Protect

Configure Passwords to Secure Cisco Router

How to password protect Console Port

To configure the console password, follow these steps.

Router(config)# line console 0
Router(config-line)# password CISCO
Router(config-line)# login
Router(config-line#Ctrl-Z
Router#

How to password protect Auxilary (AUX Port) Port

To configure the auxilary password, follow these steps.

Router#config t
Router(config)#line aux 0
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)# Ctrl-Z
Router#

How to password protect VTY Ports (Telnet Ports)

Configuring the VTY password is very similar to doing the Console and Aux ones. The only difference is that there are 5 VTY virtual ports, which are named 0, 1, 2, 3, and 4. You can use the shortcut 0 4 (a zero, a space, and 4) to set all 5 passwords at the same time. To configure the VTY password, follow these steps.

Router#config t
Router(config)#line vty 0 4
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)# Ctrl-Z
Router#

How to password protect Privileged Mode

The Enable Password is the old form of the password for “Privileged Mode”. Here the password is stored un-encrypted.

Router#config t
Router(config)#enable password cisco
Router(config-line)# Ctrl-Z
Router#

Enable Secret provides better security since password is kept encrypted using irreversible encryption algorithm.

Router#config t
Router(config)#enable secret cisco
Router(config-line)# Ctrl-Z
Router#

 Posted By – RamCruiseWalker

Lession

Collision Domain and Broadcast Domain

Collision Domain

                                                A term collision is described as an event that usually happens on an Ethernet network when we use a “Shared Media” to connect the devices in an Ethenrnet network. A “Shared Media” is a type of connecting media which is used to connect different network devices, where every device share the same media. Example: 1) Ethernet Hubs, 2) Bus Topology

In a “Shared Media” there are no separate channels for sending and recieving the data signals, but only one channel to send and recieve the data signals.

We call the media as shared media when the devices are connected together using Bus topology, or by using anEthernet Hub. Both are half-duplex, means that the devices can Send OR Recieve data signals at same time. Sending and recieving data signals at same time is not supported.

Collisions will happen in an Ethernet Network when two devices simultaneously try to send data on the Shared Media, since Shared Media is half-duplex and sending and recieving is not supported at same time. Please refer CSMA/CD to learn how Ethernet avoid Collision.

Collisions are a normal part of life in an Ethernet network when Ethernet operates in Half-duplex and under most circumstances should not be considered as a problem.

A Collision Domain is any network segment in which collisions can happen (usually in Ethernet networks). In other words, a Collision Domain consists of all the devices connected using a Shared Media (Bus Topolgy or usingEthernet Hubs) where a Collision can happen between any device at any time.

Collision Domain

For Example, if “Computer A” send a data signal to “Computer X” and “Computer B” send a data signal to “Computer Y”, at same instance, a Collision will happen.

As the number of devices in a collision domain increases, chances of collisions are also more. If there is more traffic in a collision domain, the chances of collisions are also more. More collisions will normally happen with a large number of network devices in a Collision domain.

Increased collisions will result in low quality network where hosts spending more and more time for packet retransmission and packet processing. Usually switches are used to segment (divide) a big Collision domain to many small collision domains. Each port of an Ethernet Switch is operating in a separate Collision domain.

In other words, Collision cannot happen between two devices which are connected to different ports of a Switch.

No need to worry much about collision and related network problems now because we are not using Network Hubs to connect our devices. Ethernet Network Hubs are replaced with Ethernet Network Switches long way back.

Broadcast Domain

                                             Broadcast is a type of communication, where the sending device send a single copy of data and that copy of data will be delivered to every device in the network segment. Brodcast is a required type of communication and we cannot avoid Broadcasts, because many protocols (Example: ARP and DHCP) and applications are dependent on Broadcast to function.

A Broadcast Domain consists of all the devices that will receive any broadcast packet originating from any device within the network segment.

          In above picture, “Computer A” is sending a broadcast and switch will forward it to every ports and all the switchs will get a copy of broadcast packet. Every switch will flood the broadcast packet to all the ports. Router also will get a copy of broadcast packet, but the Router will not forward the packet to the next network segment.

As the number of devices in the Broadcast Domain increases, number of Broadcasts also increases and the quality of the network will come down because of the following reasons.

1) Decrease in available Bandwidth: Large number of Broadcasts will reduce the available bandwidth of network links for normal traffic because the broadcast traffic is forwarded to all the ports in a switch.

2) Decrease in processing power of computers: Since the computers need to process all the broadcast packets it recieve, a portion of the computer CPU power is spent on processing the broadcast packets. Normally a Broadcast packet is relevent to a particular computer and for other computers that broadcast packet is irrelevant (For example, DHCPDISCOVER message is relevent only for a DHCP Server. For other computers DHCPDISCOVER is irrelevant and they will drop the packet after processing). This will reduce the processing power of computers in a Broadcast domain.

By design, Routers will not allow broadcasts from one of its connected network segment to cross the router and reach another network segment. The primary function of a Router is to segment (divide) a big broadcast domain in to multiple smaller broadcast domains.

Posted By – RamCruiseWalker

IPv4 Addressing

Addressing of IPv4

Overview

                                     In the previous chapter, we looked at the network layer and its involvement in communication. in this chapter, we will look at ipv4 addressing. This is one of the most important concepts in networking and will be critical in your overall success in networking. Understanding this chapter is critical to the rest of your studies.

                                    Internet Protocol version 4 (IPv4) is the fourth version in the development of the Internet Protocol (IP) and the first version of the protocol to be widely deployed. IPv4 is described in IETF publication RFC 791 (September 1981), replacing an earlier definition (RFC 760, January 1980).

IP – Internet Protocol

  • IP has two types
                                                                1. Internet Protocol Version –  4
2. Internet Protocol Version  – 6

It is a Connection less Protocol

IP Address : Numbers are Seprated By Dot

Ex:

IP Address : 192.168.100. 101

Every IPv4 is consist of Four Octet

octet means group of eight bit

ip_addressing

Every IP has Two Information field

  1.  Network Field

  2.  Host Field

IP Address has 5 classes :

  • Class A  =  1     – 126
  • Class B  =  128 – 191
  • Class C  =  192 – 223
  • Class D  =  224 – 239
  • Class E  =  240 – 255

Class Of IP Address decided by First Octet

CCNA would be only deciding with Class A,B,C

Class D is used for Multi-cast

Class E is Reserved For Experimental  Purpose

More Than 255 decimal number is Invalid Ip

Addressing Classes – IPv4

The first octet referred here is the left most of all. The octets numbered as follows depicting dotted decimal notation of IP Address:

ip_decimal_notation

The number of networks and the number of hosts per class can be derived by this Formula:

number_of_networks

When calculating hosts’ IP addresses, 2 IP addresses are decreased because they cannot be assigned to hosts, i.e. the first IP of a network is network number and the last IP is reserved for Broadcast IP.

Class A Addressig

1 –  Network field 

3 – Host Field

Ex :  100.208.111.225                                    ( 1- 126 = class A)

The first bit of the first octet is always set to 0 (zero). Thus the first octet ranges from 1 – 127, i.e.

Class A Addresses

Class A addresses only include IP starting from 1.x.x.x to 126.x.x.x only. The IP range 127.x.x.x is reserved for loopback IP addresses.

The default subnet mask for Class A IP address is 255.0.0.0 which implies that Class A addressing can have 126 networks (27-2) and 16777214 hosts (224-2).

Class A IP address format is thus:   0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH

Class B Addressing

2 – Network Field

2 – Host Field

Ex : 172.123.100 225                                  ( 128 – 191 = Class B)

An IP address which belongs to class B has the first two bits in the first octet set to 10, i.e.

Class B Addresses

Class B IP Addresses range from 128.0.x.x to 191.255.x.x. The default subnet mask for Class B is 255.255.x.x.

Class B has 16384 (214) Network addresses and 65534 (216-2) Host addresses.

Class B IP address format is: 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH

Class C Addressing

3 – Network field

1 – Host Field

Ex : 192.168.100.1                                            (192 – 223 = Class A)

The first octet of Class C IP address has its first 3 bits set to 110, that is:

Class C Addresses

Class C IP addresses range from 192.0.0.x to 223.255.255.x. The default subnet mask for Class C is 255.255.255.x.

Class C gives 2097152 (221) Network addresses and 254 (28-2) Host addresses.

Class C IP address format is: 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH

Class D Address

Very first four bits of the first octet in Class D IP addresses are set to 1110, giving a range of:

Class D Addresses

Class D has IP address rage from 224.0.0.0 to 239.255.255.255. Class D is reserved for Multicasting. In multicasting data is not destined for a particular host, that is why there is no need to extract host address from the IP address, and Class D does not have any subnet mask.

Class E Address

This IP Class is reserved for experimental purposes only for R&D or Study. IP addresses in this class ranges from 240.0.0.0 to 255.255.255.254. Like Class D, this class too is not equipped with any subnet mask.

Posted By RamCruiseWalker

 

 

Communicate With Router

Communicate With Router

Communicate with a Router using Console, Auxiliary, Telnet, SSH, HTTP and HTTPS connections

                            Routers are special computers built to handle internetwork traffic. Routers are very important network infrastructure devices and they serve many users at same time. The end users ho not communicate with the routers, but the network traffic generated by the end users communicate through the router.

                      There are no input devices for router like a monitor, a keyboard, or a mouse. An administrator can choose any of the following methods to communicate with the router.

Connection by using Console Port:

                            By connecting the router’s console port to a workstation through a console cable. The console port is the management port which is used by administrators to log into a router directly-that without using a network connection. You require a terminal emulator application like Hyperterminal or PuTTY to connect to router. Console port connection is a way to connect to the router when a router cannot be accessed over the network.  

Connection by using Auxiliary Port (AUX Port):

                         By using a remote computer through a modem that calls another modem connected to the router with a cable using the Auxiliary Port on the router. Auxiliary Port (AUX Port) allows a direct, non-network connection to the router, from a remote location. The Auxiliary Port (AUX Port) uses a connector type to which modems can plug into, which allows an administrator from a remote location to access the router like a console port.

Connection by using protocols like telnet, SSH, HTTP or HTTPS:

                          The routers can be managed over the network by using standard TCP/IP protocols like Telnet, SSH, HTTP or HTTPS. Telnet was developed in the early days of the UNIX operating system to manage computers remotely. A Telnet client and server application ships with Cisco’s IOS software and most computer operating systems. SSH is a more secure way to configure routers, since the SSH communication is encrypted. Cisco IOS also has a HTTP server to managed web based communication with the router.
Posted By – RamCruiseWalker