Here, I show how to configure networks by building the required networks and simulate packet interchange as required by the given tasks below.
1. Subnetworks, Switches, Hubs.
1.1 Create three subnetworks: several PCs connected to a switch, the switch is connected to one of the router's ports (subnet 1); several PCs connected to a hub, the hub is connected to one of another router's ports (subnet 2); routers from subnet 1 and 2 connected through other available ports (subnet 3). Choose the connection interface for subnet 3 yourself.
1.1 Create three subnetworks: several PCs connected to a switch, the switch is connected to one of the router's ports (subnet 1); several PCs connected to a hub, the hub is connected to one of another router's ports (subnet 2); routers from subnet 1 and 2 connected through other available ports (subnet 3). Choose the connection interface for subnet 3 yourself.
Built a network according to the giving instructions; below shows
the network scheme, the green dot on the connections shows that
the devices are connected to the network:
 |
| Figure 1 |
1.2.1 subnet 1 does not allow the connection of more than 5 end devices (e.g., PCs),
1.2.2 subnet 2 can have at most (choose a number from the following: 64, 128, 512, 1024, 2048) possible addresses,
1.2.3 subnets 1, 2 and 3 all have different network addresses.
➢ NB! For this task you can assume both classful and classless network addressing architectures. In either case, the calculation and specification of IP addresses and subnet masks should be explained.
Solution:
For Subnet 1 in task 1.2.1
According to the question that the subnet 1 should be networked as not to allow the connection of more than 5 end devices. In figure 1 the subnet 1 is already connected with two desktop computers, now these devices are four in numbers and therefore subnet 1 is only possible to accept 2 more connection of device and nothing more. I have used 255.255.255.248 as the subnet mask since I need 6 host IPs together with a mask of 8 IPs. Also, I had assigned 192.168.1.1 as the default gateway IP address, whereas the Network ID and the broadcast ID range from 192.168.1.0 to 192.168.1.7.
For Subnet 2 in task 1.2.2
In this subnet, I chose 64 addresses and my calculation was based on subtracting 64 from 256 which gives 192. Therefore I had considered the subnet mask address for this as 255.255.255.192. The possible IP address that will be usable in this case range from 192.168.2.0 to 192.168.2.63 meanwhile the 192.168.2.0 will represent the Network address and broadcast address will be 192.168.2.63.
For question 1.2.3
From figure 1, I have assigned a different network address to each subnet.
For subnet 3
1.3 Answer the following questions:
- What happens if a sixth PC is connected to subnet 1? What does not allow the connection to be established?
Solution:
The network is configured to accept 6 devices. One device is a router and other 5 devices are PCs.The reason is that there is no free IP-address for the 6th PC in this subnet. Any other valid IP-address will be outside the subnet, so direct communication with this subnet won't be possible.
- How many addresses of subnet 2 can be used as actual host addresses (depending on your chosen number)?
Solution:
- Is it possible to limit the number of connections of subnet 3 to only the one between the two routers?
Since there are only two IP addresses for hosts in this case, it is possible and in my case, the subnet I used here is 255.255.255.252
- What are the address ranges of subnets 1, 2 and 3? This means, what is the lowest and highest possible address for any of the subnets?
The address ranges of subnet 1 are from lowest 192.168.1.0 the network ID to the highest 192.168.1.7 representing the broadcast address.
The address ranges of subnet 2 are from lowest 192.168.2.0 represents the network ID to the highest 192.168.2.63 that represents the Broadcast address.
The address ranges of subnet 3 are from lowest 11.0.0.0 that represents the network address to highest 11.0.0.3 that represents the broadcast address.
1.4 Send a PDU from a PC in subnet 1 to a PC in subnet 2. Analyze the PDU headers at each intermediate network node (in Simulation mode) and explain the following:
Subnet 1 Subnet 3 Subnet 2
 |
| Figure 2 |
Solution:
Internet protocol address is used in this case to allow the communication process of PDU.
The possibility of sending is from the second level of OSI which is the Data Link level. I sent PDU from Desktop PC1 to Laptop0 and since the Laptop0 is not in the same network with Desktop PC1, therefore, the message passes from Desktop PC1 through the switch and from this to the default gateway which in this case is the router 0. The router 0, in this case, locate its route connection to subnet 2 through another router, in this case, the router 1.
Router 1, therefore, gets PDU with necessary IP and passes it to the hub. And since the hub are connected with devices, it, therefore, sends PDU data to each host located within the subnet 2. In addition to the functionality of the hub, data transmission occurs at the physical layer of the OSI model.
• At what layer of the OSI model are these operations performed on each node?
Solution:
In hub data exchange between connected hosts occurs mostly at first level of the OSI which is the physical layer.
Inter-data across subnets occurs at the 3rd level of the OSI model which is the Network layer.
• What causes the collision?
2.1 Create a network corresponding to the left side of the diagram (confined in the box). Several PCs and a server are connected to one of the router’s ports through a switch. Configure the server to provide DHCP service to this subnetwork – after server configuring all the nodes in the subnetwork must obtain dynamic IP addresses from the DHCP server. Demonstrate how the addresses are assigned.
Data transmit within the same network happens at the 2nd layer of the OSI model which is the data link layer.
• How is the PDU transferred from one subnetwork to the other? Specifically, what happens on the router?
Solution:
PDU transferred was possible from one subnet to another subnet(s) through sending of data across default gateway; the default gateway makes use of router which based on the configuration checks to which destination the data should be sent to. The process of sending the data is according to the logical connection of the network in figure 1.
For example sending data from PC1 transmit from the devices through the switch to the router 0, and passes it to router1 which receives the PDU with the host IP and transfers it to the hub which then transfers the PDU further to each host in subnet 2.
The routers here serve as default gateways that check for destination routes, i.e. to which destination data should be sent to and passes on according to the route validation.
1.5. In Simulation mode create a scenario, which results in a packet collision either in subnet 1 or subnet 2. Explain the following:
 |
| Figure 3: Collision view |
• What causes the collision?
The reason for the collision here was because hub has a collision domain, which then permits the sending of data from one host to several hosts in a network at the same time. Therefore multiple data sending at the same time leads to a collision.
• How can this type of collision be avoided? Can it be done by reconfiguring the devices or the use of different hardware is required?
Solution:
In other to avoid this type of collision switch should be considered instead of hub, the reason is that switch doesn’t send data to every host in the network instead it sends a broadcast message.
• Explain the differences between a switch and a hub. Is it wise to connect a large number of devices to a switch or to a hub? In what situation is a switch advantageous and when is a hub?
Solution:
Switch doesn’t send data to everyone in a network at the same time but hub does.
When a frame arrives at the switch the switch examines the destination mac address of the frame and forward the frame out of it port and connected to the device that has the mac address. This is different from how hub behaves by sending all frames to everyone in the network
Switch operates in the data link layer, which means that it operates at layer 2 of the OSI model, meanwhile, Hub operates in the Physical layer.
Switch is an intelligent device and is more secure while hub is a non-intelligent device.
Hub can be advantageous when considering cheaper devices to use in a network but less secure than switch.
2. DHCP, DNS, NAT, Firewall
 |
| Figure 4 |
Solution:
Below I created a network figure 4.1 shows which correspond to the left side of figure 4 as instructed:
The configuration of the DHCP server figure 5, follows:
According to task 2.1, it must be shown how the nodes within this subnet get their IP, after the configuration of the DHCP Server, The two diagram below name figure6 and figure 7 show how the two PC’s connected to this network dynamically received their IP right after the configuration of the DHCP server.
Below I created a network figure 4.1 shows which correspond to the left side of figure 4 as instructed:
 |
| Figure 4.1: DHCP server configuration |
 |
| Figure 5 DHCP Server Configuration |
According to task 2.1, it must be shown how the nodes within this subnet get their IP, after the configuration of the DHCP Server, The two diagram below name figure6 and figure 7 show how the two PC’s connected to this network dynamically received their IP right after the configuration of the DHCP server.
It should be noted that, during the configuration of the server, I had assigned IP address for the DHCP server to be 192.168.1.2 since the default gateway address was assigned to be 192.168.1.1 right in the Router1, therefore the starting point of IP addresses that could be shared within the network starts from 192.168.1.3, and this first possible IP was assigned to PC1 and 192.168.1.4 was dynamically allocated to PC0.
2.2 Remove the DHCP server from the subnetwork and configure DHCP on the router. Demonstrate how the IP addresses are assigned by DHCP on the router.
• In what situation is a separate DHCP server typically used and when it is better to just configure the LAN DHCP on a router?
 |
| Figure 6: PC0 Dynamic IP address obtained from DHCP Server |
 |
| Figure 7: PC1 Dynamic IP address obtained from DHCP Server |
2.2 Remove the DHCP server from the subnetwork and configure DHCP on the router. Demonstrate how the IP addresses are assigned by DHCP on the router.
• In what situation is a separate DHCP server typically used and when it is better to just configure the LAN DHCP on a router?
Solution:
As the name specified, here I have to configure the router so that the PC’s connected to it can dynamically receive IP address, in this case, the DHCP Server must be cut off from the network.
I started by enabling the Router, which immediately after that I started the configuration of the router, from config I route it down to DHCP-config since I need the router, in this case, to be able to assign an IP address to the nodes connected directly to it.
I defined the network address and the sub-mask address of this network right after that I specified that the default network address for the router is 192.168.1.1, which must only serve as the router IP address within that network, I also used the command “Ip DHCP excluded-address” and the address we have to exclude in this case is the default IP address that must not be reused within pool Homework2.2 as an assigned IP address to other nodes, this of course will not allow conflict to occur within the network because the default IP is excluded.
Below shows the commands used for this demonstration:
Router>
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip dhcp pool Homework2.2
Router(dhcp-config)#net 192.168.1.0 255.255.255.0
Router(dhcp-config)#default 192.168.1.1
Router(dhcp-config)#dns-server 192.168.2.3
Router(dhcp-config)#ip dhcp excluded-address 192.168.1.1
Router(config)#ex
Router#
%SYS-5-CONFIG_I: Configured from console by console
Router#wr
Building configuration...
[OK]
After the configuration, dynamic IP addresses have been supplied to both PC0 and PC1 as shown in the below images (figure 8 and figure 9).
 |
| Figure 8: PC0 Dynamic IP assigned from router |
 |
| Figure 9: PC1 dynamic IP assigned from the router |
 |
| Figure 10: Network without host restriction |
2.4 On one of the servers create a simple HTTP webpage (be creative;). This server will be the HTTP server. Demonstrate that the webpage can be opened by a PC from the left subnet. Now, configure the other server to be the DNS server, i.e., it must convert the numeric identifier of the webpage (IP address) to a text-based identifier (webpage name). For the webpage identifier, choose www.yourname.org, where yourname is your name. Demonstrate that the webpage is opened from a PC’s browser by its domain text name.
solution:
I created a simple HTTP webpage through the HTTP server right under the tab named “services” I have chosen HTTP and edit the index.html for customization purpose.
 |
Figure 11: HTTP configuration and index.html
|
 |
| Figure 12: Assignment of text-based name to 192.168.2.2 in DNS Server |
What actually happened in Figure 12, was that I opened the DNS Server, which has an IP 192.168.2.3. There I navigated to “services” and next to the DNS, where I was able to assign the text-based identifier in “name” field and I use the “address” textbox to input the address of the website and click add button to add the details. Therefore, it is possible for PC from the left subnet to access this webpage by using the DNS address to look it up.
The question further emphasized that it must be shown how PC from the left subnet can open the webpage with it domain text name; to do this I have used the browser from PC1. I navigated to the web browser with these commands: PC1 à DESKTOP à WEB BROWSER, figure 13.
2.5 Static NAT. Configure NAT on the right router, so that the local address of the HTTP server is hidden from the outside networks. Specify a public address, by which a connection to the HTTP server can be established from the outside. Demonstrate that the PCs from the left subnet cannot connect to the webpage using the server’s local address, and can connect only by the server’s public address.
 |
| Figure 13: Demonstrate opening webpage from PC 1 |
2.5 Static NAT. Configure NAT on the right router, so that the local address of the HTTP server is hidden from the outside networks. Specify a public address, by which a connection to the HTTP server can be established from the outside. Demonstrate that the PCs from the left subnet cannot connect to the webpage using the server’s local address, and can connect only by the server’s public address.
Below, I show the code that I used for the Static NAT configuration on the right router. With that, I was able to hide the IP address of the HTTP server from 192.168.2.2 to 192.168.4.2. This means that whenever 192.168.2.2 is accessed from the webpage a request timeout will be the reply(figure 13), but using the public IP address 192.168.4.2 it will display result from the webpage(figure 14).
2.6 NAT Overload, or PAT. Configure NAT on the left router, so that the local addresses of all the PCs in the subnetwork are hidden from the outside networks. Demonstrate that the local IP addresses are hidden from the devices outside this subnetwork – the PDUs incoming to and outgoing from the left router’s WAN port does not contain any local addresses of the left subnet, only its public address.
2.7 Create firewall rules for PC1 in the left subnetwork (from Task 2.1) such, that PC1 would not be able to access the webpage on the HTTP server. At the same time, PC1 should be able to ping the HTTP server. Demonstrate the result. Create firewall rules for PC2 in the same subnetwork such, that it would block DNS data. At the same time, PC2 should be able to ping the HTTP server. Demonstrate, that PC2 cannot access the webpage by using its text domain name.
 |
| Static NAT configuration |
 |
| Figure 13: Local address of HTTP Server is not accessible with its normal IP address |
 |
| Figure 14: Public address accessing HTTP Server |
2.6 NAT Overload, or PAT. Configure NAT on the left router, so that the local addresses of all the PCs in the subnetwork are hidden from the outside networks. Demonstrate that the local IP addresses are hidden from the devices outside this subnetwork – the PDUs incoming to and outgoing from the left router’s WAN port does not contain any local addresses of the left subnet, only its public address.
• Name the advantages of using NAT.
The advantage of NAT is that it helps to hide the real IP address from the public. It helps to assign a cover-up IP address that can be seen publicly.
• What is the difference between Static NAT and NAT Overload? In what situations is one or another applied?
Static NAT (Network address translation) will assign internet protocol address to a local IP address of local area network. Meanwhile, NAT Overload consists of the mixture of both static and dynamic NAT. It allows given one specific IP address for every local address in local area network. We can apply NAT to small network whereas we can apply NAT Overload to bigger networks.
 |
| Figure 15: Hide IP address |
2.7 Create firewall rules for PC1 in the left subnetwork (from Task 2.1) such, that PC1 would not be able to access the webpage on the HTTP server. At the same time, PC1 should be able to ping the HTTP server. Demonstrate the result. Create firewall rules for PC2 in the same subnetwork such, that it would block DNS data. At the same time, PC2 should be able to ping the HTTP server. Demonstrate, that PC2 cannot access the webpage by using its text domain name.
Here, shown that PC1 would not be able to access the webpage on the HTTP server, what I did was that I deny access to the IP’s corresponding to the HTTP servers in the PC1 firewall configuration.
Here, I have created firewall rules for PC2, such that, it would block DNS data from subnet 3. This will allow the Hostname Unresolved(Figure 20) whenever accessing the domain name of the HTTP webpage. Whereas we can still get to this webpage using the IP address (192.168.4.2) of the webpage(Figure 19).
 |
| Figure 16: Firewall configuration on PC1 blocking HTTP data |
Ping from PC1 to HTTP Server after firewall configuration is done successfully.
 |
| Figure 17: Ping from PC1 to HTTP server |
Here, I have created firewall rules for PC2, such that, it would block DNS data from subnet 3. This will allow the Hostname Unresolved(Figure 20) whenever accessing the domain name of the HTTP webpage. Whereas we can still get to this webpage using the IP address (192.168.4.2) of the webpage(Figure 19).
 |
| Figure 18: Firewall configuration on PC2 blocking DNS data |
 |
| Figure 19: Webpage accessible with IP address |
 |
Figure 20: PC2 cannot access the webpage by using a domain name |
 |
| Figure 21: showing Wildcard in Table |
• Would PC2 still be able to access the webpage by using its numerical identifier (IP address) and why?
Yes, and the reason is that PC2 can access the IP address of the HTTP server directly even though the DNS data has been blocked by a firewall in the PC2 firewall configuration.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.