Wide Area Nework: Niraj Yadav
Wide Area Nework: Niraj Yadav
Niraj Yadav
ISMT COLLEGE THIRD SEMESTER | TINKUNE, GAIRIGAU
P a g e 0 | 141
WIDE AREA NEWORK
Contents
Task 1 ....................................................................................................................................... 10
3. Broadband: ...................................................................................................................... 18
Task 2 ....................................................................................................................................... 26
2.1 Introductiom........................................................................................................................ 27
Task 3 ....................................................................................................................................... 41
P a g e 2 | 141
WIDE AREA NEWORK
Task 4 ....................................................................................................................................... 48
Task 5 ....................................................................................................................................... 52
DNS server............................................................................................................................ 59
DHCP ................................................................................................................................... 59
P a g e 4 | 141
WIDE AREA NEWORK
Database................................................................................................................................ 59
Application ........................................................................................................................... 60
Email .................................................................................................................................... 60
2. Account ........................................................................................................................ 61
Task 6 ....................................................................................................................................... 80
P a g e 5 | 141
WIDE AREA NEWORK
7.2 Above Testing can be shown in Tabular format as given below ......................................... 110
8.13 Monitoring Network using Cisco Configuration Assistant Tool ....................................... 132
8.13.4 Power usage by IP Phones and Wireless Access Points ......................................... 134
P a g e 9 | 141
WIDE AREA NEWORK
Task 1
Consider: Dial Up, ADSL (Asymmetric Digital Subscriber Line) and all derivatives, Broadband,
Frame relay, ISDN (Integrated Services Digital Network), MPLS (Multiprotocol Layer
Switching), Interior Routing Protocols, Exterior Routing, and Static Routing.
In order to achieve M1, you must make sure that an effective judgment have been made against
the presentation of your idea. Your ideas need to be justified with necessary evidences and
appropriate reasons and examples.
1.1 Introduction:
P a g e 10 | 141
WIDE AREA NEWORK
An connections can include wired and wireless technologies. Wired WAN services can
include multiprotocol label switching, T1s, Carrier Ethernet and commercial broadband internet
links. Wireless WAN technologies can include cellular data networks like 4G LTE, as well as
public Wi-Fi or satellite networks.
WANs over wired network connections remain the preferred medium for most enterprises, but
wireless WAN technologies, based on the 4G LTE standard, are gaining traction.
WAN infrastructure may be privately owned or leased as a service from a third-party service
provider, such as a telecommunications carrier, internet service provider, private IP network
operator or cable company. The service itself may operate over a dedicated, private connection --
often backed by a service-level agreement -- or over a shared, public medium like the
internet. Hybrid WANs employ a combination of private and public network services.
P a g e 11 | 141
WIDE AREA NEWORK
Software-defined WAN (SD-WAN) is designed to make hybrid WAN architectures easier for
enterprises to deploy, operate and manage. Using a combination of virtualization, application-
level policies and network overlays, on-site SD-WAN devices, software platforms or customer
premises equipment (CPE) perform two functions:
2. They automatically select the most optimal path for traffic, based on real-time conditions.
The latter function has historically required network managers to manually reconfigure their
networks any time they wanted to shape the direction of traffic over multiple routes.
P a g e 12 | 141
WIDE AREA NEWORK
There are specially designed network devices that are used to interconnect LANs. Configuring,
installing and maintenance of this devices requires expert skills by skilled technicians for the
management of the organization's network. These devices are specific to WAN environment, and
they are:
Modems:
Modems enables digital data to be sent over an analogue medium during transmission and
receiving of information. A voice band modem converts the digital signals produced by a
computer – the 1s and 0s- into voice frequencies that can be transmitted over the analogue lines
of the telephone network. On the other side of the connection, another modem converts the
sounds back into a digital signal for input to a computer or network connection
CSU/DSU:
Channel Service Unit / Data Service Unit CSU/DSU are combined piece of equipment used
for monitoring clocking and frame synchronization on a line. It also performs error detection
at the physical layer, It could be called a Modem sort .
Access server:
Concentrates dial-in and dial-out user communications. An access server may have a mixture
of analogue and digital interfaces and support hundreds of simultaneous users.
WAN Switch:
P a g e 13 | 141
WIDE AREA NEWORK
A multi-port internetworking device used in carrier networks. These devices typically switch
traffic such as ATM, and operate at the Data Link layer of the OSI reference model. Public
switched telephone network switches may also be used within the cloud for circuit-switched
connections like Integrated Services Digital Network (ISDN) or analogue dialup.
Router
A Router Provides internetworking between the LANs, and WAN access interface ports that
are used to connect to the service provider network. These interfaces may be serial connections
or other WAN interfaces. With some types of WAN interfaces, an external device such as a
DSU/CSU or modem (Analogue, Cable, or DSL) is required to connect the router to the local
point of presence (POP) of the service provider.
Core Router
A router that resides within the middle or backbone of the WAN rather than at its periphery.
To fulfil this role, a router must be able to support multiple telecommunications interfaces of
the highest speed in use in the WAN core, and it must have the ability to forward IP packets at
full speed on all of those interfaces. The router must also support the routing protocols being
used in the core (Orbit-computer-solutions.com, 2015).
Leased Lines:
P a g e 14 | 141
WIDE AREA NEWORK
Circuit Switching:
It sets up like a phone call. No data can transfer before the end-to-end connection is
established. It uses dial-up modems and ISDN. It is used for low-bandwidth data transfers.
Packet Switching:
Packet WAN switching method allows you to share bandwidth with other companies to save
money. As long as you are not constantly transmitting data and are instead using burst data
transfers, packet switching can save you a lot of money. However, if you have a constant data
transfers, you will need to use a leased line. Frame Relay and X.25 are packet switching
technologies. Speeds can vary from 56Kbps to 2.048Mbps. (Tripod, n.d)
1. Dial Up:
Dialup services offer cost-effective methods for connectivity across WANs. Two popular
dialup implementations are dial-on-demand routing (DDR) and dial Backup.
DDR is a technique whereby a router can dynamically initiate and close a circuit switched
session as transmitting end station demand. A router is configured to consider certain traffic
interesting (such as traffic from a particular protocol) and other traffic uninteresting. DDR can
be used to replace point-to point links and switched multi-access WAN services.
P a g e 15 | 141
WIDE AREA NEWORK
Dial backup is a service that activates a backup serial line under certain conditions. The
secondary serial line can act as a backup link that is used when the primary link fails or as a
source of additional bandwidth when the load on the primary link reaches a certain threshold.
Stands for "Asymmetric Digital Subscriber Line." ADSL is a type of DSL, which is a method
of transferring data over copper telephone lines. While symmetrical DSL
(SDSL) uploads and downloads data at the same speed, ADSL has different maximum data
transfer rates for uploading and downloading data.For example, an ADSL connection may
allow download rates of 1.5Mbps, while upload speeds may only reach 256Kbps. Since most
users download much more data than they upload, this difference usually does not make a
noticeable impact on Internet access speeds. However, for Web servers or other computers that
send a lot of data upstream, ADSL would be an inefficient choice (Techterms.com, 2015).
P a g e 16 | 141
WIDE AREA NEWORK
Advantages of ADSL
• High-speed access which enables easy net surfing and fast streaming contents access
• Unlimited Internet access under a flat-rate price. The price in Nepal is NRS 1000 per month
for unlimited access.
Disadvantages of ADSL
• ADSL connection works better the closer we are to the telephone exchange in the location.
• The connection is faster to download (receive data) but is slower to send information.
P a g e 17 | 141
WIDE AREA NEWORK
3. Broadband:
A high-speed, high-capacity transmission medium that can carry signals from multiple
independent network carriers is Broadband. This is done on a single coaxial or fiber-optic cable
by establishing different bandwidth channels. Broadband technology can support a wide range
of frequencies. It is used to transmit data, voice and video over long distances simultaneously.
The term commonly refers to Internet access via a variety of high-speed networks, including
cable, DSL, Fi-OS, Wi-Fi, Wi-MAX, 3G, 4G and satellite, all of which are considerably faster
than analog dial-up in some cases by a huge magnitude. The term has always referred to a
higher speed connection, but the speed threshold varies with the times. Widely employed in
companies, the 1.5 Mbps T1 line was often considered the starting point for broadband speeds,
while the FCC had defined broadband as a minimum upload speed of 200 Kbps.
Advantages of Broadband
P a g e 18 | 141
WIDE AREA NEWORK
It is independent of weather.
It provides the better service delivery.
It is quite easy to use.
It is always connected to the internet.
Disadvantages of Broadband:
4. Frame relay:
Frame relay is a telecommunication service designed for cost-efficient data transmission for
intermittent traffic between local area networks (LANs) and between end-points in a wide area
network (WAN). Frame relay puts data in a variable-size unit called a frame and leaves any
necessary error correction (retransmission of data) up to the end-points, which speeds up
overall data transmission. Frame relay is based on the older X.25 packet-switching technology
which was designed for transmitting analog data such as voice conversations. Unlike X.25
which was designed for analog signals, frame relay is a fast packet technology, which means
that the protocol does not attempt to correct errors.
P a g e 19 | 141
WIDE AREA NEWORK
ISDN is a data transfer technology, created in 1984, that can transfer data significantly faster than
a dial-up modem. ISDN enables wide-bandwidth digital transmission over the public telephone
network, which means more data can be sent at one time. A typical ISDN connection can support
transfer rates of 64K or 128K of data per second. it is a digital telecommunication system that
converts the analogue signals into digital signals for computer to understand and process the
information (SearchEnterpriseWAN, 2015).
P a g e 20 | 141
WIDE AREA NEWORK
Advantages of ISDN
Disadvantages of ISDN
P a g e 21 | 141
WIDE AREA NEWORK
MPLS primarily implements and uses labels for making routing decisions. The label-based
switching mechanism enables the network packets to flow on any protocol. MPLS operates by
assigning a unique label or identifier to each network packet. The label consists of the routing table
information, such as the destination IP address, bandwidth and other factors as well as source IP
and socket information. The router can refer only to the label to make the routing decision rather
than looking into the packet. MPLS supports IP, Asynchronous Transfer Mode (ATM), frame
relay, Synchronous Opital Networking (SONET) and Ethernet-based networks. MPLS is designed
to be used on both packet-switched networks and circuit-switched networks.
Advantages of MPLS
Disadvantages of MPLS
P a g e 22 | 141
WIDE AREA NEWORK
It is also known as the Interior Gateway Protocol (IGP). It was developed by the Cisco which
is also known as the proprietary distance vector routing protocol. It is deployed within a
routing domain controlled by the single administrative entity. It is used to communicate the
routing information within a host network. It manages a routing table with the most optimal
path to respective nodes and to networks within the parent network.
To get from place to place outside our network(s), i.e. on the Internet, we must use an Exterior
Gateway Protocol. Exterior Gateway Protocols handle routing outside an Autonomous
System and get us from our network, through our Internet provider's network and onto any
other network. BGP is used by companies with more than one Internet provider to allow them
to have redundancy and load balancing of their data transported to and from the Internet.
P a g e 23 | 141
WIDE AREA NEWORK
9. Static Routing
In static routing an administrator specifies all the routes to reach the destination. Static routing
occurs when you manually add routes in each router’s routing table. By default, Static routes
have an Administrative Distance. In this static routing technique, once the routes are
configured, it cannot be changed. Thus it is a static route.
P a g e 24 | 141
WIDE AREA NEWORK
Static routes require extensive planning and have high management overhead
1.5 Recommendation:
WAN services have become increasingly relevant to businesses in large part because of the
proliferation of branch offices, remote workers, and the need for access to centrally provided data
and applications As services like MPLS, Ethernet, and Internet become more critical, so does the
need for more reliable WAN connections.
Nepal has many ISP Company that runs and provides broadband connection to its customers.
World-link, Subisu are some of broadband connections. Large company like IBSS Nepal provides
the widest wireless coverage in the country according to the level of preferences. It provides
following types of broadband connection:
SOHO broadband: it is provided to the clients with limited budget with the high speed.
It uses wireless of fiber for connection according to the availability.
Corporate Broadband: such connection is given to small and medium sized clients or
company.
P a g e 25 | 141
WIDE AREA NEWORK
It is more supportive to users that are fond of gaming and supports the faster data download.
Various users can connect to the internet via broadband according to the usage as explained above.
It is more reliable as it provides qualitative network speed facilities in response to the paid budgets
for the ISP. It is easily available as the connection can be given either in wireless or fiber form.
Overall, it is more powerful and easy to surf over the internet.
1.6 Conclusion:
WAN technologies have helped a lot in today’s day for the betterment of human’s activities. It has
intensified our quality of the work. It has made our work more effective and efficient. Today,
communication is possible because of the WAN and its technologies which are playing the vital
role in our lives. Therefore, A Wide Area Network is a data communications network that operates
beyond the geographic scope of a LAN.WANs generally connect devices that are separated by a
broader geographic area than can be served by a LAN. WANs use the services of carries, such as
telephone companies, cable companies, satellite systems, and network providers.
Although, it has helping our progress various problems like threat to security is overgrowing.
Cyber-terrorism has made our privacy unsecure. Email-spasm, software hacking, viruses are some
of the major problem.
Thus, WAN technologies have both advantages and disadvantages. We should be more cautious
to prevent the upcoming problems.
Task 2
P a g e 26 | 141
WIDE AREA NEWORK
Consider: Quality of Service Management e.g. DSCP (Differentiated Service Code Point), IP
precedence, queues, base rules, congestion management Quality of Service need e.g. Voice over
IP, video streaming, audio streaming.
2.1 Introductiom
The Cisco WAN Access Performance Management System is a unique solution for service
providers wishing to raise overall service quality while reducing the cost of delivering high
performance value-added services to their enterprise customers. The Cisco WAN Access
Performance Management System enables rapid rollout of robust managed services by
providing advanced, real-time, and historical performance information that providers can use
for highly cost-effective operational support of the managed network. (Cisco, n.d).
The WAN Optimization Assessment and Design Service reviews the current environment and
helps to customize the WAN optimization solution architecture. The service documents the
current network infrastructure and measures LAN/WAN traffic, helping to gain insight into
the new Riverbed WAN optimization deployment. WAN optimization is supposed to be a
highly granular and dynamic way of organizing network traffic to ensure the most important
data items are always given network priority in full support of the business and its users. But
it is important for companies to realize that WAN optimization cannot be simply delivered
through quality of service levels they may have agreed with their WAN provider.
P a g e 27 | 141
WIDE AREA NEWORK
variation (jitter), bandwidth, and packet loss parameters on a network becomes the secret to a
successful end-to-end business solution. Thus, QoS is the set of techniques to manage network
resources (Cisco, 2015).
QoS architecture:
QoS features are configured throughout the network to provide the end-to-end QoS
delivery. QoS architectures promote a systems approach to quality of service management
in distributed systems. QoS architecture includes these three components:
QoS within a single network element: it includes queuing, scheduling, and traffic shaping
features.
QoS signaling techniques: it is for coordination of QoS for end-to-end delivery between
network elements.
QoS policing and management functions: it is used to control and administer end-to-end
traffic across a network.
Principle of QoS:
QoS helps to understand that the network is sustainable and maintained. It identify which
network traffic is critical
Traffic and allocate appropriate resources to support those traffic streams. The application
of the QoS policies allows us to prioritize the resources according to need. It ensures that
those important packets get through even when the IP network is busy. It overlooks the
packet contents through interface all over the network infrastructure. Configured QoS
provides requirements for telephony that are more stringent than the ones for VoIP
(Baumann and Fiedler, 2005).
Benefits of QoS:
P a g e 29 | 141
WIDE AREA NEWORK
QoS includes:
Differentiated Services Code Point (DSCP) is a field in an IP packet that enables different
levels of service to be assigned to network traffic. This is achieved by marking each packet
on the network with a DSCP code and appropriating to it the corresponding level of
service.
DSCP is the combination of IP Precedence and Type of Service fields. In order to work
with legacy routers that only support IP Precedence, DSCP values are used because they
are compatible with IP Precedence fields. For more information, see RFC 2474 at the
RFC Editor Web site (Erg.abdn.ac.uk, 2014).
P a g e 30 | 141
WIDE AREA NEWORK
Quality of Service (QoS)-enabled programs request a specific service type for a traffic
flow through the generic QoS (GQoS) application programming interface (API). The
available service types are:
DSCP is a six-bit field carrying the default values that are displayed in the following table.
The equivalent IP Precedence and IEEE 802.1p values are shown in separate columns.
Network 30 6 7
control
Guaranteed 28 5 5
Controlled load 18 3 3
P a g e 31 | 141
WIDE AREA NEWORK
Strength Weakness
2.2.2 IP Precedence:
It is one of the key components of the QoS. It was originally defined in RFC 791 that has a feature
like mechanism to assign the priority to each IP packet as well as ask for the specific treatment
like high throughput, high reliability or low latency. IP precedence has IP packet headers consists
of the ToS field where the field has three bits. It consists of 8 classes where 0 is the highest and 7
is the lowest priority.
P a g e 32 | 141
WIDE AREA NEWORK
Router is used to set the precedence that tells other routers about the level of QoS the packet
requires. It is the best effort Quality of Service at layer 3 that provides the ability to classify
network packets. While in layer 2 it provides analogous functionality of the 802.1P protocol.
It helps to classify the class of service of a packet using the three precedence bits in the ToS field.
Differentiated service can be created by setting the precedence level on incoming traffic. Features
like policy based routing and CAR to set the precedence based on application or user, Or by
destination and source subnet work.
Strength Weakness
P a g e 33 | 141
WIDE AREA NEWORK
2.2.3 Queues
Network queuing is a very important application of queuing theory. The term 'network of
queues' describes a situation where the input from one queue is the output from one or
more others. This is true in many situations from telecommunications to a PC.
A simple example of network queuing is the central server network. This consists of a
CPU (Central Processing Unit), storage units it can access and input devices to access it.
The task the CPU performs is queued on different criteria. Also, the storage units could
have their own individual queues. Queues tend to be ordered in a number of ways. They
can also be executed either on a one by one serial basis or bit by bit by Time Sharing. It
is not always necessary to treat customers in a queue equally. A priority queuing system
may often be used to give some jobs preferential treatment (Janssen, 2014).
Strength Weakness
Base rule is mainly used for the security propose. It is a condition where computer server acts as a
firewall. It is a set of rule that are implement to filter the packets in order to allow the packets pass
P a g e 34 | 141
WIDE AREA NEWORK
through the firewalls .They are the configured and implemented rules for the organizational
security policies. They usually function on the top-down principle in which the first rule listed acts
firstly so that traffic allowed by the first rule is not affected by the remaining rules. They have the
format of SOURCE/ DESTINATION/ SERVICE/ ACTION.
Desktop security: this enables user to specify the level of access that remote users have as
they log into the internet.
QoS: base level of functionality can be maintained by enabling the firewall by setting the
rules for organizational security policy.
NAT: it conceals the internal name and IP address from the outside network users.
Tracking: it includes procedure for notification so that user can follow response
procedures in case of intrusions.
Logging and auditing: it includes methods for detection of intrusions and other security
problems like viruses.
This allows you to scan for the open ports and apply the set of base rules to prevent the undesired
applications. Base rules have mainly three options:
Strength Weakness
P a g e 35 | 141
WIDE AREA NEWORK
Dynamic traffic filtration can be set It can only stop the intrusions from
up as desired. the traffic that actually passes through
It provides proxy authentication. them.
Enforce security and safety policies As long as transaction has been
of an organization. permitted, a firewall has no ability to
Restriction access to specified protect the system against it.
services.
Congestion is the phenomenon where the quality of services deteriorates when the node is
carrying the overload of data causing the buffer on devices like switch and routers. This
results in queuing delay, frame or data packet loss and the blocking of new connections. It
limits the networking resources, slowing the router processing and link throughput.
End-system flow control: it controls packet flow which prevents the sender from over-
running the buffers of the receiver.
Network congestion control: the congestion is reducing in the network rather than the
receiver. The mechanism is done by the ending the systems that throttle back.
Network based congestion avoidance: here, routers detect the threat to the congestion. It
attempts to slow down the senders before the queues become full.
Resource allocation: physical circuits are scheduled for a specific time period. Resources
are allocated by building a virtual circuit across the switches with a guaranteed bandwidth.
It avoids the congestion by blocking the traffic that is excess of the network capacity.
Strength weakness
P a g e 37 | 141
WIDE AREA NEWORK
We need various applications in our daily routine. There is a need to control the network resources
to fulfill the requirements of each service. For instance, telephony, email, multimedia are some of
our daily activities. It tells what they are, what user needs and how it works to provide us Quality
of Services. Some of the QoS needs are:
Voice over IP
Video streaming
Audio streaming
It is a hardware or software technology that facilitates telephone calls over the computer
network like internet. It was first introduced in 1995 by the small company called Vocaltec.
The transmission of voice data is in IP rather than the PSTN which is traditional circuit
transmissions. Thus VOIP converts the analog signals (voices) into digital information in
the form of IP packets. The main advantage of VOIP is that, the calls are cost saving while
disadvantage is that there is high chance for of dropping the calls degrading the voice
quality when there is heavy load to the link network (Cisco, 2011).it supports real-time
and two-way transmission of conversations using IP.
Strength Weakness
P a g e 38 | 141
WIDE AREA NEWORK
The actual location of a VoIP caller VoIP uses the Internet, in the case
cannot be traced of a power outage, VoIP services
.laptops can be used as the computer may be unavailable.
to computer connection. Thus, it is Data is transmitted over the Internet
portable. so the risk of it being intercepted is
significantly higher than with a
regular phone line
In general, we understand online video as media streaming. In fact, it is an audio or the video
content which are compressed and sent over the internet and played immediately. We don’t have
to download to play the file. Thus the multimedia is based on Internet Protocol over the internet
that is usually streamed from prerecorded files. The file can be retrieved and played by remote
viewers in real time with embedded players. The video we watch over the YouTube is the best
example. A flash player is its embedded player (Rayburn, 2007).
P a g e 39 | 141
WIDE AREA NEWORK
P a g e 40 | 141
WIDE AREA NEWORK
forward and fast backward. Further streaming servers need to retrieve media components
in a synchronous fashion.
Media synchronization mechanism: it major features is to separate the multimedia
application from other data application. This allows application at the receiver side to
present various media stream in the original way.
Protocols for streaming media: it is designed for communication between clients and
streaming servers. Protocols for streaming media provide such services as network
addressing, transport, and session control.
2.4 Conclusion:
QoS management and QoS need has help us to enable more efficient use of the network. It has
provided preferential treatment to certain data, enabling the data to transverse intranet with higher
quality transmission. This has encourages the emergence of heterogeneous networks to provide
cost-performance while taking into account the less expensive and resource-constrained scalar
sensors and high power superior elements such as multimedia sensors.
Task 3
Discuss WAN concerns and make recommendations to sustain network security, reliability and
performance. [1.3]
Consider: WAN security e.g. MD5 (Message Digest algorithm 5), CHAP and PAP, Broadcast
reduction, Filters, traffic rules, Firewalls, Access control lists, Directed updates and tunneling.
P a g e 41 | 141
WIDE AREA NEWORK
3.1 Introduction
WAN services have become increasingly relevant to businesses in large part because of the
proliferation of branch offices, remote workers, and the need for access to centrally provided data
and applications As services like MPLS, Ethernet, and Internet become more critical, so does the
need for more reliable WAN connections.
The various concerns for an organization when it comes to WAN are security, infrastructure,
continuity etc. Here are the various concerns that the organization considers while implementing
WAN for a secure network are described below WAN Concerns.The WAN concerns usually
overviews are:
Security
Reliability
Performance
Connection between computer and the modem can be established by dialing into the
ISP’s modem that negotiates in modem protocol. There are basically two methods for
logging onto a server:
1. CHAP
2. PAP
P a g e 43 | 141
WIDE AREA NEWORK
Network broadcasts are each Administrator's bad dream as they surge the system
with, by and large, unnecessary activity, expending profitable transfer speed and at
times, bringing on bottlenecks in very used connections (Partsenidis, 2014).
Wellsprings of these shows are system supplies, for example, switches, switches,
system printers, workstations, servers and numerous more. While having a 'show
P a g e 44 | 141
WIDE AREA NEWORK
free' system is unthinkable, there are sure steps one can take to guarantee shows are
minimized
3.6 Firewalls
P a g e 45 | 141
WIDE AREA NEWORK
It is also known as the personal firewall. They are the programs designed to
monitor and control the flow of the traffic between the computers and the
network. They are installed in the PC, notebook or the group server.
It a host tools that provides the security against the threat at the periphery of the
network. They are usually needed to be configured for the security activities. They
P a g e 46 | 141
WIDE AREA NEWORK
are more expensive and provide better performance than that of the software
firewall.
Access control refers to security features that control who can access resources in
the operating system. Applications call access control functions to set who can
access specific resources or control access to resources provided by the
application.
It describes the security model for controlling access to Windows objects, such as
files, and for controlling access to administrative functions, such as setting the
system time or auditing user actions (Cisco, n.d.).
P a g e 47 | 141
WIDE AREA NEWORK
3.8 Conclusion
For making more secure WAN Md5 is discovered to be utilized most which is hash
capacity with 128 bit esteem. It is profoundly dependable finger impression that can be
utilized verity the uprightness of the document content. It checks for discriminating
framework, information documents, and application gives a reduced approach to store
data for utilization amid occasional honesty. There is an alternate choice that is utilized
most as a part of WAN yet is consider being less secure contrast with different
alternatives. PAP is basic confirmation convention. It dishearten in light of the fact that
passwords are effortlessly comprehensible from the point to point convention.
Task 4
P a g e 48 | 141
WIDE AREA NEWORK
Consider: Trust of intermediary system, Trust of remote systems, Trust of networks on WAN.
Note: In order to critically evaluate your work you are required to give an opinion of the issue
which should be supported with relevant evidence.
4.1 Introduction
Security is the biggest issue for WAN. Normally, organizations consists some technology in order
to secure resources of networks in its different branch offices. In order to control and manage the
flow of data which is sent to each remote location, huge security solutions is applied. The
components of the network will only communicate with each other if there exists a trust between
remote users or client is authenticated. Without authorizing remote system or client accessing the
network resources is impossible.
Trust can be defined as the process or the mechanism involved in the networking technologies
which is used by one network in order to identify the access of other network to the resources of
first network. The trust is required between the connections in order to communicate between the
two different Networks. Trust provide the extra layer of security.
One way trust: only one network can access the resources of other network.
Two Way trust: Both the network can access the resources of each other network.
It is a trust system specially used in the field of E-commerce where two parties is offered a
intermediated services from the third party. It uses the routing protocol known as DECnet Phase
P a g e 49 | 141
WIDE AREA NEWORK
V routing where a routing is determined through data exchange system by using single metric
intermediate. It is the most flexible trust system for the internet as it is inspired by the browser
trust list and trust intermediary. Trust information forms the trust record that assigns the
registrant’s security policies.
This trust is applied to the secure embedded file. It ensures the changing in the remote embedded
device preventing the unauthorized access. This changing in the file may occur via
internet/Ethernet or wire/wireless. This trust system consists of public key encryption to prove the
product is from the trusted organization. Software companies uses the technologies like hypervisor
to indicate if software is changed or tempered.
It is trust system link with the secure connection of internet over the server. It looks upon the CA
certificate of the IPS to verify the CA signature on the certificate of the server to prevent the
malicious party for the secure connection.
Public key and owner of the system has the authenticate relation that decentralize the trust model
for the public key structure. Public key relies on the centralized trust model where the third party
has certificate of subject to rely on for the trust. These trust system includes following manual
trust:
• Certificate trust
P a g e 50 | 141
WIDE AREA NEWORK
It is an encapsulated data link protocol used to establish the connection between two nodes directly.
Via point-to-point links, transportation of IP traffic is done. It is used for physical networks
activities like serial cable, phone line, cellular telephone etc. Internet Service Providers used it for
internet access connections and dial up access. It ensures PPP link in the endpoint is a valid device
(Gredler et al , 2005).
Virtual extends the private network across the public network that helps to allow the exchange of
data across the public networks. VPN trust relies on security of a single provider’s network to
protect the traffic. It delivers the network unless the trusted delivery network runs among
physically secure sites only and helps configuring the tunnel groups, group policies and users’
policies. In result it helps to manage the security over VPN.
It is a system to ensure best practice among all publicly trusted Certification Authorities and
Delegated Third Parties. Its guideline seeks to address the various attacks on trusted providers by
setting a number of requirements. This ensures a tight security around CA networks and systems
where the guidelines is provided in the areas including General Protections for the Network and
Supporting Systems; Trusted Roles, Delegated Third Parties, and System Accounts; Logging,
Monitoring and Alerting; as well as Vulnerability Detection and Patch Management.
It is a service developed by the Microsoft for windows domain networks. It is included in most
windows server operating systems as a set of processes and services. The main function of the AC
Domain is to provide the controller over authentication and authorizes all users and computers in
P a g e 51 | 141
WIDE AREA NEWORK
a Windows domain type network—assigning and enforcing security policies for all computers and
installing or updating software. The single domain grows in infrastructure to develop the trust
relationship (Lowe, 2009). It allows domain and forest to trust one another for authentication to
access the resources.
Task 5
Design a WAN infrastructure to meet the given requirements of Solution Networks and critically
evaluate the suitability of WAN components. [2.1, 2.2, M2]
Consider: DHCP, VLANs, availability of routing concepts, IP addressing plan, appropriate device
selection, Cable connection, Speed and Bandwidth utilization, WAN module and routing solution
for the Solution Networks.
In order to achieve M2, you must make sure that the selection of methods and techniques /
sources has been justified which may be evidenced through your work you have presented.
P a g e 52 | 141
WIDE AREA NEWORK
5.1 Introduction :
Solution Network Pvt. Ltd is a networking company that provides internet service to the clients.
In the following task the design of the networks of different branches including the head office are
provides. As per the requirement of scenario Solution Network Pvt. Ltd, various considerations
has been done with core and network infrastructure. In the designed network infrastructure of a
Solution Network Pvt. Ltd devices has been selected and connection has been made.
P a g e 53 | 141
WIDE AREA NEWORK
P a g e 54 | 141
WIDE AREA NEWORK
P a g e 55 | 141
WIDE AREA NEWORK
P a g e 56 | 141
WIDE AREA NEWORK
P a g e 57 | 141
WIDE AREA NEWORK
Domain controller
IP address: 192.168.1.10/24
P a g e 58 | 141
WIDE AREA NEWORK
DNS server
IP address: 192.168.1.102/24
DHCP
IP address: 192.168.1.105/24
IP address: 192.168.1.106/24
Database
IP address: 192.168.1.107/24
P a g e 59 | 141
WIDE AREA NEWORK
Application
IP address: 192.168.1.108/24
IP address: 192.168.1.109/24
• Account
P a g e 60 | 141
WIDE AREA NEWORK
• HRM
• Customer support
In Solution network we have used the public IP of range of class C. Subnetting technology has
been used in order to provide smooth administration and traffic management. Subnetting is
basically just a way of splitting a TCP/IP network into smaller, more manageable pieces.
2. Account
4. Customer support
Solution Network (Solution Net) is an emerging network service provider in Nepal. The
organization provides various network supports, sells networking devices and consumer access.
The company provides fast internet services of upto maximum capacity of 15 Mbps to corporate
client organizations and end users with maximum capacity of 2 Mbps. Branch Network of
Bhaktpur, Kavre, Banepa and Dhulikhel provides the Wi-Fi access to end users.
P a g e 62 | 141
WIDE AREA NEWORK
Network connectivity is at the heart of every small business, and secure access, firewall protection,
and high performance are the cornerstones of every Cisco Small Business RV Series Router. The
Cisco RV320 Dual Gigabit WAN VPN Router, now with web filtering, is no exception. With an
intuitive user interface, the Cisco RV320 enables you to be up and running in minutes. The Cisco
RV320 provides reliable, highly secure access connectivity for you and your employees that is so
transparent you will not know it is there.
Dual Gigabit Ethernet WAN ports for load balancing and business continuity
Strong security with proven stateful packet inspection (SPI) firewall and hardware encryption
Product Specifications
P a g e 63 | 141
WIDE AREA NEWORK
Description Specification
● Failover
● 802.3, 802.3u
● Static IP
P a g e 64 | 141
WIDE AREA NEWORK
Description Specification
● IPv6
● Routing Information Protocol (RIP) v1 and v2, and RIP for IPv6
(RIPng)
● Inter-VLAN routing
● Static routing
● One-to-one NAT
Network Address
Translation (NAT) ● NAT traversal
P a g e 65 | 141
WIDE AREA NEWORK
Description Specification
● DMZ port
Security
● SPI firewall
P a g e 66 | 141
WIDE AREA NEWORK
Description Specification
802.1Q VLAN
VPN
● 25 IPsec VPN tunnels via Cisco VPN client and third-party clients
IP Security (IPsec) such as “The GreenBow” for remote- access VPN connectivity
P a g e 67 | 141
WIDE AREA NEWORK
Description Specification
Authentication MD5/SHA1
P a g e 68 | 141
WIDE AREA NEWORK
Description Specification
● VPN backup
Performance
IPsec VPN
throughput 100 Mbps
P a g e 69 | 141
WIDE AREA NEWORK
Description Specification
Concurrent
connections 20,000
Configuration
Management
Management
protocols ● Bonjour
● Local log
● Syslog
● Email alert
P a g e 70 | 141
WIDE AREA NEWORK
Description Specification
System Specifications
Description Specification
Product dimensions (W x H
x D) 206 x 132 x 44 mm (8.1 x 5.2 x 1.7 in)
P a g e 71 | 141
WIDE AREA NEWORK
P a g e 72 | 141
WIDE AREA NEWORK
HARDWARE FEATURES
WPS/Reset Button
Button Power Button
Wi-Fi Button
WIRELESS FEATURES
Frequency 2.4-2.4835GHz
P a g e 73 | 141
WIDE AREA NEWORK
WIRELESS FEATURES
11n: Up to 450Mbps(dynamic)
Signal Rate 11g: Up to 54Mbps(dynamic)
11b: Up to 11Mbps(dynamic)
CE:
<20dBm(2.4GHz)
Transmit Power
FCC:
<30dBm
P a g e 74 | 141
WIDE AREA NEWORK
WIRELESS FEATURES
WPA2-PSK
SOFTWARE FEATURES
L2TP(Dual Access)/BigPond
Access Control
Management Local Management
Remote Management
P a g e 75 | 141
WIDE AREA NEWORK
SOFTWARE FEATURES
Address Reservation
P a g e 76 | 141
WIDE AREA NEWORK
SOFTWARE FEATURES
OTHERS
P a g e 77 | 141
WIDE AREA NEWORK
One of the main requirement of the Solution net is the needs to connect to its various branches and
provide the internet facilities to their clients. So, in order to meet this requirement Solution net has
chosen frame relay in order to communicate with their branches. Solution net has purchased the
frame relay services from its telecom provider.
The main advantage of Frame Relay over point-to-point leased lines is cost. Frame Relay can
provide performance similar to that of a leased line, but with significantly less cost over long
distances. The reason is because the customer only has to make a dedicated point-to-point
connection to the provider's nearest frame switch. From there the data travels over the provider's
shared network. The price of leased lines generally increases based on distance. So, this short haul
point-to-point connection is significantly less expensive than making a dedicated point-to point
connection over a long distance.
Lower cost over distance makes Frame Relay is a good choice for Solution net since it has offices
located across the country. However, if Solution net only needed to send data between it’s
headquarter and the branches manufacturing it might make sense to consider a dedicated circuit
since the two locations are in the same metropolitan area.
The two main disadvantages of Frame Relay are slowdowns due to network congestion and
difficulty ensuring Quality of Service (QoS).Because all of a provider's Frame Relay customers
use a common network there can be times when data transmission exceeds network capacity. The
difficulty ensuring QoS is due to the fact that Frame Relay uses variable-length packets. It is easier
to guarantee QoS when using a fixed-length packet. Solution net needs to decide how significant
these disadvantages are to the needs of their network and how to mitigate against them.
P a g e 78 | 141
WIDE AREA NEWORK
To address the issue of potential congestion, Solution net should be sure that FatData Pipe's
Committed Information Rate (CIR) is sufficient to meet the needs of their network. CIR is the
minimum level of through put that the provider guarantees and FDP should be delivering at least
this amount of through put even in times of heavy network load. Solution net should also carefully
examine their present and future quality of service needs. Is voice or video conferencing between
sites is something on the horizon? If so, Solution net may want to examine the ways in which
Frame Relay equipment can prioritize traffic and determine if these mechanisms are sufficient for
to meet their needs. If not, Solution net want to consider an alternative like ATM.
Switch 3560: This is a core switch which is used on the core network for defining multiple subnets
and distribute communication for internal branches and intranet access along with department wise
communication for the admin purpose the VLAN (subnets-network segment) has been configured
on this core switch.
Switch 2960: This is a distribution switch which is used to create a LAN environment for different
subnet (department wise network).
Wireless Access point (outdoor AP): This is a wireless network distribution point to provide
internet access and connectivity to end user customer and employee network as well. The main AP
which is connected to the LAN environment with cable connection acts as a wireless distribution
main router but other outdoor AP’s will act as a wireless distribution service client mode. This
WDS client will be responsible for providing the internet access to all the end user clients who
subscribe internet access subscription from Solution net.
Router 8141: This gateway router will provide connectivity between the different private virtual
circuits from frame-relay cloud provider. It also provides static IP routing service for all branch
networks. The router uses static IP route to minimize loop free routing into the framerelay
environment.
P a g e 79 | 141
WIDE AREA NEWORK
Since Solution net will be connecting more than two sites we have chosen to use a star topology.
In this topology all the devices are connected to the intermediary devices. In Solution net it would
be either the switch or the router. But in case there is a problem in the intermediary device a whole
network is interrupted. Hence to provide some redundancy in communications links, redundant
arrangement can be either full-mesh, where every site has a connection to every other site.
Solution net needs to decide how much redundancy, if any, is needed between site and how to best
set this up.
Solution net headquarters is located in Kathmandu, and is the central clearinghouse for all of the
company's data. Given this fact, the WAN design can start as a simple hub and-spoke network
with the Kathmandu HQ in the center. Each supply office and manufacturing site will have a
virtual circuit connected to Kathmandu. Additionally there is a virtual circuit between Solution
net headquarters and Banepa branch. This simple design solves the basic connectivity issue. All
sites can communicate with headquarters and all sites may also communicate with each other by
Routing layer-3 data through headquarters.
Task 6
Build and configure a WAN (including services) to meet the given requirements of the Solution
Networks implementing the network security on a WAN. [3.1, 3.2]
P a g e 80 | 141
WIDE AREA NEWORK
configuration: e.g. routing protocol, interfaces, network address allocation, and security features
Note: Your teacher will complete a witness statement to confirm that you have completed the task
successfully and you need to submit the Lab report.
Kathmandu>en
Kathmandu#sh run
Building
configuration...
hostname
Kathmandu
P a g e 81 | 141
WIDE AREA NEWORK
interface
FastEthernet0/0
ip address
192.168.1.1
255.255.255.0
duplex auto
speed auto
interface
interface
Serial0/0/0
ip address
110.0.0.1 255.0.0.0
interface
Serial0/0/1
P a g e 82 | 141
WIDE AREA NEWORK
ip address
120.0.0.1 255.0.0.0
interface
Serial0/1/0
ip address 90.0.0.1
255.0.0.0
interface
Serial0/1/1
ip address
100.0.0.1 255.0.0.0
P a g e 83 | 141
WIDE AREA NEWORK
redistribute eigrp
100
network 90.0.0.0
network 120.0.0.0
network
192.168.1.0
auto-summary
redistribute eigrp
200
network 100.0.0.0
network 110.0.0.0
auto-summary
P a g e 84 | 141
WIDE AREA NEWORK
ip classless
line con 0
line vty 0 4
login
Bhaktpur>en
P a g e 85 | 141
WIDE AREA NEWORK
Bhaktpur#sh run
Building configuration...
version 12.4
no service password-encryption
hostname Bhaktpur
interface FastEthernet0/0
duplex auto
P a g e 86 | 141
WIDE AREA NEWORK
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
interface Serial0/0/0
no ip address
shutdown
interface Serial0/0/1
no ip address
P a g e 87 | 141
WIDE AREA NEWORK
shutdown
interface Serial0/1/0
network 90.0.0.0
network 192.168.2.0
auto-summary
line con 0
line vty 0 4
login
P a g e 88 | 141
WIDE AREA NEWORK
Kavre>en
Kavre#sh run
Building configuration...
hostname Kavre
interface FastEthernet0/0
duplex auto
speed auto
interface Serial0/1/0
P a g e 89 | 141
WIDE AREA NEWORK
network 100.0.0.0
network 192.168.3.0
auto-summary
line con 0
line vty 0 4
login
Banepa>en
Banepa#sh run
Building configuration...
P a g e 90 | 141
WIDE AREA NEWORK
hostname Banepa
interface FastEthernet0/0
duplex auto
speed auto
interface Serial0/1/0
P a g e 91 | 141
WIDE AREA NEWORK
network 110.0.0.0
network 192.168.4.0
auto-summary
line con 0
line vty 0 4
login
Dhulikhel>en
Dhulikhel#sh run
Building configuration...
P a g e 92 | 141
WIDE AREA NEWORK
hostname Dhulikhel
interface FastEthernet0/0
duplex auto
speed auto
interface Serial0/1/0
network 120.0.0.0
network 192.168.5.0
auto-summary
P a g e 93 | 141
WIDE AREA NEWORK
line con 0
line vty 0 4
login
end
interface FastEthernet0/0
duplex auto
speed auto
interface Serial0/1/0
P a g e 94 | 141
WIDE AREA NEWORK
interface Serial0/1/0
P a g e 95 | 141
WIDE AREA NEWORK
P a g e 96 | 141
WIDE AREA NEWORK
P a g e 97 | 141
WIDE AREA NEWORK
According to configuration of Wi-Fi, we have used Solution Network SSID and password is
hello@123. The Security mode is WPA 2 Personal. In this security mode password can be
encrypted by either AES or TKIP or both algorithm but we have used AES encryption It is clear
that WEP encryption does not provide sufficient wireless network security and can only be used
with higher-level encryption solutions (such as VPNs). WPA is a secure solution for upgradable
equipment not supporting WPA2, but WPA2 will soon be the standard for wireless security.
P a g e 98 | 141
WIDE AREA NEWORK
According above scenario we have used EIGRP routing protocol because some reasons are
below:
Enhanced Interior Gateway Routing Protocol (EIGRP) is a unique Cisco innovation. Highly
valued for its ease of deployment and fast convergence, EIGRP is commonly used in many large
Enterprise networks. EIGRP maintains all of the advantages of distance-vector protocols, while
avoiding the concurrent disadvantages.
EIGRP is a simple protocol to understand and deploy. It's IPv6-ready, scales effectively in a
well-designed network, and provides extremely quick convergence times. Other EIGRP
advantages include:
Easy transition to IPv6 with multi-address family support for both IPv4 and IPv6 networks.
Superior scaling of Interior Gateway Protocol (IGP) for large dynamic multipoint (DM)
VPN deployments
Very fast rapid convergence times for changes in the network topology
Only routing table changes, not the entire routing table, are propagated, when a change
occurs
More efficient use of links, through equal cost multipath (ECMP) and unequal cost load
sharing
P a g e 99 | 141
WIDE AREA NEWORK
Task 7
Critically review and test the WAN technologies components in the previous task. [3.3, M3]
Note: Evidence will be provided by a test plan and subsequent test results. Screen shots may be
relevant.
Test Number Test Description Intended Results Actual Result with screen shot Actions
P a g e 100 | 141
WIDE AREA NEWORK
In order to obtain M3, you must make sure that the communication has taken place in familiar
and unfamiliar contexts. Your answer should sound technical as well as should be suitable for
non-technical audiences also you need to submit the slides and presentation observation report.
7.1 Introduction:
Solution Net is being an emerging network service provider is interested to upgrade its current
Network System. The current Network systems provides various network supports, sells network
devices and provide fast internet for the corporate and end users. But now with the increasing
competition and aim of expanding its business to the whole country, they have planned to expand
the business to major cities namely, Bhaktpur, Kavre, Banepa and Dhulikhel. Further that the
organization has planned to increase the productivity of the company and increase the security.
The new proposed system of Solution Net involves, significant changes and addition of devices.
It has planned to provide cable internet and Wi-Fi access to its clients from all the branch offices.
The new basic physical network architecture will require several upgrades in hardware that
address these incompatibilities and older technologies. The result will be higher speeds, more
reliability, and easier maintenance of network components. The upgraded hardware will use upto-
date, compatible technologies that will greatly facilitate troubleshooting and maintenance as well
as resolve the slow access times that are currently being reported.
P a g e 101 | 141
WIDE AREA NEWORK
1.2.Test in Bhaktpur
P a g e 102 | 141
WIDE AREA NEWORK
1.3.Test in Kavre
P a g e 103 | 141
WIDE AREA NEWORK
1.4.Test in Banepa
P a g e 104 | 141
WIDE AREA NEWORK
1.5.Test in Dhulikhel
P a g e 105 | 141
WIDE AREA NEWORK
P a g e 106 | 141
WIDE AREA NEWORK
P a g e 107 | 141
WIDE AREA NEWORK
P a g e 108 | 141
WIDE AREA NEWORK
P a g e 109 | 141
WIDE AREA NEWORK
1/5/2018 Routing Strategy in head office with Neighbor Device Detection Success
and communication Test with ping Tool.
1/5/2018 Routing Strategy in branch office Bhaktpur with Ping tool. Success
1/5/2018 Routing strategy in Branch office Kavre with Ping toll. Success
1/5/2018 Routing strategy in Branch office Banepa with Ping toll. Success
1/5/2018 Routing strategy in Branch office Dhulikhel with Ping toll. Success
P a g e 110 | 141
WIDE AREA NEWORK
Following is the screen shot of a test lab prepared for a Solution Network as per requirement which
are connected to public IP.
P a g e 111 | 141
WIDE AREA NEWORK
P a g e 112 | 141
WIDE AREA NEWORK
On testing and evaluating the various test results, devices and protocols are adequate in order to
meet the requirement of the Solution Net. But in case there comes to be a problem in any one
intermediary devices, than there would be the interruption in the network attached to that devices.
Currently we have been implementing the switch and spoke mechanism in order to have the
communication between the various branches. This has a disadvantages that the communication
becomes very slow, as each branch have to first communicate with the headquarter before
communicating with any other branches.
Similarly, it was found that there was no security implemented in any of the devices. The device
could be accessed without having any authentication criteria. This may cause to have a loophole
in the network security.
Currently, we are using Eigrp as a routing protocol, but once the company expand then it is not
suitable to use EIGRP. So, it would be better to use OSPF. EIGRP is not a good choice for a big
network. This is also a restriction of distance-vector routing protocol (like RIP, RIPII). If EIGRP
be a routing protocol for a big network, we can separate the network into different EIGRP domain,
then import routing table to each other, but it is not a optimal network design, and very few
network has been designed like this.
Task 8
Monitor and troubleshoot the WAN and Resolve WAN issues to improve security, reliability and
performance [4.1, 4.2]
P a g e 113 | 141
WIDE AREA NEWORK
Note: using any suitable tools, any troubleshooting methodology you need to present your answer
with the support of every actions you have performed. Different monitoring tools and techniques
and you need to recommend best practice and troubleshoot steps for issues found too.
8.1 Introduction:
Solution Networks Pvt. consists of the vast networking that needs to be managed for the
proper functioning that provides the effective and productive services to the customers.
Monitoring and troubleshooting are the ways to keep WAN over-viewing the
performance. It helps to analyze and evaluate the ISP infrastructure. It allows us to use
different tools to determine the cause of problems in different application, carrier
network infrastructure and network devices (Gareiss, n.d.). While an intrusion detection
system monitors a network for threats from the outside, a network monitoring system
monitors the network for problems caused by overloaded or crashed servers, network
connections or other devices.
For example, to determine the status of a web server, monitoring software may
periodically send an HTTP request to fetch a page. For email servers, a test message
might be sent through SMTP and retrieved by IMAP or POP3.
Commonly measured metrics are response time, availability and uptime, although both
consistency and reliability metrics are starting to gain popularity. The widespread
addition of WAN optimization devices is having an adverse effect on most network
monitoring tools, especially when it comes to measuring accurate end-to-end response
time because they limit round trip visibility.
P a g e 114 | 141
WIDE AREA NEWORK
Performance tuning: improve service by balance overload, tunes and optimize system,
Improving QoS, over utilizing resources etc.
Trouble shooting: prevent crisis mode, availability, maximize productivity
Planning: performance trends are understood
Expectations : Distributed System are set for expectations
Security: secure network against unauthorized access
Accounting: Solar winds, Cisco network assistant tools, Observium are used for
monitoring the network performances.
P a g e 115 | 141
WIDE AREA NEWORK
Results Reasons
Reduced resources:
budgets increasingly constrained
Lack of experienced personnel
Various troubleshooting methodologies are used for monitoring the WAN using the various tools:
Spiceworks is a monitoring tools that formed in early 2006 by Scott Abel, Jay Hallberg,
Greg Kattawar, and Francis Sullivan to provide a Facebook-like community integrated with
a free ad-supported. It headquarters is in Austin, Texas. It monitors the network and alert
admins about the changing environment.
P a g e 116 | 141
WIDE AREA NEWORK
P a g e 117 | 141
WIDE AREA NEWORK
P a g e 118 | 141
WIDE AREA NEWORK
P a g e 119 | 141
WIDE AREA NEWORK
P a g e 120 | 141
WIDE AREA NEWORK
8.9 VM monitoring:
Fig: 5 VM monitoring
P a g e 121 | 141
WIDE AREA NEWORK
P a g e 122 | 141
WIDE AREA NEWORK
P a g e 123 | 141
WIDE AREA NEWORK
P a g e 124 | 141
WIDE AREA NEWORK
P a g e 125 | 141
WIDE AREA NEWORK
P a g e 126 | 141
WIDE AREA NEWORK
P a g e 127 | 141
WIDE AREA NEWORK
P a g e 128 | 141
WIDE AREA NEWORK
P a g e 129 | 141
WIDE AREA NEWORK
P a g e 130 | 141
WIDE AREA NEWORK
P a g e 131 | 141
WIDE AREA NEWORK
P a g e 132 | 141
WIDE AREA NEWORK
P a g e 133 | 141
WIDE AREA NEWORK
P a g e 134 | 141
WIDE AREA NEWORK
Spiceworks
Veeam
P a g e 135 | 141
WIDE AREA NEWORK
Purpose: To configure different cisco networking devices via. Remote telnet access.
15. Conclusion:
Thus above tools have helped to study the network and devices status and its performance. The
problem can be easily detected and maintained according to the requirements. This has helped to
increase the efficiency effectively in the network structure.
P a g e 136 | 141
WIDE AREA NEWORK
Task 9
Consider: network monitoring tools, user access, traffic analysis, bandwidth monitoring, checking
configuration and checking rules.
9.1 Introduction
WAN performance estimation and general outline are as a rule altogether affected by the
relentless climb in the quantity of portable laborers and remote areas, particularly among
organizations that contend universally. The requirement for development in these regions
was at first determined by two contemplations: The yearning to bring store network assets
closer to clients in the field, and a push to cut expenses by offloading a portion of the
system figuring assets to remote areas.
With the use of user access control, we can protect our PC from hackers/attackers and
malicious software. User access control facilitates us by seeking permissions at the time
of making any major changes to our computer. In Windows 7, UAC is currently less
P a g e 137 | 141
WIDE AREA NEWORK
meddling and more adaptable. Less Windows 7 projects and errands oblige your assent.
In the event that you have director benefits on your PC, you can likewise calibrate UAC's
warning settings in Control Panel.
Traffic analysis is a special type of inference attack technique that looks at communication
patterns between entities in a system. "Traffic analysis is the process of intercepting and
examining messages in order to deduce information from patterns in communication. It
can be performed even when the messages are encrypted and cannot be decrypted. In
general, the greater the number of messages observed, or even intercepted and stored, the
more can be inferred from the traffic. Traffic analysis can be performed in the context of
military intelligence or counter-intelligence, and is a concern in computer security."
Knowing who's talking to whom, when, and for how long, can sometimes clue an attacker
in to information of which you'd rather she not be aware. The size of packets being
exchanged between two hosts can also be valuable information for an attacker, even if
they aren't able to view the contents of the traffic (being encrypted or otherwise
unavailable). Seeing a short flurry of single-byte payload packets with consistent pauses
between each packet might indicate an interactive session between two hosts, where each
packet indicates a single keystroke. Large packets sustained over time tend to indicate file
transfers between hosts, also indicating which host is sending and which host is receiving
the file. By itself, this information might not be terribly damaging to the security of the
network, but a creative attacker will be able to combine this information with other
information to bypass intended security mechanisms.
P a g e 138 | 141
WIDE AREA NEWORK
Bandwidth is the communication capacity of a network. When you use the Internet, you
are using bandwidth. Bandwidth is used in both directions, i.e. for uploads and downloads.
Data flows quickly and smoothly when the amount of traffic on the network is small
relative to its capacity When the amount of traffic nears the capacity of the network, the
speed at which data travels begins to drop. When students on the residence hall network
share large amounts of data, which could include music and movie files, the speed of the
network decreases for everyone in the residence halls. Similarly, very large data transfers
using the campus network affect availability for everyone on the campus network. For
this reason, UCSC has some bandwidth limitations.
Network administrators pay attention to network traffic as one method to manage the
resource and ensure that bandwidth is available for academic, research and administrative
uses in alignment with the University’s mission. At UCSC, we take privacy very
P a g e 139 | 141
WIDE AREA NEWORK
seriously. ITS monitor the quantity of our usage, not the content of our usage. We monitor
network traffic/bandwidth strictly to protect the quality of the network service.
In computing, configuration files, or config documents design the beginning settings for
some machine programs. They are utilized for client applications, server techniques and
working framework settings. The records are regularly composed in ASCII (once in a
while UTF-8) and line-arranged, with lines ended by a newline or carriage return/line
food pair, contingent upon the working framework. They may be viewed as a
straightforward database. A few applications give apparatuses to make, change, and check
the sentence structure of their setup documents; these occasionally have graphical
interfaces. For different projects, framework heads may be relied upon to make and alter
documents by hand utilizing a content tool.
P a g e 140 | 141
WIDE AREA NEWORK
P a g e 141 | 141