DATE:

EX.NO: 1.1

CASE STUDY 1

Aim:

To analyze the performance of various configurations and protocols in LAN.

Objective

Establishing a Local Area Network (LAN):

The main objective is to set up a Local Area Network, concepts involved in this network are IP
addressing and the Address Resolution Protocol (ARP). The required equipments are
192.168.1.1, 192.168.1.2, 192.168.1.3, Host A Host B Host C, Switch/HUB, three PC`s equipped
with at least oneNIC, one HUB or Switch and the necessary cables. Once the physical LAN is set
up the hosts need to be configured using the ifconfig command. To verify communication among
the machines the ping command is used. Next, to manipulate the routing tables at the hosts to
understand how machines know where to send packets. Since the ifconfig command places a
default route into the routing tables this route must be deleted. to´blindfoldˇ the machine. The
ping command is used again to show that communication is no longer available. To re-establish
communication the routes are put back into the routing table one host at a time. Communication
is once again verified using the ping command.

REQUIREMENTS:

1. 3 Windows PC or 3 Linux PC, Each PC must Have One NIC cards.

2. 1 Switch (8 port) or 1 Hub.
3. 3 Straight Line LAN (cat-5) Cables with RJ-45 Sockets.
4. Power supply
5. Class C IP Address. using Static IP configuration.
6. Basic Network Configuration Commands. For Switch and PCs.
7. Cisco Packet Tracer 6.0.1

PROCEDURES:

1. Open The CISCO PACKET TRACER software.

2. Draw The Three PC using End Device Icons.
3. Draw The CISCO 24 Port Switch Using Switch icon lists.
4. Make The Connections using Straight-Through Ethernet Cables.
5. Enter The IP Address To Each Machine.
6. Check the IP address for Every PC using ipconfig or ifconfig Command.
7. Check The Connections using Ping Commands.
8. View The MAC Address Table.
NETWORK TOPOLOGY:

PC-1 IP ADDRESS:
PC-2 IP ADDRESS:

PC-3 IP ADDRESS:

VIEW THE SWITCH MAC ADDRESS TABLE :

Command Line View:

Switch>show mac-address-table
Graphical View :

ARP Table For Switch :

ARP is Layer 2 to Layer 3 mapping; if our switches are Layer 2 and pings are on the same
network, there is no arp cash on switches.

PING PC 1 - PC 2 :
ping command is a Network Utility Command. ping tools use Internet Control Message Protocol
(ICMP). ping used to verify the connection between source PC to Destination PC.

c:>ping 192.168.1.3
PING PC 1 - PC 3
c:>ping 192.168.1.3

OSI LAYER ARCHITECTURE:

INPUT PROTOCOL DATA UNIT (PDU):
OUTPUT PROTOCOL DATA UNIT (PDU):

RESULT:
Thus the Experiment is configured successfully.
DATE:
EX.NO: 1.2

CASE STUDY 1

Aim:

To analyze the performance of various configurations and protocols in LAN.

Objective

Connecting two LANs using multi-router topology with static routes:

The main objective is to extend routing connection by using multiple routers. The concepts
include IP addressing and basic network routing principles. Connect two LANs topology. During
router configuration attention is paid to the types of interfaces as additional issues are involved
with set-up. For example, the serial interfaces require clocking mechanisms to be set correctly.
Once the interfaces are working the ping command is used to check for communication between
LANs. The failure of communication illustrates the need for routes to be established inside the
routing infrastructure. Static routes are used to show how packets can be transported through any
reasonable route. It is run trace route on two different configurations to demonstrate the
implementation of different routes.

REQUIREMENTS:

1. 4 Windows PC or 4 Linux PC, Each PC must Have One NIC cards.

2. 2 Switch (8 port) or 2 Hub.
3. 6 Straight Line LAN(cat-5) Cables with RJ-45 Sockets.
4. Power supply
5. Class C IP Address. using Static IP configuration.
6. Basic Network Configuration Commands. For Router,Switch and PCs.
7. Cisco Packet Tracer 6.0.1
8. 2 Cisco Routers (Model 1841)
9. 1 serial cable for router to router connection.

PROCEDURES:

1. Open The CISCO PACKET TRACER software.

2. Draw The 4 PC using End Device Icons.
3. Draw The 2 CISCO 24 Port Switch Using Switch icon lists.
4. Draw The 2 Cisco 1841 Routers Using Router icon lists.
5. Make The Connections using Straight-Through Ethernet Cables.
6. Configure Routers R1 and R2.
7. Enter The IP Address To Each Machine.
8. Configuring Static Routing for Each router.
9. Configuring RIP Routing for Each router.
10. Check the IP address for Every PC using ipconfig or ifconfig Command.
 11. Check the Connections using Ping Commands.
12. View the MAC Address Table.
13. View the ARP Address Table.
14. View the Routing Table.

NETWORK TOPOLOGY:

ROUTER R1 CONFIGURATION
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config)#interface Serial0/0/0
Router(config-if)#ip address 192.168.3.1 255.255.255.0
Router(config-if)#

SET THE CLOCK RATE

Router(config)#interface serial0/0/0
Router(config-if)#clock rate ?
Speed (bits per second
1200
2400
4800
9600
19200
 38400
56000
64000
72000
125000
128000
148000
250000
500000
800000
1000000
1300000
2000000
4000000
<300-4000000> Choose clockrate from list above
Router(config-if)#clock rate 72000

ADDING STATIC ROUTING:

Router(config-if)#ip route Destination Network| Destination N/W SubnetMask |Next Hop
Address
Router(config-if)#ip route 192.168.2.0 255.255.255.0 192.168.3.2

ADDING RIP ROUTING:

Router#config terminal
Router(config)#router rip
Router(config-router)#network 192.168.1.0
Router(config-router)#network 20.0.0.0

ROUTER R2 CONFIGURATION
Router#
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#ip address 192.168.2.1 255.255.255.0
Router(config)#interface Serial0/0/0
Router(config-if)#ip address 192.168.3.2 255.255.255.0
Router(config-if)#

SET THE CLOCK RATE

Router(config)#interface serial0/0/0
Router(config-if)#clock rate ?
Speed (bits per second
1200
2400
4800
9600
19200
 38400
56000
64000
72000
125000
128000
148000
250000
500000
800000
1000000
1300000
2000000
4000000
<300-4000000> Choose clockrate from list above
Router(config-if)#clock rate 72000

ADDING STATIC ROUTING:

Router(config-if)#ip route Destination Network| Destination N/W SubnetMask |Next Hop
Address
Router(config-if)#ip route 192.168.1.0 255.255.255.0 192.168.3.1

ADDING RIP ROUTING:

Router#config terminal
Router(config)#router rip
Router(config-router)#network 192.168.2.0
Router(config-router)#network 20.0.0.0

PC CONFIGURATION:
PC-1>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::2E0:8FFF:FEBC:1B4C
IP Address......................: 192.168.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1

PC-2>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::260:2FFF:FE61:B37C
IP Address......................: 192.168.1.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1

PC-3>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::250:FFF:FE6D:ED85
IP Address......................: 192.168.2.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1

PC-4>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::201:64FF:FE76:7A08
IP Address......................: 192.168.2.3
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.2.1

ROUTER R1 RUNNING CONFIGURATION:

Router>enable
Router#show running-config
Building configuration...
Current configuration : 703 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.3.1 255.255.255.0
!
interface Serial0/0/1
no ip address
!
interface Vlan1
no ip address
shutdown
!
router rip
network 20.0.0.0
network 192.168.1.0
!
ip classless
ip route 192.168.2.0 255.255.255.0 192.168.3.2
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

Router#copy running-config startup-config

Destination filename [startup-config]?
Building configuration...
[OK]
Router#
ROUTER R2 RUNNING CONFIGURATION:
Router>enable
Router#show running-config
Building configuration...
Current configuration : 703 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.3.2 255.255.255.0
!
interface Serial0/0/1
no ip address
!
interface Vlan1
no ip address
shutdown
!
router rip
network 20.0.0.0
network 192.168.2.0
!
ip classless
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#
ROUTER R1 ROUTE TABLE:
Router#sh ip route

ROUTER R2 ROUTE TABLE:

Router#sh ip route

SHOW R1 ROUTER ARP TABLE:

SHOW R2 ROUTER ARP TABLE:

SHOW PC ARP TABLE:

OSI LAYER ARCHITECTURE:

R1 ROUTER

R2 ROUTER
INPUT PROTOCOL DATA UNIT (PDU):
OUTPUT PROTOCOL DATA UNIT (PDU):
OUT PUT:
c :>ping 192.168.2.2

c:>ping 192.168.1.3

RESULT:

Thus the Experiment is configured successfully.

DATE:
EX.NO: 1.3

CASE STUDY 1

Aim:

To analyze the performance of various configurations and protocols in LAN.

Objective

Analyzing the performance of various configurations and protocols

Original TCP versus the above modified one: To compare the performance between the
operation of TCP with congestion control and the operation of TCP as implemented. The main
objective is for students to examine how TCP responds to a congested network. The concepts
involved in the lab include network congestion and the host responsibilities for communicating
over a network. This lab requires three PC’s connected to a switch. One PC is designated as the
target host and the other two PC’s will transfer a file from the target host using FTP. A load is
placed on the network to simulate congestion and the file is transferred, first by the host using the
normal TCP and then by the host using the modified version. This procedure is performed
multiple times to determine average statistics. The students are then asked to summarize the
results and draw

REQUIREMENTS:

1. One Linux (fedora) Virtual PC.

2. Two Windows (XP) Virtual PC.
3. one Windows 7 PC with VMware Workstation
4. FTP Application layer protocol
5. TCP Transport layer protocol
6. Internet Connection
7. VMware Workstation 9.0.2
8. Wireshark-win32-1.10.0rc1
9. Class C IP Address.
FILE TRANSFER PROTOCOL

File Transfer Protocol (FTP) is the standard mechanism provided by TCP/IP for copying a file
from one host to another.

PROCEDURE:

Start the 3 virtual machine one by one.

WINDOWS XP VIRTUAL PC-1
WINDOWS XP VIRTUAL PC-2
LINUX VIRTUAL PC

Make the Internet Connectivity to the System

Log in to Linux virtual Machine
Log in to Windows XP Virtual Machine
Open the terminal window on the Linux machine.

Log in to root user account

Assign the Ip address 192.168.1.5
# ifconfig

Install the VSFTPD ftp server package

# yum install vsftpd
TEXT MODE INSTALLATION
GRAPHICAL MODE INSTALLATION

Power on the vsftpd Server

# chkconfig vsftpd on

Start the vsftpd Services.

#service vsftpd start
Check the Vsftpd Service status
#service vsftpd status

Add tcp protocol entries into our Iptables.

# iptables -A INPUT -p tcp --dport 20 -j ACCEPT
# iptables -A INPUT -p tcp --dport 21 -j ACCEPT

View the Iptables values

# iptables -L

Enable Linux Machine Firewall

# setup
Enable FTP protocol into your firewall configuration window.
Windows XP PC-1 Ip Address
Assign the IP Address to your first windows XP PC 192.168.1.2
c:/>ipconfig
Assign The IP Address to the second windows XP PC 192.168.1.3

FTPSERVERCONFIGURATION:
Edit the ftp server configuration file.

# vi /etc/vsftpd/vsftpd.conf

Make some changes and add some lines to your vsftpd.conf configuration file
local_root=public_html
use_localtime=YES
Add the user names to chroot_list file
# vi /etc.vsftpd.chroot_list

Add the user name fedora

Restart the vsftpd Service
Check the vsftpd service status

Set the Boolean values

# setsebool -P ftp_home_dir=1

On the Setseboolean
# setsebool -P allow_ftpd_anon_write on

Check the Boolean Status

# getsebool allow_ftpd_anon_write
Restart the FTP Server
# service vsftpd restart

TEXT MODE :
Go to XP PC-1
Open the command prompt windows
Type the following command
C:/>ftp 192.168.1.5
Enter the Linux user_name and password to login the linux machine

put the ftp>ls command

linux files also list out.
copy the particular file using recv command
ftp> recv sample
files has been successfully copied.
Paste the files
VIEW THE FILE CONTENT:
GUI MODE :
Open Internet Explorer
Type the following text on Address bar.
ftp://192.168.1.5
Enter linux machine user-name and password for login
The Linux Machine has been opened on the web browser
if want any file from the linux machine
COPY THE FILE
Select the file.
Copy Selected file.
Paste on the windows XP Desktop
PASTE THE FILE

VIEW THE FILE CONTENT

TCP PROTOCOL ANALYZING
Open Wire-shark application select the interface .
Start the capture button.

All the incoming and outgoing information are captured.

Save your Wire-shark capture file.
View the Wire-shark capture file and Analyzing your TCP protocol information's and
congestion's.

This application very use full for protocol Analyzing.

WIRE SHARK DISPLAY MY FTP LOGIN USER NAME AND PASSWORD

CLOSE THE FTP CONNECTION

Using quit command for close the FTP connection.
shutdown your virtual PC'S

RESULT:
Thus the experiment was executed successfully.
DATE:
EX.NO: 2

CASE STUDY 2

Aim:

To analyze the performance of RIP AND OSPF Redistribution

Objective:

This case study addresses the issue of integrating Routing Information Protocol
(RIP) networks with Open Shortest Path First (OSPF) networks. Most OSPF
networks also use RIP to communicate with hosts or to communicate with portions
of the inter-network that do not use OSPF. This case study should provide
examples of how to complete the following phases in redistributing information
between RIP and OSPF networks, including the following topics:

Configuring a RIP Network

Adding OSPF to the Center of a RIP Network
Adding OSPF Areas
Setting Up Mutual Redistribution

REQUIREMENTS:

1. CISCO 1841 Model 4 Routers.

2. Two 8 port switches.
3. Two End Device PC's
4. Communication medias (Serial Cable and copper straight through cable).
5. Class C IP Address.
6. Routing Protocols (RIP and OSPF).
7. Router iso configuration commands.
8. Cisco Packet Tracer 6.0.1.exe
9. Power supply.

PROCEDURES:

Configuring a RIP Network

A RIP network illustrates a RIP network. Four sites are connected with serial
lines. The RIP network uses a Class C address. Each site has a contiguous set of
network numbers
ROUTER R4 NETWORK CONFIGURATION:

interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
ip address 192.168.2.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.2 255.255.255.0
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0

ROUTER R3 NETWORK CONFIGURATION:

interface Serial0/0/0
ip address 192.168.1.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.2.1 255.255.255.0
!

ROUTER R1 NETWORK CONFIGURATION:

!
interface Serial0/0/0
ip address 192.168.5.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.1 255.255.255.0
!

ROUTER R2 NETWORK CONFIGURATION:

!
interface FastEthernet0/0
ip address 192.168.6.1 255.255.255.0
duplex auto
 speed auto
!
interface Serial0/0/0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.5.1 255.255.255.0
!

Adding OSPF to the Center of a RIP Network :

A common first step in converting a RIP network to OSPF is to add backbone

routers that run both RIP and OSPF, while the remaining network devices run RIP.
These backbone routers are OSPF autonomous system boundary routers. Each
autonomous system boundary router controls the flow of routing information
between OSPF and RIP

ROUTER R3 OSPF CONFIGURATION:

!
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
!

ROUTER R1 OSPF CONFIGURATION:

!
router ospf 1
network 192.168.5.0 0.0.0.255 area 0
!

Adding OSPF Areas :

ROUTER R2 OSPF CONFIGURATION:

router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 1
!
NETWORK TOPOLOGY:

Most OSPF networks also use RIP to communicate with hosts or to communicate
with portions of the inter-network that do not use OSPF. Cisco supports both the
RIP and OSPF protocols and provides a way to exchange routing information
between RIP and OSPF networks.

Setting Up Mutual Redistribution:

Mutual redistribution between RIP and OSPF networks is running both OSPF and
RIP.

R1 ROUTER MUTUAL REDISTRIBUTION:

router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.5.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.4.0

R3 ROUTER MUTUAL REDISTRIBUTION:

router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.1.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.2.0

ROUTER R1 RUNNING CONFIGURATION FILES:

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
 shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.5.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.5.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.4.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
ROUTER R2 RUNNING CONFIGURATION FILE :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.6.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.5.1 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
network 192.168.6.0 0.0.0.255 area 1
!
router rip
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

ROUTER R3 RUNNING CONFIGURATION FILE:

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.1.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.2.1 255.255.255.0
!
interface Vlan1
 no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 192.168.1.0 0.0.0.255 area 0
!
router rip
redistribute ospf 1 metric 10
network 192.168.2.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

ROUTER R4 RUNNING CONFIGURATION FILE:

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
 no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.2.2 255.255.255.0
!
interface Serial0/0/1
ip address 192.168.4.2 255.255.255.0
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
PING BETWEEN 192.168.6.2 TO 192.168.3.2 :

PING BETWEEN 192.168.3.2 TO 192.168.6.2 :

ROUTING TABLE:

For a Cisco router, the IOS command show ip route displays the routes in the
routing table. There are several types of routes that can appear in the routing table:

Directly-Connected Routes:

When the router powers up, the configured interfaces are enabled. As they become
operational, the router stores the directly attached local network addresses as
connected routes in the routing table. For Cisco routers, these routes are identified
in the routing table with the prefix C. These routes are automatically updated
whenever the interface is reconfigured or shutdown.

Static Routes:

A network administrator can manually configure a static route to a specific

network. A static route does not change until the administrator manually
reconfigures it. These routes are identified in the routing table with the prefix S.

Dynamically-Updated Routes (Dynamic Routes) :

Dynamic routes are automatically created and maintained by routing protocols.

Routing protocols are implemented in programs that run on routers and that
exchange routing information with other routers in the network. Dynamically-
updated routes are identified in the routing table with the prefix that corresponds to
the type of routing protocol that created the route, for example R is used for the
Routing Information Protocol (RIP).

Default Route:

The default route is a type of static route which specifies a gateway to use when
the routing table does not contain a path to use to reach the destination network. It
is common for default routes to point to the next router in the path to the Internet
Service Provider. If a subnet has only one router, then that router is automatically
the default gateway, because all network traffic to and from that local network has
no option but to travel through that router.

RIP:

 It is a distance vector routing protocol.

 send the complete routing table out to all interface every 30 seconds.
 Rip only use hop count to determine best way to remote Network.
 Maximum allowable hop count is 15

OSPF:

Open Shortest Path First (OSPF) is a non-proprietary link-state routing protocol

described in RFC2328 .Identified in the routing table with the prefix O .
 Uses the SPF algorithm to calculate the lowest cost to a destination
 Sends routing updates only when the topology changes; does not send
periodic updates of the entire routing table.
 Provides fast convergence
 Supports VLSM and discontiguous subnets
 Provides route authentication
R1 ROUTER ROUTING TABLE:
R1 ROUTER ROUTING PROTOCOL:
R2 ROUTER ROUTING TABLE:

R2 ROUTER ROUTING PROTOCOL:

R3 ROUTER ROUTING TABLE:
R3 ROUTER ROUTING PROTOCOL:
R4 ROUTER ROUTING TABLE:

R4 ROUTER ROUTING PROTOCOL:

SWITCH 1 MAC ADDRESS TABLE :

SWITCH 2 MAC ADDRESS TABLE :

RESULT:

Thus the experiment was configured successfully.

DATE:
EX.NO: 3

CASE STUDY 3

Aim:

To configure Dial-On-Demand Routing.

Objective:

This case study should describe the use of DDR to connect a worldwide network
that consists of a central site located in Mumbai and remote sites located in
Chennai, Bangalore, and Hyderabad. The following scenarios should be
considered:
• Having the Central Site Dial Out
Describe the central and remote site configurations for three setups: a central site
with one interface per remote site, a single interface for multiple remote sites, and
multiple interfaces for multiple remote sites. Include examples of the usage of
rotary groups and access lists.
• Having the Central and Remote Sites Dial In and Dial Out
Describe the central and remote site configurations for three setups: central site
with one interface per remote site, a single interface for multiple remote sites, and
multiple interfaces for multiple remote sites. Also describes the usage of Point-to-
Point Protocol (PPP) encapsulation and the Challenge Handshake Authentication
Protocol (CHAP).
• Having Remote Sites Dial Out
A common configuration is one in which the remote sites place calls to the central
site but the central site does not dial out. In a “star” topology, it is possible for all
of the remote routers to have their serial interfaces on the same subnet as the
central site serial interface.
• Using DDR as a Backup to Leased Lines
Describes the use of DDR as a backup method to leased lines and provides
examples of how to use floating static routes on single and shared interfaces.
• Using Leased Lines and Dial Backup
Describes the use of Data Terminal Ready (DTR) dialing and V.25bis dialing with
leased lines.

REQUIREMENTS:

1. One Cisco router 2301

 2. One Cisco router 800
3. Two ISDN BRI interface.
4. Basic DDR configuration commands.
5. Basic network configuration commands (ping).
6. ISDN Serial DCE cables.
7. Boson NetSim for CCNP v6.0 Beta3b

NETWORK TOPOLOGY:
ROUTERS ISDN PARAMETERS:

CHENNAI ROUTER RUNNING CONFIGURATION:

CHENNAI#sh running-config
Building configuration...
!
Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CHENNAI
!
ip subnet-zero
!
interface Serial0
 no ip address
no ip directed-broadcast
bandwidth 1544
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
bandwidth 1544
shutdown
!
interface Ethernet0
no ip address
no ip directed-broadcast
bandwidth 10000
shutdown
!
interface Bri0
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
dialer-group 1
isdn switch-type basic-ni
isdn spid1 32177820010100
dialer map ip 192.168.0.2 name MUMBAI broadcast 7782001
encapsulation ppp
ppp authentication chap
!
ip classless
no ip http server
!
!
dialer-list 1 protocol ip permit
!
isdn switch-type basic-ni
line con 0
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end
MUMBAI ROUTER RUNNING CONFIGURATION:

MUMBAI#sh running-config
Building configuration...
!
Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname MUMBAI
!
ip subnet-zero
!
interface Ethernet0
no ip address
no ip directed-broadcast
bandwidth 10000
shutdown
!
interface Bri0
ip address 192.168.0.2 255.255.255.0
no ip directed-broadcast
dialer-group 1
isdn switch-type basic-ni
isdn spid1 32177820020100
dialer map ip 192.168.0.1 name CHENNAI broadcast 7782002
encapsulation ppp
ppp authentication chap
!
ip classless
no ip http server
!
dialer-list 1 protocol ip permit
!
isdn switch-type basic-ni
line con 0
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate
end

VERIFY ISDN DDR NETWORK CONNECTIVITY:

CHECK ISDN STATUS:

CHENNAI ROUTER ISDN STATUS:
MUMBAI ROUTER ISDN STATUS:

PING BETWEEN TWO ROUTERS:

RESULT:

Thus the experiment was configured successfully.

DATE:
EX.NO: 4

CASE STUDY 4

Aim:

To analyze the network security for improving the security of the network.

Objective:

This case study should provide the specific actions you can take to improve the
security of your network. Before going into specifics, however, you should
understand the following basic concepts that are essential to any security system:

Know your enemy

This case study refers to attackers or intruders. Consider who might want to
circumvent your security measures and identify their motivations. Determine what
they might want to do and the damage that they could cause to your network.
Security measures can never make it impossible for a user to perform unauthorized
tasks with a computer system. They can only make it harder. The goal is to make
sure the network security controls are beyond the attacker’s ability or motivation.

Count the cost

Security measures almost always reduce convenience, especially for sophisticated

users. Security can delay work and create expensive administrative and educational
overhead. It can use significant computing resources and require dedicated
hardware. When you design your security measures, understand their costs and
weigh those costs against the potential benefits. To do that, you must understand
the costs of the measures themselves and the costs and likelihoods of security
breaches. If you incur security costs out of proportion to the actual dangers, you
have done yourself a disservice.

Identify your assumptions

Every security system has underlying assumptions. For example, you might
assume that your network is not tapped, or that attackers know less than you do,
that they are using standard software, or that a locked room is safe. Be sure to
examine and justify your assumptions. Any hidden assumption is a potential
security hole.
Control your secrets

Most security is based on secrets. Passwords and encryption keys, for example, are
secrets. Too often, though, the secrets are not really all that secret. The most
important part of keeping secrets is knowing the areas you need to protect. What
knowledge would enable someone to circumvent your system? You should
jealously guard that knowledge and assume that everything else is known to your
adversaries. The more secrets you have, the harder it will be to keep all of them.
Security systems should be designed so that only a limited number of secrets need
to be kept.

Know your weaknesses

Every security system has vulnerabilities. You should understand your system’s
weak points and know how they could be exploited. You should also know the
areas that present the largest danger and prevent access to them immediately.
Understanding the weak points is the first step toward turning them into secure
areas.

Limit the scope of access

You should create appropriate barriers inside your system so that if intruders
access one part of the system, they do not automatically have access to the rest of
the system. The security of a system is only as good as the weakest security level
of any single host in the system.

Remember physical security

Physical access to a computer (or a router) usually gives a sufficiently

sophisticated user total control over that computer. Physical access to a network
link usually allows a person to tap that link, jam it, or inject traffic into it. It makes
no sense to install complicated software security measures when access to the
hardware is not controlled

REQUIREMENTS:

1. CISCO 1841 Model 1 Routers.

2. One 8 port switch.
 3. One Laptop For Console Local Administration.
4. One PC for Remote telnet Login.
5. Class C, Class B IP Address.
6. Basic Telnet Routing Configuration Commands.
7. One Console Roll over cable.
8. Two copper Straight through Cable.
9. Cisco Packet Tracer 6.0.1.exe
10.Power supply.

PROCEDURE:

1. Create console connectivity for Local Administrative Purpose.

2. Securing Router Console Interface.
3. Creating Remote Telnet Access on your Router with basic level security.
4. Enable Router User Privilege Mode password for Remote Telnet Access.
5. Hack Basic Level Type 7 Console and Telnet Router Password.
6. Creating High Level security.

 Creating MD-5 Encryption

 Creating AAA Authentication
 Blocking Dictionary Attack.
 Creating Named Access List Control.
 Enabling Log Files Database for Failure and Success Attempt.
 Create console connectivity for Local Administrative Purpose :
NETWORK TOPOLOGY:

Console Connectivity

R1 ROUTER CONFIGURATION :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R1
!
enable password 7 0822455D0A16
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
exec-timeout 30 0
password 7 0822455D0A16
login
!
line aux 0
!
line vty 0 4
password 7 0822455D0A16
login
!
End
PC-1 IP ADDRESS :

Create Console Login

line con 0
exec-timeout 30 0

Securing Router Console Interface.

password 7 0822455D0A16
login

TRY TO LOGIN CONSOLE PORT :

Console Login

Creating Remote Telnet Access on your Router with basic level security :
NETWORK TOPOLOGY:

ENABLE THE TELNET ACCESS :

R1(config)#linevty04

BASICTYPE7ENCRYPTION
R1(config-line)#passwordcisco
R1(config-line)#login

R1ROUTERTELNETCONFIGURATION:
!
version12.4
noservicetimestampslogdatetimemsec
noservicetimestampsdebugdatetimemsec
servicepassword-encryption
!
hostnameR1
!
enablepassword70822455D0A16
!
spanning-treemodepvst
!
interfaceFastEthernet0/0
ipaddress192.168.1.1255.255.255.0
duplexauto
speedauto
!
interfaceFastEthernet0/1
noipaddress
duplexauto
speedauto
shutdown
!interfaceVlan1
noipaddress
shutdown!ipclassless!linecon0
exec-timeout300
password70822455D0A16
login
!
lineaux0
!
linevty04
password70822455D0A16
login
!
end

Enable Router User Privilege Mode password for Remote Telnet Access :
R1(config)#enable password cisco
This is basic level Type 7 encryption. hackers can Easily find out This Encrypted
Password.

Hack Basic Level Type 7 Console and Telnet Router Password :

 Go to your Router enter into your User Privilege mode.

 Type R1#sh running-config
 View your Router Running Configuration
 Copy your Encrypted password
  enable password 7 0822455D0A16
 Go to This Website Link
 http://www.ifm.net.nz/cookbooks/passwordcracker.html
 Then paste your Password on the Type 7 password text box
 Then Click crack password button
 Your password has been successfully Decrypted.
 Original Password is cisco
 Encrypted Password is 0822455D0A16

Creating High Level security :

NETWORK TOPOLOGY:

Creating MD5

he password has been hashed using the stronger MD5 algorithm.

enable secret password

privilege mode MD5 Password

R1(config)#enable secret cisco1234
Original password is -- cisco1234
Encrypted Password is -- $1$mERr$WKkcGROjDgUmPKrVvqyr10

Creating AAA Authentication :

Authentication:
Identifies users by login and password using challenge and response methodology
before the user even gains access to the network. Depending on your security
options, it can also support encryption.
Authorization:
After initial authentication, authorization looks at what that authenticated user has
access to do. RADIUS or TACACS+ security servers perform authorization for
specific privileges by defining attribute-value (AV) pairs, which would be specific
to the individual user rights. In the Cisco IOS, you can define AAA authorization
with a named list or authorization method.

Accounting:
The last "A" is for accounting. It provides a way of collecting security information
that you can use for billing, auditing, and reporting. You can use accounting to see
what users do once they are authenticated and authorized. For example, with
accounting, you could get a log of when users logged in and when they logged out.

Enabling AAA
Router(config)# aaa new-model
R1(config)#username cisco secret cisco1234

Configuring the TACACS+ servers

Next we need to configure the addresses of the AAA servers we want to use. This
example shows the configuration of TACACS+ servers, but the concept applies to
RADIUS servers as well. There are two approaches to configuring TACACS+
servers. In the first, servers are specified in global configuration mode using the
command tacacs-server to specify an IP address and shared secret key for each
server:

Router(config)# tacacs-server host 192.168.1.3 key MySecretKey1

Router(config)# tacacs-server host 192.168.2.3 key MySecretKey2
More details Click Here

Blocking Dictionary Attack:

The primary intention of a dictionary attack, unlike a typical DoS attack, is to

actually gain administrative access to the device. A dictionary attack is an
automated process to attempt to login by attempting thousands, or even millions, of
username/password combinations. (This type of attack is called a "dictionary
attack" because it typically uses, as a start, every word found in a typical dictionary
as a possible password.) As scripts or programs are used to attempt this access, the
profile for such attempts is typically the same as for DoS attempts; multiple login
attempts in a short period of time.
NETWORK TOPOLOGY:

Block Dictionary Attack

R1(config)#login block-for 120 attempts 3 within 60

Explanation :
This command Stop the Dictionary attacks from the Hackers.
Time period in seconds -120 seconds
attempts -Set max number of fail attempts - 5 times
within Watch period for fail attempts - 60 seconds
More Details Click here

Creating Named Access List Control :

Cisco IOS versions 11.2 and higher can create Named ACLs (NACLs). In an
NACL, a descriptive name replaces the numerical ranges required for Standard and
Extended ACLs. Named ACLs offer all the functionality and advantages of
Standard and Extended ACLs; only the syntax for creating them is different.
The name given to an ACL is unique. Using capital letters in the name makes it
easier to recognize in router command output and troubleshooting.
A Named ACL is created with the command:

ip access-list {standard | extended} name

STANDARD NAMED ACL

DENY 192.168.1.2:

NETWORK TOPOLOGY:

R1 ROUTER CONFIGURATION :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group Block-192.168.1.2 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip access-list standard Block-192.168.1.2
deny host 192.168.1.2
permit any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
PING BETWEEN 192.168.1.2 TO 172.16.13.2 :
R1(config)#ip access-list standard Block-192.168.1.2
R1(config-std-nacl)#deny host 192.168.1.2
 deny host 192.168.1.2

PING BETWEEN 192.168.1.3 TO 172.16.13.2:

R1(config)#ip access-list standard Block-192.168.1.2
R1(config-std-nacl)#deny host 192.168.1.2
R1(config-std-nacl)#permit any

permit any

Enabling Log Files Database for Failure and Success Attempt :

It store the login attempt success and failure at a base.

NETWORK TOPOLOGY:

VIEW LOG FILES ENTERING ON YOUR ROUTER :

BEFORE THE LOG FILE CREATION :

AFTER THE LOG FILE CREATION :

RESULT:

Thus the experiment was executed successfully.

DATE:
EX.NO: 5

CASE STUDY 5

Aim:

To Control Traffic Flow in a network.

Objective:

In this case study, the firewall router allows incoming new connections to one or
more communication servers or hosts. Having a designated router act as a firewall
is desirable because it clearly identifies the router’s purpose as the external
gateway and avoids encumbering other routers with this task. In the event that the
internal network needs to isolate itself, the firewall router provides the point of
isolation so that the rest of the internal network structure is not affected.
Connections to the hosts are restricted to incoming file transfer protocol (FTP)
requests and email services. The incoming Telnet, or modem connections to the
communication server are screened by the communication server running
TACACS username authentication.

REQUIREMENTS:

1. One CISCO 1841 Model 1 Routers.

2. One 8 port switch.
3. One PC for Remote telnet Login.
4. One Server (TACASC+) for telnet Login Authentication.
5. Class C, Class B IP Address.
6. Basic Telnet Routing Configuration Commands.
7. Two copper Straight Through Cable.
8. Cisco Packet Tracer 6.0.1.exe
9. Power supply.

PROCEDURE:

Lab Objective:

any one try to telnet the router must be authenticated through AAA server First and
in case AAA server is down , router will use his local user accounts database.
configuration at the router:
--------setting telnet ------------
Router(config)#enable secret 1234
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#exit
Router(config)#username telnet password 1234

AAA commands
----------enable AAA on the router------------
Router(config)#aaa new-model

set authentication for login using two methods ,

-------Method 1----------
using AAA server through Tacacs+ protocol ,

-------Method 2 ----------
using local router user accounts.
tell the router what is the IP address for Tacas+ server and key (password) to
connect to:
Router(config)#tacacs-server host 192.168.1.3 key 1234

configuration at AAA server :

---------ACS SERVER-----------
----user account ----
username : tacacs
password: tacacs
tacas+ client Ip :192.168.1.1
key : 1234
Now here is few show commands we can use plus one command to unlock any
user account reach max failed attempts to logon:
Router#show aaa user all
Router#show aaa sessions
Router#show aaa local user lockout
Router#clear aaa local user lockout username all
For best practice try to telnet the router with local username telnet password
1234 and it will not work then try to use TACACS server user name we wrote
above: tacacs password tacacs and it will work fine now disconnect the TACACS
server or just remove the cable and try to telnet the router using telnet and it will
work fine. Remember methods 1 fail, you will not go to method 2 but if method 1
is not available then you can go to method 2 and use it.
PHYSICAL CONNECTIONS:

NETWORK TOPOLOGY:

TELNET WITH OUT TACACS SERVER:

TELNET WITH TACACS SERVER:

NETWORK TOPOLOGY:
TELNET CLIENT IP ADDRESS :

TACACS SERVER IP :
TACACS+ SERVER CONFIGURATION :

ROUTER RUNNING CONFIGURATION:

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
enable secret 5 $1$mERr$4dpRATIgxQacPVK0CfNV4/
!
aaa new-model
!
username telnet password 0 1234
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
password telnet
login authentication default
!
end

TELNET LOGIN WITH OUT TACACS SERVER AUTHENTICATION:

RESULT:

Thus the Experiment was configured successfully

TELNET LOGIN WITH TACACS SERVER AUTHENTICATION:

Router#sh aaa session :

DATE:
EX.NO: 6

CASE STUDY 6

Aim:

To configure the standard access list for a network.

Objective:

Access lists define the actual traffic that will be permitted or denied, whereas an
access group applies an access list definition to an interface. Access lists can be
used to deny connections that are known to be a security risk and then permit all
other connections, or to permit those connections that are considered acceptable
and deny all the rest. For firewall implementation, the latter is the more secure
method. In this case study, incoming email and news are permitted for a few hosts,
but FTP, Telnet, and rlogin services are permitted only to hosts on the firewall
subnet. IP extended access lists (range 100 to 199) and transmission control
protocol (TCP) or user datagram protocol (UDP) port numbers are used to filter
traffic. When a connection is to be established for email, Telnet, FTP, and so forth,
the connection will attempt to open a service on a specified port number. An access
list is invoked after a routing decision has been made but before the packet is sent
out on an interface. The best place to define an access list is on a preferred host
using your favorite text editor. You can create a file that contains the access-list
commands, place the file (marked readable) in the default TFTP directory and then
network load the file onto the router.

REQUIREMENTS:

1. Cisco 1841 model router

2. One switch
3. One dedicated server
4. Five Windows or Linux PC's
5. Cooper Straight Through Cable
6. Cooper Cross over cable
7. Class C IP Address and Class A IP Address
8. Basic Router Interface Configuration Commands.
9. Basic Standard ACL Configuration Commands
10.Ping Command
11.Cisco Packet Tracer 6.0.0.exe
PROCEDURE:

1. Open The CISCO PACKET TRACER software.

2. Draw The FIVE PC using End Device Icons.
3. Draw The CISCO 24 Port Switch Using Switch icon lists.
4. Draw The CISCO ROUTER using router icon lists.
5. Make The Connections using Straight-Through Ethernet Cables and Cross
over Cables.
6. Enter The IP Address To Each Machine Like PC, Router and Server.
7. Check the IP address for Every PC using ipconfig or ifconfig Command.
8. Check The Connections using Ping Commands.
9. Create The Standard Access List For Local Network.
10.I Create The Access deny permissions to PC4, PC5, PC6.
11.I Create The Access Permit Permission to Remaining PC's (PC1, PC2, PC3).
12.Verify your Access Control List Using Ping Command.

WHAT IS ACCESS CONTROL LIST?

One of the most common methods of traffic filtering is the use of access control
lists (ACLs). ACLs can be used to manage and filter traffic that enters a network,
as well as traffic that exits a network.
An ACL ranges in size from one statement that allows or denies traffic from one
source, to hundreds of statements that allow or deny packets from multiple sources.
The primary use of ACLs is to identify the types of packets to accept or deny.

ACLs identify traffic for multiple uses such as:

 Specifying internal hosts for NAT

 Identifying or classifying traffic for advanced features such as QoS and
queuing
 Restricting the contents of routing updates
 Limiting debug output
 Controlling virtual terminal access to routers

The following potential problems can result from using ACLs:

 The additional load on the router to check all packets means less time to
actually forward packets
 Poorly designed ACLs place an even greater load on the router and might
disrupt network usage.
  Improperly placed ACLs block traffic that should be allowed and permit
traffic that should be blocked.

TYPES OF ACCESS CONTROL LIST:

1. Standard ACLs

The Standard ACL is the simplest of the three types. When creating a standard IP
ACL, the ACLs filter based on the source IP address of a packet. Standard ACLs
permit or deny based on the entire protocol, such as IP. So, if a host device is
denied by a standard ACL, all services from that host are denied. This type of ACL
is useful for allowing all services from a specific user, or LAN, access through a
router while denying other IP addresses access. Standard ACLs are identified by
the number assigned to them. For access lists permitting or denying IP traffic, the
identification number can range from 1 to 99 and from 1300 to 1999.

2. Extended ACLs
Extended ACLs filter not only on the source IP address but also on the destination
IP address, protocol, and port numbers. Extended ACLs are used more than
Standard ACLs because they are more specific and provide greater control. The
range of numbers for Extended ACLs is from 100 to 199 and from 2000 to 2699.

3. Named ACLs

Named ACLs (NACLs) are either Standard or Extended format that are referenced
by a descriptive name rather than a number. When configuring named ACLs, the
router IOS uses a NACL subcommand mode.

STANDARD ACL CONFIGURATION:

is the basic level of Access control List configuration technique. it permit and deny
the remote hosts to on your network.

NETWORK TOPOLOGY:
 STANDARD ACCESS LIST

IP ADDRESS FOR EACH MACHINE:

PC-1 IP ADDRESS:

PC-2 IP ADDRESS:

PC-3 IP ADDRESS:
PC-4 IP ADDRESS:

PC-5 IP ADDRESS :
ROUTER R1 FAST ETHERNET INTERFACE 0/0 AND INTERFACE 0/1 IP
ADDRESS:

OUTSIDE NETWORK SERVER IP ADDRESS:

CHECK THE NETWORK CONNECTIVITY USING PING
COMMAND BEFORE THE STANDARD ACCESS LIST
CONTROL CONFIGURATION:

PING PC-1 TO SERVER:

PING PC-2 TO SERVER:

CONFIGURE THE STANDARD ACCESS LIST CONTROL LIST:

Now I deny three remote pc access permission. In my router R1. Here after check
the ping connectivity between PC 3, 4, 5 to server. Ping was un successful because
I block the pc 3, 4, 5 request.

PING PC-3 TO SERVER:

PING PC-4 TO SERVER:

PING PC-5 TO SERVER:

RI ROUTER RUNNING CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 11 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.10 255.0.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
 ip classless
!
!
access-list 11 deny host 192.168.1.6
access-list 11 deny host 192.168.1.5
access-list 11 deny host 192.168.1.4
access-list 11 permit any
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
end

R1 ROUTER ROUTING TABLE:

DATE: RESULT:
EX.NO: 6
Thus the standard access list has been configured successfully.
CASE STUDY 6
Aim:

To configure the extended access control list for a network.

Objective:

Extended ACLs filter not only on the source IP address but also on the destination
IP address, protocol, and port numbers. Extended ACLs are used more than
Standard ACLs because they are more specific and provide greater control. The
range of numbers for Extended ACLs is from 100 to 199 and from 2000 to 2699

REQUIREMENTS:

1. One Cisco 2960 switch or other comparable switch

2. Two Cisco 1841 or equivalent routers, each with a serial and an Ethernet
interface
3. Three Windows-based PCs, at least one with a terminal emulation program,
and all set up as hosts
4. At least one RJ-45-to-DB-9 connector console cable to configure the routers
and switch
5. Three straight-through Ethernet cables
6. One crossover Ethernet cable
7. One 2-part DTE/DCE serial crossover

PROCEDURE:

1. Connect the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of
Router 2 using a serial cable.
2. Connect the Fa0/0 interface of Router 1 to the Fa0/1 port of Switch 1 using
straight-through cable.
3. Connect a console cable to each PC to perform configurations on the routers
and switch.
4. Connect Host 1 to the Fa0/3 port of Switch 1 using a straight-through cable.
5. Connect Host 2 to the Fa0/2 port of Switch 1 using a straight-through cable.
6. Connect a crossover cable between Host 3 and the Fa0/0 interface of Router

NETWORK TOPOLOGY:
Perform basic configuration on Router 1
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.15.1 255.255.255.0
ip access-group 101 in
!
interface Serial0/0/1
 no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
network 192.168.15.0
!
ip classless
!
access-list 101 permit ip host 192.168.5.10 host 192.168.15.1
access-list 101 permit ip host 192.168.5.10 host 192.168.1.1
access-list 101 deny ip any host 192.168.15.1
access-list 101 deny ip any host 192.168.1.1
access-list 101 permit ip any any
access-list 101 deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

Perform basic configuration on Router 1

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.5.1 255.255.255.0
ip access-group 101 out
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.15.2 255.255.255.0
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.5.0
network 192.168.15.0
!
ip classless
!
access-list 101 permit ip host 192.168.1.10 host 192.168.5.10
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.5.10
access-list 101 permit ip any any
access-list 101 deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

PERMIT HTTP AND DENY ICMP:

NETWORK TOPOLOGY:

PERMIT HTTP, DENY ICMP

R1 ROUTER CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
 ip access-group 100 out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
access-list 100 permit tcp any host 172.16.13.2 eq www
access-list 100 deny icmp any host 172.16.13.2 unreachable
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

PERMIT HTTP:
EXTENDED ACCESS LIST 100

access-list 100 permit tcp any host 172.16.13.2 eq www

DENY ICMP:
 access-list 100 deny icmp any host 172.16.13.2 unreachable

DENY AND PERMIT TELNET:

NETWORK TOPOLOGY:

PERMIT AND DENY TELNET CONNECTION

R1 ROUTER CONFIGURATION :
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
enable secret 5 $1$mERr$IAMOTn9O8Oi71F2D6cQKs/
!
aaa new-model
!
aaa authentication login TT local
!
username telnet password 0 telnet
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.10.10.1 255.0.0.0
ip access-group 101 in
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 10.0.0.0
network 192.168.1.0
!
ip classless
!
access-list 101 deny tcp host 172.16.13.1 host 192.168.1.1 eq telnet
access-list 101 permit tcp host 10.10.10.2 host 192.168.1.1 eq telnet
!
line con 0
!
line aux 0
!
line vty 0 4
login authentication TT
!
end

R2 ROUTER CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.10.10.2 255.0.0.0
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router rip
network 10.0.0.0
network 172.16.0.0
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

DENY TELNET CONNECTION FROM 172.16.13.1 :

 Extended IP access list 101

access-list 101 deny tcp host 172.16.13.1 host 192.168.1.1 eq telnet

PERMIT TELNET CONNECTION FROM 10.10.10.2:

access-list 101 permit TCP host 10.10.10.2 host 192.168.1.1 eq telnet

TEL NET USER NAME: telnet

TEL NET PASSWORD: telnet
R1 ROUTER PRIVILEGE PASSWORD: telnet

PERMIT FTP:
NETWORK TOPOLOGY:

Extended IP Access List

access-list 100 permit TCP any host 172.16.13.2 eq ftp

FTP LOG IN FROM PC 192.168.1.2

 access list 100 permit TCP any host 172.16.13.2 gt 1023

R1 ROUTER CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
ip access-group 100 out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
access-list 100 permit tcp any host 172.16.13.2 eq www
access-list 100 deny icmp any host 172.16.13.2 unreachable
access-list 100 permit tcp any host 172.16.13.2 eq ftp
access-list 100 permit tcp any host 172.16.13.2 range 20 ftp
access-list 100 permit tcp any host 172.16.13.2 eq 20
access-list 100 permit tcp any host 172.16.13.2 gt 1023
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

PERMIT DNS AND NTP:

NETWORK TOPOLOGY:

permit DNS and NTP

ROUTER R1 CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
ip access-group 100 out
duplex auto
speed auto
!
interface Vlan1
no ip address
 shutdown
!
ip classless
!
access-list 100 permit tcp any host 172.16.13.2 eq www
access-list 100 deny icmp any host 172.16.13.2 unreachable
access-list 100 permit tcp any host 172.16.13.2 eq ftp
access-list 100 permit tcp any host 172.16.13.2 range 20 ftp
access-list 100 permit tcp any host 172.16.13.2 eq 20
access-list 100 permit tcp any host 172.16.13.2 gt 1023
access-list 100 permit udp any host 172.16.13.2 eq domain
access-list 100 permit udp any host 172.16.13.2 eq 123
access-list 100 permit udp any host 172.16.13.3 eq domain
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
ntp server 172.16.13.3 key 0
!
end

PERMIT NTP FROM ANY HOST:

access-list 100 permit udp any host 172.16.13.2 eq 123

PERMIT DNS FROM ANY HOST :
 access-list 100 permit udp any host 172.16.13.3 eq domain
access-list 100 permit udp any host 172.16.13.2 eq domain

PERMIT AND DENY EMAIL :

BEFORE THE EMAIL ACL CONFIGURATION:

NETWORK TOPOLOGY:

BEFORE EMAIL ACL CONFIGURATION

SEND A EMAIL FROM [email protected] TO [email protected] :

SEND A EMAIL FROM [email protected] TO [email protected] :
AFTER EMAIL ACL CONFIGURATION :

NETWORK TOPOLOGY:

R1 ROUTER CONFIGURATION:
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.13.1 255.255.0.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip classless
!
!
access-list 101 deny tcp 192.168.1.0 0.0.0.255 host 172.16.13.4 eq smtp
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
SEND A EMAIL [email protected] TO [email protected] :
SEND A EMAIL [email protected] TO [email protected] :
DENY EMAIL SERVICE FROM 192.168.1.0 NETWORK :

access list 101 deny tcp 192.168.1.0 0.0.0.255 host 172.16.13.4 eq SMTP

RESULT:

Thus the experiment was configured successfully.

DATE:
EX.NO: 7

CASE STUDY 7

CONFIGURING A FIRE WALL

Aim:

To configure a firewall and analyze it for a network.

Objective:

Consider a Fire wall communication server with single inbound modem. Configure
the modem to ensure security for LAN

REQUIREMENTS:

1. Cisco Packet Tracer 6.0.1

2. 3 PC windows or Linux PC's
3. One Switch or Hub
4. One DSL Modem
5. One Application Server
6. Communication Channels
7. Class B IP Address.
8. Basic Firewall things.
9. Basic Network Configuration Commands.
10.Cisco Packet Tracer 6.0.1.exe

PROCEDURE:

1. Open The CISCO PACKET TRACER software.

2. Draw The Three PC using End Device Icons.
3. Draw The CISCO 24 Port Switch Using Switch icon lists.
4. Draw The DSL modem using WAN Emulation Icon.
5. Draw The Cloud Icon using WAN Emulation Icon.
6. Draw The Server using End Device Icons.
7. Make the cable connectivity.
8. Enter The IP Address To Each Machine (Server and PC's).
9. Check the IP address for Every PC using ipconfig or ifconfig Command.
10.Check The Connections using Ping Commands.
 What is Firewall?

A firewall is a layer of security between your home network and the Internet.
Since a router or modem is the main connection from a home network to the
Internet, a firewall is often packaged with those devices. Every home network
should have a firewall to protect its privacy. firewalls are a combination of
hardware and software The hardware part gives firewalls excellent performance,
while the software part allows firewalls to be tailored to your specific needs.

Firewall Rules:

Firewall rules block or allow specific traffic passing through from one side of the
router to the other. Inbound rules (WAN to LAN) restrict access by outsiders to
private resources, selectively allowing only specific outside users to access specific
resources. Outbound rules (LAN to WAN) determine what outside resources local
users can have access to. A firewall has two default rules, one for inbound traffic
and one for outbound. The default rules of the modem router are:

1. Inbound
2. Outbound
INBOUND RULES:

Block all access from outside except responses to requests from the LAN side

OUTBOUND RULES:
Allow all access from the LAN side to the outside.

HOW TO WORK FIREWALL:

HOW TO PROTECT OUR NETWORK FROM THE HACKER ATTACKS :

NETWORK TOPOLOGY:

SERVER IP ADDRESS:

SERVER>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80 :: 201:63FF:FEB1:4829
IP Address......................: 172.16.0.1
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0

PC-1 IP ADDRESS :

PC>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80:: 201:C9FF:FE64:518E
IP Address......................: 172.16.0.2
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0

PC-2 IP ADDRESS :

PC>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80:: 201:C9FF:FE64:518E
IP Address......................: 172.16.0.2
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0

PC-3 IP ADDRESS :

PC>ipconfig
FastEthernet0 Connection :( default port)
Link-local IPv6 Address.........: FE80:: 290:21FF:FEBC:CDA5
IP Address......................: 172.16.0.4
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: 0.0.0.0
GRAPHICAL VIEW:

SERVER IP ADDRESS:

PC-1 IP ADDRESS:
PC-2 IP ADDRESS:

PC-3 IP ADDRESS:

BEFORE THE FIREWALL CONFIGURATION:

ICMP
ping command is a Network Utility Command. ping tools use Internet Control
Message Protocol (ICMP). ping used to verify the connection between source PC
to Destination PC.

PING BETWEEN WAN PC TO SERVER USING ICMP PROTOCOL:

ping was successful between the Server and Remote PC.
HTTP
Open the any PC web Browser type the server IP address in address bar.
(http://172.16.0.1). We can access the web page from the server.

WEB PAGE ACCESS BETWEEN SERVER TO WAN PC USING TCP

PROTOCOL:
Web Page can Access successful on Remote PC from the Server.
AFTER THE FIREWALL CONFIGURATION:

We use Firewall Inbound Rules. Block all access from outside except responses to
requests from the LAN side

Note:

 I Deny ICMP protocol Services from the outside Network

 I Allow TCP protocol Services from the outside Network
 I Deny ICMP protocol Services from the outside Network

I Allow TCP protocol Services from the outside Network

ICMP:
ping command is a Network Utility Command. ping tools use Internet Control
Message Protocol (ICMP). ping used to verify the connection between source PC
to Destination PC.

PING BETWEEN WAN PC TO SERVER USING ICMP PROTOCOL:

ping was not successful between the Server and Remote PC. Because I block the
outside network ICMP Services.

Ping was not successful

HTTP
Open the any PC web Browser type the server IP address in address bar.
(http://172.16.0.1). We can access the web page from the server.

WEB PAGE ACCESS BETWEEN SERVERS TO WAN PC USING TCP

PROTOCOL:
Web Page can Access successful on Remote PC from the Server. Because i Allow
the TCP protocol Services from the outside Network.

Web Page can Access successful

RESULT:

Thus the Firewall Experiment was Configured Successfully.

DATE:
EX.NO:

CASE STUDY 8

Integrating EIGRP (Enhanced Interior Gateway Routing Protocol) into

Existing Networks

Aim:

To integrate EIGRP (enhanced interior gateway routing protocol) into existing

networks

Objective:

The case study should provide the benefits and considerations involved in
integrating Enhanced IGRP into the following types of internetworks:

 IP—The existing IP network is running IGRP

 Novell IPX—The existing IPX network is running RIP and SAP
 AppleTalk—The existing AppleTalk network is running the Routing Table
Maintenance Protocol (RTMP)

When integrating Enhanced IGRP into existing networks, plan a phased

implementation. Add Enhanced IGRP at the periphery of the network by
configuring Enhanced IGRP on a boundary router on the backbone off the core
network. Then integrate Enhanced IGRP into the core network

REQUIREMENTS:

1. Three Cisco 2811 Routers.

2. Three 24 Port Cisco Switch.
3. Copper Straight Through Cables.
4. Three Serial Line Cables.
5. Nine Windows PCs
6. Class A and Class C IP Address.
7. EIGRP Router Configuration commands.
8. Basic Network configuration commands.
9. Cisco Packet Tracer 6.0.1.exe
PROCEDURES:

CREATE EIGRP NETWORK TOPOLOGY:

NETWORK TOPOLOGY

EIGRP
What is EIGRP?

Enhanced Interior Gateway Routing Protocol

Advanced distance vector
Rapid convergence
100% loop-free classless routing
Easy configuration
Incremental updates
Load balancing across equal- and unequal-cost pathways
Flexible network design
Multicast and unicast instead of broadcast address
Support for VLSM and discontiguous subnets
Manual summarization at any point in the internetwork
Support for multiple network layer protocols

Features of EIGRP:

Cisco proprietary protocol

Classless routing protocol
Includes all features of IGRP
Metric (32 bit) : Composite Metric (BW + Delay + load + MTU + reliability )
Administrative distance is 90
Updates are through Multicast (224.0.0.10 )
Max Hop count is 255 (100 by default)
Supports IP, IPX and Apple Talk protocols
Hello packets are sent every 5 seconds
Convergence rate is fast
Overcome The RIP limitations.

EIGRP Tables:

EIGRP routing Protocol maintains Three tables for best routing or path selection to
destination Network.

1. Neighbor Table
2. Topology Table
3. Routing Table
Disadvantages of EIGRP:
Works only on Cisco Routers

Directly Connected Networks on HYDERABAD Router

192.168.1.0
10.0.0.0

Configuring EIGRP
Router(config)# router eigrp <as no>
Router(config-router)# network <Network ID>

Directly Connected Networks on CHENNAI Router :

192.168.2.0
10.0.0.0
11.0.0.0

Configuring EIGRP :
Router(config)# router eigrp <as no>
Router(config-router)# network <Network ID>

Directly Connected Networks on Bangalore Router :

192.168.3.0
11.0.0.0
Configuring EIGRP :
Router(config)# router eigrp <as no>
Router(config-router)# network <Network ID>

HYDERABAD Router Running Configuration :

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname HYD
!

spanning-tree mode pvst

!
interface FastEthernet0/0
ip address 192.168.1.150 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
ip address 10.0.0.1 255.0.0.0
clock rate 148000
!
interface Serial0/3/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 10
network 192.168.1.0
network 10.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

CHENNAI Router Running Configuration:

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname CHE
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.150 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/2/0
ip address 10.0.0.2 255.0.0.0
!
interface Serial0/2/1
ip address 11.0.0.1 255.0.0.0
!
interface Vlan1
no ip address
shutdown
!
router eigrp 10
network 10.0.0.0
network 192.168.2.0
network 11.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

Bangalore Router Running Configuration:

!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname BANG
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.3.150 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/2/0
ip address 11.0.0.2 255.0.0.0
!
interface Serial0/2/1
no ip address
clock rate 1000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 10
network 192.168.3.0
network 11.0.0.0
no auto-summary
!
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
VERIFY THE NETWORK CONFIGURATION :

PING 192.168.1.3
PING 192.168.3.2

PING 192.168.2.3
NEIGHBORS ROUTING TABLES:

HYDERABAD ROUTER NEIGHBOR TABLE:

CHENNAI ROUTER NEIGHBOR TABLE:

BANGALORE ROUTER NEIGHBOR TABLE:

ROUTER TOPOLOGY TABLES:

BANGALORE ROUTER TOPOLOGY TABLE

CHENNAI ROUTER TOPOLOGY TABLE:

HYDERABAD ROUTER TOPOLOGY TABLE

ROUTERS ROUTING TABLES:

BANGALORE ROUTER ROUTING TABLE:

CHENNAI ROUTER ROUTING TABLE

HYDERABAD ROUTER ROUTING TABLE

RESULT:

Thus the experiment was configured successfully.