Network with CISCO

By

Msc.Ing. Fatjon MUҪA

Mathematical Engineer
The whole is more than the sum of its parts.
Aristotle, Metaphysical
 I. Computer Science & Engineering Research
There is a slight difference between Computer Science (CS) and Computer Engineering research.
The fundamental knowledge underlying computing research is from philosophy (see Figure 1).
Philosophical research is characterized by abstract academic exercise which are constrained by
reasoning and formalized in logic. At the next level is Mathematics. Mathematical research are
analytic in nature and they are constrained by theoretically provable propositions and axioms.
Computer science is at the next level of research and it derives its power of expression from
mathematics, particularly discrete mathematics.
Computer science research are constrained by what is theoretically computable.
Computer engineering research derives is power of problem solving from computer science and
its solution is constrained by technology and human needs. The technology on which computer
engineering research rests comes from electronic engineering. A key task in computer
engineering is design. This involves the use of knowledge from computer science to craft out a
solution that meets human needs.

II. Cisco Packet Tracer

Cisco Packet Tracer is a powerful network simulation program that allows students to
experiment with network behavior and ask “what if” questions. As an integral part of the
Networking Academy comprehensive learning experience, Packet Tracer provides simulation,
visualization, authoring, assessment, and collaboration capabilities and facilitates the teaching
and learning of complex technology concepts. Packet Tracer supplements physical equipment in
the classroom by allowing students to create a network with an almost unlimited number of
devices, encouraging practice, discovery, and troubleshooting.
The simulation based learning environment helps students develop 21st century skills
such as decision making, creative and critical thinking, and problem solving. Packet Tracer
complements the Networking Academy curricula, allowing instructors to easily teach and
demonstrate complex technical concepts and networking systems design. With Packet Tracer,
instructors can customize individual or multiuser activities, providing hands-on lessons for
students that offer value and relevance in their classrooms. Students can build, configure, and
troubleshoot networks using virtual equipment and simulated connections, alone or in
collaboration with other students. Most importantly, Packet Tracer helps students and instructors
create their own virtual “network worlds” for exploration, experimentation, and explanation of
networking concepts and technologies.
III. OSI and TCP/IP
1. OSI model
One of the most important concepts to understand networking is the Open Systems
Interconnect (OSI) reference model. This conceptual model created by the International
Organization for Standardization (ISO) in 1978 and revised in 1984 describes a network
architecture that allows to be passed date between computer systems. The OSI model and
describes how it relates to the real-world networking. Also it examines how common network
devices relate to the OSI model. Even though the OSI model is conceptual, an appreciation of it
purpose and function can help you understand better how and network protocol suites
architectures work in practical applications.

The OSI Seven-Layer Model

As shown in Figure 2, the OSI reference model is built, bottom to top, in the following
order: physical, data link, network, transport, session, presentation, and application. The physical
layer is classified as Layer 1, and the top layer of the model, the application layer, is Layer 7

Figure 2. The OSI Seven-Layer Model

Each layer of the OSI model has a specific function. The following sections describe the
function of each layer, starting with the physical layer and working up the model.

Physical Layer (Layer 1)

The physical layer of the OSI model identifies the network's physical character is tics,
including the following specifications:
 Hardware: The type of media used on the network, such as type of cable, type of
connector, and pinot format for cables.
 Topology: The physical layer to the EU identifies the topology used in the
network. Common topologies include ring, mesh, star, and bus.
In addition to these characteristics, the physical layer defines the voltage used on given a
medium and the frequency at which the signals , that carry the date oper-it. Characteristics these
dictate the speed and bandwidth of a medium Given, as well as the maximum distance over a
certain media type which can be used.

Data Link Layer (Layer 2)

The data link layer is responsible for getting data to the physical layer so dry it can be
transmitted over the network. The data link layer is also responsible for error detection, error
correction, and hardware addressing. The term frame is used to describe the logical grouping of
data at the data link layer. The data link layer has two distinct sublayers:
 Media Access Control (MAC) layer: The MAC address is defined at this layer. The
MAC address is the physical hardware address or burned into each network interface card
(NIC). The MAC sublayer controls also access to network media. The MAC layer
specification is included in the IEEE 802.1 standard.
 Logical Link Control (LLC) layer: The LLC layer is responsible for the error and flow-
control mechanisms of the data link layer. The LLC layer is specified in the IEEE 802.2
standard.

Network Layer (Layer 3)

The primary responsibility of the network layer is routing -providing mechanisms by
which can be passed data from one system to another network. The network layer does not
specify how the date is passed is, but rather provides the mechanisms to do so. Functionality at
the network layer is provided through routing protocols, which are software components.
Protocols are at the network layer also responsible for route selection, which wafers to
determining the best path for the data to take throughout the network. In contrast to the data link
layer, which uses MAC addresses to Communicate on the LAN, network layer configured
protocols addresses and use special software routing protocols to communicate on the
network. The term packet is used to describe the logical grouping of data at the network layer.

Transport Layer (Layer 4)

The basic function of the transport layer is to transport mechanisms to provide data
between network devices. Primarily it does this in three ways:
 Error checking: Protocols at the transport layer ensure that data is sent received or
correctly.
 Addressing Service: Protocols such as TCP / IP network support many services. The
transport layer makes me sure That date is Passed to the right service at the upper layers
of the OSI model.
 Segmentation: To traverse the network, blocks of data need to be bro-ken that into
packets are of a manageable size for the lower layers to handle. This process,
called segmentation, is the responsibility of the transport layer.

Protocols at the Transport Layer

Protocols that operate at the transport layer oath can either connectionless, such
or user datagram protocol (UDP), or connection-oriented, such as transmission control protocol
(TCP). For a further discussion of these protocols, and of the dif-franc between connection-
oriented and connectionless protocols, referee to the later section "connectionless and
connection-oriented protocols."

Flow Control
The transport layer is also responsible for data flow control, which refers to how can
accept the receiving device transmissions date. Two common methods of used flow control are:
 Buffering: When buffer flow control is used, the date is temporarily stored and waits for
the destination device to become available. buffering can cause a problem f the sending
device transmits data much faster can the receiving device than manage it.
  Windowing: In a windowing environment, data is sent in groups and of segments
That require mends only one acknowledgment. The size of the window is defined when
the session between the two devices is established. As you can imagine, the need to have only
one acknowledgment for every, say, five can greatly reduce overhead segments.

Session Layer (Layer 5)

The session layer is responsible for managing and controlling the synchronization of data
between applications on two devices. It does this by establishing, maintaining, and breaking
sessions. Whereas the transport layer is responsible for setting up and maintaining the connection
between the two nodes, the session layer performs the same function on BEHALF of the
application.

Presentation Layer (Layer 6)

The presentation layer's basic function is to convert the date intended for or received from
the application layer into another format. Such conversion is necessary because of how the date
is formatted so dry it can be transported across the network. Applications can't necessarily read
this conversion. Some common date formats by the presentation layer handled include the
following:
 Graphics files: JPEG, TIFF, GIF, and so on are graphics file formats that require the
formatted data to swear in a certain way.
 Text and date: The presentation layer can translate into different dates formats, such as
american standard code for information interchange (ASCII) and Extended Binary Coded
Decimal Interchange Code (EBCDIC).
 Sound / video, MPEG, MP3, and MIDI files all have their own date for-mats to and from
which must be converted date.
Another very important function of the presentation layer is encryption which is the
scrambling of data so it can't that oath read by anyone other than the intended recipient. given the
basic roles of the presentation layer-that of date-format translator's obvious is the place for
encryption and decryption to take place.

Application Layer (Layer 7)

In simple terms, the function of the application layer is to take requests and date pass
from the users and say to the lower layers of the OSI model. Incoming information is passed to
the application layer, said quall displays the infarction to the users. Some of the most basic
application-layer services include file and print capabilities.
The most common misconception about the application layer is dry it repression that are
used sent applications on a system such as a web browser, word making processor, or
spreadsheet. Instead, the application layer defines the processes that enable applications to use
network services. For example, the if an application needs to open a file from a network drive,
the functionality is provided by components that reside at the application layer.

2. TCP/IP architectural model

The TCP/IP protocol suite is so named for two of its most important protocols:
Transmission Control Protocol (TCP) and Internet Protocol (IP). A less used name for it is the
Internet Protocol Suite, which is the phrase used in official Internet standards documents. In this
book, we use the more common, shorter term, TCP/IP, to refer to the entire protocol suite.
The main design goal of TCP/IP was to build an interconnection of networks, referred to
as an internetwork, or internet, that provided universal communication services over
heterogeneous physical networks. The clear benefit of such an internetwork is the enabling of
communication between hosts on different networks, perhaps separated by a large geographical
area.
The words internetwork and internet are simply a contraction of the phrase
interconnected network. However, when written with a capital “I”, the Internet refers to the
worldwide set of interconnected networks. Therefore, the Internet is an internet, but the reverse
does not apply. The Internet is sometimes called the connected Internet.
The Internet consists of the following groups of networks:
 Backbones: Large networks that exist primarily to interconnect other networks. Also
known as network access points (NAPs) or Internet Exchange Points (IXPs). Currently,
the backbones consist of commercial entities.
 Regional networks connecting, for example, universities and colleges.
 Commercial networks providing access to the backbones to subscribers, and networks
owned by commercial organizations for internal use that also have connections to the
Internet.
 Local networks, such as campus-wide university networks.
In most cases, networks are limited in size by the number of users that can belong to the
network, by the maximum geographical distance that the network can span, or by the
applicability of the network to certain environments. For example, an Ethernet network is
inherently limited in terms of geographical size. Therefore, the ability to interconnect a large
number of networks in some hierarchical and organized fashion enables the communication of
any two hosts belonging to this internetwork.
Like most networking software, TCP/IP is modeled in layers. This layered representation
leads to the term protocol stack, which refers to the stack of layers in the protocol suite. It can be
used for positioning (but not for functionally comparing) the TCP/IP protocol suite against
others, such as Systems Network Architecture (SNA) and the Open System Interconnection
(OSI) model. Functional comparisons cannot easily be extracted from this, because there are
basic differences in the layered models used by the different protocol suites.
By dividing the communication software into layers, the protocol stack allows for
division of labor, ease of implementation and code testing, and the ability to develop alternative
layer implementations. Layers communicate with those above and below via concise interfaces.
In this regard, a layer provides a service for the layer directly above it and makes use of services
provided by the layer directly below it. For example, the IP layer provides the ability to transfer
data from one host to another without any guarantee to reliable delivery or duplicate suppression.
Transport protocols such as TCP make use of this service to provide applications with reliable,
in-order, data stream delivery.
 Figure 3. The TCP/IP Seven-Layer Model
IP Addressing

As with any other network-layer protocol, the IP addressing scheme is integral to the
process of routing IP datagram’s through an internetwork. Each IP address has specific
components and follows a basic format. These IP addresses can be subdivided and used to create
addresses for subnetworks.

Each host on a TCP/IP network is assigned a unique 32-bit logical address that is divided
into two main parts: the network number and the host number. The network number identifies a
network and must be assigned by the Internet Network Information Center (InterNIC) if the
network is to be part of the Internet. An Internet Service Provider (ISP) can obtain blocks of
network addresses from the InterNIC and can itself assign address space as necessary. The host
number identifies a host on a network and is assigned by the local network administrator.

IP Subnet Addressing

IP networks can be divided into smaller networks called subnetworks (or subnets).
Subnetting provides the network administrator with several benefits, including extra flexibility,
more efficient use of network addresses, and the capability to contain broadcast traffic (a
broadcast will not cross a router).

Subnets are under local administration. As such, the outside world sees an organization as
a single network and has no detailed knowledge of the organization’s internal structure.

MAC Address

MAC Address or Media Access Control Address is a unique identifier assigned to the
physical hardware of your network interface, i.e., your computer network card. Each network
card will have its own, unique MAC address. If you have a wired and wireless card, you will
have (2) MAC addresses for your machine. There can also be MAC addresses assigned to
software configured network devices as well.
IV. 1G, 2G, 3G, 4G - The Evolution of Wireless Generations
0G Wireless technology
0G refers to pre-cell phone mobile telephony technology, such as radio telephones that
some had in cars before the advent of cell phones. Mobile radio telephone systems preceded
modern cellular mobile telephony technology. Since they were the predecessors of the first
generation of cellular telephones, these systems are called 0G (zero generation) systems.

1G: Analog Cellular Networks

The main technological development that distinguished the First Generation mobile
phones from the previous generation was the use of multiple cell sites, and the ability to transfer
calls from one site to the next as the user travelled between cells during a conversation. The first
commercially automated cellular network (the 1G generations) was launched in Japan by NTT in
1979.

In 1984, Bell Labs developed modern commercial cellular technology, which employed
multiple, centrally controlled base stations (cell sites), each providing service to a small area (a
cell). The cell sites would be set up such that cells partially overlapped. In a cellular system, a
signal between a base station (cell site) and a terminal (phone) only need be strong enough to
reach between the two, so the same channel can be used simultaneously for separate
conversations in different cells.

As the system expanded and neared capacity, the ability to reduce transmission power
allowed new cells to be added, resulting in more, smaller cells and thus more capacity.

2G: Digital Networks

In the 1990s, the 'second generation' (2G) mobile phone systems emerged, primarily
using the GSM standard. These 2G phone systems differed from the previous generation in their
use of digital transmission instead of analog transmission, and also by the introduction of
advanced and fast phone-to-network signaling. The rise in mobile phone usage as a result of 2G
was explosive and this era also saw the advent of prepaid mobile phones.

The second generation introduced a new variant to communication, as SMS text

messaging became possible, initially on GSM networks and eventually on all digital networks.
Soon SMS became the communication method of preference for the youth. Today in many
advanced markets the general public prefers sending text messages to placing voice calls.

Some benefits of 2G were Digital signals require consume less battery power, so it helps
mobile batteries to last long. Digital coding improves the voice clarity and reduces noise in the
line. Digital signals are considered environment friendly. Digital encryption has provided
secrecy and safety to the data and voice calls. The use of 2G technology requires strong digital
signals to help mobile phones work properly.

“2.5G” using GPRS (General Packet Radio Service) technology is a cellular wireless
technology developed in between its predecessor, 2G, and its successor, 3G. GPRS could
provide data rates from 56 Kbit/s up to 115 Kbit/s. It can be used for services such as Wireless
Application Protocol (WAP) access, Multimedia Messaging Service (MMS), and for Internet
communication services such as email and World Wide Web access.

2.75 – EDGE is an abbreviation for Enhanced Data rates for GSM Evolution. EDGE
technology is an extended version of GSM. It allows the clear and fast transmission of data and
information up to 384kbit/s speed.

3G : High speed IP data networks

As the use of 2G phones became more widespread and people began to use mobile
phones in their daily lives, it became clear that demand for data services (such as access to the
internet) was growing. Furthermore, if the experience from fixed broadband services was
anything to go by, there would also be a demand for ever greater data speeds. The 2G technology
was nowhere near up to the job, so the industry began to work on the next generation of
technology known as 3G. The main technological difference that distinguishes 3G technology
from 2G technology is the use of packet switching rather than circuit switching for data
transmission.

The high connection speeds of 3G technology enabled a transformation in the industry:

for the first time, media streaming of radio and even television content to 3G handsets became
possible. In the mid 2000s an evolution of 3G technology begun to be implemented, namely
High-Speed Downlink Packet Access (HSDPA). It is an enhanced 3Gmobile telephony
communications protocol in the High-Speed Packet Access (HSPA) family, also coined 3.5G,
3G+ or turbo 3G, which allows networks based on Universal Mobile Telecommunications
System (UMTS) to have higher data transfer speeds and capacity. Current HSDPA deployments
support down-link speeds of 1.8, 3.6, 7.2 and 14.0 Mbit/s. Further speed increases are available
with HSPA+, which provides speeds of up to 42 Mbit/s downlink and 84 Mbit/s with Release 9
of the 3GPP standards.

4G: Growth of mobile broadband

Consequently, the industry began looking to data-optimized 4th-generation technologies,
with the promise of speed improvements up to 10-fold over existing 3G technologies. It is
basically the extension in the 3G technology with more bandwidth and services offers in the 3G.
The expectation for the 4G technology is basically the high quality audio/video streaming
over end to end Internet Protocol. The first two commercially available technologies billed as 4G
were the WiMAX standard and the LTE standard.
One of the main ways in which 4G differed technologically from 3G was in its
elimination of circuit switching, instead employing an all-IP network. Thus, 4G ushered in a
treatment of voice calls just like any other type of streaming audio media, utilizing packet
switching over internet, LAN or WAN networks via VoIP.4G LTE data transfer speed can reach
peak download 100 Mbit/s, peak upload 50 Mbit/s, WiMAX offers peak data rates of 128 Mbit/s
downlink and 56 Mbit/s uplink.

Bluetooth
The companies of computer science and telecommunications needed to develop an
opened, low cost interface to make easier the communication between devices without using
cables. This is the origin of the technology which key name is "Bluetooth". This is a fact
nowadays, but now another problem arises and is that there are a lot of standards and
technologies, incompatible between them. What we need now is a universal, valid device for the
connection of all kinds of peripheral, and that works in a transparent way for the user. This is
Bluetooth.
Bluetooth is a standard used in links of radio of short scope, destined to replace wired
connections between electronic devices like cellular telephones, Personal Digital Assistants
(PDA), computers, and many other devices. Bluetooth technology can be used at home, in the
office, in the car, etc. This technology allows to the users instantaneous connections of voice and
information between several devices in real time. The way of transmission used assures
protection against interferences and safety in the sending of information.
The standard Bluetooth operates in the band of 2,4 GHz. Though worldwide, this band is
available, the width of the band can differ in different countries. This is the frequency of band of
the scientific and medical industries 2.45 GHz (ISM*). The ranges of the bandwidth in The
United States and Europe are between 2.400 to 2.483,5 MHz and it covers part of France and
Spain. The ranges of the bandwidth in Japan are between 2.471 to 2.497 MHz. So the system can
be used worldwide due to that the transmitters of radio covers 2.400 and 2.500 MHz and it is
possible to select the appropriate frequency. This ISM* is opened for any system of radio and
must take care of the interferences of monitors for baby, the controls for doors of garages, the
wireless telephones and the microwave ovens (the source with higher interference).

Satellite communications
Satellites can provide global, ubiquitous and multipoint communications. Not
surprisingly, satellite technology has become a flexible and cost-effective solution for domestic
and international networks, irrespective of the user’s geographic location. Wire line and wireless
lack this ability to leap across continents and oceans, often linking some of the world’s most
remote spots.
Satellite technology can thus become a solution for some of the most complicated access
problems, connecting cities across a large landmass, where copper or fiber would be cost
prohibitive. Bringing broadband to the “last mile” of residences and businesses. Overcoming
regulatory issues that make alternative carriers dependent on incumbents.
Satellites also have a major role to play in designing, developing and expanding a
network. With a satellite and Earth Stations, you can create a network on a permanent or interim
basis much more rapidly than “laying cable.” An interim station will even let you test a market or
provide emergency service prior to a major infrastructure investment. You can also rapidly scale
and re-provision a satellite based network to meet increasing and changing needs.
The benefits of satellite communications have steadily expanded its usage. Today,
satellites’ diverse purposes encompass wide area network communication, cellular backhaul,
Internet trucking, television broadcasting and rural telephony. Satellites are also on the frontiers
of such advanced applications as telemedicine, distance learning, Voice over Internet Protocol
(VoIP) and video on demand (VOD).
Intelsat has created this Primer to provide an introduction to the technology used in
satellite networks. Our intention is help you understand, in general terms, why and how satellite
technology might meet your needs. For more information, we invite you to talk to our experts
and discuss your specific requirements. We hope this introductory material will be useful to you
in meeting the challenges ahead in your network.

Ultra-Wideband (UWB) Technology

The wireless freedom experienced by personal computer, handheld, consumer electronics
and cell phone users is moving into the digital home and office. People want greater freedom and
convenience in connecting all types of devices. The answer is Ultra Wideband (UWB)
Technology. This power-efficient solution will provide the high bandwidth required by the latest
and future portable home and office devices for multiple digital video and audio streams.
How UWB Works?
UWB differs substantially from conventional narrowband radio frequency (RF) and
spread spectrum technologies (SS), such as Bluetooth* Technology and 802.11a/b/g. A UWB
transmitter works by sending billions of pulses across a very wide spectrum of frequency several
GHz in bandwidth. The corresponding receiver then translates the pulses into data by listening
for a familiar pulse sequence sent by the transmitter.
UWB’s combination of larger spectrum, lower power and pulsed data improves speed
and reduces interference with other wireless spectra. In the United States, the Federal
Communications Commission (FCC) has mandated that UWB radio transmissions can legally
operate in the range from 3.1 GHz up to 10.6 GHz, at a limited transmit power of –41dBm/MHz.
The result is dramatic short-range channel capacity and limited interference.

Zibgbee Technology
ZigBee is the most popular industry wireless mesh networking standard for connecting
sensors, instrumentation and control systems. ZigBee, a specification for communication in a
wireless personal area network (WPAN), has been called the "Internet of things." Theoretically,
your ZigBee-enabled coffee maker can communicate with your ZigBee-enabled toaster. ZigBee
is an open, global, packet-based protocol designed to provide an easy-to-use architecture for
secure, reliable, low power wireless networks. ZigBee and IEEE 802.15.4 are low data rate
wireless networking standards that can eliminate the costly and damage prone wiring in
industrial control applications. Flow or process control equipment can be place anywhere and
still communicate with the rest of the system. It can also be moved, since the network doesn't
care about the physical location of a sensor, pump or valve.
The ZigBee RF4CE standard enhances the IEEE 802.15.4 standard by providing a simple
networking layer and standard application profiles that can be used to create interoperable multi-
vendor consumer electronic solutions. The benefits of this technology go far beyond, ZigBee
applications include:

 Home and office automation

 Industrial automation
 Medical monitoring
 Low-power sensors
 HVAC control
 Plus many other control and monitoring uses
 V. Virtual Local Area Networks
A Virtual Local Area Network (VLAN) is a broadcast domain. All members of a VLAN
receive every broadcast packet sent by members of the same VLAN, but they do not receive
packets sent by members of a different VLAN. All members of a VLAN are grouped logically
into the same broadcast domain independent of their physical location. Adding, moving or
changing members is achieved via software within a switch. Routing is required for
communication among members of different VLANs. VLANs provide logical segmentation of a
switch into separate domains. Separation of networks into VLANs along functional lines is
generally good administrative practice. Stateless filtering, which this guide describes later in the
Access Control Lists section, is simpler to implement when systems on the VLAN have similar
functions. For instance, creating different VLANs for voice and data simplifies filtering.
There are a variety of methods for implementing VLAN membership. Layer 2 methods
include port based VLANs and MAC layer grouping. Layer 3 methods include network protocol
grouping and IP multicast grouping. Cisco switches implement both Layer 2 methods, but Cisco
refers to MAC layer grouping as dynamic VLANs. Port-based membership is the most common
method of defining VLANs, with all switch vendors supporting it. Only port-based VLANs and
dynamic VLANs are discussed in this guide. For port-based VLANs, the administrator assigns
each port of a switch to a VLAN.
The switch determines the VLAN membership of each packet by noting the port on
which it arrives. On the other hand, dynamic VLAN implementations assign specific MACs to
each VLAN. This allows a system to be moved to another port without changing the port’s
VLAN assignment. Another important distinction of VLAN implementations is the method used
to indicate membership when a packet travels between switches. Switches tag each packet to
indicate VLAN membership in accordance with Cisco’s Inter-Switch Link (ISL) or the Institute
of Electrical and Electronics Engineers (IEEE) 802.1q VLAN trunk standard. Only the IEEE
802.1q trucking is discussed in this guide. Separation of networks that do not interact makes
good sense as well as being good security practice.
Physically separate networks for Voice and Data are the most secure, but they can be
impractical for all but the most demanding security environments. Providing no separation of
Voice and Data networks can also be impractical due to the operationally different demands each
type of traffic imposes on the network. For most implementations then, Voice and Data networks
must share some common network resources while remaining as physically separate as
practicality allows. Logical separation through the use of VLANs stands out as the best solution
in order to balance capability and security within shared network resources. However, logical
separation is cooperative and provides little attack mitigation by itself. A layered security
approach using defense-in-depth techniques that can make good use of logical separation of the
Voice and Data networks is required. Refer to the Access Control Lists section of this guide for
ways to provide additional layers of defense.

What is 802.11?
The 802.11 standards are a group of evolving specifications defined by the Institute of Electrical
and Electronic Engineers (IEEE). Commonly referred to as Wi-Fi the 802.11 standards define a
through the air interface between a wireless client and a base station access point or between two
or more wireless clients. There are many other standards defined by the IEEE, such as the 802.3
Ethernet standard.
Why are standards important?
Standards are a set of specifications that all manufacturers must follow in order for their products
to be compatible. This is important to insure interoperability between devices in the market.
Standards may provide some optional requirements that individual manufacturers may or may
not implement in their products.

802.11b
In 1995, the Federal Communications Commission had allocated several bands of wireless
spectrum for use without a license. The FCC stipulated that the use of spread spectrum
technology would be required in any devices. In 1990, the IEEE began exploring a standard. In
1997 the 802.11 standard was ratified and is now obsolete. Then in July 1999 the 802.11b
standard was ratified. The 802.11 standard provides a maximum theoretical 11 Megabits per
second (Mbps) data rate in the 2.4 GHz Industrial, Scientific and Medical (ISM) band.

802.11g
In 2003, the IEEE ratified the 802.11g standard with a maximum theoretical data rate of 54
megabits per second (Mbps) in the 2.4 GHz ISM band. As signal strength weakens due to
increased distance, attenuation (signal loss) through obstacles or high noise in the frequency
band, the data rate automatically adjusts to lower rates (54/48/36/24/12/9/6 Mbps) to maintain
the connection. When both 802.11b and 802.11g clients are connected to an 802.11g router, the
802.11g clients will have a lower data rate. Many routers provide the option of allowing mixed
802.11b/g clients or they may be set to either 802.11b or 802.11g clients only.
To illustrate 54 Mbps, if you have DSL or cable modem service, the data rate offered typically
falls from 768 Kbps (less than 1 Mbps) to 6 Mbps. Thus 802.11g offers an attractive data rate for
the majority of users. The 802.11g standard is backwards compatible with the 802.11b standard.
Today 802.11g is still the most commonly deployed standard.

802.11a
Ratification of 802.11a took place in 1999. The 802.11a standard uses the 5 GHz spectrum and
has a maximum theoretical 54 Mbps data rate. Like in 802.11g, as signal strength weakens due to
increased distance, attenuation (signal loss) through obstacles or high noise in the frequency
band, the data rate automatically adjusts to lower rates (54/48/36/24/12/9/6 Mbps) to maintain
the connection. The 5 GHz spectrum has higher attenuation (more signal loss) than lower
frequencies, such as 2.4 GHz used in 802.11b/g standards. Penetrating walls provides poorer
performance than with 2.4 GHz. Products with 802.11a are typically found in larger corporate
networks or with wireless Internet service providers in outdoor backbone networks.

802.11n
In January, 2004 the IEEE 802.11 task group initiated work. There have been numerous draft
specifications, delays and lack of agreement among committee members. Yes, even in the
process of standards development, politics are involved. The Proposed amendment has now been
pushed back to early 2010. It should be noted it has been delayed many times already. Thus
802.11n is only in draft status. Therefore, it is possible that changes could be made to the
specifications prior to final ratification.

The goal of 802.11n is to significantly increase the data throughput rate. While there are a
number of technical changes, one important change is the addition of multiple-input
multiple-output (MIMO) and spatial multiplexing. Multiple antennas are used in MIMO, which
use multiple radios and thus more electrical power.
802.11n will operate on both 2.4 GHz (802.11b/b) and 5 GHz (802.11a) bands. This will require
significant site planning when installing 802.11n devices. The 802.11n specifications provide
both 20 MHz and 40 MHz channel options versus 20 MHz channels in 802.11a and 802.11b/g
standards. By bonding two adjacent 20 MHz channels, 802.11n can provide double the data rate
in utilization of 40 MHz channels. However, 40 MHz in the 2.4 GHz band will result in
interference and is not recommended nor likely which inhibits data throughput in the 2.4 GHz
band. It is recommended to use 20 MHz channels in the 2.4 GHz spectrum like 802.11b/g
utilizes. For best results of 802.11n, the 5 GHz spectrum will be the best option. Deployment of
802.11n will take some planning effort in frequency and channel selection. Some 5 GHz
channels must have dynamic frequency selection (DFS) technology implemented in order to
utilize those particular channels.
Another consideration of 802.11n is the significantly increased electrical power demand in
comparison to the current 802.11b/g or 802.11a products. This is primarily due to multiple
transmitters.

The Wi-Fi Alliance is testing and certifying compatibility of 802.11n radio draft 2.0
specifications. There are several realities to consider. They are only testing against some basic
criteria and interoperability points. Also the number of devices being tested against each other is
low. This certification does not provide any protection against changes to the 802.11n standard
prior to ratification.

VI. VLAN Trucking Protocol (VTP)

The VLAN Trucking Protocol (VTP) allows you to simplify the management of the
VLAN database across multiple switches. As the number of switches increases on a small- or
medium sized business network, the overall administration required to manage VLANs and
trunks in a network becomes a challenge.
VTP Components:

1. VTP Server:
 VTP servers advertise the VTP VLAN information to other switches in the
same VTP domain.
 The server is where VLANs can be created, deleted, or renamed for the
domain
2. VTP Client:

 VTP clients Forward advertisements to other clients.

 You cannot create, change, or delete VLANs.
  You must configure VTP Client mode.

VII. Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) was developed to prevent the broadcast storms caused by
switching loops. STP was originally defined in IEEE 802.1D. Switches running STP will build a
map or topology of the entire switching network. STP will identify if there are any loops, and
then disable or block as many ports as necessary to eliminate all loops in the topology. A blocked
port can be reactivated if another port goes down. This allows STP to maintain redundancy and
fault-tolerance. However, because ports are blocked to eliminate loops, STP does not support
load balancing unless an Ether Channel is used. Ether Channel is covered in great detail in
another guide. STP switches exchange Bridge Protocol Data Units (BPDU’s) to build the
topology database. BPDU’s are forwarded out all ports every two seconds, to a dedicated MAC
multicast address. Building the STP topology is a multistep convergence process:
• A Root Bridge is elected
• Root ports are identified
• Designated ports are identified
• Ports are placed in a blocking state as required, to eliminate loops.
Multiple Spanning Tree Protocol

The Multiple Spanning Tree Protocol (MSTP) is an STP variant that allows multiple and
independent spanning trees to be created over the same physical network. The parameters for
each spanning tree can be configured separately, so as to cause a different network devices to be
selected as the root bridge or different paths to be selected to form the loop-free topology.
Consequently, a given physical interface can be blocked for some of the spanning trees and
unblocked for others.

VIII. VPN (Virtual Private Network)

Virtual. Virtual means not real or in a different state of being. In a VPN, private communication
between two or more devices is achieved through a public network the Internet. Therefore, the
communication is virtually but not physically there.
Private. Private means to keep something a secret from the general public. Although those two
devices are communicating with each other in a public environment, there is no third party who
can interrupt this communication or receive any data that is exchanged between them.
Network. A network consists of two or more devices that can freely and electronically
communicate with each other via cables and wire. A VPN is a network. It can transmit
information over long distances effectively and efficiently.
VPNs were are broken into 4 categories:
1) Trusted VPN: A customer “trusted” the leased circuits of a service provider and used it to
communicate without interruption. Although it is “trusted” it is not secured.
 2) Secure VPN: With security becoming more of an issue for users, encryption and
decryption was used on both ends to safeguard the information passed to and fro. This
ensured the security needed to satisfy corporations, customers, and providers.
3) Hybrid VPN: A mix of a secure and trusted VPN. A customer controls the secure parts of
the VPN while the provider, such as an ISP, guarantees the trusted aspect.
4) Provider-provisioned VPN: A VPN that is administered by a service provider.
The VPN device at the sending facility takes the outgoing packet or frame and
encapsulates it to move through the VPN tunnel across the Internet to the receiving end. The
process of moving the packet using VPN is transparent to both the users, Internet Service
Providers and the Internet as a whole. When the packet arrives on the receiving end, another
device will strip off the VPN frame and deliver the original packet to the destination network.
VPNs operate at either layer 2 or layer 3 of the OSI model (Open Systems
Interconnection). Layer-2 VPN uses the layer 2 frame such as the Ethernet while layer-3 uses
layer 3 packets such as IP. Layer-3 VPN starts at layer 3, where it discards the incoming layer-2
frame and generates a new layer-2 frame at the destination. Two of the most widely used
protocols for creating layer-2 VPNs over the Internet are: layer-2 tunneling protocol (L2TP) and
point-to-point tunneling protocol (PPTP). The newly emerged protocol, called Multiprotocol
Label Switching (MPLS) is used exclusively in layer-3 VPNs. See Figure 4

Figure 4. Defined VPN

There are currently three types of VPN in use: remote access VPN, intranet VPN, extranet VPN:
Remote access VPNs (see figure 2), enables mobile users to establish a connection to an
organization server by using the infrastructure provided by an ISP (Internet Services Provider).
Remote access VPN allows users to connect to their corporate intranets or extranets wherever or
whenever is needed. Users have access to all the resources on the organization’s network as if
they are physically located in organization. The user connects to a local ISP that supports VPN
using plain old telephone services (POTS), integrated services digital network (ISDN), digital
subscriber line (DSL), etc. The VPN device at the ISP accepts the user’s login, then establishes
the tunnel to the VPN device at the organization’s office and finally begins forwarding packets
over the Internet. Remote access VPN offers advantages such as:
 Figure 5. Remote Access VPNs
Intranet VPNs, provides virtual circuits between organization offices over the Internet
(see figure 3). They are built using the Internet, service provider IP, Frame Relay, or ATM
networks. An IP WAN infrastructure uses IPSec or GRE to create secure traffic tunnels across
the network. Benefits of an intranet VPN include the following:

Figure 6. Intranet VPNs

Extranet VPNs are the same as intranet VPN. The only difference is the users. Extranet
VPN are built for users such as customers, suppliers, or different organizations over the Internet.
See Figure 4
 Figure 7. Extranet VPNs
IX. Quality of Service (QoS) Networking

The application of QoS is a viable and necessary methodology to provide optimal

performance for a variety of applications in what is ultimately an environment with finite
resources. A well-designed QoS plan conditions the network to give access to the right amount
of network resources needed by applications using the network, whether they are real-time or no
interactive applications.

Traffic on a network is made up of flows, which are placed on the wire by various functions or
endpoints. Traffic may consist of applications such as Service Advertising Protocol (SAP),
CAD/CAM, e-mail, voice, video, server replication, collaboration applications, factory control
applications, branch applications, and control and systems management traffic.

These performance measures can vary greatly and have various effects. If you apply a service
level against these performance measures, it can be broadly positioned into four levels that drive
the strategy:

 Provisioning—The first step is ensuring that the correct transport is selected. Appropriate
allocation of bandwidth ensures the proper start point for network design. Understanding
application characteristics is key—what they will use in terms of network bandwidth and
their delay, jitter, latency, and loss needs.
 Best-effort service—The majority of application data flows fit this service level. Best-
effort service provides basic connectivity with no guarantee for packet delivery and
handling.
 Differentiated service—Traffic at this service level can be grouped into classes based on
their individual requirements. Each class is then treated according to its configured QoS
mechanism.
  Guaranteed service—Guaranteed service requires absolute allocation of specific
resources to ensure that the traffic profiled to receive this service has its specific
requirements met.

After the network’s QoS requirements have been defined, an appropriate service model must be
selected. A service model is a general approach or a design philosophy for handling the
competing streams of traffic within a network. You can choose from four service models:

 Provisioning
 Best-effort
 Differentiated Services (DiffServ)
 Guaranteed Services or Integrated Services (IntServ)

Provisioning is quite straightforward. It is about ensuring that there is sufficient base capacity to
transport current applications, with forward consideration and thinking about future growth
needs. This needs to be applied across the LANs, WANs, and MANs that will support the
enterprise. Without proper consideration to provisioning appropriate bandwidth, QoS is a wasted
exercise.

The best-effort model is relatively simple to understand because there is no prioritization

and all traffic gets treated equally regardless of its type. The two predominant architectures for
QoS are DiffServ, defined in RFC 2474 and RFC 2475, and IntServ, documented in RFC 1633,
RFC 2212, and RFC 2215. In addition, a number of RFCs and Internet Drafts expand on the base
RFCs—particularly RFC 2210, which explores the use of RSVP with IntServ. Unfortunately, the
IntServ/RSVP architecture does not scale in large enterprises due to the need for end-to-end path
setup and reservation. The service model selected must be able to meet the network’s QoS
requirements as well as integrate any networked applications.

Figure 8.Function in QoS

 X. Switches
Switch is a device that connects individual devices on an Ethernet network so that they
can communicate with one another. But a switch also has an additional capability; it
momentarily connects the sending and receiving devices so that they can use the entire
bandwidth of the network without interference. If you use switches properly, they can improve
the performance of your network by reducing network interference. Switches have two benefits:
(1) they provide each pair of communicating devices with a fast connection.
(2) they segregate the communication so that it does not enter other portions of the network

These benefits are particularly useful if your network is congested and traffic pools in
particular areas. However, if your network is not congested or if your traffic patterns do not
create pools of local traffic, then switches may cause your network performance to deteriorate.
This performance degradation occurs because switches examine the information inside each
signal on your network (to determine the addresses of the sender and receiver) and therefore
process network information more slowly than hubs (which do not examine the signal contents).
Most switches operate by examining incoming or outgoing signals for information at OSI level
2, the data link level.
XI. Hubs

The hub is a small box that gathers the signals from each individual device, optionally
amplifies each signal, and then sends the signal out to all other connected devices. Amplification
helps to ensure that devices on the network receive reliable information. You can think of an
Ethernet hub like the hub of a wheel, at the center of the spokes that connect each individual
computer or printer. Hubs are also called concentrators or repeaters.

A hub connects individual devices on an Ethernet network so that they can communicate
with one another. The hub operates by gathering the signals from individual network devices,
optionally amplifying the signals, and then sending them onto all other connected devices. You
should use a hub or a switch on your Ethernet network if the network includes more than two
clients, servers, or peripherals.

While you can connect dozens of clients, peripherals, and servers via hubs, your network
performance may degrade if too many devices try to communicate within one area of the
network. You can improve performance by adding switches, bridges, or routers to the network.
Each switch port, bridge port, or router port regulates traffic so that devices on the port are
protected from the interfering signals of devices on other ports. Most hubs operate by examining
incoming or outgoing signals for information at OSI level 1, the physical level.

XII. Routers
Routers connect two or more networks. Routers can filter traffic so that only authorized
personnel can enter restricted areas. They can permit or deny network communications with a
particular Web site. They can recommend the best route for information to travel. As network
traffic changes during the day, routers can redirect information to take less congested routes. If
your school is connected to the Internet, then you will most likely use a router to make that
connection. Routers ensure that your local area network traffic remains local, while passing onto
the Internet all your electronic mail, Web surfing connections, and other requests for Internet
resources. Routers are generally expensive to purchase and difficult to configure and maintain.
Be sure that your staff have the resources necessary to manage them well.
Routers quickly become critical components of your network. If they fail, your network
services will be significantly impaired. As part of your network plan, you should consider how
you might deal with the failure of key routers on your network. Many sites include redundant
connections- additional routers and network cable connections-configured to take over if one
router or connection fails. Most routers operate by examining incoming or outgoing signals for
information at OSI level 3, the network addressing level.

Firewalls and proxy servers.

A firewall is a device that prevents unauthorized electronic access to your entire
network. The term firewall is generic, and includes many different kinds of protective hardware
and software devices. Routers, discussed in the previous section, comprise one kind of firewall.
Most firewalls operate by examining incoming or outgoing packets for information at OSI level
3, the network addressing level. Firewalls can be divided into 3 general categories: packet-
screening firewalls, proxy servers (or application-level gateways), and stateful inspection
proxies. Packet-screening firewalls examine incoming and outgoing packets for their network
address information. You can use packet-screening firewalls to restrict access to specific Web
sites, or to permit access to your network only from specific Internet sites. Proxy servers (also
called application-level gateways) operate by examining incoming or outgoing packets not only
for their source or destination addresses but also for information carried within the data area (as
opposed to the address area) of each network packet.
The data area contains information written by the application program that created the
packet-for example, your Web browser, FTP, or TELNET program. Because the proxy server
knows how to examine this application-specific portion of the packet, you can permit or restrict
the behavior of individual programs. Inspection proxies monitor network signals to ensure that
they are part of a legitimate ongoing conversation .Besides firewalls, other types of security
software may also be useful. For example, intrusion detection software monitors your network
for particular kinds of malicious activity. Filtering software maintains lists of Web sites that are
permitted or restricted for students, and enforces those restrictions.

Project 1: VLANs, VTP and STP in switches

1. Build the network shown in the figure 1 in the Cisco Packet tracer 6.2. Router being used is
2901 model, the distribution switches D1 and D2 are 3560 model and access switches A1 and
A2 are 2960 model. The interfaces being used are as shown in the diagram.

As first step in Cisco Packet Tracer and implementing application in paragraph 1 , make
her modeling based on the model to which the request aksesues for presents to us . Having places
on a regular basis and based on appropriate steps , Figure 8 provides a snapshot of the whole
scheme and built their denomination .
 Figure 8. The initial scheme

Observed very clear links between the PC and switch-mails , as well as connection with
discontinued lines (lines of discontinued ) which represent long electric cords of the liaison
routers . In this scheme we will continue to do all models for the requirements following that we
want.

2. Configure the trunks in all interfaces between all switches. Configure the two distribution
switches as VTP servers and two access switches as VTP clients. Create a VTP domain
different from the default and protect it with a password of your choice. Create 4 VLANs
in switch D1 with id 10, 20, 30 and 40. Verify that the VLANs will be distributed through
VTP in other 3 switches automatically. Write down the configuration and provide the
screenshots to show this verification. After completing this make sure that:

2.1 D1 should be the root bridge for vlan 10 and 30, D2 should be the backup. D2 should
be the root bridge for vlan 20 and 40, D1 should be the backup.

2.2 The trunk between two distributions switches should be configured first as layer2 port
channel using LACP. Show the configuration for this port channel configuration. After
doing this, configure it as a routed port. Change the port channel so it’s a layer3 link
instead of layer2. You can use the 192.168.12.0 / 30 subnet. D1 can use .1 and D2 can use
.2

2.3 For both access switches A1 and A2, assign ports into the VLANs as following:

2.3.1 Configure ports 1-10 in VLAN 10,

2.3.2 ports 11-15 in VLAN 20,

2.3.3 ports 16-20 in VLAN 30 and

 2.4.4 ports 21-24 in VLAN 40.

Configure A1 on interface F0/24 to allow only 2 MAC addresses. The port should not be
error-disabled but you should see the counter increase when mac address number 3 shows
up. Mac addresses should be learned dynamically.

The requirements set out in paragraph 2 , seek to build 4 VLANs in the switch . This
thing is presented in Figure 9 . The introduction to the 4 villas modeled on the basis of the
relevant name such as 10 , 20 , 30 , 40 . Also points of require that the gates to the respective
lines by Vlan . This thing is presented in Figure 9 and Figure 10 .

Figure 9. VLAN appearance .

 Figure 10. Presentation of the gates by VLAN .

Another requirement is to set the IP for the switch , but this request would submit the
following . Thus we have reached the step of setting the lines based on initial Vlant for our
scheme given as in Figure 8 .

3. Configure IP addresses for the four PCs. PC1 should be in VLAN 10 with IP address
172.16.10.51/24, PC2 should be in VLAN 20 with IP address 172.16.20.52/24, PC3 should
be in VLAN 30 with IP address 172.16.10.53/24, PC4 should be in VLAN 20 with IP address
172.16.20.54/24. The gateway should be the Layer 3 switches D1 or D2 where HSRP will
define which one will be the active gateway. The gateway for each VLAN should be the first
IP address for the IP segment. The STP and HSRP should be configured in such a way that
layer 2 traffic for VLAN 10 and 30 should be directed to D1 and D1 should be active HSRP
gateway for these two IP segments. The same, VLAN 20 and 40 should be directed towards
D2 and D2 should be active HSRP gateway for these two IP segments. Show the
configuration and make sure you will be able to ping from each PC its gateway. Verify the
STP and HSRP configuration is done correctly by activating the auto-capturing by sending
ping packets from PCs toward its gateway. Show the verification you’ll do by using
screenshots.

Let's take the configuration of the IP address to 4 our PC . This configuration will appear
on the images of as Figures 11 , 12 , 13 , 14 . To set the IP address on each PC should be the PC
by click on the icon of our scheme and step in . Desktop icon and go to IP configuration by
clicking the icon . So show us presentations to set the IP address and subnet masks.

Figure 11. PC1 .

Figure 12. PC2 .

Figure 13. PC1 .

 Figure 14. PC1 .

A question that arises is to what subnet masks will operate our PC ? The following table
listing the value of the subnet masks to 24 bits selected .

IP address Subnet Mask

172.16.10.51 255.255.255.0
172.16.20.52 255.255.255.0
172.16.10.53 255.255.255.0
172.16.20.54 255.255.255.0

After we set IP address and subnet mask for each PC , supported by 2 points above will
gain a glimpse of the scheme as in Figure 15 . This figure explains all connections and settings of
the PC by the VLAN lines .
 Figure 15. Benefit schemed after setting the IP address on PC and VLAN line.

Figure 15. Benefit schemed after setting the IP address on PC and VLAN line.

Once we do understand HSRP active configuration for a message exchange of the

requirement that require us our point , as well as STP configuration .

4. Router R1 and R2 are the routers which the company uses to access the Internet by
connecting to two separate ISPs. The link between R1 and D1 should use the IP segment
192.168.11.0/29. Configure the D1 f0/1 interface used to connect to R1 as routed interface.
The link between R2 and D2 should use the IP segment 192.168.22.0/29. Configure the D2
f0/1 interface used to connect to R1 as routed interface. To simulate the Internet access
configure one loopback interface in each router with IP address 1.1.1.2/30 for router R1 and
 2.2.2.2/30 for router R2. Configure the default routes in each router towards 1.1.1.1 and
2.2.2.2 in each router respectively and make sure that these routes will be distributed using
RIP in the two layer 3 switches. Show the RIP configuration for R1, R2, D1 and D2. Show
the configuration for each step and show the verifying process using screenshots.

We have the latest application as the setting of IP and IP segment for the purpose Routers
connection lines under router. Figure 16, 17 have a presentation of IP for each route and the
communication line connecting the following lines.

Figure 16. Ruter2 IP addres

Figure 17. Router1 IP address

Also we do and simulation which requires us our request submitted in Figure 18 . So bear
the Understanding a line communication using and conduction through the message router . A
very important requirement presented above in point was the configuration between 2 switch-
mails , link HSRP .

Figure 18. Simulation.

Another requirement was the definition of switch-s as 2 types : type a client and server
type . Figure 19 is given for the appearance of type 2 server switches and Figure 20 give the
appearance of type customer .

Figure 19: Submission for type 2 server switch.

 Figure 20: Submission for type 2 server client.

Project 2: IPsec VPN between two routers.

In this project you will configure IPSec VPN to secure path of the data passing over the Internet
by using encryption of the IPsec VPN.

In the diagram below is shown the connectivity of the Tirana (Head Quarter) network of the
Company XYZ with Durres branch using router Br01 and Elbasan branch using router Br02. The
Headquarters Network has two local LAN networks 192.168.1.0/24 and 192.168.2.0/24. The
local LAN network of Durres branch is 192.168.3.0/24 and Elbasan local LAN network is
192.168.4.0/24. Your task is to create two IPSec VPN tunnels over Internet, one tunnel for the
traffic between Br01 and HQ, and the second one for the traffic between Br02 and HQ.

In order to simulate the Internet cloud the router ISP will be used which is equipped with 3 serial
interfaces. Each router of the company will use the serial interface to connect to Internet (ISP
router).

The traffic between headquarter networks and each branch network should be protected with
IPSec encryption. The HeadQuarter router HQ is connected in Internet with /30 subnet
123.123.123.0/30 where 123.123.123.2 is the IP address of the router HQ. The branch Br01
router is connected in the Internet with /30 subnet 123.123.123.4/30 where 123.123.123.6 is the
IP address of the router Br01. The Elbasan branch Br02 router is connected in the Internet with
/30 subnet 123.123.123.8/30 where 123.123.123.10 is the IP address of the router Br01.
 1. Build the network in GNS3 emulator (www.gns3.com) using emulated Cisco router. For
switches use the one provided from GNS3 software. As a PC use VPCS of the GNS3.
Configure the IP addresses and default routes for the four routers in GNS3 and assure that
the nodes for each link are able to communicate with each other. Note here that private
networks are not reachable from ISP. Show the required commands and their output that you
will use to verify the completion of the task.

In project 2 have done a conversion to the scheme required in the emulator using the
emulator GNS3 Cisco router . using independent components and build a scheme for switches
and router undefined regarding the content of the number of gates , we get to converting our
request depending on the communication lines . Thus in Figure 21 we have a generalized
representation of the scheme required by our project .

Figure 21: Schema in Cisco router

2. Configure NAT-ing for both network (HQ) subnets and for branch Br01 and Br02
network in order for them to have access in Internet. Use ACL for selecting which
network will be NAT-ed having this way access to Internet. Show the required commands
and their output that you will use to verify the completion of the task.

Let's take regarding IP configuration for routers as well as for our PC. Based on the data
presented by the request in relation to IP, we show in Figure 22, 23, 24 all the IP settings of the
router and PC connections.
Figure 22: Router Bro1

Figure 23:Router Bro2

Figure 24:Router HQ
 Figures 25 , 26 have shown and IP settings for each PC . Having done and links each PC
with the appropriate router to benefit a communication (message escort ) .

Figure25:IP address PC.

Figure26:IP address PC.

 3. Configure the LAN-to-LAN IPSec VPN using these parameters for phase 1 and phase 2 of
the IPSec VPN:
a. Phase 1:
Authentication preshare

Diffie-hellman group 2

Encryption 3DES

Hash md5

b. Phase 2:
ESP Encryption AES 256

ESP Hash MD5

Make sure the traffic is encrypted between HQ and Br01 and HQ and Br02 router. Show the
output of the commands you will use to test and show the encrypted traffic.

It should be noted we do and the links between routers but we know that the work in the
network cloud . So make configuration for each router using cloud network connections done to
benefit a communication line of the routers . Figure 27 , 28 appear coding expressing the
connection between routers . So we managed to make a full Configure a cloud connection .

Figure27: Code PVC.

Figure28: Code LINE.
Reference

https://www.cisco.com/web/learning/netacad/course_catalog/docs/Cisco_PacketTracer_AAG.pd
f

http://networklab-ju.ucoz.com/Experiments/VTP.pdf

Dix, John. (2001, April 9). VPN is integrated in your future? Network World. Retrieved October
1, 2002, by http://www.itworld.com/Net/2553/NWW010409edit/

Virtual Private Networks, Second Edition . Charlie Scott,Paul Wolfe,Mike Erwin

Second Edition January 1999

Introduction to Networking Technologies. First Edition (April 1994)

OPEN SYSTEMS NETWORKING TCP/IP AND OSI.David M. Piscitello and A. Lyman

Chapin