Professional Documents
Culture Documents
C C N A
2012 || 2008
CCNA
Cisco Certified Network Associate
2012
4 :
.
@ @
ALFAHAID@GMAIL.COM
::
-2-@@
2012 || 2008
C C N A
"#$
%&' "()* +,
"-' ./#' ./ !
."#
' ",' 012'
: 34
@ALFahaid
https://twitter.com/AlFahaid
% 3
3
/ 0 1 2
https://www.dropbox.com/sh/s9xdu87q5r73q2r/MjqYNGCl7N?%20m
-3-@@
2012 || 2008
C C N A
The Contents
Ch1:
Introduction To Network
Ch2/3:
IP Subnetting
Ch4:
Cisco Router
Ch5/6:
IP Routing
12
Ch7:
18
Ch8:
21
Ch9:
Switching [ Layer 2]
24
Ch10:
26
Ch11:
29
Ch12:
31
Ch13:
33
Ch14:
37
- "
#$% &'(#
http://www.mediafire.com/?3maerm7vmi0x4x7
-4-@@
2012 || 2008
C C N A
Chapter: 1
Introduction To Network
Whats Network ?
Network is a group of computers connected with others to share data.
#$% & '()
Types of Network:
: WAN LAN % .
1. (LAN) Local Area Network )
12
34
-1
2. (WAN) Wide Area Network
leas line/frame relay/ATM :6> ..
678
9:
; Service -2
3. (MAN) Metropolitan Area network
(( 4
; 1 7? A ))89 ;?2
4. (SAN) Storage Area network
( LAN 6E 9G)14'
DE
F
: 9%
;1 LAN )
F % 6D
)7H
5. (VPN)Virtual Private Network
Security > # & I'A Dial up -2
VPN -1
GE N ) Extranets' E N ) 8Intranets
6. Intranets and Extranets. L
J% I' J2K LAN #M1
SAN 6
;1K F
:1)
14
J% #).R
:% 7 X
Disaster Recovery SAN 9T.
Cluster service -1
Backup H)3 :4 6 -1
High speed internet -2
Load Balance 3Y & -2
VPN 6
;1K F
'DY LAN % )('
LAN
(h
)8
1-modem
2-NIC
3- Tel line
.' JE
Dialup
LAN
-1Remote site
-2Remote user
VPN
Network
Access
Service
VPN 9:)%
)E_
I' ^1 ;
Tunnel [; F 9:)4 N ) ]; 1
NIC = Network Interface Card
DNS IPM I
& M
a 6 [).R
ARP = Address Resolution protocol
ARP MAC I
IP 6
RARP IP I
MAC 6
Logical ;7?8 Physical
Virtual ;K)1 real ;773
1
2
3
4
5
6
a
HTTPS
HTTP
FTP
SMTP
DNS
TELNET
[).R
' . + c.(
' . 9% + c.(
.'
6 / &1
9'
M I
& M
a 6
9% ]
[M
343
80
20/21
25
53
23
-5-@@
2012 || 2008
C C N A
OSI-RM
Application
data
Presentation
data
Protocol
HTTP-FTP-SMTP
DNS-TELNET
HTTPs-POP3
Session
data
Transport
Segments
Network
Packets
DataLink
Frames
Physical
TCP
UDP
HTTP-FTP
DNS- TELNET
TFTP-DNS
DHCP
IP ARP
Device
Bits
1-Router
2-Switch[L3]
1-Bridge
2-NIC
3-Switch[L2]
1-Hub
k#GY 6D)
9:)4
2-Repeater
.R
Interface between
app & protocol
-compressionJ2K
-conversion6
-encryption.
-monitor M
open session on
the host
Delivery method
' j4
6D)
Provide logical
address [address
for delivery on
network]
Provide physical
address [MAC]
000011011
000111111
TCP/IP
(1)
Application
(2)
Transport
(3)
Internet
(4)
Network
Access
F]
)
9:)4
8
Bus
Star
Extended
Ring
Mesh
k
p?)
; 1
#
p?)
; 1
#
No collision 9'
(6(
';
1 '
;
4T
J:
; 1 '
6(3
';
1 '
center point ;1 '
6(3
-6-@@
2012 || 2008
C C N A
1- Copper ;
Twisted Pair cable [TP] .'
STP
UTP
ScTP
)185=(7
14
mbps100/10=4
Shielded TP
6
X 9:)
9
7?8%
#
G
BW r9
# Ethernet Cabling :
1- Straight-through cable
2- Crossover cable
3- Rolled cable (Router=>Host)
Screened TP
2- Fiber
3- Wireless
Optical
3(45
T$
Y
UnShielded TP
;1 9:)4
X
6
100 Base T
Baseband;K
#4
Broadband$.
37" + *
: 9: $" ,
32)
14
9M
Host & Router #%) k#G
Switch & Hub #%) k#G
Console cable
1-Rollover
(
F X.8 <=
F X.8 )
RG45
RG45
2-adapter
(
F X.8 <= FF X.8 )
RG45
DB9
.6
a% Mh [
s
( console port ) [ X.8 9G [ x1 a''
-
-7-@@
2012 || 2008
C C N A
Chapter: 2/3
IP Subnetting
* What Is a Subnet?
A subnet is a physical segment of a network that is separated from the rest of the network by a router or routers.
p8) I4 93
k
x1 kG I
a47 a) 98 )(E% ;
* The benefit from subnet : 92>"=
1- r9
I' y1
2-
#4% '
I'
)
* IPv4 :
1- 32 bits.
2- Decimal number representation
10.10.1.0 : >6#4)'
9:)4
3- Dotted decimal -.-.-.- 4 octets and every octet consist of 8 bits
# Rules : 5 @ 7
IP 5 A1>
10 <= octet <= 255
21 <= octet 1 <= 126 or
128 <= octet 1 <= 191 or
192 <= octet 1 <= 223
3- all host bits must not = 0 broadcast = )
% .D #' N
all host bits must not = 1 network address = )
% 93 #' N
**** number 127 Trouble shooting '
Network ID
Host ID
host; 8 IP 8%
Subnet
F ; 1 G
; 81%
capacity of network
1 - 126
128 - 191
192 - 223
224 - 239
240 - 254
Class A
Class B
Class C
Class D
Class E
IP
Subnet Mask
% ;
.)% ;'
;
network ID & Host ID
Future
h
9 X
Y octet *
Network
address
;'
a#8%
Valid
range
Broad
cast
class
Class A
Class B
Class C
Default SM
255.0.0.0
/8
255.255.0.0 / 16
255.255.255.0 / 24
IP
Network ID
IP ;1 k
93
'6%7
SM ;1
Host ID
IP ;1 k
.DL
6%7
SM ;1
-8-@@
2012 || 2008
C C N A
1>
IP ;1 9:)4
k#GY 9
:'H [ 9:) 9M
-1
Number of Host = 2n - 2
( 8
k#GY 9 )
or
/28 93
9 X
2n = Number of Host + 2
SM | N 4 -2
28 27 26 25 24 23 22 21 20
256 128 64 32 16 8 4 2 1
)E_; 1 [)
& 6) [) 8
.DY
---------------------------------1---------------------------------
( .
)9
:'H [ 9:) 9M
SM -1
9 -2
Number of Subnets = 2y
)E_; 1 ; ?
Subnet Mask
['M X
7
X 9:)
(default)
}4 ; 1 )' |? * _
6) [) 8
93&
---------------------------------2---------------------------------
---------------------------------3--------------------------------'H [ 9:) 9M
1-IP valid or not
2- valid rang
3-network address
4-broadcast
7
X 9:)_ % E ;F
Block size (BS) = 256 [255 0 A | N ;1 G 9 ]
255.255.255.142
&%
XE ; _1 ;8
192.7.8.70
)E_; 1 ; ?
Address
7
X 9:)
X.0.0.0
X.255.255.255
/16
X.Y.0.0
X.Y.255.255
/24
X.Y.Z.0
X.Y.Z.255
Valid rang
X.0.0.1
X.255.255.254
X.Y.0.1
X.Y.255.254
X.Y.Z.1
X.Y.Z.254
VLSM
Variable Length Subnet Nask
: I4 (
I' )
; 1 J71 subnet mask q93 9G
Non VLSM
DisContigous <== I4 class > subnet mask > 9G *
Contigous <==
I4 class 93 subnet mask > 9G *
Summarization
Larger Network address smaller Network address =
IP > #1
F ; ? : >
172.16.1.0/24 - 172.16.2.0/24 - 172.16.3.0/24
2(
H
sm=24-9=15
172.16.3.0
172.16.1.0
----------------0 0 2 0
1bit+8bit=9bits
: ;
)
99
| N 4
28
256
27
128
26
64
25
32
24 23 22 21 20
16 8 4 2 1
-9-@@
2012 || 2008
C C N A
Chapter: 4
Cisco Router
Router
External component
Interface
LAN
Config port
WAN
E F G 10G
-serial
Subnet subnet
-ATM(ATM)
LAN LAN
WAN WAN
Internal component
1- mother board
2- Rom Ram
3- Flash memory
4- NVRAM
5-Non Volition RAM
6- CPU
7-power supply
-console
- auxiliy
Interface
WAN
Config port
Static
Routing table
Dynamic
Routing Protocol
Interior
Exterior
Distance
Victor
Ex:
-RIP
-IGRP
Link
state
Ex:
-OSPF
Hybrid
Ex:
-EIGRP
Ex:
-BGP
: % +% K #
7?
99G
9:)4 (
[ 6 ) Console Session 9:)%
1
99G
9:)4 (
[ 6 ) Auxiliary Session 9:)%
2
J71 p%Config [
IP [
9:)4 ) Telnet Session 9:)%
3
-10-@@
2012 || 2008
C C N A
X 6
62
62)
y 6
;
1 k: J2$
| .
'
config 6
1
2
3
4
5
6
SDM
Security Device Manger
GUI
start up #
Commands
Router>
Router>enable OR en
% E"%
Router#
Router#disable % LE%
Router>
Router#config t
A-M=7H 1
Router(config)#
Router(config)#int f0/0
-M=7H 1
Router(config-if)#
Router(config-if)#exit
-M=7H
H
Router(config)#end OR ^Z
A-M=7H
H
Router#
Router#? ."45 A H2%
(# #(% QBA
Router#conf ?
#(
TAB % /A T 9U
E
V W X
Router#config t
Router(config)#host yaser
yaser(config)#
Router(config)#banner motd $
(( motd= Message of the day))
Hello. This router for center control $
User Mode
Privileged Mode
You can go back from privileged mode into user mode
by using the disable command.
Terminal (any changes save in DRAM )
Memory (any changes save in NVRAM )
Network (any changes save in TFTP or FTP Server)
-11-@@
C C N A
2012 || 2008
Router#show run
static route $ 14 WT] -5 bK E4
Router(config)#do sh run
Router#show history
Router#sh start
Router1#copy run satart
Router2#copy run satart
Router1#erase start
Router2#erase start
Routr(config)#enable password RRRRR "+ _ 14
Routr(config)#enable secret RRRRR "+ 14
Routr(config)#NO enable password
Routr(config)#NO enable secret
Routr(config)#line cons 0 // aux 0 // vty 0 4 (telnet'E ) % 1 X2V
Routr(config-line)#pass RRRRR
Routr(config-line)#login
Routr(config-line)#exec-timeout 5 7
Routr(config)#enable password RRRRR "+ _ 14
Routr(config)#enable secret RRRRR "+ 14
Routr(config)#NO enable password
Routr(config)#NO enable secret
Router#sh run
Router(config)#service password-encryption
Router(config)#no service password-encryption
Router(config)#int f0/0
Router(config-if)#desc Sales Lan
[1] Router>en
Router#conf t
Router(config)#int f0/0 AND f0/1
Router(config-if)#no shut
[2]Router(config-if)#ip add 10.10.10.100 255.255.255.0
[3]Router(config)#int s0/0
Router(config-if)#no shut
Router(config-if)#ip address 10.10.20.1 255.255.255.0
Router(config-if)#clock rate 64000
Router#ping 10.10.10.1
Router#sh int f0/0
b"1(
A 1E E
Router#sh ip int
Router#sh ip int brief
Router#sh controllers serial 0/0
Router#sh ip route
Router(config)#int f0/0
Router(config-if)#ip address 10.10.1.100 255.255.255.0
Router(config-if)#no shut
Router(config)#ip domain-name xp
Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# username a privilege 15 password 0 a
10 g E
Z
Config 1E E
NV-RAM 3B % config j"$
Z
-12-@@
2012 || 2008
C C N A
Chapter: 5/6
IP Routing
| IP ;? DHCP
WINS a97
DNS 99
Routing
9
; 8
Routed
N;
8
Route
4
1- Static 2- Dynamic
Router
#
s.
: route types fD1
>
K *
Static -1
:k
% r9
I' y1
-3 Security > -2 'T )
-1
:
? E( 3 -3 admin I' 9# 6
1 2 6(3 -2 J71 2(
'
-1
tow LAN
(, /A %
%
>
K
3] % 3B 1D1# Subnet 3 and 4 E % 3B Config #A : 5
R1(config) #IP^route^10.10.3.0^255.255.255.0^10.10.5.2
R1(config) #IP^route^10.10.4.0^255.255.255.0^10.10.5.2
% 3B 1D1# Subnet 1 and 2 E 3] % 3B Config #A : U
R1(config) #IP^route^10.10.1.0^255.255.255.0^10.10.5.1
R1(config) #IP^route^10.10.2.0^255.255.255.0^10.10.5.1
aY ; C |
#y R1&2#sh^ip^route 9
')
.. Y 6M NO &K 2
Stub network = network has one exit interface
Dynamic -2
_9:) q8 8
% .
Routing protocol
Routed protocol
- ptotocol used for building routing protocol ..
- protocol used for building packet hat need
ex:RIP-EIGRP-OSPF
to be routed .. ex:TCP/IP-IPX/SPX-Apple talk
Forwarding table 6% hD N
6%
autonomous systems (AS) '7)4
y Y
y1
I
9# subneting [ ' r9
I' ^13Y 2D kG I
;
1 4
& a47 qA
6> ;
1 resource I'
65000 I
1 AS aM& $
#(Interior) Intra-AS = AS 6E
#(Exterior)Inter-AS = ASE Gateway router : Direct link to router in another AS
-13-@@
2012 || 2008
C C N A
Routing table
Static
Dynamic
Routing Protocol
Interior
Distance
Victor
Ex:
-RIP
-IGRP (for
Cisco)
Routing Protocol
Distance Vector
Link
state
Ex:
-OSPF
Exterior
Hybrid
Ex:
-EIGRP
Ex:
-BGP (for
Cisco)
R'
Small network
Large network
G A cD X
Hybrid
EIGRP
90
Cisco Only
255
Dual
Large network
Protocol RTP
Link State
OSPF
110
Open
No limit
Dijkstra
Large network
IS-IS
*AD= administrative distance
**Max hop count
?% 'K.
; 1
#9:)4 [
6(
I(M a
cost 4) 6MY XE
hop count
Protocol RTP:
VLSM
RIP v2
Classless Routing
4 a9 _
contiguous
FIXED LENGTH SM
discontiguous
VLSM
Non VLSM
-14-@@
2012 || 2008
C C N A
R1#config t
R1(config)#router rip
R1(config-router)#net^10.10.1.0
R1(config-router)# net^10.10.2.0
R1(config-router)# net^10.10.5.0
R1(config-router)#ver^2
R1(config-router)#^z ==> '' E [control + z]
R1# sh^IP^route
R1#debug^IP^RIP
passive-interface
Router#config t
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#passive-interface s0/0
[2] Interior Gateway Routing Protocol [IGRP] [Distance Vector]
V 1D1 _ @ Z IGRP EIGRP 1(22 511%
IGRP
Classful Routing
No support VLSM
No support discontiguous networks
Uses an autonomous system number #$% '
ASaM s.
_
Use broadcast
Cisco
* IGRP Timers types :
5. update timer: (90 seconds)
6. invalid timer: (270 seconds)
7. flush timer: (630 seconds)
8. Holddown timer: (280 seconds)
Configuring IGRP Routing
R1#config t
R1(config)#router igrp 10
R1(config-router)#net 10.10.1.0
R1(config-router)#net 10.10.2.0
R1(config-router)#net 10.10.5.0
-15-@@
2012 || 2008
C C N A
[Link State]
OSPF
Classless Routing
support VLSM
support discontiguous networks
Uses an autonomous system number
Convergence time 6'7 q9T1 a 7. -Area 0 ; Back bone I4 c'?( #
Support IP only.
Manual Summarization.
Use Wild mask [inverse sm] [Wild card mask]
93 I
.DY' M .D I
93'
M
-16-@@
2012 || 2008
C C N A
Cost (metric) =
BW [kilo]
Router ID (RID): is the highest IP address used to identify the router. [Identification]
Link is an interface on a router.
Link-State: the status of link between two routers |8'
3
Link-state database (topological database).
Area:
a#$% % 6( AS kG
IP I'
-17-@@
2012 || 2008
C C N A
show ip route
show ip ospf
-18-@@
2012 || 2008
C C N A
Chapter: 7
Managing Traffic with
Access Control Lists [ACL]
R
ACL
C1 permit HTTP
C2 permit SMTP
C3 deny FTP
A
C
L
:h
>
R1 [OK] HTTP
R2 [NO] FTP
action Y G]
action Y
permit
deny &8
A ;F G
>
;8$
& 8
; 1
% TELNET: h
. :
E9
; 1
:
3 ;1 E9
3 ;1 #?% a #8%_
.J71 q93 E p? ACL > G
: 9M Types of access lists [ACL]
Named
Standard
Extended
aM s
a J3 .
8
BlockSales 6>
3)Source address
(Host-Subnet-Any)
4)destination address
(Host-Subnet-Any)
5)Application protocol that built
packet
Host
Source
Subnet
Any
Standard
Extended
-19-@@
2012 || 2008
C C N A
wide mask 8
make the dest OUT
out 8 6DY
'4
% ;1
R (config-if)#ip access-group 10 IN
out in
ACL 2 7H
source
dest
Protocol
Telnet
Any
#G
H
:2]
-20-@@
2012 || 2008
C C N A
R#show access-list
ip/ipx/apple %
I'
ACL 6
R#show access-list 110 110 aM%
J71 ACL
R#show ip access-list
J71 IP I'
ACL
R#show ip interface _ ACL #1 interface I' ;F 6
R#show running-config ;F 6 $
R#Show mac access-group MAC I'
ACL
y3h
)6> y3h 4
#' [ ACL]
Ext & named ;1 J71 G Remark 87
ACL
)4
) 4 I'
subnet )4
; 1 2' 8
host OR any J71
mac J ip 9% 8
X.8 6; 1 ACL &K ; q81 any N
range 9:) #8 _91 ) X
-21-@@
2012 || 2008
C C N A
Chapter: 8
Managing Cisco IOS Software
This things we will learn it in this chapter : 7" Z 3B .#E 3 , pZ
1- Password Recovery
2- Back up IOS
3- Restore IOS
4- Upgrade IOS
5- Back up [ for config ]
6- Restore [ for config ]
7- CDP [ protocol ]
* Router Boot Sequence:
1- The router performs a POST.
2- The bootstrap looks for and loads the Cisco IOS software
3- The IOS software looks for a valid configuration file stored in NVRAM
4- If a startup-config file is in NVRAM, the router will load and run this file
Configuration register
* It is 16-bit software register thats written into NVRAM
* configuration setting on Cisco routers is 0X2102 This default
N% 16 = #'; 8 N% 4 #8 aM 6 )
Hexadecimal %
)% 0x 9% aM
* Notice that bit 6 can be used to ignore the NVRAM contents. If it is enabled.
Bit number
Binary
Config Register
15
0
14 13 12
0
2
0
2
11
0
10 9
0
0
1
8
1
7
0
6
0
5
0
4
0
3
0
2
0
1
1
Here are the main steps to password recovery: : 3 1> OS 2142
0
0
rommon 1 >
[2] Changing the Configuration Register to ignore NVRAM contents
rommon 1 > confreg 0x2142
[3] Reloading the Router and Entering Privileged Mode by this command
rommon 1 > reset
reset
62F; .H _ 2142 I' 6E9 r%
The router will reload and ask if you want to use setup mode answer NO.
R>en
[4] Copy startup-config to running-config in Privileged Mode by using this command
R#copy start run
config ' 6M Y X& K>>>>>>>>>>>>>>>>
[5] Change password by setting new password
Router#conf t
Router(config)#enable secret kkkk
[6] Change the value of configuration register to enable NVRAM contents
Router(config)#config-register 0x2102
privilege mode
3 ;1 config register M 2 7H
[7] Save your work #E j"V
Router#copy run start
[8] Reload router to activate changing of configuration register
Router#reload
rommon 1 >
rom monitor I4
start
run
Old
new
-22-@@
2012 || 2008
C C N A
TFTP
v12 : Z
FTP
HTTP
HTTPs
UDP
TCP
** To back up the Cisco IOS to a TFTP server, you use this command
R#copy flash FTP D
I
9(
; 8
OR
R#copy flash TFTP X& K) E_; 1
94 945 u"' fH2'
/% Z E( B2)Q41. 94 9U "94 XL
/A 3B /A \ E
Inetpub f#4 f=+| : Z 1
D 3B .D 3B m# % 2' #E 1>
E 9U g
62) y 9)
config 6
backup :4
config
1- start
2- run
config G pH
-23-@@
2012 || 2008
C C N A
CDP timer
CDP holdtime
Configuration
Router#sh cdp
** Use the global commands cdp holdtime and cdp timer to configure the CDP holdtime and timer on a router:
Router(config)#cdp timer 90
9 . NM
2)
60 6 r9)
% 7 [ ; K)1_
Router(config)#cdp holdtime 240
9 . NM
2)
180 6 r9)
% 7 [ ; K)1_
** Gathering Neighbor Information by using this command
Router#sh cdp nei detail
6D.)
** Gathering Interface Traffic Information including the number of CDP packets sent and received and the
errors with CDP.
Router#sh cdp traffic
[)'7) N
% a ')[ N
% a
** Gathering Port and Interface Information including CDP status on router interfaces or switch ports.
Router#sh cdp interface
CDP62) ;'
s1) _% TM %
** To turn off CDP on one interface on a router,
Router(config)#int s0
fE' % /A Q( 4
p
Router(config-if)#no cdp enable
-24-@@
2012 || 2008
C C N A
Chapter: 9
Switching Layer2
hexadecimal <== 48bits
Mac address
* Three Switch Functions at Layer 2:
1. Address learning
MAC table 8% ' ;
2. Forward[if Destination known] /filter[if Destination unknown A]
source (9(
) Y 9 &
I' Broadcast 4
3. Loop avoidance (Broadcast storm)
( multi-link : I4 ) |8
>% ) % J%
J71 93 IP XE )4
* Spanning Tree Protocol (STP) : 1 W' 11%
layer2 >
7?
; 1 loop avoidance & '
'8
X 9T.
logical X single link J71 93 4 61 4
& G &8
X pH 1 multi-link G
' ; -1
open path I
closed path 4
6 I'
7 -2
6M) E
:r3 DP )
E
Non-RB #)
); 4
; 1
a) priority
(32,768 ;
4 ; )1 ;K)1_ Y aM; ) F 6M
b) BID (MAC(
7
8 H);F 6M
:;
)
)
E_ 7H
8'
93 % ) E% STP 7 multi-link
-25-@@
2012 || 2008
C C N A
I' ) )4
8 sticky J71 sticky '; ) 4.8%
J3
8 -
MAC Address % a#)1 )4' 4 k#GY 9 # .H) [( Y X X.8 ?)[ 3 ;' 2 9 % % #4 9% I' Security 4 N2%
BPDU 67)4
#G:
DPDU 67)4
MAC ADD TABLE 8% ;1 #G:
BPDU 67)4
Root Bridge
F 3D #T?
BPDUGuard
87) qX
-26-@@
2012 || 2008
C C N A
Chapter:10
Virtual LANs [VLAN]
: VLAN 9T1
interface 6'M 9 I' subnet ;
> 8 interface 6
subnet [
' N'3 -1
logical interface '% 4.2 I' )one physical interface;
1 sub interface X F0/1.1
I' 8)E 4 X > Y 1024 > 9M (a# [?% E ) ;1 a47
s.8
&% :F |F 9M1 ) '4
;
8 ) physical limitation '
63 -2
r9 % |'#)4 [ Y broadcast '
63 -3
( subnet > ) Y ' -4
a#8% J%)
' 3 VLAN > N'
.'): ; )1
9% a#8% 6; )?& 8 x1 subnet I
93
VLAN N4M
.'): )I' ( 1/N) .'): ; 1
I)3 q93 VLAN ;1 % & 4MY& G 9M
)
'VLAN1 VLAN2 9 8 x1 VLAN q8 VLAN1 ;1 G (
Ports ) )4
) 1
Administrator
2
Trunk links
) ) %
) %
J71 )4
I' Trunk port
> ;
Y) 4
; 1
[
Config q8 X
s
Fast Ethernet _
: ;o 6
VLAN-ID -1
)4
I' VLAN > 98 VLAN-ID )3
Encapsulation '2 -2
:9:)4 % 99)% M K) 3 5 aM #G 1 aM #G % 67
Frame tagging [Encapsulation]
Inter-Switch Link (ISL)
IEEE 802.1Q [dot1Q]
- Cisco
- Open standard
-27-@@
2012 || 2008
C C N A
Server
: 3%z >WL2% & f' "=
#2% A BT ZV +
VLAN
Transparent
local 3% 1(% # t$
#V Q 1 +A fH4
.>2
3 1E# (
fD / +' 1>
.4
(#
S1#vlan database
S1(vlan)#vlan 2 name sales
S1(vlan)#vlan 3 name IT
[2]Assigning Switch Ports to VLANs
>>>>>>>>>>>>
Switch(config-if)#int f0/2
Switch(config-if)#switch port access vlan 2
q2%
'; VLAN aM
SW1(config-if)#switch mode access N#
) 4
% 6
99
If you want to verify your configuration, use this:
Switch#sh vlan
_ vlan N7H 6) 4 '
* [3]Configuring Trunk Ports [Assigning Switch Ports to be trunk]
Sw(config)#int f0/12 trunk62) ;'
aM 8& $
Sw(config-if)#switch port mode trunk
Sw(config-if)#switchport encapsulation dot1q
>>>>>>>>>>>>>>>
Defining the Allowed VLANs on a Trunk *****
Sw(config-if)#switchport trunk allowed vlan 1-10 *****
Sw(config-if)#no switchport trunk allowed vlan *****
[4]Configuring Inter-VLAN Routing
Router#config t
Router(config)#int f0/0
Router(config-if)#no ip address
[2' IP [1
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
sub-interface I' E9
8
Router(config-subif)#encaps dot1q 1 -----> VLAN 1
Router(config-subif)#ip address 192.168.10.100 255.255.255.0
Router(config-subif)#int f0/0.2
Router(config-subif)#encaps dot1q 2 -----> VLAN 2
Router(config-subif)#ip address 192.168.20.100 255.255.255.0
* Config VTP
Switch(config)#vtp mode server ------> default
4 ; )1
Switch(config)#vtp domain orbits
>
Sw(config)#vtp password kkkk
-28-@@
2012 || 2008
C C N A
Data
Packet
Voice
Video
Real time
Real time
QoS[Qulity of service]
qA > 9E G
( )
intelligent ;)
F q81 1 ;'
; N8*
-29-@@
2012 || 2008
C C N A
Chapter: 11
Network Address Translation
[NAT]
IP
Virtual [private]
10.0.0.1
: 10.255.255.254
172.16.0.1 : 172.31.255.254
192.168.0.1 : 192.168.255.254
Real [public]
Dynamic
Overloading == [PAT]
Static
Dynamic
With Overloading
With Overloading
(( ;4
9:)
h> ))
'93 NAT
Inside local
Name of inside source address
before translation
Virtual IP [1 (7
NAT Names
Inside global
Name of inside host after
translation
Real IP [1 (7
Outside global
Name of outside destination host
after translation
;)
F E #
6D I2%
?
';
Static NAT
[1]Creates a static NAT translation between 192.168.10.1 and 192.1.2.109
real&virtual
:E
NAT Table;
N ) ]
[ 4
#
X
192.168.10.1 Virtual IP X
192.1.2.109 Real IP X
Dynamic NAT
[1]Defines a NAT pool (outside addresses) named MyPool with a range of addresses
60.1.1.2 60.1.1.6
-30-@@
2012 || 2008
C C N A
('[ M Y 1024 I' aM 9:) ) k#GY 9 > E 9M ' Port 9:)[ 9:)'
J71 93 #G
[2]Determine inside addresses that will use NAT, that addresses are defined in ACL
table
This output will show the sending address, the translation, and the destination address on each debug line:
Router#debug ip nat
* To cancel the debug 3 H4
R#undebug all
Or
R#un all
-31-@@
2012 || 2008
C C N A
Chapter: 12
Wireless LAN
[WLAN]
2.4 GHZ
5 GHZ
Wireless
Waves
Agency
'h
'
9 )_ 6
j4
Institute of Electrical and Electronics Engineers (IEEE)
; 1 G j#
qX
) G'
c
? (j4
Purpose
Creates and maintains operational standards
Regulates the use of wireless devices in the U.S.
Chartered to produce common standards in Europe
Promotes and tests for WLAN interoperability
Educates and raises consumer awareness regarding WLANs
.& 3B H .
M % $
3: 900MHz / 2.4GHz / 5 GHz : ] M % / $% 5 % D1
f|B 9E
802.11g
Up to 54 Mbps
DSSS & OFDM
2.4GHz
14
802.11a
Up to 54 Mbps
OFDM
5 GHz
802.11b
Up to 11 Mbps
DSSS
2.4GHz
14
3non 1-6-11
3non 1-6-11
12
Data rate
Modulation method
Frequency band
23= ;
Y y8
; 1 87
9
19 = ;%Y y8
; 1 87
9
: 1K
cover area N'M ' data rate ' -1
data rate cover area N'M ' Frequency'
(9 CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) or RTS/CTS (Request To Send, Clear To Send)
4% -2
)s. a#
Y % & )'97 b and g 8
-3
DSSS Direct Sequence Spread Spectrum ||| OFDM Orthogonal Frequency Division Multiplexing
-32-@@
2012 || 2008
C C N A
MESH :
- Root Access Points (RAPs)
'4
I' 6D: q8
- Mesh Access Points (MAPs)
pH
'4
I' 6D : q8
AWPP:
Wireless Security :
1. Open Access
2. SSIDs, WEP, and MAC Address Authentication
SSID Service Set Identifiers '()
'
h
;
98
a
WEP Wired Equivalency Protocol . A #'
;
c.
4
MAC addresses 6E9 ;)
; J71 '4
k#GY r%
3. WPA or WPA 2 [Pre-Shared Key (PSK)]
- WPA Wi-Fi Protected Access and WPA2( )
?Pre-Shared Key (PSK) is a better form of wireless security than
any other basic wireless security methods mentioned so far.
&
K; 1 8
:
> ; )
?( Y % .
4.
-33-@@
2012 || 2008
C C N A
Chapter: 13
Internet Protocol Version 6
(IPv6)
IPv6
128 bits
W E%
Hexadecimal
IPv4
32 bits
16 bit
5611
16 bit
877
16 bit
991A
x:x:x:x:x:x:x:x
1080:0000:0000:0000:0008:0800:200C:417A
1080:0:0:0:8:800:200C:417A
1080::8:800:200C:417A
0:0:0:0:0:0:0:1
::1
loop back I4
local host I4 v4 ;1 127.0.0.1 [
IPv6
prefix-address
prefix-length
| N 6>
F0/1=> 12:34:56:7::1/64
I Y aMY& %Y | N 6> ; prefix length 8 64 .'): N ;1 % q81 2 93 N 4 6E 9% 2)
F0/1=> 12:34:56:8::1/64
-34-@@
2012 || 2008
C C N A
Host Config
Manual
Automatic
stateless
No DHCP
Found in the network
statefull
DHCP
Found in the network
DHCP pH 6 8-
real IP ]#
0010.0000.0000.0000
private IP ]#
1111.1110.1000.0000
multi-cast 3 ]#
You can allow the device to use its MAC address and pad it to make the interface ID.
Prefix length
X
pH
4
98 [
1
r% #K
DHCPv6 Client A node that initiates requests on a link to obtain configuration parameters.
DHCPv6 Server
DHCPv6 Relay
9
; 6>
DHCPv6 Agent
A node that responds to requests from clients to provide addresses, prefix lengths, or other configuration parameters.
A node that acts as an intermediary to deliver DHCPv6 messages between clients and servers.
DHCP 6
#
&
?' a) J ) #1 DHCP I' J2K
r% 9:)4
either a server or a relay. [?3
-35-@@
2012 || 2008
C C N A
RS = Y aM
RA = ; >
aM
generation ; 1 [%) 'X
62) #%) r% two switchs %
state less
Router(config)#int f 0/0
J71 interface ) 4 I' ['2F
Router(config-if)#IPV6 rip 1 enable
process ID q8 8 1 aM
EIGRPv6
1-
Dual Stacking
6to4 Tunneling
Router1(config)#int tunnel 0
Router1(config-if)#ipv6 address 2001:db8:1:1::1/64
Router1(config-if)#tunnel source 192.168.30.1
Router1(config-if)#tunnel destination 192.168.40.1
Router1(config-if)#tunnel mode ipv6ip
Router2(config)#int tunnel 0
Router2(config-if)#ipv6 address 2001:db8:2:2::1/64
Router2(config-if)#tunnel source 192.168.40.1
Router2(config-if)#tunnel destination 192.168.30.1
Router2(config-if)#tunnel mode ipv6ip
v4 ; F I
v6 ; F 6E
IPv6
_ % [ 9:)
Corp#config t
Corp(config)#ipv6 unicast-routing
Corp(config)#int f0/1
Corp(config-if)#ipv6 address 2001:db8:3c4d:11::/64 eui-64
Corp(config-if)#int s0/0/0
Corp(config-if)#ipv6 address 2001:db8:3c4d:12::/64 eui-64
Corp(config-if)#int s0/0/1
Corp(config-if)#ipv6 address 2001:db8:3c4d:13::/64 eui-64
Corp(config-if)#int s0/1/0
Corp(config-if)#ipv6 address 2001:db8:3c4d:14::/64 eui-64
Corp(config-if)#int s0/2/0
Corp(config-if)#ipv6 address 2001:db8:3c4d:15::/64 eui-64
Corp(config-if)#^Z
Corp#copy run start
R1#config t
R1(config)#ipv6 unicast-routing
R1(config)#int s0/0/0
R1(config-if)#ipv6 address 2001:db8:3c4d:12::/64 eui-64
R1(config-if)#int s0/0/1
R1(config-if)#ipv6 address 2001:db8:3c4d:13::/64 eui-64
R2#config t
R2(config)#ipv6 unicast-routing
R2(config)#int s0/2/0
R2(config-if)#ipv6 address 2001:db8:3c4d:14::/64 eui-64
R3#config t
R3(config)#ipv6 unicast-routing
R3(config)#int s0/0/1
-36-@@
C C N A
2012 || 2008
1- Configuring RIPng
Corp#config t
Corp(config)#int f0/1
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/0/0
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/0/1
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/1/0
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/2/0
Corp(config-if)#ipv6 rip 1 enable
Configuring RIPng
R1#config t
R1(config)#int s0/0/0
R1(config-if)#ipv6 rip 1 enable
R1(config-if)#int s0/0/1
R1(config-if)#ipv6 rip 1 enable
R2#config t
R2(config)#int s0/2/0
R2(config-if)#ipv6 rip 1 enable
R3#config t
R3(config)#int s0/0/1
R3(config-if)#ipv6 rip 1 enable
Verifying RIPng
R3#sh ipv6 route
R3#sh ipv6 protocols
R3#sh ipv6 rip
R3#sh ipv6 interface serial 0/0/1
R3#debug ipv6 rip
2- Configuring OSPFv3
Corp#config t
Corp(config)#int f0/1
Corp(config-if)#ipv6 ospf 1 area 0
Corp(config-if)#int s0/0/1
Corp(config-if)#ipv6 ospf 1 area 0
Corp(config-if)#int s0/1/0
Corp(config-if)#ipv6 ospf 1 area 0
Corp(config-if)#int s0/2/0
Corp(config-if)#ipv6 ospf 1 area 0
Configuring OSPFv3
R1#config t
R1(config)#int s0/0/1
R1(config-if)#ipv6 ospf 1 area 0
R2#config t
R2(config)#int s0/2/0
R2(config-if)#ipv6 ospf 1 area 0
R3#config t
R3(config)#int s0/0/1
R3(config-if)#ipv6 ospf 1 area 0
Verifying OSPFv3
R3#sh ipv6 route
R3#sh ipv6 protocols
R3#sh ipv6 protocols
R3#sh ipv6 protocols
Corp#debug ipv6 ospf packet
Corp#un all
No shut _
k#GY
; ) X 93) 3
#$%
-37-@@
2012 || 2008
C C N A
Chapter: 14
Wide Area Networking
[WAN]
3B 57%5 , /A #=: : ( ) uB4
Defining WAN Terms:
Customer premises equipment (CPE)
Demarcation point
Local loop
Central office (CO)
Service
Demarcation point
6
k#G _(_ F k#G % 6(. ;)
? 78
;
LAN2
LAN1
R
O
;4T k
Central
Office
k#G[ 1 X
k
CPEI4 6
Local loop
I4 .
HDLC
High-Level Data-Link Control
protocol
PPP
Frame Relay
Point-to-Point Protocol
: 3B >B H2
: 3B >B H2
: 3B >B H2
1-lease line
1-lease line
1-Frame Relay
2-ISDN
3-Dial up
] f D1
* You cant use HDLC or PPP with Frame Relay.
1(
X
fH4 1-11%
LCP (Link Control Protocol)
With Frame Relay there are two encapsulation types:
;1 6 D
? I
D 9)
+ u"
% 2-Layer2
1- Cisco
2- IETF
NCP (Network Control Protocol )
L3 &
_6) 97
3- Authentication protocol
-38-@@
C C N A
2012 || 2008
Base config:
IP [? interface 62F -1
OSFP RIP
93 -2
: ;1 9:)4 PPP
1- Lease line
2- Dial up
3- ISDN
6
%
s.
> ; % Y 9:)4
a;
s. Y% ; >
9:)4
a;
Frame Relay
(( ;
2
Lease line 9:)4 9% )) 93 > I' r9
a47
Frame Relay 1 m g 11% H2 '.B TCP/IP 11% 9."
Frame Relay
* Frame Relay has become one of the most popular WAN services deployed.
* Frame Relay is a packet-switched technology
* Frame Relay, by default, is classified as a non-broadcast multi-access (NBMA)
1- devices using (DLCI) Data Link Connection Identifiers N
'aM?;
Local Management Interface (LMI) /#2% Signal (, )D Up 24H 1(
PVC 3 +A
is a signaling standard used between your router and the first Frame Relay switch its connected to.
ISP 9:
k LMI 9 ;'
-39-@@
C C N A
2012 || 2008
Give you the LMI traffic statistics exchanged between the local router and the Frame Relay switch.
** Tunneling protocols
"+% #A 1 f' "=logical 1(
tunnel EK
1- Point-to-Point Tunneling Protocol (PPTP) (open standard)
2- Layer 2 Tunneling Protocol (L2TP) ; >
X( open standard)
3- Generic Routing Encapsulation (GRE)
4 I' J71
IPsec encrypted
IP Clear