search the web

Wednesday, September 30, 2015

ACL-Access List

ACL-Access List
ACL is used to maintenance that which traffics should be passed on an interface and which traffics should not.  
·         Controlling of outgoing and incoming traffics on an interface.
·         Controlling of virtual terminal access (Telnet)
·         They are specified by either  name or number
·         Prior to Cisco’s IOS version 11.2, ACL could be specified only by number.
·         It is a sequential collection of permit deny criteria that are checked against IP packets
·         Wildcard Mask must me assigned
o   0 in wildcard mask means: allow
o   255 means: don’t care
Basically there are two kinds of ALCs
1.     Standard ACL
a.      The source IP address is determined for matching criteria, not destination IP Address.
b.      1-99
c.       1300 – 1999 (IOS 12.0 and above)
2.     Extended ACL
a.      Determined Source and Destination IP addresses
b.      100 – 199
c.       2000 – 2699 (IOS 12.0 and above)
Applying ACL:
They can be applied either to the:
·         Outbound interface a router
·         Inbound interface of a router
Standard ACLs within Number:
Example; create an ACL that: permit any IP address that are sourced from subnet mask 172.16.10.0 255.255.255.0
R1(config)# acces-list number Permit/deny Source_IP wildcard_mask
R1(config)# access-list 1 permit 172.16.10.0 0.0.0.255
If we determine a single IP address, it can be done in two ways:
R1(config)# access-list 1 permit 172.16.10.250 0.0.0.0
R1(config)# access-list 1 permit 172.16.10.250
R1(config-if)ip address 10.10.10.1 255.0.0.0
R1(config-if) ip access-group 1 in or out
Standard ACLs within Name:
R1(config)# ip access-list standard Test permit 172.16.10.0 0.0.0.255
ACL Remark:
IOS version 12.0(T) supports remarks (comments) and 100 characters are allowed.
R1(config)# access-list 1 remark permit only traffic from Corporate network is allowed
R1(config)# access-list 1 permit 172.16.10.0 0.0.0.255


NAT (Network Address Translation)

Router

Router

Router a device that connect different network together and it is layer three device. A router is used for WAN network.
There are three kinds of routers in Cisco’s routers
1.      Access layer
2.      Distribution layer
3.      Core layer 4600 – 60000
Many companies manufacturing router:
1.      Cisco
2.      Nortel
3.      MultiCom
4.      Cyclades
5.      Juniper
6.      Dlink
7.      Linksys
8.      3com
But Cisco is having monopoly in the market of routers.
Note:
There are fixed devices and modulator
Fixed Devices: You cannot change the interfaces or ports
Modulator: You can insert and change interfaces
Router Interfaces:
1.      LAN Interfaces
2.      WAN Interfaces
3.      Management Interfaces
a.      Console – is used for initial configuration
b.      Auxiliary interfaces – outside configuration – connect to a modem. But public IP should be assigned to the router.
Router Mode:
1.      User mode
2.      Privilege mode (show, copy, write, reload)
3.      Global Configuration mode (hosname, interface, enable secret…)
4.      Setup mode
5.      X*Boot mode ( In this mode you can recover the password if lost it)
a.      It is also called router’s maintenance mode
b.      Press the break key (console connection) for 60 sec
Routing Protocols
There is a database in router which is called Routing Table. All data are stored in this table. And there are basically two kinds of routing:
1.      Static Routing protocols
2.      Dynamic Routing Protocols
Static Routing:
·         It is used in small companies
·         It has high security
·         Better performance
·         Better management,
·         Better Monitoring and maintenance.
·         Network administrator has to have all information about protocols and routers
·         Network administrator has to set the information to all routers manually.
Static Routing Configuration
R1(config)# ip route
R1(config-rout)# ip route source_Network subnet mask Destination_Network_IP-interface
R1(config-route) ip route 192.168.1.0 255.255.255.0 172.17.1.1
R1(config-route) ip route any any subnet mask interface-IP
R1(config-route) ip route 0.0.0.0 0.0.0.0 172.17.1.1
Dynamic Routing:
It is used with big companies and large networks. And the network administrator don’t have to set information to all devices. There three kinds of dynamic routing protocol:
1.      Distance Victor: send data to near routers, like RIP 1 and IGRP
2.      Links State: Before send data to other routers. It first try have a complete image of all network, like OSPF.
3.      Hybrid
Autonomous System:
A collection networks under a common administrative domain. And it start from 0 -65535.
IGP (Interior Gate Protocol)
It operates in AS and it is used for internal communication in a company through a country like RIP, IGRP, and OSPF.
EGP (Exterior Gate Protocol)
It operates within different AS. Like ISIS, Frame Relay…
IANA: Controls all AS in the world.
NIRA (National Intent Registry of Afghanistan)
It gives AS number to Telecommunications Company. Like Roshan, AWCC, ISP. And uses IGP protocols like OSPF, RIP and…

IANA

NIRPK

AWCC

Bahador

P

Z

Y

X

To connect different AS like Afghanistan and Pakistan, we must use EGP protocol. By activating of BGP which is one EGP’s protocol we can create communications.






NIRA
      AS: 110                                                                                                             AS: 169

Roshan






       Single Autonomous - IGP                                                       Single Autonomous - IGP












Dynamic Routing Protocols: VLSM supporting or not supporting
1.      Classless Routing
2.      Classful Routing 
RIP (Routing Information Protocol)
·         Oldest protocol and public protocol. It is from IGPs
·         RIP works in AS
·         It is Distance-Victor
·         RIP updates every 30 seconds routing table by 255.255.255.255
·         It has two types: RIP v1 and V2
·         It is hop count protocol and its metric up 15 routers
·         Load balancing
·         RIP v1 is Classful routing protocols
RIP has 4 times by default:
1.      Update timer: 30 sec
2.      Invalid timer: 180
3.      Hold-down timer: 180
4.      Flush timer: 240

172.17.10.1

172.17.20.1

172.17.40.1

172.17.60.1

172.17.50.1

172.17.70.1

R1

R2

R3

SW2

SW1

SW4

SW3

SW5

SW6

172.17.30.1

172.17.80.1










The following steps are RIP protocol activation of above diagram:
R1 (config)# router rip
R1 (config)# network 172.17.30.0
R1 (config)# network 172.17.20.0
R1 (config)# network 172.17.10.0

R2 (config)# router rip
R2 (config)# network 172.17.10.0
R2 (config)# network 172.17.80.0
R2 (config)# network 172.17.70.0
R2 (config)# network 172.17.40.0

R3 (config)# router rip
R3 (config)# network 172.17.40.0
R3 (config)# network 172.17.50.0
R3 (config)# network 172.17.60.0
Now all devices can communicate to each other because they are routed. Now if they want to communicate, they check their routing table.
IGRP (Interior Gateway Routing Protocol)
1.      Created by Cisco in 1980
2.      Used in large network
3.      Using one AS
4.      Sending information to other routers every 90 seconds
5.      Uses different times
a.      Update timer
b.      Invalid timer
c.       Hold down timer
d.      Flush timer
6.      Its configuration same as RIP plus AS number
7.      New routers don’t support IGRP

IGRP Configuration:
R1(config)# router IGRP 102
R1(config-router)# network 172.17.30.0
R1(config-router)# network 192.168.1.0
EIGRP (Enhanced Interior Routing Protocol)
1.      Works in AS
2.      Lager networks
3.      Must have AS number From ISP or MCIT
4.      Works with any topology and media
5.      High speed
6.      Taking backup and saving in topology table
7.      It has three table
a.      Neighboring Table
b.      Topology Table
c.       Xxxx
8.      Its configuration is like IGRP
OSPF (Open Shortest Path First)
1.      It is also IGP protocol
2.      It is link-state victor protocol
3.      It has two area for its configuration
a.      Single area
b.      Multi area
4.      It was created in 1988 by IETF
5.      It advertises its info every 30 seconds
6.      Wild card mask is used in its configuration
OSFP Configuriation Steps:
R1(conf)# router ospf AS_number
R1(conf-router)# network network_range wildcard mask area 0
R1(conf-router)# network 192.168.0.0 0.0.255.255 area 0
R1(conf-router)# network 172.17.1.0 0.0.0.255 area 0
R1(conf-router)# network 10.0.0.0 0.255.255.255 area 0

Some other commands for OSPF
·         Show ip route
·         Show ip protocols
·         Show ip ospf neighbor


·         Show ip ospf interface