-1-@@

C C N A



  

2012 || 2008

CCNA
Cisco Certified Network Associate

2012

4 :

  .

@ @
ALFAHAID@GMAIL.COM

 2008 /  1429 :  
 

 2012 /  1433 :   
:: %!"
# "$
%&'( 

::

-2-@@



  

2012 || 2008

C C N A

:   

"#$

%&' "()* +, "-' ./#' ./     ! 
."#
' ",' 012'
:   34

56' 6%) .78 69' * 1 1# :; 6-< =>?  

. " 2 )
: ,#@$> 0%

,,7 37' -! BC DE#F G H I J K

5 = L6@7 &M " 
(T7 ) " *?%& NM +2' ( 0'O
' I - PQ' I -5 0R6 />8 6<,

  
 


  !  "#$% &

@ALFahaid
https://twitter.com/AlFahaid

% 3

3  

 -. 18 : '( )! *+

Dropbox

/ 0 1 2

https://www.dropbox.com/sh/s9xdu87q5r73q2r/MjqYNGCl7N?%20m

-3-@@

2012 || 2008

C C N A



  


The Contents
Ch1:

Introduction To Network

Ch2/3:

IP Subnetting

Ch4:

Cisco Router

Ch5/6:

IP Routing

12

Ch7:

Access Lists [ ACL]

18

Ch8:

Managing Cisco IOS Software

21

Ch9:

Switching [ Layer 2]

24

Ch10:

Virtual LANs [ VLAN]

26

Ch11:

Network Address Translation

[ NAT]

29

Ch12:

Wireless LAN [ WLAN]

31

Ch13:

Internet Protocol Version 6

[ IPv6]

33

Ch14:

Wide Area Networking [ WAN]

37

    
 - "    #$% &'(#
http://www.mediafire.com/?3maerm7vmi0x4x7

-4-@@

2012 || 2008

C C N A



  

Chapter: 1
Introduction To Network
Whats Network ?
 
Network is a group of computers connected with others to share data.
   #$% & '()   
Types of Network:  

: WAN LAN % .
1. (LAN) Local Area Network )
12 34 -1
2. (WAN) Wide Area Network
leas line/frame relay/ATM :6> ..  678 9: ; Service -2
3. (MAN) Metropolitan Area network
(( 4 ; 1 7? A ))89 ;?2
4. (SAN) Storage Area network
( LAN 6E 9G)14' DE
F
: 9%  
 ;1 LAN )
F % 6D )7H
5. (VPN)Virtual Private Network
Security > # & I'A Dial up -2
VPN -1
GE N ) Extranets' E N )  8Intranets
6. Intranets and Extranets. L J% I' J2K LAN  #M1
SAN 6 ;1K F
:1) 
  14 J%  #).R
:% 7 X Disaster Recovery  SAN  9T.
Cluster service -1
Backup H)3 :4 6 -1
High speed internet -2
Load Balance 3Y & -2
VPN 6 ;1K F
'DY LAN %  )('
LAN
(h  )8
1-modem
2-NIC
3- Tel line
.' JE

Dialup

LAN
-1Remote site

-2Remote user

VPN

Network
Access
Service

VPN 9:)%
)E_    I' ^1 ;
Tunnel [; F 9:)4 N ) ]; 1
NIC = Network Interface Card
DNS
IPM I & M a 6 [).R
ARP = Address Resolution protocol
ARP
MAC I IP 6
RARP
IP I MAC 6
Logical ;7?8 Physical 
Virtual ;K)1 real ;773

1
2
3
4
5
6

a
HTTPS
HTTP
FTP
SMTP
DNS
TELNET

[).R
 ' . + c.(
 ' . 9% + c.(
.' 6 / &1
9' 
M I & M a 6
9%  ]

[M
343
80
20/21
25
53
23

-5-@@



  

2012 || 2008

C C N A

# OSI-RM [ Open System Interconnection Reference Model ] :

OSI-RM

98 9 

7) _

Application

data

Presentation

data

Protocol

HTTP-FTP-SMTP
DNS-TELNET
HTTPs-POP3

Session

data

Transport

Segments

Network

Packets

DataLink

Frames

Physical

TCP

UDP

HTTP-FTP
DNS- TELNET

TFTP-DNS
DHCP

IP ARP

LAN & WAN

TECHNOLGY
1

Device

Bits

1-Router
2-Switch[L3]
1-Bridge
2-NIC
3-Switch[L2]
1-Hub
k#GY 6D) 9:)4

2-Repeater

.R
Interface between
app & protocol
-compressionJ2K
-conversion6
-encryption.
-monitor M
open session on
the host
Delivery method
'  j4
6D)
Provide logical
address [address
for delivery on
network]
Provide physical
address [MAC]
000011011
000111111

TCP/IP

(1)

Application

(2)

Transport
(3)

Internet

(4)

Network
Access

F] )
 9:)4

1-TCP/IP 2-IPX/SPX 3-Apple Talk : [)'>[ 7?    OSI-RM

TCP= Transmission Control Protocol [Reliable method] UDP= User Datagram Protocol [Unreliable method]
.J71 #8 6.Y 7?  #8 I'Y 7?  _( & DE [ 7H 6
_k' a'
) ; > ; % a'
) 93 6> ) 7)_? );  ; ' ] : 97    
. ( 93 2 8

[Start->run->\\ # a ]OR [Start->run->\\IP address] Eo #' Y pH  E9
Protocol )3 
6E) '[ 3; F 6
.500M [)14 Repeater 6 Y (4Reapater) I ) 3 q8( 2.5K)  Repeater # 14 I(M
r9 % 1 X mac table G  Hub Switch k
( CAM= Content address memory ) MAC table = CAM table = Bridging table : ;s.
.k#GY % 6D) ; 1 s 
 6D ;1 9:)4  
(. / 1 % 2)
Logical topology 7?8

Network Topology (+( ,

Physical topology 

# Network Topologies [Physical]: 

 
F
12345-

8
Bus
Star
Extended
Ring
Mesh

k
p?) ; 1 #
p?) ; 1 #
No collision 9' (6( 


'; 
1 '
 ; 
4T J: ; 1 '
 6(3 
'; 
1 '
 
center point ;1 '
 6(3 

-6-@@



  

2012 || 2008

C C N A

# Network Media : 678 ; 1 JT 

Coaxial cable
Thick
Thin
)500=(7 14
1000/100/10=4

1- Copper ;
Twisted Pair cable [TP] .'
STP
UTP
ScTP

)185=(7 14
mbps100/10=4

Shielded TP
6
X 9:)
9  7?8%  
# G

BW r9 

# Ethernet Cabling :
1- Straight-through cable
2- Crossover cable
3- Rolled cable (Router=>Host)

Screened TP

2- Fiber
3- Wireless
Optical
3(45
T$  Y

UnShielded TP

;1 9:)4 X
6

100 Base T
Baseband;K
#4

Broadband$.

37" + *
: 9: $" ,

32)

14

.'): k#GL 9:)4

#%) k#GL 9:)4
()%_ )
) N# & J71  'Config 6 9:)4

9M
Host & Router #%) k#G
Switch & Hub #%) k#G

Console cable
1-Rollover
(
F X.8 <=
F X.8 )
RG45

RG45


2-adapter
(
F X.8 <= FF X.8 )
RG45

DB9

.6
a% Mh [ s ( console port ) [ X.8 9G [ x1 a'' -

-7-@@



  

2012 || 2008

C C N A

Chapter: 2/3
IP Subnetting
* What Is a Subnet?
A subnet is a physical segment of a network that is separated from the rest of the network by a router or routers.
p8)  I4 93 k x1 kG I 
a47 a) 98 )(E% ;
* The benefit from subnet : 92>"= 

1- r9  I' y1
2- #4% '
 I' )
* IPv4 :
1- 32 bits.
2- Decimal number representation
10.10.1.0 : >6#4)' 9:)4
3- Dotted decimal -.-.-.- 4 octets and every octet consist of 8 bits
# Rules : 5 @ 7 IP 5 A1>
10 <= octet <= 255
21 <= octet 1 <= 126 or
128 <= octet 1 <= 191 or
192 <= octet 1 <= 223
3- all host bits must not = 0
broadcast = )
% .D #' N  
all host bits must not = 1
network address = )
% 93 #' N  
**** number 127
Trouble shooting ' 

10.10.1.0 TkG [1

Network ID

Host ID

host; 8 IP  8%
Subnet
F ; 1 G

 ;  81%
capacity of network

1 - 126
128 - 191
192 - 223
224 - 239
240 - 254

Class A
Class B
Class C
Class D
Class E

IP

Subnet Mask
% ; .)% ;' ;
network ID & Host ID

Used for network

;1 [ 6) ;' X


Multicast
Video Audio

Future

h
 9 X  Y octet *
Network
address

;'
a#8%
Valid
range

Broad
cast

Subnet Mask (SM)

| N 4 I' >
192.168.0.1/24
255.255.255.0
# Rules : _ c'( subnet mask ) E_
1- .D; M   
 .D 93 9% #y 
; | N 4 ; 1 8
  MY 6; 
 8
0 or 255 or this number only
0000 0000
0
128
1000 0000
192
1100 0000
1110 0000
224
1111 0000
240
1111 1000
248
1111 1100
252
1111 1110
254
1111 1111
255

class
Class A
Class B
Class C

Default SM
255.0.0.0
/8
255.255.0.0 / 16
255.255.255.0 / 24

IP
Network ID
IP ;1 k 
93 '6%7
SM ;1

Host ID
IP ;1 k 
.DL 6%7
SM ;1

-8-@@



  

2012 || 2008

C C N A

1>
IP ;1 9:)4
k#GY 9
:'H [ 9:) 9M

  -1

Number of Host = 2n - 2

( 8
 k#GY 9 )

or

/28 93 9 X
2n = Number of Host + 2

n = number of host bits

SM | N 4 -2

28 27 26 25 24 23 22 21 20
256 128 64 32 16 8 4 2 1

= number of zero bits

)E_; 1 [)

SM 3B 1D1# " A 3'E

& 6) [)  8
.DY

---------------------------------1---------------------------------

( . 
 )9
:'H [ 9:) 9M
SM -1

9 -2

Number of Subnets = 2y

)E_; 1 ; ? 
Subnet Mask
['M X   7 X 9:)

(default)

Y = new SM (93 9) - old SM (93 9)

new SM = Y + old SM

}4 ; 1 )' |? * _

6) [)  8
93& 

---------------------------------2---------------------------------

---------------------------------3--------------------------------'H [ 9:) 9M
1-IP valid or not
2- valid rang
3-network address
4-broadcast

 7 X 9:)_ % E ;F
Block size (BS) = 256 [255 0 A | N  ;1 G 9 ]

255.255.255.142
&% XE ; _1 ;8
192.7.8.70

 IP.address ;1 octet aM 2D BS M N   : 6#4)'

BS M I' [4M; _ 1 octet M XE
N8 ; 9  '; c( 9 XE 9% BS M ;1 [%K 8
point-to-point #=
/30

)E_; 1 ; ? 
Address
 7 X 9:)

0 & 255  A aM[ 1  SM 

F 9 qX 9:)4 6% BS 9M 9:)4  8#1
Network address
Broadcast
/8

X.0.0.0

X.255.255.255

/16

X.Y.0.0

X.Y.255.255

/24

X.Y.Z.0

X.Y.Z.255

Valid rang
X.0.0.1
X.255.255.254
X.Y.0.1
X.Y.255.254
X.Y.Z.1
X.Y.Z.254

: I4 ( I' )

 ; 1 subnet mask  > 9G 

VLSM
Variable Length Subnet Nask
: I4 ( I' )
 ; 1 J71 subnet mask q93 9G 

Non VLSM
DisContigous <== I4 class  > subnet mask  > 9G * 
Contigous <==
I4 class 93 subnet mask  > 9G * 

Summarization
Larger Network address smaller Network address =

IP  > #1
F ; ? : >
172.16.1.0/24 - 172.16.2.0/24 - 172.16.3.0/24

  2(  H

sm=24-9=15

172.16.3.0
172.16.1.0
----------------0 0 2 0
1bit+8bit=9bits
: ; )  99 | N 4 


28
256

27
128

26
64

25
32

24 23 22 21 20
16 8 4 2 1

. &7  # X ; 9 NET ID | N 4 hE  Net ID Host ID 99 

 *
'): 
 N  6; 1 | N 4 [ %) * 

.( Y octet hE  H ) h[ 8 &'H IP Y; 1 R  97 | N 4 * ? ;

-9-@@



  

2012 || 2008

C C N A

Chapter: 4
Cisco Router
Router
External component
Interface
LAN
Config port
WAN
E F G 10G

-serial

10 100 1000 10000

(lease line/frame relay)

- ISDN(BRI/PRI)

Subnet subnet

-ATM(ATM)
LAN LAN
WAN WAN

Internal component
1- mother board
2- Rom Ram
3- Flash memory
4- NVRAM
5-Non Volition RAM
6- CPU
7-power supply

-console
- auxiliy

# Internal component   1(#

1- ROM ( q4   4 aM )6 63
a) store boot strap protocol & post
b) Rommon ( Ram monitor ) for trouble shooting
c) mini IOS

2- Flash memory #' kE : #9T1

- store IOS Image
3- RAM   9] k: -2
. IOSk: -1 : #9T1
- store decompressed version of IOS Image
- store running config
4- NVRAM ?) _ 
- store startup config
# Tow type from config :
1- Running config 2F  
2- start up  'boot up ' NM; 1
Router
LAN

Interface
WAN

Config port

Static

Routing table
Dynamic
Routing Protocol
Interior
Exterior
Distance
Victor
Ex:
-RIP
-IGRP

Link
state
Ex:
-OSPF

Hybrid
Ex:
-EIGRP

Ex:
-BGP

: IOS [Internetwork Operating System] % H2# + G *

IOS image OR image : I4  3
Reinstall upgrade [' 

*.bin : 62)  y ' 9)*
1K
[' 6 :F
 # F ) (
(F  
) ) (E config 6 '; : [   9:)

F X.8  FF X.8 console [ 6 | Aux )1 ;1

: % +% K #
7?

99G   
 9:)4 (  [ 6 ) Console Session 9:)%
1
99G   
 9:)4 (  [ 6 ) Auxiliary Session 9:)%
2
J71 p%Config [ IP [   
 9:)4 ) Telnet Session 9:)%
3

-10-@@



  

2012 || 2008

C C N A

Method for config router

CLI
Command Line Interface
Command

X 6
62
62)  y 6
; 1 k: J2$ | .
 '
config 6

1
2
3
4
5
6

SDM
Security Device Manger
GUI

Boot up Router % +% 1L

Boot strap
ROM; 1 G X
Run post [Power on self test]
Load Image [IOS]
flash #'
Decompress Image & store decompressed IOS into Ram
Display information from post program
Load configuration content from NVRAM

6'  7 X

' 'E9  
  h  9)

start up #

setup mode  62)  981 ( 99G  (  

 X )NVRAM ;1 ;F I7  
: setup mode H4' A
*& 
Basic management -1
Extended setup -2
( '| 4 1 ) p8 ' 4 [8
)  DSL * 

Any [pc] on the network and has IP

Host [ client // server ]
End user 9:)4 s.
End system # s.
93  # Edge or interface port or router or hub [terminal]

Commands
Router>
Router>enable OR en
% E"%
Router#
Router#disable % LE%
Router>
Router#config t
A-M=7H 1 
Router(config)#
Router(config)#int f0/0
-M=7H 1 
Router(config-if)#
Router(config-if)#exit
-M=7H 
H
Router(config)#end OR ^Z
A-M=7H 
H
Router#
Router#? ."45 A H2%
(#  #(% QBA 
Router#conf ?
#( TAB % /A T 9U
E  
V W X
Router#config t
Router(config)#host yaser
yaser(config)#
Router(config)#banner motd $
(( motd= Message of the day))
Hello. This router for center control $

User Mode
Privileged Mode
You can go back from privileged mode into user mode
by using the disable command.
Terminal (any changes save in DRAM )
Memory (any changes save in NVRAM )
Network (any changes save in TFTP or FTP Server)

Int = interface , f= fastethernet

Editing and Help Features

L4 L4  (.G (Enter ) QLT
$" $"  (.G ( Space ) QLT
"Hostname"
W\ ..
E % #A
A  # 
Z BE# > K 3 Banners
Enter T 9U WD . $] .  .' 3B  _ A

-11-@@

C C N A



  

2012 || 2008

Router#show run
static route $ 14 WT] -5  bK  E4 
Router(config)#do sh run
Router#show history
Router#sh start
Router1#copy run satart
Router2#copy run satart
Router1#erase start
Router2#erase start
Routr(config)#enable password RRRRR "+ _ 14
Routr(config)#enable secret RRRRR "+ 14
Routr(config)#NO enable password
Routr(config)#NO enable secret
Routr(config)#line cons 0 // aux 0 // vty 0 4 (telnet'E  ) % 1 X2V
Routr(config-line)#pass RRRRR
Routr(config-line)#login
Routr(config-line)#exec-timeout 5 7
Routr(config)#enable password RRRRR "+ _ 14
Routr(config)#enable secret RRRRR "+ 14
Routr(config)#NO enable password
Routr(config)#NO enable secret
Router#sh run
Router(config)#service password-encryption
Router(config)#no service password-encryption
Router(config)#int f0/0
Router(config-if)#desc Sales Lan
[1] Router>en
Router#conf t
Router(config)#int f0/0 AND f0/1
Router(config-if)#no shut
[2]Router(config-if)#ip add 10.10.10.100 255.255.255.0
[3]Router(config)#int s0/0
Router(config-if)#no shut
Router(config-if)#ip address 10.10.20.1 255.255.255.0
Router(config-if)#clock rate 64000
Router#ping 10.10.10.1
Router#sh int f0/0
b"1(
A 1E E
Router#sh ip int
Router#sh ip int brief
Router#sh controllers serial 0/0
Router#sh ip route
Router(config)#int f0/0
Router(config-if)#ip address 10.10.1.100 255.255.255.0
Router(config-if)#no shut
Router(config)#ip domain-name xp
Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# username a privilege 15 password 0 a

Privileged Mode 3B 1( 5 SHOW 

Privileged Mode config WT 3B f>L% 9%   A > K

 10  g E  Z
Config  1E E
NV-RAM 3B % config j"$  Z

Delete the startup-config l  Z

User Mode V
 1  2 9: Z -1
"+ _ " + > L Privileged Mode /
f2"  : NO m\ 2 9:

 >5 : Z( telnet Auxiliary console /A  #V #E -2

4 9: XL Privilege Mode / User Mode V

2 9:  Q: 3.' 

E Q: p'E L4  g
( Q:1 3.' #B 0 0 V 1) 31U=7 b=:= 5

User Mode V

 1  2 9: Z
"+ _ " + > L Privilege Mode /
( Privilege password /#2  WT) '
f2"  : NO m\ 2 9:
. 9% 3  2 :" +   > K
Encrypting Your Passwords
(To cancel previous command)
1 BE  # .2 t$ 1 u" m1 > K Z
Descriptions1.4 A2 f#A
To config any router interface you must do this steps:
Interface configuration
Add = address
% $B +% E"% 1L '
Serial Interface Commands
(3TB5 Z  )L2 X(  DTE  2  1
(A2   )X( DCE  2  1
Data circuit equipment //// Data terminal equipment
Verifying Your Configuration 5 #E% 3(  +  5

Up=#E% = " ,(

5 ip .  #E%  interface   E
5 ip .  #E%  M7H interface E
DCE or DTE 1   2 E45
routing table  E
SDM you must configure

+% > B pE Z Z L2

http OR https
"+ #E% 0  # H2 94 1 AV

-12-@@



  

2012 || 2008

C C N A

Chapter: 5/6
IP Routing
| IP ;? DHCP
WINS a97 DNS 99
Routing
9 ; 8

Routed
N; 8

Route
4
1- Static 2- Dynamic

Router
# s.
: route types fD1
> K *

Static -1
:k
 % r9  I' y1 -3 Security > -2 'T  )  
  -1
:
? E( 3 -3 admin I' 9# 6 
1 2 6(3 -2 J71 2( '
 -1

tow LAN
(, /A %
 % >  
K
3] % 3B 1D1# Subnet 3 and 4 E  % 3B Config #A : 5
R1(config) #IP^route^10.10.3.0^255.255.255.0^10.10.5.2
R1(config) #IP^route^10.10.4.0^255.255.255.0^10.10.5.2
 % 3B 1D1# Subnet 1 and 2 E 3] % 3B Config #A :  U
R1(config) #IP^route^10.10.1.0^255.255.255.0^10.10.5.1
R1(config) #IP^route^10.10.2.0^255.255.255.0^10.10.5.1
aY ; C | #y R1&2#sh^ip^route 9 ')
.. Y 6M NO &K 2
Stub network = network has one exit interface

EY #' IP     Default Route 9:)


R1(config)#IP^route^0.0.0.0^0.0.0.0^10.10.5.1 ; > ;  1 ;s.
Router#traceroute 10.10.3.1 % 12 /A Z
Router#tracert 10.10.3.1
Q41. 12 /A Z
Ping fB 1 (+#  ( $% 5  7% 1D
A H  1

Q7V 1 (+# ( E% 11 ( /V 7# 

Q( 2 W%
From recourse to destination

Dynamic -2
  _9:) q8 8
% .
Routing protocol
Routed protocol
- ptotocol used for building routing protocol ..
- protocol used for building packet hat need
ex:RIP-EIGRP-OSPF
to be routed .. ex:TCP/IP-IPX/SPX-Apple talk
Forwarding table 6% hD N
 6% 
autonomous systems (AS) '7)4  y Y
y1 I 9#  subneting [ ' r9  I' ^13Y 2D kG I ;  1 4 & a47  qA  6> ; 1 resource I'
65000 I 1  AS aM& $ 
 #(Interior) Intra-AS = AS 6E
#(Exterior)Inter-AS = ASE Gateway router : Direct link to router in another AS

-13-@@



  

2012 || 2008

C C N A

Routing table
Static

Dynamic
Routing Protocol
Interior
Distance
Victor
Ex:
-RIP
-IGRP (for
Cisco)

Routing Protocol
Distance Vector

Link
state
Ex:
-OSPF

Exterior

Hybrid
Ex:
-EIGRP

Interior protocol [details] 'E_ %

kind
*AD
I' 6
**Num ***Algorithm
RIP
120
Open
15
BellManford
IGRP
100
Cisco Only
255
BellManford

Ex:
-BGP (for
Cisco)

R'
Small network
Large network
G A cD X

Hybrid

EIGRP

90

Cisco Only

255

Dual

Large network
Protocol RTP

Link State

OSPF

110

Open

No limit

Dijkstra

Large network

; > Y % ':

IS-IS
*AD= administrative distance
**Max hop count
 ?% 'K. ; 1  #9:)4 [ 6(  
 I(M a
cost  4) 6MY XE
hop count   
Protocol RTP:

*** Algorithm )E[  9T1

Best path selection

 | X unicast [ 6    ack G   [9T1

* Distance Vector Routing[RIP/IGRP]:

1. Max hop count
2. split horizon ' 9( I  ' 9  r% & '8 87
3. Route poisoning 1+ ;? 8
F c? p'2  r% 87
4. holddown timers r a 8) . y)8
Convergence time 
>
Routing table 8  qXE X NM

[1] Routing Information Protocol (RIP) [Distance Vector]

RIP v1
Classful Routing
SM 9% net add r q8
No support for VLSM .'): | N84 a9 _
No support for discontiguous networks( .'): ' )4'4)  A N
Use broadcast

VLSM

RIP v2
Classless Routing

4 a9 _

Support for VLSM

Support for discontiguous networks
Use broadcast or multicast-Dh; 1 9:)4

contiguous
FIXED LENGTH SM

discontiguous
VLSM
Non VLSM

-14-@@



  

2012 || 2008

C C N A

* RIP Timers types :

1. update timer: (30 seconds) q> 9 r 8) 1 6 q8
2. invalid timer: (180 seconds) ' ; 2' 9  hE 9 ; G 
3. flush timer: (240 seconds) Routing table  #4 9 G    240 N#) X'[
 M ;' s.
4. Holddown timer: (180 seconds) ...... % DE
Configuring RIP Routing
3] % 3B .#E \ > L u"
( ' .A \# 3 ) Q'2 9:> B % W

R1#config t
R1(config)#router rip
R1(config-router)#net^10.10.1.0
R1(config-router)# net^10.10.2.0
R1(config-router)# net^10.10.5.0
R1(config-router)#ver^2
R1(config-router)#^z ==> '' E [control + z]
R1# sh^IP^route
R1#debug^IP^RIP

># . 3B 3 Q2 % /A 3( + X(% : #. GV -

3TB .> 3 1H" 

4 V2 / .>'
V1+

.>2  .4 3 Q 3'#E%

passive-interface
Router#config t
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#passive-interface s0/0
[2] Interior Gateway Routing Protocol [IGRP] [Distance Vector]
 V 1D1 _ @ Z IGRP EIGRP 1(22  511%
IGRP
Classful Routing
No support VLSM
No support discontiguous networks
Uses an autonomous system number #$% ' 
ASaM s.

_ 


Use broadcast
Cisco
* IGRP Timers types :
5. update timer: (90 seconds)
6. invalid timer: (270 seconds)
7. flush timer: (630 seconds)
8. Holddown timer: (280 seconds)
Configuring IGRP Routing
R1#config t
R1(config)#router igrp 10
R1(config-router)#net 10.10.1.0
R1(config-router)#net 10.10.2.0
R1(config-router)#net 10.10.5.0

same RIP with one important difference:

you use an autonomous system(AS) number
(Here10) .

R1(config)# no router igrp 10

To Delete routing table built by IGRP

show ip protocols %  , 11% E

debug ip igrp events .4 .>4 3 Q
debug ip igrp transactions 3$ Q:1 3B z $% 3 V

; >  I' ?: s. p?)% 7 -

-15-@@



  

2012 || 2008

C C N A

[3] Enhanced Interior Gateway Routing Protocol [EIGRP][ Hybrid]

>B EIGRP .E E WL2 ( TCP/IP - IPX/SPX - APPLE TALK ) " H# 511%* 
EIGRP
Classless Routing
support VLSM
support discontiguous networks
Uses an autonomous system number
Cisco
Communication via Reliable Transport Protocol (RTP)
* Build three table :
1- Neighbor table  [  G ;;   
2- Topology table 8 62) ;' aA' '   9G 8
3- Routing table  '4  43[ 1; F E 8
Feasible successor I4 4 43  ; successor route I4 4 43
Load Balance: T" 2#  #V W 1% 
Configuring EIGRP Routing
Configuring Discontiguous Networks
R1(config)#router eigrp 100
255 9 aM& K| 8
 AS aM q8 8 aM
R1(config-router)#net 10.10.1.0
R1(config-router)#net 10.10.2.0
R1(config-router)#net 10.10.5.0
R1 (config-router)#no auto-summary
To make manual summarization
Router(config)#int s0/0
Router(config-if)#ip summary-address eigrp 10 192.168.10.64 255.255.255.224
show ip route
show ip route eigrp
EIGRP ? 
show ip eigrp neighbors
neighbor %
show ip eigrp topology Topology table %

94 j"V j"V 12

E
9: % W 3] % /A >L 3+ u"
Q X2
f|B

discontiguous EIGRP (+ Q 1

WD f%=B Auto summarization H2
IP X2V /A . /& 4 Q X2
/8 &4 Q X210.10.1.0 ==


: ]
172.16.0.0 ==


/24 &4 Q X2

...no X  +A

Shows the entire routing table
Shows only EIGRP entries in the routing table
Shows all EIGRP neighbors
Shows entries in the EIGRP topology table

subnetmask 1 discontiguos X4 1(% Auto summary *

[4] Open Shortest Path First [OSPF]

[Link State]

OSPF
Classless Routing
support VLSM
support discontiguous networks
Uses an autonomous system number

Area I4 2D 93 4M I  #47

Convergence time 6'7 q9T1 a  7.  -Area 0 ; Back bone I4 c'?( #

Support IP only.
Manual Summarization.
Use Wild mask [inverse sm] [Wild card mask]
93 I  .DY' M .D I 93' M 

-16-@@

2012 || 2008

C C N A



  

Subnet mask H2 5 Wild Mask H2 OSPF : #. GV *

Backbone /#2% area 0 3B 1( 5 config OSPF *
S3 [AD/cost] *
: ] ... , Wild Mask 2V > K
/28
255.255.255.240
255.255.255.255
-------------------0 . 0 . 0 . 15
* Build three table :
1- Neighbor table
2- Topology table
3- Routing table
100,000

Cost (metric) =
BW [kilo]

Router ID (RID): is the highest IP address used to identify the router. [Identification]
Link is an interface on a router.
Link-State: the status of link between two routers |8'  3
Link-state database (topological database).
Area:  a#$% % 6( AS  kG

IP I'

Routing table: % 3B 2 2#

2V 3'E
Adjacencies router : DR and BDR [T sT ' J71 r ; 8neighbor router 6>
Designated router (DR) : sT 6> )
backup designated router (BDR): sT  T 6> )
# DR election based on: BDR DR H K ( t > % 1 1D 
. EK )
1- Priority [highest] ( 255 =  I'  ) I' 1 ; 
K)1_%
2- RID [highest]  qXE IP I'
DRouter I4 (  ; M% ) ; M%
BDR DR H D1 5 Point-to-Point V 3B
DR & BDR H' A 1(
- Multiaccess Broadcast Net [ Ethernet :# > ]
- Multiaccess NonBroadcast Net [ Frame Relay :# > ]
Configuring OSPF Routing
R1#config t
R1(config)#router ospf 1
R1(config-router)#net 10.10.1.0^0.0.0.255 area 0
R1(config-router)#net 10.10.2.0^0.0.0.255 area 0
R1(config-router)#net 10.10.5.0^0.0.0.255 area 0
* To change priority
Router(config)#int s0/0
Router(config-if)#ip ospf priority 2

2 V 3]% 3B Process ID [local] % /A= p'E V 9:

config
 ] /A ospf , : p'E fB wild Mask WT'
3] % /A A u" 12 DR 1 1: % E' Priority  

-17-@@

2012 || 2008

C C N A

show ip route



  

Shows the entire routing table

% ( b"1 Q#A 5 .B1, : 5 11% Z. 1#E# L 1, +A

show ip ospf

Display OSPF information for one or all OSPF processes running

on the router.

show ip ospf database

show ip ospf interface

the number of links and the neighboring routers ID

Displays all interface-related OSPF information.

Loop back Interfaces

IP /A Z RID *
3B ( 3 X2 Z config    E  IP  shot down 7V 1
( *
. = " ,
A G'  logical IP b K
A IP QU /B (+
Loopback interfaces are logical interfaces

Physical IP f#4 3, /2 Logical IP /> #

Physical IP /A Z g f>  Logical IP /A Z

Configuring Loop back Interfaces

R1(config)#int loopback 0
R1(config-if)#ip address 172.16.10.1 255.255.255.255
R1(config-if)#no shut

-18-@@



  

2012 || 2008

C C N A

Chapter: 7
Managing Traffic with
Access Control Lists [ACL]
R

ACL
C1 permit HTTP
C2 permit SMTP
C3 deny FTP

A
C
L

:h
>
R1 [OK] HTTP
R2 [NO] FTP

action Y G]
action Y 
permit 
deny &8

 A ;F G 
>
;8$ & 8 ; 1 
% TELNET: h

implicit deny ;8K &8

. :  E9 ; 1 
 :  3 ;1  E9  3 ;1 #?% a #8%_
.J71 q93 E p? ACL  > G  : 9M Types of access lists [ACL]
Named

Standard

Extended

-choose from rang aM #?_

1-99 or 1900-1999
- Conditions based on:
1) Action ( deny or permit)
2) Source address of packet:
0Host(single IP)
0Subnet(many IP)
0Any

-choose from rang aM #?_

100-199 or 2000-2699
- Conditions based on:
1) Action ( deny or permit)
2) Transport protocol(TCP or UDP)

aM s a J3 .  8
BlockSales 6>

(if any packet made by app protocol

 
'%Y; 1 2F % ;8)

3)Source address
(Host-Subnet-Any)
4)destination address
(Host-Subnet-Any)
5)Application protocol that built
packet

[1] Standard access lists [ACL]

Conditions( J71 jF 99  a#9:)_ ) :
- source address
- action ( permit or deny )

Host

Source
Subnet

Any

Standard

Extended

-19-@@



  

2012 || 2008

C C N A

Configuring Standard [ACL]

[1] Create conditions , Determine specific IP
Router(config)#access-list 10 deny host 172.16.30.2 J71 93 #G &8
OR
Router(config)#access-list 10 deny 0.0.0.0 172.16.30.2
Determine any packet
Lab_A(config)#access-list 10 permit any 1 ; 1 [)8 ;'  A N
% Y c
OR
Lab_A(config)#access-list 10 permit 0.0.0.0 255.255.255.255
Lab_A(config)#access-list 10 deny 172.16.30.2 0.0.0.255 ' N  &8
[2] Assign ACL on interface Dest D ; 
 1 ACLs4Y& K T
Router(config)#int f0/0
Router(config-if)#ip access-group 10 out
* Controlling VTY (Telnet) Access
Lab_A(config)#access-list 50 permit host 172.16.10.3 telnet 9:)4 [ N84 ; 1 93 : 4' 7H
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 50 in
R(config)#no access-list 10 or 50 'which number you chose it'

Any ==> 0.0.0.0 255.255.255.255

Host
0.0.0.0
X  N% & 8  8 J71 93 F [1
172.16.30.2 N#

wide mask 8
make the dest OUT
out  8 6DY
'4   % ;1
R (config-if)#ip access-group 10 IN
out in 

ACL  2 7H

: | N 4 ; & % o hE  8 N  &8 63 7H *

BS k  '-1
Broadcast Network address 99 -2
( wide mask ) ; : %  a#3? -3
R (config)#access-list 10 deny 172.16.30.0 0.0.0.0 : ;o 6 
 % 4
wide mask 
 % ; > Network address 
% Y IP r%
[2] Extended access lists [ACL]
* Extended ACL:
1- source 2- destination 3-protocol[packet type] 4-action
8 # 9M
-Assign ACL on source interface and make the direction IN
:1]
action

source

dest

Protocol

Telnet

R(config)#access-list 110 deny TCP any 172.16.1.0 0.0.0.255 eq 23

TCP
HTTP/TELNET/FTP/SMTP 6> APP layer 7H ;1 62) % X 9:)4
TCP/UDP  ) )  1 APP layer 7H ;1 62)  IP
  
Any
des I  D   8 #G 6 : q8
Source
Dest
Host
Subnet
Any
Host
Subnet
Single IP
subnet   H
93 #G   H
8

Any
#G    H
:2]

R(config)#access-list 110 deny TCP host 10.10.1.1 host 10.10.2.50 eq FTP

?4 X K EY; 1
R(config)#access-list 110 permit IP any any
Configuring Extended [ACL]
[1] Create conditions
Lab_A(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23
Lab_A(config)#access-list 110 permit ip any any
[2]Assign ACL on interface  3 ] V#
Router(config)#int f0/0 <== 4 I' [?
Router(config-if)#ip access-group 110 in

-20-@@

2012 || 2008

C C N A



  

[3] Named access lists [ACL]

Configuring Named [ACL]

* To create named access list: [1] Create ACL
Lab_A(config)#ip access-list standard BlockSales
[2] Create conditions
Lab_A(config-std-nacl)#deny 172.16.40.0^0.0.0.255 F 6
Lab_A(config-std-nacl)#permit any
[3] Assign ACL to interface
Lab_A(config)#int e1
Lab_A(config-if)#ip access-group BlockSales out
Time-Based ACLs >B 'E : 3B + mT m
[1] create a period
Router(config)#time-range no-http I8 I' 9 ;F . J71 a X
Router(config-time-range)#periodic weekend 06:00 to 12:00 4 ; 1  > ; ( 1 8 Y
[2] attach the created period to ACL
Router(config)#ip access-list extended Time J71 a
Router(config-ext-nacl)#deny tcp any any eq www time-range no-http
[3] Assign ACL on interface
Router(config-ext-nacl)#interface f0/0
Router(config-if)#ip access-group Time in
Remarks
** Uses in Extended ACL
R(config)#access-list 110 remark Permit Bob from Sales Only To Finance ;F -J71 a
R(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255
R(config)#access-list 110 permit ip any any
** Uses in Named ACL
R(config)#ip access-list extended No_Telnet
R(config-ext-nacl)#remark Deny all of Sales from Telnetting to Marketing ;F
R(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.40.0 0.0.0.255 eq 23
Switch Port ACLs
[1] Create conditions
S1(config)#mac access-list extended My_MAC_List J71 a
S1(config-ext-macl)#deny any host 000d.29bd.4b85 aM
S1(config-ext-macl)#permit any any
[2] Assign ACL on port
S1(config-ext-macl)#int f0/6
S1(config-if)#mac access-group My_MAC_List in

R#show access-list
ip/ipx/apple %  I'  ACL 6
R#show access-list 110 110 aM%  J71 ACL 
R#show ip access-list
J71 IP I'  ACL 
R#show ip interface _ ACL #1 interface I' ;F 6
R#show running-config ;F 6 $
R#Show mac access-group MAC I'  ACL 

; ) 9 s% s. named Exten ;1

1-Standard to Extended
2-I [ T   > ; 3
deny tcp 10.10.1.0^0.0.0.255 host 10.10.2.2 eq ftp
permit ip any any
3- out to in

named ;1 J71 62)

; 1 a Weekend
www or 80 or HTTP
:Y
Saturdays
sundays

y3h
 )6> y3h 4
#' [ ACL]
Ext & named ;1 J71 G Remark 87

ACL
)4 ) 4 I'
subnet )4 ; 1 2' 8
host OR any J71
mac J ip 9% 8
X.8 6; 1 ACL &K ; q81 any N
range 9:) #8 _91 ) X

S1(config-ext-macl)#int range f0/6-10

-21-@@



  

2012 || 2008

C C N A

Chapter: 8
Managing Cisco IOS Software
This things we will learn it in this chapter : 7" Z 3B .#E 3 , pZ

1- Password Recovery
2- Back up IOS
3- Restore IOS
4- Upgrade IOS
5- Back up [ for config ]
6- Restore [ for config ]
7- CDP [ protocol ]
* Router Boot Sequence:
1- The router performs a POST.
2- The bootstrap looks for and loads the Cisco IOS software
3- The IOS software looks for a valid configuration file stored in NVRAM
4- If a startup-config file is in NVRAM, the router will load and run this file

Configuration register
* It is 16-bit software register thats written into NVRAM
* configuration setting on Cisco routers is 0X2102 This default
N% 16 = #'; 8 N% 4  #8 aM 6 )
 Hexadecimal % 
 
)% 0x 9% aM
* Notice that bit 6 can be used to ignore the NVRAM contents. If it is enabled.
Bit number
Binary
Config Register

15
0

14 13 12
0
2
0
2

11
0

10 9
0
0
1

8
1

7
0

6
0

5
0

4
0

3
0

2
0

1
1

Here are the main steps to password recovery: : 3 1> OS 2142

  9: 

0
0

Here the important thing for me the bit number 6 if was:

0
load
NVRAM content [start up config] 14 #$% 12
1
Ignore NVRAM content % 12 14 #$ 
To know the value of config Register , use this commend :
R#sh ver
[1]
R> 9 6DY; 1 X
 %  
: ; ) 6
 
 1 Ctrl+Pause/Break I' J2K F  ( 62F; .H[) 1;   ';  8 4 8 6D  6M

rommon 1 >
[2] Changing the Configuration Register to ignore NVRAM contents
rommon 1 > confreg 0x2142
[3] Reloading the Router and Entering Privileged Mode by this command
rommon 1 > reset
reset  62F; .H _ 2142 I' 6E9 r%
The router will reload and ask if you want to use setup mode answer NO.
R>en
[4] Copy startup-config to running-config in Privileged Mode by using this command
R#copy start run
config ' 6M Y X& K>>>>>>>>>>>>>>>>
[5] Change password by setting new password
Router#conf t
Router(config)#enable secret kkkk
[6] Change the value of configuration register to enable NVRAM contents
Router(config)#config-register 0x2102
privilege mode 3 ;1 config register  M 2 7H
[7] Save your work #E j"V
Router#copy run start
[8] Reload router to activate changing of configuration register
Router#reload

93 aM I 6 aM N ; 1 .(  M 2)

;1 4 aM 6 )6) % 7 _ ;

9 ; 1  
I2% 9

rommon 1 >
rom monitor I4

start

run
Old
new

rommon I' rest

privilege mode I' reload

-22-@@



  

2012 || 2008

C C N A

TFTP
v12 : Z
FTP
HTTP
HTTPs

UDP

WINDOWS /A +% 

.A E >5 .BE 5

TCP

WINDOWS /A #E

.A E  >.BE

Backing Up the Cisco IOS

hE  FTP 9  6 ;? E -1
a 
 a % / 1K a a
) 3
IIS=>internet info service

** To back up the Cisco IOS to a TFTP server, you use this command
R#copy flash FTP D I 9( ;  8
OR
R#copy flash TFTP X& K) E_; 1
94 945 u"' fH2' /%  Z E( B2)Q41. 94 9U "94 XL /A 3B  /A \ E
Inetpub f#4 f=+| : Z 1  D  3B .D 3B m# % 2' #E 1>  E  9U  g

* To know the name of the IOS image , use this command :

R#sh flash  9:)4  34 h. a; 8?
or
R#sh ver h.' h
  a3 ;?
or
R#dir flash:
----.bin 9)
 % image a

G 6> Y 9:)4 q9% ? 4 X

9M 9 ; 1

R#copy FTP flash G) restor 6 7H

Router#ping FTP_server
* IOS file system
Router#show file info flash:c1841.bin
Router#delete flash:c1841.bin
Router#pwd [' 62)F) ';  9  %

NVRAM 34  config 6 34 

J% G  9 -1
FTP 6  9 -2
----.bin

** To copy the routers configuration from a router to a FTP server

Router#copy run FTP
a#8% 1 9G _ #%) Y X
or
Router#copy start FTP
** Copying the Current Configuration to NVRAM
Router#copy run start
** If you did copy the routers configuration to a TFTP server as a second
backup, you can restore the configuration
Router#copy TFTP run
or ftp

 62)  y 9)

config 6 backup :4 
config 
1- start
2- run

config  G pH

-23-@@

2012 || 2008

C C N A



  

Cisco Discovery Protocol (CDP) [L2]

. #E "
 H
A1 fB 1( # 3'E >B 1(24 + 14 % /A , 11% 1 L3 Troubleshooting 3B +# V 3B 3"% fD / " E% Q 4 %  : f" q 6 8) 1 6
 [ 
 
   )G

CDP timer

(   7 ; ) ; ' #)8 8) 1 #

qX hE  9 9 97 qG  XE ;' '
NM}

CDP holdtime

how often CDP packets are transmitted to all

active interfaces.
the amount of time that the device will hold
packets received from neighbor devices.

Configuration
Router#sh cdp
** Use the global commands cdp holdtime and cdp timer to configure the CDP holdtime and timer on a router:
Router(config)#cdp timer 90
9 . NM  2)   60 6 r9) % 7 [ ; K)1_
Router(config)#cdp holdtime 240
9 . NM  2)   180 6 r9) % 7 [ ; K)1_
** Gathering Neighbor Information by using this command
Router#sh cdp nei detail
6D.) 
** Gathering Interface Traffic Information including the number of CDP packets sent and received and the
errors with CDP.
Router#sh cdp traffic
[)'7) N
% a ')[ N
% a
** Gathering Port and Interface Information including CDP status on router interfaces or switch ports.
Router#sh cdp interface
CDP62) ;' s1) _% TM %
** To turn off CDP on one interface on a router,
Router(config)#int s0
fE' % /A  Q( 4 p 
Router(config-if)#no cdp enable

-24-@@



  

2012 || 2008

C C N A

Chapter: 9
Switching Layer2
hexadecimal <== 48bits 
Mac address
* Three Switch Functions at Layer 2:
1. Address learning
MAC table 8% ' ;
2. Forward[if Destination known] /filter[if Destination unknown A]
source (9(  ) Y 9 & I' Broadcast 4
3. Loop avoidance (Broadcast storm)
( multi-link : I4 ) |8  >% ) % J% 
 J71 93 IP XE )4 * Spanning Tree Protocol (STP) : 1 W' 11%
layer2  > 7? ; 1 loop avoidance & ' '8   X  9T.
logical X single link J71 93 4 61 4 & G &8  X pH 1 multi-link G 
' ; -1
open path I closed path  4 6 I'  7 -2

* STP steps 6  :) _? E:

1- elect(:) )Root Bridge (switch) based on :
a) priority [less] (32,768 ;
 4 ; )1 ;K)1_ Y aM)
b) Bridge ID (BID) MAC address [less]aM 6M) E

 6M) E

:r3  DP ) E 
 Non-RB #) ); 4 ; 1 

a) priority
(32,768 ;
 4 ; )1 ;K)1_ Y aM; ) F 6M
b) BID (MAC( 7  8 H);F 6M

2- All ports on (Root Bridge) become [(designated port) [Forward Port]

% 1 I4 9% I' 6

3- Remaining Bridge[sw] become [Non-Root Bridge]

Non-Root Bridge I4 M ) 4 ; 1 

4-For each Non-Root Bridge only one Root Port

(
Y; 8 ) 9% & H% ; ); 
J71 93 % 9G Non-RB )4 ; 1

:; ) ) 
  E_ 7H
 8'  93 % ) E% STP 7 multi-link

|8  > 98 #

a) cost ; > ' 67)8 4 ; F 6M) E

Speed Cost
2
10G
4
G
19
F
100
E
)% MY qX % '
b) Port number ;F 6M) E
f0/0 or f0/2 or f0/3 )4 I'  
)aM '; 
5- For each segment only one Designated Port [Forward Port]
)4  % J% ;' | 8   8 segment % (7
4 RP _ DP s % 1 [' RP Eo) 4 ; 1 a DP [ 1 6D  a 
 RB ) '; 
4 ; 1
block ['

BPDU: Bridge Protocol Data UnitI4 )4  %  ); 

9

-25-@@



  

2012 || 2008

C C N A

[STP]Spanning-Tree Port States \ f#A

1- Blocking
2- Forwarding
Configuring Cisco Catalyst Switches
*** Setting the Passwords
Switch(config)#enable password todd
-----> non Encrypted
Switch(config)#enable secret todd
-----> Encrypted
*** Setting the Hostname
Switch(config)#host S2950
*** Port Security
Switch(config)#int f0/1
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security violation shutdown

MAC Address <== #

 I' ) )4  8 sticky J71 sticky '; ) 4.8% J3 
 8 -

MAC Address % a#)1 )4' 4 k#GY 9 #  .H)  [(  Y X X.8 ?)[ 3 ;'    2 9  % % #4  9%   I' Security 4 N2%

S(config)#int range f0/15

host [ ) ) 4

)4' IP  ?.
VLAN1 )E) 4 I' T

*** Setting IP Information

S2950#config t
S2950(config)#int vlan1 N%
S2950(config-if)#ip address 172.16.10.17 255.255.255.0
S2950(config-if)#no shut
S2950(config-if)#exit
S2950(config)#ip default-gateway 172.16.10.1

S#sh mac address-table

S#sh spanning-tree
RB Non-RB%
Sw(config)#spanning-tree vlan 1 priority 16384
OR
S1(config)#spanning-tree vlan 1 root primary

BPDU 67)4
#G: 
 DPDU 67)4
MAC ADD TABLE 8% ;1  #G: 
BPDU 67)4

2 ) I 1 )   67)8)

MAC Address Table 
)  
 I2%  6ML A Priority  2

Root Bridge 

F 3D #T?

: y) _ X I?: ' Fast 6G

Block (20 sec)
  50 ;K)1_
Listening (15 sec)
Learning (15 sec)
Forward

PortFast I' J71 6 BPDUFilter

S2950(config)#int range f0/3-4
S2950(config-if-range)#spanning-tree portfast
S2950(config-if-range)#spanning-tree bpduguard enable
S2950(config-if-range)#spanning-tree bpdufilter enable

BPDU 7)& 8

Spanning Tree UplinkFast

NonRoot I' J71 #7H
69% 98   
#' : k
E % k# 
' 
6( 
E % k# [ Y y)8  8#1   50 y)8 nonroot root  %
S2950(config)#spanning-tree uplinkfast
Spanning Tree BackboneFast
;.'E 4 XE
)4 6 I' nonroot root I' #7H
S2950(config)#spanning-tree backbonefast
Erasing the Switch Configuration
S2950#erase startup-config

BPDUGuard

87) qX

-26-@@



  

2012 || 2008

C C N A

Chapter:10
Virtual LANs [VLAN]
: VLAN 9T1
interface  6'M 9 I' subnet ; 

>  8 interface 6
subnet [ 
' N'3 -1
logical interface '% 4.2 I' )one physical interface;  1 sub interface X F0/1.1

 I' 8)E 4 X >  Y 1024  >  9M  (a# [?% E ) ;1 a47 s.8 &% :F |F 9M1 ) '4 ;   8 ) physical limitation '
 63 -2
r9 % |'#)4 [ Y broadcast '
 63 -3
( subnet  > ) Y ' -4
a#8% J%) ' 3 VLAN  > N'
.'): ; )1    9% a#8% 6; )?& 8 x1 subnet  I 93 VLAN N4M

.'): )I' ( 1/N) .'): ; 1    I)3 q93 VLAN ;1 % & 4MY& G 9M
) 'VLAN1  VLAN2  9 8 x1 VLAN   q8 VLAN1 ;1 G ( 
Ports ) )4 ) 1
Administrator

collision domain fUV 7*

Hub # ; 1 -1
( &' N % ) 6
 # ) 4 I' 6( )(
Switch )4 ; 1 -2
( 9( 9  &' N % ) J71 ) 4 I' 9 )(
; 1 -3
[each Router Interface Represents Broadcast domain] 93 subnet )4 I' 9 )(
VLAN Types
Static VLANs
Dynamic VLANs
f2" 1 /A 1( +'
f2" . /A 1( +'
- By admin 6 % 7 N
- By admin 6 % 7 %
NG k#GY A '1 s.8 assign 6 8 N'7  A '1 k#GY) 4 I' 
r9)  8
(VLAN s. ;1 # ) 4 1) #
([4. I' 9] Y . ) 99G k#G
dynamic static 62F& .8  f0/1
VLAN2[sales] , f0/2
VLAN3[IT] , f0/3
VLAN4[marketing] , f0/4
VLAN5[accounting] *There are two different types of links in a switched environment:
8' 
1
Access links
N# ) 4  %
access port > ;  
Y) 4 ; 1 
[ Config q8 X  s J71 )4 I'

2
Trunk links
) ) %
 ) %
J71 )4 I' Trunk port > ;  
Y) 4 ; 1 
[ Config q8 X  s

Fast Ethernet _ 
 
: ;o 6
VLAN-ID -1
)4 I' VLAN  > 98 VLAN-ID )3

Encapsulation '2 -2
:9:)4 % 99)% M  K) 3 5 aM #G 1 aM #G % 67  
Frame tagging [Encapsulation]
Inter-Switch Link (ISL)
IEEE 802.1Q [dot1Q]
- Cisco
- Open standard

-27-@@



  

2012 || 2008

C C N A

VLAN Trunking Protocol [VTP]:

VLANs ' 6#4
)4  7% VTP 9:)% 9% config J71 93) 4

: VTP k  9.)* '

(2D     43 ) 93 a 
 [ 93 Domain 6E) 4 & G 6E -1
client 62)  7 server1 62) 93 _ ) -2

Server
: 3%z >WL2% & f' "=
#2% A BT ZV +
VLAN 

VTP Modes of Operation

Client
Q' ( B2  14
  14
>2 

Transparent
local 3% 1(% # t$  #V Q 1 +A fH4
.>2 3 1E# (
fD / +' 1> 
.4
(#

server mode <== By defaults K)1 XE Cisco 

4  ) *
router on a stick I4 ; 1 93 * 
Configuring VLANs
Create VLAN ( by global config ) Z #A  5 3B
Switch(config)#vlan 2
Switch(config-vlan)#vlan 3
Switch(config-vlan)#vlan 4
Switch(config-vlan)#vlan 5

You cant change, delete, or rename VLAN 1, because

its the default VLAN.

[1]Create VLAN ( by Database Mode ) Z #A #E# 3B

+#2  3B

S1#vlan database
S1(vlan)#vlan 2 name sales
S1(vlan)#vlan 3 name IT
[2]Assigning Switch Ports to VLANs
>>>>>>>>>>>>
Switch(config-if)#int f0/2
Switch(config-if)#switch port access vlan 2
q2% '; VLAN aM
SW1(config-if)#switch mode access N# ) 4  % 6
 99
If you want to verify your configuration, use this:
Switch#sh vlan
_ vlan N7H 6) 4 ' 
* [3]Configuring Trunk Ports [Assigning Switch Ports to be trunk]
Sw(config)#int f0/12 trunk62) ;'  aM 8& $
Sw(config-if)#switch port mode trunk
Sw(config-if)#switchport encapsulation dot1q
>>>>>>>>>>>>>>>
Defining the Allowed VLANs on a Trunk *****
Sw(config-if)#switchport trunk allowed vlan 1-10 *****
Sw(config-if)#no switchport trunk allowed vlan *****
[4]Configuring Inter-VLAN Routing
Router#config t
Router(config)#int f0/0
Router(config-if)#no ip address
[2' IP [1  
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
sub-interface I' E9  8
Router(config-subif)#encaps dot1q 1 -----> VLAN 1
Router(config-subif)#ip address 192.168.10.100 255.255.255.0
Router(config-subif)#int f0/0.2
Router(config-subif)#encaps dot1q 2 -----> VLAN 2
Router(config-subif)#ip address 192.168.20.100 255.255.255.0
* Config VTP
Switch(config)#vtp mode server ------> default 
4 ; )1
Switch(config)#vtp domain orbits    >
Sw(config)#vtp password kkkk

2% '; VLAN I  98 I2%

|??| : 43 I'  8 _ N'E k#GY F ' sh VLAN  8] 9%

8% '): ; )1 N   #$% 93 VLAN ;1 k#GY : 3 ?E 9%

93; ) 1  #$%  .'): VLAN ;1 k#GY
& _G ) 4  3 ;1 2%)   '; E 8
;F ) ) 1 2950 aM) 4 6> 93 % _
    
?   7 J% ? 7 [ a
% N% Y c4 % | ; )K)1_% ***
#' )% [ 4 VLAN 93 8
 1 62 '[

6 )4  % Y encapsulation '2) 9T1

dot1Q I' #$% isl I'
}4 ; 1 74 | N 4  93

-28-@@



  

2012 || 2008

C C N A

Data

Packet
Voice

Video

Real time

Real time

9:)  '[ priority #?1 delay y) 6)  8

QoS[Qulity of service]
qA  > 9E G ( )

intelligent ;)
F q81 1 ;'    ; N8*

Configuring Voice VLANs

Switch(config)#mls qos
Switch(config)#interface f0/1
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan dot1p
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#switchport voice vlan 10

-29-@@



  

2012 || 2008

C C N A

Chapter: 11
Network Address Translation
[NAT]
IP
Virtual [private]
10.0.0.1
: 10.255.255.254
172.16.0.1 : 172.31.255.254
192.168.0.1 : 192.168.255.254

Real [public]

Real IP 1.B  Z 3B 1D1 _ IP

9.'  1$ 1> t$ real IP virtual IP

 :A 3 NAT
(D m( .D ( real IP /A 17$ tV) Q' /A 1 " H# .D > : f%=B
PAT
Port Address Translation
NAT
Static

Dynamic

One virtual IP => one real IP

Many virtual IP => Many real IP

:F

Overloading == [PAT]
Static
Dynamic

Number of real IP=number of virtual IP

Many real IP CALLD pool of real IP

With Overloading

With Overloading

Many virtual IP => One real IP

Many virtual IP => Many real IP

(( ;4 9:) 
 h> )) '93  NAT

Inside local
Name of inside source address
before translation
Virtual IP [1 (7

NAT Names
Inside global
Name of inside host after
translation
Real IP [1 (7

Outside global
Name of outside destination host
after translation
;)
F E # 6D I2% ? ';

Static NAT
[1]Creates a static NAT translation between 192.168.10.1 and 192.1.2.109

real&virtual
 :E

Router(config)#ip nat inside source static 192.168.10.1 192.1.2.109

[2]Configures NAT inside interface insidem E%
Router(config)# interface f0/0
Router(config-if)# ip address 192.168.10.1 255.255.255.0
Router(config-if)# ip nat inside 'E9 
I' ' )X
[3] Configures NAT outside interface
outsidem E%
Router(config)# interface Serial0/0
Router(config-if)# ip address 192.1.2.109 255.255.255.240
Router(config-if)# ip nat outside G: 
I' ' )X

NAT Table; 

N ) ] [ 4  # X
192.168.10.1 Virtual IP X
192.1.2.109 Real IP X

Dynamic NAT
[1]Defines a NAT pool (outside addresses) named MyPool with a range of addresses
60.1.1.2 60.1.1.6

Router(config)#ip nat pool MyPool 60.1.1.1 60.1.1.6 netmask 255.255.255.248

[2]Determine inside addresses that will use NAT, that addresses are defined in ACL

Router(config)#ip nat inside source list 10 pool MyPool

Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255
[3] Configures NAT inside interface
>>>>>>>>>>>>>>
[4] Configures NAT outside interface
>>>>>>>>>>>>>>

Pool=> many Real address  

ISP  IP )
ISP  q( )IPs)k#G 6 ;8 8
ACL aM 8 10 9 ; 8 8
J71 k#G 6 93 NM ; 1 
#G 254 6E9 97

Static NAT ;1 Y s.

-30-@@

2012 || 2008

C C N A



  

('[ M  Y 1024  I' aM 9:) ) k#GY  9 > E 9M ' Port 9:)[ 9:)'

Overload NAT (PAT)

[1] Defines a NAT pool (outside addresses) named MyPool with a range of
Single address 60.1.1.1
Router(config)#ip nat pool MyPool 60.1.1.1 60.1.1.1 netmask 255.255.255.248

J71 93 #G

[2]Determine inside addresses that will use NAT, that addresses are defined in ACL

Router(config)#ip nat inside source list 10 pool MyPool overload =========

Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255
[3] Configures NAT inside interface
[4] Configures NAT outside interface

8 9:)4 NAT 

Static PAT or Static overload = 
% 8

Simple Verification of NAT

* To see basic IP address translation information, use the following command:
Router#show ip nat translation

table 

This output will show the sending address, the translation, and the destination address on each debug line:

Router#debug ip nat
* To cancel the debug 3  H4
R#undebug all
Or
R#un all

#  #'7)4 #' ;) ; ' 8

)1 #'21resource |'#)4 debug '
#7'A a 8

-31-@@



  

2012 || 2008

C C N A

Chapter: 12
Wireless LAN
[WLAN]

: V 3(4 5 7% /*

( .\E W .D W# 3'E (2( + 3B  12 ) ] Access Point Q' 1 u2 -1
( (2( + 3B (+ ) ]  3(4 5 (, -2
Electromagnetic 2K'.( D1# A 9 1

2.4 GHZ
5 GHZ

Wireless
Waves

Agency

'h '
 9 )_ 6  j4
Institute of Electrical and Electronics Engineers (IEEE)

; 1 G j# qX ) G' c  ? (j4

Federal Communications Commission (FCC)

%; 1 G j# qX ) G' c  ? (j4

European Telecommunications Standards Institute (ETSI)

Wi-Fi Alliance
WLAN Association (WLAN)

802.11 b and 802.11g

802.11 a

Unlicense @ 7% . $ 

Unlicense @ 7% . $ 

Purpose
Creates and maintains operational standards
Regulates the use of wireless devices in the U.S.
Chartered to produce common standards in Europe
Promotes and tests for WLAN interoperability
Educates and raises consumer awareness regarding WLANs

.& 3B H . 
M % $ 3: 900MHz / 2.4GHz / 5 GHz : ] M % / $% 5 % D1 f|B 9E

802.11g
Up to 54 Mbps
DSSS & OFDM
2.4GHz
14

802.11a
Up to 54 Mbps
OFDM
5 GHz

channels numbers 87 9

802.11b
Up to 11 Mbps
DSSS
2.4GHz
14

)E 87  %  % )s.  

Non-overlapping channels

3non
1-6-11

3non
1-6-11

12

Data rate
Modulation method
Frequency band

23= ;
Y y8 ; 1 87 9
19 = ;%Y y8 ; 1 87 9

: 1K
cover area N'M ' data rate ' -1
data rate cover area N'M ' Frequency'
(9  CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) or RTS/CTS (Request To Send, Clear To Send)  4% -2
)s. a# Y % & )'97 b and g 8 -3

DSSS
Direct Sequence Spread Spectrum ||| OFDM
Orthogonal Frequency Division Multiplexing

-32-@@

2012 || 2008

C C N A



  

N8% s4 9% #G % J% 7H ; AD-HOK

Ciscos Unified Wireless Solution3(4 1(24 , 1V

MESH :
- Root Access Points (RAPs) 
'4 
I' 6D: q8
- Mesh Access Points (MAPs) pH  
'4 
I' 6D : q8

AWPP:

Root I MESH   D' 4 6$1 9 %

- Adapter wireless path protocol

-This protocol allows RAPs to communicate with each other to determine the best path back to the wired network via the RAP.

Wireless Security :
1. Open Access
2. SSIDs, WEP, and MAC Address Authentication
SSID
Service Set Identifiers '() '
 h    ; 
 98
 a
WEP
Wired Equivalency Protocol . A #' 
; c.  
   4
MAC addresses
6E9 ;) ; J71 '4 k#GY r%
3. WPA or WPA 2 [Pre-Shared Key (PSK)]

"+ 14 4 -]" +% 3LE

- WPA
Wi-Fi Protected Access and WPA2( ) ?Pre-Shared Key (PSK) is a better form of wireless security than
any other basic wireless security methods mentioned so far.
& K; 1 8
   : > ; ) ?(   Y % .
4.

Cisco Unified Wireless Network SecurityfD # /A (45 (, X 1V

- Secure Connectivity for WLANs 9 pH 
- Trust and Identity for WLANs k) _8_ pH 
- Threat Defense for WLANs 99#) 1 pH 
ISR integrated service router <== u 1 9A% 3 % 94 (# H %

-33-@@



  

2012 || 2008

C C N A

Chapter: 13
Internet Protocol Version 6
(IPv6)
IPv6
128 bits
W E%
Hexadecimal

IPv4
32 bits

16 bit 16 bit 16 bit 16 bit 16 bit 16 bit

00AB Cf00 2434 1270 3210 4210
--:--:--:--:--:--: (
1
)L>' 9.' 7B

16 bit
5611

16 bit
877

16 bit
991A

- [ IP v.4 ] number of add = 232

- [ IP v.6 ] number of add = 2128
- No size for header
** The Benefits and Uses of IP v.6 :
1. IPv6 is 128 bits which gives (3.4 x 10^38) of addresses.
2. The header in an IPv6 packet have half the fieldsr9  9:) 6'7.
3. There is no broadcast in IPv6 because it uses multicast traffic instead.
;'DY 6

J4
#$% 9% ;'  .DY r% > J4
X 9:) _ 
 :: J3)( E
J71 93)( _  E_

x:x:x:x:x:x:x:x
1080:0000:0000:0000:0008:0800:200C:417A
1080:0:0:0:8:800:200C:417A
1080::8:800:200C:417A
0:0:0:0:0:0:0:1
::1
loop back I4
local host I4  v4 ;1 127.0.0.1 [
IPv6
prefix-address

prefix-length
| N  6>

F0/1=> 12:34:56:7::1/64

I Y aMY& %Y | N  6> ; prefix length 8 64 .'): N  ;1 % q81 2  93 N 4 6E 9% 2) 

F0/1=> 12:34:56:8::1/64

.'): N  ;8? r% FFFF I 1  

1  EY 9 | N   q81 H

12:34:56:7:: net add 6> ) X

Router interface  + Z
.Q41. W% MAC address b K
A Q 128 / #(% t$ 3: generate #A 3 EUI
Q 64
A >  f X Prefix length f tV
MAC : 48 bits
U

: ] QU 1 FFFF 1 9: Z > K

A BT > K
0000.abcd.0001
FFFF
0000.abff.ffcd.0001

-34-@@



  

2012 || 2008

C C N A

Host Config
Manual

Automatic
stateless
No DHCP
Found in the network

statefull
DHCP
Found in the network
DHCP pH  6 8-

98XP XE Automatic

broadcastD1 5> B multicast H2 f IPv4 /A IPv6 

** Address Types: 1. Unicast address
single IPv46>  8 
2. Multicast address
class D in IPv46> -#' 8' 6D
3. Anycast address
J71 s1 ) h N% 6 ; 2  4 43 43 I'   6D
4. Global unicast addresses Public IP v.46>
5. Link-local addresses
Privet IP v.46>
.... /#2 virtual (
IPv4 ] virtual and real IPv6   D1 \
0:0:0:0:0:0:192.168.100.1
This is how an IPv4 address would be written in a mixed
IPv6/IPv4 network environment.
2000::/3 The global unicast address range
FC00::/7 The unique local unicast range
z H2 _
FE80::/10 The link-local unicast range f Z
FF00::/8 The multicast range

real IP ]#
0010.0000.0000.0000
private IP ]#
1111.1110.1000.0000
multi-cast 3 ]#

Configuring Cisco Routers with IPv6

* Enable IPv6 ,  3TB5 f IPv6  , +A
Router(config)#ipv6 unicast-routing
Configure IPv6 on the interface
Router(config)#int f0/0
Router(config-if)#ipv6 address 2001:db8:3c4d:1:0260.d6FF.FE73.1987/64
OR

You can allow the device to use its MAC address and pad it to make the interface ID.

Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64

single IP / dse 9

Prefix length
X  pH    
4
98  [ 
1  
r% #K

Extended user interfaceX

M N% 64 6  4 r%

Dynamic Host Configuration Protocol (DHCPv6)

IP v6  Al , pZ V

DHCPv6 Client A node that initiates requests on a link to obtain configuration parameters.
DHCPv6 Server
DHCPv6 Relay
9 ; 6>
DHCPv6 Agent

A node that responds to requests from clients to provide addresses, prefix lengths, or other configuration parameters.

A node that acts as an intermediary to deliver DHCPv6 messages between clients and servers.
DHCP 6 #  & ?' a) J ) #1 DHCP I' J2K  
r% 9:)4
either a server or a relay. [?3


-35-@@

2012 || 2008

C C N A



  

Configuring Cisco Routers with IPv6

Dynamic Host Configuration Protocol (DHCPv6)

Router(config)#ipv6 dhcp pool test a

Router(config-dhcp)#prefix-delegation pool test lifetime 3600 3600 ;  >% X MY
Router(config)#int f 0/0
Router(config-if)#ipv6 dhcp server test

IPv6 Routing Protocols

RIPng [next generation 3]]

RS = Y aM
RA = ; > aM
generation ; 1 [%)  'X
62) #%)  r% two switchs %
state less

Router(config)#int f 0/0
J71 interface ) 4 I' ['2F
Router(config-if)#IPV6 rip 1 enable
process ID q8 8 1 aM

EIGRPv6

Router(config)#ipv6 router eigrp 10

Autonisim systemq8 8 10 aM
Router(config-rtr)#no shutdown
Router(config)#int f 0/0
Router(config-if)#ipv6 eigrp 10
OSPFv3
Router (config)#ipv6 router osfp 10
process ID q8 8 1 aM
Router (config-rtr)#router-id 1.1.1.1
F 8 q931 DR :) ; 1 id I' XE ;' 
Router(config)#int f 0/0
J71interface ) 4 I' ['2F
Router(config-if)#ipv6 ospf 10 area 0
Migrating to IPv6
IPv6 / IPv4
 bB1 upgrade 14 m

1-

Dual Stacking

It allows our devices to communicate using either IPv4 or IPv6.

Router(config)#ipv6 unicast-routing
Router(config)#interface fastethernet 0/0
Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
Router(config-if)#ip address 192.168.255.1 255.255.255.0
2-

6to4 Tunneling

Router1(config)#int tunnel 0
Router1(config-if)#ipv6 address 2001:db8:1:1::1/64
Router1(config-if)#tunnel source 192.168.30.1
Router1(config-if)#tunnel destination 192.168.40.1
Router1(config-if)#tunnel mode ipv6ip
Router2(config)#int tunnel 0
Router2(config-if)#ipv6 address 2001:db8:2:2::1/64
Router2(config-if)#tunnel source 192.168.40.1
Router2(config-if)#tunnel destination 192.168.30.1
Router2(config-if)#tunnel mode ipv6ip

IPv6 IPv4  93 XE s1) _

# )  7? 93) E 9:)
6) 97 (N# -)4 -) 
)7? %

v4 ;  F I v6 ;  F 6E
IPv6 
_ %  [ 9:)

Configuring IPv6 on Our Internetwork

Corp#config t
Corp(config)#ipv6 unicast-routing
Corp(config)#int f0/1
Corp(config-if)#ipv6 address 2001:db8:3c4d:11::/64 eui-64
Corp(config-if)#int s0/0/0
Corp(config-if)#ipv6 address 2001:db8:3c4d:12::/64 eui-64
Corp(config-if)#int s0/0/1
Corp(config-if)#ipv6 address 2001:db8:3c4d:13::/64 eui-64
Corp(config-if)#int s0/1/0
Corp(config-if)#ipv6 address 2001:db8:3c4d:14::/64 eui-64
Corp(config-if)#int s0/2/0
Corp(config-if)#ipv6 address 2001:db8:3c4d:15::/64 eui-64
Corp(config-if)#^Z
Corp#copy run start
R1#config t
R1(config)#ipv6 unicast-routing
R1(config)#int s0/0/0
R1(config-if)#ipv6 address 2001:db8:3c4d:12::/64 eui-64
R1(config-if)#int s0/0/1
R1(config-if)#ipv6 address 2001:db8:3c4d:13::/64 eui-64
R2#config t
R2(config)#ipv6 unicast-routing
R2(config)#int s0/2/0
R2(config-if)#ipv6 address 2001:db8:3c4d:14::/64 eui-64
R3#config t
R3(config)#ipv6 unicast-routing
R3(config)#int s0/0/1

 I' 9]  two ways q2%

93  I' 9]  one way q2%

-36-@@

C C N A

2012 || 2008



  

R3(config-if)#ipv6 address 2001:db8:3c4d:15::/64 eui-64

1- Configuring RIPng
Corp#config t
Corp(config)#int f0/1
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/0/0
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/0/1
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/1/0
Corp(config-if)#ipv6 rip 1 enable
Corp(config-if)#int s0/2/0
Corp(config-if)#ipv6 rip 1 enable
Configuring RIPng
R1#config t
R1(config)#int s0/0/0
R1(config-if)#ipv6 rip 1 enable
R1(config-if)#int s0/0/1
R1(config-if)#ipv6 rip 1 enable
R2#config t
R2(config)#int s0/2/0
R2(config-if)#ipv6 rip 1 enable
R3#config t
R3(config)#int s0/0/1
R3(config-if)#ipv6 rip 1 enable
Verifying RIPng
R3#sh ipv6 route
R3#sh ipv6 protocols
R3#sh ipv6 rip
R3#sh ipv6 interface serial 0/0/1
R3#debug ipv6 rip
2- Configuring OSPFv3
Corp#config t
Corp(config)#int f0/1
Corp(config-if)#ipv6 ospf 1 area 0
Corp(config-if)#int s0/0/1
Corp(config-if)#ipv6 ospf 1 area 0
Corp(config-if)#int s0/1/0
Corp(config-if)#ipv6 ospf 1 area 0
Corp(config-if)#int s0/2/0
Corp(config-if)#ipv6 ospf 1 area 0
Configuring OSPFv3
R1#config t
R1(config)#int s0/0/1
R1(config-if)#ipv6 ospf 1 area 0
R2#config t
R2(config)#int s0/2/0
R2(config-if)#ipv6 ospf 1 area 0
R3#config t
R3(config)#int s0/0/1
R3(config-if)#ipv6 ospf 1 area 0
Verifying OSPFv3
R3#sh ipv6 route
R3#sh ipv6 protocols
R3#sh ipv6 protocols
R3#sh ipv6 protocols
Corp#debug ipv6 ospf packet
Corp#un all

No shut _

k#GY  
; ) X  93) 3
  #$%

-37-@@



  

2012 || 2008

C C N A

Chapter: 14
Wide Area Networking
[WAN]
 3B 57%5 , /A #=: : ( ) uB4
Defining WAN Terms:
Customer premises equipment (CPE)
Demarcation point
Local loop
Central office (CO)
Service
Demarcation point
6 k#G _(_ F k#G % 6(. ;) ? 78 ;

LAN2

LAN1

R
O

;4T k 

Central
Office

k#G[ 1 X k
CPEI4 6

Local loop
I4 .

** WAN Connection Types

WAN 6E #9:)  '; 
 Y
1- Dedicated
for example: lease line (: JE
2- Circuit switched
for example : ISDN or dial up
128K or 1.5Mbps  ISDN 56K dail up 1 4 a#8% . )[ 9:)  I) [' &1 JE
3- Packet switch
for example : Frame relay 6  >
 '[ 93 JE
... DCE u DTE +%  % W#D service uB4 fB 1
CSU/DSU [ Circuit Service Unit / Data Service Unit] H2 B  2 K1 Q
DSL

Based band
WI-MAX
Broad band
:f 11% m% uB4 ( Encaps m% '1( X service 
 Q  #

HDLC
High-Level Data-Link Control

protocol
PPP

Frame Relay

Point-to-Point Protocol

: 3B >B H2
: 3B >B H2
: 3B >B H2
1-lease line
1-lease line
1-Frame Relay
2-ISDN
3-Dial up

 ] f D1
* You cant use HDLC or PPP with Frame Relay.
 1( X fH4 1-11%
LCP (Link Control Protocol)

With Frame Relay there are two encapsulation types:
;1 6 D ? I    D  9)
+ u"

% 2-Layer2
1- Cisco
2- IETF
NCP (Network Control Protocol )

L3 &    _6) 97
3- Authentication protocol

(Internet Engineering Task

Force)

-38-@@

C C N A



  

2012 || 2008

* PPP has many advantage:

1- multi-link
Back up3B 3"
(#
2- Callback  _(
3- Authentication p7)
a- CHAP (Challenge Hand Authentication Protocol)
[Encrypted) .
b- PAP (Password Authentication Protocol)
[Clear Text] cK
4- Compression J2$
5- Route packet for different routed packet
Configuring PPP on Cisco Routers
Turn on PPP on connected interface
PPP m%
Router(config)#int s0
Router(config-if)#encapsulation ppp
Configuring PPP Authentication b>$%
Router(config)#hostname RouterA a
RouterA(config)#username RouterB password cisco
RouterA(config)#int s0
RouterA(config-if)#ppp authentication chap pap
Router(config)#hostname RouterB a
RouterB(config)#username RouterA password cisco
RouterB(config)#int s0
RouterB(config-if)#ppp authentication chap pap

Base config:
IP [? interface 62F -1
OSFP RIP  93 -2
: ;1 9:)4 PPP
1- Lease line
2- Dial up
3- ISDN

  6
% 
s.  > ; % Y 9:)4 a;
s. Y% ; > 9:)4 a;

Frame Relay
(( ; 2 Lease line 9:)4  9% )) 93 >  I' r9  a47
Frame Relay 1 m  g 11% H2 '.B TCP/IP 11% 9."  Frame Relay 
* Frame Relay has become one of the most popular WAN services deployed.
* Frame Relay is a packet-switched technology
* Frame Relay, by default, is classified as a non-broadcast multi-access (NBMA)

* Frame Relay PVCs are:

 E + 12
A mH 1 PVC [Permanent Virtual Circuit] /#2% % FR switch
 &'

1- devices using (DLCI) Data Link Connection Identifiers N  'aM?;
Local Management Interface (LMI) /#2% Signal (, )D Up 24H 1( PVC 3  +A
is a signaling standard used between your router and the first Frame Relay switch its connected to.
ISP 9: k  LMI 9 ;'

** There are three different types of LMI message formats:

1- Cisco (default)
2- ANSI (open standard)
3- Q.933A. (open standard)
Frame Relay Implementation
RouterA(config)#int s0/0
RouterA(config-if)#no shut
RouterA(config-if)#encapsulation frame-relay IETF
RouterA(config-if)#ip address 172.16.20.1 255.255.255.0
RouterA(config-if)#frame-relay lmi-type ansi h> )  : 

RouterA(config-if)#frame-relay interface-dlci 101

IETF frame relay ' 2

-39-@@

C C N A

show frame lmi

9:)4 LMI  

show frame pvc

show interface
show frame map

2012 || 2008

Give you the LMI traffic statistics exchanged between the local router and the Frame Relay switch.

* list all configured PVCs and DLCI numbers.

* It provides the status of each PVC connection and traffic statistics.
* Check for LMI traffic.
* Displays line, protocol, DLCI, and LMI information.
Displays the Network layertoDLCI mappings.

Virtual Private Networks (VPN)

** There are three different categories of VPNs:
1- Remote access VPNs
2- Remote users VPN
3- Site-to-site VPNs

** Tunneling protocols
"+% #A 1 f' "=logical 1( tunnel  EK
1- Point-to-Point Tunneling Protocol (PPTP) (open standard)
2- Layer 2 Tunneling Protocol (L2TP) ; > 
X( open standard)
3- Generic Routing Encapsulation (GRE) 
4 I' J71

** Security Protocols (IPSec)

jF 9:)4 L2TP % 9:)4
1- Authentication Header (AH)
2- Encapsulating Security Payload (ESP)

IPsec
encrypted
IP
Clear