LAN-to-LAN routing with static and RIP

DATE:
EX.NO: 1.1
Prepared by Annaunivhub.blogpsot.com
CASE STUDY 1
Aim:
To analyze the performance of various configurations and protocols in LAN.
Objective
Establishing a Local Area Network (LAN):
The main objective is to set up a Local Area Network, concepts involved in this network are IP
addressing and the Address Resolution Protocol (ARP). The required equipments are
192.168.1.1, 192.168.1.2, 192.168.1.3, Host A Host B Host C, Switch/HUB, three PC`s equipped
with at least oneNIC, one HUB or Switch and the necessary cables. Once the physical LAN is set
up the hosts need to be configured using the ifconfig command. To verify communication among
the machines the ping command is used. Next, to manipulate the routing tables at the hosts to
understand how machines know where to send packets. Since the ifconfig command places a
default route into the routing tables this route must be deleted. toblindfold the machine. The
ping command is used again to show that communication is no longer available. To re-establish
communication the routes are put back into the routing table one host at a time. Communication
is once again verified using the ping command.
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
3 Windows PC or 3 Linux PC, Each PC must Have One NIC cards.

1 Switch (8 port) or 1 Hub.
3 Straight Line LAN (cat-5) Cables with RJ-45 Sockets.
Power supply
Class C IP Address. using Static IP configuration.
Basic Network Configuration Commands. For Switch and PCs.
Cisco Packet Tracer 6.0.1
PROCEDURES:
1.
2.
3.
4.
5.
6.
7.
8.
Open The CISCO PACKET TRACER software.

Draw The Three PC using End Device Icons.
Draw The CISCO 24 Port Switch Using Switch icon lists.
Make The Connections using Straight-Through Ethernet Cables.
Enter The IP Address To Each Machine.
Check the IP address for Every PC using ipconfig or ifconfig Command.
Check The Connections using Ping Commands.
View The MAC Address Table.
1
NETWORK TOPOLOGY:
PC-1 IP ADDRESS:
PC-2 IP ADDRESS:
PC-3 IP ADDRESS:
VIEW THE SWITCH MAC ADDRESS TABLE :

Command Line View:
Switch>show mac-address-table
Graphical View :
ARP Table For Switch :

ARP is Layer 2 to Layer 3 mapping; if our switches are Layer 2 and pings are on the same
network, there is no arp cash on switches.
PING PC 1 - PC 2 :
ping command is a Network Utility Command. ping tools use Internet Control Message Protocol
(ICMP). ping used to verify the connection between source PC to Destination PC.
c:>ping 192.168.1.3
PING PC 1 - PC 3
c:>ping 192.168.1.3
OSI LAYER ARCHITECTURE:
INPUT PROTOCOL DATA UNIT (PDU):
OUTPUT PROTOCOL DATA UNIT (PDU):
DATE:
EX.NO:
1.2
RESULT:
Thus the Experiment is configured successfully.

CASE STUDY 1
Aim:
Objective
Connecting two LANs using multi-router topology with static routes:
The main objective is to extend routing connection by using multiple routers. The concepts
include IP addressing and basic network routing principles. Connect two LANs topology. During
router configuration attention is paid to the types of interfaces as additional issues are involved
with set-up. For example, the serial interfaces require clocking mechanisms to be set correctly.
Once the interfaces are working the ping command is used to check for communication between
LANs. The failure of communication illustrates the need for routes to be established inside the
routing infrastructure. Static routes are used to show how packets can be transported through any
reasonable route. It is run trace route on two different configurations to demonstrate the
implementation of different routes.
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
4 Windows PC or 4 Linux PC, Each PC must Have One NIC cards.

2 Switch (8 port) or 2 Hub.
6 Straight Line LAN(cat-5) Cables with RJ-45 Sockets.
Power supply
Class C IP Address. using Static IP configuration.
Basic Network Configuration Commands. For Router,Switch and PCs.
Cisco Packet Tracer 6.0.1
2 Cisco Routers (Model 1841)
1 serial cable for router to router connection.
PROCEDURES:
1.
2.
3.
4.
5.
6.
7.

Draw The 4 PC using End Device Icons.
Draw The 2 CISCO 24 Port Switch Using Switch icon lists.
Draw The 2 Cisco 1841 Routers Using Router icon lists.
Make The Connections using Straight-Through Ethernet Cables.
Configure Routers R1 and R2.
Enter The IP Address To Each Machine.
8
8. Configuring Static Routing for Each router.
9. Configuring RIP Routing for Each router.
10. Check the IP address for Every PC using ipconfig or ifconfig Command.
11. Check the Connections using Ping Commands.
12. View the MAC Address Table.
13. View the ARP Address Table.
14. View the Routing Table.
NETWORK TOPOLOGY:
ROUTER R1 CONFIGURATION
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config)#interface Serial0/0/0
Router(config-if)#
SET THE CLOCK RATE
Router(config)#interface serial0/0/0
Router(config-if)#clock rate ?
Speed (bits per second
1200
2400
9
4800
9600
19200
38400
56000
64000
72000
125000
128000
148000
250000
500000
800000
1000000
1300000
2000000
4000000
<300-4000000> Choose clockrate from list above
Router(config-if)#clock rate 72000
ADDING STATIC ROUTING:
Router(config-if)#ip route Destination Network| Destination N/W SubnetMask |Next Hop
Address
Router(config-if)#ip route 192.168.2.0 255.255.255.0 192.168.3.2
ADDING RIP ROUTING:
Router#config terminal
Router(config)#router rip
Router(config-router)#network 192.168.1.0
ROUTER R2 CONFIGURATION
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial0/0/0
Router(config-if)#
SET THE CLOCK RATE
Router(config)#interface serial0/0/0
Router(config-if)#clock rate ?
Speed (bits per second
1200
2400
10
4800
9600
19200
38400
56000
64000
72000
125000
128000
148000
250000
500000
800000
1000000
1300000
2000000
4000000
<300-4000000> Choose clockrate from list above
Router(config-if)#clock rate 72000
ADDING STATIC ROUTING:
Router(config-if)#ip route Destination Network| Destination N/W SubnetMask |Next Hop
Address
Router(config-if)#ip route 192.168.1.0 255.255.255.0 192.168.3.1
ADDING RIP ROUTING:
Router#config terminal
Router(config)#router rip
PC CONFIGURATION:
PC-1>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::2E0:8FFF:FEBC:1B4C
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
PC-2>ipconfig
Link-local IPv6 Address.........: FE80::260:2FFF:FE61:B37C
IP Address......................: 192.168.1.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
11
PC-3>ipconfig
Link-local IPv6 Address.........: FE80::250:FFF:FE6D:ED85
IP Address......................: 192.168.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
PC-4>ipconfig
Link-local IPv6 Address.........: FE80::201:64FF:FE76:7A08
IP Address......................: 192.168.2.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1
ROUTER R1 RUNNING CONFIGURATION:
Router>enable
Router#show running-config
Building configuration...
Current configuration : 703 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
12
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.3.1 255.255.255.0
!
no ip address
!
interface Vlan1
no ip address
shutdown
!
router rip
network 20.0.0.0
network 192.168.1.0
!
ip classless
ip route 192.168.2.0 255.255.255.0 192.168.3.2
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#copy running-config startup-config
Destination filename [startup-config]?
13
[OK]
Router#
ROUTER R2 RUNNING CONFIGURATION:
Router>enable
Router#show running-config
Current configuration : 703 bytes
!
version 12.4
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
14
ip address 192.168.3.2 255.255.255.0
!
no ip address
!
interface Vlan1
no ip address
shutdown
!
router rip
network 20.0.0.0
network 192.168.2.0
!
ip classless
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#copy running-config startup-config
Destination filename [startup-config]?
[OK]
Router#
15
ROUTER R1 ROUTE TABLE:

Router#sh ip route
ROUTER R2 ROUTE TABLE:

Router#sh ip route
SHOW R1 ROUTER ARP TABLE:
SHOW R2 ROUTER ARP TABLE:
16
SHOW PC ARP TABLE:
OSI LAYER ARCHITECTURE:

R1 ROUTER
R2 ROUTER
17
INPUT PROTOCOL DATA UNIT (PDU):
18
OUTPUT PROTOCOL DATA UNIT (PDU):
19
OUT PUT:
c :>ping 192.168.2.2
c:>ping 192.168.1.3
RESULT:
Thus the Experiment is configured successfully.
20
DATE:
EX.NO: 1.3
CASE STUDY 1
Aim:
Objective
Analyzing the performance of various configurations and protocols
Original TCP versus the above modified one: To compare the performance between the
operation of TCP with congestion control and the operation of TCP as implemented. The main
objective is for students to examine how TCP responds to a congested network. The concepts
involved in the lab include network congestion and the host responsibilities for communicating
over a network. This lab requires three PCs connected to a switch. One PC is designated as the
target host and the other two PCs will transfer a file from the target host using FTP. A load is
placed on the network to simulate congestion and the file is transferred, first by the host using the
normal TCP and then by the host using the modified version. This procedure is performed
multiple times to determine average statistics. The students are then asked to summarize the
results and draw
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
One Linux (fedora) Virtual PC.

Two Windows (XP) Virtual PC.
one Windows 7 PC with VMware Workstation
FTP Application layer protocol
TCP Transport layer protocol
Internet Connection
VMware Workstation 9.0.2
Wireshark-win32-1.10.0rc1
Class C IP Address.
21
FILE TRANSFER PROTOCOL
File Transfer Protocol (FTP) is the standard mechanism provided by TCP/IP for copying a file
from one host to another.
PROCEDURE:
Start the 3 virtual machine one by one.
22
WINDOWS XP VIRTUAL PC-1
23
WINDOWS XP VIRTUAL PC-2
24
LINUX VIRTUAL PC
Make the Internet Connectivity to the System

Log in to Linux virtual Machine
Log in to Windows XP Virtual Machine
Open the terminal window on the Linux machine.
Log in to root user account
25
Assign the Ip address 192.168.1.5

# ifconfig
Install the VSFTPD ftp server package

# yum install vsftpd
TEXT MODE INSTALLATION
26
GRAPHICAL MODE INSTALLATION
Power on the vsftpd Server

# chkconfig vsftpd on
27
Start the vsftpd Services.
#service vsftpd start
Check the Vsftpd Service status

#service vsftpd status
Add tcp protocol entries into our Iptables.

#
iptables
-A
INPUT
-p
tcp
# iptables -A INPUT -p tcp --dport 21 -j ACCEPT
--dport
20
-j
ACCEPT
View the Iptables values

# iptables -L
28
Enable Linux Machine Firewall

# setup
Enable FTP protocol into your firewall configuration window.
29
Windows XP PC-1 Ip Address
Assign the IP Address to your first windows XP PC 192.168.1.2
c:/>ipconfig
Assign The IP Address to the second windows XP PC 192.168.1.3
FTPSERVERCONFIGURATION:
Edit
the
ftp
server
configuration
file.
30
# vi /etc/vsftpd/vsftpd.conf
Make some changes and add some lines to your vsftpd.conf configuration file
local_root=public_html
use_localtime=YES
31
32
Add the user names to chroot_list file

# vi /etc.vsftpd.chroot_list
33
Add the user name fedora
Restart the vsftpd Service
34
Check the vsftpd service status
Set the Boolean values

# setsebool -P ftp_home_dir=1
On the Setseboolean
# setsebool -P allow_ftpd_anon_write on
35
Check the Boolean Status

# getsebool allow_ftpd_anon_write
Restart the FTP Server

# service vsftpd restart
TEXT MODE :
Go to XP PC-1
Open the command prompt windows
Type the following command
C:/>ftp 192.168.1.5
Enter the Linux user_name and password to login the linux machine
36
put the ftp>ls command

linux
files
copy the particular file using recv command
also
list
out.
37
ftp> recv sample
files has been successfully copied.
Paste the files
38
VIEW THE FILE CONTENT:
39
GUI MODE :
Open Internet Explorer
Type the following text on Address bar.
ftp://192.168.1.5
40
Enter linux machine user-name and password for login
41
The Linux Machine has been opened on the web browser

if want any file from the linux machine
42
COPY THE FILE

Select the file.
Copy Selected file.
Paste on the windows XP Desktop
43
PASTE THE FILE
VIEW THE FILE CONTENT
44
TCP PROTOCOL ANALYZING

Open Wire-shark application select the interface .
Start the capture button.
45
All the incoming and outgoing information are captured.

Save your Wire-shark capture file.
View the Wire-shark capture file and Analyzing your TCP protocol information's and
congestion's.
46
This application very use full for protocol Analyzing.
WIRE SHARK DISPLAY MY FTP LOGIN USER NAME AND PASSWORD
47
CLOSE THE FTP CONNECTION

Using quit command for close the FTP connection.
shutdown your virtual PC'S
DATE:
EX.NO:
2
RESULT:
Thus the experiment was executed successfully.
CASE STUDY 2
48
Aim:
To analyze the performance of RIP AND OSPF Redistribution
Objective:
This case study addresses the issue of integrating Routing Information Protocol
(RIP) networks with Open Shortest Path First (OSPF) networks. Most OSPF
networks also use RIP to communicate with hosts or to communicate with portions
of the inter-network that do not use OSPF. This case study should provide
examples of how to complete the following phases in redistributing information
between RIP and OSPF networks, including the following topics:
Configuring a RIP Network
Adding OSPF to the Center of a RIP Network
Adding OSPF Areas
Setting Up Mutual Redistribution
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
CISCO 1841 Model 4 Routers.

Two 8 port switches.
Two End Device PC's
Communication medias (Serial Cable and copper straight through cable).
Class C IP Address.
Routing Protocols (RIP and OSPF).
Router iso configuration commands.
Cisco Packet Tracer 6.0.1.exe
Power supply.
PROCEDURES:
Configuring a RIP Network
A RIP network illustrates a RIP network. Four sites are connected with serial lines.
The RIP network uses a Class C address. Each site has a contiguous set of network
numbers
ROUTER R4 NETWORK CONFIGURATION:
49
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
ip address 192.168.2.2 255.255.255.0
!
ip address 192.168.4.2 255.255.255.0
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
ip address 192.168.1.2 255.255.255.0
!
ip address 192.168.2.1 255.255.255.0
!
!
ip address 192.168.5.2 255.255.255.0
!
ip address 192.168.4.1 255.255.255.0
!
!
ip address 192.168.6.1 255.255.255.0
duplex auto
50
speed auto
!
ip address 192.168.1.1 255.255.255.0
!
ip address 192.168.5.1 255.255.255.0
!
Adding OSPF to the Center of a RIP Network :
A common first step in converting a RIP network to OSPF is to add backbone
routers that run both RIP and OSPF, while the remaining network devices run RIP.
These backbone routers are OSPF autonomous system boundary routers. Each
autonomous system boundary router controls the flow of routing information
between OSPF and RIP
ROUTER R3 OSPF CONFIGURATION:
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
!
!
router ospf 1
network 192.168.5.0 0.0.0.255 area 0
!
Adding OSPF Areas :
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 1
!
51
NETWORK TOPOLOGY:
Most OSPF networks also use RIP to communicate with hosts or to communicate
with portions of the inter-network that do not use OSPF. Cisco supports both the
RIP and OSPF protocols and provides a way to exchange routing information
between RIP and OSPF networks.
Setting Up Mutual Redistribution:
52
Mutual redistribution between RIP and OSPF networks is running both OSPF and
RIP.
R1 ROUTER MUTUAL REDISTRIBUTION:
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.5.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.4.0
R3 ROUTER MUTUAL REDISTRIBUTION:
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
!
router rip
network 192.168.2.0
ROUTER R1 RUNNING CONFIGURATION FILES:
!
version 12.4
!
hostname Router
!
!
no ip address
duplex auto
53
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.5.2 255.255.255.0
!
ip address 192.168.4.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
network 192.168.5.0 0.0.0.255 area 0
!
router rip
network 192.168.4.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
54
ROUTER R2 RUNNING CONFIGURATION FILE :

!
version 12.4
!
hostname Router
!
!
ip address 192.168.6.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.1.1 255.255.255.0
!
ip address 192.168.5.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 1
!
55
router rip
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
ROUTER R3 RUNNING CONFIGURATION FILE:
!
version 12.4
!
hostname Router
!
!
no ip address
duplex auto
speed auto
shutdown
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.1.2 255.255.255.0
!
56
ip address 192.168.2.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
!
router rip
network 192.168.2.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
ROUTER R4 RUNNING CONFIGURATION FILE:
!
version 12.4
!
hostname Router
!
!
57
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.2.2 255.255.255.0
!
ip address 192.168.4.2 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
58
PING BETWEEN 192.168.6.2 TO 192.168.3.2 :
PING BETWEEN 192.168.3.2 TO 192.168.6.2 :
ROUTING TABLE:
59
For a Cisco router, the IOS command show ip route displays the routes in the
routing table. There are several types of routes that can appear in the routing table:
Directly-Connected Routes:
When the router powers up, the configured interfaces are enabled. As they become
operational, the router stores the directly attached local network addresses as
connected routes in the routing table. For Cisco routers, these routes are identified
in the routing table with the prefix C. These routes are automatically updated
whenever the interface is reconfigured or shutdown.
Static Routes:
A network administrator can manually configure a static route to a specific
network. A static route does not change until the administrator manually
reconfigures it. These routes are identified in the routing table with the prefix S.
Dynamically-Updated Routes (Dynamic Routes) :
Dynamic routes are automatically created and maintained by routing protocols.
Routing protocols are implemented in programs that run on routers and that
exchange routing information with other routers in the network. Dynamicallyupdated routes are identified in the routing table with the prefix that corresponds to
the type of routing protocol that created the route, for example R is used for the
Routing Information Protocol (RIP).
Default Route:
The default route is a type of static route which specifies a gateway to use when
the routing table does not contain a path to use to reach the destination network. It
is common for default routes to point to the next router in the path to the Internet
Service Provider. If a subnet has only one router, then that router is automatically
the default gateway, because all network traffic to and from that local network has
no option but to travel through that router.
RIP:
It is a distance vector routing protocol.
send the complete routing table out to all interface every 30 seconds.
60
Rip only use hop count to determine best way to remote Network.
Maximum allowable hop count is 15
OSPF:
Open Shortest Path First (OSPF) is a non-proprietary link-state routing protocol
described in RFC2328 .Identified in the routing table with the prefix O .
Uses the SPF algorithm to calculate the lowest cost to a destination
Sends routing updates only when the topology changes; does not send
periodic updates of the entire routing table.
Provides fast convergence
Supports VLSM and discontiguous subnets
Provides route authentication
61
R1 ROUTER ROUTING TABLE:
62
R1 ROUTER ROUTING PROTOCOL:
63
64
65
66
67
SWITCH 1 MAC ADDRESS TABLE :
SWITCH 2 MAC ADDRESS TABLE :
68
DATE:RESULT:
EX.NO: 3
Thus the experiment was configured successfully.

CASE STUDY 3
Aim:
To configure Dial-On-Demand Routing.
Objective:
This case study should describe the use of DDR to connect a worldwide network
that consists of a central site located in Mumbai and remote sites located in
Chennai, Bangalore, and Hyderabad. The following scenarios should be
considered:
Having the Central Site Dial Out
Describe the central and remote site configurations for three setups: a central site
with one interface per remote site, a single interface for multiple remote sites, and
69
multiple interfaces for multiple remote sites. Include examples of the usage of
rotary groups and access lists.
Having the Central and Remote Sites Dial In and Dial Out
Describe the central and remote site configurations for three setups: central site
with one interface per remote site, a single interface for multiple remote sites, and
multiple interfaces for multiple remote sites. Also describes the usage of Point-toPoint Protocol (PPP) encapsulation and the Challenge Handshake Authentication
Protocol (CHAP).
Having Remote Sites Dial Out
A common configuration is one in which the remote sites place calls to the central
site but the central site does not dial out. In a star topology, it is possible for all
of the remote routers to have their serial interfaces on the same subnet as the
central site serial interface.
Using DDR as a Backup to Leased Lines
Describes the use of DDR as a backup method to leased lines and provides
examples of how to use floating static routes on single and shared interfaces.
Using Leased Lines and Dial Backup
Describes the use of Data Terminal Ready (DTR) dialing and V.25bis dialing with
leased lines.
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
One Cisco router 2301

One Cisco router 800
Two ISDN BRI interface.
Basic DDR configuration commands.
Basic network configuration commands (ping).
ISDN Serial DCE cables.
Boson NetSim for CCNP v6.0 Beta3b
NETWORK TOPOLOGY:
70
ROUTERS ISDN PARAMETERS:
71
CHENNAI ROUTER RUNNING CONFIGURATION:

CHENNAI#sh running-config
!
Version 12.1
service timestamps debug uptime
service timestamps log uptime
!
hostname CHENNAI
!
ip subnet-zero
!
interface Serial0
no ip address
no ip directed-broadcast
bandwidth 1544
shutdown
72
!
interface Serial1
no ip address
bandwidth 1544
shutdown
!
interface Ethernet0
no ip address
bandwidth 10000
shutdown
!
interface Bri0
ip address 192.168.0.1 255.255.255.0
dialer-group 1
isdn switch-type basic-ni
isdn spid1 32177820010100
dialer map ip 192.168.0.2 name MUMBAI broadcast 7782001
encapsulation ppp
ppp authentication chap
!
ip classless
no ip http server
!
!
dialer-list 1 protocol ip permit
!
line con 0
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
MUMBAI ROUTER RUNNING CONFIGURATION:
73
MUMBAI#sh running-config
!
Version 12.1
service timestamps debug uptime
service timestamps log uptime
!
hostname MUMBAI
!
ip subnet-zero
!
interface Ethernet0
no ip address
bandwidth 10000
shutdown
!
interface Bri0
ip address 192.168.0.2 255.255.255.0
dialer-group 1
isdn spid1 32177820020100
dialer map ip 192.168.0.1 name CHENNAI broadcast 7782002
encapsulation ppp
ppp authentication chap
!
ip classless
no ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
transport input none
line aux 0
line vty 0 4
74
!
no scheduler allocate
end
VERIFY ISDN DDR NETWORK CONNECTIVITY:
CHECK ISDN STATUS:

CHENNAI ROUTER ISDN STATUS:
75
MUMBAI ROUTER ISDN STATUS:
PING BETWEEN TWO ROUTERS:
RESULT:
DATE:
EX.NO: 4
.
76
CASE STUDY 4
Aim:
To analyze the network security for improving the security of the network.
Objective:
This case study should provide the specific actions you can take to improve the
security of your network. Before going into specifics, however, you should
understand the following basic concepts that are essential to any security system:
Know your enemy
This case study refers to attackers or intruders. Consider who might want to
circumvent your security measures and identify their motivations. Determine what
they might want to do and the damage that they could cause to your network.
Security measures can never make it impossible for a user to perform unauthorized
tasks with a computer system. They can only make it harder. The goal is to make
sure the network security controls are beyond the attackers ability or motivation.
Count the cost
Security measures almost always reduce convenience, especially for sophisticated
users. Security can delay work and create expensive administrative and educational
overhead. It can use significant computing resources and require dedicated
hardware. When you design your security measures, understand their costs and
weigh those costs against the potential benefits. To do that, you must understand
the costs of the measures themselves and the costs and likelihoods of security
breaches. If you incur security costs out of proportion to the actual dangers, you
have done yourself a disservice.
Identify your assumptions
Every security system has underlying assumptions. For example, you might
assume that your network is not tapped, or that attackers know less than you do,
that they are using standard software, or that a locked room is safe. Be sure to
77
examine and justify your assumptions. Any hidden assumption is a potential
security hole.
Control your secrets
Most security is based on secrets. Passwords and encryption keys, for example, are
secrets. Too often, though, the secrets are not really all that secret. The most
important part of keeping secrets is knowing the areas you need to protect. What
knowledge would enable someone to circumvent your system? You should
jealously guard that knowledge and assume that everything else is known to your
adversaries. The more secrets you have, the harder it will be to keep all of them.
Security systems should be designed so that only a limited number of secrets need
to be kept.
Know your weaknesses
Every security system has vulnerabilities. You should understand your systems
weak points and know how they could be exploited. You should also know the
areas that present the largest danger and prevent access to them immediately.
Understanding the weak points is the first step toward turning them into secure
areas.
Limit the scope of access
You should create appropriate barriers inside your system so that if intruders access
one part of the system, they do not automatically have access to the rest of the
system. The security of a system is only as good as the weakest security level of
any single host in the system.
Remember physical security
Physical access to a computer (or a router) usually gives a sufficiently
sophisticated user total control over that computer. Physical access to a network
link usually allows a person to tap that link, jam it, or inject traffic into it. It makes
no sense to install complicated software security measures when access to the
hardware is not controlled
REQUIREMENTS:
1. CISCO 1841 Model 1 Routers.
78
2. One 8 port switch.
3. One Laptop For Console Local Administration.
4. One PC for Remote telnet Login.
5. Class C, Class B IP Address.
6. Basic Telnet Routing Configuration Commands.
7. One Console Roll over cable.
8. Two copper Straight through Cable.
9. Cisco Packet Tracer 6.0.1.exe
10.Power supply.
PROCEDURE:
1.
2.
3.
4.
5.
6.
Create console connectivity for Local Administrative Purpose.

Securing Router Console Interface.
Creating Remote Telnet Access on your Router with basic level security.
Enable Router User Privilege Mode password for Remote Telnet Access.
Hack Basic Level Type 7 Console and Telnet Router Password.
Creating High Level security.
Creating MD-5 Encryption

Creating AAA Authentication
Blocking Dictionary Attack.
Creating Named Access List Control.
Enabling Log Files Database for Failure and Success Attempt.
Create console connectivity for Local Administrative Purpose :
79
NETWORK TOPOLOGY:
Console Connectivity
R1 ROUTER CONFIGURATION :
!
version 12.4
service password-encryption
!
hostname R1
!
enable password 7 0822455D0A16
!
80
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
exec-timeout 30 0
password 7 0822455D0A16
login
!
line aux 0
!
line vty 0 4
login
!
End
81
PC-1 IP ADDRESS :
Create Console Login

line con 0
exec-timeout 30 0
Securing Router Console Interface.
login
TRY TO LOGIN CONSOLE PORT :
Console Login
Creating Remote Telnet Access on your Router with basic level security :
82
NETWORK TOPOLOGY:
ENABLE THE TELNET ACCESS :

R1(config)#linevty04
BASICTYPE7ENCRYPTION
R1(config-line)#passwordcisco
R1(config-line)#login
R1ROUTERTELNETCONFIGURATION:
!
version12.4
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
83
servicepassword-encryption
!
hostnameR1
!
enablepassword70822455D0A16
!
spanning-treemodepvst
!
interfaceFastEthernet0/0
ipaddress192.168.1.1255.255.255.0
duplexauto
speedauto
!
interfaceFastEthernet0/1
noipaddress
duplexauto
speedauto
shutdown
!interfaceVlan1
noipaddress
shutdown!ipclassless!linecon0
exec-timeout300
password70822455D0A16
login
!
lineaux0
!
linevty04
password70822455D0A16
login
!
end
Enable Router User Privilege Mode password for Remote Telnet Access :
R1(config)#enable password cisco
This is basic level Type 7 encryption. hackers can Easily find out This Encrypted
Password.
Hack Basic Level Type 7 Console and Telnet Router Password :
84
Go to your Router enter into your User Privilege mode.

Type R1#sh running-config
View your Router Running Configuration
Copy your Encrypted password
enable password 7 0822455D0A16
Go to This Website Link
http://www.ifm.net.nz/cookbooks/passwordcracker.html
Then paste your Password on the Type 7 password text box
Then Click crack password button
Your password has been successfully Decrypted.
Original Password is cisco
Encrypted Password is 0822455D0A16
Creating High Level security :
85
NETWORK TOPOLOGY:
Creating MD5
he password has been hashed using the stronger MD5 algorithm.
enable secret password
privilege mode MD5 Password
R1(config)#enable secret cisco1234
Original password is -- cisco1234
86
Encrypted Password is -- $1$mERr$WKkcGROjDgUmPKrVvqyr10
Creating AAA Authentication :
Authentication:
Identifies users by login and password using challenge and response methodology
before the user even gains access to the network. Depending on your security
options, it can also support encryption.
Authorization:
After initial authentication, authorization looks at what that authenticated user has
access to do. RADIUS or TACACS+ security servers perform authorization for
specific privileges by defining attribute-value (AV) pairs, which would be specific
to the individual user rights. In the Cisco IOS, you can define AAA authorization
with a named list or authorization method.
Accounting:
The last "A" is for accounting. It provides a way of collecting security information
that you can use for billing, auditing, and reporting. You can use accounting to see
what users do once they are authenticated and authorized. For example, with
accounting, you could get a log of when users logged in and when they logged out.
Enabling AAA
Router(config)# aaa new-model
R1(config)#username cisco secret cisco1234
Configuring the TACACS+ servers
Next we need to configure the addresses of the AAA servers we want to use. This
example shows the configuration of TACACS+ servers, but the concept applies to
RADIUS servers as well. There are two approaches to configuring TACACS+
servers. In the first, servers are specified in global configuration mode using the
command tacacs-server to specify an IP address and shared secret key for each
server:
Router(config)# tacacs-server host 192.168.1.3 key MySecretKey1
Router(config)# tacacs-server host 192.168.2.3 key MySecretKey2
More details Click Here
Blocking Dictionary Attack:
87
The primary intention of a dictionary attack, unlike a typical DoS attack, is to
actually gain administrative access to the device. A dictionary attack is an
automated process to attempt to login by attempting thousands, or even millions, of
username/password combinations. (This type of attack is called a "dictionary
attack" because it typically uses, as a start, every word found in a typical dictionary
as a possible password.) As scripts or programs are used to attempt this access, the
profile for such attempts is typically the same as for DoS attempts; multiple login
attempts in a short period of time.
NETWORK TOPOLOGY:
Block Dictionary Attack

R1(config)#login block-for 120 attempts 3 within 60
Explanation :
This command Stop the Dictionary attacks from the Hackers.
88
Time period in seconds -120 seconds
attempts -Set max number of fail attempts - 5 times
within Watch period for fail attempts - 60 seconds
More Details Click here
Creating Named Access List Control :
Cisco IOS versions 11.2 and higher can create Named ACLs (NACLs). In an
NACL, a descriptive name replaces the numerical ranges required for Standard and
Extended ACLs. Named ACLs offer all the functionality and advantages of
Standard and Extended ACLs; only the syntax for creating them is different.
The name given to an ACL is unique. Using capital letters in the name makes it
easier to recognize in router command output and troubleshooting.
A Named ACL is created with the command:
ip access-list {standard | extended} name
STANDARD NAMED ACL

DENY 192.168.1.2:
NETWORK TOPOLOGY:
89
!
version 12.4
!
hostname R1
!
!
ip address 192.168.1.1 255.255.255.0
ip access-group Block-192.168.1.2 in
duplex auto
speed auto
!
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip access-list standard Block-192.168.1.2
deny host 192.168.1.2
permit any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
90
PING BETWEEN 192.168.1.2 TO 172.16.13.2 :
R1(config)#ip access-list standard Block-192.168.1.2
R1(config-std-nacl)#deny host 192.168.1.2
deny host 192.168.1.2

PING BETWEEN 192.168.1.3 TO 172.16.13.2:
R1(config)#ip access-list standard Block-192.168.1.2
R1(config-std-nacl)#deny host 192.168.1.2
R1(config-std-nacl)#permit any
permit any
91
Enabling Log Files Database for Failure and Success Attempt :
It store the login attempt success and failure at a base.
NETWORK TOPOLOGY:
VIEW LOG FILES ENTERING ON YOUR ROUTER :

BEFORE THE LOG FILE CREATION :
92
AFTER THE LOG FILE CREATION :
RESULT:
93
DATE:
EX.NO: 5
Thus the experiment was executed successfully.

CASE STUDY 5
Aim:
To Control Traffic Flow in a network.
Objective:
In this case study, the firewall router allows incoming new connections to one or
more communication servers or hosts. Having a designated router act as a firewall
is desirable because it clearly identifies the routers purpose as the external
gateway and avoids encumbering other routers with this task. In the event that the
internal network needs to isolate itself, the firewall router provides the point of
isolation so that the rest of the internal network structure is not affected.
Connections to the hosts are restricted to incoming file transfer protocol (FTP)
requests and email services. The incoming Telnet, or modem connections to the
communication server are screened by the communication server running
TACACS username authentication.
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
One CISCO 1841 Model 1 Routers.

One 8 port switch.
One PC for Remote telnet Login.
One Server (TACASC+) for telnet Login Authentication.
Class C, Class B IP Address.
Basic Telnet Routing Configuration Commands.
Two copper Straight Through Cable.
Power supply.
PROCEDURE:
Lab Objective:
94
any one try to telnet the router must be authenticated through AAA server First and
in case AAA server is down , router will use his local user accounts database.
configuration at the router:
--------setting telnet -----------Router(config)#enable secret 1234
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#exit
Router(config)#username telnet password 1234
AAA commands
----------enable AAA on the router-----------Router(config)#aaa new-model
set authentication for login using two methods ,
-------Method 1---------using AAA server through Tacacs+ protocol ,
-------Method 2 ---------using local router user accounts.
tell the router what is the IP address for Tacas+ server and key (password) to
connect to:
Router(config)#tacacs-server host 192.168.1.3 key 1234
configuration at AAA server :
---------ACS SERVER--------------user account ---username : tacacs
password: tacacs
tacas+ client Ip :192.168.1.1
key : 1234
Now here is few show commands we can use plus one command to unlock any
user account reach max failed attempts to logon:
Router#show aaa user all
Router#show aaa sessions
Router#show aaa local user lockout
Router#clear aaa local user lockout username all
For best practice try to telnet the router with local username telnet password
1234 and it will not work then try to use TACACS server user name we wrote
95
above: tacacs password tacacs and it will work fine now disconnect the TACACS
server or just remove the cable and try to telnet the router using telnet and it will
work fine. Remember methods 1 fail, you will not go to method 2 but if method 1
is not available then you can go to method 2 and use it.
PHYSICAL CONNECTIONS:
NETWORK TOPOLOGY:
TELNET WITH OUT TACACS SERVER:
96
TELNET WITH TACACS SERVER:

NETWORK TOPOLOGY:
97
TELNET CLIENT IP ADDRESS :
TACACS SERVER IP :
98
TACACS+ SERVER CONFIGURATION :
ROUTER RUNNING CONFIGURATION:

!
version 12.4
!
hostname R1
99
!
enable secret 5 $1$mERr$4dpRATIgxQacPVK0CfNV4/
!
aaa new-model
!
username telnet password 0 1234
!
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
password telnet
login authentication default
!
end
TELNET LOGIN WITH OUT TACACS SERVER AUTHENTICATION:
100
RESULT:
Thus the Experiment was configured successfully
TELNET LOGIN WITH TACACS SERVER AUTHENTICATION:
Router#sh aaa session :
101
DATE:
EX.NO: 6
CASE STUDY 6
Aim:
To configure the standard access list for a network.
Objective:
Access lists define the actual traffic that will be permitted or denied, whereas an
access group applies an access list definition to an interface. Access lists can be
used to deny connections that are known to be a security risk and then permit all
other connections, or to permit those connections that are considered acceptable
and deny all the rest. For firewall implementation, the latter is the more secure
method. In this case study, incoming email and news are permitted for a few hosts,
but FTP, Telnet, and rlogin services are permitted only to hosts on the firewall
subnet. IP extended access lists (range 100 to 199) and transmission control
protocol (TCP) or user datagram protocol (UDP) port numbers are used to filter
traffic. When a connection is to be established for email, Telnet, FTP, and so forth,
the connection will attempt to open a service on a specified port number. An access
list is invoked after a routing decision has been made but before the packet is sent
out on an interface. The best place to define an access list is on a preferred host
using your favorite text editor. You can create a file that contains the access-list
commands, place the file (marked readable) in the default TFTP directory and then
network load the file onto the router.
REQUIREMENTS:
1.
2.
3.
4.
5.
Cisco 1841 model router

One switch
One dedicated server
Five Windows or Linux PC's
Cooper Straight Through Cable
102
6. Cooper Cross over cable
7. Class C IP Address and Class A IP Address
8. Basic Router Interface Configuration Commands.
9. Basic Standard ACL Configuration Commands
10.Ping Command
11.Cisco Packet Tracer 6.0.0.exe
PROCEDURE:
1.
2.
3.
4.
5.

Draw The FIVE PC using End Device Icons.
Draw The CISCO ROUTER using router icon lists.
Make The Connections using Straight-Through Ethernet Cables and Cross
over Cables.
6. Enter The IP Address To Each Machine Like PC, Router and Server.
8. Check The Connections using Ping Commands.
9. Create The Standard Access List For Local Network.
10.I Create The Access deny permissions to PC4, PC5, PC6.
11.I Create The Access Permit Permission to Remaining PC's (PC1, PC2, PC3).
12.Verify your Access Control List Using Ping Command.
WHAT IS ACCESS CONTROL LIST?
One of the most common methods of traffic filtering is the use of access control
lists (ACLs). ACLs can be used to manage and filter traffic that enters a network,
as well as traffic that exits a network.
An ACL ranges in size from one statement that allows or denies traffic from one
source, to hundreds of statements that allow or deny packets from multiple sources.
The primary use of ACLs is to identify the types of packets to accept or deny.
ACLs identify traffic for multiple uses such as:
Specifying internal hosts for NAT
Identifying or classifying traffic for advanced features such as QoS and
queuing
Restricting the contents of routing updates
Limiting debug output
103
Controlling virtual terminal access to routers
The following potential problems can result from using ACLs:
The additional load on the router to check all packets means less time to
actually forward packets
Poorly designed ACLs place an even greater load on the router and might
disrupt network usage.
Improperly placed ACLs block traffic that should be allowed and permit
traffic that should be blocked.
TYPES OF ACCESS CONTROL LIST:

1. Standard ACLs
The Standard ACL is the simplest of the three types. When creating a standard IP
ACL, the ACLs filter based on the source IP address of a packet. Standard ACLs
permit or deny based on the entire protocol, such as IP. So, if a host device is
denied by a standard ACL, all services from that host are denied. This type of ACL
is useful for allowing all services from a specific user, or LAN, access through a
104
router while denying other IP addresses access. Standard ACLs are identified by
the number assigned to them. For access lists permitting or denying IP traffic, the
identification number can range from 1 to 99 and from 1300 to 1999.
2. Extended ACLs
Extended ACLs filter not only on the source IP address but also on the destination
IP address, protocol, and port numbers. Extended ACLs are used more than
Standard ACLs because they are more specific and provide greater control. The
range of numbers for Extended ACLs is from 100 to 199 and from 2000 to 2699.
3. Named ACLs
Named ACLs (NACLs) are either Standard or Extended format that are referenced
by a descriptive name rather than a number. When configuring named ACLs, the
router IOS uses a NACL subcommand mode.
STANDARD ACL CONFIGURATION:

is the basic level of Access control List configuration technique. it permit and deny
the remote hosts to on your network.
105
NETWORK TOPOLOGY:
STANDARD ACCESS LIST
106
IP ADDRESS FOR EACH MACHINE:

PC-1 IP ADDRESS:
PC-2 IP ADDRESS:
107
PC-3 IP ADDRESS:
PC-4 IP ADDRESS:
108
PC-5 IP ADDRESS :
ROUTER R1 FAST ETHERNET INTERFACE 0/0 AND INTERFACE 0/1 IP

ADDRESS:
OUTSIDE NETWORK SERVER IP ADDRESS:
109
CHECK
THE
NETWORK
CONNECTIVITY
USING
COMMAND BEFORE THE STANDARD
ACCESS
CONTROL CONFIGURATION:
PING
LIST
PING PC-1 TO SERVER:
110
CONFIGURE THE STANDARD ACCESS LIST CONTROL LIST:
Now I deny three remote pc access permission. In my router R1. Here after check
the ping connectivity between PC 3, 4, 5 to server. Ping was un successful because
I block the pc 3, 4, 5 request.
111
112
RI ROUTER RUNNING CONFIGURATION:
!
version 12.4
!
hostname Router
!
!
!
ip address 192.168.1.1 255.255.255.0
ip access-group 11 in
duplex auto
speed auto
!
ip address 10.10.10.10 255.0.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
access-list 11 deny host 192.168.1.6
access-list 11 permit any
!
!
line con 0
!
113
line aux 0
!
line vty 0 4
login
!
!
end
RESULT:
DATE:
EX.NO: 6
Thus the standard access list has been configured successfully.
CASE STUDY 6
Aim:
To configure the extended access control list for a network.
Objective:
Extended ACLs filter not only on the source IP address but also on the destination
IP address, protocol, and port numbers. Extended ACLs are used more than
Standard ACLs because they are more specific and provide greater control. The
range of numbers for Extended ACLs is from 100 to 199 and from 2000 to 2699
114
REQUIREMENTS:
1. One Cisco 2960 switch or other comparable switch
2. Two Cisco 1841 or equivalent routers, each with a serial and an Ethernet
interface
3. Three Windows-based PCs, at least one with a terminal emulation program,
and all set up as hosts
4. At least one RJ-45-to-DB-9 connector console cable to configure the routers
and switch
5. Three straight-through Ethernet cables
6. One crossover Ethernet cable
7. One 2-part DTE/DCE serial crossover
PROCEDURE:
1. Connect the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of
Router 2 using a serial cable.
2. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port of Switch 1 using
straight-through cable.
3. Connect a console cable to each PC to perform configurations on the routers
and switch.
4. Connect Host 1 to the Fa0/3 port of Switch 1 using a straight-through cable.
5. Connect Host 2 to the Fa0/2 port of Switch 1 using a straight-through cable.
6. Connect a crossover cable between Host 3 and the Fa0/0 interface of Router
NETWORK TOPOLOGY:
115
Perform basic configuration on Router 1

!
version 12.4
!
hostname R1
!
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.15.1 255.255.255.0
!
116
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
network 192.168.15.0
!
ip classless
!
access-list 101 permit ip host 192.168.5.10 host 192.168.15.1
access-list 101 deny ip any host 192.168.15.1
access-list 101 deny ip any host 192.168.1.1
access-list 101 permit ip any any
access-list 101 deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
Perform basic configuration on Router 1
!
version 12.4
!
hostname R2
!
117
!
ip address 192.168.5.1 255.255.255.0
ip access-group 101 out
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 192.168.15.2 255.255.255.0
!
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.5.0
network 192.168.15.0
!
ip classless
!
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.5.10
access-list 101 permit ip any any
access-list 101 deny ip any any
!
line con 0
!
line aux 0
!
118
line vty 0 4
login
!
end
PERMIT HTTP AND DENY ICMP:
NETWORK TOPOLOGY:
PERMIT HTTP, DENY ICMP

R1 ROUTER CONFIGURATION:
!
version 12.4
!
hostname Router
!
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
119
!
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
access-list 100 permit tcp any host 172.16.13.2 eq www
access-list 100 deny icmp any host 172.16.13.2 unreachable
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
PERMIT HTTP:
EXTENDED ACCESS LIST 100
120
DENY ICMP:

DENY AND PERMIT TELNET:
NETWORK TOPOLOGY:
PERMIT AND DENY TELNET CONNECTION

121
!
version 12.4
!
hostname R1
!
enable secret 5 $1$mERr$IAMOTn9O8Oi71F2D6cQKs/
!
aaa new-model
!
aaa authentication login TT local
!
username telnet password 0 telnet
!
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 10.10.10.1 255.0.0.0
!
no ip address
shutdown
122
!
interface Vlan1
no ip address
shutdown
!
router rip
network 10.0.0.0
network 192.168.1.0
!
ip classless
!
access-list 101 deny tcp host 172.16.13.1 host 192.168.1.1 eq telnet
access-list 101 permit tcp host 10.10.10.2 host 192.168.1.1 eq telnet
!
line con 0
!
line aux 0
!
line vty 0 4
login authentication TT
!
end
!
version 12.4
!
hostname Router
!
!
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
123
no ip address
duplex auto
speed auto
shutdown
!
ip address 10.10.10.2 255.0.0.0
!
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 10.0.0.0
network 172.16.0.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
124
DENY TELNET CONNECTION FROM 172.16.13.1 :

Extended IP access list 101
access-list 101 deny tcp host 172.16.13.1 host 192.168.1.1 eq telnet

PERMIT TELNET CONNECTION FROM 10.10.10.2:
access-list 101 permit TCP host 10.10.10.2 host 192.168.1.1 eq telnet

TEL NET USER NAME: telnet
TEL NET PASSWORD: telnet
R1 ROUTER PRIVILEGE PASSWORD: telnet
125
PERMIT FTP:
NETWORK TOPOLOGY:
Extended IP Access List
access-list 100 permit TCP any host 172.16.13.2 eq ftp
126
FTP LOG IN FROM PC 192.168.1.2
access list 100 permit TCP any host 172.16.13.2 gt 1023

!
version 12.4
!
hostname Router
127
!
!
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
access-list 100 permit tcp any host 172.16.13.2 eq ftp
access-list 100 permit tcp any host 172.16.13.2 range 20 ftp
access-list 100 permit tcp any host 172.16.13.2 eq 20
access-list 100 permit tcp any host 172.16.13.2 gt 1023
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
128
PERMIT DNS AND NTP:

NETWORK TOPOLOGY:
permit DNS and NTP

ROUTER R1 CONFIGURATION:
!
version 12.4
!
hostname Router
!
!
ip address 192.168.1.1 255.255.255.0
129
duplex auto
speed auto
!
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
access-list 100 permit tcp any host 172.16.13.2 eq ftp
access-list 100 permit tcp any host 172.16.13.2 range 20 ftp
access-list 100 permit tcp any host 172.16.13.2 eq 20
access-list 100 permit tcp any host 172.16.13.2 gt 1023
access-list 100 permit udp any host 172.16.13.2 eq domain
access-list 100 permit udp any host 172.16.13.2 eq 123
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
ntp server 172.16.13.3 key 0
!
end
PERMIT NTP FROM ANY HOST:
130
access-list 100 permit udp any host 172.16.13.2 eq 123

PERMIT DNS FROM ANY HOST :

131
PERMIT AND DENY EMAIL :

BEFORE THE EMAIL ACL CONFIGURATION:
NETWORK TOPOLOGY:
BEFORE EMAIL ACL CONFIGURATION

132
SEND A EMAIL FROM user1@sample.com TO user2@sample.com :
SEND A EMAIL FROM user2@sample.com TO user1@sample.com :
133
134
AFTER EMAIL ACL CONFIGURATION :
NETWORK TOPOLOGY:
!
version 12.4
!
hostname Router
!
!
ip address 192.168.1.1 255.255.255.0
duplex auto
135
speed auto
!
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip classless
!
!
access-list 101 deny tcp 192.168.1.0 0.0.0.255 host 172.16.13.4 eq smtp
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
136
SEND A EMAIL user1@sample.com TO user2@sample.com :
137
SEND A EMAIL user2@sample.com TO user1@sample.com :
138
DENY EMAIL SERVICE FROM 192.168.1.0 NETWORK :
access list 101 deny tcp 192.168.1.0 0.0.0.255 host 172.16.13.4 eq SMTP
139
RESULT:
DATE:
Thus
EX.NO: 7
the experiment was configured successfully.

CASE STUDY 7
CONFIGURING A FIRE WALL
Aim:
To configure a firewall and analyze it for a network.
Objective:
Consider a Fire wall communication server with single inbound modem. Configure
the modem to ensure security for LAN
REQUIREMENTS:
1. Cisco Packet Tracer 6.0.1
2. 3 PC windows or Linux PC's
3. One Switch or Hub
4. One DSL Modem
5. One Application Server
6. Communication Channels
7. Class B IP Address.
8. Basic Firewall things.
9. Basic Network Configuration Commands.
10.Cisco Packet Tracer 6.0.1.exe
PROCEDURE:
1.
2.
3.
4.

Draw The Three PC using End Device Icons.
Draw The DSL modem using WAN Emulation Icon.
140
5. Draw The Cloud Icon using WAN Emulation Icon.
6. Draw The Server using End Device Icons.
7. Make the cable connectivity.
8. Enter The IP Address To Each Machine (Server and PC's).
10.Check The Connections using Ping Commands.
What is Firewall?
A firewall is a layer of security between your home network and the Internet.
Since a router or modem is the main connection from a home network to the
Internet, a firewall is often packaged with those devices. Every home network
should have a firewall to protect its privacy. firewalls are a combination of
hardware and software The hardware part gives firewalls excellent performance,
while the software part allows firewalls to be tailored to your specific needs.
Firewall Rules:
Firewall rules block or allow specific traffic passing through from one side of the
router to the other. Inbound rules (WAN to LAN) restrict access by outsiders to
141
private resources, selectively allowing only specific outside users to access specific
resources. Outbound rules (LAN to WAN) determine what outside resources local
users can have access to. A firewall has two default rules, one for inbound traffic
and one for outbound. The default rules of the modem router are:
1.
2.
Inbound
Outbound
INBOUND RULES:
Block all access from outside except responses to requests from the LAN side
OUTBOUND RULES:
Allow all access from the LAN side to the outside.
HOW TO WORK FIREWALL:
142
HOW TO PROTECT OUR NETWORK FROM THE HACKER ATTACKS :
NETWORK TOPOLOGY:
143
SERVER IP ADDRESS:
SERVER>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80 :: 201:63FF:FEB1:4829
IP Address......................: 172.16.0.1
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
PC-1 IP ADDRESS :
PC>ipconfig
Link-local IPv6 Address.........: FE80:: 201:C9FF:FE64:518E
IP Address......................: 172.16.0.2
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
PC-2 IP ADDRESS :
PC>ipconfig
Link-local IPv6 Address.........: FE80:: 201:C9FF:FE64:518E
IP Address......................: 172.16.0.2
144
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
PC-3 IP ADDRESS :
PC>ipconfig
Link-local IPv6 Address.........: FE80:: 290:21FF:FEBC:CDA5
IP Address......................: 172.16.0.4
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
GRAPHICAL VIEW:
SERVER IP ADDRESS:
145
PC-1 IP ADDRESS:
PC-2 IP ADDRESS:
PC-3 IP ADDRESS:
146
BEFORE THE FIREWALL CONFIGURATION:

ICMP
ping command is a Network Utility Command. ping tools use Internet Control
Message Protocol (ICMP). ping used to verify the connection between source PC
to Destination PC.
PING BETWEEN WAN PC TO SERVER USING ICMP PROTOCOL:
ping was successful between the Server and Remote PC.
HTTP
Open the any PC web Browser type the server IP address in address bar.
(http://172.16.0.1). We can access the web page from the server.
147
WEB PAGE ACCESS BETWEEN SERVER TO WAN PC USING TCP
PROTOCOL:
Web Page can Access successful on Remote PC from the Server.
AFTER THE FIREWALL CONFIGURATION:

We use Firewall Inbound Rules. Block all access from outside except responses to
requests from the LAN side
Note:
I Deny ICMP protocol Services from the outside Network
I Allow TCP protocol Services from the outside Network
148
I Deny ICMP protocol Services from the outside Network
I Allow TCP protocol Services from the outside Network
ICMP:
ping command is a Network Utility Command. ping tools use Internet Control
Message Protocol (ICMP). ping used to verify the connection between source PC
to Destination PC.
PING BETWEEN WAN PC TO SERVER USING ICMP PROTOCOL:
ping was not successful between the Server and Remote PC. Because I block the
outside network ICMP Services.
149
Ping was not successful

HTTP
Open the any PC web Browser type the server IP address in address bar.
(http://172.16.0.1). We can access the web page from the server.
WEB PAGE ACCESS BETWEEN SERVERS TO WAN PC USING TCP
PROTOCOL:
Web Page can Access successful on Remote PC from the Server. Because i Allow
the TCP protocol Services from the outside Network.
150
Web Page can Access successful
RESULT:
DATE:
Thus
EX.NO:
the Firewall Experiment was Configured Successfully.
CASE STUDY 8
Integrating EIGRP (Enhanced Interior Gateway Routing Protocol) into
Existing Networks
Aim:
151
To integrate EIGRP (enhanced interior gateway routing protocol) into existing
networks
Objective:
The case study should provide the benefits and considerations involved in
integrating Enhanced IGRP into the following types of internetworks:
IPThe existing IP network is running IGRP
Novell IPXThe existing IPX network is running RIP and SAP
AppleTalkThe existing AppleTalk network is running the Routing Table
Maintenance Protocol (RTMP)
When integrating Enhanced IGRP into existing networks, plan a phased
implementation. Add Enhanced IGRP at the periphery of the network by
configuring Enhanced IGRP on a boundary router on the backbone off the core
network. Then integrate Enhanced IGRP into the core network
REQUIREMENTS:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Three Cisco 2811 Routers.

Three 24 Port Cisco Switch.
Copper Straight Through Cables.
Three Serial Line Cables.
Nine Windows PCs
Class A and Class C IP Address.
EIGRP Router Configuration commands.
Basic Network configuration commands.
PROCEDURES:
CREATE EIGRP NETWORK TOPOLOGY:
NETWORK TOPOLOGY
152
EIGRP
What is EIGRP?
Enhanced Interior Gateway Routing Protocol
Advanced distance vector
Rapid convergence
100% loop-free classless routing
Easy configuration
153
Incremental updates
Load balancing across equal- and unequal-cost pathways
Flexible network design
Multicast and unicast instead of broadcast address
Support for VLSM and discontiguous subnets
Manual summarization at any point in the internetwork
Support for multiple network layer protocols
Features of EIGRP:
Cisco proprietary protocol
Classless routing protocol
Includes all features of IGRP
Metric (32 bit) : Composite Metric (BW + Delay + load + MTU + reliability )
Administrative distance is 90
Updates are through Multicast (224.0.0.10 )
Max Hop count is 255 (100 by default)
Supports IP, IPX and Apple Talk protocols
Hello packets are sent every 5 seconds
Convergence rate is fast
Overcome The RIP limitations.
EIGRP Tables:
EIGRP routing Protocol maintains Three tables for best routing or path selection to
destination Network.
1. Neighbor Table
2. Topology Table
3. Routing Table
154
Disadvantages of EIGRP:
Works only on Cisco Routers
Directly Connected Networks on HYDERABAD Router
192.168.1.0
10.0.0.0
Configuring EIGRP
Router(config)# router eigrp <as no>
Router(config-router)# network <Network ID>
Directly Connected Networks on CHENNAI Router :
192.168.2.0
10.0.0.0
11.0.0.0
Configuring EIGRP :
Directly Connected Networks on Bangalore Router :
192.168.3.0
11.0.0.0
155
Configuring EIGRP :
HYDERABAD Router Running Configuration :
!
version 12.4
!
hostname HYD
!
!
ip address 192.168.1.150 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 10.0.0.1 255.0.0.0
clock rate 148000
!
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
156
!
router eigrp 10
network 192.168.1.0
network 10.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
CHENNAI Router Running Configuration:
!
version 12.4
!
hostname CHE
!
!
ip address 192.168.2.150 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
157
ip address 10.0.0.2 255.0.0.0
!
ip address 11.0.0.1 255.0.0.0
!
interface Vlan1
no ip address
shutdown
!
router eigrp 10
network 10.0.0.0
network 192.168.2.0
network 11.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
Bangalore Router Running Configuration:
!
version 12.4
!
hostname BANG
!
!
158
ip address 192.168.3.150 255.255.255.0
duplex auto
speed auto
!
no ip address
duplex auto
speed auto
shutdown
!
ip address 11.0.0.2 255.0.0.0
!
no ip address
clock rate 1000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 10
network 192.168.3.0
network 11.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
159
VERIFY THE NETWORK CONFIGURATION :

PING 192.168.1.3
160
PING 192.168.3.2
PING 192.168.2.3
161
NEIGHBORS ROUTING TABLES:

HYDERABAD ROUTER NEIGHBOR TABLE:
CHENNAI ROUTER NEIGHBOR TABLE:
BANGALORE ROUTER NEIGHBOR TABLE:

162
ROUTER TOPOLOGY TABLES:

BANGALORE ROUTER TOPOLOGY TABLE
CHENNAI ROUTER TOPOLOGY TABLE:
163
HYDERABAD ROUTER TOPOLOGY TABLE
ROUTERS ROUTING TABLES:

164
BANGALORE ROUTER ROUTING TABLE:
CHENNAI ROUTER ROUTING TABLE
HYDERABAD ROUTER ROUTING TABLE

165
RESULT:
166

LAN-to-LAN routing with static and RIP

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

LAN-to-LAN routing with static and RIP

Diunggah oleh

Hak Cipta:

Format Tersedia

DATE:

3 Windows PC or 3 Linux PC, Each PC must Have One NIC cards.

Open The CISCO PACKET TRACER software.

VIEW THE SWITCH MAC ADDRESS TABLE :

ARP Table For Switch :

OSI LAYER ARCHITECTURE:

INPUT PROTOCOL DATA UNIT (PDU):

OUTPUT PROTOCOL DATA UNIT (PDU):

Thus the Experiment is configured successfully.

4 Windows PC or 4 Linux PC, Each PC must Have One NIC cards.

Open The CISCO PACKET TRACER software.

ROUTER R1 ROUTE TABLE:

ROUTER R2 ROUTE TABLE:

SHOW R1 ROUTER ARP TABLE:

SHOW R2 ROUTER ARP TABLE:

SHOW PC ARP TABLE:

OSI LAYER ARCHITECTURE:

INPUT PROTOCOL DATA UNIT (PDU):

One Linux (fedora) Virtual PC.

WINDOWS XP VIRTUAL PC-1

WINDOWS XP VIRTUAL PC-2

Make the Internet Connectivity to the System

Assign the Ip address 192.168.1.5

Install the VSFTPD ftp server package

GRAPHICAL MODE INSTALLATION

Power on the vsftpd Server

Check the Vsftpd Service status

Add tcp protocol entries into our Iptables.

View the Iptables values

Enable Linux Machine Firewall

Assign The IP Address to the second windows XP PC 192.168.1.3

Add the user names to chroot_list file

Add the user name fedora

Restart the vsftpd Service

Check the vsftpd service status

Set the Boolean values

Check the Boolean Status

Restart the FTP Server

put the ftp>ls command

Paste the files

VIEW THE FILE CONTENT:

Enter linux machine user-name and password for login

The Linux Machine has been opened on the web browser

COPY THE FILE

PASTE THE FILE

VIEW THE FILE CONTENT

TCP PROTOCOL ANALYZING

All the incoming and outgoing information are captured.

This application very use full for protocol Analyzing.

WIRE SHARK DISPLAY MY FTP LOGIN USER NAME AND PASSWORD

CLOSE THE FTP CONNECTION

Thus the experiment was executed successfully.

CISCO 1841 Model 4 Routers.

ROUTER R2 RUNNING CONFIGURATION FILE :

PING BETWEEN 192.168.6.2 TO 192.168.3.2 :

PING BETWEEN 192.168.3.2 TO 192.168.6.2 :

R1 ROUTER ROUTING TABLE:

R1 ROUTER ROUTING PROTOCOL:

R2 ROUTER ROUTING TABLE:

R2 ROUTER ROUTING PROTOCOL:

R3 ROUTER ROUTING TABLE:

R3 ROUTER ROUTING PROTOCOL: