شرح مبسط جدا لمنهج سيسكو CCNA

4,723 views

Published on

الكتاب مميز جدا في الشرح و التبسيط لمنهج سيسكو

Published in: Engineering
0 Comments
14 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,723
On SlideShare
0
From Embeds
0
Number of Embeds
25
Actions
Shares
0
Downloads
330
Comments
0
Likes
14
Embeds 0
No embeds

No notes for slide

شرح مبسط جدا لمنهج سيسكو CCNA

  1. 1. 2008||2012C C N A-1-@@@@ ‫ﴍح‬‫ﻣﻨﻬﺞ‬‫ﺳﻴﺴﻜﻮ‬ ‫ﺷﺒﻜﺎت‬ CCNACisco Certified Network Associate ‫ـﺪرب‬‫ـ‬‫ﻤ‬‫ـ‬‫ﻟ‬‫ا‬ ‫إﻋ‬‫ـ‬‫ـ‬‫ـ‬‫ـ‬‫ـﺪاد‬‫ـ‬ @ @ ALFAHAID@GMAIL.COM :1429/2008 :1433/2012 :::: 2 0 1 2 ‫ﻣﺬﻛﺮة‬ ‫رﻗﻢ‬:4 .
  2. 2. 2008||2012C C N A-2-@@@@ : . : . : " ) "( @ALFahaid https://twitter.com/AlFahaid :183 Dropbox m20%?N7MjqYNGCl/r2q73r5q87xdu9s/sh/com.dropbox.www://https a
  3. 3. 2008||2012C C N A-3-@@@@ The ContentsThe ContentsThe ContentsThe Contents Ch1: Introduction To Network 4 Ch2/3: IP Subnetting 7 Ch4: Cisco Router 9 Ch5/6: IP Routing 12 Ch7: Access Lists [ ]ACL 18 Ch8: Managing Cisco IOS Software 21 Ch9: Switching [ Layer 2] 24 Ch10: Virtual LANs [ ]VLAN 26 Ch11: Network Address Translation [ NAT] 29 Ch12: Wireless [LAN WLAN] 31 Ch13: Internet Protocol Version 6 [ IPv6] 33 Ch14: Wide Area Networking [ WA ]N 37 ‫ا‬ ‫ا‬ ‫ل‬ ‫ا‬ - ‫–ا‬ ‫ر‬ ‫ا‬ ‫ورة‬ ‫ا‬ ‫ت‬ http://www.mediafire.com/?3maerm7vmi0x4x7
  4. 4. 2008||2012C C N A-4-@@@@ Chapter: 1 Introduction To Network What’s Network ? ‫ا‬ Network is a group of computers connected with others to share data. ‫ا‬ ‫ا‬‫ت‬ ‫ا‬ ‫رآ‬ Types of Network: ‫ت‬ ‫ا‬ ‫اع‬ ‫أ‬ 1. (LAN) Local Area Network ‫أوا‬ ‫أآ‬ 2. (WAN) Wide Area Network ‫ق‬ ‫ا‬LAN‫و‬WAN: 1-‫ا‬ ‫ا‬ ‫ا‬ 2-‫ال‬Service‫ت‬ ‫ا‬ ‫ا‬ ‫وه‬..:leas line/frame relay/ATM 3. (MAN) Metropolitan Area network ))‫و‬‫د‬ ‫ا‬(( 4. (SAN) Storage Area network ‫ات‬)‫دا‬LAN( 5. (VPN)Virtual Private Network ‫ا‬ ‫ا‬LAN: 1-VPN2-Dial up‫أآ‬ ‫أ‬ ‫أ‬Security 6. Intranets and Extranets. ‫روا‬ ‫أ‬‫وا‬ LAN Intranets‫دا‬ ‫ا‬ ‫ه‬‫و‬Extranets‫ر‬ ‫ا‬ SAN ‫إ‬ ‫ح‬ ‫أن‬ ‫ات‬ ‫ا‬ ‫ر‬ ‫ه‬ ‫و‬: 1-Cluster service 2-High speed internet ‫ة‬ ‫ا‬SAN‫ه‬Disaster Recovery‫ـ‬ ‫م‬ ‫ي‬ ‫وا‬: 1-‫ا‬Backup 2-‫ل‬ ‫ا‬ ‫ز‬Load Balance VPN ‫إ‬ ‫ح‬ ‫ل‬ ‫ن‬LAN‫ا‬ ‫ام‬VPN ‫ا‬ ‫ء‬ ‫م‬ ‫راح‬ ‫ا‬Tunnel‫ت‬ ‫ا‬‫اق‬ ‫ا‬ NIC = Network Interface Card DNS IP ‫ا‬ ‫ا‬ ‫و‬‫م‬ ‫أر‬ ‫إ‬ ARP = Address Resolution protocol IP‫إ‬MACARP MAC‫إ‬IPRARP Logical × Physical ‫دي‬ Virtual ‫ا‬ ‫ا‬ × real ‫ر‬‫و‬‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬‫م‬ 343+‫ت‬HTTPS1 80+‫ون‬‫ت‬HTTP2 20/21‫ر‬/‫ت‬ ‫ا‬FTP3 25‫ل‬ ‫إر‬SMTP4 53‫م‬ ‫أر‬ ‫إ‬ ‫ا‬ ‫ا‬DNS5 23‫دارة‬ ‫ا‬TELNET6 LAN -1- Remote site ‫أو‬ -2- Remote user LAN ‫ل‬ ‫ج‬ ‫ه‬ 1-modem 2-NIC 3- Tel line ‫ن‬ Network Access Service Dialup VPN
  5. 5. 2008||2012C C N A-5-@@@@ # OSI-RM [ Open System Interconnection – Reference Model ] : ‫م‬ OSI-RM ‫ا‬ ‫ا‬ ‫ء‬ ‫أ‬ ‫ل‬ ‫ا‬ Protocol Device ‫ا‬ TCP/IP 7 Application data - Interface between app & protocol 6 Presentation data - -compression -conversion -encryption 5 Session data HTTP-FTP-SMTP DNS-TELNET HTTPs-POP3 - -monitor ‫ا‬ open session on the host (1) Application 4 Transport Segments TCP HTTP-FTP DNS- TELNET UDP TFTP-DNS DHCP - Delivery method ‫ل‬ ‫ا‬ (2) Transport 3 Network Packets IP – ARP 1-Router 2-Switch[L3] Provide logical address [address for delivery on network] (3) Internet 2 DataLink Frames 1-Bridge 2-NIC 3-Switch[L2] Provide physical address [MAC] 1 Physical Bits LAN & WAN TECHNOLGY 1-Hub ‫ة‬ ‫ا‬ ‫م‬ 2-Repeater ‫رة‬ ‫ا‬ ‫م‬ 000011011 000111111 (4) Network Access -‫ال‬OSI-RM‫وأ‬ ‫و‬ ‫م‬ ‫ذج‬:1-TCP/IP 2-IPX/SPX 3-Apple Talk -TCP= Transmission Control Protocol [Reliable method] UDP= User Datagram Protocol [Unreliable method] -‫ا‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫ل‬ ‫ا‬ ‫آ‬. -‫ات‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬‫ا‬‫ف‬‫ا‬‫ل‬ ‫وا‬ ‫ل‬ ‫ر‬)‫زم‬ ‫ي‬ ‫ا‬ ‫وا‬ ‫وا‬ ‫ة‬ ‫ك‬ ‫ه‬ ‫ن‬. ( -‫ا‬ ‫ز‬ ‫وا‬ ‫ا‬ ‫ل‬ ‫ا‬OR [Start->run->IP address]]‫ز‬ ‫ا‬ ‫ا‬[Start->run-> -‫ج‬ ‫أ‬ ‫ا‬ ‫دا‬ ‫أ‬ ‫ج‬ ‫ا‬ ‫ء‬ ‫آ‬Protocol -‫ز‬ ‫أ‬Repeater‫ه‬)2.5K(‫إ‬ ‫ج‬ ‫ا‬ ‫و‬)4Reapater(‫آ‬ ‫ن‬Repeater500M. -‫ة‬SwitchHub‫د‬ ‫و‬ ‫ه‬mac table‫و‬ ‫ي‬ ‫ا‬ -‫ء‬ ‫ا‬:MAC table = CAM table = Bridging table)CAM= Content address memory( -‫و‬ ‫ت‬ ‫ا‬ ‫م‬ ‫او‬ ‫ا‬‫ة‬ ‫ا‬ ‫ا‬. ‫ا‬Network Topology)‫ف‬ ‫ا‬ ‫إ‬ ‫ا‬ ‫ا‬ ‫ر‬( ‫د‬Physical topologyLogical topology # Network Topologies [Physical]: ‫ا‬ ‫ل‬ ‫أ‬‫د‬ ‫ا‬ ‫ع‬ ‫ا‬ ‫ة‬ ‫ا‬ ‫ا‬ 1- Bus ‫ا‬ ‫آ‬ ‫ا‬ ‫ن‬ ‫راح‬ ‫ا‬ ‫ا‬ 2- Star ‫ا‬ center point‫آ‬ ‫ا‬ ‫ن‬ ‫راح‬ 3- Extended 4- Ring ‫ا‬ ‫دم‬No collision 5- Mesh
  6. 6. 2008||2012C C N A-6-@@@@ # Network Media : ‫ا‬ ‫ا‬ ‫اع‬ ‫أ‬ 1- Copper Coaxial cable Twisted Pair cable [TP] ‫ف‬ ‫زوج‬ Thick ‫ى‬ ‫ا‬ ‫ا‬=500 ‫ت‬ ‫ا‬=10/100/1000 Thin ‫ى‬ ‫ا‬ ‫ا‬=185 ‫ت‬ ‫ا‬=10/mbps100 STP Shielded TP ‫إذا‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬ ‫ن‬ ‫آ‬ ‫ت‬ ScTP Screened TP UTP UnShielded TP ‫م‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ت‬ ‫آ‬ ‫وا‬ ‫ا‬ 2- Fiber Optical ‫ا‬ ‫ف‬ ‫ا‬ 3- Wireless *‫ا‬ ‫ح‬ ‫ر‬ ‫ه‬: )32( 100 Base T ‫و‬ ‫ا‬BW Baseband ‫أر‬ ‫و‬ Broadband‫ء‬ ‫ا‬ ‫ا‬ # Ethernet Cabling : 1- Straight-through cable ‫ا‬ ‫ة‬ ‫م‬ ‫و‬ 2- Crossover cable ‫ا‬ ‫ة‬ ‫م‬ ‫و‬ 3- Rolled cable (Router=>Host) ‫ا‬ ‫او‬)‫ب‬ ‫د‬‫ب‬ ‫أو‬( Config ‫م‬ ‫و‬ ‫ة‬ Host & Router ‫ة‬ ‫أ‬ Switch & Hub ‫ة‬ ‫أ‬ Console cable ‫اع‬ ‫أ‬ 1-Rollover )=<( RG45 RG45 2-adapter )=<( RG45 DB9 -‫ا‬ ‫و‬)console port(‫ا‬.
  7. 7. 2008||2012C C N A-7-@@@@ Chapter: 2/3 IP Subnetting * What Is a Subnet? A subnet is a physical segment of a network that is separated from the rest of the network by a router or routers. ‫ه‬‫ر‬‫اء‬ ‫أ‬ ‫إ‬ ‫ا‬‫ا‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫ن‬ * The benefit from subnet : ‫ة‬ ‫ا‬‫ا‬ 1- ‫و‬ ‫ا‬ ‫ا‬ 2- ‫ا‬ ‫ف‬ ‫ا‬ * IPv4 : 1- 32 bits. 2- Decimal number representation ‫ل‬ ‫م‬:10.10.1.0 3- Dotted decimal -.-.-.- 4 octets and every octet consist of 8 bits # Rules : ‫أو‬ IP ‫ا‬ ‫ا‬‫ر‬ 1- 0 <= octet <= 255 2- 1 <= octet 1 <= 126 or 128 <= octet 1 <= 191 or 192 <= octet 1 <= 223 3- all host bits must not = 0 broadcast ‫ن‬ ‫ر‬ ‫أ‬ ‫آ‬ ‫آ‬= all host bits must not = 1 network address ‫ن‬ ‫ات‬ ‫وا‬ ‫آ‬ ‫آ‬= **** number 127 Trouble shooting ‫ز‬ 1 - 126Class A 128 - 191Class B Used for network ‫ا‬ ‫ا‬ ‫ه‬ ‫ت‬ ‫ا‬192 - 223Class C Multicast Video – Audio224 - 239Class D Future240 - 254Class E *‫ال‬octet‫س‬ ‫ا‬ ‫ع‬ ‫د‬ ‫ا‬ ‫ه‬ ‫ول‬ ‫ا‬ IP 10.10.1.0 Host ID ‫ا‬ capacity of network Network ID ‫ال‬ ‫ف‬IP‫ال‬host ‫أي‬ ‫د‬Subnet Subnet Mask ‫ه‬‫ق‬ ‫ا‬ network ID & Host ID Broad cast ‫ا‬ Valid range Network address - )SM(Subnet Mask ‫ا‬ ‫ل‬ 192.168.0.1/24 255.255.255.0 # Rules : ‫أو‬ subnet mask ‫أي‬ ‫ر‬ 1- ‫أن‬ ‫ا‬ ‫ا‬‫ر‬ ‫أ‬ ‫ا‬ ‫ن‬ ‫ن‬ ‫راح‬‫آ‬‫م‬ ‫ر‬ ‫ا‬‫ا‬‫ا‬‫ه‬ 0 or 255 or this number only 0000 0000 1000 0000 1100 0000 1110 0000 1111 0000 1111 1000 1111 1100 1111 1110 1111 1111 0 128 192 224 240 248 252 254 255 Default SMclass 255.0.0.0 / 8Class A 255.255.0.0 / 16Class B 255.255.255.0 / 24Class C IP Host IDNetwork ID ‫ء‬ ‫ا‬ ‫ه‬IP ‫ر‬ ‫ا‬ SM ‫ء‬ ‫ا‬ ‫ه‬IP ‫ات‬ ‫ا‬ ‫ا‬ SM
  8. 8. 2008||2012C C N A-8-@@@@ ‫ا‬ ‫ا‬ ‫ا‬IP ---------------------------------1--------------------------------- ‫ا‬‫ه‬ ‫ر‬‫ا‬ /28 ‫ات‬ ‫ا‬ ‫ا‬ ‫د‬ ‫ا‬ ‫ه‬ 2n = Number of Host + 2 28 27 26 25 24 23 22 21 20 256 128 64 32 16 8 4 2 1 ‫ر‬ ‫ا‬ ‫اآ‬ ‫ة‬ ‫ا‬ ‫د‬ Number of Host = 2n - 2 host bitsnumber of=n or zero bitsnumber of= ‫دة‬ ‫ا‬ ‫ر‬ ‫ا‬ ‫د‬SM ‫إذا‬ ‫ا‬ ‫ر‬ ‫أ‬: 1-‫ا‬ )‫ا‬ ‫ة‬ ‫ا‬ ‫د‬ ‫أي‬( 2-‫ا‬SM ---------------------------------2--------------------------------- ‫ا‬‫ه‬ ‫ات‬‫ا‬‫ا‬ ‫رات‬ ‫ا‬ Subnet Mask ‫ي‬ ‫وا‬ ‫ن‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬ *‫ال‬ ‫ا‬ ‫زم‬ ‫ت‬ ‫ا‬ ‫د‬)‫ا‬( Number of Subnets = 2y (default) Y = new SM -)‫ات‬ ‫ا‬ ‫ا‬ ‫د‬( old SM )‫ات‬ ‫ا‬ ‫ا‬ ‫د‬( new SM = Y + old SM ‫إذا‬ ‫ا‬ ‫ر‬ ‫أ‬: 1-‫ال‬SM 2-‫ت‬ ‫ا‬ ‫د‬ ---------------------------------3--------------------------------- 255.255.255.142 ‫ا‬ ‫ا‬ ‫درس‬ ‫ا‬ 192.7.8.70 ‫رات‬ ‫ا‬ Address ‫ن‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬ ‫درس‬ ‫ص‬ ‫ء‬ ‫أي‬ Block size (BS) = 256 – [ ‫د‬ ‫د‬ ‫أي‬0‫و‬255 ] :‫آ‬BS‫ة‬‫و‬octetIP.address‫آ‬ ‫أ‬octet‫درس‬ ‫ا‬‫وأ‬BS ‫أ‬ ‫ا‬BS‫د‬ ‫ا‬ ‫ه‬ ‫و‬‫ا‬‫د‬ ‫راح‬ ‫ا‬ ‫وه‬‫ادرس‬ ‫وورك‬ ‫ا‬ point-to-point ‫دا‬ /30 ‫إذا‬ ‫ا‬ ‫ر‬ ‫أ‬ 1-IP valid or not 2- valid rang 3-network address 4-broadcast ‫ن‬ ‫آ‬ ‫إذا‬SM‫ر‬0 & 255 ‫ة‬ ‫م‬BS‫ة‬ ‫ول‬ ‫ا‬ ‫ه‬ ‫م‬ Valid rangBroadcastNetwork address X.0.0.1 X.255.255.254 X.255.255.255X.0.0.0/8 X.Y.0.1 X.Y.255.254 X.Y.255.255X.Y.0.0/16 X.Y.Z.1 X.Y.Z.254 X.Y.Z.255X.Y.Z.0/24 ‫أآ‬ ‫ن‬ ‫آ‬ ‫إذا‬subnet mask‫ا‬)‫او‬ ‫ا‬(: VLSM Variable Length Subnet Nask ‫و‬ ‫ن‬ ‫آ‬ ‫إذا‬subnet mask‫ا‬)‫او‬ ‫ا‬(: Non VLSM *‫أآ‬ ‫ن‬ ‫آ‬ ‫وإذا‬subnet mask‫وأآ‬class==<DisContigous *‫أآ‬ ‫ن‬ ‫آ‬ ‫وإذا‬subnet mask‫و‬‫وا‬class==<Contigous Summarization Larger Network address – smaller Network address = …… ‫ل‬:‫أآ‬ ‫و‬IP 172.16.1.0/24 - 172.16.2.0/24 - 172.16.3.0/24 ‫ا‬ ‫ا‬ ‫ح‬ ‫أ‬ 28 27 26 25 24 23 22 21 20 256 128 64 32 16 8 4 2 1 172.16.3.0 172.16.1.0 ----------------- 020 0 1bit+8bit=9bits ‫آ‬ ‫ا‬ ‫ا‬ ‫ن‬ ‫وراح‬:sm=24-9=15 *‫ال‬Host ID‫و‬Net ID‫وال‬ ‫ا‬ ‫ل‬NET ID‫أ‬ ‫ز‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫د‬. *‫و‬ ‫آ‬ ‫ا‬ ‫أن‬ *‫درس‬ ‫ا‬ ‫أ‬ ‫ا‬ ‫ا‬ ‫إذا‬IP‫س‬ ‫آ‬ ‫أي‬ ‫وأ‬)‫ل‬octet‫ول‬ ‫ا‬.(
  9. 9. 2008||2012C C N A-9-@@@@ Chapter: 4 Cisco Router Router External component Internal component Interface LAN E F G 10G 10 100 1000 10000 WAN -serial (lease line/frame relay) - ISDN(BRI/PRI) -ATM(ATM) Config port -console - auxiliy Subnet subnet LAN LAN WAN WAN 1- mother board 2- Rom – Ram 3- Flash memory 4- NVRAM 5-Non Volition RAM 6- CPU 7-power supply # Internal component ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬ 1- ROM ‫آ‬ ‫ا‬ ‫أ‬)‫أ‬ ‫ي‬ ‫ا‬ ‫ا‬( a) store boot strap protocol & post b) Rommon ( Ram monitor ) for trouble shooting c) mini IOS 2- Flash memory :‫ن‬ ‫أ‬ - store IOS Image 3- RAM ‫ك‬ ‫ا‬2-‫ا‬ ‫ا‬‫ا‬ ‫دات‬ IOS :1- - store decompressed version of IOS Image - store running config 4- NVRAM ‫ة‬ ‫ذاآ‬ - store startup config # Tow type from config : 1- Running config ‫ل‬ ‫او‬ ‫ا‬ 2- start up ‫وا‬ boot up ‫و‬‫ال‬ Router Interface Routing table LAN WAN Config port Static Dynamic Routing Protocol Interior Exterior Distance Victor Link state Hybrid Ex: -RIP -IGRP Ex: -OSPF Ex: -EIGRP Ex: -BGP *‫ا‬ ‫ا‬ ‫م‬‫ا‬ ‫م‬‫ات‬ ‫و‬IOS [Internetwork Operating System]: ‫وأ‬:IOS image OR image ‫و‬Reinstall – upgrade *‫ا‬ ‫م‬ ‫اد‬ ‫ا‬:*.bin #‫او‬ ‫ا‬ ‫ق‬: ‫م‬‫ا‬‫إ‬ 1‫ام‬Console Session)‫أزرق‬ ‫آ‬(‫م‬‫او‬ ‫ا‬ ‫ن‬‫و‬ ‫ا‬ ‫ز‬ ‫ل‬ ‫ا‬ ‫ج‬ 2‫ام‬Auxiliary Session)‫أ‬ ‫آ‬‫د‬(‫او‬ ‫ا‬ ‫ن‬ ‫م‬‫راح‬ ‫ا‬ ‫ا‬ ‫ن‬ ‫آ‬ ‫ا‬config‫ا‬ ‫رج‬)‫ل‬ ‫ا‬ ‫ج‬( Aux‫ا‬ ‫آ‬console 3‫ام‬Telnet Session)‫او‬ ‫ا‬ ‫ن‬ ‫م‬IP‫ل‬ ‫أي‬Config
  10. 10. 2008||2012C C N A-10-@@@@ Method for config router CLI Command Line Interface SDM Security Device Manger Command GUI ‫او‬ ‫ا‬ ‫ات‬Boot up Router ‫ا‬ ‫ه‬‫او‬ ‫ا‬ ‫م‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬Boot strap ROM‫ال‬ ‫د‬ ‫ا‬ ‫وه‬1‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫او‬ ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫آ‬Run post [Power on self test]2 Load Image [IOS] flash3‫ا‬ ‫م‬ Decompress Image & store decompressed IOS into Ram4‫ام‬ ‫ا‬ ‫ن‬ ‫و‬ ‫ا‬ Display information from post program5‫ت‬ ‫ض‬ ‫ا‬start upLoad configuration content from NVRAM6‫ال‬config ‫ء‬NVRAM)‫او‬ ‫ا‬ ‫ن‬ ‫ي‬ ‫وه‬(‫راح‬ ‫ه‬setup mode *‫ام‬ ‫ا‬ ‫ر‬setup mode: 1-Basic management Extended setup 2- *‫دم‬DSL‫راو‬ ‫ي‬ ‫ه‬)‫دي‬( Any [pc] on the network and has IP Host [ client // server ] ‫م‬ ‫ا‬End user ‫ز‬ ‫ا‬End system Edge or interface port or router or hub [terminal]‫أو‬ Commands Router> Router>enable OR en ‫ا‬‫ا‬‫و‬ Router# User Mode Privileged Mode Router#disable ‫ا‬‫او‬ Router> You can go back from privileged mode into user mode by using the disable command. Router#config t ‫ل‬ ‫ا‬-‫م‬ Router(config)# Terminal (any changes save in DRAM ) Memory (any changes save in NVRAM ) Network (any changes save in TFTP or FTP Server) Router(config)#int f0/0 ‫ل‬ ‫ا‬-‫ص‬ Router(config-if)# Router(config-if)#exit ‫ا‬ ‫وج‬-‫ص‬ Router(config)#end OR ^Z ‫ا‬ ‫وج‬-‫م‬ Router# Int = interface , f= fastethernet Router#? ‫إذا‬‫م‬ ‫ا‬ ‫م‬ ‫ا‬ Router#conf ? ‫ب‬ ‫زر‬ ‫ا‬ ‫أ‬ ‫وف‬ ‫أر‬ ‫اآ‬TAB‫وراح‬ Editing and Help Features ‫إذا‬)Enter(‫ت‬ ‫ا‬ ‫إذا‬)Space(‫ت‬ ‫ا‬ Router#config t Router(config)#host yaser yaser(config)# "Hostname" Router(config)#banner motd $ (( motd= Message of the day)) Hello. This router for center control $ Banners‫روا‬ ‫ا‬ ‫آ‬ ‫و‬ ‫ه‬..‫و‬ ‫ء‬ ‫ا‬$‫ا‬ ‫ار‬ ‫ؤ‬Enter
  11. 11. 2008||2012C C N A-11-@@@@ Router#show run static route ‫أو‬ ‫وا‬ ‫ا‬ ‫ه‬ ‫اض‬ ‫وا‬ ‫ؤ‬-‫ل‬ ‫إد‬ ‫أو‬ ‫د‬ ‫ر‬ ‫و‬ Router(config)#do sh run Router#show history Router#sh start ‫أ‬ ‫أي‬SHOW‫ن‬ ‫زم‬Privileged Mode ‫و‬ ‫و‬ ‫وا‬ ‫ا‬ ‫ض‬Privileged Mode config ‫ض‬ ‫ا‬ ‫ا‬ ‫ه‬10‫أوا‬ ‫ال‬ ‫ت‬ ‫ض‬Config Router1#copy run satart Router2#copy run satart Router1#erase start Router2#erase start ‫ا‬ ‫ا‬ ‫ه‬‫ـ‬ ‫ا‬config‫او‬NV-RAM ‫زا‬ ‫ا‬ ‫ا‬ ‫ه‬Delete the startup-config Routr(config)#enable password RRRRR ‫رد‬ Routr(config)#enable secret RRRRR ‫رد‬ Routr(config)#NO enable password Routr(config)#NO enable secret 1-‫ي‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬‫ل‬User Mode ‫إ‬Privileged Mode‫ة‬ ‫أو‬ ‫ة‬ ‫ي‬ ‫ا‬ ‫ا‬ ‫زا‬NO‫ا‬ Routr(config)#line cons 0 // aux 0 // vty 0 4 (telnet )‫ه‬ ‫ة‬ ‫ا‬ ‫او‬ ‫ا‬ ‫ع‬ Routr(config-line)#pass RRRRR Routr(config-line)#login Routr(config-line)#exec-timeout 5 7 2-console‫و‬Auxiliary‫و‬telnet‫ل‬ ‫ا‬ ‫ا‬ ‫و‬ User Mode‫إ‬Privilege Mode‫ي‬ ‫ر‬ ‫راح‬ ‫ي‬ ‫ا‬ ‫ا‬ ‫ل‬ ‫اد‬ ‫و‬ ‫و‬ ‫و‬ 5=‫و‬ ‫د‬7=‫ا‬)0 0‫ا‬ ‫راح‬‫ا‬ ‫أ‬( Routr(config)#enable password RRRRR ‫رد‬ Routr(config)#enable secret RRRRR ‫رد‬ Routr(config)#NO enable password Routr(config)#NO enable secret ‫ل‬ ‫ي‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬User Mode ‫إ‬Privilege Mode‫أو‬ ‫ة‬‫ة‬ )‫و‬ ‫ه‬passwordPrivilege( ‫ي‬ ‫ا‬ ‫ا‬ ‫زا‬NO‫ا‬ Router#sh run Router(config)#service password-encryption Router(config)#no service password-encryption ‫اد‬ ‫ا‬ ‫ا‬ ‫م‬ ‫ر‬ ‫ا‬ ‫و‬ Encrypting Your Passwords (To cancel previous command) Router(config)#int f0/0 Router(config-if)#desc Sales Lan ‫رت‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫ي‬ ‫ه‬ ‫و‬ ‫و‬Descriptions [1] Router>en Router#conf t Router(config)#int f0/0 AND f0/1 Router(config-if)#no shut [2]Router(config-if)#ip add 10.10.10.100 255.255.255.0 To config any router interface you must do this steps: Interface configuration Add = address ‫او‬ ‫ا‬ ‫و‬ ‫ات‬ ‫ه‬ [3]Router(config)#int s0/0 Router(config-if)#no shut Router(config-if)#ip address 10.10.20.1 255.255.255.0 Router(config-if)#clock rate 64000 Serial Interface Commands ‫ا‬ ‫ن‬ ‫آ‬DTE‫ا‬ ‫ا‬)‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬( ‫ا‬ ‫ن‬ ‫آ‬DCE‫آ‬ ‫وا‬ ‫ا‬)‫ت‬ ‫ا‬( Data circuit equipment //// Data terminal equipment Router#ping 10.10.10.1 Router#sh int f0/0 ‫ا‬ ‫ت‬ ‫ض‬ Router#sh ip int Router#sh ip int brief Router#sh controllers serial 0/0 Router#sh ip route Verifying Your Configuration ‫ه‬ ‫ه‬ ‫ا‬ ‫ر‬‫؟‬ ‫أو‬ Up= ‫ا‬ ‫ء‬ ‫وا‬ ‫ا‬ ‫ال‬ ‫آ‬ ‫ض‬interface‫وه‬ ‫وه‬ip‫؟‬ ‫أو‬ ‫ض‬interface‫وه‬ ‫ه‬ip‫؟‬ ‫أو‬ ‫ه‬ ‫ه‬ ‫ا‬ ‫اض‬DCE or DTE ‫ال‬ ‫ض‬routing table Router(config)#int f0/0 Router(config-if)#ip address 10.10.1.100 255.255.255.0 Router(config-if)#no shut Router(config)#ip domain-name xp Router(config)#crypto key generate rsa general-keys modulus 1024 Router(config)# ip http server Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# username a privilege 15 password 0 a SDM you must configure ‫أردت‬ ‫إذا‬ ‫ي‬ ‫وا‬ ‫ا‬ ‫ه‬ ‫ا‬ http OR https ‫ف‬A‫و‬ ‫ور‬ ‫وآ‬ ‫م‬ ‫ا‬ ‫أي‬ ‫ه‬0
  12. 12. 2008||2012C C N A-12-@@@@ Chapter: 5/6 IP Routing DHCPIP‫أ‬ ‫ا‬DNS‫وا‬WINS RouterRouteRoutedRouting ‫ز‬ ‫ا‬‫ر‬ ‫ا‬‫آ‬ ‫ا‬‫ا‬‫ول‬ *route types:1- Static 2- Dynamic 1-Static ‫ات‬: 1-‫ه‬ ‫ت‬ ‫إ‬ ‫ذو‬ ‫راو‬ ‫ج‬2-‫أآ‬Security3-‫او‬ ‫ا‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ب‬: 1-‫ة‬ ‫ا‬ ‫ت‬2-‫ن‬ ‫إذا‬admin3-‫ل‬‫أآ‬ ‫ء‬ ‫أ‬ ‫راو‬ ‫ا‬‫راو‬ ‫وآ‬tow LAN ‫أو‬:Config‫ف‬ ‫ول‬ ‫ا‬ ‫او‬ ‫ا‬Subnet 3 and 4‫ا‬ ‫او‬ ‫ا‬ ‫دة‬ ‫ا‬ R1(config) #IP^route^10.10.3.0^255.255.255.0^10.10.5.2 R1(config) #IP^route^10.10.4.0^255.255.255.0^10.10.5.2 ً:Config‫او‬ ‫ا‬‫ا‬‫ف‬Subnet 1 and 2‫او‬ ‫ا‬ ‫دة‬ ‫ا‬‫ول‬ ‫ا‬ R1(config) #IP^route^10.10.1.0^255.255.255.0^10.10.5.1 R1(config) #IP^route^10.10.2.0^255.255.255.0^10.10.5.1 ‫أ‬ ‫ء‬ ‫و‬NO‫ا‬..‫آ‬ ‫و‬R1&2#sh^ip^routeC‫ه‬ ‫ا‬ ‫وه‬ Stub network = network has one exit interface ‫م‬ ‫ا‬Default Route‫ال‬ ‫ف‬ ‫أ‬ ‫أ‬ ‫و‬IP‫ى‬ ‫ا‬ R1(config)#IP^route^0.0.0.0^0.0.0.0^10.10.5.1 ‫ا‬ ‫او‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫و‬ Router#traceroute 10.10.3.1 ‫او‬ ‫ا‬ ‫ى‬ ‫ا‬ ‫ه‬ Router#tracert 10.10.3.1 ‫ا‬ ‫ى‬ ‫ا‬ ‫ه‬ Ping ‫ا‬ ‫ن‬ ‫ون‬ ‫أو‬ ‫ل‬ ‫ا‬ ‫د‬ ‫و‬ ‫أ‬ ‫ه‬ ‫ا‬ ‫ن‬ ‫ف‬ ‫و‬ ‫ل‬ ‫ا‬ ‫ن‬ ‫و‬ ‫ر‬ ‫ا‬ ‫ا‬ ‫ر‬ From recourse to destination 2-Dynamic ‫ت‬ ‫آ‬ ‫و‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ه‬ ‫ق‬ ‫ا‬ Routing protocol Routed protocol - ptotocol used for building routing protocol .. ex:RIP-EIGRP-OSPF ‫ال‬Forwarding table - protocol used for building packet hat need to be routed .. ex:TCP/IP-IPX/SPX-Apple talk ‫أ‬ ‫ا‬ ‫ه‬ “autonomous systems” (AS) ‫ا‬ ‫ا‬ -‫ال‬ ‫و‬ ‫و‬ ‫ا‬ ‫ة‬ ‫اء‬ ‫أ‬ ‫إ‬ ‫ات‬ ‫او‬ ‫ا‬ ‫رات‬ ‫ا‬ ‫ز‬ ‫و‬ ‫ه‬subneting‫ا‬ ‫إ‬ ‫ف‬ ‫آ‬ resource‫ا‬ ‫او‬ ‫ا‬‫و‬ ‫ام‬ -‫ر‬AS1‫إ‬65000 #(Interior) Intra-AS = AS ‫دا‬ #(Exterior)Inter-AS = AS -‫رج‬ Gateway router : Direct link to router in another AS
  13. 13. 2008||2012C C N A-13-@@@@ Routing table Static Dynamic Routing Protocol Interior Exterior Distance Victor Link state Hybrid Ex: -RIP -IGRP (for Cisco) Ex: -OSPF Ex: -EIGRP Ex: -BGP (for Cisco) Interior protocol [details] ‫دا‬ ‫ت‬ ‫آ‬ ‫و‬ Routing Protocol kind *AD **Num ***Algorithm ‫ت‬ RIP 120 Open 15 BellManford Small network Distance Vector IGRP 100 Cisco Only 255 BellManford Large network ‫د‬ ‫أ‬ ‫ا‬ ‫وه‬ Hybrid EIGRP 90 Cisco Only 255 Dual Large network Protocol RTP Link State ‫وا‬ ‫ول‬ ‫ا‬ ‫ط‬ OSPF 110 Open No limit Dijkstra Large network IS-IS *AD= administrative distance ‫ق‬ ‫ا‬ ‫ا‬ ‫او‬ ‫ا‬ ‫ال‬ ‫ف‬ ‫وي‬ ‫ن‬ ‫آ‬ ‫وإذا‬ ‫ا‬ ‫و‬cost ‫رة‬ ‫وه‬hop count **Max hop count ‫إ‬ ‫أن‬ ‫راو‬ ‫أ‬ ‫آ‬ *** Algorithm ‫ر‬ ‫ا‬ ‫ه‬ Best path selection ‫ء‬ack‫راح‬ ‫راو‬unicast‫او‬ ‫ا‬Protocol RTP: * Distance Vector Routing[RIP/IGRP]: 1. Max hop count 2. split horizon ‫ا‬ ‫ر‬ ‫إ‬ ‫ا‬ ‫ل‬ ‫إر‬ ‫ب‬ ‫ا‬ 3. Route poisoning ‫أو‬+1 4. holddown timers ‫ز‬ ‫ة‬ Convergence time ‫رب‬ ‫ا‬ ‫ز‬ ‫ء‬ ‫او‬ ‫ا‬ ‫ي‬ ‫ا‬ ‫ا‬Routing table [1] Routing Information Protocol (RIP) [Distance Vector] RIP v2RIP v1 Classless RoutingClassful Routing net add‫ون‬SM Support for VLSMNo support for VLSM ‫ا‬ ‫ا‬ ‫أي‬ Support for discontiguous networksNo support for discontiguous networks ‫ا‬ ‫ا‬ ‫أي‬)‫ا‬( Use broadcast or multicast-D‫س‬ ‫آ‬ ‫م‬Use broadcast contiguous discontiguous VLSM FIXED LENGTH SM VLSM Non VLSM
  14. 14. 2008||2012C C N A-14-@@@@ * RIP Timers types : 1. update timer: (30 seconds) ‫ر‬ ‫ت‬ ‫ز‬ ‫ة‬ ‫آ‬ 2. invalid timer: (180 seconds) ‫ا‬ ‫راح‬ ‫ة‬ ‫ه‬ ‫ل‬ ‫آ‬ 3. flush timer: (240 seconds) Routing table ‫ا‬ ‫إذا‬ ‫ا‬ ‫ه‬ ‫ا‬240‫راح‬ ‫آ‬ ‫ء‬ ‫و‬ 4. Holddown timer: (180 seconds) ‫ـ‬...... Configuring RIP Routing R1#config t R1(config)#router rip R1(config-router)#net^10.10.1.0 R1(config-router)# net^10.10.2.0 R1(config-router)# net^10.10.5.0 R1(config-router)#ver^2 R1(config-router)#^z == ‫ه‬ ‫ه‬> [control + z] R1# sh^IP^route R1#debug^IP^RIP ‫ا‬ ‫او‬ ‫ا‬ ‫ا‬ ‫و‬ ‫ا‬ ‫ر‬)‫ه‬ ‫ا‬ ‫وه‬( -:‫ا‬ ‫ا‬ ‫ا‬ ‫و‬ ‫او‬ ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫إ‬V2‫ا‬ ‫وا‬ ‫ا‬ ‫اص‬ ‫ا‬ ‫دة‬ V1 ‫و‬ ‫ا‬ ‫آ‬ ‫ا‬ passive-interface Router#config t Router(config)#router rip Router(config-router)#network 192.168.10.0 Router(config-router)#passive-interface s0/0 [2] Interior Gateway Routing Protocol [IGRP] [Distance Vector] ‫ت‬ ‫آ‬EIGRP‫و‬IGRPً ‫د‬ ‫أ‬ ‫ا‬ ‫وه‬ IGRP Classful Routing No support VLSM No support discontiguous networks Uses an autonomous system number ‫ف‬ ‫ا‬ ‫ن‬ AS ‫ر‬ ‫ن‬ ‫زم‬ Use broadcast Cisco * IGRP Timers types : 5. update timer: (90 seconds) 6. invalid timer: (270 seconds) 7. flush timer: (630 seconds) 8. Holddown timer: (280 seconds) Configuring IGRP Routing R1#config t R1(config)#router igrp 10 R1(config-router)#net 10.10.1.0 R1(config-router)#net 10.10.2.0 R1(config-router)#net 10.10.5.0 R1(config)# no router igrp 10 show ip protocols ‫أي‬ ‫ض‬‫او‬ ‫ا‬ ‫دا‬ ‫ل‬ ‫ل‬ ‫آ‬ ‫و‬ debug ip igrp events ‫وأر‬ ‫أ‬ ‫ا‬ ‫آ‬ ‫ا‬ debug ip igrp transactions ‫ا‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ث‬ ‫ا‬ ‫اث‬ ‫ا‬ same RIP with one important difference: you use an autonomous system(AS) number (Here10) . -‫م‬ ‫و‬‫ا‬ ‫او‬ ‫ا‬ ‫ات‬ ‫ا‬ To Delete routing table built by IGRP
  15. 15. 2008||2012C C N A-15-@@@@ [3] Enhanced Interior Gateway Routing Protocol [EIGRP][ Hybrid] *‫ا‬ ‫ت‬ ‫آ‬ ‫و‬ ‫ا‬‫ا‬)TCP/IP - IPX/SPX - APPLE TALK(‫ا‬EIGRP EIGRP Classless Routing support VLSM support discontiguous networks Uses an autonomous system number Cisco Communication via Reliable Transport Protocol (RTP) * Build three table : 1- Neighbor table ‫ات‬ ‫او‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ف‬ ‫او‬ ‫ا‬ ‫أن‬ ‫وه‬ 2- Topology table ‫ه‬‫ه‬ ‫ا‬ ‫ر‬ ‫وا‬ ‫ان‬ ‫ا‬ ‫ت‬ 3- Routing table ‫او‬ ‫رات‬ ‫ا‬ ‫أ‬ ‫و‬ ‫ء‬ ‫ه‬ ‫ر‬ ‫وأ‬successor route‫و‬‫أ‬‫ر‬Feasible successor Load Balance: ‫ا‬ ‫رات‬ ‫ت‬ ‫ا‬ ‫و‬ ‫ل‬ ‫ا‬ ‫ز‬ Configuring EIGRP Routing • Configuring Discontiguous Networks R1(config)#router eigrp 100 ‫ر‬ ‫أي‬ ‫و‬ ‫و‬255 AS ‫ر‬ ‫ه‬ ‫ا‬ R1(config-router)#net 10.10.1.0 R1(config-router)#net 10.10.2.0 R1(config-router)#net 10.10.5.0 R1 (config-router)#no auto-summary • To make manual summarization Router(config)#int s0/0 Router(config-if)#ip summary-address eigrp 10 192.168.10.64 255.255.255.224 ‫و‬ ‫ي‬ ‫و‬ ‫ر‬ ‫ا‬ ‫او‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫و‬ ‫ا‬ ‫ا‬ ‫آ‬EIGRP‫و‬discontiguous ‫م‬ ‫راح‬Auto summarization‫و‬ ‫أ‬ ‫إ‬ ‫ا‬IP :10.10.1.0 ==‫ا‬8/ 172.16.0.0 == ‫ا‬24/ ‫أآ‬ ‫أ‬ ‫ن‬ ‫و‬no... show ip route Shows the entire routing table show ip route eigrp EIGRP‫ب‬ ‫ا‬ ‫ق‬ ‫ا‬ ‫ض‬ Shows only EIGRP entries in the routing table show ip eigrp neighbors neighbor ‫ض‬ Shows all EIGRP neighbors show ip eigrp topology Topology table ‫ض‬ Shows entries in the EIGRP topology table *‫ال‬Auto summary‫ن‬discontiguos‫ف‬ ‫ا‬ ‫وه‬subnetmask [4] Open Shortest Path First [OSPF] [Link State] OSPF Classless Routing support VLSM support discontiguous networks Uses an autonomous system number Area ‫و‬‫ة‬ ‫ات‬ ‫وو‬ ‫م‬ ‫أ‬ ‫إ‬ ‫و‬Back bone‫وه‬Area 0-‫ا‬ ‫أه‬ ‫و‬ ‫ي‬ ‫ا‬ ‫د‬ ‫ا‬Convergence time Support IP only. Manual Summarization. Use Wild mask [inverse sm] [Wild card mask] ‫و‬ ‫ر‬ ‫أ‬ ‫إ‬ ‫ات‬ ‫ا‬ ‫ا‬ ‫وه‬‫وا‬ ‫إ‬ ‫ر‬ ‫ا‬‫ات‬
  16. 16. 2008||2012C C N A-16-@@@@ *:‫ال‬OSPF‫م‬Wild Mask‫م‬ ‫و‬Subnet mask *config OSPF‫ن‬ ‫زم‬area 0‫و‬Backbone *S3 [AD/cost] ‫ب‬Wild Mask‫ة‬...: /28 255.255.255.240 255.255.255.255 -------------------- 0 . 0 . 0 . 15 * Build three table : 1- Neighbor table 2- Topology table 3- Routing table 100,000 Cost (metric) = ‫ـــــــــــــــــــــــــــــ‬ BW [kilo] ‫أ‬IP]Identification[.is the highest IP address used to identify the router:)RID(Router ID .is an interface on a routerLink Link-State: the status of link between two routers ‫ا‬ .)topological database(atabasestate d-Link Area: ‫ا‬ ‫دل‬ ‫و‬ AS ‫ء‬ Routing table: ‫رات‬ ‫ا‬ ‫أ‬‫او‬ ‫ا‬ Adjacencies router : DR and BDR ‫و‬ ‫ا‬ ‫ات‬ ‫او‬ ‫او‬ ‫ا‬ neighbor router ‫ال‬ Designated router (DR) : ‫ا‬ backup designated router (BDR): ‫ا‬ )‫و‬ ‫ا‬ ‫ه‬ ‫ده‬ ‫و‬ ‫ف‬ ‫ا‬(‫ب‬ ‫ا‬ ‫ق‬DR‫و‬BDRDR election based on:# 1- Priority [highest] ‫ن‬ ‫ا‬1‫او‬ ‫ا‬)‫أه‬ ‫أ‬=255( 2- RID [highest] ‫او‬ ‫ا‬ IP ‫أ‬ ‫ات‬ ‫او‬ ‫ا‬ ‫و‬)‫ا‬(DRouter Point-to-Point‫ب‬ ‫ا‬DR‫و‬BDR DR & BDR ‫ب‬ ‫ا‬ ‫ن‬ - Multiaccess Broadcast Net [ Ethernet : ] - Multiaccess NonBroadcast Net [ Frame Relay : ] Configuring OSPF Routing R1#config t R1(config)#router ospf 1 R1(config-router)#net 10.10.1.0^0.0.0.255 area 0 R1(config-router)#net 10.10.2.0^0.0.0.255 area 0 R1(config-router)#net 10.10.5.0^0.0.0.255 area 0 * To change priority Router(config)#int s0/0 Router(config-if)#ip ospf priority 2 ‫وا‬ ‫ر‬=‫او‬ ‫ا‬Process ID [local]‫أ‬ ‫ا‬ ‫او‬ ‫ا‬ ‫و‬2 ‫و‬ ‫ه‬wild Mask‫أ‬ ‫ر‬ ‫أ‬ ‫إن‬ ‫و‬ospf‫أآ‬config -‫ا‬ ‫او‬ ‫ا‬ ‫ادات‬ ‫ا‬ ‫ي‬ Priority‫ول‬ ‫ا‬ ‫ه‬ ‫ى‬ ‫ا‬ ‫او‬ ‫ا‬DR
  17. 17. 2008||2012C C N A-17-@@@@ show ip route ‫أ‬ ‫ن‬‫او‬ ‫ا‬ ‫آ‬ ‫إذا‬ ‫إ‬ ‫أ‬ ‫ر‬ ‫أ‬ ‫و‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫ق‬ ‫ا‬ ‫ف‬ Shows the entire routing table show ip ospf Display OSPF information for one or all OSPF processes running on the router. show ip ospf database the number of links and the neighboring router’s ID show ip ospf interface Displays all interface-related OSPF information. Loop back Interfaces *‫ال‬RID‫أ‬IP *shot downIP‫راح‬ ‫ه‬ ‫و‬ ‫راح‬config‫ر‬ ‫راح‬ ‫ا‬ ‫وه‬ ‫أ‬ ، ‫ا‬IPlogical IP‫ا‬ ‫ء‬ ‫ا‬ ‫ا‬. Loopback interfaces are logical interfaces ‫أ‬Logical IP‫ا‬ ‫ء‬ ‫أ‬Physical IP ‫أ‬ ‫أ‬Logical IP‫أ‬ ‫وإذا‬Physical IP Configuring Loop back Interfaces R1(config)#int loopback 0 R1(config-if)#ip address 172.16.10.1 255.255.255.255 R1(config-if)#no shut
  18. 18. 2008||2012C C N A-18-@@@@ Chapter: 7 Managing Traffic with Access Control Lists [ACL] ACLR C1 permit HTTP C2 permit SMTP C3 deny FTP ‫آ‬ ‫ا‬ ‫اء‬ ‫ا‬action ‫آ‬ ‫ا‬ ‫اع‬ ‫أ‬action deny‫ح‬permit ً: R1 [OK] HTTP R2 [NO] FTP implicit deny ‫وف‬ ‫ء‬ ‫ء‬ ً:TELNET‫ا‬ ‫ا‬ ‫ن‬ A C L -‫و‬ ‫وا‬ ‫ل‬ ‫ا‬ ‫و‬ ‫وج‬ ‫ا‬ ‫أو‬ ‫ل‬ ‫ا‬ ‫أر‬ ‫أ‬ ً ‫أو‬‫ج‬. -‫ة‬:‫أآ‬ ‫ءت‬ACL‫و‬ ‫ف‬. Types of access lists [ACL] Named ‫ر‬ ‫و‬ ‫ا‬ ‫أ‬ ‫ق‬ ‫ا‬ ‫ه‬ BlockSales ExtendedStandard ExtendedStandard -choose from rang ‫ر‬ ‫أ‬ ‫زم‬ 100-199 or 2000-2699 - Conditions based on: 1) Action ( deny or permit) 2) Transport protocol(TCP or UDP) (if any packet made by app protocol ‫ا‬ ‫ل‬ ‫ل‬ ‫آ‬ ‫و‬ ) 3)Source address (Host-Subnet-Any) 4)destination address (Host-Subnet-Any) 5)Application protocol that built packet -choose from rang ‫ر‬ ‫أ‬ ‫زم‬ 1-99 or 1900-1999 - Conditions based on: 1) Action ( deny or permit) 2) Source address of packet: 0Host(single IP) 0Subnet(many IP) 0Any [1] Standard access lists [ACL] Conditions )‫ه‬ ‫ن‬ ‫ه‬ ‫ا‬ ‫وط‬ ‫ا‬( : - source address - action ( permit or deny ) Source Host Subnet Any
  19. 19. 2008||2012C C N A-19-@@@@ Configuring Standard [ACL] [1] Create conditions , Determine specific IP Router(config)#access-list 10 deny host 172.16.30.2 ‫وا‬ ‫ز‬ OR Router(config)#access-list 10 deny 0.0.0.0 172.16.30.2 Determine any packet Lab_A(config)#access-list 10 permit any ‫ق‬ ‫وط‬ ‫ا‬ ‫ا‬ ‫ي‬ ‫ا‬ OR Lab_A(config)#access-list 10 permit 0.0.0.0 255.255.255.255 Lab_A(config)#access-list 10 deny 172.16.30.2 0.0.0.255 ‫آ‬ ‫آ‬ ‫ا‬ ‫أ‬ ً ‫دا‬ACL‫ل‬ ‫ا‬ ‫ن‬Dest[2] Assign ACL on interface Router(config)#int f0/0 Router(config-if)#ip access-group 10 out * Controlling VTY (Telnet) Access Lab_A(config)#access-list 50 permit host 172.16.10.3 telnet ‫م‬ ‫إ‬ ‫ا‬ ‫وا‬ ‫ح‬ Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 50 in R(config)#no access-list 10 or 50 'which number you chose it' Any ==> 0.0.0.0 255.255.255.255 Host 0.0.0.0 ‫آ‬ ‫أي‬ ‫ه‬ ‫ه‬ ‫وا‬ ‫ط‬‫ا‬ ‫ه‬ ‫ا‬172.16.30.2 ‫ه‬wide mask make the dest OUT ‫ه‬ ‫ه‬ ‫ا‬out ‫ا‬ R (config-if)#ip access-group 10 IN ‫ة‬in‫ة‬ ‫و‬out ‫ء‬ ‫إ‬‫ال‬ACL *‫ا‬ ‫ي‬ ‫ا‬ ‫ل‬: 1-‫ا‬ ‫د‬ ‫إ‬‫ك‬BS 2-Network address‫و‬Broadcast 3-‫ج‬ ‫و‬)wide mask( 4–‫آ‬ ‫ا‬ ‫ن‬:R (config)#access-list 10 deny 172.16.30.0 0.0.0.0 ‫ال‬IP‫ن‬ ‫ول‬ ‫ا‬Network address‫ال‬ ‫ن‬ ‫وا‬wide mask [2] Extended access lists [ACL] * Extended ACL: 1- source 2- destination 3-protocol[packet type] 4-action ‫ه‬ ‫ة‬ -Assign ACL on source interface and make the direction IN ‫ل‬1: action source dest Protocol Telnet R(config)#access-list 110 deny TCP any 172.16.1.0 0.0.0.255 eq 23 ‫ل‬ ‫آ‬ ‫و‬ ‫ن‬ ‫آ‬ ‫إذا‬ ‫ا‬ ‫ه‬ ‫م‬APP layerTCP HTTP/TELNET/FTP/SMTP ‫ال‬ ‫ن‬ ‫آ‬IPAPP layer‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ع‬ ‫أآ‬ ‫ج‬TCP/UDP :‫إ‬ ‫ل‬ ‫ا‬ ‫ع‬ ‫ز‬ ‫آ‬desAny DestSource AnySubnetHostAnySubnetHost ‫ز‬ ‫أي‬subnetSingle IP ‫وا‬ ‫ز‬ ‫ل‬2: R(config)#access-list 110 deny TCP host 10.10.1.1 host 10.10.2.50 eq FTP ‫ا‬ ‫ا‬ ‫ه‬ ‫أ‬ ‫ا‬ R(config)#access-list 110 permit IP any any Configuring Extended [ACL] [1] Create conditions Lab_A(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23 Lab_A(config)#access-list 110 permit ip any any [2]Assign ACL on interface ‫ا‬ ‫وه‬ ‫ا‬ ‫ا‬ Router(config)#int f0/0 ‫رس‬ ‫ا‬==< Router(config-if)#ip access-group 110 in
  20. 20. 2008||2012C C N A-20-@@@@ [3] Named access lists [ACL] Configuring Named [ACL] * To create named access list: - [1] Create ACL Lab_A(config)#ip access-list standard BlockSales [2] Create conditions Lab_A(config-std-nacl)#deny 172.16.40.0^0.0.0.255 ‫ة‬ ‫ط‬ ‫ا‬ ‫ا‬ Lab_A(config-std-nacl)#permit any [3] Assign ACL to interface Lab_A(config)#int e1 Lab_A(config-if)#ip access-group BlockSales out Time-Based ACLs ‫ت‬ ‫أو‬ ‫وط‬ ‫ا‬ ‫أ‬ ‫آ‬ [1] create a period Router(config)#time-range no-http ‫ا‬ ‫ل‬ ‫ء‬ ‫وض‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫ه‬ Router(config-time-range)#periodic weekend 06:00 to 12:00 ‫ء‬ ‫ا‬ ‫وا‬ ‫ح‬ ‫ا‬ ‫ه‬ ‫ول‬ ‫ا‬ [2] attach the created period to ACL Router(config)#ip access-list extended Time ‫ا‬ Router(config-ext-nacl)#deny tcp any any eq www time-range no-http [3] Assign ACL on interface Router(config-ext-nacl)#interface f0/0 Router(config-if)#ip access-group Time in Remarks ** Uses in Extended ACL R(config)#access-list 110 remark Permit Bob from Sales Only To Finance ‫ا‬-‫ء‬ ‫أي‬ R(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255 R(config)#access-list 110 permit ip any any ** Uses in Named ACL R(config)#ip access-list extended No_Telnet R(config-ext-nacl)#remark Deny all of Sales from Telnetting to Marketing ‫ء‬ ‫أي‬ R(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.40.0 0.0.0.255 eq 23 Switch Port ACLs [1] Create conditions S1(config)#mac access-list extended My_MAC_List ‫ا‬ S1(config-ext-macl)#deny any host 000d.29bd.4b85 ‫ا‬ ‫ر‬‫ك‬ S1(config-ext-macl)#permit any any [2] Assign ACL on port S1(config-ext-macl)#int f0/6 S1(config-if)#mac access-group My_MAC_List in R#show access-list ip/ipx/apple ‫ـ‬ ً‫ا‬‫اء‬ ‫او‬ ‫ا‬ ‫ا‬ ACL ‫آ‬ ‫ض‬ R#show access-list 110 ‫ا‬110 ACL ‫ض‬ R#show ip access-list IP ‫ا‬ACL ‫ض‬ ‫آ‬ ‫ض‬‫ء‬interface‫ن‬ ‫آ‬ ‫وإذا‬ACL‫أو‬R#show ip interface R#show running-config ‫ء‬ ‫آ‬ R#Show mac access-group MAC ‫ا‬ACL ‫ض‬ named Exten‫ا‬ ‫ل‬ ‫ط‬ ‫ا‬ 1-Standard to Extended 2- ‫إ‬ ‫وإ‬ ‫ا‬ ‫ط‬ ‫ا‬ ‫ل‬ ‫أ‬ deny tcp 10.10.1.0^0.0.0.255 host 10.10.2.2 eq ftp permit ip any any 3- out to in named Weekend‫او‬ ‫ا‬ ‫وف‬ ‫ا‬ www or 80 or HTTP ‫م‬ ‫ا‬: Saturdays sundays ‫ت‬ ‫ا‬ ‫ف‬ ‫ا‬ ‫ت‬ ‫ي‬ [ACL]‫وش‬ Remark‫دة‬Ext & named ACL ‫ا‬ ‫ى‬ ‫ا‬ ‫ه‬subnet host OR any ‫ال‬ ‫ه‬ipmac ‫دا‬any‫أ‬ ‫راح‬ ‫إ‬ACL‫آ‬ ‫ال‬ ‫م‬ ‫ا‬ ‫ي‬ ‫وه‬range S1(config-ext-macl)#int range f0/6-10
  21. 21. 2008||2012C C N A-21-@@@@ Chapter: 8 Managing Cisco IOS Software This things we will learn it in this chapter : ‫ا‬ ‫ا‬ ‫ه‬ ‫راح‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫ه‬ 1- Password Recovery 2- Back up IOS 3- Restore IOS 4- Upgrade IOS 5- Back up [ for config ] 6- Restore [ for config ] 7- CDP [ protocol ] * Router Boot Sequence: 1- The router performs a POST. 2- The bootstrap looks for and loads the Cisco IOS software 3- The IOS software looks for a valid configuration file stored in NVRAM 4- If a startup-config file is in NVRAM, the router will load and run this file Configuration register * It is 16-bit software register that’s written into NVRAM * configuration setting on Cisco routers is 0X2102 This default ‫ا‬0x‫ـ‬ ‫ب‬ ‫ن‬Hexadecimal‫ر‬ ‫آ‬ ‫ن‬ ‫و‬4‫آ‬=16 * Notice that bit 6 can be used to ignore the NVRAM contents. If it is enabled. Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Binary 0 0 2 0 0 0 0 1 0 0 0 0 0 0 1 0 Config Register 2 1 0 1 Here the important thing for me the bit number 6 if was: 0 load NVRAM content [start up config] ‫رد‬ ‫ي‬ 1 Ignore NVRAM content ‫رد‬ ‫ا‬–‫ه‬ ‫ي‬ ‫ا‬ ‫و‬OS 2142‫م‬:Here are the main steps to password recovery: To know the value of config Register , use this commend : R#sh ver [1] R> ‫ا‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫آ‬ ‫ن‬ ‫او‬ ‫ا‬ ‫أ‬ ‫ا‬ ‫رد‬ ‫ا‬ ‫و‬ ‫ه‬)‫او‬ ‫ا‬ ‫وأ‬ ‫ء‬ ‫أ‬(‫أ‬ ‫ة‬ ‫و‬Ctrl+Pause/Break‫ا‬ ‫ا‬ ‫ن‬: rommon 1 > [2] Changing the Configuration Register to ignore NVRAM contents rommon 1 > confreg 0x2142 [3] Reloading the Router and Entering Privileged Mode by this command 2142‫ي‬ ‫أ‬ ‫أو‬ ‫او‬ ‫ا‬ ‫وأ‬ ‫ء‬ ‫أ‬ ‫زم‬resetrommon 1 > reset The router will reload and ask if you want to use setup mode answer NO. R>en [4] Copy startup-config to running-config in Privileged Mode by using this command R#copy start run config ‫ال‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫أ‬ >>>>>>>>>>>>>>>> [5] Change password by setting new password Router#conf t Router(config)#enable secret kkkk [6] Change the value of configuration register to enable NVRAM contents Router(config)#config-register 0x2102 privilege mode config register ‫ال‬ [7] Save your work ‫ا‬ Router#copy run start [8] Reload router to activate changing of configuration register Router#reload ‫ر‬ ‫ا‬ ‫ا‬6‫وا‬ ‫ا‬ ‫إ‬ ‫ي‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫و‬ ‫م‬ ‫ا‬ ‫ا‬ ‫ن‬ ‫او‬ ‫ا‬ ‫أ‬ ‫ا‬ ‫ا‬ rommon 1 > ‫و‬rom monitor runstart Old new ‫ال‬restrommon ‫وال‬reloadprivilege mode
  22. 22. 2008||2012C C N A-22-@@@@ WINDOWS ‫ف‬ ‫ر‬ ‫و‬ ‫و‬ UDP TFTP ‫ا‬ ‫ه‬v12 FTP HTTP WINDOWS ‫ف‬ ‫ر‬ ‫و‬ ‫و‬ TCP HTTPs Backing Up the Cisco IOS ** To back up the Cisco IOS to a TFTP server, you use this command R#copy flash FTP ‫ل‬ ‫ا‬ ‫إ‬ ‫ر‬ ‫ا‬ OR R#copy flash TFTP ‫ا‬ ‫ه‬ ‫أ‬ ‫ر‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫ش‬ ‫ا‬ ‫ا‬ ‫راح‬ ‫ا‬ ‫ا‬ ‫ا‬)‫ا‬(‫أو‬ ‫ا‬ ‫ه‬ ‫ا‬ ‫آ‬ ‫و‬ ‫ا‬ ‫م‬ ‫ي‬ ‫ا‬ ‫ه‬ ‫زك‬ ‫ا‬ ‫وراح‬ ‫ا‬ ‫م‬ ‫راح‬ ‫ه‬ ‫ا‬Inetpub * To know the name of the IOS image , use this command : R#sh flash ‫ع‬ ‫وا‬ ‫وا‬ ‫ة‬ ‫ا‬ ‫وا‬ ‫ش‬ ‫ا‬ ‫ا‬ or R#sh ver ‫ا‬‫ش‬ ً ‫آ‬ ‫ام‬ or R#dir flash: ‫ا‬ ‫ف‬ ‫وأ‬image‫اده‬ ‫ا‬ ‫ن‬----.bin restor‫ع‬ ‫ا‬R#copy FTP flash Router#ping FTP_server * IOS file system Router#show file info flash:c1841.bin Router#delete flash:c1841.bin Router#pwd ‫ا‬‫ا‬ ‫أ‬ ‫ا‬ ‫ري‬ ‫آ‬ ‫ا‬ 1-‫وز‬ ‫ا‬ ‫ه‬ ‫ة‬ ‫أول‬FTP‫ل‬ ‫إ‬ ‫ا‬/‫ت‬ ‫ا‬ ‫ا‬ ‫إزا‬ IIS=>internet info service ‫دة‬ ‫ا‬ ‫وا‬ ‫ا‬ ‫م‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫وس‬ ‫ا‬ ‫أآ‬config‫ه‬NVRAM 1-‫ر‬ ‫د‬ ‫و‬ ‫آ‬ ‫أ‬ 2-‫آ‬ ‫أ‬FTP ‫ه‬ ‫ا‬ ‫م‬ ‫اد‬ ‫ا‬----.bin ** To copy the router’s configuration from a router to a FTP server Router#copy run FTP ‫ق‬ ‫و‬ ‫ن‬ ‫ا‬ ‫ه‬ or Router#copy start FTP ** Copying the Current Configuration to NVRAM Router#copy run start ** If you did copy the router’s configuration to a TFTP server as a second backup, you can restore the configuration Router#copy TFTP run or ftp ‫ي‬ ‫أ‬backupconfig ‫أ‬‫اع‬config 1- start 2- run ‫ال‬ ‫ع‬ ‫إر‬config
  23. 23. 2008||2012C C N A-23-@@@@ Cisco Discovery Protocol (CDP) [L2] -‫راح‬ ‫ن‬ ، ‫ت‬ ‫و‬ ‫ات‬ ‫راو‬ ‫ل‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ه‬. -‫و‬:‫و‬ ، ‫ا‬ ‫إ‬ ‫آ‬ ‫راو‬ ‫آ‬ ‫إن‬‫و‬ ‫آ‬ ‫ا‬L3 Troubleshooting how often CDP packets are transmitted to all active interfaces. CDP timer ‫ر‬ ‫ز‬ ‫ة‬ ‫آ‬ ‫ت‬ ‫أو‬ ‫ات‬ ‫راو‬ ‫ا‬ ‫و‬ the amount of time that the device will hold packets received from neighbor devices. CDP holdtime ‫و‬ ‫ز‬ ‫ة‬)‫ر‬ ‫ا‬ ‫د‬ ‫ا‬ ‫ا‬ ‫وه‬( ‫ه‬ ‫ل‬ ‫دة‬ ‫ة‬ ‫ر‬ ‫ه‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫ا‬ Configuration Router#sh cdp ** Use the global commands cdp holdtime and cdp timer to configure the CDP holdtime and timer on a router: Router(config)#cdp timer 90 ‫آ‬ ‫م‬ ‫إ‬ ‫ا‬ ‫ا‬60‫أر‬ ‫آ‬ ‫ا‬ ‫و‬ Router(config)#cdp holdtime 240 ‫آ‬ ‫م‬ ‫إ‬ ‫ا‬ ‫ا‬180‫أر‬ ‫آ‬ ‫ا‬ ‫و‬ ** Gathering Neighbor Information by using this command Router#sh cdp nei detail ‫ا‬ ‫ض‬ ** Gathering Interface Traffic Information including the number of CDP packets sent and received and the errors with CDP. Router#sh cdp traffic ‫ا‬ ‫وآ‬ ‫أر‬ ‫آ‬ ‫ض‬ ** Gathering Port and Interface Information including CDP status on router interfaces or switch ports. Router#sh cdp interface CDP ‫ا‬ ** To turn off CDP on one interface on a router, Router(config)#int s0 ‫وأ‬ ‫او‬ ‫ا‬ ‫أد‬ ‫ا‬ ‫أ‬ ‫إذا‬ Router(config-if)#no cdp enable
  24. 24. 2008||2012C C N A-24-@@@@ Chapter: 9 Switching Layer2 ‫ال‬Mac address‫ن‬48bits=<=hexadecimal * Three Switch Functions at Layer 2: 1. Address learning MAC table ‫ء‬ ‫ه‬ 2. Forward[if Destination known‫وف‬ ]/filter[if Destination unknown‫وف‬ ] source ‫س‬ ‫ا‬ ‫ا‬ ‫ا‬)‫ر‬ ‫ا‬( Broadcast ‫ي‬ 3. Loop avoidance (Broadcast storm) -‫آ‬):multi-link( -‫ا‬IP‫وا‬ ‫ب‬ ‫ا‬ ‫ل‬ ‫آ‬* Spanning Tree Protocol (STP) : ‫ب‬ ‫ا‬ ‫ه‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ة‬ ‫ا‬loop avoidance‫ا‬ ‫ا‬layer2 1-‫د‬ ‫و‬ ‫ه‬ ‫ا‬multi-link‫وا‬ ‫ر‬ ‫وأ‬ ‫رات‬ ‫ا‬ ‫أ‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬single link‫ي‬ ‫وه‬logical 2-‫ر‬ ‫ا‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫م‬closed path‫إ‬open path * STP steps ‫ات‬‫ا‬‫ب‬‫وا‬ : 1- elect(‫ب‬ ‫)ا‬ Root Bridge (switch) based on : a) priority [less] ‫ر‬ ‫أ‬‫أ‬‫أه‬)‫ا‬ ‫ا‬ ‫ه‬ ‫ا‬ ‫ر‬‫ه‬ ‫ت‬32,768( b) Bridge ID (BID) MAC address [less] ‫ر‬ ‫أ‬ ‫ر‬ ‫أ‬ ‫ا‬ ‫وا‬ ‫ت‬ ‫ا‬Non-RB‫ـ‬ ‫ا‬ ‫ر‬ ‫ا‬ ‫ن‬DP: a) priority ‫ء‬ ‫أ‬)‫ت‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ا‬ ‫ر‬‫ه‬32,768( b) BID (MAC ‫ء‬ ‫أ‬)‫ـ‬ ‫ا‬ ‫د‬ ‫ا‬ ‫ه‬ 2- All ports on (Root Bridge) become [(designated port) [Forward Port] ‫رت‬ ‫روورد‬ ‫ج‬ ‫وت‬ ‫ا‬ ‫ت‬ ‫ر‬ ‫ا‬ ‫آ‬ 3- Remaining Bridge[sw] become [Non-Root Bridge] ‫ت‬ ‫ر‬ ‫ا‬‫ا‬ ‫ت‬ ‫ا‬Non-Root Bridge 4-For each Non-Root Bridge only one Root Port ‫ت‬ ‫ا‬Non-RB‫ج‬ ‫روت‬ ‫ن‬ ‫ا‬ ‫وه‬ ‫وا‬ ‫رت‬ ‫روت‬)‫ا‬ ‫ب‬ ‫ا‬( #‫أآ‬ ‫ي‬ ‫إذا‬multi-link‫م‬STP‫وا‬ ‫رت‬ ‫روت‬ ‫ر‬‫آ‬ ‫ن‬ ‫ر‬ ‫ا‬ ‫و‬ ‫ت‬ ‫ا‬: a) cost ‫ا‬ ‫ر‬ ‫وى‬ ‫وإذا‬ ‫ء‬ ‫أ‬ ‫ر‬ ‫أ‬ Speed Cost 2 10G 4 G 19 F 100 E ‫م‬ ‫ر‬ ‫ا‬ ‫ه‬ ‫ن‬ b) Port number ‫ء‬ ‫أ‬ ‫ر‬ ‫أ‬ ‫ا‬ ‫ب‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫ر‬ ‫ه‬ ‫ا‬f0/0 or f0/2 or f0/3 5- For each segment only one Designated Port [Forward Port] ‫ـ‬ ‫د‬ ‫ا‬segment‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ه‬ ‫ن‬ ‫ا‬ ‫ا‬RB‫ه‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫ا‬ ‫ن‬DP‫ا‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫وا‬RP‫رت‬ ‫ي‬ ‫و‬DP‫و‬RP‫ي‬ ‫راح‬ block ‫ت‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ا‬ ‫ا‬BPDU: Bridge Protocol Data Unit
  25. 25. 2008||2012C C N A-25-@@@@ ‫أ‬ ‫أ‬[STP]Spanning-Tree Port States 1- Blocking 2- Forwarding Configuring Cisco Catalyst Switches *** Setting the Passwords Switch(config)#enable password todd -----> non Encrypted Switch(config)#enable secret todd -----> Encrypted *** Setting the Hostname Switch(config)#host S2950 *** Port Security Switch(config)#int f0/1 Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security violation shutdown ‫ز‬ ‫ا‬==<MAC Address -‫آ‬ ‫اآ‬ ‫أو‬ ‫ك‬ ‫ا‬ ‫أ‬ ‫ه‬sticky‫و‬sticky‫ك‬ ‫ا‬ ‫ف‬ ‫ا‬ ‫ه‬ -‫د‬‫ـ‬ ‫ح‬ ‫ا‬ ‫ة‬ ‫ا‬MAC Address -‫ا‬ ‫ا‬ ‫ه‬ ‫راح‬ ‫ا‬ ‫ك‬ ‫ا‬ ‫ات‬ ‫د‬ ‫زاد‬)‫أ‬ ‫أ‬(‫ز‬ ‫ا‬ ‫ء‬ ‫إ‬ ‫وه‬ S(config)#int range f0/1–5 ‫ي‬ ‫إذا‬Security‫رت‬ ‫رت‬ ‫ال‬ ‫ت‬ ‫ر‬ ‫ا‬ *** Setting IP Information S2950#config t S2950(config)#int vlan1 S2950(config-if)#ip address 172.16.10.17 255.255.255.0 S2950(config-if)#no shut S2950(config-if)#exit S2950(config)#ip default-gateway 172.16.10.1 ‫آ‬ ‫ا‬host ‫ء‬ ‫إ‬ ‫آ‬IP ‫دا‬‫ر‬ ‫ا‬ ‫ا‬VLAN1 ‫ت‬ ‫ا‬1‫إ‬2 S#sh mac address-table S#sh spanning-tree RB ‫و‬ Non-RB‫ض‬ Sw(config)#spanning-tree vlan 1 priority 16384 OR S1(config)#spanning-tree vlan 1 root primary ‫ال‬ ‫ض‬MAC Address Table ‫ال‬Priority‫ووت‬ ‫ا‬ ‫ن‬ ‫أ‬ ‫ه‬ ‫وأ‬ ‫ال‬ ‫ن‬ ‫راح‬BridgeRoot ‫ة‬ ‫و‬ ‫ا‬ ‫إ‬ ‫رت‬ ‫ا‬ ‫أ‬Fast‫ر‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫أ‬ ‫ن‬: ‫ا‬ ‫ا‬50Block (20 sec)BPDU Listening (15 sec)DPDU‫و‬ Learning (15 sec)BPDU‫ء‬ ‫رك‬ ‫و‬ ‫و‬MAC ADD TABLE Forward ‫ت‬ ‫ا‬ ‫ه‬BPDUGuard‫و‬BPDUFilterPortFast S2950(config)#int range f0/3-4 S2950(config-if-range)#spanning-tree portfast S2950(config-if-range)#spanning-tree bpduguard enable S2950(config-if-range)#spanning-tree bpdufilter enable ‫ل‬ ‫ا‬BPDU Spanning Tree UplinkFast ‫أ‬NonRoot ‫ة‬:‫ي‬ ‫ن‬ ‫أ‬ ‫رت‬ ‫ن‬ ‫أول‬ ‫ال‬root‫و‬nonroot50‫رت‬ S2950(config)#spanning-tree uplinkfast Spanning Tree BackboneFast ‫ر‬ ‫ا‬root‫و‬nonroot‫ت‬ ‫ا‬ ‫آ‬ ‫و‬ S2950(config)#spanning-tree backbonefast Erasing the Switch Configuration S2950#erase startup-config
  26. 26. 2008||2012C C N A-26-@@@@ Chapter:10 Virtual LANs [VLAN] ‫ال‬ ‫ا‬VLAN: 1-‫إ‬subnetinterface‫ال‬ ‫ا‬subnet‫د‬interface -‫ال‬ ‫او‬ ‫ا‬one physical interface‫ي‬4.2‫ن‬logical interface F0/1.1‫ا‬ ‫ه‬sub interface -‫أآ‬ ‫ي‬ ‫أ‬ ‫ر‬ ‫أ‬1024‫ا‬ ‫ق‬ ‫ا‬ ‫ي‬ ‫ا‬ ‫آ‬ ‫أآ‬ ‫ن‬ 2-physical limitation)‫وأر‬ ‫ا‬ ‫أ‬ ‫ر‬ ‫ن‬ ‫ا‬ ‫ن‬ ‫آ‬( 3-broadcast‫و‬ 4-‫ن‬ ‫ا‬)‫أآ‬subnet( -‫أآ‬ ‫إذا‬VLAN‫أر‬ ‫ن‬ ‫او‬ ‫ج‬ ‫ا‬ -‫إذا‬VLAN‫إ‬ ‫ة‬ ‫ا‬ ‫ا‬subnet‫ت‬ ‫ا‬ ‫آ‬ ‫و‬ ‫راو‬ ‫ون‬ ‫ا‬ ‫أ‬ ‫ا‬ -‫م‬ ‫ا‬ ‫ا‬ ‫ر‬ ‫أ‬VLAN‫آ‬ ‫و‬‫آ‬ ‫أ‬)/‫ق‬(‫ت‬ ‫أو‬ -‫ا‬ ‫ت‬)Ports(‫دة‬ ‫ن‬VLAN1‫أي‬ ‫ء‬ ‫إ‬ ‫أرد‬ ‫إذا‬ ‫و‬VLAN‫أ‬VLAN2‫أن‬ ‫آ‬VLAN1‫ـ‬ ‫وآ‬ Administrator *‫و‬ ‫و‬ ‫دم‬ ‫ا‬collision domain 1-‫ب‬ ‫ا‬Hub ‫دم‬ ‫ا‬‫آ‬ ‫ا‬ ‫ى‬)‫آ‬ ‫ود‬( 2-‫ا‬Switch ‫رت‬ ‫ا‬ ‫ى‬ ‫ث‬ ‫دم‬ ‫ا‬)‫ر‬ ‫ا‬ ‫ا‬ ‫آ‬ ‫ود‬( 3-‫او‬ ‫ا‬ ‫ى‬ ‫ث‬ ‫دم‬ ‫ا‬subnet‫ة‬ ‫ا‬ ‫ا‬[each Router Interface Represents Broadcast domain] VLAN Types Dynamic VLANsStatic VLANs ‫ز‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ه‬‫رت‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ه‬ - By admin ‫م‬ ‫ا‬ ‫أو‬ ‫ت‬ ‫ة‬ ‫ا‬ ‫ى‬ ‫ن‬ ‫ا‬ ‫ه‬ ‫ز‬ ‫ا‬)‫ز‬ ‫ا‬ ‫اح‬VLAN( - By admin ‫م‬ ‫أ‬ ‫أ‬ ‫ه‬assign‫أو‬ ‫ة‬ ‫ا‬ ‫ت‬ ‫رت‬ ‫ا‬ ‫ة‬ ‫ة‬ ‫أ‬)‫رت‬ ‫ا‬ ‫ادات‬ ‫ا‬ ‫ن‬ ‫ق‬( -‫أ‬static‫و‬dynamic -f0/1 VLAN2[sales] , f0/2 VLAN3[IT] , f0/3 VLAN4[marketing] , f0/4 VLAN5[accounting] *There are two different types of links in a switched environment:‫ت‬ ‫ا‬ ‫اع‬ ‫أ‬ 1 2 Access links Trunk links ‫وا‬ ‫ا‬ ‫و‬ ‫وراو‬ ‫وا‬ ‫ول‬ ‫ا‬ ‫ا‬ ‫رت‬ ‫ا‬‫أن‬‫ن‬access port ‫ي‬ ‫أ‬ ‫ا‬ ‫وه‬ ‫او‬ ‫ا‬ ‫و‬ ‫ا‬Config ‫ا‬ ‫رت‬ ‫ا‬‫وا‬ ‫ول‬ ‫ا‬‫أن‬‫ن‬Trunk port‫ا‬ ‫ي‬ ‫أ‬ ‫ا‬ ‫وه‬ ‫او‬ ‫ا‬ ‫و‬Config ‫رت‬ ‫ا‬ ‫ن‬ ‫زم‬Fast Ethernet ‫ا‬: 1-VLAN-ID ‫ج‬ ‫ا‬VLAN-ID‫أآ‬ ‫ي‬ ‫ن‬ ‫آ‬ ‫إذا‬VLAN‫ا‬ 2-Encapsulation ‫ي‬ ‫أ‬‫ر‬ ‫ز‬1‫ر‬ ‫ز‬ ‫و‬5‫ج‬ ‫ا‬‫وأ‬ ‫أ‬‫م‬ ‫ل‬ ‫آ‬ ‫و‬ ‫أي‬ ‫م‬ ‫أ‬: Frame tagging [Encapsulation] IEEE 802.1Q [dot1Q]Inter-Switch Link (ISL) - Open standard- Cisco
  27. 27. 2008||2012C C N A-27-@@@@ VLAN Trunking Protocol [VTP]: -‫ـ‬ ‫ا‬ ‫إدارة‬VLANs -‫وا‬ ‫أروح‬‫ي‬ ‫وأ‬config‫ام‬ ‫ه‬ ‫و‬VTP‫ت‬ ‫ا‬ ‫ف‬ ‫راح‬ *‫ة‬ ‫أ‬ ‫ن‬VTP: 1-‫دا‬ ‫ت‬ ‫ا‬ ‫أد‬Domain‫وا‬‫ن‬ ‫و‬‫وا‬ ‫ا‬)‫ة‬ ‫أو‬ ‫ة‬ ‫آ‬ ‫ف‬ ‫ا‬ ‫س‬( 2-‫وا‬ ‫زم‬server‫راح‬ ‫وا‬client VTP Modes of Operation TransparentClientServer ‫ن‬ ‫ن‬ ‫ا‬local ‫ا‬ ‫ت‬ ‫ا‬ ‫و‬ ‫ا‬ ‫إ‬ ‫ه‬ ‫م‬ ‫وا‬ ‫ا‬ ‫د‬ ‫م‬ ‫ا‬ ‫أ‬ ‫ة‬ ‫وا‬: ‫إ‬‫ء‬–‫ف‬–‫إ‬–‫دة‬ ‫إ‬ ‫ـ‬ ‫ا‬VLAN *‫أي‬Cisco‫ا‬ ‫ا‬By defaults==<server mode *‫او‬ ‫ا‬ ‫ا‬ ‫رت‬ ‫ا‬router on a stick Configuring VLANs • Create VLAN ( by global config ) ‫ي‬ ‫ه‬ ‫ا‬ ‫ر‬ ‫ا‬ Switch(config)#vlan 2 Switch(config-vlan)#vlan 3 Switch(config-vlan)#vlan 4 Switch(config-vlan)#vlan 5 • [1]Create VLAN ( by Database Mode ) ‫ا‬ ‫ا‬‫ي‬ ‫ه‬ ‫ا‬ S1#vlan database S1(vlan)#vlan 2 name sales S1(vlan)#vlan 3 name IT • [2]Assigning Switch Ports to VLANs >>>>>>>>>>>> Switch(config-if)#int f0/2 Switch(config-if)#switch port access vlan 2 ‫أ‬ ‫ا‬ VLAN ‫ال‬ ‫ر‬ SW1(config-if)#switch mode access ‫وا‬ ‫ا‬ ‫ا‬ ‫ع‬ • If you want to verify your configuration, use this: ‫ال‬ ‫ه‬ ‫ض‬ ‫ف‬ ‫ن‬vlan‫أو‬Switch#sh vlan * [3]Configuring Trunk Ports [Assigning Switch Ports to be trunk] Sw(config)#int f0/12 trunk ‫ا‬ ‫رت‬ ‫ا‬ ‫ر‬ ‫ه‬ Sw(config-if)#switch port mode trunk Sw(config-if)#switchport encapsulation dot1q >>>>>>>>>>>>>>> • Defining the Allowed VLANs on a Trunk ***** Sw(config-if)#switchport trunk allowed vlan 1-10 ***** Sw(config-if)#no switchport trunk allowed vlan ***** • [4]Configuring Inter-VLAN Routing Router#config t Router(config)#int f0/0 Router(config-if)#no ip address IP ‫ن‬ ‫آ‬ Router(config-if)#no shutdown Router(config-if)#int f0/0.1 sub-interface ‫ل‬ ‫ا‬ ‫ه‬ Router(config-subif)#encaps dot1q 1 -----> VLAN 1 Router(config-subif)#ip address 192.168.10.100 255.255.255.0 Router(config-subif)#int f0/0.2 Router(config-subif)#encaps dot1q 2 -----> VLAN 2 Router(config-subif)#ip address 192.168.20.100 255.255.255.0 * Config VTP Switch(config)#vtp mode server ------> default ‫ت‬ Switch(config)#vtp domain orbits ً ‫أ‬ ‫أآ‬ Sw(config)#vtp password kkkk You can’t change, delete, or rename VLAN 1, because it’s the default VLAN. ‫إ‬ ‫ت‬ ‫ر‬ ‫ا‬ ‫ا‬ ‫أ‬VLAN‫ه‬ ‫أ‬ ‫ا‬ -‫ت‬ ‫ر‬ ‫ا‬ ‫د‬ ‫إ‬‫ور‬ ‫ي‬ ‫أ‬ ‫د‬ ‫ا‬ ‫و‬sh VLAN‫أو‬ ‫د‬ ‫ة‬ ‫ا‬ ‫ف‬ ‫أ‬ ‫ن‬ ‫ة‬3:‫ا‬‫ة‬VLAN‫ة‬ ‫ا‬‫ت‬ ‫آ‬ ‫ف‬ ‫ة‬ ‫ا‬VLAN‫وا‬ ‫و‬ ‫ف‬ ‫ه‬ ‫أ‬ ‫ا‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ع‬ ‫ر‬ ‫وا‬ ‫أآ‬‫ت‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ف‬ ‫ا‬ ‫إن‬ ‫ر‬ ‫ا‬ ‫وا‬ ‫ل‬ ‫آ‬ ‫و‬ ‫إ‬ ‫ف‬ ‫ن‬ ‫آ‬2950‫ء‬ ‫أآ‬ ‫ج‬ ***‫ت‬ ‫ا‬ ‫ور‬ ‫و‬ ‫ا‬ ‫إ‬ ‫آ‬ ‫ي‬ ‫رت‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫د‬ ‫أ‬ ‫ه‬ ‫ا‬ ‫و‬VLAN‫ح‬ ‫ا‬ ‫ا‬ ‫ة‬encapsulation‫ت‬ ‫ا‬ ‫ن‬ isl‫و‬dot1Q ‫ال‬ ‫ا‬ ‫ا‬ ‫د‬
  28. 28. 2008||2012C C N A-28-@@@@ Packet Video Real time Voice Real time Data ‫ر‬ ‫ا‬ ‫ه‬delaypriority‫م‬ ‫ا‬ ‫و‬ ‫أآ‬ QoS[Qulity of service] ‫أآ‬ ‫دة‬ ‫ج‬ ‫ت‬ ‫ا‬ *‫ق‬ ‫ا‬ ‫ه‬ ‫ت‬ ‫ا‬ ‫اع‬ ‫أ‬ ‫آ‬ ‫إذا‬intelligent Configuring Voice VLANs Switch(config)#mls qos Switch(config)#interface f0/1 Switch(config-if)#mls qos trust cos Switch(config-if)#switchport voice vlan dot1p Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 3 Switch(config-if)#switchport voice vlan 10
  29. 29. 2008||2012C C N A-29-@@@@ Chapter: 11 Network Address Translation [NAT] IP Real [public]Virtual [private] 10.0.0.1 : 10.255.255.254 172.16.0.1 : 172.31.255.254 192.168.0.1 : 192.168.255.254 ‫أي‬IP‫ا‬ ‫ا‬ ‫ه‬ ‫د‬Real IP ‫ال‬NAT‫ه‬virtual IP‫و‬real IP‫م‬ ‫و‬:‫ا‬ ‫ل‬ ‫ا‬ ‫ا‬ ‫ة‬ ‫ا‬ ‫رة‬)‫ل‬ ‫ا‬ ‫أن‬real IP‫ا‬ ‫ز‬( PAT Port Address Translation NAT Static Dynamic Overloading == [PAT] Static With Overloading Dynamic With OverloadingOne virtual IP => one real IP Many virtual IP => Many real IP ‫ط‬: Number of real IP=number of virtual IP Many real IP CALLD pool of real IP Many virtual IP => One real IP Many virtual IP => Many real IP ‫ال‬NAT‫ل‬ ‫ا‬ ‫أ‬ ‫ه‬))‫وآ‬ ‫ا‬ ‫ام‬ ‫ا‬(( NAT Names Inside local Inside global Outside global Name of inside source address before translation Name of inside host after translation Name of outside destination host after translation ‫د‬ ‫ا‬Virtual IP ‫د‬ ‫ا‬Real IP ‫رج‬ ‫أو‬ ‫أ‬ ‫ا‬ ‫ا‬ Static NAT [1]Creates a static NAT translation between 192.168.10.1 and 192.1.2.109 real&virtual ‫ا‬ Router(config)#ip nat inside source static 192.168.10.1 192.1.2.109 NAT Table [2]Configures NAT inside interface inside Router(config)# interface f0/0 Router(config-if)# ip address 192.168.10.1 255.255.255.0 Router(config-if)# ip nat inside ‫ا‬ ‫ا‬ ‫ا‬ ‫ف‬ ‫ن‬ ‫ا‬ ‫ه‬ [3] Configures NAT outside interface outside Router(config)# interface Serial0/0 Router(config-if)# ip address 192.1.2.109 255.255.255.240 Router(config-if)# ip nat outside ‫ر‬ ‫ا‬ ‫ا‬ ‫ف‬ ‫ن‬ ‫ا‬ ‫ه‬ ‫ا‬ ‫ح‬ ‫ا‬ ‫ز‬ ‫ا‬ ‫ا‬ ‫ه‬ 192.168.10.1 Virtual IP‫ال‬ ‫ا‬ ‫ه‬ 192.1.2.109 Real IP‫ال‬ ‫ا‬ ‫ه‬ Dynamic NAT [1]Defines a NAT pool (outside addresses) named MyPool with a range of addresses 60.1.1.2 – 60.1.1.6 Router(config)#ip nat pool MyPool 60.1.1.1 60.1.1.6 netmask 255.255.255.248 [2]Determine inside addresses that will use NAT, that addresses are defined in ACL Router(config)#ip nat inside source list 10 pool MyPool Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255 [3] Configures NAT inside interface >>>>>>>>>>>>>> [4] Configures NAT outside interface >>>>>>>>>>>>>> Pool=> many Real address ‫ال‬ ‫ي‬IPISP ‫ه‬6‫ة‬ ‫أ‬)IPs(‫ا‬ISP ‫وال‬ ‫ول‬ ‫ا‬ ‫ه‬10‫ر‬ ‫ه‬ACL ‫ر‬254‫ا‬ ‫ا‬ ‫ا‬ ‫ز‬6‫ة‬ ‫أ‬ ‫وا‬ ‫ا‬Static NAT
  30. 30. 2008||2012C C N A-30-@@@@ ‫م‬ ‫ا‬ ‫أ‬ ‫ن‬ ‫و‬Port‫ة‬ ‫ا‬ ‫د‬ ‫أآ‬ ‫ج‬ ‫أ‬ ‫ر‬ ‫أ‬ ‫ن‬)‫أ‬ ‫ر‬ ‫م‬ ‫وا‬1024‫ز‬ ‫ن‬( Overload NAT (PAT) [1] Defines a NAT pool (outside addresses) named MyPool with a range of Single address 60.1.1.1 Router(config)#ip nat pool MyPool 60.1.1.1 60.1.1.1 netmask 255.255.255.248 [2]Determine inside addresses that will use NAT, that addresses are defined in ACL Router(config)#ip nat inside source list 10 pool MyPool overload ========= Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255 [3] Configures NAT inside interface [4] Configures NAT outside interface ‫وا‬ ‫ز‬ ‫و‬‫ال‬ ‫ع‬ ‫ش‬NAT‫ه‬ ‫ا‬ ‫ن‬ ‫ه‬=Static PAT or Static overload Simple Verification of NAT * To see basic IP address translation information, use the following command: Router#show ip nat translation This output will show the sending address, the translation, and the destination address on each debug line: Router#debug ip nat ‫ء‬ ‫ا‬ ‫ا‬ ‫م‬ ‫ا‬* To cancel the debug R#undebug all Or R#un all ‫ال‬ ‫ض‬table ‫و‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ر‬ ‫و‬debugresource‫ة‬ ‫أ‬
  31. 31. 2008||2012C C N A-31-@@@@ Chapter: 12 Wireless LAN [WLAN] *‫ج‬ ‫ا‬ ‫ل‬ ‫ا‬ ‫أ‬ ‫إذا‬: 1-‫أآ‬Access Point)‫ا‬ ‫ا‬ ‫ا‬–‫ة‬ ‫أ‬( 2-‫ت‬ ‫آ‬)‫ا‬ ‫ا‬ ‫ا‬ ‫ت‬ ‫آ‬( ‫ا‬ ‫ا‬‫و‬ ‫ا‬ ‫ت‬ ‫ا‬Electromagnetic ‫ج‬Unlicense802.11 b and 802.11gWireless2.4 GHZ ‫ج‬Unlicense802.11 aWaves5 GHZ PurposeAgency Creates and maintains operational standards ‫ا‬‫ا‬ ‫ت‬ ‫رد‬ Institute of Electrical and Electronics Engineers (IEEE) Regulates the use of wireless devices in the U.S. ‫ددات‬ ‫وا‬ ‫ت‬ ‫ر‬ ‫ء‬ ‫إ‬–‫أ‬ ‫دة‬ ‫ا‬ ‫وه‬ Federal Communications Commission (FCC) Chartered to produce common standards in Europe ‫ددات‬ ‫وا‬ ‫ت‬ ‫ر‬ ‫ء‬ ‫إ‬–‫دة‬ ‫ا‬ ‫وه‬‫أورو‬ European Telecommunications Standards Institute (ETSI) Promotes and tests for WLAN interoperabilityWi-Fi Alliance Educates and raises consumer awareness regarding WLANsWLAN Association (WLAN) ‫إ‬ ‫ج‬ ‫ددات‬:900MHz / 2.4GHz / 5 GHz‫دو‬ ‫ا‬ ‫ا‬ ‫ج‬ ‫وا‬. 802.11a802.11g802.11b Up to 54 MbpsUp to 54 MbpsUp to 11 MbpsData rate OFDMDSSS & OFDMDSSSModulation method 5 GHz2.4GHz2.4GHzFrequency band 23 ‫ا‬ ‫م‬ ‫ا‬ ‫ات‬ ‫ا‬ ‫د‬= ‫ورو‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ات‬ ‫ا‬ ‫د‬=19 1414channels numbers ‫ات‬ ‫ا‬ ‫د‬ 123non 1-6-113non 1-6-11‫أ‬ ‫ات‬ ‫ا‬ ‫أي‬ ‫دد‬ ‫ا‬ ‫ن‬ ‫آ‬‫ر‬ Non-overlapping channels ‫ت‬ ‫إ‬: 1-‫ال‬ ‫زادت‬ ‫آ‬data rate‫ال‬ ‫آ‬cover area ‫ال‬ ‫زاد‬ ‫آ‬Frequency‫ال‬ ‫آ‬cover area‫وزاد‬data rate 2-‫ل‬ ‫آ‬ ‫و‬ ‫ا‬CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) or RTS/CTS (Request To Send, Clear To Send)‫دم‬ ‫أي‬ ‫ث‬ 3-‫ع‬ ‫ا‬b and g‫دد‬ ‫ا‬ ‫ن‬ ‫ن‬ ‫رون‬ DSSS Direct Sequence Spread Spectrum ||| OFDM Orthogonal Frequency Division Multiplexing
  32. 32. 2008||2012C C N A-32-@@@@ -‫ال‬AD-HOK‫أآ‬ ‫ون‬ ‫ز‬ ‫ر‬ ‫ه‬ ‫آ‬ ‫ل‬Cisco’s Unified Wireless Solution • MESH : - Root Access Points (RAPs) :‫ا‬ ‫ا‬ ‫وا‬ - Mesh Access Points (MAPs) :‫وت‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫وا‬ • AWPP: Root ‫إ‬ MESH ‫ر‬ ‫أ‬ ‫د‬ ‫ل‬ ‫آ‬‫ال‬ ‫ل‬ - Adapter wireless path protocol -This protocol allows RAPs to communicate with each other to determine the best path back to the wired network via the RAP. • Wireless Security : 1. Open Access 2. SSIDs, WEP, and MAC Address Authentication SSID Service Set Identifiers ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫ه‬ ‫ض‬ ‫ا‬ ‫ا‬ WEP Wired Equivalency Protocol ‫س‬ ‫ا‬ ‫وه‬ ‫ا‬ ‫ي‬ MAC addresses ‫ا‬ ‫ه‬ ‫ا‬ ‫ة‬ ‫ا‬ 3. WPA or WPA 2 [Pre-Shared Key (PSK)] ‫أآ‬-‫رد‬ ‫ا‬ - WPA Wi-Fi Protected Access and WPA2(‫ر‬ ‫)ا‬ Pre-Shared Key (PSK) is a better form of wireless security than any other basic wireless security methods mentioned so far. ‫ق‬ ‫ا‬‫وا‬ ‫ول‬ ‫ا‬)‫ر‬ ‫ا‬(‫رد‬ ‫ا‬ ‫و‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫دة‬ ‫ز‬ ‫ه‬ 4. Cisco Unified Wireless Network Security ‫و‬ ‫أآ‬ ‫آ‬ ‫ل‬ - Secure Connectivity for WLANs ‫ا‬ ‫ا‬ - Trust and Identity for WLANs ‫را‬ ‫وا‬ ‫آ‬ ‫ا‬ - Threat Defense for WLANs ‫ات‬ ‫ا‬ -‫ا‬ ‫ا‬ ‫ا‬ ‫ات‬ ‫او‬ ‫ا‬ ‫ا‬==ISR integrated service router < ‫ا‬ ‫ت‬ ‫ا‬ ‫راو‬
  33. 33. 2008||2012C C N A-33-@@@@ Chapter: 13 Internet Protocol Version 6 (IPv6) IPv4IPv6 32 bits128 bits 16 bit16 bit16 bit16 bit16 bit16 bit16 bit16 bit16 bit 991A87756114210321012702434Cf0000ABHexadecimal ‫ا‬)‫آ‬(--:--:--:--:--:--: - [ IP v.4 ] number of add = 232 - [ IP v.6 ] number of add = 2128 - No size for header The Benefits and Uses of IP v.6 :** 1. IPv6 is 128 bits which gives (3.4 x 10^38) of addresses. 2. The header in an IPv6 packet have half the fields .‫و‬ ‫ا‬ ‫ام‬ ‫ا‬ 3. There is no broadcast in IPv6 because it uses multicast traffic instead. x:x:x:x:x:x:x:x 1080:0000:0000:0000:0008:0800:200C:417A‫ا‬ ‫ا‬ 1080:0:0:0:8:800:200C:417A 1080::8:800:200C:417A‫ا‬ ‫ر‬ ‫ا‬ ، ‫أآ‬ ‫وأ‬ ‫ره‬ ‫ا‬::‫ا‬ ‫ه‬ ‫ام‬ ‫ا‬ ‫و‬ ‫ة‬ ‫وا‬ ‫ة‬ ‫إ‬ ‫ر‬ ‫ا‬ 0:0:0:0:0:0:0:1 ::1 ‫و‬loop back ‫و‬127.0.0.1v4‫وه‬local host IPv6 prefix-lengthprefix-address -‫ال‬64‫ه‬prefix length‫و‬ ‫ا‬ ‫ر‬ ‫ا‬ ‫ر‬ ‫وا‬ ‫وه‬ ‫ن‬ ‫آ‬ ‫ت‬ ‫و‬ ‫ة‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫دا‬ ‫أ‬ -‫وه‬ ‫ا‬ ‫د‬ ‫ا‬1‫ن‬1‫إ‬FFFF ‫و‬ F0/1=> 12:34:56:7::1/64 F0/1=> 12:34:56:8::1/64 ‫ا‬ ‫ه‬net add12:34:56:7:: ‫ـ‬ ‫ا‬ ‫ا‬ ‫ه‬Router interface EUI‫ه‬generate‫إ‬ ‫ت‬ ‫ا‬128MAC address‫ا‬. ‫أ‬Prefix length‫أ‬64 MAC : 48 bits ‫وه‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ا‬FFFF‫ل‬ ، ‫وه‬: 0000.abcd.0001 FFFF 0000.abff.ffcd.0001
  34. 34. 2008||2012C C N A-34-@@@@ Host Config AutomaticManual statefullstateless DHCP Found in the network -‫ه‬DHCP No DHCP Found in the network ‫وز‬ ‫و‬XP Automatic ‫ات‬IPv6IPv4‫م‬ ‫إ‬multicast‫و‬broadcast ** Address Types: - 1. Unicast address single IPv4 ‫ان‬ ‫وح‬– 2. Multicast address class D in IPv4 ‫آ‬ ‫س‬- 3. Anycast address ‫آ‬ ‫أر‬ ‫إ‬ ‫ض‬ ‫وا‬ ‫ر‬ ‫أ‬ ‫او‬ 4. Global unicast addresses Public IP v.4 5. Link-local addresses Privet IP v.4 ‫دا‬ ً ‫أ‬IPv6virtual and realIPv4‫ال‬ ‫و‬virtual.... 0:0:0:0:0:0:192.168.100.1 This is how an IPv4 address would be written in a mixed IPv6/IPv4 network environment. 2000::/3 The global unicast address range real IP 0010.0000.0000.0000 FC00::/7 The unique local unicast range ‫ن‬ ‫ا‬ ‫م‬ FE80::/10 The link-local unicast range ‫ا‬ ‫ا‬ ‫ه‬ private IP 1111.1110.1000.0000 FF00::/8 The multicast range multi-cast Configuring Cisco Routers with IPv6 ‫ال‬ ‫أ‬ ‫ن‬IPv6‫ل‬ ‫ا‬* Enable IPv6 Router(config)#ipv6 unicast-routing • Configure IPv6 on the interface Router(config)#int f0/0 Router(config-if)#ipv6 address 2001:db8:3c4d:1:0260.d6FF.FE73.1987/64 OR • You can allow the device to use its MAC address and pad it to make the interface ID. Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64 Extended user interface‫ي‬ ‫ه‬ ‫ي‬‫ء‬ ‫إ‬64‫ا‬ ‫د‬dsesingle IP / Prefix length ‫ي‬ ‫وه‬ ‫ك‬ ‫ا‬ ‫ن‬ ‫و‬ ‫ء‬ ‫إ‬ ‫ي‬ ‫ي‬ ‫ار‬ ‫ن‬ ‫أ‬ Dynamic Host Configuration Protocol (DHCPv6) IP v6 ‫ب‬ ‫ادات‬ ‫ء‬ ‫ا‬ ‫ه‬ ‫ج‬ ‫ا‬ A node that initiates requests on a link to obtain configuration parameters.Client6DHCPv A node that responds to requests from clients to provide addresses, prefix lengths, or other configuration parameters.Server6DHCPv A node that acts as an intermediary to deliver DHCPv6 messages between clients and servers. ‫ن‬ ‫م‬ ‫و‬DHCP‫وإر‬ ‫ت‬ ‫ا‬ ‫و‬ ‫و‬DHCP Relay6DHCPv ‫ا‬ either a server or a relay. ‫أ‬Agent6DHCPv
  35. 35. 2008||2012C C N A-35-@@@@ Configuring Cisco Routers with IPv6 Dynamic Host Configuration Protocol (DHCPv6) Router(config)#ipv6 dhcp pool test ‫ا‬ Router(config-dhcp)#prefix-delegation pool test lifetime 3600 3600 ‫ا‬ ‫ي‬ ‫ه‬ ‫م‬ ‫ر‬ ‫ا‬ Router(config)#int f 0/0 Router(config-if)#ipv6 dhcp server test IPv6 Routing Protocols • RIPng [next generation ‫ا‬ ‫ار‬ ‫]ا‬ Router(config)#int f 0/0 interface ‫ال‬ ‫ى‬ ‫أ‬ Router(config-if)#IPV6 rip 1 enable process ID ‫ر‬1‫ه‬ • EIGRPv6 Router(config)#ipv6 router eigrp 10 Autonisim system ‫ر‬10‫ه‬ Router(config-rtr)#no shutdown Router(config)#int f 0/0 Router(config-if)#ipv6 eigrp 10 • OSPFv3 Router (config)#ipv6 router osfp 10 process ID ‫ر‬1‫ه‬ ‫أ‬ ‫ا‬ ‫ه‬id‫ب‬ ‫ا‬DR‫ه‬ ‫د‬‫ة‬Router (config-rtr)#router-id 1.1.1.1 Router(config)#int f 0/0 interface ‫ال‬ ‫ى‬ ‫أ‬ Router(config-if)#ipv6 ospf 10 area 0 Migrating to IPv6 ‫ي‬ ‫أ‬ ‫آ‬upgrade‫ا‬IPv4‫إ‬IPv6 1- Dual Stacking It allows our devices to communicate using either IPv4 or IPv6. Router(config)#ipv6 unicast-routing Router(config)#interface fastethernet 0/0 Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64 Router(config-if)#ip address 192.168.255.1 255.255.255.0 2- 6to4 Tunneling Router1(config)#int tunnel 0 Router1(config-if)#ipv6 address 2001:db8:1:1::1/64 Router1(config-if)#tunnel source 192.168.30.1 Router1(config-if)#tunnel destination 192.168.40.1 Router1(config-if)#tunnel mode ipv6ip Router2(config)#int tunnel 0 Router2(config-if)#ipv6 address 2001:db8:2:2::1/64 Router2(config-if)#tunnel source 192.168.40.1 Router2(config-if)#tunnel destination 192.168.30.1 Router2(config-if)#tunnel mode ipv6ip Configuring IPv6 on Our Internetwork Corp#config t Corp(config)#ipv6 unicast-routing Corp(config)#int f0/1 Corp(config-if)#ipv6 address 2001:db8:3c4d:11::/64 eui-64 Corp(config-if)#int s0/0/0 Corp(config-if)#ipv6 address 2001:db8:3c4d:12::/64 eui-64 Corp(config-if)#int s0/0/1 Corp(config-if)#ipv6 address 2001:db8:3c4d:13::/64 eui-64 Corp(config-if)#int s0/1/0 Corp(config-if)#ipv6 address 2001:db8:3c4d:14::/64 eui-64 Corp(config-if)#int s0/2/0 Corp(config-if)#ipv6 address 2001:db8:3c4d:15::/64 eui-64 Corp(config-if)#^Z Corp#copy run start R1#config t R1(config)#ipv6 unicast-routing R1(config)#int s0/0/0 R1(config-if)#ipv6 address 2001:db8:3c4d:12::/64 eui-64 R1(config-if)#int s0/0/1 R1(config-if)#ipv6 address 2001:db8:3c4d:13::/64 eui-64 R2#config t R2(config)#ipv6 unicast-routing R2(config)#int s0/2/0 R2(config-if)#ipv6 address 2001:db8:3c4d:14::/64 eui-64 R3#config t R3(config)#ipv6 unicast-routing R3(config)#int s0/0/1 ‫ول‬ ‫ا‬ ‫ا‬=RS ‫ا‬ ‫ا‬=RA ‫وأ‬‫ال‬ ‫ن‬ ‫ا‬ ‫ه‬ ‫ي‬generation two switchs‫و‬ state less ‫وا‬ ‫ا‬IPv4‫و‬IPv6 ‫ز‬ ‫ا‬ ‫ن‬ ‫آ‬ ‫إذا‬ ‫ا‬ ‫أ‬ ‫ر‬ ‫ا‬ ‫م‬ ‫ا‬ )‫او‬ ‫ا‬-‫ا‬-‫ا‬(‫ر‬ ‫ء‬ ‫أد‬‫ب‬ ‫ل‬v6‫ب‬ ‫ل‬ ‫ء‬ ‫إ‬v4 ‫ف‬ ‫ن‬ ‫آ‬ ‫إذا‬ ‫ا‬IPv6 ‫أ‬ ‫إذا‬two ways‫او‬ ‫ا‬ ‫ادات‬ ‫ا‬ ‫ي‬ ‫أ‬ ‫إذا‬‫أ‬one way‫وا‬ ‫راو‬ ‫ادات‬ ‫ا‬ ‫ي‬ ‫أ‬
  36. 36. 2008||2012C C N A-36-@@@@ R3(config-if)#ipv6 address 2001:db8:3c4d:15::/64 eui-64 1- Configuring RIPng Corp#config t Corp(config)#int f0/1 Corp(config-if)#ipv6 rip 1 enable Corp(config-if)#int s0/0/0 Corp(config-if)#ipv6 rip 1 enable Corp(config-if)#int s0/0/1 Corp(config-if)#ipv6 rip 1 enable Corp(config-if)#int s0/1/0 Corp(config-if)#ipv6 rip 1 enable Corp(config-if)#int s0/2/0 Corp(config-if)#ipv6 rip 1 enable • Configuring RIPng R1#config t R1(config)#int s0/0/0 R1(config-if)#ipv6 rip 1 enable R1(config-if)#int s0/0/1 R1(config-if)#ipv6 rip 1 enable R2#config t R2(config)#int s0/2/0 R2(config-if)#ipv6 rip 1 enable R3#config t R3(config)#int s0/0/1 R3(config-if)#ipv6 rip 1 enable • Verifying RIPng R3#sh ipv6 route R3#sh ipv6 protocols R3#sh ipv6 rip R3#sh ipv6 interface serial 0/0/1 R3#debug ipv6 rip 2- Configuring OSPFv3 Corp#config t Corp(config)#int f0/1 Corp(config-if)#ipv6 ospf 1 area 0 Corp(config-if)#int s0/0/1 Corp(config-if)#ipv6 ospf 1 area 0 Corp(config-if)#int s0/1/0 Corp(config-if)#ipv6 ospf 1 area 0 Corp(config-if)#int s0/2/0 Corp(config-if)#ipv6 ospf 1 area 0 • Configuring OSPFv3 R1#config t R1(config)#int s0/0/1 R1(config-if)#ipv6 ospf 1 area 0 R2#config t R2(config)#int s0/2/0 R2(config-if)#ipv6 ospf 1 area 0 R3#config t R3(config)#int s0/0/1 R3(config-if)#ipv6 ospf 1 area 0 • Verifying OSPFv3 R3#sh ipv6 route R3#sh ipv6 protocols R3#sh ipv6 protocols R3#sh ipv6 protocols Corp#debug ipv6 ospf packet Corp#un all ‫زم‬No shut ‫وا‬ ‫ج‬ ‫أ‬‫ة‬ ‫ا‬ ‫ف‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ه‬ ‫ا‬
  37. 37. 2008||2012C C N A-37-@@@@ Chapter: 14 Wide Area Networking [WAN] ‫أي‬): (‫و‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫آ‬ Defining WAN Terms: • Customer premises equipment (CPE) • Demarcation point • Local loop • Central office (CO) ** WAN Connection Types WAN ‫دا‬ ‫ا‬ ‫ا‬ ‫اع‬ ‫ا‬ 1- Dedicated for example: lease line ‫ص‬ 2- Circuit switched for example : ISDN or dial up ‫ا‬ ‫ق‬ ‫وا‬ ‫ا‬ ‫اد‬‫ـ‬ ‫ت‬dail up56K‫و‬ISDN‫إ‬128K or 1.5Mbps 3- Packet switch for example : Frame relay ‫أآ‬ ‫وا‬ service‫راح‬ ‫ات‬ ‫او‬ ‫ا‬DTE‫و‬DCE... ‫م‬ ‫اح‬ ‫آ‬ ‫وإذا‬CSU/DSU [ Circuit Service Unit / Data Service Unit] DSL Based band WI-MAX Broad band #‫ال‬ ‫ل‬ ‫آ‬ ‫ا‬ ‫ت‬ ‫إذا‬service‫ك‬ ‫ه‬ ‫ن‬ ‫أن‬Encaps‫ص‬ ‫ل‬ ‫آ‬ ‫و‬ ‫و‬ ‫و‬: protocol HDLC High-Level Data-Link Control PPP Point-to-Point Protocol Frame Relay ‫م‬ ‫و‬: 1-lease line ‫م‬ ‫و‬: 1-lease line 2-ISDN 3-Dial up ‫م‬ ‫و‬: 1-Frame Relay ‫آ‬ ‫ن‬ ‫أن‬ ‫ا‬ ‫إذا‬ ‫آ‬ ‫ا‬ ‫او‬ ‫ا‬ ‫ل‬ ‫آ‬ ‫و‬ ‫أآ‬ ‫و‬ 1- LCP (Link Control Protocol) Layer2 ‫ل‬ ‫و‬ ‫آ‬‫ل‬ ‫ا‬ ‫إ‬ ‫ت‬ ‫ا‬‫و‬ 2- NCP (Network Control Protocol ) L3 ‫ت‬ ‫آ‬ ‫و‬ ‫ا‬ ‫اع‬ ‫أ‬ ‫ع‬ ‫أي‬ ‫ر‬ 3- Authentication protocol * You can’t use HDLC or PPP with Frame Relay. :ion typestwo encapsulatthere areFrame RelayWith 1- Cisco 2- IETF (Internet Engineering Task Force) ‫ا‬ ‫ا‬‫ة‬ ‫أ‬ ‫ي‬ ‫و‬ ‫ا‬CPE LAN2LAN1 R O O ‫ا‬ ‫آ‬ ‫ا‬ Central Office Demarcation point ‫ا‬ ‫ة‬ ‫وأ‬ ‫ت‬ ‫ا‬ ‫آ‬ ‫ة‬ ‫أ‬ ‫ا‬ ‫ا‬ ‫وه‬ Local loop ‫و‬ ‫وع‬ ‫ا‬ Service
  38. 38. 2008||2012C C N A-38-@@@@ * PPP has many advantage: 1- multi-link Back up 2- Callback ‫ل‬ ‫ا‬ ‫ودة‬ 3- Authentication ‫ا‬ a- CHAP (Challenge Hand Authentication Protocol) [Encrypted) b- PAP (Password Authentication Protocol) [Clear Text] ‫وا‬ 4- Compression ‫ا‬ 5- Route packet for different routed packet Configuring PPP on Cisco Routers • Turn on PPP on connected interface PPP ‫ـ‬ Router(config)#int s0 Router(config-if)#encapsulation ppp • Configuring PPP Authentication Router(config)#hostname RouterA ‫ا‬ RouterA(config)#username RouterB password cisco RouterA(config)#int s0 RouterA(config-if)#ppp authentication chap pap Router(config)#hostname RouterB ‫ا‬ RouterB(config)#username RouterA password cisco RouterB(config)#int s0 RouterB(config-if)#ppp authentication chap pap Base config: 1-‫ال‬ ‫أ‬interface‫وأ‬IP 2-‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ع‬ ‫د‬ ‫أ‬RIP‫أو‬OSFP ‫ال‬PPP‫م‬: 1- Lease line 2- Dial up 3- ISDN ‫آ‬ ‫و‬ ‫ا‬ ‫ول‬ ‫س‬ ‫ا‬ ‫و‬ ‫ول‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ا‬ ‫أ‬ ‫س‬ ‫ا‬ ‫و‬ ‫ول‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ا‬ ‫وأ‬ Frame Relay ‫وا‬ ‫أآ‬ ‫و‬ ‫ا‬))‫م‬ ‫ال‬Lease line‫ا‬(( ‫ا‬‫ـ‬Frame Relay‫ل‬ ‫آ‬ ‫و‬ ‫ا‬TCP/IP‫وه‬ ‫ل‬ ‫آ‬ ‫م‬Frame Relay * Frame Relay has become one of the most popular WAN services deployed. * Frame Relay is a packet-switched technology * Frame Relay, by default, is classified as a non-broadcast multi-access (NBMA) * Frame Relay PVCs are: ‫ا‬FR switch‫او‬ ‫وا‬PVC [Permanent Virtual Circuit]‫د‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫وه‬ 1- devices using (DLCI) Data Link Connection Identifiers ‫آ‬ ‫ر‬ ‫أ‬ ‫ن‬PVC‫ن‬Up 24H‫أو‬)‫رة‬ ‫إ‬(SignalLocal Management Interface (LMI) is a signaling standard used between your router and the first Frame Relay switch it’s connected to. ‫ع‬ ‫د‬ ‫وا‬LMI‫ا‬ ‫ود‬ ‫ه‬ISP ** There are three different types of LMI message formats: 1- Cisco (default) 2- ANSI (open standard) 3- Q.933A. (open standard) Frame Relay Implementation RouterA(config)#int s0/0 RouterA(config-if)#no shut RouterA(config-if)#encapsulation frame-relay IETF RouterA(config-if)#ip address 172.16.20.1 255.255.255.0 RouterA(config-if)#frame-relay lmi-type ansi ‫اع‬ ‫أ‬ ‫ث‬ ‫ا‬ ‫ر‬ RouterA(config-if)#frame-relay interface-dlci 101 ‫ال‬frame relay‫ب‬IETF
  39. 39. 2008||2012C C N A-39-@@@@ show frame lmi ‫ع‬ ‫ض‬LMI‫ا‬ Give you the LMI traffic statistics exchanged between the local router and the Frame Relay switch. show frame pvc * list all configured PVCs and DLCI numbers. * It provides the status of each PVC connection and traffic statistics. show interface * Check for LMI traffic. * Displays line, protocol, DLCI, and LMI information. show frame map Displays the Network layer–to–DLCI mappings. Virtual Private Networks (VPN) ** There are three different categories of VPNs: 1- Remote access VPNs 2- Remote users VPN 3- Site-to-site VPNs ** Tunneling protocols ‫ة‬ ‫وا‬‫ه‬ logical ‫ن‬ tunnel ‫ال‬ 1- Point-to-Point Tunneling Protocol (PPTP) (open standard) 2- Layer 2 Tunneling Protocol (L2TP) ‫ر‬ ‫أآ‬ ‫ا‬ ‫ه‬ (open standard) 3- Generic Routing Encapsulation (GRE) ‫ات‬ ‫راو‬ ** Security Protocols (IPSec) ‫ن‬ ‫م‬ ‫و‬ L2TP ‫ل‬ ‫آ‬ ‫م‬ 1- Authentication Header (AH) 2- Encapsulating Security Payload (ESP) IPsec encrypted IP Clear

×