Report Ponda

8/4/2019 Report Ponda

1/40

Quest group of Engineering andTechnology

Networking Technology

Summer Internship Report(June 13

th

2011 July 22nd

2011)

Summer Training Venue- Centre forDevelopment of

Advanced Computing,Mohali, Punjab

Submitted to :- Preparedby :-


2/40

Preface

The report is prepare during industrial training as a part of

summer internship program conducted after the end term of 4th

semester B.Tech program. This period provided me an opportunity

to give theoretical knowledge a practical implementation. Thereport is a result of seven weeks industrial training that I

underwent at CDAC, Mohali. Joining CDAC as a trainee gave me an

excellent platform at the onset of my professional carrier.

I whole heartedly thank the organization and especially their

Network Department for provided me an opportunity to work on

the Router, switches (layer 2 and layer 3) & hubs and hence

bringing out the best in me, alongside developing my talents &improving my skills, not just technically but also laying a firm

foundation for all round personality development. Co-operating

and working with a team helped me explore my potential &

perform better.

This report deals with the network scenario and how the

connection is made in the university and organizations. The report

also includes the pictorial scenario of network using Edraw.


3/40

Acknowledgement

It is a great sense of satisfaction and a matter of privilege for me

to work at CDAC, Mohali. I wish to express my heartiest thanks to

CDAC for providing me the opportunity to undergo training in the

esteemed organization. Under such a good environment,

systematic work approach and target oriented task, management

of this division provided me with the much-desired training

experience needed for the future software professional career.

It is my pleasure to thank Mr. Vijay Kumar to whom I owe a lot

giving me an opportunity to pursue my training in thisorganization.

I would like to thank Mr. Apoorv Kumar my faculty guide, for this

help cooperation and by being interactive during the reviewing of

my project for the various designs and performance issue.

Mr. Vijay Kumar Mr. Apoorv

SharmaCDAC, Mohali CDAC,

Mohali


4/40


5/40

telemedicine, e-Governance, e-Security, BOSS / Linux Server, Language

technology, Black Box for automobiles and Various RFID based Applications.

Health Care

Health care, or healthcare, is the prevention, treatment, and management of

illness and the preservation of mental and physical well being through the

services offered by the medical, nursing, and allied health professions. Health

care embraces all the goods and services designed to promote health. The

organized provision of such services may constitute a health care system. Hence,

Health informatics or medical informatics is the intersection of information

science, computer science and health care. It deals with the resources, devices

and methods required to optimize the acquisition, storage, retrieval and use of

information in health and biomedicine. Health informatics tools include not only

computers but also clinical guidelines, formal medical terminologies, and

information and communication systems.

Telemedicine & Healthcare Services

Telemedicine, a good combination of medicine and modern technology is raising

new hopes in health care. Telemedicine means providing medical Assistance at adistance with the help of Information and communication Technologies

Telemedicine enables a physician or specialist at one site to deliver e-health,

diagnose patients, give intra-operative assistance, provide therapy or consult with

another physicians or paramedical personnel at a remote site. Telemedicine is not

another technology but a process that focuses on the individual to provide greater

access and increased knowledge on e-health. It empowers the individual to

manage his/her own personal health, and integrates information to allow the

smooth flow of services and products throughout the health care system. There

are four main components of Telemetric, all of which are applicable to e-health:

Remote database access/update

Tele-monitoring

Tele-Video Conferencing

Case Handling/Message Passing
http://cdacmohali.in/default.aspx?pid=14&lang=en-us#top


6/40

Healthcare in C-DAC Mohali

Since the Telemedicine department of C-DAC came into existence, we have won

laurels winning many projects. The telemedicine departments first major project

was Telemedicine and its Implementation which started in the year 1999 and

was successfully accomplished in 2003. It was sponsored by the Department of

Information Technology (DIT). It has been implemented successfully at 6 sites

connected over ISDN lines for expert consultation using the Telemedicine

integrated desktop software Sanjeevani. The second major project was

Telemedicine in Himachal Pradesh which was started in 2005 and till now 24

Primary Health care centers in rural and remote areas have been connected over

ISDN lines using Telemedicine Application Sanjeevani.

Apart from this, we received another project from Department of Information

Technology (DIT) with the collaboration with Punjab Health Systems Corporation

under the project named Punjab Telemedicine in2006. Here also, 5 sites have

been connected and further processing for better facilities and wider coverage is

going on.

A successful gala in the field of Telemedicine is "e-Sanjeevani", an integrated

web based Telemedicine Solution which is an outcome of the research &

development over the existing desktop application Sanjeevani. To provide mult

specialty health care to the common man at the most affordable cost.

Presently the development is being carried on the project TELEOPTHOMOLOGY

which is a project sponsored by the Ministry of health and Family Welfare

Government of India in 2007. This project has been christened as "Tele-

Ophthalmology" Software. The most recent proposal to join the wall of fame of

C-DACs Telemedicine Department is the Business Research & Development

project being developed for our client.

Technology Used

Telemedicine department in C-DAC, Mohali uses different kinds of technology to

build most of the telemedicine applications in use. The first, called store andforward, involves acquiring medical data (like medical images etc) and then

transmitting this data to a doctor or medical specialist at a convenient time for

assessment offline. It does not require the presence of both parties at the same

time. Dermatology, radiology, and pathology are common specialties that are

conducive to asynchronous telemedicine. This is typically used for non-emergent

situations, when a diagnosis or consultation may be made in the next 24 - 48

hours and sent back.


7/40

Real time telemedicine could be as simple as a telephone call or as complex as

robotic surgery. It requires the presence of both parties at the same time and a

communications link between them that allows a real-time interaction to take

place. Video-conferencing equipment is one of the most common forms of

technologies used in synchronous telemedicine. Also there are peripheral devices

which can be attached to computers or the video-conferencing equipment which

can aid in an interactive examination.

Telemedicine Solutions

C-DAC Mohali has implemented its Telemedicine Solution

named Sanjeevani in Microsoft Visual Basic 6.0 with the database support of

Microsoft SQL Server 2005 and e-Sanjeevani in Microsoft .net technologies

with the back end support of Microsoft SQL Server 2005. For better view and

enhancement of images C-DAC Mohali has developed its product Image

Enhancer for brightness, contrast, zoom, region of interest annotation etc. C-

DAC Mohali has also developed a webbased application Health Care

Management System in Microsoft .net technologies with the back end support

of Microsoft SQL Server 2005.

Research and Development

C-DAC Mohali strives for the betterment of providing healthcare services through

its innovative practices, its technology programmes and its commitment toknowledge development with research and development activities. C-DAC Mohal

is a dynamic, growing organization, focused on the development of radical new

technologies that span a diverse set of telemedicine standard applications

through research in various industry standards like HL7, DICOM in the field

medical informatics.

Training

C-DAC Mohali provides training to health care professionals for effective use oftelemedicine solutions both on-site and remotely through the use of tele-health

equipment with the help of training specialist. C-DAC Mohali is rooted in an

unparalleled reputation for training design and development. We use our

research, human factors, and training expertise in this subject area to develop a

package of multilevel training programs that will optimize the utilization of our

telemedicine solutions.

Multi Lingual Technologies


8/40

C-DAC Mohali is taking initiative to preserve & enhance the heritage of traditional

embroideries of India through developing the tools for best use in the field of

fashion industry. You will soon find all the information regarding Indian

Embroidery on a single portal. C-DAC Mohali is taking initiative to preserve &

enhance the heritage of traditional embroideries of India through developing the

tools for best use in the field of fashion industry.

BOSS(Bharat Operating System Solutions)

Bharat Operating System Solutions GNU/Linux distribution developed by C-DAC

(Centre for Development of Advanced Computing) derived from Debian for

enhancing the use of Free/ Open Source Software throughout India.

BOSSGNU/Linux - a key deliverable of NRCFOSS has upgraded from Entry level

server to advanced server. It supports Intel and AMD x86/x86-64 architecture.

BOSS GNU/Linux advanced server has unique features such as Web server, proxy

server, Database server, Mail server, Network server, File and Print server, SMSserver, LDAP server. BOSS GNU/Linux advanced server is comprised with

administration tool such as webmin which is a web based interface, Gadmin, PHP

myadmin, PHP LDAP admin, PG admin.

The Beta Release of BOSS GNU/Linux Version 4.0 is coupled with GNOME Desktop

Environment with wide Indian language support & packages, relevant for use in

the Government domain. This release aims more at the security part and comes

with an easy to use application to harden your Desktop. Currently BOSS

GNU/Linux Desktop is available in all the Official Indian Languages such asAssamese, Bengali, Gujarati, Hindi, Kannada, Malayalam, Marathi, Oriya, Punjabi,

Sanskrit, Tamil, Telugu, Bodo, Urdu, Kashmiri, Maithili, Konkani, Manipuri which

will enable the mainly non-English literate users in the country to be exposed to

ICT and to use the computer more effectively.

The accessibility of BOSS Linux will have a constructive impact on the digital

divide in India as more people can now have access to software in their local

language to use the Internet and other information and communications

technology (ICT) facilities. Community Information centers (CICs) and internetcafes will also benefit from BOSS GNU/Linux as this software can be utilized to

power these outlets and is affordable and easy to install, use and support.

E-Governance Projects


9/40

In the present system of democracy, elected officials, and the institutions, have

been the traditional means of governing the interests of society, managing

economic and social resources for development.

E-governance is the application of information & communication technologies to

transform the efficiency, effectiveness, transparency and accountability of

informational & transactional exchanges with in government, between govt. &govt. agencies of National, State, Municipal & Local levels, citizen & businesses,

and to empower citizens through access & use of information.

A large number of Government departments have been engaged in the

deployment of information and communication technologies to increase the

efficiency and improved quality of the work. E-governance is said to be only 20%

technology and 80% management. As e-government principles and practices

have been applied in the past few years it has been clear that fundamental

governance issues determine the workability of the application of e-servicesdelivery and e-programs.

The widespread access to the Internet has prompted delivery of information and

services to the citizens electronically. The interaction between citizens or business

and a government agency/department can take place at a service centre closer to

the client.

In IndiaIndia is a country of diverse social and cultural needs, with twenty-two

constitutionally recognized languages and with many variations of dialects. The

success of e-Governance initiatives is determined by efficient delivery of citizen

centric services and better access to knowledge and information. In India, the

digital divide is also evident.

National E-Governance Plan (NeGP) is one of the most ambitions programs of the

Government of India aimed at pervasively spreading E-Governance in the country.The plan essentially consists of 10 core policies, 5 integrated service projects that

cut across departments, 9 Mission Mode Projects (MMPs) in the Central Sector and

12 in the State Sector.

International participation in CDAC Mohali


10/40

Indian Technical and Economic Cooperation programme popularly known as

"ITEC" was launched in 1964 as a bilateral programme of assistance of the

Government of India.

Under ITEC and its corollary SCAAP (Special Commonwealth Assistance for Africa

Programme) 156 countries in Asia, East Europe, Central Asia, Africa and Latin

America are invited to share in the Indian Developmental experience acquired

over five decades of Indias existence as a free Nation.

ITEC is about cooperation and partnership for mutual benefit. It is response

oriented and it addresses the needs of developing countries.

Training:

Ever since the inception of ITEC programme, training of thousands of nominees of

ITEC Partner countries have been the most successful cooperation programme

and is highly appreciated by the recipient countries. Training, both civilian and

defence personnel, constitute about 40 percent of annual ITEC programme

budget.

Civilian Training:

Each year the Ministry of External Affairs emanels institutions, and training

courses are identified. Thereafter, through Indian Missions abroad the information

about the courses are disseminated to the Foreign Offices and other concerned

departments of ITEC partner countries. Applications of the nominees of these

countries, duly recommended by the Heads of Missions/Posts are then sent both

to the MEA and the Institutions concerned. After scrutinizing the eligibility of such

candidates, approvals for joining the courses are given by the TC Division.

Government of India bears the entire expenditure for ITEC/SCAAP trainings in

India, which include airfare, tuition fees, living allowances, medical expenses,

book grants.

C-DAC Mohali is conducting the Course since 1999 in the Area of Hardware

networking, Software like Multimedia, Linux programming, Bio- medical,

Telemedicine. , CDAC ,Mohali have trained around 2000 participants under

ITEC/SCAAP. Under this Programm CDAC Mohali presently Conduct 11 nos of

Courses for the civilians of the 156 countries.


11/40

My Experience

My experience throughout the training was a big learning curve for my career.

Being with the professionals was a great oppourtunity for me. My utmost effort

was to master the skill to as much extent as it can be. I got hands on experience

this summer ;working on the real equipment during their internships was asinteresting as it can get. The Industrial training programme was exhaustive and

covering the latest in technologies.

The first week we were taught about the basics of Networking which we were

already thorough with, courtesy the excellent faculty and innovative teaching

style of our college. Therefore the first week was a brush upon the ideas which

were somewhat weakened during the holidays.

The second week was a step in the more detailed realms of networking

technologies. We were taken into greater depths of the knowledge pool and we

were allowed to explore n our own the new possibilities and new ways to

overcome our own doubts and questions.

The third and fourth weeks were full of new advanced concepts that were

introduced to us. It was challenging at first, but once we discovered where the

root of all doubt liesit was able to make peace with the new concepts.

The fifth and sixth week consisted of Project Making. It was the time to showcase

everything that we have learnt past four weeks into a single project. We got much

help from our supervisors at CDAC and some co-trainees. The professionalism was

exemplary.

Overall these six weeks have given a new direction to my career and a new

direction as to how to think in the right manner.


12/40

ROUTER

A router is a device that forwards data packets between telecommunications

networks, creating an overlay internetwork. A router is connected to two or more

data lines from different networks. When data comes in on one of the lines, the

router reads the address information in the packet to determine its ultimate

destination. Then, using information in its routing table or routing policy, it directs

the packet to the next network on its journey or drops the packet. A data packet

is typically forwarded from one router to another through networks that constitute

the internetwork until it gets to its destination node.

The most familiar type of routers are home and small office routers that simply

pass data, such as web pages and email, between the home computers and the

owner's cable or DSL modem, which connects to the Internet (ISP). However more

sophisticated routers range from enterprise routers, which connect large business

or ISP networks up to the powerful core routers that forward data at high speedalong the optical fiber lines of the Internet backbone.

A router has interfaces for different physical types of network connections, (such

as copper cables, fiber optic, or wireless transmission). It also

contains firmware for different networking protocol standards. Each network

interface uses this specialized computer software to enable data packets to be

forwarded from one protocol transmission system to another.

FUNCTION OF ROUTER

Router Terminology

Routers used to be called "gateways," which is why the term "default gateway"means the router in your network (see default gateway). In older Novellterminology, routers were also called "network-layer bridges." For more details on

the routable protocol layer (network layer 3), see OSI model andTCP/IP abc's. Seelayer 3 switch, route server, router cluster and routing protocol.
http://en.wikipedia.org/wiki/Data_packethttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Internetworkhttp://en.wikipedia.org/wiki/Routing_tablehttp://en.wikipedia.org/w/index.php?title=Routing_policy&action=edit&redlink=1http://en.wikipedia.org/wiki/Home_routerhttp://en.wikipedia.org/wiki/Cable_modemhttp://en.wikipedia.org/wiki/DSL_modemhttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Core_routerhttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Internet_backbonehttp://en.wikipedia.org/wiki/Firmwarehttp://en.wikipedia.org/wiki/Communications_protocolhttp://www.answers.com/topic/default-gatewayhttp://www.answers.com/topic/osi-modelhttp://www.answers.com/topic/tcp-ip-abc-shttp://www.answers.com/topic/multilayer-switchhttp://www.answers.com/topic/route-server-1http://www.answers.com/topic/router-clusterhttp://www.answers.com/topic/routing-protocol-1http://en.wikipedia.org/wiki/Data_packethttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Telecommunications_networkhttp://en.wikipedia.org/wiki/Internetworkhttp://en.wikipedia.org/wiki/Routing_tablehttp://en.wikipedia.org/w/index.php?title=Routing_policy&action=edit&redlink=1http://en.wikipedia.org/wiki/Home_routerhttp://en.wikipedia.org/wiki/Cable_modemhttp://en.wikipedia.org/wiki/DSL_modemhttp://en.wikipedia.org/wiki/Internet_service_providerhttp://en.wikipedia.org/wiki/Core_routerhttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Internet_backbonehttp://en.wikipedia.org/wiki/Firmwarehttp://en.wikipedia.org/wiki/Communications_protocolhttp://www.answers.com/topic/default-gatewayhttp://www.answers.com/topic/osi-modelhttp://www.answers.com/topic/tcp-ip-abc-shttp://www.answers.com/topic/multilayer-switchhttp://www.answers.com/topic/route-server-1http://www.answers.com/topic/router-clusterhttp://www.answers.com/topic/routing-protocol-1


13/40


14/40

Route Forwarding

Routing tables hold the data for making forwarding decisions. Although this is asimple example, routing tables become very complex. Static routing uses fixedtables, but dynamic routing usesrouting protocols that let routers exchange data with each other.


15/40

TYPES OF ROUTERS

Enterprise routers

All sizes of routers may be found inside enterprises. The most powerful routers

are usually found in ISPs, academic and research facilities. Large businesses may

also need more powerful routers to cope with ever increasing demandsofintranet data traffic. A three-layer model is in common use, not all of which

need be present in smaller networks.

Access

Linksys by Cisco WRT54GL SoHo Router

A screenshot of the LuCI web interface used by OpenWrt. Here it is being used to

configure Dynamic DNS.

Access routers, including 'small office/home office' (SOHO) models, are located atcustomer sites such as branch offices that do not need hierarchical routing of

their own. Typically, they are optimized for low cost. Some SOHO routers are

capable of running alternative free Linux-based firmwares

likeTomato, OpenWrt or DD-WRT.
http://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/WRT54GLhttp://en.wikipedia.org/wiki/Dynamic_DNShttp://en.wikipedia.org/wiki/Hierarchical_routinghttp://en.wikipedia.org/wiki/Tomato_(firmware)http://en.wikipedia.org/wiki/OpenWrthttp://en.wikipedia.org/wiki/DD-WRThttp://en.wikipedia.org/wiki/File:OpenWRT_8.09.1_LuCI_screenshot.pnghttp://en.wikipedia.org/wiki/File:OpenWRT_8.09.1_LuCI_screenshot.pnghttp://en.wikipedia.org/wiki/File:Linksys_WRT54GL.jpghttp://en.wikipedia.org/wiki/File:Linksys_WRT54GL.jpghttp://en.wikipedia.org/wiki/Intranethttp://en.wikipedia.org/wiki/WRT54GLhttp://en.wikipedia.org/wiki/Dynamic_DNShttp://en.wikipedia.org/wiki/Hierarchical_routinghttp://en.wikipedia.org/wiki/Tomato_(firmware)http://en.wikipedia.org/wiki/OpenWrthttp://en.wikipedia.org/wiki/DD-WRT


16/40

Distribution

Distribution routers aggregate traffic from multiple access routers, either at the

same site, or to collect the data streams from multiple sites to a major enterprise

location. Distribution routers are often responsible for enforcing quality of service

across a WAN, so they may have considerable memory installed, multiple WANinterface connections, and substantial onboard data processing routines. They

may also provide connectivity to groups of file servers or other external networks.

Security

External networks must be carefully considered as part of the overall security

strategy. Separate from the router may be a firewall or VPN handling device, or

the router may include these and other security functions. Many companies

produced security-oriented routers, including Cisco Systems' PIX and ASA5500

series, Juniper's Netscreen, Watchguard's Firebox, Barracuda's variety of mail-oriented devices, and many others.

WORKING OF ROUTERRouters understand these Ethernet and IP addresses. Routers are primarilyinterested in the destination IP address of the packet you are sending to therouter. The router takes this destination (say it is 63.248.129.2) and looks that upin its routing table. Here is an example of a routing table:

Location-A# show ip route

10.0.0.0/24 is subnetted, 2 subnets

R 10.2.2.0 [120/1] via 63.248.129.2, 00:00:16, Serial0

C 10.1.1.0 is directly connected, Ethernet0

63.0.0.0/30 is subnetted, 1 subnets

C 63.248.129.0 is directly connected, Serial0

Location-A#

Routes in the routing table are learned from either static routes (entered by you)or dynamic routes. Using the routing table, the router tries to find the best routefor your traffic. There may be only one route. Often, this is a "default route" (a.k.a"gateway of last resort"). The default route just says: "If there are no better routesto send this traffic, send it here."
http://en.wikipedia.org/wiki/Wide_area_networkhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Virtual_private_networkhttp://en.wikipedia.org/wiki/Wide_area_networkhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Virtual_private_network


17/40

Just about every home and small business user has just a single Internetconnection. In that case, they have a default route and all traffic is sent to theirInternet service provider (ISP). In the case of ISPs, however, there may be manyplaces they can send this traffic. Their routers must compare many hundreds ofthousands of routes and select the best one for your traffic. This happens inmilliseconds. And to get your traffic through the Internet and back, it may passthrough hundreds of routers. To you, it appears almost instantaneously

(depending on many factors).

If it doesn't find a valid route for your traffic, the router discards (yes, throwsaway) your traffic and sends an ICMP "destination unreachable" message back toyou. When the router does find the best route and is ready to send your traffic, ithas to do a number of things:

1. Perform Network Address Translation (NAT). NAT isn't a traditional routerfunction, but many routers today perform NAT. This is especially true forhome and small business routers that function as "all in one" devices. Many

companies have dedicated firewalls that also perform NAT. With NAT, yourprivate source IP address is translated into a public source IP address. If therouter is performing PAT (NAT overload), then the public source IP address isshared among many devices.

2. Replace your source MAC address with the router's MAC address. The ARPprotocol is used to connect your computer's source MAC address to your IPaddress. The ARP protocol is a broadcast-oriented protocol, and routersdiscard broadcasts. This means that ARP doesn't work through routers.Because of this, the router must replace your source MAC address with therouter's MAC address. The router also adds the destination host or next-hop

router's MAC address to the data link header.3. Encapsulate the packet for the protocol of the WAN. Routers often perform

protocol conversion. Say, for example, you have a router that has a PPP T1connection to the Internet and is connected to the LAN using Ethernet. TheEthernet frames must be de-encapsulated, modified, then re-encapsulatedin Ethernet, then PPP, before they can be sent across the PPP link.

On the other side of the link, the destination router is performing all of thesesame tasks, but in reverse. This happens for every packet sent and everyresponse received.

To see a real production routing table from an ISP, you can telnet to public Ciscoroute servers around the world. From here, you can do a show ip route and seewhat a real ISP's routing table looks like.
http://searchnetworking.techtarget.com/sDefinition/0,290660,sid7_gci214107,00.htmlhttp://www.traceroute.org/#Route%20Servershttp://www.traceroute.org/#Route%20Servershttp://searchnetworking.techtarget.com/sDefinition/0,290660,sid7_gci214107,00.htmlhttp://www.traceroute.org/#Route%20Servershttp://www.traceroute.org/#Route%20Servers


18/40

BRIDGES

A bridge connects two or more networks, or segments of the same network. Thesenetworks may use different physical and data link protocols. For example, you caninstall a bridge to connect a small lab of Macintosh computers using LocalTalk to

the school's main Ethernet network.Bridges filter network traffic. They examine each set of data, transmitting onlyappropriate data to each connected segment. (Hubs, by contrast, broadcast allinformation to each connected computer, whether or not that computer is theintended recipient.) In this manner, bridges help reduce overall network traffic.Bridges are relatively simple and efficient traffic regulators. However, in mostnetworks theyhave been replaced by their less expensive or more powerful cousinshubs,switches, androuters.

Most bridges operate by examining incoming or outgoing signals for informationat OSI level 2.

Network Switch

A network switch or switching hub is a computer networking device that

connects network segments.

The term commonly refers to a multi-port network bridge that processes and

routes data at the data link layer (layer 2) of the OSI model. Switches that

additionally process data at the network layer (Layer 3) and above are often

referred to as Layer 3 switches or multilayer switches.

Functions of a Switch
http://en.wikipedia.org/wiki/Computer_networking_devicehttp://en.wikipedia.org/wiki/Network_segmenthttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Network_layerhttp://en.wikipedia.org/wiki/Multilayer_switchhttp://en.wikipedia.org/wiki/Computer_networking_devicehttp://en.wikipedia.org/wiki/Network_segmenthttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Network_layerhttp://en.wikipedia.org/wiki/Multilayer_switch


19/40

The network switch plays an integral part in most modern Ethernetlocal area

networks (LANs). Mid-to-large sized LANs contain a number of

linked managed switches. Small office/home office (SOHO) applications typically

use a single switch, or an all-purpose converged device such as a gateway to

access small office/home broadband services such as DSL or cable internet. In

most of these cases, the end-user device contains a router and components that

interface to the particular physical broadband technology. User devices may alsoinclude a telephone interface for VoIP.

An Ethernet switch operates at the data link layer of the OSI model to create a

separate collision domain for each switch port. With 4 computers (e.g., A, B, C,

and D) on 4 switch ports, A and B can transfer data back and forth, while C and D

also do so simultaneously, and the two conversations will not interfere with one

another. In the case of a hub, they would all share the bandwidth and run in half

duplex, resulting in collisions, which would then necessitate retransmissions.

Using a switch is called microsegmentation. This allows computers to havededicated bandwidth on a point-to-point connections to the network and to

therefore run in full duplex without collisions.

Switches may operate at one or more layers of the OSI model, including data

link, network, or transport (i.e., end-to-end). A device that operates

simultaneously at more than one of these layers is known as a multilayer switch.

In switches intended for commercial use, built-in or modular interfaces make itpossible to connect different types of networks, including Ethernet, Fibre

Channel, ATM, ITU-TG.hn and802.11. This connectivity can be at any of the layers

mentioned. While Layer 2 functionality is adequate for bandwidth-shifting within

one technology, interconnecting technologies such as Ethernet and token ring are

easier at Layer 3.

Interconnection of different Layer 3 networks is done by routers. If there are any

features that characterize "Layer-3 switches" as opposed to general-purpose

routers, it tends to be that they are optimized, in larger switches, for high-densityEthernet connectivity.

In some service provider and other environments where there is a need for a

great deal of analysis of network performance and security, switches may be

connected between WAN routers as places for analytic modules. Some vendors

provide firewall, network intrusion detection, and performance analysis modules

that can plug into switch ports. Some of these functions may be on combined

modules.
http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Network_switch#Configuration_optionshttp://en.wikipedia.org/wiki/Small_office/home_officehttp://en.wikipedia.org/wiki/Technological_convergencehttp://en.wikipedia.org/wiki/Residential_gatewayhttp://en.wikipedia.org/wiki/Broadbandhttp://en.wikipedia.org/wiki/Digital_Subscriber_Linehttp://en.wikipedia.org/wiki/Cable_internethttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/VoIPhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Collision_domainhttp://en.wikipedia.org/wiki/Half_duplexhttp://en.wikipedia.org/wiki/Half_duplexhttp://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Full_duplexhttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Network_layerhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Multilayer_switchhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Fibre_Channelhttp://en.wikipedia.org/wiki/Fibre_Channelhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/ITU-Thttp://en.wikipedia.org/wiki/G.hnhttp://en.wikipedia.org/wiki/802.11http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Token_ringhttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Intrusion_detectionhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Network_switch#Configuration_optionshttp://en.wikipedia.org/wiki/Small_office/home_officehttp://en.wikipedia.org/wiki/Technological_convergencehttp://en.wikipedia.org/wiki/Residential_gatewayhttp://en.wikipedia.org/wiki/Broadbandhttp://en.wikipedia.org/wiki/Digital_Subscriber_Linehttp://en.wikipedia.org/wiki/Cable_internethttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/VoIPhttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Collision_domainhttp://en.wikipedia.org/wiki/Half_duplexhttp://en.wikipedia.org/wiki/Half_duplexhttp://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Full_duplexhttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Data_link_layerhttp://en.wikipedia.org/wiki/Network_layerhttp://en.wikipedia.org/wiki/Transport_layerhttp://en.wikipedia.org/wiki/Multilayer_switchhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Fibre_Channelhttp://en.wikipedia.org/wiki/Fibre_Channelhttp://en.wikipedia.org/wiki/Asynchronous_Transfer_Modehttp://en.wikipedia.org/wiki/ITU-Thttp://en.wikipedia.org/wiki/G.hnhttp://en.wikipedia.org/wiki/802.11http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Token_ringhttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Intrusion_detection


20/40

In other cases, the switch is used to create a mirror image of data that can go to

an external device. Since most switch port mirroring provides only one mirrored

stream, network hubscan be useful for fanning out data to several read-only

analyzers, such as intrusion detection systems and packet sniffers.

Layer specific functionsWhile switches may learn about topologies at many layers, and forward at one or

more layers, they do tend to have common features. Other than for high-

performance applications, modern commercial switches use primarily Ethernet

interfaces, which can have different input and output bandwidths of 10, 100, 1000

or 10,000 megabits per second.

At any layer, a modern switch may implement power over Ethernet (PoE), which

avoids the need for attached devices, such as an VoIP phone or wireless access

point, to have a separate power supply. Since switches can have redundant power

circuits connected to uninterruptible power supplies, the connected device can

continue operating even when regular office power fails.

Layer 1(Physical Layer)

A network hub, or repeater, is a simple network device. Hubs do not manage any

of the traffic that comes through them. Any packet entering a port is broadcastout or "repeated" on every other port, except for the port of entry. Since every

packet is repeated on every other port, packet collisions affect the entire network,

limiting its capacity.

There are specialized applications where a hub can be useful, such as copying

traffic to multiple network sensors. High end switches have a feature which does

the same thing called port mirroring.

By the early 2000s, there was little price difference between a hub and a low-end

switch.

Layer 2(Data Link Layer)
http://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/Intrusion_detection_systemhttp://en.wikipedia.org/wiki/Packet_snifferhttp://en.wikipedia.org/wiki/Megabits_per_secondhttp://en.wikipedia.org/wiki/VoIP_phonehttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/Computer_port_(hardware)http://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detectionhttp://en.wikipedia.org/wiki/Port_mirroringhttp://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/Intrusion_detection_systemhttp://en.wikipedia.org/wiki/Packet_snifferhttp://en.wikipedia.org/wiki/Megabits_per_secondhttp://en.wikipedia.org/wiki/VoIP_phonehttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Wireless_access_pointhttp://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/Computer_port_(hardware)http://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detectionhttp://en.wikipedia.org/wiki/Port_mirroring


21/40

A "layer 2 switch" remains more of a marketing term than a technical term, the products

that were introduced as "switches" tended to use microsegmentation and Full duplex to

prevent collisions among devices connected to Ethernet. By using an internal forwarding

plane much faster than any interface, they give the impression of simultaneous paths

among multiple devices.

Once a bridge learns the topology through a spanning tree protocol, it forwards data link

layer frames using a layer 2 forwarding method. There are four forwarding methods a

bridge can use, of which the second through fourth method were performance-increasing

methods when used on "switch" products with the same input and output port

bandwidths:

1. Store and forward: The switch buffers and verifies each frame before

forwarding it.

2. Cut through: The switch reads only up to the frame's hardware address

before starting to forward it. Cut-through switches have to fall back to store andforward if the outgoing port is busy at the time the packet arrives. There is no

error checking with this method.

3. Fragment free: A method that attempts to retain the benefits of both store

and forward and cut through. Fragment free checks the first 64 bytes of the frame,

where addressinginformation is stored. According to Ethernet specifications,

collisions should be detected during the first 64 bytes of the frame, so frames that

are in error because of a collision will not be forwarded. This way the frame will

always reach its intended destination. Error checking of the actual data in the

packet is left for the end device.

4. Adaptive switching: A method of automatically selecting between the other

three modes.

While there are specialized applications, such as storage area networks, where the input

and output interfaces are the same bandwidth, this is rarely the case in general LAN

applications. In LANs, a switch used for end user access typically concentrates lower

bandwidth (e.g., 10/100 Mbit/s) into a higher bandwidth (at least 1 Gbit/s). Alternatively,

a switch that provides access to server ports usually connects to them at a much higherbandwidth than is used by end user devices.

Layer 3(Network Layer)

Within the confines of the Ethernet physical layer, a layer 3 switch can perform

some or all of the functions normally performed by a router. The most common

layer-3 capability is awareness ofIP multicast through IGMP snooping. With this
http://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Full_duplexhttp://en.wikipedia.org/wiki/Forwarding_planehttp://en.wikipedia.org/wiki/Forwarding_planehttp://en.wikipedia.org/wiki/Store_and_forwardhttp://en.wikipedia.org/wiki/Cut-through_switchinghttp://en.wikipedia.org/wiki/Fragment_freehttp://en.wikipedia.org/wiki/Bytehttp://en.wikipedia.org/wiki/Ethernet_framehttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Adaptive_switchinghttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/IP_multicasthttp://en.wikipedia.org/wiki/IGMP_snoopinghttp://en.wikipedia.org/wiki/Microsegmentationhttp://en.wikipedia.org/wiki/Full_duplexhttp://en.wikipedia.org/wiki/Forwarding_planehttp://en.wikipedia.org/wiki/Forwarding_planehttp://en.wikipedia.org/wiki/Store_and_forwardhttp://en.wikipedia.org/wiki/Cut-through_switchinghttp://en.wikipedia.org/wiki/Fragment_freehttp://en.wikipedia.org/wiki/Bytehttp://en.wikipedia.org/wiki/Ethernet_framehttp://en.wikipedia.org/wiki/MAC_addresshttp://en.wikipedia.org/wiki/Adaptive_switchinghttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/IP_multicasthttp://en.wikipedia.org/wiki/IGMP_snooping


22/40

awareness, a layer-3 switch can increase efficiency by delivering the traffic of a

multicast group only to ports where the attached device has signaled that it wants

to listen to that group.

Layer 4(Transport Layer)

While the exact meaning of the term Layer-4 switch is vendor-dependent, it almost

always starts with a capability for network address translation, but then adds some type

ofload distribution based onTCP sessions.

The device may include a stateful firewall, a VPN concentrator, or be an IPSec security

gateway.

Layer 7(Application Layer)

Layer 7 switches may distribute loads based on URL or by some installation-

specific technique to recognize application-level transactions. A Layer-7 switch

may include a web cacheand participate in a content delivery network.

Types of Switches Desktop, not mounted in an enclosure, typically intended to be used in a

home or office environment outside of a wiring closet

Rack mounted

Chassis with swappable "switch module" cards. e.g. Alcatel's OmniSwitch

9000; Cisco Catalyst switch 4500 and 6500; 3Com 7700, 7900E, 8800.

DIN rail mounted, normally seen in industrial environments or panels
http://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/Load_balancing_(computing)http://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/IPSechttp://en.wikipedia.org/wiki/Uniform_Resource_Locatorhttp://en.wikipedia.org/wiki/Web_cachehttp://en.wikipedia.org/wiki/Content_delivery_networkhttp://en.wikipedia.org/wiki/19-inch_rackhttp://en.wikipedia.org/wiki/Chassishttp://en.wikipedia.org/wiki/Catalyst_switchhttp://en.wikipedia.org/wiki/DIN_railhttp://en.wikipedia.org/wiki/Network_address_translationhttp://en.wikipedia.org/wiki/Load_balancing_(computing)http://en.wikipedia.org/wiki/Transmission_Control_Protocolhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/VPNhttp://en.wikipedia.org/wiki/IPSechttp://en.wikipedia.org/wiki/Uniform_Resource_Locatorhttp://en.wikipedia.org/wiki/Web_cachehttp://en.wikipedia.org/wiki/Content_delivery_networkhttp://en.wikipedia.org/wiki/19-inch_rackhttp://en.wikipedia.org/wiki/Chassishttp://en.wikipedia.org/wiki/Catalyst_switchhttp://en.wikipedia.org/wiki/DIN_rail


23/40

Configuration based

Unmanaged switches These switches have no configuration interface or

options. They are plug and play. They are typically the least expensive

switches, found in home, SOHO, or small businesses. They can be desktop or

rack mounted.

Managed switches These switches have one or more methods to modify

the operation of the switch. Common management methods include:

a command-line interface (CLI) accessed via serial console, telnet or Secure

Shell, an embedded Simple Network Management Protocol (SNMP) agent

allowing management from a remote console or management station, or a web

interface for management from a web browser. Examples of configuration

changes that one can do from a managed switch include: enable features such

asSpanning Tree Protocol, set port bandwidth, create or modify VirtualLANs (VLANs), etc

Access Control ListAn access control list (ACL), with respect to a computer file system, is a list

ofpermissions attached to an object. An ACL specifies which users or system

processes are granted access to objects, as well as what operations are allowed

on given objects. Each entry in a typical ACL specifies a subject and an operation.

For instance, if a file has an ACL that contains (Alice, delete), this would give Alice

permission to delete the file.

The Cisco access control list (ACL) is probably the most commonly used object in

the IOS. It is not only used for packet filtering (a type offirewall) but also for

selecting types oftraffic to be analyzed, forwarded, or influenced in some way.

Access Control List Types

Cisco ACLs are divided into types. Standard IP, Extended IP,IPX, Appletalk, etc.Here we will just go over the standard and extended access lists forTCP/IP.

As you create ACLs you assign a number to each list, however, each type of list islimited to an assigned range of numbers. This makes it very easy to determinewhat type of ACL you will be working with.
http://en.wikipedia.org/wiki/Plug_and_playhttp://en.wikipedia.org/wiki/SOHO_networkhttp://en.wikipedia.org/wiki/Command-line_interfacehttp://en.wikipedia.org/wiki/Serial_consolehttp://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Spanning_Tree_Protocolhttp://en.wikipedia.org/wiki/Transmission_ratehttp://en.wikipedia.org/wiki/Virtual_LANhttp://en.wikipedia.org/wiki/Virtual_LANhttp://en.wikipedia.org/wiki/File_system_permissionshttp://en.wikipedia.org/wiki/Computer_filehttp://en.wikipedia.org/wiki/Plug_and_playhttp://en.wikipedia.org/wiki/SOHO_networkhttp://en.wikipedia.org/wiki/Command-line_interfacehttp://en.wikipedia.org/wiki/Serial_consolehttp://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Spanning_Tree_Protocolhttp://en.wikipedia.org/wiki/Transmission_ratehttp://en.wikipedia.org/wiki/Virtual_LANhttp://en.wikipedia.org/wiki/Virtual_LANhttp://en.wikipedia.org/wiki/File_system_permissionshttp://en.wikipedia.org/wiki/Computer_file


24/40

Standard ACLs:

A standard IP ACL is simple; it filters based on source address only. You can filtera source network or a source host, but you cannot filter based on the destinationof a packet, the particular protocol being used such as the Transmission ControlProtocol (TCP) or the User Datagram Protocol (UDP), or on the port number. Youcan permit or deny onlysource traffic.

Extended ACLs:

An extended ACL gives you much more power than just a standardACL. Extended IP ACLs check both the source and destination packet addresses.

They can also check for specific protocols, port numbers, and other parameters,which allow administrators more flexibility and control.

Named ACLs:

One of the disadvantages of using IP standard and IP extended ACLs is that youreference them by number, which is not too descriptive of its use. With a namedACL, this is not the case because you can name your ACL with a descriptive name.

The ACL named DenyMike is a lot more meaningful than an ACL simply numbered1. There are both IP standard and IP extended named ACLs.Another advantage to named ACLs is that they allow you to remove individuallines out of an ACL. With numbered ACLs, you cannot delete individualstatements. Instead, you will need to delete your existing access list and re-createthe entire list.

Activating an Access Control List

Now that you have created these ACLs they are useless until you declare them tobe used in some way. As of right now they are an inactive list doing nothing. Ournext article will coverapplying ACLs on interfaces and how to specify if the ACL isfor incoming or outgoing traffic on that interface.

Universal fact about Access control list

1. ACLs come in two varieties:Numbered and named2. Each of these references to ACLs supports two types of filtering: standard

and extended.3. Standard IP ACLs can filter only on the source IP address inside a packet.4. Whereas an extended IP ACLs can filter on the source and destination IP

addresses in the packet.5. There are two actions an ACL can take: permit or deny.6. Statements are processed top-down.
http://www.networkclue.com/routing/Cisco/access-lists/applying.aspxhttp://www.networkclue.com/routing/Cisco/access-lists/applying.aspx


25/40

7. Once a match is found, no further statements are processedtherefore,order is important.

8. If no match is found, the imaginary implicit deny statement at the end of theACL drops the packet.

9. An ACL should have at least one permit statement; otherwise, all traffic willbe dropped because of the hidden implicit deny statement at the end ofevery ACL.

No matter what type of ACL you use, though, you can have only one ACL perprotocol, per interface, per direction. For example, you can have one IPACL inbound on an interface and another IP ACL outbound on an interface, butyou cannot have two inbound IP ACLs on the same interface.

Access List Ranges

Type Range

IP Standard 199

IP Extended 100199

IP Standard Expanded Range 13001999

IP Extended Expanded Range 20002699

Network Address Translation

In computer networking, network address translation (NAT) is the process of

modifying IP address information in IP packet headers while in transit across a

traffic routing device.

The simplest type of NAT provides a one to one translation of IP addresses. RFC

2663 refers to this type of NAT as basic NAT. It is often also referred to as one-to-

one NAT. In this type of NAT only the IP addresses, IP header checksum and any

higher level checksums that include the IP address need to be changed. The rest

of the packet can be left untouched (at least for basic TCP/UDP functionality,

some higher level protocols may need further translation). Basic NATs can be

used when there is a requirement to interconnect two IP networks with

incompatible addressing.

However it is common to hide an entire IP address space, usually consisting

ofprivate IP addresses, behind a single IP address (or in some cases a small group

of IP addresses) in another (usually public) address space. To avoid ambiguity in

the handling of returned packets a one-to-many NAT must alter higher level

information such as TCP/UDP ports in outgoing communications and must

maintain a translation table so that return packets can be correctly translated

back. RFC 2663 uses the term NAPT (network address and port translation) for
http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/IPv4_headerhttp://en.wikipedia.org/wiki/Routerhttp://tools.ietf.org/html/rfc2663http://tools.ietf.org/html/rfc2663http://en.wikipedia.org/wiki/Private_IP_addresshttp://tools.ietf.org/html/rfc2663http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/IP_addresshttp://en.wikipedia.org/wiki/IPv4_headerhttp://en.wikipedia.org/wiki/Routerhttp://tools.ietf.org/html/rfc2663http://tools.ietf.org/html/rfc2663http://en.wikipedia.org/wiki/Private_IP_addresshttp://tools.ietf.org/html/rfc2663


26/40

this type of NAT. Other names include PAT (port address translation), IP

masquerading, NAT Overload and many-to-one NAT. Since this is the most

common type of NAT it is often referred to simply as NAT.

As described, the method enables communication through the router only when

the conversation originates in the masqueraded network, since this establishes

the translation tables. For example, a web browser in the masqueraded network

can browse a website outside, but a web browser outside could not browse a web

site in the masqueraded network. However, most NAT devices today allow the

network administrator to configure translation table entries for permanent use.

This feature is often referred to as "static NAT" or port forwarding and allows

traffic originating in the "outside" network to reach designated hosts in the

masqueraded network.

In the mid-1990s NAT became a popular tool for alleviating the consequences

ofIPv4 address exhaustion. It has become a standard, indispensable feature

in routers for home and small-office Internet connections. Most systems using NAT

do so in order to enable multiple hosts on a private network to access

the Internet using a single public IP address

Network address translation has serious drawbacks on the quality of Internet

connectivity and requires careful attention to the details of its implementation. In

particular all types of NAT break the originally envisioned model of IP end-to-end

connectivity across the Internet and NAPT makes it difficult for systems behind a

NAT to accept incoming communications. As a result, NAT traversal methods have

been devised to alleviate the issues encountered

Methods of Port translation

There are several ways of implementing network address and port translation. In

some application protocols that use IP address information, the application

running on a node in the masqueraded network needs to determine the external

address of the NAT, i.e., the address that its communication peers detect, and,

furthermore, often needs to examine and categorize the type of mapping in use.

Usually this is done because it is desired to set up a direct communications path

(either to save the cost of taking the data via a server or to improve performance)between two clients both of which are behind separate NATs. For this purpose,

the Simple traversal of UDP over NATs (STUN) protocol was developed (RFC 3489,

March 2003). It classified NAT implementation as full cone NAT, (address)

restricted cone NAT, port restricted cone NAT or symmetric NAT and proposed a

methodology for testing a device accordingly. However, these procedures have

since been deprecated from standards status, as the methods have proven faulty

and inadequate to correctly assess many devices. New methods have been
http://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Port_forwardinghttp://en.wikipedia.org/wiki/IPv4_address_exhaustionhttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Host_(network)http://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Network_address_translation#Drawbackshttp://en.wikipedia.org/wiki/End-to-end_connectivityhttp://en.wikipedia.org/wiki/End-to-end_connectivityhttp://en.wikipedia.org/wiki/NAT_traversalhttp://en.wikipedia.org/wiki/Simple_traversal_of_UDP_over_NATshttp://tools.ietf.org/html/rfc3489http://en.wikipedia.org/wiki/Web_browserhttp://en.wikipedia.org/wiki/Port_forwardinghttp://en.wikipedia.org/wiki/IPv4_address_exhaustionhttp://en.wikipedia.org/wiki/Routerhttp://en.wikipedia.org/wiki/Host_(network)http://en.wikipedia.org/wiki/Private_networkhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Network_address_translation#Drawbackshttp://en.wikipedia.org/wiki/End-to-end_connectivityhttp://en.wikipedia.org/wiki/End-to-end_connectivityhttp://en.wikipedia.org/wiki/NAT_traversalhttp://en.wikipedia.org/wiki/Simple_traversal_of_UDP_over_NATshttp://tools.ietf.org/html/rfc3489


27/40

standardized in RFC 5389 (October 2008) and the STUN acronym now represents

the new title of the specification: Session Traversal Utilities for NAT.

Advantages of PAT

In addition to the advantages provided by NAT:

PAT (Port Address Translation) allows many internal hosts to share a single

external IP address.

Users who do not require support for inbound connections do not consume

public IP addresses.

Spanning Tree Protocol

The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-

free topology for any bridgedEthernetlocal area network. The basic function of

STP is to prevent bridge loops and ensuing broadcast radiation. Spanning tree

also allows a network design to include spare (redundant) links to provide

automatic backup paths if an active link fails, without the danger of bridge loops,

or the need for manual enabling/disabling of these backup links.

STP is a Data Link Layer protocol. It is standardized as IEEE 802.1D. As the name

suggests, it creates a spanning tree within a mesh networkof connected layer-

2 bridges (typically Ethernetswitches), and disables those links that are not part

of the spanning tree, leaving a single active path between any two network

nodes.

The collection of bridges in a local area network (LAN) can be considered

a graph whose nodes are bridges and LAN segments (or cables), and whose edges

are the interfaces connecting the bridges to the segments. To break loops in the

LAN while maintaining access to all LAN segments, the bridges collectively

compute a spanning tree. The spanning tree is not necessarily a minimum cost

spanning tree. A network administrator can reduce the cost of a spanning tree, if

necessary, by altering some of the configuration parameters in such a way as to

affect the choice of the root of the spanning tree. The spanning tree that the

bridges compute using the Spanning Tree Protocol can be determined using the

following rules. The example network at the right, below, will be used to illustrate

the rules.
http://tools.ietf.org/html/rfc5389http://en.wikipedia.org/wiki/IPv4_address_exhaustionhttp://en.wikipedia.org/wiki/IPv4_address_exhaustionhttp://en.wikipedia.org/wiki/Network_protocolhttp://en.wikipedia.org/wiki/Network_topologyhttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Bridge_loophttp://en.wikipedia.org/wiki/Broadcast_radiationhttp://en.wikipedia.org/wiki/Network_planning_and_designhttp://en.wikipedia.org/wiki/Data_Link_Layerhttp://en.wikipedia.org/wiki/IEEE_802.1Dhttp://en.wikipedia.org/wiki/Spanning_tree_(mathematics)http://en.wikipedia.org/wiki/Mesh_networkhttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/Graph_(mathematics)http://tools.ietf.org/html/rfc5389http://en.wikipedia.org/wiki/IPv4_address_exhaustionhttp://en.wikipedia.org/wiki/IPv4_address_exhaustionhttp://en.wikipedia.org/wiki/Network_protocolhttp://en.wikipedia.org/wiki/Network_topologyhttp://en.wikipedia.org/wiki/Bridging_(networking)http://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Local_area_networkhttp://en.wikipedia.org/wiki/Bridge_loophttp://en.wikipedia.org/wiki/Broadcast_radiationhttp://en.wikipedia.org/wiki/Network_planning_and_designhttp://en.wikipedia.org/wiki/Data_Link_Layerhttp://en.wikipedia.org/wiki/IEEE_802.1Dhttp://en.wikipedia.org/wiki/Spanning_tree_(mathematics)http://en.wikipedia.org/wiki/Mesh_networkhttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/Graph_(mathematics)


28/40

1. An example network. The numbered boxes represent bridges (the numberrepresents the bridge ID). The lettered clouds represent network segments.

2. The smallest bridge ID is 3. Therefore, bridge 3 is the root bridge.
http://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_2.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_2.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_1.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_1.svg


29/40

3. Assuming that the cost of traversing any network segment is 1, the least costpath from bridge 4 to the root bridge goes through network segment c. Therefore,

the root port for bridge 4 is the one on network segment c.

4. The least cost path to the root from network segment e goes through bridge

92. Therefore the designated port for network segment e is the port that connects

bridge 92 to network segment e.
http://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_4.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_4.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_3.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_3.svg


30/40

5. This diagram illustrates all port states as computed by the spanning treealgorithm. Any active port that is not a root port or a designated port is a blocked

port.

6. After link failure the spanning tree algorithm computes and spans new least-

cost tree.

Select a root bridge. The root bridge of the spanning tree is the bridge with the

smallest (lowest) bridge ID. Each bridge has a unique identifier (ID) and a

configurable priority number; the bridge ID contains both numbers. To compare

two bridge IDs, the priority is compared first. If two bridges have equal priority,

then the MAC addresses are compared. For example, if switches A
http://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_6.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_5.svghttp://en.wikipedia.org/wiki/File:Spanning_tree_protocol_at_work_5.svg


31/40

(MAC=0200.0000.1111) and B (MAC=0200.0000.2222) both have a priority of 10,

then switch A will be selected as the root bridge. If the network administrators

would like switch B to become the root bridge, they must set its priority to be less

than 10.

Determine the least cost paths to the root bridge. The computed spanning tree

has the property that messages from any connected device to the root bridge

traverse a least cost path, i.e., a path from the device to the root that has

minimum cost among all paths from the device to the root. The cost of traversing

a path is the sum of the costs of the segments on the path. Different technologies

have different default costs for network segments. An administrator can configure

the cost of traversing a particular network segment. The property that messages

always traverse least-cost paths to the root is guaranteed by the following two

rules.

Least cost path from each bridge. After the root bridge has been chosen, each

bridge determines the cost of each possible path from itself to the root. From

these, it picks one with the smallest cost (a least-cost path). The port connecting

to that path becomes the root port (RP) of the bridge.

Least cost path from each network segment. The bridges on a network segment

collectively determine which bridge has the least-cost path from the network

segment to the root. The port connecting this bridge to the network segment is

then thedesignated port (DP) for the segment.

Disable all other root paths. Any active port that is not a root port or a designated

port is a blocked port (BP).

Breaking ties for root ports. When multiple paths from a bridge are least-cost

paths, the chosen path uses the neighbor bridge with the lower bridge ID. The

root port is thus the one connecting to the bridge with the lowest bridge ID. For

example, in figure 3, if switch 4 were connected to network segment d, there

would be two paths of length 2 to the root, one path going through bridge 24 and

the other through bridge 92. Because there are two least cost paths, the lower

bridge ID (24) would be used as the tie-breaker in choosing which path to use.

Breaking ties for designated ports. When more than one bridge on a segment

leads to a least-cost path to the root, the bridge with the lower bridge ID is used

to forward messages to the root. The port attaching that bridge to the network

segment is thedesignated port for the segment. In figure 4, there are two least

cost paths from network segment d to the root, one going through bridge 24 and

the other through bridge 92. The lower bridge ID is 24, so the tie breaker dictates

that the designated port is the port through which network segment d is

connected to bridge 24. If bridge IDs were equal, then the bridge with the lowest


32/40

MAC address would have the designated port. In either case, the loser sets the

port as being blocked.

The final tie-breaker. In some cases, there may still be a tie, as when two bridges

are connected by multiple cables. In this case, multiple ports on a single bridge

are candidates for root port. In this case, the path which passes through the port

on the neighbor bridge that has the lowest port priority is used.


33/40

Project Report

Concepts used

1.DHCP

Short for Dynamic Host Configuration Protocol, a protocol for assigning

dynamic IP addresses to devices on a network. With dynamic addressing, a

device can have a different IP address every time it connects to the network

In some systems, the device's IP address can even change while it is still

connected. DHCP also supports a mix of static and dynamic IP addresses.

Dynamic addressing simplifies network administration because the software

keeps track of IP addresses rather than requiring an administrator to

manage the task. This means that a new computer can be added to a

network without the hassle of manually assigning it a unique IP address.

Many ISPs use dynamic IP addressing for dial-up users.

2.Back up of IOS

There are several methods to choose from in order to back up and restore a

configuration:

Use a TFTP server Use an FTP server Use a Terminal Emulation Program Backup Configuration to a TFTP Server

3.VLAN

Short for virtual LAN, a network of computers that behave as if they are

connected to the same wire even though they may actually be physically

located on different segments of a LAN. VLANs are configured through

software rather than hardware, which makes them extremely flexible. Oneof the biggest advantages of VLANs is that when a computer is physically

moved to another location, it can stay on the same VLAN without any

hardware reconfiguration.
http://www.webopedia.com/TERM/L/local_area_network_LAN.htmlhttp://www.webopedia.com/TERM/S/software.htmlhttp://www.webopedia.com/TERM/H/hardware.htmlhttp://www.webopedia.com/TERM/L/local_area_network_LAN.htmlhttp://www.webopedia.com/TERM/S/software.htmlhttp://www.webopedia.com/TERM/H/hardware.html


34/40

4.VTP

VTP is a VLAN Trunking protocol.It is a Layer 2 Messageing Protocol. Weneed it for :-1. For Low Administration.

2. Securty.Its function is to pass information Of VLAN into a VTP Domain. VTP stands forVlan Trunking Protocal. Its used for saving time if multiple switches havingsame vlan to configure.

There are 3 parts1) Client2) Server3) Transparent

5.IP Routing

IP Routing is an umbrella term for the set of protocols that determine the

path that data follows in order to travel across multiple networks from its

source to its destination. Data is routed from its source to its destination

through a series of routers, and across multiple networks. The IP Routing

protocols enable routers to build up a forwarding table that correlates fina

destinations with next hop addresses.

These protocols include:

BGP (Border Gateway Protocol) IS-IS (Intermediate System - Intermediate System) OSPF (Open Shortest Path First) RIP (Routing Information Protocol)

6.ACL

An access control list (ACL) is a table that tells a computer operating system

which access rights each user has to a particular system object, such as a

file directory or individual file. Each object has a security attribute that

identifies its access control list. The list has an entry for each system user

with access privileges. The most common privileges include the ability to

read a file (or all the files in a directory), to write to the file or files, and to

execute the file (if it is an executable file, or program). Microsoft Windows

NT/2000, Novell's NetWare, Digital's OpenVMS, and UNIX-based systems are

among the operating systems that use access control lists. The list is

implemented differently by each operating system.


35/40

7.NAT

Short for Network Address Translation, an Internet standard that enables alocal-area network (LAN) to use one set of IP addresses for internal traffic

and a second set of addresses for external traffic.

8.PAT

Short for Port Address Translation, a type of network address translation.

During PAT, each computer on LAN is translated to the same IP address, but

with a different port number assignment.

9.Frame Relay

A packet-switchingprotocol for connecting devices on a Wide Area Network

(WAN). Frame Relay networks in the U.S. support data transfer rates at T-1

(1.544 Mbps) and T-3 (45 Mbps) speeds. In fact, you can think of Frame

Relay as a way of utilizing existing T-1 and T-3 lines owned by a service

provider. Most telephone companies now provide Frame Relay service for

customers who want connections at 56 Kbps to T-1 speeds. (In Europe,

Frame Relay speeds vary from 64 Kbps to 2 Mbps. In the U.S., Frame Relay

is quite popular because it is relatively inexpensive
http://www.webopedia.com/TERM/P/packet_switching.htmlhttp://www.webopedia.com/TERM/P/protocol.htmlhttp://www.webopedia.com/TERM/W/wide_area_network_WAN.htmlhttp://www.webopedia.com/TERM/W/wide_area_network_WAN.htmlhttp://www.webopedia.com/TERM/M/Mbps.htmlhttp://www.webopedia.com/TERM/T/T_1_carrier.htmlhttp://www.webopedia.com/TERM/T/T_3_carrier.htmlhttp://www.webopedia.com/TERM/K/Kbps.htmlhttp://www.webopedia.com/TERM/P/packet_switching.htmlhttp://www.webopedia.com/TERM/P/protocol.htmlhttp://www.webopedia.com/TERM/W/wide_area_network_WAN.htmlhttp://www.webopedia.com/TERM/W/wide_area_network_WAN.htmlhttp://www.webopedia.com/TERM/M/Mbps.htmlhttp://www.webopedia.com/TERM/T/T_1_carrier.htmlhttp://www.webopedia.com/TERM/T/T_3_carrier.htmlhttp://www.webopedia.com/TERM/K/Kbps.html


36/40

S cenario The simulation of JUET network has been done in the project. An overview of the

total network can be seen in the image below-


37/40


38/40

On Packet Tracer the connections have been shown like this :-


39/40

In a working closet, the image would look like this :


40/40

Bibliography

1. Study material provided during training.

2.www.wikipedia.com

3.www.google.com

4.Netcert.tripod.com

Report Ponda

Documents

Transcript of Report Ponda