Aryan Practical Training Report

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 32

Practical Training

Report
Submitted in partial fulfillment of the
requirements for the award of the degree of

BACHELOR OF TECHNOLOGY IN
COMPUTER SCIENCE &
ENGINEERING/INFORMATION
TECHNOLOGY

SUBMITTED TO: SUBMITTED BY:


Ms. Jyoti Sehgal Aryan
(ASSIST. PROFESSOR) 21/cse/115

VAISH COLLEGE OF ENGINEERING


(Affiliated to Maharshi Dayanand University, Rohtak)
ROHTAK – 124001
Session 2024-2025
INDEX
CERTIFICATE
ACKNOWLEDGEMENT
CHAPTER 1: INTRODUCTION
CHAPTER 2: TECHNICAL DETAILS
CHAPTER 3: ANALYSIS AND DISCUSSION
CHAPTER 4: CONCLUSION
CHAPTER 5: REFERENCE
ACKNOWLEDGEMENT

I take this opportunity to express my profound gratitude and deep regards to my guide “
_ms. Jyoti Sehgal_ DEPARTMENT” for his exemplary guidance, monitoring and constant
encouragement throughout the course of this thesis.
The blessing, help and guidance given by him from time to time shall carry me a long way in the
journey of life on which I am about to embark. I also take this opportunity to express a deep sense of
gratitude to Dr. Bijendar bansal, Head Department of Computer Science & Engineering, Rohtak for
his/her cordial support, valuable information, and guidance, which helped me in completing this task
through various stages.
I am grateful for their cooperation during the period of my Project. Lastly, I thank Almighty, my
parents, brother, sisters, and friends for their constant encouragement without which this assignment
would not be possible.

Aryan
21/CSE/115
CSE Department
CHAPTER 1: INTRODUCTION

 Company Profile:
o Mega Softel Private Limited is a Private company incorporated on 27
October 2015. It is classified as Non-government company and is registered at
Registrar of Companies, Delhi.

o Its authorized share capital is Rs. 100,000 and its paid up capital is Rs.
100,000. It's NIC code is 722 (which is part of its CIN). As per the NIC code,
it is inolved in Software publishing, consultancy and supply [Software
publishing includes production, supply and documentation of ready-made
(non-customized) software, operating systems software, business & other
applications software, computer games software for all platforms. Consultancy
includes providing the best solution in the form of custom software after
analyzing the user?s needs and problems.

o Custom software also includes made-to-order software based on orders from


specific users. Also, included are writing of software of any kind following
directives of the users; software maintenance, web-page design]..

 Training Objectives:

o Routing protocols (OSPF, EIGRP, BGP)


o Switching technologies (VLANs, Spanning Tree Protocol, Port Security)
o Network security (firewalls, intrusion detection systems, VPNs)
o Network automation (scripting with Python or Ansible)
o Cloud networking (AWS, Azure, GCP)

 Scope of Work:

o Network Monitoring and Management:

o Monitoring network performance using tools like SolarWinds, Nagios, or PRTG.

o Identifying and resolving network issues, such as connectivity problems, slow


performance, or security breaches.
o Configuring and troubleshooting network devices, including routers, switches, and
firewalls.
o Implementing network security measures, such as firewalls, intrusion detection systems,
and VPNs.
o Analyzing network traffic to identify potential security threats or performance
bottlenecks.
o Network Design and Implementation:

o Designing network infrastructure to meet business requirements, including network


topology, capacity planning, and redundancy.
o Implementing network changes and upgrades, such as adding new devices, configuring
new services, or migrating to new technologies.
o Documenting network configurations and procedures to ensure consistency and
maintainability.
o Collaborating with other IT teams to ensure seamless integration of network services.

o Network Security:

o Implementing and maintaining network security policies and procedures.

o Conducting security audits and vulnerability assessments.

o Responding to security incidents and implementing corrective actions.

o Staying up-to-date with the latest security threats and vulnerabilities.

o Network Automation:

o Developing and implementing network automation scripts using tools like Python,
Ansible, or PowerShell.
o Automating routine network tasks to improve efficiency and reduce errors.

o Creating custom scripts to automate complex network configurations.

o Cloud Networking:

o Configuring and managing network services in cloud environments (AWS, Azure, GCP).

o Implementing hybrid cloud network solutions.

o Ensuring seamless integration between on-premises and cloud networks.


CHAPTER 2: Technical Details

 Detailed Description of Work:

Point-to-Point network

Wired or wireless

RG-45 cable

Network cables:

Coaxial:

-10Base2 maximum transmission distance 185m

-10Base5 maximum 500m

Or use bridges or boosters, repeaters to extend the distance. Finally use fibre optics others

Ethernet all 100m:

 10Base-T
 100Base-Tx
 1000Base-T 4 pairs of category 5e twisted pair cable supports 1Ghz transmission
speed

Fiber Optic

-10Base-F distance of 2000m 10mb/ps

-100Base-FX 100mb/ps

-1000Base-LX 316-50000m 1gb/ps single-mode does not work simultaneously

-1000Base-SX multi-mode supports simultaneous transmission

Serial
-RS-232 20000bps

-RS-422 RECOMMENDED 1200m

Broadcast domains

Sending to multiple from one place

Collision Domains

Place in a network where packets collide.

-Carrier Sense Multiple-Access Collision Detection or Collision Avoidance (CSMA/CD):


Tells you when not to send a packet

Duplex Modes (w.r.t point to point networks):

-Half duplex: You can only send or receive

-Full duplex: You can send and receive at the same time. Act as a server and client
simultaneously.

Layered Models- OSI

Encryption: Provide protection over the network to mitigate from hacking. Required key.

Application (protocol data units) and Presentation layer are unformatted

Physical layer – bits cables 0/1

Data linked layer: a frame, meta address

Network layer: packet network address


Transport layer uses segments TCP/IP

Session

Sender top to bottom Receiver bottom to top: Application, presentation, session,


transportation, network, data link, physical

Frame Formats

>=1536 0x0600 – ethernet 2

<=1500 (0x05DC) IEEE802.3

Frame check sequence: To check if the packet is complete or if there if it is fragmented. A


packet is 1500/1536

2048 (0x0800) - IP

2054(0x0806) - ARP

MAC address are 48 bits (24bits OUI and 24bits organisation)

Huawei addresses are (

Representing a broadcast packet FF:FF:FF;FF:FF:FF

Multicast: Packets sent to unintended devices are dropped.

Carrier sense:

Carrier sense multiple access... Packets can be dropped, received or resent.

Layer 2

Just need a switch and the end device. A switch can establish a connection with only
MAC Addresses.

Network layer:

IP packet (0x0800) length 60 bytes, source destination. Time to leave 255-0, packet
dropped afterwards at 0.

IP addresses (Private addresses):


-Class A 10.0.0.0 ~ 10.255(network).255.255 Multiple hosts. Check first that number
ranges /8

-Class B /16

-Class C 192.0.0.0 - 223.0.0.2 for smaller networks /24

Class D

-Class E 240.-255.255.244.254 experimental

Private IP addresses are not linked to the internet.

E.G

Class C 192.168.1.0

Network 6

-First binary switch: 0110

-Network range/IP addresses

VLSM or classless inter domain routing.

IP Gateway

GIves us access to the.

Time to live:

If the packet gets to an unintended destination.

Internet Control Message Protocol ICMP

Reporting errors. Routing to test compatibility.

Broadcast messages as Unicast – unknown intended devices.

Investigating Unreachable devices.

ICMP Types

Echo request type=8 code = 0 multicast

Echo reply type=0 code=0 unicast

Every link is counted as a hop count and ads to the time required to send a message.
Address Resolution Protocol

Broadcast send, unicast reply.

Reverse address protocol operates on level 3

Proxy ARP takes longer because of connecting with the proxy gateway.

TCP Wired networks, conjunction control, monitoring packets. Three hand-way shake,
security and sharing of certificates. TCP is the best for safety. UDP. Doesn’t do floor
control or three-way handshake. Company usually wireless network. Wireless access
point is linked to the wired connection so that monitoring occurs on the main router,
called traceback. Logs are maintained according to MAC address, which are constant per
devices.

Data forwarding scenarios

ARP to get the MAC address.

VRP (Versatile routing platform)

Multiple collisions.

Establishing connectivity to the Switch or router: Remotely, tele, or mini usb/console


physically

Console Access Setup Procedures:

Bits per second 9600

Data bits 8

Party: None

Stop bits 1

Flow control none.

Correct Usage: COM3

Not recommended to autoconfigure

Navigating the CLI

CLI Clock settings


CLI Interfaces:

Allows remote access VTY (Virtual teletype terminal) 0-4 five times. Can be changed.

CLI interface configuration

LoopbacK? Assign IP addresses.

Viewing the file system / Updating the software

Cd, pwd, dir, more

To reboot, Type reboot.

There is one root bridge and following from there are non-root bridges or downstream
bridges.

Redundancy is recommended however there may be broadcast storms. MAC instability.


So, the spanning tree protocol was introduced. To send the packet along the shortest
path.

-Bridge ID (Bridge number and MAC ID): BPDU packet sent to the switches, returning
switch number and MAC address. Only if the bridge ID is the same, the path codes are
used to determine the shortest path according to the cable speed.

The smallest bridge ID is elected as the root bridge. The highest priority or election
criteria. The MAC address is the determinant.

BPDU (Bridge Protocol Data Unit) through STP (Spanning Tree Protocol) for bridges and
switches:

-We are trying to control the management of data to avoid loops and broadcast storms.
The bridge facilitates communication.

-BPDU: A communication from the root to downstream switches to avoid loops.

-TCN BDPU: Goes from downstream roots to the upstream roots to better understand the
topology of the tree. A status call, these protocols are a notification and update the tree
hierarchy. Hello tree over 2 seconds. The TCN BPDU refreshes/responds every 30
seconds.

-This is done to mitigate the loops and broadcast storms.

-Criteria: MAC address and lowest bit

-To select the route bridge. Packets exist for 20seconds.

-Path Cost Standards: Faster and shortest data transmission

 10 mbps path cost 1999


 100 mbps path cost 199
 1Gbps path cost 20
 10Gbps path cost 2

Finally use the Port ID if the path IDs are equal

-Root port: From a designated port to downstream

-Designated port: Touching/attached to the root bridge

-Alternative port: not a designated or root port

Route Path Cost: In order to determine the shortest path that is loop free. The root bridge
path cost is always 0.

The highest port identifier (the lowest port number) represents the port assigned as the
root port with other ports defaulting to the alternative port role.

To propagate a Hello Timer (2 seconds) the upstream will propagate over 1 second. A
maximum ae timer by default represents a period of 20 seconds.

Root election process

Port role establishment process

Port state Transition SUMMARY

Root Failure:

When a switch is done it cannot send BPDU, so the switches reestablish the bridge root
through the Spanning Tree Protocol (STP). If the device fails

Indirect link failure:

If the port is down. The port table is relabeled. The alternative port is named as a
designated port as it cannot be communicated any other way in this circumstance. Full
recovery of the STP topology occurs after approximately 50 seconds.

Direct Root Failure:

Topology Change MAC instability

A converging spanning tree network. A MAC Address black hole is made

Port transition state:

Disabled, blocking and listening do not send.

STP Modes:
To further mitigate against loops, the switches are not all the same mode and must be
configured by the technician.

-mstp (multiple)

-rstp (rapid)

-stp

If the stp is a priority the priority refers to integers between 0 to 61440 in increments of
4096, 16 increments. With a default value of 32768.

If a legcy stp standard is use the path cost ranges between 1 to 200000

If IEEE 802.1D standard is used the path cost ranges from 1 to 65535

If the IEEE 802.1t standard is used the path cost is ranges from 1 to 200000000.

All root bridges must be designated. Root protection only applies while not an edge port
or a command of loop protection is enabled.

 Learning Outcomes:

Technical Skills

 Network Fundamentals:
o Strong understanding of networking concepts, including TCP/IP, OSI model,
and network protocols (TCP, UDP, HTTP, FTP, etc.)
o Proficiency in network topologies (star, bus, ring, mesh, etc.)
o Knowledge of network devices (routers, switches, firewalls, load balancers)
and their functions
 Network Configuration and Troubleshooting:
o Ability to configure network devices (routers, switches, firewalls) using
command-line interfaces (CLIs) and network management tools
o Proficiency in troubleshooting network issues, such as connectivity problems,
performance bottlenecks, and security breaches
o Skill in using network diagnostic tools (Wireshark, Ping, Traceroute)
 Network Security:
o Understanding of network security concepts, including firewalls, intrusion
detection systems, and VPNs
o Ability to implement and maintain network security policies and procedures
o Knowledge of common network security threats and vulnerabilities
 Network Automation:
o Proficiency in scripting languages (Python, Perl, Bash) for network
automation
o Ability to use network automation tools (Ansible, Puppet, Chef)
o Skill in creating and maintaining automated network configurations
 Cloud Networking:
o Understanding of cloud computing concepts and platforms (AWS, Azure,
GCP)
o Ability to configure and manage virtual networks and network services in
cloud environments
o Skill in implementing hybrid cloud networking solutions

Soft Skills

 Problem-solving and Analytical Skills:


o Ability to identify and troubleshoot complex network issues
o Strong analytical skills to analyze network performance and security metrics
 Communication Skills:
o Effective communication skills to interact with technical and non-technical
stakeholders
o Ability to document network configurations and procedures clearly and
concisely
 Teamwork and Collaboration:
o Ability to work effectively in a team environment
o Strong interpersonal skills to collaborate with colleagues and stakeholders
 Continuous Learning:
o Commitment to staying up-to-date with the latest networking technologies and
trends
o Willingness to learn new skills and certifications

 The skills I've acquired during my time at Mega Softel align seamlessly with my
academic studies and future career goals. My academic background in [Your
Academic Field, e.g., Computer Science, Electrical Engineering] provided a strong
foundation in networking concepts, data structures, and algorithms. The practical
experience at Mega Softel has allowed me to apply these theoretical concepts to real-
world scenarios, solidifying my understanding and enhancing my problem-solving
abilities.
 Looking ahead, these skills will be invaluable as I pursue a career in network
engineering or a related field. The ability to design, implement, and troubleshoot
complex networks, combined with a strong understanding of network security, will be
essential for success. Additionally, the skills in network automation and cloud
networking will position me to embrace emerging technologies and contribute to the
evolving landscape of network infrastructure.

During my training at Mega Softel, I gained a comprehensive understanding of network


infrastructure, protocols, and security. I honed my skills in configuring and
troubleshooting network devices such as routers, switches, and firewalls. Additionally, I
developed expertise in network security, implementing measures to protect the network
from threats. Network automation skills, using tools like Python and Ansible, were also a
key focus of my training.
CHAPTER 3: Analysis and Discussion

 Critical Analysis:
 RSTP (Rapid spanning tree protocol)
 Improvement on STP, backup
 STP Weaknesses: Ensures loop-free network however has a slow network topography as
changes occur. Convergence timers (30-50 seconds). Regular service interuptions
 .
 RSTP: Employs a proposal and agreement process which allows for immediate negotiation of
links to take place, effectively removing the time taken for convergence-based timers to
expire before spanning tree convergence can occur. Proposal & Agreement, immediate
negotiation. Each downstream switch gradually begins to learn of the true root bridge and the
path via which the root bridge can be reached.
 RSTP port toles
 Backup port role represents the backup for the path for the LAN segment in the direction
leading away from the root bride. An edge port directly connects to a terminal and no other,
where redundant links exist,
 RSTP edge ports:
 System not participating gin RSTP connect to the edge port. Edge ports do not receive BDPU
and instanly forward data.
 Port states of RSTP
 -
 -
 -
 -
 -

 RST BPDU
 -00 unknown
 -01 Alternate/backup
 -10 root port
 -Designated port

 Static route would have to be reconfigured manually should the route fail. Only use a static
route for small networks of few users.
 The convergence of a RSTP follow on from STP. There is an additional port on the LAN side,
the edge port.
 RST BDPU Proposal
 All designated ports. One is a superior BPDU. When the BDPU is sent, not propagated
downstream. The edge port is connected to the computer.
 RST BPDU Agreement

 RSTP Converged Link
 The downstream port is blocked, and synchronization occurs. RST BPDU sent back and forth.
 Link/Root failure
 After not receiving three consecutive Hello intervals, the agreement process is reinsitialised in
order to discover port roles for the LAN segment.
 Link failure is noticed immediately, the address entries are flushed. An RST BPDU will
negotiate the port states as part of negotiation and agreement process - MAC Addresses are
dropped and updated
 No waiting, part of configuration settings. When an STP enabled device is added to an RSTP
system it reverts to STP.
 Network Management Station (NMS)
 The edge ports that are shut down by the switch can be manually started only by the network
administrator.
 STP DPDU-protection command should be ued to enable BDPU protection and is confiugred
globally within the system view.

 Distance Vector Routing protocfol (RIP)
 Performance is slow, Hop count limit of 15

 Loop prevention
 Packet is df
 RIP has 2 method Extent is UDP.
 -Authentication
 RIP version 2 is recommended, defauit 1
 Does not use I{ adfe
 Metric

 OSPD
 OSPF

 For 4 devices
 Request + Acknoledgenent X2
 10 seconds
 4 packets sent over 40 seconds is the limit
 Point-to point 10 second interval 40 seconds to withdraw packets
 30 second interval

 Higher prioirty the better the network

 Between 1 - 255 range to select designated and back up value. THe higher the number
the better the network. The higher the authorisation/prioritu on router the beter the
network

 OSPF metric: By default, the metric is 10 which can be changed as per user preference,
there can be alternative.
 10/8*bandwidth

 OSFP tree recommended

 Shortest path algorithm with the potential

OSFFP Areas for one domain such as uni campus.
 OSFP Authentication simply password
 OSPF silent interface only receives updates

 DHCP
 Dynamically assign IP addresses to users.
 Usually wireless
 To assign an IP address
 -Manual: Administrator visits the machine and the IP address assigned is physically
 -Dynamic: Assign to specific machines the
 -Dynamic however the address is reassigned regularly

 DHCP messages
 DISCOVER: CLient can locate DHCP server
 OFFer: When available
 REQUEST: Client sends request but a message broadcast is sent, it is unicast.
 Reply is unicast
 Once a user/machine leaves the IP address can be reassigned. Maximum of 24hrs usage of an
IP address. Notification to renew sent at 50% usage. Down to the minute and second.
 Without the message sent you can be disconnected.


 FTP
 Used to transfer files from the server to the client. VRP operating system.
 Both the client and server must use the same password otherwise they cannot communicate
with each other. Two port numbers used to exchange packets.
 -20 – data control/connections between client and server
 -21 – file transfer
 Two transmission modes
 -ASCII mode for text
 -Binary mode for pictures/images

 Telnet (VTY) with the limit to trials)
 Protocol to connect remotely to manage devices
 -Port 23
 Authentication modes:
 -none: Login without authentication
 -AAA: AAA authentication
 -Password: Authentication
 For some you can determine if a change was made and by who
 Basic Knowledge of IP Routing (Routing packets)
 -AS (Autonomous Systems):
 A clear method of sending the data.
 E.g 2 LANs connected by a LAN. LAN a, LAN b, LAN c. Where LAN c is he link between
LAN a,b.
 Relying on the IP address a Router uses the routing table, compared to a switch which utilises
MAC Addresses. Routers are responsible for routing decisions because of the routing table.
All network nodes are included.
 ROUTING Protocol: RIPv1, RIPv2, ARP
 PRE: Preferences. A router selects the best path based on the highest preferences (smallest
val)
 Direct = 0 (a direct link)
 RIP = 100
 OSPF = 10
 Static preference = 60
 A router command; ‘display’ 10.1.1.0 = router A
 Next hop is the next port I.e 20.1.1.2
 Routing Decision – preferences
 Select the lowest preference value. The protocol helps to decide.
 Routing Decision – Metric/cost
 The decision maker, the metric.
 Routing table forwarding requirements
 Inbound: Default gateway
 Outbound: To the internet or other network
 IP Static (manually, stationery, fixed) Routes
 IP static route/path, a unique non-changing path, if unavailable or something changes it is
down.
 A static route can be assigned on serial links or on ethernet (data link layer) link/cable.
 Configuring/creating a static route
 [RTB] IP route-static 192.168.1.0 (router A/destination) 255.255.255.0 (subnet mask)
10.0.12.1 (next hop router B)
 [RTB} (On router B) ip route-static 192.168.1.0 255.255.255.0 (Subnet mask) Serial 1/0/0
 [RTB] ip route-static 192.168.1.0 24 Serial 1/0/0
 Static Route load balancing
 More than one static route to a destination. Which comes with additional cost, ISP.
 Verifying static route load balancing
 [RTB] ip route-static 192.168.1.0 255.255.255.0 10.0.12.1 + 2nd line is equivalent to
 *[RTB] display ip routing-table
 192.168.1.0/24 static 60 0 RD 10.0.12.1 GigabitEthernet 0/0/0 + 2nd line
 Floating static route check but the when a preference is assigned the route chosen might
still be the highest preference by default
 Special case of default static route when a destination static route is unknown. Works on any
unassigned network:
 [RTA] ip route-static 0.0.0.0 0.0.0.0 10.0.12.2 preference of 60 by default. Can access any +
verification
 Display ip route-table:
 0.0.0./0 static 60 0 RD 10.0.12.2 GigabitEthernet0/0/0
 Distance Vector Routing with RIP – a dynamic routing protocol
 Without a static route you are required to have a routing protocol saved on the routing table.
 Small organisation
 Simple to implement
 RIP, according to the Bellman-Ford algorithm, operates a n interior gateway protocol
 Principle Behavior
 Route advertisements periodically
 Only carry best route info
 Metric number is important
 A hope limit of 15 hops to prevent infinite forwarding/loops.
 Hops represent a metric of 1
 When a network fails the next best route might have loops, the routers learn among
themselves. The metric cap can be changed.
 Through the use of split horizons we can prevent loops.
 Split horizon:
 A route that is down and learnt on an interface cannot be advertised on the same to prevent
loops.
 Enabled by default except on NBMA
 Loop prevention-poisoned reverse:
 Has additional overheads, the routing message size is increased because of advanced
notifications as the routing table is updated.
 Allows the speed of erroneous routes to be timed out to become instantaneous.
 On Huawei AR2200 series router split horizon and poisoned reverse cannot be applied at the
same time, poison reverse is preferred and enabled.

 Loop prevention-triggered update
 Updates of the routing table are sent periodically.
 RIP extension authentication (RIPv2)
 Additional security fixtures. Process of security comparison.
 Malicious packets are filtered.
 Plaintext is not completely secure.
 If the router is not configured for RIP version 2 authentication it reverts back to RIP version 1
and discards authenticated RIPv2 messages.
 RIP load balancing
 In case of link being down
 RIP network advertisement
 [RTA] rip
 [RTA-rip-1] version 2
 [RTA-rip-1] network 10.0.0.0
 RIP metricin/out
 Supports manipulation of metrics.
 Metricin: Change takes effect
 Metricout: Changes do not apply
 *Command:
 [RTC] interface GigabitEthernet 0/0/0
 [RTC-GigabitEthernet0/0/0] rip metricin 2
 RIP output: Outbound interface
 RIP inbound: Inbound interface
 *[RTA-GigabitEthernet0/0/0] undo rip output: restrict advertisement. Update message cease
to be forwarded out of the given interface. Usable where an enterprise does not want to share
its internal routes to an external network via the interface.
 *[RTA-rip-1]silent-interface GigabitEthernet 0/0/1 receive no advertisement
 OSPF (Open Shortest Path First)
 Minimal routing traffic
 Rapid convergence
 Scalable
 Accurate route metrics
 Configure on ethernet
 Configure on serial but defaulted to point-to-point type
 Configure as High-level data link control (HDLC) -data link layer OSI model
 IP address on the network layer
 OSPF can operate on multiaccess network that does not support broadcast.
 Designated Router are implemented by NBMA (Non-broadcast multi access) act as an access
point with backup routers (neighbor(not BDR-backup designated router) or adjacent(linked to
neighbour))

 Discussion of Findings:
 Link State Establishment: Each router transitions between neighbour and adjacent state.
 Each router according to LSA has its own individual unique LSDB
 DR election process: Priority set at 1. If priority of 0 then it doesn’t participate in the election.
Highest priority becomes the Designated Router (sends advertisements for efficiency)
 Cost metric formula 10^8/bandwidth
 By using the bandwidth, the metric accuracy is improved
 A link state protocol, uses LSA (link state advertisement) the information is LSA saved on the
LSDB (link state database) on the routing table.
 Router ID is 32-bit used to identify each router running OSPF protocol
 If a logical interface has been configured the Router ID is the highest configured logical
interfaces IP address
 OSPF areas-single area
 As the network grows, Area 0 is recommended but can be assigned
 Multi area
 Allows an OSPF to compartmentalise based on a link state database that is identical for an
area while granting information on destination of the OSPF domain
 Default Process id 1
 Selects the lowest router ID

 [RTA-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
 The network to be advertised.
 OSPF authentication
 Once advertisement is concluded, security can be incorporated
 [RTA-GigabitEthernet0/0/0]ospf authentication-mode md5 1 huawei
 OSPF silent interface
 Prevent an interface from forming neighbor relationships with peers (sharing its router table)
 DR and BDR use the multicast address 224.0.0.6


 DHCP address acquisition
 Discover (broadcast)
 Offer (unicast)
 Request (broadcast)
 ACK (unicast)
 DHCP lease renewal request (unicast)
 DHCP interface pool configuration
 Dhcp select interface
 Dhco server dns-list 10.1.1.2
 Dhcp server excluded-ip-address 10.1.1.2 ***excluded the Ip address of the DNS IP address
server
 Exclude the gateway IP address as it is used by everyone as an entry.
 DHCP global pool configuration
 Dhcp enable
 [Huawei-ip-pool-pool2]network 10.2.2.0 mask 24
 [Huawei-ip-pool-pool2]gateway-list 10.2.2.1
 [Huawei-ip-pool-pool2]lease day 1
 [Huawei-ip-pool-pool2]quit
 [Huawei-GigabitEthernet0/0/1]dhcp select global
 FTP protocol
 Sending files
 E.g Updating operating system
 Telnet protocol principel
 Remote access for large organisations
 Security, ssh
 Telnet client and telnet server
 Password vty 0 4

 Gateway vs next hop (address)
 Switches have a gateway only if it is layer 3 separating full access to private access. On a
router, its port assigned Ip address
 Default gateway: IP address door taking your from one subnet to another.
 Layer 2 switch have are not gateways they use MAC addresses and are on the same LAN
 VLANs isolate into sub interfaces - datalink layer
 Next hop is a link for a specific device to another port.

 Intermediate Training
 Huawei enterprise solutions for performance, scalability, reliability, security and management

 Advanced Enterprise Solutions (Overview)


 Expanding Enterprise Networks
 Telecoms Solutions for Enterprise Networks
 Enterprise Network Efficiency
 Enterprise Network Security
 Network and application
 Enterprise Network Management
 Monitoring through eSight. Remote, such as with wire shark.
 Next Generation Enterprise Networks
 Private, public and hybrid cloud.

 Link Aggregation
 Optimizing the throughput of data, link aggregation enables the binding of multiple physical
interfaces into a single logical pipe. (Performance, scalability, reliability)
 Link Aggregation
 Provides for increased bandwidth, enhanced reliability and support of load balancing.
 Application in the Enterprise Network
 Where is demand for data transmission the highest. Point of departure to foreign destination,
 Like Aggregation Modes
 on the LACP on a link aggregation
 Data Flow Control
 Speed 1000.
 Frames with the same source MAC addresses are transmitted over the same physical link
 Frames with the same destination....
 ….
 ….
 …
 ...
 L2 Link Aggregation Configuration
 L3 Link Aggregation Configuration
 Transition the trunk from 2nd layer to the 3rd layer
 Use undo port switch, then an IP address can be assigned to the interface.
 Displaying Aggrgation
 ….

 VLAN(Virutal Local Area Network) Principles


 For safety, put it on a separate VLAN.
 Manage the large network by dividing into subnetworks.
 Improve the manageability
 LAN Limitation
 VLAN Technology
 Enable logical isolation of network traffic
 At the data link layer.
 Created on switches same OSI model layer as switches.
 VLAN Frame Format
 VLAN tag contains Tag Protocol Identifier (TPID)-IEEE 802.1Q tag format and Tag Control
Information (TCI) to carry data. Priority Code Point is a form of traffic classification field
that is used to differentiate forms of traffic. Classification such as voice, video, data, etc.
Show as a 3 bit value (0-7) understood on gerneral 802.1Q class of service (COS).
 Drop Eligibility Criteria (DEI) such as true or false bit. determines eligiblity to discard data.
 Link Types
 Trunk: Backbone for the transmission of VLAN traffic. Difference between switches
 Access: Between and end system and a swtich device participating in VLAN tagging.
 Port VLAN ID
 You can set each VLAN to accept default VLAN for the interface to be recognised as the Port
VLAN ID (PVID). This deter,mines the behaviour that is applied to any frames being
received or transmitted.
 Port Types – Access
 Access ports associated with access links and frames being transmitted from an interface are
assigned VLAN tag that is equal to the Port VLAN ID (PVID).
 if a tag and PVID vary the frame is not forwarded and discarded. A untagged fram is
forwarded to the interface of the switch to all other destinations to be understood
 Port types –Trunk
 Decides what is transmitted. Trunk port associated with the trunk links, the PVID identifies
VLAN frames requried to carry a VLAN tag before forwarding. If it has the PVID it can
travel otherwise VLAN tag must be included
 Port Types – Hybrid
 Hybrrd ports are either tagged or untagged. VLAN communication is managed port by port. A
trunk port is not connected to a machine but a switch.
 Hybrid ports Represent the default for Huawei devices. If it is tagged the PVID allows it to
travel. If it is untagged it must be in the access area to be transmitted. If it is on the trunk it
must be tagged to travel. A tag must be added by the port which received an untagged frame
from an end system.
 Hybrid ports something about tags corresponding to a PVID
 VLAN Assignment Methods
 Port based e.g. G0/0, g0/0/7
 MAC Address 00:01:02:03:04:AA,
 IP based subnet 10.0.0.1
 Protocol based e.g. IP, IPX
 Policy based10.0.1, g0/07, 00:01:02:04:AA
 Creating a VLAN
 VLAN range 1-4094.
 VLAN batch (each host)
 All ports are associated with VLAN 1 as the default
 Setting the port Link type
 0/0/1 the layer for trunks: tagged
 0/0/5 trunk access: untagged
 All Huawei switches are Hybrid Look at the image for the switch.
 Creating VLANs
 vlan <ID>
 port <location>
 port link type <access/trunk>
 Forwarding over the Trunk
 port link-type trunk
 port trunk pvid vlan 10
 port trunk allow-pass vlan 2 3 #forwarding over the trunk
 Access untagged, link down(inactive) as it as it is unspecified
 Access untagged, link up(active), specified... it was added to the trunk
 Configuring Hybrid Port
 [SWA.....0/0/5]
 Voice VLAN Application
 voice-vlan 2 enable …..(required)
 mode auto: to add the port or not
 voice-vlan mac-address <mac-address>
 Associated with voice VLAN based on the Organisationallu Unique identifer (OUI)

 GARP and GVRP


 The VLAN organising themselves as though they were routers (network layer 2), this is
however the datalink layer 2. For implementation and removal of
 Generic Attribute Registration Protocol (GARP)
 An architecture for the registration, deregistration and propagation of attributes between
switches is enabled. GARP is employed by GVRP - the shell, the virtual machine.
 PDU (Protocol Data Unit) are sent from GARP and use multicast MAC address 01:20-C2-00-
00-21.
 Events between switches:
 0: LeaveAll event
 1: JoinEmpty event
 2: JoinIn event
 3: LeaveEmpty event
 4: LeaveIn event
 5: Empty event
 Attrbute events – Join Message
 Allows the device to join the attributes. Either:
 JoinEmpty: Unregistered
 JoinIn: Declared a registered attribute
 Attribute events - leave message
 Trying to deregister what has been registered.
 LeaveIn:
 LeaveEmpty:
 Attribute events – Leave All message


 GVRP
 Registration modes
 VLAN Types:
 Static (Manually for registration)
 Dynamic (Automatically for registration)
 Registration modes:
 Fixed: Only sends declaration static registration
 Normal: Permits static and dynamic VLANs
 Forbidden: The GVRP interface is disabled from dynamically registering and deregistering
VLANs except for VLAN 1 – default Huawei router
 Enabling GVRP
 Command gvrp is used to enable GVRP once the interface has neem configured to operate as
part of VLAN.
 port trunk allow-pass vlan all
 gvrp registration fixed/normal
 [SWA]display gvrp status … “GVRP is enabled”

 VLAN routing
 VLAN Disadvantages
 Forbidden access
 VLAN Routing
 VLAN frames are routed over a trunk link for port conservation.
 VLAN routing features
 2 IP addresses however one IP address is virtual – sub interface
 VLAN Routing Config
 **[SWA]vlan batch 2 3
 [SWA]port link-type access
 [SWA]port trunk allow-access all**
 [RTA] interface GigabitEthenet0/0/0/1.1... Creating the sub interface
 [RTA-GigabitEthernet0/0/1.1]dotlq terminate vid 2
 performs port receiving VLAN packet will remove the VLAN tag from the fram and forward
the packet via layer 3 routing
 [RTA-GigabitEthernet0/0/1.1]arp broadcast enable
 Applied to each logical interface, if it remains disabled on the sub-interface the router will
discard packets!!
 *** learn the sequence of all commands****
 L3 Switch based VLAN routing
 VLANIF (VLAN interfaces) are used by each VLAN as a route gateway.
 Benefit over router:
 Forwarding VLAN traffic with minimum delay.
 Known as line speed forwarding
 VLAN Gateway assigned

Wireless LAN Overview


Development of WLAN
Wireless Local Area Network Evolution
Fixed network
802.11a/b 54 MBps 2.4GHz

802.11n 600Mbps 2.4-5GHz


802.11 ac >1 Gbps 5GHz
BYOD
Wireless coverage
Wireless LAN solutions
Wireless LAN security
Principle and Configuration of HDLC and PPP
Point-to-point : Data link layer 2
Frame relay : Data link layer 2
HDLC : Data layer 2
Serial Signaling
Connect via ethernet or serial link
Synchrnoous access
Asynchrnonouos access
THe HDLC (High Level Data Link Control) Protocol
Supports both
Basic Config of HDLC
[RTA[ interface serial 1/0/0
[RTA] link-protocoo hdlc
[RTA] ip address 10.0.1.1 30
Assigning Unnumbered Addresses in HDLC
IP addresses can be borrowed from other interfaces in order to establish connectivity I.e. Eduroam
ISP provides links occasionally.
Config validation
[RTA] display ip interface brief
PPP protocol Application
A multiprotocol standard used as with HDLC to define the link layer operation over a serial medium.
Encapsulates and transmits network layer packets over point-to-point (P2P) over full-duplex
synchronous and asynchronous links. Built on Serial Line Internet Protocol (SLIP).
Frame relay (FR) only supports synchronous links – such as with Banks that are standalone.
Components of PPP
PPP encapsulation method: ….
Link Control protocol: …
Network Control Protocol: ….
PPP Frame:
LCP packets, NCP packets...
Packet types used in LCP negotiation
Configure Request
Configure-Acknolodgement
Configure-Nak, unaccepted configuration options
Configure-Reject
Common Link Parameters of LCP Negotiation
Maximum Receive Unit
Authenticaton protocol
Magic Number
PPP Basic Configuration
[RTA] interface serial 0/0/0

[RTA serial ] protocol PPP


PPP Authentication Mode – PAP
PPP Authentication Mode – CHAP (Challenge handshake authentication protocol)
Configuring PAP Authentication
Less secure than CHAP (encryption based) as it is plaintext
[RTA] aaa
[RTA-aaa] local-user huawei password: cipher huawei123
AAA: Authentication, Acknowledge

Frame Relay Principles


Frame relay networks comprise of Data terminal equipment (DTE) and Data circuit terminating
equipment(DCE).
DTE is at the edge of the customer network
LMI Negotiation Process
LMI protocol one link can negotiate with the frame relay switch
Inverse ARP Neogtiation Process
Main function to resolve the IP address of the remote device that is connected to every virtual circuit.
(VC). If protocol address of the remote device connected to the VC is known, the mapping between
the remote protocol address and DLCI can be created on the local end, which can avoid configuring
the address mapping manually.
Frame Relay & Split Horizon
Split Horizon: Prevents data received on an interface from being forwarded out of the same
physical interface.
Frame relay sub-interfaces
Apply a logical sub-interface to a single physical interface. Two types:
Point-to-Point: Connect a single remote device. The peer address is identified
Point-to-Multipoint: Used to connect multiple remote devices, each PVC will map the
protocol address of its connected remote device. Different PVCs can reach different remote devices.
The address mapping must be configured manually, or dynamically set up through the Inverse address
resolution protocol(InARP)
Frame Relay Config –Dynamic Mapping
You need InArp – Inverse Address Resolution Protocol, Need a linked layer ptocol type. The interface
on the custome side must be DTE on the edge. . This is by default on Huawei ARG3 series routers, set
to DTE.
To allow the dynamic mapping to cocur the fr in arp command is applied.
***See Syntax***
Using the fr Inarp it is possible to discover all permanent virtual circuits (PVC) associated with the
local interface
Frame Relay Configuration –Static Mapping
The fr map ip [des-addr [mask] dlci-numer] configures a static mapping by associating the protocol
address.
This config helps upper layer protocols locate a peer device based on the protocol address o f the
peer device.
READ rules
Need DLCI number.
Simple methods to transmit and exchange data.

Principle and Configuration of PPPoE (Point-to-Point over Ethernet)


Fiber is possible.
Digital Subscriber Lines
Old tech, dial-up,
BRAS (Broadband Remote Access Server)
PPPoE Application in DSL
No security, no authentiation
PPPoE Protocol Packets:
PADI: Active Discovery Initiative Packet
PADO:
PADR:
PADS:
PADT:
Padi, Pado, Padr needed to open a connection.
PADT to close the connection
PPPoE session Establishment Protocol
PADI to all to determine who needs the data.
PADO sent back,
If no response is received, PADR sent to the address that is relevant
PADS is the session to be open.
PADT: The session is over terminate the session
Configuring A PPP Dialer interface
Old reliable. Three steps:
Dial-up interface

Network Address Translation (NAT)


Private & Public Networks
NAT behaviour
Uses the established boundary of the gateway router to identify network domains for translation.
Separates public from private.
A NAT must be able to create a mapping table within the gateway to allow the gateway to allow the
gateway to determine as to which private network destination address a packet received from the
public network should be sent, again requiring address translation to be performed along the return
path
Static NAT
Represents a one –to-one (1 IP address) mapping of static NAT that is manually configured by the
administrator
Dynamic NAT
Works on the principle of an address pool. Internal end systems wishing to forward traffic to a public
network can associate with a public address from an address pool.
Network Address port translation (NAPT)
Security reason. Internals ports should not be available externally. Hide the IP address and the port
numbers. The ISP provides public port numbers in lieu of the private individuals port number. More
like dynamic.
Easy IP
The WAN interfaces address used as a single public address for all internal users, with port numbers
used to distinguish sessions. Create an Easy IP through a dial-up to receive a temporary public IP
address received by the outbound interface. Small scale enterprises.
NAT Internal Server
E.g. Accessing the UCT/WITs server externally
External sources can reach internal addresses.
Mapping of both the IP address and port number is performed.
Mapping occurs.
Static NAT Config
[RTA]interface GigabitEthernet0/0/1 …. Inbound, default gateway
[RTA-GigabitEthernet0/0/1]ip address 19.2.168.1.254 24 ….
[RTA] interface Serial1/0/0
[RTA-Serial1/0/1]ip address 200.10.10.1 24
[RTA]nat static global 200.10.10.5 inside 192.168.1.1 .... invoking NAT static
[RTA} display nat static



...
Netmask: 255.255.255.255
Dynamic NAT Config
[RTA]nat address-group 1 200.10.10.11 200.10.10.16 …. pool of IP addresses
[RTA]acl 2000 …. Access Control List (ACL)
[RTA-acl-basic-2000]rule 5 permit source 192.168.1 0 0.0.255 (subnet)
[RTA-acl-basic-2000]quit
[RTA-Serial1/0/0]nat outbound 2000 address-group 1 no-pat
We have ACL (Access Control List) 2000
Rule 5, 10, 15
outbound – we request their port numbers and IP addresses, belongs to address group 1
no-pat : No port address translation
CHAPTER 4: Conclusion

During my training at Mega Softel, I gained valuable experience in network engineering.


Key highlights include:

 Technical Skills:
o Mastered network fundamentals, including TCP/IP and OSI model
o Gained proficiency in configuring and troubleshooting network devices
o Developed expertise in network security, implementing measures to protect
the network
o Acquired skills in network automation using Python and Ansible
o Gained knowledge of cloud networking concepts and practices
 Soft Skills:
o Enhanced problem-solving and analytical skills
o Improved communication and collaboration skills
o Developed the ability to work effectively in a team environment

These skills and knowledge will be instrumental in my future career as a network


engineer

Key Learning Experiences


My time at Mega Softel provided a comprehensive and immersive learning experience,
equipping me with a strong foundation in network engineering. Some of the most significant
learning experiences include:
Technical Skill Development:
 Network Fundamentals: I gained a deep understanding of TCP/IP, OSI model, and
other fundamental networking concepts. This knowledge is essential for effective
network design, implementation, and troubleshooting.
 Network Device Configuration and Troubleshooting: I honed my skills in
configuring and troubleshooting network devices such as routers, switches, and
firewalls. I learned to use various network management tools to monitor network
performance, identify and resolve issues, and optimize network configurations.
 Network Security: I acquired practical experience in implementing and maintaining
network security measures, including firewalls, intrusion detection systems, and
VPNs. I learned to assess network vulnerabilities, conduct security audits, and
respond to security incidents.
 Network Automation: I gained proficiency in network automation using scripting
languages like Python and Ansible. I learned to automate routine tasks, such as device
configuration, software upgrades, and network monitoring, improving efficiency and
reducing human error.
 Cloud Networking: I gained exposure to cloud networking concepts and
technologies, including cloud-based network services, virtual networks, and network
function virtualization (NFV). This knowledge is crucial for designing and
implementing hybrid cloud networks.
Soft Skill Enhancement:
 Problem-Solving and Analytical Skills: I developed strong problem-solving and
analytical skills by troubleshooting complex network issues and identifying root
causes. I learned to approach problems systematically and break them down into
smaller, manageable steps.
 Communication and Collaboration: I honed my communication skills by
effectively interacting with team members, stakeholders, and end-users. I learned to
explain technical concepts in clear and concise language, both verbally and in writing.
I also developed strong collaboration skills by working effectively with diverse teams
to achieve common goals.
 Time Management and Organizational Skills: I learned to prioritize tasks, manage
time effectively, and meet deadlines. I developed strong organizational skills by
maintaining accurate documentation and adhering to best practices.
 Continuous Learning: I cultivated a mindset of continuous learning and professional
development. I actively sought out opportunities to learn new skills and technologies,
such as attending conferences, webinars, and online courses.
By combining technical expertise with strong soft skills, I am well-prepared to excel in a
challenging and dynamic network engineering role. I am confident in my ability to contribute
to the success of future projects and organizations.
The training I received at Mega Softel has had a significant impact on both my personal and
professional development.
Personally, the training has boosted my confidence in my technical abilities. I now have a solid
understanding of networking fundamentals and practical experience in implementing network
solutions. This increased confidence has positively impacted my approach to problem-solving and my
ability to learn new technologies.
Professionally, the training has equipped me with the necessary skills to excel in a network
engineering role. I have gained hands-on experience in network design, implementation,
troubleshooting, and security. These skills are highly valued in the industry and will enable me to
contribute effectively to projects and teams.
Furthermore, the training has provided me with a strong foundation for future learning and growth. I
am excited to continue exploring emerging technologies like network automation, cloud networking,
and software-defined networking. The knowledge and skills I acquired at Mega Softel will serve as a
solid base for my ongoing professional development.
CHAPTER 5: REFERENCE

[1] S. Kumar, M. K. Chaube and S. Kumar, "Secure and Sustainable Framework for Cattle Recognition Using
Wireless Multimedia Networks and Machine Learning Techniques," in IEEE Transactions on Sustainable
Computing, vol. 7, no. 3, pp. 696-708, 1 July-Sept. 2022, doi: 10.1109/TSUSC.2021.3123496.
[2] P. Kumar et al., "PPSF: A Privacy-Preserving and Secure Framework Using Blockchain-Based Machine-
Learning for IoT-Driven Smart Cities," in IEEE Transactions on Network Science and Engineering, vol. 8,
no. 3, pp. 2326-2341, 1 July-Sept. 2021, doi: 10.1109/TNSE.2021.3089435.
[3] S. Yılmaz, E. Aydogan and S. Sen, "A Transfer Learning Approach for Securing Resource-Constrained IoT
Devices," in IEEE Transactions on Information Forensics and Security, vol. 16, pp. 4405-4418, 2021, doi:
10.1109/TIFS.2021.3096029.
[4] N. Chawla, A. Singh, H. Kumar, M. Kar and S. Mukhopadhyay, "Securing IoT Devices Using Dynamic
Power Management: Machine Learning Approach," in IEEE Internet of Things Journal, vol. 8, no. 22, pp.
16379-16394, 15 Nov.15, 2021, doi: 10.1109/JIOT.2020.3021594.
[5] D. H. Hagos, A. Yazidi, Ø. Kure and P. E. Engelstad, "A Machine-Learning-Based Tool for Passive OS
Fingerprinting With TCP Variant as a Novel Feature," in IEEE Internet of Things Journal, vol. 8, no. 5, pp.
3534-3553, 1 March1, 2021, doi: 10.1109/JIOT.2020.3024293.
[6] M. A. Al-Garadi, A. Mohamed, A. K. Al-Ali, X. Du, I. Ali and M. Guizani, "A Survey of Machine and Deep
Learning Methods for Internet of Things (IoT) Security," in IEEE Communications Surveys & Tutorials,
vol. 22, no. 3, pp. 1646-1685, thirdquarter 2020, doi: 10.1109/COMST.2020.2988293.
[7] S. Zafar et al., "A Systematic Review of Bio-Cyber Interface Technologies and Security Issues for Internet
of Bio-Nano Things," in IEEE Access, vol. 9, pp. 93529-93566, 2021, doi:
10.1109/ACCESS.2021.3093442.
[8] W. Y. B. Lim et al., "Hierarchical Incentive Mechanism Design for Federated Machine Learning in Mobile
Networks," in IEEE Internet of Things Journal, vol. 7, no. 10, pp. 9575-9588, Oct. 2020, doi:
10.1109/JIOT.2020.2985694.
[9] M. U. Aftab et al., "A Hybrid Access Control Model With Dynamic COI for Secure Localization of Satellite
and IoT-Based Vehicles," in IEEE Access, vol. 8, pp. 24196-24208, 2020, doi:
10.1109/ACCESS.2020.2969715.
[10] O. Mendsaikhan, H. Hasegawa, Y. Yamaguchi and H. Shimada, "Quantifying the Significance and
Relevance of Cyber-Security Text Through Textual Similarity and Cyber-Security Knowledge Graph," in
IEEE Access, vol. 8, pp. 177041-177052, 2020, doi: 10.1109/ACCESS.2020.3027321.
[11] N. M. Karie, N. M. Sahri, W. Yang, C. Valli and V. R. Kebande, "A Review of Security Standards and
Frameworks for IoT-Based Smart Environments," in IEEE Access, vol. 9, pp. 121975-121995, 2021, doi:
10.1109/ACCESS.2021.3109886.
[12] M. Saharkhizan, A. Azmoodeh, A. Dehghantanha, K. -K. R. Choo and R. M. Parizi, "An Ensemble of Deep
Recurrent Neural Networks for Detecting IoT Cyber Attacks Using Network Traffic," in IEEE Internet of
Things Journal, vol. 7, no. 9, pp. 8852-8859, Sept. 2020, doi: 10.1109/JIOT.2020.2996425.
[13] A. Kovačević, N. Putnik and O. Tošković, "Factors Related to Cyber Security Behavior," in IEEE Access,
vol. 8, pp. 125140-125148, 2020, doi: 10.1109/ACCESS.2020.3007867.
[14] B. Chatterjee, D. Das, S. Maity and S. Sen, "RF-PUF: Enhancing IoT Security Through Authentication of
Wireless Nodes Using In-Situ Machine Learning," in IEEE Internet of Things Journal, vol. 6, no. 1, pp. 388-
398, Feb. 2019, doi: 10.1109/JIOT.2018.2849324.
[15] M. H. Cintuglu, O. A. Mohammed, K. Akkaya and A. S. Uluagac, "A Survey on Smart Grid Cyber-Physical
System Testbeds," in IEEE Communications Surveys & Tutorials, vol. 19, no. 1, pp. 446-464, Firstquarter
2017, doi: 10.1109/COMST.2016.2627399.
[16] R. Kozik, M. Choraś and W. Hołubowicz, "Packets tokenization methods for web layer cyber security," in
Logic Journal of the IGPL, vol. 25, no. 1, pp. 103-113, Feb. 2017, doi: 10.1093/jigpal/jzw044.

You might also like