Contents

Introduction

Part I IP Access Control Lists

Chapter 1 Introduction to TCP/IP Transport and Applications

“Do I Know This Already?” Quiz

Foundation Topics

TCP/IP Layer 4 Protocols: TCP and UDP

Transmission Control Protocol

Multiplexing Using TCP Port Numbers

Popular TCP/IP Applications

Connection Establishment and Termination

Error Recovery and Reliability

Flow Control Using Windowing

User Datagram Protocol

TCP/IP Applications

Uniform Resource Identifiers

Finding the Web Server Using DNS

Transferring Files with HTTP

How the Receiving Host Identifies the Correct Receiving Application

Chapter Review

Chapter 2 Basic IPv4 Access Control Lists

“Do I Know This Already?” Quiz

Foundation Topics

IPv4 Access Control List Basics

ACL Location and Direction

Matching Packets

Taking Action When a Match Occurs

Types of IP ACLs

Standard Numbered IPv4 ACLs

List Logic with IP ACLs

Matching Logic and Command Syntax

Matching the Exact IP Address

Matching a Subset of the Address with Wildcards

Binary Wildcard Masks

Finding the Right Wildcard Mask to Match a Subnet

Matching Any/All Addresses

Implementing Standard IP ACLs

Standard Numbered ACL Example 1

Standard Numbered ACL Example 2

Troubleshooting and Verification Tips

Practice Applying Standard IP ACLs

Practice Building access-list Commands

Reverse Engineering from ACL to Address Range

Chapter Review

Chapter 3 Advanced IPv4 Access Control Lists

“Do I Know This Already?” Quiz

Foundation Topics

Extended Numbered IP Access Control Lists

Matching the Protocol, Source IP, and Destination IP

Matching TCP and UDP Port Numbers

Extended IP ACL Configuration

Extended IP Access Lists: Example 1

Extended IP Access Lists: Example 2

Practice Building access-list Commands

Named ACLs and ACL Editing

Named IP Access Lists

Editing ACLs Using Sequence Numbers

Numbered ACL Configuration Versus Named ACL Configuration

ACL Implementation Considerations

Additional Reading on ACLs

Chapter Review

Part I Review

Part II Security Services

Chapter 4 Security Architectures

“Do I Know This Already?” Quiz

Foundation Topics

Security Terminology

Common Security Threats

Attacks That Spoof Addresses

Denial-of-Service Attacks

Reflection and Amplification Attacks

Man-in-the-Middle Attacks

Address Spoofing Attack Summary

Reconnaissance Attacks

Buffer Overflow Attacks

Malware

Human Vulnerabilities

Password Vulnerabilities

Password Alternatives

Controlling and Monitoring User Access

Developing a Security Program to Educate Users

Chapter Review

Chapter 5 Securing Network Devices

“Do I Know This Already?” Quiz

Foundation Topics

Securing IOS Passwords

Encrypting Older IOS Passwords with service password-encryption

Encoding the Enable Passwords with Hashes

Interactions Between Enable Password and Enable Secret

Making the Enable Secret Truly Secret with a Hash

Improved Hashes for Cisco’s Enable Secret

Encoding the Passwords for Local Usernames

Controlling Password Attacks with ACLs

Firewalls and Intrusion Prevention Systems

Traditional Firewalls

Security Zones

Intrusion Prevention Systems (IPS)

Cisco Next-Generation Firewalls

Cisco Next-Generation IPS

Chapter Review

Chapter 6 Implementing Switch Port Security

“Do I Know This Already?” Quiz

Foundation Topics

Port Security Concepts and Configuration

Configuring Port Security

Verifying Port Security

Port Security MAC Addresses

Port Security Violation Modes

Port Security Shutdown Mode

Port Security Protect and Restrict Modes

Chapter Review

Chapter 7 Implementing DHCP

“Do I Know This Already?” Quiz

Foundation Topics

Dynamic Host Configuration Protocol

DHCP Concepts

Supporting DHCP for Remote Subnets with DHCP Relay

Information Stored at the DHCP Server

Configuring DHCP Features on Routers and Switches

Configuring DHCP Relay

Configuring a Switch as DHCP Client

Configuring a Router as DHCP Client

Identifying Host IPv4 Settings

Host Settings for IPv4

Host IP Settings on Windows

Host IP Settings on macOS

Host IP Settings on Linux

Chapter Review

Chapter 8 DHCP Snooping and ARP Inspection

“Do I Know This Already?” Quiz

Foundation Topics

DHCP Snooping

DHCP Snooping Concepts

A Sample Attack: A Spurious DHCP Server

DHCP Snooping Logic

Filtering DISCOVER Messages Based on MAC Address

Filtering Messages that Release IP Addresses

DHCP Snooping Configuration

Configuring DHCP Snooping on a Layer 2 Switch

Limiting DHCP Message Rates

DHCP Snooping Configuration Summary

Dynamic ARP Inspection

DAI Concepts

Review of Normal IP ARP

Gratuitous ARP as an Attack Vector

Dynamic ARP Inspection Logic

Dynamic ARP Inspection Configuration

Configuring ARP Inspection on a Layer 2 Switch

Limiting DAI Message Rates

Configuring Optional DAI Message Checks

IP ARP Inspection Configuration Summary

Chapter Review

Part II Review

Part III IP Services

Chapter 9 Device Management Protocols

“Do I Know This Already?” Quiz

Foundation Topics

System Message Logging (Syslog)

Sending Messages in Real Time to Current Users

Storing Log Messages for Later Review

Log Message Format

Log Message Severity Levels

Configuring and Verifying System Logging

The debug Command and Log Messages

Network Time Protocol (NTP)

Setting the Time and Timezone

Basic NTP Configuration

NTP Reference Clock and Stratum

Redundant NTP Configuration

NTP Using a Loopback Interface for Better Availability

Analyzing Topology Using CDP and LLDP

Examining Information Learned by CDP

Configuring and Verifying CDP

Examining Information Learned by LLDP

Configuring and Verifying LLDP

Chapter Review

Chapter 10 Network Address Translation

“Do I Know This Already?” Quiz

Foundation Topics

Perspectives on IPv4 Address Scalability

CIDR

Private Addressing

Network Address Translation Concepts

Static NAT

Dynamic NAT

Overloading NAT with Port Address Translation

NAT Configuration and Troubleshooting

Static NAT Configuration

Dynamic NAT Configuration

Dynamic NAT Verification

NAT Overload (PAT) Configuration

NAT Troubleshooting

Chapter Review

Chapter 11 Quality of Service (QoS)

“Do I Know This Already?” Quiz

Foundation Topics

Introduction to QoS

QoS: Managing Bandwidth, Delay, Jitter, and Loss

Types of Traffic

Data Applications

Voice and Video Applications

QoS as Mentioned in This Book

QoS on Switches and Routers

Classification and Marking

Classification Basics

Matching (Classification) Basics

Classification on Routers with ACLs and NBAR

Marking IP DSCP and Ethernet CoS

Marking the IP Header

Marking the Ethernet 802.1Q Header

Other Marking Fields

Defining Trust Boundaries

DiffServ Suggested Marking Values

Expedited Forwarding (EF)

Assured Forwarding (AF)

Class Selector (CS)

Guidelines for DSCP Marking Values

Queuing

Round-Robin Scheduling (Prioritization)

Low Latency Queuing

A Prioritization Strategy for Data, Voice, and Video

Shaping and Policing

Policing

Where to Use Policing

Shaping

Setting a Good Shaping Time Interval for Voice and Video

Congestion Avoidance

TCP Windowing Basics

Congestion Avoidance Tools

Chapter Review

Chapter 12 Miscellaneous IP Services

“Do I Know This Already?” Quiz

Foundation Topics

First Hop Redundancy Protocol

The Need for Redundancy in Networks

The Need for a First Hop Redundancy Protocol

The Three Solutions for First-Hop Redundancy

HSRP Concepts

HSRP Failover

HSRP Load Balancing

Simple Network Management Protocol

SNMP Variable Reading and Writing: SNMP Get and Set

SNMP Notifications: Traps and Informs

The Management Information Base

Securing SNMP

FTP and TFTP

Managing Cisco IOS Images with FTP/TFTP

The IOS File System

Upgrading IOS Images

Copying a New IOS Image to a Local IOS File System Using TFTP

Verifying IOS Code Integrity with MD5

Copying Images with FTP

The FTP and TFTP Protocols

FTP Protocol Basics

FTP Active and Passive Modes

FTP over TLS (FTP Secure)

TFTP Protocol Basics

Chapter Review

Part III Review

Part IV Network Architecture

Chapter 13 LAN Architecture

“Do I Know This Already?” Quiz

Foundation Topics

Analyzing Campus LAN Topologies

Two-Tier Campus Design (Collapsed Core)

The Two-Tier Campus Design

Topology Terminology Seen Within a Two-Tier Design

Three-Tier Campus Design (Core)

Topology Design Terminology

Small Office/Home Office

Power over Ethernet (PoE)

PoE Basics

PoE Operation

PoE and LAN Design

Chapter Review

Chapter 14 WAN Architecture

“Do I Know This Already?” Quiz

Foundation Topics

Metro Ethernet

Metro Ethernet Physical Design and Topology

Ethernet WAN Services and Topologies

Ethernet Line Service (Point-to-Point)

Ethernet LAN Service (Full Mesh)

Ethernet Tree Service (Hub and Spoke)

Layer 3 Design Using Metro Ethernet

Layer 3 Design with E-Line Service

Layer 3 Design with E-LAN Service

Multiprotocol Label Switching (MPLS)

MPLS VPN Physical Design and Topology

MPLS and Quality of Service

Layer 3 with MPLS VPN

Internet VPNs

Internet Access

Digital Subscriber Line

Cable Internet

Wireless WAN (3G, 4G, LTE, 5G)

Fiber (Ethernet) Internet Access

Internet VPN Fundamentals

Site-to-Site VPNs with IPsec

Remote Access VPNs with TLS

VPN Comparisons

Chapter Review

Chapter 15 Cloud Architecture

“Do I Know This Already?” Quiz

Foundation Topics

Server Virtualization

Cisco Server Hardware

Server Virtualization Basics

Networking with Virtual Switches on a Virtualized Host

The Physical Data Center Network

Workflow with a Virtualized Data Center

Cloud Computing Services

Private Cloud (On-Premise)

Public Cloud

Cloud and the “As a Service” Model

Infrastructure as a Service

Software as a Service

(Development) Platform as a Service

WAN Traffic Paths to Reach Cloud Services

Enterprise WAN Connections to Public Cloud

Accessing Public Cloud Services Using the Internet

Pros and Cons with Connecting to Public Cloud with Internet

Private WAN and Internet VPN Access to Public Cloud

Pros and Cons of Connecting to Cloud with Private WANs

Intercloud Exchanges

Summarizing the Pros and Cons of Public Cloud WAN Options

A Scenario: Branch Offices and the Public Cloud

Migrating Traffic Flows When Migrating to Email SaaS

Branch Offices with Internet and Private WAN

Chapter Review

Part IV Review

Part V Network Automation

Chapter 16 Introduction to Controller-Based Networking

“Do I Know This Already?” Quiz

Foundation Topics

SDN and Controller-Based Networks

The Data, Control, and Management Planes

The Data Plane

The Control Plane

The Management Plane

Cisco Switch Data Plane Internals

Controllers and Software-Defined Architecture

Controllers and Centralized Control

The Southbound Interface

The Northbound Interface

Software Defined Architecture Summary

Examples of Network Programmability and SDN

OpenDaylight and OpenFlow

The OpenDaylight Controller

The Cisco Open SDN Controller (OSC)

Cisco Application Centric Infrastructure (ACI)

ACI Physical Design: Spine and Leaf

ACI Operating Model with Intent-Based Networking

Cisco APIC Enterprise Module

APIC-EM Basics

APIC-EM Replacement

Summary of the SDN Examples

Comparing Traditional Versus Controller-Based Networks

How Automation Impacts Network Management

Comparing Traditional Networks with Controller-Based Networks

Chapter Review

Chapter 17 Cisco Software-Defined Access (SDA)

“Do I Know This Already?” Quiz

Foundation Topics

SDA Fabric, Underlay, and Overlay

The SDA Underlay

Using Existing Gear for the SDA Underlay

Using New Gear for the SDA Underlay

The SDA Overlay

VXLAN Tunnels in the Overlay (Data Plane)

LISP for Overlay Discovery and Location (Control Plane)

DNA Center and SDA Operation

Cisco DNA Center

Cisco DNA Center and Scalable Groups

Issues with Traditional IP-Based Security

SDA Security Based on User Groups

DNA Center as a Network Management Platform

DNA Center Similarities to Traditional Management

DNA Center Differences with Traditional Management

Chapter Review

Chapter 18 Understanding REST and JSON

“Do I Know This Already?” Quiz

Foundation Topics

REST-Based APIs

REST-Based (RESTful) APIs

Client/Server Architecture

Stateless Operation

Cacheable (or Not)

Background: Data and Variables

Simple Variables

List and Dictionary Variables

REST APIs and HTTP

Software CRUD Actions and HTTP Verbs

Using URIs with HTTP to Specify the Resource

Example of REST API Call to DNA Center

Data Serialization and JSON

The Need for a Data Model with APIs

Data Serialization Languages

JSON

XML

YAML

Summary of Data Serialization

Interpreting JSON

Interpreting JSON Key:Value Pairs

Interpreting JSON Objects and Arrays

Minified and Beautified JSON

Chapter Review

Chapter 19 Understanding Ansible, Puppet, and Chef

“Do I Know This Already?” Quiz

Foundation Topics

Device Configuration Challenges and Solutions

Configuration Drift

Centralized Configuration Files and Version Control

Configuration Monitoring and Enforcement

Configuration Provisioning

Configuration Templates and Variables

Files That Control Configuration Automation

Ansible, Puppet, and Chef Basics

Ansible

Puppet

Chef

Summary of Configuration Management Tools

Chapter Review

Part V Review

Part VI Final Review

Chapter 20 Final Review

Advice About the Exam Event

Exam Event: Learn About Question Types

Exam Event: Think About Your Time Budget

Exam Event: A Sample Time-Check Method

Exam Event: One Week Away

Exam Event: 24 Hours Before the Exam

Exam Event: The Last 30 Minutes

Exam Event: Reserve the Hour After the Exam

Exam Review

Exam Review: Take Practice Exams

Using the Practice CCNA Exams

Exam Review: Advice on How to Answer Exam Questions

Exam Review: Additional Exams with the Premium Edition

Exam Review: Find Knowledge Gaps

Exam Review: Practice Hands-On CLI Skills

CCNA Exam Topics with CLI Skill Requirements

Exam Review: Self-Assessment Pitfalls

Exam Review: Adjustments for Your Second Attempt

Exam Review: Other Study Tasks

Final Thoughts

Part VII Appendixes

Appendix A Numeric Reference Tables

Appendix B CCNA 200-301, Volume 2 Exam Updates

Appendix C Answers to the “Do I Know This Already?” Quizzes

Glossary

Index

Online Appendixes

Appendix D Topics from Previous Editions

Appendix E Practice for Chapter 2: Basic IPv4 Access Control Lists

Appendix F Previous Edition ICND1 Chapter 35: Managing IOS Files

Appendix G Exam Topics Cross-Reference

Appendix H Study Planner

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
54.198.154.234