Semester 3 :- Module 1: Introduction to Classless Routing

Semester 3 

Module 1: Introduction to Classless Routing

Overview

Network administrators must anticipate and manage the physical growth of networks. This may require them to buy or lease another floor of a building for new network equipment such as racks, patch panels, switches, and routers. Network designers must choose address schemes that allow for growth. Variable-length subnet mask (VLSM) is used to create efficient and scalable address schemes.
Almost every enterprise must implement an IP address scheme. Many organizations select TCP/IP as the only routed protocol to run on their networks. Unfortunately, the architects of TCP/IP did not predict that the protocol would eventually sustain a global network of information, commerce, and entertainment.
IPv4 offered an address strategy that was scalable for a time before it resulted in an inefficient allocation of addresses. IPv4 may soon be replaced with IP version 6 (IPv6) as the dominant protocol of the Internet. IPv6 has virtually unlimited address space and implementation has begun in some networks. Over the past two decades, engineers have successfully modified IPv4 so that it can survive the exponential growth of the Internet. VLSM is one of the modifications that has helped to bridge the gap between IPv4 and IPv6.
Networks must be scalable since the needs of users evolve. When a network is scalable it is able to grow in a logical, efficient, and cost-effective way. The routing protocol used in a network helps determine the scalability of the network. It is important to choose the routing protocol wisely. Routing Information Protocol version 1 (RIP v1) is suitable for small networks. However, it is not scalable to large networks. RIP version 2 (RIP v2) was developed to overcome these limitations.
This module covers some of the objectives for the CCNA 640-801 and ICND 640-811 exams.
Students who complete this module should be able to perform the following tasks:

• Define VLSM and briefly describe the reasons for its use
• Divide a major network into subnets of different sizes using VLSM
• Define route aggregation and summarization as they relate to VLSM
• Configure a router using VLSM
• Identify the key features of RIP v1 and RIP v2
• Identify the important differences between RIP v1 and RIP v2
• Configure RIP v2
• Verify and troubleshoot RIP v2 operation

Configure default routes using the ip route and ip default-network commands

Summary Module 11 ACLs

 Summary Module 11 ACLs

This page summarizes the topics discussed in this module.

ACLs are lists of conditions that are applied to traffic that travels across a router interface. They can be created for all routed network protocols such as IP and IPX. Packets are accepted or denied based on these lists.

Network administrators create ACLs to control network access. ACLs provide the ability to limit network traffic, increase performance, and manage security issues. ACL statements operate in sequential, logical order. When a condition is matched as true, the packet is permitted or denied and the rest of the ACL statements are not checked. If all the ACL statements are unmatched, an implicit deny any statement is placed at the end of the list by default. The invisible deny any statement at the end of the ACL will not allow unmatched packets to be accepted. When first learning how to create ACLs, it is a good idea to add the deny any at the end of ACLs to reinforce the dynamic presence implicit deny.

ACLs are created in the global configuration mode and the basic rules should be applied. Each ACL on a router must be configured with a unique number or a name. When a numbered ACL is used, the number identifies the type of access list. Numbered ACLs may be either standard or extended, and must fall within the specific range of numbers that is valid for that type of list . Standard IP ACLs use the numbers from 1 to 99. Extended IP ACLs use the numbers from 100 to 199. ACLs are created by entering the command access-list. Once created, the list is then assigned to the proper interface.

The placement of an ACL has a great impact on network efficiency. The general rule is to put the extended ACLs as close as possible to the source of the traffic denied. Standard ACLs do not specify destination addresses, so they should be placed as close to the destination as possible.

A wildcard mask is a 32-bit quantity that is divided into four octets. The numbers one and zero in the mask are used to determine the treatment of the corresponding IP address bits. In the wildcard mask process, the IP address in the access-list statement has the wildcard mask applied to it. This creates the match value, which compares the two and determines whether the packet should be processed by this ACL statement, or sent to the next statement to be checked.

The show ip interface command displays IP interface information and indicates whether any ACLs are set. The show access-lists command displays the contents of all ACLs on the router. To see a specific list, add the ACL name or number as an option for this command. The show running-config command will also display the access lists on a router and the interface assignment information.

Standard ACLs check the source IP address of packets that are routed. The ACL will permit or deny access based on the network, subnet, and host address. Extended ACLs are used more often than standard ACLs because they provide a greater range of control. Extended ACLs check the source and destination packet addresses and can also check for protocols and port numbers. A named ACL may be either an extended or standard ACL. Named ACLs provide the ability to modify ACLs without deleting and then reconfiguring them. A named access list will allow the deletion of statements but will only allow for statements to be inserted at the end of a list

Restricting virtual terminal access

Restricting virtual terminal access 

 11.2.6

This page will explain how ACLs are created for virtual ports.

Standard and extended access lists apply to packets that travel through a router. They are not designed to block packets that originate within the router. An outbound Telnet extended access list does not prevent router initiated Telnet sessions, by default.

Just as there are physical ports or interfaces, such as Fa0/0 and S0/0 on the router, there are also virtual ports. These virtual ports are called vty lines. There are five vty lines, which are numbered 0 through 4, as shown in Figure . For security purposes, users can be denied or permitted virtual terminal access to the router but denied access to destinations from that router.

The purpose of restricted vty access is increased network security. The Telnet protocol can also be used to create a nonphysical vty connection to the router. There is only one type of vty access list. Identical restrictions should be placed on all vty lines since it is not possible to control the line on which a user will connect.

The process to create the vty access list is the same as described for an interface. However, applying the ACL to a terminal line requires the access-class command instead of the access-group command.

The following should be considered when configuring access lists on vty lines:

• A name or number can be used to control access to an interface.
• Only numbered access lists can be applied to virtual lines.
• Identical restrictions should be set on all the virtual terminal lines, because a user can attempt to connect to any of them.

In the second Lab Activity, students will use ACLs to control IP traffic.

This page concludes this lesson. The next page will summarize the main points from this module.