RATHNAVEL SUBRAMANIAM COLLEGE OF ARTS AND SCIENCE

(AUTONOMOUS) SULUR, COIMBATORE- 641 402

SCHOOL OF COMPUTER STUDIES (UG)
B.Sc. INFORMATION TECHNOLOGY
ADVANCED IP SERVICES
Semester-V
Batch : 2016-2019

Assignment-I (UNIT-I)

1. Examine the concept of VLAN by creating two Broadcast Domains with two physical switches
and No VLANs.

A broadcast domain includes the set of all LAN-connected devices, so that when
any of the devices sends a broadcast frame, all the other devices get a copy of the frame.
So, from one perspective, you can think of a LAN and a broadcast domain as being
basically the same thing. Without VLANs, a switch considers all its interfaces to be in the
same broadcast domain. That is, for one switch, when a broadcast frame entered one
switch port, the switch for-warded that broadcast frame out all other ports. With that logic,
to create two different

LAN broadcast domains, you had to buy two different Ethernet LAN switches

2. Illustrate the common reasons for choosing to create smaller broadcast domains
VLANs.
 To reduce CPU overhead on each device by reducing the number of devices that
receive each broadcast frame
 To reduce security risks by reducing the number of hosts that receive copies of
frames that the switches flood (broadcasts, multicasts, and unknown unicasts)
 To improve security for hosts that send sensitive data by keeping those hosts on a
separate VLAN
 To create more flexible designs that group users by department, or by groups that
work together, instead of by physical location
  To solve problems more quickly, because the failure domain for many problems is
the same set of devices as those in the same broadcast domain
 To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to
a single access switch.

VIRTUAL TAGGING CONCEPTS

3. How trunking creates one link between switches that supports as many VLANs?

VLAN trunk, the switches treat the link as if it were a part of all the VLANs. At the
same time, the trunk keeps the VLAN traffic separate, so frames in VLAN 10 would not go
to devices in VLAN 20, and vice versa, because each frame is identified by VLAN number
as it crosses the trunk. The use of trunking allows switches to pass frames from multiple
VLANs over a single physical connection by adding a small header to the Ethernet frame.
For example, shows PC11 sending a broadcast frame on interface Fa0/1 at Step 1. To
flood the frame, switch SW1 needs to forward the broadcast frame to switch SW2.
However, SW1 needs to let SW2 know that the frame is part of VLAN 10, so that after the
frame is received, SW2 will flood the frame only into VLAN 10, and not into VLAN 20. Step
2, Before sending the frame, SW1 adds a VLAN header to the original Ethernet frame,
with the VLAN header listing a VLAN ID of 10 .

VLAN TRUNK

4. You have implemented VLAN trunking on your network. You have two switches that are both
configured dynamic auto mode. You discover that they are not trunking. Which of the trunking
configuration options can be used to make these two switched trunk successfully?
VLAN TRUNKING CONFIGURATION

5. You have entered the following command to enable dynamic trunking configuration. If the
switch interface is connected to another switch, what will it attempt to do?
Switch(config-if)#switchport mode dynamic desirable

6. Exhibit three statements that are correct with regard to the IEEE 802.1Q standard?

1. The IEEE 802.1Q frame format adds a 4 byte field to a Ethernet frame
2. The protocol uses point-to-point connectivity
3. The IEEE 802.1Q frame retains the original MAC destination address

There are two ways to implement Ethernet trunking:

* Inter-Switch Link Protocol (ISL, a Cisco proprietary protocol)

* 802.1Q (IEEE standard)
In Cisco implementation, a trunk is a point-to-point link, although it is possible to use the 802.1Q
encapsulation on an Ethernet segment shared by more than two devices. Such a configuration is
seldom needed but is still possible with the disablement of DTP negotiation.IEEE 802.1Q uses an
internal tagging mechanism which inserts a 4-byte tag field in the original Ethernet frame itself
between the Source Address and Type/Length fields

The SA field is the source address field of the ISL packet. It is a 48-bit value -> F is correct.

Assignment-II (UNIT-II)

1. You are currently using EIGRP on your network. Which of the following would you gain by
switching to OSPF?

1. Hierarchical network design

2. Open standard

2. Devise the OSPF hello packet Information in detail.

3. RTR1, RTR2 and RTR3 have been configured to use the OSPF protocol. RTR1 and RTR2 are
neighbors; RTR3 and RTR2 are also neighbors. RTR2 fails to receive a hello packet from RTR3
within the dead interval. Find what happens next?

RTR2 declares RTR3 to be down

4. You want to prevent all interfaces on a router from sending or responding to OSPF Hello
messages. What command should you use?

passive-interface default

5. What are DRs and BDRs used for when using the OSPF routing protocol? Explain.

6. Assume that you want two routers to share routing information with each other using the
OSPF routing protocol. What happen for these two routers to become neighbors over their serial
interfaces?

i. They must be configured with matching areas.

ii. They must have a shared data link.
 Assignment-III (UNIT-III)

1. Your company is running IGRP using an AS of 10. You want to configure EIGRP on the network
but want to migrate slowly to EIGRP and don't want to configure redistribution. What command
would allow you to migrate over time to EIGRP without configuring redistribution?

router eigrp 10

If you enable EIGRP on a router with the same autonomous system (AS) number, EIGRP will
automatically redistribute IGRP into EIGRP. You will see the IGRP injected routes as external (EX)
routes with an EIGRP AD of 170. This is a nice feature that lets you migrate slowly to EIGRP with no
extra configuration.

2. What Does the Word Serno Mean on the end of an EIGRP Topology entry When you issue the
Show Ip Eigrp Topology Command?

For example:
show ip eigrp topology

P 172.22.71.208/29, 2 successors, FD is 46163456

via 172.30.1.42 (46163456/45651456), Serial0.2, serno 7539273

via 172.30.2.49 (46163456/45651456), Serial2.6, serno 7539266

Serno stands for serial number. When DRDBs are threaded to be sent, they are assigned a serial
number. If you display the topology table at the time an entry is threaded, it shows you the serial
number associated with the DRDB. Threading is the technique used inside the router to queue
items up for transmission to neighbors. The updates are not created until it is time for them to go
out the interface. Before that, a linked list of pointers to items to send is created (for example, the
thread).
These sernos are local to the router and are not passed with the routing update.

3. Is it normal that EIGRP takes over 30 Seconds to Converge? Explain.

EIGRP taking longer to converge under heavy CPU usage is a normal behavior. EIGRP
convergence is faster when you lower the hold time. The lowest values for hello and hold time
are 1 second and 3 seconds respectively. For example:

Router(Config)# interface Fa0/0

!--- (Under an interface directly connected to EIGRP peers.)

Router(Config-if)#ip hello-interval eigrp 1

Router(Config-if)#ip hold-time eigrp 3

4. What percent of bandwidth and processor resources does eigrp use? Explain.

Eigrp version 1 introduced a feature that prevents any single eigrp process from using more than
fifty percent of the configured bandwidth on any link during periods of network convergence. Each
as or protocol (for instance, ip, ipx, or appletalk) serviced by eigrp is a separate process. You can
use the ip bandwidth-percent eigrp interface configuration command in order to properly configure
the bandwidth percentage on each wan interface. Refer to the eigrp white paper for more
information on how this feature works.

In addition, the implementation of partial and incremental updates means that eigrp sends routing
information only when a topology change occurs. This feature significantly reduces bandwidth use.

The feasible successor feature of eigrp reduces the amount of processor resources used by an
autonomous system (as). It requires only the routers affected by a topology change to perform
route re-computation. The route re-computation only occurs for routes that were affected, which
reduces search time in complex data structures.

5. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
R1 and R2 could not establish an EIGRP adjacency. What is the problem?

EIGRP is down on R1.*

EIGRP process is down on R1 as can be seen:

R1# show ipv6 eigrp interfaces

IPv4-EIGRP interfaces for process 1
% EIGRP 1 is in SHUTDOWN
R1#

The administrator must issue the no shutdown command on the IPv4 router configuration mode.

6. Assuming that EIGRP is enabled on both routers and automatic summarization is enabled, what
must be configured to ensure that R1 will be able to reach the 2.2.2.0/24 network?

Use the command no auto-summary to disable automatic summarization.*

The networks 2.1.1.0/24 and 2.2.2.0/24 are two subnets of the Class A network 2.0.0.0/8. When
automatic summarization is enabled, EIGRP will summarize and advertise networks at the major
network boundary. In this case, both routers will advertise the network 2.0.0.0/8, which will cause
failure of connectivity.

Assignment-IV (UNIT-IV)

1. Describe the attributes that extended ACLs can used to filter network traffic.

i. Extended ACLs can filter network traffic based on source protocol

ii. Extended ACLs can filter network traffic based on destination hostname or host IP
address.

2. What command could you use to create an access list that denies all TCP traffic originating from
any host on network 192.168.1.0 that is destined for any host on network 199.66.220.0?

access-list deny tcp 192.168.1.0 0.0.0.255 199.66.220.0 0.0.0.255

3. Assume that you want to create an ACL that prevents traffic from network A that is sent to host
1. You want the ACL applied after the routing decision is made. What would be the part of your
design?

Extended ACL and Outbound filter

4. A network administrator needs to configure a standard ACL so that only the workstation of the
administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router.
Which two configuration commands can achieve the task?
Router1(config)#access-list10permit host 192.168.15.23*
Router1(config)# access-list 10 permit 192.168.15.23
0.0.0.0*
To permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP
address) or the wildcard mask keyword host (used before the IP address) can be used.

Assignment-V (UNIT-V)

1. Draw a neat sketch of Generic 802.1x Authentication Flows and EAP and Radius Protocol Flows
with 802.1x.

2. Write down the commands for AAA Authentication to restrict the other users to a network.
To set parameters that restrict user access to a network, use the aaa authorization command
in global configuration mode. To disable authorization for a function, use the no form of this command.
aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-
name} method1 [method2...]
no aaa authorization {network | exec | commands level | reverse-access | configuration | default | list-name}

Syntax Description
network Runs authorization for all network-related service
requests, including SLIP1, PPP2, PPP NCPs3, and
ARA4.
 exec Runs authorization to determine if the user is allowed
to run an EXEC shell. This facility might return user
profile information such
as autocommand information.
commands Runs authorization for all commands at the specified
privilege level.
level Specific command level that should be authorized.
Valid entries are
0 through 15.
reverse-access Runs authorization for reverse access connections,
such as reverse Telnet.

configuration Downloads the configuration from the AAA server.

default Uses the listed authorization methods that follow this
argument as the default list of methods for
authorization.
list-name Character string used to name the list of authorization
methods.
method1[method2...] One of the keywords listed in Table 10.
1Serial Line Internet Protocol
2Point-to-Point Protocol
3Point-to-Point Protocol Network Control Programs
4AppleTalk Remote Access

3. Explain the structure of DHCP Snooping Binding Database enabled switch with a neat sketch.

DHCP snooping enables the switching or network device, which can be either a switch or
a router, to monitor DHCP messages received from untrusted devices connected to the switching
device. When DHCP snooping is enabled on a switched network or VLAN, it examines all DHCP
messages sent from untrusted hosts associated with the network or VLAN and extracts their IP
addresses and lease information.

DHCP Snooping Binding Database

All extracted information will be used to build and maintain the DHCP snooping database, also
known as the binding table. Only verified hosts from this database are allowed access to the
network. The database contains an entry for each untrusted host with a leased IP address if the
host is associated with a VLAN that has DHCP snooping enabled. The database does not contain
entries for hosts connected through trusted interfaces. Each entry in the DHCP snooping binding
database includes the MAC address of the host, the leased IP address, the lease time, the binding
type, and the VLAN number and interface information associated with the host.

4. Distinguish between TACACS+ and RADIUS.

5. Which command will apply DHCP snooping globally after enabling the DHCP Snooping feature?

ip dhcp snooping