Free Dowload CCNP 642-812 BCMSN

642-812 BCMSN Building Cisco Multilayer Switched Networks

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Introduction

Chapter 1 Introduction to Building Cisco Multilayer Switched Networks
Chapter 2 The Roles of Switches in Designing Cisco Multilayer Switched Networks

Chapter 3 Initial Configuration and Troubleshooting of Cisco Multilayer Switches

Chapter 4 Implementing and Configuring VLANs

Chapter 5 Understanding and Configuring the 802.1D, 802.1s, and 802.1w Spanning Tree

Chapter 6 Adding Resiliency to Spanning Tree Using Advanced Features and Troubleshooting STP Issues

Chapter 7 Enhancing Network Stability, Functionality, Reliability, and Performance Using Advanced Features

Chapter 8 Understanding and Configuring Inter-VLAN Routing

Chapter 9 Understanding and Configuring Multilayer Switching

Chapter 10 Understanding and Implementing Quality of Service in Cisco Multilayer Switched Networks

Chapter 11 Deploying Multicast in the Multilayer Switched Network

Chapter 12 Design Network Resiliency, Redundancy, and High Availability in Multilayer Switched Networks

Chapter 13 Best Practices for Deploying Cisco IP Telephony Using Cisco Catalyst Switches

Chapter 14 Securing Your Multilayer Switched Network to Minimize Service Loss and Data Theft

Chapter 15 Introduction to the Catalyst Switching Architectures

Chapter 16 Designing, Building, and Connecting Cisco Multilayer Switched Networks Using Metro Solutions

Chapter 17 Performance and Connectivity Troubleshooting Tools for Multilayer Switches

Chapter 18 Introducing Wireless into the Campus Network

Review Questions

Appendix A

Answers to Review Questions

Free Download Link

CCNP 642-812 BCMSN (Building Cisco Multilayer Switched Networks)

Pass4sure 642-901 Exam Questions, Your Best Cisco 642-901 Practice Engine

Exam Number/Code: 642-901

Exam Name: BSCI - Building Scaleable Cisco Internetworks

The Building Scalable Cisco Internetworks (BSCI 642-901) is a qualifying exam for the Cisco Certified Network Professional CCNP®, Cisco Certified Design Professional CCDP®, and Cisco Certified Internetwork Professional CCIP™ certifications.
After passing the 642-901 exam, you have three certification directions to select: the first is to get the CCNP certification which requires you to take another three related exams (642-812,642-825,642-845); the second is to get the CCIP certification which requires you to take another three related exams (642-661,642-611,642-642), of course you can only take the comprehensive exam of 642-691 to replace 642-661 and 642-611; the third is to get the CCDP certification which requires you to take another two related exams (642-812,642-873).

Free Download Link below

BSCI - Building Scaleable Cisco Internetworks : 642-901 Exam

BSCI_642-901_StudentLab.pdf

Building Scalable Cisco Internetworks

642-901 BSCI

Implement EIGRP operations

• Explain the functions and operations of EIGRP (e.g., DUAL).
• Configure EIGRP routing. (e.g., Stub Routing, authentication, etc.)
• Verify or troubleshoot EIGRP routing configurations.

Implement multiarea OSPF operations

• Explain the functions and operations of multiarea OSPF.
• Configure multiarea OSPF routing. (e.g., Stub, NSSA, authentication, etc.)
• Verify or troubleshoot multiarea OSPF routing configurations.

Describe integrated IS-IS

• Describe the features and benefits of integrated IS-IS.
• Configure and verify integrated IS-IS.

Implement Cisco IOS routing features

• Describe, configure or verify route redistribution between IP routing IGPs. (e.g., route-maps, default routes, etc.)
• Describe, configure or verify route filtering (i.e., distribute-lists and passive interfaces).
• Describe and configure DHCP services (e.g., Server, Client, IP helper address, etc.).

Implement BGP for enterprise ISP connectivity

• Describe the functions and operations of BGP.
• Configure or verify BGP operation in a non-transit AS (e.g., authentication).
• Configure BGP path selection. (i.e., Local Preference, AS Path, Weight or MED attributes).

Implement multicast forwarding

• Describe IP Multicast (e.g., Layer-3 to Layer-2 mapping, IGMP, etc.).
• Describe, configure, or verify IP multicast routing (i.e., PIM Sparse-Dense Mode).

Implement IPv6

• Describe IPv6 addressing operations.
• Describe IPv6 interoperation with IPv4.
• Describe, configure or verify OSPF routing with IPv6 addressing.

Download Link below
BSCI_642-901_StudentLab.pdf

Cisco CCNP_BSCI_642-901.pdf (Building Scalable Cisco Internetworks)

Building Scalable Cisco Internetworks

The Building Scalable Cisco Internetworks (BSCI 642-901) is a qualifying exam for the Cisco Certified Network Professional CCNP®, Cisco Certified Design Professional CCDP®, and Cisco Certified Internetwork Professional CCIP™ certifications. The BSCI 642-901 exam will certify that the successful candidate has important knowledge and skills necessary to use advanced IP addressing and routing in implementing scalability for Cisco ISR routers connected to LANs and WANs. The exam covers topics on Advanced IP Addressing, Routing Principles, Multicast Routing, IPv6, Manipulating Routing Updates, Configuring basic BGP, Configuring EIGRP, OSPF, and IS-IS.

Exam Topics

• Implement EIGRP operations

• Implement multiarea OSPF operations

• Describe integrated IS-IS

• Implement Cisco IOS routing features

• Implement BGP for enterprise ISP connectivity

• Implement multicast forwarding

• Implement IPv6

Download Link below
CCNP_BSCI_642-901.pdf

Cisco extended IP access control lists

extended IP access control lists

I explained how to create and implement a basic ACL. The difference between a basic ACL and an extended ACL is subtle, yet powerful. A basic ACL controls the flow of information based on network address (origin and destination). An extended IP ACL controls the flow of information based on the type of packet, as well as network address. Let’s take a look at how to effectively implement an extended ACL.

The power of an extended ACL
As you can see, being able to filter by the type of packet is the dividing line between the two kinds of lists. To illustrate the power of this feature, I’ll paint a simple example.

Let’s say your company Web server has become a toy for hackers and script kiddies. You struggle daily to replace defaced pages and occasionally have to reload from scratch. Marketing complains that your company is losing revenue, and your boss is losing patience with your ability to protect the network. What do you do?

1. You connect the Web server to a port on your gateway router.
2. On this port, between your Web server and the router, you create an outbound filter. (Filter direction runs from router to Web server.)
3. You add three entries to your ACL. The first entry permits HTTP traffic to the Web server IP address. The second entry permits FTP traffic from a specific host or range of hosts on your internal network. (This allows someone to update the server.) The third entry denies everything else to that same address. This entry is really unnecessary since there is a Deny All statement at the bottom of every ACL, but you turn on logging for this entry because it makes great statistics.
4. Enjoy your security.

That is the power of an extended ACL. Let’s examine the syntax for an extended ACL and look at some practical examples.

Creating an extended ACL
These lists are created and applied to an interface as either inbound or outbound packet filters. They are implemented in this format:

Access-list [list number] [permit deny] [protocol] [source address] [source-mask] [destination address] [destination-mask] [operator] [port] [log]

* List Number—A number between 100 and 199 (Think of it as the name of the list.)
* Permit Deny—Whether to permit or deny this packet of information if conditions match
* Protocol—Type of protocol for this packet (i.e., IP, ICMP, UDP, TCP, or protocol number)
* Source Address—Number of the network or host that the packet is from (Use the dotted-decimal format 192.168.1.12 or use the keyword ANY as an abbreviation for an address of 0.0.0.0 255.255.255.255 or use HOST and the dotted-decimal address.)
* Source Mask—The network mask to use with the source address (Cisco masks are a little different, 0 = octet must match exactly; 255 = octet is not significant or doesn’t matter.)
* Destination Address—The address that the packet is going to, or ANY
* Destination Mask—The network mask to use with the destination address (if you specify one)
* Operator (optional entry)—This applies to TCP or UDP ports only
eq=equal
lt=less than
gt=greater than
neq=not equal
range=a range of ports; you must specify two different port numbers
est=established connections
* Port (optional entry)—TCP/UDP destination port number or service
* Log—Whether to log (if logging is enabled) this entry to the console

A sample inbound ACL would be:
access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
access-list 100 deny ip any host 127.0.0.1 log
access-list 100 permit ip any [your network IP address] [your network mask] est
access-list 100 deny ip [your network IP address] [your network mask] any log
access-list 100 deny tcp any any eq 22222 log
access-list 100 deny tcp any any range 60000 60020 log
access-list 100 deny udp any any eq snmp log
access-list 100 permit ip any any

Entries 1,2, 3, and 4 deny the internal, nonroutable IP addresses for each network class (as defined by RFC 1597) and the hardware loop-back address for an Ethernet adapter. None of these should travel across the Internet, but I have seen them in my logs. Thus, I deny them because there is always the possibility of connecting to somebody else’s improperly configured router.

Let’s look at the other six entries and see how each entry differs in what it specifically denies or permits:

* Entry 5—“permit ip any [your network IP address] [your network mask] est”—automatically allows all IP sessions already established with the ack bit turned. The purpose of this entry is to ensure that if your firewall allows a connection request to leave your network, the router doesn’t stop its return.
* Entry 6—“deny ip [your network IP address] [your network mask] any log”—denies anyone from entering your network from the outside with an internal address (spoofing your network) and logs each packet occurrence. This is very important for good security.
* Entry 7—“deny tcp any any eq 22222 log”—denies the infamous Donald Dick and Prosiak ports.
* Entry 8—“deny tcp any any range 60000 60020 log”—denies the Deepthroat and Sockets des Troie ports.
* Entry 9—“deny udp any any eq snmp log”—denies any snmp requests from the outside. SNMP is a valuable tool to hackers for network discovery.
* Entry 10—“permit ip any any”—permits packets that were not previously rejected to enter your network.

You apply this extended ACL the same way you applied the basic ACL.

When writing your extended ACL, a simple rule to follow is to have your most specific deny and permit statements at the top of the list, followed by the most active general entries.

Finally, I’d like to say something about ACLs in general. Their true use can either be to:
# Deny by exception (as in the example list shown above)—Where you deny certain IP services and ports and add a “permit ip any” entry to the bottom of your ACL. The problem with this method is that new Trojans and hacks are created every day. You’re constantly behind the security curve and always chasing new hacks.

or
# Allow by rule—Where you allow certain IP services and ports and let the implicit “deny all" statement at the end of your list do its job. As new Trojans and hacks are created, you can read about them and wonder why people don’t operate a network as secure as you do.

My preference is to allow by rule. I prefer this method because it provides much greater control over what enters and exits my network. This method is harder to implement from the start. You’ll need to know your network thoroughly, what services operate and what IP addresses need access to your internal network. (You should really know the answer to those questions already if you are interested in security.)

Frame Relay Protocols Overview

Frame Relay Protocols Overview
Before going ahead with Frame Relay protocol, and its operation, we discuss virtual circuits. Remember that a circuit provides connection between end nodes by means of an electrical connection. In data circuits, the term virtual circuit is also used in similar sense. A virtual circuit provides a logical connection between end nodes for the flow of information.

There are two types of virtual circuits:
* Permanent Virtual Circuit (PVC), and
* Switched Virtual Circuits (SVC)

Permanent Virtual Circuit (PVC): PVC is a permanent connection between the end nodes (DTEs) within a Frame Relay network. The virtual circuit is always available irrespective of whether any data is being transmitted or not. This type of connection (PVC) is used when it is required to consistently transfer data between the end nodes. A PVC can have two operational states as given below:

* Data transfer state: Data is transmitted between the end nodes over the virtual circuit.
* Idle state: No data is transferred between the end nodes. Note that PVC does not terminate the virtual circuit even when there is no data being transferred between the end nodes.

Switched Virtual Circuit(SVC): A switched virtual circuits (SVC) provide temporary connection between end nodes (DTEs) across a Frame Relay network. An SVC communication session has four states:

* Call setup: The virtual circuit between two Frame Relay end nodes is established.
* Data transfer: Data is transmitted between the end nodes over the virtual circuit.
* Idle: The connection between end nodes is still active, but no data is transferred. An SVC call is terminated after a certain period of idle time
* Call termination: The virtual circuit between end nodes is terminated.

If there is some more data to be transmitted at a later time, an SVC is negotiated again. SVCs are advantageous when you have burst traffic, and you don't want to block the network bandwidth for a given virtual circuit 24hours a day.

Unlike SVC, there is no call setup, and call termination procedures in PVC. This results in simple link management procedures, and more efficient data transfers.

Frame Relay Protocol: FR is an HDLC protocol based network. We have discussed HDLC in earlier sections, and the HDLC frame is given below. Other protocols that use HDLC frames include SDLC, Frame Relay, and X.25. They primarily differ in how the address and control bits in HDLC frame are used.

The different fields are explained below with respect to Frame Relay:

Flag (both opening and closing flags): 8 bits (01111110 or 7E hex)
Address (Also known as Frame Relay Header): It is a 16-bit field as given below.

Data Link Connection Identifier (DLCI): The DLCI is 10-bit wide. DLCI identifies the virtual connection between the end node (a DTE device) and the switch (a DCE device).

C/R: The C/R bit says whether the frame is a command or response.

Forward Explicit Congestion Notification (FECN): This is a single-bit field that can be set to either 0 or 1 by a switch. Normally, FECN is zero. A value of 1 indicates network congestion in the direction of source to destination, known as Forward Explicit Congestion Notification.

Backward Explicit Congestion Notification (BECN): This is a single-bit field that can be set to either 0 or 1 by a switch in the FR network. Normally, BECN is zero. A value of 1 indicates that the FR network has experienced congestion in the direction of destination to source.

By using FECN and BECN, upper layer protocols can control the communication for efficient utilization of FR network.

Discard Eligibility (DE): This is set by the DTE device to indicate that the marked frame may be discarded in the event of network congestion. Discard Eligible frames are discarded first before removing frames that do not have DE bit set, in the event of network congestion.

Note that all FECN, BECN, and DE enable FR network congestion control by regulating the communication, and prioritizing traffic.

Extended Address (EA): The eighth bit of each byte of the Address field (header) is used to indicate the EA. If the EA value is 1, then the current byte is determined to be the last octet of the DLCI.

Data: This field contains encapsulated upper-layer protocol data. It has variable length up to 16,000 octets.

FCS (Frame Check Sequence) or CRC (Cyclic Redundancy Code): It is either 16 bits, or 32 bits wide. Frame Check Sequence is used to verify the data integrity. If the FCS fails, the frame is discarded.

ISDN Protocols Overview

Integrated Services Digital Network (ISDN), as the name implies, provides integrated services that consist of telephony, data, and video transmission over ISDN.

ISDN is of two types:
* Basic Rate ISDN (BRI), and
* Primary Rate ISDN (PRI)

Basic Rate ISDN consists of two 64kbps B-channels (B for Bearer) and one D-channel (2B+1D). B-Channels are used for transmitting user information (voice, data, or video), and D-Channel is used for transmitting control information. B-Channel offers a bandwidth of 64kbps, and D-Channel has a bandwidth of 16kbps. With 2B channels, BRI provides up to 128kbps uncompressed bandwidth. Note that the total bandwidth used by ISDN BRI is 192kbps. The remaining bandwidth [192 - (2B+D)] or 48kbps is used for framing.

Primary Rate ISDN consists of 23 B-channels and one D-channel (23B+1D) for US or 30 B-channels and one D-channel (30B+1D) for Europe, Australia, India, and some other countries. The ISDN standard followed by Europe is also known as Euro ISDN, and standardized by ETSI (European Telecommunications Standard Institute). The PRI D-Channel offers 64kbps bandwidth.

There are several constituent standards that define ISDN.

I.430 Standard: It describes the Physical layer and part of the Data Link layer for BRI.

Q.920 and Q.921 Standards: Together, they provide the Data Link protocol used over the D channel.

Q 930, and Q.931 Standards: Documents the Network layer user-to-user and user-to-network interface. The functionalities offered include call setup and breakdown, channel allocation, and other optional services.

G.711 Standard: It describes the standard 64 kbps audio encoding used by telcos.

ISDN Reference Points:
ISDN standards specify several reference points that functionally separate the ISDN network. The ISDN devices need to comply with applicable reference point specifications. For example, a TE1 device such as an ISDN phone or a computer need to comply with reference point 'S' specifications. Various reference points specified in ISDN are given in the figure below:

R: This is the reference point between non-ISDN equipment and a Terminal Adapter (TA).

S: This is the reference point between user terminals and Network Termination Type2 (NT2).

T: This is the reference point between NT1 and NT2 devices.

U: This is the reference point between NT1 devices and line termination equipment of the Telco

PPP and SLIP Protocols Overview

Serial Line Internet Protocol (SLIP):
This is a packet-framing protocol and defines a sequence of bytes that frame IP packets on a serial line. It is commonly used for point-to-point serial connections running TCP/IP.

Point-to-Point Protocol (PPP):
PPP is basically an encapsulation protocol that is used to transport datagrams over serial point-to-point links. Network address assignment, link configuration management, error detection, multi protocol support are some of the most prominent features of PPP protocol. PPP supports these features by using LCP (Link Control Protocol), and NCP (Network Control Protocol).

LCP responsible for initiating, negotiating, configuring, maintaining, and terminating the serial link point-to-point connection.

You can transport multiple protocols like IP, IPX, DECnet using PPP.

Protocol frame configuration: As mentioned earlier, the protocol frame is a version of HDLC protocol. It contains six fields as shown in the diagram.

Flag (both opening and closing flags): 8 bits (01111110 or 7E hex)
Address: PPP does not use node addresses. It is a single byte of 11111111, representing a broadcast address.
Control: The field is 8 bits, wide and indicates whether the frame is a Control or Data frame.
Protocol: 16 bits wide, and identify the protocol encapsulated in the DATA field of the frame.
Data (Payload): This is the information that is carried from node to node. The default maximum length of the Data field is 1500 bytes.
FCS (Frame Check Sequence) : It is either 16 bits, or 32 bits wide. Frame Check Sequence is used to verify the data integrity. If the FCS fails, the frame is discarded. FCS is implement by using Cyclic Redundancy Code (CRC).
Operation of PPP:

PPP operates over different phases consisting of

* Link establishment and configuration negotiation
* Link quality determination phase (Optional)
* Network layer protocol configuration negotiation
* Link termination

Initially, PPP negotiates a link between the two point to point interfaces. These are normally a DTE and a DCE interfaces such as RS-232C, V.35, RS-422, and RS-423. PPP by itself does not impose any limitation on achievable speed. The physical interfaces, and the media normally limits the available link speeds.

The second phase is link quality determination. This phase is optional.

Once the Link level configuration is made, and the link is established, then the network level configuration is made.

The link is terminated by LCP as and when required.

Advantages of PPP over SLIP:
1. Address notification: It enables a server machine to inform a dial-up client of its IP address for that link. SLIP requires that the user manually configure this information.

2. Authentication: PPP supports Password Authentication Protocol (PAP), and Challenge Handshake Authentication Protocol (CHAP) protocols. PAP transmits password in plain text, whereas CHAP uses encryption for authentication.

3. Multiple Protocol Support: PPP can support Multiple Protocols to operate on the same link. For example, both IP and IPX traffic can use same PPP link.

4. Link Monitoring: Offers link monitoring to help diagnose any link failures.

HDLC Protocol Overview

HDLC Protocol.

HDLC (High-level Data Link Control) is a group of protocols documented in ISO 3309 for transmitting synchronous data between serial links (Point-to-Point nodes). HDLC organizes data into a frame before transmission. HDLC protocol operates within Layer 2 (data link layer) of the OSI model.

HDLC Frame Structure:

The HDLC frame consists of Flag, Address, Control, Data, and CRC fields as shown. The bit length of each field is given below:

Flag (both opening and closing flags): 8 bits (01111110 or 7E hex)
Address: It is normally 8 or 16 bits in length. A leading 'zero' bit (MSB) indicates a unicast message; the remaining bits provide the destination node address. A leading 'one' bit (MSB) location indicates multicast message, the remaining bits provide the group address.
Control: The field is 8 bits, or 16 bits wide and indicates whether the frame is a Control or Data frame. The field contains sequence number (hdlc frames are numbered to ensure delivery), poll (you need to reply) and final (indicating that this is the last frame) bits.

Data (Payload): This is the information that is carried from node to node. This is a variable field. Sometimes padded with extra bits to provide fixed length.
FCS (Frame Check Sequence) or CRC (Cyclic Redundancy Code): It is normally 16 bits wide. Frame Check Sequence is used to verify the data integrity. If the FCS fails, the frame is discarded.

The polynomial used for 16 bit FCS:
FCS [16 bits] = X16 + X12 + X5 + 1

Closing Flag: It is same as Opening Flag.

If no prior care is taken, it is possible that flag character (01111110) is present in data field. If present, then it will wrongly be interpreted as end of frame. To avoid this ambiguity, a transmitter will force a '0' bit after encountering 5 continuous 1s. At the receiving end, the receiver drops the '0' bit when encountered with 5 continuous 1s, and continues with the next bit. This way, the flag pattern (01111110) is avoided in the data field.

Normally, synchronous links transmit all the time. But, useful information may not be present at all times. Idle flags [11111111] may be sent to fill the gap between useful frames. Alternatively, a series of flags [01111110] may be transmitted to fill gaps between frames instead of transmitting idle flags [11111111]. Continuous transmission of signals is required to keep both the transmitting and receiving nodes synchronized.

Ex.: frame...flag...flag...flag...frame..flag..flag..frame...frame...

PPP and SLIP use a subnet of HDLC protocol. ISDN's D channel uses a modified version of HDLC. Also, note that Cisco routers' uses HDLC as default serial link encapsulation protocol.

HDLC Frame Types
The control field in HDLC is also used to indicate the frame type. There are three types of frames supported by HDLC. These are:

I Frames: These are information frames, and contain user data
S Frames: These are supervisory frames, and contain contain commands and responses
U Frames: These are un-numbered frames, and typically contain commands and responses.

I Frames are sequentially numbered, carry user data, poll and final bits, and message acknowledgements.
S Frames performs any retransmission requests, and other supervisory controls.
U Frames can be used to initialize secondaries.

WAN Protocols

Introduction to WAN protocols.
Wide Area Networks (WANs) operate over serial links. A serial link is one that transmits and receives digitized signal one bit at a time. Serial links using modems typically offer 56Kbps. Compare a serial link with that of a parallel link. An example of parallel link is printer connection over parallel cable. A printer receives several bits at a time and processes them all. A parallel line is typically used for connecting your monitor, printer, and CDROM drive. Parallel links run over over a very short distances.
Within serial links, there are two types:
Asynchronous serial links
Synchronous serial links

Asynchronous serial links: These are widely used for connecting to Internet using your dial-up modem. Asynchronous link is normally used for low speed communications.

Async (short for Asynchronous) links require start and stop bits for effective communication. It can also have parity bits for error checking. When using Async communication link, both sender and receiver need to agree on fixed line speed (expressed in terms of bits per second), otherwise, the receiver may not be able to receive any data at all.
2. Synchronous serial links: Synchronous links, as the name suggests use clocking to transmit or receive data. A clock signal is required for transmitting or receiving synchronous data.

The clock signal may be transmitted separately, or could be derived from the received signal. In either case, the clock signals are used for receiving the data.
Synchronous links can operate at very high speeds. SDLC, and HDLC are examples of synchronous link protocols.

Cisco Access Control Lists

The Cisco Access Control List (ACL) is are used for filtering traffic based on a given filtering criteria on a router or switch interface. Based on the conditions supplied by the ACL, a packet is allowed or blocked from further movement.

Cisco ACLs are available for several types of routed protocols including IP, IPX, AppleTalk, XNS, DECnet, and others. However, we will be discussing ACLs pertaining to TCP/IP protocol only.

ACLs for TCP/IP traffic filtering are primarily divided into two types:

* Standard Access Lists, and
* Extended Access Lists

Standard Access Control Lists: Standard IP ACLs range from 1 to 99. A Standard Access List allows you to permit or deny traffic FROM specific IP addresses. The destination of the packet and the ports involved can be anything.

This is the command syntax format of a standard ACL.

access-list access-list-number {permitdeny}
{hostsource source-wildcardany}

Standard ACL example:

access-list 10 permit 192.168.2.0 0.0.0.255

This list allows traffic from all addresses in the range 192.168.2.0 to 192.168.2.255

Note that when configuring access lists on a router, you must identify each access list uniquely by assigning either a name or a number to the protocol's access list.

There is an implicit deny added to every access list. If you entered the command:

show access-list 10

The output looks like:

access-list 10 permit 192.168.2.0 0.0.0.255
access-list 10 deny any

Extended Access Control Lists: Extended IP ACLs allow you to permit or deny traffic from specific IP addresses to a specific destination IP address and port. It also allows you to have granular control by specifying controls for different types of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs began to use additional numbers (2000 to 2699).
The syntax for IP Extended ACL is given below:

access-list access-list-number {deny permit} protocol source source-wildcard
destination destination-wildcard [precedence precedence]

Note that the above syntax is simplified, and given for general understanding only.
Extended ACL example:

access-list 110 - Applied to traffic leaving the office (outgoing)

access-list 110 permit tcp 92.128.2.0 0.0.0.255 any eq 80

ACL 110 permits traffic originating from any address on the 92.128.2.0 network. The 'any' statement means that the traffic is allowed to have any destination address with the limitation of going to port 80. The value of 0.0.0.0/255.255.255.255 can be specified as 'any'.
Applying an ACL to a router interface:

After the ACL is defined, it must be applied to the interface (inbound or outbound). The syntax for applying an ACL to a router interface is given below:

interface
ip access-group {numbername} {inout}

An Access List may be specified by a name or a number. "in" applies the ACL to the inbound traffic, and "out" applies the ACL on the outbound traffic.

Example:

To apply the standard ACL created in the previous example, use the following commands:

Rouer(config)#interface serial 0
Rouer(config-if)#ip access-group 10 out

Tutorial: Standard ACL (Access Control List) Basics

This is a BASIC explanation of Standard ACL’s that SHOULD be fairly easy to understand and span the spectrum of most Cisco routers.

The first thing to remember about ACL’s is they read from top to bottom. When a packet comes to a router interface, it is matched against the first line in the ACL, if it doesn’t meet the criteria, then it drops to the next line and so on until it reaches a permit or deny that fits it. The second thing to remember is THERE IS A IMPLICIT DENY underneath the last (bottom) line! Don’t apply an access-list to an interface without at least one permit statement. (Especially an inside interface!) Standard access lists can be numbered 1 - 99 or 1300 - 1999
The basic makeup of a line (statement) is:
permit / deny source_ip
access-list 1 permit 192.168.1.3 0.0.0.0
Depending on the interface and direction the list is applied, will determine its relevance. For example, if this access-list is placed on the inside interface with an “ip access-group 1 in” then the only traffic permitted into that interface will come from 192.168.1.3.
Whew! If I haven’t completely confused you yet, then get ready.
Wildcard masks are an inverse of normal subnet masks, so 0.0.0.0 is equivalent to the 255.255.255.255 of route advertisement, for example.
So if I want to deny the network 10.0.1.0 255.255.255.248 then I would type
access-list 1 deny 10.0.1.0 0.0.0.7.
if I want to permit a single host, I type
access-list 1 permit 192.168.1.1 0.0.0.0
Ridiculous, I know. I’m not going to get into the functionality behind this, we would be reading for an hour.
Finally, when you apply the access-list to an interface, don’t call it a “list” call it a “group”.
i.e.router(config)# interface fastethernet 0/0router(config-int)# ip access-group 1 in
P.S. Oh, yeah, and only one ACL per interface, per direction, per protocol.
This is the complete tip-top of the iceberg of ACL’s, several chapters in several large books cover this topic. I keep shaking my head as I write this because I’m leaving out sooooooo much stuff, but hopefully it gives you a base for researching / understanding this topic. Good luck!

Access Control List (ACL)

In computer security, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file WXY gives Alice permission to delete file WXY.

ACL-based security models
In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether to proceed with the operation. A key issue in the definition of any ACL-based security model is the question of how access control lists are edited. For each object; who can modify the object's ACL and what changes are allowed.
Systems that use ACLs can be classified into two categories: discretionary and mandatory. A system is said to have discretionary access control if the creator or owner of an object can fully control access to the object, including, for example, altering the object's ACL to grant access to anyone else. A system is said to have mandatory access control (also known as "non-discretionary access control" in the security literature) if it enforces system-wide restrictions that override the permissions stated in the ACL.
Traditional ACL systems assign permissions to individual users, which can become cumbersome in a system with a large number of users. In a more recent approach called role-based access control, permissions are assigned to roles, and users are assigned to roles.

File system ACLs
The list is a data structure, usually a table, containing entries that specify individual user or group rights to specific system objects, such as a program, a process, or a file. These entries are known as access control entries (ACEs) in the Microsoft Windows NT, OpenVMS, Unix-like and Mac OS X operating systems. Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights, such as whether a user can read from, write to, or execute an object. In some implementations an ACE can control whether or not a user, or group of users, may alter the ACL on an object.

Networking ACLs
In networking, ACL refers to a list of rules detailing service ports or (network) daemon names that are available on a host or other layer 3 device, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.

Access Control List

DEFINITION - An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program). Microsoft Windows NT/2000, Novell's NetWare, Digital's OpenVMS, and Unix-based systems are among the operating systems that use access control lists. The list is implemented differently by each operating system.

In Windows NT/2000, an access control list (ACL) is associated with each system object. Each ACL has one or more access control entries (ACEs) consisting of the name of a user or group of users. The user can also be a role name, such as "programmer," or "tester." For each of these users, groups, or roles, the access privileges are stated in a string of bits called an access mask. Generally, the system administrator or the object owner creates the access control list for an object.

Access List Configuration

Access List Configuration

Access list configuration is a basic traffic filtering process that can be used for controlling the access to a network. It prevents certain traffic entering or exiting from a network, based on the criteria you specified within the access lists so that network security can be achieved.

IP Access List Number
Number of an access list.
IP Standard - This is a decimal number from 1 to 99
IP Extended - This is a decimal number from 100 to 199
Packet Access
Deny - Denies access, if the conditions are matched.
Permit - Permits access, if the conditions are matched.

Source Packets
IP Address - IP of the host from which the packet is being sent. When it is '0.0.0.0', it is considered as 'any' with source mask taken as 255.255.255.255.

Mask / Wildcard - Wildcard bits to be applied to the source address. Place 1s in the bit positions you want to ignore.

Operator - Compares source ports. The operands are lt (less than), gt (greater than), eq (equal), and neq (not equal)

Port - The decimal number or name of a TCP or UDP port. It can take ip, tcp, udp, icmp, or any integer in the range from 0 to 255 representing an Internet protocol number.

Destination Packets
IP Address - IP of the host to which the packet is being sent. When it is '0.0.0.0', it is considered as 'any' with destination mask taken as 255.255.255.255.

Mask / Wildcard - Wildcard bits to be applied to the destination address. Place 1s in the bit positions you want to ignore.

Operator - Compares destination ports. The operands are lt (less than), gt (greater than), eq (equal), and neq (not equal).

Port - The decimal number or name of a TCP or UDP port. It can be domain, ftp, telnet, smtp, and www or a port number in the range from 0 to 65535.

Protocol Number/Name
Name or number of an Internet protocol. It can take ip, tcp, udp, icmp, or any integer in the range from 0 to 255 representing an Internet protocol number.

Add/Delete
After entering data for the above tasks, click Add to generate the commands. You can add new set of access-lists and at the same time delete the access-lists.

IOS Configuration
The generated configuration commands are displayed and lets you append additional configuration commands for the selected device. Only the parameters applicable to the selected device are displayed.

Show Access-Lists
Click Show Access-Lists tab to receive the access-lists configuration information from the router.

Click Apply and view the IOS configuration. If you select proper configuration tasks, click OK to send the commands or Cancel not to send.

What is the difference between an Ethernet hub and switch?

Although hubs and switches both glue the PCs in a network together, a switch is more expensive and a network built with switches is generally considered faster than one built with hubs. Why?

When a hub receives a packet (chunk) of data (a frame in Ethernet lingo) at one of its ports from a PC on the network, it transmits (repeats) the packet to all of its ports and, thus, to all of the other PCs on the network. If two or more PCs on the network try to send packets at the same time a collision is said to occur. When that happens all of the PCs have to go though a routine to resolve the conflict. The process is prescribed in the Ethernet Carrier Sense Multiple Access with Collision Detection (CSMA/CD) protocol. Each Ethernet Adapter has both a receiver and a transmitter. If the adapters didn't have to listen with their receivers for collisions they would be able to send data at the same time they are receiving it (full duplex). Because they have to operate at half duplex (data flows one way at a time) and a hub retransmits data from one PC to all of the PCs, the maximum bandwidth is 100 Mhz and that bandwidth is shared by all of the PC's connected to the hub. The result is when a person using a computer on a hub downloads a large file or group of files from another computer the network becomes congested. In a 10 Mhz 10Base-T network the affect is to slow the network to nearly a crawl. The affect on a small, 100 Mbps (million bits per scond), 5-port network is not as significant.

Two computers can be connected directly together in an Ethernet with a crossover cable. A crossover cable doesn't have a collision problem. It hardwires the Ethernet transmitter on one computer to the receiver on the other. Most 100BASE-TX Ethernet Adapters can detect when listening for collisions is not required with a process known as auto-negotiation and will operate in a full duplex mode when it is permitted. The result is a crossover cable doesn't have delays caused by collisions, data can be sent in both directions simultaneously, the maximum available bandwidth is 200 Mbps, 100 Mbps each way, and there are no other PC's with which the bandwidth must be shared.
An Ethernet switch automatically divides the network into multiple segments, acts as a high-speed, selective bridge between the segments, and supports simultaneous connections of multiple pairs of computers which don't compete with other pairs of computers for network bandwidth. It accomplishes this by maintaining a table of each destination address and its port. When the switch receives a packet, it reads the destination address from the header information in the packet, establishes a temporary connection between the source and destination ports, sends the packet on its way, and then terminates the connection.
Picture a switch as making multiple temporary crossover cable connections between pairs of computers (the cables are actually straight-thru cables; the crossover function is done inside the switch). High-speed electronics in the switch automatically connect the end of one cable (source port) from a sending computer to the end of another cable (destination port) going to the receiving computer on a per packet basis. Multiple connections like this can occur simultaneously. It's as simple as that. And like a crossover cable between two PCs, PC's on an Ethernet switch do not share the transmission media, do not experience collisions or have to listen for them, can operate in a full-duplex mode, have bandwidth as high as 200 Mbps, 100 Mbps each way, and do not share this bandwidth with other PCs on the switch. In short, a switch is "more better."

What is the Difference between Hub and Switch?

HUB

1. Hub is a Layer 1 Device

2. Hub is not more intelligent device

3. Hub does not reads the frame

4. Hub provides the always broadcasting in the network

5. we cannot configure Hub

6. In Hub the rate of data transmission is slow

7. hub is a half duplex device

8. the rate of data transmission is divided in hub

9. hub does not provide packet filtering in the network

10. hub is a single broadcast domain11. hub is a single collision domain12. Hub does not create any table

SWITCH

1. Generally Switch is a Layer 2/ Layer 3 Device

2. Switch is a more intelligent device

3. Switch reads the frame

4. Switch provides conditional broadcasting in the network

5. we can configure Switch

6. In Switch the rate of data transmission is fast

7. Switch is a full duplex device

8. the rate of data transmission is not divided in Switch

9. Switch provide packet filtering in the network

10. Switch is a single broadcast domain (By default)

11. Switch is a separate collision domain12. Switch creates a table that Table is called switching table

What's the difference between a Hub, a Switch and a Router?

Summary: Hubs, switches and routers are all computer networking devices with varying capabilities. Unfortunately the terms are also often misused.

In a word: intelligence.
Hubs, switches, and routers are all devices that let you connect one or more computers to other computers, networked devices, or to other networks. Each has two or more connectors called ports into which you plug in the cables to make the connection. Varying degrees of magic happen inside the device, and therein lies the difference. I often see the terms misused so let's clarify what each one really means.

A hub is typically the least expensive, least intelligent, and least complicated of the three. Its job is very simple: anything that comes in one port is sent out to the others. That's it. Every computer connected to the hub "sees" everything that every other computer on the hub sees. The hub itself is blissfully ignorant of the data being transmitted. For years, simple hubs have been quick and easy ways to connect computers in small networks.

A switch does essentially what a hub does but more efficiently. By paying attention to the traffic that comes across it, it can "learn" where particular addresses are. For example, if it sees traffic from machine A coming in on port 2, it now knows that machine A is connected to that port and that traffic to machine A needs to only be sent to that port and not any of the others. The net result of using a switch over a hub is that most of the network traffic only goes where it needs to rather than to every port. On busy networks this can make the network significantly faster.

A router is the smartest and most complicated of the bunch. Routers come in all shapes and sizes from the small four-port broadband routers that are very popular right now to the large industrial strength devices that drive the internet itself. A simple way to think of a router is as a computer that can be programmed to understand, possibly manipulate, and route the data its being asked to handle. For example, broadband routers include the ability to "hide" computers behind a type of firewall which involves slightly modifying the packets of network traffic as they traverse the device. All routers include some kind of user interface for configuring how the router will treat traffic. The really large routers include the equivalent of a full-blown programming language to describe how they should operate as well as the ability to communicate with other routers to describe or determine the best way to get network traffic from point A to point B.

What is the abbreviation of CISCO?

Answer:

CISCO is Computer Information System Company. The name "CISCO" for #1 networking company actually is taken from the city name San FranCISCO, CA. Cisco system inc., was founded by computers scientist from Stanford which is located 20 miles from San Francisco. The Cisco logo is based on the Golden Gate Bridge in San Francisco, CA.

E1

E1 is a the European equivalent of a T1 but runs at 2.048Mbps and has 32 x 64Kbps channels DS0s where 30 is used for voice and two are used for syncronization and signaling. Alarms that can occur on an E1:
YELLOW: remote alarm indication (RAI): The RAI (remote alarm indication) signal indicates loss of layer 1 capability at the user-network interface. RAI propagates towards the network if layer 1 capability is lost in the direction of the user, and RAI propagates toward the user if layer 1 capability is lost in the direction of the network.

BLUE: alarm indication signal (AIS): The AIS (alarm indication signal) is used to indicate loss of layer 1 capability in the ET-to-TE direction on the network side of the user-network interface. A characteristic of AIS is that its presence indicates that the timing provided to the TE may not be the network clock. AIS is non-framed and coded as all binary ONEs.

RED: Loss of signal (LOS): The equipment shall assume "loss of signal" when the incoming signal amplitude is, for a time duration of at least 1 ms, more than 20 dB below the nominal amplitude. The equipment shall react within 12 ms by issuing AIS. Although E1s don't use the terms YELLOW, BLUE, RED, they are for comparisons with T1.

T1

T1 (also referred to as DS1) is a standard for digital transmission over phone lines at 1.544 Mbps.
It is split into 24 channels of 64Kbps each. In the original standard, signalling was inband (robbed bit signalling). Now T1s are often "clear channel" and all bits are available for data.

Each 64Kbps channel (also known as a DS0) can carry data or voice traffic, and two or more channels can be combined into one higher speed data channel.

T1s are often used to deliver phone connections to a PBX in blocks of 24 lines.
ISDN Primary Rate PRI lines are delivered over T1 circuits in the USA.

A channelbank can convert a T1 to 24 analog phone lines.

T1s are also used to deliver high-speed data service.

A T1 connection is established by providing a "loop" or wire from the users premises to the CO where the service provider has equipment.

Once the connection reaches the "CO" it can access the carriers network and reach any destination.

A good overview on the fundamentals of digital telephony, digital voice, basic TDM, and T-1 and E-1 applications is the T-1/E-1 Technology Primer, published by Intel Corporation in 2001.

VOIP GSM Gateways

What's a VoIP GSM Gateway?
A VoIP GSM Gateway enables direct routing between IP, digital, analog and GSM networks. With these devices (fixed cellular terminals) companies can significantly reduce the money they spend on telephony, gp-especially the money they spend on calls from IP to GSM. The core idea behind cost saving with VoIP GSM Gateways is Least Cost Routing (LCR). Through least cost routing the gateways select the most cost-effective telephone connection. They check the number which is dialed as well as rate information which is stored in an internal routing table. Because several SIM cards and GSM modules are integrated within the VOIP GSM Gateway it is able to make relatively cheaper GSM to GSM calls instead of expensive IP to GSM calls.
for further Details:
visit to: http://www.voip-info.org/

Intel

Top Downloads

1. 32-bit Floppy Configuration Utility
Creates floppy disk for 32-bit OS with Intel® Matrix Storage Manager 8.7.0.1007 files - used to preinstall RAID driver (F6 during Windows* setup).

2. INF Update Utility - Primarily for Intel® 4, 3, 900 Series Chipsets
This utility installs INF files that inform the operating system how to properly configure the chipset for specific functionality such as USB and AGP.

3. Intel® Chipset Identification Utility
Helps you identify the Intel® chipset or Intel chipset family on your motherboard. Utility must be "Run as Administrator" on Microsoft Windows* Vista.

4. Chipset: INF Update Utility for Intel® Desktop Boards
Installs the chipset INF driver version 9.1.0.1012 for Intel® Desktop Boards.

5. INF Update Utility - Zip Format
NOTE: File is intended for use by developers/advanced users. If you are not a developer/advanced user, please download INFINST_AUTOL.EXE instead.

6. Intel® PRO/Wireless and WiFi Link Drivers-Only for Windows* XP
Microsoft Windows* XP Drivers for Intel® WiMAX/WiFi and WiFi Links, Intel® Wireless WiFi Link 4965AGN and Intel® PRO/Wireless Network Connections.

7. Intel® Graphics Media Accelerator Driver for Windows* XP (exe)
Installs graphics driver version 14.32.4 for the integrated graphics controller of Intel® chipsets.

8. Network Adapter Drivers for Windows* 2000, Windows* XP, and Windows Server* 2003
Installs network drivers. Includes Intel® PROSet for Windows* Device Manager, Advanced Networking Services (ANS), and SNMP.

9. Intel® Graphics Media Accelerator Driver for Windows* XP (exe)
Installs graphics driver version 14.37.1.5029 for the integrated graphics controller of Intel® chipsets.

10. Intel(R) Matrix Storage Manager

CISCO Packet Tracer 5.0

New Version Offers Multiuser Capabilities for Social Learning
Packet Tracer 5.0 is the latest version of Cisco Networking Academy’s comprehensive networking technology teaching and learning software. Innovative features of Packet Tracer 5.0, including powerful simulation, visualization, authoring, assessment, and collaboration capabilities, will help students and teachers collaborate, solve problems, and learn concepts in an engaging and dynamic social environment.
Packet Tracer makes both teaching and learning easier - instructors and students can create their own virtual “network worlds” for exploration, experimentation, and explanation of networking concepts and technologies.
Instructors can demonstrate technologies and configurations using Packet Tracer to teach complex CCNA-level networking concepts, making it extremely useful for lectures, group and individual labs, assessments, troubleshooting and modeling tasks, homework, games, and competitions.
Students can design, configure and troubleshoot networks using Packet Tracer’s versatile simulation and visualization environment, which also provides the opportunity and flexibility for additional practice outside of the classroom environment.
Packet Tracer supplements classroom equipment and provides students complementary learning opportunities that are not physically possible to create in the classroom or lab. In addition, Packet Tracer supplements the CCNA curricula and Packet Tracer activities are integrated throughout both CCNA Discovery and CCNA Exploration to provide rich networking technology learning experiences.
Packet Tracer 5.0 offers a unique combination of realistic simulation and visualization experiences, complex assessment and activity authoring capabilities, and opportunities for multiuser collaboration and competition, and is available free of charge to all Networking Academy instructors, students, and alumni. Visit the Packet Tracer 5.0 resource page under the course catalog on Academy Connection today to download this free software and explore the new possibilities in networking education.

Plz Download Packet Tracer 5 with Cisco Official tutorials Addon from

Packet_Tracer_5_with_Official_Tutorial_CCNA_v4.0_640-802_by_heightofglory.part3of3.rar

Packet_Tracer_5_with_Official_Tutorial_CCNA_v4.0_640-802_by_heightofglory.part2of3.rar

Packet_Tracer_5_with_Official_Tutorial_CCNA_v4.0_640-802_by_heightofglory.part1of3.rar

Packet Tracer 5.0 Beta4

I am sharing Packet Tracer 5.0 Beta4 .. I am very late to share this here as its going to work only for more 2 weeks. Cisco released a newer version of 5.0 RC1 but i am unable to crack its zip till now. As soon as I get it, I will share it with you guys!
Packet Tracer 5.0 - New Features

The Packet Tracer 5.0 will bring many new brilliant features. Some of them are…

Feature #1:
PT5.0 will be multi-user. It means you will be able to run multiple instances of PT5.0 on one or more computers and then connect them together trough IP sockets. With this feature you will be able to create one big topology, distributed across computers on your classroom and each student will work on his small part of the big picture. It can lead to network games, challenge labs, etc. Great job guys!

Feature #2:
Native PT5.0 Linux release! Finally Linux users will be able to use the PT. Although they were already able to run it with Wine.

Feature #3:
Open Devel API – PT5.0 will offer an open development API for Flash Action Script and C++. You will be able to write your own PT add-ons, features, etc. One of the great addon could be a plugin which connects the virtual PT5.0 devices to real devices!

Feature #4:
PT portal – There will be a PT web portal which will collect information about PT, labs for PT, manuals, applications, plug-in (add-ons), etc. It will be available at http://pt.netacad.net
New protocol support and some highlights:
* IPv6

* Multi-Area OSPF

* Route Redistribution

* Multilayer Switch (3560)

* SSH

* RSTP

* Frame Relay update

* Interface range

* Different grades for different commands in labs

* Possibility for locking PT to the student’s name

A release for the beta testers will be released probably on 28th of February 2008, and a final public release is planned for the beginning of this summer.

Free Download:
Total Size: 28 MB
http://rapidshare.com/files/124714219/PacketTracer5_Beta4_setup.rar.html

Static Routing vs. Dynamic Routing

Static vs. Dynamic Routing
Static routing is performed using a preconfigured routing table which remains in effect indefinitely, unless it is changed manually by the user. This is the most basic form of routing, and it usually requires that all machines have statically configured addresses, and definitely requires that all machines remain on their respective networks. Otherwise, the user must manually alter the routing tables on one or more machines to reflect the change in network topology or addressing. Usually at least one static entry exists for the network interface, and is normally created automatically when the interface is configured.
Dynamic routing uses special routing information protocols to automatically update the routing table with routes known by peer routers. These protocols are grouped according to whether they are Interior Gateway Protocols (IGPs) or Exterior Gateway Protocols. Interior gateway protocols are used to distribute routing information inside of an Autonomous System (AS). An AS is a set of routers inside the domain administered by one authority. Examples of interior gateway protocols are OSPF and RIP. Exterior gateway protocols are used for inter-AS routing, so that each AS may be aware of how to reach others throughout the Internet. Examples of exterior gateway protocols are EGP and BGP. See RFC 1716 [11] for more information on IP router operations.

Direct Routing vs. Indirect Routing

Direct vs. Indirect Routing
Direct routing was observed in the first example when A communicated with C. It is also used in the last example for A to communicate with B. If the packet does not need to be forwarded, i.e. both the source and destination addresses have the same network number, direct routing is used.
Indirect routing is used when the network numbers of the source and destination do not match. This is the case where the packet must be forwarded by a node that knows how to reach the destination (a router).
In the last example, A wanted to send a packet to E. For A to know how to reach E, it must be given routing information that tells it who to send the packet to in order to reach E. This special node is the "gateway" or router between the two networks. A Unix-style method for adding a routing entry to A is:
route add [destination_ip] [gateway] [metric]
Where the metric value is the number of hops to the destination. In this case,
route add 200.1.3.3 200.1.2.3 1
will tell A to use C as the gateway to reach E. Similarly, for E to reach A,
route add 200.1.2.1 200.1.3.10 1
will be used to tell E to use C as the gateway to reach A. It is necessary that C have two IP addresses - one for each network interface. This way, A knows from C's IP address that it is on its own network, and similarly for E. Within C, the routing module will know from the network number of each interface which one to use for forwarding IP packets.In most cases it will not be necessary to manually add this routing entry. It would normally be sufficient to set up C as the default gateway for all other nodes on both networks. The default gateway is the IP address of the machine to send all packets to that are not destined to a node on the directly-connected network. The routing table in the default gateway will be set up to forward the packets properly

Basic IP Routing

Basic IP Routing
Classed IP Addressing and the Use of ARP
Consider a small internal TCP/IP network consisting of one Ethernet segment and three nodes. The IP network number of this Ethernet segment is 200.1.2. The host numbers for A, B, and C are 1, 2, and 3 respectively. These are Class C addresses, and therefore allow for up to 254 nodes on this network segment.

Each of these nodes have corresponding Ethernet addresses, which are six bytes long. They are normally written in hexadecimal form separated by dashes (02-FE-87-4A-8C-A9 for example).


In the diagram above and subsequent diagrams, we have emphasized the network number portion of the IP address by showing it in red.

Suppose that A wanted to send a packet to C for the first time, and that it knows C's IP address. To send this packet over Ethernet, A would need to know C's Ethernet address. The Address Resolution Protocol (ARP) is used for the dynamic discovery of these addresses [1].

ARP keeps an internal table of IP address and corresponding Ethernet address. When A attempts to send the IP packet destined to C, the ARP module does a lookup in its table on C's IP address and will discover no entry. ARP will then broadcast a special request packet over the Ethernet segment, which all nodes will receive. If the receiving node has the specified IP address, which in this case is C, it will return its Ethernet address in a reply packet back to A. Once A receives this reply packet, it updates its table and uses the Ethernet address to direct A's packet to C. ARP table entries may be stored statically in some cases, or it keeps entries in its table until they are "stale" in which case they are flushed.

Consider now two separate Ethernet networks that are joined by a PC, C, acting as an IP router (for instance, if you have two Ethernet segments on your server).


Device C is acting as a router between these two networks. A router is a device that chooses different paths for the network packets, based on the addressing of the IP frame it is handling. Different routes connect to different networks. The router will have more than one address as each route is part of a different network.

Since there are two separate Ethernet segments, each network has its own Class C network number. This is necessary because the router must know which network interface to use to reach a specific node, and each interface is assigned a network number. If A wants to send a packet to E, it must first send it to C who can then forward the packet to E. This is accomplished by having A use C's Ethernet address, but E's IP address. C will receive a packet destined to E and will then forward it using E's Ethernet address. These Ethernet addresses are obtained using ARP as described earlier.

If E was assigned the same network number as A, 200.1.2, A would then try to reach E in the same way it reached C in the previous example - by sending an ARP request and hoping for a reply. However, because E is on a different physical wire, it will never see the ARP request and so the packet cannot be delivered. By specifying that E is on a different network, the IP module in A will know that E cannot be reached without having it forwarded by some node on the same network as A.

TCP/IP and IPX Routing Tutorial

TCP/IP and IPX Routing Tutorial
Introduction
This tutorial is intended to supply enough information to set up a relatively simple WAN or Internet-connected LAN using WANPIPE® router cards or other routers. Explanations of IP addresses, classes, Netmask asks, subnetting, and routing are provided, and several example networks are considered. Example address and routing configurations are provided for running WANPIPE® router cards under the following protocol stacks and platforms: Unix and Linux, Microsoft TCP/IP on Windows NT Workstation/Server and Windows 95, and others. A basic explanation of IPX routing is also included.

All brand names and product names are trademarks of their respective companies.

The IP Address and Classes
Hosts and networks
IP addressing is based on the concept of hosts and networks. A host is essentially anything on the network that is capable of receiving and transmitting IP packets on the network, such as a workstation or a router. It is not to be confused with a server: servers and client workstations are all IP hosts.

The hosts are connected together by one or more networks. The IP address of any host consists of its network address plus its own host address on the network. IP addressing, unlike, say, IPX addressing, uses one address containing both network and host address. How much of the address is used for the network portion and how much for the host portion varies from network to network.

IP addressing
An IP address is 32 bits wide, and as discussed, it is composed of two parts: the network number, and the host number [1, 2, 3]. By convention, it is expressed as four decimal numbers separated by periods, such as "200.1.2.3" representing the decimal value of each of the four bytes. Valid addresses thus range from 0.0.0.0 to 255.255.255.255, a total of about 4.3 billion addresses. The first few bits of the address indicate the Class that the address belongs to:

Class Prefix Network Number Host Number
A 0 Bits 0-7 Bits 8-31
B 10 Bits 1-15 Bits 16-31
C 110 Bits 2-24 Bits 25-31
D 1110 N/A
E 1111 N/A

The bits are labeled in network order, so that the first bit is bit 0 and the last is bit 31, reading from left to right. Class D addresses are multicast, and Class E are reserved. The range of network numbers and host numbers may then be derived:

Class Range of Net Numbers Range of Host Numbers
A 0 to 126 0.0.1 to 255.255.254
B 128.0 to 191.255 0.1 to 255.254
C 192.0.0 to 254.255.255 1 to 254

Any address starting with 127 is a loop back address and should never be used for addressing outside the host. A host number of all binary 1's indicates a directed broadcast over the specific network. For example, 200.1.2.255 would indicate a broadcast over the 200.1.2 network. If the host number is 0, it indicates "this host". If the network number is 0, it indicates "this network" [2]. All the reserved bits and reserved addresses severely reduce the available IP addresses from the 4.3 billion theoretical maximum. Most users connected to the Internet will be assigned addresses within Class C, as space is becoming very limited. This is the primary reason for the development of IPv6, which will have 128 bits of address space.

What is an IP address?

Every machine on the Internet­ has a unique identifying number, called an IP Address. A typical IP address looks like this:


216.27.61.137

­To make it easier for us humans to remember, IP addresses are normally expressed in decimal format as a "dotted decimal number" like the one above. But computers communicate in binary form. Look at the same IP address in binary:



11011000.00011011.00111101.10001001

­­The four numbers in an IP address are called octets, because they each have eight positions when viewed in binary form. If you add all the positions together, you get 32, which is why IP addresses are considered 32-bit numbers. Since each of the eight positions can have two different states (1 or 0) the total number of possible combinations per octet is 28 or 256. So each octet can contain any value between 0 and 255. Combine the four octets and you get 232 or a possible 4,294,967,296 unique values!

Out of the almost 4.3 billion possible combinations, certain values are restricted from use as typical IP addresses. For example, the IP address 0.0.0.0 is reserved for the default network and the address 255.255.255.255 is used for broadcasts.
The octets serve a purpose other than simply separating the numbers. They are used to create classes of IP addresses that can be assigned to a particular business, government or other entity based on size and need. The octets are split into two sections: Net and Host. The Net section always contains the first octet. It is used to identify the network that a computer belongs to. Host (sometimes referred to as Node) identifies the actual computer on the network. The Host section always contains the last octet. There are five IP classes plus certain special addresses:


Default Network - The IP address of 0.0.0.0 is used for the default network.

Class A - This class is for very large networks, such as a major international company might have. IP addresses with a first octet from 1 to 126 are part of this class. The other three octets are used to identify each host. This means that there are 126 Class A networks each with 16,777,214 (224 -2) possible hosts for a total of 2,147,483,648 (231) unique IP addresses. Class A networks account for half of the total available IP addresses. In Class A networks, the high order bit value (the very first binary number) in the first octet is always 0.
Net Host or Node
115. 24.53.107



Loopback - The IP address 127.0.0.1 is used as the loopback address. This means that it is used by the host computer to send a message back to itself. It is commonly used for troubleshooting and network testing.

IP Address

IP Address

An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.
Within an isolated network, you can assign IP addresses at random as long as each one is unique. However, connecting a private network to the Internet requires using registered IP addresses (called Internet addresses) to avoid duplicates.
The four numbers in an IP address are used in different ways to identify a particular network and a host on that network. Four regional Internet registries -- ARIN, RIPE NCC, LACNIC and APNIC -- assign Internet addresses from the following three classes.
Class A - supports 16 million hosts on each of 126 networks
Class B - supports 65,000 hosts on each of 16,000 networks
Class C - supports 254 hosts on each of 2 million networks
The number of unassigned Internet addresses is running out, so a new classless scheme called CIDR is gradually replacing the system based on classes A, B, and C and is tied to adoption of IPv6.

Firewalls - Hardware Versus Software

The system that provides the barrier between the outside world and your computer is the firewall. The firewall examines all of the traffic that your computer sends and that comes to your computer. It will only open its gates if the traffic is on an allowed list of traffic sources and destinations. This vital computer system is nearly a requirement on all computer systems in order to protect them from viruses, worms, Trojans, and other threats. The question becomes: Should one choose a hardware firewall option, or a software option?
To better decide, it is beneficial to talk about what a firewall does. The firewall is a computing device whose sole purpose is to monitor and filter traffic. Internet communication is a process not unlike a major highway system. When you enter a address into your browser, your computer sends a signal along a network route (numbered by a port number) to another computer (described by an IP address). The port number can be between 1 and 65535, while the IP address is four numbers each between 0 and 255. The firewall will note the port and IP of each request, and based upon a set of rules the firewall will either allow or block the request. At the minimum, it will record the numbers of traffic going either way, giving a log of traffic for later review.
The difference between a hardware and software firewall arises from where the firewall sits and the mechanism it works with. A hardware firewall is a separate computing device which sits between the computer and the outside world. When the computer sends a request and the outside world replies, the firewall will review and log the request before it passes the firewall. A software firewall sits on the computer being protected reviewing all requests on the software level. Both work to protect the computer from threats entering the computer, and an infection sending data into the outside world.
The hardware firewall has the benefit of separating your computer from the process. It will review the traffic before it reaches the computer. This extends a protection that the software does not possess. The hardware firewall also has the benefit of its own resources. The firewall can also hold intelligence, filtering packets by not only where it said they came from, but where they actually came from, and their contents to an extent. The hardware firewall can also protect a number of computers on the network, as multiple computers can be on the computer side.
The shortcoming of the hardware firewall is that it does not look as hard at outgoing traffic. This can be a big problem, as some malicious programs could transmit data or launch attacks from your computer. Also, if too many computers are on the network, then the firewall will get bogged down with traffic requests, slowing the entire network down.
Software firewalls work on the individual computer. The user can choose specific programs to allow sending traffic to the outside world, and the protocol for other programs. It can be configured to deny everything but what is listed on a safe list, or it can prompt you to decide of you want to keep the site on the safe list. The big problem with the software filter is that it will only protect the computer it is on. As a result, if there are a number of computers on the network, each will need its own firewall, making it more complex to setup the network.
The question of which is better is a challenging one. Each has its own strengths. The hardware firewall is good at blocking direct intrusions and any incoming malicious code. The software firewall is better at identifying Trojans and email viruses trying to turn your computer into a zombie terminal (one that launches denial of service attacks or spam messages).
The minimum amount of protection that should be had is a hardware firewall. Upgrades and additions to your computer and its network will not affect your network security and firewall. To boost the protection, supplanting the hardware firewall with the addition of a software firewall will give a near complete protection passage. No protection is perfect; so long as there is an internet connection, then there is a possibility for someone who is highly skilled getting into your computer. The addition of firewalls will deter most attackers and block automatic, malicious scripts.

The Differences and Features of Hardware & Software Firewalls

A firewall is a protective system that lies, in essence, between your computer network and the Internet. When used correctly, a firewall prevents unauthorized use and access to your network. The job of a firewall is to carefully analyze data entering and exiting the network based on your configuration. It ignores information that comes from an unsecured, unknown or suspicious locations. A firewall plays an important role on any network as it provides a protective barrier against most forms of attack coming from the outside world.
Firewalls can be either hardware or software. The ideal firewall configuration will consist of both. In addition to limiting access to you computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins.
While many people do not completely understand the importance and necessity of a firewall, or consider it to be a product for businesses only, if your network or computer has access to the outside world via the Internet then you need have a firewall to protect your network, individual computer and data therein.

Hardware Firewalls.

Hardware firewalls can be purchased as a stand-alone product but more recently hardware firewalls are typically found in broadband routers, and should be considered an important part of your system and network set-up, especially for anyone on a broadband connection. Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available.
A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped.
As with any electronic equipment, a computer user with general computer knowledge can plug in a firewall, adjust a few settings and have it work. To ensure that your firewall is configured for optimal security and protect however, consumers will no doubt need to learn the specific features of their hardware firewall, how to enable them, and how to test the firewall to ensure its doing a good job of protecting your network.
Not all firewalls are created equal, and to this end it is important to read the manual and documentation that comes with your product. Additionally the manufacturer's Web site will usually provide a knowledgebase or FAQ to help you get started. To test your hardware firewall security, you can purchase third-party test software or search the Internet for a free online-based firewall testing service. Firewall testing is an important part of maintenance to ensure your system is always configured for optimal protection.

Software Firewalls

For individual home users, the most popular firewall choice is a software firewall. Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer, and, depending on your choice of software firewall, it could also provide protection against the most common Trojan programs or e-mail worms. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system. Additionally, software firewalls may also incorporate privacy controls, web filtering and more. The downside to software firewalls is that they will only protect the computer they are installed on, not a network, so each computer will need to have a software firewall installed on it.
Like hardware firewalls there is a vast number of software firewalls to choose from. To get started you may wish to read reviews of software firewalls and search out the product Web site to glean some information first. Because your software firewall will always be running on your computer, you should make note of the system resources it will require to run and any incompatibilities with your operating system. A good software firewall will run in the background on your system and use only a small amount of system resources. It is important to monitor a software firewall once installed and to download any updates available from the developer.
The differences between a software and hardware firewall are vast, and the best protection for your computer and network is to use both, as each offers different but much-needed security features and benefits. Updating your firewall and your operating system is essential to maintaining optimal protection, as is testing your firewall to ensure it is connected and working correctly.

Microsoft Press - MCSE MCSA Exam 70-292 296 Upgrading Your Certification to Windows Server 2003

MCSA/MCSE Training 70-292/70-296: Upgrade Certification W2003 Server
Manufacturer Part Number: 0-7356-1971-9

Publisher: Microsoft Press

Series: MCSA/MCSE Self-Paced Training Kit Series
Here's the book you need to prepare for Exams 70-292 and 70-296. This Study Guide provides:
In-depth coverage of every exam objective
Practical information on planning, implementing, and maintaining a Windows Server 2003 Environment
Hundreds of challenging practice questions
Leading-edge exam preparation software, including a test engine, electronic flashcards, and simulation software

Authoritative coverage of all exam objectives:

Exam 70-292: Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA Certified on Windows 2000
Managing users, computers, and groups
Managing and maintaining access to resources
Managing and maintaining a server environment
Managing and implementing disaster recovery
Implementing, managing, and maintaining name resolution
Implementing, managing, and maintaining network security

Exam 70-296: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003

Environment for an MCSE Certified on Windows 2000
Planning and implementing server roles and server security
Planning, implementing, and maintaining a network infrastructure
Planning, implementing, and maintaining server availability
Planning and maintaining network security
Planning, implementing, and maintaining security infrastructure
Planning and implementing an active directory infrastructure
Managing and maintaining an active directory infrastructure
Planning and implementing user, computer, and group strategies
Planning and implementing group policy
Managing and maintaining group policy

Dowload PDF:

Microsoft Press - MCSE MCSA Exam 70-292 296 Upgrading Your Certification to Windows Server 2003.pdf

mcse upgrade, 70-292, 70 292, mcse, mcp, mcsa, ms 70 292, pass 70 292, microsoft, mcse 70 292, 70-296, Upgrading MCSA, upgrade mcse, mcse, cbt, computer based training, online training, elearning, e-learning. ms2297,MCSE 2003,computer,certification,training,MCSA,MCP,A+,Network+,N+,Security+,S+,Linux+,Cisco,CCNA,Network Security,certification classes,hybrid training,blended training. MCSE, MCSA, MCDBA, MCSD, MCAD, Microsoft, certification, books, braindumps, brain dumps, exams, resources, study, guides, reviews, training, benefits, requirements, certified, developer, database, administrator, systems, engineer, application, test, Windows, SQL Server, Visual Studio, Visual Basic. MCSA/MCSE Self-Paced Training Kit (Exam 70-292 and 70-296), MCSA/MCSE Self-Paced Training Kit Series, BARNES & NOBLE - Find MCSA/MCSE Self-Paced Training Kit