Networking

Practical
Omar Tamer
Chapter 0 :
Basic Info
Cabling
Cross over cabling is used to connect two
similar devices directly, such as two
computers, by swapping the transmit and
receive signals. Straight through cabling is
used to connect different devices, like a
computer to a switch or router, with the
transmit and receive signals in the same
order. Both types of cabling are essential
for creating functional networks and
ensuring proper communication between
devices.
Serial
Serial cabling is used to connect
networking devices like routers, switches,
and firewalls over long distances using
serial ports. It's commonly used in wide
area networks (WANs) to establish
connections between different locations.
Serial cabling allows for the transmission
of data over long distances and is often
used in scenarios where Ethernet or other
types of cabling are not feasible. It's a
reliable and cost-effective solution for
interconnecting networking equipment.
Console
Console cabling is used to establish a
direct connection to a device, such as a
router or switch, for configuration and
troubleshooting purposes. It allows
administrators to access the device's
command-line interface for initial setup,
password recovery, and troubleshooting
network issues. Console cabling is
essential for managing network devices
when they are not accessible through the
network due to configuration errors or
network connectivity problems. It
provides a direct and reliable way to
interact with networking equipment for
maintenance and troubleshooting.
Classless Vs Classful
Classful addressing divides IP addresses
into classes (A, B, C, etc.) with fixed network
and host portions, while classless
addressing allows for variable-length
subnet masking, enabling more efficient
use of IP addresses and better scalability.
Classful addressing can lead to inefficient
use of IP addresses and limitations in
network size, while classless addressing
provides more flexibility and allows for the
creation of subnets of different sizes within
a network. Classless addressing is the
modern standard for IP addressing and is
essential for the efficient allocation of IP
addresses in today's networks.
Network Addressing Classes
Network addressing classes are a method for
dividing the available IP address space into
different ranges for different network sizes.
There are five network addressing classes: A,
B, C, D, and E. Classes A, B, and C are used
for unicast addressing, which is used for one-
to-one communication. Class D is used
for multicast addressing, which is used for
one-to-many communication. Class E is
reserved for experimental use and is not
currently used for addressing devices on
networks.
Private IP
A private IP address is an address assigned to
a device on a local area network (LAN) that is
not accessible over the internet. Private IP
addresses are used to identify and
communicate with devices on a private
network, such as a home or office network.
Private IP addresses are not unique globally
and are assigned by the local network
administrator. Private IP addresses are
commonly used in conjunction with Network
Address Translation (NAT) to allow devices on
a private network to communicate with
devices on the internet using a single public
IP address.
OSI Model
The OSI (Open Systems Interconnection) model is
a conceptual framework that describes how
network protocols and communication should
work together. It consists of seven layers, each
with its own set of protocols and functions. The
layers are: Physical, Data Link, Network,
Transport, Session, Presentation, and
Application. The OSI model provides a standard
for network communication and allows devices
from different vendors to communicate with each
other.
OSI Model Protocols
The OSI (Open Systems Interconnection) model is
a conceptual framework that describes how
network protocols and communication should
work together. It consists of seven layers, each
with its own set of protocols and functions,
including the Physical, Data Link, Network,
Transport, Session, Presentation, and Application
layers. These layers provide a standard for
network communication and allow devices from
different vendors to communicate with each
other, while also providing reliable data
transfer, managing network routing, and
supporting user-level services and applications.
 TCP VS UDP
TCP (Transmission Control Protocol) UDP (User Datagram Protocol )
TCP (Transmission Control Protocol) is a network UDP (User Datagram Protocol) is a network
protocol that provides a connectionless,
protocol that manages the transfer of data between
unreliable, and low-overhead data delivery
devices on a network. TCP provides reliable, ordered, service. UDP does not guarantee the delivery of
and error-checked delivery of data, ensuring that data packets and does not establish a
packets are transmitted in the correct sequence and connection before transmitting data
that missing or corrupted packets are retransmitted.
TCP/IP
TCP/IP (Transmission
Control Protocol/Internet Protocol) is a set
of networking protocols used to establish and
maintain communication between devices on the
internet and other networks. TCP/IP defines how
data is transmitted over the internet, including
addressing, routing, and error detection. It
consists of two main protocols: TCP, which
manages data transmission, and IP, which
manages network addressing and routing. TCP/IP
is the foundation of the internet and is used by
virtually all internet applications and services.
Chapter 1 :
Switching &
Security
Telnet Config
Switch# configure terminal
Switch(config)# feature telnet
Switch(config)# username we secret we
Switch(config)# line vty 0 4
Switch(config-line)#password Cisco
Switch(config-line)#login local
Switch(config-line)#transport input telnet
SSH Config
Switch# configure terminal
Switch(config)# ip domain name we
Switch(config)# crypto key generate
1024
Switch(config)# enable secret admin
Switch(config)# service password-encryption
Switch(config)# username we priv 15 secret we
Switch(config)# line vty 0 4 On the command prompt of the PC, open a SSH session
Switch(config-line)#password Cisco to the remote router by typing the command:
Switch(config-line)#login local ssh -l we 1.0.0.1
Switch(config-line)#transport input ssh
Vlan Config
Switch#config terminal
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name IT
Vlan Config
Switch>enable
Switch#config terminal
Switch(config)#int fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int fa0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#int fa0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int fa0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Vlan Config
Switch(config)#int fa 0/5
Switch(config-if)#switchport mode trunk
………………………………………………………………………………..
Router>enable
Router#config terminal
Router(config)#int fa0/0
Router(config-if)#no shutdown
Router(config-if)#int fa0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip add 192.168.1.1 255.255.255.0
Router(config-subif)#
Router(config-subif)#int fa0/0.20
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip add 192.168.2.1 255.255.255.0
mode trunk
VTP Config
SW1(config)#vtp domain we
SW1(config)#vtp password cisco
SW1(config)#vlan 30
SW2(config)#vtp mode client
SW2(config)#vtp domain we
SW2(config)#vtp password cisco
SW3(config)#vtp mode client
SW3(config)#vtp domain we
SW3(config)#vtp password cisco
Etherchannel Config
Etherchannel Config PAgP
SW1(config)#interface GigabitEthernet 0/1
SW1(config-if)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable EtherChannel only
passive Enable LACP only if a LACP device is detected

SW1(config)#interface range GigabitEthernet 0/1 - 2

SW1(config-if)#channel-group 1 mode desirable
-----------------
SW2(config)#interface range GigabitEthernet 0/1 - 2
SW2(config-if)#channel-group 1 mode auto
Etherchannel Config LACP
SW1(config)#interface GigabitEthernet 0/1
SW1(config-if)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable EtherChannel only
passive Enable LACP only if a LACP device is detected

SW1(config)#interface range GigabitEthernet 0/1 - 2

SW1(config-if)#channel-group 1 mode active
-----------------
SW2(config)#interface range GigabitEthernet 0/1 - 2
SW2(config-if)#channel-group 1 mode passive
Etherchannel Config Manual
SW1(config)#interface GigabitEthernet 0/1
SW1(config-if)#channel-group 1 mode ?
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable EtherChannel only
passive Enable LACP only if a LACP device is detected

SW1(config)#interface range GigabitEthernet 0/1 - 2

SW1(config-if)#channel-group 1 mode on
-----------------
SW2(config)#interface range GigabitEthernet 0/1 - 2
SW2(config-if)#channel-group 1 mode on
STP Config
STP Config
S2(config)# interface FastEthernet 0/11
S2(config-if)# spanning-tree portfast
S3(config)# spanning-tree vlan 20 root primary
S3(config)# spanning-tree vlan 10 root secondary
S1(config)# spanning-tree vlan 10 root primary
S1(config)# spanning-tree vlan 20 root secondary
S3(config)# spanning-tree vlan 20 priority 4096
S1(config)# spanning-tree vlan 10 priority 4096
S2(config-if)# spanning-tree bpduguard enable
S2(config-if)# end
STP Config Rapid
S1# configure terminal
S1(config)# spanning-tree mode rapid-pvst
S1(config)# spanning-tree vlan 1 priority 24576
S1(config)# spanning-tree vlan 10 priority 4096
S1(config)# spanning-tree vlan 20 priority 28672
S1(config)# interface f0/2
S1(config-if)# spanning-tree link-type point-to-point
S1(config-if)# end
S1# clear spanning-tree detected-protocols
ROAS Config
SW1(config)#int fa0/3
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 3
SW1(config-if)#int fa0/4
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#int fa0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 5
SW1(config-if)#int fa0/1
SW1(config-if)#switchport mode trunk
ROAS Config
R1(config)#int Gi0/0
R1(config-if)#no shutdown
R1(config-if)#int Gi0/0.1
R1(config-subif)#encapsulation dot1q 3
R1(config-subif)#ip address 10.0.3.1 255.255.255.0
R1(config-subif)#int Gi0/0.2
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip address 10.0.10.1 255.255.255.0
R1(config-subif)#int Gi0/0.3
R1(config-subif)#encapsulation dot1q 5
R1(config-subif)#ip address 10.0.5.1 255.255.255.0
Port Security Config
SW1(config)#interface fastEthernet0/1
SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security mac-address sticky
S2(config-if)# switchport port-security violation
{shutdown | restrict | protect}

"shutdown" mode: will put the interface into an error-disabled state if

a violation occurs.
"restrict" mode: will drop packets from the violating MAC address but
will not put the interface into an error-disabled state.
"protect" mode: will drop packets from the violating MAC address
without sending any notification and without putting the interface into
an error-disabled state.
DHCP Snooping config
SW(config)#ip dhcp snooping
SW(config)#interface range FastEthernet 0/1 - FastEthernet
0/2
SW(config-if-range)#ip dhcp snooping trust
SW(config-if-range)#no shutdown
SW(config-if-range)#exit
SW(config)#ip dhcp snooping vlan 1
Switch#show ip dhcp snooping
Switch#show ip dhcp snooping binding
ARP inspection Config
Switch#conf t
Switch(config)#ip arp inspection vlan 100
Switch(config)#interface FastEthernet 0/4
Switch(config-if)#ip dhcp snooping trust
Switch#show ip arp inspection
Chapter 2 :
Routing &
Security
Static Routing
#Router 0
Router>enable
Router#configure terminal
Router(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2 10
Router(config)#ip route 30.0.0.0 255.0.0.0 40.0.0.2 20
Router(config)#ip route 30.0.0.100 255.255.255.255
40.0.0.2 10
Router(config)#ip route 30.0.0.100 255.255.255.255
20.0.0.2 20
Router(config)#ip route 50.0.0.0 255.0.0.0 40.0.0.2 10
Router(config)#ip route 50.0.0.0 255.0.0.0 20.0.0.2 20
Router(config)#exit
Static Routing
#Router 1
Router>enable
Router#configure terminal
Router(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1 10
Router(config)#ip route 10.0.0.0 255.0.0.0 50.0.0.1 20
Router(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.1 10
Router(config)#ip route 40.0.0.0 255.0.0.0 50.0.0.1 20
Router(config)#exit
Static Routing
#Router 2
Router>enable
Router#configure terminal
Router(config)#ip route 10.0.0.0 255.0.0.0 40.0.0.1
Router(config)#ip route 30.0.0.0 255.0.0.0 50.0.0.2
Router(config)#exit
Router#show ip route static
S 10.0.0.0/8 [1/0] via 40.0.0.1
S 30.0.0.0/8 [1/0] via 50.0.0.2
Default Routing
Remote site 1 (RS1)

Router(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0

Remote site 2 (RS2)

Router(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0

Remote site 3 (RS3)

Router(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1

Remote site 4 (RS4)

Router(config)#ip route 0.0.0.0 0.0.0.0 40.0.0.1

Default Routing
CO ( Central Office )
Router(config)#ip route 60.0.0.0 255.0.0.0 10.0.0.2
Router(config)#ip route 70.0.0.0 255.0.0.0 20.0.0.2
Router(config)#ip route 80.0.0.0 255.0.0.0 30.0.0.2
Router(config)#ip route 90.0.0.0 255.0.0.0 40.0.0.2
OSPF Config
R1(config-router)#router ospf 1
R1(config-router)#network 10.0.1.0 0.0.0.255 area 0
R1(config-router)#network 172.16.0.0 0.0.255.255 area 0

R2(config-router)#router ospf 1
R2(config-router)#network 192.168.0.0 0.0.0.255 area 0
R2(config-router)#network 172.16.0.0 0.0.255.255 area 0

R1#show ip ospf neighbor

Neighbor ID Pri State Date Time Address Interface
192.168.0.2 1 FULL/BDR 00:00:32 172.16.0.2
FastEthernet0/1
OSPF Config
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.1.0 is directly connected, FastEthernet0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/1
O 192.168.0.0/24 [110/2] via 172.16.0.2, 00:03:44,
FastEthernet0/1
Multi area OSPF Config
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R2(config)#router ospf 1
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config)#router ospf 1
R1(config-router)#network 192.168.13.0 0.0.0.255 area 1
R3(config)#router ospf 1
R3(config-router)#network 192.168.13.0 0.0.0.255 area 1
R3(config-router)#network 3.3.3.3 0.0.0.0 area 1
R2(config)#router ospf 1
R2(config-router)#network 192.168.24.0 0.0.0.255 area 2
R4(config)#router ospf 1
R4(config-router)#network 192.168.24.0 0.0.0.255 area 2
R4(config-router)#network 4.4.4.4 0.0.0.0 area 2
Multi area OSPF Config
R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.24.2 1 FULL/DR 00:00:36 192.168.12.2 GigabitEthernet0/1
3.3.3.3 1 FULL/BDR 00:00:34 192.168.13.3 GigabitEthernet0/2

R2#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.13.1 1 FULL/BDR 00:00:34 192.168.13.1 GigabitEthernet0/1
4.4.4.4 1 FULL/BDR 00:00:30 192.168.24.4 GigabitEthernet0/2
EIGRP Config
#Router 0
Router(config)#router eigrp 20
Router(config-router)#network 10.0.0.0 0.0.0.255
Router(config-router)#network 192.168.1.244 0.0.0.3
Router(config-router)#network 192.168.1.0 0.0.0.3

When you use the "no auto-summary" command in

EIGRP (Enhanced Interior Gateway Routing Protocol),
it disables automatic summarization of subnet routes
at network boundaries. This means that EIGRP will
advertise the subnet routes as they are, without
summarizing them into a single route. This can be
useful in scenarios where you want to maintain the
granularity of subnet information across the network.
EIGRP Config
#Router 1
Router(config)#router eigrp 20
Router(config-router)#network 192.168.1.244 0.0.0.3
Router(config-router)#network 192.168.1.248 0.0.0.3
Router(config-router)#

#Router 2
Router(config)#router eigrp 20
Router(config-router)#network 192.168.1.248 0.0.0.3
Router(config-router)#network 192.168.1.252 0.0.0.3
Router(config-router)#
EIGRP Config
#Router 3
Router(config)#router eigrp 20
Router(config-router)#network 192.168.1.8 0.0.0.3
Router(config-router)#network 192.168.1.4 0.0.0.3
Router(config-router)#

#Router 4
Router(config)#router eigrp 20
Router(config-router)#network 192.168.1.4 0.0.0.3
Router(config-router)#network 192.168.1.0 0.0.0.3
Router(config-router)#
EIGRP Config
#Router 5
Router(config)#router eigrp 20
Router(config-router)#network 20.0.0.0
0.255.255.255
Router(config-router)#network 192.168.1.252 0.0.0.3
Router(config-router)#network 192.168.1.8 0.0.0.3
Router(config-router)#
BGP Config
#Router 1
Router1(config)#router bgp 1
Router1(config-router)#neighbor 192.168.10.2
remote-as 2
Router1(config-router)#neighbor 192.168.10.2
password cisco

#Router 2
Router2(config)#router bgp 2
Router2(config-router)#neighbor 192.168.10.1
remote-as 1
Router2(config-router)#neighbor 192.168.10.1
password cisco
HSRP Config
#R1 Configuration:

R1(config)#interface GigabitEthernet 0/0/0

R1(config-if)#ip address 192.168.1.2 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#standby 1 ip 192.168.1.1

#R2 Configuration:

R2(config)#interface GigabitEthernet 0/0/1

R2(config-if)#ip address 191.168.1.3 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#standby 1 ip 192.168.1.1
Standard ACL Config
R1(config)#access-list 1 permit 10.0.0.0 0.0.0.255
R1(config)#access-list 1 permit host 10.0.0.1
R1(config)#access-list 1 deny 11.0.0.0 0.0.0.255
R1(config-if)#ip access-group 1 out
Extended ACL Config
R1(config)#access-list 100 permit ip 10.0.0.1 0.0.0.0
192.168.0.1 0.0.0.0
R1(config)#access-list 100 deny ip 10.0.0.2 0.0.0.0
192.168.0.1 0.0.0.0
R1(config)#int f0/0
R1(config-if)#ip access-group 100 in
Extended ACL Config
R1(config)#access-list 100 permit tcp 10.0.0.2 0.0.0.0
192.168.0.1 0.0.0.0 eq 80
R1(config)#int f0/0
R1(config-if)#ip access-group 100 in
Named ACL Config
R1(config)#ip access-list extended
allow_traffic_fileshare
R1(config-ext-nacl)#20 deny ip 10.0.0.2 0.0.0.0
192.168.0.1 0.0.0.0
R1(config-ext-nacl)#50 permit ip 10.0.0.2 0.0.0.0
192.168.0.2 0.0.0.0
R1(config)#int Gi0/0
R1(config-if)#ip access-group allow_traffic_fileshare in

R1#show ip access-lists
Extended IP access list allow_traffic_fileshare
20 deny ip host 10.0.0.2 host 192.168.0.1
50 permit ip host 10.0.0.2 host 192.168.0.2
Static NAT Config
R1(config)#ip nat inside source static 10.0.0.2
59.50.50.1
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nat inside
R1(config-if)#interface fastEthernet 0/1
R1(config-if)#ip nat outside

R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global
icmp 59.50.50.1:9 10.0.0.2:9 59.50.50.2:9 59.50.50.2:9
--- 59.50.50.1 10.0.0.2 --- ---
Dynamic NAT Config
R1(config)#int f0/0
R1(config-if)#ip nat inside
R1(config-if)#int f0/1
R1(config-if)#ip nat outside
R1(config)#access-list 1 permit 10.0.0.0 0.0.0.255
R1(config)#ip nat pool we 155.4.12.1 155.4.12.3
netmask 255.255.255.0
R1(config)#ip nat inside source list 1 pool we

R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global
icmp 155.4.12.1:16 10.0.0.100:16 155.4.12.5:16 155.4.12.5:16
PAT Config
R1(config)#int Gi0/0
R1(config-if)#ip nat inside
R1(config-if)#int Gi0/1
R1(config-if)#ip nat outside
R1(config-if)#access-list 1 permit 10.0.0.0 0.0.0.255
R1(config)#ip nat inside source list 1 interface Gi0/1 overload

R1#show ip nat translations

Pro Inside global Inside local Outside local Outside global
tcp 155.4.12.1:1024 10.0.0.100:1025 155.4.12.5:80 155.4.12.5:80
tcp 155.4.12.1:1025 10.0.0.101:1025 155.4.12.5:80 155.4.12.5:80
tcp 155.4.12.1:1026 10.0.0.102:1025 155.4.12.5:80 155.4.12.5:80
VPN IPSEC Config
R1(config)# crypto isakmp policy 1
R1(config-isakmp)# encr 3des
R1(config-isakmp)# hash md5
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# lifetime 86400
R1(config)# crypto isakmp key firewallcx address 1.1.1.2
R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255
20.20.20.0 0.0.0.255
VPN IPSEC Config
R1(config)# crypto ipsec transform-set TS esp-3des esp-
md5-hmac
R1(config)# crypto map CMAP 10 ipsec-isakmp
R1(config-crypto-map)# set peer 1.1.1.2
R1(config-crypto-map)# set transform-set TS
R1(config-crypto-map)# match address VPN-TRAFFIC
R1(config)# interface FastEthernet0/1
R1(config- if)# crypto map CMAP
VPN IPSEC Config
R2(config)# crypto isakmp policy 1
R2(config-isakmp)# encr 3des
R2(config-isakmp)# hash md5
R2(config-isakmp)# authentication pre-share
R2(config-isakmp)# group 2
R2(config-isakmp)# lifetime 86400

R2(config)# crypto isakmp key firewallcx address 1.1.1.1

R2(config)# ip access-list extended VPN-TRAFFIC
R2(config-ext-nacl)# permit ip 20.20.20.0 0.0.0.255
10.10.10.0 0.0.0.255
VPN IPSEC Config
R1# show crypto session
Crypto session current status
Interface: FastEthernet0/1
Session status: UP-ACTIVE
Peer: 1.1.1.2 port 500
IKE SA: local 1.1.1.1/500 remote 1.1.1.2/500 Active
IPSEC FLOW: permit ip 10.10.10.0/255.255.255.0
20.20.20.0/255.255.255.0
Active SAs: 2, origin: crypto map
Chapter 3 :
AP & Wireless
Connection
Lightweight AP Config
L3SW(config)#vlan 21
L3SW(config-vlan)#name Corporate
L3SW(config)#vlan 22
L3SW(config-vlan)#name Guess
L3SW(config)#vlan 10
L3SW(config-vlan)#name WLC-Management
L3SW(config)#vlan 11
L3SW(config-vlan)#name AP-Management
Lightweight AP Config
L3SW(config)#interface FastEthernet 0/5
L3SW(config-if)#switchport trunk encap dot1q
L3SW(config-if)#switchport mode trunk
L3SW(config-if)#switchport mode trunk allowed vlan
10,11,21,22
L3SW(config)#interface FastEthernet 0/2
L3SW(config-if)#switchport mode access
L3SW(config-if)#switchport access vlan 11
Lightweight AP Config
SW2(config)#interface FastEthernet 0/1
SW2(config-if)#switchport trunk encap dot1q
SW2(config-if)#switchport mode trunk
SW2(config)#interface FastEthernet 0/2
SW2(config-if)#switchport trunk access
SW2(config-if)#switchport access vlan 10
SW2(config)#interface FastEthernet 0/3
SW2(config-if)#switchport trunk access
SW2(config-if)#switchport access vlan 11
Chapter 4 :
Servers
Services
Syslog Config
router(config)# logging <server-IP-address>
NTP Config
router# clock set 11:47:00 July 10 2013
router(config)# service timestamps log datetime msec
router(config)# ntp server <server-IP-address>
TFTP Config
R1#copy running-config tftp:
Address or name of remote host []? 192.168.0.10
Destination filename [R1-confg]?

Writing running-config...!!
[OK - 561 bytes]

561 bytes copied in 0.001 secs (561000 bytes/sec)

R1#copy tftp: running-config

Address or name of remote host []? 192.168.0.10
Source filename []? R1-confg
Destination filename [running-config]?

Accessing tftp://192.168.0.10/R1-confg...
Loading R1-confg from 192.168.0.10: !
[OK - 561 bytes]

561 bytes copied in 0 secs

CDP Config
Router(config-if)#cdp enable #Enable CDP on specific interface
Router(config)#cdp run #Enable CDP globally
Router#show cdp #Display globally configured CDP information including timer
Router# show cdp neighbors #Display brief information about directly connected devices
Router#show cdp neighbors details #Display detailed information about directly connected devices
AAA Config ( Radius )
R1(config)#radius-server host 192.168.1.10
R1(config)#aaa new-model
R1(config)#radius server RADIUS_SERVER1
R1(config-radius-server)#address ipv4 192.168.1.10
R1(config-radius-server)#key STUDY_CCNA1
R1(config)#radius server RADIUS_SERVER2
R1(config-radius-server)#address ipv4 192.168.1.11
R1(config-radius-server)#key STUDY_CCNA2
R1(config-radius-server)#aaa group server radius
STUDY_CCNA
R1(config-sg-radius)#server name RADIUS_SERVER1
R1(config-sg-radius)#server name RADIUS_SERVER2
R1(config-sg-tacacs+)#aaa authentication login default
group STUDY_CCNA local
R1(config)#username AdminBackup secret STUDYCCNA
AAA Config (TACACS )
R1(config)#tacacs-server host 192.168.1.10
R1(config)#username AdminBackup secret STUDYCCNA
R1(config)#tacacs server TACACS_SERVER1
R1(config-server-tacacs)#address ipv4 192.168.1.10
R1(config-server-tacacs)#key STUDY_CCNA1
R1(config)#radius server TACACS_SERVER2
R1(config-server-tacacs)#address ipv4 192.168.1.11
R1(config-server-tacacs)#key STUDY_CCNA2
R1(config-tacacs-server)#aaa group server tacacs+
STUDY_CCNA
R1(config-sg-tacacs+)#server name RADIUS_SERVER1
R1(config-sg-tacacs+)#server name RADIUS_SERVER2
R1(config-sg-tacacs+)#aaa authentication login default
group STUDY_CCNA local
Chapter 5 :
System Admin
Windows Server
Windows Server is a group of operating systems
designed by Microsoft that are specifically
designed for server use. It provides various
server-oriented services such as user
authentication, file and print services, web
services, and network access control. Windows
Server offers features like Active Directory,
which is used for managing user accounts and
resources within a network. It also supports
virtualization, allowing multiple virtual
instances of Windows Server to run on a single
physical server. Windows Server comes in
different editions, each tailored to different
sizes and types of organizations, offering
scalability and flexibility.
AD DC Enable
AD DC Enable
AD DC Enable
AD DC Enable
AD DC Enable
AD DC Enable
AD DC Enable
AD DC Enable
 ADD USER & GROUP

1. Expand Local Users and Groups

2. Expand Groups.

3. Double-click on the group to which you want to add

users.
Select Add.

4. Enter the name of the user you wish to add to the

group, then select Check Names.

5. You can separate names with a semicolon if you

want to add more than one user.

6. Press OK when complete, then OK again to finish.

ADD GROUP POLICY
ADD GROUP POLICY
ADD GROUP POLICY
ADD GROUP POLICY
ADD GROUP POLICY
ADD GROUP POLICY
Linux
Linux is a free and open-source
operating system based on the Unix-like
kernel. It is widely used in servers,
supercomputers, mobile devices, and
embedded systems. Linux is known for
its stability, security, and flexibility, as
well as its large community of
developers and users who contribute to
its development. It supports a wide
range of software and hardware, making
it a popular choice for businesses,
organizations, and individuals in various
industries.
Linux Kernal
The Linux kernel is the core component
of the Linux operating system. It is
responsible for managing system
resources, such as memory, CPU, and
input/output operations. The kernel
provides interfaces for applications to
interact with hardware and other
software components. It is open-source
software and is constantly updated and
improved by a large community of
developers. The Linux kernel is highly
modular and can be customized to suit
various needs and environments.
Linux Distro
A Linux distribution, or distro, is a
complete operating system built around
the Linux kernel and bundled with
various software packages and tools. It
includes a graphical user interface, file
manager, text editor, and other
applications. Linux distributions are
available in different flavors, each with
its own set of software and
configurations. Examples include
Ubuntu, Debian, Fedora, and CentOS.
Linux distributions are open-source
software and are freely available for
download and use.
Linux Architecture
Linux architecture is based on
a monolithic kernel design, which means
that the kernel contains all the
necessary operating system
functionality. It follows a layered
architecture, with the kernel at the
lowest level, followed by system
libraries, system utilities, and user
applications. The Linux filesystem is
hierarchical, with the root directory at
the top and other directories organized
under it. Linux supports a wide range of
hardware architectures, including
x86, ARM, and PowerPC.
Linux File System
The Linux file system is hierarchical, with
the root directory at the top and other
directories organized under it. Each directory
can contain files, subdirectories, or symbolic
links. Linux supports various file systems,
including the popular ext4, as well as other
file systems like NTFS and FAT32. The file
system can be accessed using the command-
line interface or graphical file managers, and
can be mounted and unmounted as needed.
Linux File System Permissions
Linux file system permissions specify
who can access and modify files and
directories. Each file or directory has
three sets of permissions: read, write,
and execute, for the owner, group, and
others. These permissions can be set
using the chmod command, and can be
viewed using the ls command with the -l
option. File system permissions help to
ensure the security and integrity of the
system, and are an important aspect of
Linux system administration.
Let’s get into
Ubuntu World
Let’s get into
Kali Linux World
NMAP
Nmap (Network Mapper) is a free and open-
source network exploration and security
auditing tool. It is used to discover hosts and
services on a computer network, as well as to
create a map of the network. Nmap can be
used to identify hosts and services, detect
operating systems, and determine the
vulnerabilities of target systems. It is a
widely used tool in the field of cybersecurity.
Let’s get into
Mikrotik World