IT205 Fundamentals of NetworkingFundamentals of NetworkingKurtis PalmateerMarch 22, 2014

Table of ContentsNetworking Concepts4Network Topologies4Bus Topology4Ring Topology5Star Topology5Definitions6Ethernet6Protocol6Secure Shell Protocol7Networking Models9Network Addresses9IP Address9Subnet Mask10Hostname10MAC Address11Server and Client Ports11Secure Shell Tunneling12Network Devices15SSH Network Devices16Network Communications17Network Diagram17Network Monitoring19Network Monitoring Tools19Network Security Tools20Network Monitoring Diagram21Cisco Learning Labs Modules22Phase 122Lab 1: Basic Router Configuration and the Command Line Interface22Lab 2: Configuring Static Routes22Lab 3: Configuring RIP V2 Routing23Phase 224Lab 4: Configuring OSPF Routing24Lab 5: Configuring EIGRP Routing25Lab 6: Router Configuration Challenge I25Phase 326Lab 7: Basic Switch Configuration and the Command-Line Interface26Lab 8: Switch Configuration27Lab 9: Switch Configuration27Phase 428Lab 10: Configuring Dynamic NAT with Overload28Lab 11: IPv6 Router Configuration29Phase 530Lab 12: Configuring Switch Port Security30Lab 13: Configuring Access Lists31References32

Networking ConceptsNetwork TopologiesA network topology is the configuration of a communication network. In the next three subsections, Ill be discussing several fundamental shapes of topologies concerning a computer network. These shapes are the bus, ring, and star topologies.Bus TopologyA bus topology is a network topology that connects its components via a single cable otherwise known as a busbar. In this topology, the busbar connects all network nodes without overriding connectivity devices. Furthermore, the connectivity devices share responsibility for getting data from one point to the other. At each end of the busbar are terminators that stop the network signal from reaching the end of the wire; preventing a signal bounce (California State University, 2008). The following is additional information about the bus topology:1. This topology is a very inexpensive configuration. It isnt scalable to a large degree.2. Theyre difficult to troubleshoot. They havent proven to be fault-tolerant.3. There are advantages to using a bus topology:a. They work well for small networks.b. Theyre relatively inexpensive to implement.c. Theyre easy to add components to.4. There are disadvantages to using a bus topology:a. They can be expensive to manage.b. They have potential to congest with network traffic.

Ring TopologyA ring topology is network topology that connects each node to the two nearest nodes so the entire network forms a circle. In this topology, each node is responsible for transmitting data around the ring (California State University, 2008). The following is additional information about the ring topology:1. There are advantages to using a ring topology:a. They are easier to manage.b. They are easier to troubleshoot.c. They are good for transmitting data over long distances.d. They handle large amounts of network traffic.2. There are disadvantages to using a ring topology:a. They are expensive.b. They require more cable and network equipment to establish.c. Theyre not used as widely as the bus topology.Star TopologyA star topology is a network topology that connects every node through a central device. In this topology, each node uses a single cable to connect itself to the central device. Therefore, it requires more cabling than bus or ring network; making it more fault-tolerant. The star topology is scalable, and can be moved, isolated, or interconnected with other networks. It supports a max of 1024 addressable nodes on a network (California State University, 2008). The following is additional information about the star topology:1. There are advantages to using a star topology:a. They are a good option for modern networks.b. They convey low startup costs.c. They are easy to manage.d. They offer opportunities for expansion.e. Theyre the most popular topology in use; making the equipment widely available.2. There are disadvantages to using a star topology:a. Their central device is a single point of failure; when it breaks, the whole network goes down.b. They require more cable than the bus topology.DefinitionsEthernetAccording to Google, Ethernet is a system for connecting a number of computer systems to form a local area network, with protocols to control the passing of information and to avoid simultaneous transmission by two or more systems (Google, 2014).ProtocolProtocol is a set of special rules and instruction used to communicate amongst computers. There are many different protocols computers use to communicate with each other; too many for one person to remember (TechTerms, 2014).

Secure Shell ProtocolSecure Shell (SSH) Protocol is a protocol for secure network communication designed to be a simple medium for remotely obtaining a command line interface that is simple and inexpensive to implement. The initial version, SSH1, was focused on replacing Telnet and other remote login protocols that provided no security. Secure Shell can also be used to securely perform network functions such as file transfer and email. The new version, SSH2, has become the proposed standard for secure network communication (Stallings, 2009).SSH client and server applications are obtainable for nearly every operating system. Theyve become the preference amongst network administrators for remote login. Theyre also the most universal for encryption technology outside of embedded systems. Secure Shell Protocol is structured in three protocols to run on top of TCP (Stallings, 2009): Transport Layer Protocol: Provides server authentication and encryption amongst its sessions. It boasts forward secrecy with its encryption mechanism (if one session is compromised, the knowledge doesnt affect the earlier sessions). This protocol can optionally provide compression as well. User Authentication Protocol: Authenticates users on the server. Connection Protocol: Multiplexes the encrypted tunnel into several logical channels.The Secure Shell (SSH) Protocol allows remote access to a server in a simple, inexpensive, and powerful way. In today world, encrypted communications amongst clients and servers are very important because of the methods hackers may use to hijack your login sessions. This is exactly why the SSH protocol was designed. Its allowed network administrators to remotely and securely access their servers on a wide range of operating systems.

Networking ModelsNetwork AddressesNetwork addresses are identifiers that are found in each layer of the networking model which allow computers to communicate effectively over a network. In the next three subsections, Ill be discussing three different types of network addresses and how theyre applied to each layer of the networking model. These networking addresses include the IP Address, Subnet Mask, and MAC Address.IP AddressThe IP (Internet Protocol) Address is an identifier on a network that is assigned to each computer. Its applied via the internet layer of the TCP/IP networking model, and used to address the source and destination of packets sent over the network. The IP Address currently being used by the internet is IPv4. This address is a unique set of numbers separated by three periods. Its a 32-bit address that is divided into 8-bit decimals. Every IP Address is made up of a network number and host number. This combination can be found in four classes of networks:Table 1-1 (Network Classes) (Beasley & Nilkaew, 2012)

ClassDescriptionExample IP Numbers

Class ALarge Networks44.x.x.x

Class BMidsize Networks128.123.x.x

Class CSmall Networks192.168.1.x

Class DMulticlass Groups224.x.x.x

Table 1-2 (Address Ranges for Network Classes) (Beasley & Nilkaew, 2012)

ClassDescriptionAddress Range

Class ALarge Networks0.0.0.0 127.255.255.255

Class BMidsize Networks128.0.0.0 191.255.255.255

Class CSmall Networks192.0.0.0 223.255.255.255

Class DMulticlass Groups224.0.0.0 239.225.255.255

If you look at Table 1-2, youll notice that the example IP Addresses have an x with them. This x represents the host number of the IP Address, while the numbers represent the network number. These bits or numbers combined allows a network to locate, identify, and communicate with every node connected.Subnet MaskThe Subnet Mask is available in the form of an address much like a network IP Address (See IP Address on page 9). Its an address that represents how many nodes are usable on a network. For instance, if you have a subnet mask of 255.255.255.0 then youll have 254 available nodes on your network. The subnet mask is configured into the internet layer (otherwise known as the network layer) of the TCP/IP model.HostnameThe Hostname is a name assigned to a network address. The network can use the hostname to communicate with other nodes on the network. It serves as an identifier that is assigned in plaintext. For instance, a workstation on your network may have an IP Address of 192.168.0.3 but its hostname might be Workstation1. The hostname can be used throughout the TCP/IP model, and is assigned at the internet layer. The implementation of hostnames is commonly used at the application layer, because the actual network packets dont use them; instead they use IP Addresses. Hostnames are much easier to remember than IP Addresses. Every hostname can be resolved into its assigned IP Address at the transport layer of the TCP/IP model.MAC AddressThe MAC (Media Access Control) Address is an identifier assigned to network interfaces on the network access layer of the TCP/IP model. It serves as an address for IEEE 802 network devices such as Ethernet (Google, 2014). The MAC address is changeable within most modern network interface, but is originally unique when assigned by the vendor. MAC addresses are made up of six sets of hexadecimal numbers; totaling to twelve characters in length. Every MAC address is measured to a total of 6-bytes. Here are a few samples of MAC Addresses:Table 1-3 (Mac Address Samples)

Mac AddressManufacturer (Company ID)

00-AA-00-B6-7A-57Intel Corporation (00-AA-00)

00-50-73-6C-32-11Cisco Systems, Inc. (00-50-73)

00-0A-27-B7-3E-F8Apple Computer, Inc. (00-0A-27)

Server and Client PortsA Port is a process or application-specific number attached to the IP Address that is used by the TCP/IP transport layer of a network. Its found within the computer hosts operating system. Port numbers range from 1-65535 (for TCP the port number zero cant ever be used because it means no port, and for UDP a source port optional).A Client Port is a port used for client-end processes in the server/client model. According to Wikipedia, it is a short-lived transport protocol port for Internet Protocol (IP) communications allocated automatically from a predefined range by the IP software (Wikipedia, 2013). The client port range depends on the hosts running operating system. For instance, the Linux kernel uses the port range 32768 to 61000 for its client ports.A Server Port is a port used for server-end processes in the server/client model. The server port range also depends on the hosts running operating system. For instance, Microsoft Windows Server 2008 uses the port range 1025 to 60000 by default for its server-side ports.

Secure Shell TunnelingIn a previous section, I introduced SSH (see Secure Shell Protocol on page 7) as a common example for a frequently used network protocol. This section Ill be discussing the Secure Shell Tunnel that works on top of the TCP/IP network models Transmission Control Protocol (TCP); handled in the transport layer. The image on this page represents the process a packet goes through after a connection is established through a SSH Tunnel. Its a packet encapsulation explaining exactly how packets are formed within the secure shell protocol. Ill explain the steps that SSH packets go through in detail (Stallings, 2009):1. First, the packet starts out as an unencrypted payload, just like any other internet packet.2. The packet is then compressed, and prepared for the packet details it needs to present itself to the server destination.3. The packet is assigned details regarding a negotiation about the encryption algorithm, and a MAC address is calculated into the packet.4. The entire packet is encrypted excluding the MAC address.5. The packet becomes cipher text for the receiving SSH server.The packet travels over the Transmission Control Protocol (TCP) from the client application to the application server (Barrett & Silverman, 2001). Ill create a scenario to further explain how this works.

Lets assume Host As IP Address is 192.168.0.6. The router, hub, or switch assigns that IP Address to the client (Host A) starting at the Network Access layer in the TCP/IP model. From there, well assume that Host Bs IP Address is 192.168.0.10. The server (Host B) obtained its IP Address using the same method. The big difference is that the Host B has installed and configured the OpenSSH server application to listen for incoming TCP connections via the Transport Layer of the network, while the client has only installed an SSH client application such as PuTTY. In order for the client (Host A) to obtain remote access to Host B via the secure shell protocol, theyll need to configure their client application. The client application will ask for basic network information regarding the servers IP Address on the network. Most always, the application port for the SSH Protocol is found on port 22, and unless postinstall configurations state otherwise, or the use of port forwarding has been implemented, this should remain the default.Once the client application is configured, Host A is ready to launch a secure shell command-line interface to Host B (192.168.0.10:22). This shell is opened on the Application Layer of the TCP/IP neworking model. The direct SSH Tunnel is created once a shell is opened, and Host A obtains a direct connection (without port forwarding) to Host B; giving the Host A address the secure shell port (22) in its list of active connections (192.168.0.6:22) over the Transmission Control Protocol (TCP) found in the Internet Layer.

Network DevicesNetwork devices are devices used to interconnect computers on a network. In this section, Ill be describing the different network devices used to connect a host to a LAN (Local Area Network) and a LAN to a wide area network (WAN). Ill also be discussing where and how to implement a wireless access point in your network as well.Connecting a host to a local area network (LAN) is a simple task with the right network components. Typically, the devices one needs to connect a host to a local area network are a network interface card (NIC), hub or switch, and the appropriate connectivity media. Ill be describing each one of these devices in detail below:Devices needed to connect a host to a LAN Network Interface Card (NIC): a device that is inserted into the host computer, usually in the form of a card. This device handles the signal coming to and from other nodes via network media cables. Hub: an older device that can be used to interconnect computers in a network via a set of ports. This device is very low-tech and doesnt work nearly as well as a modern days switch. This is because hubs were designed to send packets node by node (or port by port) to its destination; they dont include any type of packet forwarding like a switch. Switch: a device that resembles a hub, but utilizes more modern features like packet forwarding that enables a node to send a packet straight to its destination without any hops. These are the modern day devices that computer networks use in comparison to hubs. Connectivity Media: a device that comes in the form of a cable. There are a few different kinds of network connectivity media, but the most popular used to connect a host to a LAN is the RJ-45 (Category 5).SSH Network DevicesThe network devices needed to use the SSH (Secure Shell) protocol are the same as the ones described in the previous section with a few exceptions. In order to utilize the SSH protocol, there needs to be a device that works as a server on your network. Another exception is that youll need WAN (wide area network) access to remotely use the SSH protocol. Here are a couple more devices one can use to make this work: Gateway: a device that connects a wide area network (WAN) to a local area network (LAN). Router: a device that connects two networks while forwarding their signals to and from the LAN.In order to make a connection in between two hosts with the SSH protocol, a network needs to be established, and an active server needs to be present. The connection is made between a client and server; therefore the network will need client computers.

Network CommunicationsIn this section, Ill be discussing the network communications between a two hosts on a network. Below youll find a diagram for the scenario that Ill be utilizing in my discussion.Network Diagram

In this diagram, Ive drawn a concept on how to connect two or more hosts between workstations, servers, and mobile computers. Essentially, these nodes communicate through a switch or access point. The workstation Ive included can connect to the SSH server on 192.168.2.4. All of the two hosts data between the workstation and SSH server will be transmitted through the workgroup switch. These data transmissions are being routed on a network with a subnet mask of 255.255.255.245; furthermore allowing up to nine nodes on the network. At the same time, Ive shown how one would implement a wireless access point for mobile computers in the same building. The access point is allowing five hundred and nine mobile computers on the network with a subnet of 255.255.0.0. Communications with the access point will use a IEEE 802.11 medium to communicate.

Network MonitoringNetwork Monitoring ToolsA network-monitoring tool is an application used to monitor the performance, security, and configuration of a computer network. It oftentimes provides us a live map that we can use to identify problems on the network. Throughout this discussion, Ill be describing a few tools that one could use to monitor a network: SolarWinds Orion Platform: a network performance-monitoring tool that monitors the applications, servers, devices, traffic, and quality of the network. The SolarWinds Orion Platform is a web-based application that monitors virtually everything on the network, and can help any network administrator spot bottlenecks before they create network problems. This is a great monitoring platform for any company that can afford it. SpiceWorks: a network monitoring software that monitors servers and PCs. SpiceWorks can be used to monitor bandwidth usage, view and create alerts for Windows events, track disk space, and manage antivirus subscriptions network-wide. This software comes with a price, but isnt as expensive as SolarWinds. Wireshark: a free network protocol analyzer for UNIX and Windows. Wireshark is used to monitor live data traffic on the network. It also captures the data in case the user wishes to save it for further analysis. It features filtering which allows its user to search for specific information being transmitted on the network.

Network Security ToolsNetwork security tools are programs designed to test the security of a computer network. These programs oftentimes look for vulnerabilities in the systems on the network. They also make sure the authentication methods on server applications are secure as well. In this discussion, Ill be describing a few network security tools: Metasploit: a software platform that is designed to assist in the development, testing, and use of exploit code. Metasploit has come a long way as a network security tool, because its company, Rapid7, offers consumers a completely professional license for their software. Their licensing comes with a feature-rich security-testing platform that will analyze systems on the network for the latest security vulnerabilities. Aircrack: a suite of network security tools that are designed to crack WEP and WPA security keys on wireless access points. Aircrack uses the best-known cracking algorithms to recover wireless keys from captured encrypted wireless packets. Aircrack is a free software suite. Nessus: a software platform that is a vulnerability scanner for UNIX systems. Nessus used to be free open source software, but has recently closed its source and charged for its use. It features local and remote (authenticated) vulnerability scanning and boasts 46,000 preconfigured plugins for performing security checks. Nessuss software platform also allows users to create new custom plugins for their software.

Network Monitoring Diagram

Cisco Learning Labs ModulesPhase 1Lab 1: Basic Router Configuration and the Command Line Interface In order to access privileged commands inside the Cisco IOS command line interface, enter the following command: enable. Entering the ? command will return you a list of available commands on the router. The show flash command will return you a list of details on the routers flash memory. The show version command will give you information on the routers version and uptime. Configuring the hostname of the router can be completed with the command: hostname [name]. The show history command returns a list of recently used commands inside the terminal. Setting a password for the router can be done with the following command: password [password]. To configure an Ethernet interface on the router, enter the following command: int Ethernet [device]. You can use the enable secret [password] command to enable an encrypted password on the router.Lab 2: Configuring Static Routes In order to change the IP Address on a specific interface, enter the following command: ip address [ip address] [subnet address]. The no shutdown command is used to bring an interface out of an administratively shutdown state. To gather brief information on the routers interfaces, enter the following command: show ip int br. To configure a static route, enter the following command: ip route [ip address] [subnet address]. You can use the ping command to check if another interface is reachable on the network. You can use the traceroute command to trace your signal to another interface. When using this command, you will see hops that show you where your signal is travelling. To obtain a list of network routes stored in your router, enter the following command: show ip route. In order to save your routers configuration to the startup configuration, use the following command: copy running-config startup-config.Lab 3: Configuring RIP V2 Routing To configure a router to use RIP routing, use the following command: router rip. After configuring your router to use RIP routing, you can use the version 2 command to select the second version of RIP from the configuration terminal. To enable the router to listen for an http server on port 80, use the following command: ip http server. The network command is used to specify the network address used route each interface. The transport protocol that RIP uses is UDP (User Datagram Protocol) on port 520. RIP stands for Routing Information Protocol, and is an old distance-vector routing protocol that uses the hop count as a routing metric. RTMI stands for Routing Information Protocol with Metric-Based Topology. Using RTMI can help a network administrator detect every possible loop with minimal effort.Phase 2Lab 4: Configuring OSPF Routing Enabling the OSPF Routing Protocol can be done with the following command: router ospf [process number]. OSPF (Open Shortest Path First) Protocol is a new router protocol used within larger system networks. Enabling the Cisco Express Forwarding feature can be done with the following command: ip cef. This will be done from within the configuration prompt. To configure the router to send a syslog message when an OSPF neighbor goes up or down, enter the following command: log-adjacency-changes. To disable the IP Domain Naming System, enter the following command: no ip domain lookup. To verify the routing protocol being used, enter the following command: show ip protocols. To establish a telnet connection from within the Cisco IOS terminal, enter the following command: line vty 0 4 then set a username and password at the configuration prompt by entering: username [user] password [password]. The who command shows a list of users connected to the router. Lab 5: Configuring EIGRP Routing To list the EIGRP neighbors from on the Cisco router, enter the following command: show ip eigrp neighbors. To enable password checking at login, use the login local command in the global configuration mode. The control-plane command will open the COPP (Control Plane Policing) feature to configure QoS (Quality of Service) filters that protect the Cisco IOS routers and switches from recon and Denial of Service (DoS) attacks. Two LANs can be interconnected through their routers via a serial connection. For instance, on Router 1, the serial interface 1/0 can connect to serial interface 2/0 on Router 2. A serial links clock rate can be set to 56000 on the DCE. Fourteen IP Addresses are available using a 255.255.255.240 subnet mask. The show line command can be executed at the EXEC prompt to view the different lines available on the router. The line aux 0 command can be executed at the EXEC prompt to open a remote auxiliary connection.Lab 6: Router Configuration Challenge I To start Telnet and SSH services on the Cisco IOS router, enter the following command: transport input telnet ssh. To generate RSA keypair information on the Cisco IOS router and enable SSH, enter the following command: crypto key generate rsa. The command: configure terminal will take you into the Global Configuration prompt. The end command is used to exit the configuration prompt. To connect to another node via telnet from within the Cisco IOS, enter the following command: telnet [ip address]. Passwords arent ever shown when prompted within the Cisco IOS environment. To view the running configuration on the router, enter the following command: show running-config. To exit privileged EXEC mode, enter the following command: disable.Phase 3Lab 7: Basic Switch Configuration and the Command-Line Interface To disable routing on a switch, enter the following command in the global configuration prompt: no ip routing. To get a list of interfaces, enter the following command: show int. Switch# is the switchs prompt for the privileged EXEC mode. Switch> is the switchs prompt designed for the user to execute a mode at. Switch(config)# is the switches global configuration prompt. To view the version information on a switch in the Cisco iOS environment, enter the command: show version. To change the hostname on a switch, enter the following command in the global configuration prompt: hostname [hostname]. When you press the up/down keys in the Cisco Terminal, it allows you to scroll through previously executed commands.Lab 8: Switch Configuration From the global configuration prompt, enter the following command to configure a virtual LAN interface: int vlan[#]. Once in the interface configuration prompt, one can change the IP Address by entering the following command: ip address [ip addr] [subnet mask]. From the interface configuration prompt, use the no shut command to change the interface state to up. To view the current virtual LAN information, enter the command: show vlan. From the global configuration prompt, enter the following command to create a virtual LAN: vlan [#]. Once youve created a virtual LAN, use the following command to assign a name to it: name [name]. To verify all of your created virtual LANs, enter the following command: show vlan. To assign ports to your virtual LANs on a switch, enter the following command: switchport mode access.Lab 9: Switch Configuration To view the MAC Addresses associated with the switch, enter the following command: show mac address-table. To create a trunk connection on a switch, enter the following command: switchport mode trunk. To enable IEEE 802.1Q encapsulation on a subinterface, enter the following command: encapsulation dot1q 1 native. The no aaa new-model command disables all authentication, authorization, and accounting in the global configuration prompt. By default, every switch interface belongs to VLAN1. To configure a switch to be a spanning-tree root bridge, enter the following command: spanning-tree vlan [#] root primary. To find out spanning-tree information, enter the following command: show spanning-tree. To view the running configuration, enter the following command at the privileged EXEC prompt: show run.Phase 4Lab 10: Configuring Dynamic NAT with Overload To create an access pool for a dynamic NAT, enter the following command from the global configuration prompt: ip nat pool [name] [ip range] [netmask]. To create an access list for the NAT network, enter the following command from the global configuration prompt: access-list 100 permit ip [router ip address] [subnet] any. To make a name that defines the access list on the NAT network, enter the following command from the global configuration prompt: access-list 100 remark == [name] ==. To configure the NAT inside a router using a previously defined pool of addresses, enter the following command at the global configuration prompt: ip nat inside source list 100 pool [name] overload. To create a static NAT IP address for a server, enter the following command from the global configuration prompt: ip nat inside source static [ip address] [subnet]. To activate the NAT on a router interface, configure the network interfaces on the Ethernet and Serial ports. On E0/0 enter: ip nat inside. On S1/0 enter: ip nat outside. Then type: no shut. To enable virtual fragment reassembly (VRF), enter the following command from the interface configuration mode: ip virtual-reassembly. To show the running configuration, enter the following command in privileged command prompt mode: sh run.Lab 11: IPv6 Router Configuration To enable IPv6 routing, enter the following command in privileged mode: ipv6 unicast-routing. To configure the IPv6 addresses for a serial interface on a Cisco router, enter the following command from the interface configuration prompt: ipv6 address [ipv6 address]/[range]. To set the clock rate for the interface, enter the following command from the interface configuration prompt: clock rate [clock rate]. To activate the interface after configuration, enter the following command at the interface configuration prompt: no shutdown. To see the newly configured IPv6 interfaces IP address, enter the following command: sh ipv6 interface. To look at the devices status, enter the following command: sh ipv6 int br. To examine the IPv6 routes on the router, enter the following command: show ipv6 route. To verify IPv6 connectivity between nodes, enter the following command: ping ipv6 [ip address].Phase 5Lab 12: Configuring Switch Port Security How do you configure switch port security? To configure switch port security, enter the following command at the interface configuration prompt: switchport port-security mac-address [mac address] interface [interface]. To enable port security on a trunk, enter the following command in the interface configuration prompt: switchport port-security To verify that port security is enabled, enter the following command at the interface configuration prompt: do show port-security interface [interface]. To enable an access port on the switch, enter the following command at the interface configuration prompt: switchport mode access. To configure the maximum number of secure MAC addresses on a port, enter the following command at the interface configuration prompt: switchport port-security maximum [max #]. To clear the dynamically learned secure MAC addresses, enter the following command at the global configuration prompt: clear port-security dynamic. To verify a static secure MAC address on a port, enter the following command at the privileged router prompt: show port-security address. To exit configuration mode, type the end command.Lab 13: Configuring Access Lists IP Access Control Lists (ACLs) are used to filter network traffic. Masks are used in IP ACLs to specify what should be permitted and denied. To configure an access list to permit an IP, enter the following command at the global configuration prompt: access-list acl_permit permit ip [ip address] [mask]. To permit any IP in your access list, enter the following command at the global configuration prompt: access-list 101 permit ip any any. To verify an access-list, enter the following command at the routers privileged prompt: show access-list. To create the access list, enter the following command at the routers privileged prompt: ip access-list extended [name]. After an access list is created, use the following command to permit IP connections: permit ip host [source] host [destination]. To deny a telnet connection via the access-list, enter the following command: deny tcp any any eq telnet.

ReferencesBarrett, D. A., & Silverman, R. E. (2001). The Secure Shell: The Definitive Guide. O'Reilly & Associates.Beasley, J. S., & Nilkaew, P. (2012). Networking Essentials, Third Edition. Pearson Eduction, Inc.California State University. (2008). Network Topologies. Retrieved from http://www.csudh.edu/eyadat/classes/CIS275/handouts/Spring2008/Networking/oldhandouts/Network%20Topologies.pptGoogle. (2014). Ethernet Definition. Retrieved from https://www.google.com/#q=ethernet+definitionGoogle. (2014). MAC Address Definition. Retrieved from https://www.google.com/#q=mac+address+definitionStallings, W. (2009). Protocol Basics: Secure Shell Protocol. The Internet Protocol Journal, 12(4). Retrieved from http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-4/124_ssh.htmlTechTerms. (2014, February 22). Protocol Definition. Retrieved from TechTerms: http://www.techterms.com/definition/protocolWikipedia. (2013, November 1). Ephemeral Port. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Ephemeral_port