Network Security Over WAN

Six Month Industrial Training report submitted in partial

requirement of

B.Tech(Computer Science & Engineering)

Submitted by
A.P.A Revanth Guptha
GU-2017-1059

Faculty of Engineering Design and Automation

(Department of Computer Science Engineering)
GNA University, Phagwara
 S.No. 240913

Certificate of Training
This certificate has been awarded to Mr Appana Padma Aditya
Revanth Guptha from GNA University who has undertaken an
internship program of 6 Months from 15/02/2021 to 21/07/2021
in
N/W &
Cloud Computing Department from Solitaire Infosys Pvt. Ltd.

During the tenure of this internship with us, we found the candidate
self-starter and hardworking. Also he had worked sincerely on the
assignments and his performance was satisfactory to be part of the
team.

We wish the Candidate success for all the future endeavors.

For Solitaire Infosys Pvt. Ltd.

Human Resources Department

Note: To check the authentication of certificate, please visit www.slinfy.com
 CANDIDATE'S DECLARATION

I RevanthGuptha here by declare that I have undertaken SoftwareTraining at Solitaire

infosys Pvt. Ltd during a period from 15/02/2021 to 21/07/2021 in partial fulfillment of
requirements for the award of degree of B.Tech (Computer Scienceand Engineering) at
GNA UNIVERSITY, PHAGWARA.Thework which is being presented in the training
report submitted to Department of Computer Science and Engineering at GNA
UNIVERSITY, PHAGWARA is an authentic record of training work.

A.RevanthGuptha

This is to certify that the above statement made by the candidate is to correct to the best of
my/our knowledge

Mr.Rajesh Sharma

Head of Department

I
 SUMMARY

A Network Analyst is an individual that is responsible for the maintenance of computer

hardware and software systems that make up a computer network including the maintenance
and monitoring of active data network or converged infrastructure and related network
equipment.

Network administrators are generally mid-level support staff within an organization and do not
typically get involved directly with users. Network administrators focus upon network
components within a company's LAN/WAN infrastructure ensuring integrity. Depending on the
company and its size, the network administrator may also design and deploy networks.

The actual role of the network administrator will vary from place to place, but will commonly
include activities and tasks such as network address assignment, management and
implementation of routing protocols such as IS-IS, OSPF, BGP, routing table configurations
and certain implementations of authentication (e.g.: challenge response, etc.). It can also
include maintenance of certain network servers: file servers, VPN gateways, intrusion detection
systems, etc.

As a Network Analyst, tasks generally fall into the following areas:

1. Designing and planning the network.

2. Setting up the network.

3. Maintaining the network.

4. Expanding the network.

II
 ACKNOWLEDGEMENT

Success is a sweet fruit, which everyone strives to taste. To achieve this goal, one has to put in a lot of
physical and mental efforts. I couldn’t do it without the help of many talented and dedicated people.
So I wish to express my appreciation to those whose help has been most valuable. Firstly I would like
to express our gratitude and appreciation to Mr. Rajesh Sharma(Head Of Department). I am equally
grateful to the faculty members who sorted out many problems and gave us the guidance.

I would also like to thank missNeetuBatra who is the trainer in Solitaire Infosys Pvt. Ltd. for their
consistent guidance on each and every step of my project.

Without their push and directions, this project would have not been complete. Their continuous
support and motivation made this project possible.

Finally I would like to thank my parents for their support.

Name of the Student Signature of Student

A.RevanthGuptha

GU-2017-1059

III
 CONTENTS

S.NO Title Page.No

Certificate by Company

Candidate Declaration i

Summary ii

Acknowledgement iii

Contents iv

List of Figures vii

Chapter 1: Introduction to Organisation

1.1 History of the Company 1

1.2 Company Overview 1
1.3 Company Strructure 1

Chapter 2: Software Training (Cisco packet tracer)

2.1 Network Security 2

2.2 Report Organization 2

2.3 Switches 3

2.4 Routers 3

2.5 Cables 4

2.6 Network encoding 5

2.7 IP Addressing 8

2.8 Subnet Mask 9

2.9 Subnetting 9

2.10 Routing 9

2.11 Routing Protocols 10

IV
2.12 VLAN(Virtual local area network) 10

2.13 VPN(Virtual Private Network ) 12

2.14 Network address translation 13

2.15 Access Lists 14

2.16 vitual truncking protocol 14

2.17 Voice Over Internet Protocol 15

2.18 Wireless Security 15

Chapter 3: Induxtrial training work undertaken

3.1 Static routing 17

3.2 Dynamic routing 17

3.3 Default routing 18

3.4 DNS 18
3.5 Rip routing 19

3.6 Eigrp routing 19

3.7 Ospf routing 20

3.8 VPN networking 20

3.9 Voice Over Internet Protocol 21

3.10 VLAN 21

Chapter 4: Project Work

4.1 Introduction of project 22

4.2 Network Designing 23

4.3 Routing Protocols 25

4.4 VLAN(Virtual Local Area Network) 30

V
4.5 VPN(Virtual private Network) 32

4.6 NAT 34

4.7 Access List 35

4.8 VTP (Virtual Truncking Protocol) 37

4.9 VOIP(Voice Over Internet Protocol) 39

4.10 Domain Name Server 40

Chapter 5: Results & Discussions

5.1 Internet 43

5.2 standard and extended access list 43

5.3 Computer lab and data center 43

5.4 Banking 44

5.5 Security Guard rooms 44

5.6 Reception 44

5.7 E-library 45

5.8 Girls and boys hostel 45

CHAPTER 6:References

6.1 Refernces 46

VI
 LIST OF FIGURES
S.No Title Page No

2.2 Cisco Packet Tracer 2

2.3 Work Group 3

2.4 Router 4

2.5 Coaxial Cable 4

2.5.1 Twisted pair Cable 4

2.5.2 Cross over Cable 5

2.5.3 Straight cable 5

2.5.4 Rollover Cable 5

2.6.1 Server 6

2.6.2 web server 7

2.6.3 DNS 7

2.6.4 DHCP 8

2.6.5 Client & sever network 8

2.10 Routing 9

2.12 VLANs 11

2.13 Static & dynamic vlan 11

2.14 Remote access vpn 12

2.15 Intranet vpn 13

2.16 Extranet vpn 13

2.19 WPA 16

3.1 Static routing 17

3.2 Dynamic routing 17

3.3 Default routing 18

3.4 Ip configuration of DNS 18

3.5 Rip routing 19

VII
3.6 Eigrp routing 19

3.7 Ospf routing 20

3.8 VPN routing 20
3.9 Voice Over Internet protocol 21
3.10 VLAN ` 21
4.2.1 Front end 23
4.2.2 Bus Topology 24

4.2.3 Ring topology 24

4.2.4 Back End (ISP) 25
4.3.1 RIP 26
4.3.2 EIGRP 26
4.3.3 OSPF 30
4.4 VLAN 30

4.5 VPN network 32

4.7 Access List 35
4.9 VOIP 39
4.10 domain name server 41
4.11 Google Server 41
4.12 Facebook server 42
4.13 gmail server 42

5.1 Internet 43
5.2 standard and extended access list 43
5.3 computer lab and data center 43
5.4 banking 44
5.5 security guard room 44
5.6 reception 44

5.7 E-library 45
5.8 Girls & Boys hostel 45

VIII
 Chapter 1
Introduction to Organisation
1.1 History of the Company
Directors: Mr. Rajesh Sharma & Mr. Jogvinder Singh.Solitaire Infosys Inc. was a dream
came into existence over five years ago with a strongaspiration of becoming a best IT
service provider around the globe. Presently,Solitaire Infosys is already leading the race
with its competitors. Being nurtured by a team ofexperienced and sensitive people .We try to
bond emotionally with our clients and love to go an extra mile to satisfy their needs, which
is the reason that we hold the edge in the league.

1.2 Company Overview

Company aim To be a dynamic, vibrant and value-based global IT service providers

 centered around customer, employee and societal goals.

 To be aclass leading and innovative IT Services Company
 By class-leading and developing we mean
 Chances for our people to grow and develop
 Opportunities and risks always being handled
 Highly motivated, capable and invested manpower
 Master shareholder return

1.3 Company Structure

Solitaire Infosys is a leading Software and Web Application Development Company,based

in Mohali (Chandigarh), that provides high quality comprehensive services to enterprises
across a wide range of platforms and technologies. Our major areas of expertise are in
providing quality, cost effective software or web development

Different wings in company according to work structure are:-

i. Website Designing

ii. Web Development

iii, Mobile Applications

iv. Digital Marketing

v. Maintenance
1
 Chapter 2
Software Training (cisco packet tracer)
2.1 Network Security

The term Network Security can refer to either the hardware (the computer) or the software (the
computer application) that helps to deliver web content that can be accessed through the Internet.
The most common use of Network Security is to secure your network from unauthorized clients.
The primary function of a web of network security refers to any activitiesdesigned to protect your
network. His communication between client and Routers takes place using the different protocols.
Specifically, these activities protect the usability, reliability, integrity, and safety of your network
and data. Effective network security targets a variety of threats and stops them from entering or
spreading on your network. A user agent, commonly a web browser or web crawler, initiates
communication by making a request for a specific resource using HTTP and the server responds
with the content of that resource or an error message if unable to do so. The resource is typically a
real file on the server's secondary storage, but this is not necessarily the case and depends on how
the web server is implemented through the network.

2.2 Report Organization

1. Software Requirements
To complete the work on network security, I take help from some software
requirements. Software requirements as
Operating System : Windows7 ultimate,
Front end tools : Cisco Packet Tracer, GNS 3

Figure 2.2 Cisco Packet Tracer

Packet Tracer is a protocol simulator developed by Dennis Frezzo and his team at
Cisco Systems. Packet Tracer (PT) is a powerful and dynamic tool that displays the

2
 various protocols used in networking, in either Real Time or Simulation mode. This
includes layer 2 protocols such as Ethernet and PPP, layer 3 protocols such as IP,
ICMP, and ARP, and layer 4 protocols such as TCP and UDP. Routing protocols
can also be traced.
2. Hardware Requirements
Processor -1GHz,Graphics card ,Memory (RAM)-1 GB ,Free hard drive space -
16GB,Optical drive

2.3 Switches

A switch is a device that is used for switching. It forward and filters OSI layer 2 datagrams
between ports. Switch has numerous ports. Switches can operate on one or more layer of
OSI model including physical, data link, network or transport. A device which operateon
more than one layer is known as Multilayer switch.

Workgroup Switch : Workgroup switches add more intelligence to data transfer

management.Switches can determine whether data should remain on a LAN or not, and they
can transfer the data to the connection that needs that data.

Figure 2.3 Workgroup

2.4 Routers

Routers are networking devices that forward data packets on a network. It is a WAN
link device. It works on Layer-3. Files are transferred in the form of packets. It is a
manageable device. It creates internetwork by connecting two different
networks.Routers can regenerate signals, concentrate multiple connections, convert data
transmission formats, and manage data transfers. They can also connect to a WAN,
which allows them to connect LANs that are separated by great distances.

3
 Figure 2.4 Router

2.5 Cables : These are used to connect computers or other devices in a network. There are
many types of cables used with LAN as:

 Coaxial Cable- Coaxial cable or Coax is a type of cable that has an inner conductor
surrounded by insulating layer and enclosed by conducting shield. It is used as a
transmission line for radio frequency signals. It is difficult too install coaxial cabling.

Figure 2.5 Coaxial Cable

 Twisted Pair Cable: It is a type of cabling in which conductors of single circuit are
twisted together for cancelling out electromagnetic interference from external source.

Figure 2.5.1 Twisted pair Cable

4
 Crossover Cable- It is used to connect same type of devices as Connect 2 computers
directly and Connect 2 routers/switches

Figure 2.5.2 Crossover Cable

 Straight Cable- It is used to connect different type of devices as Connect a

computer to switch/hub and Connect a router to a switch/hub .Straight Cable is
mainly used in networking.

Figure 2.5.3 Straight Cable

 Rollover cable- It is used to connect a computer terminal to a router’s console port.

It gets name rollover as pinouts on one end are reserved from the other.This cable is
not used in these days.

Figure 2.5.4 Rollover cable

2.6 Network Encoding

 Interface
 Module Description

5
Interface:A server is a system (software and suitable computer hardware) that responds to
requests across a computer network to provide, or help to provide, a network service.
Servers can be run on a dedicated computer, which is also often referred to as "the server",
but many networked computers are capable of hosting servers. In many cases, a computer
can provide several services and have several servers running. Many servers do not have a
graphical user interface (GUI) as it is unnecessary and consumes resources that could be
allocated elsewhere. Similarly, audio and USB interfaces may be omitted. With the help of
GUI(Graphic User Interface), server works and perform multitasks.

Module Description:

 Server
 Domain Name System
 Dynamic Host Control Protocol
 Network Switch
 Internet Information Services

Server: A server is a computer program that provides services to other computer program
(and their users), in the same or other computer. The physical computer that runs a server
program is also often referred to as server. Services can be supplied centrally by the use of a
server; in other cases all the machines on a network have the same status with no dedicated
server, and services are supplied peer -to- peer.

Figure 2.6.1 Server

Web Server: The term web server can refer to either the hardware or the software that
helps to deliver web content that can beaccessed through the Internet.Themost common use
of web servers is to host websites, but there are other uses such as gaming, data storage or
running enterprise applications.

6
 Figure 2.6.2 web server

Domain Name System: The Domain Name System (DNS) is a hierarchical distributed
naming system for computers, services, or any resource connected to the Internet or
a private network. It associates various information with domain names assigned to each of
the participating entities. Most prominently, it translates easily memorized domain names to
the numerical IP addresses needed for the purpose of locating computer services and devices
worldwide.

Figure 2.6.3 DNS

Dynamic Host Control Protocol:The Dynamic Host Configuration Protocol (DHCP) is a

network configuration protocol for hosts on Internet Protocol (IP) networks. Computers that
are connected to IP networks mustbe configured before they can communicate with other
hosts. The essential information needed is an IP address, and a default route and routing
prefix. DHCP

7
 Figure 2.6.2 DHCP

Network Switches:A network switch is a computer networking device that connects

network segments. The term commonly refers to a network bridge that processes and routes
data at the Data Link layer (layer 2) of the OSI model. Switches that additionally process
data at the network layer (layer 3 and above) are often referred to as layer 3 switches or
multilayer switches.

Figure 2.6.5 Client Server Network

Internet Information Services: – formerly called Internet Information Server – is a web

server application and set of feature extension modules created by Microsoft for use with
Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5
supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP. It is an integral part of Windows
Server family of products, as well as certain editions of Windows XP, Windows Vista and
Windows 7. IIS is not turned on by default when Windows is installed.

2.7 IP ADDRESSING
If a device wants to communicate using TCP/IP, it needs an IP address. IP addressing was
designed to allow hosts on one network to communicate with a host of different network.

8
When the device has an IP Address and required hardware and software, it can send and
receive IP packets. Any device that can send or receive IP packets is called an IP host.
There are 2 parts in an IP address i.e. Network ID and Host ID.
 Network ID is the identification of a network.
 Host ID is the identification of host.
2.8 Subnet Mask

A subnet mask is a 32-bit value that allows the recipient of IP packets to distinguish the
network ID from host ID portion of IP Address. Subnet mask is also 32-bit address, which
tells us how many bits are used for network and how many bits are used for host address. In
Subnet mask Network bits are always 1 and Host bits are always 0.

2.9 Sub-netting

Sub-netting is a way of splitting a TCP/IP network into smaller networks. When you subnet
your network, you are splitting the network into separate but interconnected network. With
this, network traffic will decrease but user can create connection with other subnet..

2.10 ROUTING

The term “routing “is used for taking a packet from one device and sending it through the
network to another device on a different network. Routers route traffic to all the networks in
your internetwork. To be able to route packets, a router must know, at a minimum, the
following:

 Destination address
 Neighbor routers from which it can learn about remote networks
 Possible routes to all remote networks
 The best route to each remote network

Figure 2.10 routing

ROUTING TYPES:
9
 1. Static Routing: Static routing occurs when you manually add routes in each router’s
routing table. By default, Static routes have an Administrative Distance (AD) of 1.
2. Default Routing: Default routing is used to send packets with a remote destination
network notin the routing table to the next-hop router.Itonly usedindefault routing on
sub networks. Those with only one exitPath out of the network.
3. Dynamic Routing: Dynamic routing is when protocols are used to find networks
and update routing table on routers.A routing protocol defines the set of rules used
by router when it communicates routing information between neighbor router
2.11 Routing Protocols:

1. Distance vector protocol:The Distance-vector protocols find the best path to remote
network by judging distance. Each time a packet goes through a router, that’s called
a hop. The route with the least number of hops to the network is determined to be the
best route. The vector indicates the direction to the remote network. They send the
entire routing table to directly connected neighbors.Ex: RIP, IGRP.
2. Link state protocol:Also called shortest-path-first protocols, the routers each create
three separate tables. One keeps track of directly attached neighbors, one determines
the topology of the entire internet work, and one is used as the routing tables. Link
state routers know more about the internet work than any distance-vector routing
protocol. Link state protocols send updates containing the state of their own links to
all other routers on the network.Ex: OSPF
3. Hybrid protocol:Hybrid protocol use aspects of both distance-vector and link state
protocol.Ex: EIGRP

2.12 VLAN (Virtual Local Area Network)

VLAN

Network adds, moves, and changes are achieved with ease by just configuring aport into the
appropriate VLAN.A group of users that need an unusually high level of security can be put
into itsown VLAN so that users outside of the VLAN can’t communicate with them.VLANs
greatly enhance network security.VLANs increase the number of broadcast domains while
decreasing their size.

10
 Figure 2.12 VLANs

Static VLAN’s:

Creating static VLANs is the most common way to create a VLAN, and one of the
reasonsfor that is because static VLANs are the most secure. Static VLAN configuration is
pretty easy to set up and supervise, and it works really well ina networking environment
where any user movement within the network needs to becontrolled.

Figure 2.13 static & dynamic vlan

Dynamic VLAN’s:

Dynamic VLAN determines a node’s VLAN assignment automatically.Using intelligent

management software, you can base VLAN assignments on hardware(MAC) addresses,
protocols, or even applications that create dynamic VLANs.

11
2.13 VPN(Virtual private network)

A virtual private network (VPN) allows the creation of private networks across the Internet,
enabling privacy and tunneling of non-TCP/IP protocols.A virtual private network
(VPN)allows the creation of private networks across the Internet, enabling privacy and
tunneling of non-TCP/IP protocols.VPNs are used daily to give remote users and disjointed
networks connectivity over a public medium like the Internet instead of using more
expensive permanent means. Types of VPNs are named based upon the role they play in a
business.

Types of VPNs:

Types of VPNs are named based upon the role they play in a business. There are three
different categories of VPNs:

1. Remote access VPNs:

Remote access VPNsallow remote users like telecommuters to securely access
the corporate network wherever and whenever they need to.

Figure 2.14 remote access vpn

2. Site-to-site VPNs:
Site-to-site VPNs, or intranet VPNs, allow a company to connect its remote sites
to the corporate backbone securely over a public medium like the Internet
instead of requiring more expensive WAN connections like Frame Relay.

12
 Figure 2.15 Intranet vpn

3. Extranet VPNs:
Extranet VPNsallow an organization’s suppliers, partners, and customers to be
connected to the corporate network in a limited way for business-to-business
(B2B) communications.

Figure 2.16 Extranet vpn

2.14 Network address Translation

In computer networking, Network address translation (NAT) is the process of modifying IP

address information in IPv4 headers while in transit across a routing device. Basic NATs are
used to interconnect IP networks that have incompatible addressing. NAT is performed by
‘router’ that sits between an internal network and rest of world Local and Global Addresses
In addition to identifying inside and outside networks, the Wireless Edge Services xl
Module distinguishes between an IP address as it appears before and after translation. The
Web browser interface and the command line interface (CLI) use two terms to make this
distinction:

13
  Local IP address: The IP address as it appears before translation.
 Global IP address: The IP address as it appears after translation.

Translation modes:

 Static Translation:One to One mapping,means one IP of private network converts

into one IP of the public network.
 Dynamic Translation:Many to Many Mapping means infinite IP’s of the private
network converts into the infinite IP’s of the public network.
 Overload Translation:Many to one mapping means infinite IP’s of private network
converts into only one IP of public network..

2.15 Access Lists

An access listis essentially a list of conditions that categorize packets.They can

bereallyhelpful when you need to exercise control over network traffic. An access list would
beyour tool ofchoice for decision making in these situations.One of the most common and
easiest to understand uses of access lists is filteringunwanted packets when implementing
security policies.

Types of Access Lists:

1. Standard Access List: These use only the source IP address in an IP packet as the
condition test. All decisionsare made based on the source IP address. This means that
standard access lists basicallypermit or deny an entire suite of protocols. They don’t
distinguish between any of themany types of IP traffic such as web, Telnet, UDP,
and so on.
2. Extended access list:Itcan evaluate many of the other fields in the layer 3 and layer
4headers of an IP packet. They can evaluate source and destination IP addresses,
theprotocol field in the Network layer header, and the port number at the Transport
layerheader. This gives extended access lists the ability to make much more granular
decisionswhen controlling traffic.

2.16 VTP (Vitual Trunking Protocol)

Cisco created this one too. The basic goals of VLANTrunkingProtocol(VTP) are to
manageall configured VLANs across a switched internetwork and to maintain

14
consistencythroughout that network VTP allows you to add, delete, and rename VLANs—
informationthat is then propagated to all other switches in the VTP domain.

Features:

1. Consistent VLAN configuration across all switches in the network.

2. VLAN trunking over mixed networks, such as Ethernet to ATM LANE or even
FDDI.
3. Accurate tracking and monitoring of VLANs.
4. Dynamic reporting of added VLANs to all switches in the VTP domain.
5. Plug and Play VLAN adding.

2.17 Voice Over Internet Protocol

VoIP services convert the voice into a digital signal that travels over the Internet. Ifwe are
callinga regular phone number, the signal is converted to a regular telephone signal before it
reaches thedestination. VoIP can allow us to make a call directly from a computer, a special
VoIP phone or atraditional phone connected to a special adapter.

What Kind of Equipments are required for VoIP?

A broadband (high speed Internet) connection is required. This can be through a cable
modem, or high speed services such as DSL or a local area network. A computer, adaptor,
orspecialized phone is required. Some VoIP services only work over the computer or a
specialVoIP phone, while other services can use a traditional phone connected to a VoIP
adapter. If weuse our computer, we will need some software and an inexpensive
microphone. Special VoIPphones plug directly into the broadband connection and operate
largely like a traditionaltelephone. If we use a telephone with a VoIP adapter, we'll be able
to dial just as we always doand the service provider may also provide a dial tone.
2.19 Wireless Security
By default, wireless security is nonexistent on access points and clients. The original 802.11
committee just didn’t imagine that wireless hosts would one day outnumber bounded media
hosts,but that’s truly where we’re headed. Also, and unfortunately, just like with the IPv4
routedprotocol, engineers and scientists didn’t add security standards that are robust enough
to work ina corporate environment. So we’re left with proprietary solution add-ons to aid us
in our quest tocreate a secure wireless network. And no—I’m not just sitting here bashing

15
the standardscommittees because the security problems we’re experiencing were also
created by the U.S.government because of export issues with its own security standards.
Our world is a complicated place, so it follows that our security solutions are going to be as
well. Agood place to start is by discussing the standard basic security that was added into the
original802.11 standards and why those standards are way too flimsy and incomplete to
enable us tocreate a secure wireless network relevant to today’s challenges.
WPA or WPA 2 Pre-Shared Key:
Wi-Fi Protected Access (WPA) is a standard developed in 2003 by the Wi-Fi Alliance,
formerlyknown as WECA. WPA provides a standard for authentication and encryption of
WLANs that’sintended to solve known security problems existing up to and including the
year 2003. This takesinto account the well-publicized AirSnort and man-in-the-middle
WLAN attacks.
WPA is a step toward the IEEE 802.11i standard and uses many of the same components,
with theexception of encryption—802.11i uses AES encryption. WPA’s mechanisms are
designed to beimplementable by current hardware vendors, meaning that users should be
able to implementWPA on their systems with only a firmware/software modification.

Figure 2.19 WPA

16
 Chapter 3

Industrial Training work undertaken

3.1 Static routing

Static routing occurs when you manually add routes in each router’s routing table. By
default, Static routes have an Administrative Distance (AD) of 1.

Figure 3.1 Static routing

3.2 Dynamic routing

Dynamic routing is when protocols are used to find networks and update routing table on
routers.A routing protocol defines the set of rules used by router when it communicates
routing information between neighbor routers

Figure 3.2 Dynamic routing

17
3.3Default routing

Default routing is used to send packets with a remote destination network notin the routing
table to the next-hop router.Itonly usedindefault routing on stub networks. Those with only
one exitPath out of the network.

Figure3.3 Default routing

3.4 Domain Name Server

The most basic task of DNS is to translate hostnames to IP addressesThe Domain Name
System distributes the responsibility for assigning domain names and mappingthem to IP
networks by allowing an authoritative name server for each domain to keep track of itsown
changes, avoiding the need for a central register to be continually consulted and updated.

Figure 3.4 Ip configuration of DNS

18
3.5 Rip routing

Routing Information Protocol (RIP) is a dynamic routing protocol which uses hop count as
a routing metric to find the best path between the source and the destination network. It is
a distance vector routing protocol which has AD value 120 and works on the application
layer of OSI model. RIP uses port number 520.

Figure 3.5 Rip routing

3.6Eigrp routing

Enhanced Interior Gateway Routing: is a dynamic routing Protocol which is used to find
the best path between any two layer 3 device to deliver the packet. EIGRP works on
network layer Protocol of osi model and uses the protocol number 88.It uses metric to find
out best path between two layer 3 device (router or layer 3 switch) operating EIGRP

Figure 3.6 Eigrp routing

19
3.7 Ospf routing

Open Shortest Path First (OSPF) is a link-state routing protocol that is used to find the best
path between the source and the destination router using its own Shortest Path First).
OSPF uses multicast address 224.0.0.5 for normal communication and 224.0.0.6 for
update to designated router(DR)/Backup Designated Router (BDR).

Figure 3.7 Ospf routing

3.8VPN network

A virtual private network (VPN)allows the creation of private networks across the Internet,
enabling privacy and tunneling of non-TCP/IP protocols.VPNs are used daily to give remote
users and disjointed networks connectivity over a public medium like the Internet instead of
using more expensive permanent means

Figure 3.8 VPN Network

20
3.9 Voice over internet protocol

VoIP services convert the voice into a digital signal that travels over the Internet. Ifwe are
callinga regular phone number, the signal is converted to a regular telephone signal before it
reaches thedestination. VoIP can allow us to make a call directly from a computer, a special
VoIP phone or atraditional phone connected to a special adapter.

Figure 3.9 Voice over Internet protocol

3.10 VLAN

A VLAN is a custom network that is created from one or more Local Area Networks. It
allows a group of devices available in multiple networks to be combined into one logical
network. The result becomes a virtual LAN that is administered like a physical LAN. The
full form of VLAN is Virtual Local Area Network.

Figure 3.10 VLAN

21
 Chapter 4

Projectwork

4.1 Introduction of Project

Network security:The term Network Security can refer to either the hardware (the
computer) or the software (the computer application) that helps to deliver web content that
can be accessed through the Internet. The most common use of Network Security is to
secure your network from unauthorized clients. The primary function of a web of network
security refers to any activities designed to protect your network. His communication
between client and Routers takes place using the different protocols. Specifically, these
activities protect the usability, reliability, integrity, and safety of your network and data.
Effective network security targets a variety of threats and stops them from entering or
spreading on your network. A user agent, commonly a web browser or web crawler, initiates
communication by making a request for a specific resource using HTTP and the server
responds with the content of that resource or an error message if unable to do so. The
resource is typically a real file on the server's secondary storage, but this is not necessarily
the case and depends on how the web server is implemented through the network. In this

we have these levels of security:

 NAT (Network Address Translation).

 Access List.
 VPN (Virtual Private Network).

Many network security threats today are spread over the Internet. The most common
include:
 Viruses, worms, and Trojan horses.
 Spyware and adware.
 Zero-day attacks, also called zero-hour attacks.
 Hacker attacks.
 Denial of service attacks.
 Data interception and theft.
Role Description: The crucial purpose of a web of network security refers to any activities
designed to protect your network using NAT, VPN and Access List. The following list
shows just some of the benefits you get by using Network security in N/w:
22
  We can use the N/w security in Banking, NetBanking and ATM Machines.
 Using some firewalls block some sites.
 Networks also allow security to be established.
Types of Networking:

1. LAN(Local Area Network):A local Area Network is a group of computers and

network communications devices within a limited graphic area such as an office
building.This network is used for sharing of many resources or information. For
2. WAN(Wide Area Network): A wide Area Network is that network which covers
unlimited graphic area. In this network we connect multiple networks. Routes
are used to connect them.
3. A Metropolitan area network: is a network that connects two or more Local
Area Networks. A WAN can create within 50 km of range. It isdistributed to a
city or large area just like cable TV network it is also single. One may be
running MAN while others use it.

4.2 Network Designing

Figure 4.2.1 : Front end

Network Topologies

Topology refers to the way in which the network of computers is connected. Each topology
issuited to specific tasks and has its own advantages and disadvantages. The choice of topology
is dependent upon

 Type and number of equipment being used

 Planned applications and rate of data transfers
 Required response times
 Cost

23
1. BUS topology

 A single cable connects each workstation in a linear, daisy-chained fashion.

 Signals are broadcasted to all stations, but stations only act on the frames addressed to
them.

Figure 4.2.2 Bus topolgy

2 . ring topology:

 Unidirectional links connect the transmit side of one device to the receive side of
another device.
 Devices transmit frames to the next device (downstream member) in the ring.

Figure 4.2.3 Ring topology

Internet i.e. so many ISPs (Internet Service Providers) :-

24
  A google server, a Gmail server, a facebook server, a Google server and a domain
name server are inter-connected via cross-over cables.

Figure 4.2.4 Back End(ISP)

Hardware Used

 Routers : Cisco 2811 Series.

 Switches : Cisco 2960 Series.
 Devices : Computers, Servers, Wireless Routers.
 Other Media : Console cables, Ethernet cables, Serial cable etc.

Software Used:

 Operating System : Windows 2012SERVER,Windows7 etc.

 Front end tools : Cisco Packet Tracer.
4.3 Routing protocols

4.3.1 RIP (Routing Information Protocol):

 RIP uses hop count as a routing metric.

 Routing Information Protocol is a true distance-vector routing protocol.
 It sends the complete routing table out to all active interfaces every 30 seconds.
 RIP only uses hop count to determine the best way to remote network, but it has a
maximum allowable hop count of 0-15 by default, meaning that 16 is deemed
unreachable.
 RIP version 1 uses only class full routing, which means that all devices in the
network must use the same subnet mask.
 RIP version 2 provides something called prefix routing, and does send subnet mask
information with the route updates. This is called classless routing.

25
 Figure 4.3.1 RIP

Configuring RIP:

Router#conf t

Router(config)#router rip

Router(config-router)#network <own net address>

Router(config-router)#network <own net address>

Router(config-router)#exit

4.3.2 EIGRP (Enhanced Interior Gateway Routing Protocol):

Advanced version of IGRP developed by Cisco. Provides superior convergence properties

and operating efficiency, and combines the advantages of link state protocols with those of
distance vector protocols.

Figure 4.3.2 EIGRP

Configuration of EIGRP:
26
Router(config)#router eigrp<as no>

Router(config-router)#network <net addr.>

Router(config-router)#network <net addr.>

Router(config-router)#exit

Configuring EIGRP:

On Router 0:

Router#config t

Router(config)#int f 0/0

Router(config)#ip address 10.0.0.1 255.0.0.0

Router(config)#no shutdown

Router(config)#intser 0/0/0

Router(config)#ip add 11.0.0.1 255.0.0.0

Router(config)#no shut

Router(config)#intser 0/0/1

Router(config)#ip add 23.0.0.2 255.0.0.0

Router(config)#no shut

Router(config)#intser 0/1/0

Router(config)#ip add 192.168.10.210 0.255.255.255

Router(config)#no shut

Router(config)#intser 0/0/1

Router(config)#ip add 12.0.0.1 255.0.0.0

Router(config)#no shut

Router(config)#do write

Router(config)#router eigrp 10

27
Router(config-router)#network 10.0.0.0 0.255.255.255

Router(config-router)#network 11.0.0.0 0.255.255.255

Router(config-router)#network 12.0.0.0 0.255.255.255

Router(config-router)#network 23.0.0.0 0.255.255.255

Router(config-router)#network 192.168.10.208 0.0.0.15

Router(config-router)#exit

Router(config)#do write

Router(config)#exit

Router#shorunnig-config

Router#showip protocols

Router#show interface brief

Router#showip protocols

Routing Protocol is "eigrp10 "

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Default networks flagged in outgoing updates

Default networks accepted from incoming updates

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Redistributing: eigrp 10

Automatic network summarization is in effect

Automatic address summarization:

192.168.10.0/24 for FastEthernet0/0, Serial0/0/1, Serial0/0/0, Serial0/1/1

Summarizing with metric 2169856

28
Maximum path: 4

Routing for Networks:

192.168.10.0

12.0.0.0

11.0.0.0

23.0.0.0

10.0.0.0

Routing Information Sources:

Gateway Distance Last Update

23.0.0.1 90 6522

11.0.0.2 90 8684

192.168.10.209 90 8736

12.0.0.2 90 9112

Router#showip interface brief

Interface IP-Address OK? Method StatusProtocol
FastEthernet0/0 10.0.0.1 YES manual upup
FastEthernet0/0.1 unassignedYES unset up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 11.0.0.1 YES manual up up
Serial0/0/1 23.0.0.2YES manual up up
Serial0/1/0 192.168.10.210 YES manual up up
Serial0/1/1 12.0.0.1 YES manual up up
Serial0/2/0 unassigned YES unset administratively down down
Serial0/2/1 unassigned YES unset administratively down Serial0/3/1unassigned YES
unset administratively down
4.3.3 OSPF (Open Shortest Path First):
Link-state, hierarchical IGP routing protocol proposed as a successor to RIP in the
Internet community. OSPF features include least-cost routing, multipath routing, and
load balancing. OSPF was derived from an early version of the ISIS protocol.

29
 Figure 4.3.3 OSPF

Configuring OSPF:

Router#conf t

Router(config)#router ospf<process no>

Router(config-router)#network <net address><wild mask> area <area id>

Router(config-router)#network <net address><wild mask> area <area id>

Router(config-router)#do write

Router(config-router)#exit

4.4 VLAN (Virtual local area network)

Network adds, moves, and changes are achieved with ease by just configuring aport into the
appropriate VLAN.A group of users that need an unusually high level of security can be put
into itsown VLAN so that users outside of the VLAN .VLANs greatly enhance network
security.VLANs increase the number of broadcast domains while decreasing their size.

Figure4.4 VLAN

Using commands:
30
Router 6:

Router(config)#intf 0/0

Router(config)#ip add 15.0.0.1 255.0.0.0

Router(config)#no shut

Router(config)#intser 0/3/0

Router(config)#ip add 14.0.0.2 255.0.0.0

Router(config)#no shutdown

Router(config)#intser 0/0/0

Router(config)#ipadd 22.0.0.2 255.0.0.0

Router(config)#no shutdown

Router(config)#router eigrp 10

Router(config)#network 15.0.0.0 0.255.255.255

Router(config)#network 14.0.0.0 0.255.255.255

Router(config)#network 22.0.0.0 0.255.255.255

Router(config)#do write

Router(config)#intf 0/0.1 (Sub interface)

Router(config)#encapsulation dot1q 10

Router(config)#ip address 75.0.0.101 255.0.0.0

Router(config)#do write

Router(config)#intf 0/0.2 (Sub interface)

Router(config)#encapsulation dot1q 20

Router(config)#ip address 76.0.0.101 255.0.0.0

Router(config)#do write

Creating VLAN’s:

Switch#config t

Switch(config)#vlan 10

Switch(config)#name LAB1

31
 Switch(config)#vlan 20

Switch(config)#name LAB2

Switch(config)#interface rangefastethernet 0/2 -7

Switch(config)#switchport access vlan 10

Switch(config)#do write

Switch(config)#exit

Switch#shovlan

4.5 Virtual private Network

A virtual private network (VPN) allows the creation of private networks across the Internet,
enabling privacy and tunneling of non-TCP/IP protocols.A virtual private network
(VPN)allows the creation of private networks across the Internet, enabling privacy and
tunneling of non-TCP/IP protocols.VPNs are used daily to give remote users and disjointed
networks connectivity over a public medium like the Internet instead of using more
expensive permanent means. Types of VPNs are named based upon the role they play in a
business.

Figure 4.5 VPN NETWORK:

Using Commands:
On Router9:
Router>enable
Router#config t
Router(config)#interface f 0/0
Router(config-if)#ip address 25.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#interface ser 0/1/0
Router(config-if)#ip address 22.0.0.1 255.0.0.0
32
Router(config-if)#no shutdown
Router(config-if)#router eigrp 10
Router(config-router)#network 22.0.0.0 0.255.255.255
Router(config-router)#do write
Router(config-router)#exit
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 66.0.0.0
Router(config-router)#network 25.0.0.0
Router(config-router)#do write
Router(config-router)#exit
Router(config)#do show running-config
Router(config)#exit
Router#showip protocols
Router#show interface brief
Router(config)#interface tunnel 10
Router(config)#ip address 66.0.0.1 255.0.0.0
Router(config)#Tunnel destination 23.0.0.1
Router(config)#do write
Router(config)#exit
On Router 10:
Router#confg t
Router(config)#
Router(config)#interface f 0/0
Router(config-if)#ip address 24.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#interface ser 0/1/0
Router(config-if)#ip address 23.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#router eigrp 10
Router(config-router)#network 23.0.0.0 0.255.255.255
Router(config-router)#do write
Router(config-router)#exit
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 66.0.0.0
Router(config-router)#network 24.0.0.0
Router(config-router)#do write
Router(config-router)#exit
Router(config)#do show running-config
Router(config)#exit
Router#showip protocols
Router#show interface brief
Router(config)#interface tunnel 10
Router(config)#ip address 66.0.0.2 255.0.0.0
Router(config)#Tunnel destination 22.0.0.1
33
 Router(config)#do write
Router(config)#exit

4.6 NAT (Network address translation)

NAT is used to convert private IP into the public IP.It is used for the security purpose. In
this, the only private network can access the public network but the public network cannot
access the private network. NAT is a way to conserve IP addresses.Hide a number of hosts
behind a single IP addressesOverload NAT: We can translate a group of private ip
addresses into single public IP address.

Configuration of overload NAT:

1700C

Router>enable

Router#configuration terminal

Router(config)#hostname 1700C

1700C(config)#interface Fast Ethernet 0/0

1700C(config-if)#ip address 13.0.0.1 255.0.0.0

1700C(config-if)#no shutdown

1700C(config)#interface Serial 0/1/0

1700C(config-if)#ip address 11.0.0.2 255.0.0.0

1700C(config-if)#no shutdown

1700C(config-if)#exit

1700C(config)#access-list 10 permit 13.0.0.1 0.255.255.25

1700C(config)#ipnat pool abc 11.0.0.3 11.0.0.3 netmask 255.0.0.0

1700C(config)#ipnat inside source list 10 pool abc overload

1700C(config)#interface F0/0

1700C(config-if)#ipnat inside

1700C(config-if)#interface S0/1/0

1700C(config-if)#ipnat outside

34
4.7 ACCESS LISTS
An access listis essentially a list of conditions that categorize packets.They can
bereallyhelpful when you need to exercise control over network traffic. An access list would
beyour tool ofchoice for decision making in these situations.One of the most common and
easiest to understand uses of access lists is filteringunwanted packets when implementing
security policies.

Figure 4.7 Access List

Standard access lists Configuration:

1700A

Router>enable

Router#configuration terminal

Router(config)#hostname 1700A

1700A(config)#line vty 0 5

1700A(config-line)#password 5555

1700A(config-line)#enble secret

1700A(config-line)#login

1700A(config-line)#exit

1700A(config)#interface Fast Ethernet 0/0

1700A(config-if)#ip address 16.0.0.1 255.0.0.0

1700A(config-if)#no shutdown

35
1700A(config)#interface Serial 0/0/1

1700A(config-if)#ip address 14.0.0.1. 255.0.0.0

1700A(config-if)#no shutdown

1700A(config)#router eigrp 10

1700A(config-router)#network 16.0.0.0 0.255.255.255

1700A(config-router)#network 24.0.0.0 0.255.255.255

1700A(config-router)#control Z

1700A#show ip route

1700A#show ip interface brief

1700A#show ip protocol

1700A(config)#access-list 10 deny 76.0.0.101 0.0.0.0 (standard access-list range 1-99)

1700A(config)#access-list 10 permit any (access to telnet others IP)

1700A(config)#line vty 0 5 (inform to telnet)

1700A(config-line)#access-class 10 in (enble)

1700A(config-line)#no access-class 10 in (disable)

1700A(config-line)#control Z

1700A#show ip access-list

1700B

Router>enable

Router#configuration terminal

Router(config)#hostname 1700B

1700B(config)#interface Fast Ethernet 0/0

1700B(config-if)#ip address 15.0.0.1 255.0.0.0

1700B(config-if)#no shutdown

1700B(config)#interface Serial 0/3/0

1700B(config-if)#ip address 14.0.0.2 255.0.0.0

1700B(config-if)#no shutdown

36
 1700B(config)#router eigrp 10

1700B(config-router)#network14.0.0.0 0.255.255.255

1700B(config-router)#network 15.0.0.0 0.255.255.255

1700B(config-router)#control Z

1700B#show ip route

1700B#show ip interface brief

1700B#showip protocol.

4.8 VTP (Virtual trunking protocol)

VTP

Cisco created this one too. The basic goals of VLANTrunkingProtocol(VTP) are to
manageall configured VLANs across a switched internetwork and to maintain
consistencythroughout that network VTP allows you to add, delete, and rename VLANs—
informationthat is then propagated to all other switches in the VTP domain

USING COMMANDS:

On Server Switch:

Switch>enable

Switch#config t

Switch(config)#vtp domain hcl.com

Switch(config)#vtp password abc

Switch(config)#vtp mode server

Switch(config)#vlan 10

Switch(config)#name LAB1

Switch(config)#vlan 20

Switch(config)#name LAB2

Switch(config)#do write

Switch(config)#exit

Switch(config)#intf 0/2

Switch(config)#switchport mode trunk

37
 Switch(config)#intf 0/6

Switch(config)#switchport mode trunk

Switch(config)#intf 0/7

Switch(config)#switchport mode trunk

Switch#showvlan

Switch#showvtp password

Switch#showvtp status

VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : hcl.com
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled

On Client switch:

Switch>enable

Switch#config t

Switch(config)#vtp domain hcl.com

Switch(config)#vtp password abc

Switch(config)#vtp mode client

Switch(config)#vlan 10

Switch(config)#name LAB1

Switch(config)#do write

Switch(config)#exit

Switch#showvlan

Switch#showvtp status

Switch#showvtp password

On Client Switch:

38
 Switch>enable

Switch#config t

Switch(config)#vtp domain hcl.com

Switch(config)#vtp password abc

Switch(config)#vtp mode client

Switch(config)#vlan 20

Switch(config)#name LAB2

Switch(config)#do write

Switch(config)#exit

Switch#showvlan

Switch#showvtp status

Switch#showvtp password

4.9 VOIP(Voice over internet protocol)

VoIP services convert the voice into a digital signal that travels over the Internet. Ifwe are
callinga regular phone number, the signal is converted to a regular telephone signal before it
reaches thedestination. VoIP can allow us to make a call directly from a computer, a special
VoIP phone or atraditional phone connected to a special adapter.

Figure 4.9 VOIP

Configuration commands:
39
 On Router 1700B:

1700B>

1700B>enable

1700B#config terminal

1700B(config)#ipdhcp pool voip2

1700B(config)#network 15.0.0.0 255.0.0.0

1700B(config)#default-router 15.0.0.1

1700B(config)#option 1500 ip 15.0.0.1

1700B(config)#dns-server 192.168.10.198

1700B(config)#exit

1700B(config)#telephony-service

1700B(config)#Auto-assign 1 to 5

1700B(config)#max-dn 5

1700B(config)#max-ephones 5

1700B(config)#Ip source-address 15.0.0.1 port 2000

1700B(config)#ephone-dn 1

1700B(config)#number 1000

1700B(config)#dial-peer voice 2 voip

1700B(config)#session target ipv4:12.0.0.1

1700B(config)#destination-pattern 100

1700B#show running-config

4.10 DNS (Domain name server)

Domain Name Server:The most basic task of DNS is to translate hostnames to IP

addresses. In very simple terms, it canbe compared to a phone book. DNS also has other
40
important uses.Aboveall, DNS makes it possible to assign Internet names to organizations
(or concerns theyrepresent) independent of the physical routing hierarchy represented by the
numerical IP address.Because of this, hyperlinks and Internet contact information can
remain the same, whatever the Current IP routing arrangements may be, and can take a
human-readable form (such as"example.com"), which is easier to remember than the IP
address 208.77.188.166. People takeadvantage of this when they recite meaningful URLs
and e-mail addresses without caring how themachine will actually locate them.The Domain
Name System distributes the responsibility for assigning domain names and mappingthem to
IP networks by allowing an authoritative name server for each domain to keep track of
itsown changes, avoiding the need for a central register to be continually consulted and
updated.

Figure 4.10 Domain name server

Figure 4.11 Google server

41
Figure 4.12 Facebook server

Figure 4.13 Gmail server

42
 Chapter 5
Results and Discussion
5.1 internet

Figure 5.1 Internet

5.2 standard and extended access list

Figure 5.2 Standard and Extended Acces list

5.3 computer lab and data center

Figure 5.3 computer lab and data center

43
5.4 Banking

Figure 5.4 Banking

5.5 Security Guard room

Figure 5.5 Security Guard room

5.6 Reception

Figure 5.6 Reception

44
5.7 E-Library

Figure 5.7 E-Library

5.8 Girls and Boys Hostel

Figure 5.8 girls and boys hostel

45
 Chapter 6

References

6.1 Reference

 www.wikipedia.com

 www.computernetworkingnotes.com

 www.cisco.com

 www.geeksforgeeks.org

46