Professional Documents
Culture Documents
Overview of Networking
Basics of Networking
3
Communications activity associated with distributing or exchanging
information
Telecommunications technology of communications at a distance that
permits information to be created any where and used everywhere with
little delay
A network is a way to get stuff between 2 or more things
Examples: Mail, phone system, conversations, railroad system,
highways and roads
4
Must have a message
Message must have a transmitter
Message must have a medium
Message must be understood
Message must have some level of security
5
Essentials for Network
6
General Architecture of Computer Networks
External
nodes
Cloud
(or stations)
Internal nodes
(swithing devices)
7
A typical network
8
Document Amendment History
9
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
10
SKILLS FOR INDIA
Topologies
Bus Topology
Bus: each node is daisy-chained (connected one right after the other)
along the same backbone. Information sent from a node travels along the
backbone until it reaches its destination node. Each end of a bus network
must be terminated with a resistor to keep the
12
Ring Topology
Similar to a bus network, rings have
nodes daisy chained, but the end of
the network in a ring topology comes
back around to the first node, creating
a complete circuit. Each node takes a
turn sending and receiving
information through the use of a
token. The token along with any data
is sent from the first node to the
second node which extracts the data
addressed to it and adds any data it
wishes to send. Then second node
passes the token and data to the third
node, etc. until it comes back around
to the first node again. Only the node
with the token is allowed to send data
. All other nodes must wait for the
token to come to them.
13
Star Topology
14
Star-Bus Topology
15
Mesh Topology
16
Other network topologies
17
Document Amendment History
18
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
19
SKILLS FOR INDIA
Types of Network
Network configuration
21
Peer-to-Peer network
22
Server based network
23
Advantages of peer-to-peer networks:
Low cost
Simple to configure
User has full accessibility of the computer
24
Clients and Servers
25
Advantages of client/server networks
Facilitate resource sharing centrally administrate and control
Facilitate system backup and improve fault tolerance
Enhance security only administrator can have access to Server
Support more users difficult to achieve with peer-to-peer networks
26
Document Amendment History
27
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
28
SKILLS FOR INDIA
Widely installed for use in business and corporation Ethernet and other
types of LANs.
Consists of inter copper insulator covered by cladding material, and then
covered by an outer jacket
Physical Descriptions:
30
Applications:
TV distribution (cable tv); long distance telephone transmission;
short run computer system links
Local area networks
Transmission characteristics:
Can transmit analog and digital signals
Usable spectrum for analog signaling is about 400 Mhz
Amplifier needed for analog signals for less than 1 Km and less
distance for higher frequency
Repeater needed for digital signals every Km or less distance for
higher data rates
Operation of 100s Mb/s over 1 Km
31
Twisted Pair Cables
Physical description:
Each wire with copper conductor
Separately insulated wires
Twisted together to reduce cross talk
Often bundled into cables of two or four twisted pairs
If enclosed in a sheath then is shielded twisted pair (STP) otherwise often
for home usage unshielded twisted pair (UTP). Must be shield from voltage
lines
Application:
Common in building for digital signaling used at speed of 10s Mb/s
(CAT3) and 100Mb/s (CAT5) over 100s meters.
Common for telephone interconnection at home and office buildings
Less expensive medium; limited in distance, bandwidth, and data rate
32
Categories of Twisted Pairs Cabling System
Physical Description:
Glass or plastic core of optical fiber = 2to125 m
Cladding is an insulating material
Jacket is a protective cover
Laser or light emitting diode provides transmission light source
Applications:
Long distance telecommunication
Greater capacity; 2 Gb/s over 10s of Km
Smaller size and lighter weight
Lower attenuation (reduction in strength of signal)
Electromagnetic isolation not effected by external electromagnetic
environment. Aka more privacy
Greater repeater spacing fewer repeaters, reduces line regeneration
cost
34
Multimode fiber is optical fiber that is designed to carry multiple light
rays or modes concurrently, each at a slightly different reflection angle
within the optical fiber core. used for relatively short distances because
the modes tend to disperse over longer lengths (this is called modal
dispersion)
For longer distances, single mode fiber (sometimes called monomode)
fiber is used. In single mode fiber a single ray or mode of light act as a
carrier
35
Wireless Transmission
36
Satellite is a microwave relay station
Geostationary orbit (22,000 miles) and low orbit (12000 miles)
Satellite ground stations are aligned to the space satellite, establishes a
link, broadcast at a specified frequency. Ground station normally
operate at a number of frequencies full duplex
Satellite space antenna is aligned to the ground station establishes a link
and transmits at the specified frequency. Satellite are capable of
transmitting at multiple frequencies simultaneously, full duplex.
To avoid satellites from interfering with each other, a 4 degree
separation is required for 4/6 GHz band and 3 degree for 12/14 GHz
band. Limited to 90 satellites
Disadvantage: not satellite repair capability; greater delay and
attenuation problems
37
Wireless LAN
Wireless LAN
Hiper LAN (European standard; allow communication at up to 20
Mbps in 5 GHz range of the radio frequency (RF) spectrum
Hiper LAN/2 operate at about 54 Mbps in the same RF band
38
Document Amendment History
39
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
40
SKILLS FOR INDIA
Network Components
Hubs
A hub is the place where data converges from one or more directions
and is forwarded out in one or more directions.
Seen in local area networks
42
Gateways
43
Routers
44
Bridge
45
Differences
Bridge: device to interconnect two LANs that use the SAME logical link
control protocol but may use different medium access control protocols
Router: device to interconnect SIMILAR networks, e.g. similar
protocols and workstations and servers
Gateway: device to interconnect DISSIMILAR protocols and servers,
and Macintosh and IBM LANs and equipment
46
Switches
47
Document Amendment History
48
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
49
SKILLS FOR INDIA
IEEE Standards
Introduction
802.1 Higher Layer LAN Protocols Working 802.2 Logical Link Control Working Group
802.11 Wireless LAN Working Group 802.7 Broadband Area Network Working
802.16 Broadband Wireless Access Working 802.9 Integrated Service LAN Working
Group Group
802.17 Resilient Packet Ring Working Group 802.10 Security Working Group
52
802.11 Wireless LAN Working Group
Types
Infrastructure based
Ad-hoc
AP AP: Access Point
AP wired network
Advantages AP
Flexible deployment
Minimal wiring difficulties
More robust against disasters
(earthquake etc)
Disadvantages
Low bandwidth compared to wired networks (1-10 Mbit/s)
Need to follow wireless spectrum regulations
Not support mobility
53
802.11 Wireless LAN Working Group
802.11
Timeline
802.15.1 : WPAN/Bluetooth
802.15.2 : Coexistence Group 802.15.4a
802.15.3a 802.15.3b 802.15.4b
802.15.3 : High Rate(HR) WPAN Group
802.15.3a : WPAN HR Alternative PHY Task
Group
802.15.3b : MAC Amendment Task Group
802.15.4 : Low Rate(LW) WPAN Group(Zigbee)
802.15.4a : WPAN Low Rate Alternative PHY
802.15.4b : Revisions and Enhancements
UWB Forum
57
802.16 Broadband Wireless Access(BWA)
IEEE 802.16
Be was established by IEEE Standards Board in 1999, aims to prepare
formal specifications for the global deployment of broadband Wireless
Metropolitan Area Network.
A unit of the IEEE 802 LAN/MAN Standards Committee.
A related technology Mobile Broadband Wireless Access(MBWA)
Mobile WWAN
(Vehicular) (IMT-2000) 802.16e
cdma2000 1xEV-DO,
Pedestrian cdma2000 1xEV-DV
2G/2.5G 802.16a
(Nomadic) Cellular
WCDMA HSDPA (WiMAX)
802.16
60
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
61
SKILLS FOR INDIA
Types of Network
Major Categories of Networks
63
Local Area Network
64
Metropolitan Area Network
65
MAN Architecture
66
Wide Area Network
67
WAN Architecture
68
Personal Area Network
70
Data Communications Through WANs
71
WANs originally implemented circuit switching and packet switching
technologies. Recently, frame relay and asynchronous transfer mode
(ATM) networks have been implemented to achieve higher operating
and processing speeds for the message
WAN are owned by the common carrier in the U.S. and government in
most foreign countries
Interconnected devices, I.e. LANs or Personal Computers (PC) or
Workstation or Servers can be (usually are) privately owned by
companies
72
Document Amendment History
73
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
74
SKILLS FOR INDIA
OSI Model
ISO/OSI Reference Model
76
ISO/OSI Reference Model
Establish/manage connection
End-to-end control & error checking
(ensure complete data transfer): TCP
The physical layer defines electrical and physical specifications for devices.
In particular, it defines the relationship between a device and a transmission
medium, such as a copper or fiber optical cable.
The major functions and services performed by the physical layer are:
Establishment and termination of a connection to
a communications medium
Participation in the process whereby the communication resources are
effectively shared among multiple users. For example, contention resolution
and flow control
78
Modulation, or conversion between the representation of digital data in
user equipment and the corresponding signals transmitted over a
communications channel. These are signals operating over the physical
cabling (such as copper and optical fiber) or over aradio link
79
Layer 2: Data link layer
The data link layer provides the functional and procedural means to transfer
data between network entities and to detect and possibly correct errors that
may occur in the physical layer. Originally, this layer was intended for point-
to-point and point-to-multipoint media, characteristic of wide area media in
the telephone system. Local area network architecture, which included
broadcast-capable multi access media, was developed independently of the
ISO work in IEEE Project 802. IEEE work assumed sub-layering and
management functions not required for WAN use. In modern practice, only
error detection, not flow control using sliding window, is present in data link
protocols such as Point-to-Point Protocol (PPP), and, on local area networks,
the IEEE 802.2 LLC layer is not used for most protocols on the Ethernet,
and on other local area networks, its flow control and acknowledgment
mechanisms are rarely used. Sliding window flow control and
acknowledgment is used at the transport layer by protocols such as TCP, but
is still used in niches where X.25 offers performance advantages.
80
The ITU-T G.hn standard, which provides high-speed local area
networking over existing wires (power lines, phone lines and coaxial
cables), includes a complete data link layer which provides both error
correction and flow control by means of a selective repeat Sliding
Window Protocol.
Both WAN and LAN service arrange bits, from the physical layer, into
logical sequences called frames. Not all physical layer bits necessarily
go into frames, as some of these bits are purely intended for physical
layer functions. For example, every fifth bit of the FDDI bit stream is
not used by the layer.
81
Layer 3: Network layer
82
Layer 3: Network layer
83
An example of this latter case is CLNP, or IPv6 ISO 8473. It manages
the connectionless transfer of data one hop at a time, from end system
to ingress router, router to router, and from egress router to destination end
system. It is not responsible for reliable delivery to a next hop, but only for
the detection of erroneous packets so they may be discarded. In this scheme,
IPv4 and IPv6 would have to be classed with X.25 as subnet access
protocols because they carry interface addresses rather than node addresses.
84
Layer 4: Transport layer
The transport layer provides transparent transfer of data between end users,
providing reliable data transfer services to the upper layers. The transport
layer controls the reliability of a given link through flow control,
segmentation/desegmentation, and error control. Some protocols are state-
and connection-oriented. This means that the transport layer can keep track
of the segments and retransmit those that fail. The transport layer also
provides the acknowledgement of the successful data transmission and
sends the next data if no errors occurred.
85
OSI defines five classes of connection-mode transport protocols ranging
from class 0 (which is also known as TP0 and provides the least features) to
class 4 (TP4, designed for less reliable networks, similar to the Internet).
Class 0 contains no error recovery, and was designed for use on network
layers that provide error-free connections. Class 4 is closest to TCP,
although TCP contains functions, such as the graceful close, which OSI
assigns to the session layer. Also, all OSI TP connection-mode protocol
classes provide expedited data and preservation of record boundaries.
Although not developed under the OSI Reference Model and not strictly
conforming to the OSI definition of the transport layer, the Transmission
Control Protocol (TCP) and the User Datagram Protocol (UDP) of the
Internet Protocol Suite are commonly categorized as layer-4 protocols
within OSI.
86
Layer 5: Session layer
87
Layer 6: Presentation layer
The original presentation structure used the basic encoding rules of Abstract
Syntax Notation One (ASN.1), with capabilities such as converting
an EBCDIC-coded text file to an ASCII-coded file,
or serialization of objects and other data structures from and to XML.
88
Layer 7: Application layer
The application layer is the OSI layer closest to the end user, which means
that both the OSI application layer and the user interact directly with the
software application. This layer interacts with software applications that
implement a communicating component. Such application programs fall
outside the scope of the OSI model. Application-layer functions typically
include identifying communication partners, determining resource
availability, and synchronizing communication. When identifying
communication partners, the application layer determines the identity and
availability of communication partners for an application with data to
transmit. When determining resource availability, the application layer must
decide whether sufficient network or the requested communication exist. In
synchronizing communication, all communication between applications
requires cooperation that is managed by the application layer.
89
Comparison with TCP/IP Model
In the TCP/IP model of the Internet, protocols are deliberately not as rigidly
designed into strict layers as in the OSI model.[10] RFC 3439 contains a
section entitled "Layering considered harmful (section link here )."
However, TCP/IP does recognize four broad layers of functionality which
are derived from the operating scope of their contained protocols, namely
the scope of the software application, the end-to-end transport connection,
the internetworking range, and the scope of the direct links to other nodes on
the local network.
Even though the concept is different from the OSI model, these layers are
nevertheless often compared with the OSI layering scheme in the following
way: The Internet application layer includes the OSI application layer,
presentation layer, and most of the session layer. Its end-to-end transport
layer includes the graceful close function of the OSI session layer as well as
the OSI transport layer.
90
The internetworking layer (Internet layer) is a subset of the OSI network
layer (see above), while the link layer includes the OSI data link and
physical layers, as well as parts of OSI's network layer. These comparisons
are based on the original seven-layer protocol model as defined in ISO 7498,
rather than refinements in such things as the internal organization of the
network layer document.
92
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
93
SKILLS FOR INDIA
96
TCP
97
User Datagram Protocol
ICMP differs from transport protocols such as TCP and UDP in that it is
not typically used to exchange data between systems, nor is it regularly
employed by end-user network applications (with the exception of some
diagnostic tools like ping and trace route).
ICMP for Internet Protocol version 4 (IPv4) is also known as
ICMPv4. IPv6 has a similar protocol, ICMPv6.
99
Hypertext Transfer Protocol
100
Post Office Protocol
101
File Transfer Protocol
102
Internet Message Control Protocol
103
IPX/SPX
IPX/SPX is a routable protocol and can be used for small and large
networks. It was created by Novell primarily for Novell NetWare networks,
but is popular enough that it is used on products that are not from Novell.
NCP - NetWare Core Protocol provides for client/server interactions such
as file and print sharing. It works at the application, presentation, and
session levels.
SAP - Service Advertising Protocol packets are used by file and print
servers to periodically advertise the address of the server and the services
available. It works at the application, presentation, and session levels.
104
IPX/SPX
105
Other Network Support
106
NetBIOS
107
NetBEUI (NetBIOS Extended User Interface
108
Difference between NetBIOS & NetBEUI
109
Apple Talk
111
Associated TCP/IP Protocols & Services
HTTP This protocol, the core of the World Wide Web, facilitates
retrieval and transfer of hypertext (mixed media) documents.
Stands for the HyperText Transfer protocol
Telnet A remote terminal emulation protocol that enables clients to log
on to remote hosts on the network.
SNMP Used to remotely manage network devices. Stands for the Simple
Network Management Protocol.
112
Document Amendment History
113
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
114
SKILLS FOR INDIA
IP Addressing
What is an IP address?
116
Types of IP address
Static address
Dynamic address
117
Static IP address
118
Dynamic IP address
119
Class A IP address
121
Class A IP address
122
Class B IP address
123
Class B IP address
124
Class C IP address
125
Class C IP address
126
IP addresses and routing
Routing tables
Identifying source and destination
IP packet routing
127
IP addresses and routing -Routing
Tables
Created by router, held in memory, constantly updated
Based on cross-referencing
IP packet source address, and port on which received
128
IP addresses and routing Identifying source
and destination
129
IP addresses and routing - IP packet routing
130
Networks and subnets
Why subnet
Subnet mask
Restrictions on borrowed bits
131
When an organization is granted a block of addresses, it can create
subnets to meet its needs. The prefix length increases to define the
subnet prefix length.
Why subnet
Reduce broadcast domain, improve network efficiency
Why subnet
Reduce broadcast domain, improve network efficiency
132
Subnet masks
133
SKILLS FOR INDIA
IP Routing
Network Address Translation
Network Address Translation or NAT
Kinds of Network Address Translation
Operation of Network Address Translation
Security and Administration
135
IP Routing
Packet forwarding
It is a process that is by default enable in router. The router will
perform packet forwarding only if route is available in the routing
table.
137
Routing Process
138
Routing Process
R1
10.0.0.1
S. MAC D. MAC
PC1 R1
D. IP 172.16.0.5
S. IP 10.0.0.6
172.16.0.5
139
The router will receive the frame, store it into the buffer. When obtain
packet from the frame then forward data according to the destination
IP of packet. The router will obtain a route from routing table
according to which next hop IP and interface is selected
According to the next hop, the packet will encapsulated with new
frame and data is send to the output queue of the interface.
140
Static Routing
142
Alternate command to specify static route
143
Backup route or loading static route
If more than one path are available from our router to destination then
we can specify one route as primary and other route as backup route.
Administrator Distance is used to specify one route as primary and
other route as backup. Router will select lower AD route to forward the
traffic. By default static route has AD value of 1. With backup path, we
will specify higher AD so that this route will be used if primary route is
unavailable.
Protocols AD
Directly Connected 0
Static 1
BGP 20
EIGRP 90
IGRP 100
OSPF 110
RIP 120
144
Syntax: -
To set backup path Router(config)#ip route <dest. n/w>
<mask> <next hop> <AD>
Default Routing
Default routing means a route for any n/w. these routes are
specify with the help of following syntax: -
Router(config)#ip route 0.0.0.0 0.0.0.0 <next hop>
Or
<exit interface>
To display routing table
Router#sh ip route
145
To display routing table
Router#sh ip route
146
Dynamic Routing
147
Dynamic Routing
According to the type of area in which protocol is used there are again two
types of protocol: -
(1) Interior Routing Protocol
(2) Exterior Routing Protocol
RIP BGP
IGRP EXEIGRP
EIGRP
OSPF
148
Distance Vector Routing
The Routing, which is based on two parameters, that is distance and direction
is called Distance Vector Routing. The example of Distance Vector Routing is
RIP & IGRP.
Operation: -
(1) Each Router will send its directly connected information to the neighbor
router. This information is send periodically to the neighbors.
(2) The neighbor will receive routing updates and process the route
according to following conditions: -
If update of a new n/w is received then this information is stored in
routing table.
If update of a route is received which is already present in routing
table then route will be refresh that is route times is reset to zero.
149
Distance Vector Routing
If update is received for a route with lower metric then the route, which is
already present in our routing table. The router will discard old route and
write the new route in the routing table.
If update is received with higher metric then the route that is already
present in routing table, in this case the new update will be discard.
A timer is associated with each route. The router will forward routing
information on all interfaces and entire routing table is send to the
neighbor. There are three types of timers associated with a route.
Route update timer
It is the time after which the router will send periodic update to the
neighbor.
150
Distance Vector Routing
151
Metric of Dynamic Routing
Metric are the measuring unit to calculate the distance of destination n/w. A
protocol may use a one or more than one at a time to calculate the distance.
Different types of metric are: -
Hop Count
Band Width
Load
Reliability
Delay
MTU
152
Hop Count
It is the no. of Hops (Routers) a packet has to travel for a destination n/w.
Bandwidth
Bandwidth is the speed of link. The path with higher bandwidth is preferred to
send the data.
Load
Load is the amount of traffic present in the interface. Paths with lower load
and high throughput are used to send data.
Reliability
Reliability is up time of interface over a period of time.
Delay
Delay is the time period b/w a packet is sent and received by the destination
153
MTU Maximum Transmission Unit
It is the maximum size of packet that can be sent in a frame mostly MTU is set
to 1500.
154
Routing Loops
It may occur b/w adjacent routers due to wrong routing information. Distance
Vector routing is also called routing by Rumor. Due to this the packet may
enter in the loop condition until their TTL is expired.
Split Horizon
Split Horizon states a route that update receive from an interface can not be
send back to same interface.
156
Poison Reverse
This method is the combination of split Horizon and Flash updates. It
implements the rule that information received from the interface can not be
sent back to the interface and in case of topology change flash updates will be
send to the neighbor.
Hold Down
If a route changes frequently then the route is declared in Hold Down state and
no updates are received until the Hold Down timer expires.
157
Routing Information Protocol
Features of RIP: -
Distance Vector
Open standard
Broadcast Updates
(255.255.255.255)
Metric
Hop Count
Timers
Update 30 sec
Invalid 180 sec
Hold 180 sec
158
Loop Control
Split Horizon
Triggered Updates
Maximum Hop Count
Hold Down
Maximum Hop Count 15
Administrative Distance 120
Equal Path Cost Load Balancing
Maximum Load path 6
Default 4
Does not support VLSM
Does not support Autonomous system
159
Configuring RIP
Router#conf ter
Router(config)#router rip
Router(config-router)#network <own net address>
Router(config-router)#network <own net address>
--------------
--------------
Router(config-router)#exit
Router(config-router)#network 10.0.0.0
Router(config-router)#network 172.16.0.0
Router(config-router)#network 200.100.100.0
175.2.0.0 via 172.16.0.6
160
Configuring RIP
172.16.0.6
R1
200.100.100.12
161
Display RIP Routers
RIP Dest. n/w mask AD Metric Next Hop Timer own Interface
162
Neighbor RIP
163
Frame
Unicast 10.0.0.2 Relay
Cloud
255.255.255.255
10.0.0.1 10.0.0.2
R1 R2
R1 R2
Router(config)#router rip Router(config)#router rip
Router(config-router)#neighbor 10.0.0.2 Router(config router)#
neighbor
10.0.0.1
164
To change Administrative Distance
Router(config)#router rip
Router(config-router)#distance <value>
Router(config-router)#exit 95 or 100
RIP is able to perform equal path cost Load Balancing. If multiple paths
are available with equal Hop Count for the destination then RIP will
balance load equally on all paths.
Load Balancing is enabled by default 4 paths. We can change the no. of
paths. It can use simultaneously by following command: -
Router(config)#router rip
Router(config-router)#maximum-path <1-6>
165
To display RIP parameters
Router#sh ip protocol
Or
Router#sh ip protocol RIP
This command display following parameters: -
(i) RIP Timers
(ii) RIP Version
(iii) Route filtering
(iv) Route redistribution
(v) Interfaces on which update send
(vi) And receive
(vii) Advertise n/w
(viii) Passive interface
(ix) Neighbor RIP
(x) Routing information sources
(xi) Administrative Distance
166
RIP version 2
167
To debug RIP routing
Router#debug ip rip
168
Interior Gateway Routing Protocol
Features: -
Cisco proprietary
Distance vector
Timers
Update 90 sec
Invalid 270 sec
Hold time 280 sec
Flush 630 sec
Loop control
All methods
169
Interior Gateway Routing Protocol
170
Interior Gateway Routing Protocol
171
Configuring IGRP
172
Router(config)#interface <type> <no>
Router(config-if)#bandwidth <value in kbps>
Router(config-if)#exit
Router(config)#interface serial 0
Router(config-if)#bandwidth 256
Router(config-if)#exit
Configuring Unequal path cost load balancing
To configure load balancing, we have to set two parameters
(1) Maximum path (by default 4)
(2) Variance (default 1)
Maximum Path: - it is maximum no. of paths that can be used for load
balancing simultaneously.
173
Variance: - it is the multiplier value to the least metric for a destination n/w up
to which the load can be balanced.
Router(config)#Router igrp <as no>
Router(config-router)#variance <value>
Router(config-router)#exit
174
Configuring IGRP
175
Network Address Translation
RFC-1631
A short term solution to the problem of the depletion of IP addresses
Long term solution is IP v6 (or whatever is finally agreed on)
CIDR (Classless Inter Domain Routing ) is a possible short term
solution
NAT is another
NAT is a way to conserve IP addresses
Hide a number of hosts behind a single IP address
Use:
10.0.0.0-10.255.255.255,
172.16.0.0-172.32.255.255 or
192.168.0.0-192.168.255.255 for local networks
176
Translation Modes
177
Dynamic Translation (IP Masquerading )
179
Load Balancing
180
Network Redundancy
181
Problems with NAT
182
Working of NAT & PAT
10.0.0.5
10.0.0.1 200.100.100.12
NAT Internet
10.0.0.6
Switch
10.0.0.5
10.0.0.7 200.100.100.12
1080
10.0.0.8
10.0.0.6
200.100.100.12
1085
183
10.0.0.7
200.100.100.12 1100 Port Translation
1024
10.0.0.8
200.100.100.12
1024
184
Static NAT
This NAT is also used for servers. It provides port-based access to the servers
with the help of NAT.
Static NAT
200.1.1.5 = 192.168.10.6 Internet
Router
Local 192.168.10.6
185
Port Base Static NAT
This NAT is used for servers in which one Live IP is directly mapped to one
Local IP. This NAT will forward on the traffic for the Live IP to the Local
PC in the n/w.
Router
Web DNS
192.168.10.6 192.168.10.7
186
Dynamic NAT using Pool
Dynamic NAT is used for clients, which want to access Internet. The
request from multiple client IPs are translated with the Live IP obtained
from the Pool. It is also called Pool Based Dynamic NAT.
Pool => 200.1.1.8 200.1.1.12/28
Internet
Local address => 172.16.X.X Except => 172.16.0.5
172.16.0.6
172.16.0.7
Pool allotted => 200.1.1.0 15/28
Server
Static => 200.1.1.3 = 172.16.0.7
Port Based Static NAT
200.1.1.4:53 = 172.16.0.6
200.1.1.4:80 = 172.16.0.5
187
Dynamic NAT using Pool
Client
Dynamic NAT
Pool => 200.1.1.8 200.1.1.12/28
Local address => 172.16.0.X
Except
172.16.0.5
172.16.0.6
172.16.0.7
188
Configuring NAT
Router#conf ter
Router(config)#int serial 0
Router(config-if)#ip nat outside
Router(config-if)#int eth 0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip nat inside source static 172.16.0.7 200.1.1.3
Router(config)#ip nat inside source static tcp 172.16.0.5 80 200.1.1.4
80
Router(config)#ip nat inside source static udp 172.16.0.6 53 200.1.1.4
53
Router(config)#access-list 30 deny 172.16.0.5
Router(config)#access-list 30 deny 172.16.0.6
Router(config)#access-list 30 deny 172.16.0.7
Router(config)#access-list 30 permit any
Router(config)#ip nat pool abc 200.1.1.8 200.1.1.12 netmask
255.255.255.240 189
Command for Basic NAT
Router(config)#ip nat inside source list 30 interface serial 0
<exiting interface name>
To display NAT translation
Router#sh ip nat translations
(after ping any address, it shows ping details)
190
Document Amendment History
191
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
192
SKILLS FOR INDIA
196
Figure 1: Remote Access Setup
197
Click Configure. Figure 2: Configure Port Usage
198
Media Access Methods
199
Media Access Methods
Contention.
-(CSMA/CD Carrier Sense Multiple Access with Collision
Detection,
-CSMA/CA Carrier Sense Multiple Access with Collision
Avoidance)
Token passing.
Demand Priority.
200
Contention
202
Demand Priority
203
Collision & Broadcast Domains
MAC Address
Contains 48-bit destination address field.
Who is this frame for?
00-C0-F0-56-BD-97
Hey Joe
204
MAC Address
205
Special MAC Address
206
Broadcast MAC Address
FF-FF-FF-FF-FF-FF
48 bits, all 1s
All NICs copy the
frame & send it up
the stack
207
Broadcast Frames
208
Collision Domain
Hub
Switched Ethernet
Hub Hub
Micro segmented Switched Ethernet
(Group of LANs
cross-connected
by Routers)
Identify the collision domains
& broadcast domains
switch
hub hub
Identify the collision domains
& broadcast domains
hub
hub
Identify the collision domains
& broadcast domains
switch
hub
Identify the collision domains
& broadcast domains:
router
switch
Collisions
spread throughout a LAN segment
spread across hubs & repeaters
are stopped by switches & bridges
Broadcasts
spread throughout an entire LAN
spread across hubs, switches, bridges
are stopped only by routers
225
LAN Switching
226
Classification of switches
230
Configuring IP and Gateway on switch
We can configure IP address on switch for web access or telnet IP
address is required for the administration of the switch. If we have to
access switch from remote n/w then we will configure default gateway in
addition to IP address.
IP address is assigned to the logical interface of switch with following
command:-
Switch(config)#interface vlan 1
Switch(config)#IP address <ip> <mask>
Switch(config)#no sh
Switch(config)#exit
231
Old Switches
Switch(config)#ip address <ip> <mask>
Switch(config)#exit
Configuring Gateway
Switch(config)#ip default-gateway <ip>
Switch(config)#exit
232
Breaking Switch Password
(1) Power off switch press mode button present in front of switch then
power on the switch.
(2) Keep mode button press until Switch: prompt appears on console.
(3) In switch monitor mode, type following commands: -
flash_init
load_helper
rename flash:config.text flash:<anyname>
dir flash:
boot
(4) After booting switch will prompt to enter in initial configuration
dialog. Enter no here and type.
Switch>enable
Rename flash:<anyname> Flash:config.text
Configure memory
Change password and save config. Then copy run start_config.
233
Document Amendment History
234
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
235
SKILLS FOR INDIA
Security Protocol
A security protocol (cryptographic protocol or encryption protocol) is an
abstract or concrete protocol that performs a security-related function and
applies cryptographic methods.
238
IPsec
241
Point-to-point protocol
243
Transport Layer Security
244
Wireless Technology
245
Infrared
246
Infrared light is used in industrial, scientific, and medical applications.
Night-vision devices using infrared illumination allow people or animals to
be observed without the observer being detected. In astronomy, imaging at
infrared wavelengths allows observation of objects obscured by interstellar
dust. Infrared imaging cameras are used to detect heat loss in insulated
systems, observe changing blood flow in the skin, and overheating of
electrical apparatus.
247
Light Comparison[3]
Gamma ray less than 0.01 nm more than 10 EHZ 100 keV - 300+ GeV
248
Bluetooth
249
Bluetooth versions
Bluetooth 1.1
Many errors found in the 1.0B specifications were fixed
Added support for non-encrypted channels
Received Signal Strength Indicator (RSSI)
Bluetooth 1.2
Faster Connection and Discovery
Use the Adaptive frequency-hopping spread spectrum (AFH)
Improves resistance to radio frequency interference
Higher transmission speeds in practice, up to 721 kbps
250
Bluetooth 2.0
This version, specified November 2004
The main enhancement is the introduction of an enhanced data
rate (EDR) of 3.0 Mbps.
Lower power consumption through a reduced duty cycle.
Simplification of multi-link scenarios due to more available
bandwidth.
Bluetooth 2.1
A draft version of the Bluetooth Core Specification Version 2.1 +
EDR is now available
251
Ultra Wide Band(UWB)
252
Advantage of the UWB
253
Ultra Wide Band(UWB)
Wireless
Power mW Rage meter BW/channel Rate bps
technology
CDMA 1xEVDO 600 ~2000 1.25 MHz 2.4M
802.16(WiMAX) 250 ~4000 25MHz 120M
802.11g(WiFi) 50 ~100 25MHz 54M
Bluetooth 1 ~10 1MHz <1M
UWB <30 10~30 500MHz 100M~1G
Key application
Wireless USB
Toys and game
Consumer electronics
Location tracking
Handset 254
Factors Affecting Wireless Signals
Because wireless signals travel through the atmosphere, they are susceptible
to different types of interference than standard wired networks.
Interference Types
255
Radio frequency interference: Wireless technologies such as 802.11b/g use
an RF range of 2.4GHz, and so do many other devices, such as cordless
phones, microwaves, and so on. Devices that share the channel can cause
noise and weaken the signals.
257
Step 1
Attach the incoming DSL cable to the "Input," "Cable" or "DSL" port on
your DSL modem.
Step 2
Plug one end of an Ethernet cable into the Ethernet port on your DSL
modem and plug the other end of the cable into the "Internet," "WLAN" or
"WAN" port on your wireless router.
Step 3
Plug one end of the Ethernet cable supplied with your wireless router into
one of the output ports on the router. Plug the other end of the cable into the
Ethernet port on your computer.
Step 4
Connect your DSL modem and router to a power source. 258
Step 5
Open a browser and type the router's IP address, which likely will be either
"http://192.168.0.1" or "http://192.168.1.1." Enter the username, which is
frequently "admin." Enter the password, which may be set to "admin",
"password" or blank as the default. Set up the router according to the
instructions provided with the router. The product documentation will also
provide the IP address and username/password. During setup, the most
important things you should do are change the SSID network name,
configure encryption and change the router password.
Step 6
Disconnect the Ethernet cable from your computer, if you prefer to connect
wirelessly.
Step 7
Click the wireless icon, located by the system clock on your Windows 7 PC.
Click the router name that corresponds to the SSID you entered during
setup. Click "Connect" and enter the password to connect to the router.
Repeat for each computer requiring access.
259
Configuring a Wireless Access Point
When you access the configuration page of your wireless access point on the
Internet, you have the following configuration options that are related to the
wireless access point functions of the device. Although these options are
specific to this particular device, most access points have similar
configuration options.
Enable/Disable: Enables or disables the device's wireless access point
functions.
SSID: The Service Set Identifier used to identify the network. Most access
points have well-known defaults. You can talk yourself into thinking that
your network is more secure by changing the SSID from the default to
something more obscure, but in reality, that only protects you from first-
grade hackers. By the time most hackers get into the second grade, they
learn that even the most obscure SSID is easy to get around.
260
Allow broadcast SSID to associate? Disables the access point's periodic
broadcast of the SSID. Normally, the access point regularly broadcasts its
SSID so that wireless devices that come within range can detect the network
and join in. For a more secure network, you can disable this function. Then,
a wireless client must already know the network's SSID in order to join the
network.
Channel: Lets you select one of 11 channels on which to broadcast. All the
access points and computers in the wireless network should use the same
channel. If you find that your network is frequently losing connections, try
switching to another channel. You may be experiencing interference from a
cordless phone or other wireless device operating on the same channel.
262
Driver Compatibility
It is important to make sure that you have installed the correct device driver
for your wireless network adapter. This can cause all sorts of problems or
your adapter not to function at all. A friend of mine recently set up his own
wireless network at home but complained to me that his wireless network
connection was going crazy. Upon inspection I realized that he had
configured his router properly but installed the 5v instead of the 3v driver on
his laptop PCMCIA network card. Once the correct driver was installed,
everything began to run smoothly. It just goes to show how even the smallest
detail can make all the difference so make sure you have the correct driver
installed!
263
Low Signal Strength
There are a number of factors that can cause the signal of your access point
to deteriorate and the performance of your network to fall under par.
Practically any appliance that operates on the same frequency level (2.4
GHz) as 802.11b or 802.11g can cause interference with your wireless
network. Be sure to keep cordless phones, microwaves and other electrical
equipment at least 1m away from the access point. Try changing channels
on the access point and test it out on one of the clients. To change the radio
channel on the access point login to the configuration (usually a web based
interface) and go to the Wireless Settings (will vary depending on vendor)
section, select a different channel and save settings. On the client, go to
Device Manager, right click your wireless network adapter and go to
Properties.
264
In the advanced tab select the Channel Property and change the Value to the
same number as the one you chose on the Access Point. Disable and then
re-enable the wireless connection.
265
Access Point Location
You may also want to try changing the position of your access point antenna
to improve performance. Play around with its position and see if you notice
a difference. I find that if I point the antenna sideways or downwards I have
better reception on the floor below. The following images demonstrate what
I mean.
266
Access Point Location
The location of your access point is vital. Try and place it in a central
location, as much as possible avoiding physical obstructions and reflective
surfaces. Remember that wireless signals bounce of windows and mirrors,
thus decreasing the range. Experiment with different locations until you find
one that is practical and promising. Most people, including myself, like
placing it near the ceiling since most obstructions are nearer to the floor.
Its always a good idea to monitor the performance of your signal by using a
diagnostic utility. This will help you to identify how strong your signal is in
different locations and whether other electrical equipment is interfering. Run
the utility when the microwave or cordless phone is in use and see if you
notice a difference. Usually your access point will come with its own
monitoring utility.
267
Document Amendment History
268
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
269
SKILLS FOR INDIA
Proxy Server
Proxy Server
271
Utility of a Proxy server
Forward proxies
Open proxies
Reverse proxies
273
Forward proxies
Forward proxies are proxies where the client server names the target server to
connect to. Forward proxies are able to retrieve from a wide range of sources
(in most cases anywhere on the Internet).
The terms "forward proxy" and "forwarding proxy" are a general description
of behavior (forwarding traffic) and thus ambiguous. Except for Reverse
proxy, the types of proxies described in this article are more specialized sub-
types of the general forward proxy concept.
274
Open proxies
275
Reverse proxies
276
Issues with Proxy Server
277
Issues with Proxy Server
Finally intercepting connections can cause problems for HTTP caches, since
some requests and responses become un cacheable by a shared cache.
Therefore intercepting connections is generally discouraged. However due
to the simplicity of deploying such systems, they are in widespread use.
278
Document Amendment History
279
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
280
SKILLS FOR INDIA
Virtual LAN
A virtual local area network, virtual LAN or VLAN, is a group of hosts
with a common set of requirements, which communicate as if they were
attached to the same broadcast domain, regardless of their physical location.
A VLAN has the same attributes as a physical local area network (LAN), but
it allows for end stations to be grouped together even if not on the
same network switch. VLAN membership can be configured through
software instead of physically relocating devices or connections.
283
Utility of VPN
284
Advantages of VLAN
285
Security: VLANs provide enhanced network security. In a VLAN
network environment, with multiple broadcast domains, network
administrators have control over each port and user. A malicious user can no
longer just plug their workstation into any switch port and sniff the
network traffic using a packet sniffer. The network administrator controls
each port and whatever resources it is allowed to use.
VLANs help to restrict sensitive traffic originating from an enterprise
department within itself.
286
VLAN provides Virtual Segmentation of Broadcast Domain in the network.
The devices, which are member of same Vlan, are able to communicate with
each other. The devices of different Vlan may communicate with each other
with routing. So that different Vlan devices will use different n/w addresses.
Vlan provides following advantages: -
In port based Vlan, first we have to create a Vlan on manageable switch then
we have to add ports to the Vlan.
287
Commands to create Vlan
Switch#config ter
Switch(config)#vlan <no>
[name <word>]
Switch(config)#exit optional
Or
Switch#vlan database
Switch(vlan)#vlan <no>
[name <word>]
Switch(vlan)#exit
288
Commands to configure ports for a Vlan
By default, all ports are member of single vlan that is Vlan1. we can
change vlan membership according to our requirement.
Switch#conf ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport access vlan <no>
Switch(config-if)#exit
289
Example: - Suppose we want to add interface fast Ethernet 0/10 to 0/18 in
vlan5
Switch#config ter
Switch(config)#interface range fastethernet 0/10 18
Switch(config-if)#switchport access vlan 5
Switchconfig-if#exit
In 1900 & Compatible switches
Switch#config ter
Switch(config)#interface <type> <no>
Switch(config-if)#vlan-membership static <vlan no>
Switch(config-if)#exit
To Disable web access in switch
Switch#config ter
Switch(config)#no ip http server
To display mac address table
Switch#sh mac-address-table
Vlan Mac address type ports
20 00-08-a16-ab-6a-7b dynamic fa0/7
290
Trunking
To Display Vlan and port membership
Switch#sh vlan
When there are multiple switches then we have to use trunk links to
connect one switch with other. If we are not using trunk links then we
have to connect one cable from each vlan to the corresponding vlan of
the other switch.\
Switches will perform trunking with the help of frame tagging. The
trunk port will send data frames by adding a Vlan id information to
the frame, at the receiving end vlan id information is removing from
the end and according to the tag data is delivered to the corresponding
vlan. There are two protocols to perform frame tagging.
(1) Inter switch link (cisco prop)
(2) IEEE 802.1 q
291
Configuring Trunking
In cisco switches all switch ports may be configured in three
modes
(1) Trunk desirable (default)
(2) Trunk on
(3) Trunk off
Switch#conf ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport mode <trunk|access|auto>
Switch(config-if)#exit on off
desirable
292
To configure Vlans allowed on Trunk
By default all Vlans are allowed on Trunk port. We can add/remove
a partucular Vlan from trunk port with following command
Switch#config ter
Switch(config)#interface <type> <no>
Switch(config-if)#switchport trunk allowed vlan all
Remove <vlan>
Add <vlan>
Except <vlan>
293
VLAN Trunking Protocol
VTP server
VTP server is a switch in which we can create, delete or modify
Vlans. The server will send periodic updates for VTP clients.
VTP client
On VTP client, we are not able to create, modify or delete Vlans. The
client will receive and forward vtp updates. The client will create
same Vlans as defined in vtp update.
295
Transparent is a switch, which will receive and forward VTP update.
It is able to create, delete and modify Vlans locally. A transparent
will not send its own VTP updates and will not learn any
information from received vtp update.
Commands
Switch#conf ter
Switch(config)#vtp domain <name>
Switch(config)#vtp password <word>
Switch(config)#vtp mode <server|client|transparent>
Switch(config)#exit
By default in cisco switches the VTP mode is set as VTP server with
no domain and no password.
297
Inter Vlan Communication
298
Configuration on Router
Router#config ter
Router(config)#interface fastethernet 0/0
Router(config-if)#no ip address
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface fastethernet 0/0.1
Router(config-if)#encapsulation dot1q 1
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface fastethernet 0/0.2
Router(config-if)#encapsulation dot1q 3
Router(config-if)#ip address 11.0.0.1 255.0.0.0
Router(config-if)#no sh
299
Configuration on Router
Router(config-if)#exit
Router(config)#interface fastethernet 0/0.3
Router(config-if)#encapsulation dot1q 5
Router(config-if)#ip address 12.0.0.1 255.0.0.0
Router(config-if)#no sh
Router(config-if)#exit
300
Configuration on Core switch
(1) Configure switch as VTP server
(2) Create Vlans
(3) Configure interface connected to router as Trunk
(4) Configure interfaces connected to other switches as trunk (if
required)
Configuration on Pc
Configure IP and Gateway
301
VTP provides the following benefits:
VLAN configuration consistency across the network
Mapping scheme that allows a VLAN to be trunked over mixed media
Accurate tracking and monitoring of VLANs
Dynamic reporting of added VLANs across the network
Plug-and-play configuration when adding new VLANs
302
As beneficial as VTP can be, it does have disadvantages that are normally
related to the spanning tree protocol (STP) as a bridging loop propagating
throughout the network can occur. Cisco switches run an instance of STP for
each VLAN, and since VTP propagates VLANs across the campus LAN,
VTP effectively creates more opportunities for a bridging loop to occur.
Before creating VLANs on the switch that will propagate via VTP, a VTP
domain must first be set up. A VTP domain for a network is a set of all
contiguously trunked switches with the same VTP domain name. All
switches in the same management domain share their VLAN information
with each other, and a switch can participate in only one VTP management
domain. Switches in different domains do not share VTP information.
Using VTP, each Catalyst Family Switch advertises the following on its trunk
ports:
Management domain
Configuration revision number
Known VLANs and their specific parameters
303
Document Amendment History
304
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
305
SKILLS FOR INDIA
Network Storage
A network storage system maintains copies of digital data across high-
speed local area network (LAN) connections. It is designed to back up files,
databases and other data to a central location that can easily accessed via
standard network protocols and tools.
Storage is an essential aspect of any computer. Hard drives and USB keys,
for example, are designed to hold the data generated by individuals on their
PCs, but when these types of local storage fail, the data is lost. Additionally,
the process of sharing local data with other computers can be time-
consuming, and sometimes the amount of local storage available is
insufficient to store everything desired. Network storage addresses these
problems by providing a reliable, external data repository for all computers
on the LAN to share efficiently. Besides freeing up local storage space,
network storage systems also typically support automated backup programs
to prevent critical data loss.
307
Evolution in Storage Architecture
308
Network-attached storage
310
NAS
Scalability: good
Availability: as long as the LAN and NAS device work,
generally good
Performance: limited by speed of LAN, traffic conflicts,
inefficient protocol
Management: OK
Connection: homogeneous vs. heterogeneous
311
What is SAN about
Data is Asset
How to Store Data
How to Access Data
How to Manage Data Storage
312
Storage Area Network (SAN)
313
Storage Area Network (SAN)
314
SAN vs. NAS
315
Fibre Channel
316
Benefits of SAN
317
Easy Migration to SAN
318
Document Amendment History
319
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
320
SKILLS FOR INDIA
322
User 1 User 2 User 3 User n
Operating System
Computer Hardware
324
Features
325
Supports Internetworking such as routing and WAN ports
User management and support for login and logoff, remote access,
system management
Clustering capabilities, fault tolerant and and high availability systems
326
Remote Login with an example
telnet cs.yale.edu
328
Remote File Transfer
329
Example:
330
File location is not transparent to the user
No real file sharing
Remember: User at the Uni of Vermont must have login permission on
cs.yale.edu
FTP provides a way to allow a user to copy files remotely
Remote copying is accomplished through anonymous FTP method
331
Anonymous FTP Method
332
www.trainsignaltraining.com/.../ftp_iis7_10.png
333
FTP mechanism is implemented (similar to telnet implementation)
Daemon on remote site -> watches for connection requests to systems
FTP port
Login authentication is accomplished ->user can execute commands
remotely
Telnet daemon executes any command for user
FTP daemon responds to a predefined set of file-related commands
334
Get: transfer a file from the remote machine to the local machine
Put: transfer from the local machine to the remote machine
Ls or dir: list files in the current directory on the remote machine
Cd: change the current directory on the remote machine
335
Network and Operating System Security
336
Travels over private leased lines, shared lines like the internet, wireless
connections, or dial-up lines
Intercepting these data could be harmful as breaking into a computer
Interruption of communications could constitute a remote denial-of-
service attack
Diminishing users use of and trust in
the system
337
Novell NetWare
Is a NOS
Used cooperative multitasking to run several services on a PC
File sharing instead of disk sharing
NDS (Novell Directory Services)
Server administration
Desktop Management
Software distribution
Integrated cache
Enhanced security
338
Novell NetWare Protocols
339
340
Linux
341
342
SKILLS FOR INDIA
344
345
When you get the message to
"press any key to boot from CD...", press any key.
Once the boot from CD-ROM has started, it will display at the top of the
screen :
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
Setup will configure then your screen resolution.
The system will try to connect via the Internet to the Microsoft website, you can select to "Skip" that step.
You will be prompted to enter the first Usernames (which will be defined as Administrators)
and you will get the new XP Welcome screen :
366
ALL SET TO GO
367
Step By Step Windows Server 2003 Installation
Guide
368
Windows Server 2003 operating systems take the best of Windows 2000
Server technology and make it easier to deploy, manage, and use. The
result: a highly productive infrastructure that helps make your network a
strategic asset for your organization .
Windows Server 2003 SP2 provides enhanced security, increased
reliability, and a simplified administration to help enterprise customers
across all industries.
369
Microsoft Windows Server 2003 R2 Standard Edition Requirements
Computer and processor
PC with a 133-MHz processor required; 550-MHz or faster processor
recommended; support for up to four processors on one server
Memory
128 MB of RAM required; 256 MB or more recommended; 4 GB maximum
Hard disk
1.2 GB for network install; 2.9 GB for CD install
Drive
CD-ROM or DVD-ROM drive
Display
VGA or hardware that supports console redirection required; Super VGA
supporting 800 x 600 or higher-resolution monitor recommended
370
Check System Requirements
Check Hardware and Software Compatibility
Determine Disk Partitioning Options
Choose the Appropriate File System: FAT, FAT32, NTFS
Decide on a Workgroup or Domain Installation
Complete a Pre-Installation Checklist
After you made sure you can go on, start the installation process
Beginning the installation process
You can install Windows Server 2003 in several methods all are valid
and good, it all depends upon your needs and your limitations
In this tutorial we are installing directly from a CD by booting your
computer with the CD
Start the computer from the CD 371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
Document Amendment History
396
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
397
SKILLS FOR INDIA
Linux Installation
Installation Requirements
399
Linux installation requirements
Minimum installation
80386SX or better
2 MB RAM
Floppy disk drive
40MB hard drive
Video card
Monitor
400
Linux installation requirements
Realistic installation
Text based
80386 or better
8 MB RAM
GUI based
80486 or Pentium class
16 MB RAM
401
Linux recommended hardware
Before installation
Check hardware compatibility!!!
www.redhat.com/support/hardware
Make sure you have enough disk space
Decide which installation method to use
CD-ROM
Hard Drive
Ftp
Http
403
Decide how to start the installation
Bootable CD-ROM
Local media boot disk
Included with Official RedHat Linux 6.2 set
Network boot disk
PCMCIA boot disk
Used if CD-ROM drive is attached to PC
through PCMCIA card
404
A Note on Workstation Installations
There are two types available, we will choose KDE for this
presentation
GNOME
www.gnome.org
KDE
www.kde.org
405
RedHat Installation
407
Choose the keyboard that best fits your system If no exact match,
choose the best GENERIC match and click Next
408
Choose the mouse that best fits your system If no exact match,
choose the best GENERIC match and click Next
409
Read over the help text in the left and then click Next
410
Choose to Install and select KDE Workstation and click Next
411
For ease of installation, continue with Automatic Partitioning and click
Next
Note: everything will be erased!
412
Again, for ease of installation and use, leave defaults selected and click
Next
413
Choose your Network device type, then enter your IP Address,
Netmask, Network, and Broadcast addresses and click Next
Unsure? Ask your network administrator
414
Choose your time zone by clicking on the map, ex. Pacific Tijuana,
and click Next
415
Set the ROOT PASSWORD - Write it down and keep it in a secure
place!
You can add Users at this time too, then click Next
416
Continue with the option detected for your system and click Next
417
Choose the monitor that best fits your system - If none exist, choose
the best GENERIC monitor and click Next
418
Continue with the video hardware detected for you unless you know it
is incorrect (change it) and click Next
419
Almost done!!! Click Next
If you would rather quit, this is your last chance! You can reboot
and safely exit the installation now
Be sure
to read
the
Caution
Note!
420
At this point, you can sit back and relax while RedHat is installed
Depending on the speed of your system, the installation will take
from about 15 minutes to 1 hour
421
Insert a blank, formatted disk into the floppy drive and click Next
422
Congratulations!!!
You can now click Exit to reboot your system and start to use
Linux
423
Document Amendment History
424
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
425
SKILLS FOR INDIA
427
Names and addresses in general
428
Naming History
1970s ARPANET
Host.Txt maintained by the SRI-NIC
Pulled from a single machine
Problems
Traffic and load
Name collisions
Consistency
DNS related in 1983 by paul mock-apetris (rfcs 1034 and 1035),
modified, updated, and enhanced by a myriad of subsequent rfcs
429
DNS
430
DNS Features: Global Distribution
431
DNS Features: Loose Coherency
432
DNS Features: Scalability
433
DNS Features: Reliability
Data is replicated
Data from master is copied to multiple slaves
Clients can query
Master server
Any of the copies at slave servers
Clients will typically query local caches
DNS protocols can use either UDP or TCP
If UDP, DNS protocol handles retransmission, sequencing, etc.
434
DNS Features: Dynamicity
435
Document Amendment History
436
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
437
SKILLS FOR INDIA
438
Dynamic Assignment of IP addresses
439
Solutions for dynamic assignment of IP
addresses
Not only assign IP address, but also default router, network mask, etc.
Sent as UDP messages (UDP Port 67 (server) and 68 (host))
Use limited broadcast address (255.255.255.255):
These addresses are never forwarded
441
DHCP
442
BOOTP Interaction
(b)
(a)
Argon Argon
00:a0:24:71:e4:44 BOOTP Server 128.143.137.144
00:a0:24:71:e4:44 DHCP Server
BOOTP Request BOOTP Response:
00:a0:24:71:e4:44 IP address: 128.143.137.144
Sent to 255.255.255.255 Server IP address: 128.143.137.100
Boot file name: filename
(c)
BOOTP can be used for
downloading memory image for
diskless workstations
Assignment of IP addresses to hosts
is static
443
DHCP Interaction (simplified)
Argon
128.143.137.144
00:a0:24:71:e4:44 DHCP Server
DHCP Response:
IP address: 128.143.137.144
Default gateway: 128.143.137.1
Netmask: 255.255.0.0
444
BOOTP/DHCP Message Format
Hardware Address
OpCode Hardware Type Hop Count
Length
Unused (in BOOTP)
Number of Seconds
Flags (in DHCP)
Transaction ID
Client IP address
Your IP address
Server IP address
Gateway IP address
Options
447
DHCPACK: Acknowledgement from server to client with parameters,
including IP address.
DHCPNACK: Negative acknowledgement from server to client,
indicating that the client's lease has expired or that a requested IP address is
incorrect.
DHCPDECLINE: Message from client to server indicating that the
offered address is already in use.
DHCPRELEASE: Message from client to server canceling remainder of a
lease and relinquishing network address.
DHCPINFORM: Message from a client that already has an IP address
(manually configured for example), requesting further configuration
parameters from the DHCP server.
448
DHCP Operation
DHCP Client
00:a0:24:71:e4:44 DHCP Server
DHCPDISCOVER
DCHP DISCOVER Sent to 255.255.255.255
DHCP Server
DHCP Client
00:a0:24:71:e4:44 DHCPOFFER DHCP Server
DHCPOFFER
DCHP OFFER
DHCP Server
449
DHCP Operation
DHCP Client
00:a0:24:71:e4:44 DHCP Server
DHCPREQUEST
DHCP Client
00:a0:24:71:e4:44 DHCP Server
DHCPRELEASE
DCHP RELEASE
451
Client Server Interactions
452
The client receives one or more DHCPOFFER messages from one or
more servers
The client chooses one based on the configuration parameters
offered and broadcasts a DHCPREQUEST message that includes
the server identifier option to indicate which message it has selected
and the requested IP address option, taken from your IP address in
the selected offer
In the event that no offers are received, if the client has knowledge
of a previous network address, the client may reuse that address if its
lease is still valid, until the lease expires
453
The servers receive the DHCPREQUEST broadcast from the client
Those servers not selected by the DHCPREQUEST message use
the message as notification that the client has declined that server's
offer
The server selected in the DHCPREQUEST message commits the
binding for the client to persistent storage and responds with a
DHCPACK message containing the configuration parameters for
the requesting client
454
The combination of client hardware and assigned network address constitute
a unique identifier for the client's lease and are used by both the client and
server to identify a lease referred to in any DHCP messages.
The your IP address field in the DHCPACK messages is filled in with the
selected network address. The client receives the DHCPACK message with
configuration parameters. The client performs a final check on the
parameters, for example with ARP for allocated network address, and notes
the duration of the lease and the lease identification cookie specified in the
DHCPACK message. At this point, the client is configured.If the client
detects a problem with the parameters in the DHCPACK message (the
address is already in use on the network, for example), the client sends a
DHCPDECLINE message to the server and restarts the configuration
process.
455
The client should wait a minimum of ten seconds before restarting the
configuration process to avoid excessive network traffic in case of looping.
On receipt of a DHCPDECLINE, the server must mark the offered address
as unavailable (and possibly inform the system administrator that there is a
configuration problem).
If the client receives a DHCPNAK message, the client restarts the
configuration process.
The client may choose to relinquish its lease on a network address by
sending a DHCPRELEASE message to the server.
The client identifies the lease to be released by including its network
address and its hardware address.
456
DHCP Pros
457
DHCP Cons
458
Document Amendment History
459
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
460
SKILLS FOR INDIA
A message transfer agent receives mail from either another MTA, a mail
submission agent (MSA), or a mail user agent (MUA). The transmission
details are specified by the Simple Mail Transfer Protocol (SMTP). When a
recipient mailbox of a message is not hosted locally, the message is relayed,
that is, forwarded to another MTA. Every time an MTA receives an email
message, it adds aReceived trace header field to the top of the header of the
message,[4] thereby building a sequential record of MTAs handling the
message. The process of choosing a target MTA for the next hop is also
described in SMTP, but can usually be overridden by configuring the MTA
software with specific routes.
463
A MTA works in the background, while the user usually interacts directly
with a mail user agent. One may distinguish initial submission as first
passing through an MSA port 587 is used for communication between an
MUA and an MSA while port 25 is used for communication between
MTAs, or from an MSA to an MTA, this distinction is first made in RFC
2476.
For recipients hosted locally, the final delivery of email to a recipient
mailbox is the task of a message delivery agent (MDA). For this purpose
the MTA transfers the message to the message handling service component
of the message delivery agent. Upon final delivery, the Return-Path field is
added to the envelope to record the return path.
464
Install a Windows Server 2003 Print Server
465
Click Local printer attached to this computer, click to clear
the Automatically detect and install my Plug and Play printer check box,
and then click Next
Click the port for your printer, and then click Next
Click the printer make and model or provide the drivers from the printer
manufacturer media, and then click Next
NOTE: If you are prompted to keep or not keep your existing printer driver,
either keep the existing driver or replace the existing driver. If you replace
the driver, you must provide the manufacturer driver for this printer.
Click Next to continue.
Accept the default name of the printer or provide a different name, and then
click Next.
Click the Share as option, type the share name, and then click Next.
466
Document Amendment History
467
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
468
SKILLS FOR INDIA
470
Since a backup system contains at least one copy of all data worth saving,
the data storage requirements are considerable. Organizing this storage
space and managing the backup process is a complicated undertaking. A
data repository model can be used to provide structure to the storage. In the
modern era of computing there are many different types of data storage
devices that are useful for making backups. There are also many different
ways in which these devices can be arranged to provide geographic
redundancy, data security, and portability.
471
Types of Backup
Normal
Copy
Incremental
Differential
Daily Backup
472
Selecting Backup Devices and Media
Many tools are available for backing up data. Some are fast and
expensive. Others are slow but very reliable. The backup solution that's
right for your organization depends on many factors, including
Capacity The amount of data that you need to back up on a routine
basis. Can the backup hardware support the required load given your
time and resource constraints?
Reliability The reliability of the backup hardware and media. Can
you afford to sacrifice reliability to meet budget or time needs?
Extensibility The extensibility of the backup solution. Will this
solution meet your needs as the organization grows?
Speed The speed with which data can be backed up and recovered.
Can you afford to sacrifice speed to reduce costs?
Cost The cost of the backup solution. Does it fit into your budget?
473
Recovering Data Using the Restore Wizard
Make sure that the backup set you want to work with is loaded into the
library system, if possible.
Start Backup. In the Welcome tab, click Restore Wizard, and then click
Next.
474
Select the check box next to any drive, folder, or file that you want to
restore. If the media set you want to work with isn't shown, click Import
File, and then type the path to the catalog for the backup.
To restore system state data, select the check box for System State as well as
other data you want to restore. If you're restoring to the original location, the
current system state will be replaced by the system state data you're
restoring. If you restore to an alternate location, only the registry, Sysvol,
and system boot files are restored. You can only restore system state data on
a local system.
Tip By default, Active Directory and other replicated data, such as Sysvol,
aren't restored on domain controllers. This information is instead replicated
to the domain controller after you restart it, which prevents accidental
overwriting of essential domain information. To learn how to restore Active
Directory, see the "Restoring Active Directory" section of this chapter.
475
Click Next. Click Advanced if you want to override default options, and
then follow steps 57. Otherwise, skip to step 8.
Select the restore location using one of the following options:
Original Location Restores data to the folder or files it was in when it was
backed up.
Alternate Location Restores data to a folder that you designate, preserving
the directory structure. After selecting this option, enter the folder path to
use or click Browse to select the folder path.
Single Folder Restores all files to a single folder without preserving the
directory structure. After selecting this option, enter the folder path to use or
click Browse to select the folder path.
Do Not Replace The Files On My Computer (Recommended) Select this
option if you don't want to copy over existing files.
Replace The File On Disk Only If the File On Disk Is Older Select this
option to replace older files on disk with newer files from the backup.
Always Replace The File On My Computer Select this option to replace
all the files on disk with files from the backup.
476
If they're available, you can choose to restore security and system files using
the following options:
Restore Security:Restores security settings for files and folders on
NTFS volumes.
Restore Removable Storage Database:Restores the Removable
Storage configuration if you archived SystemRoot%\System32\
Ntmsdata. Choosing this option will delete existing Removable Storage
information.
Restore Junction Points, Not The Folder And File Data They
Restores network drive mappings but doesn't restore the actual data to
the mapped network drive. Essentially, you're restoring the folder that
references the network drive.
Click Next, and then click Finish. If prompted, type the path and name of the
backup set to use. You can cancel the backup by clicking Cancel in the
Operation Status and Restore Progress dialog boxes.
When the restore is completed, click Close to complete the process or click
Report to view a backup log containing information about the restore
operation. 477
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
478
SKILLS FOR INDIA
480
Classification Access Control List
Types of ACL based on Protocol: -
(1) IP Access Control List
(2) IPX Access Control List
(3) Apple talk Access Control List
481
Classification Access Control List
Types of ACL based on Order of rules: -
(1) Deny, permit
(2) Permit, deny
482
Flow chart of Inbound ACL
A Packet is received
Yes
No
Is there any The packet
macthine rule in ACL is dropped.
from top-down
order?
Yes
The packet Yes No
Is it The packet
is passed to
permit is dropped.
RE
? 483
IP Standard ACL (Numbered)
In Standard ACL, we are only able to specify source address for the
filtering of packets. The syntax to create IP standard ACL are: -
Router#conf ter
Router(config)#access-list <no> <permit|deny> <source>
Router(config)#exit
<source> Single pc host 192.168.10.5
192.168.10.5
192.168.10.5 0.0.0.0
N/w 200.100.100.0 0.0.0.255
Subnet 200.100.100.32 0.0.0.15
All any
484
Example: - 172.16.0.16 18 should not access Internet; rest of all other pc
should access Internet.
Internet
Router
172.16.0.1
172.16.x.x
Router#conf ter
Router(config)#access-list 30 deny 172.16.0.16
Router(config)#access-list 30 deny 172.16.0.17
Router(config)#access-list 30 deny 172.16.0.18
Router(config)#access-list 30 permit any
Router(config)#exit
485
IP Standard ACL (Named)
In Numbered ACL editing feature is not available that is we are not
able to delete single rule from the ACL. In Named ACL editing
feature is available.
Router#config ter
Router(config)#ip access-list standard <name>
Router(config-std-nacl)#<deny|permit> <source>
Router(config-std-nacl)#exit
Router#conf ter
Router(config)#ip access-list standard abc
Router(config-std-nacl)#deny 172.16.0.16
Router(config-std-nacl)#deny 172.16.0.17
Router(config-std-nacl)#deny 172.16.0.18
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
486
To control Telnet access using ACL
If we want to control telnet with the help of ACL then we can create
a standard ACL and apply this ACL on vty port. The ACL that we
will create for vty will be permit deny order.
487
IP Extended ACL (Numbered)
Extended ACL are advanced ACL. ACL,
which can control traffic flow on the basis
of five different parameters that are: -
(i) Source address
(ii) Destination address
(iii) Source port
(iv) Destination port
(v) Protocol (layer 3/layer 4)
488
The syntax to create Extended ACL
Router#conf ter
Router(config)#access-list <no> <deny|permit> <protocol>
<source> [<s.port>]
<destination> [<d.port>]
router(config)#exit
<no> -> 100 to 199
<protocol> -> layer
IP
TCP
UDP
ICMP
IGRP
489
The syntax to create Extended ACL
<Source port> no (1 to 65535) or
<Destination port> telnet/www/ftp etc.
<Source> Single pc
<Destination> 192.168.10.4 0.0.0.0
host 192.168.10.4
N/w
200.100.100.0 0.0.0.255
Subnet
172.30.0.32 0.0.0.7
All
Any
490
To display ACL
Router#show access-lists or
Router#show access-list <no>
491
Switch port ACL
You can only apply port ACLs to layer 2 interfaces on your switches
because they are only supported on physical layer 2 interfaces. You
can apply them as only inbound lists on your interfaces, and you can
use only named lists as well.
492
Switch#conf ter
Switch(config)#mac access-list extended abc
Switch(config-ext-mac)#deny any host 000d.29bd.4b85
Switch(config-ext-mac)#permit any any
Switch(config-ext-mac)#do show access-list
Switch(config-ext-mac)#int f0/6
Switch(config-if)#mac access-group abc
493
Lock and Key (Dynamic ACLs)
These ACLs depends on either remote or local Telnet authentication in
combination with extended ACLs. Before you can configure a dynamic
ACL, you need to apply an extended ACL on your router to stop the flow
of traffic through it.
Reflexive ACLs
494
Time-Based ACLs
In this you can specify a certain time of day and week and then
identity that particular period by giving it a name referenced by a
task. The reference function will fall under whatever time constraints
you have dictated. The time period is based upon the routers clock,
but it is highly recommended that using it in conjunction with
Network Time Protocol (NTP) synchronization.
Router#conf ter
Router(config)#time-range no-http
Router(config-time-range)#periodic
<Wednesday|weekdays|weekend> 06:00 to 12:00
Router(config-time-range)#exit
Router(config)#time-range tcp-yes
Router(config-time-range)#periodic weekend 06:00 to 12:00
Router(config-time-range)#exit
495
Router(config)ip access-list extended time
Router(config-ext-nacl)#deny tcp any any eq www time-range
no-http
Router(config-ext-nacl)#permit tcp any any time-range tcp-yes
Router(config-ext-nacl)#interface f0/0
Router(config-if)#ip access-group time in
Router(config-if)#do show time-range
496
Document Amendment History
497
T H A N K Y O U. . .
All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn
Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise,
without written permission of the owner.
498