Wednesday 6 March 2019
ACL in Router(Access Control List)
ACL (Access Control List)
ACL is use for to set additional level of security into the router.
ACL is a security that set-in router port
ACL are of two type in router
a.
Permit
b.
Deny
c.
Both statements
must be set in Router.
If Permit
or Deny use in any network use wild card mask (opposite of subnet mask)
ACL are of
two type
a.
Standard ACL from (1-99)
b.
Extended ACL
from (99-1999)
Standard ACL
Standard ACL
is used for source but apply in destination
Its Range
is 1-99
ACL is applying
in router interface port. Packet transfer port is 2 type
A.
Incoming
B.
Outgoing
ACL is set
in incoming and outgoing port of router
How to configure
First Diagram
Basic Configuration And clock rate
Go to first router in cli mode and type
No
Router>en
Router#conf t
Router(config)#int s0/0
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
No
Router>en
Router#conf t
Router(config)#int s0/0
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Go to second router in cli mode
No
Router>en
Router#conf t
Router(config)#int s0/0
Router(config-if)#ip address 192.168.30.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#exit
Go to second router in cli mode
No
Router>en
Router#conf t
Router(config)#int s0/0
Router(config-if)#ip address 192.168.30.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ip address 192.168.20.1 255.255.255.0
Router(config-if)#no shutRouter(config-if)#exit
Now Routing With RIP
In Router first
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.30.0
Router(config-router)#exit
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.30.0
Router(config-router)#exit
In Router Second
Router(config)#router rip
Router(config-router)#network 192.168.30.0
Router(config-router)#network 192.168.40.0
Router(config-router)#network 192.168.50.0
Router(config-router)#exit
Now Use Access-list
First make access list
Access list make in all opposite router
for example in these case
Deny IP is in Router 2 so go to first router and Type command
Access-list space (no. between 1-99) space deny or allow space host space ip
Go to router First
Router(config)#access-list 10 deny host 192.168.40.1 → For deny one I.P.
Router(config)#access-list 10 permit any → For allow all network
Now add in port of Router
In these condition go to incoming port
Router(config)#int s0/0
Router(config-if)#ip access-group 10 in
Router(config-if)#exit
Now Testing
Go to router First and ping all ip of router second
192.168.40.1 ------ Deny
and all other(192.168.1.50.1, 40.1, 30.1) ---- allow
As shown in picture
Extended ACL
Extended ACL to permit or deny ip address or port, it is also apply in destination port
PRACTICAL
DIAGRAM
Wednesday 27 February 2019
OSPF(Open Short Path First) Routing with IPV6
OSPF(Open Short Path First) Routing with IPV6
For ipv4 Routing or for more details → click here
Diagram
Router 2811 and switch 2950T
Basic Configuration,clock rate and bandwidth
Go to First RouterRouter>en
Router#conf t
Router(config)#int s0/0/0
Router(config-if)#ipv6 address 2002::1/64
Router(config-if)#no shut
Router(config-if)#clock rate 64000
Router(config-if)#bandwidth 1000
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 address 2001::1/64
Router(config-if)#no shut
Go to second Router
Router>en
Router#conf t
Router(config)#int s0/0/0
Router(config-if)#ipv6 address 2002::2/64
Router(config-if)#no shut
Router(config-if)#bandwidth 1000
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 address 2003::1/64
Router(config-if)#no shut
Now Routing
1. in routing use Product ID (10) which is similar in all router
2. router-id which is different in all router.
in first router we use 1.1.1.1
in second router use 2.2.2.2
3. In ospf also use area no. area 0 is backbone of network.
NOW
Go to first router
First create group
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router osfp 10
Router(config-rtr)#router-id 1.1.1.1
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#int s0/0/0
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Router(config)#ipv6 router osfp 10
Router(config-rtr)#router-id 1.1.1.1
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#int s0/0/0
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Now go to second router
Same as router first
or
First create group
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router osfp 10
Router(config-rtr)#router-id 2.2.2.2
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#ipv6 router osfp 10
Router(config-rtr)#router-id 2.2.2.2
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#int s0/0/0
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 ospf 10 area 0
Router(config-if)#exit
Now checking
Send packet from one router to another router. or ping all ip
------------------END----------------------
------------------END----------------------
IPV6-EIGRP ROUTING
IPV6-EIGRP ROUTING
in ipv4 routing or more details → click here
Diagram
Router 2811 and switch 2950T
Basic Configuration,clock rate and bandwidth
Go to First RouterRouter>en
Router#conf t
Router(config)#int s0/0/0
Router(config-if)#ipv6 address 2002::1/64
Router(config-if)#no shut
Router(config-if)#clock rate 64000
Router(config-if)#bandwidth 1000
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 address 2001::1/64
Router(config-if)#no shut
Go to second Router
Router>en
Router#conf t
Router(config)#int s0/0/0
Router(config-if)#ipv6 address 2002::2/64
Router(config-if)#no shut
Router(config-if)#bandwidth 1000
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 address 2003::1/64
Router(config-if)#no shut
Now Routing
in routing use autonomous no. (10) which is similar in all router
and router-id which is different in all router.
in first router we use 1.1.1.1
in second router use 2.2.2.2.
NOW
Go to first router
First create group
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router eigrp 10
Router(config-rtr)#eigrp router-id 1.1.1.1
Router(config-rtr)#no shut
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#int s0/0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Now to second Router
Same as First router
or
Router(config)#ipv6 router eigrp 10
Router(config-rtr)#eigrp router-id 1.1.1.1
Router(config-rtr)#no shut
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#int s0/0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Now to second Router
Same as First router
or
First create group
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router eigrp 10
Router(config-rtr)#eigrp router-id 2.2.2.2
Router(config-rtr)#no shut
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#int s0/0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Router(config)#ipv6 router eigrp 10
Router(config-rtr)#eigrp router-id 2.2.2.2
Router(config-rtr)#no shut
Router(config-rtr)#exit
Now add port's of router in group
Router(config)#int s0/0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#ipv6 eigrp 10
Router(config-if)#exit
Now checking
Send packet from one router to another router. or ping all ip
------------------END----------------------
Monday 25 February 2019
RIP Protocol By IPV6 Configuration
RIP Protocol By IPV6 Configuration
For intro RIP → chick here
Basic Configuration,Bandwidth And Clock Rate
First router(2811) and add port(WIC-2T) and According to Following Diagram
Go to First Router
Router#conf t
Router(config)#ipv6 unicast-routing
Router(config)#int s0/0/0
Router(config-if)#ipv6 address 2002::1/64
Router(config-if)#cl rate 64000
Router(config-if)#bandwidth 1000
Router(config-if)#no shut
Router(config)#int f0/0
Router(config-if)#ipv6 address 2000::1/64
Router(config-if)#no shut
Go to second Router
Router#conf t
Router(config)#ipv6 unicast-routing
Router(config)#int s0/0/0
Router(config-if)#ipv6 address 2002::2/64
Router(config-if)#bandwidth 1000
Router(config-if)#no shut
Router(config)#int f0/0
Router(config-if)#ipv6 address 2001::1/64
Router(config-if)#no shut
Now Routing
First Create a group of same name in all router and add serial and fast ethernet port in these group.
Go to First router
Router(config)#ipv6 router rip iant → these command is used for to create group
Router(config-rtr)#exit
Router(config)#int s0/0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Router(config)#
Router(config)#int f0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Same as Router Second
Router(config)#ipv6 router rip iant → these command is used for to create group
Router(config-rtr)#exit
Router(config)#int s0/0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Router(config)#
Router(config)#int f0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Now testing
sending packet form one network to another network and check successful sms
or ping form one router to all IP as shown in Diagram.
------------------END---------------------
Router(config-rtr)#exit
Router(config)#int s0/0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Router(config)#
Router(config)#int f0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Same as Router Second
Router(config)#ipv6 router rip iant → these command is used for to create group
Router(config-rtr)#exit
Router(config)#int s0/0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Router(config)#
Router(config)#int f0/0
Router(config-if)#ipv6 rip iant enable → These command is used for to add these port in group.
Router(config-if)#exit
Now testing
sending packet form one network to another network and check successful sms
or ping form one router to all IP as shown in Diagram.
------------------END---------------------
Tuesday 19 February 2019
Frame Relay
WAN
Router#conf t
Router(config)#int s0/0/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay interface-dlci 100
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#ex
Router(config)#int f0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shut
Router#conf t
Router(config)#int s0/0/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay interface-dlci 110
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#ip address 192.168.30.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#ex
Router(config)#int f0/0
Router(config-if)#ip address 192.168.20.1 255.255.255.0
Router(config-if)#no shut
1.
Wan Network connect two or more. LAN network
2.
To create WAN network There are three type of
line/cables.
a. DSL
b. Leased
line/serial line/dedicated line
c. Frame
Relay---à under
100KM
DSL (Digital
Subscriber line): -
1.
DSL line is used to transmit digit data our telephone
line.
2.
DSL provide by telecom company
3.
DSL line generally use to connect public network
Leased Line: -
1. It is also
called serial line or dedicated line
2. It is use
for to connected private network
3. It is 20/7
heavy data transfer media
4. These lines
provide by telecom company (ISP)
5. In these
lines there are two protocols are used to help in traffic.
a. PPP (point
to point protocol)
b. HDLC (High
level Data link control protocol)
c. PAP (Password
Authentication Protocol) for protect data
Frame Relay
1. It is
called Packet Switching Technology
2. Frame Relay
work on packet Switching Technology
3. Frame Relay
is less expensive than leased line
4. It is
providing point to point connection
5. It connects
max 4 network
6. It is shown
as a cloud
7. To
configure frame relay use DLCI no. (Data line connection identifier)
8. DLCI no. is
main part of frame relay
9. DLCI no.
given by service provider
Now configure Frame Relay
first Daigram
Basic configuration
Router 2811 and switch 2950-TGo to first router
Router>enRouter#conf t
Router(config)#int s0/0/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay interface-dlci 100
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#ex
Router(config)#int f0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shut
Now go to second router
Router>enRouter#conf t
Router(config)#int s0/0/0
Router(config-if)#encapsulation frame-relay
Router(config-if)#frame-relay interface-dlci 110
Router(config-if)#frame-relay lmi-type cisco
Router(config-if)#ip address 192.168.30.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#ex
Router(config)#int f0/0
Router(config-if)#ip address 192.168.20.1 255.255.255.0
Router(config-if)#no shut
Now configure Frame relay
Open cloud and go to serial 0 and follow figure
now go to serial 1
Now to frame relay and Pair port's
Now routing
Go to first router
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.30.0
Router(config-router)#exit
Go to second router
Router(config)#router rip
Router(config-router)#network 192.168.20.0
Router(config-router)#network 192.168.30.0
Router(config-router)#exit
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.30.0
Router(config-router)#exit
Go to second router
Router(config)#router rip
Router(config-router)#network 192.168.20.0
Router(config-router)#network 192.168.30.0
Router(config-router)#exit
Now testing
send packet from one network to another router
Monday 18 February 2019
Inter Vlan Configuration
Intervlan
1. Intervlan is used for to
create virtual network in two different ip network.
2. In intervlan ise
dot1q protocol.
3. dot1q protocol is
create the sub interface and divide the virtual local area network.
Diagram
Basic Configuraation:-
Go to first router
Router#conf t
Router(config)#int s0/0
Router(config-if)#ip ad
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#cl rate 64000
Router(config-if)#exit
Router(config)#int f0/0
Router(config-if)#no shut
Router(config-if)#exit
Now create sub-network
Router(config)#int f0/0.1
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#exit
Router(config)#int f0/0.2
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.6.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#exit
Router(config)#int f0/0.3
Router(config-subif)#encapsulation dot1Q 30
Router(config-subif)#ip address 192.168.5.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#exit
Go to second router
Router>en
Router#conf t
Router(config)#int s0/0
Router(config-if)#ip address 192.168.30.2 255.255.255.0
Router(config-if)#no shut
Router(config)#int f0/0
Router(config-if)#no shut
Router(config-if)#exit
Now create sub-network
Router(config)#int f0/0.1
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#exit
Router(config)#int f0/0.2
Router(config-subif)#encapsulation dot1Q 10
Router(config-subif)#ip address 192.168.6.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#exit
Router(config)#int f0/0.3
Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#ip address 192.168.5.1 255.255.255.0
Router(config-subif)#no shut
Router(config-subif)#exit
Now Switching
go to router first switch
Switch>en
Switch#conf t
Switch(config)#vlan 10
Switch(config-vlan)#name abc
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name xyz
Switch(config-vlan)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config-if)#int f0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config)#int f0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
go to seconf router switch
Same as above switch
or
Switch>en
Switch#conf t
Switch(config)#vlan 10
Switch(config-vlan)#name abc
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name xyz
Switch(config-vlan)#exit
Switch(config)#int f0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config-if)#int f0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Switch(config)#int f0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit
Now routing with rip
Go to first router
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.30.0
Router(config-router)#network 192.168.5.0
Router(config-router)#network 192.168.6.0
Go to Second router
Router(config)#router rip
Router(config-router)#network 192.168.20.0
Router(config-router)#network 192.168.30.0
Router(config-router)#network 192.168.5.0
Router(config-router)#network 192.168.6.0
Now give ip to all pc's according to above diagram
Testing
Send packet from all pc. vlan 10 not send able to send packet to vlan 20 in both network so it's fail.
and also vlan 20 pc's not send packet to vlan 10 pc's so it also fail
only same vlan's send packet to each other and they are successfull.
as shown in the figure.
Subscribe to:
Posts
(
Atom
)
