Académique Documents
Professionnel Documents
Culture Documents
We hereby certify that the Minor Project work entitled as ENTERPRISE NETWORK which is being submitted in the department of Electronics and Communication Engineering at S.D. Institute of Technology & Management (affiliated to Kurukshetra University, Kurukshetra) by us in partial fulfillment for the award of degree of Bachelor of Technology in Electronics and Communication Engineering is an authentic record of our own work carried out under the guidance and supervision of Mr. Vinod Kumar (Lecturer, ECE Dept.).
BHARAT KHANEJA
(3409135)
SACHIN GUPTA
(3409141)
GUIDE CERTIFICATE
This is to Certify that Mr. Bharat Khaneja (3409135) & Mr. Sachin Gupta (3409141), students of B.Tech (Electronics and Communication Engineering) at S.D Institute of Technology & Management, Israna has worked under my guidance and supervision for the preparation of the Minor Project entitled as ENTERPRISE NETWORK for the award of the degree of B.Tech in Electronics and Communication Engineering by Kurukshetra University, Kurukshetra.
ABSTRACT
The enterprise network is the lifeblood of any Small to Medium Enterprise (SME) with more than one site or supply chain partner. It enables access to business information and allows for profitable and effective communication flows between employees in different enterprise sites. Network enterprise network equipment is mature and ubiquitous, but the quality of services provided by similar networks varies from city to city and from country to country. In particular, the quality variation gap between most of the cities in some developing nations and their counterparts in advanced nations is very wide. This is due to the lack in developing nations of an adequate IT infrastructure, which is taken for granted in developed nations. Planning an enterprise network in a developing nation is almost like planning it in the middle of a desert. This report briefly discusses the architecture of an enterprise network. It examines the barriers to planning, designing and implementing an enterprise network. This project also covers the methods to implement enterprise level networks.
In this project we will start from working basic router configuration then covering the Routing technologies required to route data between branches. After that we have implement WAN and Frame-relay is considered a good choice because it connects multiple location using single interface of router and reduce the hardware costs. For Internet connectivity we are also using frame relay. In this setup NAT is very essential in which we have translate live IP into local and vice-versa.
Following is the list of technologies that are used in this report: Administration of router Routing Types of routing Scalability of networks
LIST OF USED DEVICES & TECHNOLOGIES CONFIGURED Cisco router Core layer switch Distribution layer switch Access layer switches
TECHNOLOGIES TO CREATE A NETWORK Router IP Addressing Routing Core Switch VTP server VLAN database Trunk Links Spanning Tree Configuration Configuring IP & Gateway VLAN Port Membership Distribution Switches VTP Client Configuring IP & Gateway Trunk Link Configuration VLAN Port Membership
In short we can say a lot of technologies have been studied and implemented for the successful completion of the project.
ACKNOWLEDGEMENT
A formal statement of acknowledgment is hardly sufficient to express our gratitude towards the personalities who have helped us to undertake and complete this project.
We express our sincere and deep sense of gratitude to Dr. Rajesh Malik (HOD), Mrs. Rita Saini (Project in-charge), and Mr.Vinod (project guide) for their guidance, valuable suggestions, immense help, encouragement and friendly behavior throughout the working of this dissertation. We are also grateful to all the members of evaluation committee for giving valuable suggestions and advice for evaluating me from time to time. We humbly express our sincere thanks to all the faculty members and the staff of ECE Department for their constant assistance and for providing the pleasant working conditions in the complete duration of the dissertation work. We are thankful to all the friends for their helping attitude and constant encouragement. We cannot conclude this acknowledgement without mentioning our parents. It would not be possible for us to complete this dissertation work without their love, encouragement and support.
Needless to say, the more we direct my thoughts positively and feel genuinely thankful, we find that the more we get to experience good results.
Contents
Page No
Declaration ...... 1 Guide certificate. ..........3 Abstract....4 Acknowledgement.. 5 List of abbreviations.... 8 List of figures ...... 9
1.
2.
3.
Introduction.12
4.
Description of Technologies used..16 4.1 Routing......16 4.1.1 Types of Routing...... .17 4.1.2 Router Access Modes....19 4.1.3 Routing Protocols...20
4.2 VLAN............................................23 4.3 DHCP......25 4.4 Frame Relay.........................26 4.5 Domain Name System....27 4.6 ACL......27
Project Scenario...28 6
Device Configuration29 6.1 Noida branch configuration........29 6.2 Bangalore branch configuration.........34 6.3 Delhi-Head Office configuration36 6.4 Configuring security features..41
Result......44
Conclusion
and
future
scope..46
LIST OF ABBREVIATIONS
N/w LAN WAN ISDN MAC IETF EXEC VTY VLAN BGP EIGRP IGRP OSPF RIP MTU VLSM IOS CLI
Network Local Area Network Wide Area Network Integrated Services Digital Network (ISDN) Media Access Control Internet Engineering Task Force EXECUTION (Virtual Telnet Type) VIRTUAL Local Area Network Border Gateway Protocol Enhanced Interior Gateway Routing Protocol Interior Gateway Routing Protocol Open Shortest Path First Routing Information Protocol Maximum Transmission Unit Variable Length Subnet Mask Internetwork Operating System Command-Line Interface
LIST OF FIGURES
FIGURE NO.
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
DESCRIPTION OF FIGURE
CISCO PACKET TRACER BLOCK DIAGRAM OF PROJECT ROUTER ACCESS MODES DIFFERENT ROUTING PROTOCOLS ILLUSTRATING THE VLAN PROCESS ILLUSTRATING THE DHCP PROCESS FRAME RELAY CLOUD PROJECT SCENARIO COMMAND WINDOW DHCP IP CONFIURATION
PAGE NO.
11 12 19 20 24 25 26 28 44 45
SOFTWARE USED:
PACKET TRACER 5.3.3 Cisco Packet Tracer is a powerful network simulation program that allows students to experiment with network behavior and ask what if questions. As an integral part of the Networking Academy comprehensive learning experience, Packet Tracer provides simulation, visualization, authoring, assessment, and collaboration capabilities and facilitates the teaching and learning of complex technology concepts.
10
11
CHAPTER-3 INTRODUCTION
Problem Definition To design, implement, and configure a network for a company having its head office in Delhi, one branch office in Bangalore and one in Noida. Following figure clearly explain the project objective:
12
Requirement Specifications The company consists of three different locations Delhi (HQ), Noida and Bangalore. The locations are connected between each other through router, switch, and Frame Relay. VLAN (virtual local area network) is created in each three different department to reduce the broadcast domains and aids in network administration by separating logical segment of a LAN.
Overview of a Network A network consists of two or more computers that are linked in order to share resources (such as printers and CD-ROMs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams.
Local Area Network: A Local Area Network (LAN) is a network that is confined to a relatively small area. It is generally limited to a geographic area such as a writing lab, school, or building. Rarely are LAN computers more than a mile apart. In a typical LAN configuration, one computer is designated as the file server. It stores all of the software that controls the network, as well as the software that can be shared by the computers attached to the network. Computers connected to the file server are called workstations. On most LANs, cables are used to connect the network interface cards in each computer.
13
Wide Area Network: Wide Area Networks (WANs) connect larger geographic areas, such as Florida, the United States, or the world. Dedicated transoceanic cabling or satellite uplinks may be used to connect this type of network. Using a WAN, company in Delhi can communicate with places like Tokyo in a matter of minutes, without paying enormous phone bills. A WAN is complicated. It uses multiplexers to connect local and metropolitan networks to global communications networks like the Internet. To users, however, a WAN will not appear to be much different than a LAN or a MAN.
Speed: Networks provide a very rapid method for sharing and transferring files. Without a network, files are shared by copying them to floppy disks, then carrying or sending the disks from one computer to another. This method of transferring files (referred to as sneaker-net) is very time-consuming.
Security: Files and programs on a network can be designated as copy inhibit, so that you do not have to worry about illegal copying of programs. Also, passwords can be established for specific directories to restrict access to authorized users.
Centralized Software Management: One of the greatest benefits of installing a network at a school is the fact that all of the software can be loaded on one computer (the file server). This eliminates that need to spend time and energy installing updates and tracking files on independent computers throughout the building.
Resource Sharing: Sharing resources is another area in which a network exceeds stand-alone computers. However, if these or similar peripherals are added to a network, they can be shared by many users.
14
CASE STUDY:
The following case study is used to illustrate the process and documentation required for a network design. This case study presents a scenario in which the company or an enterprise has hired a Network Consultant Group to design their network. In order to help organization in this project, the scenario has been broken into eight phases listing requirements for each phase. A worksheet is to be completed for each part. A formal report, similar to what would be given to the company, will need to be created after all tasks have been completed.
This case study requires that you accomplish the following: 1. Use the resources provided, diagram and narrative, to set up the physical network. 2. Set up an IP sub netting scheme 3. Configure the routers as required. 4. Set up and configure the switches and VLANS as required. 5. Verify and troubleshoot all connections. 6. Provide detailed documentation in the appropriate format. 7. Provide a written final report
15
Routing algorithms fill routing tables with a variety of information. Destination/next hop associations tell a router that a particular destination can be reached optimally by sending the packet to a particular router representing the "next hop" on the way to the final destination. When a router receives an incoming packet, it checks the destination address and attempts to associate this address with a next hop. Routing algorithms often have one or more of the following design goals: Optimality Simplicity Robustness Rapid convergence Flexibility Low overhead Stability
16
. Static Routing
In this routing, we have to use IP route commands through which we can specify routes for different networks. The administrator will analyze whole internetwork topology and then specify the route for each n/w that is not directly connected to the router.
. Dynamic Routing
In dynamic routing, we will enable a routing protocol on router. This protocol will send its routing information to the neighbor router. The neighbors will analyze the information and write new routes to the routing table. The routers will pass routing information receive from one router to other router also. If there are more than one path available then routes are compared and best path is selected.
17
Metric of Dynamic Routing Metric are the measuring unit to calculate the distance of destination n/w. A protocol may use a one or more than one at a time to calculate the distance. Different types of metric are: (1) Hop Count (2) Band Width (3) Load (4) Reliability (5) Delay (6) MTU Hop Count It is the no. of Hops (Routers) a packet has to travel for a destination n/w. Bandwidth Bandwidth is the speed of link. The path with higher bandwidth is preferred to send the data. Load Load is the amount of traffic present in the interface. Paths with lower load and high throughput are used to send data. Reliability Reliability is up time of interface over a period of time. Delay Delay is the time period b/w a packet is sent and received by the destination. MTU (Maximum Transmission Unit) It is the maximum size of packet that can be sent in a frame mostly MTU is set to 1500.
Problems of Distance Vector There are two main problems of distance vector routing: *Bandwidth Consumption *Routing Loops
18
User mode
In this mode, we can display basic parameter and status of the router we can test connectivity and perform telnet to other devices. In this mode we are not enable to manage & configure router.
Privileged mode
In this mode, we can display all information, configuration, perform administration task, debugging, testing and connectivity with other devices. We are not able to perform here configuration editing of the router.
Autonomous system is the group of contiguous routers and n/w, which will share their routing information directly with each other. If all routers are in single domain and they share their information directly with each other then the size of routing updates will depend on the no. of n/w present in the Internetwork. Update for each n/w may take 150 200 bytes information.
20
1) IGRP is a distance vector Interior Gateway Protocol (IGP). IGRP uses a composite metric that is calculated by factoring weighted mathematical values for internetwork delay, bandwidth, reliability, and load. Network administrators can set the weighting factors for each of these metrics, although great care should be taken before any default values are manipulated.
2) RIP (routing information protocol) is a distance vector routing protocol. It sends complete routing table out to all other members in an interval of 30 seconds. It uses hop count as a metric and by default hop count is set to 15.
Features of RIP:
Distance Vector Routing Protocol Maximum Reachable hop-count is 15 Hop 16 is considered unreachable Metric is HOP COUNT Administrative distance 120 Sends periodic update every 30 seconds Supports equal path load balancing Works at application layer
3) EIGRP EIGRP Key capabilities that distinguish EIGRP from other routing protocols include fast convergence, support for variable-length subnet mask, support for partial updates, and support for multiple network layer protocols. A router running EIGRP stores all its neighbors' routing tables so that it can quickly adapt to alternate routes. If no appropriate route exists, EIGRP queries its neighbors to discover an alternate route. EIGRP does not make periodic updates. Instead, it sends partial updates only when the metric for a route changes.
21
Features of EIGRP: Following are the EIGRP features: Cisco proprietary Hybrid protocol Link state Distance Vector Multicast Updates using Address 224.0.0.10 Support AS Support VLSM Automatic Route Summarization Unequal path cost load balancing Metric (32 bit composite) o Bandwidth o Delay o Load o Reliability o MTU Neighbor Recovery Partial updates Triggered updates Backup Route Multi Protocol Routing
4) OSPF OSPF is a link-state routing protocol that calls for the sending of link-state advertisements (LSAs) to all other routers within the same hierarchical area. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm to calculate the shortest path to each node.
22
Features of OSPF: Link State Routing Protocol Open standard Multicast updates at 224.0.0.5 and 224.0.0.6 Support VLSM Support Area similar to AS Manual Route Summarization Hierarchical model Metric is Bandwidth Support authentication Supports unlimited hop count
4.2 VLAN
VLAN (Virtual Local Area Network) is a switched network that is logically segmented by functions, project teams, or applications without regard to the physical location of users. For example, several end stations might be grouped as a department, such as engineering or accounting. When the end stations are physically located close to one another, you can group them into a LAN segment. If any of the end stations are in different buildings (not the same physical LAN segment), you can then group them into a VLAN. You can assign each switch port to a VLAN. Ports in a VLAN share broadcast traffic. Ports that do not belong to that VLAN do not share the broadcast traffic. VLAN provides the following features: Simplification of end-station moves, adds, and changes When an end station is physically moved to a new location, its attributes can be reassigned from a network management station through Simple Network Management Protocol (SNMP) or through the user interface menus. When an end station is moved within the same VLAN, it retains its previously assigned attributes in its new location.
23
When an end station is moved to a different VLAN, the attributes of the new VLAN are applied to the end station.
24
4.3 DHCP
The Dynamic Host Configuration Protocol (DHCP) is a network protocol that is used to configure network devices so that they can communicate on an IP network. A DHCP client uses the DHCP protocol to acquire configuration information, such as an IP address, a default route and one or more DNS server addresses from a DHCP server. The DHCP client then uses this information to configure its host. Once the configuration process is complete, the host is able to communicate on the internet. The DHCP server maintains a database of available IP addresses and configuration information. When it receives a request from a client, the DHCP server determines the network to which the DHCP client is connected, and then allocates an IP address or prefix that is appropriate for the client, and sends configuration information appropriate for that client. DHCP servers typically grant IP addresses to clients only for a limited interval. DHCP clients are responsible for renewing their IP address before that interval has expired, and must stop using the address once the interval has expired, if they have not been able to renew it. Hosts that do not use DHCP for address configuration may still use it to obtain other configuration information.
25
Network providers commonly used between local area networks (LANs) over a wide area network (WAN). Each end-user gets a private line (or leased line) to a Frame Relay node. The Frame Relay network handles the transmission over a frequently-changing path transparent to all end-user extensively-used WAN protocols. It is less expensive than leased lines and that is one reason for its popularity. The extreme simplicity of configuring user equipment in a Frame Relay network offers another reason for Frame Relay's popularity.
With the advent of Ethernet over fiber optics, MPLS, VPN and dedicated broadband services such as cable modem and DSL, the end may loom for the Frame Relay protocol
26
27
28
Similarly, on switch 1 we create the 3 VLANS with names hr, finance & marketing and make the seventh interface as trunk port.
AT ROUTER 0
Router(config)#interface s0/0 (ip add. at serial port is assigned )
Router(config-if)#ip address 192.168.0.1 255.255.255.252 Router(config-if)#clock rate 64000 Router(config-if)#no shutdown Router(config-if)#exit
30
Router(config-subif)#exit Router(config)#interface f0/0.3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 10.1.3.1 255.255.255.0 Router(config-subif)#exit
Router(config)#ip dhcp pool marketing Router(dhcp-config)#network 10.1.3.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.3.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit
Router(config)#ip dhcp pool hr Router(dhcp-config)#network 10.1.5.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.5.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit
Router(config)#ip dhcp pool finance Router(dhcp-config)#network 10.1.6.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.6.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit
Router(config)#ip dhcp pool machinery Router(dhcp-config)#network 10.1.7.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.7.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit Router(config)#exit Router#exit
32
AT ROUTER 1 At router 1, we again assign the ip addresses as done in router 0 previously. Here also we will do the inter-vlan and the ip-helper command will be used here to get the ip addresses automatically i.e. via DHCP configuration.
Router(config)#interface s0/0
Router(config-if)#ip address 192.168.0.2 255.255.255.252 Router(config-if)#clock rate 64000 Router(config-if)#no shutdown Router(config-if)#exit
Router(config)#interface f0/0.5 Router(config-subif)#encapsulation dot1Q 5 Router(config-subif)#ip address 10.1.5.1 255.255.255.0 Router(config-subif)#IP helper-address 192.168.0.1 (this command is used for the dhcp) Router(config-subif)#exit Router(config)#interface f0/0.6 Router(config-subif)#encapsulation dot1Q 6 Router(config-subif)#ip address 10.1.6.1 255.255.255.0 Router(config-subif)#IP helper-address 192.168.0.1 Router(config-subif)#exit
33
Router(config)#interface f0/0.7 Router(config-subif)#encapsulation dot1Q 7 Router(config-subif)#ip address 10.1.7.1 255.255.255.0 Router(config-subif)#IP helper-address 192.168.0.1 Router(config-subif)#exit
STATIC ROUTING AT THE ROUTERS: In the Noida branch we have used the static routing for the routing of data/packets. The commands used for the static routing are as follows: AT ROUTER 0 Router(config)#ip route 10.1.5.0 255.255.255.0 192.168.0.2 Router(config)#ip route 10.1.6.0 255.255.255.0 192.168.0.2 Router(config)#ip route 10.1.7.0 255.255.255.0 192.168.0.2 AT ROUTER 1 Router(config)#ip route 10.1.2.0 255.255.255.0 192.168.0.1 Router(config)#ip route 10.1.3.0 255.255.255.0 192.168.0.1 Router(config)#ip route 10.1.4.0 255.255.255.0 192.168.0.1
So, the configuration of the Noida branch is complete. The two routers in the Noida branch communicate with each other via static routing.
34
But in the Bangalore branch for the routing purpose, we will use the EIGRP protocol rather than the static routing. The commands for the EIGRP routing are as follows: AT ROUTER 2 Router(config)#router eigrp 100 Router(config-router)#network 10.1.8.0 0.0.0.255 Router(config-router)#network 10.1.9.0 0.0.0.255 Router(config-router)#network 10.1.10.0 0.0.0.255 Router(config-router)#network 192.168.1.0 0.0.0.3 Router(config-router)#no auto-summary Router(config-router)#exit (doing the EIGRP routing)
AT ROUTER 3 Router(config)#router eigrp 100 Router(config-router)#network 10.1.11.0 0.0.0.255 Router(config-router)#network 10.1.12.0 0.0.0.255 Router(config-router)#network 10.1.13.0 0.0.0.255 Router(config-router)#network 192.168.1.0 0.0.0.3 Router(config-router)#no auto-summary Router(config-router)#exit
In the Bangalore branch also we have configured the DHCP and DNS servers as done previously. . The two routers in the Bangalore branch communicate with each other via EIGRP routing protocol.
AT ROUTER 5 Router(config)#router ospf 1 Router(config-router)#network 10.1.17.0 0.0.0.255 area 0 Router(config-router)#network 10.1.18.0 0.0.0.255 area 0 Router(config-router)#network 10.1.19.0 0.0.0.255 area 0
36
AT ROUTER 6 Router(config)#router ospf 1 Router(config-router)#network 10.1.20.0 0.0.0.255 area 0 Router(config-router)#network 10.1.21.0 0.0.0.255 area 0 Router(config-router)#network 10.1.22.0 0.0.0.255 area 0 Router(config-router)#network 192.168.3.0 0.0.0.3 area 0 Router(config-router)#exit
So with this the configuration of the head office also completes!!! Note : Now, we have to connect these two branches and the head office, so that a proper communication link can be established for the purpose of communication and information exchange. This is done as follows: The WAN communication is with the help of frame relay. Cloud is used to connect Delhi Head office, Noida branch & Bangalore branch. Noida branch is connected to cloud serial port 2 having DLCI no 100,200 & AS 100. Bangalore branch is connected to cloud serial port 1 having DLCI no 101,201 & AS 200. Delhi Head-office is connected to cloud serial port 0 having DLCI no 102,202 & AS 300.
37
Now, we will do the required codings at Router1 of Noida, Router2 of Bangalore & Router4 of Delhi. AT ROUTER1 OF NOIDA: Router (config)# interface s0/1 Router (config-if)#encapsulation frame-relay Router (config-if)#frame-relay interface-dlci 100 Router (config-if)#frame-relay interface-dlci 200 Router (config-if)#ip address 20.0.0.1 255.0.0.0 Router (config-if)#clock rate 64000 Router (config-if)#no shutdown 1Router (config-if)#exit
AT ROUTER2 OF BANGALORE: Router (config)#interface s0/1 Router (config-if)#encapsulation frame-relay Router (config-if)#frame-relay interface-dlci 101 Router (config-if)#frame-relay interface-dlci 201 Router (config-if)#ip address 20.0.0.2 255.0.0.0 Router (config-if)#clock rate 64000 Router (config-if)#no shutdown Router (config-if)#exit
Router (config-if)#frame-relay interface-dlci 102 Router (config-if)#frame-relay interface-dlci 202 Router (config-if)#ip address 20.0.0.3 255.0.0.0 Router (config-if)#clock rate 64000 Router (config-if)#no shutdown Router (config-if)#exit
Now, DLCI 100,200,101,201,102 & 202 has names Noida 1, Noida 2, Bangalore1, Bangalore2, Delhi1 and Delhi 2 respectively. Delhi1 connect with Bangalore1, Delhi2 connect with Noida1 & Noida connect with Bangalore2. Now we apply BGP (Border Gateway Protocol) & Redistribute the networks to communicate each branch each other and finally the Enterprises Network established.
AT ROUTER1 OF NOIDA: Router(config)# router bgp 100 Router(config-if)#netwok 20.0.0.0 Router(config-if)#neighbor 20.0.0.2 remote-as 200 Router(config-if)#neighbor 20.0.0.3 remote-as 300 Router(config-if)#exit Router(config)#router bgp 100 Router(config-if)# redistribute static Router(config-if)# redistribute connected Router(config)#exit
39
AT ROUTER2 OF BANGALORE: Router(config)#router bgp 200 Router(config-if)#netwok 20.0.0.0 Router(config-if)#neighbor 20.0.0.1 remote-as 100 Router(config-if)#neighbor 20.0.0.3 remote-as 300 Router(config-if)#exit Router(config)#router bgp 200 Router(config-if)# redistribute eigrp 100 Router(config-if)#redistribute connected Router(config)#exit
AT ROUTER4 OF DELHI: Router(config)#router bgp 300 Router(config-if)#netwok 20.0.0.0 Router(config-if)#neighbor 20.0.0.2 remote-as 200 Router(config-if)#neighbor 20.0.0.1 remote-as 100 Router(config-if)#exit Router(config)#router bgp 300 Router(config-if)# redistribute ospf 1 match internal external 1 Router(config-if)#redistribute connected Router(config)#exit
Now all the branches are able to communicate with each other branch and hence enterprise is able to communicate between its head office and branches.
40
6.4.1 PORT SECURITY A growing challenge for network administrators is to be able to control who is allowed and who isn't - to access the organization's internal network. This access control is mandatory for critical infrastructure protection in your network. It is not on public parts of the network where guest users should be able to connect. Port security is a Cisco feature implemented in Catalyst switches which will help network engineers in implementing network security on network boundaries. In its most basic form, the Port Security feature writes the MAC address of the device connected to the switch edge port and allows only that MAC address to be active on that port. If any other MAC address is detected on that port, port security feature shutdown the switch port. The switch can be configured to send a SNMP trap to a network monitoring solution to alert that the port is disabled for security reasons. The commands for port security are as follows: Switch(config)#interface f0/6 (configuring port security feature on pc11 of Noida)
Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address 000c.8582.0dc5 Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#exit
Switch#show port-security interface f0/2 Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : Disabled : Secure-down : Shutdown : 0 mins : Absolute : Disabled :1 :0 :0 :0 : 0000.0000.0000:0 :0
Using above set of commands we have stop the communication between pc10 (10.1.7.3) and pc23 (10.1.14.3).
43
CHAPTER-7 RESULT
PING TO PC
All the computers of any branch are able to communicate with each other,that is all the computers are pinging each other, and thus all the branches can now communicate and thus the purpose of the project is achieved.
44
DHCP IP CONFIGURATION
Now there is no need to configure each pc separately for its ip address. The DHCP configuration is automatically assigning the ip addresses to every pcs connected in the network In this way it reduces the workload and makes the network more effective.
45
This project entitled as ENTERPRISE NETWORK has made us learn 21st century skills such as complex problem solving and critical thinking.
To conclude one can say that CCNA training was really beneficial for me and making report for such a great training is not being written just for the sake of writing. We are crisply stating the main take away points from our work. We feel that CCNA Security Course help to meet the growing demand for network security skills. It provides the blended curriculum which provides a hands-on and carrier oriented introduction to come security concepts. The course is highly beneficial, as we feel; it helps students differentiate themselves in the marketplace. Develop students for network security carrier opportunities. It enhances specialized security skills.
46
BIBLIOGRAPHY
REFERENCES CCNA TEXTBOOK, BY DUCAT-INDIA CCNA COURSE GUIDE -By Todd Lammle Computer Hardware & Design -By Mouris Mano
47