Beruflich Dokumente
Kultur Dokumente
EX.NO: 1.1
Prepared by Annaunivhub.blogpsot.com
CASE STUDY 1
Aim:
To analyze the performance of various configurations and protocols in LAN.
Objective
Establishing a Local Area Network (LAN):
The main objective is to set up a Local Area Network, concepts involved in this network are IP
addressing and the Address Resolution Protocol (ARP). The required equipments are
192.168.1.1, 192.168.1.2, 192.168.1.3, Host A Host B Host C, Switch/HUB, three PC`s equipped
with at least oneNIC, one HUB or Switch and the necessary cables. Once the physical LAN is set
up the hosts need to be configured using the ifconfig command. To verify communication among
the machines the ping command is used. Next, to manipulate the routing tables at the hosts to
understand how machines know where to send packets. Since the ifconfig command places a
default route into the routing tables this route must be deleted. toblindfold the machine. The
ping command is used again to show that communication is no longer available. To re-establish
communication the routes are put back into the routing table one host at a time. Communication
is once again verified using the ping command.
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
PROCEDURES:
1.
2.
3.
4.
5.
6.
7.
8.
Prepared by Annaunivhub.blogpsot.com
NETWORK TOPOLOGY:
PC-1 IP ADDRESS:
Prepared by Annaunivhub.blogpsot.com
PC-2 IP ADDRESS:
PC-3 IP ADDRESS:
Prepared by Annaunivhub.blogpsot.com
Graphical View :
Prepared by Annaunivhub.blogpsot.com
PING PC 1 - PC 3
c:>ping 192.168.1.3
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
DATE:
EX.NO:
1.2
RESULT:
PROCEDURES:
1.
2.
3.
4.
5.
6.
7.
Prepared by Annaunivhub.blogpsot.com
8. Configuring Static Routing for Each router.
9. Configuring RIP Routing for Each router.
10. Check the IP address for Every PC using ipconfig or ifconfig Command.
11. Check the Connections using Ping Commands.
12. View the MAC Address Table.
13. View the ARP Address Table.
14. View the Routing Table.
NETWORK TOPOLOGY:
ROUTER R1 CONFIGURATION
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config)#interface Serial0/0/0
Router(config-if)#ip address 192.168.3.1 255.255.255.0
Router(config-if)#
SET THE CLOCK RATE
Router(config)#interface serial0/0/0
Router(config-if)#clock rate ?
Speed (bits per second
1200
2400
9
Prepared by Annaunivhub.blogpsot.com
4800
9600
19200
38400
56000
64000
72000
125000
128000
148000
250000
500000
800000
1000000
1300000
2000000
4000000
<300-4000000> Choose clockrate from list above
Router(config-if)#clock rate 72000
ADDING STATIC ROUTING:
Router(config-if)#ip route Destination Network| Destination N/W SubnetMask |Next Hop
Address
Router(config-if)#ip route 192.168.2.0 255.255.255.0 192.168.3.2
ADDING RIP ROUTING:
Router#config terminal
Router(config)#router rip
Router(config-router)#network 192.168.1.0
Router(config-router)#network 20.0.0.0
ROUTER R2 CONFIGURATION
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config)#interface Serial0/0/0
Router(config-if)#ip address 192.168.3.2 255.255.255.0
Router(config-if)#
SET THE CLOCK RATE
Router(config)#interface serial0/0/0
Router(config-if)#clock rate ?
Speed (bits per second
1200
2400
10
Prepared by Annaunivhub.blogpsot.com
4800
9600
19200
38400
56000
64000
72000
125000
128000
148000
250000
500000
800000
1000000
1300000
2000000
4000000
<300-4000000> Choose clockrate from list above
Router(config-if)#clock rate 72000
ADDING STATIC ROUTING:
Router(config-if)#ip route Destination Network| Destination N/W SubnetMask |Next Hop
Address
Router(config-if)#ip route 192.168.1.0 255.255.255.0 192.168.3.1
ADDING RIP ROUTING:
Router#config terminal
Router(config)#router rip
Router(config-router)#network 192.168.2.0
Router(config-router)#network 20.0.0.0
PC CONFIGURATION:
PC-1>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::2E0:8FFF:FEBC:1B4C
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC-2>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::260:2FFF:FE61:B37C
IP Address......................: 192.168.1.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
11
Prepared by Annaunivhub.blogpsot.com
PC-3>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::250:FFF:FE6D:ED85
IP Address......................: 192.168.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
PC-4>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::201:64FF:FE76:7A08
IP Address......................: 192.168.2.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
ROUTER R1 RUNNING CONFIGURATION:
Router>enable
Router#show running-config
Building configuration...
Current configuration : 703 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
12
Prepared by Annaunivhub.blogpsot.com
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.3.1 255.255.255.0
!
interface Serial0/0/1
no ip address
!
interface Vlan1
no ip address
shutdown
!
router rip
network 20.0.0.0
network 192.168.1.0
!
ip classless
ip route 192.168.2.0 255.255.255.0 192.168.3.2
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#copy running-config startup-config
Destination filename [startup-config]?
13
Prepared by Annaunivhub.blogpsot.com
Building configuration...
[OK]
Router#
ROUTER R2 RUNNING CONFIGURATION:
Router>enable
Router#show running-config
Building configuration...
Current configuration : 703 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
14
Prepared by Annaunivhub.blogpsot.com
interface Serial0/0/0
ip address 192.168.3.2 255.255.255.0
!
interface Serial0/0/1
no ip address
!
interface Vlan1
no ip address
shutdown
!
router rip
network 20.0.0.0
network 192.168.2.0
!
ip classless
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#
15
Prepared by Annaunivhub.blogpsot.com
16
Prepared by Annaunivhub.blogpsot.com
R2 ROUTER
17
Prepared by Annaunivhub.blogpsot.com
18
Prepared by Annaunivhub.blogpsot.com
OUTPUT PROTOCOL DATA UNIT (PDU):
19
Prepared by Annaunivhub.blogpsot.com
OUT PUT:
c :>ping 192.168.2.2
c:>ping 192.168.1.3
RESULT:
Thus the Experiment is configured successfully.
20
DATE:
EX.NO: 1.3
Prepared by Annaunivhub.blogpsot.com
CASE STUDY 1
Aim:
To analyze the performance of various configurations and protocols in LAN.
Objective
Analyzing the performance of various configurations and protocols
Original TCP versus the above modified one: To compare the performance between the
operation of TCP with congestion control and the operation of TCP as implemented. The main
objective is for students to examine how TCP responds to a congested network. The concepts
involved in the lab include network congestion and the host responsibilities for communicating
over a network. This lab requires three PCs connected to a switch. One PC is designated as the
target host and the other two PCs will transfer a file from the target host using FTP. A load is
placed on the network to simulate congestion and the file is transferred, first by the host using the
normal TCP and then by the host using the modified version. This procedure is performed
multiple times to determine average statistics. The students are then asked to summarize the
results and draw
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Prepared by Annaunivhub.blogpsot.com
FILE TRANSFER PROTOCOL
File Transfer Protocol (FTP) is the standard mechanism provided by TCP/IP for copying a file
from one host to another.
PROCEDURE:
Start the 3 virtual machine one by one.
22
Prepared by Annaunivhub.blogpsot.com
23
Prepared by Annaunivhub.blogpsot.com
24
Prepared by Annaunivhub.blogpsot.com
LINUX VIRTUAL PC
25
Prepared by Annaunivhub.blogpsot.com
26
Prepared by Annaunivhub.blogpsot.com
27
Prepared by Annaunivhub.blogpsot.com
Start the vsftpd Services.
#service vsftpd start
--dport
20
-j
ACCEPT
28
Prepared by Annaunivhub.blogpsot.com
29
Prepared by Annaunivhub.blogpsot.com
Windows XP PC-1 Ip Address
Assign the IP Address to your first windows XP PC 192.168.1.2
c:/>ipconfig
FTPSERVERCONFIGURATION:
Edit
the
ftp
server
configuration
file.
30
Prepared by Annaunivhub.blogpsot.com
# vi /etc/vsftpd/vsftpd.conf
Make some changes and add some lines to your vsftpd.conf configuration file
local_root=public_html
use_localtime=YES
31
Prepared by Annaunivhub.blogpsot.com
32
Prepared by Annaunivhub.blogpsot.com
33
Prepared by Annaunivhub.blogpsot.com
34
Prepared by Annaunivhub.blogpsot.com
On the Setseboolean
# setsebool -P allow_ftpd_anon_write on
35
Prepared by Annaunivhub.blogpsot.com
TEXT MODE :
Go to XP PC-1
Open the command prompt windows
Type the following command
C:/>ftp 192.168.1.5
Enter the Linux user_name and password to login the linux machine
36
Prepared by Annaunivhub.blogpsot.com
also
list
out.
37
Prepared by Annaunivhub.blogpsot.com
ftp> recv sample
files has been successfully copied.
38
Prepared by Annaunivhub.blogpsot.com
39
Prepared by Annaunivhub.blogpsot.com
GUI MODE :
Open Internet Explorer
Type the following text on Address bar.
ftp://192.168.1.5
40
Prepared by Annaunivhub.blogpsot.com
41
Prepared by Annaunivhub.blogpsot.com
42
Prepared by Annaunivhub.blogpsot.com
43
Prepared by Annaunivhub.blogpsot.com
44
Prepared by Annaunivhub.blogpsot.com
45
Prepared by Annaunivhub.blogpsot.com
View the Wire-shark capture file and Analyzing your TCP protocol information's and
congestion's.
46
Prepared by Annaunivhub.blogpsot.com
47
Prepared by Annaunivhub.blogpsot.com
DATE:
EX.NO:
2
RESULT:
CASE STUDY 2
48
Prepared by Annaunivhub.blogpsot.com
Aim:
To analyze the performance of RIP AND OSPF Redistribution
Objective:
This case study addresses the issue of integrating Routing Information Protocol
(RIP) networks with Open Shortest Path First (OSPF) networks. Most OSPF
networks also use RIP to communicate with hosts or to communicate with portions
of the inter-network that do not use OSPF. This case study should provide
examples of how to complete the following phases in redistributing information
between RIP and OSPF networks, including the following topics:
Configuring a RIP Network
Adding OSPF to the Center of a RIP Network
Adding OSPF Areas
Setting Up Mutual Redistribution
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
PROCEDURES:
Configuring a RIP Network
A RIP network illustrates a RIP network. Four sites are connected with serial lines.
The RIP network uses a Class C address. Each site has a contiguous set of network
numbers
ROUTER R4 NETWORK CONFIGURATION:
49
Prepared by Annaunivhub.blogpsot.com
interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
ip address 192.168.2.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.2 255.255.255.0
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
ROUTER R3 NETWORK CONFIGURATION:
interface Serial0/0/0
ip address 192.168.1.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.2.1 255.255.255.0
!
ROUTER R1 NETWORK CONFIGURATION:
!
interface Serial0/0/0
ip address 192.168.5.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.1 255.255.255.0
!
ROUTER R2 NETWORK CONFIGURATION:
!
interface FastEthernet0/0
ip address 192.168.6.1 255.255.255.0
duplex auto
50
Prepared by Annaunivhub.blogpsot.com
speed auto
!
interface Serial0/0/0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.5.1 255.255.255.0
!
Adding OSPF to the Center of a RIP Network :
A common first step in converting a RIP network to OSPF is to add backbone
routers that run both RIP and OSPF, while the remaining network devices run RIP.
These backbone routers are OSPF autonomous system boundary routers. Each
autonomous system boundary router controls the flow of routing information
between OSPF and RIP
ROUTER R3 OSPF CONFIGURATION:
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
!
ROUTER R1 OSPF CONFIGURATION:
!
router ospf 1
network 192.168.5.0 0.0.0.255 area 0
!
Adding OSPF Areas :
ROUTER R2 OSPF CONFIGURATION:
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 1
!
51
Prepared by Annaunivhub.blogpsot.com
NETWORK TOPOLOGY:
Most OSPF networks also use RIP to communicate with hosts or to communicate
with portions of the inter-network that do not use OSPF. Cisco supports both the
RIP and OSPF protocols and provides a way to exchange routing information
between RIP and OSPF networks.
Setting Up Mutual Redistribution:
52
Prepared by Annaunivhub.blogpsot.com
Mutual redistribution between RIP and OSPF networks is running both OSPF and
RIP.
R1 ROUTER MUTUAL REDISTRIBUTION:
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.5.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.4.0
R3 ROUTER MUTUAL REDISTRIBUTION:
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.1.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.2.0
ROUTER R1 RUNNING CONFIGURATION FILES:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no ip address
duplex auto
53
Prepared by Annaunivhub.blogpsot.com
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.5.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.5.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.4.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
54
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
router rip
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
ROUTER R3 RUNNING CONFIGURATION FILE:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.1.2 255.255.255.0
!
56
Prepared by Annaunivhub.blogpsot.com
interface Serial0/0/1
ip address 192.168.2.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.1.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.2.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
ROUTER R4 RUNNING CONFIGURATION FILE:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
57
Prepared by Annaunivhub.blogpsot.com
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.2.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.2 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
58
Prepared by Annaunivhub.blogpsot.com
ROUTING TABLE:
59
Prepared by Annaunivhub.blogpsot.com
For a Cisco router, the IOS command show ip route displays the routes in the
routing table. There are several types of routes that can appear in the routing table:
Directly-Connected Routes:
When the router powers up, the configured interfaces are enabled. As they become
operational, the router stores the directly attached local network addresses as
connected routes in the routing table. For Cisco routers, these routes are identified
in the routing table with the prefix C. These routes are automatically updated
whenever the interface is reconfigured or shutdown.
Static Routes:
A network administrator can manually configure a static route to a specific
network. A static route does not change until the administrator manually
reconfigures it. These routes are identified in the routing table with the prefix S.
Dynamically-Updated Routes (Dynamic Routes) :
Dynamic routes are automatically created and maintained by routing protocols.
Routing protocols are implemented in programs that run on routers and that
exchange routing information with other routers in the network. Dynamicallyupdated routes are identified in the routing table with the prefix that corresponds to
the type of routing protocol that created the route, for example R is used for the
Routing Information Protocol (RIP).
Default Route:
The default route is a type of static route which specifies a gateway to use when
the routing table does not contain a path to use to reach the destination network. It
is common for default routes to point to the next router in the path to the Internet
Service Provider. If a subnet has only one router, then that router is automatically
the default gateway, because all network traffic to and from that local network has
no option but to travel through that router.
RIP:
It is a distance vector routing protocol.
send the complete routing table out to all interface every 30 seconds.
60
Prepared by Annaunivhub.blogpsot.com
Rip only use hop count to determine best way to remote Network.
Maximum allowable hop count is 15
OSPF:
Open Shortest Path First (OSPF) is a non-proprietary link-state routing protocol
described in RFC2328 .Identified in the routing table with the prefix O .
Uses the SPF algorithm to calculate the lowest cost to a destination
Sends routing updates only when the topology changes; does not send
periodic updates of the entire routing table.
Provides fast convergence
Supports VLSM and discontiguous subnets
Provides route authentication
61
Prepared by Annaunivhub.blogpsot.com
62
Prepared by Annaunivhub.blogpsot.com
63
Prepared by Annaunivhub.blogpsot.com
64
Prepared by Annaunivhub.blogpsot.com
65
Prepared by Annaunivhub.blogpsot.com
66
Prepared by Annaunivhub.blogpsot.com
67
Prepared by Annaunivhub.blogpsot.com
68
Prepared by Annaunivhub.blogpsot.com
DATE:RESULT:
EX.NO: 3
Prepared by Annaunivhub.blogpsot.com
multiple interfaces for multiple remote sites. Include examples of the usage of
rotary groups and access lists.
Having the Central and Remote Sites Dial In and Dial Out
Describe the central and remote site configurations for three setups: central site
with one interface per remote site, a single interface for multiple remote sites, and
multiple interfaces for multiple remote sites. Also describes the usage of Point-toPoint Protocol (PPP) encapsulation and the Challenge Handshake Authentication
Protocol (CHAP).
Having Remote Sites Dial Out
A common configuration is one in which the remote sites place calls to the central
site but the central site does not dial out. In a star topology, it is possible for all
of the remote routers to have their serial interfaces on the same subnet as the
central site serial interface.
Using DDR as a Backup to Leased Lines
Describes the use of DDR as a backup method to leased lines and provides
examples of how to use floating static routes on single and shared interfaces.
Using Leased Lines and Dial Backup
Describes the use of Data Terminal Ready (DTR) dialing and V.25bis dialing with
leased lines.
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
NETWORK TOPOLOGY:
70
Prepared by Annaunivhub.blogpsot.com
71
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
!
interface Serial1
no ip address
no ip directed-broadcast
bandwidth 1544
shutdown
!
interface Ethernet0
no ip address
no ip directed-broadcast
bandwidth 10000
shutdown
!
interface Bri0
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
dialer-group 1
isdn switch-type basic-ni
isdn spid1 32177820010100
dialer map ip 192.168.0.2 name MUMBAI broadcast 7782001
encapsulation ppp
ppp authentication chap
!
ip classless
no ip http server
!
!
dialer-list 1 protocol ip permit
!
isdn switch-type basic-ni
line con 0
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
MUMBAI ROUTER RUNNING CONFIGURATION:
73
Prepared by Annaunivhub.blogpsot.com
MUMBAI#sh running-config
Building configuration...
!
Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname MUMBAI
!
ip subnet-zero
!
interface Ethernet0
no ip address
no ip directed-broadcast
bandwidth 10000
shutdown
!
interface Bri0
ip address 192.168.0.2 255.255.255.0
no ip directed-broadcast
dialer-group 1
isdn switch-type basic-ni
isdn spid1 32177820020100
dialer map ip 192.168.0.1 name CHENNAI broadcast 7782002
encapsulation ppp
ppp authentication chap
!
ip classless
no ip http server
!
dialer-list 1 protocol ip permit
!
isdn switch-type basic-ni
line con 0
transport input none
line aux 0
line vty 0 4
74
Prepared by Annaunivhub.blogpsot.com
!
no scheduler allocate
end
VERIFY ISDN DDR NETWORK CONNECTIVITY:
75
Prepared by Annaunivhub.blogpsot.com
MUMBAI ROUTER ISDN STATUS:
RESULT:
Thus the experiment was configured successfully.
DATE:
EX.NO: 4
.
76
Prepared by Annaunivhub.blogpsot.com
CASE STUDY 4
Aim:
To analyze the network security for improving the security of the network.
Objective:
This case study should provide the specific actions you can take to improve the
security of your network. Before going into specifics, however, you should
understand the following basic concepts that are essential to any security system:
Know your enemy
This case study refers to attackers or intruders. Consider who might want to
circumvent your security measures and identify their motivations. Determine what
they might want to do and the damage that they could cause to your network.
Security measures can never make it impossible for a user to perform unauthorized
tasks with a computer system. They can only make it harder. The goal is to make
sure the network security controls are beyond the attackers ability or motivation.
Count the cost
Security measures almost always reduce convenience, especially for sophisticated
users. Security can delay work and create expensive administrative and educational
overhead. It can use significant computing resources and require dedicated
hardware. When you design your security measures, understand their costs and
weigh those costs against the potential benefits. To do that, you must understand
the costs of the measures themselves and the costs and likelihoods of security
breaches. If you incur security costs out of proportion to the actual dangers, you
have done yourself a disservice.
Identify your assumptions
Every security system has underlying assumptions. For example, you might
assume that your network is not tapped, or that attackers know less than you do,
that they are using standard software, or that a locked room is safe. Be sure to
77
Prepared by Annaunivhub.blogpsot.com
examine and justify your assumptions. Any hidden assumption is a potential
security hole.
Control your secrets
Most security is based on secrets. Passwords and encryption keys, for example, are
secrets. Too often, though, the secrets are not really all that secret. The most
important part of keeping secrets is knowing the areas you need to protect. What
knowledge would enable someone to circumvent your system? You should
jealously guard that knowledge and assume that everything else is known to your
adversaries. The more secrets you have, the harder it will be to keep all of them.
Security systems should be designed so that only a limited number of secrets need
to be kept.
Know your weaknesses
Every security system has vulnerabilities. You should understand your systems
weak points and know how they could be exploited. You should also know the
areas that present the largest danger and prevent access to them immediately.
Understanding the weak points is the first step toward turning them into secure
areas.
Limit the scope of access
You should create appropriate barriers inside your system so that if intruders access
one part of the system, they do not automatically have access to the rest of the
system. The security of a system is only as good as the weakest security level of
any single host in the system.
Remember physical security
Physical access to a computer (or a router) usually gives a sufficiently
sophisticated user total control over that computer. Physical access to a network
link usually allows a person to tap that link, jam it, or inject traffic into it. It makes
no sense to install complicated software security measures when access to the
hardware is not controlled
REQUIREMENTS:
1. CISCO 1841 Model 1 Routers.
78
Prepared by Annaunivhub.blogpsot.com
2. One 8 port switch.
3. One Laptop For Console Local Administration.
4. One PC for Remote telnet Login.
5. Class C, Class B IP Address.
6. Basic Telnet Routing Configuration Commands.
7. One Console Roll over cable.
8. Two copper Straight through Cable.
9. Cisco Packet Tracer 6.0.1.exe
10.Power supply.
PROCEDURE:
1.
2.
3.
4.
5.
6.
79
Prepared by Annaunivhub.blogpsot.com
NETWORK TOPOLOGY:
Console Connectivity
R1 ROUTER CONFIGURATION :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R1
!
enable password 7 0822455D0A16
!
80
Prepared by Annaunivhub.blogpsot.com
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
exec-timeout 30 0
password 7 0822455D0A16
login
!
line aux 0
!
line vty 0 4
password 7 0822455D0A16
login
!
End
81
Prepared by Annaunivhub.blogpsot.com
PC-1 IP ADDRESS :
Console Login
Creating Remote Telnet Access on your Router with basic level security :
82
Prepared by Annaunivhub.blogpsot.com
NETWORK TOPOLOGY:
Prepared by Annaunivhub.blogpsot.com
servicepassword-encryption
!
hostnameR1
!
enablepassword70822455D0A16
!
spanning-treemodepvst
!
interfaceFastEthernet0/0
ipaddress192.168.1.1255.255.255.0
duplexauto
speedauto
!
interfaceFastEthernet0/1
noipaddress
duplexauto
speedauto
shutdown
!interfaceVlan1
noipaddress
shutdown!ipclassless!linecon0
exec-timeout300
password70822455D0A16
login
!
lineaux0
!
linevty04
password70822455D0A16
login
!
end
Enable Router User Privilege Mode password for Remote Telnet Access :
R1(config)#enable password cisco
This is basic level Type 7 encryption. hackers can Easily find out This Encrypted
Password.
Hack Basic Level Type 7 Console and Telnet Router Password :
84
Prepared by Annaunivhub.blogpsot.com
85
Prepared by Annaunivhub.blogpsot.com
NETWORK TOPOLOGY:
Creating MD5
he password has been hashed using the stronger MD5 algorithm.
enable secret password
privilege mode MD5 Password
R1(config)#enable secret cisco1234
Original password is -- cisco1234
86
Prepared by Annaunivhub.blogpsot.com
Encrypted Password is -- $1$mERr$WKkcGROjDgUmPKrVvqyr10
Creating AAA Authentication :
Authentication:
Identifies users by login and password using challenge and response methodology
before the user even gains access to the network. Depending on your security
options, it can also support encryption.
Authorization:
After initial authentication, authorization looks at what that authenticated user has
access to do. RADIUS or TACACS+ security servers perform authorization for
specific privileges by defining attribute-value (AV) pairs, which would be specific
to the individual user rights. In the Cisco IOS, you can define AAA authorization
with a named list or authorization method.
Accounting:
The last "A" is for accounting. It provides a way of collecting security information
that you can use for billing, auditing, and reporting. You can use accounting to see
what users do once they are authenticated and authorized. For example, with
accounting, you could get a log of when users logged in and when they logged out.
Enabling AAA
Router(config)# aaa new-model
R1(config)#username cisco secret cisco1234
Configuring the TACACS+ servers
Next we need to configure the addresses of the AAA servers we want to use. This
example shows the configuration of TACACS+ servers, but the concept applies to
RADIUS servers as well. There are two approaches to configuring TACACS+
servers. In the first, servers are specified in global configuration mode using the
command tacacs-server to specify an IP address and shared secret key for each
server:
Router(config)# tacacs-server host 192.168.1.3 key MySecretKey1
Router(config)# tacacs-server host 192.168.2.3 key MySecretKey2
More details Click Here
Blocking Dictionary Attack:
87
Prepared by Annaunivhub.blogpsot.com
The primary intention of a dictionary attack, unlike a typical DoS attack, is to
actually gain administrative access to the device. A dictionary attack is an
automated process to attempt to login by attempting thousands, or even millions, of
username/password combinations. (This type of attack is called a "dictionary
attack" because it typically uses, as a start, every word found in a typical dictionary
as a possible password.) As scripts or programs are used to attempt this access, the
profile for such attempts is typically the same as for DoS attempts; multiple login
attempts in a short period of time.
NETWORK TOPOLOGY:
Prepared by Annaunivhub.blogpsot.com
Time period in seconds -120 seconds
attempts -Set max number of fail attempts - 5 times
within Watch period for fail attempts - 60 seconds
More Details Click here
Creating Named Access List Control :
Cisco IOS versions 11.2 and higher can create Named ACLs (NACLs). In an
NACL, a descriptive name replaces the numerical ranges required for Standard and
Extended ACLs. Named ACLs offer all the functionality and advantages of
Standard and Extended ACLs; only the syntax for creating them is different.
The name given to an ACL is unique. Using capital letters in the name makes it
easier to recognize in router command output and troubleshooting.
A Named ACL is created with the command:
ip access-list {standard | extended} name
R1 ROUTER CONFIGURATION :
89
Prepared by Annaunivhub.blogpsot.com
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group Block-192.168.1.2 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip access-list standard Block-192.168.1.2
deny host 192.168.1.2
permit any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
90
Prepared by Annaunivhub.blogpsot.com
PING BETWEEN 192.168.1.2 TO 172.16.13.2 :
R1(config)#ip access-list standard Block-192.168.1.2
R1(config-std-nacl)#deny host 192.168.1.2
permit any
91
Prepared by Annaunivhub.blogpsot.com
Enabling Log Files Database for Failure and Success Attempt :
It store the login attempt success and failure at a base.
NETWORK TOPOLOGY:
92
Prepared by Annaunivhub.blogpsot.com
AFTER THE LOG FILE CREATION :
RESULT:
93
Prepared by Annaunivhub.blogpsot.com
DATE:
EX.NO: 5
PROCEDURE:
Lab Objective:
94
Prepared by Annaunivhub.blogpsot.com
any one try to telnet the router must be authenticated through AAA server First and
in case AAA server is down , router will use his local user accounts database.
configuration at the router:
--------setting telnet -----------Router(config)#enable secret 1234
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#exit
Router(config)#username telnet password 1234
AAA commands
----------enable AAA on the router-----------Router(config)#aaa new-model
set authentication for login using two methods ,
-------Method 1---------using AAA server through Tacacs+ protocol ,
-------Method 2 ---------using local router user accounts.
tell the router what is the IP address for Tacas+ server and key (password) to
connect to:
Router(config)#tacacs-server host 192.168.1.3 key 1234
configuration at AAA server :
---------ACS SERVER--------------user account ---username : tacacs
password: tacacs
tacas+ client Ip :192.168.1.1
key : 1234
Now here is few show commands we can use plus one command to unlock any
user account reach max failed attempts to logon:
Router#show aaa user all
Router#show aaa sessions
Router#show aaa local user lockout
Router#clear aaa local user lockout username all
For best practice try to telnet the router with local username telnet password
1234 and it will not work then try to use TACACS server user name we wrote
95
Prepared by Annaunivhub.blogpsot.com
above: tacacs password tacacs and it will work fine now disconnect the TACACS
server or just remove the cable and try to telnet the router using telnet and it will
work fine. Remember methods 1 fail, you will not go to method 2 but if method 1
is not available then you can go to method 2 and use it.
PHYSICAL CONNECTIONS:
NETWORK TOPOLOGY:
TELNET WITH OUT TACACS SERVER:
96
Prepared by Annaunivhub.blogpsot.com
97
Prepared by Annaunivhub.blogpsot.com
TACACS SERVER IP :
98
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
!
enable secret 5 $1$mERr$4dpRATIgxQacPVK0CfNV4/
!
aaa new-model
!
username telnet password 0 1234
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
password telnet
login authentication default
!
end
TELNET LOGIN WITH OUT TACACS SERVER AUTHENTICATION:
100
Prepared by Annaunivhub.blogpsot.com
RESULT:
Thus the Experiment was configured successfully
101
Prepared by Annaunivhub.blogpsot.com
DATE:
EX.NO: 6
CASE STUDY 6
Aim:
To configure the standard access list for a network.
Objective:
Access lists define the actual traffic that will be permitted or denied, whereas an
access group applies an access list definition to an interface. Access lists can be
used to deny connections that are known to be a security risk and then permit all
other connections, or to permit those connections that are considered acceptable
and deny all the rest. For firewall implementation, the latter is the more secure
method. In this case study, incoming email and news are permitted for a few hosts,
but FTP, Telnet, and rlogin services are permitted only to hosts on the firewall
subnet. IP extended access lists (range 100 to 199) and transmission control
protocol (TCP) or user datagram protocol (UDP) port numbers are used to filter
traffic. When a connection is to be established for email, Telnet, FTP, and so forth,
the connection will attempt to open a service on a specified port number. An access
list is invoked after a routing decision has been made but before the packet is sent
out on an interface. The best place to define an access list is on a preferred host
using your favorite text editor. You can create a file that contains the access-list
commands, place the file (marked readable) in the default TFTP directory and then
network load the file onto the router.
REQUIREMENTS:
1.
2.
3.
4.
5.
Prepared by Annaunivhub.blogpsot.com
6. Cooper Cross over cable
7. Class C IP Address and Class A IP Address
8. Basic Router Interface Configuration Commands.
9. Basic Standard ACL Configuration Commands
10.Ping Command
11.Cisco Packet Tracer 6.0.0.exe
PROCEDURE:
1.
2.
3.
4.
5.
Prepared by Annaunivhub.blogpsot.com
Controlling virtual terminal access to routers
The following potential problems can result from using ACLs:
The additional load on the router to check all packets means less time to
actually forward packets
Poorly designed ACLs place an even greater load on the router and might
disrupt network usage.
Improperly placed ACLs block traffic that should be allowed and permit
traffic that should be blocked.
Prepared by Annaunivhub.blogpsot.com
router while denying other IP addresses access. Standard ACLs are identified by
the number assigned to them. For access lists permitting or denying IP traffic, the
identification number can range from 1 to 99 and from 1300 to 1999.
2. Extended ACLs
Extended ACLs filter not only on the source IP address but also on the destination
IP address, protocol, and port numbers. Extended ACLs are used more than
Standard ACLs because they are more specific and provide greater control. The
range of numbers for Extended ACLs is from 100 to 199 and from 2000 to 2699.
3. Named ACLs
Named ACLs (NACLs) are either Standard or Extended format that are referenced
by a descriptive name rather than a number. When configuring named ACLs, the
router IOS uses a NACL subcommand mode.
105
Prepared by Annaunivhub.blogpsot.com
NETWORK TOPOLOGY:
106
Prepared by Annaunivhub.blogpsot.com
PC-2 IP ADDRESS:
107
Prepared by Annaunivhub.blogpsot.com
PC-3 IP ADDRESS:
PC-4 IP ADDRESS:
108
Prepared by Annaunivhub.blogpsot.com
PC-5 IP ADDRESS :
109
Prepared by Annaunivhub.blogpsot.com
CHECK
THE
NETWORK
CONNECTIVITY
USING
COMMAND BEFORE THE STANDARD
ACCESS
CONTROL CONFIGURATION:
PING
LIST
110
Prepared by Annaunivhub.blogpsot.com
Now I deny three remote pc access permission. In my router R1. Here after check
the ping connectivity between PC 3, 4, 5 to server. Ping was un successful because
I block the pc 3, 4, 5 request.
PING PC-3 TO SERVER:
111
Prepared by Annaunivhub.blogpsot.com
112
Prepared by Annaunivhub.blogpsot.com
RI ROUTER RUNNING CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 11 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.10 255.0.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
access-list 11 deny host 192.168.1.6
access-list 11 deny host 192.168.1.5
access-list 11 deny host 192.168.1.4
access-list 11 permit any
!
!
line con 0
!
113
Prepared by Annaunivhub.blogpsot.com
line aux 0
!
line vty 0 4
login
!
!
end
R1 ROUTER ROUTING TABLE:
RESULT:
DATE:
EX.NO: 6
Thus the standard access list has been configured successfully.
CASE STUDY 6
Aim:
To configure the extended access control list for a network.
Objective:
Extended ACLs filter not only on the source IP address but also on the destination
IP address, protocol, and port numbers. Extended ACLs are used more than
Standard ACLs because they are more specific and provide greater control. The
range of numbers for Extended ACLs is from 100 to 199 and from 2000 to 2699
114
Prepared by Annaunivhub.blogpsot.com
REQUIREMENTS:
1. One Cisco 2960 switch or other comparable switch
2. Two Cisco 1841 or equivalent routers, each with a serial and an Ethernet
interface
3. Three Windows-based PCs, at least one with a terminal emulation program,
and all set up as hosts
4. At least one RJ-45-to-DB-9 connector console cable to configure the routers
and switch
5. Three straight-through Ethernet cables
6. One crossover Ethernet cable
7. One 2-part DTE/DCE serial crossover
PROCEDURE:
1. Connect the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of
Router 2 using a serial cable.
2. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port of Switch 1 using
straight-through cable.
3. Connect a console cable to each PC to perform configurations on the routers
and switch.
4. Connect Host 1 to the Fa0/3 port of Switch 1 using a straight-through cable.
5. Connect Host 2 to the Fa0/2 port of Switch 1 using a straight-through cable.
6. Connect a crossover cable between Host 3 and the Fa0/0 interface of Router
NETWORK TOPOLOGY:
115
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
network 192.168.15.0
!
ip classless
!
access-list 101 permit ip host 192.168.5.10 host 192.168.15.1
access-list 101 permit ip host 192.168.5.10 host 192.168.1.1
access-list 101 deny ip any host 192.168.15.1
access-list 101 deny ip any host 192.168.1.1
access-list 101 permit ip any any
access-list 101 deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
Perform basic configuration on Router 1
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
spanning-tree mode pvst
117
Prepared by Annaunivhub.blogpsot.com
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
ip access-group 101 out
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.15.2 255.255.255.0
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.5.0
network 192.168.15.0
!
ip classless
!
access-list 101 permit ip host 192.168.1.10 host 192.168.5.10
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.5.10
access-list 101 permit ip any any
access-list 101 deny ip any any
!
line con 0
!
line aux 0
!
118
Prepared by Annaunivhub.blogpsot.com
line vty 0 4
login
!
end
PERMIT HTTP AND DENY ICMP:
NETWORK TOPOLOGY:
Prepared by Annaunivhub.blogpsot.com
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
ip access-group 100 out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
access-list 100 permit tcp any host 172.16.13.2 eq www
access-list 100 deny icmp any host 172.16.13.2 unreachable
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
PERMIT HTTP:
EXTENDED ACCESS LIST 100
120
Prepared by Annaunivhub.blogpsot.com
access-list 100 permit tcp any host 172.16.13.2 eq www
DENY ICMP:
Prepared by Annaunivhub.blogpsot.com
R1 ROUTER CONFIGURATION :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
enable secret 5 $1$mERr$IAMOTn9O8Oi71F2D6cQKs/
!
aaa new-model
!
aaa authentication login TT local
!
username telnet password 0 telnet
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.10.10.1 255.0.0.0
ip access-group 101 in
!
interface Serial0/0/1
no ip address
shutdown
122
Prepared by Annaunivhub.blogpsot.com
!
interface Vlan1
no ip address
shutdown
!
router rip
network 10.0.0.0
network 192.168.1.0
!
ip classless
!
access-list 101 deny tcp host 172.16.13.1 host 192.168.1.1 eq telnet
access-list 101 permit tcp host 10.10.10.2 host 192.168.1.1 eq telnet
!
line con 0
!
line aux 0
!
line vty 0 4
login authentication TT
!
end
R2 ROUTER CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
123
Prepared by Annaunivhub.blogpsot.com
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.10.10.2 255.0.0.0
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 10.0.0.0
network 172.16.0.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
124
Prepared by Annaunivhub.blogpsot.com
125
Prepared by Annaunivhub.blogpsot.com
PERMIT FTP:
NETWORK TOPOLOGY:
Extended IP Access List
126
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
ip access-group 100 out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
access-list 100 permit tcp any host 172.16.13.2 eq www
access-list 100 deny icmp any host 172.16.13.2 unreachable
access-list 100 permit tcp any host 172.16.13.2 eq ftp
access-list 100 permit tcp any host 172.16.13.2 range 20 ftp
access-list 100 permit tcp any host 172.16.13.2 eq 20
access-list 100 permit tcp any host 172.16.13.2 gt 1023
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
128
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
ip access-group 100 out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
access-list 100 permit tcp any host 172.16.13.2 eq www
access-list 100 deny icmp any host 172.16.13.2 unreachable
access-list 100 permit tcp any host 172.16.13.2 eq ftp
access-list 100 permit tcp any host 172.16.13.2 range 20 ftp
access-list 100 permit tcp any host 172.16.13.2 eq 20
access-list 100 permit tcp any host 172.16.13.2 gt 1023
access-list 100 permit udp any host 172.16.13.2 eq domain
access-list 100 permit udp any host 172.16.13.2 eq 123
access-list 100 permit udp any host 172.16.13.3 eq domain
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
ntp server 172.16.13.3 key 0
!
end
PERMIT NTP FROM ANY HOST:
130
Prepared by Annaunivhub.blogpsot.com
131
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
133
Prepared by Annaunivhub.blogpsot.com
134
Prepared by Annaunivhub.blogpsot.com
AFTER EMAIL ACL CONFIGURATION :
NETWORK TOPOLOGY:
R1 ROUTER CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
duplex auto
135
Prepared by Annaunivhub.blogpsot.com
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip classless
!
!
access-list 101 deny tcp 192.168.1.0 0.0.0.255 host 172.16.13.4 eq smtp
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
136
Prepared by Annaunivhub.blogpsot.com
137
Prepared by Annaunivhub.blogpsot.com
138
Prepared by Annaunivhub.blogpsot.com
access list 101 deny tcp 192.168.1.0 0.0.0.255 host 172.16.13.4 eq SMTP
139
Prepared by Annaunivhub.blogpsot.com
RESULT:
DATE:
Thus
EX.NO: 7
Aim:
To configure a firewall and analyze it for a network.
Objective:
Consider a Fire wall communication server with single inbound modem. Configure
the modem to ensure security for LAN
REQUIREMENTS:
1. Cisco Packet Tracer 6.0.1
2. 3 PC windows or Linux PC's
3. One Switch or Hub
4. One DSL Modem
5. One Application Server
6. Communication Channels
7. Class B IP Address.
8. Basic Firewall things.
9. Basic Network Configuration Commands.
10.Cisco Packet Tracer 6.0.1.exe
PROCEDURE:
1.
2.
3.
4.
Prepared by Annaunivhub.blogpsot.com
5. Draw The Cloud Icon using WAN Emulation Icon.
6. Draw The Server using End Device Icons.
7. Make the cable connectivity.
8. Enter The IP Address To Each Machine (Server and PC's).
9. Check the IP address for Every PC using ipconfig or ifconfig Command.
10.Check The Connections using Ping Commands.
What is Firewall?
A firewall is a layer of security between your home network and the Internet.
Since a router or modem is the main connection from a home network to the
Internet, a firewall is often packaged with those devices. Every home network
should have a firewall to protect its privacy. firewalls are a combination of
hardware and software The hardware part gives firewalls excellent performance,
while the software part allows firewalls to be tailored to your specific needs.
Firewall Rules:
Firewall rules block or allow specific traffic passing through from one side of the
router to the other. Inbound rules (WAN to LAN) restrict access by outsiders to
141
Prepared by Annaunivhub.blogpsot.com
private resources, selectively allowing only specific outside users to access specific
resources. Outbound rules (LAN to WAN) determine what outside resources local
users can have access to. A firewall has two default rules, one for inbound traffic
and one for outbound. The default rules of the modem router are:
1.
2.
Inbound
Outbound
INBOUND RULES:
Block all access from outside except responses to requests from the LAN side
OUTBOUND RULES:
Allow all access from the LAN side to the outside.
HOW TO WORK FIREWALL:
142
Prepared by Annaunivhub.blogpsot.com
NETWORK TOPOLOGY:
143
Prepared by Annaunivhub.blogpsot.com
SERVER IP ADDRESS:
SERVER>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80 :: 201:63FF:FEB1:4829
IP Address......................: 172.16.0.1
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
PC-1 IP ADDRESS :
PC>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80:: 201:C9FF:FE64:518E
IP Address......................: 172.16.0.2
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
PC-2 IP ADDRESS :
PC>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80:: 201:C9FF:FE64:518E
IP Address......................: 172.16.0.2
144
Prepared by Annaunivhub.blogpsot.com
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
PC-3 IP ADDRESS :
PC>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80:: 290:21FF:FEBC:CDA5
IP Address......................: 172.16.0.4
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
GRAPHICAL VIEW:
SERVER IP ADDRESS:
145
Prepared by Annaunivhub.blogpsot.com
PC-1 IP ADDRESS:
PC-2 IP ADDRESS:
PC-3 IP ADDRESS:
146
Prepared by Annaunivhub.blogpsot.com
HTTP
Open the any PC web Browser type the server IP address in address bar.
(http://172.16.0.1). We can access the web page from the server.
147
Prepared by Annaunivhub.blogpsot.com
WEB PAGE ACCESS BETWEEN SERVER TO WAN PC USING TCP
PROTOCOL:
Web Page can Access successful on Remote PC from the Server.
148
Prepared by Annaunivhub.blogpsot.com
ICMP:
ping command is a Network Utility Command. ping tools use Internet Control
Message Protocol (ICMP). ping used to verify the connection between source PC
to Destination PC.
PING BETWEEN WAN PC TO SERVER USING ICMP PROTOCOL:
ping was not successful between the Server and Remote PC. Because I block the
outside network ICMP Services.
149
Prepared by Annaunivhub.blogpsot.com
150
Prepared by Annaunivhub.blogpsot.com
RESULT:
DATE:
Thus
EX.NO:
CASE STUDY 8
Integrating EIGRP (Enhanced Interior Gateway Routing Protocol) into
Existing Networks
Aim:
151
Prepared by Annaunivhub.blogpsot.com
To integrate EIGRP (enhanced interior gateway routing protocol) into existing
networks
Objective:
The case study should provide the benefits and considerations involved in
integrating Enhanced IGRP into the following types of internetworks:
IPThe existing IP network is running IGRP
Novell IPXThe existing IPX network is running RIP and SAP
AppleTalkThe existing AppleTalk network is running the Routing Table
Maintenance Protocol (RTMP)
When integrating Enhanced IGRP into existing networks, plan a phased
implementation. Add Enhanced IGRP at the periphery of the network by
configuring Enhanced IGRP on a boundary router on the backbone off the core
network. Then integrate Enhanced IGRP into the core network
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
PROCEDURES:
CREATE EIGRP NETWORK TOPOLOGY:
NETWORK TOPOLOGY
152
Prepared by Annaunivhub.blogpsot.com
EIGRP
What is EIGRP?
Enhanced Interior Gateway Routing Protocol
Advanced distance vector
Rapid convergence
100% loop-free classless routing
Easy configuration
153
Prepared by Annaunivhub.blogpsot.com
Incremental updates
Load balancing across equal- and unequal-cost pathways
Flexible network design
Multicast and unicast instead of broadcast address
Support for VLSM and discontiguous subnets
Manual summarization at any point in the internetwork
Support for multiple network layer protocols
Features of EIGRP:
Cisco proprietary protocol
Classless routing protocol
Includes all features of IGRP
Metric (32 bit) : Composite Metric (BW + Delay + load + MTU + reliability )
Administrative distance is 90
Updates are through Multicast (224.0.0.10 )
Max Hop count is 255 (100 by default)
Supports IP, IPX and Apple Talk protocols
Hello packets are sent every 5 seconds
Convergence rate is fast
Overcome The RIP limitations.
EIGRP Tables:
EIGRP routing Protocol maintains Three tables for best routing or path selection to
destination Network.
1. Neighbor Table
2. Topology Table
3. Routing Table
154
Prepared by Annaunivhub.blogpsot.com
Disadvantages of EIGRP:
Works only on Cisco Routers
Directly Connected Networks on HYDERABAD Router
192.168.1.0
10.0.0.0
Configuring EIGRP
Router(config)# router eigrp <as no>
Router(config-router)# network <Network ID>
Directly Connected Networks on CHENNAI Router :
192.168.2.0
10.0.0.0
11.0.0.0
Configuring EIGRP :
Router(config)# router eigrp <as no>
Router(config-router)# network <Network ID>
Directly Connected Networks on Bangalore Router :
192.168.3.0
11.0.0.0
155
Prepared by Annaunivhub.blogpsot.com
Configuring EIGRP :
Router(config)# router eigrp <as no>
Router(config-router)# network <Network ID>
HYDERABAD Router Running Configuration :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname HYD
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.150 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
ip address 10.0.0.1 255.0.0.0
clock rate 148000
!
interface Serial0/3/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
156
Prepared by Annaunivhub.blogpsot.com
!
router eigrp 10
network 192.168.1.0
network 10.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
CHENNAI Router Running Configuration:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CHE
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.150 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
157
Prepared by Annaunivhub.blogpsot.com
interface Serial0/2/0
ip address 10.0.0.2 255.0.0.0
!
interface Serial0/2/1
ip address 11.0.0.1 255.0.0.0
!
interface Vlan1
no ip address
shutdown
!
router eigrp 10
network 10.0.0.0
network 192.168.2.0
network 11.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
Bangalore Router Running Configuration:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname BANG
!
spanning-tree mode pvst
!
interface FastEthernet0/0
158
Prepared by Annaunivhub.blogpsot.com
ip address 192.168.3.150 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/2/0
ip address 11.0.0.2 255.0.0.0
!
interface Serial0/2/1
no ip address
clock rate 1000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 10
network 192.168.3.0
network 11.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
159
Prepared by Annaunivhub.blogpsot.com
160
Prepared by Annaunivhub.blogpsot.com
PING 192.168.3.2
PING 192.168.2.3
161
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
163
Prepared by Annaunivhub.blogpsot.com
Prepared by Annaunivhub.blogpsot.com
BANGALORE ROUTER ROUTING TABLE:
Prepared by Annaunivhub.blogpsot.com
RESULT:
Thus the experiment was configured successfully.
166