Professional Documents
Culture Documents
Ip Addressing
Ip Addressing
Ip Addressing
A network consists of two or more computers that are linked in order to share
resources (such as printers and CD-ROMs), exchange files, or allow electronic
communications. The computers on a network may be linked through cables,
telephone lines, radio waves, satellites, or infrared light beams.
One example of a MAN is the MIND Network located in Pasco County, Florida. It
connects all of Pasco's media centers to a centralized mainframe at the district
office by using dedicated phone lines, coaxial cabling, and wireless
communications providers.
Using a WAN, schools in Florida can communicate with places like Tokyo in a
matter of minutes, without paying enormous phone bills. A WAN is complicated.
It uses multiplexers to connect local and metropolitan networks to global
communications networks like the Internet. To users, however, a WAN will not
appear to be much different than a LAN or a MAN
TYPES OF NETWORK
The two most common types of networks are peer-to-peer and client/server.
Both networks serve the same purpose. They allow users to share information or
resources.
Peer-to-Peer Networks
The most basic way to allow multiple users to share information or resources,
such as printers and fax machines, is to connect multiple computers in a peer-to-
peer network. A common method for setting up a peer-to-peer network is to
connect computers running workgroup or client software, such as the Windows
Vista® operating system, to a hub or to use a wireless access point.While this is a
simple, low-cost solution, peer-to-peer networks are limited in what they can do.
For example, peer-to-peer networks have no centralized security safeguards.
Information and resources are shared from each computer, and if one computer
shuts down, loses Power, or loses data, it is impossible to access the information
on that computer. Peer-to-peer networks also tend to slow down when more
than five computers are connected.
Client/Server Networks
In a client/server network, a single computer (the server hardware) is used to
store and manage information and resources in a central location. That computer
is loaded with server software that is designed to perform specific tasks and
provide specific services such as file sharing, print processing, Internet
connectivity, and e-mail for each of the network’s “client” computers. The clients
in the client/server network can be individual computers, printers, or other
remote devices (for example, Windows Mobile® phones).Client/server networks
provide tools and services that can help your business achieve dramatic time and
cost savings, revolutionizing the way you do your work. For example, with a
client/server network you can use fewer printers and distribute faxes
electronically, which results in lower hardware costs and increased productivity.
The server can back up information, which can save you time and prevent data
loss.
Also, because the server acts as a single access point, your Internet connection
can be monitored and controlled, which enhances your network security. The
computers in your business may show markedly improved performance in a
client/server network because they don’t have to perform functions for other
computers, such as storing large amounts of data or running heavy software
applications; the server takes on all this heavy lifting. With one centralized access
point for information and resources, users are not dependent on information
housed on each other’s computers, as they are in a peer-to-peer network. In
addition, servers can enhance the security of your business data by providing
controlled access to files and data such as financial information, documents, and
business presentations.
CIDR
Classless Inter Domain Routing (CIDR) Classless Inter Domain Routing. CISR was
invented several years ago to kep the internet from running out of IP addresses.
CIDR was introduced to improve both address space utilization and routing
scalability in the internet. It was needed because of the rapid growth of the
Internet and growth of the IP routing tables held in the Internet routers The
“classfull” system of allocating IP addresses can be very wasteful; anyone who
could reasonably show a need for more that 254 host addresses was given a Class
B address Block of 65533 host addresses.
ROUTERS
Routers are networking devices used to extend or segment networks by
forwarding packets from one logical network to another. Routers are most often
used in large internetworks that use the TCP/IP protocol suite and for connecting
TCP/IP hosts and local area networks (LANs) to the Internet using dedicated
leased lines.
Routers work at the network layer (layer 3) of the Open Systems Interconnection
(OSI) reference model for networking to move packets between networks using
their logical addresses (which, in the case of TCP/IP, are the IP addresses of
destination hosts on the network). Because routers operate at a higher OSI level
than bridges do, they have better packet-routing and filtering capabilities and
greater processing power, which results in routers costing more than bridges.
ROUTING BASICS:
When an internetwork is created by connecting WANs and LANs to a router
there is a need to configure logical network address, such as IP addresses
to all hosts on the internetwork so that they can communicate across that
internetwork. The term routing is used for taking a packet from one device
and sending it through the network to another device on a different
network. Routers don’t care about hosts. They only care about networks and
the best path to each network. The logical network address of the
destination host is used to get packets to a network through a routed
network, then the hardware address of host is used to deliver the packets
from a router to correct destination host.
To able to route packets, a router must know following:
Destination address
Neighbor routers from which it can learn about remote networks
Possible routes to all remote networks
How to maintain and verify routing information
The routers learns about remote networks from neighbor routers or from
an administrator. The routers then builds a routing table that describes how
to find the remote network. If a network is directly connected, then routers
already knows how to get it. If network isn’t connected , the router must
learn how to get to it in two ways:
Static Routing
Dynamic Routing
By using static routing, meaning that someone must handtype all network
locations into a routing table. It satic routing is used, the administrator is
responsible for updating all changes by hand into all routers.
In dynamic routing , a protocol on one router communicate with the same
protocol running on neighbor router. The router then update each other
about all the network they know about and place this information into
routing table. If a change occur in the network, the dynamic routing
protocol automatically inform all routers about the event. In a large
network, a combination of both dynamic and static routing is used.
STATIC ROUTING
Static routing occurs when manually add routes in each router’s routing
table. There are pros and cons to static routing, but that’s true for all
routing processes. Static routers specify the path packets take, allowing precise
control over a network’s routing behavior. Static routes are sometimes used to
define a gateway of last resort .This is where a packet is routed if no other
suitable path can be found. Static router are also used when routing to a stub
network. A stub network is a network accessed by a single route. Often static
routers are the only way on to or off of a stub network. Static routers are also
used for security reasons or when the network is small. By using static routing,
meaning that someone must handtype all network locations into a routing
table. It satic routing is used, the administrator is responsible for updating
all changes by hand into all routers
BENEFITS OF STATIC ROUTING:
There is no overhead on the router CPU, which means we can
possibly buy a cheaper router than dynamic routing.
There is no bandwidth usage between routers.
It adds security, because the administrator can choose to allow
routing access to certain networks only.
DISADVANTAGES OF STATIC ROUTING:
The administrator must really understand the internetwork and how each
router is connected in order to configure routers correctly.
If a network is added to the internetwork, the administrator has to add a
route to it on all routers by hand.
It’s not feasible in large network because maintaining it would be a full-
time job in itself.
[administrative_distance] [permanent]
Following list describe each command in the string:
Destination_ network: The network we are placing in the routing table. Mask:
the subnet mask being used on the network. Next-
hop_address: The address of the next –hop router that will receive the
packet and forward it to the remote network. This is a router interface
that’s on a directly connected network. We must ping the router interface
before we add the route . If we type in the wrong next-hop address, or the
interface to that router is down, the static route will show up in the
router’s configuration, but not in the routing table.
DEFAULT ROUTING:
We use default routing to send packets with a remote destination
networking not in the routing table to the next- hop router. We can
also use default routing on stub networks those with only one exit
path out of network.
PC2-ETHERNET 0(E0)
PC3-ETHERNET 0(E0)
DYNAMIC ROUTING:
Dynamic routing is when protocols are used to find networks and update
routing tables on router. It is eaiser than using static or default routing, but
it will cost in terms of router CPU processes and bandwidth on network
links. A routing protocol defines the set of rules used by a router when it
communicates routing information between neighbor routers.
ROUTING PROTOCOLS
RIP
IGRP
EIGRP
OSPF
If a ruter receive two updates listing the same remote network, the first
thing the router checks the AD. If one of the advertised routes has a lower
AD than the other, then the route with lowest AD will be placed in the
routing table.
CONNECTED INTERFACE 0
STATIC ROUTE 1
EIGRP 90
IGRP 100
OSPF 110
RIP 120
170
EXTERNAL EIGRP
Distance vector:
The distance vector protocols find the best path to a remote network by
judging distance. Each time a packet goes through a router that’s called a
hop. The router with least number of hops to the network is determined to
be the best path. The vector indicates the direction to the remote network.
Both RIP and IGRP are distance- vector routing protocols. They send the
entire routing table to directly connected neighbors.
Link state:
In link state protocols, also called shortest-path-first protocols, the routers
each create three separate tables. One of these tables keep track of
directly attached neighbors, one determines the topology of entire
internetwork, and one is used as the routing table. Link state routers know
more about the internetwork than any distance-vector routing protocol.
Link-OSPF is an IP routing protocol that is completely link state. Link state
protocol send updates containing the state of their own links to all other
routers on the network.
HYBRID:
Hybrid protocols use aspects of both distance vector and link state- for
example, EIGRP.
RIP only uses hop count to determine the best way to remote
network, but it has maximum allowable hop count of 15 by default,
meaning that 16 is deemed unreachable.
RIP VERSION 1
RIP VERSION 2
RIP VERSION 1 uses only CLASSFULL ROUTING, which means that all devices
in the network must use the same subnet mask. This is because RIP
version1 doesn’t send updates with subnetmask information .
RIP VERSION 2 provides something called prefix routing and does send
subnetmask information with the route updates. This is called CLASSLESS
ROUTING.
RIP TIMER
Sets the interval (30 seconds) between periodic routing updates, in which
the router sends a complete copy of its routing table out to all neighbors.
ROUTE INVAILD TIMER:
Determine the length of time that must elapse (180 seconds) before a
router determines that a route has become invalid. It will come to this
conclusion if it hasn’t heard any updates about a particular route for that
period. When that happens , the router will send out updates to all its
neighbors letting them know that the route is invalid.
HOLDDOWN TIMER:
Sets the time between a route becoming invalid and its removal from the
routing table(240 seconds). Before it’s removed from the table, the router
notifies its neighbors of that route’s impending demise. The value of the
route invalid timer must be less than that of the route flush timer. This
gives the router enough time to tell its neighbors about the invalid route
the local routing table is updated.
Routing tables
Routers contain internal tables of information called routing tables that keep
track of all known network addresses and possible paths throughout the
internetwork, along with cost of reaching each network. Routers route packets
based on the available paths and their costs, thus taking advantage of redundant
paths that can exist in a mesh topology network. Because routers use destination
network addresses of packets, they work only if the configured network protocol
is a routable protocol such as TCP/IP or IPX/SPX. This is different from bridges,
which are protocol independent. The routing tables are the heart of a router;
without them, there's no way for the router to know where to send the packets it
receives. Unlike bridges and switches, routers cannot compile routing tables from
the information in the data packets they process. This is because the routing table
contains more detailed information than is found in a data packet, and also
because the router needs the information in the table to process the first packets
it receives after being activated. A router can't forward a packet to all possible
destinations in the way that a bridge can.
Static routers: These must have their routing tables configured manually with
all network addresses and paths in the internetwork.
Routing tables are the means by which a router selects the fastest or nearest
path to the next "hop" on the way to a data packets final destination. This process
is done through the use of routing metrics
Routing metrics which are the means of determining how much distance or
time a packet will require to reach the final destination. Routing metrics are
provided in different forms.
Subnetting
In case we have 2-3 small networks but we cant buy IP address for each and every
network. So here we use the basic concept of SUBNETTING i.e using one public IP
address we will give them IP address and make them independent networks. For
this we take some bits of host address and use them for network address so we
have different independent networks
8 24-x x
Example
here first two octets represents Network address and third octet represents
subnet address.
It can be compared with a postal address as there is only one ZIP code (Network
address), different streets (Subnet address), and different house number (Host
address).
Broadcast Domain- It is the group of PC’s those will receive same broadcast
message.
the IEEE.
Locally administered address: Through configuration, an address that is used
instead of the burned-in address.
Unicast address: Fancy term for a MAC that represents a single LAN interface.
Step2: So, we have to leave 6 bit form the host part of the IP
172.168.00000000.00 000000
172.168.00000000.01000000 / 26
Step4: Now we calculate the network address of R1 for 2nd network address
172.168.00000000.01000000 / 26
Requirement of R1 is 28 hosts.
Step5: Repeat step 3 for calculate 3rd network address and step 4 for calculate
network address between two routers.
Wildcard Masks
You will often come across Wildcard masks, particularly if you work with OSPF and
/ or Cisco routers. The use of wildcard masks is most prevalent when building
Access Control Lists (ACLs) on Cisco routers. ACLs are filters and make use of
wildcard masks to define the scope of the address filter. Although ACL wildcard
masks are used with other protocols, we will concentrate on IP here.
Network Devices
HUB
Networks using a Star topology require a central point for the devices to connect.
Originally this device was called a concentrator since it consolidated the cable
runs from all network devices. The basic form of concentrator is the hub.
An active hub strengthens and regenerates the incoming signals before sending
the data on to its destination.
SWITCHE
Switches are a special type of hub that offers an additional layer of intelligence to
basic, physical-layer repeater hubs. A switch must be able to read the MAC
address of each frame it receives. This information allows switches to repeat
incoming data frames only to the computer or computers to which a frame is
addressed. This speeds up the network and reduces congestion.
Switches operate at both the physical layer and the data link layer of the OSI
Model.
BRIDGES
A bridge is used to join two network segments together, it allows computers on
either segment to access resources on the other. They can also be used to divide
large networks into smaller segments. Bridges have all the features of repeaters,
but can have more nodes, and since the network is divided, there is fewer
computers competing for resources on each segment thus improving network
performance
Bridges can also connect networks that run at different speeds, different
topologies, or different protocols. But they cannot, join an Ethernet segment with
a Token Ring segment, because these use different networking standards. Bridges
operate at both the Physical Layer and the MAC sublayer of the Data Link layer.
Bridges read the MAC header of each frame to determine on which side of the
bridge the destination device is located, the bridge then repeats the transmission
to the segment where the device is located.
ROUTERS
Routers are networking devices used to extend or segment networks by
forwarding packets from one logical network to another. Routers are most often
used in large internetworks that use the TCP/IP protocol suite and for connecting
TCP/IP hosts and local area networks (LANs) to the Internet using dedicated
leased lines.
Routers work at the network layer (layer 3) of the Open Systems Interconnection
(OSI) reference model for networking to move packets between networks using
their logical addresses (which, in the case of TCP/IP, are the IP addresses of
destination hosts on the network). Because routers operate at a higher OSI level
than bridges do, they have better packet-routing and filtering capabilities and
greater processing power, which results in routers costing more than bridges.
Key Features
Packet Tracer Workspaces: Cisco Packet Tracer has two workspaces—logical and
physical. The logical workspace allows users to build logical network topologies by
placing, connecting, and clustering virtual network devices. The physical
workspace provides a graphical physical
Dimension of the logical network, giving a sense of scale and placement in how
network devices such as routers, switches, and hosts would look in a real
environment. The physical view also provides geographic representations of
networks, including multiple cities, buildings, and wiring closets.
Figure 3. The physical workspace provides a graphical view of the logical network
NETWORK MODELS
Humans can more easily discuss and learn about the many details of a protocol
specification.
Reduced complexity allows easier program changes and faster product evolution.
One layer uses the services of the layer immediately below it. Therefore,
remembering what each layer does is easier. (For example, the network layer
needs to deliver data from end to end. To do this, it uses data links to forward
data to the next successive device along that end-to-end path.)
OPEN SYSTEM INTERCONNECTION REFERENCE MODEL
The Open System Interconnection (OSI) reference model describes how
information from a software application in one computer moves through a
network medium to a software application in another computer. The OSI
reference model is a conceptual model composed of seven layers, each specifying
particular network functions. The model was developed by the International
Organization for Standardization (ISO) in 1984, and it is now considered the
primary architectural model for inter-computer communications .
Protocols:
The OSI model provides a conceptual framework for communication between
computers, but the model itself is not a method of communication. Actual
communication is made possible by using communication protocols. In the
context of data networking, a protocol is a formal set of rules and conventions
that governs how computers exchange information over a network medium.
Functions of Network Layers in Brief:
APPLICATION LAYER
• Used for applications specifically written to run over the network
• Allows access to network services that support applications;
• Directly represents the services that directly support user applications
• Handles network access, flow control and error recovery
• Example apps are file transfer, e-mail, Net BIOS-based applications
PRESENTATION LAYER
TRANSPORT LAYER
• Additional connection below the session layer
• Manages the flow control of data between parties across the network
• Divides streams of data into chunks or packets; the transport layer of the
receiving computer reassembles the message from packets
• "Train" is a good analogy => the data is divided into identical units
• Provides error-checking to guarantee error-free data delivery, with on
losses or duplications
• Provides acknowledgment of successful transmissions; requests
retransmission if some packets don’t arrive error-free
• Provides flow control and error-handling TCP, ARP, RARP;
NETWORK LAYER
• Translates logical network address and names to their physical address
(e.g. computer name ==> MAC address)
PHYSICAL LAYER
IP ADDRESSING
Every machine on the internet has a unique identifying number, called an IP
Address. A typical; IP address looks like this: 216.27.61.45
1) Network address
2) Host address
Individual IP address in same network all have a different value in the host part of
address, but they have identical value in network part, just as in town there are
different street address but same ZIP code.
There are five IP classes:
Class A – This class is for very large networks, such as a major international
company. IP addresses with a first octet from 1 to 126 are part of this class. The
other three octets are each used to identify each host.
Net Host or Node
54. 24.54.43
Loopback- The IP address 127.0.0.1 is used as the loopback address. This means
that it is used by the host computer to send a message back to itself. It is
commonly used for troubleshooting and network testing.
145.24 53.198
Class C- Class C addresses are commonly used for small to mid-size business. IP
addresses with a first octet from192 to 223 are part of this class. Class C addresses
also include the second and third octets as part of Net identifier. The last octet is
used to identify each host.
Net Host or Node
196.54.34 86
Class D- It is used for multicast. It has first bit value of 1, second bit value of 1,
third bit value of 1 and fourth bit value of 0. The other 28 bits are used to identify
the group of computers the multicast messages is intended for.
Net Host or Node
224 24.54.145
Private IP
It is not necessary that every time we make a network we are connected to some
ISP (Internet Service Provider). So in that case we require some private IP also
which can be used in indigenous networks .In each class a range of IP addresses
have been defined for this purpose CLASS A 10.0.0.1 to 10.255.255.244
CLASS B 172.16.0.1 to 172.34.255.254
CLASS C 192.168.0.0/16
MASKING
Computers use a mask to define size of network and host part of an address.
Mask is a 32-bit number written in dotted decimal form. It provides us the
network address when we perform a Boolean AND of mask with the IP address. It
also define number of host bits in an address.
in bits in bits
A 8 24 255.0.0.0
B 16 16 255.255.0.0
C 24 8 255.255.255.0
Booting Process
Booting up the Router
Cisco routers can boot Cisco IOS software from these locations:
1. Flash memory
2. TFTP server
1. NVRAM
2. Flash (sequential)
3. TFTP server (network boot)
Note: boot system commands can be used to specify the primary IOS source and
fallback sequences.
3. Check Configuration Register value (NVRAM) which can be modified using the
configregister command
1 = ROM IOS
2 - 15 = startup-config in NVRAM
a. Run boot system commands in order they appear in startup-config to locate the
IOS
b. [If boot system commands fail, use default fallback sequence to locate the IOS
(Flash, TFTP, ROM)?]
a. Flash (sequential)
b. TFTP server (netboot)
c. ROM (partial IOS) or keep retrying TFTP depending upon router model
5. If IOS is loaded, but there is no startup-config file, the router will use the
default fallback sequence for locating the IOS and then it will enter setup mode or
the setup dialogue.
6. If no IOS can be loaded, the router will get the partial IOS version from ROM.
Router(config)# boot system tftp IOS filename tftp server ip address - boot from a
TFTP server
Line vty 0 4
Login
Password [passwords]
Line console 0
Login
Password [passwords]
Load Balancing
This works by using the Dijkstra algorithm. First a shortest path tree is
constructed and then the routing table is populated with the resulting best
paths. OSPF converges quickly, although perhaps not so quickly as EIGRP,
and supports multiple, equal cost routers to use the same destination.
OSPF is an interior gateway protocol that routes Internet Protocol (IP) packets
solely within a single routing domain (autonomous system). It gathers link
state information from available routers and constructs a topology map of the
network. The topology determines the routing table presented to the Internet
Layer which makes routing decisions based solely on the destination IP address
found in IP packets. OSPF was designed to support variable-length subnet
masking (VLSM) or Classless Inter-Domain Routing (CIDR) addressing models.
OSPF detects changes in the topology, such as link failures, and converges on a
new loop-free routing structure within seconds. It computes the shortest path
tree for each route using a method based on Dijkstra's algorithm, a shortest
path first algorithm.
The OSPF routing policies to construct a route table are governed by link cost
factors (external metrics) associated with each routing interface. Cost factors
may be the distance of a router (round-trip time), network throughput of a
link, or link availability and reliability, expressed as simple unitless numbers.
This provides a dynamic process of traffic load balancing between routes of
equal cost.
OSPF uses multicast addressing for route flooding on a broadcast domain. For
non-broadcast networks special provisions for configuration facilitate neighbor
discovery. OSPF multicast IP packets never traverse IP routers (never traverse
Broadcast Domains), they never travel more than one hop. OSPF reserves the
multicast addresses 224.0.0.5 for IPv4 or FF02::5 for IPv6 (all SPF/link state
routers, also known as AllSPFRouters) and 224.0.0.6 for IPv4 or FF02::6 for IPv6
(all Designated Routers, AllDRouters), as specified in RFC 2328 and RFC 5340.
(1841Router0) Hostname R1
Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config-if)#no shutdown
R1(config-if)#bandwidth 64
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config-router)#exit
R1(config)#
(2620XM-Router1) Hostname R2
Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
R2(config-if)#exit
R2(config-router)#network 3
R2(config-router)#exit
R2(config)#
(2620XM-Router2)Hostname R3
Router>enable
Router#configure terminal
Router(config)#hostname R3
R3(config-if)#no shutdown
R3(config-if)#bandwidth 64
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#router ospf 3
R3(config-router)#exit
R3(config)#
R3#
(2811Router3) Hostname R4
Router#configure terminal
Router(config-if)#no shutdown
Router(config-if)#no shutdown
R4(config)#router ospf 4
R4(config-router)#
R4(config-router)#exit
R4(config)#
PC-1
PC>ipconfig
PC>ping 50.0.0.2
PC>
PC-2
PC>ipconfig
PC>ping 10.0.0.2
You can verify that ospf is running successfully via show ip protocols command in
privilege mode.
R4#show ip protocols
Router ID 50.0.0.1
Maximum path: 4
R4#
You can use show ip oute command to troubleshoot ospf network. If you did not
see information about any route checks the router attached with that network.
R4#show ip route
R4#
To test ospf routing do ping from pc1 to pc2 and vice versa.
ACCESS CONTROL LIST (ACL)
An access control list (ACL) is a table that tells a computer operating system which
access rights each user has to a particular system object, such as a file directory or
individual file. Each object has a security attribute that identifies its access control
list. The list has an entry for each system user with access privileges. The most
common privileges include the ability to read a file (or all the files in a directory),
to write to the file or files, and to execute the file (if it is an executable file, or
program). Microsoft Windows NT/2000, Novell'sNetWare, Digital's OpenVMS, and
UNIX-based systems are among the operating systems that use access control
lists. The list is implemented differently by each operating system. In Windows
NT/2000, an access control list (ACL) is associated with each system object. Each
ACL has one or more access control entries (ACEs) consisting of the name of a
user or group of users. The user can also be a role name, such as "programmer,"
or "tester." For each of these users, groups, or roles, the access privileges are
stated in a string of bits called an access mask. Generally, the system
administrator or the object owner creates the access control list for an object.
Provide traffic flow control. ACLs can restrict the delivery of routing updates. If
updates are not required because of network conditions, bandwidth is preserved.
Provide a basic level of security for network access. ACLs can allow one host to
access a part of the network and prevent another host from accessing the same
area. For example, access to the Human Resources network can be restricted to
authorized users.
Filter traffic based on traffic type. For example, an ACL can permit email traffic,
but block all Telnet traffic.
Screen hosts to permit or deny access to network services. ACLs can permit or
deny a user to access file types, such as FTP or HTTP.
Types of ACL:- Since 1993, most administrators have used two basic ACLs:
standard and extended ACLs. Standard IP ACLs can filter on only the source IP
address in an IP packet
Source IP address
Destination IP address
TCP/IP protocol, such as IP (all TCP/IP protocols), ICMP, OSPF, TCP, UDP, and
others TCP/IP protocol information, such as TCP and UDP port numbers, TCP code
flags, and ICMP messages
Given the differences between these two types of ACLs, standard ACLs typically
are used for the following configuration tasks on a router:-
Restricting access to a router through the VTY lines (Telnet and SSH)
Extended ACLs, on the other hand, commonly are used to filter traffic between
interfaces on the router, mainly because of their flexibility in matching on many
different fields at Layers 2, 3, and 4.
TELNET
This works by, you, the administrator, putting some switch ports in a VLAN other
than 1, the default VLAN. All ports in a single VLAN are in a single broadcast
domain.
Because switches can talk to each other, some ports on switch A can be in VLAN
10 and other ports on switch B can be in VLAN 10. Broadcasts between these
devices will not be seen on any other port in any other VLAN, other than 10.
However, these devices can all communicate because they are on the same VLAN.
Without additional configuration, they would not be able to communicate with
any other devices, not in their VLAN. Are VLANs required?
It is important to point out that you don’t have to configure a VLAN until your
network gets so large and has so much traffic that you need one. Many times,
people are simply using VLAN’s because the network they are working on was
already using them.
Another important fact is that, on a Cisco switch, VLAN’s are enabled by default
and ALL devices are already in a VLAN. The VLAN that all devices are already in is
VLAN 1. So, by default, you can just use all the ports on a switch and all devices
will be able to talk to one another.
Types of VLAN
There are only two types of VLAN possible today, cell-based VLANs and frame-
based VLANs.
Cell-based VLANs are used in ATM switched networks with LAN Emulation
(or LANE). LANE is used to allow hosts on legacy LAN segments to communicate
using ATM networks without having to use special hardware or software
modification.
Frame-based VLANs are used in ethernet networks with frame tagging. The
two primary types of frame tagging are IEEE 802.10 and ISL (Inter Switch Link is a
Cisco proprietary frame-tagging). Keep in mind that the 802.10 standard makes it
possible to deploy VLANs with 802.3 (Ethernet), 802.5 (Token-Ring), and FDDI, but
ethernet is most common.
VLAN modes
There are three different modes in which a VLAN can be configured. These modes
are covered below:
VLAN Switching Mode – The VLAN forms a switching bridge in which frames
are forwarded unmodified.
VLAN Translation Mode – VLAN translation mode is used when the frame
tagging method is changed in the network path, or if the frame traverses from a
VLAN group to a legacy or native interface which is not configured in a VLAN.
When the packet is to pass into a native interface, the VLAN tag is removed so
that the packet can properly enter the native interface.
VLAN Routing Mode – When a packet is routed from one VLAN to a
different VLAN, you use VLAN routing mode. The packet is modified, usually by a
router, which places its own MAC address as the source, and then changes the
VLAN ID of the packet.
VLAN configurations
Different terminology is used between different hardware
manufacturers when it comes to VLANs. Because of this there is often
confusion at implementation time. Following are a few details, and
some examples to assist you in defining your VLANs so confusion is not
an issue.
Cisco VLAN terminology
You need a few details to define a VLAN on most Cisco equipment. Unfortunately,
because Cisco sometimes acquires the technologies they use to fill their
switching, routing and security product lines, naming conventions are not always
consistent. For this article, we are focusing only one Cisco switching and routing
product lines running Cisco IOS.
VLAN Memberships
VLAN are usually created by an administrator, who then assigns switch ports to
each VLAN. Such a VLAN is called a static VLAN. If the administrator wants to do a
little more work up front and assign all the host devices’ hardware addresses in to
a database, the switches can be configured to assign VLANs dynamically
whenever a host is plugged into a switch. This is called a dynamic.
Static VLANs
Static VLANs are the usual way of creating VLAN, and they’re also the most
secure. The switch port that you assign a VLAN association to always maintains
that association until an administrator manually changes that port assignment.
This type of VLAN configuration is comparatively easy to set up and monitor, ,and
it works well in a network where the movement of users with the network is
controlled. And although it an be helpful to use network management software to
configure the ports, It’s not mandatory.
Dynamic VLANs
Identifying VLANs :
As frames are switches throughout the network, switches must be able to keep
track of all the different types, plus understand what to do with them depending
on the hardware address. And remember, frames are handled differently
according to the type of link they are traversing.. There are two different type of
links in a switched environment.
Access links :
This type of link is only part of one VLAN and it’s referred to as the native VLAN of
the port. Any device attached to an access link is unaware of a VLAN membership
the device just assumes it’s part of a broadcast domain, but has no understanding
of the physical network.
Trunk links :
Trunks can carry multiple VLAN and originally gained their name after the
telephone system trunks that carry multiple telephone conversations.
A trunk link is 100-or 1000 Mbps point to point link between two switches,
between a switch and router, or between a switch and server. These carry the
traffic of multiple VLANs-from 1 to 1005 at a time.
(promotes scaling) and minimizes the risk of errors cause by duplicate names or
incorrect VLAN types. VTP operates in server, client or transparent mode. The
default is serer mode. VLAN updates are not propagated over the network until a
management domain name is specified.