Friday, April 26, 2013

Hiding Routing Path for the Traceroute Applications by Looping Traceroute Packets

How Traceroute Works?

 There are several Traceroute Applications including tracert, traceroute etc..  each of them use different protocols although the method is the same.
ex : Tracert uses ICMP echo   while Traceroute uses UDP protocol.

 so in this Lab i configured this Looping method only for tracing applications which use ICMP echo and UDP protocols.

 the common method is Tracing application sends a packet or packets (= Probe count) to Destination IP by increasing its TTL value in the IP header step by step. each nod or layer 3 device normally decrease packet TTL when it got the packet. as soon as TTL is equal 0 router will send an ICMP time exceed error packet to the tracing application's nod.

Steps to Configure

 1st Step

 Create an ACL to filter Tracing Packets.. it can be filtered in several ways.
ex: by TTL value , protocols or source/destination ip..
but i use TTL value for filtering.
2nd Step

 Create a Route-map and matches the ACL and define the Action
in this case action is route packet to the specific next-hop
3rd Step

 Apply Route-map for an Interface



This Looping Method i used also called Policy based Route or PBR

Topology



Loop Occurs between R2 interface fa1/0 and R3 interface fa1/0

Configurations

R1 Configs...
 !  
 !  
 interface Loopback0  
  ip address 1.1.1.1 255.255.255.255  
 !  
 interface FastEthernet0/0  
  ip address 10.0.0.1 255.255.255.252  
  duplex full  
 !  
 interface FastEthernet1/0  
  ip address 192.168.1.1 255.255.255.0  
  duplex half  
 !  
 router eigrp 1  
  network 1.1.1.1 0.0.0.0  
  network 10.0.0.0 0.0.0.3  
  network 192.168.1.0  
  no auto-summary  
 !


R2 Configs...
   
 !  
 !  
 interface Loopback0  
  ip address 2.2.2.2 255.255.255.255  
 !  
 interface FastEthernet0/0  
  mac-address 0000.2222.0000  
  ip address 10.0.0.5 255.255.255.252  
  duplex full  
  speed auto  
 !  
 interface FastEthernet0/1  
  mac-address 0000.2222.1111  
  ip address 10.0.0.2 255.255.255.252  
  ip policy route-map ICMP_MAP  
  duplex full  
  speed auto  
 !  
 interface FastEthernet1/0  
  mac-address 0000.2222.2222  
  ip address 10.0.0.13 255.255.255.252  
  ip policy route-map ICMP_MAP  
  duplex half  
 !  
 router eigrp 1  
  network 2.2.2.2 0.0.0.0  
  network 10.0.0.0 0.0.0.3  
  network 10.0.0.4 0.0.0.3  
  no auto-summary  
 !  
 ip access-list extended ROUND_ICMP  
  permit udp any any ttl lt 35  
  permit icmp any any traceroute  
  permit icmp any any ttl lt 35  
 !  
 logging alarm informational  
 !  
 !  
 !  
 route-map ICMP_MAP permit 5  
  match ip address ROUND_ICMP  
  set ip next-hop 10.0.0.14  
 !  
 !

R3 Configs...
   
 !  
 interface Loopback0  
  ip address 3.3.3.3 255.255.255.255  
 !  
 interface FastEthernet0/0  
  mac-address 0000.3333.0000  
  ip address 10.0.0.10 255.255.255.252  
  ip policy route-map ICMP_MAP  
  duplex full  
  speed auto  
 !  
 interface FastEthernet0/1  
  mac-address 0000.3333.1111  
  ip address 10.0.0.6 255.255.255.252  
  duplex full  
  speed auto  
 !  
 interface FastEthernet1/0  
  mac-address 0000.3333.3333  
  ip address 10.0.0.14 255.255.255.252  
  ip policy route-map ICMP_MAP  
  duplex half  
 !  
 router eigrp 1  
  network 3.3.3.3 0.0.0.0  
  network 10.0.0.4 0.0.0.3  
  network 10.0.0.8 0.0.0.3  
  no auto-summary  
 !  
 !  
 ip access-list extended ROUND_ICMP  
  permit udp any any ttl lt 35  
  permit icmp any any traceroute  
  permit icmp any any ttl lt 35  
 !  
 logging alarm informational  
 !  
 !  
 !  
 route-map ICMP_MAP permit 5  
  match ip address ROUND_ICMP  
  set ip next-hop 10.0.0.13  
 !  
 !

R4 Configs...
 !  
 interface Loopback0  
  ip address 4.4.4.4 255.255.255.255  
 !  
 interface FastEthernet0/0  
  ip address 10.0.0.9 255.255.255.252  
  duplex full  
 !  
 router eigrp 1  
  network 4.4.4.4 0.0.0.0  
  network 10.0.0.8 0.0.0.3  
  no auto-summary  
 !


That's it... :)

Any trouble ?? Please comment.. Thank you 


Wrote By at No comments:

Monday, April 01, 2013

CCNA - Frame-Relay and PPP (PPPoFR - PPP over Frame-relay) - Lab 1



Why PPPoFR ?

well , the answer is 'PPP support additional features than Frame-Relay'.

what are those features?

In basic , PPP features Authentication , Data compression , Multilinks etc..
with frame-relay , we couldn't Authenticate the peer , couldn't Compress data , also  couldn't bundle PVCs. Using the PPP with FR we can overcome all those disadvantages.

Configuring PPPoFR is not difficult.
First  configure the Serial port with the encapsulation of Frame-Relay
Then we need to configure Frame-relay to use PPP.
PPP configurations are done using a Virtual-template.


Here are the complete Configurations of the above Topology.

Site1 Configurations
 username SITE2 password 0 cisco  
 !  
 !   
 !  
 !  
 !  
 !  
 !  
 interface Loopback0  
  ip address 1.1.1.1 255.255.255.255  
 !  
 interface FastEthernet0/0  
  no ip address  
  shutdown  
  duplex half  
 !  
 interface Serial1/0  
  no ip address  
  encapsulation frame-relay  
  serial restart-delay 0  
  frame-relay interface-dlci 101 ppp Virtual-Template1  
 !  
 interface Serial1/1  
  no ip address  
  shutdown  
  serial restart-delay 0  
 !  
 interface Serial1/2  
  no ip address  
  shutdown  
  serial restart-delay 0  
 !  
 interface Serial1/3  
  no ip address  
  shutdown  
  serial restart-delay 0  
 !  
 interface Virtual-Template1   
  ip address 10.0.0.1 255.255.255.252  
  ppp authentication chap  
  ppp chap hostname SITE1  
  ppp chap password 0 cisco  
 !  
 router eigrp 1  
  network 1.1.1.1 0.0.0.0  
  network 10.0.0.0 0.0.0.3  
  no auto-summary  
 !


Site2 Configurations
 username SITE1 password 0 cisco  
 !  
 !   
 !  
 !  
 !  
 !  
 !  
 interface Loopback0  
  ip address 2.2.2.2 255.255.255.255  
 !  
 interface FastEthernet0/0  
  no ip address  
  shutdown  
  duplex half  
 !  
 interface Serial1/0  
  no ip address  
  encapsulation frame-relay  
  serial restart-delay 0  
  frame-relay interface-dlci 201 ppp Virtual-Template1  
 !  
 interface Serial1/1  
  no ip address  
  shutdown  
  serial restart-delay 0  
 !  
 interface Serial1/2  
  no ip address  
  shutdown  
  serial restart-delay 0  
 !  
 interface Serial1/3  
  no ip address  
  shutdown  
  serial restart-delay 0  
 !  
 interface Virtual-Template1   
  ip address 10.0.0.2 255.255.255.252  
  ppp authentication chap  
  ppp chap hostname SITE2  
  ppp chap password 0 cisco  
 !  
 router eigrp 1  
  network 2.2.2.2 0.0.0.0  
  network 10.0.0.0 0.0.0.3  
  no auto-summary  
 !

first , PPP LCP authenticate the Peer.
Then Handover the control to the PPP NCP (in this case its IPCP)

Sending Data is encapsulated by the IP protocol then there are two protocols at the Layer 2. PPP and FR. but PPP will encapsulate the Packet after IP layer because the Main Layer 2 protocol should be the FR. so FR will finally encapsulate the Frame and pass to the Physical layer.

If you have Questions regarding FR or PPP , Please Comment it. Thank you...
Wrote By at No comments:
Subscribe to: Posts (Atom)