Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing data within an autonomous system. IGRP is a proprietary protocol. IGRP was created in part to overcome the limitations of RIP (maximum hop count of only 15, and a single routing metric) when used within large networks. IGRP supports multiple metrics for each route, including bandwidth, delay, load, MTU, and reliability; to compare two routes these metrics are combined together into a single metric, using a formula which can be adjusted through the use of pre-set constants. The maximum hop count of IGRP-routed packets is 255 (default 100), and routing updates are broadcast every 90 seconds (by default). IGRP is considered a classful routing protocol. Because the protocol has no field for a subnet mask, the router assumes that all interface addresses within the same Class A, Class B, or Class C network have the same subnet mask as the subnet mask configured for the interfaces in question. This contrasts with classless routing protocols that can use variable length subnet masks. Classful protocols have become less popular as they are wasteful of IP address space. What is IGRP?
IGRP Network
IGRP is a protocol that allows gateways to build up their routing table by exchanging information with other gateways. A gateway starts out with entries for all of the networks that are directly connected to it. It gets information about other networks by exchanging routing updates with adjacent gateways. In the simplest case, the gateway will find one path that represents the best way to get to each network. A path is characterized by the next gateway to which packets should be sent, the network interface that should be used, and metric information. Metric information is a set of numbers that characterize how good the path is. This allows the gateway to compare paths that it has heard from various gateways and decide which one to use. There are often cases where it makes sense to split traffic between two or more paths. IGRP will do this whenever two or more paths are equally good. The user can also configure it to split traffic when paths are almost equally good. In this case more traffic will be sent along the path with the better metric. The intent is that traffic can be split between a 9600 bps line and a BPS line, and the line will get roughly twice as much traffic as the 9600 BPS line. The metrics used by IGRP include the following: Topological delay time Bandwidth of the narrowest bandwidth segment of the path Channel occupancy of the path Reliability of the path The Role of Metrics
As routing has evolved many different routing protocols have been developed. As such, the need to have multi-protocol routing has been forced. One of the earliest forms of routing, RIP, is still used, it has the limitations of 15 “hops”. RIP needs to work with IGRP but RIP can not be changed, as such IGRP has algorithms for working with RIP. Many different routing protocols have the tools to deal with other routing protocols. Multi-protocol Routing
Access Lists are filters on a specific port of a router or smart switch. An access list decides if a packet is to be routed or if it is to be dropped. The access list is a group of statements. Each statement defines a pattern that would be found in an IP packet. As each packet comes through an interface with an associated access list, the list is scanned from top to bottom--in the exact order that it was entered--for a pattern that matches the incoming packet. A permit or deny rule associated with the pattern determines that packet's fate. You also can use a mask, which is like a wild card, to determine how much of an IP source or destination address to apply to the pattern match. The pattern statement also can include a TCP or UDP (User Datagram Protocol) port number. Access list statements are entered one line at a time, and the list is scanned for a match in that same order. If you must make a change, you have to re-enter the entire list. Also, keep in mind that once you associate the list with an interface, any packet not processed by the list is dropped by default. Once the access list is entered, you must associate it with the interface on the router where you want to apply the filtering. You can apply the list to incoming packets, (an "in" access list) or outgoing packets (an "out" access list). In most cases, either list will work. For out access lists, you need to set up the filter only on the one outgoing interface rather than on the individual incoming interfaces. This improves performance because only the network you are protecting will force a lookup on the access list. Access Lists
Sample Access List Setup
Standard Access Lists Access lists are generally broken into 2 major groups, standard and extended. Standard access lists only operate on the Network layer of the OSI model. These are used to block or permit networks from reaching other networks. For example, suppose I have a network with a web server on it. I would like to have the router filter traffic going to that webserver so that only a few home users and all users at work can access that machine. I could use a standard access list to permit these allowed hosts and deny traffic from every other host on the Internet. To enable an access list such as this for IP, we need to configure an access list in the range of 1 to 99. For example: access-list 1 permit The first part shows "access-list" which is what all access lists start with, regardless of what network technology is used. The next part is "1" which specifies the # of the access list. To add additional rules to this list, you would start each line with "access-list 1". Permit indicates to the router that this is a rule specifying what should be allowed. Next is the network and subnet mask pair. Notice, however, that the subnet mask is inversed. Normally, for a /24 you would use a netmask of , but in access-lists, the subnet masks are inversed so that becomes The 255 in this case means ignore the last octet of the address when looking for a matching packet. Standard ACLs
Extended access lists function on both layer 3 and 4 of the OSI model. That is, they allow you to filter not only by network address but also by the type of traffic that is being sent or received. Extended access lists are much more flexible and allow for much greater control of traffic into and out of your network than standard access lists. Let's go through an example to see how extended access-lists work. fred# config t fred(config)# access-list udp 100 permit any eq 53 fred(config)# access-list tcp 100 permit any eq 25 fred(config)# access-list tcp 100 deny fred(config)# access-list tcp 100 permit any any fred(config)# int s1 fred(config-if)# ip access-group 100 in fred(config-if)# exit fred(config)# exit The first line takes into configuration mode so that we can setup our access list. The next line configures access list 100 to permit any traffic from /24 to reach our network on port 53. I know that this is for inbound traffic because of the line that says "ip access-group 100 in". When designing access lists, it is important to know before hand how you are designing your access-list whether for inbound or outbound traffic. The third line specifies that SMTP traffic from /24 is to be allowed into our network. Next, traffic from /24 is not allowed to go to the network /24. Finally, any traffic that did not match any of the above rules is allowed by the line that says "access-list tcp 100 permit any any". Extended ACLs
Named ACLs are much the same as Standard or Extended ACLs except that they give ACLs names instead of numbers.If your router is running IOS 11.2 or higher, you can create named access lists. Instead of choosing a number between 1-99 for standard IP access lists, you can use a custom name allowing for more lists and more convenient management. The commands to create a named access list are different for standard and extended access lists. To create a named access list, use the following command in global configuration mode: router(config)#ip access-list {standard | extended} name This command will take you into access-list configuration mode where you can define the deny and permit rules. For example to create a named access list with the name wwwfilter and permit only access from the networks , and use the following commands: router(config)#ip access-list standard wwwfilter router(config-std-nacl)#permit router(config-std-nacl)#permit router(config-std-nacl)#permit Use the exit command to exit access-list configuration mode. A named list is applied to an interface in the same way as with numbered lists: router(config-if)#ip access-group wwwfilter out Named ACLs
Setting up Server 2003 We will be setting up Server 2003, beginning from the setup of Server 2003 and ending with the configuration of core Server 2003 roles. Install Server 2003 as instructed. Setup a static IP. Setup Active Directory. Setup DNS. Setup DHCP. Connect Windows XP computer to the domain. Practical