Project Report On Implementation Of Secure And Configurable Private Network Submitted by

ADIL ANSARI
In partial fulfillment for the award of the degree Of BACHELOR OF TECHNOLOGY In COMPUTER SCIENCE AND ENGINEERING

BBDIT, GHAZIABAD 2010-2011

www.adilansari.com

Page 1

BONAFIDE CERTIF ICATE

Certified that this project report Implementation Of A Secure And Configurable Private Network is the bonafide work of Neeraj Patel, Aakash Sricvastava, Adil Ansari, Mahesh Singh Bisht who carried out the project work under my supervision.

Project Guide: Mr. AMIT SINGHAL HEAD OF THE DEPARTMENT Computer Science & Engineering BBDIT, GHAZIABAD

www.adilansari.com

Page 2

A CKNOW LEDGEMENT
This project is an outcome of tremendous help and support of all our friends, colleagues and other concerned people. First of all, we all thank God, the almighty, for his everlasting mercy on us. Support of our family is a key role playing attribute in this assignment. Besides our faculty Mr. Amit Singhal, Mr. Shwetav Sharad also played a major role. Mr. Vineet Garg also gave a good guidance and helped a lot in overcoming the project. It all went smoothly because of their help and coordination. We render their esteem help and support wherever and whenever required. We are thankful for their concern and guidance.

Thanking You

Adil Ansari (0703510056)

www.adilansari.com

Page 3

ABSTRACT: Implementation Of Configurable Private Network

Secure

And

We are developing a scenario-based computer project .In which we are making communication possible by connecting multiple cites virtually irrespective of their geographic location under standard security parameter. We here provide communication at basically two level first inter-branch communication and intra-branch communication. Our approach provides user a secure way for his communication whether its in his office or between his office. CPT allows users to quickly simulate with the user and, eliminate keystrokes to reduce data entry costs and still maintain the high level of accuracy required in forms processing applications. We are using SIMULATER provided by CISCO to shape our project. PACKET TRACER is Ciscos Graphics User Interface (GUI) Design Environment that creates stand-alone application. Our effort in designing this project provides some remarkable features to it like as speed and simplicity, we try to provide user a congestion free private network to user such that hes communication in his network is secure.

www.adilansari.com

Page 4

Table of Contents
i. ii. Acknowledgement Abstract

1. Introduction 1.1. Networking 1.2. Requirement 2. Types of Network 2.1. Local Area Network 2.2. Wide Area Network 3. Network Models 3.1. OSI Model 4. Types of Cables 4.1. Twisted Cable 4.2. Coaxial Cable 4.3. Fibre Optic 5. Networking Devices 5.1. Network Interface Card 5.2. Hub 5.3. Switch 5.4. Router 6. IP Addressing 6.1. Introduction 6.2. Private IP 6.3. Masking 6.4. Subnetting 6.5. Example 7. LAN Solution 7.1. Requirement 7.2. Solution 7.3. Specification Sheet
www.adilansari.com Page 5

8. Router 8.1. Internal Components 8.2. Network Interfaces 8.3. Configuring 8.4. Configuring Using Console 8.5. Routing Protocols 8.5.1. 8.5.2. 9. Firewall 9.1. Introduction 9.2. Technologies 9.3. Configuring 10.WLAN 10.1. Standards 10.2. Topologies 10.2.1. 10.2.2. 11.1. HIDS 11.2. NIDS 11.3. Techniques 12.Integrated Services Digital Network (ISDN) 12.1. Channels 12.2. Interfaces 12.3. Functional Group 12.4. Reference Points
iii. iv. v. vi. Snapshots Future Scope Of Project References Conclusion

RIP IGRP

8.6. Access List

Infrastructure Network Adhoc Network

11.Intrusion Detection System

www.adilansari.com

Page 6

1. I NTROD UC TION
1.1 INTRODUCTION T O NETWORKING Definition :A network is a system that transmits any combination of voice, video and/or data between users. A network can be defined by its geographical dimensions and by which the users PC access it. A network consists of a: The network operating system (Windows NT/2000T M/Xp) on the users PC (client) and server. The cables connecting all network devices (users PC, server, peripherals, etc.). All supporting network components (hubs, routers and switches, etc.). Computer Network means an interconnected collection of autonomous computers .

1.2 REQUIREMENT OF NET WORKING

Resource sharing- To make all programs, equipment, and especially data available to anyone on the network without regard to the physical location of the resource and the user. High reliability- As all files could be replicated on two or three machines, so if one of them is unavailable (due to hardware failure), the other copies could be used. Scalability- It is the ability to increase system performance gradually as the workload grows just by adding more processors. A computer network can provide a powerful communication medium along widely separated employees. The use of networks to enhance human-to-human communication will probably prove more important than technical goals such as improved reliability. These are the requirement with respect to companies but computer networking is required even in the normal day to day life as we have to access the internet to get information about what all new happening in the world, to have communication with people staying far away using the e mail service. These are the reasons that forced the inventerors to invent the networking devices, models and protocols etc. And the birth of Networking took place in 1844 when for the first time Samuel Morse send the first telegraph message.

www.adilansari.com

Page 7

2. TYPES O F NETW ORKS

2.1 LAN (LOCAL AREA NETWORK)

These are privately owned networks within a single building or campus of up to a few a kilometers in size. LANs are distinguished from other networks by three characteristics: 1) Their size. 2) Their transmission technology. 3) Their topology. LANs are restricted in size, which means that the worst-case transmission time is bounded and known in advance. LANs often use a transmission technology consisting of a single cable to which all the machines are attached. LANs run at speeds of 10 to 100 Mbps, have low delays, and make very few errors.

LAN SETUP

IEEE has produced several standards for LANs. These standards collectively known as IEEE 802 . IEEE802.3 (Ethernet), IEEE802.4 (Token Bus), IEEE802.5 (Token Ring)

www.adilansari.com

Page 8

2.2 WAN (WIDE AREA NETWORK)

It is a Computer network that spans a relatively large geographical area, often a country or continent. Typically a WAN consists of two or more Local Area Network. Computers connected to WAN are often connected through public networks such as telephone systems. They can also be connected through leased lines or satellit es. The largest WAN in existence is Internet. WANs run at speed of maximum 2 to 10 Mbps.

WAN SETUP For most WANs, the long distance bandwidth is relatively slow: on the order of kilobits per second (kbps) as opposed to megabits per second (Mbps) for local-area networks (LANs). For example, an Ethernet LAN has a 10 Mbps bandwidth; a WAN using part or all of a T1 carrier has a bandwidth of 1.544 Mbps . Three types of approaches are used to connect WANs: 1) Circuit switching, which provides a fixed connection (at least for the duration of a call or session), so that each packet takes the same path. Examples of this approach include ISDN, Switched 56, and Switched T1. 2) Packet switching, which establishes connections during the transmission process so that different packets from the same transmission may take different routes and may arrive out of sequence at the destination. Examples of this approach are X.25, frame relay, and ATM. 3) Leased lines, which can provide a dedicated connection for private use

www.adilansari.com

Page 9

3. NETW ORK MODELS

Layering Concepts and Benefits
Many benefits can be gained from the process of breaking up the functions or tasks of networking into smaller chunks, called layers, and defining standard interfaces between these layers. The layers break a large, complex set of concepts and protocols into smaller pieces, making it easier to talk about, to implement with hardware and software, and to troubleshoot. The following list summarizes the benefits of layered protocol Specifications: Humans can more easily discuss and learn about the many details of a protocol specification. Standardized interfaces among layers facilitate modular engineering. A better environment for interoperability is created. One vendor can write software that implements higher layersfor example, a Web browserand another can write software that implements the lower layersfor example, Microsofts built- in TCP/IP software in its operating systems. Reduced complexity allows easier program changes and fa ster product evolution. One layer uses the services of the layer immediately below it. Therefore, remembering what each layer does is easier. (For example, the network layer needs to deliver data from end to end. To do this, it uses data links to forward data to the next successive device along that endto-end path.)

3.1 OSI NETWORK MODEL

The OSI model describes how information makes its way from application programs through a network medium to another application program in other computer. It divides one big problem in to seven smaller problems . Each problem is addressed by one of the seven layers of the OSI model.

Functions of Network Layers in Brief:

APPLICATION LAYER
Used for applications specifically written to run over the network Allows access to network services that support applications; Directly represents the services that directly support user applications Handles network access, flow control and error recovery Example apps are file transfer, e- mail, Net BIOS-based applications

www.adilansari.com

Page 10

PRESENTATION LAYER
Translates from application to network format and vice- versa All different formats from all sources are made into a common uniform format that the rest of the OSI model can understand Responsible for protocol conversion, character conversion, data encryption / decryption, expanding graphics commands, data compression Sets standards for different systems to provide seamless communication from multiple protocol stacks Not always implemented in a network protocol

SESSION LAYER
Establishes, maintains and ends sessions across the network Responsible for name recognition (identification) so only the designated parties can participate in the session Provides synchronization services by planning check points in the data stream => if session fails, only data after the most recent checkpoint need be transmitted Manages who can transmit data at a certain time and for how long Examples are interactive login and file transfer connections, the session would connect and re-connect if there was an interruption; recognize names in sessions and register names in history

TRANSPORT LAYER
www.adilansari.com Page 11

Additional connection below the session layer Manages the flow control of data between parties across the network Divides streams of data into chunks or packets; the transport layer of the receiving computer reassembles the message from packets "Train" is a good analogy => the data is divided into identical units Provides error-checking to guarantee error- free data delivery, with on losses or duplications Provides acknowledgment of successful transmissions; requests retransmission if some packets dont arrive error- free Provides flow control and error-handling TCP, ARP, RARP;

NETWORK LAYER
Translates logical network address and names to their physical address (e.g. computer name ==> MAC address) Responsible for addressing and determining routes for sending Managing network problems such as packet switching, data congestion and routing If router cant send data frame as large as the source computer sends, the network layer compensates by breaking the data into smaller units. At the receiving end, the network layer reassembles the data Think of this layer stamping the addresses on each train car IP; ARP; RARP, ICMP; RIP; OSFP;

DATA LINK LAYER

Turns packets into raw bits 100101 and at the receiving end turns bits into packets. Handles data frames between the Network and Physical layers The receiving end packages raw data from the Physical layer into data frames for delivery to the Network layer Responsible for error- free transfer of frames to other computer via the Physical Layer This layer defines the methods used to transmit and rece ive data on the network. It consists of the wiring, the devices use to connect the NIC to the wiring, the signaling involved to transmit / receive data and the ability to detect signaling errors on the network media

Logical Link Control

Error correction and flow control Manages link control and defines SAPs

PHYSICAL LAYER
Transmits raw bit stream over physical cable Defines cables, cards, and physical aspects Defines NIC attachments to hardware, how cable is attached to NIC Page 12

www.adilansari.com

4. C ABLES
There are different Cabling options depending on the access method : 4.1 Twisted pair
The wires are twisted around each other to minimize interference from other twisted pairs in the cable. Twisted pair cables are available unshielded (UTP) or shielded (STP). UTP is the most common type and uses a RJ-45 Connector. Typical lengths are up to 100m. Twisted pair network uses a star topology.

4.2 Coaxial cables

Coaxial cable uses BNC connectors. The maximum cable lengths are around 500m. Coaxial networks use a single bus topology

4.3 Fiber Optic

UTP and Co-axial cables are not capable for driving the data signals for long distance i.e. UTP is capable of transmitting up to a distance 100 meters only By using the Fiber cables it is possible to send the data about 10 kilometers. Fiber optic cable uses SC, ST, LC connectors (most common in use is SC connector) In fiber cables the data is converted to light signals and the signal is made to propagate through the fiber cable. There are two types of Fibre optic cable available. 1. Single mode: In this mode typical length is up to 12km and data rate is 1000Mbps. The core diameter is about 9.25 nm cable is known as 1000 base LX cable. 2. Multi mode: This mode is further categorised in two: 1) SX: Typical length is up to 500m and data rate is 1000Mbps.

2) FX: Typical length is up to 220m and data rate is 100Mbps.

www.adilansari.com

Page 13

PATCH PANEL
A patch panel provides a convenient place to terminate (connect) all of the cable coming from different locations into the wiring closet. We connect the cables coming from various locations willing to connect to switch through the patch panel.

NEED OF PATCH PANEL We can label the patch panel so we know that which wire belongs to which location. Without a patch panel, it is chaotic. If we want to disconnect a station from the switch, it's a lot easier if there's a label. Most cabling is wired "straight-through" from end to end. But sometimes we need to crosswire some of the pairs between switch and station, like with a cable modem, or cross-wire to connect two switches. With a patch panel, all of this cross-wiring is done in the patch cable. If you have to make any changes, like moving a station or switch, you just move the patch cable with it, instead of having to reterminate the cable run.

PATCH CORD

www.adilansari.com

Page 14

RACK
We have to mount the patch panel somehow. The best way is to buy a rack. Basically, a rack is a pair of vertical rails with holes drilled in them so that we can mount patch panels, hubs, and other network equipment. T his made it easy to access the back of the patch panel and other networking components.

Cabling Guidelines
The RJ-45 ports on the switch support automatic MDI/MDI-X operation, so wecan use standard straight-through twisted-pair cables to connect to any other network device (PCs, servers, switches, routers, or hubs). We use only twisted-pair cables with RJ-45 connectors that conform to FCC standards. Connecting to PCs, Servers, Hubs and Switches 1. Attach one end of a twisted-pair cable segment to the devices RJ-45 connector. Making Twisted-Pair Connections

2. The port where we are connecting the RJ-45 is a network card, attach the other end of the cable segment to a modular wall outlet that is connected to the wiring closet . Otherwise, attach the other end to an available port on the switch. Make sure each twisted pair cable does not exceed 100 meters (328 ft) in length. Wiring Closet Connections Today, the punch-down block is an integral part of many of the newer equipment racks. It is actually part of the patch panel. Instructions for making connections in the wiring closet with this type of equipment follow. 1. Attach one end of a patch cable to an available port on the switch, and the other end to the patch panel. 2. If not already in place, attach one end of a cable segment to the back of the patch panel where the punch-down block is located, and the other end to a modular wall outlet. 3. Label the cables to simplify future troubleshooting. www.adilansari.com Page 15

www.adilansari.com

Page 16

5. NETW ORKING D EVICES

Networking devices do various kind of jobs like transferring the data to signals, providing connectivity to different network devices, transferring the data in form of packets or frames form one device to other. These are the central connections for all the network equipments and handles a data type known as frame or packet. Ac tually frames/ packet contain data and the destination address of where it is going. When a frame is received, it is amplified and then transmitted on to port of destination PC. But different networking components do this job in diff form at diff layers.

5.1 NETWORK INTERFACE CARD

A Network Interface Card (NIC) is a circuit board that plugs into both clients and servers and controls the exchange of data between them (A specific software driver must be installed depending on the make of the NIC. A physical transmission medium, such as twisted pair or coaxial cable interconnects all network interface cards to network hubs or switches. Ethernet and Token Ring are common network interface cards. Todays cards supports 10baseT and 100baseT with automatic recognition.

5.2 HUB
When the need for interconnecting more then 2 devices together then a device known as hub comes to picture. Basically hub is a layer one device. i.e. it operates on the physical layer of the OSI model. It is designed to do broadcasting i.e when it gets any frame it broadcasts it to every port irrespective that whether it is destined for that port or not. Hub has no way of distinguishing which port a frame should be sent. Broadcasting results in lot of traffic on the network which lead to poor network response. If two PC simultaneously transmit there data packets and both are connected to a HUB, then collision will occur, so we can say, it creates a single collision domain. On the other hand all PCs connected to a hub will get a same message so a single broadcast domain will be created.

A 100/1000 Mbps hub must share its bandwidth with each and every one of its ports. So when only one PC is broadcasting, it will have access to the max available bandwidth. If, however, multiple PCs are broadcasting, then that bandwidth will need to be divided between all of these systems, which will degrade the performance. They are usually HalfDuplex in nature.

5.3 SWITCH
Hubs are capable of joining more than two PC but having some demerits like if two PC would want to communicate at a time then there would be a collision and the both PC would have to send the data once again. This shortcoming of Hub is overcame by Switches. Switches are intelligent devices which work on the Layer2 of the OSI model. Basically a www.adilansari.com Page 17

switch keeps a record of MAC addresses of all the devices connected to it. Using this information, it builds a MAC address table. So when a frame is received, it knows exactly which port to send it to, which increases the network response time. Basic Working Principle of Switch. 1. At the time of initializing the switch the MAC address table is yet to be built up. When a frame is send by some of the PC, it recognises the source MAC address and update the MAC address table. 2. If the destination is available in the MAC table then forward to the corresponding PC. 3. If the destination MAC address is not present in the table then forwards in all the port available expect the incoming one. The designated PC will respond for the data and it will send the acknowledge for the data received. This acknowledged data will be examined by the switch and the MAC address table would be up dated accordingly. If two PC simultaneously transmit there data packets and both are connected to a SWITCH, then collision will not occur, so we can say, it creates a multiple collision domain. The switch supports broadcast. Hence we can call switches create single broadcast domain and multiple collision domains. A 100/1000Mbps switch will allocate a full 100/1000 Mbps to each of its ports. So regardless of the no of PCs transmitting user will always have access to max amt of bandwidth. They are usually Full-Duplex in nature. Different switching Principles:1. Store-and-forward:- The switch fully receives all bits in the frame (store) before forwarding the frame (forward). This allows the switch to check the FCS before forwarding the frame. (FCS is in the Ethernet trailer.) 2. Cut-through:- The switch performs the address table lookup as soon as the destination address field in the header is received. The first bits in the frame can be sent out the outbound port before the final bits in the incoming frame are received. This does not allow the switch to discard frames that fail the FCS check. (FCS is in the Ethernet trailer.) 3. Fragment Free:- This performs like cut-through switching, but the switch waits for 64 bytes to be received before forwarding the first bytes of the outgoing frame. According to Ethernet specifications, collisions should be detected during the first 64 bytes of the frame; frames in error because of a collision will not be forwarded. The FCS still cannot be checked. Bridge is another device like switch which also operates basing on the MAC address. But the Basic difference between the bridge and the switch is that bridge works on software bases, but the switch works on hardware basic. The Switch works on ASICs ( Application Specific Integrated Circuits)

www.adilansari.com

Page 18

5.4 ROUTER
Switch and the Hub can only interconnect devices in a single LAN. For interconnecting two LAN or two or more different networks anther device known as router is used. Its main job is to route ( sends ) packets to other networks and to do the routing ( establishing paths between networks ) it uses the IP address. A router is typically connected to at least two networks, commonly two LANs or WANs or a LAN and its ISPs network. Routers are located at gateways, the places where two or more networks connect. Routers to determine the best path for forwarding the packet are using forwarding tables. It is a layer 3 device i.e it operates at network layer of OSI model. The working principle of the router is totally different from a switch. Router makes a table known as routing table, which contains all the IP address in the network, the information for IP address router obtains directly ( all configured IP address on it ) or indirectly ( from neighbour routers ). When a packet is received it compares the destination IP address of the packet with the available IP addresses in its Routing table. If the IP address is not available in the routing table then it simply discard the packet instead of flooding in all the ports like a switch.(Detailed Information about router in chap ) Comparison between Hub, Bridge, Switch & Router Feature Hub Bridge Switch Number of broadcast domains Number of collision domains Forwards LAN broadcasts? Router 1 per router interface 1 per router interface No

Segment

1 1 per bridge port Yes

1 1 per switch port Yes Yes; can be optimized for less forwarding

1 1

Forwards LAN multicasts OSI layer used when making forwarding decision Inte rnal processing variants Frame/packet fragme ntation allowed? Multiple concurrent equalcost paths to same destination allowed?

N/A

Yes

No

N/A

Layer 2

N/A

Store-andforward

Layer 2 Store-andforward, cutthrough, FragmentFree

Layer 3 Storeandforward

N/A

No

No

Yes

N/A

No

No

Yes Page 19

www.adilansari.com

6. IP ADDRESSING
Every machine on the internet has a unique identifying number, called an IP Address. A typical; IP address looks like this: 216.27.61.45 IP ADDRESS is a 32-bit number, usually written in dotted decimal form, that uniquely identifies an interface of some computer. This 32-bit number is divided into 4 octets each separated by a decimal. Out so many values certain values are restricted for use as typical IP address. For example, the IP address 0.0.0.0 is reserved for the default network and the address 255.255.255.255is used for broadcast. Each IP address is split into 2 sections: 1) Network address 2) Host address Individual IP address in same network all have a different value in the host part of address, but they have identical value in network part, just as in town there are different street address but same ZIP code. There are five IP classes: Class A This class is for very large networks, such as a major international company. IP addresses with a first octet from 1 to 126 are part of this class. The other three octets are each used to identify each host. Net 54. Host or Node 24.54.43

Loopback- The IP address 127.0.0.1 is used as the loopback address. This means that it is used by the host computer to send a message back to itself. It is commonly used for troubleshooting and network testing. Class B- Class B is used for medium-sized networks. A good example is a large college campus. IP addresses with a first octet from 128 to191 are part of this class. Class B addresses also include the second octet as part o f the Net identifier. The other two octets are used to identify each host. Net 145.24 Host or Node 53.198

www.adilansari.com

Page 20

Class C- Class C addresses are commonly used for small to mid-size business. IP addresses with a first octet from192 to 223 are part of this class. Class C addresses also include the second and third octets as part of Net identifier. The last octet is used to identify each host. Net 196.54.34 Host or Node 86

Class D- It is used for multicast. It has first bit value of 1, second bit value of 1, third bit value of 1 and fourth bit value of 0. The other 28 bits are used to identify the group of computers the multicast messages is intended for. Net 224 Class E- It is used for experimental purpose only. Net 240. Host or Node 23.45.105 Host or Node 24.54.145

Private IP It is not necessary that every time we make a network we are connected to some ISP (Internet Service Provider). So in that case we require some private IP also which can be used in indigenous networks .In each class a range of IP addresses have been defined for this purpose CLASS A CLASS B CLASS C MASKING Computers use a mask to define size of network and host part of an address. Mask is a 32-bit number written in dotted decimal form. It provides us the network address when we perform a Boolean AND of mask with the IP address. It also define number of host bits in an address. 10.0.0.1 to 10.255.255.244 172.16.0.1 to 172.34.255.254 192.168.0.0/16

Class of address

Size of network Part of address, in bits 8 16

Size of Host Part of address, in bits 24 16 8

Default Mask for Each Class of Network 255.0.0.0 255.255.0.0 255.255.255.0

A B C

24

www.adilansari.com

Page 21

SUBNETTING
Basically it is a process of subdividing networks into smaller subnets. In case we have 2-3 small networks but we cant buy IP address for each and every network. So here we use the basic concept of SUBNETTING i.e using one public IP address we will give them IP address and make them independent networks. For this we take some bits of host address and use them for network address so we have d ifferent independent networks Address Format when Subnetting Is Used (class A,B,C resp.): 8 Network 24-x Subnet x Host

16 16-x x Network Subnet Host 24 8-x x Network Subnet Host And due to this mask changes to subnet mask and now the network address also includes subnet address. Example If subnet mask is 255.255.240.0 And an IP address for a computer is given as 142.16.52.4 142.16.0.0 is network address 0.0.48.0 is the subnet address 0.0.4.4 is the host address of the computer 10001110.00010000.00110100.00000100 is ANDed with 11111111.11111111.11110000.00000000 and output is 10001110.00010000.00110000.00000000 here first two octets represents Network address and third octet represents subnet address. It can be compared with a postal address as there is only one ZIP code (Network address), different streets (Subnet address), and different house number (Host address).

Some terminologies those are used with Networking models:

Collision Domain- It is the group of PCs in which collision will occur when two PC will transmit data simultaneously. Broadcast Domain- It is the group of PCs those will receive same broadcast message. CSMA/CD (Carrier Sense Multiple Access/ Collision Detection)- In this protocol when a PC wants to transmit any packet it sense the carrier i.e the path ,if no other PC is using the carrier then only it sends. If two PCs starts sending
www.adilansari.com Page 22

data simultaneously collision will occur. Both PCs will wait for some random time and then initiate the same process. MAC (Media Access Control) . The IEEE 802.3 (Ethernet) and 802.5 (Token Ring) are the MAC sub layers of these two LAN data-link protocols. Burned-in address: The 6-byte address assigned by the vendor making the card. It is usually burned in to a ROM or EEPROM on the LAN card and begins with a 3-byte organizationally unique identifier (OUI) assigned by the IEEE. Locally administered address: Through configuration, an address that is used instead of the burned-in address. Unicast address: Fancy term for a MAC that represents a single LAN interface.

PASSIVE COMPONENTS:
Passive components are those devices which are used to provide connectivity between different networking devices. It includes Cables Patch Panel Patch Cord I/O box Racks RJ-45 Connectors

www.adilansari.com

Page 23

7. LAN S OLUTION
7.1 CUSTOMER REQUIREMENT
There is a company, which has 3 offices. And the offices are in different cities. The connectivity between these three offices is the main requirement to be fulfilled. In each office there are four different departments each department at different floor. In building Ist At each floor there are 20 users and also at 3rd floor t. In building IInd At floor 1st and 2nd there are 20 users each. And at 3rd floor there are 40 users. The bandwidth requirement of each user is 100 Mbps while the bandwidth requirement for the server is 1 Gbps. All floors must be connected to a central switch to be placed at IInd floor in office . And connectivity should be via optical fiber. Everywhere there should be structured cabling. Every switch should be provide with one GBIC slot for future connectivity of server. Every where smart and managed switch should be used.

7.2 SOLUTION
By looking at the requirement it is clear that we require a switch that has got 20 ports and also 2 GBIC slots (one for optical fiber connectivity and one free slot is demanded for future use). Keeping this point into consideration we can use HCL 24 Port Managed Stackable Switch as this switch has got 24 ports and 2 GBIC slots and this switch is managed switch also. And with this 24 port switch we will use 24 port HCL made Pa tch Panel And for connectivity of patch panel with switch we require 3 ft Patch Cord. As structured cabling is must so we require UTP cable and I/O box and to connect PCs with I/O box we require 7ft Patch Cord. Here we will use Cat5e UTP cable because band width requirement is 100 Mbps This trend of connecting the users to the switch will be followed at each and every floor but at floor 3rd of building IInd there are 40 user so here instead of 1 switch we require 2 switches. At 3rd floor of building 1st 2 servers are also present whose bandwidth requirement is 1Gbps. So now we have two options either to connect with UTP cable or Fiber optic cable. But here we will use fiber optic as we are already using it so thee is no need to waste money on UTP Cat 6 Cable. So here we will simply use the fiber optic patch cord to connect the server to switch.

www.adilansari.com

Page 24

Now only one thing is left i.e. connection of switches to a central switch placed at 2 nd floor of IInd building. As the connection requirement is via optical fiber so we at central location we require a switch having all its ports as GBIC slots and no of ports should not be more than 8 as there are only 7 24 port switches in use (one optical cable line from each switch) Now here as the distance between the two offices is only 200 meters so here we will use multimode optical fiber and that too FX type and as the cable is to be laid in open so outdoor armored cable will be use. The connectivity diagram, the bill of material and the specification sheet for the solut ion is given in the following pages.

7.3 SPECIFICATION SHEET HCL-24TMS-2S-W

HCL 24 Port Managed Stackable Switch STANDARDS- IEEE802.3 (Ethernet) , IEEE802.3a (Fast Ethernet), IEEE802.2ab (Gigabit Ethernet), IEEE802.3z (1000Base SX/LX) PORTS- 24 port auto negotiation 10 base T/100 base TX 2optional modular expansion ports (1000 base-T, 1000 base LX/SX/FX) MAC Addresses- 4K BANDWIDTH- 12Gbps SWITCHING RATE- 6.6Mbps SNMP(Simple Network Manage ment Protocol)- Yes, and supports RFC1157 WEB MANAGEABLE- Yes

PC-C305-E
CAT 5 e CABLE Enhanced CAT 5 350 MHz UTP Bulk Cable 4 Pairs Solid Grey Length: 305 Meters

PC-JP24-E
PATCH PANEL Unshielded 24 Port RJ-45 jack for performance @ rated 100 Mbps Fully Complied to e CAT 5 T568A/B standards www.adilansari.com Page 25

1.6mm metallic Patch Panel 19'' Rack Mount frame 1U Fully powder coated Black

PC-MC3-GE
3 ft. patch cord 3 ft. Enhance CAT.5 350 MHz Grey Patch Cord UTP twisted pair with Black Snagless Flange Boot

PC-MC7-GE
7 ft. patch cord 7 ft. Enhance CAT.5 350 MHz Grey Patch Cord UTP twisted pair with Black Snagless Flange Boot.

PF-CM6-A-OM2
outdoor armoured Fiber optic cable - Multimode Construction: Corrugated steel tape armoured cable construction Multimode 62.5/125m cable No of Cores 6 fibre core cables. Length- 1 meter

PF-PMSC-SC-3D-50
SC-SC Duplex Patch cord Multimode Patch Cords cable 50/125m Multi mode Patch Cords connectors SC/ST Connectors MM patch cords OFC Patch cord is duplex type of 3mtrs length

PF-COSC-M
SC Connector Multi mode Easy connection & disconnection Pull -- Push type

www.adilansari.com

Page 26

PF-CPSC-M
SC Coupler mm (Included in the Fiber Patch Panel) Low Insertion loss Type SC - SC type

PF-LIU-12U
12 Core LIU ( Line Insertion Unit ) Wall mount 12 way Fibre Jack Panel Base Unit + 12 MM SC couplers with panel

PF-LIU-6U
6 Core LIU (Line Insertion Unit) Wall mount 6 way Fibre Jack Panel Base Unit + 6 MM SC couplers with panel.

www.adilansari.com

Page 27

8. R OUTER
8.1 ROUTER INTERNAL COMPONENTS
Like a computer, a router has a CPU that varies in performance and capabilities depending upon router platform. It has typically 4 types of memory in it.: ROM- It is used to store the routers bootstrap startup program, operating system software, and power-on diagnostic tests programs. We can also upgrade our ROM FLASH MEMORY- It holds operating systems image(s). Flash memory is erasable, reprogrammable ROM. Our IOS software is present in this memory and we can upgrade it also. Flash content is retained even when we switch off or restart the router. RAM- It is used to store operational information such as routing tables, routers running configuration file. RAM also provides caching and packet buffering capabilities. Its content is lost when we switch off or restart the router. When we configure the router at that time actually we are writing in RAM. NVRAM- It is used to store the routers startup configuration file. It does not lose data when power is switched off. So the contents of startup configuration files are maintained even when we switch off or restart the router.

8.2 ROUTERS NETWORK INTERFACES

Ethernet or Token Ring interface are configured to allow connection to a LAN. Synchronous serial interfaces are configured to allow connections to WANs. ISDN BRI inte rfaces are configured to allow connection to an ISDN WAN. All cisco routers have a console port that provides an EIA/TIA-232 asynchronous serial connection. Console port can be connected to computers serial connection to gain terminal access to router. Most routers also have an auxiliary port that is very similar to console port but, is typically used for modem connection for remote router management.

www.adilansari.com

Page 28

8.3 CONFIGURING THE ROUTER

There are three methods for configuring the router: 1) Through console port:- The console port is used for configuring a router locally with the help of a PC or a Laptop. The console port of the router is connected to the serial i.e COM port of the router. The detailed configuration is given in the section. 2) Through the AUX port:- The aux ( auxiliary ) port is accessed from a modem located faraway from a router through the PSTN ( Public Switched Telephone Network ) and the configuration is done.

3) Through Telnet:- Line vty ( virtual terminal ) 0 to 4 are used for the configuring the router by telnet.

8.4 Configuring Router through Console port

We use HyperTerminal Program to open a console session and log into the router locally. This console connection allows to connect to and to communicate with router without having to connect to the network to which it belongs. Now, the PC becomes the console that a llows to enter commands and communicate directly with the router. To set up a console session, we use the workstations Windows HyperTerminal (terminal emulation) program. Now first of all we configure the COM port settings, then log into the router to interact with the IOS command line interface (CLI). These are the com port settings:

9600 8 N 1 On/off www.adilansari.com Page 29

After pressing enter or OK to accept these settings, we came across a blank window. This is a session window. The Following steps are adopted to access a router through the console port with a Windows based PC. Access Hyper terminal:- Start Menu Programs Accessories Communication Hyperterminal Connect to the device of the PC

COM 1 Setting

www.adilansari.com

Page 30

Hyper terminal Screen

After connecting the router that will boot and afte r booting the following procedures will be adopted. Router> enable Now automatically prompt asking for password will appear on the screen like this: Password: Now write password over here. This is done to secure access to router. After this Router# will appear on the screen this shows that we are in privileged mode and now we try to enter in configuration mode. Router# configure terminal This is done to enter configuration mode. Now starts the configuration of router Now we will assign IP address to each and very interface connected to router. Subnet mask should be given with a proper care. Following steps are to be followed: For configuring ethernet inte rface : Router# config terminal Router (config)# interface ethernet 0 Router (config-if)# ip address 223.8.151.1 255.255.255.0 www.adilansari.com Page 31

Router (config-if)# no shutdown Router (config-if)#exit For configuring serial interface: Router (config)# interface serial 0 Router (config-if)# ip address 204.204.7.1 255.255.255.0 Router (config-if)# no shutdown Router (config-if)#exit Router (config)# interface serial 1 Router (config-if)# ip address 199.6.13.2 255.255.255.0 Router (config-if)# no shutdown Router(config-if)# exit

8.5 ROUTING PROTOCOLS

8.5.1 ROUTING INFORMATION PROTOCOL (RIP) RIP is a dynamic, distance vector routing protocol. RIP uses UDP port 520 for route updates. RIP calculates the best route based on hop count. This makes RIP very fast to converge RIP sends full table updates at regular intervals specified by the route-update timer (30 seconds is the default). This means that a RIP router summarizes all routes it knows along classful boundaries and sends the summary information to all other RIP rout ing devices. RIP updates can contain up to 25 messages. RIP TIMERS TIMER DEFAULT CONTROLS update 30 sec. Interval between route update advertisements timeout 180 sec. Interval a route should stay 'live' in the routing table. This counter is reset every time the router hears an update for this route. Flush 240 sec. How long to wait from the time the route was received to delete a route (60 seconds after timeout). The routing- update timer controls the time between routing updates. Default is usually 30 seconds, plus a small random delay to prevent all RIP routers from sending updates simultaneously. The route-timeout timer controls when a route is no longer available. The default is usually 180 seconds. If a router has not seen the route in an update during this specified interval, it is dropped from the router's announcements. The route is maintained long enough for the router to advertise the route as down (hop count of 16). The route- flush timer controls how long before a route is co mpletely flushed from the routing table. The default setting is usually 120 seconds. BASIC RIP CONFIGURATION According to the recollection of InetDaemon, configuring a Cisco router for a basic RIP configuration would look something like this: router> enable www.adilansari.com Page 32

Password: router# conf t router(config)#interface ethernet 0 router(config- if)# ip address 192.168.42.1 router(config- if)# interface ethernet 1 router(config- if)# ip address 192.168.43.1 router(config- if)# exit router(config)# router rip router(config-router)# network 192.168.42.0 router(config-router)# network 192.168.43.0 router(config-router)# exit router(config-router)# ^z router# The example above assumes that the interfaces that will be running RIP have IP addresses o n them that fall within the 192.168.42.0, and 192.168.43.0 class C ranges. 8.5.2 IGRP IGRP is a distance-vector routing protocol that considers a composite metric which, by default, uses bandwidth and delay as parameters instead of hop count. IGRP is not limited to the 15-hop limit of RIP. IGRP has a maximum hop limit of 100, by default, and can be configured to support a network diameter of 255. With IGRP, routers usually select paths with a larger minimum- link bandwidth over paths with a smaller hop count. Links do not have a hop count. They are exactly one hop. IGRP is available only on Cisco routers IGRP will load-balance traffic if there are several paths with equal cost to the destination IGRP sends its routing table to its neighbors every 90 seconds. IGRP's default update period of 90 seconds is a benefit compared to RIP, which can consume excessive bandwidth when sending updates every 30 seconds. IGRP uses an invalid timer to mark a route as invalid after 270 seconds (three times the update timer). As with RIP, IGRP uses a flush timer to remove a route from the routing table; the default flush timer is set to 630 seconds (seven times the update period and more than 10 minutes). If a network goes down or the metric for the network increases, the route is placed in holddown. The router accepts no new changes for the route until the holddown timer expires. This setup prevents routing loops in the network. The default holddown timer is 280 seconds (three times the update timer plus 10 seconds). IGRP Time r Update Invalid Holddown Flush Default Time 90 seconds 270 seconds 280 seconds 630 seconds

www.adilansari.com

Page 33

8.6 IP ACCESS LIST

IP access lists cause a router to discard some packets based on criteria defined by the network engineer. The goal of these filters is to prevent unwanted traffic in the networkwhether to prevent hackers from penetrating the network, or just to prevent employees from using systems that they should not be using. Key features of access lists: Packets can be filtered as they enter an interface, before the routing decision. Packets can be filtered before they exit an interface, after the routing decision. Deny is the term used in Cisco IOS software to imply that the packet will be filtered. Permit is the term used in Cisco IOS software to imply that the packet will not be filtered. The filtering logic is configured in the access list. At the end of every access list is an implied deny all traffic statement. Therefore, if a packet does not match any of your access list statements, it is blocked. Access lists have two major steps in their logic: matching and action. Matching logic examines each packet and determines whether it matches the access-list statement. As soon as an access-list statement is matched, there are two actions to choose from: deny and permit. Deny means to discard the packet, and permit implies that the packet should continue on its way.

www.adilansari.com

Page 34

9. FIREW ALL
9.1 Introduction
As the limits of networking is increasing unfolded so the danger of information leaking in and leaking out increases. So a mechanism is required to keep good bits in and bad bits out. And for this we use FIREWALL. A firewall is a device of some kind that separates and protects our network - in most cases, from the Internet. It restricts traffic to only what is acceptable, and monitors that what is happening. Every firewall has at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junc tion point or gateway between the two networks, usually a private network and a public network such as the Internet. It may be a hardware device or a software program running on a secure host computer. Hardware device means a physical devise connected at the gateway which checks every incoming or outgoing packet. Software program means that software is loaded in computer that determines as what to allow and what to reject. A firewall examines all traffic routed between the two networks to see if it meets certain criteria. A firewall filters both inbound and outbound traffic.

9.2 Technologies
There are three different types of firewall technologies: 1) Packet Filtering 2) Proxy 3) Stateful Inspection Packet Filtering A packet filtering firewall simply inspects incoming traffic at the transport layer of the OSI model. The packet filtering firewall analyzes TCP or UDP packets and compare them to a set of established rules called as Access Control List (ACL). Packet filtering inspects packet nly for following elements Source IP address Source Port Destination IP address Destination Port Protocol Proxy When a firewall is installed then no PC makes direct connection to the outside world. In that case they use proxy i.e each PC first of all sends request to proxy which then forwards the request to the internet or outside world for connection or data transfer. Stateful Ins pection It is a combination of Packet filtering and proxy services. This is the most secure technology and provides the most functionality because connections are not only applied to ACL, but are logged into a static table. After a connection is established, all session data is compared to the www.adilansari.com Page 35

static table. If the session data does not match the state table information for that connection, then connection is dropped.

9.3 Configuring the Firewall

Five basic commands are used to do a basic configuring of the firewall. interface nameif ip-address nat global Inte rface Command The interface command identifies the interface hardware card, sets the speed of the interface and enables the interface all in one command. SYNTAX: interface hardware_id hardware_speed [shutdown] hardware_id indicates interfaces physical location on the firewall. Hardware_speed indicates connection speed. There are various optio ns provided to us by the firewall regarding speed. 1000sxfullSets full-duplex Gigabit Ethernet. 1000basesxSets half-duplex Gigabit Ethernet 1000autoAutomatically detects ands negotiates full/half duplex 10fullSets 10Mbps full-duplex Ethernet 100fullSets 100Mbps full-duplex Ethernet. Shutdown This parameter administratively shuts down the interface. nameif command It is used to name an interface and assign security level from 1 to 99. The outside and inside interfaces are named by default and have default security values of 0 and 100, respectively. By default, the interfaces have their hardware ID. Ethernet 0 is the outside interface, and Ethernet 1 is the inside interface SYNTAX: nameif hardware_id if_name security_level hardware_id Indicates the interfaces physical location on the Firewall. if_name The name by which we refer to this interface. security_level A numerical value from 1 to 99 indicating the security level. Examples: nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security20 We can see the configuration by using s how nameif command. ip address Command All the interfaces must be configured with an IP address. The ip address command is used to configure IP addresses on the interfaces. The ip address command binds a logical address (IP address) to the hardware ID. SYNTAX: ip address if_name ip_address [netmask] if_name The interface name that was configured using the nameif command. ip_address The interfaces IP address. www.adilansari.com Page 36

netmask The appropriate network mask. If the mask value is not entered, the firewall assigns a classful network mask. Example: ip address inside 10.10.10.14 255.255.255.0 We can see the configuration by using s how ip command. nat Command The nat (Network Address Translation) command translates a set of IP addresses to another set of IP addresses. SYNTAX: nat ( if_name) nat_id local_ip [netmask] (if_name) The internal network interface name. nat_id The ID number to match with the global address pool. local_ip The IP address that is translated. This is usually the inside network IP address. netmask Network mask for the local IP address. There are two types of NATing: 1) Static: For ex. There is a google server and we dont want to make its IP address public so we change its IP address using nat command in firewall and now user will logon to this new IP . This results in more security as every time it has to pass through firewall. 2) Dynamic: If there are lots of PCs in a network and all want to access the internet , it is not easy that every PC is being provided with independent public IP so at firewall level we change every PCs pvt Ip with public IP. Examples: nat (inside) 1 10.10.10.0 255.255.255.0 nat (inside) 1 172.16.1.0 255.255.255.0 global Command The global command is used to define the address or range of addresses that the addresses defined by the nat command are translated into. It is important that the nat_id be identical to the nat_id used in the nat command. The nat_id pairs the IP address defined by the global and nat commands so that network translation can take place. SYNTAX: global ( if_name) nat_id global_ip | global_ip-global_ip [netmask] (if_name) The external network where you use these global addresses. nat_id Identifies the global address and matches it with the nat command it is pairing with. global_ip A single IP address. When a single IP address is specified, the firewall automatically performs Port Address Translation (PAT). global_ip-global_ip Defines a range of global IP addresses to be used by the firewall to NAT. netmask The network mask for the global IP address(es).

www.adilansari.com

Page 37

10. W LAN (W IRELESS LAN)

In a traditional LAN each computer physically connects to the network via wires and a network port. A Wireless Local Area Network (WLAN) is a network that provides the same services but without the need for physical connections between the computers and the network. Wireless LANs offer many advantages over traditional wired networks, such as mobility, flexibility, scalability and speed, simplicity and reduced cost of installation. A WLAN typically uses radio waves, which allow network PC cards plugged into a PC/laptop to connect to a traditional Ethernet LAN. IEEE developed the 802.11 standards to provide wireless networking technology like the wired Ethernet.

10.1 STANDARDS
IEEE developed the 802.11 standards to provide wireless networking technology. With timeto-time development in the field of technology three standards has been finalized. 802.11(a), 802.11(b), 802.11(g)

Max. bit rate/Raw net Frequency Band Range @ Max. rate Unit Cost Coverage Cost No. of channels

802.11(b) 11Mb/s 5.5Mb/s 2.4 GHZ 57 m 100% 100% 3

802.11(a) 54 Mb/s 22-26 Mb/s 5 GHZ 12m 120% 2000% 8

802.11(g) 54 Mb/s 17-22 Mb/s 2.4 GHZ 19m 110% 500% 4

IEEE 802.11a standard is the most widely adopted one because it operates at licensed 5 GHZ band while other are unlicensed and also it provides max. nof channels and max. bit rate than any other standards.

10.2 TOPOLOGIES
There are two topologies on which WLAN works: 1) Infrastructure Network 2) Ad hoc Network 10.2.1 INFRASTRUCTURE NETWORK It is useful for providing wireless coverage of building or campus areas. This is a topology used when there are many access points in a single location. By deploying multiple Access Points (APs) with overlapping coverage areas, organizations can achieve broad network coverage. . A laptop or other mobile device may move from AP to AP while maintaining access to the resources of the LAN. Each client is equipped with wireless network interface card (NIC) that consists of the radio transceiver and the logic Page 38

www.adilansari.com

to interact with the client machine and software. While the AP is essentially a radio transceiver on one side and the wired backbone on the other.

10.2.2 ADHOC NETWORK This topology is used when we have to interconnect mobile devices that are in the same area (e.g., in the same room). In this architecture, client stations are grouped into a single geographic area and can be Internet-worked without access to the wired LAN (infrastructure network). The ad hoc configuration is similar to a peer-to-peer office network in which no node is required to function as a server. In ad hoc there is no need of any AP as all devices are wirelessly connected to each other.

www.adilansari.com

Page 39

www.adilansari.com

Page 40

11. I NTRUSION D ETEC TION S YSTEM (IDS)

An IDS is a security counter measure. It monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network A firewall simply blocks openings into your network/system, but cannot distinguish between good/bad activity. Therefore, if you need to allow an opening to a system (like a web-server), then a firewall cannot protect against intrusion attempts against this opening. In contrast, intrusion detection systems can monitor for hostile activity on these openings.

11.1 HIDS
Host Intrusion Detection Systems run on individual hosts or devices on the network. A HIDS monitors the inbound and outbound packets from the device only and will alert the user or administrator of suspicious activity if detected

11.2 NIDS
Network Intrusion Detection Systems are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. Ideally you would scan all inbound and outbound traffic, however doing so might create a bottleneck that would impair the overall speed of the network. When an unauthorized user logs in successfully, or attempts to log in, they are best tracked with host-based IDS. However, detecting the unauthorized user before their log on attempt is best accomplished with network-based IDS. There are four basic techniques used to detect intruders: 1) Anomaly detection 2) misuse detection (signature detection) 3) target monitoring Anomaly Detection Designed to uncover abnormal patterns of behavior the IDS establishes a baseline of normal usage patterns, and anything that widely deviates from it gets flagged as a possible intrusion. An example of this would be if a user logs on and off of a machine 20 times a day instead of the normal 1 or 2. Also, if a computer is used at 2:00 AM when normally no one outside of business hours should have access, this should raise some suspicions. At another level, anomaly detection can investigate user patterns, such as profiling the programs executed daily. If a user in the graphics department suddenly starts accessing accounting programs or compiling code, the system can properly alert its administrators.

Misuse Detection or Signature Detection this method uses specifically known patterns of unauthorized behavior to predict and detect subsequent similar attempts. These specific patterns are called signatures. For host-based intrusion detection, one example of a signature is "three failed logins." www.adilansari.com Page 41

Target Monitoring These systems do not actively search for anomalies or misuse, but instead look for the modification of specified files. This is more of a corrective control, designed to uncover an unauthorized action after it occurs in order to reverse it. One way to check for the covert editing of files is by computing a cryptographic hash beforehand a nd comparing this to new hashes of the file at regular intervals. This type of system is the easiest to implement, because it does not require constant monitoring by the administrator. Integrity checksum hashes can be computed at whatever intervals you wish, and on either all files or just the mission/system critical files Passive IDS A passive IDS simply detects and alerts. When suspicious or malicious traffic is detected an alert is generated and sent to the administrator or user and it is up to them to take action to block the activity or respond in some way. Reactive IDS A reactive IDS will not only detect suspicious or malicious traffic and alert the administrator, but will take pre-defined proactive actions to respond to the threat. Typically this means blocking any further network traffic from the source IP address or user. IDS is required to be properly configured to recognize what is normal traffic on your network vs. what might be malicious traffic and you, or the administrators responsible for responding to IDS alerts, need to understand what the alerts mean and how to effectively respond.

WAN SOLUTION
REQUIREMENT
There is one CBC (Central Billing Center) which is required to be connected with 28 BGC (Bill Generation Center). As with each BGC location further locations are connected so it is required to use a router at each location. CBC Router must have these specifications: 4 numbers of10/100 fast Ethernet interfaces. 20 number of V.35 interface to receive the data from coming BGC Via optical fiber/ Lease line 2 numbers of ISDN BRI ports. Four numbers of synchronous serial interfaces for 64 kbps lease line connectivity. BGC Router must have these specifications: 2 port 10/100 Mbps Ethernet Interface. Sufficient port Serial WAN Interfaces.

www.adilansari.com

Page 42

Al the BGC locations are to be connected to the central location having a point to point connectivity. The BGC location are having a leased line connectivity of 128 Kbps which can be up gradable to 2 Mbps. The leased Line connectivity is to be provided BY a ISP.

SOLUTION
As per the requirement the proposed solution is to have point to point connectivity between the central location and the 28 BGC locations. There is a Cisco 1841 Router at each of the BGC location. They are connected to a 2 Mbps Leased Line Modem Pair., HCL-Gateway 2M-2W, through the serial port. The modem at the customer end is connected to a modem at the ISP side. Like this way the central location having a Cisco 3845 Router is connected to 28 nos of 2 Mbps Leased Line modem pair. The connectivity diagram and the bill of material required for the solution is given in the following pages.

www.adilansari.com

Page 43

12. I NTEGRATED S ERVICES DIGITAL NETW ORK (ISDN)

ISDNs primary goal is the integration of voice and nonvoice services. ISDN is actually a set of communication protocols proposed by telephone companies that allows them to carry a group of digital services that simultaneously convey data, text, voice, music, graphics, and video to end users, and it was designed to achieve this over the telephone systems already in place.

12.1 CHANNELS
There are two types of channels: 1) B channel 2) D channel B channel Bearer channels (B channels) are used to transport data. B channels are called bearer channels because they bear the burden of transporting the data. B channels operate at speeds of up to 64 kbps. D channel D channels are used for signaling. They are used to establish the session before the data is actually transfer.

12.2 ISDN INTERFACES

Types of ISDN interfaces: 1) Basic Rate Interface (BRI) 2) Primary Rate Interface (PRI). Both BRI and PRI provide multiple digital bearer channels over which temporary connections can be made and data can be sent. BRI: ISDN Basic Rate Interface (BRI, also known as 2B+1D) service provides two B channels and one D channel. The BRI B-channel service operates at 64Kbps and carries data, while the BRI D-channel service operates at 16Kbps and usually carries control and signaling information. PRI: According to American standards , the ISDN Primary Rate Interface (PRI, also known as 23B+D1) service delivers 23 64Kbps B channels and one 64Kbps D channel for a total bit rate of up to 1.544Mbps. And according to European standards, ISDN provides 30 64Kbps B channels and one 64Kbps D channel for a total bit rate of up to 2.048Mbps.

12.3 ISDN Function Groups and Reference Points Function groupA set of functions implemented by a device and software
Reference pointThe interface between two function groups, including cabling details

www.adilansari.com

Page 44

Router A is ordered with an ISDN BRI U reference point, referring to the I.430 reference point defining the interface between the customer premises and the ISP. Router B is bought with an ISDN BRI S/T interface, implying that it must be cabled to a function group NT1 device. An NT1 function group device must be connected to the ISP line through a U reference point; the S/T interface defines the connection to Router B. Router B is called a TE1 (Terminal Equipment 1) function group device. Non-ISDN equipment is called a TE2 (Terminal Equipment 2) device and is attached using the R reference point to a terminal adapter (TA) function group device. Alternatively, a TE1 can connect using an S reference point to an NT2 function group,

Function Groups : 1) TE1 (Terminal Equipme nt 1) ISDN-capable four-wire cable. Understands signaling and
2B+D. Uses an S reference point. 2) TE2 (Terminal Equipment 2): Equipment that does not understand ISDN protocols and specifications (no ISDN awareness). Uses an R refere nce point, typically an RS-232 or V.35 cable, to connect to a TA 3) TA (Terminal adapter): Equipment that uses R and S reference points. Can be thought of as the TE1 function group on behalf of a TE2. 4) NT1 (Network Termination): Connects with a U reference point (two-wire) to the ISP. Connects with T or S reference points to other customer premises equipment.

12.4 Reference Points

R between TE2 and TA. S between TE1 or TA and NT2. T between NT2 and NT1. U between NT1 and ISP. www.adilansari.com Page 45

SNAPSHOTS

www.adilansari.com

Page 46

www.adilansari.com

Page 47

www.adilansari.com

Page 48

www.adilansari.com

Page 49

www.adilansari.com

Page 50

www.adilansari.com

Page 51

F UTURE S COPE OF THE P ROJECT

FUTURE SCOPE OF THE PROJECT

Invariance to changes in communication, security, speed and congestion in the

world are constantly changing feature in this modern world, so new and different routing technique should be introduced in modern world. So communicating in your own secure private network and managing it on your own way is the future scope of the project. This model can be extended with any application to give very initial authorization service. LIMITATIONS Wireless networking signals are subject to a wide variety of signals. Slows down the speed reasonably. Needs an explicit preprocessing of router configuration to satisfy the constraints. IP Access list construction is not so much efficient. _____________________________________________________

www.adilansari.com

Page 52

R EFERENCES
1. ^J.Xu, J.Fan, M. Amar and S.B.Moon On the design and performance of prefix preserving IP traffic trace anonymization, in Proc. Internet Measurement work shop, 2011.

2. ^ D.A. Maltz and J. Zhan, Source Code for router configuration anonymizer, https://sourceforge.net/projects/config-anon/

3. Y. Rekhter, B. Moskovitz, D. Karrenberg, G.J. de Groot and E. Lear address allocation for private networks RFC 1918 (Best Current Practice), February 1996.

4. www.google.co.in/scholorblog

5. www.tomax7.com/mcse/cisco_routerconfig.htm

www.adilansari.com

Page 53

C ONCLUSION
EVERY GREAT ACHIEVEMENT IS DONE SLOWLY. The project Implementation Of A Secure And Configurable Private Network plays an important role in our career. This project has been quite interesting for us. The specialty of this project is that it provides a very simple interface to execute the idea of computer establishing of secure private network. We have worked to our best level to make this project a USER FRIENDLY ONE. So that users are able to use this project freely and with no difficulty. This projecthas undergone many changes at many steps and still has a lot to investigate in this field but this work encouraged us. Success and failure are never final. It is the courage that counts. At the end, we would again like to thank each and every person who directly or indirectly contributed in this project to help this project be a success. It is well said:PROGRESS IS THE ACTIVITY OF TODAY AND THE ASSURANCE OF TOMORROW. _____________________________________________________

www.adilansari.com

Page 54