DECLARATION

We hereby certify that the Minor Project work entitled as ENTERPRISE NETWORK which is being submitted in the department of Electronics and Communication Engineering at S.D. Institute of Technology & Management (affiliated to Kurukshetra University, Kurukshetra) by us in partial fulfillment for the award of degree of Bachelor of Technology in Electronics and Communication Engineering is an authentic record of our own work carried out under the guidance and supervision of Mr. Vinod Kumar (Lecturer, ECE Dept.).

BHARAT KHANEJA
(3409135)

SACHIN GUPTA
(3409141)

GUIDE CERTIFICATE

This is to Certify that Mr. Bharat Khaneja (3409135) & Mr. Sachin Gupta (3409141), students of B.Tech (Electronics and Communication Engineering) at S.D Institute of Technology & Management, Israna has worked under my guidance and supervision for the preparation of the Minor Project entitled as ENTERPRISE NETWORK for the award of the degree of B.Tech in Electronics and Communication Engineering by Kurukshetra University, Kurukshetra.

Mrs. Rita Saini (Project In-charge)

Mr. Vinod Kumar (Project Guide)

Dr. Rajesh Malik (HOD, ECE Dept.)

ABSTRACT
The enterprise network is the lifeblood of any Small to Medium Enterprise (SME) with more than one site or supply chain partner. It enables access to business information and allows for profitable and effective communication flows between employees in different enterprise sites. Network enterprise network equipment is mature and ubiquitous, but the quality of services provided by similar networks varies from city to city and from country to country. In particular, the quality variation gap between most of the cities in some developing nations and their counterparts in advanced nations is very wide. This is due to the lack in developing nations of an adequate IT infrastructure, which is taken for granted in developed nations. Planning an enterprise network in a developing nation is almost like planning it in the middle of a desert. This report briefly discusses the architecture of an enterprise network. It examines the barriers to planning, designing and implementing an enterprise network. This project also covers the methods to implement enterprise level networks.

In this project we will start from working basic router configuration then covering the Routing technologies required to route data between branches. After that we have implement WAN and Frame-relay is considered a good choice because it connects multiple location using single interface of router and reduce the hardware costs. For Internet connectivity we are also using frame relay. In this setup NAT is very essential in which we have translate live IP into local and vice-versa.

Following is the list of technologies that are used in this report: Administration of router Routing Types of routing Scalability of networks

LIST OF USED DEVICES & TECHNOLOGIES CONFIGURED Cisco router Core layer switch Distribution layer switch Access layer switches

TECHNOLOGIES TO CREATE A NETWORK Router IP Addressing Routing Core Switch VTP server VLAN database Trunk Links Spanning Tree Configuration Configuring IP & Gateway VLAN Port Membership Distribution Switches VTP Client Configuring IP & Gateway Trunk Link Configuration VLAN Port Membership

In short we can say a lot of technologies have been studied and implemented for the successful completion of the project.

ACKNOWLEDGEMENT
A formal statement of acknowledgment is hardly sufficient to express our gratitude towards the personalities who have helped us to undertake and complete this project.

We express our sincere and deep sense of gratitude to Dr. Rajesh Malik (HOD), Mrs. Rita Saini (Project in-charge), and Mr.Vinod (project guide) for their guidance, valuable suggestions, immense help, encouragement and friendly behavior throughout the working of this dissertation. We are also grateful to all the members of evaluation committee for giving valuable suggestions and advice for evaluating me from time to time. We humbly express our sincere thanks to all the faculty members and the staff of ECE Department for their constant assistance and for providing the pleasant working conditions in the complete duration of the dissertation work. We are thankful to all the friends for their helping attitude and constant encouragement. We cannot conclude this acknowledgement without mentioning our parents. It would not be possible for us to complete this dissertation work without their love, encouragement and support.

Needless to say, the more we direct my thoughts positively and feel genuinely thankful, we find that the more we get to experience good results.

Lastly, we bow before the almighty with folded hands!!

BHARAT KHANEJA (3409135)

SACHIN GUPTA (3409141)

Contents

Page No

Declaration ...... 1 Guide certificate. ..........3 Abstract....4 Acknowledgement.. 5 List of abbreviations.... 8 List of figures ...... 9

1.
2.

About the technology.....10 Requirements and platform used...11

3.

Introduction.12

4.

Description of Technologies used..16 4.1 Routing......16 4.1.1 Types of Routing...... .17 4.1.2 Router Access Modes....19 4.1.3 Routing Protocols...20

4.2 VLAN............................................23 4.3 DHCP......25 4.4 Frame Relay.........................26 4.5 Domain Name System....27 4.6 ACL......27

Project Scenario...28 6

Device Configuration29 6.1 Noida branch configuration........29 6.2 Bangalore branch configuration.........34 6.3 Delhi-Head Office configuration36 6.4 Configuring security features..41

Result......44

Conclusion

and

future

scope..46

References and Bibliography...47

LIST OF ABBREVIATIONS

N/w LAN WAN ISDN MAC IETF EXEC VTY VLAN BGP EIGRP IGRP OSPF RIP MTU VLSM IOS CLI

Network Local Area Network Wide Area Network Integrated Services Digital Network (ISDN) Media Access Control Internet Engineering Task Force EXECUTION (Virtual Telnet Type) VIRTUAL Local Area Network Border Gateway Protocol Enhanced Interior Gateway Routing Protocol Interior Gateway Routing Protocol Open Shortest Path First Routing Information Protocol Maximum Transmission Unit Variable Length Subnet Mask Internetwork Operating System Command-Line Interface

LIST OF FIGURES

FIGURE NO.
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

DESCRIPTION OF FIGURE
CISCO PACKET TRACER BLOCK DIAGRAM OF PROJECT ROUTER ACCESS MODES DIFFERENT ROUTING PROTOCOLS ILLUSTRATING THE VLAN PROCESS ILLUSTRATING THE DHCP PROCESS FRAME RELAY CLOUD PROJECT SCENARIO COMMAND WINDOW DHCP IP CONFIURATION

PAGE NO.
11 12 19 20 24 25 26 28 44 45

CHAPTER-1 ABOUT THE TECHNOLOGY

CCNA (Cisco Certified Network Associate) is a certification from Cisco. To achieve the CCNA certification, one must earn a passing score on the Cisco exam #640-802, or combined passing scores on both the ICND1 #640-822 and ICND2 #640816 exams. Passing the ICND1 grants one the Cisco Certified Entry Networking Technician (CCENT) certification. Passing scores are set by using statistical analysis and are subject to change. At the completion of the exam, candidates receive a score report along with a score breakout by exam section and the passing score for the given exam. Cisco does not publish exam passing scores because exam questions and passing scores are subject to change without notice. Cisco Certified Network Associate (CCNA) validates the ability to install, configure, operate, and troubleshoot medium-size router and switched networks, including implementation and verification of connections to remote sites in a WAN. CCNA curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This new curriculum also includes (but is not limited to) the use of these protocols: IP, Enhanced Interior Gateway Routing Protocol (EIGRP), Serial Line Interface Protocol Frame Relay, Routing Information Protocol Version 2 (RIPv2), VLANs, Ethernet, access control lists (ACLs).

SOFTWARE USED:
PACKET TRACER 5.3.3 Cisco Packet Tracer is a powerful network simulation program that allows students to experiment with network behavior and ask what if questions. As an integral part of the Networking Academy comprehensive learning experience, Packet Tracer provides simulation, visualization, authoring, assessment, and collaboration capabilities and facilitates the teaching and learning of complex technology concepts.
10

CHAPTER-2 REQUIREMENTS AND PLATFORMS USED

Hardware Used: RAM Hard Disk Keyboard Mouse Processor Software Used: Windows 7 MS Office Cisco Packet Tracer version 5.3.3 256 MB or above 10 GB or above Standard 101 key keyboard Optical mouse Pentium 4, DUAL CORE

11

CHAPTER-3 INTRODUCTION
Problem Definition To design, implement, and configure a network for a company having its head office in Delhi, one branch office in Bangalore and one in Noida. Following figure clearly explain the project objective:

12

Requirement Specifications The company consists of three different locations Delhi (HQ), Noida and Bangalore. The locations are connected between each other through router, switch, and Frame Relay. VLAN (virtual local area network) is created in each three different department to reduce the broadcast domains and aids in network administration by separating logical segment of a LAN.

Overview of a Network A network consists of two or more computers that are linked in order to share resources (such as printers and CD-ROMs), exchange files, or allow electronic communications. The computers on a network may be linked through cables, telephone lines, radio waves, satellites, or infrared light beams.

The two basic types of networks include:

Local Area Network (LAN) Wide Area Network (WAN)

Local Area Network: A Local Area Network (LAN) is a network that is confined to a relatively small area. It is generally limited to a geographic area such as a writing lab, school, or building. Rarely are LAN computers more than a mile apart. In a typical LAN configuration, one computer is designated as the file server. It stores all of the software that controls the network, as well as the software that can be shared by the computers attached to the network. Computers connected to the file server are called workstations. On most LANs, cables are used to connect the network interface cards in each computer.

13

Wide Area Network: Wide Area Networks (WANs) connect larger geographic areas, such as Florida, the United States, or the world. Dedicated transoceanic cabling or satellite uplinks may be used to connect this type of network. Using a WAN, company in Delhi can communicate with places like Tokyo in a matter of minutes, without paying enormous phone bills. A WAN is complicated. It uses multiplexers to connect local and metropolitan networks to global communications networks like the Internet. To users, however, a WAN will not appear to be much different than a LAN or a MAN.

Benefits of Installing a Network

Speed: Networks provide a very rapid method for sharing and transferring files. Without a network, files are shared by copying them to floppy disks, then carrying or sending the disks from one computer to another. This method of transferring files (referred to as sneaker-net) is very time-consuming.

Security: Files and programs on a network can be designated as copy inhibit, so that you do not have to worry about illegal copying of programs. Also, passwords can be established for specific directories to restrict access to authorized users.

Centralized Software Management: One of the greatest benefits of installing a network at a school is the fact that all of the software can be loaded on one computer (the file server). This eliminates that need to spend time and energy installing updates and tracking files on independent computers throughout the building.

Resource Sharing: Sharing resources is another area in which a network exceeds stand-alone computers. However, if these or similar peripherals are added to a network, they can be shared by many users.

14

CASE STUDY:
The following case study is used to illustrate the process and documentation required for a network design. This case study presents a scenario in which the company or an enterprise has hired a Network Consultant Group to design their network. In order to help organization in this project, the scenario has been broken into eight phases listing requirements for each phase. A worksheet is to be completed for each part. A formal report, similar to what would be given to the company, will need to be created after all tasks have been completed.

This case study requires that you accomplish the following: 1. Use the resources provided, diagram and narrative, to set up the physical network. 2. Set up an IP sub netting scheme 3. Configure the routers as required. 4. Set up and configure the switches and VLANS as required. 5. Verify and troubleshoot all connections. 6. Provide detailed documentation in the appropriate format. 7. Provide a written final report

15

CHAPTER-4 DESCRIPTION OF TECHNOLOGIES USED

4.1 ROUTING
ROUTING is the act of moving information across an internetwork from a source to a destination. Routing involves two basic activities: determining optimal routing paths and transporting information groups (typically called packets) through an internetwork. Routing protocols use metrics to evaluate what path will be the best for a packet to travel. A metric is a standard of measurement, such as path bandwidth, that is used by routing algorithms to determine the optimal path to a destination. To aid the process of path determination, routing algorithms initialize and maintain routing tables, which contain route information. Route information varies depending on the routing algorithm used.

Routing algorithms fill routing tables with a variety of information. Destination/next hop associations tell a router that a particular destination can be reached optimally by sending the packet to a particular router representing the "next hop" on the way to the final destination. When a router receives an incoming packet, it checks the destination address and attempts to associate this address with a next hop. Routing algorithms often have one or more of the following design goals: Optimality Simplicity Robustness Rapid convergence Flexibility Low overhead Stability
16

4.1.1 Types of Routing:

. Static Routing
In this routing, we have to use IP route commands through which we can specify routes for different networks. The administrator will analyze whole internetwork topology and then specify the route for each n/w that is not directly connected to the router.

Steps to perform static routing

(1) Create a list of all n/w present in internetwork. (2) Remove the n/w address from list, which is directly connected to n/w. (3) Specify each route for each routing n/w by using IP route command.

Advantages of static routing

(1) Fast and efficient. (2) More control over selected path. (3) Less overhead for router. (4) Bandwidth of interfaces is not consumed in routing updates.

Disadvantages of static routing

(1) More overheads on administrator. (2) Load balancing is not easily possible. (3) In case of topology change routing table has to be change manually.

. Dynamic Routing
In dynamic routing, we will enable a routing protocol on router. This protocol will send its routing information to the neighbor router. The neighbors will analyze the information and write new routes to the routing table. The routers will pass routing information receive from one router to other router also. If there are more than one path available then routes are compared and best path is selected.

17

Metric of Dynamic Routing Metric are the measuring unit to calculate the distance of destination n/w. A protocol may use a one or more than one at a time to calculate the distance. Different types of metric are: (1) Hop Count (2) Band Width (3) Load (4) Reliability (5) Delay (6) MTU Hop Count It is the no. of Hops (Routers) a packet has to travel for a destination n/w. Bandwidth Bandwidth is the speed of link. The path with higher bandwidth is preferred to send the data. Load Load is the amount of traffic present in the interface. Paths with lower load and high throughput are used to send data. Reliability Reliability is up time of interface over a period of time. Delay Delay is the time period b/w a packet is sent and received by the destination. MTU (Maximum Transmission Unit) It is the maximum size of packet that can be sent in a frame mostly MTU is set to 1500.

Problems of Distance Vector There are two main problems of distance vector routing: *Bandwidth Consumption *Routing Loops

18

4.1.2 Router Access Modes

When we access router command prompt the router will display different modes. According to the modes, privileges and rights are assigned to the user.

User mode
In this mode, we can display basic parameter and status of the router we can test connectivity and perform telnet to other devices. In this mode we are not enable to manage & configure router.

Privileged mode
In this mode, we can display all information, configuration, perform administration task, debugging, testing and connectivity with other devices. We are not able to perform here configuration editing of the router.

Global configuration mode

This mode is used for the configuration of global parameters in the router. Global parameters applied to the entire router. For e.g.: - router hostname or access list of router the command enters in this mode is configure terminal.

Routing configuration mode

This mode is used to configure routing protocol like RIP, EIGRP, OSPF etc. *Router(config)#router <protocol> [<option>] *Router(config)#router rip
19

4.1.3 ROUTING PROTOCOLS:

The various routing protocols that can be used under different circumstances are shown below:

Autonomous system is the group of contiguous routers and n/w, which will share their routing information directly with each other. If all routers are in single domain and they share their information directly with each other then the size of routing updates will depend on the no. of n/w present in the Internetwork. Update for each n/w may take 150 200 bytes information.
20

1) IGRP is a distance vector Interior Gateway Protocol (IGP). IGRP uses a composite metric that is calculated by factoring weighted mathematical values for internetwork delay, bandwidth, reliability, and load. Network administrators can set the weighting factors for each of these metrics, although great care should be taken before any default values are manipulated.

2) RIP (routing information protocol) is a distance vector routing protocol. It sends complete routing table out to all other members in an interval of 30 seconds. It uses hop count as a metric and by default hop count is set to 15.

Features of RIP:

Distance Vector Routing Protocol Maximum Reachable hop-count is 15 Hop 16 is considered unreachable Metric is HOP COUNT Administrative distance 120 Sends periodic update every 30 seconds Supports equal path load balancing Works at application layer
3) EIGRP EIGRP Key capabilities that distinguish EIGRP from other routing protocols include fast convergence, support for variable-length subnet mask, support for partial updates, and support for multiple network layer protocols. A router running EIGRP stores all its neighbors' routing tables so that it can quickly adapt to alternate routes. If no appropriate route exists, EIGRP queries its neighbors to discover an alternate route. EIGRP does not make periodic updates. Instead, it sends partial updates only when the metric for a route changes.

21

Features of EIGRP: Following are the EIGRP features: Cisco proprietary Hybrid protocol Link state Distance Vector Multicast Updates using Address 224.0.0.10 Support AS Support VLSM Automatic Route Summarization Unequal path cost load balancing Metric (32 bit composite) o Bandwidth o Delay o Load o Reliability o MTU Neighbor Recovery Partial updates Triggered updates Backup Route Multi Protocol Routing

4) OSPF OSPF is a link-state routing protocol that calls for the sending of link-state advertisements (LSAs) to all other routers within the same hierarchical area. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm to calculate the shortest path to each node.

22

Features of OSPF: Link State Routing Protocol Open standard Multicast updates at 224.0.0.5 and 224.0.0.6 Support VLSM Support Area similar to AS Manual Route Summarization Hierarchical model Metric is Bandwidth Support authentication Supports unlimited hop count

4.2 VLAN
VLAN (Virtual Local Area Network) is a switched network that is logically segmented by functions, project teams, or applications without regard to the physical location of users. For example, several end stations might be grouped as a department, such as engineering or accounting. When the end stations are physically located close to one another, you can group them into a LAN segment. If any of the end stations are in different buildings (not the same physical LAN segment), you can then group them into a VLAN. You can assign each switch port to a VLAN. Ports in a VLAN share broadcast traffic. Ports that do not belong to that VLAN do not share the broadcast traffic. VLAN provides the following features: Simplification of end-station moves, adds, and changes When an end station is physically moved to a new location, its attributes can be reassigned from a network management station through Simple Network Management Protocol (SNMP) or through the user interface menus. When an end station is moved within the same VLAN, it retains its previously assigned attributes in its new location.
23

When an end station is moved to a different VLAN, the attributes of the new VLAN are applied to the end station.

Controlled traffic activity

VLANs allow ports on the same or different switches to be grouped so that traffic is confined to members of only that group. This feature restricts broadcast, unicast, and multicast traffic (flooding) only to ports included in a certain VLAN. The management domain is a group of VLANs that are managed by a single administrative authority. Workgroup and network security You can increase security by segmenting the network into distinct broadcast domains. To this end, VLANs can restrict the number of users in a broadcast domain. You can also control the size and composition of the broadcast domain by controlling the size and composition of a VLAN.

24

4.3 DHCP
The Dynamic Host Configuration Protocol (DHCP) is a network protocol that is used to configure network devices so that they can communicate on an IP network. A DHCP client uses the DHCP protocol to acquire configuration information, such as an IP address, a default route and one or more DNS server addresses from a DHCP server. The DHCP client then uses this information to configure its host. Once the configuration process is complete, the host is able to communicate on the internet. The DHCP server maintains a database of available IP addresses and configuration information. When it receives a request from a client, the DHCP server determines the network to which the DHCP client is connected, and then allocates an IP address or prefix that is appropriate for the client, and sends configuration information appropriate for that client. DHCP servers typically grant IP addresses to clients only for a limited interval. DHCP clients are responsible for renewing their IP address before that interval has expired, and must stop using the address once the interval has expired, if they have not been able to renew it. Hosts that do not use DHCP for address configuration may still use it to obtain other configuration information.

25

4.4 FRAME RELAY

Frame Relay is a standardized wide area network technology that specifies the physical and logical link layers of digital telecommunications channels using a packet switching methodology. Originally designed for transport across Integrated Services Digital Network (ISDN) infrastructure, it may be used today in the context of many other network interfaces.

Network providers commonly used between local area networks (LANs) over a wide area network (WAN). Each end-user gets a private line (or leased line) to a Frame Relay node. The Frame Relay network handles the transmission over a frequently-changing path transparent to all end-user extensively-used WAN protocols. It is less expensive than leased lines and that is one reason for its popularity. The extreme simplicity of configuring user equipment in a Frame Relay network offers another reason for Frame Relay's popularity.

With the advent of Ethernet over fiber optics, MPLS, VPN and dedicated broadband services such as cable modem and DSL, the end may loom for the Frame Relay protocol

26

4.5 Domain Name System

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various informations with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. Additionally, the responsibility for maintaining and updating the master record for the domains is spread among many domain name registrars, who compete for the end-user's, domain-owner's, business. Domains can be moved from registrar to registrar at any time.

4.6 ACL (Access Control List)

ACL are the basic security feature that is required in any network to control the flow of traffic. Most of time our network may have servers and clients for which traffic control is required. We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality of Service), Prioritize traffic and interesting traffic for ISDN. Access Control List refers to rules that are applied to port numbers or network domain names that are available on a host or other layer 3, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.

27

CHAPTER-5 PROJECT SCENARIO

28

CHAPTER-6 DEVICES CONFIGURATION

6.1 NOIDA-BRANCH CONFIGURATION
AT SWITCH 0
Switch>enable Switch#configure terminal Switch(config)#vlan 2 Switch(config-vlan)#name sales Switch(config-vlan)#exit (Creating the vlans-sales, marketing and purchasing)

Switch(config)#vlan 3 Switch(config-vlan)#name marketing Switch(config-vlan)#exit

Switch(config)#vlan 4 Switch(config-vlan)#name purchasing Switch(config-vlan)#exit

Switch(config)#interface range f0/1 2

(Assigning the interfaces to the vlans )

Switch(config-if-range)#switchport access vlan 2 Switch(config-if-range)#exit

Switch(config)#interface range f0/3 - 4 Switch(config-if-range)#switchport access vlan 3 Switch(config-if-range)#exit

29

Switch(config)#interface range f0/5 - 6 Switch(config-if-range)#switchport access vlan 4 Switch(config-if-range)#exit

Switch(config)#interface f0/7 Switch(config-if)#switchport mode trunk Switch(config-if)#exit

(Making the interface f0/7 as the trunk port)

Similarly, on switch 1 we create the 3 VLANS with names hr, finance & marketing and make the seventh interface as trunk port.

AT ROUTER 0
Router(config)#interface s0/0 (ip add. at serial port is assigned )

Router(config-if)#ip address 192.168.0.1 255.255.255.252 Router(config-if)#clock rate 64000 Router(config-if)#no shutdown Router(config-if)#exit

Router(config)#interface f0/0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface f0/0.2 Router(config-subif)#encapsulation dot1Q 2

(now doing the inter vlaning at the router)

Router(config-subif)#ip address 10.1.2.1 255.255.255.0

30

Router(config-subif)#exit Router(config)#interface f0/0.3 Router(config-subif)#encapsulation dot1Q 3 Router(config-subif)#ip address 10.1.3.1 255.255.255.0 Router(config-subif)#exit

Router(config)#interface f0/0.4 Router(config-subif)#encapsulation dot1Q 4 Router(config-subif)#ip address 10.1.4.1 255.255.255.0 Router(config-subif)#exit

Router(config)#ip dhcp pool sales

(now doing the DHCP configuration)

Router(dhcp-config)#network 10.1.2.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.2.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit

Router(config)#ip dhcp pool marketing Router(dhcp-config)#network 10.1.3.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.3.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit

Router(config)#ip dhcp pool purchasing Router(dhcp-config)#network 10.1.4.0 255.255.255.0

31

Router(dhcp-config)#default-router 10.1.4.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit

Router(config)#ip dhcp pool hr Router(dhcp-config)#network 10.1.5.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.5.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit

Router(config)#ip dhcp pool finance Router(dhcp-config)#network 10.1.6.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.6.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit

Router(config)#ip dhcp pool machinery Router(dhcp-config)#network 10.1.7.0 255.255.255.0 Router(dhcp-config)#default-router 10.1.7.1 Router(dhcp-config)#dns-server 10.1.2.5 Router(dhcp-config)#exit Router(config)#exit Router#exit

32

AT ROUTER 1 At router 1, we again assign the ip addresses as done in router 0 previously. Here also we will do the inter-vlan and the ip-helper command will be used here to get the ip addresses automatically i.e. via DHCP configuration.

Router(config)#interface s0/0

(ip add. at serial port is assigned )

Router(config-if)#ip address 192.168.0.2 255.255.255.252 Router(config-if)#clock rate 64000 Router(config-if)#no shutdown Router(config-if)#exit

Router(config)#interface f0/0 Router(config-if)#no shutdown Router(config-if)#exit

(now doing the inter vlaning at the router)

Router(config)#interface f0/0.5 Router(config-subif)#encapsulation dot1Q 5 Router(config-subif)#ip address 10.1.5.1 255.255.255.0 Router(config-subif)#IP helper-address 192.168.0.1 (this command is used for the dhcp) Router(config-subif)#exit Router(config)#interface f0/0.6 Router(config-subif)#encapsulation dot1Q 6 Router(config-subif)#ip address 10.1.6.1 255.255.255.0 Router(config-subif)#IP helper-address 192.168.0.1 Router(config-subif)#exit

33

Router(config)#interface f0/0.7 Router(config-subif)#encapsulation dot1Q 7 Router(config-subif)#ip address 10.1.7.1 255.255.255.0 Router(config-subif)#IP helper-address 192.168.0.1 Router(config-subif)#exit

STATIC ROUTING AT THE ROUTERS: In the Noida branch we have used the static routing for the routing of data/packets. The commands used for the static routing are as follows: AT ROUTER 0 Router(config)#ip route 10.1.5.0 255.255.255.0 192.168.0.2 Router(config)#ip route 10.1.6.0 255.255.255.0 192.168.0.2 Router(config)#ip route 10.1.7.0 255.255.255.0 192.168.0.2 AT ROUTER 1 Router(config)#ip route 10.1.2.0 255.255.255.0 192.168.0.1 Router(config)#ip route 10.1.3.0 255.255.255.0 192.168.0.1 Router(config)#ip route 10.1.4.0 255.255.255.0 192.168.0.1

So, the configuration of the Noida branch is complete. The two routers in the Noida branch communicate with each other via static routing.

6.2 BANGALORE BRANCH CONFIGURATION

Here also the three vlans each are created on the switch 1 and switch 2. The seventh interface of both the switches is again made the trunk as done in the Noida branch.

34

But in the Bangalore branch for the routing purpose, we will use the EIGRP protocol rather than the static routing. The commands for the EIGRP routing are as follows: AT ROUTER 2 Router(config)#router eigrp 100 Router(config-router)#network 10.1.8.0 0.0.0.255 Router(config-router)#network 10.1.9.0 0.0.0.255 Router(config-router)#network 10.1.10.0 0.0.0.255 Router(config-router)#network 192.168.1.0 0.0.0.3 Router(config-router)#no auto-summary Router(config-router)#exit (doing the EIGRP routing)

AT ROUTER 3 Router(config)#router eigrp 100 Router(config-router)#network 10.1.11.0 0.0.0.255 Router(config-router)#network 10.1.12.0 0.0.0.255 Router(config-router)#network 10.1.13.0 0.0.0.255 Router(config-router)#network 192.168.1.0 0.0.0.3 Router(config-router)#no auto-summary Router(config-router)#exit

In the Bangalore branch also we have configured the DHCP and DNS servers as done previously. . The two routers in the Bangalore branch communicate with each other via EIGRP routing protocol.

So, the configuration of the Bangalore branch completes here!!!

35

6.3 DELHI (HEAD OFFICE) CONFIGURATION

In the head office there are three routers rather than two. The head office uses the OSPF protocol for the routing purpose. Again the switches are configured with three vlans each and the seventh interface of each switch is made trunk. The routers are assigned the ip addresses similarly as done in the other branches. This head office branch is also having DNS and DHCP servers. The inter-vlaning is done on each router in the head office. Also the ip helper command is used for dynamically acquiring the DHCP configuration. The commands used for OSPF routing in the head office are as follows: AT ROUTER 4 Router(config)#router ospf 1 Router(config-router)#network 10.1.14.0 0.0.0.255 area 0 Router(config-router)#network 10.1.15.0 0.0.0.255 area 0 Router(config-router)#network 10.1.16.0 0.0.0.255 area 0 Router(config-router)#network 192.168.2.0 0.0.0.3 area 0 Router(config-router)#exit (doing the OSPF routing)

AT ROUTER 5 Router(config)#router ospf 1 Router(config-router)#network 10.1.17.0 0.0.0.255 area 0 Router(config-router)#network 10.1.18.0 0.0.0.255 area 0 Router(config-router)#network 10.1.19.0 0.0.0.255 area 0

36

Router(config-router)#network 192.168.2.0 0.0.0.3 area 0 Router(config-router)#network 192.168.3.0 0.0.0.3 area 0 Router(config-router)#exit

AT ROUTER 6 Router(config)#router ospf 1 Router(config-router)#network 10.1.20.0 0.0.0.255 area 0 Router(config-router)#network 10.1.21.0 0.0.0.255 area 0 Router(config-router)#network 10.1.22.0 0.0.0.255 area 0 Router(config-router)#network 192.168.3.0 0.0.0.3 area 0 Router(config-router)#exit

So with this the configuration of the head office also completes!!! Note : Now, we have to connect these two branches and the head office, so that a proper communication link can be established for the purpose of communication and information exchange. This is done as follows: The WAN communication is with the help of frame relay. Cloud is used to connect Delhi Head office, Noida branch & Bangalore branch. Noida branch is connected to cloud serial port 2 having DLCI no 100,200 & AS 100. Bangalore branch is connected to cloud serial port 1 having DLCI no 101,201 & AS 200. Delhi Head-office is connected to cloud serial port 0 having DLCI no 102,202 & AS 300.
37

Now, we will do the required codings at Router1 of Noida, Router2 of Bangalore & Router4 of Delhi. AT ROUTER1 OF NOIDA: Router (config)# interface s0/1 Router (config-if)#encapsulation frame-relay Router (config-if)#frame-relay interface-dlci 100 Router (config-if)#frame-relay interface-dlci 200 Router (config-if)#ip address 20.0.0.1 255.0.0.0 Router (config-if)#clock rate 64000 Router (config-if)#no shutdown 1Router (config-if)#exit

AT ROUTER2 OF BANGALORE: Router (config)#interface s0/1 Router (config-if)#encapsulation frame-relay Router (config-if)#frame-relay interface-dlci 101 Router (config-if)#frame-relay interface-dlci 201 Router (config-if)#ip address 20.0.0.2 255.0.0.0 Router (config-if)#clock rate 64000 Router (config-if)#no shutdown Router (config-if)#exit

AT ROUTER4 OF DELHI: Router (config)#interface s0/1 Router (config-if)#encapsulation frame-relay

38

Router (config-if)#frame-relay interface-dlci 102 Router (config-if)#frame-relay interface-dlci 202 Router (config-if)#ip address 20.0.0.3 255.0.0.0 Router (config-if)#clock rate 64000 Router (config-if)#no shutdown Router (config-if)#exit

Now, DLCI 100,200,101,201,102 & 202 has names Noida 1, Noida 2, Bangalore1, Bangalore2, Delhi1 and Delhi 2 respectively. Delhi1 connect with Bangalore1, Delhi2 connect with Noida1 & Noida connect with Bangalore2. Now we apply BGP (Border Gateway Protocol) & Redistribute the networks to communicate each branch each other and finally the Enterprises Network established.

AT ROUTER1 OF NOIDA: Router(config)# router bgp 100 Router(config-if)#netwok 20.0.0.0 Router(config-if)#neighbor 20.0.0.2 remote-as 200 Router(config-if)#neighbor 20.0.0.3 remote-as 300 Router(config-if)#exit Router(config)#router bgp 100 Router(config-if)# redistribute static Router(config-if)# redistribute connected Router(config)#exit

39

AT ROUTER2 OF BANGALORE: Router(config)#router bgp 200 Router(config-if)#netwok 20.0.0.0 Router(config-if)#neighbor 20.0.0.1 remote-as 100 Router(config-if)#neighbor 20.0.0.3 remote-as 300 Router(config-if)#exit Router(config)#router bgp 200 Router(config-if)# redistribute eigrp 100 Router(config-if)#redistribute connected Router(config)#exit

AT ROUTER4 OF DELHI: Router(config)#router bgp 300 Router(config-if)#netwok 20.0.0.0 Router(config-if)#neighbor 20.0.0.2 remote-as 200 Router(config-if)#neighbor 20.0.0.1 remote-as 100 Router(config-if)#exit Router(config)#router bgp 300 Router(config-if)# redistribute ospf 1 match internal external 1 Router(config-if)#redistribute connected Router(config)#exit

Now all the branches are able to communicate with each other branch and hence enterprise is able to communicate between its head office and branches.
40

6.4 CONFIGURING SECURITY FEATURES:

6.4.1 PORT SECURITY A growing challenge for network administrators is to be able to control who is allowed and who isn't - to access the organization's internal network. This access control is mandatory for critical infrastructure protection in your network. It is not on public parts of the network where guest users should be able to connect. Port security is a Cisco feature implemented in Catalyst switches which will help network engineers in implementing network security on network boundaries. In its most basic form, the Port Security feature writes the MAC address of the device connected to the switch edge port and allows only that MAC address to be active on that port. If any other MAC address is detected on that port, port security feature shutdown the switch port. The switch can be configured to send a SNMP trap to a network monitoring solution to alert that the port is disabled for security reasons. The commands for port security are as follows: Switch(config)#interface f0/6 (configuring port security feature on pc11 of Noida)

Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address 000c.8582.0dc5 Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#exit

PORT SECURITY VERIFICATION

To verify your configuration, use the show port-security interface command:
41

Switch#show port-security interface f0/2 Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : Disabled : Secure-down : Shutdown : 0 mins : Absolute : Disabled :1 :0 :0 :0 : 0000.0000.0000:0 :0

6.4.2) CONFIGURING ENABLE PASSWORD AND SECRET

The commands to configure this are: Router(config)#enable password 12345 Router(config)#enable secret 54321 Router(config)#exit Note: enable password is stored in plain text, which could easily be seen. Enable secret is stored in the router in the encrypted form using MD5 algorithm method and so it is more secure. Enable password gets disabled after we configure enable secret.
42

6.4.3) CONFIGURING ACL (access control list)

ACL are the basic security feature that is required in any network to control the flow of traffic. Most of time our network may have servers and clients for which traffic control is required. We can also use ACL to classify the traffic. ACLs are used in features like QOS (Quality of Service), Using the ACL feature we can block any pc to communicate with other pc. The commands for configuring ACL are as follows: Router(config)#ip access-list extended 100 Router(config-ext-nacl)#deny ip host 10.1.7.3 host 10.1.14.3 Router(config-ext-nacl)#permit ip any any Router(config-ext-nacl)#exit Router(config)#interface f0/0.7 Router(config-subif)#ip access-group 100 in Router(config-subif)#exit

Using above set of commands we have stop the communication between pc10 (10.1.7.3) and pc23 (10.1.14.3).

43

CHAPTER-7 RESULT
PING TO PC
All the computers of any branch are able to communicate with each other,that is all the computers are pinging each other, and thus all the branches can now communicate and thus the purpose of the project is achieved.

44

DHCP IP CONFIGURATION
Now there is no need to configure each pc separately for its ip address. The DHCP configuration is automatically assigning the ip addresses to every pcs connected in the network In this way it reduces the workload and makes the network more effective.

45

CONCLUSION AND FUTURE SCOPE

This project entitled as ENTERPRISE NETWORK has made us learn 21st century skills such as complex problem solving and critical thinking.

To conclude one can say that CCNA training was really beneficial for me and making report for such a great training is not being written just for the sake of writing. We are crisply stating the main take away points from our work. We feel that CCNA Security Course help to meet the growing demand for network security skills. It provides the blended curriculum which provides a hands-on and carrier oriented introduction to come security concepts. The course is highly beneficial, as we feel; it helps students differentiate themselves in the marketplace. Develop students for network security carrier opportunities. It enhances specialized security skills.

BHARAT KHANEJA (3409135) SACHIN GUPTA (3409141)

46

BIBLIOGRAPHY

REFERENCES CCNA TEXTBOOK, BY DUCAT-INDIA CCNA COURSE GUIDE -By Todd Lammle Computer Hardware & Design -By Mouris Mano

WEBSITES www.google.com www.cisco.com www.scribd.com www.wikipedia.org www.faadooengineers.com

47