شرح مبسط جدا لمنهج سيسكو CCNA

2008||2012C C N A-1-@@@@
‫ﴍح‬‫ﻣﻨﻬﺞ‬‫ﺳﻴﺴﻜﻮ‬ ‫ﺷﺒﻜﺎت‬
CCNACisco Certified Network Associate
‫ـﺪرب‬‫ـ‬‫ﻤ‬‫ـ‬‫ﻟ‬‫ا‬
‫إﻋ‬‫ـ‬‫ـ‬‫ـ‬‫ـ‬‫ـﺪاد‬‫ـ‬
@ @
ALFAHAID@GMAIL.COM
:1429/2008
:1433/2012
::::
2 0 1 2
‫ﻣﺬﻛﺮة‬
‫رﻗﻢ‬:4
.

2008||2012C C N A-2-@@@@
:
.
:
.
:
"
) "(
@ALFahaid
https://twitter.com/AlFahaid
:183
Dropbox
m20%?N7MjqYNGCl/r2q73r5q87xdu9s/sh/com.dropbox.www://https
a

2008||2012C C N A-3-@@@@
The ContentsThe ContentsThe ContentsThe Contents
Ch1: Introduction To Network 4
Ch2/3: IP Subnetting 7
Ch4: Cisco Router 9
Ch5/6: IP Routing 12
Ch7: Access Lists [ ]ACL 18
Ch8: Managing Cisco IOS Software 21
Ch9: Switching [ Layer 2] 24
Ch10: Virtual LANs [ ]VLAN 26
Ch11:
Network Address Translation
[ NAT]
29
Ch12: Wireless [LAN WLAN] 31
Ch13:
Internet Protocol Version 6
[ IPv6]
33
Ch14: Wide Area Networking [ WA ]N 37
‫ا‬ ‫ا‬ ‫ل‬ ‫ا‬ - ‫–ا‬ ‫ر‬ ‫ا‬ ‫ورة‬ ‫ا‬ ‫ت‬
http://www.mediafire.com/?3maerm7vmi0x4x7

2008||2012C C N A-4-@@@@
Chapter: 1
Introduction To Network
What’s Network ? ‫ا‬
Network is a group of computers connected with others to share data.
‫ا‬ ‫ا‬‫ت‬ ‫ا‬ ‫رآ‬
Types of Network: ‫ت‬ ‫ا‬ ‫اع‬ ‫أ‬
1. (LAN) Local Area Network ‫أوا‬ ‫أآ‬
2. (WAN) Wide Area Network
‫ق‬ ‫ا‬LAN‫و‬WAN:
1-‫ا‬ ‫ا‬ ‫ا‬
2-‫ال‬Service‫ت‬ ‫ا‬ ‫ا‬ ‫وه‬..:leas line/frame relay/ATM
3. (MAN) Metropolitan Area network ))‫و‬‫د‬ ‫ا‬((
4. (SAN) Storage Area network ‫ات‬)‫دا‬LAN(
5. (VPN)Virtual Private Network ‫ا‬ ‫ا‬LAN:
1-VPN2-Dial up‫أآ‬ ‫أ‬ ‫أ‬Security
6. Intranets and Extranets. ‫روا‬ ‫أ‬‫وا‬ LAN Intranets‫دا‬ ‫ا‬ ‫ه‬‫و‬Extranets‫ر‬ ‫ا‬
SAN ‫إ‬ ‫ح‬
‫أن‬ ‫ات‬ ‫ا‬ ‫ر‬ ‫ه‬ ‫و‬:
1-Cluster service
2-High speed internet
‫ة‬ ‫ا‬SAN‫ه‬Disaster Recovery‫ـ‬ ‫م‬ ‫ي‬ ‫وا‬:
1-‫ا‬Backup
2-‫ل‬ ‫ا‬ ‫ز‬Load Balance
VPN ‫إ‬ ‫ح‬
‫ل‬ ‫ن‬LAN‫ا‬
‫ام‬VPN
‫ا‬ ‫ء‬ ‫م‬ ‫راح‬ ‫ا‬Tunnel‫ت‬ ‫ا‬‫اق‬ ‫ا‬
NIC = Network Interface Card
DNS IP ‫ا‬ ‫ا‬ ‫و‬‫م‬ ‫أر‬ ‫إ‬
ARP = Address Resolution protocol
IP‫إ‬MACARP
MAC‫إ‬IPRARP
Logical × Physical ‫دي‬
Virtual ‫ا‬ ‫ا‬ × real
‫ر‬‫و‬‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬‫م‬
343+‫ت‬HTTPS1
80+‫ون‬‫ت‬HTTP2
20/21‫ر‬/‫ت‬ ‫ا‬FTP3
25‫ل‬ ‫إر‬SMTP4
53‫م‬ ‫أر‬ ‫إ‬ ‫ا‬ ‫ا‬DNS5
23‫دارة‬ ‫ا‬TELNET6
LAN
-1-
Remote site
‫أو‬
-2-
Remote user
LAN
‫ل‬ ‫ج‬ ‫ه‬
1-modem
2-NIC
3- Tel line
‫ن‬
Network
Access
Service
Dialup VPN

2008||2012C C N A-5-@@@@
# OSI-RM [ Open System Interconnection – Reference Model ] :
‫م‬ OSI-RM ‫ا‬ ‫ا‬ ‫ء‬ ‫أ‬
‫ل‬ ‫ا‬ Protocol Device ‫ا‬ TCP/IP
7 Application data -
Interface between
app & protocol
6 Presentation data -
-compression
-conversion
-encryption
5 Session data
HTTP-FTP-SMTP
DNS-TELNET
HTTPs-POP3
-
-monitor ‫ا‬
open session on
the host
(1)
Application
4 Transport Segments
TCP
HTTP-FTP
DNS- TELNET
UDP
TFTP-DNS
DHCP
-
Delivery method
‫ل‬
‫ا‬
(2)
Transport
3 Network Packets IP – ARP
1-Router
2-Switch[L3]
Provide logical
address [address
for delivery on
network]
(3)
Internet
2 DataLink Frames
1-Bridge
2-NIC
3-Switch[L2]
Provide physical
address [MAC]
1 Physical Bits
LAN & WAN
TECHNOLGY 1-Hub
‫ة‬ ‫ا‬ ‫م‬
2-Repeater
‫رة‬ ‫ا‬ ‫م‬
000011011
000111111
(4)
Network
Access
-‫ال‬OSI-RM‫وأ‬ ‫و‬ ‫م‬ ‫ذج‬:1-TCP/IP 2-IPX/SPX 3-Apple Talk
-TCP= Transmission Control Protocol [Reliable method] UDP= User Datagram Protocol [Unreliable method]
-‫ا‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫ل‬ ‫ا‬ ‫آ‬.
-‫ات‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬‫ا‬‫ف‬‫ا‬‫ل‬ ‫وا‬ ‫ل‬ ‫ر‬)‫زم‬ ‫ي‬ ‫ا‬ ‫وا‬ ‫وا‬
‫ة‬ ‫ك‬ ‫ه‬ ‫ن‬. (
-‫ا‬ ‫ز‬ ‫وا‬ ‫ا‬ ‫ل‬ ‫ا‬OR [Start->run->IP address]]‫ز‬ ‫ا‬ ‫ا‬[Start->run->
-‫ج‬ ‫أ‬ ‫ا‬ ‫دا‬ ‫أ‬ ‫ج‬ ‫ا‬ ‫ء‬ ‫آ‬Protocol
-‫ز‬ ‫أ‬Repeater‫ه‬)2.5K(‫إ‬ ‫ج‬ ‫ا‬ ‫و‬)4Reapater(‫آ‬ ‫ن‬Repeater500M.
-‫ة‬SwitchHub‫د‬ ‫و‬ ‫ه‬mac table‫و‬ ‫ي‬ ‫ا‬
-‫ء‬ ‫ا‬:MAC table = CAM table = Bridging table)CAM= Content address memory(
-‫و‬ ‫ت‬ ‫ا‬ ‫م‬ ‫او‬ ‫ا‬‫ة‬ ‫ا‬ ‫ا‬.
‫ا‬Network Topology)‫ف‬ ‫ا‬ ‫إ‬ ‫ا‬ ‫ا‬ ‫ر‬(
‫د‬Physical topologyLogical topology
# Network Topologies [Physical]: ‫ا‬ ‫ل‬ ‫أ‬‫د‬ ‫ا‬
‫ع‬ ‫ا‬ ‫ة‬ ‫ا‬ ‫ا‬
1- Bus ‫ا‬ ‫آ‬ ‫ا‬ ‫ن‬ ‫راح‬ ‫ا‬ ‫ا‬
2- Star ‫ا‬ center point‫آ‬ ‫ا‬ ‫ن‬ ‫راح‬
3- Extended
4- Ring ‫ا‬ ‫دم‬No collision
5- Mesh

2008||2012C C N A-6-@@@@
# Network Media : ‫ا‬ ‫ا‬ ‫اع‬ ‫أ‬
1- Copper
Coaxial cable Twisted Pair cable [TP] ‫ف‬ ‫زوج‬
Thick
‫ى‬ ‫ا‬ ‫ا‬=500
‫ت‬ ‫ا‬=10/100/1000
Thin
‫ى‬ ‫ا‬ ‫ا‬=185
‫ت‬ ‫ا‬=10/mbps100
STP
Shielded TP
‫إذا‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬
‫ن‬ ‫آ‬
‫ت‬
ScTP
Screened TP
UTP
UnShielded TP
‫م‬ ‫ا‬ ‫ا‬ ‫ه‬
‫ت‬ ‫آ‬ ‫وا‬ ‫ا‬
2- Fiber
Optical
‫ا‬ ‫ف‬ ‫ا‬
3- Wireless
*‫ا‬ ‫ح‬
‫ر‬ ‫ه‬:
)32(
100 Base T
‫و‬ ‫ا‬BW Baseband ‫أر‬
‫و‬
Broadband‫ء‬ ‫ا‬
‫ا‬
# Ethernet Cabling :
1- Straight-through cable ‫ا‬ ‫ة‬ ‫م‬ ‫و‬
2- Crossover cable ‫ا‬ ‫ة‬ ‫م‬ ‫و‬
3- Rolled cable (Router=>Host) ‫ا‬ ‫او‬)‫ب‬ ‫د‬‫ب‬ ‫أو‬( Config ‫م‬ ‫و‬
‫ة‬
Host & Router ‫ة‬ ‫أ‬
Switch & Hub ‫ة‬ ‫أ‬
Console cable ‫اع‬ ‫أ‬
1-Rollover
)=<(
RG45 RG45
2-adapter
)=<(
RG45 DB9
-‫ا‬ ‫و‬)console port(‫ا‬.

2008||2012C C N A-7-@@@@
Chapter: 2/3
IP Subnetting
* What Is a Subnet?
A subnet is a physical segment of a network that is separated from the rest of the network by a router or routers.
‫ه‬‫ر‬‫اء‬ ‫أ‬ ‫إ‬ ‫ا‬‫ا‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫ن‬
* The benefit from subnet : ‫ة‬ ‫ا‬‫ا‬
1- ‫و‬ ‫ا‬ ‫ا‬
2- ‫ا‬ ‫ف‬ ‫ا‬
* IPv4 :
1- 32 bits.
2- Decimal number representation ‫ل‬ ‫م‬:10.10.1.0
3- Dotted decimal -.-.-.- 4 octets and every octet consist of 8 bits
# Rules : ‫أو‬ IP ‫ا‬ ‫ا‬‫ر‬
1- 0 <= octet <= 255
2- 1 <= octet 1 <= 126 or
128 <= octet 1 <= 191 or
192 <= octet 1 <= 223
3- all host bits must not = 0 broadcast ‫ن‬ ‫ر‬ ‫أ‬ ‫آ‬ ‫آ‬=
all host bits must not = 1 network address ‫ن‬ ‫ات‬ ‫وا‬ ‫آ‬ ‫آ‬=
**** number 127 Trouble shooting ‫ز‬
1 - 126Class A
128 - 191Class B
Used for network
‫ا‬ ‫ا‬ ‫ه‬
‫ت‬ ‫ا‬192 - 223Class C
Multicast
Video – Audio224 - 239Class D
Future240 - 254Class E
*‫ال‬octet‫س‬ ‫ا‬ ‫ع‬ ‫د‬ ‫ا‬ ‫ه‬ ‫ول‬ ‫ا‬
IP
10.10.1.0
Host ID
‫ا‬
capacity of network
Network ID
‫ال‬ ‫ف‬IP‫ال‬host
‫أي‬ ‫د‬Subnet
Subnet Mask
‫ه‬‫ق‬ ‫ا‬
network ID & Host ID
Broad
cast
‫ا‬
Valid
range
Network
address
-
)SM(Subnet Mask
‫ا‬ ‫ل‬
192.168.0.1/24 255.255.255.0
# Rules : ‫أو‬ subnet mask ‫أي‬ ‫ر‬
1- ‫أن‬ ‫ا‬ ‫ا‬‫ر‬ ‫أ‬ ‫ا‬ ‫ن‬
‫ن‬ ‫راح‬‫آ‬‫م‬ ‫ر‬ ‫ا‬‫ا‬‫ا‬‫ه‬
0 or 255 or this number only
0000 0000
1000 0000
1100 0000
1110 0000
1111 0000
1111 1000
1111 1100
1111 1110
1111 1111
0
128
192
224
240
248
252
254
255
Default SMclass
255.0.0.0 / 8Class A
255.255.0.0 / 16Class B
255.255.255.0 / 24Class C
IP
Host IDNetwork ID
‫ء‬ ‫ا‬ ‫ه‬IP
‫ر‬ ‫ا‬
SM
‫ء‬ ‫ا‬ ‫ه‬IP
‫ات‬ ‫ا‬ ‫ا‬
SM

2008||2012C C N A-8-@@@@
‫ا‬ ‫ا‬
‫ا‬IP
---------------------------------1---------------------------------
‫ا‬‫ه‬
‫ر‬‫ا‬
/28 ‫ات‬ ‫ا‬ ‫ا‬ ‫د‬ ‫ا‬ ‫ه‬
2n
= Number of Host + 2
28
27
26
25
24
23
22
21
20
256 128 64 32 16 8 4 2 1
‫ر‬ ‫ا‬ ‫اآ‬
‫ة‬ ‫ا‬ ‫د‬
Number of Host = 2n
- 2
host bitsnumber of=n
or
zero bitsnumber of=
‫دة‬ ‫ا‬ ‫ر‬ ‫ا‬ ‫د‬SM
‫إذا‬ ‫ا‬ ‫ر‬ ‫أ‬:
1-‫ا‬
)‫ا‬ ‫ة‬ ‫ا‬ ‫د‬ ‫أي‬(
2-‫ا‬SM
---------------------------------2---------------------------------
‫ا‬‫ه‬
‫ات‬‫ا‬‫ا‬
‫رات‬ ‫ا‬
Subnet Mask
‫ي‬ ‫وا‬ ‫ن‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬
*‫ال‬ ‫ا‬ ‫زم‬
‫ت‬ ‫ا‬ ‫د‬)‫ا‬(
Number of Subnets = 2y
(default)
Y = new SM -)‫ات‬ ‫ا‬ ‫ا‬ ‫د‬( old SM )‫ات‬ ‫ا‬ ‫ا‬ ‫د‬(
new SM = Y + old SM
‫إذا‬ ‫ا‬ ‫ر‬ ‫أ‬:
1-‫ال‬SM
2-‫ت‬ ‫ا‬ ‫د‬
---------------------------------3---------------------------------
255.255.255.142
‫ا‬ ‫ا‬ ‫درس‬ ‫ا‬
192.7.8.70
‫رات‬ ‫ا‬
Address
‫ن‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬
‫ن‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫م‬ ‫ا‬ ‫درس‬ ‫ص‬ ‫ء‬ ‫أي‬
Block size (BS) = 256 – [ ‫د‬ ‫د‬ ‫أي‬0‫و‬255 ]
:‫آ‬BS‫ة‬‫و‬octetIP.address‫آ‬
‫أ‬octet‫درس‬ ‫ا‬‫وأ‬BS
‫أ‬ ‫ا‬BS‫د‬ ‫ا‬ ‫ه‬ ‫و‬‫ا‬‫د‬ ‫راح‬ ‫ا‬ ‫وه‬‫ادرس‬ ‫وورك‬ ‫ا‬
point-to-point ‫دا‬ /30
‫إذا‬ ‫ا‬ ‫ر‬ ‫أ‬
1-IP valid or not
2- valid rang
3-network address
4-broadcast
‫ن‬ ‫آ‬ ‫إذا‬SM‫ر‬0 & 255
‫ة‬ ‫م‬BS‫ة‬ ‫ول‬ ‫ا‬ ‫ه‬ ‫م‬
Valid rangBroadcastNetwork address
X.0.0.1
X.255.255.254
X.255.255.255X.0.0.0/8
X.Y.0.1
X.Y.255.254
X.Y.255.255X.Y.0.0/16
X.Y.Z.1
X.Y.Z.254
X.Y.Z.255X.Y.Z.0/24
‫أآ‬ ‫ن‬ ‫آ‬ ‫إذا‬subnet mask‫ا‬)‫او‬ ‫ا‬(:
VLSM
Variable Length Subnet Nask
‫و‬ ‫ن‬ ‫آ‬ ‫إذا‬subnet mask‫ا‬)‫او‬ ‫ا‬(:
Non VLSM
*‫أآ‬ ‫ن‬ ‫آ‬ ‫وإذا‬subnet mask‫وأآ‬class==<DisContigous
*‫أآ‬ ‫ن‬ ‫آ‬ ‫وإذا‬subnet mask‫و‬‫وا‬class==<Contigous
Summarization
Larger Network address – smaller Network address = ……
‫ل‬:‫أآ‬ ‫و‬IP
172.16.1.0/24 - 172.16.2.0/24 - 172.16.3.0/24
‫ا‬ ‫ا‬ ‫ح‬ ‫أ‬
28
27
26
25
24
23
22
21
20
256 128 64 32 16 8 4 2 1
172.16.3.0
172.16.1.0
-----------------
020 0
1bit+8bit=9bits
‫آ‬ ‫ا‬ ‫ا‬ ‫ن‬ ‫وراح‬:sm=24-9=15
*‫ال‬Host ID‫و‬Net ID‫وال‬ ‫ا‬ ‫ل‬NET ID‫أ‬ ‫ز‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫د‬.
*‫و‬ ‫آ‬ ‫ا‬ ‫أن‬
*‫درس‬ ‫ا‬ ‫أ‬ ‫ا‬ ‫ا‬ ‫إذا‬IP‫س‬ ‫آ‬ ‫أي‬ ‫وأ‬)‫ل‬octet‫ول‬ ‫ا‬.(

2008||2012C C N A-9-@@@@
Chapter: 4
Cisco Router
Router
External component Internal component
Interface
LAN
E F G 10G
10 100 1000 10000
WAN
-serial
(lease line/frame relay)
- ISDN(BRI/PRI)
-ATM(ATM)
Config port
-console
- auxiliy
Subnet subnet LAN LAN
WAN WAN
1- mother board
2- Rom – Ram
3- Flash memory
4- NVRAM
5-Non Volition RAM
6- CPU
7-power supply
# Internal component ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬
1- ROM ‫آ‬ ‫ا‬ ‫أ‬)‫أ‬ ‫ي‬ ‫ا‬ ‫ا‬(
a) store boot strap protocol & post
b) Rommon ( Ram monitor ) for trouble shooting
c) mini IOS
2- Flash memory :‫ن‬ ‫أ‬
- store IOS Image
3- RAM ‫ك‬ ‫ا‬2-‫ا‬ ‫ا‬‫ا‬ ‫دات‬ IOS :1-
- store decompressed version of IOS Image
- store running config
4- NVRAM ‫ة‬ ‫ذاآ‬
- store startup config
# Tow type from config :
1- Running config ‫ل‬ ‫او‬ ‫ا‬
2- start up ‫وا‬ boot up ‫و‬‫ال‬
Router
Interface Routing table
LAN WAN Config port Static Dynamic
Routing Protocol
Interior Exterior
Distance
Victor
Link
state
Hybrid
Ex:
-RIP
-IGRP
Ex:
-OSPF
Ex:
-EIGRP
Ex:
-BGP
*‫ا‬ ‫ا‬ ‫م‬‫ا‬ ‫م‬‫ات‬ ‫و‬IOS [Internetwork Operating System]:
‫وأ‬:IOS image OR image
‫و‬Reinstall – upgrade
*‫ا‬ ‫م‬ ‫اد‬ ‫ا‬:*.bin
#‫او‬ ‫ا‬ ‫ق‬:
‫م‬‫ا‬‫إ‬
1‫ام‬Console Session)‫أزرق‬ ‫آ‬(‫م‬‫او‬ ‫ا‬ ‫ن‬‫و‬ ‫ا‬ ‫ز‬ ‫ل‬ ‫ا‬ ‫ج‬
2‫ام‬Auxiliary Session)‫أ‬ ‫آ‬‫د‬(‫او‬ ‫ا‬ ‫ن‬ ‫م‬‫راح‬ ‫ا‬ ‫ا‬ ‫ن‬ ‫آ‬ ‫ا‬config‫ا‬ ‫رج‬)‫ل‬ ‫ا‬ ‫ج‬(
Aux‫ا‬ ‫آ‬console
3‫ام‬Telnet Session)‫او‬ ‫ا‬ ‫ن‬ ‫م‬IP‫ل‬ ‫أي‬Config

2008||2012C C N A-10-@@@@
Method for config router
CLI
Command Line Interface
SDM
Security Device Manger
Command GUI
‫او‬ ‫ا‬ ‫ات‬Boot up Router
‫ا‬ ‫ه‬‫او‬ ‫ا‬ ‫م‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬Boot strap ROM‫ال‬ ‫د‬ ‫ا‬ ‫وه‬1‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬
‫او‬ ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫آ‬Run post [Power on self test]2
Load Image [IOS] flash3‫ا‬ ‫م‬
Decompress Image & store decompressed IOS into Ram4‫ام‬ ‫ا‬ ‫ن‬ ‫و‬ ‫ا‬
Display information from post program5‫ت‬ ‫ض‬
‫ا‬start upLoad configuration content from NVRAM6‫ال‬config
‫ء‬NVRAM)‫او‬ ‫ا‬ ‫ن‬ ‫ي‬ ‫وه‬(‫راح‬ ‫ه‬setup mode
*‫ام‬ ‫ا‬ ‫ر‬setup mode:
1-Basic management
Extended setup 2-
*‫دم‬DSL‫راو‬ ‫ي‬ ‫ه‬)‫دي‬(
Any [pc] on the network and has IP
Host [ client // server ]
‫م‬ ‫ا‬End user
‫ز‬ ‫ا‬End system
Edge or interface port or router or hub [terminal]‫أو‬
Commands
Router>
Router>enable OR en ‫ا‬‫ا‬‫و‬
Router#
User Mode
Privileged Mode
Router#disable ‫ا‬‫او‬
Router>
You can go back from privileged mode into user mode
by using the disable command.
Router#config t ‫ل‬ ‫ا‬-‫م‬
Router(config)#
Terminal (any changes save in DRAM )
Memory (any changes save in NVRAM )
Network (any changes save in TFTP or FTP Server)
Router(config)#int f0/0 ‫ل‬ ‫ا‬-‫ص‬
Router(config-if)#
Router(config-if)#exit ‫ا‬ ‫وج‬-‫ص‬
Router(config)#end OR ^Z ‫ا‬ ‫وج‬-‫م‬
Router#
Int = interface , f= fastethernet
Router#? ‫إذا‬‫م‬ ‫ا‬ ‫م‬ ‫ا‬
Router#conf ?
‫ب‬ ‫زر‬ ‫ا‬ ‫أ‬ ‫وف‬ ‫أر‬ ‫اآ‬TAB‫وراح‬
Editing and Help Features
‫إذا‬)Enter(‫ت‬ ‫ا‬
‫إذا‬)Space(‫ت‬ ‫ا‬
Router#config t
Router(config)#host yaser
yaser(config)#
"Hostname"
Router(config)#banner motd $ (( motd= Message of the day))
Hello. This router for center control $
Banners‫روا‬ ‫ا‬ ‫آ‬ ‫و‬ ‫ه‬..‫و‬
‫ء‬ ‫ا‬$‫ا‬ ‫ار‬ ‫ؤ‬Enter

2008||2012C C N A-11-@@@@
Router#show run static route ‫أو‬ ‫وا‬ ‫ا‬ ‫ه‬ ‫اض‬ ‫وا‬ ‫ؤ‬-‫ل‬ ‫إد‬ ‫أو‬ ‫د‬ ‫ر‬ ‫و‬
Router(config)#do sh run
Router#show history
Router#sh start
‫أ‬ ‫أي‬SHOW‫ن‬ ‫زم‬Privileged Mode
‫و‬ ‫و‬ ‫وا‬ ‫ا‬ ‫ض‬Privileged Mode config
‫ض‬ ‫ا‬ ‫ا‬ ‫ه‬10‫أوا‬
‫ال‬ ‫ت‬ ‫ض‬Config
Router1#copy run satart
Router2#copy run satart
Router1#erase start
Router2#erase start
‫ا‬ ‫ا‬ ‫ه‬‫ـ‬ ‫ا‬config‫او‬NV-RAM
‫زا‬ ‫ا‬ ‫ا‬ ‫ه‬Delete the startup-config
Routr(config)#enable password RRRRR ‫رد‬
Routr(config)#enable secret RRRRR ‫رد‬
Routr(config)#NO enable password
Routr(config)#NO enable secret
1-‫ي‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬‫ل‬User Mode
‫إ‬Privileged Mode‫ة‬ ‫أو‬ ‫ة‬
‫ي‬ ‫ا‬ ‫ا‬ ‫زا‬NO‫ا‬
Routr(config)#line cons 0 // aux 0 // vty 0 4 (telnet )‫ه‬ ‫ة‬ ‫ا‬ ‫او‬ ‫ا‬ ‫ع‬
Routr(config-line)#pass RRRRR
Routr(config-line)#login
Routr(config-line)#exec-timeout 5 7
2-console‫و‬Auxiliary‫و‬telnet‫ل‬ ‫ا‬ ‫ا‬ ‫و‬
User Mode‫إ‬Privilege Mode‫ي‬ ‫ر‬ ‫راح‬
‫ي‬ ‫ا‬ ‫ا‬ ‫ل‬ ‫اد‬ ‫و‬ ‫و‬ ‫و‬
5=‫و‬ ‫د‬7=‫ا‬)0 0‫ا‬ ‫راح‬‫ا‬ ‫أ‬(
Routr(config)#enable password RRRRR ‫رد‬
Routr(config)#enable secret RRRRR ‫رد‬
Routr(config)#NO enable password
Routr(config)#NO enable secret
‫ل‬ ‫ي‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬User Mode
‫إ‬Privilege Mode‫أو‬ ‫ة‬‫ة‬
)‫و‬ ‫ه‬passwordPrivilege(
‫ي‬ ‫ا‬ ‫ا‬ ‫زا‬NO‫ا‬
Router#sh run
Router(config)#service password-encryption
Router(config)#no service password-encryption
‫اد‬ ‫ا‬ ‫ا‬ ‫م‬ ‫ر‬ ‫ا‬ ‫و‬
Encrypting Your Passwords
(To cancel previous command)
Router(config)#int f0/0
Router(config-if)#desc Sales Lan
‫رت‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫ي‬ ‫ه‬
‫و‬ ‫و‬Descriptions
[1] Router>en
Router#conf t
Router(config)#int f0/0 AND f0/1
Router(config-if)#no shut
[2]Router(config-if)#ip add 10.10.10.100 255.255.255.0
To config any router interface you must do this steps:
Interface configuration
Add = address
‫او‬ ‫ا‬ ‫و‬ ‫ات‬ ‫ه‬
[3]Router(config)#int s0/0
Router(config-if)#ip address 10.10.20.1 255.255.255.0
Router(config-if)#clock rate 64000
Serial Interface Commands
‫ا‬ ‫ن‬ ‫آ‬DTE‫ا‬ ‫ا‬)‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬(
‫ا‬ ‫ن‬ ‫آ‬DCE‫آ‬ ‫وا‬ ‫ا‬)‫ت‬ ‫ا‬(
Data circuit equipment //// Data terminal equipment
Router#ping 10.10.10.1
Router#sh int f0/0 ‫ا‬ ‫ت‬ ‫ض‬
Router#sh ip int
Router#sh ip int brief
Router#sh controllers serial 0/0
Router#sh ip route
Verifying Your Configuration ‫ه‬ ‫ه‬ ‫ا‬ ‫ر‬‫؟‬ ‫أو‬
Up= ‫ا‬ ‫ء‬ ‫وا‬ ‫ا‬
‫ال‬ ‫آ‬ ‫ض‬interface‫وه‬ ‫وه‬ip‫؟‬ ‫أو‬
‫ض‬interface‫وه‬ ‫ه‬ip‫؟‬ ‫أو‬
‫ه‬ ‫ه‬ ‫ا‬ ‫اض‬DCE or DTE
‫ال‬ ‫ض‬routing table
Router(config)#ip domain-name xp
Router(config)#crypto key generate rsa general-keys modulus 1024
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# username a privilege 15 password 0 a
SDM you must configure
‫أردت‬ ‫إذا‬ ‫ي‬ ‫وا‬ ‫ا‬ ‫ه‬ ‫ا‬
http OR https
‫ف‬A‫و‬ ‫ور‬ ‫وآ‬ ‫م‬ ‫ا‬ ‫أي‬ ‫ه‬0

2008||2012C C N A-12-@@@@
Chapter: 5/6
IP Routing
DHCPIP‫أ‬
‫ا‬DNS‫وا‬WINS
RouterRouteRoutedRouting
‫ز‬ ‫ا‬‫ر‬ ‫ا‬‫آ‬ ‫ا‬‫ا‬‫ول‬
*route types:1- Static 2- Dynamic
1-Static
‫ات‬:
1-‫ه‬ ‫ت‬ ‫إ‬ ‫ذو‬ ‫راو‬ ‫ج‬2-‫أآ‬Security3-‫او‬ ‫ا‬ ‫و‬ ‫ا‬ ‫ا‬
‫ب‬:
1-‫ة‬ ‫ا‬ ‫ت‬2-‫ن‬ ‫إذا‬admin3-‫ل‬‫أآ‬ ‫ء‬ ‫أ‬
‫راو‬ ‫ا‬‫راو‬ ‫وآ‬tow LAN
‫أو‬:Config‫ف‬ ‫ول‬ ‫ا‬ ‫او‬ ‫ا‬Subnet 3 and 4‫ا‬ ‫او‬ ‫ا‬ ‫دة‬ ‫ا‬
R1(config) #IP^route^10.10.3.0^255.255.255.0^10.10.5.2
R1(config) #IP^route^10.10.4.0^255.255.255.0^10.10.5.2
ً:Config‫او‬ ‫ا‬‫ا‬‫ف‬Subnet 1 and 2‫او‬ ‫ا‬ ‫دة‬ ‫ا‬‫ول‬ ‫ا‬
R1(config) #IP^route^10.10.1.0^255.255.255.0^10.10.5.1
R1(config) #IP^route^10.10.2.0^255.255.255.0^10.10.5.1
‫أ‬ ‫ء‬ ‫و‬NO‫ا‬..‫آ‬ ‫و‬R1&2#sh^ip^routeC‫ه‬ ‫ا‬ ‫وه‬
Stub network = network has one exit interface
‫م‬ ‫ا‬Default Route‫ال‬ ‫ف‬ ‫أ‬ ‫أ‬ ‫و‬IP‫ى‬ ‫ا‬
R1(config)#IP^route^0.0.0.0^0.0.0.0^10.10.5.1 ‫ا‬ ‫او‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫و‬
Router#traceroute 10.10.3.1 ‫او‬ ‫ا‬ ‫ى‬ ‫ا‬ ‫ه‬
Router#tracert 10.10.3.1 ‫ا‬ ‫ى‬ ‫ا‬ ‫ه‬
Ping ‫ا‬ ‫ن‬ ‫ون‬ ‫أو‬ ‫ل‬ ‫ا‬ ‫د‬ ‫و‬ ‫أ‬ ‫ه‬
‫ا‬ ‫ن‬ ‫ف‬ ‫و‬ ‫ل‬ ‫ا‬ ‫ن‬ ‫و‬ ‫ر‬ ‫ا‬ ‫ا‬ ‫ر‬
From recourse to destination
2-Dynamic
‫ت‬ ‫آ‬ ‫و‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ه‬
‫ق‬ ‫ا‬
Routing protocol Routed protocol
- ptotocol used for building routing protocol ..
ex:RIP-EIGRP-OSPF
‫ال‬Forwarding table
- protocol used for building packet hat need
to be routed .. ex:TCP/IP-IPX/SPX-Apple talk
‫أ‬ ‫ا‬ ‫ه‬
“autonomous systems” (AS) ‫ا‬ ‫ا‬
-‫ال‬ ‫و‬ ‫و‬ ‫ا‬ ‫ة‬ ‫اء‬ ‫أ‬ ‫إ‬ ‫ات‬ ‫او‬ ‫ا‬ ‫رات‬ ‫ا‬ ‫ز‬ ‫و‬ ‫ه‬subneting‫ا‬ ‫إ‬ ‫ف‬ ‫آ‬
resource‫ا‬ ‫او‬ ‫ا‬‫و‬ ‫ام‬
-‫ر‬AS1‫إ‬65000
#(Interior) Intra-AS = AS ‫دا‬ #(Exterior)Inter-AS = AS -‫رج‬
Gateway router : Direct link to router in another AS

2008||2012C C N A-13-@@@@
Routing table
Static Dynamic
Routing Protocol
Interior Exterior
Distance
Victor
Link
state
Hybrid
Ex:
-RIP
-IGRP (for
Cisco)
Ex:
-OSPF
Ex:
-EIGRP
Ex:
-BGP (for
Cisco)
Interior protocol [details] ‫دا‬ ‫ت‬ ‫آ‬ ‫و‬
Routing Protocol kind *AD **Num ***Algorithm ‫ت‬
RIP 120 Open 15 BellManford Small network
Distance Vector
IGRP 100 Cisco Only 255 BellManford Large network
‫د‬ ‫أ‬ ‫ا‬ ‫وه‬
Hybrid EIGRP 90 Cisco Only 255 Dual
Large network
Protocol RTP
Link State
‫وا‬ ‫ول‬ ‫ا‬ ‫ط‬
OSPF 110 Open No limit Dijkstra Large network
IS-IS
*AD= administrative distance
‫ق‬ ‫ا‬ ‫ا‬ ‫او‬ ‫ا‬
‫ال‬ ‫ف‬ ‫وي‬ ‫ن‬ ‫آ‬ ‫وإذا‬ ‫ا‬ ‫و‬cost
‫رة‬ ‫وه‬hop count
**Max hop count
‫إ‬ ‫أن‬ ‫راو‬ ‫أ‬ ‫آ‬
*** Algorithm ‫ر‬ ‫ا‬ ‫ه‬
Best path selection
‫ء‬ack‫راح‬ ‫راو‬unicast‫او‬ ‫ا‬Protocol RTP:
* Distance Vector Routing[RIP/IGRP]:
1. Max hop count
2. split horizon ‫ا‬ ‫ر‬ ‫إ‬ ‫ا‬ ‫ل‬ ‫إر‬ ‫ب‬ ‫ا‬
3. Route poisoning ‫أو‬+1
4. holddown timers ‫ز‬ ‫ة‬
Convergence time ‫رب‬ ‫ا‬ ‫ز‬
‫ء‬ ‫او‬ ‫ا‬ ‫ي‬ ‫ا‬ ‫ا‬Routing table
[1] Routing Information Protocol (RIP) [Distance Vector]
RIP v2RIP v1
Classless RoutingClassful Routing
net add‫ون‬SM
Support for VLSMNo support for VLSM ‫ا‬ ‫ا‬ ‫أي‬
Support for discontiguous networksNo support for discontiguous networks ‫ا‬ ‫ا‬ ‫أي‬)‫ا‬(
Use broadcast or multicast-D‫س‬ ‫آ‬ ‫م‬Use broadcast
contiguous discontiguous
VLSM FIXED LENGTH SM VLSM Non VLSM

2008||2012C C N A-14-@@@@
* RIP Timers types :
1. update timer: (30 seconds) ‫ر‬ ‫ت‬ ‫ز‬ ‫ة‬ ‫آ‬
2. invalid timer: (180 seconds) ‫ا‬ ‫راح‬ ‫ة‬ ‫ه‬ ‫ل‬ ‫آ‬
3. flush timer: (240 seconds) Routing table ‫ا‬ ‫إذا‬ ‫ا‬ ‫ه‬ ‫ا‬240‫راح‬ ‫آ‬ ‫ء‬ ‫و‬
4. Holddown timer: (180 seconds) ‫ـ‬......
Configuring RIP Routing
R1#config t
R1(config)#router rip
R1(config-router)#net^10.10.1.0
R1(config-router)# net^10.10.2.0
R1(config-router)# net^10.10.5.0
R1(config-router)#ver^2
R1(config-router)#^z == ‫ه‬ ‫ه‬> [control + z]
R1# sh^IP^route
R1#debug^IP^RIP
‫ا‬ ‫او‬ ‫ا‬ ‫ا‬ ‫و‬
‫ا‬ ‫ر‬)‫ه‬ ‫ا‬ ‫وه‬(
-:‫ا‬ ‫ا‬ ‫ا‬ ‫و‬ ‫او‬ ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬
‫إ‬V2‫ا‬ ‫وا‬ ‫ا‬ ‫اص‬ ‫ا‬ ‫دة‬
V1
‫و‬ ‫ا‬ ‫آ‬ ‫ا‬
passive-interface
Router#config t
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#passive-interface s0/0
[2] Interior Gateway Routing Protocol [IGRP] [Distance Vector]
‫ت‬ ‫آ‬EIGRP‫و‬IGRPً ‫د‬ ‫أ‬ ‫ا‬ ‫وه‬
IGRP
Classful Routing
No support VLSM
No support discontiguous networks
Uses an autonomous system number ‫ف‬ ‫ا‬ ‫ن‬ AS ‫ر‬ ‫ن‬ ‫زم‬
Use broadcast
Cisco
* IGRP Timers types :
5. update timer: (90 seconds)
6. invalid timer: (270 seconds)
7. flush timer: (630 seconds)
8. Holddown timer: (280 seconds)
Configuring IGRP Routing
R1#config t
R1(config)#router igrp 10
R1(config-router)#net 10.10.1.0
R1(config)# no router igrp 10
show ip protocols ‫أي‬ ‫ض‬‫او‬ ‫ا‬ ‫دا‬ ‫ل‬ ‫ل‬ ‫آ‬ ‫و‬
debug ip igrp events ‫وأر‬ ‫أ‬ ‫ا‬ ‫آ‬ ‫ا‬
debug ip igrp transactions ‫ا‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ث‬ ‫ا‬ ‫اث‬ ‫ا‬
same RIP with one important difference:
you use an autonomous system(AS) number
(Here10) .
-‫م‬ ‫و‬‫ا‬ ‫او‬ ‫ا‬ ‫ات‬ ‫ا‬
To Delete routing table built by IGRP

2008||2012C C N A-15-@@@@
[3] Enhanced Interior Gateway Routing Protocol [EIGRP][ Hybrid]
*‫ا‬ ‫ت‬ ‫آ‬ ‫و‬ ‫ا‬‫ا‬)TCP/IP - IPX/SPX - APPLE TALK(‫ا‬EIGRP
EIGRP
Classless Routing
support VLSM
support discontiguous networks
Uses an autonomous system number
Cisco
Communication via Reliable Transport Protocol (RTP)
* Build three table :
1- Neighbor table ‫ات‬ ‫او‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ف‬ ‫او‬ ‫ا‬ ‫أن‬ ‫وه‬
2- Topology table ‫ه‬‫ه‬ ‫ا‬ ‫ر‬ ‫وا‬ ‫ان‬ ‫ا‬ ‫ت‬
3- Routing table ‫او‬ ‫رات‬ ‫ا‬ ‫أ‬ ‫و‬ ‫ء‬ ‫ه‬
‫ر‬ ‫وأ‬successor route‫و‬‫أ‬‫ر‬Feasible successor
Load Balance: ‫ا‬ ‫رات‬ ‫ت‬ ‫ا‬ ‫و‬ ‫ل‬ ‫ا‬ ‫ز‬
Configuring EIGRP Routing
• Configuring Discontiguous Networks
R1(config)#router eigrp 100 ‫ر‬ ‫أي‬ ‫و‬ ‫و‬255 AS ‫ر‬ ‫ه‬ ‫ا‬
R1 (config-router)#no auto-summary
• To make manual summarization
Router(config)#int s0/0
Router(config-if)#ip summary-address eigrp 10 192.168.10.64 255.255.255.224
‫و‬ ‫ي‬ ‫و‬
‫ر‬ ‫ا‬ ‫او‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫و‬
‫ا‬
‫ا‬ ‫آ‬EIGRP‫و‬discontiguous
‫م‬ ‫راح‬Auto summarization‫و‬
‫أ‬ ‫إ‬ ‫ا‬IP
:10.10.1.0 ==‫ا‬8/
172.16.0.0 == ‫ا‬24/
‫أآ‬ ‫أ‬ ‫ن‬ ‫و‬no...
show ip route Shows the entire routing table
show ip route eigrp EIGRP‫ب‬ ‫ا‬ ‫ق‬ ‫ا‬ ‫ض‬ Shows only EIGRP entries in the routing table
show ip eigrp neighbors neighbor ‫ض‬ Shows all EIGRP neighbors
show ip eigrp topology Topology table ‫ض‬ Shows entries in the EIGRP topology table
*‫ال‬Auto summary‫ن‬discontiguos‫ف‬ ‫ا‬ ‫وه‬subnetmask
[4] Open Shortest Path First [OSPF] [Link State]
OSPF
Classless Routing
support VLSM
support discontiguous networks
Uses an autonomous system number Area ‫و‬‫ة‬ ‫ات‬ ‫وو‬ ‫م‬ ‫أ‬ ‫إ‬
‫و‬Back bone‫وه‬Area 0-‫ا‬ ‫أه‬ ‫و‬ ‫ي‬ ‫ا‬ ‫د‬ ‫ا‬Convergence time
Support IP only.
Manual Summarization.
Use Wild mask [inverse sm] [Wild card mask]
‫و‬ ‫ر‬ ‫أ‬ ‫إ‬ ‫ات‬ ‫ا‬ ‫ا‬ ‫وه‬‫وا‬ ‫إ‬ ‫ر‬ ‫ا‬‫ات‬

2008||2012C C N A-16-@@@@
*:‫ال‬OSPF‫م‬Wild Mask‫م‬ ‫و‬Subnet mask
*config OSPF‫ن‬ ‫زم‬area 0‫و‬Backbone
*S3 [AD/cost]
‫ب‬Wild Mask‫ة‬...:
/28 255.255.255.240
255.255.255.255
--------------------
0 . 0 . 0 . 15
* Build three table :
1- Neighbor table
2- Topology table
3- Routing table
100,000
Cost (metric) = ‫ـــــــــــــــــــــــــــــ‬
BW [kilo]
‫أ‬IP]Identification[.is the highest IP address used to identify the router:)RID(Router ID
.is an interface on a routerLink
Link-State: the status of link between two routers ‫ا‬
.)topological database(atabasestate d-Link
Area: ‫ا‬ ‫دل‬ ‫و‬ AS ‫ء‬
Routing table: ‫رات‬ ‫ا‬ ‫أ‬‫او‬ ‫ا‬
Adjacencies router : DR and BDR ‫و‬ ‫ا‬ ‫ات‬ ‫او‬ ‫او‬ ‫ا‬ neighbor router ‫ال‬
Designated router (DR) : ‫ا‬
backup designated router (BDR): ‫ا‬
)‫و‬ ‫ا‬ ‫ه‬ ‫ده‬ ‫و‬ ‫ف‬ ‫ا‬(‫ب‬ ‫ا‬ ‫ق‬DR‫و‬BDRDR election based on:#
1- Priority [highest] ‫ن‬ ‫ا‬1‫او‬ ‫ا‬)‫أه‬ ‫أ‬=255(
2- RID [highest] ‫او‬ ‫ا‬ IP ‫أ‬
‫ات‬ ‫او‬ ‫ا‬ ‫و‬)‫ا‬(DRouter
Point-to-Point‫ب‬ ‫ا‬DR‫و‬BDR
DR & BDR ‫ب‬ ‫ا‬ ‫ن‬
- Multiaccess Broadcast Net [ Ethernet : ]
- Multiaccess NonBroadcast Net [ Frame Relay : ]
Configuring OSPF Routing
R1#config t
R1(config)#router ospf 1
R1(config-router)#net 10.10.1.0^0.0.0.255 area 0
* To change priority
Router(config)#int s0/0
Router(config-if)#ip ospf priority 2
‫وا‬ ‫ر‬=‫او‬ ‫ا‬Process ID [local]‫أ‬ ‫ا‬ ‫او‬ ‫ا‬ ‫و‬2
‫و‬ ‫ه‬wild Mask‫أ‬ ‫ر‬ ‫أ‬ ‫إن‬ ‫و‬ospf‫أآ‬config
-‫ا‬ ‫او‬ ‫ا‬ ‫ادات‬ ‫ا‬ ‫ي‬
Priority‫ول‬ ‫ا‬ ‫ه‬ ‫ى‬ ‫ا‬ ‫او‬ ‫ا‬DR

2008||2012C C N A-17-@@@@
show ip route
‫أ‬ ‫ن‬‫او‬ ‫ا‬ ‫آ‬ ‫إذا‬ ‫إ‬ ‫أ‬ ‫ر‬ ‫أ‬ ‫و‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫ق‬ ‫ا‬ ‫ف‬
Shows the entire routing table
show ip ospf
Display OSPF information for one or all OSPF processes running
on the router.
show ip ospf database the number of links and the neighboring router’s ID
show ip ospf interface Displays all interface-related OSPF information.
Loop back Interfaces
*‫ال‬RID‫أ‬IP
*shot downIP‫راح‬ ‫ه‬ ‫و‬ ‫راح‬config‫ر‬ ‫راح‬ ‫ا‬ ‫وه‬
‫أ‬ ، ‫ا‬IPlogical IP‫ا‬ ‫ء‬ ‫ا‬ ‫ا‬.
Loopback interfaces are logical interfaces
‫أ‬Logical IP‫ا‬ ‫ء‬ ‫أ‬Physical IP
‫أ‬ ‫أ‬Logical IP‫أ‬ ‫وإذا‬Physical IP
Configuring Loop back Interfaces
R1(config)#int loopback 0
R1(config-if)#ip address 172.16.10.1 255.255.255.255
R1(config-if)#no shut

2008||2012C C N A-18-@@@@
Chapter: 7
Managing Traffic with
Access Control Lists [ACL]
ACLR
C1 permit HTTP
C2 permit SMTP
C3 deny FTP
‫آ‬ ‫ا‬ ‫اء‬ ‫ا‬action
‫آ‬ ‫ا‬ ‫اع‬ ‫أ‬action
deny‫ح‬permit
ً:
R1 [OK] HTTP
R2 [NO] FTP
implicit deny
‫وف‬ ‫ء‬ ‫ء‬
ً:TELNET‫ا‬ ‫ا‬ ‫ن‬
A
C
L
-‫و‬ ‫وا‬ ‫ل‬ ‫ا‬ ‫و‬ ‫وج‬ ‫ا‬ ‫أو‬ ‫ل‬ ‫ا‬ ‫أر‬ ‫أ‬ ً ‫أو‬‫ج‬.
-‫ة‬:‫أآ‬ ‫ءت‬ACL‫و‬ ‫ف‬.
Types of access lists [ACL]
Named
‫ر‬ ‫و‬ ‫ا‬ ‫أ‬ ‫ق‬ ‫ا‬ ‫ه‬
BlockSales
ExtendedStandard
ExtendedStandard
-choose from rang ‫ر‬ ‫أ‬ ‫زم‬
100-199 or 2000-2699
- Conditions based on:
1) Action ( deny or permit)
2) Transport protocol(TCP or UDP)
(if any packet made by app protocol
‫ا‬ ‫ل‬ ‫ل‬ ‫آ‬ ‫و‬ )
3)Source address
(Host-Subnet-Any)
4)destination address
(Host-Subnet-Any)
5)Application protocol that built
packet
-choose from rang ‫ر‬ ‫أ‬ ‫زم‬
1-99 or 1900-1999
- Conditions based on:
1) Action ( deny or permit)
2) Source address of packet:
0Host(single IP)
0Subnet(many IP)
0Any
[1] Standard access lists [ACL]
Conditions )‫ه‬ ‫ن‬ ‫ه‬ ‫ا‬ ‫وط‬ ‫ا‬( :
- source address
- action ( permit or deny )
Source
Host Subnet Any

2008||2012C C N A-19-@@@@
Configuring Standard [ACL]
[1] Create conditions , Determine specific IP
Router(config)#access-list 10 deny host 172.16.30.2 ‫وا‬ ‫ز‬
OR
Router(config)#access-list 10 deny 0.0.0.0 172.16.30.2
Determine any packet
Lab_A(config)#access-list 10 permit any ‫ق‬ ‫وط‬ ‫ا‬ ‫ا‬ ‫ي‬ ‫ا‬
OR
Lab_A(config)#access-list 10 permit 0.0.0.0 255.255.255.255
Lab_A(config)#access-list 10 deny 172.16.30.2 0.0.0.255 ‫آ‬
‫آ‬ ‫ا‬ ‫أ‬ ً ‫دا‬ACL‫ل‬ ‫ا‬ ‫ن‬Dest[2] Assign ACL on interface
Router(config-if)#ip access-group 10 out
* Controlling VTY (Telnet) Access
Lab_A(config)#access-list 50 permit host 172.16.10.3 telnet ‫م‬ ‫إ‬ ‫ا‬ ‫وا‬ ‫ح‬
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 50 in
R(config)#no access-list 10 or 50 'which number you chose it'
Any ==> 0.0.0.0 255.255.255.255
Host 0.0.0.0
‫آ‬ ‫أي‬ ‫ه‬ ‫ه‬ ‫وا‬ ‫ط‬‫ا‬ ‫ه‬
‫ا‬172.16.30.2
‫ه‬wide mask
make the dest OUT
‫ه‬ ‫ه‬ ‫ا‬out
‫ا‬
R (config-if)#ip access-group 10 IN
‫ة‬in‫ة‬ ‫و‬out
‫ء‬ ‫إ‬‫ال‬ACL
*‫ا‬ ‫ي‬ ‫ا‬ ‫ل‬:
1-‫ا‬ ‫د‬ ‫إ‬‫ك‬BS
2-Network address‫و‬Broadcast
3-‫ج‬ ‫و‬)wide mask(
4–‫آ‬ ‫ا‬ ‫ن‬:R (config)#access-list 10 deny 172.16.30.0 0.0.0.0
‫ال‬IP‫ن‬ ‫ول‬ ‫ا‬Network address‫ال‬ ‫ن‬ ‫وا‬wide mask
[2] Extended access lists [ACL]
* Extended ACL:
1- source 2- destination 3-protocol[packet type] 4-action
‫ه‬ ‫ة‬
-Assign ACL on source interface and make the direction IN
‫ل‬1:
action source dest Protocol
Telnet
R(config)#access-list 110 deny TCP any 172.16.1.0 0.0.0.255 eq 23
‫ل‬ ‫آ‬ ‫و‬ ‫ن‬ ‫آ‬ ‫إذا‬ ‫ا‬ ‫ه‬ ‫م‬APP layerTCP HTTP/TELNET/FTP/SMTP
‫ال‬ ‫ن‬ ‫آ‬IPAPP layer‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ع‬ ‫أآ‬ ‫ج‬TCP/UDP
:‫إ‬ ‫ل‬ ‫ا‬ ‫ع‬ ‫ز‬ ‫آ‬desAny
DestSource
AnySubnetHostAnySubnetHost
‫ز‬ ‫أي‬subnetSingle IP
‫وا‬ ‫ز‬
‫ل‬2:
R(config)#access-list 110 deny TCP host 10.10.1.1 host 10.10.2.50 eq FTP
‫ا‬ ‫ا‬ ‫ه‬ ‫أ‬ ‫ا‬
R(config)#access-list 110 permit IP any any
Configuring Extended [ACL]
[1] Create conditions
Lab_A(config)#access-list 110 deny tcp any host 172.16.30.2 eq 23
Lab_A(config)#access-list 110 permit ip any any
[2]Assign ACL on interface ‫ا‬ ‫وه‬ ‫ا‬ ‫ا‬
Router(config)#int f0/0 ‫رس‬ ‫ا‬==<
Router(config-if)#ip access-group 110 in

2008||2012C C N A-20-@@@@
[3] Named access lists [ACL]
Configuring Named [ACL]
* To create named access list: -
[1] Create ACL
Lab_A(config)#ip access-list standard BlockSales
Lab_A(config-std-nacl)#deny 172.16.40.0^0.0.0.255 ‫ة‬ ‫ط‬ ‫ا‬ ‫ا‬
Lab_A(config-std-nacl)#permit any
[3] Assign ACL to interface
Lab_A(config)#int e1
Lab_A(config-if)#ip access-group BlockSales out
Time-Based ACLs ‫ت‬ ‫أو‬ ‫وط‬ ‫ا‬ ‫أ‬ ‫آ‬
[1] create a period
Router(config)#time-range no-http ‫ا‬ ‫ل‬ ‫ء‬ ‫وض‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫ه‬
Router(config-time-range)#periodic weekend 06:00 to 12:00 ‫ء‬ ‫ا‬ ‫وا‬ ‫ح‬ ‫ا‬ ‫ه‬ ‫ول‬ ‫ا‬
[2] attach the created period to ACL
Router(config)#ip access-list extended Time ‫ا‬
Router(config-ext-nacl)#deny tcp any any eq www time-range no-http
[3] Assign ACL on interface
Router(config-ext-nacl)#interface f0/0
Router(config-if)#ip access-group Time in
Remarks
** Uses in Extended ACL
R(config)#access-list 110 remark Permit Bob from Sales Only To Finance ‫ا‬-‫ء‬ ‫أي‬
R(config)#access-list 110 permit ip host 172.16.10.1 172.16.20.0 0.0.0.255
R(config)#access-list 110 permit ip any any
** Uses in Named ACL
R(config)#ip access-list extended No_Telnet
R(config-ext-nacl)#remark Deny all of Sales from Telnetting to Marketing ‫ء‬ ‫أي‬
R(config-ext-nacl)#deny tcp 172.16.30.0 0.0.0.255 172.16.40.0 0.0.0.255 eq 23
Switch Port ACLs
S1(config)#mac access-list extended My_MAC_List ‫ا‬
S1(config-ext-macl)#deny any host 000d.29bd.4b85 ‫ا‬ ‫ر‬‫ك‬
S1(config-ext-macl)#permit any any
[2] Assign ACL on port
S1(config-ext-macl)#int f0/6
S1(config-if)#mac access-group My_MAC_List in
R#show access-list ip/ipx/apple ‫ـ‬ ً‫ا‬‫اء‬ ‫او‬ ‫ا‬ ‫ا‬ ACL ‫آ‬ ‫ض‬
R#show access-list 110 ‫ا‬110 ACL ‫ض‬
R#show ip access-list IP ‫ا‬ACL ‫ض‬
‫آ‬ ‫ض‬‫ء‬interface‫ن‬ ‫آ‬ ‫وإذا‬ACL‫أو‬R#show ip interface
R#show running-config ‫ء‬ ‫آ‬
R#Show mac access-group MAC ‫ا‬ACL ‫ض‬
named Exten‫ا‬ ‫ل‬ ‫ط‬ ‫ا‬
1-Standard to Extended
2- ‫إ‬ ‫وإ‬ ‫ا‬ ‫ط‬ ‫ا‬ ‫ل‬ ‫أ‬
deny tcp 10.10.1.0^0.0.0.255 host 10.10.2.2 eq ftp
permit ip any any
3- out to in
named
Weekend‫او‬ ‫ا‬ ‫وف‬ ‫ا‬
www or 80 or HTTP
‫م‬ ‫ا‬:
Saturdays
sundays
‫ت‬ ‫ا‬
‫ف‬ ‫ا‬ ‫ت‬ ‫ي‬
[ACL]‫وش‬
Remark‫دة‬Ext & named
ACL
‫ا‬ ‫ى‬
‫ا‬ ‫ه‬subnet
host OR any
‫ال‬ ‫ه‬ipmac
‫دا‬any‫أ‬ ‫راح‬ ‫إ‬ACL‫آ‬
‫ال‬ ‫م‬ ‫ا‬ ‫ي‬ ‫وه‬range
S1(config-ext-macl)#int range f0/6-10

2008||2012C C N A-21-@@@@
Chapter: 8
Managing Cisco IOS Software
This things we will learn it in this chapter : ‫ا‬ ‫ا‬ ‫ه‬ ‫راح‬ ‫ا‬ ‫ء‬ ‫ا‬ ‫ه‬
1- Password Recovery
2- Back up IOS
3- Restore IOS
4- Upgrade IOS
5- Back up [ for config ]
6- Restore [ for config ]
7- CDP [ protocol ]
* Router Boot Sequence:
1- The router performs a POST.
2- The bootstrap looks for and loads the Cisco IOS software
3- The IOS software looks for a valid configuration file stored in NVRAM
4- If a startup-config file is in NVRAM, the router will load and run this file
Configuration register
* It is 16-bit software register that’s written into NVRAM
* configuration setting on Cisco routers is 0X2102 This default
‫ا‬0x‫ـ‬ ‫ب‬ ‫ن‬Hexadecimal‫ر‬ ‫آ‬ ‫ن‬ ‫و‬4‫آ‬=16
* Notice that bit 6 can be used to ignore the NVRAM contents. If it is enabled.
Bit number 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
Binary 0 0 2 0 0 0 0 1 0 0 0 0 0 0 1 0
Config Register 2 1 0 1
Here the important thing for me the bit number 6 if was:
0 load NVRAM content [start up config] ‫رد‬ ‫ي‬
1 Ignore NVRAM content ‫رد‬ ‫ا‬–‫ه‬ ‫ي‬
‫ا‬ ‫و‬OS 2142‫م‬:Here are the main steps to password recovery:
To know the value of config Register , use this commend :
R#sh ver
[1]
R> ‫ا‬ ‫وا‬ ‫ا‬ ‫ا‬ ‫آ‬ ‫ن‬ ‫او‬ ‫ا‬
‫أ‬ ‫ا‬ ‫رد‬ ‫ا‬ ‫و‬ ‫ه‬)‫او‬ ‫ا‬ ‫وأ‬ ‫ء‬ ‫أ‬(‫أ‬ ‫ة‬ ‫و‬Ctrl+Pause/Break‫ا‬ ‫ا‬ ‫ن‬:
rommon 1 >
[2] Changing the Configuration Register to ignore NVRAM contents
rommon 1 > confreg 0x2142
[3] Reloading the Router and Entering Privileged Mode by this command
2142‫ي‬ ‫أ‬ ‫أو‬ ‫او‬ ‫ا‬ ‫وأ‬ ‫ء‬ ‫أ‬ ‫زم‬resetrommon 1 > reset
The router will reload and ask if you want to use setup mode answer NO.
R>en
[4] Copy startup-config to running-config in Privileged Mode by using this command
R#copy start run config ‫ال‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫أ‬ >>>>>>>>>>>>>>>>
[5] Change password by setting new password
Router#conf t
Router(config)#enable secret kkkk
[6] Change the value of configuration register to enable NVRAM contents
Router(config)#config-register 0x2102 privilege mode config register ‫ال‬
[7] Save your work ‫ا‬
Router#copy run start
[8] Reload router to activate changing of configuration register
Router#reload
‫ر‬ ‫ا‬ ‫ا‬6‫وا‬ ‫ا‬ ‫إ‬
‫ي‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫و‬ ‫م‬
‫ا‬ ‫ا‬ ‫ن‬ ‫او‬ ‫ا‬ ‫أ‬ ‫ا‬ ‫ا‬
rommon 1 >
‫و‬rom monitor
runstart
Old
new
‫ال‬restrommon
‫وال‬reloadprivilege mode

2008||2012C C N A-22-@@@@
WINDOWS
‫ف‬ ‫ر‬ ‫و‬ ‫و‬
UDP
TFTP
‫ا‬ ‫ه‬v12
FTP
HTTP
WINDOWS
‫ف‬ ‫ر‬ ‫و‬ ‫و‬
TCP
HTTPs
Backing Up the Cisco IOS
** To back up the Cisco IOS to a TFTP server, you use this command
R#copy flash FTP ‫ل‬ ‫ا‬ ‫إ‬ ‫ر‬ ‫ا‬
OR
R#copy flash TFTP ‫ا‬ ‫ه‬ ‫أ‬ ‫ر‬ ‫ا‬
‫ا‬ ‫ا‬ ‫ش‬ ‫ا‬ ‫ا‬ ‫راح‬ ‫ا‬ ‫ا‬ ‫ا‬)‫ا‬(‫أو‬ ‫ا‬ ‫ه‬ ‫ا‬ ‫آ‬ ‫و‬
‫ا‬ ‫م‬ ‫ي‬ ‫ا‬ ‫ه‬ ‫زك‬ ‫ا‬ ‫وراح‬ ‫ا‬ ‫م‬ ‫راح‬ ‫ه‬ ‫ا‬Inetpub
* To know the name of the IOS image , use this command :
R#sh flash ‫ع‬ ‫وا‬ ‫وا‬ ‫ة‬ ‫ا‬ ‫وا‬ ‫ش‬ ‫ا‬ ‫ا‬
or
R#sh ver ‫ا‬‫ش‬ ً ‫آ‬ ‫ام‬
or
R#dir flash:
‫ا‬ ‫ف‬ ‫وأ‬image‫اده‬ ‫ا‬ ‫ن‬----.bin
restor‫ع‬ ‫ا‬R#copy FTP flash
Router#ping FTP_server
* IOS file system
Router#show file info flash:c1841.bin
Router#delete flash:c1841.bin
Router#pwd ‫ا‬‫ا‬ ‫أ‬ ‫ا‬ ‫ري‬ ‫آ‬ ‫ا‬
1-‫وز‬ ‫ا‬ ‫ه‬ ‫ة‬ ‫أول‬FTP‫ل‬
‫إ‬ ‫ا‬/‫ت‬ ‫ا‬ ‫ا‬ ‫إزا‬
IIS=>internet info service
‫دة‬ ‫ا‬ ‫وا‬ ‫ا‬ ‫م‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬
‫وس‬ ‫ا‬
‫أآ‬config‫ه‬NVRAM
1-‫ر‬ ‫د‬ ‫و‬ ‫آ‬ ‫أ‬
2-‫آ‬ ‫أ‬FTP
‫ه‬ ‫ا‬ ‫م‬ ‫اد‬ ‫ا‬----.bin
** To copy the router’s configuration from a router to a FTP server
Router#copy run FTP ‫ق‬ ‫و‬ ‫ن‬ ‫ا‬ ‫ه‬
or
Router#copy start FTP
** Copying the Current Configuration to NVRAM
Router#copy run start
** If you did copy the router’s configuration to a TFTP server as a second
backup, you can restore the configuration
Router#copy TFTP run or ftp
‫ي‬ ‫أ‬backupconfig
‫أ‬‫اع‬config
1- start
2- run
‫ال‬ ‫ع‬ ‫إر‬config

2008||2012C C N A-23-@@@@
Cisco Discovery Protocol (CDP) [L2]
-‫راح‬ ‫ن‬ ، ‫ت‬ ‫و‬ ‫ات‬ ‫راو‬ ‫ل‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ه‬.
-‫و‬:‫و‬ ، ‫ا‬ ‫إ‬ ‫آ‬ ‫راو‬ ‫آ‬ ‫إن‬‫و‬ ‫آ‬ ‫ا‬L3 Troubleshooting
how often CDP packets are transmitted to all
active interfaces.
CDP timer
‫ر‬ ‫ز‬ ‫ة‬ ‫آ‬
‫ت‬ ‫أو‬ ‫ات‬ ‫راو‬ ‫ا‬ ‫و‬
the amount of time that the device will hold
packets received from neighbor devices.
CDP holdtime
‫و‬ ‫ز‬ ‫ة‬)‫ر‬ ‫ا‬ ‫د‬ ‫ا‬ ‫ا‬ ‫وه‬(
‫ه‬ ‫ل‬ ‫دة‬ ‫ة‬ ‫ر‬ ‫ه‬ ‫ا‬ ‫ت‬ ‫ا‬
‫ا‬
Configuration
Router#sh cdp
** Use the global commands cdp holdtime and cdp timer to configure the CDP holdtime and timer on a router:
Router(config)#cdp timer 90 ‫آ‬ ‫م‬ ‫إ‬ ‫ا‬ ‫ا‬60‫أر‬ ‫آ‬ ‫ا‬ ‫و‬
Router(config)#cdp holdtime 240 ‫آ‬ ‫م‬ ‫إ‬ ‫ا‬ ‫ا‬180‫أر‬ ‫آ‬ ‫ا‬ ‫و‬
** Gathering Neighbor Information by using this command
Router#sh cdp nei detail ‫ا‬ ‫ض‬
** Gathering Interface Traffic Information including the number of CDP packets sent and received and the
errors with CDP.
Router#sh cdp traffic ‫ا‬ ‫وآ‬ ‫أر‬ ‫آ‬ ‫ض‬
** Gathering Port and Interface Information including CDP status on router interfaces or switch ports.
Router#sh cdp interface CDP ‫ا‬
** To turn off CDP on one interface on a router,
Router(config)#int s0 ‫وأ‬ ‫او‬ ‫ا‬ ‫أد‬ ‫ا‬ ‫أ‬ ‫إذا‬
Router(config-if)#no cdp enable

2008||2012C C N A-24-@@@@
Chapter: 9
Switching Layer2
‫ال‬Mac address‫ن‬48bits=<=hexadecimal
* Three Switch Functions at Layer 2:
1. Address learning MAC table ‫ء‬ ‫ه‬
2. Forward[if Destination known‫وف‬ ]/filter[if Destination unknown‫وف‬ ]
source ‫س‬ ‫ا‬ ‫ا‬ ‫ا‬)‫ر‬ ‫ا‬( Broadcast ‫ي‬
3. Loop avoidance (Broadcast storm)
-‫آ‬):multi-link(
-‫ا‬IP‫وا‬
‫ب‬ ‫ا‬ ‫ل‬ ‫آ‬* Spanning Tree Protocol (STP) :
‫ب‬ ‫ا‬ ‫ه‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ة‬ ‫ا‬loop avoidance‫ا‬ ‫ا‬layer2
1-‫د‬ ‫و‬ ‫ه‬ ‫ا‬multi-link‫وا‬ ‫ر‬ ‫وأ‬ ‫رات‬ ‫ا‬ ‫أ‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ه‬single link‫ي‬ ‫وه‬logical
2-‫ر‬ ‫ا‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫م‬closed path‫إ‬open path
* STP steps ‫ات‬‫ا‬‫ب‬‫وا‬ :
1- elect(‫ب‬ ‫)ا‬ Root Bridge (switch) based on :
a) priority [less] ‫ر‬ ‫أ‬‫أ‬‫أه‬)‫ا‬ ‫ا‬ ‫ه‬ ‫ا‬ ‫ر‬‫ه‬ ‫ت‬32,768(
b) Bridge ID (BID) MAC address [less] ‫ر‬ ‫أ‬ ‫ر‬ ‫أ‬
‫ا‬ ‫وا‬ ‫ت‬ ‫ا‬Non-RB‫ـ‬ ‫ا‬ ‫ر‬ ‫ا‬ ‫ن‬DP:
a) priority ‫ء‬ ‫أ‬)‫ت‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ا‬ ‫ر‬‫ه‬32,768(
b) BID (MAC ‫ء‬ ‫أ‬)‫ـ‬ ‫ا‬ ‫د‬ ‫ا‬ ‫ه‬
2- All ports on (Root Bridge) become [(designated port) [Forward Port]
‫رت‬ ‫روورد‬ ‫ج‬ ‫وت‬ ‫ا‬ ‫ت‬ ‫ر‬ ‫ا‬ ‫آ‬
3- Remaining Bridge[sw] become [Non-Root Bridge]
‫ت‬ ‫ر‬ ‫ا‬‫ا‬ ‫ت‬ ‫ا‬Non-Root Bridge
4-For each Non-Root Bridge only one Root Port
‫ت‬ ‫ا‬Non-RB‫ج‬ ‫روت‬ ‫ن‬ ‫ا‬ ‫وه‬ ‫وا‬ ‫رت‬ ‫روت‬)‫ا‬ ‫ب‬ ‫ا‬(
#‫أآ‬ ‫ي‬ ‫إذا‬multi-link‫م‬STP‫وا‬ ‫رت‬ ‫روت‬ ‫ر‬‫آ‬ ‫ن‬ ‫ر‬ ‫ا‬ ‫و‬ ‫ت‬ ‫ا‬:
a) cost ‫ا‬ ‫ر‬ ‫وى‬ ‫وإذا‬ ‫ء‬ ‫أ‬ ‫ر‬ ‫أ‬
Speed Cost
2 10G
4 G
19 F
100 E
‫م‬ ‫ر‬ ‫ا‬ ‫ه‬ ‫ن‬
b) Port number ‫ء‬ ‫أ‬ ‫ر‬ ‫أ‬
‫ا‬ ‫ب‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫ر‬ ‫ه‬ ‫ا‬f0/0 or f0/2 or f0/3
5- For each segment only one Designated Port [Forward Port]
‫ـ‬ ‫د‬ ‫ا‬segment‫ا‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ه‬
‫ن‬ ‫ا‬ ‫ا‬RB‫ه‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫ا‬ ‫ن‬DP‫ا‬ ‫ا‬ ‫رت‬ ‫ا‬ ‫وا‬RP‫رت‬ ‫ي‬ ‫و‬DP‫و‬RP‫ي‬ ‫راح‬
block
‫ت‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ا‬ ‫ا‬BPDU: Bridge Protocol Data Unit

2008||2012C C N A-25-@@@@
‫أ‬ ‫أ‬[STP]Spanning-Tree Port States
1- Blocking 2- Forwarding
Configuring Cisco Catalyst Switches
*** Setting the Passwords
Switch(config)#enable password todd -----> non Encrypted
Switch(config)#enable secret todd -----> Encrypted
*** Setting the Hostname
Switch(config)#host S2950
*** Port Security
Switch(config)#int f0/1
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security violation shutdown
‫ز‬ ‫ا‬==<MAC Address
-‫آ‬ ‫اآ‬ ‫أو‬ ‫ك‬ ‫ا‬ ‫أ‬ ‫ه‬sticky‫و‬sticky‫ك‬ ‫ا‬ ‫ف‬ ‫ا‬ ‫ه‬
-‫د‬‫ـ‬ ‫ح‬ ‫ا‬ ‫ة‬ ‫ا‬MAC Address
-‫ا‬ ‫ا‬ ‫ه‬ ‫راح‬ ‫ا‬ ‫ك‬ ‫ا‬ ‫ات‬ ‫د‬ ‫زاد‬)‫أ‬ ‫أ‬(‫ز‬ ‫ا‬ ‫ء‬ ‫إ‬ ‫وه‬
S(config)#int range f0/1–5 ‫ي‬ ‫إذا‬Security‫رت‬ ‫رت‬ ‫ال‬ ‫ت‬ ‫ر‬ ‫ا‬
*** Setting IP Information
S2950#config t
S2950(config)#int vlan1
S2950(config-if)#ip address 172.16.10.17 255.255.255.0
S2950(config-if)#no shut
S2950(config-if)#exit
S2950(config)#ip default-gateway 172.16.10.1
‫آ‬ ‫ا‬host
‫ء‬ ‫إ‬ ‫آ‬IP
‫دا‬‫ر‬ ‫ا‬ ‫ا‬VLAN1
‫ت‬ ‫ا‬1‫إ‬2
S#sh mac address-table
S#sh spanning-tree RB ‫و‬ Non-RB‫ض‬
Sw(config)#spanning-tree vlan 1 priority 16384
OR
S1(config)#spanning-tree vlan 1 root primary
‫ال‬ ‫ض‬MAC Address Table
‫ال‬Priority‫ووت‬ ‫ا‬ ‫ن‬ ‫أ‬ ‫ه‬ ‫وأ‬
‫ال‬ ‫ن‬ ‫راح‬BridgeRoot
‫ة‬ ‫و‬ ‫ا‬ ‫إ‬
‫رت‬ ‫ا‬ ‫أ‬Fast‫ر‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫أ‬ ‫ن‬:
‫ا‬ ‫ا‬50Block (20 sec)BPDU
Listening (15 sec)DPDU‫و‬
Learning (15 sec)BPDU‫ء‬ ‫رك‬ ‫و‬ ‫و‬MAC ADD TABLE
Forward
‫ت‬ ‫ا‬ ‫ه‬BPDUGuard‫و‬BPDUFilterPortFast
S2950(config)#int range f0/3-4
S2950(config-if-range)#spanning-tree portfast
S2950(config-if-range)#spanning-tree bpduguard enable
S2950(config-if-range)#spanning-tree bpdufilter enable
‫ل‬ ‫ا‬BPDU
Spanning Tree UplinkFast
‫أ‬NonRoot
‫ة‬:‫ي‬ ‫ن‬ ‫أ‬
‫رت‬ ‫ن‬ ‫أول‬
‫ال‬root‫و‬nonroot50‫رت‬
S2950(config)#spanning-tree uplinkfast
Spanning Tree BackboneFast
‫ر‬
‫ا‬root‫و‬nonroot‫ت‬ ‫ا‬ ‫آ‬ ‫و‬
S2950(config)#spanning-tree backbonefast
Erasing the Switch Configuration
S2950#erase startup-config

2008||2012C C N A-26-@@@@
Chapter:10
Virtual LANs [VLAN]
‫ال‬ ‫ا‬VLAN:
1-‫إ‬subnetinterface‫ال‬ ‫ا‬subnet‫د‬interface
-‫ال‬ ‫او‬ ‫ا‬one physical interface‫ي‬4.2‫ن‬logical interface
F0/1.1‫ا‬ ‫ه‬sub interface
-‫أآ‬ ‫ي‬ ‫أ‬ ‫ر‬ ‫أ‬1024‫ا‬ ‫ق‬ ‫ا‬ ‫ي‬ ‫ا‬ ‫آ‬ ‫أآ‬ ‫ن‬
2-physical limitation)‫وأر‬ ‫ا‬ ‫أ‬ ‫ر‬ ‫ن‬ ‫ا‬ ‫ن‬ ‫آ‬(
3-broadcast‫و‬
4-‫ن‬ ‫ا‬)‫أآ‬subnet(
-‫أآ‬ ‫إذا‬VLAN‫أر‬ ‫ن‬ ‫او‬ ‫ج‬ ‫ا‬
-‫إذا‬VLAN‫إ‬ ‫ة‬ ‫ا‬ ‫ا‬subnet‫ت‬ ‫ا‬ ‫آ‬ ‫و‬ ‫راو‬ ‫ون‬ ‫ا‬ ‫أ‬ ‫ا‬
-‫م‬ ‫ا‬ ‫ا‬ ‫ر‬ ‫أ‬VLAN‫آ‬ ‫و‬‫آ‬ ‫أ‬)/‫ق‬(‫ت‬ ‫أو‬
-‫ا‬ ‫ت‬)Ports(‫دة‬ ‫ن‬VLAN1‫أي‬ ‫ء‬ ‫إ‬ ‫أرد‬ ‫إذا‬ ‫و‬VLAN‫أ‬VLAN2‫أن‬ ‫آ‬VLAN1‫ـ‬ ‫وآ‬
Administrator
*‫و‬ ‫و‬ ‫دم‬ ‫ا‬collision domain
1-‫ب‬ ‫ا‬Hub
‫دم‬ ‫ا‬‫آ‬ ‫ا‬ ‫ى‬)‫آ‬ ‫ود‬(
2-‫ا‬Switch
‫رت‬ ‫ا‬ ‫ى‬ ‫ث‬ ‫دم‬ ‫ا‬)‫ر‬ ‫ا‬ ‫ا‬ ‫آ‬ ‫ود‬(
3-‫او‬ ‫ا‬
‫ى‬ ‫ث‬ ‫دم‬ ‫ا‬subnet‫ة‬ ‫ا‬ ‫ا‬[each Router Interface Represents Broadcast domain]
VLAN Types
Dynamic VLANsStatic VLANs
‫ز‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ه‬‫رت‬ ‫ا‬ ‫ن‬ ‫ا‬ ‫ه‬
- By admin ‫م‬ ‫ا‬
‫أو‬ ‫ت‬ ‫ة‬ ‫ا‬ ‫ى‬ ‫ن‬ ‫ا‬ ‫ه‬
‫ز‬ ‫ا‬)‫ز‬ ‫ا‬ ‫اح‬VLAN(
- By admin ‫م‬ ‫أ‬
‫أ‬ ‫ه‬assign‫أو‬ ‫ة‬ ‫ا‬ ‫ت‬ ‫رت‬ ‫ا‬
‫ة‬ ‫ة‬ ‫أ‬)‫رت‬ ‫ا‬ ‫ادات‬ ‫ا‬ ‫ن‬ ‫ق‬(
-‫أ‬static‫و‬dynamic
-f0/1 VLAN2[sales] , f0/2 VLAN3[IT] , f0/3 VLAN4[marketing] , f0/4 VLAN5[accounting]
*There are two different types of links in a switched environment:‫ت‬ ‫ا‬ ‫اع‬ ‫أ‬
1 2
Access links Trunk links
‫وا‬ ‫ا‬ ‫و‬
‫وراو‬
‫وا‬ ‫ول‬ ‫ا‬ ‫ا‬ ‫رت‬ ‫ا‬‫أن‬‫ن‬access port
‫ي‬ ‫أ‬ ‫ا‬ ‫وه‬ ‫او‬ ‫ا‬ ‫و‬ ‫ا‬Config
‫ا‬ ‫رت‬ ‫ا‬‫وا‬ ‫ول‬ ‫ا‬‫أن‬‫ن‬Trunk port‫ا‬
‫ي‬ ‫أ‬ ‫ا‬ ‫وه‬ ‫او‬ ‫ا‬ ‫و‬Config
‫رت‬ ‫ا‬ ‫ن‬ ‫زم‬Fast Ethernet
‫ا‬:
1-VLAN-ID
‫ج‬ ‫ا‬VLAN-ID‫أآ‬ ‫ي‬ ‫ن‬ ‫آ‬ ‫إذا‬VLAN‫ا‬
2-Encapsulation
‫ي‬ ‫أ‬‫ر‬ ‫ز‬1‫ر‬ ‫ز‬ ‫و‬5‫ج‬ ‫ا‬‫وأ‬ ‫أ‬‫م‬ ‫ل‬ ‫آ‬ ‫و‬ ‫أي‬ ‫م‬ ‫أ‬:
Frame tagging [Encapsulation]
IEEE 802.1Q [dot1Q]Inter-Switch Link (ISL)
- Open standard- Cisco

2008||2012C C N A-27-@@@@
VLAN Trunking Protocol [VTP]:
-‫ـ‬ ‫ا‬ ‫إدارة‬VLANs
-‫وا‬ ‫أروح‬‫ي‬ ‫وأ‬config‫ام‬ ‫ه‬ ‫و‬VTP‫ت‬ ‫ا‬ ‫ف‬ ‫راح‬
*‫ة‬ ‫أ‬ ‫ن‬VTP:
1-‫دا‬ ‫ت‬ ‫ا‬ ‫أد‬Domain‫وا‬‫ن‬ ‫و‬‫وا‬ ‫ا‬)‫ة‬ ‫أو‬ ‫ة‬ ‫آ‬ ‫ف‬ ‫ا‬ ‫س‬(
2-‫وا‬ ‫زم‬server‫راح‬ ‫وا‬client
VTP Modes of Operation
TransparentClientServer
‫ن‬ ‫ن‬ ‫ا‬local
‫ا‬ ‫ت‬ ‫ا‬ ‫و‬ ‫ا‬ ‫إ‬ ‫ه‬ ‫م‬
‫وا‬ ‫ا‬
‫د‬
‫م‬ ‫ا‬ ‫أ‬ ‫ة‬ ‫وا‬:
‫إ‬‫ء‬–‫ف‬–‫إ‬–‫دة‬ ‫إ‬
‫ـ‬ ‫ا‬VLAN
*‫أي‬Cisco‫ا‬ ‫ا‬By defaults==<server mode
*‫او‬ ‫ا‬ ‫ا‬ ‫رت‬ ‫ا‬router on a stick
Configuring VLANs
• Create VLAN ( by global config ) ‫ي‬ ‫ه‬ ‫ا‬ ‫ر‬ ‫ا‬
Switch(config)#vlan 2
Switch(config-vlan)#vlan 3
• [1]Create VLAN ( by Database Mode ) ‫ا‬ ‫ا‬‫ي‬ ‫ه‬ ‫ا‬
S1#vlan database
S1(vlan)#vlan 2 name sales
S1(vlan)#vlan 3 name IT
• [2]Assigning Switch Ports to VLANs >>>>>>>>>>>>
Switch(config-if)#int f0/2
Switch(config-if)#switch port access vlan 2 ‫أ‬ ‫ا‬ VLAN ‫ال‬ ‫ر‬
SW1(config-if)#switch mode access ‫وا‬ ‫ا‬ ‫ا‬ ‫ع‬
• If you want to verify your configuration, use this:
‫ال‬ ‫ه‬ ‫ض‬ ‫ف‬ ‫ن‬vlan‫أو‬Switch#sh vlan
* [3]Configuring Trunk Ports [Assigning Switch Ports to be trunk]
Sw(config)#int f0/12 trunk ‫ا‬ ‫رت‬ ‫ا‬ ‫ر‬ ‫ه‬
Sw(config-if)#switch port mode trunk
Sw(config-if)#switchport encapsulation dot1q >>>>>>>>>>>>>>>
• Defining the Allowed VLANs on a Trunk *****
Sw(config-if)#switchport trunk allowed vlan 1-10 *****
Sw(config-if)#no switchport trunk allowed vlan *****
• [4]Configuring Inter-VLAN Routing
Router#config t
Router(config-if)#no ip address IP ‫ن‬ ‫آ‬
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1 sub-interface ‫ل‬ ‫ا‬ ‫ه‬
Router(config-subif)#encaps dot1q 1 -----> VLAN 1
Router(config-subif)#ip address 192.168.10.100 255.255.255.0
Router(config-subif)#int f0/0.2
Router(config-subif)#encaps dot1q 2 -----> VLAN 2
Router(config-subif)#ip address 192.168.20.100 255.255.255.0
* Config VTP
Switch(config)#vtp mode server ------> default ‫ت‬
Switch(config)#vtp domain orbits ً ‫أ‬ ‫أآ‬
Sw(config)#vtp password kkkk
You can’t change, delete, or rename VLAN 1, because
it’s the default VLAN.
‫إ‬ ‫ت‬ ‫ر‬ ‫ا‬ ‫ا‬ ‫أ‬VLAN‫ه‬ ‫أ‬ ‫ا‬
-‫ت‬ ‫ر‬ ‫ا‬ ‫د‬ ‫إ‬‫ور‬
‫ي‬ ‫أ‬ ‫د‬ ‫ا‬ ‫و‬sh VLAN‫أو‬ ‫د‬ ‫ة‬ ‫ا‬ ‫ف‬ ‫أ‬ ‫ن‬
‫ة‬3:‫ا‬‫ة‬VLAN‫ة‬ ‫ا‬‫ت‬ ‫آ‬ ‫ف‬
‫ة‬ ‫ا‬VLAN‫وا‬ ‫و‬ ‫ف‬
‫ه‬ ‫أ‬ ‫ا‬ ‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ع‬ ‫ر‬ ‫وا‬ ‫أآ‬‫ت‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ف‬ ‫ا‬ ‫إن‬
‫ر‬ ‫ا‬ ‫وا‬ ‫ل‬ ‫آ‬ ‫و‬ ‫إ‬ ‫ف‬ ‫ن‬ ‫آ‬2950‫ء‬ ‫أآ‬ ‫ج‬
***‫ت‬ ‫ا‬ ‫ور‬ ‫و‬ ‫ا‬ ‫إ‬ ‫آ‬ ‫ي‬ ‫رت‬ ‫ا‬ ‫ا‬ ‫ا‬
‫د‬ ‫أ‬ ‫ه‬ ‫ا‬ ‫و‬VLAN‫ح‬ ‫ا‬
‫ا‬ ‫ة‬encapsulation‫ت‬ ‫ا‬ ‫ن‬
isl‫و‬dot1Q
‫ال‬ ‫ا‬ ‫ا‬ ‫د‬

2008||2012C C N A-28-@@@@
Packet
Video
Real time
Voice
Real time
Data
‫ر‬ ‫ا‬ ‫ه‬delaypriority‫م‬ ‫ا‬ ‫و‬ ‫أآ‬
QoS[Qulity of service]
‫أآ‬ ‫دة‬ ‫ج‬ ‫ت‬ ‫ا‬
*‫ق‬ ‫ا‬ ‫ه‬ ‫ت‬ ‫ا‬ ‫اع‬ ‫أ‬ ‫آ‬ ‫إذا‬intelligent
Configuring Voice VLANs
Switch(config)#mls qos
Switch(config)#interface f0/1
Switch(config-if)#mls qos trust cos
Switch(config-if)#switchport voice vlan dot1p
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#switchport voice vlan 10

2008||2012C C N A-29-@@@@
Chapter: 11
Network Address Translation
[NAT]
IP
Real [public]Virtual [private]
10.0.0.1 : 10.255.255.254
172.16.0.1 : 172.31.255.254
192.168.0.1 : 192.168.255.254
‫أي‬IP‫ا‬ ‫ا‬ ‫ه‬ ‫د‬Real IP
‫ال‬NAT‫ه‬virtual IP‫و‬real IP‫م‬
‫و‬:‫ا‬ ‫ل‬ ‫ا‬ ‫ا‬ ‫ة‬ ‫ا‬ ‫رة‬)‫ل‬ ‫ا‬ ‫أن‬real IP‫ا‬ ‫ز‬(
PAT Port Address Translation
NAT
Static Dynamic Overloading == [PAT]
Static
With Overloading
Dynamic
With OverloadingOne virtual IP => one real IP
Many virtual IP => Many real IP
‫ط‬:
Number of real IP=number of virtual IP
Many real IP CALLD pool of real IP
Many virtual IP => One real IP Many virtual IP => Many real IP
‫ال‬NAT‫ل‬ ‫ا‬ ‫أ‬ ‫ه‬))‫وآ‬ ‫ا‬ ‫ام‬ ‫ا‬((
NAT Names
Inside local Inside global Outside global
Name of inside source address
before translation
Name of inside host after
translation
Name of outside destination host
after translation
‫د‬ ‫ا‬Virtual IP ‫د‬ ‫ا‬Real IP ‫رج‬ ‫أو‬ ‫أ‬ ‫ا‬ ‫ا‬
Static NAT
[1]Creates a static NAT translation between 192.168.10.1 and 192.1.2.109 real&virtual ‫ا‬
Router(config)#ip nat inside source static 192.168.10.1 192.1.2.109 NAT Table
[2]Configures NAT inside interface inside
Router(config)# interface f0/0
Router(config-if)# ip address 192.168.10.1 255.255.255.0
Router(config-if)# ip nat inside ‫ا‬ ‫ا‬ ‫ا‬ ‫ف‬ ‫ن‬ ‫ا‬ ‫ه‬
[3] Configures NAT outside interface outside
Router(config)# interface Serial0/0
Router(config-if)# ip address 192.1.2.109 255.255.255.240
Router(config-if)# ip nat outside ‫ر‬ ‫ا‬ ‫ا‬ ‫ف‬ ‫ن‬ ‫ا‬ ‫ه‬
‫ا‬ ‫ح‬ ‫ا‬ ‫ز‬ ‫ا‬ ‫ا‬ ‫ه‬
192.168.10.1 Virtual IP‫ال‬ ‫ا‬ ‫ه‬
192.1.2.109 Real IP‫ال‬ ‫ا‬ ‫ه‬
Dynamic NAT
[1]Defines a NAT pool (outside addresses) named MyPool with a range of addresses
60.1.1.2 – 60.1.1.6
Router(config)#ip nat pool MyPool 60.1.1.1 60.1.1.6 netmask 255.255.255.248
[2]Determine inside addresses that will use NAT, that addresses are defined in ACL
Router(config)#ip nat inside source list 10 pool MyPool
Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255
[3] Configures NAT inside interface >>>>>>>>>>>>>>
[4] Configures NAT outside interface >>>>>>>>>>>>>>
Pool=> many Real address
‫ال‬ ‫ي‬IPISP
‫ه‬6‫ة‬ ‫أ‬)IPs(‫ا‬ISP
‫وال‬ ‫ول‬ ‫ا‬ ‫ه‬10‫ر‬ ‫ه‬ACL
‫ر‬254‫ا‬ ‫ا‬ ‫ا‬ ‫ز‬6‫ة‬ ‫أ‬
‫وا‬ ‫ا‬Static NAT

2008||2012C C N A-30-@@@@
‫م‬ ‫ا‬ ‫أ‬ ‫ن‬ ‫و‬Port‫ة‬ ‫ا‬ ‫د‬ ‫أآ‬ ‫ج‬ ‫أ‬ ‫ر‬ ‫أ‬ ‫ن‬)‫أ‬ ‫ر‬ ‫م‬ ‫وا‬1024‫ز‬ ‫ن‬(
Overload NAT (PAT)
[1] Defines a NAT pool (outside addresses) named MyPool with a range of
Single address 60.1.1.1
Router(config)#ip nat pool MyPool 60.1.1.1 60.1.1.1 netmask 255.255.255.248
[2]Determine inside addresses that will use NAT, that addresses are defined in ACL
Router(config)#ip nat inside source list 10 pool MyPool overload =========
Router(config)# access-list 10 permit 192.168.10.0 0.0.0.255
[3] Configures NAT inside interface
[4] Configures NAT outside interface
‫وا‬ ‫ز‬
‫و‬‫ال‬ ‫ع‬ ‫ش‬NAT‫ه‬ ‫ا‬
‫ن‬ ‫ه‬=Static PAT or Static overload
Simple Verification of NAT
* To see basic IP address translation information, use the following command:
Router#show ip nat translation
This output will show the sending address, the translation, and the destination address on each debug line:
Router#debug ip nat
‫ء‬ ‫ا‬ ‫ا‬ ‫م‬ ‫ا‬* To cancel the debug
R#undebug all
Or
R#un all
‫ال‬ ‫ض‬table
‫و‬ ‫و‬ ‫ا‬ ‫ا‬ ‫ر‬
‫و‬debugresource‫ة‬
‫أ‬

2008||2012C C N A-31-@@@@
Chapter: 12
Wireless LAN
[WLAN]
*‫ج‬ ‫ا‬ ‫ل‬ ‫ا‬ ‫أ‬ ‫إذا‬:
1-‫أآ‬Access Point)‫ا‬ ‫ا‬ ‫ا‬–‫ة‬ ‫أ‬(
2-‫ت‬ ‫آ‬)‫ا‬ ‫ا‬ ‫ا‬ ‫ت‬ ‫آ‬(
‫ا‬ ‫ا‬‫و‬ ‫ا‬ ‫ت‬ ‫ا‬Electromagnetic
‫ج‬Unlicense802.11 b and 802.11gWireless2.4 GHZ
‫ج‬Unlicense802.11 aWaves5 GHZ
PurposeAgency
Creates and maintains operational standards
‫ا‬‫ا‬ ‫ت‬ ‫رد‬
Institute of Electrical and Electronics Engineers (IEEE)
Regulates the use of wireless devices in the U.S.
‫ددات‬ ‫وا‬ ‫ت‬ ‫ر‬ ‫ء‬ ‫إ‬–‫أ‬ ‫دة‬ ‫ا‬ ‫وه‬
Federal Communications Commission (FCC)
Chartered to produce common standards in Europe
‫ددات‬ ‫وا‬ ‫ت‬ ‫ر‬ ‫ء‬ ‫إ‬–‫دة‬ ‫ا‬ ‫وه‬‫أورو‬
European Telecommunications Standards Institute (ETSI)
Promotes and tests for WLAN interoperabilityWi-Fi Alliance
Educates and raises consumer awareness regarding WLANsWLAN Association (WLAN)
‫إ‬ ‫ج‬ ‫ددات‬:900MHz / 2.4GHz / 5 GHz‫دو‬ ‫ا‬ ‫ا‬ ‫ج‬ ‫وا‬.
802.11a802.11g802.11b
Up to 54 MbpsUp to 54 MbpsUp to 11 MbpsData rate
OFDMDSSS & OFDMDSSSModulation method
5 GHz2.4GHz2.4GHzFrequency band
23 ‫ا‬ ‫م‬ ‫ا‬ ‫ات‬ ‫ا‬ ‫د‬=
‫ورو‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ات‬ ‫ا‬ ‫د‬=19
1414channels numbers ‫ات‬ ‫ا‬ ‫د‬
123non 1-6-113non 1-6-11‫أ‬ ‫ات‬ ‫ا‬ ‫أي‬ ‫دد‬ ‫ا‬ ‫ن‬ ‫آ‬‫ر‬
Non-overlapping channels
‫ت‬ ‫إ‬:
1-‫ال‬ ‫زادت‬ ‫آ‬data rate‫ال‬ ‫آ‬cover area
‫ال‬ ‫زاد‬ ‫آ‬Frequency‫ال‬ ‫آ‬cover area‫وزاد‬data rate
2-‫ل‬ ‫آ‬ ‫و‬ ‫ا‬CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) or RTS/CTS (Request To Send, Clear To Send)‫دم‬ ‫أي‬ ‫ث‬
3-‫ع‬ ‫ا‬b and g‫دد‬ ‫ا‬ ‫ن‬ ‫ن‬ ‫رون‬
DSSS Direct Sequence Spread Spectrum ||| OFDM Orthogonal Frequency Division Multiplexing

2008||2012C C N A-32-@@@@
-‫ال‬AD-HOK‫أآ‬ ‫ون‬ ‫ز‬ ‫ر‬ ‫ه‬
‫آ‬ ‫ل‬Cisco’s Unified Wireless Solution
• MESH :
- Root Access Points (RAPs) :‫ا‬ ‫ا‬ ‫وا‬
- Mesh Access Points (MAPs) :‫وت‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫وا‬
• AWPP: Root ‫إ‬ MESH ‫ر‬ ‫أ‬ ‫د‬ ‫ل‬ ‫آ‬‫ال‬ ‫ل‬
- Adapter wireless path protocol
-This protocol allows RAPs to communicate with each other to determine the best path back to the wired network via the RAP.
• Wireless Security :
1. Open Access
2. SSIDs, WEP, and MAC Address Authentication
SSID Service Set Identifiers ‫ا‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫ه‬ ‫ض‬ ‫ا‬ ‫ا‬
WEP Wired Equivalency Protocol ‫س‬ ‫ا‬ ‫وه‬ ‫ا‬ ‫ي‬
MAC addresses ‫ا‬ ‫ه‬ ‫ا‬ ‫ة‬ ‫ا‬
3. WPA or WPA 2 [Pre-Shared Key (PSK)] ‫أآ‬-‫رد‬ ‫ا‬
- WPA Wi-Fi Protected Access and WPA2(‫ر‬ ‫)ا‬ Pre-Shared Key (PSK) is a better form of wireless security than
any other basic wireless security methods mentioned so far.
‫ق‬ ‫ا‬‫وا‬ ‫ول‬ ‫ا‬)‫ر‬ ‫ا‬(‫رد‬ ‫ا‬ ‫و‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫دة‬ ‫ز‬ ‫ه‬
4. Cisco Unified Wireless Network Security ‫و‬ ‫أآ‬ ‫آ‬ ‫ل‬
- Secure Connectivity for WLANs ‫ا‬ ‫ا‬
- Trust and Identity for WLANs ‫را‬ ‫وا‬ ‫آ‬ ‫ا‬
- Threat Defense for WLANs ‫ات‬ ‫ا‬
-‫ا‬ ‫ا‬ ‫ا‬ ‫ات‬ ‫او‬ ‫ا‬ ‫ا‬==ISR integrated service router <
‫ا‬ ‫ت‬ ‫ا‬ ‫راو‬

2008||2012C C N A-33-@@@@
Chapter: 13
Internet Protocol Version 6
(IPv6)
IPv4IPv6
32 bits128 bits
16 bit16 bit16 bit16 bit16 bit16 bit16 bit16 bit16 bit
991A87756114210321012702434Cf0000ABHexadecimal
‫ا‬)‫آ‬(--:--:--:--:--:--:
- [ IP v.4 ] number of add = 232
- [ IP v.6 ] number of add = 2128
- No size for header
The Benefits and Uses of IP v.6 :**
1. IPv6 is 128 bits which gives (3.4 x 10^38) of addresses.
2. The header in an IPv6 packet have half the fields .‫و‬ ‫ا‬ ‫ام‬ ‫ا‬
3. There is no broadcast in IPv6 because it uses multicast traffic instead.
x:x:x:x:x:x:x:x
1080:0000:0000:0000:0008:0800:200C:417A‫ا‬ ‫ا‬
1080:0:0:0:8:800:200C:417A
1080::8:800:200C:417A‫ا‬ ‫ر‬ ‫ا‬ ، ‫أآ‬
‫وأ‬ ‫ره‬ ‫ا‬::‫ا‬ ‫ه‬ ‫ام‬ ‫ا‬ ‫و‬
‫ة‬ ‫وا‬ ‫ة‬ ‫إ‬ ‫ر‬ ‫ا‬
0:0:0:0:0:0:0:1
::1
‫و‬loop back
‫و‬127.0.0.1v4‫وه‬local host
IPv6
prefix-lengthprefix-address
-‫ال‬64‫ه‬prefix length‫و‬ ‫ا‬ ‫ر‬ ‫ا‬ ‫ر‬ ‫وا‬ ‫وه‬
‫ن‬ ‫آ‬ ‫ت‬ ‫و‬ ‫ة‬ ‫ا‬ ‫ا‬ ‫ا‬ ‫دا‬ ‫أ‬
-‫وه‬ ‫ا‬ ‫د‬ ‫ا‬1‫ن‬1‫إ‬FFFF
‫و‬
F0/1=> 12:34:56:7::1/64
F0/1=> 12:34:56:8::1/64
‫ا‬ ‫ه‬net add12:34:56:7::
‫ـ‬ ‫ا‬ ‫ا‬ ‫ه‬Router interface
EUI‫ه‬generate‫إ‬ ‫ت‬ ‫ا‬128MAC address‫ا‬.
‫أ‬Prefix length‫أ‬64
MAC : 48 bits
‫وه‬ ‫ا‬ ‫ا‬ ‫ه‬ ‫ا‬FFFF‫ل‬ ، ‫وه‬:
0000.abcd.0001
FFFF
0000.abff.ffcd.0001

2008||2012C C N A-34-@@@@
Host Config
AutomaticManual
statefullstateless
DHCP
Found in the network
-‫ه‬DHCP
No DHCP
Found in the network
‫وز‬ ‫و‬XP Automatic
‫ات‬IPv6IPv4‫م‬ ‫إ‬multicast‫و‬broadcast
** Address Types: -
1. Unicast address single IPv4 ‫ان‬ ‫وح‬–
2. Multicast address class D in IPv4 ‫آ‬ ‫س‬-
3. Anycast address ‫آ‬ ‫أر‬ ‫إ‬ ‫ض‬ ‫وا‬ ‫ر‬ ‫أ‬ ‫او‬
4. Global unicast addresses Public IP v.4
5. Link-local addresses Privet IP v.4
‫دا‬ ً ‫أ‬IPv6virtual and realIPv4‫ال‬ ‫و‬virtual....
0:0:0:0:0:0:192.168.100.1
This is how an IPv4 address would be written in a mixed
IPv6/IPv4 network environment.
2000::/3 The global unicast address range real IP
0010.0000.0000.0000
FC00::/7 The unique local unicast range ‫ن‬ ‫ا‬ ‫م‬
FE80::/10 The link-local unicast range ‫ا‬ ‫ا‬ ‫ه‬
private IP
1111.1110.1000.0000
FF00::/8 The multicast range multi-cast
Configuring Cisco Routers with IPv6
‫ال‬ ‫أ‬ ‫ن‬IPv6‫ل‬ ‫ا‬* Enable IPv6
Router(config)#ipv6 unicast-routing
• Configure IPv6 on the interface
Router(config-if)#ipv6 address 2001:db8:3c4d:1:0260.d6FF.FE73.1987/64
OR
• You can allow the device to use its MAC address and pad it to make the interface ID.
Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64 Extended user interface‫ي‬ ‫ه‬
‫ي‬‫ء‬ ‫إ‬64‫ا‬
‫د‬dsesingle IP /
Prefix length
‫ي‬ ‫وه‬ ‫ك‬ ‫ا‬ ‫ن‬ ‫و‬ ‫ء‬ ‫إ‬ ‫ي‬
‫ي‬ ‫ار‬ ‫ن‬ ‫أ‬
Dynamic Host Configuration Protocol (DHCPv6)
IP v6 ‫ب‬ ‫ادات‬ ‫ء‬ ‫ا‬ ‫ه‬ ‫ج‬ ‫ا‬
A node that initiates requests on a link to obtain configuration parameters.Client6DHCPv
A node that responds to requests from clients to provide addresses, prefix lengths, or other configuration parameters.Server6DHCPv
A node that acts as an intermediary to deliver DHCPv6 messages between clients and servers.
‫ن‬ ‫م‬ ‫و‬DHCP‫وإر‬ ‫ت‬ ‫ا‬ ‫و‬ ‫و‬DHCP
Relay6DHCPv
‫ا‬
either a server or a relay. ‫أ‬Agent6DHCPv

2008||2012C C N A-35-@@@@
Configuring Cisco Routers with IPv6
Dynamic Host Configuration Protocol (DHCPv6)
Router(config)#ipv6 dhcp pool test ‫ا‬
Router(config-dhcp)#prefix-delegation pool test lifetime 3600 3600 ‫ا‬ ‫ي‬ ‫ه‬ ‫م‬ ‫ر‬ ‫ا‬
Router(config)#int f 0/0
Router(config-if)#ipv6 dhcp server test
IPv6 Routing Protocols
• RIPng [next generation ‫ا‬ ‫ار‬ ‫]ا‬
Router(config)#int f 0/0 interface ‫ال‬ ‫ى‬ ‫أ‬
Router(config-if)#IPV6 rip 1 enable process ID ‫ر‬1‫ه‬
• EIGRPv6
Router(config)#ipv6 router eigrp 10 Autonisim system ‫ر‬10‫ه‬
Router(config-rtr)#no shutdown
Router(config)#int f 0/0
Router(config-if)#ipv6 eigrp 10
• OSPFv3
Router (config)#ipv6 router osfp 10 process ID ‫ر‬1‫ه‬
‫أ‬ ‫ا‬ ‫ه‬id‫ب‬ ‫ا‬DR‫ه‬ ‫د‬‫ة‬Router (config-rtr)#router-id 1.1.1.1
Router(config)#int f 0/0 interface ‫ال‬ ‫ى‬ ‫أ‬
Router(config-if)#ipv6 ospf 10 area 0
Migrating to IPv6
‫ي‬ ‫أ‬ ‫آ‬upgrade‫ا‬IPv4‫إ‬IPv6
1- Dual Stacking
It allows our devices to communicate using either IPv4 or IPv6.
Router(config)#ipv6 unicast-routing
Router(config)#interface fastethernet 0/0
Router(config-if)#ipv6 address 2001:db8:3c4d:1::/64 eui-64
2- 6to4 Tunneling
Router1(config)#int tunnel 0
Router1(config-if)#ipv6 address 2001:db8:1:1::1/64
Router1(config-if)#tunnel source 192.168.30.1
Router1(config-if)#tunnel destination 192.168.40.1
Router1(config-if)#tunnel mode ipv6ip
Router2(config)#int tunnel 0
Router2(config-if)#ipv6 address 2001:db8:2:2::1/64
Router2(config-if)#tunnel source 192.168.40.1
Router2(config-if)#tunnel destination 192.168.30.1
Router2(config-if)#tunnel mode ipv6ip
Configuring IPv6 on Our Internetwork
Corp#config t
Corp(config)#ipv6 unicast-routing
Corp(config)#int f0/1
Corp(config-if)#ipv6 address 2001:db8:3c4d:11::/64 eui-64
Corp(config-if)#int s0/0/0
Corp(config-if)#^Z
Corp#copy run start
R1#config t
R1(config)#ipv6 unicast-routing
R1(config)#int s0/0/0
R1(config-if)#ipv6 address 2001:db8:3c4d:12::/64 eui-64
R1(config-if)#int s0/0/1
R2#config t
R3#config t
‫ول‬ ‫ا‬ ‫ا‬=RS
‫ا‬ ‫ا‬=RA
‫وأ‬‫ال‬ ‫ن‬ ‫ا‬ ‫ه‬ ‫ي‬generation
two switchs‫و‬
state less
‫وا‬ ‫ا‬IPv4‫و‬IPv6
‫ز‬ ‫ا‬ ‫ن‬ ‫آ‬ ‫إذا‬ ‫ا‬ ‫أ‬ ‫ر‬ ‫ا‬ ‫م‬ ‫ا‬
)‫او‬ ‫ا‬-‫ا‬-‫ا‬(‫ر‬
‫ء‬ ‫أد‬‫ب‬ ‫ل‬v6‫ب‬ ‫ل‬ ‫ء‬ ‫إ‬v4
‫ف‬ ‫ن‬ ‫آ‬ ‫إذا‬ ‫ا‬IPv6
‫أ‬ ‫إذا‬two ways‫او‬ ‫ا‬ ‫ادات‬ ‫ا‬ ‫ي‬ ‫أ‬
‫إذا‬‫أ‬one way‫وا‬ ‫راو‬ ‫ادات‬ ‫ا‬ ‫ي‬ ‫أ‬

2008||2012C C N A-36-@@@@
1- Configuring RIPng
Corp#config t
Corp(config-if)#ipv6 rip 1 enable
• Configuring RIPng
R1#config t
R1(config-if)#ipv6 rip 1 enable
R1(config-if)#int s0/0/1
R2#config t
R3#config t
• Verifying RIPng
R3#sh ipv6 route
R3#sh ipv6 protocols
R3#sh ipv6 rip
R3#sh ipv6 interface serial 0/0/1
R3#debug ipv6 rip
2- Configuring OSPFv3
Corp#config t
Corp(config-if)#ipv6 ospf 1 area 0
• Configuring OSPFv3
R1#config t
R1(config-if)#ipv6 ospf 1 area 0
R2#config t
R3#config t
• Verifying OSPFv3
R3#sh ipv6 route
Corp#debug ipv6 ospf packet
Corp#un all
‫زم‬No shut
‫وا‬ ‫ج‬ ‫أ‬‫ة‬ ‫ا‬ ‫ف‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ه‬
‫ا‬

2008||2012C C N A-37-@@@@
Chapter: 14
Wide Area Networking
[WAN]
‫أي‬): (‫و‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫آ‬
Defining WAN Terms:
• Customer premises equipment (CPE)
• Demarcation point
• Local loop
• Central office (CO)
** WAN Connection Types WAN ‫دا‬ ‫ا‬ ‫ا‬ ‫اع‬ ‫ا‬
1- Dedicated for example: lease line ‫ص‬
2- Circuit switched for example : ISDN or dial up
‫ا‬ ‫ق‬ ‫وا‬ ‫ا‬ ‫اد‬‫ـ‬ ‫ت‬dail up56K‫و‬ISDN‫إ‬128K or 1.5Mbps
3- Packet switch for example : Frame relay ‫أآ‬ ‫وا‬
service‫راح‬ ‫ات‬ ‫او‬ ‫ا‬DTE‫و‬DCE...
‫م‬ ‫اح‬ ‫آ‬ ‫وإذا‬CSU/DSU [ Circuit Service Unit / Data Service Unit]
DSL Based band
WI-MAX Broad band
#‫ال‬ ‫ل‬ ‫آ‬ ‫ا‬ ‫ت‬ ‫إذا‬service‫ك‬ ‫ه‬ ‫ن‬ ‫أن‬Encaps‫ص‬ ‫ل‬ ‫آ‬ ‫و‬ ‫و‬ ‫و‬:
protocol
HDLC
High-Level Data-Link Control
PPP
Point-to-Point Protocol
Frame Relay
‫م‬ ‫و‬:
1-lease line
‫م‬ ‫و‬:
1-lease line
2-ISDN
3-Dial up
‫م‬ ‫و‬:
1-Frame Relay
‫آ‬ ‫ن‬ ‫أن‬ ‫ا‬ ‫إذا‬
‫آ‬ ‫ا‬ ‫او‬ ‫ا‬
‫ل‬ ‫آ‬ ‫و‬ ‫أآ‬ ‫و‬
1- LCP (Link Control Protocol)
Layer2 ‫ل‬ ‫و‬ ‫آ‬‫ل‬ ‫ا‬ ‫إ‬ ‫ت‬ ‫ا‬‫و‬
2- NCP (Network Control Protocol )
L3 ‫ت‬ ‫آ‬ ‫و‬ ‫ا‬ ‫اع‬ ‫أ‬ ‫ع‬ ‫أي‬ ‫ر‬
3- Authentication protocol
* You can’t use HDLC or PPP with Frame Relay.
:ion typestwo encapsulatthere areFrame RelayWith
1- Cisco 2- IETF
(Internet Engineering Task
Force)
‫ا‬ ‫ا‬‫ة‬ ‫أ‬ ‫ي‬
‫و‬ ‫ا‬CPE
LAN2LAN1
R
O O
‫ا‬ ‫آ‬ ‫ا‬
Central
Office
Demarcation point
‫ا‬ ‫ة‬ ‫وأ‬ ‫ت‬ ‫ا‬ ‫آ‬ ‫ة‬ ‫أ‬ ‫ا‬ ‫ا‬ ‫وه‬
Local loop
‫و‬ ‫وع‬ ‫ا‬
Service

2008||2012C C N A-38-@@@@
* PPP has many advantage:
1- multi-link Back up
2- Callback ‫ل‬ ‫ا‬ ‫ودة‬
3- Authentication ‫ا‬
a- CHAP (Challenge Hand Authentication Protocol) [Encrypted)
b- PAP (Password Authentication Protocol) [Clear Text] ‫وا‬
4- Compression ‫ا‬
5- Route packet for different routed packet
Configuring PPP on Cisco Routers
• Turn on PPP on connected interface PPP ‫ـ‬
Router(config)#int s0
Router(config-if)#encapsulation ppp
• Configuring PPP Authentication
Router(config)#hostname RouterA ‫ا‬
RouterA(config)#username RouterB password cisco
RouterA(config)#int s0
RouterA(config-if)#ppp authentication chap pap
Router(config)#hostname RouterB ‫ا‬
RouterB(config)#username RouterA password cisco
RouterB(config)#int s0
RouterB(config-if)#ppp authentication chap pap
Base config:
1-‫ال‬ ‫أ‬interface‫وأ‬IP
2-‫ل‬ ‫آ‬ ‫و‬ ‫ا‬ ‫ع‬ ‫د‬ ‫أ‬RIP‫أو‬OSFP
‫ال‬PPP‫م‬:
1- Lease line
2- Dial up
3- ISDN
‫آ‬ ‫و‬ ‫ا‬ ‫ول‬
‫س‬ ‫ا‬ ‫و‬ ‫ول‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ا‬ ‫أ‬
‫س‬ ‫ا‬ ‫و‬ ‫ول‬ ‫ا‬ ‫م‬ ‫ا‬ ‫ا‬ ‫وأ‬
Frame Relay
‫وا‬ ‫أآ‬ ‫و‬ ‫ا‬))‫م‬ ‫ال‬Lease line‫ا‬((
‫ا‬‫ـ‬Frame Relay‫ل‬ ‫آ‬ ‫و‬ ‫ا‬TCP/IP‫وه‬ ‫ل‬ ‫آ‬ ‫م‬Frame Relay
* Frame Relay has become one of the most popular WAN services deployed.
* Frame Relay is a packet-switched technology
* Frame Relay, by default, is classified as a non-broadcast multi-access (NBMA)
* Frame Relay PVCs are:
‫ا‬FR switch‫او‬ ‫وا‬PVC [Permanent Virtual Circuit]‫د‬ ‫ا‬ ‫ت‬ ‫ا‬ ‫وه‬
1- devices using (DLCI) Data Link Connection Identifiers ‫آ‬ ‫ر‬
‫أ‬ ‫ن‬PVC‫ن‬Up 24H‫أو‬)‫رة‬ ‫إ‬(SignalLocal Management Interface (LMI)
is a signaling standard used between your router and the first Frame Relay switch it’s connected to.
‫ع‬ ‫د‬ ‫وا‬LMI‫ا‬ ‫ود‬ ‫ه‬ISP
** There are three different types of LMI message formats:
1- Cisco (default) 2- ANSI (open standard) 3- Q.933A. (open standard)
Frame Relay Implementation
RouterA(config)#int s0/0
RouterA(config-if)#no shut
RouterA(config-if)#encapsulation frame-relay IETF
RouterA(config-if)#ip address 172.16.20.1 255.255.255.0
RouterA(config-if)#frame-relay lmi-type ansi ‫اع‬ ‫أ‬ ‫ث‬ ‫ا‬ ‫ر‬
RouterA(config-if)#frame-relay interface-dlci 101
‫ال‬frame relay‫ب‬IETF

2008||2012C C N A-39-@@@@
show frame lmi
‫ع‬ ‫ض‬LMI‫ا‬
Give you the LMI traffic statistics exchanged between the local router and the Frame Relay switch.
show frame pvc
* list all configured PVCs and DLCI numbers.
* It provides the status of each PVC connection and traffic statistics.
show interface
* Check for LMI traffic.
* Displays line, protocol, DLCI, and LMI information.
show frame map Displays the Network layer–to–DLCI mappings.
Virtual Private Networks (VPN)
** There are three different categories of VPNs:
1- Remote access VPNs
2- Remote users VPN
3- Site-to-site VPNs
** Tunneling protocols ‫ة‬ ‫وا‬‫ه‬ logical ‫ن‬ tunnel ‫ال‬
1- Point-to-Point Tunneling Protocol (PPTP) (open standard)
2- Layer 2 Tunneling Protocol (L2TP) ‫ر‬ ‫أآ‬ ‫ا‬ ‫ه‬ (open standard)
3- Generic Routing Encapsulation (GRE) ‫ات‬ ‫راو‬
** Security Protocols (IPSec) ‫ن‬ ‫م‬ ‫و‬ L2TP ‫ل‬ ‫آ‬ ‫م‬
1- Authentication Header (AH)
2- Encapsulating Security Payload (ESP)
IPsec encrypted
IP Clear

شرح مبسط جدا لمنهج سيسكو CCNA

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie شرح مبسط جدا لمنهج سيسكو CCNA

Ähnlich wie شرح مبسط جدا لمنهج سيسكو CCNA (20)

Mehr von Dawood Aqlan

Mehr von Dawood Aqlan (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

شرح مبسط جدا لمنهج سيسكو CCNA