Networking Fundamentals Document

11 1 1WW 41 W11W1
)ns|in tanes 3n|ernatits
V.:--e :..:
I
I
I
I
I
I
X
X
X
A
A
A

I
I
I
B
B
B
I
I
I
R
R
R
S
S
S
E
E
E

S
S
S
T
T
T
I
I
I
B
B
B
Y
Y
Y

GuIded by:
Sir Suud Khun
(CCNA Certified, CCNP Certified, CCIE Studied)

Arrange and design: Yama (Aman) 2010
CCNA ]ana (Anan)
ii

Network................................................................................................................................................................... 1
System side.......................................................................................................................................................... 1
Network side ....................................................................................................................................................... 1
CCNA: ............................................................................................................................................................ 1
SOME DEVICES USED OVER NETWORK ...................................................................................................... 1
1. Repeater: ................................................................................................................................................. 1
2. Bridge:..................................................................................................................................................... 1
3. HUB: ....................................................................................................................................................... 1
4. Switch (4ports):....................................................................................................................................... 1
5. Router (L3 Device): ................................................................................................................................ 1
Interneworking models ....................................................................................................................................... 1
1. OSI (Open System Interconnection)....................................................................................................... 1
2. TCP/IP..................................................................................................................................................... 2
3. Cisco 3-layer hierarchical Model............................................................................................................ 3
IP Addresses ....................................................................................................................................................... 3
1. IPv4......................................................................................................................................................... 3
2. IPv6:........................................................................................................................................................ 3
Dual stacking: ................................................................................................................................................. 3
Subnetting............................................................................................................................................................... 4
Converting a decimal IP into binary .................................................................................................................. 4
What is Sub netting......................................................................................................................................... 4
How to subnet ..................................................................................................................................................... 4
Subnetting class C........................................................................................................................................... 5
Notes: ..........................................................................................................................................................- 6 -
Subnetting class B.......................................................................................................................................- 7 -
Subnetting class A.......................................................................................................................................- 7 -
Notes ...........................................................................................................................................................- 8 -
Routing ...............................................................................................................................................................- 9 -
Routers............................................................................................................................................................- 9 -
Router configuration ...................................................................................................................................- 9 -
Router & Switch administrative functions....................................................................................................- 10 -
1. Host name .........................................................................................................................................- 10 -
2. Password ...........................................................................................................................................- 10 -
3. Banners .............................................................................................................................................- 10 -
4. Interface description..........................................................................................................................- 10 -
Routing..........................................................................................................................................................- 11 -
Static routing.............................................................................................................................................- 12 -
Note...........................................................................................................................................................- 13 -
Default routing..........................................................................................................................................- 14 -
Dynamic routing .......................................................................................................................................- 14 -
Protocol Types ..........................................................................................................................................- 14 -
Protocol Classes ........................................................................................................................................- 14 -
Wildcard calculation.....................................................................................................................................- 18 -
Notes .........................................................................................................................................................- 18 -
Switching..........................................................................................................................................................- 19 -
Switch............................................................................................................................................................- 19 -
VLAN .......................................................................................................................................................- 19 -
VTP (VLAN Trunking Protocol) ...................................................................................................................- 20 -
Trucking....................................................................................................................................................- 21 -
STP (Spanning Tree Protocol)......................................................................................................................- 23 -
CCNA ]ana (Anan)
iii
InterVLAN routing ...................................................................................................................................- 24 -
MLS (Multilayer Switching)..........................................................................................................................- 24 -
Security.............................................................................................................................................................- 26 -
Access Control List (ACL) ............................................................................................................................- 26 -
Standard ACL configuration.........................................................................................................................- 26 -
Extended ACL configuration ........................................................................................................................- 27 -
Named ACL configuration............................................................................................................................- 27 -
NATTING.........................................................................................................................................................- 28 -
Configuring Static NAT ................................................................................................................................- 28 -
Configuring Dynamic NAT...........................................................................................................................- 29 -
Configuring Overloading..............................................................................................................................- 30 -
Frame relay ......................................................................................................................................................- 32 -
Internal components ........................................................................................................................................- 34 -
Software portion ...........................................................................................................................................- 34 -
1. Boot strap..........................................................................................................................................- 34 -
2. POST.................................................................................................................................................- 34 -
3. ROM monitor....................................................................................................................................- 34 -
4. Mini IOS ...........................................................................................................................................- 34 -
Hardware portion .........................................................................................................................................- 34 -
1. RAM.................................................................................................................................................- 34 -
2. ROM.................................................................................................................................................- 34 -
3. Flash..................................................................................................................................................- 34 -
4. NVRAM............................................................................................................................................- 34 -
Boot sequence ...........................................................................................................................................- 34 -
VPN (Virtual Private Networks)......................................................................................................................- 35 -
VPN types......................................................................................................................................................- 35 -
VPN protocols...............................................................................................................................................- 35 -
Wireless LAN (WiFi) .......................................................................................................................................- 36 -
Modes............................................................................................................................................................- 36 -
Standards ......................................................................................................................................................- 36 -
Topologies.....................................................................................................................................................- 36 -
Configuration................................................................................................................................................- 36 -
Loading IOS on a router..................................................................................................................................- 38 -
How to Copy IOS..........................................................................................................................................- 38 -
How to load IOS ...........................................................................................................................................- 38 -
Note...............................................................................................................................................................- 38 -
CCNA ]ana (Anan)
1
XETWBRR XETWBRR XETWBRR XETWBRR
14-12-2009
1 11 1M41& M41& M41& M41&
The connection between homogenous and heterogonous devices to share their resources and information is
called network, Network is studied by its two sides as System side and Network side.
_mer m1Oe
The system side is studied under following certifications as:
1. MCP: Microsoft Certified Professional.
2. MCSE: Microsoft Certified System Engineer
3. MCSA: Microsoft Certified System Administrator
1em<xM m1Oe
The network side is studied under following certifications as:
1. CCNA: Cisco Certified Network Associate.
2. CCNP: Cisco Certified Network Professional.
3. CCIE: Cisco Certified Inter network Expert, etc.
1W: The main purpose of this course is a Networks administration in the following bases as Routing
and switching, Security, and Voice over IP.
15-12-2009
4W 1N1 X1 4N1 1M41&
1. 1egemex: This device is used just as a connection between two devices.
2. x1O@e: This device is used as a repeater but to strengthen the signal between two LAN
networks.
3. 1X: This device is just a multiport Bridge that beside LAN networks here; PCs also can be
connected, and HUB is a single collision domain.
4. m1<W g<xm}: This device works as a HUB but it is promoted with the increase of
buses inside, it works on the base of MAC addresses so the first time a switch is connected on a LAN
network; it broadcasts a Hello/echo massage and in reply to that massage by Hosts, it saves all the
MAC addresses on a MAC table so switch is called a single broadcasting domain, if all the switch ports
are in use then sometimes it causes a LAN blockage. Switch is a multiple collision domain, and in Cisco
it is still called a (24port Bridge), the data format in switch is called data Frames.
5. 1<wex 1G 1e<1<e}: This device is used on WANs, over internetwork (the network
of Routers); it is both multiple broadcasting & multiple collision domains because more buses are used
inside it. The address used over routers is all logical addresses (IP addresses), the data formats moving
over routers is called Packets so the packet exchange between routers in an internetwork is called packet
switching and the decision for packet switching is called packet filtering.
16-12-2009
1rexrem<xM1r@ r<OeIm
NOW WE SEE DEFFIRENT COMPANIES HAS PRODUCCED THESE DEVICES; so in order to
communicate them ISO (International Standardization Organization) has introduced some Models as following:
1. 41 4ger _mer 1rex<<rre<1<r} 7-Layers Model:
a. Application layer: This layer presents the data for users.
b. Presentation layer: It collects the data and presents it to application layer and also encryption and
decryption of data is done in same layer.
c. Session layer: This layer divides the data into sessions for every user and supplies the type of
communications whether it is Simplex, Half duplex, or full duplex.
CCNA ]ana (Anan)
2
d. Transport layer: It provides a logical link for end to end communication maybe reliable or
unreliable by the use of TCP/UDP protocols. If TCP (Transmission Control Protocol) is used
Connection Oriented Protocol works here for receiving an acknowledgment of packet arrival to
the other host but UDP (User Datagram Protocol) has no acknowledgment massage received.
This layer is also responsible for the flow control (Windowing: The size of Senders data sent at
a time, Buffering: The amount of data received at a time by receiver) to avoid Congestion. The
data is called Segment yet.
e. Network layer (L3): It provides a physical link for end to end communication, here segments are
changed into Packets for routing (checking the direction of packets) with the help of logical
addresses (IP address) and the device used here is Router
i
under protocols as Routing protocols
(Refreshes the link update as RIP, IGRP etc) & Routed protocols (helps a packet rich to its
destination from a host as IPv4, IPv6) both work together interconnecting each other.
f. Data link layer (L2): Frames transfer occurs now by the use of physical addresses (MAC
address) and the devices for this layer are switches
ii
, Intelligent HUB, further two layers work
inside this layer as MAC (Media Access Control) layer that interacts with the upper layer
(Physical), LLC (Logical Link Control) layer that interacts with the lower (Network) layer.
g. Physical layer (L1): The devices on this layer are Dump HUB as a multiport Bridge to provide
communication for sending and receiving bits (0, 1).
2. 1/11 (Transmission Control Protocol/ Internet Protocol)
4-Layers Model: introduced by DOD (Department Of Defense)
a. Process/Application layer: It works as OSI first 3 layers to provide user interface.
b. Host-to-Host layer: All the data is sequenced here as in session layer and provides end to end
communication by the use of protocol from transport layer.
c. Internet layer: It provides routing by the use of logical addresses as in Network layer.
d. Network access layer: It does all the activities done in Data link layer & Physical layer.

i
Metric: The destination between two internetworks, where routing and routed protocols work.
ii
If switches work for routing in network layer so they are called L3 switches.
CCNA ]ana (Anan)
3
17-12-2009
3. 1m<< G-Im_ex W1exmx<W1<mI W<OeI
a. Access layer: It completes the switching for Host-to-Host communication by switches over
LANs and VLANs.
b. Distribution layer: It distributes packets after taking routing decisions by routers with the help of
logical addresses.
c. Core layer (Back bone layer): It completes the transportation through physical link for end to end
communication.
11 WOOxemmem
Internet Protocol addresses is of two types as (IPv4, IPv6).
1. 11<: It consists of 32 bits (4Bytes), 4 octets separated by dots (.) as (xxx.xxx.xxx.xxx), it is
called decimal addresses because only decimal numbers are used in it and classified into five classes:
a. Class A: (1.0.0.0) to (126.255.255.255)
i
for large organizations (Governmental)
b. Class B: (128.0.0.0) to (191.255.255.255) for middle range companies
c. Class C: (192.0.0.0) to (223.255.255.255) for small organizations
d. Class D: (224.0.0.0) to (239.255.255.255) for Multicasting
e. Class E: (240.0.0.0) to (247.255.255.255) Under research for future use
Due to the lake of IP addresses some rules were introduced as NAT (Network addresses Translation), CIDR
(Classless Inter Domain Routing (Sub netting)), Private IP addresses for each class of IP (10.0.0.0 -
10.255.255.255/ 172.16.0.0 - 172.31.255.255/ 192.168.0.0 - 192.168.255.255) but again the lake of IP
addresses were felt so IPv6 was introduced.
2. 11<W: It consists of 128 bits (16 Bytes), 8 octets separated by colons (:) and it supports
hexadecimal numbers as (xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx), it is of three types:
a. Global unicast IP: This type starts with (2001, 3001, 4001)
ii
, it is used on WANs for routers e.g.
(2001:0000:0000:0000:0000:0000:0000:0001) - (2001:0000:0000:0000:FFFF:FFFF:FFFF:FFFF)
in this type the first four octets is network portion and last four octets are host but called interface
portion.
b. Site local IP: These are not purchased as Private IP addresses and starts with (FEC0:) e.g.
(FEC0:0000:0000:0000:0000:0000:0000:0001)
c. Link local IP: These are used inside LAN communications and starts with (FE80:) e.g.
(FE80:0000:0000:0000:0000:0000:0000:0001)
Multicast addresses starts with (FE00:) and used for multicasting.
IPv6 can be abbreviated as bellow:
(2001:0000:0000:0000:0000:0000:0000:0001) = (2001::0000:0000:0000:0001)
(2001::0010:0000:0000:0001) = (2001:: 10::1) IPv6 is used over Back bones.
1wmI mm<M1r@: The way of communication between IPv4 & IPv6 through NATTING, this is
called a GRE tunnel.
IPv6 (NATTING) IPv4 (NATTING) IPv6

i
The IP (127.0.0.1) is called Loop back IP that is used for self pinging with a switch or other device.
ii
(3001, 4001) is not used yet.
CCNA ]ana (Anan)
4
18-12-2009
X X X X1114 1114 1114 1114
Only for IPv4 (IPv6 can not be subnetted): A network runs over subnet masks defined for them, subnet mask is
used to define the number of hosts allowed and send through a network by its host portion but network portion
can not be subnetted; each IP class has got an automatic default subnet mask as below:
1. Class A: Network (255.)- Host (0.0.0) = (255.0.0.0)
2. Class B: Network (255.255.)- Host (0.0) = (255.255.0.0)
3. Class C: Network (255.255.255.)- Host (0) = (255.255.255.0)
4. Class D: Network (255.255.255.255) - Host () = (255.255.255.255) for routers only.
5. Class E is still under research for future use.
<r<ex1r@ m Oe<1rmI 11 1r< k1rmx_ (255.0.0.0)
255: 11111111
0: 00000000
0: 00000000
0: 00000000 255 = 1 1 1 1 1 1 11
Now as we see here all 1s shows the up/on bits and all the 0s shows the down/off bits.
21-12-09
MWm 1m ^wk re1r@"
The word Subnet is derived from two words; Sub (a part of), Net (network) so it means being a part of
network, an internetwork is also called the part of a network, to avoid wasting the large amount of IP addresses
of a skim subnetting is introduce, by the help of which we can divide a class of IP addresses into small
subnetworks so that a class of IP addresses is used by a large amount of networks. In each networks IP series
the first and the last IP is not used by users/hosts because the first IP of every IP pool is for self network
identification (Network IP) and the last IP of every pool is used for broadcast of that network (Broadcast IP); so
the least number of IP addresses in each pool must be 4 in order to connect only two users/hosts. Two directly
connected devices should used same networks IP; e.g. two routers and connected to each other, the assigned IP
for their connected interfaces
i
should continue as (192.168.1.1 & 192.168.1.2).
1<m < mwkre
For subnetting a class of IP addresses we should know some of the following terms:
1. Each class of IP has a default subnet mask, the number of up bits in a default subnet mask is called the
prefix value for that class of IP addresses; e.g. in class C default subnet mask is (255.255.255.0) in
binary number we can have it as (11111111.11111111.11111111.00000000), start counting from left
side we have 24 up bits so the prefix value for class C is (24).
2. Value extracted from binary number is on the base of following weights (
128
1
64
1
32
1
16
1
8
1
4
1
2
1
1
1) the
on bits weight is added from left side and written e.g. 11111000 = (128+64+32+16+8) = 248
3. Subnetting always occurs in the host portion of an IP class by changing down bits to up so its
added to the network portion.
4. For getting the number of pools (group) and IP addresses per pool some formulas are used as the
formula (2
n
where n = up bits of a subnetted mask) to find out the number of Pools or groups, the
formula (2
n
where n = down bits of subnetted mask) to find range of IP addresses per pool, in each
pool 2 IP addresses are considered as Network & Broadcast IPs then the formula (2
n
-2 where n =
down bits of sub netted mask) is used for total usable IPs for hosts. The number of IP/pool including
network and broadcast IP addresses is called block size.
5. The prefix value after subnetting can be called CIDR value as well, and its range for every class is
fixed in which a mask can be subnetted but (31 & 32) CIDR values are not valid for subnetting because
for 31 we cant get user IPs and for 32 no IP available.

i
A router is not included in a network only the interface is used in a network; a router can be used by multiple networks.
/ 2 2 2 2 2 2 2
255 127-1 63-1 31-1 15-1 7-1 3-1 1-1
CCNA ]ana (Anan)
5
22-12-09
wkre1r@ <Immm Some notations about this class:
1. The prefix value for class C is 24; (X.X.X.X/
24
)
2. The CIDR value range is (25 to 32); (X.X.X.X/
25-32
); But (31 & 32) CIDR is not used for user
3. Default subnet mask is (255.255.255.0)
4. For better study of this class; we start sub netting from 30 downward.
e.g. IP 192.168.0.0/
24
; Default mask 255.255.255.0 = 11111111.11111111.11111111.00000000
For IP 192.168.0.0/
30
; Subnetted mask 255.255.255.252; last octet = .111111100
Number of pools = 2
6
= 64 Number of IP per Pool = 2
2
= 4
1
st
: 192.168.0.0 Network IP
192.168.0.1
192.168.0.2
192.168.0.3 Broadcast IP
2
nd
: 192.168.0.4 Network IP
192.168.0.5
192.168.0.6
63
rd
: 192.168.0.248 Network IP
192.168.0.249
192.168.0.250
64
th
: 192.168.0.252 Network IP
192.168.0.253
192.168.0.254

For IP 192.168.0.0/
29
Number of pools = 2
5
3
= 8
1
st
: 192.168.0.0 Network IP
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
192.168.0.6
32
nd
: 192.168.0.248 Network IP
192.168.0.249
192.168.0.250
192.168.0.251
192.168.0.252
192.168.0.253
192.168.0.254

For IP 192.168.0.0/
28
Number of pools = 2
4
4
= 16
1
st
: 192.168.0.0 Network IP
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
192.168.0.6
192.168.0.7
192.168.0.8
192.168.0.9
192.168.0.10
192.168.0.11
192.168.0.12
192.168.0.13
192.168.0.14
16
th
: 192.168.0.240 Network IP
192.168.0.241
192.168.0.242
192.168.0.243
192.168.0.244
192.168.0.245
192.168.0.256
192.168.0.247
192.168.0.248
192.168.0.249
192.168.0.250
192.168.0.251
192.168.0.252
192.168.0.253
192.168.0.254

CCNA ]ana (Anan)
6
For IP 192.168.0.0/
27
; Subnetted mask 255.255.255.224; last octet = 11100000
Number of pools = 2
3
5
= 32
1
st
: 192.168.0.0 Network IP
192.168.0.1
. . .
. . .
. . .
8
th
: 192.168.0.224 Network IP
192.168.0.225
. . .
. . .
192.168.0.254

For IP 192.168.0.0/
26
Number of pools = 2
2
6
= 64
1
st
: 192.168.0.0 Network IP
192.168.0.1
. . .
. . .
192.168.0.62
2
nd
: 192.168.0.64 Network IP
192.168.0.65
. . .
. . .
192.168.0.126
3
rd
: 192.168.0.128 Network IP
192.168.0.129
. . .
. . .
192.168.0.190
4
th
: 192.168.0.192 Network IP
192.168.0.193
. . .
. . .
192.168.0.254

For IP 192.168.0.0/
25
Number of pools = 2
1
7
= 128
1
st
: 192.168.0.0 Network IP
192.168.0.1
. . .
. . .
192.168.0.63
192.168.0.64
. . .
. . .
192.168.0.126
2
nd
: 192.168.0.128 Network IP
192.168.0.129
. . .
. . .
192.168.0.191
192.168.0.192
. . .
. . .
192.168.0.254
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1<em:
1. To find the specific pool with its network and broadcast IPs for a subnetted IP address with the CIDR
value given, follow this manner; first solve the number of Pools and IP per pool from the CIDR value
given, second get the subnet mask for the IP, finally write down the pool as in following example:
E.g. Find the Network and Broadcast IPs for the pool which (194.100.9.83/
29
) IP exists in?
Ans: CIDR value = 29, it means last octet is (.11111000) so the subnet mask is 255.255.255.248;
number of pools = 2
5
(32); number of IP/pool = 2
3
(8). So by counting (10x8=80 & 11x8=88
80<83<88) we get this IP exists in 11
th
Pool, and the network IP for this Pool is [(Pool no-1) x No
of IP/pool] = [(11-1) x 8 = 80] (194.100.9.80) & the Broadcast IP is got [(Pool no x No of
IP/pool) -1] = (11 x 8 -1 = 87) (194.100.9.87)
2. Network IP of every Pool is in Even numbers other than Broadcast IP is always in Odd numbers.
CCNA ]ana (Anan)
- 7 -
23-12-09
wkre1r@ <Immm Some notations about this class:
1. The prefix value for class B is 16; (X.X.X.X/
16
)
17-32
4. For better study of this class; we start sub netting from 17 upward to 24.
E.g. IP 172.16.0.0/
16
; Default mask 255.255.0.0 = 11111111.11111111.00000000.00000000
For IP 172.16.0.0/
17
; Subnetted mask 255.255. 128.0; last two octets = .10000000.00000000
Number of pools = 2
1
15
= 32768
1
st
: 172.16.0.0 to 172.16.127.255 Last: 172.16.128.0 to 172.16.255.255
For IP 172.16.0.0/
18
; Subnetted mask 255.255.192.0; last two octets = .11000000.00000000
Number of pools = 2
2
14
= 16384
1
st
: 172.16.0.0 to 172.16.63.255 Last: 172.16.192.0 to 172.16.255.255
For IP 172.16.0.0/
19
Number of pools = 2
3
13
= 8192
1
st
: 172.16.0.0 to 172.16.31.255 Last: 172.16.224.0 to 172.16.255.255
For IP 172.16.0.0/
20
Number of pools = 2
4
12
= 4096
1
st
: 172.16.0.0 to 172.16.15.255 Last: 172.16.240.0 to 172.16.255.255
For IP 172.16.0.0/
21
Number of pools = 2
5
11
= 2048
1
st
: 172.16.0.0 to 172.16.7.255 Last: 172.16.248.0 to 172.16.255.255
For IP 172.16.0.0/
22
Number of pools = 2
6
10
= 1024
1
st
: 172.16.0.0 to 172.16.3.255 Last: 172.16.252.0 to 172.16.255.255
For IP 172.16.0.0/
23
Number of pools = 2
7
9
= 512
1
st
: 172.16.0.0 to 172.16.1.255 Last: 172.16.254.0 to 172.16.255.255
For IP 172.16.0.0/
24
; Subnetted mask 255.255.255.0; last two octets = .11111111.00000000 (For Class B)
Number of pools = 2
8
8
= 256
1
st
: 172.16.0.0 to 172.16.0.255 Last: 172.16.255.0 to 172.16.255.255
24-12.09
wkre1r@ <Immm W Some notations about this class:
1. The prefix value for class A is 8; (X.X.X.X/
8
)
9-32
4. For better study of this class; we start sub netting from 9 upward to 16.
E.g. IP 10.0.0.0/
8
; Default mask 255.0.0.0 = 11111111.00000000.00000000.00000000
For IP 10.0.0.0/
9
; Subnetted mask 255.128.0.0; last 3 octets = .10000000.00000000.00000000
Number of pools = 2
1
23
= 8388608
1
st
: 10.0.0.0 to 10.127.255.255 Last: 10.128.0.0 to 10.255.255.255
For IP 10.0.0.0/
10
Number of pools = 2
2
22
= 4194304
1
st
: 10.0.0.0 to 10.63.255.255 Last: 10.192.0.0 to 10.255.255.255
For IP 10.0.0.0/
11
Number of pools = 2
3
21
= 2097152
1
st
: 10.0.0.0 to 10.31.255.255 Last: 10.224.0.0 to 10.255.255.255
For IP 10.0.0.0/
12
Number of pools = 2
4
20
= 1048576
1
st
: 10.0.0.0 to 10.15.255.255 Last: 10.240.0.0 to 10.255.255.255
For IP 10.0.0.0/
13
CCNA ]ana (Anan)
- 8 -
Number of pools = 2
5
19
= 524288
1
st
: 10.0.0.0 to 10.7.255.255 Last: 10.248.0.0 to 10.255.255.255
For IP 10.0.0.0/
14
Number of pools = 2
6
18
= 262144
1
st
: 10.0.0.0 to 10.3.255.255 Last: 10.252.0.0 to 10.255.255.255
For IP 10.0.0.0/
15
Number of pools = 2
7
17
= 131072
1
st
: 10.0.0.0 to 10.1.255.255 Last: 10.254.0.0 to 10.255.255.255
For IP 10.0.0.0/
16
; Subnetted mask 255.255.0.0; last 3 octets = .11111111.00000000.00000000 (Class A)
Number of pools = 2
8
16
= 65536
1
st
: 10.0.0.0 to 10.0.255.255 Last: 10.255.0.0 to 10.255.255.255
1<em:
1. CIDR value is called a also Subnetted prefix for a class of IP; which is the abbreviation for (Classless
Inter Domain Routing) but when in it was introduced by Cisco so changed to CCIDR (Cisco CIDR).
2. The number of usable IPs in a class excluding Network and Broadcast IPs is called Block size.
26-12-09
N1W Nmx1mkIe 1er@W wkre WmmM}
This is a easy way to take a network and create many networks using subnet mask of different lengths and
different types of network designs called VLSM networking, it benefits us to save a group of IP address space,
as we can have different subnet masks for different router interfaces each joining separate networks as you can
see in this figure:

CCNA ]ana (Anan)
- 9 -
29-12-09
1 11 14X114 4X114 4X114 4X114
1<wexm
This device is used over network layer on internetwork, it uses and operating system called IOS (Internetwork
Operating System) that provides us Communication, Static/Dynamic routing support, Scalability
i
, Security for
user and network access. There are four ways for routers connectivity in different conditions as:
1. Console cable: this is a RS232 & RJ45 ends connecter cable used for essential configuration only;
its further usage for troubleshooting or traffic control is not recommended by Cisco.
2. Telnet: Once configuration is done on a router and it is up, then if any traffic problem or troubleshooting
occurs then the router is accessed from remote area by NMS (Network Management Server) via Telnet.
3. Aux (Auxiliary): this connectivity is done through a modem connected to the router and the number
assigned for it, is dialed remotely and then router is set, but new routers doesnt have modem interfaces.
4. SSH (Secure Shell): here, a router is configured remotely by an OS as windows or Linux
ii
but not used
with new routers.
A figure from backside of a Cisco 2600 router shows the important ports
iii
except two serial ports used for
connecting to other routers called (Point to point/ Peer to peer) connectivity.
1<wex <<r11@wxm1<r: Router configuration is of two types; when it is configured
through Console cable or Aux directly, it is called Out-of-band, while configuring through Telnet or SSH
from any of its networks that is called In-band configurations. Configuring through console cable: after
connecting RS232 PC port to RJ45 router console port, then on Windows XP follow this path: Start> All
programs> Accessories> Communication> Hyper terminal> Edit for any Name> Click Restore Default for
values> OK> wait while router completes its loading step> Edit NO then you move to Router console mode
(you are asked to press RETURN)> by pressing Enter move to User executive mode ( Router> )> Edit for
(enable)
iv
command and by pressing Enter, it moves to User privilege mode ( Router# ) here you can
access basic commands to show or check some information about router by using following commands:
1. show version For checking the version of a router.
2. show ? For getting more info about show usages.
3. show clock For checking router time.
Using the command (configure terminal) and pressing Enter, move to Router/User/Global
configuration mode determined as ( Router(config)# ) where you get access to configure a router.

i
The ability to adjust configuration and size to fit new conditions
ii
Not much usage because Linux is mostly used on servers and router is not configured by a server
iii
On ports the sign 0/0 means (
Slot number
/
Port number
).

iv
If any word is present uniquely in IOS dictionary so by typing only some begging letter of command and pressing TAB; the
command will be auto completed as: ena > enable, conf t > configure terminal etc.
CCNA ]ana (Anan)
- 10 -
30-12-09
1<wex w m1<W mOr1r1mxm1<e 1wr<1<rm
Introducing four functions to administrate a router or a switch:
1. 1<m rmre: first and most important point is to configure a host name for a router with the
help of (hostname) command followed by a specific name for router or switch.
2. 1mmmm<xO: as you know security is must for a device so that security is implemented by
configuring the following password configurations to the device step by step in configuration mode:
a. Enable password: the passkey implemented by (enable password) command followed by a
password, asked back while moving to User privilege mode but this password is revealed
while showing running configurations then secret code is used.
b. Enable secret password: this code is implemented by (enable secret) followed by a pass
code, and this code for hacking avoidance in routers.
c. Aux password: auxiliary pass code is implemented by (line aux 0 password a word
login ) commands for aux port, this is asked when router is accessed through Aux
connectivity, the 0 or 1 digits included command shows the number of ports on router.
d. Console password: console pass code is implemented by (line console 0 password a
word login ) command for security on connectivity through console cable.
e. Telnet password: this code is very important to secure a router from hacking that is easily
implemented by (line vty 0 4 password a word login ) commands, the number
of telnet servers access is defined while password configuration in the underlined part of the
command, which is (0 4) for non enterprise IOS and (0 1180) for enterprise IOS version.
3. mrrexm: it is used to display information, its of four types: 1. Executive process, 2. Incoming
process, 3. Login process (console), and 4. Massage of the day (contains a routers information located
at the top, arrange it in user configuration mode of a router by (banner motd # some information
about the router # ), shown back after console mode.
4. 1rex1m<e Oem<x1g1<r: at User privilege mode; for getting information about the
ports connectivity using commands as (show ip interface brief ) to check routers
interfaces IP assigned to, (show int followed by interface Id as s0/0, s0/1, f0/0 or f0/1) to
get information about the specific ports connectivity, to describe a port; at interfaces configuration
mode (description Some words to describe the port ) command is used, this description is
shown back in user privilege mode for interface.
Implementations: switch on a router and start with the following! Command Descriptions
Router>enable User Executive mode.
Router#configure terminal User privilege mode.
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname "Qta router" Changing hostname.
Qta router(config)#enable password 123 Adding Enable password.
Qta router(config)#enable secret 456 Adding Enable secret password.
Qta router(config)#line console 0 Entering console line.
Qta router(config-line)#password 789 Adding Console password.
Qta router(config-line)#login Enabling console password.
Qta router(config-line)#exit Getting out of console line.
Qta router(config)#line vty 0 4 Entering telnet path for 5 users.
Qta router(config-line)#password 1234 Adding password for telnet users.
Qta router(config-line)#login
Qta router(config-line)#exit
Qta router(config)#banner motd # Adding Massage of the day banner.
Enter TEXT message. End with the character '#'.
This is the Quetta router # Banner massage, ending with #.
Qta router(config)#interface serial 0/0 Entering interface mode.
Qta router(config-if)#description "This port is connected to Karachi"
CCNA ]ana (Anan)
- 11 -
Qta router(config-if)#exit Description added to the port.
Qta router(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
Qta router#show interface serial 0/0 Show command in privilege mode.
Serial0/0 is down, line protocol is down (disabled)
Hardware is HD64570
Description: "This port is connected to Karachi" This line is added via description.
%SYS-5-CONFIG_I: Configured from console by console
This is the quetta router This is the banner, defined earlier.
User Access Verification
Password: Console password is needed.
Qta router>enable
Password: Enable password is needed.
Password: Enable secret password is needed.
Qta router# Back to privilege mode.
1<em:
1. For ending any configuration use the command (exit).
2. For console and Aux connectivity users we can set session time.
31-12-09
1<w1r@
Defining paths for packets transfer from one internetwork to another internetwork is called routing, a router
checks packets destinies through IP addresses
i
, the destiny a packet passes leaving an interface of first router
and crosses the 2
nd
router is called One Hop distance, any routings trust worthiness is defined for its AD
(administrative distance); AD value varies between (0-255) but AD approximating to (0) is considered the
better routing because lower AD path is always followed by packets, after defining the paths (routing) & router
configurations a router creates some tables for saving different information on them as:
1. Routing table: this table is made in a router to keep routes information on it.
2. Neighbor table: this table saves information about its neighbor router.
3. Topology
ii
table: if two routers are connected by multiple connections, so some routers save all
connection routes on routing table but some of them save only the best connectivity on routing table
then the remaining connections are saved on topology table with networks structure. Topology table is
same for all routers in an internetwork because all routers are connected to same structured network.
Routing is of three types as Static routing, Default routing, Dynamic routing.

i
IP addresses are assigned and used only with devices having multiple broadcasts as router not single broadcast as switches.
ii
Topology is the name for a network structure.
CCNA ]ana (Anan)
- 12 -
m1< x<w1r@: in static routing a network administrator has to define all routes of a network
manually, which has got some advantages as:
1. Once all routes are defined then there is no need felt for update packets, which due to less overhead.
2. The AD value for static routing is (1) which is considered the best AD.
But some disadvantages of static routing are:
1. Static routing depends on network administrator with a lot of responsibilities.
2. A static routed network can not be managed easily without a basic model guide for it.
01-01-10
Static routing configuration: for the implementation of static routing we attend the following example:
PC/Switch, Switch/Router is straight cable but Router to Route is Pair to pair connectivity.
On Router1:
Self decompressing the image:
########################################################################## [OK]
--- System Configuration Dialog --- COMMAND DISCRIPTIONS
Continue with configuration dialog? [Yes/no]: No Continue with manual setup
Press RETURN to get started! Press ENTER
Router>Enable User executive mode
Router#conf t User privilege mode
Router(config)#Hostname A Changes routers name
A(config)#int s0/0 Enter a serial interface
A(config-if)#ip address 1.0.0.1 255.0.0.0 Assign IP
A(config-if)#encapsulation PPP Establish peer connection
A(config-if)#no shutdown Interface turns on
A(config-if)#exit Get out of interface
A(config)#int f0/0 Enter a Fast Ethernet interface
A(config-if)#ip address 200.100.50.1 255.255.255.0 Assign IP
A(config-if)#no shutdown Interface turn on
A(config-if)#exit
A(config)#do show ip interface brief Check IP configurations
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 200.100.50.1 YES manual up up
Serial0/0 1.0.0.1 YES manual up up
Serial0/1 unassigned YES manual administratively down down Means (it isnt made UP)

CCNA ]ana (Anan)
- 13 -
On Router 2:
Self decompressing the image:
########################################################################## [OK]
--- System Configuration Dialog ---
Continue with configuration dialog? [Yes/no]: No
Press RETURN to get started!
Router>Enable
Router#conf t Configurating terminal
Router(config)#hostname B
B(config)#int s0/0
B(config-if)#ip address 1.0.0.2 255.0.0.0
B(config-if)#clock rate 64000 Must for DCE port
i

B(config-if)#encapsulation PPP Only on Serial connections
B(config-if)#no shutdown
ii

B(config-if)#exit
B(config)#int f0/0
B(config-if)#exit
B(config)#do
iii
show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 200.100.100.1 YES manual up up
Serial0/0 1.0.0.2 YES manual up up

Back to Router 1:
A(config)#ip route 200.100.100.0 255.255.255.0 1.0.0.0 Mention route in Static routing
A(config)#do show ip route Check routing table
C 1.0.0.0/8 is directly connected, Serial0/0 Directly connected
C 200.100.50.0/24 is directly connected, FastEthernet0/0
S 200.100.100.0/24 [1/0] via 1.0.0.0 Mentioned through routing

Back to Router 2:
B(config)#ip route 200.100.50.0 255.255.255.0 1.0.0.0 STATIC ROUTING
iv

B(config)#do show ip route
C 1.0.0.0/8 is directly connected, Serial0/0
S 200.100.50.0/24 [1/0]
v
via 1.0.0.0
C 200.100.100.0/24 is directly connected, FastEthernet0/0
B(config)#do ping 200.100.50.1 Check direct connectivity
!!!!! Connection success sign but (.....) is connection failed sign

On Router 1:
A(config)#do ping 200.100.100.1
!!!!!

1<e: While assigning IP for PCs: PC1 (IP 200.100.50.2, Subnet 255.255.255.0, Default gateway
200.100.50.1
i
) but PC2 (IP 200.100.100.2, Subnet 255.255.255.0, Default gateway 200.100.100.1)

i
The clock rate is must on a DCE (Female) serial port for synchronization.
ii
While making further changes on an interface it should be turned down by the use of (shutdown) command.
iii
This Do is used before a command from User privilege mode to enforce it run at Configuration mode.
iv
For canceling any of the defined routes just use (no) command before that routing command.
v
(1) shows the AD (Administrative Distance) and (0) shows METRIC (number of Hopes) for a route.
CCNA ]ana (Anan)
- 14 -
04-01-10
1e1mwI x<w1r@: default routing is also called default static routing, it has got less overhead
than static routing with the best (AD = 0), but the most important point is; default routing is configured where
only one exit point
ii
exists on the router otherwise, loop will occur whilst the packet will be moving round the
network but gets to no LAN network. For default routing; no route is defined in routing table but only one line
starting with (S*) sign that defines a default route. As we see in example below: here default routing is
configured only on Router D because the only exit point is from (S0/0), no other exit point but on (A, B, C)
routers we define all networks statically as before:
Now in this model we see that Router A has got 3 exit
interfaces, Router B has got 2 exit interfaces, and
Router D also has got 2 exit interfaces so we cant
configure Default routing on them but as we see that
Router C has got only one exit interface (highlighted
in blue). So after all IP configurations on routers and
Static routings for (A, B, C) routers at last we can
configure default routing on Router D as defined only
by one line for its exit point: [C (config)#IP route
0.0.0.0 0.0.0.0 4.0.0.0] and on its routing
table, it is shown as: (S* 0.0.0.0/0 [1/0]
via 4.0.0.0) which is different from other
routers routing table.

Default routing model

05-01-10
1_rmr1< x<w1r@: The routing which follows some algorithms (set of rules called protocols)
is called dynamic, it is also easy to configure and troubleshoot as compare to Static routing, every protocol is
defined for its specific metric that it uses, some of them makes and works on all (Routing, Neighbor, &
Topology) tables but some works only on routing tables. This is the routing in which routers check all
(protocols, links, connectivity for neighbor routers etc) then every router sends the collected information to its
all neighbor routers as a packet called Update packet, if a router receives no update packet from its neighbor
router then it puts a cross on that neighbor. Dynamic routings protocols are defined in Types and Classes:
1x<<<<I _gem: protocols are defined in three types as following:
1. Routing Information Protocol: its metric that it works on is hop-counts and its examples are RIP, RIPv2.
2. Interior Gateway Protocol: its metric is Bandwidth (links capacity) and runs on only one Autonomous
iii

inside as IGRP (Interior Gateway Routing Protocol) its Ciscos proprietary but very weak.
3. Exterior Gateway Protocol: it has no relation inside a network but it work on the outgoing connectivity
of a network as an outstanding, and strong protocol but inside a network itll be the weakest one, its not
corrupt shortly but again its information is update by user as: BGP (Border Gateway Protocol).
1x<<<<I Immmem: protocols are classified into three classes as following:
1. Distance vector protocol: for its distance measuring vector it uses Hop-counts and always follows the
less number or hops as RIP, RIPv2, and IGRP
iv
.

i
PCs default gateway is always the IP assigned on routers interface joining same network.
ii
Only Serial or peer to peer connectivity is called an exit point for a router, not a fast Ethernet.
iii
A huge size of network by routers connected to the only network is called one Autonomous System AS.
iv
IGRP uses bandwidth but while facing equal hop-counts; it prefers to follow high bandwidth.
CCNA ]ana (Anan)
- 15 -
2. Link state protocols: considering its distance measured, always the shortest path is followed and works
on all three tables as OSPF (Open Shortest Path First) which is a widely used, and reliable protocol for
interior and different autonomous system networks.
3. Hybrid protocols: it is mixed up of both first and second protocol classes and uses its specifics as EIGRP
(Enhanced Interior Gateway Routing Protocol) which also works on different Autonomous systems.
06-01-10
RIP: RIP is a distance victor protocol that sends update packets to neighborly connected routers; duration
between two update packets sent is (30sec) called update timer, if no update packet is sent by a router for
(180sec) called Invalid timer then it is marked as invalid for neighbor router, after invalid timer Hold down
timer up to 240sec starts during which an echo packet is sent by neighbor router and waits for reply, but if till
240sec no reply received then the next Flash timer starts in which the down router is removed from neighbor
routers routing table. Maximum number of hops for RIP is 15, means that RIP can be configured over 15
routers network, while trying to connecting the 16
th
router on RIP a Destination unreachable massage is
shown so it is efficient for small network to the range of 15 routers. The AD value for this protocol is 120. Rip
i

supports only class-full routing because no subnet mask information is sent in update packets. Rip supports 4 to
6 serial up connectivity at a time for two routers called Equal load balancing but no support of down
connectivity for backup on its topology table called Unequal load balancing. The algorithm used by RIP is
called Belemenford algorithm. For configuring RIP on a router use (router RIP ) command, then add
all networks directly connected to the router by mentioning their network IP via command as (network
1.0.0.0 Exit) on all routers joining a network.
07-01-10
RIP configuration: here we can see that after all interfaces IP configured then dynamic routing is configured
on two routers using RIP protocol just by opening the Rips command and define all directly connected network
to the router as following:
Router A:
A(config)#router rip
A(config-router)#network 1.0.0.0
A(config-router)#exit

Router B:
B(config)#router rip
B(config-router)#network 1.0.0.0
B(config-router)#exit
On routing table the network connected to a router via rip is
shown as you see here on router B:
(R 200.100.50.0/24 [120/1] via 1.0.0.1, 00:00:12, Serial0/0)
08-01-10
RIP version 2: in short to explain that all other specifics between RIP and RIPv2 as (Metric, AD, timers, and
maximum routers support on one network) are same but two major differences are:
1. RIPv2 supports classless routing since it is sending the subnet mask information in update packets so
VLSM is also supported by RIPv2.
2. RIPv2 is introduced with a multicasting feature as it has a multicast IP address (244.0.0.9) but RIP was
able to unicast only, no multicasting on RIP.
While configuring RIPv2 the only difference is the use of (version 2 ) command after opening RIP.
11-01-10

i
In RIP configured network the only CIDR value for all classes of IP is supported.
CCNA ]ana (Anan)
- 16 -
RIPv2 configuration: check here that after all interfaces IP configured then dynamic routing is configured on
two routers using RIPv2 protocol just by opening the Ripv2s command and define all directly connected
networks to the router as following:
A(config)#router rip
A(config)#version 2
B(config)#router rip
B(config)#version 2
If routers are connected in a circle so one routers LAN will be
shown twice in routing table with different hops because it will be available via both paths.
12-01-10
IGRP (Interior Gateway Routing Protocol): This routing protocol which is a Cisco proprietary, is an interior
gateway protocol, it is from distance vector class and works on different autonomous systems. This protocol is
developed to overcome the RIP problems seeing that IGRP includes 100 hop-counts for best service but it is
scalable to its maximum support of 255 hop counts. IGRP has 90 seconds update timer. By default hop-count
is the metric for IGRP but due to providing both equal and unequal load balancing (bandwidth & delay) is also
used called composite metrics for it, some non-default metrics as (Reliability, Load, and MTU
i
) are used. The
algorithm followed by IGRP is Belmenford, having the AD = 100. IGRP is a class-full routing protocol, but
finally to declare that IGRP is the older version so not used anymore. The sample configuration on a router is
simple as starting with (Router IGRP 1) command where 1 is the number of AS, that is to be same for all
routers then continue the commands for advertising directly connected networks.
13-01-10
EIGRP (Enhanced Interior Gateway Routing Protocol): it is an interior gateway protocol, enhanced or
advanced distance vector protocol that also contains some features from Link state protocol class so it is a kind
of hybrid class protocols, because by default its metric is hop-count (Best till 100 routers, scalable to 255) but
being the best protocol for unequal load balancing; it uses composite and non-default or secondary metrics as
used by IGRP. Only at networks upping time EIGRP sends an update packet to neighbor routers after that in
each update timer
ii
only an echo packet is sent, no update packet anymore until any change occurs in
networks topology; this results to maximize bandwidth
iii
and lessen chocking on network. EIGRP is rapid
convergence (spread fast over network) protocol, which can work on different AS. The algorithm followed by
EIGRP is DUAL (Diffusing Update Algorithm), and this is the best protocol of Cisco proprietary with the
reliable AD of 90. EIGRP is a classless routing protocol that supports VLSM, CIDR and Multicasting. Wildcard
mask configuration, which is used for blocking and permitting networks and users, is also supported by the
mentioned protocol, but its configuration is optional as an example (wildcard mask for 255.0.0.0 is
0.255.255.255). Not to forget that beside IPv4 this protocol supports IPv6 as well. The ease in configuration is
to open it by (router EIGRP 1) command and advertise all directly connected networks to a router.

i
MTU stands for Maximum Transmission Unit.
ii
The update timer for EIGRP is also same as IGRP (90 Sec).
iii
Also called low bandwidth utilization that means network resources utilization.
CCNA ]ana (Anan)
- 17 -
14-01-10
EIGRP configuration: After all interfaces IP configured then dynamic routing is configured for two routers
using EIGRP protocol just by opening the EIGRPs command and advertise all directly connected networks to
the router as following:
A(config)#router EIGRP 1
A(config-router)#network 1.0.0.0 0.255.255.255
A(config-router)#network 200.100.50.0 0.0.0.255
B(config)#router EIGRP 1
B(config-router)#network 1.0.0.0 0.255.255.255
B(config-router)#network 200.100.100.0 0.0.0.255
When routing table was checked on Router A, shows this result:
(D 200.100.100.0/24 [90/2172416] via 1.0.0.2, 00:00:13, Serial0/0) as it
is seen that EIGRP route is defined by the letter D. Its metric is something different not hop-counts; so
dont forget that EIGRP is showing MTU, which is not a default metric but a secondary metric.
15-01-10
OSPF (Open Shortest Path First): OSPF is a link state protocol that chooses the shortest path first. The
algorithm followed by OSPF is called Dikjkastra, and it follows IETF open standards both version 1 & 2.
OSPF is an extra-scalable protocol for as much routers on a network. This is a rapid convergence protocol as
compare to RIP and RIPv2 but not as EIGRP. OSPF, which maintains and works on all three (Routing,
Neighbor, and Topology) tables, has an update timer of 40sec. OSPF contains two types of network as:
1. Multi-access network: in such a network all routers are connected by Fast Ethernet via Cross over
cables (no serial connectivity), and no routing update is sent. This network contains one Designated
Router (DR) that saves self-whole networks topology and routing information from/to other routers; if
a new router joins the network, it requests the DR for topology then DR sends it as a packet. Self DR
is elected by two manners:
a. If all routers are upped at a time then based on some rules DR election occurs.
b. If all routers are not upped at a time then the router, loaded first, becomes the DR.
After DR in a multi-access network there is Backup Designated Router (BDR) that automatically becomes
DR, if networks DR downs due to any problem. And all other networks routers are called DR other.
DR election rules: the following steps are obeyed in routers interface selection as DR of a network:
a. Router ID: every router has got a virtual or logical interface that supports up to (10) IP addresses
(0-9) called loopback IP. If any of this IP is advertised
i
on the routing protocol, it becomes that
routers ID, which cant be same for two routers in one network. So the first option noted for DR
election is the highest Router-ID to which an interface is attached.
b. Interface priority: when router is elected then its interfaces priority is checked, since a higher
priority is elected; by default each interfaces priority is 1.
c. If priority is not set or is remained by default then at third and last step higher interface IP is
elected. When DR is elected the second choice is for BDR.
These steps are followed only in case of routers circle connectivity but if routers are connected as in a tree
then only Router-ID is check for DR election; the highest R-ID becomes DR after then BDR is elected.
2. Point to point network: this network is used on different ASes each AS contains areas inside as
following:
a. Area 0, which is called the backbone area, is the main and center area for an AS.
b. Other areas, which surround area 0 and are connected to it, are called border areas.
OSPF is a classless protocol that supports VLSM, CIDR and multicasting through the fixed IP (244.0.0.5), it
possesses the AD value of (110) and it is a multi-vender
ii
protocol too. OSPF supports both IPv4 & IPv6, its

i
Router-ID is not implemented until OSPF is not reloaded by (clear IP OSPF process) command in user privilege mode.
ii
Multi-vender means that it can be implemented on non-Cisco devices.
CCNA ]ana (Anan)
- 18 -
metric is called Cost; the link with lowest cost value is more reliable and can provide high bandwidth. OSPF
provides equal and unequal load balancing for unlimited connections, while unequal load balancing the primary
backup link, which is defined by cost value, is called Feasible successor that is to replace primary link if it
turns down. While advertising networks on OSPF, wildcard and area definition is must. The easy configuration
is to start OSPF with (router OSPF 1) command and advertise the directly connected networks including
wildcard and specific area for a router.
16-01-10
OSPF configuration: After all interfaces IP configured then dynamic routing is configured for two routers
using OSPF protocol just by opening the OSPFs command and advertise all directly connected networks to the
router including their wildcard mask and area, which are must for OSPF as following:
A(config)#router ospf 1
A(config-router)#network 1.0.0.0 0.255.255.255 area 0
A(config-router)#network 200.100.50.0 0.0.0.255 area 0
B(config)#router ospf 1
B(config-router)#network 1.0.0.0 0.255.255.255 area 0
B(config-router)#network 200.100.100.0 0.0.0.255 area 0
Observing the routing table for router B its seen that the path guided
through OSPF is shown with the O letter, metric is Cost, and default
AD is 110 as (O 200.100.100.0/24 [110/782] via
1.0.0.2, 00:06:12, Serial0/0). Some extra commands used with protocols:
1. Show controllers int: to get information about the connectivity of any port.
2. Clear IP ospf process: used to reload all OSPF settings.
3. Show IP ospf process: used to check all processes running with OSPF.
18-01-10
M1IO<mxO <mI<wIm1<r
wildcard is calculated from subnet mask implemented to an interfaces IP as the subnet mask minus
(255.255.255.255) value for example: a routers serial interfaces IP is (1.0.0.1 255.255.224.0), as seen this is a
subnetted mask for class A, and the network IP advertised on OSPF as (1.0.0.0/
19
) then its wildcard is counted
like: (255.255.255.255 255.255.224.0 = 0.0.31.255) and defined for OSFP.
1<em:
On some switches we get additional ports as Giga, these ports use Fast Ethernet Cat 6
i
cables.
WR: this command is used after each configuration to save them for startup memory.
Ctrl + Shift + 6: this is the shortcut key for translation canceling.

i
Cat 6 cables transfer over 1000mbps data used with Giga port.
CCNA ]ana (Anan)
- 19 -
19-01-10
M11114 M11114 M11114 M11114
Starting with OSI layer-2, which is called data link layer (DLL) and includes two further layers inside namely
called MAC layer to control physical media interacting with physical layer and second is LLC interacting with
network layer to control logical links. As mentioned before, the device used in this layer is called switch that are
also of two types as L2 switches and L3 switches.
m1<W
This device is used with small networks, which are limited networks; called local area networks (LAN) relating
one organization. For such networks the area range is not considered but signal range depending on media used
for a network as in the following table:
Remember that a half
duplex communication
can never facilitate you
as a full duplex
communication. Switch
works on MAC
addresses, which is a
physical address embossed on LAN cards, it cant be same for any two LAN cards in the world. Mac addresses
of all hosts connected to a switch is resolved by a protocol named Address Resolution Protocol (ARP) from
IP addresses sent to switch in reply to switchs broadcast then saved on Mac table in switch. The main
difference between routing and switching is that; routing uses IP addresses for path definition but in switching
there is no path definition but IP address is used for host-to-host communication. The mechanism used in switch
for switching services is called ASICs (A6) to build their filter table inside switchs processor.
20-01-10
Switch is single broadcast domain that means it has got a single passage for data travel and the data sessions in
switch is called data frames. The time period while frame entry from one port and getting out of other port or in
other words the time, during which a data frame is inside a switch is called Latency so less latency switch is
considered the best. L2 switches has no routing capability but L3 switches provides routing capabilities due to
having SUP (Supervisor Engine) beside A6 mechanism. Some Cisco switch models are these:
Switching has two levels of failure namely High
point of failure that happens due to more boxes
connected in line, and second is Less point of
failure as failure is decreased by using less boxes
that L3 switch 6500 is used as best solution.
There is a rule in switching called (80-20), which
means on a LAN network; 80% of its traffic
should depend on local hosts and only 20% of its
traffic depends on out-network (e.g. internet).
As mentioned before that switch is a single broadcast domain resulting that LAN works in a single broadcast
domain and uses the network broadcast IP address, so in order to break a single broadcast into multiple
broadcasts, an option is introduced called VLAN (Virtual LAN) and its process is called virtual local area
networking.
21-01-10
N1W1: by default a switch supports 255 VLANs but only 5 of them are usable in which VLAN 1is for
user by default and the rest are for administrative functions, the action of creating VLANs only makes existing
VLANs usable. The number of VLANs depends on switchs IOS as well; if a switch has enterprise IOS it
supports (1-1005) VLANs but if switchs IOS is non-enterprise, its maximum support of VLANs is (64) and
only some of them can support up to (128) VLANs. By default all switch ports are included in VLAN 1, until

xxviii
EOS = End Of Sale, EOL = End Of Life, TMM = Top Most Models, ASA = is a name for firewall device.
Connectivity Range (meter) Speed (mbps) Communication type Cable type
Ethernet 10 10 Half duplex Cat-5
Fast Ethernet 100 100 Full duplex Cat-6e
Gigabit 1000 1000 Full duplex Cat-6u
10 Gigabit 10000 10000 Full duplex Cat-6u
100 Gigabit This is implemented but no standards applied by IEEE yet.
Type of Switch Models number Situation
L2 1900, 2900, 5000 EOS & EOL
L3 3550, 3560 EOS
L2 2950 EOS
L2 & L3 2950, 3550, 3560 TMM
L3 400, 4500, 6000, 6500
*
TMM
* 6500 is the latest model, which is all in one (Switch, Router,
ASA)
xxviii

CCNA ]ana (Anan)
- 20 -
you define them for other VLANs then broadcast domain is broken not before, but remember that one port can
be defined only for one VLAN. A short definition for VLAN can be (All local area networks in a box). When
VLANs are defined on a switch then a VLAN database
xxix
or record is created then the mentioned database is
exchanged between switches based on some rules called VLAN Trunking Protocol (VTP) via trunking. There
are two types of connectivity between switches the first one is Access (on access connectivity only one VLANs
data travels) the second one is Trunk that any VLANs data travels on it.
Configuration:
A(config)#vlan 2 Two create 2
nd
VLAN.
A(config-vlan)#name sales Assign name for VLAN.
A(config-vlan)#exit Get the VLAN mode.
A#sh vlan br Check VLANs.
VLAN Name Status Ports
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig1/1, Gig1/2
2 sales active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
22-01-10
N1 N1W1 xwrM1r@ 1x<<<<I}
Starting with some of the VTP status:
1. VTP version: VTP has got two versions (1 & 2), but on switch version 1 runs by default and its 2
nd

version has got its maximum support as (token ring).
2. VTP revision number: higher revision number is preferred for dominance, for example the switch with
high revision number overrides a switch with lower revision number means while database exchange
always high revision numbers switch overwrites its database on lower revision numbers switch.
3. VTP modes: switches are configured on three modes for VTP as:
a. Server mode: the switch with high revision number should be configured as server and VLANs
are always created on server, because its data is copied on clients.
b. Client mode: the switch wanted to get the database from any server mode switch then its mode is
changed into client.
c. Transparent mode: a switch with transparent mode is used only as a bridge between a server
mode switch and client mode in order to transfer the database from server switch to client switch,
no database is copied on transparent mode switch.
VTP mode always overrides VTP revision number for example a server switchs database is always copied
on client though client switchs revision number is being higher then server switchs revision number.
4. VTP domain: it is strongly recommended that a domain name must be given for server switch then the
same domain name is transferred to other client switches so domain name must be same for all switches
otherwise no database exchange will take place.
5. VTP password: same as domain name, VTP password is also recommended to be same for all switches,
domain name is automatically sent to other switches but database exchange occurs when same VTP
password is set on any client mode switch.

xxix
If any change occurs in VLAN database, in real time devices it takes 300 Seconds to exchange the database.
CCNA ]ana (Anan)
- 21 -
xw<M1r@
xxx
: there are two types of Trunking as DTP & manual:
1. Trunking via DTP (Dynamic Trunking Protocol): in dynamic Trunking protocol two connected ports get
different status as Auto that is looking for any other port to communicate to but the other end is
Desirable that is waiting for any auto port to communicate with, communication starts between a
pair of auto & desirable ports, as media is connected between two switches then a DTP starts by
default but cant provide communication because at that time both ends are set in auto mode and auto-
to-auto communication is not possible. Once DTP is implemented on both sides then they start sending
only link updates to each other called DTP packets and the first packet is always initiated from Auto
mode interface.
2. Manual Trunking: manual Trunking is same as static routing that all paths were defined for routers and
here on both ends, Trunking is implemented manually, as mentioned before by default DTP starts and it
send DTP packets, and after implementing manual Trunking this packets are not stopped and they are
useless for network but dangerous due to hackers, so they must be stop manually while manual
Trunking. If a manual Trunking is changed back to DTP these packets transmission starts automatically.
Configurations:
1. VTP configuration: for configuring VTP (Mode, Domain name, Password) are specified for server
switch and on client only (Mode & password) is configured as here on (A & B) switches:
A(config)#vtp mode server
Device mode already VTP SERVER
A(config)#vtp domain YAMA
Changing VTP domain name from NULL to YAMA
A(config)#vtp password 123
Setting device VLAN database password to 123
A(config)#^Z
A#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : YAMA
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest: 0x22 0x2C 0x06 0xB3 0x41 0x70 0x10 0
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)
B(config)#vtp mode client
Setting device to VTP CLIENT mode.
B(config)#vtp password 123
Setting device VLAN database password to 123
B(config)#^Z
B#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 255
Number of existing VLANs : 5
VTP Operating Mode : Client
VTP Domain Name : YAMA
VTP Pruning Mode : Disabled

xxx
The trunked port is not shown in any VLAN so it is check by (show interface f0/1 switchport) command.
CCNA ]ana (Anan)
- 22 -
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest: 0x22 0x2C 0x06 0xB3 0x41 0x70 0x10 0
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
As you see that domain name is automatically copied to client but after Trunking. The best practice is that first
configure Trunking then VTP configuration.

2. Trunking via DTP: Trunking is always configured in interface mode, always shut the interface then
configure Trunking, on which connected to other switch and in DTP it is must to define the interface
mode whether auto or desirable as following:
A(config)#int f0/1 Move to interface.
A(config-if)#shutdown Turn it down.
A(config-if)#switchport mode dynamic auto Allow DTP auto port.
A(config-if)#no shutdown Up the interface back.
A(config-if)#exit
A#show interfaces f0/1 switchport Check the Trunked switch.
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
B(config)#int f0/1 Move to interface.
B(config-if)#shutdown Turn it down.
B(config-if)#switchport mode dynamic desirable Allow DTP desirable port.
B(config-if)#no shutdown Up the interface back.
B(config-if)#exit
B#show interfaces f0/1 switchport Check the Trunked switch.
Name: Fa0/1
Switchport: Enabled
Administrative Mode: dynamic desirable
3. Trunking manually: in manual Trunking no mode is defined for interface, but not to forget that stopping
hackers is necessary (stop DTP packets exchange) because they are of no use any more so using the
(switchport nonegotiate) as following:
A(config)#interface f0/1
A(config-if)#shutdown
A(config-if)#switchport mode trunk
A(config-if)#switchport nonegotiate
A(config-if)#no shutdown
A(config-if)#exit
A#show interfaces f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
B(config)#interface f0/1
B(config-if)#shutdown
B(config-if)#switchport mode trunk
B(config-if)#switchport nonegotiate
B(config-if)#exit
B#show int f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk

CCNA ]ana (Anan)
- 23 -
23-01-10
1 gmrr1r@ xee 1x<<<<I}
xxxi

As it clear that data always follows the lower cost (high bandwidth), and the cost for between switches
connectivity is always lower then a broadcast domains cost; observing the upper examples; in figure 1: its
seen that there is a 2
nd
link as a backup so when the data enters a switch from any of primary or backup link
then it gets lower cost than broadcast domain at other backup or primary link then it goes back to its previous
switch repeating this action ends with loop occurrence. Or in figure 2: when data enters any switch then it gets
lower cost at second port instead of switchs broadcast domain finally data follows a circle ending with loop
occurrence. For avoiding these loops, there is a protocol running on every switch, called STP that blocks some
links automatically. STP is an automatic protocol used for loop avoidance; in STP there are two statuses for
switches as 1
st
one is called Root Bridge (RB), which is elected based switchs lowest priority or in case of
equal priorities highest MAC address is accepted, is the captain for a network, and the remaining switches
joined that network comes in 2
nd
status called Non-Root Bridge (NRB). This election is not stable and can be
changed by lowering the priority of any switch than RB others so it becomes the RB of network. STP provides
some roles for ports as well;
1. Designated Port (DP): ports sending BPDU, and in a Root Bridge all ports are DP and send best BPDU.
2. Root Port (RP): ports receiving BPDU/best BPDU; exist in all NRPs.
3. Non-Root Port (NRP): those ports blocked by STP, and cant receive BPDU.
BPDU (Bridge Protocol Data Unit) is the name of update packets in switching. In RB all of its ports become
DP but in NRB a DP ports is elected based on higher priority, the DP ports on a RP sends the best BPDU
but DP ports on other switches cant send best one but only BPDU and finally NRP is used by STP for
blocking any port to avoid loops.
After connecting cable to switches, it takes 52 seconds while upping the ports in which ports gets following
states as: for the first 20 seconds its two states are Blocking (Receiving BPDU) and Learning (Send and
Receive BPDU), then 15 seconds is for third state called Listening (Creating MAC table), the last (1-16)
seconds is for forth state called Forwarding (forwarding frames), at 52
nd
second the port is upped and its
color turns green from umber color. In the first condition, if the primary link is down the backup
link automatically ups as a primary and NRP is changed to RP with the help of automatic protocol of STP.

xxxi
STP is an automatic protocol so its not manually needed to block or unblock any port, it does all automatically.
CCNA ]ana (Anan)
- 24 -
25-01-10
1rexN1W1 x<w1r@: this is an old scenario used to provide communication between
VLANs in a switch but using a router port via trunk connection. In this case a switch depends on a fast Ethernet
port from router, by creating multiple logical ports in a routers physical port for each VLAN, because in this
case only Layer-2 switch is used, also considered as a high point of failure due to multiple boxes used.
Forwarding with configuration: as seen Switch is connected to router by (F0/1) trunk link, encapsulated to
(dot1Q).
Switch:
A(config)#int f0/1
A(config-if)#shut
A(config-if)#switchport mode trunk
A(config-if)#switchport nonegotiate
A(config-if)#no shut
A(config-if)#vlan 10
A(config-vlan)#exit
A(config)#vlan 20
A(config-vlan)#exit
A(config)#int f0/10
A(config-if)#switchport access vlan 10
A(config-if)#exit
A(config)#int f0/20
A(config-if)#switchport access vlan 20
A(config-if)#exit
Router:
A(config)#int f0/0.10
A(config-subif)#encapsulation dot1Q 10
A(config-subif)#ip add 10.0.0.1 255.0.0.0
A(config-subif)#no shut
A(config-subif)#exit
A(config)#int f0/0.20
A(config-subif)#encapsulation dot1Q 20
A(config-subif)#ip add 20.0.0.1 255.0.0.0
A(config-subif)#no shut
A(config-subif)#exit
A(config)#int f0/0
A(config-if)#no shut
A(config-if)#exit

On any PC run (Tracert destination IP) command to troubleshoot any path failure problem.
26-01-10
W1 WwI1Im_ex m1<W1r@}
This scenario is the outcome of previous one inside a single box, used for same purpose as to provide
communication for VLANs in a switch with the help of a layer-3 switch only. In this case only Layer-3 switch
is used, and considered with less point of failure due to using only one box replacing router and switch both. In
this case an alone L-3 switch provides both Multilayer switching and interVLAN routing, thats why it is called
a multilayer switch too (it provides both switching for Physical layer & routing for Network layer). Moving
to configuration; as observed in the model below, only switch helps us for both routing and switching, VLANs
are defined with their specific IP address and ports, all in existence on a L-3 switch.
Switch:
B(config)#int f0/10
B(config-if)#switchport
xxxii

B(config-if)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
xxxiii

B(config-if)#exit
B(config)#int f0/20
B(config-if)#switchport

xxxii
This command forces any Port to work as a switchs port not for routing.
xxxiii
If a VLAN doesnt exist and you assign any port to it then that VLAN is created automatically.
CCNA ]ana (Anan)
- 25 -
B(config-if)#switchport access vlan 20
% Access VLAN does not exist. Creating vlan 20
B(config-if)#exit
B(config)#int vlan 10
B(config-if)
xxxiv
#ip add 10.0.0.1 255.0.0.0
B(config-if)#exit
B(config)#int vlan 20
B(config-if)#ip add 20.0.0.1 255.0.0.0
B(config-if)#exit
At a time some commands can be applied on two or more ports but by selecting them as a range, in this
command for configuring two interfaces of fast Ethernet: (int range f0/1-2)
The difference between Junipers PIX firewall and Ciscos ASA firewalls is that PIX is used before defense
line router because it doesnt support WAN connections but ASA is used after last router on exact defense
line because of having support for WAN connections.

xxxiv
In this case IP is assigned to VLANs not to ports.
CCNA ]ana (Anan)
- 26 -
27-01-10
X11 X11 X11 X11
A networks security is considered in two parameters as following:
1. External parameters: depending on firewalls or routers at the defense line of a network.
2. Internal parameters: the security state depending on internal routers also called additional security that is
implemented on various parts of a network according to administration choice and mostly implemented
through Access Control List (ACL).
Security is implemented on a network for avoiding some threats thats to be denied, some examples below:
1. Denial of services (DoS): it checks packet headers and drops to find any suspected packet.
2. Trojan horse attack: this attacks a network to maintain connection with any network outside.
3. Distributed denial of services (DdoS): all running services are stopped on a network.
4. Packet sniffing: mostly happens in telecommunication, a copy of any packet is received by hacker.
5. Password attacks: discovering user passwords.
6. IP sniffing and spoofing attack: revealing any IP address that later on, it can be changed, deleted etc.
W<<emm <rx<I 11m W1}
ACL is used for securing the inside portion of an internetwork by categorizing packets, which helps to control
network traffic by user privilege or by analyzing packet traffics, to stop unwanted traffic across the network,
based on packet IP for forwarding purpose. ACL has got three types as following:
1. Standard ACL: this type is implemented at networks own side router or end terminal to control
outbound (Outgoing) traffic.
2. Extended ACL: the type configured on other end router to control inbound (incoming) traffic from other
routers.
3. Named ACL: this type can be any standard or extended ACL but the only difference is the name given
to them.
28-01-10
mrOmxO W1 <<r11@wxm1<r
Observing the following diagram; a standard ACL is configured to stop outbound traffic for all hosts in
(200.100.50.0) network except the host with (200.100.50.2) IP
address, so after running any type of routing then we see the
mentioned network is connected to the (A) router so we implement
an ACL on the same router to be a standard one as:
A(config)#access-list 1 permit host 200.100.50.2
A(config)#access-list 1 deny any
A(config)#int s0/0
A(config-if)#ip access-group 1 out
A(config-if)#exit
A#show ip access-lists
Standard IP access list 1
permit host 200.100.50.2 (4 match(es))
deny any (4 match(es))
The access-list number range (0-99) shows Standard ACL and the range of (100-199) shows an extended ACL.
On serial interface the command (Out) is given due to standard ACL for outbound traffic.
Note: remember that (out) command can be given on Fast Ethernet interface also more useful and best unless
there are VLANs defined for that port because it causes blocking interVLAN communication.
CCNA ]ana (Anan)
- 27 -
29-01-10
merOeO W1 <<r11@wxm1<r
Observing the coming diagram; an extended ACL is configured this time stopping inbound traffic to
(200.100.100.0) network Wildcard is must from all hosts in (200.100.50.0) network excluding the host with
(200.100.50.3) IP address, so after running any type of routing then observing that the destination network
(200.100.100.0) is connected to (B) router so the ACL is implemented on the same router (maybe via telnet
connection) to be a extended one for the network (200.100.50.0) connected to router (A), important to mention
that an extended ACL is recognized by its value in a range of (100-199), as:
B(config)#access-list 101 permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
B(config)#access-list 101 deny ip any any
B(config)#int s0/1
B(config-if)#ip access-group 101 in
B(config-if)#exit
B#show ip access-lists
Extended IP access list 101
permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
deny ip any any
Here it is observed that ACL number is (101) being the
extended one, and interface command is changed to (in) to
filter only inbound traffic. If you want to deny traffic only
from (200.100.100.0) network, not from the whole router,
then you must run (in) command only on (B) routers fast Ethernet port.
1mreO W1 <<r11@wxm1<r
As mentioned before; a named access-list can be either standard or extended; depending on the condition a
standard named ACL or an extended one can be implemented.
Correlated to the diagrams before a standard ACL for (Admins) and an extended ACL (Sales) in named ACL
commands goes as following:
A(config)#ip access-list standard ADMINS
A(config-std-nacl)#permit host 200.100.50.2
A(config-std-nacl)#deny any
A(config-std-nacl)#exit
A(config)#int s0/0
A(config-if)#ip access-group ADMINS out
A(config-if)#exit
A#show access-lists
Standard IP access list ADMINS
permit host 200.100.50.2
deny any
B(config)#ip access-list extended SALES
B(config-ext-nacl)#permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
B(config-ext-nacl)#deny ip any any
B(config-ext-nacl)#exit
B(config)#int s0/1
B(config-if)#ip access-group SALES in
B(config-if)#exit
B#show access-lists
Extended IP access list SALES
permit ip host 200.100.50.3 200.100.100.0 0.0.0.255
deny ip any any
S0/1
CCNA ]ana (Anan)
- 28 -
30-01-10
1W114 1W114 1W114 1W114 (Network Address Translation)
Natting is used for translating one logical address to another logical address, now the question arises that what
is the need to translate an existing IP address as well as again to an IP address? The best answer it goes for can
be: that for a network the IP addressing is used from private address in each class of IP wherein (A: 10.0.0.0 to
10.255.255.255/ B: 172.16.0.0 to 172.31.255.255/ C: 192.168.0.0 to 192.168.255.255) but while
communicating with WAN, the network is unable to communicate through private IP addresses so for WAN
communication; a network needs some public IP addresses purchased. Now the problem is that for every host
on a network, it is too difficult to get a public IP due to its high prices, but by using a single public IP for a
complete network, natting provides facility to save money or in other words it can be defined as Translating
Public IP to Private and its reverse is called natting. There are three types of natting as:
1. Static natting: in static natting, one private IP is mapped to only one public IP statically, used while
mapping any gateway of a network to a single public IP purchased.
2. Dynamic natting: in this case a network of Public IP addresses is defined on router, needed while
multiple gateways are connected to a router and needs WAN communication, when each gateway
communicates to WAN from the group of Public IP present on router, one is dynamically mapped to that
gateway, which is not mapped to any other gateway, finally all gateways connected gets their public IP
to communicate WAN.
3. Overloading Port Address Translation (PAT): its need is felt when again one wants to save public IP
addresses for multiple gateways connected to a router, through overloading all gateways can be
mapped to one and single Public IP address instead of one for each.
<r11@wx1r@ m1< 1W
NAT statically by defining Public IP and Private IP; as in following example the port (Serial0/0) is connected to
WAN so its private IP (10.0.0.1) is mapped to a public IP (1.0.0.1) but it can be mapped with two conditions:
1. Data packets should own private IP coming inside the network and Public IP when sent to WAN:
A(config)#ip nat inside source static 10.0.0.1 1.0.0.1
A(config)#int s0/0
A(config-if)#ip nat outside
A(config-if)#exit
A(config)#int f0/0
A(config-if)#ip nat inside
A(config-if)#exit
In this condition packets use its private IP
(10.0.0.1) inside self network but while going on WAN, they use the public IP (1.0.0.1) as the result below
got by pinging border interface from both regions:
WAN-PC>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 1.0.0.1: bytes=32 time=110ms TTL=254
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 79ms, Maximum = 110ms, Average =
94ms
PC1>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 63ms, Average =
62ms
Comparing both results: it is observed that the reply to WAN region from border router is from (1.0.0.1),
means that packet sent on WAN possesses the Public IP but in reply to internal region shown in 2
nd
column,
packet uses the IP assigned to the interface that means packet is using its private IP inside network.
2. This time data packets work opposing the first condition; they use private IP addresses on WAN and
public IP inside, configured by changing some parameters as:
CCNA ]ana (Anan)
- 29 -
A(config)#ip nat inside source static 10.0.0.1 1.0.0.1
A(config)#int s0/0
A(config-if)#exit
A(config)#int f0/0
A(config-if)#exit
This time the results for WAN side and network side replace each
other due to packets IP holding decision change. (Private IP used
for WAN and Public IP inside network).

01-02-10
<r11@wx1r@ 1_rmr1< 1W
The important points to remember in dynamic NAT are:
1. Dynamic NAT is configured mostly at border router for LAN gateways, so the network assigned on
serial connectivity toward WAN (router to WAN) must be any Public IP address.
2. The pool of public IP addresses that we want to map LANs gateways to; is taken from the network on a
networks WAN connectivity.
Following such points lets check an example diagram below: interface serial 0/0 is connected to (1.0.0.0)
network, which is a public network. Public IP addresses for mapping lower networks gateways to; is a pool of
IP addresses from the public network assigned on serial interface toward WAN, (1.0.0.3-1.0.0.5):
A(config)#ip nat pool YAMA 1.0.0.3 1.0.0.5 netmask 255.255.255.248
A(config)#access-list 1 permit 192.168.0.0 0.0.3.255
A(config)#ip nat inside source list 1 pool YAMA
A(config)#int s0/0
A(config-if)#exit
A(config)#int f0/0
A(config-if)#exit
A(config)#int f0/1
A(config-if)#exit
A(config)#int f1/0
A(config-if)#exit
In dynamic NAT and overloading translation occurs after
a packet sent, not before that. After IP translation all IP
addresses are classified according to their different states
as:
1. Inside Global: The IP used by a packet moving on the WAN, mostly the public IP addresses mapped for
gateways, are called inside global IP address for a network.
2. Inside local: The IP used by packet inside a network is called inside local IP addresses, mostly those
private IP addresses used on LANs connected to its corporate router.
3. Outside local: Those IP addresses that are the IP on the WAN to communicate to.
4. Outside global: The destination IP address for outbound packets is called outside global IP addresses.
All theses states of IP address are checked by running the command (show IP NAT translations):
A#show ip nat translations
Pro Inside global Inside local Outside local Outside global
Icmp 1.0.0.3:4 192.168.1.2:4 192.168.4.2:4 192.168.4.2:4
Icmp 1.0.0.4:5 192.168.2.2:5 192.168.4.2:5 192.168.4.2:5
Icmp 1.0.0.5:6 192.168.3.2:6 192.168.4.2:6 192.168.4.2:6
Icmp 1.0.0.5:1 192.168.1.2:1 192.168.4.2:1 192.168.4.2:1
Icmp 1.0.0.3:1 192.168.2.2:1 192.168.4.2:1 192.168.4.2:1
CCNA ]ana (Anan)
- 30 -
To get information about the NAT pool, then run this command (show IP NAT statistics):
A#show ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: Serial0/0
Inside Interfaces: FastEthernet0/0 , FastEthernet0/1 , FastEthernet1/0
Hits: 0 Misses: 3
Expired translations: 6
Dynamic mappings:
Inside Source
access-list 1 pool YAMA refCount 0
pool YAMA: netmask 255.255.255.248
start 1.0.0.3 end 1.0.0.5
type generic, total addresses 3 , allocated 0 (0%), misses 0
On the fifth line of this result (Expired translations) value is seen; this is the time that the translations is expired
after a time interval, depending on the routing protocols update timer duration. This happens in dynamic and
overloading only but not in static NAT.
02-02-10
<r11@wx1r@ 4<exI<mO1r@
In Overloading IP addresses are saved but more important is money saved, by getting only one public IP
address from networks WAN connected network and map the entire networks LANs to that only IP address as
in this example:
A(config)#ip nat pool YAMA 1.0.0.1 1.0.0.1 netmask 255.255.255.252
A(config)#access-list 1 permit 192.168.0.0 0.0.3.255
A(config)#ip nat inside source list 1 pool YAMA overload
A(config)#int s0/0
A(config)#int f0/0
A(config)#int f0/1
A(config)#int f1/0
Now lets take a glance on NAT translations table: that shows, all Private IP addresses on LAN gateways are
translated to the only Public IP address that is chosen form the public network on which WAN connection is
running, and later in NAT statistics table that Overloading also follows a translation expiry, depending on the
routing protocols update timer same as checked in dynamic NAT statistics table:
A#show ip nat translations
Inside global Inside local Outside local Outside global
1.0.0.1:13 192.168.1.2:13 192.168.4.2:13 192.168.4.2:13
1.0.0.1:16 192.168.2.2:16 192.168.4.2:16 192.168.4.2:16
1.0.0.1:19 192.168.3.2:19 192.168.4.2:19 192.168.4.2:19
1.0.0.1:1024 192.168.3.2:1 192.168.4.2:1 192.168.4.2:1024
1.0.0.1:1026 192.168.3.2:3 192.168.4.2:3 192.168.4.2:1026
1.0.0.1:1027 192.168.3.2:4 192.168.4.2:4 192.168.4.2:1027

A#show ip nat statistics
Total translations: 0 (0 static, 0 dynamic, 0 extended)
Outside Interfaces: Serial0/0
Inside Interfaces: FastEthernet0/0 , FastEthernet0/1 ,
FastEthernet1/0
Hits: 0 Misses: 3
CCNA ]ana (Anan)
- 31 -
Expired translations: 6
Dynamic mappings:
Inside Source
access-list 1 pool YAMA refCount 0
pool YAMA: netmask 255.255.255.252
start 1.0.0.1 end 1.0.0.1
type generic, total addresses 1 , allocated 0 (0%), misses 0
CCNA ]ana (Anan)
- 32 -
03-02-10
1 11 11WW 11W 1WW 11W 1WW 11W 1WW 11W
The frame relay device can be a WAN switch or a router, the type of connectivity that doesnt use any routing
protocol, provides a multi-access network with no broadcasting. Using no protocol on frame-relay leads to high
bandwidth providence with high speed included. Its encapsulation type is called (frame-relay), used as a
leased
xxxv
line connectivity. Frame relay is cost factor means that it is economic as compared to (PPP). The
technology used by Frame relay is called (X.25). Frame relay has got two main configuration factors as DLCI
(Data Link Connection Identifier) and LMI (Local Management Interfaces) called interface negotiation, which
is must to be configured just after encapsulation on serial interface connected to any frame relay cloud. Incase
of using any serial cable connection to frame relay provider; never use DCE connector toward networks router
serial port but on frame relay cloud so when no DCE, no clock rate is used. Now lets check a simple example
of frame-relayed network:
A(config)#interface serial 0/0
A(config-if)#ip address 10.0.0.1 255.255.255.0
A(config-if)#encapsulation frame-relay
A(config-if)#frame-relay interface-dlci 101
A(config-if)#frame-relay lmi-type cisco
A(config-if)#no shutdown
A(config-if)#exit
B(config)#interface serial 0/0
B(config-if)#encapsulation frame-relay
B(config-if)#frame-relay interface-dlci 202
B(config-if)#frame-relay lmi-type cisco
B(config-if)#exit
The DLCI number is not same for both ends because this digit is translated to an IP address for path direction
using Inverse ARP on frame-relay device. The LMI-type is must to be defined, while using a Cisco router it is
defined as here but if any other router is used; get information about its compatibility and define it for frame-
relay as these types (Ansi, Cisco, and q933a). The network used remains the same for both routers in order to
provide connectivity but no clock rate because of DTE use on end routers.
Now lets check for some cloud configuration to provide connectivity:
1. Select the connected interface and edit for DLCI number same as opposite routers serial interface for
both end routers and a name with DLCI number and add them to list.
2. Select frame-relay and select the pair of interfaces to communicate and click Add.

xxxv
Using any main connectivity for connecting different network devices is called leased line as TVs main cable connection, but if
a direct connectivity between any two network devices exists that is called dedicated line.
CCNA ]ana (Anan)
- 33 -

CCNA ]ana (Anan)
- 34 -
04-02-10
1 11 1111W1 4W1411 111W1 4W1411 111W1 4W1411 111W1 4W1411
For Cisco Router/Switch devices, it is collaborate of 2 protions:
<1mmxe g<x1<r
1. << mxmg: this software is located in ROM, which is responsible for booting the device and
load IOS.
2. 14 (Power On Self Test): is also located in ROM responsible for checking the basic
functionality of devices and checks the basic interfaces performance.
3. 14W r<r1<x: located in ROM to monitor the ROM with test and troubleshoot it.
4. W1r1 14: this is a small operating system which is basically a boot loader, holding load
processes and initializes the interface checkup, also responsible to take startup configuration from flash
to NVRAM, and performs the maintenance operation.
Checking the devices configuration; it has got two types of configurations as following:
1. Startup configuration: all those default configuration that loads with IOS on device upping time.
2. Running configuration: all the changes made later after configuring the devices for network needs.
Always remember that running configuration can became startup configuration by writing them on memory
using these commands in privilege mode (copy running-config startup-config or wr). But
most important is that never be in hurry to write them, first make sure that all running-configurations works
acceptably perfect then decide to write them for startup.
1mxOmmxe g<x1<r
1. 1WW (Random Access Memory): this device holds all running-configurations, as in routers the
routing table and switches put their ARP cache (MAC table) in RAM. RAM also holds IOS but only
while it is expanded.
2. 14W (Read Only Memory): it contains Boot strap, POST, Mini IOS, ROM monitor for providing
device checking, making them up, and maintenance operation.
3. 1ImmW: this memory space differs for different devices; it contains IOS using EEPROM
(Electronically Erasable Programmable Read Only Memory) technology. Cisco devices use Intel flashes
for this memory. Point to be noted is that; there is no relation between IOS and running configurations.
4. 1N1WW (Nonvolatile RAM): this memory holds all startup configurations with the
configuration register. Configuration register is a devices all initial steps before Console mode interface
called startup sequence, which is changed while IOS update and checked by (show version)
command, in number at last line as (Configuration register is 0x2102).
<< me@wer<e: these components work in turn to up the device in the following sequence:
1. Boot strap
2. POST
3. Mini IOS
4. ROM monitor
5. NVRAM

CCNA ]ana (Anan)
- 35 -
06-02-10
N11 N11 N11 N11 N N N N11XW1 11XW1 11XW1 11XW1 1 11 111NW 11NW 11NW 11NW 1 11 1M41& M41& M41& M41&} }} }
VPN, which is used to provide communication for a remote user or client to its corporate network, can be
configured through both CLI (Command Line Interface) & SDM (Security Device manager). This connectivity
is provided using Internet utility by creating a tunnel on internet, that tunnels bandwidth is for the networks
requirement but virtually. The remote user/users are also called (co-location) related to network that can be
called (Disjointed network). A networks data can be private on Internet, and VPN follows its own protocols. In
short VPN is the use of public medium for private data transmission purpose.
N11 _gem
VPN has got four following types:
1. Remote access VPN: this connectivity is used when a corporate network doesnt need access to its
remote user so only remote user can access its corporate network (One way transmission).
2. Site-to-site VPN: this time a dual transmission occurs between corporate network and its client users.
3. Extranet
xxxvi
VPN: when a network depends on out of its network as GPS (Global Positioning System),
mostly used in business also called business to business (b2b) VPN.
VPN is configured in the following two ways:
1. The first way is to configure it by tunnel but this manner is not secured because of not having security
policies, and its configuration is only by creating a tunnel linked end to end using tunneling protocols.
2. Second ways is called IP Sec (Internet Protocol Security), it is a secure one due to providing
authentication and encryption services and mostly it functions in network layer (Layer three).
N11 gx<<<<Im
VPN uses the following four protocols:
1. L2F (Layer two forwarding protocol): this is a Cisco proprietary used for VPDN (Virtual Private Dial-
up network), but nowadays its usage has expired.
2. Point to Point tunneling protocol (PPTP): this is Microsoft proprietary used for remote access VPN.
3. L2TP (Layer two tunneling protocol): this is also a Cisco proprietary that contains the features from both
L2F and PPTP, replacing both of them.
4. GRE (Generic Routing Encapsulation) tunnel: its proprietary is owned by Cisco; it accommodates
further protocols inside and widely used, having the support for (Virtual point to point link) also proved
by IETF (Internet Engineering Task Force) and uses with non-Cisco devices too. The site-to-site VPN is
specifically called GRE tunnel.
While using a secure VPN then further following two protocols are used:
5. Authentication header (AH)
6. ESP (Encapsulating Security Payload): this protocol is mostly used with IP Sec.

xxxvi
Intranet: respected to internet our inside network is called intranet.
CCNA ]ana (Anan)
- 36 -
08-02-10
M MM M111 111 111 111 1W1 1W1 1W1 1W1 M M M M1 11 11 11 11 11 1} }} }
This terminology is used for local area networks, its switch
xxxvii
is configured same as a wired network switch
but with some mini differences, for example in wired network a switch is upped just at connecting the cable but
a wireless switch port is upped after some configurations. It is based on radio waves, (Bluetooth connectivity
uses a technology named FHSS (Frequency Hopping Sequence Spectrum). Wireless technology is used in
hotels, Offices, Cafes, and hospitals etc. Some specifications in wireless LAN:
W<Oem
In wireless network, its switches behave in different modes as following:
1. AP mode: this mode is configured to a wireless switch when the switch works for one LAN (up to 50
client) to provide communication.
2. Repeater mode: each access point has got a range circle of signals that maximum range is 54 meters, and
communication starts when two access points range circles overlap each other, but if any two access
points of same network (AP communicated with CPE) are much far from each other as their range
circles cant overlap then another switch is used between them in repeater mode to create another range
to overlap both ends and provide communication.
3. Bridge mode: while joining two access points that are running for different networks, then an access
point is used between them with bridge mode to join them if their standards are different as well.
mrOmxOm
All network communications run on a specific standard
xxxviii
defined by IEEE as followings for WiFi:
1. 802
xxxix
.11b: working at 2.4 GHz, bandwidth provided = 11mbps, (DSSS (Direct Sequence Spread
Spectrum)); this is the name of a technique used by this standard for spreading its signals.
2. 802.11g: working at 2.4 GHz, bandwidth provided = 54mpbs
3. 802.11b: working at 5 GHz, providing 54mbps of bandwidth, both (a, b) standards use OFDM
(Orthogonal Frequency Division Multiplexing) for their signal spreading.
<g<I<@1em
1. Infrastructure: in this topology an access point is defined in any of the following modes:
a. AP mode: as mentioned before, for working as a server for a LAN.
b. CPE: it is the client mode for an access point, used while expanding a network for more hosts,
then another access point is joined to AP but in client mode CPE.
c. WDS: this is used with access points possessing Bridge/Repeater modes, mostly in Cisco and
Motorola devices.
2. ADHOC: this is the name for the topology that is arranged while joining two access points of different
networks with the help of another access point between them with bridge mode, simply we can say it is
a same devices communication because both networks access points must be in AP mode.
3. WiMesh: same as Mesh topology in wired network.
4. Bus, Star etc topologies are also supported with WiFi.
<r11@wxm1<r
Some items to be configured for a wireless network to start:
1. IP address: IP must be assigned to networks access points and hosts.
2. Name: or user name is must for wireless network and its access points
3. SSID: this is an ID assigned for a wireless switch for identification or security purpose.
4. Channel: it is only necessary when a switch is used in bridge mode.
5. Mode: mode must be defined for a switch to provide better communication.
Configuration can take place via different paths as (Internet, Console, Telnet) mostly used manner is via
internet. IP assignment can take place via DHCP or statically to users on LAN.

xxxvii
In wireless technology a Switch is called an Access point.
xxxviii
The standard for Ethernet LAN switching is (802.2, 802.3, and 802.5).
xxxix
This digit is taken from its introduction date as (1980, Feb), so 80 is taken from year and 2 from month = 802.
CCNA ]ana (Anan)
- 37 -
Remember that bridge mode is always used between different network access point between two AP mode
access points while repeater mode is used only to provide signal range for two access points of same network
between an AP and CPE switch. (If access point is set in DHCP mode then after upping, it assigns IP for hosts).

CCNA ]ana (Anan)
- 38 -
09-02-10
1 11 14W1114 4W1114 4W1114 4W1114 14 14 14 14 41 W 14X1 41 W 14X1 41 W 14X1 41 W 14X1
For coping and reloading IOS from/to a router the first requirement is that a route must be connected to an NMS
server, maybe directly or behind a switch but if it is connected directly then the media used for it, is cross-over
cable. Second requirement is any software installed on the NMS server to fulfill this action as (Pumpkin, &
TFTP) for downloading and uploading IOS on a router. IOS can be downloaded from Internet for any type of
router but it is recommended that when first time a router is made up for a network its IOS should be copied and
saved on the NMS server so that afterward in case of any problem or IOS need it will be convenient for
organization.
1<m < <g_ 14
After assigning IP addresses for both router interface and NMS server use these commands to copy IOS from
routers flash to TFTP server (defined via its IP address):
A#copy flash: TFTP: Copies IOS from flash.
Source filename []? c2600-i-mz.122-28.bin File name is copied from versions.
Address or name of remote host []? 1.0.0.2 This is NMS servers IP.
Destination filename [c2600-i-mz.122-28.bin]? Just press ENTER.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Shows copying process
[OK - 5571584 bytes]
5571584 bytes copied in 3.484 secs (1599000 bytes/sec)
1<m < I<mO 14
Using these commands the saved IOS on a TFTP server is loaded back on a router:
A#copy TFTP: flash: Loads IOS from server.
Address or name of remote host []? 1.0.0.2 Again NMS servers IP is given.
Source filename []? c2600-i-mz.122-28.bin Same file name.
Destination filename [c2600-i-mz.122-28.bin]?
%Warning:There is a file already existing with this name
Do you want to over write? [confirm] Asking for overwrite, press ENTER.
Accessing tftp://1.0.0.2/c2600-i-mz.122-28.bin...
Erase flash: before copying? [confirm] It erases the existing IOS
i
in flash.
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased This is the sign of erasing.
Erase of flash: completeAccessing tftp://1.0.0.2/c2600-i-mz.122-28.bin...
Loading c2600-i-mz.122-28.bin from 1.0.0.2: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 5571584 bytes]
5571584 bytes copied in 3.377 secs (378032 bytes/sec)
1<e:
1. If a PC is to configure a device (Router/Switch) but has no RS232 port, then the solution is using a
Roll-over cable connecting devices console port to PCs LAN card to provide connectivity via
console.
2. To erase startup-configuration then at user privilege mode use the command (write erase)
THE END

i
If a router is not supported by any UPS etc for power facility, then dont erase IOS because incase of power failure during IOS
reloading the router will move to ROM mode.

Networking Fundamentals Document

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Networking Fundamentals Document

Încărcat de

Drepturi de autor:

Formate disponibile

11 1 1WW 41 W11W1

)ns|in tanes 3n|ernatits

S-ar putea să vă placă și