interconnection, model defines a networking framework for
implementing protocols in seven layers. Control is passed from one layer to the next, starting
at the application layer in one station, and proceeding to the bottom layer, over the channel to
the next station and back up the hierarchy.

• Application (Layer 7): This layer supports application and end-user processes.
Communication partners are identified, quality of service is identified, user
authentication and privacy are considered, and any constraints on data syntax are
identified.
• Presentation (Layer 6): This layer provides independence from differences in data
representation (e.g., encryption) by translating from application to network format,
and vice versa.
• Session (Layer 5): This layer establishes, manages and terminates connections
between applications. The session layer sets up, coordinates, and terminates
 conversations, exchanges, and dialogues between the applications at each end. It deals
with session and connection coordination.
• Transport (Layer 4): This layer provides transparent transfer of data between end
systems, or hosts, and is responsible for end-to-end error recovery and flow control. It
ensures complete data transfer.
• Network (Layer 3): This layer provides switching and routing technologies, creating
logical paths, known as virtual circuits, for transmitting data from node to node.
• Data Link (Layer 2): At this layer, data packets are encoded and decoded into bits. It
furnishes transmission protocol knowledge and management and handles errors in the
physical layer, flow control and frame synchronization. The data link layer is divided
into two sub layers: The Media Access Control (MAC) layer and the Logical Link
Control (LLC) layer.
• Physical (Layer 1): This layer conveys the bit stream - electrical impulse, light or
radio signal -- through the network at the electrical and mechanical level. .

TCP/IP Model vs OSI Model

Sr.
TCP/IP Reference Model OSI Reference Model
No.

1 Defined after the advent of Internet. Defined before advent of internet.

Service interface and protocols were not Service interface and protocols are
2
clearly distinguished before clearly distinguished

3 TCP/IP supports Internet working Internet working not supported

4 Loosely layered Strict layering

5 Protocol Dependant standard Protocol independent standard

6 More Credible Less Credible

TCP reliably delivers packets, IP does not

7 All packets are reliably delivered
reliably deliver packets
 5. BASIC NETWORKING CABLES

Networking Cables are used to connect one network device to other or to connect two or
more computers to share printer, scanner etc. Different types of network cables like Coaxial
cable, Optical fiber cable, Twisted Pair cables are used depending on the network's topology
, protocol and size. The devices can be separated by a few meters (e.g. via Ethernet) or nearly
unlimited distances (e.g. via the interconnections of the Internet).

While wireless may be the wave of the future, most computer network today still utilize
cables to transfer signals from one point to another

i. Twisted Pair Cable

ii. Optical Fiber Cable
iii. Coaxial Cable

We use two types of cable in networking:

1) Straight Cable

You usually use straight cable to connect different type of devices. This type of cable will be
used most of the time and can be used to:

1) Connect a computer to a switch/hub's normal port.

2) Connect a computer to a cable/DSL modem's LAN port.
3) Connect a router's WAN port to a cable/DSL modem's LAN port.
4) Connect a router's LAN port to a switch/hub's uplink port. (normally used for
expanding network)
5) Connect 2 switches/hubs with one of the switch/hub using an uplink port and the other
one using normal port.

2) Crossover Cable

A crossover cable connects two devices of the same type, for example DTE-DTE or DCE-
DCE, usually connected asymmetrically (DTE-DCE), by a modified cable called a crosslink.
Such distinction of devices was introduced by IBM
Sometimes you will use crossover cable, it's usually used to connect same type of devices. A
crossover cable can be used to:

1) Connect 2 computers directly.

2) Connect a router's LAN port to a switch/hub's normal port(normally used for
expanding network)
3) Connect 2 switches/hubs by using normal port in both switches/hubs.

Fig: 5.1

Colour coding of cable:

Straight:
1. orange white 1.orange white
2. orange 2.orange
3. green white 3.green white
4. blue 4. blue
5. blue white 5. blue white
6. green 6. green
7. brown white 7. brown white
8. brown 8. Brown
Cross cable:
1. orange white 1.green white
2. orange 2.green
3. green white 3.orange white
4. blue 4. blue
5. blue white 5. blue white
6. green 6. orange
7. brown white 7. brown white
8. brown 8. Brown
T-568B Straight-Through Ethernet Cable

Fig: 5.2

RJ-45 Crossover Ethernet Cable

Fig: 5.3

INSTALLING CABLES
In today networks, UTP CABLES are commonly used to connect computers in a network.
Depending on the color codings, we have different cables like straight cable, cross cable and
roll-over cable.
STRAIGHT CABLE
The cable used between the PC and the hub/switch is called straight cable.
Straight cable can be used between
PC - SWITCH
PC- HUB
HUB (UPLINK PORT) - HUB
CROSS-OVER CABLE
The cable used to connect two PCs is called cross-over cable.
Cross cable can be used between:
PC - PC
HUB - HUB
SWITCH - SWITCH
ROUTER - PC
ROLL-OVER CABLE
The cable used between a hardware router and a PC is called roll-over cable.
In this cable, the color coding used in one end is reversed in the other end.
DATA TRAVEL ONLY GREEN OR ORANGE PAIR OF CABLE.
 6. ADDRESSING IN COMPUTER NETWORKING

There are two kinds of addresses used in networks:

1 .Physical address
2. Logical address
PHYSICAL ADDRESS
1. It is also called hardware address or MAC address.MAC stands for media access control.
2. It is present in the chip of a NIC card.
3. It is unique for every NIC card and cannot be changed.
4. It is 48 bits. Out of 48 bits, 24 bits of address is given by the manufacturer of NIC card and
the remaining 24 bits of address is defined as per instructions given by IEEE.
5. IEEE stands for Institute of Electronics and Electrical Engineers.
LOGICAL ADDRESS
1. It is also called software address.
2. It is given by the user and can be changed anytime.
3. Several schemes or protocols are used to define logical address in a computer.
4. These protocols are:
TCP/IP (Transmission Control Protocol/Internet Protocol)
IPX/SPX (Internetwork Packet Exchange/Sequential Packet Exchange)
DLC (Data Link Control)
AppleTalk
PROTOCOL
Protocol is a set of rules which in communication between computers.
TCP/IP
1. It has become industry-standard
2. It was developed by DOD (Department of Defence) of USA.
3. It is used both in Internet (public network) and Intranet (private network).
4. It is of 32 bits.
5. Currently used version is IP v4.
6. IP v6 is also available.
7. It has four fields or octets.
8. Each octet is of 8 bits.
9. It can be represented by w.x.y.z
10. Minimum value of octet is 0 and maximum is 255
11. Each octet or field can have decimal values ranging from 0 to 255.
12. According to the value of w or first field, we have five classes of TCP/IP Addresses.
The first three classes are only used for computer addressing in a network.
IP ADDRESSING
IP (INTERNET PROTOCOL) is 32 bit. It is divided in 4 octet each octet contain 8 bit. It is
numerical identification of computer on network. It is divided in to two parts one is network
and second is host. We use private ip address in LAN which is provided by IANA
(INTERNET ASSIGNING NUMBRING AUTHOURTIY). The minimum value (per octet) is
0 and the maximum value is 255. IP address are divided in five classes.
1. Network ID: it represent the no. of on bit that is (1).
2. Host ID: it represent the no. of off bit that is (0).
Class Range Network Host ID Subnet Mask Total IP Valid IP
ID
A 1-127 8 24 255.0.0.0 16777216 16777214
B 128-191 16 16 255.255.0.0 65536 65534
C 192-223 24 8 255.255.255.0 256 254
D 224-239 It is reserved for multicast.
E 240-255 It is reserved for research/scientific use.

NOTE: We use only first three class which is provide by IANA in LAN.
IP Addresses are divided into two parts:
1. Private IP address
2. Public (live) IP address.
Range of Private IP Address:

Class A 10.0.0.0 to 10.255.255.255

Class B 172.16.0.0 to 172.31.255.255

Class C 192.168.0.0 to 192.168.255.255
Range of Public IP Address:
1.0.0.0 to 9.255.255.255
11.0.0.0 to 126.255.255.255
128.0.0.0 to 172.15.255.255
172.32.0.0 to 192.167.255.255
192.169.0.0 to 223.255.255.255
And another range is called APIPA (Automatic private internet protocol Addressing) range is
169.254.0.0 to 169.254.255.255.
We can assign the IP address by using two methods:
(1) Statically or manually
(2) Dynamically (by using DHCP server- dynamic host configuration protocol)

But in case of your computer has no IP address then IP address is assigned to the
computer from APIPA Range, but communication is not possible when computer has IP
address from APIPA. 127.0.0.1 is the loop back address it is used for self-communication
and for troubleshooting purpose.
Subnet Mask: Subnet Mask is also 32 bit address, which tell us how many bits are used for
network and how many bits are used for host address.
In subnet mask network bits are always 1 and host bits are always 0.
IP Address invalid or reserve IP Address:
When we are going to assign IP Address to our computer interface then we have to follow
some rules:
Rules: -
1. All Host bits cannot be 0 (10.0.0.0), because it represent network address which is reserved
for router.
2. All Host bit cannot be 1 (10.255.255.255.), because it is broadcast address of that network
(10th) network.
3. All bits cannot be 0 (0.0.0.0), because this address is reserved for default routing.
Default routing is used in case of stub n/w (means our network has no exit point).
4. All bits cannot be 1 (255.255.255.255), because it reserved for Broadcasting

C:\> IPCONFIG (this command is use for IP check).

C:\> IPCONFIG /ALL (This cmd is show all detail of your interface.).
Ping – Packet Internet Groper
This command is used to check the connectivity with other computer. Ping is performed with
in network or outside the network. In this process four packets are send to destination address
and four packets received from the destination address. ICMP (Internet control massage
protocol) is used for this process.
ICMP
Internet Control Messaging Protocol is used by ping and traceroute utilities.
Ping (Packet Internet Groper) enables you to validate that an IP address exists and can accept
requests. The following transmissions are used by the Ping utility:
• Ping sends an echo request packet to receive the echo response.
• Routers send Destination Unreachable messages when they can’t reach the destination
network and they are forced to drop the packet. The router that drops the packet sends
the ICMP DU message.
C:\> ping (IP of destination) for e.g 10.0.0.1
C:\> ping (IP of destination ) –t (for continue).
Press ctrl+c to stop ping.
1. Reply from Destination :
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Reply from 10.1.1.1: bytes=32 time<1ms TTL=255
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
1. Minimum = 0ms, Maximum = 0ms, Average = 0ms
This message appear when destination computer properly configured and connected with
same network ip address.
2. Request time out (R.T.O):- This message appear when Destination computer has some
problem .For e g: IP address does not exit, network cable unplugged, computer shutdown,
interconnection firewall enable.
3. Destination host unreachable:- This massage appear when our computer desire to
communicate with another n/w but our computer has no gateway IP address.
4. Reply from gateway but Destination host unreachable:-This massage appear when
computer desire to communicate with another network computer but our router has no route
information in its routing table for Destination n/w.
5. Hardware error:- This massage appears when during communication our network goes
unplugged.
6. Negotiating IP Security:- This massage appears when our computer has IP-Sec service
enabled with secure communication rule negotiation.
 7. SOFTWARE

7.1 SIMULATOR

A network simulator is a piece of software or hardware that predicts the behavior of a

network, without an actual network being present.

Network simulators serve a variety of needs. Compared to the cost and time involved in
setting up an entire test bed containing multiple networked computers, routers and data links,
network simulators are relatively fast and inexpensive. They allow engineers to test scenarios
that might be particularly difficult or expensive to emulate using real hardware- for instance,
simulating the effects of a sudden burst in traffic or a DoS attack on a network service.

The simulator that we have used to create a simulation of the network design of the Project is
CISCO PACKET TRACER.

SS: 7.1
 8. PROJECT DESCRIPTION

Layout of the proposed Network

We have designed a network Scenario in which we have used the concepts of routers,
switches, servers, Access Control List, Vlan, VTP, InterVLAN Routing, we have given detail
study of above topics....

❖ 8.1 Routing
Routing is the process of selecting paths in a network along which to send network
traffic. Routing is performed for many kinds of networks, including the telephone
network (Circuit switching) , electronic data networks (such as the Internet),
and transportation networks. This article is concerned primarily with routing in
electronic data networks using packet switching technology.

In packet switching networks, routing directs packet forwarding, the transit of logically
addressed packets from their source toward their ultimate destination through
intermediate nodes, typically hardware devices called routers, bridges, gateways, firewalls,
or switches. General-purpose computers can also forward packets and perform routing,
though they are not specialized hardware and may suffer from limited performance. The
routing process usually directs forwarding on the basis of routing tables which maintain a
record of the routes to various network destinations. Thus, constructing routing tables, which
are held in the router's memory, is very important for efficient routing. Most routing
algorithms use only one network path at a time, but multipath routing techniques enable the
use of multiple alternative paths.

Dynamic Routing

Dynamic routing performs the same function as static routing except it is more robust. Static
routing allows routing tables in specific routers to be set up in a static manner so network
routes for packets are set. If a router on the route goes down the destination may become
unreachable. Dynamic routing allows routing tables in routers to change as the possible
routes change. There are several protocols used to support dynamic routing including RIP and
OSPF.

DYNAMIC ROUTING
 Routed and Routing
Protocols

Routed
Routing

Interior Gateway Exterior Gateway

IP IP Apple Protocols Protocols
X

Hybrid
Dist-V Link-S

RIPv1,2
OSPF
Novell RIP IGRP NLSP EIGRP BGPv4

RTMP IS-IS

Fig: 8.1.1

Routed protocols:

TCP/IP, IPX-SPX are protocols which are used in a Local Area Network (LAN) so
computers can communicate between with each other and with other computers on the
Internet.Chances are that in your LAN you are most probably running TCP/IP. This protocol
is what we call a "routed" protocol. The term "routed" refers to something which can be
passed on from one place (network) to another. In the example of TCP/IP, this is when you
construct a data packet and send it across to another computer on the Internet
Routing protocols:

Routing protocols were created for routers. These protocols have been designed to allow the
exchange of routing tables, or known networks, between routers. There are a lot of different
routing protocols, each one designed for specific network sizes, so I am not going to be able
to mention and analyse them all, but I will focus on the most popular.

Dynamic Routing Protocols

There are 3 types of Dynamic routing protocols, these differ mainly in the way that they
discover and make calculations about routes (click to select):

1) Distance Vector

2) Link State

3) Hybrid

• Distance Vector routers compute the best path from information passed to them from
neighbors

• Link State routers each have a copy of the entire network map

• Link State routers compute best routes from this local map

Fig: 8.1.2
DISTANCE VECTOR ROUTING PROTOCOLS
Distance Vector routing protocols use frequent broadcasts (255.255.255.255 or FF:FF:FF:FF)
of their entire routing table every 30 sec. on all their interfaces in order to communicate with
their neighbours. The bigger the routing tables, the more broadcasts. This methodology limits
significantly the size of network on which Distance Vector can be used.

RIPV1:

Routing Information Protocol (RIP) is a true Distance-Vector routing protocol. It sends the
complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count
to determine the best way to a remote network, but it has a maximum allowable hop count of
15, meaning that 16 is deemed unreachable. RIP works well in small networks, but it is
inefficient on large networks with slow WAN links or on networks with large number of
routers installed.

RIP comes in two different versions. RIP version 1 uses only classful routing, which means
that all devices in the network must use the same subnet mask. This is because RIP version
1 does not include the subnet mask when it sends updates. RIP v1 uses broadcasts
(255.255.255.255).

RIP version 2 does, however, and this is what we call classless routing (check the Subnetting
section for more details). RIP v2 uses multicasts (224.0.0.9) to update its routing tables.

COMMANDS:-

Configure RIP:
Use the following command to enable RIP on RouterA:
RouterA(config)#router rip

Configure the router to receive and send only RIP Version 2 packets using the following
command:
RouterA(config-router)#version 2

Use the following commands to specify the networks directly connected to the router:
RouterA(config-router)#network 192.168.11.0
RouterA(config-router)#network 192.168.22.0

Interior Gateway Protocol - IGRP

Interior Gateway Routing Protocol (IGRP) is a Cisco proprietary Distance-Vector routing
protocol. This means that all your routers must be Cisco routers in order to use IGRP in your
network, keep in mind that Windows 2000 now supports it as well because they have bought
a licence from Cisco to use the protocol

Cisco created this routing protocol to overcome the problems associated with RIP.

IGRP has a maximum hop count of 255 with a default of 100. This is helpful in larger
networks and solves the problem of there being only 15 hops maximum possible in
a RIP network. IGRP also uses a different metric from RIP. IGRP uses bandwidth and delay
of the line by default as a metric for determining the best route to an internetwork. This is
called a composite metric. Reliability, load and Maximum Transmission Unit (MTU) can also
be used, although they are not used by default.

COMMANDS:-

RouterA#configure terminal

Enter configuration commands, one per line. End with Cntl/z

RouterA#(config)#router igrp AS no.

RouterA#(config-router)#network ip address

RouterA#(config-router)#exit

Link State Routing Protocols:

Link State protocols, unlike Distance Vector broadcasts, use multicast. Link State routing
protocols do not view networks in terms of adjacent routers and hop counts, but they build a
comprehensive view of the overall network which fully describes the all possible routes along
with their costs. Using the SPF (Shortest Path First) algorithm, the router creates a
"topological database" which is a hierarchy reflecting the network routers it knows about. It
then puts it's self on the top of this hierarchy, and has a complete picture from it's own
perspective.

Link State protocols in comparison to Distance Vector protocols have:

 • Big memory requirements

• Shortest path computations require many CPU circles

• If network is stable little bandwidth is used; react quickly to topology changes

• Announcements cannot be “filtered”. All items in the database must be sent to

neighbors

• All neighbors must be trusted

• Authentication mechanisms can be used to avoid undesired adjacencies

• No split horizon techniques are possible

Open Shortest Path First (OSPF) Routing Protocol:-

Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol (IP)
networks by the interior gateway protocol (IGP) working group of the Internet Engineering
Task Force (IETF). The working group was formed in 1988 to design an IGP based on the
shortest path first (SPF) algorithm for use in the Internet. Similar to the Interior Gateway
Routing Protocol (IGRP), OSPF was created because in the mid-1980s, the Routing
Information Protocol (RIP) was increasingly unable to serve large, heterogeneous
internetworks.

OSPF is a classless routing protocol, which means that in its updates, it includes the subnet of
each route it knows about, thus, enabling variable-length subnet masks. With variable-length
subnet masks, an IP network can be broken into many subnets of various sizes. This provides
network administrators with extra network-configuration flexibility. These updates are
multicasts at specific addresses (224.0.0.5 and 224.0.0.6).

OSPF has two primary characteristics:

• 1) The protocol is open (non-proprietary), which means that its specification is in the
public domain. The OSPF specification is published as Request For Comments (RFC)
1247.
 • 2) The second principal characteristic is that OSPF is based on the SPF algorithm,
which sometimes is referred to as the Dijkstra algorithm, named for the person
credited with its creation.

COMMANDS:-

Router#config terminal
Router(config)#router ospf process-id

Router(config-router)#network network-number mask area area-id

Example:

Router(config-router)#network 10.0.1.0 0.0.0.255 area 10

Various Routing Protocol

❖ Servers

A server is primarily a program that runs on a machine, providing a particular and specific
service to other machines connected to the machine on which it is found.
Nowadays, server functionality has become so rich, complex and varied in nature that there
are whole very powerful computers dedicated to being exclusively servers. This has led many
non-technical people to denote servers as being machines that run services.

A network server is a computer designed to process requests and deliver data to other
(client) computers over a local network or the Internet. Network servers typically are
configured with additional processing, memory and storage capacity to handle the load of
servicing clients.

DHCP SERVER

DHCP (Dynamic Host Configuration Protocol) is a protocol that allows a central computer to
automatically assign the TCP/IP network configuration to individual work-stations on a
private network. With DHCP enabled it suffices to enable the "Obtain an IP address
automatically" in the TCP/IP configuration on the private network. The DHCP Server then
takes over the responsibility of assigning the TCP/IP parameters, significantly lowering the
task of network maintenance

Fig: 8.5.1

How Does DHCP Work?

At boot time the computer has no network parameters assigned to it. The following list
provides an overview of the typical network parameters:
• IP address and network mask

• Default route/gateway ñ an IP address which will be used for forwarding packets whose
destinations are beyond local network

• DNS servers for resolving Internet names (e.g. internet.com) to IP addresses

• Workstation parameters, e.g., domain name or workgroup/workstation name

• Static routes

• IP forwarding setting

• MTU size

• Other settings (a complete list can be found in the DHCP RFCs)

• Static configuration.

With static configuration, the client computer uses pre-configured network parameters. The
disadvantages of this approach include the possibility of IP address conflicts and the
administrative issues possible when manually configuring many internal clients.
 ❖ INTERNET CONNECTION SHARING
ICS provides networked computers with the ability to share a single connection to the
Internet.
If you have multiple computers, you can use ICS to allow you and others on your local area
network (LAN) to perform different tasks simultaneously. For example, one person can send
and receive e-mail messages, while another person downloads a file, and another person
browses the Internet. You can also gain access to your corporate e-mail accounts from a
client computer while others on your LAN cannot. You can use Web-enabled programs (such
as downloading updates) as well as Microsoft NetMeeting and other video conferencing
programs.

Internet Connection Sharing Components

• DHCP Allocator - A simplified DHCP service that assigns the IP address, gateway,
and name server on the local network.
• DNS Proxy - Resolves names on behalf of local network clients and forwards queries.
• Network Address Translation (NAT) - Maps a set of private addresses to a set of
public addresses. NAT tracks private-source IP addresses and public-destination IP
addresses for outbound flows. It changes the IP address information and edits the
required IP header information dynamically.
• Auto-dial - Automatically dials connections.
• Application programming interfaces (APIs) - For configuration, status, and dial
control for programs.

How to use Internet Connection Sharing

To use Internet Connection Sharing to share your Internet connection, the host computer must
have one network adapter that is configured to connect to the internal network, and one
network adapter or modem that is configured to connect to the Internet.

On the host computer

On the host computer, follow these steps to share the Internet connection:

1. Log on to the host computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.
 3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click the connection that you use to connect to the Internet. For example, if you
connect to the Internet by using a modem, right-click the connection that you want
under Dial-up.
6. Click Properties.
7. Click the Advanced tab.
8. Under Internet Connection Sharing, select the Allow other network users to
connect through this computer's Internet connection check box.
9. If you are sharing a dial-up Internet connection, select the Establish a dial-up
connection whenever a computer on my network attempts to access the
Internet check box if you want to permit your computer to automatically connect to
the Internet.
10. Click OK. You receive the following message:

When Internet Connection Sharing is enabled, your LAN adapter will be set to use IP
address 192.168.0.1. Your computer may lose connectivity with other computers on
your network. If these other computers have static IP addresses, it is a good idea to set
them to obtain their IP addresses automatically. Are you sure you want to enable
Internet Connection Sharing?

11. Click Yes.

On the client computer

To connect to the Internet by using the shared connection, you must confirm the LAN adapter
IP configuration, and then configure the client computer. To confirm the LAN adapter IP
configuration, follow these steps:

1. Log on to the client computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click Local Area Connection, and then click Properties.
6. Click the General tab, click Internet Protocol (TCP/IP) in the This connection uses
the following items list, and then click Properties.
 7. In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP
address automatically (if it is not already selected), and then click OK.
NOTE: You can also assign a unique static IP address in the range of 192.168.0.2 to
192.168.0.254. For example, you can assign the following static IP address, subnet
mask, and default gateway.
8. IP Address 192.168.0.2
9. Subnet mask 255.255.255.0
10. Default gateway 192.168.0.1

Fig: 8.3.1

11. In the Local Area Connection Properties dialog box, click OK.
12. Quit Control Panel.

Access Control List

ACL is a listing containing one or more ACE that tells a computer operating system or other
network device what rights users have to each item on a computer or network device. For
example, an ACL may specify if a user or the users group have access to a file or folder on
that computer or network.

Access Control Lists (ACLs) allow a router to permit or deny packets based on a variety of
criteria. The ACL is configured in global mode, but is applied at the interface level. An ACL
does not take effect until it is expressly applied to an interface with the ip access-group
command. Packets can be filtered as they enter or exit an interface.

If a packet enters or exits an interface with an ACL applied, the packet is compared against
the criteria of the ACL. If the packet matches the first line of the ACL, the appropriate
“permit” or “deny” action is taken. If there is no match, the second line’s criterion is
examined. Again, if there each of these rules has some powerful implications when filtering
IP and IPX packets with access lists. There are two types of access lists used with IP and
IPX:

Standard access lists

These use only the source IP address in an IP packet to filter the network. This basically
permits or denies an entire suite of protocols. IPX standards can filter on both source and
destination IPX address.

Extended access lists

These check for both source and destination IP address, protocol field in the Network layer
header, and port number at the Transport layer header. IPX extended access lists use source
and destination IPX addresses, Network layer protocol fields, and socket numbers in the
Transport layer header.

Define In, Out, Inbound, Outbound, Source, and Destination

The router uses the terms in, out, source, and destination as references. Traffic on the router
can be compared to traffic on the highway. If you were a law enforcement officer in
Pennsylvania and wanted to stop a truck going from Maryland to New York, the source of the
truck is Maryland and the destination of the truck is New York. The roadblock could be
applied at the Pennsylvania–New York border (out) or the Maryland–Pennsylvania border
(in).

When you refer to a router, these terms have these meanings.

• Out—Traffic that has already been through the router and leaves the interface. The
source is where it has been, on the other side of the router, and the destination is
where it goes.
• In:-Traffic that arrives on the interface and then goes through the router. The source is
where it has been and the destination is where it goes, on the other side of the router.
 • Inbound:-If the access list is inbound, when the router receives a packet, the Cisco
IOS software checks the criteria statements of the access list for a match. If the packet
is permitted, the software continues to process the packet. If the packet is denied, the
software discards the packet.
• Outbound:-If the access list is outbound, after the software receives and routes a
packet to the outbound interface, the software checks the criteria statements of the
access list for a match. If the packet is permitted, the software transmits the packet. If
the packet is denied, the software discards the packet.

Standard IP Access Lists

Standard IP access lists filter the network by using the source IP address in an IP packet.
You create a standard IP access list by using the access list numbers 1–99.

Here is an example of the access list numbers that you can use to filter your network.
The different protocols that you can use with access lists depend on your IOS version.

RouterA(config)#access-list?

<1-99> IP standard access list

<100-199> IP extended access list
<200-299> Protocol type-code access list
<300-399> DECnet access list
<400-499> XNS standard access list
<500-599> XNS extended access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list

By using the access list numbers between 1–99, you tell the router that you want to create a
standard IP access list.

RouterA(config)#access-list 10 ?
deny Specify packets to reject
permit Specify packets to forward
After you choose the access list number, you need to decide if you are creating a permit or
deny list. For this example, you will create a deny statement:

RouterA(config)#access-list 10 deny

Hostname or A.B.C.D Address to match

any Any source host
host A single host address

The next step requires a more detailed explanation. There are three options available. You
can use the any command to permit or deny any host or network, you can use an IP address to
specify or match a specific network or IP host, or you can use the host command to specify a
specific host only.

Here is an example of using the host command:

RouterA(config)#access-list 10 deny host 172.16.30.2

This tells the list to deny any packets from host 172.16.30.2. The default command is host. In
other words, if you type access-list 10 deny 172.16.30.2, the router assumes you
mean host 172.16.30.2.

However, there is another way to specify a specific host: you can use wildcards. In fact, to
specify a network or a subnet, you have no option but to use wildcards in the access list.

Extended IP Access Lists

In the standard IP access list example, notice how you had to block the whole subnet from
getting to the finance department. What if you wanted them to gain access to only a certain
server on the Finance LAN, but not to other network services, for obvious security reasons?
With a standard IP access list, you can’t allow users to get to one network service and not
another. However, extended IP access lists allow you to do this. Extended IP access lists
allow you to choose your IP source and Destination address as well as the protocol and port
number, which identify the upper-layer protocol or application. By using extended IP access
lists, you can effectively allow users access to a physical LAN and stop them from using
certain services.

Here is an example of an extended IP access list. The first command shows the access list
numbers available. You’ll use the extended access list range from 100 to 199.
At this point, you need to decide what type of list entry you are making. For this example,
you’ll choose a deny list entry.

RouterA(config)#access-list 110 ?
deny Specify packet
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward

Once you choose the access list type, you must choose a Network layer protocol field entry. It
is important to understand that if you want to filter the network by Application layer, you
must choose an entry here that allows you to go up through the OSI model. For example, to
filter by Telnet or FTP, you must choose TCP here. If you were to choose IP, you would
never leave the Network layer, and you would not be allowed to filter by upper-layer
applications.

RouterA(config)#access-list 110 deny ?

<0-255> An IP protocol number
eigrp Cisco's EIGRP routing protocol
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
igrp Cisco's IGRP routing protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
tcp Transmission Control Protocol
udp User Datagram Protocol

Once you choose to go up to the Application layer through TCP, you will be prompted for the
source IP address of the host or network. You can choose the any command to allow any
source address.

RouterA(config)#access-list 110 deny tcp ?

A.B.C.D Source address
any Any source host
host A single source host

After the source address is selected, the destination address is chosen.

RouterA(config)#access-list 110 deny tcp any ?

A.B.C.D Destination address
 any Any destination host
eq Match only packets on a given port number
gt Match only packets with a greater port number
host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers

In the example below, any source IP address that has a destination IP address of 172.16.30.2
has been denied.

RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 ?

eq Match only packets on a given port number
established Match established connections
fragments Check fragments
gt Match only packets with a greater port number
log Log matches against this entry
log-input Log matches against this entry, including input interface
lt Match only packets with a lower port number
neq Match only packets not on a given port number
precedence Match packets with given precedence value
range Match only packets in the range of port numbers
tos Match packets with given TOS value

Now, you can press Enter here and leave the access list as is. However, you can be even more
specific: once you have the host addresses in place, you can specify the type of service you
are denying. The following help screen gives you the options. You can choose a port
number or use the application or even the program name.

RouterA(config)#access-list 110 deny tcp any host 172.16.30.2 eq ?

<0-65535> Port number

Monitoring IP Access Lists

It is important to be able to verify the configuration on a router. The following commands can
be used to verify the configuration:

• show access-list Displays all access lists and their parameters configured on the
router. This command does not show you which interface the list is set on.
• show access-list 110 Shows only the parameters for the access list 110. This
command does not show you the interface the list is set on.
• show ip access-list Shows only the IP access lists configured on the router.
• show ip interface Shows which interfaces have access lists set.
• show running-config Shows the access lists and which interfaces have access lists set.

Fig: 8.4.2
PING AND TRACEROUTE

9.1 PING
Ping can test the speed of your connection, "distance" to target, and whether or not your
connection is even up and running. It tells you how long a packet of data takes to travel from
your computer to a specified host, and back again(in this case, the packet is 32 bytes in size).
Ping Tests

Once you have your command prompt (or WhatRoute) open, enter ping 172.16.5.2 and press
Enter. You should receive 4 responses similar to the lines below. This ping test verifies the
operation of the base TCP/IP stack. If TCP/IP is working correctly, there will be no problems
with the ping. If you receive a timeout or error message, there is a problem with TCP/IP in
which case you may have to uninstall and reinstall TCP/IP.

9.2 TRACEROUTE

Traceroute tracks the path that a packet takes from your computer to a destination address. A
traceroute also shows how many times your packets are being rebroadcast by other servers
until it gets to the final destination. For windows users, the command is tracert. For
Macintosh OS X users, its traceroute.

In this example we will trace the hops from a computer to Gmail.com

SEND ICMP MESSAGE FOR CONFIGURATION