Professional Documents
Culture Documents
Ccna PDF
Ccna PDF
CCNA
Cisco Certified Network Associate
2012
ﻣﺬﻛﺮة
4 : رﻗﻢ
اﻟـﻤــﺪرب
.
إﻋـ ـ ــﺪاد
@ @
ALFAHAID@GMAIL.COM
:: %!"# "$
%&'( ::
-2-@@ C C N A 2012 || 2008
: ,#@$> 0%
,,7 37' -! BC DE#F G H I J K
5 =
L6@7 &M "
(T7 ) " *?%& NM +2' ( 0'O
' I -
PQ' I -5 0R6 />8 6<,
@ALFahaid
https://twitter.com/AlFahaid
a
-3-@@ C C N A 2012 || 2008
The Contents
Ch2/3: IP Subnetting 7
Chapter: 1
Introduction To Network
What’s Network ?
ا
Network is a group of computers connected with others to share data.
رآ ا
ت#$% & '() ا
ا
Types of Network: أ اع ا
ت
1. (LAN) Local Area Network أآ) أوا : WAN وLAN % ق.
ا
1ا2
ا34
ا-1
2. (WAN) Wide Area Network leas line/frame relay/ATM :6> .. ا
ت678
9:
وه; اService ال-2
3. (MAN) Metropolitan Area network (( د4
; ا1 7? A ))و89 ;?2
4. (SAN) Storage Area network ( LAN 6E دا9G)ات14'
DE
F
: 9%
;1 LAN )
F % 6D ا
)ا7H
5. (VPN)Virtual Private Network Security > أآ# & أI'A أDial up -2 VPN -1
6. Intranets and Extranets. واL
J% رواI' J2K أLAN #M1 GرE N ) اExtranets' وE داN ) ه ا8Intranets
VPN ام9:)%
)اقE_ ا
ت اI' ^1 ;
Tunnel [;ء اF م9:)4 راحN ) ]; ا1
1-TCP/IP 2-IPX/SPX 3-Apple Talk : [)'>[ وأ7? ذج م وOSI-RM ال -
TCP= Transmission Control Protocol [Reliable method] UDP= User Datagram Protocol [Unreliable method] -
.J71 #8 6.Y ا7?
وا#8 I'Y ا7?
ا_(ل & اDE [
7H 6آ -
ي _زمk' اa'
) ; >
; وا% a'
) 93 وا6> ) ل7)_?ات ا
); ف
; ' ا]رل وا:
وا9ا7
ا
وآل ه ا -
. ( ة93 2
ك8
ن ه
[Start->run->\\ ز#
اa ]اOR [Start->run->\\IP address] Eoز ا#'
واY اpH لE9
ا -
Protocol )ج3 ا
أ6E)ج أ'[ دا3;ء اF 6آ -
.500M [)14 Repeater 6ن آY (4Reapater) I
)ج إ3 اq8( و2.5K) هRepeater ز#
14 I(Mأ -
rو9 % 1 يX
اmac table دG ه وHub Switch ةk -
( CAM= Content address memory ) MAC table = CAM table = Bridging table : ا
;ءs. -
.ةk#GY ا% 6D)
; ا1 s
ا
ت و6D ;1 م9:)4 ا
او -
100 Base T
BW rو9
ا Baseband;Kأر 14
ا
#4
و
Broadbandء$.
ا
# Ethernet Cabling :
1- Straight-through cable .'):
ة اk#GL
م9:)4و
2- Crossover cable #%)
ة اk#GL
م9:)4و
3- Rolled cable (Router=>Host) ()ب%_ )د
)ب أوN#
& اJ71
'اوConfig 6
م9:)4و
ة9M
Host & Router #%) ةk#Gأ
Switch & Hub #%) ةk#Gأ
.6
اa% Mh [
s
( console port ) [ اX.8 9G [ x1 a''
و-
-7-@@ C C N A 2012 || 2008
Chapter: 2/3
IP Subnetting
* What Is a Subnet?
A subnet is a physical segment of a network that is separated from the rest of the network by a router or routers.
p8) I4 93ء ا
اk
ن اx1 اءkG أI
ا
إa47 a) 98 )(رE% ;ه
ا1>ا
IP ;1 9:)4
ا
---------------------------------1---------------------------------
ةk#GYد ا9
ر.DYا
ا-1 n = number of host bits
( 8
ة اk#GYد ا9 ) أي or 28 27 26 25 24 23 22 21 20
256 128 64 32 16 8 4 2 1
SM | N 4
ا-2 = number of zero bits
)رE_; ا1 [)اآ
SM 3B دة1D1#د ا"ر اA 3'E
---------------------------------2---------------------------------
( .
د ا
ت )ا9
6) [) ا8ه
ات93& ا
ا
:'H [ إذا9:)ر ا9Mأ Number of Subnets = 2y )راتE_; ا1 ; ?
Subnet Mask
SM ال-1 (default)
['M يX
ن وا7
ا اXم ه9:)ا
د ا
ت9 -2 Y = new SM (ات93د ا
ا9) - old SM (ات93د ا
ا9) }ال4
; ا1 )' |? * _زم
new SM = Y + old SM
---------------------------------3---------------------------------
'H [ إذا9:)ر ا9Mأ ن7
ا اXم ه9:)_درس ا% صE ;ءF أي 255.255.255.142
&% ا
اXE ; ا_درس1 ;8
1-IP valid or not Block size (BS) = 256 – [255 و0 A | N ;1 دG د9 ]أي 192.7.8.70
2- valid rang آIP.address ;1 octet aMة و2D BS M N
آ: 6#4)'
)راتE_; ا1 ; ?
BS M I' [4M; ا_درس وأ1 octet M XEأ
3-network address وورك ادرسN8
د
; ا9 وه ا
'; راحc(
د ا9
اXE ه9% وBS M ;1 [%K أ8
ا Address
4-broadcast point-to-point #= دا/30 ن7
ا اXم ه9:)ا
Summarization
Larger Network address – smaller Network address = ……
IP > أآ#1
وF ; ? : >ل
172.16.1.0/24 - 172.16.2.0/24 - 172.16.3.0/24
ا2(
ح اHأ
172.16.3.0
172.16.1.0 28 27 26 25 24 23 22 21 20
----------------- 256 128 64 32 16 8 4 2 1
0 0 2 0
1bit+8bit=9bits
sm=24-9=15 : ;
)
آ99
| اN 4
وراح
ن ا
. &7 ز أ#
ا اXد
; ه9 NET ID | والN 4
ل اhE Net ID وHost ID ال99
*
'):
وN 6; آ1 | N 4
[ ا%) *
أن
.( ولY اoctet لhE H ) سh[ أي آ8 &'H وأIP درسY; ا1 R أ97
| اN 4
* إذا ? ; ا
-9-@@ C C N A 2012 || 2008
Chapter: 4
Cisco Router
Router
External component Internal component
Interface 1- mother board
2- Rom – Ram
LAN WAN Config port 3- Flash memory
E F G 10G -serial -console 4- NVRAM
10 100 1000 10000
(lease line/frame relay) - auxiliy 5-Non Volition RAM
- ISDN(BRI/PRI) 6- CPU
-ATM(ATM) 7-power supply
Subnet subnet LAN LAN
WAN WAN
Router
Interface Routing table
LAN WAN Config port Static Dynamic
Routing Protocol
Interior Exterior
Distance Link Hybrid
Victor state
Ex: Ex: Ex: Ex:
-RIP -OSPF -EIGRP -BGP
-IGRP
Commands
Router> User Mode
Router>enable OR en % ااوE"%
Router# Privileged Mode
Router#disable % ااوLE% You can go back from privileged mode into user mode
Router> by using the disable command.
Router#config t مA-M=7H ل1 ا Terminal (any changes save in DRAM )
Memory (any changes save in NVRAM )
Router(config)# Network (any changes save in TFTP or FTP Server)
Router(config)#int f0/0 ص-M=7H ل1 ا Int = interface , f= fastethernet
Router(config-if)#
Router(config-if)#exit ص-M=7Hوج
اH
Router(config)#end OR ^Z مA-M=7Hوج
اH
Router#
Router#? م."45 اA مH2%
(# ا#(% QBA إذا Editing and Help Features
Router#conf ? L4 L4 ا(ت.G
(Enter ) QLT إذا
#(
وراحTAB ب% زر/A T ا9U
E وف
أV W أرXاآ $" $" ا(ت.G
( Space ) QLT إذا
Router#config t "Hostname"
Router(config)#host yaser
yaser(config)#
Router(config)#banner motd $ (( motd= Message of the day)) W\ و..
E % روا#A
A
#آ
اZ وBE# >
K 3 هBanners
Hello. This router for center control $ Enter T ا9U WD ار.
ؤ$] ء.
.' ا3B
_ A
-11-@@ C C N A 2012 || 2008
Router#show run static route إد ل$ ر د أو14 WT] و-5 اوا أوbK اض هE4ؤ
وا Privileged Mode 3B ن1(
زم5 SHOW أي أ
Router(config)#do sh run Privileged Mode config WT و3B f>L% 9% ض اوا وA >
K
Router#show history أوا10 g ضE
ا اZه
Router#sh start Config ت ال1E ضE
Router1#copy run satart NV-RAM 3B % اوconfig اـj"$
ا اZه
Router2#copy run satart
Router1#erase start Delete the startup-config زاl ا اZه
Router2#erase start
Routr(config)#enable password RRRRR "+ _ رد14 User Mode V
ل1 ي2 ا9:ا اZ ه-1
Routr(config)#enable secret RRRRR "+ رد14 "ة+ _ "ة أو+ >
L Privileged Mode /إ
Routr(config)#NO enable password
Routr(config)#NO enable secret f2" ا: NO m\ ي2 ا9:زا ا
Routr(config)#line cons 0 // aux 0 // vty 0 4 (telnet'هE )ا ة%ع ااو1 X2V
>ل5 ا: اZ( وtelnet وAuxiliary وconsole /A
#V #E -2
Routr(config-line)#pass RRRRR ي4 9: رXL
راحPrivilege Mode / إUser Mode V
Routr(config-line)#login ي2 ا9: اد ل اQ: و3.'
وE Q: وp'E L4 g
Routr(config-line)#exec-timeout 5 7 ( أاQ:1 ا3.'
راح#B 0 0 V 1) 3ا1U=7 وb=:= د5
Routr(config)#enable password RRRRR "+ _ رد14 User Mode V
ل1 ي2 ا9:ا اZه
Routr(config)#enable secret RRRRR "+ رد14 "ة+ _ "ة أو+ >
L Privilege Mode /إ
Routr(config)#NO enable password ( Privilege password /#2
WT) ه' و
Routr(config)#NO enable secret f2" ا: NO m\ ي2 ا9:زا ا
Router#sh run . اد9% 3
ا2م ا:" ار+
> وK
Router(config)#service password-encryption Encrypting Your Passwords
Router(config)#no service password-encryption (To cancel previous command)
Router(config)#int f0/0 رت1 اBE
# .2
t$ رت1 اu" m1 >
K يZه
Router(config-if)#desc Sales Lan Descriptions1.4 وA2 f#Aو
[1] Router>en To config any router interface you must do this steps:
Router#conf t Interface configuration
Router(config)#int f0/0 AND f0/1 Add = address
Router(config-if)#no shut % ااو$B +% وE"% ات1L 'ه
[2]Router(config-if)#ip add 10.10.10.100 255.255.255.0
[3]Router(config)#int s0/0 Serial Interface Commands
Router(config-if)#no shut (3TاB5ا اZ ا )هL2 اX( DTE
2 آن ا1
Router(config-if)#ip address 10.10.20.1 255.255.255.0 (تA2 اوا آ )اX( DCE
2 آن ا1
Router(config-if)#clock rate 64000 Data circuit equipment //// Data terminal equipment
Router#ping 10.10.10.1 Verifying Your Configuration ؟5 أو#E% 3( ه ه+ ر ا5
Router#sh int f0/0 b"1(
اA ت1E ضE
Up=#E% =
"ء ا,ا( وا
Router#sh ip int ؟5 أوip . وه#E% وهinterface ض آ الE
Router#sh ip int brief ؟5 أوip . وه#E% هM7H interface ضE
Router#sh controllers serial 0/0 DCE or DTE 1
ه ه2اض اE45
Router#sh ip route routing table ض الE
Router(config)#int f0/0 SDM you must configure
Router(config-if)#ip address 10.10.1.100 255.255.255.0
Router(config-if)#no shut
Router(config)#ip domain-name xp
Router(config)#crypto key generate rsa general-keys modulus 1024 +% > إذا أردتB pE يZا واZ هL2ا
Router(config)# ip http server http OR https
Router(config)# ip http secure-server
Router(config)# ip http authentication local "+ #E% 0 ور و#م وآH2 94 أي ا1 هAفV
Router(config)# username a privilege 15 password 0 a
-12-@@ C C N A 2012 || 2008
Chapter: 5/6
IP Routing
| أIP ;? DHCP
WINS a97
واDNS 99
ا
Static -1
:اتk
ا
او% rو9
اI' y1
ا-3 Security > أآ-2 'T )ج راو ذو إ
ت ه-1
:ب
?ء أآE(ل أ3 -3 admin I' 9# 6
ن1 2 6(3 إذا-2 J71 ة2(
'
ت ا-1
tow LAN
(, /A %
وآ راو%
> ا
راوK
3] ا% ااو3B دة1D1# اSubnet 3 and 4 فE اول% ااو3B Config #A : 5أو
R1(config) #IP^route^10.10.3.0^255.255.255.0^10.10.5.2
R1(config) #IP^route^10.10.4.0^255.255.255.0^10.10.5.2
اول% ااو3B دة1D1# اSubnet 1 and 2 فE 3] ا% ااو3B Config #A : ً U
R1(config) #IP^route^10.10.1.0^255.255.255.0^10.10.5.1
R1(config) #IP^route^10.10.2.0^255.255.255.0^10.10.5.1
aهY وه; اC |
#y R1&2#sh^ip^route 9و
')آ .. Y ا6M NO &Kء أ2
و
Stub network = network has one exit interface
ىEY ا#'
IP و
أ أف الDefault Route م9:)
ا
R1(config)#IP^route^0.0.0.0^0.0.0.0^10.10.5.1 ; >
; ا
او ا1 ا
;ءs. و
Router#traceroute 10.10.3.1 %ى ااو12 /A اZه Q7V 1 (+#ف (ن اE%ل و11 (ن ا/Vر و7#
اQ(ر ا2 W%
From recourse to destination
Router#tracert 10.10.3.1 Q41.ى ا12 /A اZه
Ping fB 1 (+#
(ن ا$% ون5 ل أو7%د ا1D
وA H
أ1ه
Dynamic -2
م ا
وآ_ت9:) اq8 8ه
Routing table
Static Dynamic
Routing Protocol
Interior Exterior
Distance Link Hybrid
Victor state
Ex: Ex: Ex: Ex:
-RIP -OSPF -EIGRP -BGP (for
-IGRP (for Cisco)
Cisco)
*AD= administrative distance **Max hop count *** Algorithm )رE[ ه ا9T1
ا
?ق% 'K.
; ا1 ا
او#9:)4 [
إ6( راو
أنI(M أaآ Best path selection
costوي ف ال4) وإذا آن6MY اXEو
hop count وه رة
Protocol RTP: | ا اوX unicast [ 6 راو راحack ءG [9T1
Convergence time ز
ا>رب
Routing table ء8
ا
اوqXE يX
اNM
ا
RIP v1 RIP v2
Classful Routing Classless Routing
SM ون9% net add r q8
No support for VLSM .'):
| اN84
اa9 _ أي Support for VLSM
No support for discontiguous networks( .'):
' )ا4'4)
اA N 4
اa9 _ أي Support for discontiguous networks
Use broadcast Use broadcast or multicast-Dسh; آ1 م9:)4
contiguous discontiguous
VLSM FIXED LENGTH SM VLSM Non VLSM
-14-@@ C C N A 2012 || 2008
passive-interface
Router#config t
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#passive-interface s0/0
IGRP
Classful Routing
No support VLSM
No support discontiguous networks
Uses an autonomous system number #$% 'ن ا
فASaM رs. _زم
ن
Use broadcast
Cisco
>B EIGRP .E E اWL2 ( TCP/IP - IPX/SPX - APPLE TALK ) " اH#ت ا51آ1%* او
EIGRP
Classless Routing
support VLSM
support discontiguous networks
Uses an autonomous system number
Cisco
100,000
Cost (metric) = ـــــــــــــــــــــــــــــ
BW [kilo]
Router ID (RID): is the highest IP address used to identify the router. [Identification] IP I'أ
Link is an interface on a router.
Link-State: the status of link between two routers |8'
ا3
Link-state database (topological database).
Area:
اa#$% % دل6( وAS ءkG
# DR election based on: BDR وDR بHق اK ( t
> او% 1ده ه1Dف
و. اEK )
1- Priority [highest] ( 255 = أهI' ا
او ) أI' 1 ;
نK)ا1_%
2- RID [highest] ا
اوqXE IP I'أ
% ( ااوb"1 آQ#A إذا5 إ.B1,ر أ: أ5ل و1آ1%ا اوZ. 1#E#ق اLف ا1,ن أ+A
Display OSPF information for one or all OSPF processes running
show ip ospf on the router.
show ip ospf database the number of links and the neighboring router’s ID
show ip ospf interface Displays all interface-related OSPF information.
Chapter: 7
Managing Traffic with
Access Control Lists [ACL]
R ACL
C1 permit HTTP
C2 permit SMTP
C3 deny FTP
:h
ً >
A R1 [OK] HTTP
action آYاء اG]ا
C R2 [NO] FTP
action آYأ اع ا
L
permit ح deny &8
Source
Host Subnet Any
-19-@@ C C N A 2012 || 2008
TCP HTTP/TELNET/FTP/SMTP 6> APP layer 7H ;1 62) وآل% ا إذا آنXم ه9:)4
TCP/UDP )ج أآ) ع ا
وآل1 APP layer 7H ;1 62) IP
آن ال
Any des I
ل إD
ع ا8 ز#G 6 آ: q8
Source Dest
Host Subnet Any Host Subnet Any
Single IP subnet
H ز#G
أيH
93ز وا#G
H 8
:2]ل
R(config)#access-list 110 deny TCP host 10.10.1.1 host 10.10.2.50 eq FTP
Remarks
** Uses in Extended ACL تy3h
ا
R(config)#access-list 110 remark Permit Bob from Sales Only To Finance ;ءF أي-J71 aا ا
)ف6> تy3h ي4
R(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255 #' [ وشACL]
R(config)#access-list 110 permit ip any any
Ext & named ;1 J71 دةG Remark 87
** Uses in Named ACL
R(config)#ip access-list extended No_Telnet
R(config-ext-nacl)#remark Deny all of Sales from Telnetting to Marketing ;ءF أي
R(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.40.0 0.0.0.255 eq 23
ACL
Switch Port ACLs )4
)ى ا4 I'
[1] Create conditions
S1(config)#mac access-list extended My_MAC_List J71 aا subnet )4
; ا1 2' 8ه
S1(config-ext-macl)#deny any host 000d.29bd.4b85 ا
كaMر host OR any J71
S1(config-ext-macl)#permit any any mac J ip ال9% 8ه
[2] Assign ACL on port X.8 6; آ1 ACL &K إ ; راح أq81 any N دا
S1(config-ext-macl)#int f0/6 range م ال9:) ا#8 _91 ) يXوه
S1(config-if)#mac access-group My_MAC_List in S1(config-ext-macl)#int range f0/6-10
Chapter: 8
Managing Cisco IOS Software
This things we will learn it in this chapter : 7"ا اZ ه3B .#E راح3ء ا, اpZه
1- Password Recovery
2- Back up IOS
3- Restore IOS
4- Upgrade IOS
5- Back up [ for config ]
6- Restore [ for config ]
7- CDP [ protocol ]
Configuration register
* It is 16-bit software register that’s written into NVRAM
* configuration setting on Cisco routers is 0X2102 This default
N% 16 = #'; آ8 N% 4 #8 aM ر6 و)
ن آHexadecimal ـ%
ن
)ب% 0x 9% aM
ا
* Notice that bit 6 can be used to ignore the NVRAM contents. If it is enabled.
Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Binary 0 0 2 0 0 0 0 1 0 0 0 0 0 0 1 0
Config Register 2 1 0 1
Here the important thing for me the bit number 6 if was:
0 load NVRAM content [start up config] رد14 #$% ي12
1 Ignore NVRAM content ه% ي12
– رد14 ا#$
Here are the main steps to password recovery: : 3 م1> OS 2142
ا9: و
To know the value of config Register , use this commend :
R#sh ver 93 واaM
اI
إ6 aM رN
; ا1 .(
اM 2)
[1] ;1 ي4
اaM
ا6 و)ه6)
% م7 _ ;
R> ا9
وا6DY; ا1 اX
ن آ% ا
او ا9
; ا1 ا
او
نI2%ا أ9
ا
: ;
)
ا6
ن ا1 Ctrl+Pause/Break I' J2Kة أF ا
او ( و62F;ء وأ.H[) أ1; ا
رد ا
'; أ8
4 و8 ه6D 6M rommon 1 >
rommon 1 > rom monitor I4و
[2] Changing the Configuration Register to ignore NVRAM contents
rommon 1 > confreg 0x2142
[3] Reloading the Router and Entering Privileged Mode by this command
start run
rommon 1 > reset reset ا
او أو أي62F;ء وأ.H _زم أ2142 I' 6E9 r%
Old
The router will reload and ask if you want to use setup mode answer NO.
R>en new
[4] Copy startup-config to running-config in Privileged Mode by using this command
R#copy start run config ' ال6M Yا اX& هK>>>>>>>>>>>>>>>> أ
[5] Change password by setting new password
Router#conf t rommon I' rest ال
Router(config)#enable secret kkkk privilege mode I' reload وال
[6] Change the value of configuration register to enable NVRAM contents
Router(config)#config-register 0x2102 privilege mode
3 ;1 config register الM 2 7H
[7] Save your work #E اj"V
Router#copy run start
[8] Reload router to activate changing of configuration register
Router#reload
-22-@@ C C N A 2012 || 2008
Router#ping FTP_server
** To copy the router’s configuration from a router to a FTP server config 6
backup :4 أي
Router#copy run FTP a#8% ق1 9G _ن و#%) Y اXه config أ اع
or 1- start
Router#copy start FTP 2- run
** Copying the Current Configuration to NVRAM
Router#copy run start
** If you did copy the router’s configuration to a TFTP server as a second config ع الG إرpH
backup, you can restore the configuration
Router#copy TFTP run or ftp
-23-@@ C C N A 2012 || 2008
q
ر6 8)ة ز1 6آ how often CDP packets are transmitted to all
ا [
راوات أو )تGو CDP timer
active interfaces.
( د ا
ر7
; ) وه; ا
' ا#)8 و8)ة ز1 #
qXل هhE دة9 ة9
97 qرG هXE ;'
ا
'ت ا the amount of time that the device will hold
NM}
ا
CDP holdtime
packets received from neighbor devices.
Configuration
Router#sh cdp
** Use the global commands cdp holdtime and cdp timer to configure the CDP holdtime and timer on a router:
Router(config)#cdp timer 90 9 أر. آNM
ا2)
و60 6 آr9)
% م7 [ ; إK)ا1_ا
Router(config)#cdp holdtime 240 9 أر. آNM
ا2)
و180 6 آr9)
% م7 [ ; إK)ا1_ا
** Gathering Neighbor Information by using this command
Router#sh cdp nei detail 6D.)
ض ا
** Gathering Interface Traffic Information including the number of CDP packets sent and received and the
errors with CDP.
Router#sh cdp traffic [)'7) اN
% a أر')[ وآN
% aض آ
** Gathering Port and Interface Information including CDP status on router interfaces or switch ports.
Router#sh cdp interface CDP62) ;'
اs1) _% TM %
** To turn off CDP on one interface on a router,
Router(config)#int s0 fE' وأ% ااو/A أدQ( ا4
pإذا أ
Router(config-if)#no cdp enable
-24-@@ C C N A 2012 || 2008
Chapter: 9
Switching Layer2
hexadecimal <== 48bits
نMac address ال
:;
)
)ر
ن آE_ ا7H
ت و8'
ا93رت وا% )ر روتE% STP م7 multi-link |8
>ي أآ98 إذا#
a) cost ; >
'ر ا67)8 وى4 ;ء وإذاF 6M)ر أEأ
Speed Cost
2 10G
4 G
19 F
100 E
)% مMرY اqXن ه% '
b) Port number ;ءF 6M)ر أEأ
f0/0 or f0/2 or f0/3 )4
اI' ا
رت ا
)بaMا
'; ه ر
BPDU: Bridge Protocol Data UnitI4 )ت4
ا% ا ا
);
ن9
ا
-25-@@ C C N A 2012 || 2008
Chapter:10
Virtual LANs [VLAN]
: VLAN ال9Tا1
interface 6'M د9 I' subnet ;
ا
> ال8 interface 6
subnet [
' إN'3 -1
logical interface 'ن% 4.2 I' )يone physical interface; ا
او ال1 -
sub interface اX هF0/1.1
اI' ق8)Eي ا4 اXن أآ> آY 1024 >ر أي أآ9M أ-
(a# [?% وأرE ) ;1 a47
اs.8
&% :F |Fر أ9M1 ) 'ن4
;
آن ا8 ) physical limitation '
63 -2
rو9 % |'#)4 [ Y broadcast '
63 -3
( subnet >ن ) أآY ' ا-4
VLAN Types
Static VLANs Dynamic VLANs
f2" رت1 ا/A ن1(
+ه' ا f2" ز. ا/A ن1(
+ه' ا
- By admin 6
% م7 N أ - By admin 6
% م7 ا%
NG ة أوk#GYت اA '1 ا
رتs.8
assign 6 أ8 هN'7 ت أوA '1 ةk#GY)ى ا4 I'
نr9)
ا8ه
([4. ا
رتI' ادات9]ن اY ق. ) ة99G ةk#Gأ (VLAN s. ;1 ز#
) ا4 اح1) ز#
ا
dynamic وstatic 62F& أ.8 -
f0/1VLAN2[sales] , f0/2VLAN3[IT] , f0/3VLAN4[marketing] , f0/4VLAN5[accounting] -
1 2
Access links Trunk links
N#
) وا4
ا% ) ) و%
) وراو%
access port ول وا
> ; أن
نY) ا4
; ا1 ا
رت J71 )4
اI' Trunk port ول وا
> ; أن
نY) ا4
; ا1 ا
رت
[
Config أيq8 اX ا
او وهs
وJ71 )4
اI' [
Config أيq8 اX ا
او وهs
و
Fast Ethernet _زم
ن ا
رت
: ;o ا6
VLAN-ID -1
)4
اI' VLAN >ي أآ98 إذا آنVLAN-ID )ج3ا
Encapsulation '2 -2
:م9:)4 وآل% أي99)% مM وأ أK)ج أ3 ا5 aMز ر#G و1 aMز ر#G % 67
أي
Configuring VLANs
• Create VLAN ( by global config ) يZ ه#A ر ا5 ا3B You can’t change, delete, or rename VLAN 1, because
Switch(config)#vlan 2 it’s the default VLAN.
Switch(config-vlan)#vlan 3
Switch(config-vlan)#vlan 4
Switch(config-vlan)#vlan 5
• [1]Create VLAN ( by Database Mode ) يZ ه#A ا#E# ا3B
+#2 ا3B
S1#vlan database
S1(vlan)#vlan 2 name sales
S1(vlan)#vlan 3 name IT
• [2]Assigning Switch Ports to VLANs >>>>>>>>>>>> ه2% ا
'; أVLAN I
ا
رت إ98 اI2%أ
Switch(config-if)#int f0/2 |??| ور: 43 I' د ا
رت8 إ-
_ أوN'Eة دk#GYف اF 'ن أsh VLAN د أي8] ا9%و
Switch(config-if)#switch port access vlan 2 q2% ا
'; أVLAN الaMر
SW1(config-if)#switch mode access N#
) وا4
ا% 6
ع ا99
• If you want to verify your configuration, use this:
Switch#sh vlan _ أوvlan الN7H 6)ض ه4 'ن ف
* [3]Configuring Trunk Ports [Assigning Switch Ports to be trunk] 8% '): ; )ت1 N
آ#$% ة ف93
اVLAN ;1 ةk#GY ا: 3 ?ةE 9%
93; ) وا1
و#$% ف.'): VLAN ;1 ةk#GYا
Sw(config)#int f0/12 trunk62) ;'
ا
رت اaM ر8& ه$
Sw(config-if)#switch port mode trunk & ا
وآ_تG ) ف4
إن ا3 ;1 ه2%)ر ع ا
وآل ا
'; أE وا8أآ
Sw(config-if)#switchport encapsulation dot1q >>>>>>>>>>>>>>> ;ءF ) )ج أآ1 2950 aM) ر4
ا6> 93وآل وا% _
آن ف إ
• Defining the Allowed VLANs on a Trunk *****
? ور ا
ت7 وJ%
? ا7 [ إa
% Nآ% يY c4 رت% | ; ا
)اK)ا1_% ***
Sw(config-if)#switchport trunk allowed vlan 1-10 ***** #' )% [
ح4
اVLAN د93 أ8
ه1 62
و'[ ا
Sw(config-if)#no switchport trunk allowed vlan *****
• [4]Configuring Inter-VLAN Routing
Router#config t
Router(config)#int f0/0
Router(config-if)#no ip address [2' IP [1
آن
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1 sub-interface I' لE9
ا8ه
Router(config-subif)#encaps dot1q 1 -----> VLAN 1 6 )ت4
ا% نY encapsulation '2)
ة ا9T1
Router(config-subif)#ip address 192.168.10.100 255.255.255.0 dot1Q I' #$% وisl I'
Router(config-subif)#int f0/0.2
Router(config-subif)#encaps dot1q 2 -----> VLAN 2 }ال4
; ا1 74 | N 4
د ا93
Router(config-subif)#ip address 192.168.20.100 255.255.255.0
* Config VTP
Switch(config)#vtp mode server ------> default
4 ; )ت1
Switch(config)#vtp domain orbits ً
أآ> أ
Sw(config)#vtp password kkkk
-28-@@ C C N A 2012 || 2008
Packet
Data Voice Video
Real time Real time
م9:) أآ و'[ اpriority #?1 delay رy) ا6) 8ه
QoS[Qulity of service]
qA > أآ9E دةG ا
(ت )ج
intelligent ;)
F q81 ق1 ;'
أ اع ا
ت ه; اN8* إذا آ
Chapter: 11
Network Address Translation
[NAT]
IP
Virtual [private] Real [public]
10.0.0.1 : 10.255.255.254
172.16.0.1 : 172.31.255.254
192.168.0.1 : 192.168.255.254
Real IP 1.B ا اZ ه3B د1D1 _ IP أي
NAT
Static Dynamic Overloading == [PAT]
Many virtual IP => Many real IP Static Dynamic
One virtual IP => one real IP :طF With Overloading With Overloading
Number of real IP=number of virtual IP
Many virtual IP => One real IP Many virtual IP => Many real IP
Many real IP CALLD pool of real IP
(( ;4ام ا
وآ9:)
اh> )) ا
'ل93 ه أNAT ال
NAT Names
Inside local Inside global Outside global
Name of inside source address Name of inside host after Name of outside destination host
before translation translation after translation
Virtual IP [1 (د7
ا Real IP [1 (د7
ا ;)
F رجE #
6D أوI2%ا
? ا
'; أ
Static NAT
[1]Creates a static NAT translation between 192.168.10.1 and 192.1.2.109 real&virtual
:Eا N ) ]ح
[ ا4
ز ا#
ا اXه
Router(config)#ip nat inside source static 192.168.10.1 192.1.2.109 NAT Table;
192.168.10.1 Virtual IPا الXه
[2]Configures NAT inside interface insidem
E% 192.1.2.109 Real IPا الXه
Router(config)# interface f0/0
Router(config-if)# ip address 192.168.10.1 255.255.255.0
Router(config-if)# ip nat inside 'Eا9
ا
اI' ا 'ن )فXه
[3] Configures NAT outside interface outsidem
E%
Router(config)# interface Serial0/0
Router(config-if)# ip address 192.1.2.109 255.255.255.240
Router(config-if)# ip nat outside Gر:
ا
اI' ا 'ن )فXه
Dynamic NAT
[1]Defines a NAT pool (outside addresses) named MyPool with a range of addresses Pool=> many Real address
60.1.1.2 – 60.1.1.6 ISP IP )ي ال
Router(config)#ip nat pool MyPool 60.1.1.1 60.1.1.6 netmask 255.255.255.248 ISP q( )اIPs)ةk#G أ6 ;8 8ه
[2]Determine inside addresses that will use NAT, that addresses are defined in ACL
Router(config)#ip nat inside source list 10 pool MyPool ACL aMه ر8 10 ول وال9
; ا8 8ه
J71 ةk#G أ6 93 ا
اNM
; ا1
ز#G 254 6E9 ر97
Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255
[3] Configures NAT inside interface >>>>>>>>>>>>>>
[4] Configures NAT outside interface >>>>>>>>>>>>>>
Static NAT ;1 واY اs.
-30-@@ C C N A 2012 || 2008
('[ زM نY 1024 I' أaMم ر9:)ة ) واk#GYد ا9 >ج أآEر أ9M 'ن أPort م9:)[ ا9:)و'ن أ
Chapter: 12
Wireless LAN
[WLAN]
2.4 GHZ Wireless 802.11 b and 802.11g Unlicense @
7% . ج$
5 GHZ Waves 802.11 a Unlicense @
7% . ج$
Agency Purpose
'h
رد
'
ت ا9 )_ ا6
j4
Creates and maintains operational standards
Institute of Electrical and Electronics Engineers (IEEE)
; أ1 دةG j#
اqXت وا
)ددات – وهG'
c
إ?ء (رj4
Regulates the use of wireless devices in the U.S.
Federal Communications Commission (FCC)
%; أورو1 دةG j#
اqXت وا
)ددات – وهG'
c
إ?ء (رj4
Chartered to produce common standards in Europe
European Telecommunications Standards Institute (ETSI)
Wi-Fi Alliance Promotes and tests for WLAN interoperability
WLAN Association (WLAN) Educates and raises consumer awareness regarding WLANs
DSSS Direct Sequence Spread Spectrum ||| OFDM Orthogonal Frequency Division Multiplexing
-32-@@ C C N A 2012 || 2008
• MESH :
- Root Access Points (RAPs)
'4
ا
اI' 6Dوا: q8
- Mesh Access Points (MAPs) ا
وتpH
'4
ا
اI' 6D وا: q8
• Wireless Security :
1. Open Access
3. WPA or WPA 2 [Pre-Shared Key (PSK)] "+ رد14 ا4
-]" أآ+% 3LE
- WPA Wi-Fi Protected Access and WPA2( )ا
?رPre-Shared Key (PSK) is a better form of wireless security than
any other basic wireless security methods mentioned so far.
& ا
ردK; و1 8
ت ا:
ول وا
> ; )ا
?ر( ه زدة اY ا% ق.
ا
4. Cisco Unified Wireless Network SecurityfD و# أآ/A (45 (, Xل آ1V
- Secure Connectivity for WLANs ا9
اpH
- Trust and Identity for WLANs k)آ وا_را8_ اpH
- Threat Defense for WLANs ات99#)
ا1 pH
ISR integrated service router <== u
ا1 ا9A% 3ات ا% ااو94 ا-
(#ت اH ا%راو
-33-@@ C C N A 2012 || 2008
Chapter: 13
Internet Protocol Version 6
(IPv6)
IPv6 IPv4
128 bits 32 bits
W E% 16 bit 16 bit 16 bit 16 bit 16 bit 16 bit 16 bit 16 bit 16 bit
Hexadecimal 00AB Cf00 2434 1270 3210 4210 5611 877 991A
--:--:--:--:--:--: (
1
)آL>' 9.' 7Bا
x:x:x:x:x:x:x:x
;'DY ا6
ا 1080:0000:0000:0000:0008:0800:200C:417A
J4 1080:0:0:0:8:800:200C:417A
#$% 9% ;'
ر ا.DY اr% ، > أآJ4
اXام ه9:) و_
ا:: J3)(ره وأEا 1080::8:800:200C:417A
J71 ة93)(ر إ_ ة واE_ا
0:0:0:0:0:0:0:1
::1
loop back I4و
local host I4 وهv4 ;1 127.0.0.1 [و
IPv6
prefix-address prefix-length
| N 6>
F0/1=> 12:34:56:7::1/64 I
وY اaMرY& ا%رY | واN 6> ; وهprefix length ه8 64 ال-
.'): N ;1 آن% q81 ت2
ة و93 ا
اN 4
ا6E دا9% أ2)
Host Config
Manual Automatic
stateless statefull
No DHCP DHCP
Found in the network Found in the network
DHCP pH 6 8ه-
وز98وXP XE Automatic
broadcastD1
5> وB multicast مH2
f إIPv4 /A IPv6
ات
** Address Types: -
1. Unicast address single IPv46> – ان8
وح
2. Multicast address class D in IPv46> -#'س آ8'
6D
3. Anycast address J71 s1 ) h
Nآ% 6ض إ ; أر2
ر وا4 43 أ43 I'
او6D
4. Global unicast addresses Public IP v.46>
5. Link-local addresses Privet IP v.46>
0:0:0:0:0:0:192.168.100.1
This is how an IPv4 address would be written in a mixed
IPv6/IPv4 network environment.
2000::/3 The global unicast address range real IP ]#
0010.0000.0000.0000
FC00::/7 The unique local unicast range نzم اH2 _ private IP ]#
FE80::/10 The link-local unicast range fا اZه 1111.1110.1000.0000
FF00::/8 The multicast range multi-cast 3 ]#
Chapter: 14
Wide Area Networking
[WAN]
او3B ت57%5آ ا, /A #=: : ( ) uB4 أي
Defining WAN Terms:
• Customer premises equipment (CPE)
• Demarcation point
• Local loop
• Central office (CO)
Service
Demarcation point
6
ة اk#Gآ ا_(_ت وأF ةk#G أ% 6(. ;)
? ا78
وه; ا
LAN1 LAN2
O O
... DCE u وDTE +% ات راح% ااوW#D service uB4 fB 1
CSU/DSU [ Circuit Service Unit / Data Service Unit] مH2
احB
2 K1 Qوإذا آ
:f ل ص1آ1% ووm% uB4 ( وEncaps m% ن ه'ك1(
أنX
service
ل الQ إذا ت اآ#
protocol
HDLC PPP Frame Relay
High-Level Data-Link Control Point-to-Point Protocol
: 3B >B مH2
و : 3B >B مH2
و : 3B >B مH2
و
1-lease line 1-lease line 1-Frame Relay
2-ISDN
3-Dial up
ن آ1(
أنX
fH4 إذا ا1-ل1آ1%و
] أآf D1
و
LCP (Link Control Protocol)
* You can’t use HDLC or PPP with Frame Relay.
آ+ اu"
% ااو2-Layer2 ;1 6ل وD
? اI
ل ا
ت إD و9)آ
NCP (Network Control Protocol )
With Frame Relay there are two encapsulation types:
1- Cisco 2- IETF
L3 & أي ع أ اع ا
وآ_ت6) ر97 (Internet Engineering Task
3- Authentication protocol Force)
-38-@@ C C N A 2012 || 2008
Frame Relay
(( ;
2
اLease line م9:)4 ال9% )) 93 أآ> واI' rو9
اa47
Frame Relay 1 وهm g ل1آ1% مH2 '.B TCP/IP ل1آ1% او9."
Frame Relay اـ
* Frame Relay has become one of the most popular WAN services deployed.
* Frame Relay is a packet-switched technology
* Frame Relay, by default, is classified as a non-broadcast multi-access (NBMA)
Local Management Interface (LMI) /#2% Signal (رة, )إD أوUp 24H ن1(
PVC 3 ن أ+A
is a signaling standard used between your router and the first Frame Relay switch it’s connected to.
ISP 9:
ود اk هLMI د ع9 ;'
وا
show frame lmi Give you the LMI traffic statistics exchanged between the local router and the Frame Relay switch.
9:)4
اLMI ض ع
* list all configured PVCs and DLCI numbers.
show frame pvc
* It provides the status of each PVC connection and traffic statistics.
* Check for LMI traffic.
show interface
* Displays line, protocol, DLCI, and LMI information.
show frame map Displays the Network layer–to–DLCI mappings.
IPsec encrypted
IP Clear