INTERNSHIP ASSESSMENT REPORT

On

“CISCO CERTIFIED NETWORK ASSOCIATE”

Submitted for partial fulfillment

of
B. Tech.
in
ELECTRONICS AND COMMUNICATION ENGINEERING

SUBMITTED TO: SUBMITTED BY:

Mr. Naresh Kumar Ayush Saxena
Asstt. Prof. ECE Department 1900270310045
ECE 4th Year

Ajay Kumar Garg Engineering College, Ghaziabad

27th Km Stone, Delhi-Meerut Expressway, Adhyatmik Nagar, Ghaziabad-201009

Dr. A. P. J. Abdul Kalam Technical University, Lucknow

SEPTEMBER-2022
 Preface

Summer Trainings / Industrial Trainings / Internships are very important for

engineering students. This internship provides the opportunity to be familiar with the
industrial / company environment. During this internship students can show and can
enhance their practical skills and gain practical knowledge and experience for future.
This is best way through which the students can learn the latest technologies being
used in the companies.

I Ayush Saxena (1900270310045) have undergone through Internship / Training on

“Cisco Certified Network Associate” from “SLOG SOLUTIONS PVT. LTD”. This
internship helped me a lot in learning the technologies of this field.

Industrial Internship was very challenging but as I proceeded things got easier.
Practical Internship / Industrial Training was an interesting learning experience for
me.
 Acknowledgement

I want to express my sincere gratitude and thanks to Prof. (Dr.) P. K. Chopra (H.O.D.,
ECE Department and Training & Placement Cell), Ajay Kumar Garg Engineering
College, Ghaziabad for granting me permission for my industrial internship in the
field of “Cisco Certified Network Associate”.

I express my sincere thanks to Mr. Suraj Singh for his cooperative attitude and
consistence guidance, due to which I was able to complete my internship / training
successfully.

Finally, I pay my thankful regard and gratitude to the team members and technicians
of “Slog Solutions Pvt. Ltd.” And Ajay Kumar Garg Engineering College, Ghaziabad
for their valuable help, support and guidance.

AYUSH SAXENA
1900270310045
4th Year EC-1
 INDEX
Certificate
Acknowledgement

Project Description 1

1. Basic Networking
1.1 What is Network?
1.2 What is Topology?
1.3 Categories of Network
1.4 Types of Servers

2. DNS (Domain Name Servers)

2.1 Introduction
2.2 Operations
2.3 Disabling DNS Recursion

3. LAN Solution
3.1 LAN Solution
3.2 Router

4. Firewall
4.1 Introduction
4.2 Configuring the Firewall

5. WAN Solution
5.1 Requirement
5.2 Solution

6. WLAN (Wireless LAN)

6.1 Introduction
6.2 Topologies

7. Integrated Service Digital Network (ISDN)

7.1 Introduction
7.2 ISDN Interfaces
7.3 ISDN Function Group & Reference Point
1.1 What is a Network?

A network is any collection of independent computers that communicate with one another
over a shared network medium. A computer network is a collection of two or more connected
computers. When these computers are joined in a network, people can share files and
peripherals such as modems, printers, tape backup drives, or CD-ROM drives. When
networks at multiple locations are connected using services available from phone companies,
people can send e-mail, share links to the global Internet, or conduct video conferences in real
time with other remote users. As companies rely on applications like electronic mail and
database management for core business operations, computer networking becomes
increasingly more important.

EVERY NETWORK INCLUDES:

 At least two computers Server or Client workstation.
 Networking Interface Card's (NIC)
 A connection medium, usually a wire or cable, although wireless communication
between networked computers and peripherals is also possible.
 Network Operating system software, such as Microsoft Windows NT or 2000, Novell
NetWare, Unix and Linux.

VERY COMMON TYPES OF NETWORKS INCLUDE:

1. Local Area Network (LAN)
2. Wide Area Network (WAN)
3. Metropolitan Area Network (MAN)
4. Personal Area Network (PAN)

1. Local Area Network

A Local Area Network (LAN) is a network that is confined to a relatively small area. It is
generally limited to a geographic area such as a writing lab, school, or building.

Computers connected to a network are broadly categorized as servers or workstations.

Servers are generally not used by humans directly, but rather run continuously to provide
"services" to the other computers (and their human users) on the network. Services provided
can include printing and faxing, software hosting, file storage and sharing, messaging, data
storage and retrieval, complete access control (security) for the network's resources, and
many others.

On a single LAN, computers and servers may be connected by cables or wirelessly. Wireless
access to a wired network is made possible by wireless access points (WAPs). These WAP
Page
5
devices provide a bridge between computers and networks. A typical WAP might have the
theoretical capacity to connect hundreds or even thousands of wireless users to a network,
although practical capacity might be far less.

2. Wide Area Network

Wide Area Networks (WANs) connect networks in larger geographic areas, such as Florida,
the United States, or the world. Dedicated transoceanic cabling or satellite uplinks may be
used to connect this type of global network.

Using a WAN, schools in Florida can communicate with places like Tokyo in a matter of
seconds, without paying enormous phone bills. Two users a half-world apart with
workstations equipped with microphones and a webcams might teleconference in real time. A
WAN is complicated. It uses multiplexers, bridges, and routers to connect local and
metropolitan networks to global communications networks like the Internet. To users,
however, a WAN will not appear to be much different than a LAN.

3. Metropolitan area network

A metropolitan area network (MAN) is a computer network in which two or more computers
or communicating devices or networks which are geographically separated but in same
metropolitan city and are connected to each other are said to be connected on MAN. The
limits of Metropolitan cities are determined by local municipal corporations and we cannot
define them. Hence, the bigger the Metropolitan city the bigger the MAN, smaller a metro city
smaller the MAN. The IEEE 802-2002 standard describes a MAN as being.

4. Personal area network

A personal area network (PAN) is a computer network used or communication among

computerized devices, including telephones and personal digital assistants. PANs can be used
for communication among the personal devices themselves (intrapersonal communication), or
for connecting to a higher- le ve l network and the Internet (an uplink). A wireless personal
area network (WPAN) is a PAN carried over wireless network technologies such
as IrDA, Wireless USB, Bluetooth, Z-Wave, ZigBee, or even Body Area Network. The reach
of a WPAN varies from a few centimeters to a few meters. A PAN may also be carried over
wired computer buses such as USB and FireWire.

5. VPN (Virtual Private Network)

VPN uses a technique known as tunneling to transfer data securely on the Internet to a remote
access server on your workplace network. Using a VPN helps you save money by using the
public Internet instead of making long–distance phone calls to connect securely with your
private network. There are two ways to create a VPN connection, by dialing an Internet
service provider (ISP), or connecting directly to Internet.
1.2 What is a Topology?

The physical topology of a network refers to the configuration of cables, computers, and other
peripherals. Physical topology should not be confused with logical topology which is the
method used to pass information between workstations. Logical topology was discussed in
the Protocol chapter.

MAIN TYPES OF PHYSICAL TOPOLOGIES

1. Linear Bus Topology
2. Ring Topology
3. Star Topology
4. Mesh Topology
5. Tree (Expanded Star) Topology
6. Hybrid Topology

1. LINEAR BUS TOPOLOGY

A linear bus topology consists of a main run of cable with a terminator at each end. All nodes
(file server, workstations, and peripherals) are connected to the linear cable.

Advantages of a Linear Bus Topology

 Easy to connect a computer or peripheral to a linear bus.

 Requires less cable length than a star topology.

Disadvantages of a Linear Bus Topology

 Entire network shuts down if there is a break in the main cable.

 Terminators are required at both ends of the backbone cable.
 Difficult to identify the problem if the entire network shuts down.
 Not meant to be used as a stand-alone solution in a large building.
Page
6
2. RING TOPOLOGY
Alternatively referred to as a ring network, the ring topology is a computer network
configuration where each network computer and devices are connected to each other forming
a large circle (or similar shape). Each packet is sent around the ring until it reaches its final
destination. Today, the ring topology is seldom used. Below is a visual example of a simple
computer setup on a network using a ring topology.

Advantages of Ring Topology

 This type of network topology is very organized. Each node gets to send the data
when it receives an empty token. This helps to reduces chances of collision. Also in
ring topology all the traffic flows in only one direction at very high speed.
 Even when the load on the network increases, its performance is better than that
of Bus topology.
 There is no need for network server to control the connectivity between

3. STAR TOPOLOGY
A star topology is designed with each node (file server, workstations, and peripherals)
connected directly to a central network hub, switch, or concentrator.

Data on a star network passes through the hub, switch, or concentrator before continuing to its
destination. The hub, switch, or concentrator manages and controls all functions of the
network. It also acts as a repeater for the data flow. This configuration is common with
twisted pair cable; however, it can also be used with coaxial cable or fiber optic cable.
Page
7
TRAINING REPORT ON CCNA 2013

Advantages of a Star Topology

 Easy to install and wire.

 No disruptions to the network when connecting or removing devices.
 Easy to detect faults and to remove parts.

4. MESH TOPOLOGY
A network setup where each computer and network device is interconnected with one
another, allowing for most transmissions to be distributed, even if one of the connections goes
down. This topology is not commonly used for most computer networks as it is difficult and
expensive to have redundant connection to every computer. However, this topology is
commonly used for wireless networks. Below is a visual example of a simple computer setup
on a network using a mesh topology.

Advantages of Mesh topology

 Data can be transmitted from different devices simultaneously. This topology

Page

can withstand high traffic.

8
 TRAINING REPORT ON CCNA 2013
 Even if one of the components fails there is always an alternative present. So,
data transfer doesn’t get affected.
 Expansion and modification in topology can be done without disrupting other nodes.

5. TREE OR EXPANDED STAR

A tree topology combines characteristics of linear bus and star topologies. It consists of
groups of star-configured workstations connected to a linear bus backbone cable. Tree
topologies allow for the expansion of an existing network, and enable schools to configure a
network to meet their needs.

Advantages of a Tree Topology

 Point-to-point wiring for individual segments.

 Supported by several hardware and software venders.

6. HYBRID TOPOLOGY
In this type of topology, we integrate two or more different topologies to form a resultant
topology which has good points (as well as weaknesses) of all the constituent basic
topologies rather than having characteristics of one specific topology. This combination of
topologies is done according to the requirements of the organization.
For example, if there exists a ring topology in one office department while a bus topology
in another department, connecting these two will result in Hybrid topology.
Page
9
TRAINING REPORT ON CCNA 2013

Remember connecting two similar topologies cannot be termed as Hybrid topology. Star-Ring
and Star- Bus networks are most common examples of hybrid network.

Let's see the benefits and drawbacks of this networking architecture

Advantages of Hybrid Network Topology

 Reliable: Unlike other networks, fault detection and troubleshooting is easy in

this type of topology. The part in which fault is detected can be isolated from the rest
of network and required corrective measures can be taken, WITHOUT affecting the
functioning of rest of the network.
 Scalable: It’s easy to increase the size of network by adding new components,
without disturbing existing architecture.
 Flexible: Hybrid Network can be designed according to the requirements of the
organization and by optimizing the available resources. Special care can be given to
nodes where traffic is high as well as where chances of fault are high.

1.3 Categories of Network

Network can be divided in to two main categories:

1. Peer-to-peer.
2. Server – based.
Page
10
In peer-to-peer networking there are no dedicated servers or hierarchy among the computers.
All of the computers are equal and therefore known as peers. Normally each computer serves
as Client/Server and there is no one assigned to be an administrator responsible for the entire
network.

Peer-to-peer networks are good choices for needs of small organizations where the users are
allocated in the same general area, security is not an issue and the organization and the
network will have limited growth within the foreseeable future.

The term Client/server refers to the concept of sharing the work involved in processing data
between the client computer and the most powerful server computer.

The client/server network is the most efficient way to provide:

 Databases and management of applications such as Spreadsheets, Accounting,

Communications and Document management.
 Network management.
 Centralized file storage
Page
1

PANKAJ GILL 11/CSE/168

The OSI Model:
Open System Interconnection (OSI) reference model has become an International standard
and serves as a guide for networking. This model is the best known and most widely used
guide to describe networking environments. Vendors design network products based on the
specifications of the OSI model. It provides a description of how network hardware and
software work together in a layered fashion to make communications possible. It also helps
with trouble shooting by providing a frame of reference that describes how components are
supposed to function.

There are seven to get familiar with and these are the physical layer, data link layer,
network layer, transport layer, session layer, presentation layer, and the application layer.

1. Physical Layer,
2. Data Link Layer
3. Network Layer
4. Transport Layer,
5. Session Layer
6. Presentation Layer
7. Application Layer
Page
14
 1.4 Types of Servers

1. DEVICE SERVERS
A device server is defined as a specialized, network-based hardware device designed to
perform a single or specialized set of server functions. It is characterized by a minimal
operating architecture that requires no per seat network operating system license, and client
access that is independent of any operating system or proprietary protocol. In addition the
device server is a "closed box," delivering extreme ease of installation, minimal maintenance,
and can be managed by the client remotely via a Web browser.

Print servers, terminal servers, remote access servers and network time servers are examples
of device servers which are specialized for particular functions. Each of these types of servers
has unique configuration attributes in hardware or software that help them to perform best in
their particular arena.

2. PRINT SERVERS
Print servers allow printers to be shared by other users on the network. Supporting either
parallel and/or serial interfaces, a print server accepts print jobs from any person on the
network using supported protocols and manages those jobs on each appropriate printer.

Print servers generally do not contain a large amount of memory; printers simply store
information in a queue. When the desired printer becomes available, they allow the host to
transmit the data to the appropriate printer port on the server. The print server can then simply
queue and print each job in the order in which print requests are received, regardless of
protocol used or the size of the job.

3. MULTIPORT DEVICE SERVERS

Devices that are attached to a network through a multiport device server can be shared
between terminals and hosts at both the local site and throughout the network. A single
terminal may be connected to several hosts at the same time (in multiple concurrent sessions),
and can switch between them. Multiport device servers are also used to network devices that
have only serial outputs. A connection between serial ports on different servers is opened,
allowing data to move between the two devices.

4. ACCESS SERVERS
While Ethernet is limited to a geographic area, remote users such as traveling sales people need
access to network-based resources. Remote LAN access, or remote access, is a popular way to
provide this connectivity. Access servers use telephone services to link a user or office with an office
network. Dial-up remote access solutions such as ISDN or asynchronous dial introduce more
flexibility. Dial-up remote access offers both the remote office and the remote user the economy and
flexibility of "pay as you go" telephone services. ISDN is a special telephone service that offers three
Page
15

channels, two 64 Kbps "B" channels for user data and a "D" channel for setting up the connection.

Page | 14
With ISDN, the B channels can be combined for double bandwidth or separated for different
applications or users.

5. Network Time Servers

A network time server is a server specialized in the handling of timing information from sources
such as satellites or radio broadcasts and can provide this timing data to its attached network.
Specialized protocols such as NTP or udp/time allow a time server to communicate to other network
nodes ensuring that activities that must be coordinated according to their time of execution are
synchronized correctly. GPS satellites are one source of information that can allow global
installations to achieve constant timing.

2. DNS

2.1 Introduction

The Domain Name System (DNS) is a hierarchical distributed naming system for computers,
services, or any resource connected to the Internet or a private network. It associates various
information with domain names assigned to each of the participating entities. Most
prominently, it translates easily memorized domain names to the numerical IP addresses
needed for the purpose of locating computer services and devices worldwide.

An often-used analogy to explain the Domain Name System is that it serves as the phone
book for the Internet by translating human-friendly computer hostnames into IP addresses.
For example, the domain name www.example.com translates to the addresses
93.184.216.119 (IPv4) and 2606:2800:220:6d:26bf:1447:1097:aa7 (IPv6). Users take advantage
of this when they use meaningful Uniform Resource Locators (URLs), and e- mail addresses
without having to know how the computer actually locates the services.

DOMAIN NAME SPACE

The domain name space consists of a tree of domain names. Each node or leaf in the tree
has zero or more resource records, which hold information associated with the domain
name. The tree sub-divides into zones beginning at the root zone. A DNS zone may consist of
only one domain, or may consist of many domains and sub-domains, depending on the
administrative authority delegated to the manager.

The hierarchical Domain Name System, organized into zones, each served by a name
server
Page | 15
INTERNATIONALIZED DOMAIN NAMES

The limited set of ASCII characters permitted in the DNS prevented the representation of
names and words of many languages in their native alphabets or scripts. To make this
possible, ICANN approved the Internationalizing Domain Names in Applications (IDNA)
system, by which user applications, such as web browsers, map Unicode strings into the valid
DNS character set using Punycode. In 2009 ICANN approved the installation of
internationalized domain name country code top-level domains. In addition, many registries
of the existing top level domain names (TLD)s have adopted the IDNA system.

NAME SERVERS

The Domain Name System is maintained by a distributed database system, which uses the client-
server model. The nodes of this database are the name servers. Each domain has at least one
authoritative DNS server that publishes information about that domain and the name servers of any
domains subordinate to it. The top of the hierarchy is served by the root name servers, the servers to
query when looking up (resolving) a TLD.

2.2 Operations

ADDRESS RESOLUTION MECHANISM

Domain name resolvers determine the appropriate domain name servers responsible for the
domain name in question by a sequence of queries starting with the right-most (top- level)
domain label.

Page | 16
 The process entails:

1. A network host is configured with an initial cache (so called hints) of the known
addresses of the root name servers. Such a hint file is updated periodically by an
administrator from a reliable source.
2. A query to one of the root servers to find the server authoritative for the top-level
domain.
3. A query to the obtained TLD server for the address of a DNS server authoritative for
the second-level domain.
4. Repetition of the previous step to process each domain name label in sequence, until
the final step which returns the IP address of the host sought.

The diagram illustrates this process for the host www.wikipedia.org.

DNS RESOLVERS

The client-side of the DNS is called a DNS resolver. It is responsible for initiating and
sequencing the queries that ultimately lead to a full resolution (translation) of the resource
sought, e.g., translation of a domain name into an IP address.

A DNS query may be either a non-recursive query or a recursive query:

 A non-recursive query is one in which the DNS server provides a record for a domain
for which it is authoritative itself, or it provides a partial result without querying
other servers.
 A recursive query is one for which the DNS server will fully answer the query (or give
an error) by querying other name servers as needed. DNS servers are not required to
support recursive queries.

The resolver, or another DNS server acting recursively on behalf of the resolver, negotiates
use of recursive service using bits in the query headers.

REVERSE LOOKUP

Page | 17
 A reverse lookup is a query of the DNS for domain names when the IP address is known.
Multiple domain names may be associated with an IP address. The DNS stores IP addresses
in the form of domain names as specially formatted names in pointer (PTR) records within
the infrastructure top-level domain arpa. For IPv4, the domain is in-addr.arpa. For IPv6, the
reverse lookup domain is ip6.arpa. The IP address is represented as a name in reverse-
ordered octet representation for IPv4, and reverse-ordered nibble representation for IPv6.

When performing a reverse lookup, the DNS client converts the address into these formats
before querying the name for a PTR record following the delegation chain as for any DNS
query. For example, assuming the IPv4 address 208.80.152.2 is assigned to Wikimedia, it is
represented as a DNS name in reverse order: 2.152.80.208.in-addr.arpa. When the DNS
resolver gets a pointer (PTR) request, it begins by querying the root servers, which point to
the servers of American Registry for Internet Numbers (ARIN) for the 208.in-addr.arpa zone.
ARIN's servers delegate 152.80.208.in-addr.arpa to Wikimedia to which the resolver sends
another query for 2.152.80.208.in-addr.arpa, which results in an authoritative response.

CLIENT LOOKUP

DNS resolution sequence

Users generally do not communicate directly with a DNS resolver. Instead DNS resolution
takes place transparently in applications such as web browsers, e-mail clients, and other
Internet applications. When an application makes a request that requires a domain name
lookup, such programs send a resolution request to the DNS resolver in the local operating
system, which in turn handles the communications required.

2.3 DISABLE DNS RECURSION

The final step you'll want to perform is to disable DNS recursion. This will help secure your
server from a variety of DNS recursion attacks.

Page | 18
 To disable recursion, right-click on your DNS server and go to 'Properties'.

Click the 'Advanced' tab.

Then check the box labeled "Disable recursion"

You have now set up DNS in Windows Server 2008 and have set up DNS records for your
domain name.

You can create additional DNS records as needed (MX, CNAME, etc.) by right-clicking on
the domain under Forward Lookup Zones and selecting the appropriate type of record you
wish to create. You can test that your DNS server is properly serving DNS from a Windows
command prompt, by using the nslookup command in this format:
nslookup example.com ns1.yourdomain.com

3. LAN SOLUTION
3.1 LAN SOLUTION
CUSTOMER REQUIREMENT

There is a company, which has 2 offices. And the offices are 200 meters apart. The
connectivity between these two offices is the main requirement to be fulfilled. In each office
there are three different departments each department at different floor.
Page | 19
 In building Ist
At each floor there are 20 users and also at 3rd floor there are 2 Servers.
In building IInd
At floor 1st and 2nd there are 20 users each. And at 3rd floor there are 40 users.
 The bandwidth requirement of each user is 100 Mbps while the bandwidth
requirement for the server is 1 Gbps.
 All floors must be connected to a central switch to be placed at IInd floor in office
2nd. And connectivity should be via optical fiber.
 Everywhere there should be structured
cabling.
 Every switch should be provide with one GBIC slot for future connectivity of
server.
 Every where smart and managed switch should be used.

SOLUTION

By looking at the requirement it is clear that we require a switch that has got 20 ports and also
2 GBIC slots (one for optical fiber connectivity and one free slot is demanded for future use).

Keeping this point into consideration we can use HCL 24 Port Managed Stackable Switch
as this switch has got 24 ports and 2 GBIC slots and this switch is managed switch also.
And with this 24 port switch we will use 24 port HCL made Patch Panel
And for connectivity of patch panel with switch we require 3 ft Patch Cord. As structured
cabling is must so we require UTP cable and I/O box and to connect PCs with I/O box we
require 7ft Patch Cord.
Here we will use Cat5e UTP cable because bandwidth requirement is 100 Mbps This trend of
connecting the users to the switch will be followed at each and every floor but at floor
3rd of building IInd there are 40 user so here instead of 1 switch we require 2 switches.

3.2 ROUTER
ROUTER INTERNAL COMPONENTS

Like a computer, a router has a CPU that varies in performance and capabilities depending
upon router platform. It has typically 4 types of memory in it.:

ROM- It is used to store the router’s bootstrap startup program, operating system software,
and power-on diagnostic tests programs. We can also upgrade our ROM

FLASH MEMORY- It holds operating systems image(s). Flash memory is erasable,

reprogrammable ROM. Our IOS software is present in this memory and we can upgrade it
also. Flash content is retained even when we switch off or restart the router.

Page | 20
 RAM- It is used to store operational information such as routing tables, router’s running
configuration file. RAM also provides caching and packet buffering capabilities. Its content is
lost when we switch off or restart the router. When we configure the router at that time
actually we are writing in RAM.

NVRAM- It is used to store the router’s startup configuration file. It does not lose data when
power is switched off. So the contents of startup configuration files are maintained even when
we switch off or restart the router.

ROUTER’S NETWORK INTERFACES

Ethernet or Token Ring interface are configured to allow connection to a LAN. Synchronous
serial interfaces are configured to allow connections to WANs. ISDN BRI interfaces are
configured to allow connection to an ISDN WAN.
All cisco routers have a console port that provides an EIA/TIA-232 asynchronous
serial connection. Console port can be connected to computers serial connection to gain
terminal access to router.

Most routers also have an auxiliary port that is very similar to console port but, is typically
used for modem connection for remote router management.

CONFIGURING THE ROUTER

There are three methods for configuring the router:

1) Through console port:- The console port is used for configuring a router locally
with the help of a PC or a Laptop. The console port of the router is connected to the serial
i.e COM port of the router. The detailed configuration is given in the section.
Page | 21
 2) Through the AUX port:- The aux ( auxiliary ) port is accessed from a modem located
faraway from a router through the PSTN ( Public Switched Telephone Network ) and the
configuration is done.
3) Through Telnet:- Line vty ( virtual terminal ) 0 to 4 are used for the configuring
the router by telnet.

4. FIREWALL
4.1 INTRODUCTION
As the limits of networking is increasing unfolded so the danger of information
leaking in and leaking out increases. So a mechanism is required to keep good bits in and bad
bits out. And for this we use FIREWALL.

A firewall is a device of some kind that separates and protects our network - in most
cases, from the Internet. It restricts traffic to only what is acceptable, and monitors that what
is happening. Every firewall has at least two network interfaces, one for the network it is
intended to protect, and one for the network it is exposed to. A firewall sits at the junction
point or gateway between the two networks, usually a private network and a public network
such as the Internet.

It may be a Hardware device or a Software program running on a secure host

computer. Hardware device means a physical devise connected at the gateway which checks
every incoming or outgoing packet. Software program means that software is loaded in
computer that determines as what to allow and what to reject. A firewall examines all traffic
routed between the two networks to see if it meets certain criteria. A firewall filters both
inbound and outbound traffic.

TECHNOLOGIES
There are three different types of firewall technologies:
1) Packet Filtering
2) Proxy
3) Stateful Inspection

PACKET FILTERING
A packet filtering firewall simply inspects incoming traffic at the transport layer of
the OSI model. The packet filtering firewall analyzes TCP or UDP packets and compare them
to a set of established rules called as Access Control List (ACL). Packet filtering inspects
packet nly for following elements
Source IP address Source Port Destination IP address Destination Port Protocol
PROXY
When a firewall is installed th en no PC makes direct connection to the outside world. In that case
they use proxy i.e each PC first of all sends request to proxy which then forwards the request to the
internet or outside world for connection or data transfer.

Page | 22
 STATEFUL INSPECTION
It is a combination of Packet filtering and proxy services. This is the most secure technology and
provides the most functionality because connections are not only applied to ACL, but are logged into a
static table. After a connection is established, all session data is compared to the static table. If the session
data does not match the state table information for that connection, then connection is dropped.

4.1 CONFIGURING THE FIREWALL

Four basic commands are used to do a basic configuring of the firewall.

1. Interface Command
2. Nameif Command
3. Ip-Address Nat Command
4. Global Command

INTERFACE COMMAND
The interface command identifies the interface hardware card, sets the speed of the
interface and enables the interface all in one command.

SYNTAX: interface hardware_id hardware_speed [shutdown]

hardware_id indicates interface’s physical location on the
firewall. Hardware_speed indicates connection speed.

There are various options provided to us by the firewall regarding speed.

1000sxfull — Sets full-duplex Gigabit Ethernet.
1000basesx — Sets half-duplex Gigabit Ethernet
1000auto — Automatically detects ands negotiates full/half duplex

NAMEIF COMMAND
It is used to name an interface and assign security level from 1 to 99. The outside and
inside interfaces are named by default and have default security values of 0 and 100,
respectively. By default, the interfaces have their hardware ID. Ethernet 0 is the outside
interface, and Ethernet 1 is the inside interface

SYNTAX: nameif hardware_id if_name security_level

Examples: nameif ethernet0 outside security0
nameif ethernet1 inside security100 nameif
ethernet2 dmz security20

We can see the configuration by using show nameif command.

IP ADDRESS COMMAND
All the interfaces must be configured with an IP address. The ip address command is used
to configure IP addresses on the interfaces. The ip address command binds a logical address
(IP address) to the hardware ID.
Page | 23
 SYNTAX: ip address if_name ip_address [netmask]
Example: ip address inside 10.10.10.14 255.255.255.0

We can see the configuration by using show ip command.

NAT COMMAND
The nat (Network Address Translation) command translates a set of
IP addresses to another set of IP addresses.
SYNTAX: nat ( if_name) nat_id local_ip [netmask]

There are two types of NATing:

1) Static: For ex. There is a google server and we don’t want to make its IP
address public so we change its IP address using nat command in firewall and now user will
logon to this new IP . This results in more security as every time it has to pass through
firewall.
2) Dynamic: If there are lots of PC’s in a network and all want to access the
internet , it is not easy that every PC is being provided with independent public IP so at
firewall level we change every PC’s pvt Ip with public IP.

Examples: nat (inside) 1 10.10.10.0 255.255.255.0

nat (inside) 1 172.16.1.0 255.255.255.0

GLOBAL COMMAND
The global command is used to define the address or range of addresses that the
addresses defined by the nat command are translated into. It is important that the nat_id
be identical to the nat_id used in the nat command. The nat_id pairs the IP address defined
by the global and nat commands so that network translation can take place.

SYNTAX: global ( if_name) nat_id global_ip | global_ip-global_ip [netmask]

(if_name) The external network where you use these global addresses. nat_id Identifies
the global address and matches it with the nat command it is pairing with.
global_ip A single IP address. When a single IP address is specified, the firewall
automatically performs Port Address Translation (PAT).

5. WAN SOLUTION
5.1 Requirement
There is one CBC (Central Billing Center) which is required to be connected with 28 BGC (Bill
Generation Center). As with each BGC location further locations are connected so it is required
to use a router at each location.

CBC Router must have these specifications:

 4 numbers of10/100 fast Ethernet interfaces.
 20 number of V.35 interface to receive the data from coming BGC Via optical
Page | 24
 fiber/Lease line
 2 numbers of ISDN BRI ports.
 Four numbers of synchronous serial interfaces for 64 kbps lease line connectivity.

BGC Router must have these specifications:

 2 port 10/100 Mbps Ethernet Interface.
 Sufficient port Serial WAN Interfaces.
 Al the BGC locations are to be connected to the central location having a point
to point connectivity.
 The BGC location are having a leased line connectivity of 128Kbps which can be
up gradable to 2 Mbps.
 The leased Line connectivity is to be provided BY a ISP.

5.2 Solution

As per the requirement the proposed solution is to have point to point connectivity between the central location
and the 28 BGC locations. There is a Cisco 1841 Router at each of the BGC location. They are connected to a 2
Mbps Leased Line Modem Pair., HCL- Gateway –2M-2W, through the serial port. The modem at the customer end
is connected to a modem at the ISP side. Like this way the central location having a Cisco 3845 Router is
connected to 28 nos of 2Mbps Leased Line modem pair. The connectivity diagram and the bill of material
required for the solution is given in the following pages.

6. WLAN(WIRELESS LAN)
6.1 Introduction
In a traditional LAN each computer physically connects to the network via wires and a
network port. A Wireless Local Area Network (WLAN) is a network that provides the same
services but without the need for physical connections between the computers and the
network. Wireless LANs offer many advantages over traditional wired networks, such as
mobility, flexibility, scalability and speed, simplicity and reduced cost of installation. A
WLAN typically uses radio waves, which allow network PC cards plugged into a PC/laptop
to connect to a traditional Ethernet LAN. IEEE developed the 802.11 standards to provide
wireless networking technology like the wired Ethernet.

STANDARDS
IEEE developed the 802.11 standards to provide wireless networking technology.
With time-to-time development in the field of technology three standards has been finalized.
802.11(a), 802.11(b), 802.11(g)

802.11(b) 802.11(a) 802.11(g)

Max. bit rate/Raw net 11Mb/s 54 Mb/s 54 Mb/s
5.5Mb/s 22-26 Mb/s 17-22 Mb/s
Frequency Band 2.4 GHZ 5 GHZ 2.4 GHZ
Range @ Max. rate 57 m 12m 19m
Page | 25
 Unit Cost 100% 120% 110%
Coverage Cost 100% 2000% 500%
No. of channels 3 8 4

IEEE 802.11a standard is the most widely adopted one because it operates at licensed 5 GHZ band while
other are unlicensed and also it provides max. nof channels and max. bit rate than any other standards.

6.2 TOPOLOGIES

There are two topologies on which WLAN works:

1) Infrastructure Network
2) Ad hoc Network

INFRASTRUCTURE NETWORK
It is useful for providing wireless coverage of building or campus areas. This is a
topology used when there are many access points in a single location. By deploying
multiple Access Points (APs) with overlapping coverage areas, organizations can achieve
broad network coverage. . A laptop or other mobile device may move from AP to AP while
maintaining access to the resources of the LAN. Each client is equipped with wireless
network interface card (NIC) that consists of the radio transceiver and the logic to interact with
the client machine and software. While the AP is essentially a radio transceiver on one side
and the wired backbone on the other.

Page | 26
ADHOC NETWORK
This topology is used when we have to interconnect mobile devices that are in the same area
(e.g., in the same room). In this architecture, client stations are grouped into a single
geographic area and can be Internet-worked without access to the wired LAN (infrastructure
network). The ad hoc configuration is similar to a peer-to-peer office network in which no
node is required to function as a server. In ad hoc there is no need of any AP as all devices are
wirelessly connected to each other.

7. INTEGRATED SERVICE
DIGITAL
NETWORK(ISDN)
7.1 INTRODUCTION

ISDN’s primary goal is the integration of voice and nonvoice services.ISDN is

actually a set of communication protocols proposed by telephone companies that allows
them to carry a group of digital services that simultaneously convey data, text, voice, music,
graphics, and video to end users, and it was designed to achieve this over the telephone
systems already in place.

There are two types of channels:

1) B channel
2) D channel

B CHANNEL
Bearer channels (B channels) are used to transport data. B channels are called bearer
channels because they bear the burden of transporting the data. B channels operate at speeds
of up to 64 kbps.
Page | 27
D CHANNEL
D channels are used for signaling. They are used to establish the session before the data
is actually transfer.

7.2 ISDN INTERFACES

Types of ISDN interfaces:

3) Basic Rate Interface (BRI)
4) Primary Rate Interface (PRI).

Both BRI and PRI provide multiple digital bearer channels over which temporary
connections can be made and data can be sent.

BRI: ISDN Basic Rate Interface (BRI, also known as 2B+1D) service provides two B
channels and one D channel. The BRI B-channel service operates at
64Kbps and carries data, while the BRI D-channel service operates at 16Kbps and usually
carries control and signaling information.

PRI: According to American standards , the ISDN Primary Rate Interface (PRI, also known
as 23B+D1) service delivers 23 64Kbps B channels and one 64Kbps D channel for a total bit
rate of up to 1.544Mbps.
And according to European standards, ISDN provides 30 64Kbps B channels and one 64Kbps D channel for a
total bit rate of up to 2.048Mbps.

Page | 28