Computer Networks

CCNA notes

Routers:

• Function: Connects different networks and routes data packets between them.
• Working: Routers use IP addresses to determine the best path for forwarding data packets
to their destination. They maintain routing tables that help in directing the packets through
the most efficient routes across different networks, including LANs, MANs, and WANs.

Switch:

• Function: Connects multiple devices within a single network (usually a LAN) and forwards
data based on MAC addresses.
• Working: Switches operate at the data link layer (Layer 2) of the OSI model. They receive
data frames, examine the MAC address in each frame, and forward it only to the device with
the matching MAC address, reducing unnecessary traffic and improving network efficiency.

Hub:

• Function: Connects multiple Ethernet devices, making them act as a single network
segment.
• Working: Hubs operate at the physical layer (Layer 1) of the OSI model. They broadcast
incoming data packets to all ports, regardless of the destination, causing all devices in the
network segment to receive the data. This can lead to network inefficiencies due to
unnecessary traffic.

Firewall:

• Function: Monitors and controls incoming and outgoing network traffic based on
predetermined security rules.
• Working: Firewalls can operate at various layers (network, transport, application). They
inspect data packets and either allow or block them based on security rules. Firewalls can be
hardware-based or software-based and are crucial for protecting networks from
unauthorized access and cyber threats.

Server:

• Function: Provides services, resources, and data to other computers (clients) over a
network.
• Working: Servers can perform a variety of tasks, such as hosting websites, managing emails,
storing files, or running applications. They respond to requests from clients, providing the
required resources or data. Servers typically have higher processing power, memory, and
storage compared to regular computers.

Endpoint:

• Function: Any device that is connected to a network and is an end point for communication.
• Working: Endpoints include devices such as computers, smartphones, tablets, and IoT
devices. These devices initiate and receive data communication over the network. Endpoints
typically have network interface cards (NICs) that facilitate their connection to the network.

1
Access Point (AP):

• Function: Provides wireless connectivity to devices within a local area network (LAN).
• Working: Access Points connect to a wired network (usually through a switch or router) and
broadcast a wireless signal that devices can connect to. They manage the wireless
connections and ensure that data is transmitted to and from the correct devices, providing
seamless wireless access to the network

OSI Model
The OSI (Open Systems Interconnection) reference model is a conceptual framework used to
understand and standardize the functions of a telecommunication or computing system without
regard to its underlying internal structure and technology. It divides the tasks involved in moving
information between networked computers into seven smaller, more manageable layers. Here’s a
brief explanation of each layer:

1. Physical Layer:
• Function: The Physical layer is responsible for the actual physical connection between
devices. It defines the hardware equipment, cabling, signalling, and data rates that enable
the transmission and reception of raw bit streams over a physical medium.
• Key Elements: Cables, hubs, and other hardware.
• Responsibilities: Defines the hardware specifications, such as voltage levels, timing of
voltage changes, physical data rates, and maximum transmission distances.
2. Data Link Layer:
• Function: The Data Link layer handles the reliable transmission of data across a physical link.
It ensures that data packets are free of errors by managing frame synchronization, error
detection, and flow control. This layer also provides the MAC (Media Access Control)
addressing that uniquely identifies devices on a network.
• Key Elements: Network interface cards (NICs), switches.
• Responsibilities: Frames data packets, adds MAC addresses, handles error detection and
correction, and manages physical addressing.
3. Network Layer:
• Function: The Network layer is responsible for determining the best physical path for data to
reach its destination. It manages logical addressing (IP addressing) and handles the routing
of data packets between devices across different networks.
• Key Elements: Routers, IP addresses.
• Responsibilities: Handles logical addressing (IP addressing), routing, and forwarding of
packets across different networks.
4. Transport Layer:
• Function: The Transport layer ensures end-to-end communication, reliability, and data
integrity between hosts. It provides error checking, data segmentation, and reassembly, as
well as flow control and congestion avoidance. The Transport layer can operate in two
modes: connection-oriented (TCP) or connectionless (UDP).
• Key Elements: Transport protocols (e.g., TCP, UDP).
• Responsibilities: Ensures error recovery, flow control, and reliable data transfer, and
manages end-to-end communication.
5. Session Layer:

2
 • Function: The Session layer manages sessions or connections between applications. It
establishes, maintains, and terminates connections, ensuring that the data is synchronized
and properly managed during the communication process.
• Key Elements: APIs, sockets.
• Responsibilities: Establishes, maintains, and terminates sessions, manages dialog control,
and synchronizes data exchange.
6. Presentation Layer:
• Function: The Presentation layer is responsible for translating, encrypting, and compressing
data. It ensures that the data sent from the application layer of one system is readable by
the application layer of another system. It handles data formats, encryption, and data
compression/decompression.
• Key Elements: Data format translators, encryption/decryption.
• Responsibilities: Ensures data is in a usable format, handles data encryption, decryption,
compression, and translation between different data formats.
7. Application Layer:
• Function: The Application layer is the closest to the end-user and interacts directly with
software applications to provide network services. It serves as the interface for
communication between network services and end-user applications.
• Key Elements: Network applications (e.g., web browsers, email clients).
• Responsibilities: Facilitates communication between software applications and lower layers,
provides network services like file transfers, email, and other network software services.

TCP/IP model and its comparison with OSI model:

1. Link Layer (also known as Network Interface Layer or Network Access Layer):
o Function: Handles the physical connection between devices and the transmission of
raw data.
o Key Elements: Ethernet, Wi-Fi, ARP (Address Resolution Protocol).
o Responsibilities: Manages hardware addressing and the physical transmission of data,
such as framing, MAC addresses, and error detection on the physical medium.
2. Internet Layer:
o Function: Provides logical addressing and routing, ensuring data can traverse multiple
networks.
o Key Elements: IP (Internet Protocol), ICMP (Internet Control Message Protocol), IGMP
(Internet Group Management Protocol).
o Responsibilities: Routes data packets between devices on different networks, handles
logical addressing (IP addresses), fragmentation and reassembly of packets, and error
reporting.
3. Transport Layer:
o Function: Facilitates end-to-end communication and ensures complete data transfer.
o Key Elements: TCP (Transmission Control Protocol), UDP (User Datagram Protocol).
o Responsibilities: Establishes connections, provides reliable data transfer (TCP) or faster,
connectionless communication (UDP), error detection and correction, flow control, and
ensures data integrity and order.
4. Application Layer:
o Function: Provides network services directly to user applications.
o Key Elements: HTTP, FTP, SMTP, DNS (Domain Name System), Telnet, SNMP (Simple
Network Management Protocol).

3
 o Responsibilities: Enables communication between software applications and provides
various network services such as web browsing, email, file transfer, and name
resolution.

Comparison to the OSI Model:

• Link Layer: Corresponds to the Physical and Data Link layers in the OSI model.
• Internet Layer: Corresponds to the Network layer in the OSI model.
• Transport Layer: Corresponds to the Transport layer in the OSI model.
• Application Layer: Corresponds to the Session, Presentation, and Application layers in the
OSI model.

Different Protocols used in communication:

1. Transmission Control Protocol (TCP):

Overview:

• Type: Connection-oriented protocol.

• Layer: Transport Layer (Layer 4 of the OSI model).
• Purpose: TCP is designed to provide reliable, ordered, and error-checked delivery of a
stream of data between applications running on hosts in a network.

Key Features:

• Connection Establishment: TCP uses a three-way handshake process to establish a

connection before data is transmitted. This involves the exchange of SYN (synchronize) and
ACK (acknowledge) packets between the client and server.
• Reliability: TCP ensures that data is delivered in the correct order and without errors. If
packets are lost or corrupted during transmission, TCP retransmits them.
• Flow Control: TCP uses a windowing mechanism to control the flow of data, ensuring that
the sender does not overwhelm the receiver with too much data at once.
• Congestion Control: TCP dynamically adjusts the rate of data transmission to avoid network
congestion.
• Segmentation: Data is divided into smaller segments that are transmitted individually and
reassembled at the destination.

Use Cases:

• Web Browsing: HTTP and HTTPS use TCP for reliable communication.
• Email: SMTP, IMAP, and POP3 use TCP.
• File Transfer: FTP uses TCP to ensure reliable file transfer.

2. User Datagram Protocol (UDP):

Overview:

• Type: Connectionless protocol.

• Layer: Transport Layer (Layer 4 of the OSI model).
• Purpose: UDP is designed for applications where speed is more critical than reliability. It
allows for the rapid transmission of data without the overhead of error checking or flow
control.

4
Key Features:

• No Connection Establishment: Unlike TCP, UDP does not establish a connection before data
is transmitted. Data is sent as soon as it is ready.
• No Reliability: UDP does not guarantee the delivery of data. There is no acknowledgment of
received packets, and lost packets are not retransmitted.
• Low Overhead: UDP has minimal protocol overhead, making it faster and more efficient for
certain types of communication.
• Broadcasting and Multicasting: UDP supports broadcasting and multicasting, where data is
sent to multiple recipients at once.

Use Cases:

• Streaming: Live video and audio streaming services use UDP to minimize latency.
• Gaming: Online multiplayer games use UDP to reduce delay.
• VoIP: Voice over IP (VoIP) applications use UDP to ensure real-time communication.

3. Hypertext Transfer Protocol (HTTP):

Overview:

• Type: Application layer protocol.

• Layer: Application Layer (Layer 7 of the OSI model).
• Purpose: HTTP is the foundation of data communication on the World Wide Web. It is used
for transmitting hypertext documents, such as HTML, between a web server and a client
(usually a web browser).

Key Features:

• Stateless Protocol: Each HTTP request and response is independent. The server does not
retain any information about previous requests.
• Methods: HTTP uses various request methods to perform different operations:
o GET: Requests data from the server.
o POST: Submits data to the server for processing.
o PUT: Updates data on the server.
o DELETE: Removes data from the server.
• Status Codes: HTTP responses include status codes to indicate the outcome of the request
(e.g., 200 OK, 404 Not Found).
• Security: HTTPS (HTTP Secure) is an extension of HTTP that uses SSL/TLS to encrypt data
between the client and server.

Use Cases:

• Web Browsing: HTTP/HTTPS is used to retrieve and display web pages.

• APIs: RESTful APIs often use HTTP for communication between applications.

4. Simple Mail Transfer Protocol (SMTP):

Overview:

• Type: Application layer protocol.

5
 • Layer: Application Layer (Layer 7 of the OSI model).
• Purpose: SMTP is used for sending and relaying outgoing emails between email clients and
servers.

Key Features:

• Connection-Oriented: SMTP uses TCP to ensure reliable transmission of emails.

• Push Protocol: SMTP is primarily a push protocol, meaning it is used to send email from the
client to the server or between servers.
• Plain Text: SMTP messages are sent in plain text, which makes them readable but also
vulnerable to interception. Encryption (e.g., using STARTTLS) is often added to secure SMTP
communications.
• Store-and-Forward: SMTP servers can store messages temporarily and forward them later if
the destination server is unavailable.

Use Cases:

• Email Sending: SMTP is used by email clients (e.g., Outlook, Gmail) to send messages to mail
servers.
• Mail Relaying: SMTP servers relay email messages between different domains.

5. File Transfer Protocol (FTP):

Overview:

• Type: Application layer protocol.

• Layer: Application Layer (Layer 7 of the OSI model).
• Purpose: FTP is used for transferring files between a client and a server over a network.

Key Features:

• Connection-Oriented: FTP uses TCP to ensure reliable file transfer.

• Modes: FTP operates in two modes:
o Active Mode: The client opens a port and listens while the server actively connects
to it.
o Passive Mode: The server opens a port and waits for the client to connect.
• Authentication: FTP requires users to authenticate with a username and password, though
anonymous FTP allows access without credentials.
• Data and Command Channels: FTP uses separate channels for commands (control channel)
and data transfer (data channel).

Use Cases:

• File Download/Upload: FTP is commonly used to download or upload files to/from a server.
• Website Maintenance: Web developers use FTP to upload files to a web server.

Types of Networks:

1. LAN (Local Area Network):

6
 • Description: A network that connects computers and devices within a limited geographic
area, such as a home, school, or office building.
• Devices:
o Switches: Devices that connect multiple devices within a LAN and use MAC
addresses to forward data to the correct destination.
o Routers: Devices that connect a LAN to other networks, including the internet, and
use IP addresses to route data.
o Access Points: Devices that provide wireless connectivity to the LAN for Wi-Fi-
enabled devices.
o Network Interface Cards (NICs): Hardware that connects individual devices to the
LAN.
• Characteristics: High data transfer rates, low latency, limited geographic range, and typically
privately owned.

2. WAN (Wide Area Network):

• Description: A network that spans a large geographic area, often a country or continent,
connecting multiple LANs.
• Devices:
o Routers: Core devices that route data across different networks and WAN links.
o Modems: Devices that modulate and demodulate signals for transmission over
phone lines, cable systems, or fiber optics.
o WAN Switches: Specialized switches used to manage and route data in a WAN
environment.
• Characteristics: Lower data transfer rates compared to LANs, higher latency, large
geographic range, often owned by service providers.

3. MAN (Metropolitan Area Network):

• Description: A network that covers a larger geographic area than a LAN but smaller than a
WAN, typically a city or a campus.
• Devices:
o Routers: To route data between different networks within the MAN.
o Switches: For local data transfer within segments of the MAN.
o Fiber Optic Cables: To provide high-speed data transfer over long distances within
the city or campus.
• Characteristics: Moderate data transfer rates, medium latency, covers a metropolitan area,
often used by organizations with multiple locations in a city.

4. PAN (Personal Area Network):

• Description: A network for personal devices within the range of an individual, typically
within a few meters.
• Devices:
o Bluetooth Devices: Such as headsets, keyboards, mice, and smartphones.
o Infrared Devices: Like remote controls and certain types of wireless peripherals.
o USB: Devices connected via USB cables.
• Characteristics: Very short range, personal connectivity, typically for personal use, low
power consumption.

5. SAN (Storage Area Network):

7
 • Description: A specialized network that provides access to consolidated, block-level data
storage.
• Devices:
o Storage Devices: Such as disk arrays and tape libraries.
o SAN Switches: Used to connect storage devices and servers within the SAN.
o Fiber Channel: Technologies providing high-speed data transfer for storage access.
• Characteristics: High-speed, dedicated storage network, provides high availability and
redundancy, used in data centers.

6. CAN (Campus Area Network):

• Description: A network that connects multiple LANs within a limited geographic area, such
as a university campus or corporate campus.
• Devices:
o Routers: To connect different LANs within the campus.
o Switches: For local data transfer within segments of the CAN.
o Fiber Optic Cables: To provide high-speed data transfer across the campus.
• Characteristics: Medium to high data transfer rates, moderate geographic range, typically
privately owned.

IP Addressing

IPv4

What is an IP Address?

An IP address is a unique identifier assigned to each device connected to a network that uses the
Internet Protocol for communication. It's similar to a postal address, which uniquely identifies a
location so that mail can be delivered.

What is IANA?

IANA is a department of ICANN (Internet Corporation for Assigned Names and Numbers), which
oversees global IP address allocation, autonomous system number allocation, and the management
of the DNS root zone, among other responsibilities.

2. Types of IP Addresses

There are two main types of IP addresses: IPv4 and IPv6.

IPv4

• Format: Consists of four numbers separated by dots (e.g., 192.168.1.1).

• Size: 32 bits, allowing for about 4.3 billion unique addresses.
• Structure: Divided into network and host portions, determined by the subnet mask.

IPv6

• Format: Consists of eight groups of four hexadecimal digits separated by colons (e.g.,
2001:0db8:85a3:0000:0000:8a2e:0370:7334).

8
 • Size: 128 bits, allowing for a vastly larger number of unique addresses (about 3.4 x 10^38).
• Structure: Designed to replace IPv4, providing more addresses and additional features.

3. Classes of IPv4 Addresses

Bits
Class Range Usage Network/Host Internet Mask
(1st, 2nd, 3rd)

A 1-126 0 8/24 255.0.0.0

Unicast
&
B 128-191 10 16/16 255.255.0.0
Broadcast
Communication
C 192-223 110 24/8 255.255.255.0

D 224-239 Multicasting 1110

E 240-255 Research Purpose 1111

IPv4 addresses are divided into different classes based on the first few bits:

• Class A: Supports large networks (1.0.0.0 to 126.0.0.0).

• Class B: Supports medium-sized networks (128.0.0.0 to 191.255.0.0).
• Class C: Supports small networks (192.0.0.0 to 223.255.255.0).
• Class D: Reserved for multicast groups (224.0.0.0 to 239.255.255.255).
• Class E: Reserved for experimental use (240.0.0.0 to 255.255.255.255).

➢ Special Purpose Address: 127.x.x.x

The range 127.0.0.0 to 127.255.255.255 is reserved for loopback addresses. These addresses are
used for testing and diagnostics within a host. Any packets sent to an address in this range are
looped back to the host itself, never actually placed on the network.

4. Private and Public IP Addresses

• Public IP Addresses: Globally unique and can be accessed over the Internet.
• Private IP Addresses: Used within local networks and are not routable on the Internet.
Common ranges include:
o 10.0.0.0 to 10.255.255.255
o 172.16.0.0 to 172.31.255.255
o 192.168.0.0 to 192.168.255.255

9
Class A Private Address Range

• Range: 10.0.0.0 to 10.255.255.255

• Total Addresses: 224=16,777,2162 addresses

Class B Private Address Range

• Range: 172.16.0.0 to 172.31.255.255

• Total Addresses: 220=1,048,576 addresses

Class C Private Address Range

• Range: 192.168.0.0 to 192.168.255.255

• Total Addresses: 216=65,536 addresses

5. Static and Dynamic IP Addresses

• Static IP Addresses: Permanently assigned to a device.

• Dynamic IP Addresses: Temporarily assigned by a DHCP (Dynamic Host Configuration
Protocol) server.

6. Subnetting

Subnetting is the process of dividing a network into smaller sub-networks (subnets). This helps in
efficient IP address management and improves network security and performance. It involves the
use of a subnet mask, which separates the IP address into network and host portions.

Formula for calculating Network ID, Broadcast ID, Subnet Mask

Network ID = Network Portion as it is + Host portion OFF

Broadcast ID = Network Portion as it is + Host portion ON

Subnet Mask = Network Portion ON + Host Portion OFF

For example, for this IP Address: 168.10.10.10/16

Network ID = 168.10.0.0

Broadcast ID = 168.10.255.255

Subnet Mask = 255.255.0.0

▪ To calculate usable addresses, we use 𝟐𝒏 − 𝟐 where n is number of host bits

▪ OR 𝟐𝟑𝟐−𝑩𝒊𝒕𝒔 𝒂𝒔𝒔𝒊𝒈𝒏𝒆𝒅 𝒕𝒐 𝑵𝒆𝒕𝒘𝒐𝒓𝒌

FLSM (Fixed Length Subnet Mask)

Definition:

10
 • FLSM uses the same subnet mask for all subnets within a network.
• Each subnet has an equal number of IP addresses, which simplifies the design and
management of the network.

Characteristics:

• Simplicity: Easy to calculate and manage.

• Inefficiency: Can lead to wastage of IP addresses, especially if subnets have different size
requirements.

Example: Let’s consider a network 192.168.1.0/24 (Class C network) and divide it into 4 subnets
using FLSM.

• Original Network: 192.168.1.0/24 (256 IP addresses)

• Subnet Mask for FLSM: /26 (255.255.255.192)
• Number of Subnets: 4 (since 22 = 4)
• IP Addresses per Subnet: 64 (since 232-26 = 64)

The subnets will be:

1. 192.168.1.0/26 (192.168.1.0 – 192.168.1.63)

2. 192.168.1.64/26 (192.168.1.64 – 192.168.1.127)
3. 192.168.1.128/26 (192.168.1.128 – 192.168.1.191)
4. 192.168.1.192/26 (192.168.1.192 – 192.168.1.255)

VLSM (Variable Length Subnet Mask)

Definition:

• VLSM allows for the use of different subnet masks for different subnets within the same
network.
• It enables more efficient use of IP addresses by tailoring the subnet size to the actual needs
of each segment.

Characteristics:

• Flexibility: Subnets can be of varying sizes, allowing efficient use of IP address space.
• Complexity: Requires careful planning and management, particularly for routing.

Example:

Let’s consider a network 200.10.50.0/24 (Class C Network) and divide it into subnets with varying
sizes using VLSM.

Original Network: 200.10.50.0/24

Let’s say we need

1. 1 subnet with 123 hosts

2. 1 subnet with 59 hosts
3. 1 subnet with 30 hosts

11
 4. 1 subnet with 14 hosts
5. 2 subnets with 6 hosts

Subnet with 124 Hosts:

▪ 200.100.50.0/25 (Assigned to 1st)

▪ 200.100.50.128/25

Subnet with 62 Hosts:

▪ 200.100.50.128/26 (Assigned to 2nd)

▪ 200.100.50.192/26

Subnet with 30 Hosts:

▪ 200.100.50.192/27 (Assigned to 3rd)

▪ 200.100.50.224/27

Subnet with 14 Hosts:

▪ 200.100.50.224/28 (Assigned to 4th)

▪ 200.100.50.240.28

Subnet with 6 Hosts:

▪ 200.100.50.240/29 (Assigned to 5th)

▪ 200.100.50.248/29 (Assigned to 5th)

Router Configuration

What are methods of configuring router?

There are three methods to configure a router

1. Console
2. AUX
3. Telnet/SSH

But AUX is now obsolete.

Most common application used for router configuration are Hyper Terminal, Putty, Secure CRT

Modes of Router

1. User exec mode/limited mode

2. Enable mode/privilege mode
3. Global configuration mode

12
For going from 1st to 2nd mode we use this command
Router>enable

For 2nd to 3rd

Router# configure terminal

Setting up password

1. Console (line console 0) 1 user at a time

2. Aux (line Aux 0) 1 user at a time
3. Telnet/SSH (line vty 4) 4 users at a time
o Vty: virtual terminal line

#show running-config (to check each and everything running on the

router)

Enable mode passwords

1. Enable password (this password is not encrypted)

2. Enable secret (this password is encrypted and safer)

Assigning IP address

1. IP address + subnet mask

2. Description
3. No Shutdown

Static IP address

Router(config) #show interface

First check total interfaces i.e WAN and LAN

For example

For LAN

o Fa 0/0
o Fa 0/1

For WAN

o Ser 0/0/0
o Ser 0/0/11

Router(config)##interface fa 0/0

Router(config-if) #IP address 200.100.50.100 255.255.255.0

Router(config-if) #description <optional>

13
Router(config-if) #no shutdown

to check password to specific interface

Router(config) #show interface fa 0/0

Or

Router(config) #show ip interface brief

Router’s internal memories

1. ROM (read only memory)

2. RAM (random access memory)
3. NVRAM (non-volatile random-access memory)

ROM: POST, mini ios

RAM: Running config

NVRAM: startup up config

To save data to NVRAM we use this command

Router# copy running config startup config or

Router# write memory or

Router# wr

To check saved data

Router# show startup config

Router# write erase <to delete saved data in NVRAM>

DHCP configuration

Router(config)# interface fa 0/0

Router(config-if)# ip address <any ip address>

Router(config-if)# description <any description>

Router(config-if)# no shutdown

Router(config-if)# ip dhcp pool <any name>

Router(config-if)# network <network address>

Router(config-if)# ip dhcp excluded-address <range of address to

axclude>

14
Router(config-if)# default-router <router’s ip address for default
gateway> Router(config-if)# exit

CDP (CISCO discovery protocol)

Cisco Discovery Protocol (CDP) is a proprietary network protocol developed by Cisco Systems. It is
used to share information about directly connected Cisco devices, enabling network administrators
to discover and map out Cisco networks more efficiently. Here’s a detailed overview of CDP:

Key Features of CDP

1. Device Discovery: CDP helps in identifying Cisco devices that are directly connected to a
Cisco switch or router. It operates at Layer 2 (Data Link layer) of the OSI model.
2. Information Sharing: The protocol exchanges information such as device names, IP
addresses, software versions, platform details, and capabilities between connected devices.
3. Neighbour Information: CDP gathers and stores information about neighbouring devices,
which can be viewed using commands on Cisco devices.
4. Advertisement Frequency: Devices send out CDP packets (advertisements) at regular
intervals (typically every 60 seconds), and these packets contain details about the device.
5. Multivendor Environment: While CDP is proprietary to Cisco, it can also help in
environments where Cisco devices connect with devices from other vendors that support
the protocol.

How CDP Works

1. Packet Generation: Each Cisco device generates CDP packets that include information about
itself, such as its hostname, IP address, port identifier, and capabilities.
2. Packet Transmission: These packets are sent out on all active interfaces of the device, where
they can be received by directly connected Cisco devices.
3. Packet Reception: The neighbouring devices receive these CDP packets and store the
information in their CDP table.
4. Table Maintenance: The CDP table is maintained by updating entries with new information
received from neighbours and removing entries that have not been updated within a certain
time frame (typically 180 seconds).

Use Cases and Benefits

1. Network Mapping: CDP helps network administrators map out the network topology by
discovering all connected Cisco devices and their interconnections.
2. Troubleshooting: Administrators can quickly identify device connectivity issues and
misconfigurations by viewing CDP information, which shows the relationships between
devices.
3. Inventory Management: CDP provides detailed information about network devices, aiding in
inventory management and tracking of hardware and software versions.
4. Security: By understanding the network layout and the devices connected, administrators
can better manage security policies and configurations.

Commands:

15
show cdp neighbors: Displays information about directly connected
Cisco devices.

show cdp neighbors detail: Provides detailed information about each

neighboring device.

show cdp entry [device name]: Shows information about a specific

device.

cdp run: Enables CDP on the device.

no cdp run: Disables CDP on the device.

cdp enable: Enables CDP on a specific interface.

no cdp enable: Disables CDP on a specific interface.

SSH (Secure shell)

Key Features of SSH

1. Secure Communication: SSH encrypts all data exchanged between the client and the server,
protecting it from eavesdropping, interception, and tampering.
2. Authentication: SSH supports multiple authentication methods, including password-based,
public key, and two-factor authentication, ensuring that only authorized users can access the
system.
3. Command Execution: SSH allows users to execute commands on a remote machine,
providing a secure method for managing and configuring systems.
4. File Transfer: SSH includes features for secure file transfer, such as SCP (Secure Copy) and
SFTP (Secure File Transfer Protocol), allowing safe file uploads and downloads.
5. Port Forwarding: SSH can tunnel network traffic, enabling secure forwarding of arbitrary
network connections, often used to secure otherwise insecure protocols.

Steps:

1. Define username and password

2. Configure enable password
3. Define domain name
4. Change hostname
5. Define crypto key
6. Apply SSH on line vty
7. Login local

Commands:

Router(config)#username <name> password <password>

Router(config)#enable secret <password>

Router(config)#ip domain name <domain.com>

16
Router(config)#crypto key generate rsa

Router(config)#line vty 0 4

Router(config-line)#transport input ssh

Router(config-line)#login local

From client:

#ssh -l <name> <ip address>

NTP (Network time protocol)

Network Time Protocol (NTP) is a networking protocol designed to synchronize the clocks of
computers over a network. It ensures that all participating devices maintain accurate time, which is
crucial for various applications like logging events, security protocols, and coordinating distributed
systems.

One router will be made NPT master and other connected router will be its clients.

On the router to make it NTP master

#ntp master

And on the all clients

#ntp server <ip address>

We have to run this command in all clients once.

#show ntp status ; to check ntp server

ARP (Address Resolution Protocol)

The Address Resolution Protocol (ARP) is a network protocol used to map a network address, such as
an IP address, to a physical address, like a MAC (Media Access Control) address. This mapping is
essential for enabling communication within a local area network (LAN).

Here's how ARP works in a typical scenario:

1. ARP Request: When a device wants to communicate with another device on the same local
network, it broadcasts an ARP request. This request contains the IP address of the target
device but not its MAC address.
2. ARP Reply: The device with the matching IP address responds with an ARP reply, providing
its MAC address. This reply is sent directly back to the requesting device.
3. Caching: The requesting device caches this information in its ARP table, so it doesn't need to
send an ARP request each time it needs to communicate with the same device.

CSMA/CD (Carrier Sense Multiple Access with Collision Detection)

17
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a network protocol used in
Ethernet networks to manage access to the shared communication medium and handle collisions
that occur when multiple devices attempt to send data simultaneously. Here's a breakdown of how
CSMA/CD works:

1. Carrier Sense: Before a device attempts to send data, it listens to the network (carrier sense)
to check if the communication medium (e.g., a coaxial cable or twisted pair) is free. If the
medium is in use, the device waits.
2. Multiple Access: All devices have equal access to the communication medium. Any device
can attempt to send data whenever it detects that the medium is free.
3. Collision Detection: If two devices sense that the medium is free and start transmitting
simultaneously, their signals will interfere with each other, causing a collision. Both devices
detect this collision by monitoring the transmitted data and the medium.
4. Backoff Algorithm: After a collision is detected, each device stops transmitting and waits for
a random period before attempting to retransmit. This backoff time is determined using a
specific algorithm (usually an exponential backoff algorithm) to reduce the likelihood of
repeated collisions.
5. Retry: After the backoff period, the devices will attempt to retransmit their data. The
process of carrier sensing, multiple access, collision detection, and backoff continues until
the data is successfully transmitted without collisions.

CSMA/CD was widely used in early Ethernet networks, particularly those based on coaxial cables
(10BASE5 and 10BASE2) and early twisted-pair Ethernet (10BASE-T). However, with the advent of
modern Ethernet standards that use switches to manage network traffic, collisions have become
rare, and CSMA/CD is less relevant in today's switched Ethernet environments.

Switch Configuration
STP (Spanning tree protocol)

The Spanning Tree Protocol (STP) is a network protocol used to prevent loops in Ethernet networks.
Loops can occur in a network with redundant links, leading to broadcast storms and multiple frame
copies. STP ensures that there is only one active path between two network devices, thus avoiding
loops and ensuring a loop-free topology.

Here's a detailed explanation of how STP works:

Key Concepts

1. Bridge: In the context of STP, a bridge is any device that forwards traffic between network
segments. This includes switches.
2. Bridge Protocol Data Units (BPDUs): These are special frames used by STP to share
information about the network topology.
3. Root Bridge: The central reference point in the STP topology. All paths in the network are
calculated with respect to the root bridge.
4. Bridge ID (BID): A unique identifier for each bridge, composed of a bridge priority and the
bridge's MAC address.
5. Port Roles: Each port on a switch can have one of several roles:
o Root Port: The port that leads to the root bridge.
o Designated Port: The port on each network segment that has the best path to the
root bridge.

18
 o Blocked Port: A port that is not used for forwarding traffic to prevent loops.
6. Port States: Ports can be in different states:
o Blocking: Does not forward frames and does not learn MAC addresses.
o Listening: Prepares to forward frames without learning MAC addresses.
o Learning: Learns MAC addresses but does not forward frames.
o Forwarding: Forwards frames and learns MAC addresses.
o Disabled: Does not participate in frame forwarding or learning.

STP Operation

1. Root Bridge Election:

o All switches send BPDUs with their own BID.
o The switch with the lowest BID becomes the root bridge.
o If a switch receives a BPDU with a lower BID than its own, it updates its root bridge
information and forwards the new BPDU.
2. Path Cost Calculation:
o Each switch calculates the cost of paths to the root bridge.
o Path cost is based on the speed of the links (e.g., 10 Mbps, 100 Mbps).
3. Port Role Assignment:
o Each switch determines the role of its ports based on the path costs.
o The port with the lowest cost to the root bridge becomes the root port.
o The port on each segment with the lowest path cost to the root bridge becomes the
designated port.
o Other ports are put into a blocking state.
4. BPDU Exchange:
o Switches continuously send BPDUs to ensure the network topology is stable.
o If a switch detects a topology change (e.g., a link failure), it sends a special BPDU to
inform other switches.
5. Topology Changes:
o When a topology change is detected, STP recalculates the path costs and reassigns
port roles as necessary.
o Ports may transition through different states (blocking, listening, learning,
forwarding) as the new topology is established.

Enhancements to STP

1. Rapid Spanning Tree Protocol (RSTP):

o An evolution of STP that provides faster convergence.
o Ports can transition directly from blocking to forwarding, reducing the time it takes
for the network to stabilize after a topology change.
2. Multiple Spanning Tree Protocol (MSTP):
o Allows multiple spanning trees to coexist, each corresponding to a different VLAN or
group of VLANs.
o Improves load balancing and redundancy in complex network topologies.

Conclusion

STP is a fundamental protocol for ensuring a loop-free Ethernet network. By electing a root bridge,
calculating path costs, and assigning port roles, STP prevents loops and ensures efficient network
traffic flow. Enhancements like RSTP and MSTP provide faster convergence and better scalability,
making them suitable for modern networks.

19
What is ehterchannel?

EtherChannel is a technology used in computer networking to combine multiple physical Ethernet

links into a single logical link. This aggregation increases bandwidth, provides redundancy, and
improves network performance and reliability. By bundling multiple Ethernet cables, EtherChannel
can effectively balance the traffic load across all available links and provide a failover mechanism if
one of the links fails.

Protocols Used to Create EtherChannel

There are two main protocols used to create and manage EtherChannel:

1. Port Aggregation Protocol (PAgP):

o Developed by: Cisco Systems.
o Function: PAgP is a Cisco-proprietary protocol that automatically negotiates the
formation of an EtherChannel between Cisco devices. It ensures that both ends of
the link are compatible and can work together to create a channel. PAgP can
operate in three modes:
▪ On: EtherChannel is formed unconditionally, without negotiation.
▪ Desirable: The port actively tries to negotiate the formation of an
EtherChannel.
▪ Auto: The port passively waits for the other end to initiate the negotiation.
2. Link Aggregation Control Protocol (LACP):
o Developed by: IEEE (Institute of Electrical and Electronics Engineers) as part of the
802.3ad standard.
o Function: LACP is an open standard protocol that performs a similar function to
PAgP but is not limited to Cisco devices. LACP allows the dynamic creation and
management of EtherChannel. It also ensures that both ends of the link agree on the
bundle configuration. LACP has two modes:
▪ Active: The port actively initiates negotiation to form an EtherChannel.
▪ Passive: The port waits for the other side to initiate the negotiation.

Key Benefits of EtherChannel

• Increased Bandwidth: Combines the bandwidth of multiple physical links.

• Redundancy and Fault Tolerance: If one link in the channel fails, the remaining links
continue to carry traffic, ensuring minimal disruption.
• Load Balancing: Traffic is distributed across the links in the EtherChannel, optimizing
network performance.
• Simplified Management: Multiple links are managed as a single logical link, reducing
administrative complexity.

When creating an EtherChannel, several key factors must be considered to ensure proper
configuration, optimal performance, and network stability. Here are the essential things to keep in
mind:

1. Interface Consistency

• Speed and Duplex: All interfaces in the EtherChannel must have the same speed (e.g., 1
Gbps, 10 Gbps) and duplex settings (full or half).

20
 • Access or Trunk Mode: Ensure that all ports are configured in the same mode, either as
access ports (with the same VLAN) or as trunk ports (with the same trunking settings).
• Allowed VLANs (Trunk Mode): When using trunk mode, ensure that all interfaces in the
EtherChannel allow the same VLANs.

2. Protocol Selection

• PAgP or LACP: Choose the appropriate protocol based on your network environment. Use
PAgP if all devices involved are Cisco devices, and LACP for multi-vendor environments.
• Protocol Mode Matching: Ensure that the modes on both ends match correctly (e.g., both
sides in "active" or "auto/desirable" mode). Mismatched modes can prevent the
EtherChannel from forming.

3. Number of Interfaces

• Consistent Number: Ensure that the same number of interfaces are configured on both ends
of the EtherChannel.
• Limitations: Be aware of the maximum number of interfaces supported by the switch for an
EtherChannel (usually up to 8 physical interfaces)

Commands:

In global mode

Select the Interfaces to Include in the EtherChannel:

#interface range fa t0/1 – 2

Configure the Interfaces for Trunking or Access (if needed):

• For Trunk Mode:

#switchport mode trunk

#switchport trunk allowed vlan all # or specify particular

VLANs

• For Access Mode:

#switchport mode access

#switchport access vlan 10 # example VLAN

Set the EtherChannel Mode (PAgP or LACP):

• For LACP (Open Standard):

#channel-group 1 mode active # or "passive"

• For PAgP (Cisco Proprietary):

21
 #channel-group 1 mode desirable # or "auto"

Summary:

configure terminal

interface range fa 0/1 - 2

switchport mode trunk

switchport trunk allowed vlan all

channel-group 1 mode active # Using LACP

What are VLANs?

VLANs (Virtual Local Area Networks) are a method used to create logically separate networks within
a single physical network. Essentially, VLANs segment network traffic to ensure that devices within
the same VLAN can communicate directly with each other, but devices in different VLANs cannot
communicate unless explicitly allowed through routing or other means.

Benefits of VLANs

• Improved Security: By segregating traffic, VLANs reduce the risk of unauthorized access.
Sensitive data can be isolated in a separate VLAN.
• Enhanced Performance: VLANs help reduce broadcast traffic within each segment, leading
to improved network efficiency and reduced congestion.
• Simplified Network Management: VLANs allow easier management of large and complex
networks by grouping devices with similar functions or needs together.
• Flexibility and Scalability: VLANs enable flexible network configurations, making it easier to
reassign devices to different segments without changing physical connections.
• Reduced Cost: VLANs allow for more efficient use of network resources, potentially reducing
the need for additional hardware.

Commands:

Switch(config)# vlan 10

Switch(config-vlan)# name SALES

Switch(config)# interface [INTERFACE-ID]

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan [VLAN-ID]

22
To check if the VLAN has been created and ports assigned correctly:

Switch# show vlan brief

1. Port Security

Port Security is a layer 2 security feature on Cisco switches that restricts the input to an interface by
limiting and identifying the MAC addresses of the workstations that are allowed to access the port.
When the limit is reached or an unauthorized device tries to access the network through that port,
different security violations (like shutdown, protect, or restrict) can be configured to occur.

Key Features:

• Limits the number of MAC addresses on a port.

• Can be configured to either allow or deny certain MAC addresses.
• Actions on violation include shutting down the port, restricting traffic, or dropping packets.

Commands for Port Security on a Cisco Switch:

Switch(config)# interface [interface-id]

Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum [number] #
Limits number of MAC addresses
Switch(config-if)# switchport port-security mac-address [MAC-
address] # Manually assign a MAC address
Switch(config-if)# switchport port-security violation [shutdown |
restrict | protect] # Define action on violation

2. DHCP Snooping

DHCP Snooping is a security feature that acts as a firewall between untrusted hosts and trusted
DHCP servers. It ensures that only DHCP responses from trusted servers are allowed, preventing
rogue DHCP servers from providing incorrect IP addresses to clients.

Key Features:

• Filters DHCP messages, allowing only those from trusted sources.

• Maintains a DHCP snooping binding table that maps MAC addresses to IP addresses, VLAN,
and interface information.

Commands for DHCP Snooping on a Cisco Switch:

Switch(config)# ip dhcp snooping

23
Switch(config)# ip dhcp snooping vlan [vlan-id] # Enable DHCP
snooping on specific VLANs
Switch(config)# interface [interface-id]
Switch(config-if)# ip dhcp snooping trust # Marks the interface as
trusted (usually the uplink to the DHCP server)
Switch(config-if)# ip dhcp snooping limit rate [rate] # Rate limit
DHCP packets on untrusted interfaces

3. ARP Inspection

ARP Inspection (also known as Dynamic ARP Inspection or DAI) is a security feature that prevents
ARP spoofing and ARP poisoning attacks. It verifies the ARP packets in a network by intercepting all
ARP requests and responses and comparing them against a trusted database (like the DHCP
Snooping binding table) to ensure their authenticity.

Key Features:

• Protects against ARP poisoning and spoofing attacks.

• Works by inspecting each ARP packet in the network.

Commands for ARP Inspection on a Cisco Switch:

Switch(config)# ip arp inspection vlan [vlan-id] # Enable ARP

inspection on specific VLANs
Switch(config)# interface [interface-id]
Switch(config-if)# ip arp inspection trust # Marks the interface as
trusted (usually uplink interfaces)

Port Security is more about controlling the devices that connect to a specific port.

DHCP Snooping focuses on preventing unauthorized DHCP servers from handing out addresses.

ARP Inspection ensures the validity of ARP packets, protecting against ARP spoofing attacks.

These features combined provide robust security at Layer 2 of the OSI model, preventing common
attacks and unauthorized access to the network.

IP Routing

IP routing is the process of determining the path that data packets take from their source to their
destination across interconnected networks. The key role of routing is to ensure that these packets
find their way to the correct network segment and ultimately reach the intended destination device.

1. IP Routing Basics

24
IP routing involves forwarding data packets from one network to another. Each router in a network
is responsible for deciding the best path for the packet to reach its destination. This decision is based
on the routing table, a database of routes known by the router.

2. Static Routing

• Definition: Static routing is a type of IP routing where the network administrator manually
configures the routing table on each router. Static routes do not change unless manually
updated.
• Use Cases: Static routing is used in small networks, or in cases where the network topology
is simple and changes infrequently.
• Advantages:
o Predictable: Routes are fixed, so there's no variation.
o Less overhead: No need for additional protocols or CPU cycles to calculate routes.
• Disadvantages:
o Not scalable: In large or dynamic networks, managing static routes becomes
cumbersome.
o No automatic failover: If a route becomes unavailable, the router will not
automatically find an alternative route.

3. Dynamic Routing

• Definition: Dynamic routing automatically adjusts the routing table based on the current
network conditions. Routers use dynamic routing protocols to communicate and share
information about network topology changes.
• Use Cases: Dynamic routing is commonly used in larger, more complex, or frequently
changing networks.
• Advantages:
o Scalable: Easily handles large and complex networks.
o Automatic failover: Dynamic routing protocols automatically find alternative paths if
a link goes down.
• Disadvantages:
o More overhead: Requires processing power and memory to calculate and maintain
routing tables.
o Less predictable: Routes can change, potentially causing variable latency or routes.

4. Routing Protocols

Routing protocols are algorithms used in dynamic routing to determine the best path for data. These
protocols can be divided into two main categories: Interior Gateway Protocols (IGPs) and Exterior
Gateway Protocols (EGPs).

Interior Gateway Protocols (IGPs)

These are used within a single autonomous system (AS).

• RIP (Routing Information Protocol):

o Type: Distance-vector protocol.
o Characteristics: Uses hop count as the metric; limited to 15 hops.
o Suitable for: Small networks due to simplicity and hop count limitation.
• OSPF (Open Shortest Path First):

25
 oType: Link-state protocol.
oCharacteristics: Uses cost as the metric based on bandwidth; supports large and
complex networks.
o Suitable for: Medium to large networks, especially those requiring fast convergence.
• EIGRP (Enhanced Interior Gateway Routing Protocol):
o Type: Advanced distance-vector protocol.
o Characteristics: Combines the best features of distance-vector and link-state
protocols; uses metrics like bandwidth, delay, load, and reliability.
o Suitable for: Cisco environments, medium to large networks.

Exterior Gateway Protocols (EGPs)

These are used to route data between different autonomous systems.

• BGP (Border Gateway Protocol):

o Type: Path-vector protocol.
o Characteristics: Used for routing between ISPs and large networks on the Internet;
highly scalable and flexible.
o Suitable for: Large, complex networks like the Internet or large enterprise networks.

Commands:

Static Routing:

ip route [destination network] [subnet mask] [next-hop IP address or

outgoing interface]

Dynamic Routing:
Router(config)# router ospf [process-id]
Router(config-router)# network [network-address] [wildcard-mask]
area [area-id]

• network-address: The network you want to include in OSPF.

• wildcard-mask: Inverse of the subnet mask (e.g., for 255.255.255.0, the wildcard mask is
0.0.0.255).
• area-id: OSPF area number.

Default Administrative Distances:

• 0: Connected
• 1: Static route
• 20: External BGP (eBGP)
• 90: EIGRP (Internal)
• 100: IGRP
• 110: OSPF
• 115: IS-IS
• 120: RIP
• 170: External EIGRP
• 200: Internal BGP (iBGP)
• 255: Unknown/Untrusted

26
floating static route:

A floating static route in networking is a backup route that comes into play if the primary route fails.
It’s called "floating" because it has a higher administrative distance (AD) than the primary route,
meaning it only becomes active when the primary route is unavailable.

How Floating Static Routes Work:

1. Primary Route: Typically, has a lower administrative distance and is used by default.
2. Floating Static Route: Has a higher administrative distance, so it "floats" and is only used if
the primary route goes down.

Cisco Commands to Configure a Floating Static Route

1. Configure the Primary Route: Suppose you want to set a primary route to the network
192.168.1.0/24 via the next-hop IP address 10.1.1.1:

Router(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.1

This sets up the primary route with the default administrative distance of 1.

2. Configure the Floating Static Route: Now, to configure a floating static route as a backup,
you’ll give it a higher administrative distance, say 200:

Router(config)# ip route 192.168.1.0 255.255.255.0 10.2.2.2

200

Here, 10.2.2.2 is the next-hop IP for the floating route, and 200 is the administrative
distance.

OSPF (Open Shortest Path First) uses a mechanism for ensuring efficient and reliable routing in large
networks. Part of this involves electing a Designated Router (DR) and a Backup Designated Router
(BDR) within a network segment. Here’s a breakdown of how these elections work:

Designated Router (DR) and Backup Designated Router (BDR)

1. Purpose:
o DR: The DR is responsible for generating and distributing link-state advertisements
(LSAs) to all other routers in the network segment, which helps in minimizing the
amount of routing information exchanged.
o BDR: The BDR acts as a standby to the DR. If the DR fails, the BDR takes over the role
of DR without requiring a new election.
2. Election Process:
o When OSPF routers on a broadcast or non-broadcast multi-access (NBMA) network
segment (like Ethernet) start up, they participate in the DR/BDR election process.
o The election involves the routers exchanging Hello packets, which contain
information about their priority and router ID. The router ID is a unique identifier for
each OSPF router.
o Each router sends a Hello packet to the multicast address 224.0.0.5, which is
received by all other routers on the segment.
3. Election Criteria:

27
 o Each router has a priority value (default is 1). The router with the highest priority is
preferred for DR.
o If priority is same then the router with highest ip address wins.
4. Process Steps:
o Hello Exchange: Routers exchange Hello packets to discover each other.
o Election Announcement: Routers announce their intentions to become DR or BDR.
o Election Decision: Routers agree on which one will be the DR and which will be the
BDR. The remaining routers are termed as "DRothers."
5. Roles and Responsibilities:
o The DR is responsible for generating LSAs and flooding them to other routers.
o The BDR remains passive but is ready to take over as DR if the current DR fails.
o Other routers (DRothers) receive routing information from the DR and do not
participate in the LSA flooding process.
6. Failure Handling:
o If the DR fails, the BDR immediately assumes the role of DR.
o A new BDR election is then held to replace the former BDR

Commands:

#Ip ospf priority <0-255> to change priority of specific router

To clear DR and BDR

#clear ip ospf process <run this command on all router at the same
time>

In case of router if DR and BDR elections are held then we have to clear it first to change DR

To run OSPF Elections of each router run these commands on each router at the same time
#configure terminal
#router ospf 1
#network 0.0.0.0 0.0.0.0 area 0
#end

The default OSPF (Open Shortest Path First) priority value of a router is 1.

OSPF Priority and Its Role

• The OSPF priority value is used to influence the election of the Designated Router (DR) and
Backup Designated Router (BDR) on multi-access networks (like Ethernet).
• The router with the highest priority on a network segment becomes the DR, and the router
with the second-highest priority becomes the BDR.
• If two routers have the same priority, the router with the highest Router ID is chosen.

NAT (Network Address Translation)

NAT stands for Network Address Translation. It's a technique used in networking to map private IP
addresses within a local network to a single public IP address or a pool of public IP addresses. NAT

28
helps conserve the number of public IP addresses an organization needs and adds a layer of security
by keeping internal IP addresses hidden from the outside world.

Here’s a breakdown of the types of NAT:

1. Static NAT:
o Maps a single private IP address to a single public IP address.
o The mapping is constant, meaning the same private IP always maps to the same
public IP.
o Useful when you need a consistent public IP address for a device, such as a web
server or an email server.
2. Dynamic NAT:
o Maps private IP addresses to a pool of public IP addresses.
o The mapping is not fixed; the public IP address assigned to a private IP can change
over time, based on availability.
o Useful when you have a pool of public IP addresses and want to allocate them to
devices as needed, but don't need a fixed public IP for each device.

PAT (Port Address Translation)

PAT, or Port Address Translation, is a type of NAT that allows multiple devices on a local network to
share a single public IP address. It works by using port numbers to differentiate between the various
internal devices.

Here’s how PAT works:

1. Translation: When an internal device (with a private IP address) sends a request to an

external network (such as the internet), PAT translates the private IP address to a public IP
address. It also assigns a unique port number to each request to keep track of multiple
connections.
2. Tracking: When the external server responds, PAT uses the port number to determine which
internal device should receive the response. The router or firewall keeps a translation table
that maps each private IP address and port number to the corresponding public IP address
and port number.
3. Reuse of Public IP: Since multiple internal devices share the same public IP address, PAT
allows for efficient use of limited public IP addresses. Each internal device is distinguished by
its port number in the translation table.

Virtual Private Network (VPN)

A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection
over a less secure network, such as the internet. This secure connection, often referred to as a
"tunnel," ensures that the data transmitted between the user's device and the VPN server is
protected from eavesdropping, tampering, and unauthorized access.

How VPN Works:

1. Encryption: Data is encrypted before being sent over the internet, ensuring that even if it is
intercepted, it cannot be read.
2. Tunneling: VPNs use tunneling protocols to create a secure "tunnel" through which the
encrypted data travels. This tunnel prevents outsiders from accessing the data.

29
 3. Authentication: VPNs often require authentication to establish a connection, ensuring that
only authorized users can access the network.

Types of VPN:

1. Remote Access VPN:

o Description: Allows individual users to connect to a private network from a remote
location. Commonly used by employees to securely access their company's internal
network from home or while traveling.
o Use Case: Secure access to work files and applications from remote locations.
o Example Protocols: PPTP, L2TP/IPsec, OpenVPN.
2. Site-to-Site VPN:
o Description: Connects entire networks to each other, typically used by businesses
with multiple office locations. This allows employees in different locations to share
resources as if they were on the same local network.
o Use Case: Connecting branch offices to a central office network.
o Example Protocols: IPsec, GRE over IPsec.
3. Client-to-Site VPN:
o Description: Similar to remote access VPNs, but specifically tailored for individual
users within a corporate environment. The "client" software on the user's device
connects to the corporate network, providing secure access to internal resources.
o Use Case: Employees connecting to their company's network from outside the
office.
4. Clientless VPN:
o Description: A type of remote access VPN that doesn't require the installation of
client software. Users can connect to the VPN via a web browser, often using
SSL/TLS for secure communication.
o Use Case: Quick access to corporate resources without needing to install software
on the device.
o Example Protocol: SSL VPN.
5. MPLS VPN (Multiprotocol Label Switching VPN):
o Description: A type of VPN used by service providers to create private IP networks
for customers over their existing infrastructure. MPLS VPNs are highly scalable and
can be used for both site-to-site and remote access purposes.
o Use Case: Enterprise-level networks requiring high scalability and performance.
o Example Protocol: MPLS.
6. Mobile VPN:
o Description: Designed for mobile users who need to maintain a secure connection
while moving between different networks (e.g., from cellular to Wi-Fi). It allows
users to stay connected to the VPN even if the network changes.
o Use Case: Mobile workforce needing secure access to corporate resources on the
go.
7. Hybrid VPN:
o Description: Combines different types of VPNs, such as site-to-site and remote
access VPNs, to create a flexible and comprehensive solution. This is often used by
large enterprises with complex networking needs.
o Use Case: Large enterprises with diverse networking requirements.

Common VPN Protocols:

30
 • PPTP (Point-to-Point Tunneling Protocol): One of the oldest VPN protocols, known for ease
of use but has weaker security.
• L2TP/IPsec (Layer 2 Tunneling Protocol): Offers stronger security by combining L2TP with
IPsec encryption.
• OpenVPN: Highly secure and versatile, commonly used for both site-to-site and remote
access VPNs.
• IPsec (Internet Protocol Security): Provides strong encryption and is often used in
conjunction with other protocols.
• SSL/TLS (Secure Sockets Layer/Transport Layer Security): Commonly used for secure
connections in clientless VPNs, particularly in web-based environments.

Access Control List (ACL)

An Access Control List (ACL) is a set of rules that define whether to permit or deny traffic through a
network device based on various criteria such as source/destination IP addresses, protocols, ports,
etc. ACLs are essential for:

• Enhancing network security by restricting unauthorized access.

• Controlling traffic flow and improving network performance.
• Defining quality of service (QoS) policies.
• Filtering network traffic for specific applications.

Standard ACLs

Characteristics of Standard ACLs

• Filter Criteria: Standard ACLs filter traffic based only on the source IP address.
• Number Range: They use numbers 1-99 and 1300-1999.
• Placement: Typically applied close to the destination to avoid inadvertently blocking traffic
from other sources.
• Usage: Suitable for simple filtering requirements where only the source IP needs to be
evaluated.
• Configuration Steps for Standard ACLs

Syntax
access-list [access-list-number] [permit|deny] [source] [wildcard-
mask]

• access-list-number: Number between 1-99 or 1300-1999.

• permit|deny: Action to take when a match is found.
• source: Source IP address to filter.
• wildcard-mask: Inverse mask to specify a range of IP addresses.

Apply the ACL to an Interface:

interface [interface-type] [interface-number]
ip access-group [access-list-number] [in|out]

• interface-type and interface-number: Specify the interface.

• in|out: Direction of traffic to filter (incoming or outgoing).

Example Configuration of Standard ACL

31
Router> enable
Router# configure terminal
Router(config)# access-list 10 deny 192.168.10.0 0.0.0.255
Router(config)# access-list 10 permit any
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip access-group 10 in

Extended ACLs

Characteristics of Extended ACLs

• Filter Criteria: Extended ACLs filter traffic based on source and destination IP addresses,
protocol types, port numbers, and other parameters.
• Number Range: They use numbers 100-199 and 2000-2699.
• Placement: Typically applied close to the source to prevent unwanted traffic from traversing
the network.
• Usage: Suitable for complex filtering requirements needing granular control over traffic.
• Configuration Steps for Extended ACLs

Syntax:
access-list [access-list-number] [permit|deny] [protocol] [source]
[source-wildcard] [operator] [source-port] [destination]
[destination-wildcard] [operator] [destination-port]

• access-list-number: Number between 100-199 or 2000-2699.

• protocol: Protocol to filter (e.g., ip, tcp, udp, icmp).
• source and destination: IP addresses.
• source-wildcard and destination-wildcard: Wildcard masks.
• operator and port: Optional; specify port matching criteria.

Apply the ACL to an Interface:

interface [interface-type] [interface-number]
ip access-group [access-list-number] [in|out]

Example Configuration of Extended ACL

Scenario:

• Permit Telnet (port 23) traffic from network 200.100.50.1/24 to 200.100.100.100/24.

• Deny Ping from 200.100.50.1/24 to 200.100.100.100/24
• Permit all other traffic.
Router> enable
Router# configure terminal
Router(config)# access-list 101 permit tcp host 200.100.50.1 host
200.100.100.100 eq 23

32
Router(config)# access-list 101 deny icmp host 200.100.50.1 host
200.100.100.100 echo
Router(config)# access-list 101 permit ip any any

FHRP (First Hop Redundancy Protocol) is a family of protocols that ensures network availability by
providing backup for the default gateway of hosts in a local network. If the primary gateway
becomes unavailable, an FHRP protocol can seamlessly switch to a backup gateway, minimizing
network disruption.

Key FHRP Protocols:

1. HSRP (Hot Standby Router Protocol):

o Developed by: Cisco
o Purpose: Provides redundancy for IP networks by ensuring that user traffic immediately
and transparently recovers from first hop failures in network access.
o Operation:
▪ Routers in HSRP groups: Multiple routers (usually two) participate in an HSRP
group, where one router is elected as the active router, and another as the
standby router.
▪ Active Router: The router with the highest priority (or IP address if priorities are
equal) becomes the active router, handling all traffic directed to the virtual IP
address.
▪ Standby Router: Monitors the active router. If the active router fails, the
standby router takes over, becoming the active router.
2. VRRP (Virtual Router Redundancy Protocol):
o Developed by: IETF (Internet Engineering Task Force)
o Purpose: Like HSRP, VRRP provides automatic assignment of available IP routers to
participating hosts.
o Operation:
▪ Virtual Router: VRRP allows several routers on a multi-access link to utilize the
same virtual IP address.
▪ Master Router: The router with the highest priority assumes the role of the
master router and forwards packets sent to the virtual IP address.
▪ Backup Routers: Other routers in the group act as backups. If the master router
fails, one of the backups takes over as the master router.
o Advantages: VRRP is open standard and is widely supported across different vendor
devices.
3. GLBP (Gateway Load Balancing Protocol):
o Developed by: Cisco
o Purpose: Provides load balancing as well as redundancy by allowing multiple routers to
share the load of being the default gateway.
o Operation:
▪ Active Virtual Gateway (AVG): One router is elected as the AVG, which is
responsible for assigning a virtual MAC address to each of the other routers in
the group (called Active Virtual Forwarders, or AVFs).
▪ Load Balancing: The AVG assigns traffic from different hosts to different AVFs
based on a load-balancing algorithm (round-robin, weighted, or host-
dependent).
▪ Redundancy: If an AVF fails, the AVG redirects traffic to another AVF.
o Benefit: GLBP provides both redundancy and load balancing without needing manual
intervention or complex configurations.

33
Abbreviations:

• OSI: Open Systems Interconnection

• MAC: Media Access Control
• IP: Internet Protocol
• TCP: Transmission Control Protocol
• UDP: User Datagram Protocol
• NIC: Network Interface Card
• API: Application Programming Interface
• ASCII: American Standard Code for Information Interchange
• EBCDIC: Extended Binary Coded Decimal Interchange Code
• HTTP: Hypertext Transfer Protocol
• FTP: File Transfer Protocol
• SMTP: Simple Mail Transfer Protocol
• RIP: Routing Information Protocol
• OSPF: Open Shortest Path First
• BGP: Border Gateway Protocol
• ARP: Address Resolution Protocol
• DHCP: Dynamic Host Configuration Protocol

34