Index
Numbers
3DES (Data Encryption Standard), 152, 338
800 series routers, 492
802.11 (Wi-Fi), QoS traffic marking, 373
900 series routers, 490
5500 series routers, 491
A
abstraction layers, virtualization, 589–590
access
remote access Trojan horses, 107
access control
data loss, 98
troubleshooting, 541
access layer
hierarchical network design, 462
scalable networks, 475
access points. See AP
accumulating costs, single-area OSPF, 66–67
ACI (Application Centric Infrastructure), 598, 602
ANP, 602
Nexus 9000 series switches, 602
spine-leaf topologies, 603
ACL (Access Control Lists), 164, 175, 188
defined, 164
extended ACL, 166, 175–176, 180–181, 203–204, 220
named extended IPv4 ACL, 212–216
numbered extended IPv4 ACL, 204–206, 209–210
TCP-established extended ACL, 210–211
log keyword, 542
sequence numbers method, 197–198
named ACL, 177
named extended IPv4 ACL, 212–216
named standard IPv4 ACL, 189–190, 193–195
NAT pools, 246
network traffic, 165
numbered ACL, 176
numbered extended IPv4 ACL, 204–206, 209–210
numbered standard IPv4 ACL, 188–189, 191–193, 195
outbound ACL filters, 167
standard ACL, 166, 175–176, 179, 190, 200–203, 219–220
stateful firewall services, 210, 220
statistics, 199
tasks using ACL, 165
traffic flows, 165
transport layer, troubleshooting, 539–542
IPv4 address ranges, 170
addresses
mapping errors, troubleshooting, 536
spoofing attacks, 118, 120–121
adjacencies
troubleshooting, 539
adjacency databases, OSPF, 5
adware, 108
AES (Advanced Encryption Standard), 152, 338
AF (Assured Forwarding) values, DSCP, 376–377
AH (Authentication Headers), 336
algorithms
OSPF, 5
QoS queueing algorithms, 361, 383
CBWFQ, 364
FIFO, 362
LLQ, 365
amplification attacks, 118–120
analyzing
cable analyzers, 527
information (troubleshooting process), 514
ANP (Application Network Profiles), 602
Ansible, 643
AnyConnect Secure Mobility Client, 321
API (Application Programming Interface), 628–629, 631, 633, 651
calls, 630
internal (private) API, 632
partner API, 632
SOAP, 632
APIC (Application Policy Infrastructure Controller), 602–603
APIC-EM (Application Policy Infrastructure Controller-Enterprise Module), 606–608
application layer
DNS, 544
FTP, 544
HTTP, 544
NFS, 544
POP, 544
SMTP, 544
SNMP, 544
SSH, 544
telnet command, 544
TFTP, 544
area ID
hello packets, 16
point-to-point OSPF networks, 40
ARP (Address Resolution Protocol)
process of, 128
spoofing attacks, 130
arrays, 625
ASA (Adaptive Security Appliances), 140, 321
ASBR (Autonomous System Boundary Routers), 74
ASIC (Application-Specific Integrated Circuits), 485–486
ASR 1000 series routers, 490–491
ASR 9000 series routers, 488–491
assets (security), defined, 96
assigning
router ID, 40
VLAN, troubleshooting, 556–558
asymmetric encryption, 152–156
ATM (Asynchronous Transfer Mode), 296, 324
address spoofing attacks, 118, 120–121
amplification attacks, 118–120
baiting attacks, 114
buffer overflow attacks, 112–113
dumpster diving attacks, 114
impersonation attacks, 114
password attacks, 111
phishing attacks, 114. See also spear phishing attacks
port redirection attacks, 112
pretexting attacks, 114
reconnaissance attacks, 109–110
session hijacking attacks, 118
shoulder surfing attacks, 114
social engineering attacks, 114–115
something for something (quid pro quo) attacks, 114
spam attacks, 114
spear phishing attacks, 114. See also phishing attacks
spoofing attacks, 111
tailgaiting attacks, 114
trust exploitation attacks, 111
attenuation, troubleshooting, 533
AH, 336
MD5, 339
origin authentication, 144
SHA, 339
authoritative time sources, 401–402, 443–444
calls, 630
internal (private) API, 632
partner API, 632
SOAP, 632
Cisco DNA Center, 648–650, 652
configuration management tools, 639, 642–643, 652
Ansible, 643
Chef, 643
CLI, 639
network automation, 641
Puppet, 643
SaltStack, 643
rules of, 622
syntax, 622
arrays, 625
format of, 623
smart devices, 620
availability, network security, 138
AWA Management Console, 586
B
backbone networks, 287
backhaul networks, 287
backups
configurations from TFTP servers, 428–430, 436
baiting attacks, 114
bandwidth, 354
DSL Internet connectivity, 302
reference bandwidth, single-area OSPF, 64–66
baselining tools, 524
performance, troubleshooting, 532, 535
BDR (Backup Designated Routers), 17
election
multiaccess OSPF networks, 49–51, 53, 56–59
BE (Best Effort) values, DSCP, 376
best practices
availability, 138
confidentiality, 138
defense-in-depth approach, 138–139
integrity, 138
best-effort QoS policy model, 366–367
black hat hackers, 99
blacklisting URL (Uniform Resource Locators), 142
boot sector viruses, 107
boot system, configuring IOS images, 441–442
BOOTP, troubleshooting, 543
borderless switched networks, 458–461
bottlenecks/congestion (networks), troubleshooting, 532
bottom-up troubleshooting method, 518–519
branch networks, 281
branch routers, 488
breaches (security), 95
broadband connectivity
dedicated broadband WAN connectivity, 297–298
Internet-based broadband WAN connectivity, 298, 314–315
cable Internet connectivity, 305–306
DSL Internet connectivity, 302–304
ISP Internet connectivity, 309–310
LTE, 307
solution comparisons, 311
teleworking, 283, 302, 308, 312, 314
wired Internet connectivity, 301–302
wireless Internet connectivity, 302
wireless Internet-based broadband connectivity, 306–307
broadcast multiaccess networks, 49, 84
broadcasts, troubleshooting, 536
buffer overflow attacks, 112–113
buffered logging, 529
building switch blocks, 474
business considerations for switch selection, 486–487
C
cable analyzers, 527
cable modems, 288
cabling
DOCSIS, 305
faults, troubleshooting, 533
fiber optic Internet connectivity, 305–306
HFC networks, cable modems, 305
Internet connectivity, 305
optical nodes, 305
SONET cabling standard, 291–292
calendar services, network management, 400
CAM tables, spoofing attacks, 121
campus networks, 280
carrier protocols, 329
carrier WAN connections, 278
dual-carrier WAN connections, 278–279
single-carrier WAN connections, 278
Catalyst 2960-C series switches, 485–486
Catalyst 3560-C series switches, 485
causes of network problems, troubleshooting, 573–574
CBWFQ (Class-Based Weight Fair Queuing), 364
CDP (Cisco Discovery Protocol), 390–396, 441–442
CEF (Cisco Express Forwarding), Layer 3 switches, 596
cellular Internet connectivity, 306–307
central controller and SDN, 597
changing passwords, 435
Chef, 643
circuit-switched network communications, 290
circuit-switched WAN connectivity, 295
Cisco DNA Assurance, 648
Cisco DNA Center, 648–650, 652
Cisco DNA (Digital Network Architecture), 647–648
Cisco DNA Security, 648
classification/marking tools (QoS), 371–372
classifying traffic, 362–363, 368
CLI (Command Line Interface), 639
clientless VPN, 326
clock (software)
setting manually, 400
source, displaying, 403
cloud computing, 583, 585–586, 609
cloud services, 584
cloud-managed switches, 478
community clouds, 585
data centers versus, 585
IaaS, 584
PaaS, 584
private clouds, 584
public clouds, 584
SaaS, 584
storage devices, data loss, 98
CnC (Command and Control), 116–117, 132–133
CO (Central Office), WAN, 286
code delays, 355
collapsed core network design, 464
collecting data, IOS commands, 511–512
communications (network)
circuit-switched network communications, 290
DWDM multiplexing, 292
packet-switched network communications, 290–291
parallel network communications, 289
serial network communications, 289
SONET cabling standard, 291–292
community clouds, 585
community strings (SNMP), 412–415
comparison troubleshooting method, 522
compromised-key attacks, 105
confidentiality
data confidentiality, 144, 150
network security, 138
configuration register, password recovery, 433–435, 437
configuring
configuration management tools, 639, 642–643, 652
Ansible, 643
Chef, 643
CLI, 639
network automation, 641
Puppet, 643
SaltStack, 643
LLDP, 397
NAT, 260
networks
CLI, 639
OSPF
PAT
address pools, 253
single IP addresses, 252
point-to-point OSPF networks, 49
restoring configurations from, text files, 428–430
routers
copying configurations, 431
restoring configurations, 432
saving configurations, 435
verifying configurations, 432
switches
fixed configuration switches, 480
modular configuration switches, 480
stackable configuration switches, 481
management tools, 371, 379–380
troublehooting, 532
connectivity
IP connectivity, troubleshooting, end-to-end connectivity, 545–549
loss of, 532
WAN connectivity
cable Internet connectivity, 305–306
circuit-switched WAN connectivity, 295
dedicated broadband WAN connectivity, 297–298
DSL Internet connectivity, 302–304
Internet-based broadband WAN connectivity, 298, 301–311, 314–315
ISDN, 295
ISP Internet connectivity, 309–310
leased-line WAN connectivity, 293–294
LTE, 307
Metro Ethernet WAN connectivity, 298–300, 332
modern WAN connectivity, 296–301, 314
packet-switched WAN connectivity, 298
PSTN, 295
solution comparisons, 311
teleworking, 283, 302, 308, 312, 314
traditional WAN connectivity, 292–296, 312–313
wired Internet connectivity, 301–302
wireless Internet connectivity, 302
wireless Internet-based broadband connectivity, 306–307
wireless connectivity, scalable networks, 466–467
console error messages, troubleshooting, 533
console logging, 529
console messages, troubleshooting, 536
content security appliances
ESA, 142
control plane, SDN, 595
controller-based SDN, 605, 611–612
convergence
link-state operation, 6
converters (optical), 288
copying
IOS images to TFTP servers, 439–440
router configurations to USB drives, 431–432
core devices (WAN), 288
core layer (hierarchical network design), 462
CoS traffic marking, 373–374, 377–378
cost metrics
manually setting cost value, 66–67
reference bandwidths, 65
switches, 486
VPN, 322
CPE (Customer Premises Equipment), 286
CPU (Central Processing Units)
high utilization rates, troubleshooting, 533
overloads, troubleshooting, 534
data confidentiality, 144, 150
data nonrepudiation, 144
encryption
3DES, 152
AES, 152
asymmetric encryption, 152–156
DES, 152
DSA, 154
DSS, 154
ElGamal, 154
elliptic curve cryptography, 154
public key algorithms, 152–156
RC series algorithms, 152
RSA, 154
SEAL, 152
hash functions, 144
MD5, 145
origin authentication, 144, 147–149
CS (Class Selector) bits, DSCP, 377–378
CSU (Channel Service Units), 288
cybercriminals, 100
cybersecurity (current state of), 95, 157. See also security
assets, 96
breaches, 95
current state of affairs, 95–96
cybercriminals, 95
exploits, 96
mitigation, 96
risk, 96
threats, 96
vectors of
vulnerabilities, 96
D
data centers
cloud computing versus, 585
switches, 478
data collection, IOS commands, 511–512
data confidentiality, 144, 150
arrays, 625
rules of, 622
YAML, 623
data integrity, 144–145, 333, 335, 338–339
data link layer (networks), troubleshooting, 534–537
data loss vectors (security), 97–98
data measurement, network documentation, 510–512
data modification attacks, 105
data nonrepudiation, 144
data plane, SDN, 596
data sending Trojan horses, 107
databases
adjacency databases, 5
forwarding databases, 5
LSDB 5, 7
topology databases, troubleshooting, 539
DBD (Database Description) packets, 13–14, 21–22
DCE (Data Communications Equipment), 286–288
DDoS (Distributed Denial of Service) attacks, 116–117
debug command, 517
debuggers, 104
dedicated broadband WAN connectivity, 297–298
dedicated servers, virtualization, 586–587
default gateways, verifying, 558–560
IPv4, 559
defense-in-depth approach (network security), 138–139
defining problems (troubleshooting process), 514
de-jitter delays, 355
delays, 353
code delays, 355
de-jitter delays, 355
fixed delays, 355
packetization delays, 355
playout delay buffers, 355–356
propagation delays, 355
queuing delays, 355
serialization delays, 355
variable delays, 355
demarcation points, 286
Denial of Service. See DoS attacks
density (port), switches, 482, 486
departmental switch blocks, 474
DES (Data Encryption Standard), 152, 338
design limits, troubleshooting, 534
designing networks, 455
borderless switched networks, 458–461
collapsed core network design, 464
hierarchical networks, 493
borderless switched networks, 458–461
core layer, 462
distribution layer, 462
three-tier network design, 455, 460, 463
two-tier network design, 461, 464
800 series routers, 492
900 series routers, 490
5500 series routers, 491
ASR 1000 series routers, 490–491
ASR 9000 series routers, 490–491
branch routers, 488
fixed configuration routers, 492
modular routers, 492
service provider routers, 489
scalable networks, 465–466, 477, 493–494
access layer, 475
hierarchical networks, 455–458
redundancy plans, 469
scalable routing protocol, 467–468
tuning routing protocols, 476–477
wireless connectivity, 465–466
SFP devices, 482
business considerations for switch selection, 486–487
Catalyst 2960-C series switches, 485–486
Catalyst 3560-C series switches, 485
cloud-managed switches, 478
data center switches, 478
fixed configuration switches, 480
forwarding rates, 483
modular configuration switches, 480
port density, 482
service provider switches, 479
stackable configuration switches, 481
thickness of switches, 481
virtual networks, 479
wire speeds, 483
three-tier network design, 455, 460, 463
two-tier network design, 461, 464
virtual networks, switches, 479
destination ports, troubleshooting, 541
destructive Trojan horses, 107
device discovery
device documentation (networks), 505, 512
end-system documentation files, 506–507
switches, 506
DHCP (Dynamic Host Configuration Protocol), 133
rogue DHCP servers, 121, 134–136
troubleshooting, 543
dialup modems. See voiceband modems
Diffie-Hellman key exchanges, 333, 335, 342–343
DiffServ (Differentiated Services), 366, 369–370
digital certificates, 327, 333, 335, 339, 341–342, 344–345
digital multimeters (DMM), 525–526
Dijkstra’s algorithm, 5
disaster recovery, virtualization, 589
discovering devices
distributed networks, 282
distribution layer (hierarchical network design), 461–462, 493
divide-and-conquer troubleshooting method, 520–521
DLCI (Data-Link Connection Identifiers), 296
DMM (Digital Multimeters), 525–526
DMVPN (Dynamic Multipoint VPN), 330–331
DNS (Domain Name System), 131, 544
domain shadowing attacks, 132
open resolver attacks, 131
stealth attacks, 132
traffic analysis, 136
troubleshooting, 543
DOCSIS (Data Over Cable Service Interface Specification), 305
documentation, networks, 502, 572
device documentation, 505, 512
end-system documentation files, 506–507
switches, 506
logical network topologies, 504–505
overview of, 502
physical network topologies, 503
domain shadowing attacks, 132
DoS (Denial of Service) attacks, 105, 107, 115–116
DR (Designated Routers), 16
election
multiaccess OSPF networks, 49–51, 53–54, 56–59
single-area OSPF, router ID, 36
drives (USB)
copying router configurations to, 431–432
displaying contents of, 430
verifying connections, 430–431
DSA (Digital Signature Algorithm), 154
DSCP (Differentiated Services Code Points), 375–378
DSL (Digital Subscriber Line) Internet connectivity, 302–303
bandwidth space allocation, 302
DSLAM, 303
example of, 303
modems, 288
DSP (Digital Signal Processors), 357
DSS (Digital Signature Standard), 154
DSU (Data Service Units), 288
DTE (Data Terminal Equipment), 286–288
dual-carrier WAN connections, 278–279
dual-homed ISP connectivity, 309
dual-homed WAN topology, 276
dual-multihomed ISP connectivity, 310
dumpster diving attacks, 114
duplex mismatches, troubleshooting, 551–553
DWDM multiplexing, 292
dynamic NAT (Network Address Translation), 232–233, 244–245, 260–261
E
eavesdropping attacks, 105
E-carriers, 294
edge routers, 74
educated guess troubleshooting method, 522
EF (Expedited Forwarding) values, DSCP, 376
egress packets, 372
ElGamal, 154
eliminating probable cause (troubleshooting process), 514
elliptic curve cryptography, 154
data loss, 98
POP, 544
SMTP, 544
EMI (Electromagnetic Interference), troubleshooting, 534
encapsulating
errors, troubleshooting, 536
protocols (IPsec), 336
encryption
3DES, 338
asymmetric encryption, 152–156
DSA, 154
DSS, 154
ElGamal, 154
elliptic curve cryptography, 154
encryption protocols, troubleshooting, 542
protocols, troubleshooting, 543
public key algorithms, 152–156
RC series algorithms, 152
RSA, 154
tools, 104
end users (troubleshooting process), questioning, 515–516
endpoint groups (EPG), 602
end-system documentation files, 506–507
end-to-end IP connectivity, troubleshooting
IPv4
traceroute command, 548
IPv6
enterprise networks, 458, 477, 487, 491, 493–494
enterprise VPN (Virtual-Private Networks), 324–325
EoMPLS. See Metro Ethernet WAN connectivity
EPG (Endpoint Groups), 602
error messages (console), troubleshooting, 533
ESA (Email Security Appliance), 142
ESP (Encapsulation Security Protocol), 336
established keyword, troubleshooting, 542
Ethernet
CoS traffic marking, 373–374, 377–378
Metro Ethernet WAN connectivity, 298–300, 332
PPPoE, DSL Internet connectivity, 303–304
QoS traffic marking, 373
ethical hacking, 95
excessive broadcasts, troubleshooting, 536
Exchange state, 18
exploits (security), defined, 96
ExStart state, 18
extended ACL (Access Control Lists), 166, 175–176, 180–181, 203–204, 220
named extended IPv4 ACL, 212–216
numbered extended IPv4 ACL, 204–206, 209–210
TCP-established extended ACL, 210–211
F
failover tests to backup routes, single-area OSPF, 69
failure domains
failures/recovery
routers, multiaccess OSPF networks, 58–59
single point of failure, 275, 278
FIB (Forwarding Information Base), 596
fiber optic Internet connectivity, 305–306
FIFO (First-In, First-Out), 362
file systems
Flash file systems, 425
restoring configurations from, text files, 428–430
router file systems, 423–425, 445–446
switch file systems, 426–427, 445–446
filtering
network traffic with ACL
outbound ACL filters, 167
URL, 142
firmware viruses, 107
fixed configuration routers, 492
fixed configuration switches, 480
fixed delays, 355
Flash
backing up configurations from, 436
file systems, 425
IOS images, verifying size of, 439–441
flexibility, borderless switched networks, 459
flood attacks
TCP SYN flood attacks, 124
UDP flood attacks, 127
flow control, TCP, 123
flow tables (switches), 601
flowcharts (troubleshooting), 512–513
follow-the-path troubleshooting method, 521–522
forensic tools, 103
form factors
SFP devices, 482
forwarding databases, OSPF, 5
Forwarding Information Base (FIB), 596
forwarding rates (switches), 483
frame buffers, switches, 487
framing errors, troubleshooting, 537
FTP (File Transfer Protocol), 107, 544
FTTB (Fiber-to-the-Building) Internet connectivity, 306
FTTH (Fiber-to-the-Home) Internet connectivity, 306
FTTN (Fiber-to-the-Node/Neighborhood) Internet connectivity, 306
FTTx Internet connectivity, 305–306
Full state, 18
fully meshed WAN topology, 276
functionality, troubleshooting, 535
fuzzers, 103
G
gateways (default), verifying, 558–560
IPv4, 559
gathering information (troubleshooting process), 514, 516–517
general network issues, troubleshooting, 539
general troubleshooting procedures, 512–513
get operations (SNMP), 406–407
gray hat hackers, 99
GRE (Generic Routing Encapsulation)
group tables (switches), 602
H
hacking
OS, 104
tools, 103
hacktivists, 100
hard copies, data loss, 98
hardware, troubleshooting
faults, 533
tools
cable analyzers, 527
portable network analyzers, 528
Prime NAM, 528
hash functions
MD5, 145
headend, 305
headers
TCP headers, 122
UDP headers, 126
hello intervals, 16
intervals, single-area OSPF, 69–73
neighbor adjacencies, OSPF link-state operation, 6
HFC networks, cable modems, 305
hierarchical networks, 493
borderless switched networks, 458–461
core layer, 462
distribution layer, 461–462, 493
three-tier network design, 455, 460, 463
two-tier network design, 461, 464
hierarchical topologies, multi-area OSPF, 11
high CPU utilization rates, troubleshooting, 533
HMAC (Hash Message Authentication Code), 147–149, 338–339
HTTP (Hypertext Transfer Protocol), 544, 634–639
hub-and-spoke WAN topology, 275, 330–331
hypotheses (troubleshooting process)
proposals, 514
testing, 515
I
IaaS (Infrastructure as a Service), 584
IBN (Intent-Based Networking), 644–646, 652
ID
area ID, point-to-point OSPF networks, 40
assigning, 40
configuration mode, 35
DR election, 36
reference topologies, 34–35, 38
rid values, 37
synchronization of OSPF databases, 36
IDS (Intrusion Detection Systems), network security, 140–141
IEEE 802.1p. See CoS traffic marking
IFS (IOS File System), 424, 437–442
IKE (Internet Key Exchange), 335
images (IOS), managing, 446
boot system configurations, 441–442
impersonation attacks, 114
implicit denies, 167, 182, 541
information (troubleshooting process)
analyzing, 514
ingress packets, 372
input errors, troubleshooting, 551
input queue drops, 550
integrity
of data, 144–145, 333, 335, 338–339
network security, 138
interfaces, show interfaces command, 549–550
interference, troubleshooting, 534
internal (private) API, 632
Internet-based broadband WAN connectivity, 298, 314–315
cable Internet connectivity, 305–306
DSL Internet connectivity, 302, 303
bandwidth space allocation, 302
DSLAM, 303
example of, 303
ISP Internet connectivity
dual-homed ISP connectivity, 309
dual-multihomed ISP connectivity, 310
multihomed ISP connectivity, 309–310
single-homed ISP connectivity, 309
LTE, 307
microwave Internet connectivity. See WiMAX
solution comparisons, 311
teleworking, 283, 302, 308, 312, 314
wired Internet connectivity, 301–302
wireless Internet connectivity, 302
wireless Internet-based broadband connectivity, 306, 308
cellular Internet connectivity, 306–307
municipal Wi-Fi Internet connectivity, 306
satellite Internet connectivity, 307
WiMAX, 307
interoperability areas (transport layer), troubleshooting, 542–543
IntServ (Integrated Services), 366–368
IOS commands
gathering information (troubleshooting process), 516–517
IOS File System, 424, 437–442, 446
IOS log messages, severity levels (Syslog), 530
IP (Internet Protocol)
show ip interface brief command, 517
show ip route command, 517
IP addresses, attacks, 105, 117–122, 158. See also security
IP connectivity, troubleshooting, 574–576
end-to-end connectivity
IPv4 traceroute command, 548
IPv6 traceroute command, 548–549
verifying physical layer, 549–551
local network addressing, end-to-end connectivity, 553–556
network paths, verifying, 562–566
transport layer, verifying, 566–567
verifying physical layer, 549–551
IP phone, PoE, 484
ipospf command, point-to-point OSPF networks, configuring OSPF, 43–44
ipospf priority command, 61
IPP (IP Precedence), 373, 375, 377–378
IPS (Intrusion Prevention Systems), 140–141
IPsec (IP Security), 332–345. See also VPN
AH, 336
confidentiality, 333–334, 336–338
data integrity, 333, 335, 338–339
Diffie-Hellman key exchanges, 333, 335, 342–343
ESP, 336
origin authentication, 333, 335
protocol encapsulation, 336
transport and tunnel mode, 343
IPv4 (Internet Protocol version 4)
ACL, 175, 188. See also extended ACL; named ACL; numbered ACL; standard ACL
creating, 188
stateful firewall services, 210, 220
statistics, 199
addressing
ranges, wildcard masks, 170
troubleshooting, 541
default gateways, 559
extended ACL, 175–176, 180–181, 203–204, 220
named extended IPv4 ACL, 212–216
numbered extended IPv4 ACL, 204–206, 209–210
TCP-established extended ACL, 210–211
logical network topologies, 504
named ACL, 177
named extended IPv4 ACL, 212–216
named standard IPv4 ACL, 189–190, 193–195
configuring, 260
disadvantages of, 238–239, 261
dynamic NAT, 232–233, 244–251, 260–261
inside global NAT addresses, 230
inside local NAT addresses, 230–231
NAT overload. See PAT
NAT-PT, 259
outside global NAT addresses, 231
outside local NAT addresses, 231
outside NAT addresses, 229, 231
PAT, 233–234, 237, 251–257, 260–261
private IPv4 addresses, 226–227
static NAT, 231–232, 239–244, 260–261
stub networks, 228
numbered ACL, 176
numbered extended IPv4 ACL, 204–206, 209–210
numbered standard IPv4 ACL, 188–189, 191–193, 195
QoS traffic marking, 373
standard ACL, 175–176, 179, 190, 200–203, 219–220
subnets, wildcard masks, 169–170
traceroute command, 548
Type of Service field, 375
wildcard masks
address ranges, 170
troubleshooting, 541
IPv6 (Internet Protocol version 6)
logical network topologies, 505
QoS traffic marking, 373
show ipv6 interface brief command, 517
show ipv6 route command, 517
Traffic Class field, 375
ISDN (Integrated Services Digital Networks), 295
ISP (Internet Service Providers)
Internet connectivity
dual-homed ISP connectivity, 309
dual-multihomed ISP connectivity, 310
MPLS VPN, 332
multihomed ISP connectivity, 309–310
single-homed ISP connectivity, 309
routers, 489
switches, 479
ISR 4000 series routers, 488
J
jabber, 533
JSON (JavaScript Object Notation), 622–624, 626–627
arrays, 625
format of, 623
JSON-RPC (JavaScript Object Notation-Remote Procedure Call), 632–633
K
keylogger attacks, 107
keys (security), compromised-key attacks, 105
knowledge bases, 524
L
LAN (Local-Area Networks)
switches, device documentation, 506
last mile (local loops), 286
Layer 2 MPLS VPN, 324, 332, 344
Layer 2 QoS traffic marking, 373–374
Layer 2 traffic marking, 373–374
Layer 3 MPLS VPN, 324, 332, 334, 344
Layer 3 switches, SDN, 596
Layer 3 traffic marking, 374–375
layered approach (network security), 138–139
layered models, troubleshooting with, 517–518
leased-line WAN connectivity, 293–294
legacy support, virtualization, 589
links, scalable networks
link-state operation
convergence, 6
OSPF, 6
establishing neighbor adjacencies, 6
LSDB, 7
link-state routing protocols. See OSPF
list of neighbors, 17
LLDP (Link Layer Discovery Protocol), 396–400, 443
LLQ (Low Latency Queuing), 365
Loading state, 18
local loops (last mile), 286
local network addressing, verifying, 553–556
log keyword, ACL, 542
logging
buffered logging, 529
console logging, 529
logging trap command, 530
logical network topologies, 504–505
loopback interfaces
point-to-point OSPF networks, 48
loops
local loops (last mile), 286
STP loops, troubleshooting, 537
LSA (Link-State Advertisements)
LSU packets, 14
LSAck (Link-State Acknowledgement) packets, 13–14
LSDB (Link-State Databases)
topology tables, 7
LSR (Label-Switched Routers), 300–301
LSR (Link-State Request) packets, 13–14, 22
LSU (Link-State Update) packets, 13–14
LTE (Long-Term Evolution), 307
M
MAC addresses
switch MAC address tables, 555–557
macros, viruses, 107
adware, 108
overview of, 106
ransomware, 108
rootkits, 108
spyware, 108
management plane, SDN, 598
managing networks, 390
calendar services, 400
configurations
restoring from text files, 428–430
passwords
changing, 435
routers
copying configurations, 431
file systems, 423–424, 445–446
restoring configurations, 432
saving configurations, 435
USB ports, 430
verifying configurations, 432
switch file systems, 426–427, 445–446
time services, 400
USB drives
copying router configurations to, 431–432
displaying contents of, 430
verifying connections, 430–431
man-in-the-middle attacks. See MITM
marking/classification tools (QoS), 371–372
MD5 (Message-Digest 5), 339
MD5 hash function, 145
measuring data, network documentation, 510–512
meter tables (switches), 602
Metro Ethernet WAN connectivity, 298–300, 332
mGRE (Multipoint GRE), 330–331
MIB (Management Information Base)
OID, 415
variables, SNMP agents, 407
microwave Internet connectivity. See WiMAX
mission-critical services, 455–456, 490
mitigation (security), defined, 96
MITM (Man-in-the-Middle) attacks, 105, 112–113, 118
modems
cable Internet connectivity, 305
cable modems, 288
CSU, 288
dialup modems. See voiceband modems
DSL modems, 288
DSU, 288
voiceband modems, 288
modern WAN connectivity, 296–301, 314
modifying
sequence numbers method, 197–198
modular configuration switches, 480
modular routers, 492
modularity, borderless switched networks, 459
MPLS (Multi-Protocol Label Switching), 298, 300–301, 324
Layer 2 MPLS VPN, 324, 332, 344
Layer 3 MPLS VPN, 324, 332, 334, 344
QoS traffic marking, 373
VPN, 332
multiaccess OSPF networks, 49
reference topologies, 51–52, 57
router election process, 56–59
router failures/recovery, 58–59
multihomed ISP connectivity, 309–310
multimeters (digital), 525–526
multiple adjacencies, routers, 23–24
multiple links, scalable networks, 466–467
municipal Wi-Fi Internet connectivity, 306
N
NAM (Network Analysis Module), 528
named ACL (Access Control Lists), 177
named extended IPv4 ACL, 212–216
named standard IPv4 ACL, 189–190, 193–195
NAT (Network Address Translation), 226, 237
configuring, 260
disadvantages of, 238–239, 261
dynamic NAT, 232–233, 244, 245–247, 249–251, 260–261
configuring, 251
inside global NAT addresses, 230
inside local NAT addresses, 230–231
NAT overload. See PAT
NAT-PT, 259
outside global NAT addresses, 231
outside local NAT addresses, 231
outside NAT addresses, 229, 231
source port assignments, 235
private IPv4 addresses, 226–227
routers, private/public IPv4 address translations, 227
static NAT, 231–232, 239–240, 242–244, 260–261
topology, 240
stub networks, 228
NBAR (Network Based Application Recognition), 372
NBMA (Non-Broadcast Multiaccess) networks, 70
NCS 6000 series routers, 489
neighbor adjacencies
OSPF link-state operation, 6
troubleshooting, 539
neighbor tables (IPv6), 554–555
neighbors, list of, 17
network addresses, prefixes, 12
Network Analysis Module (NAM), 528
network analyzers (portable), 528
network command, point-to-point OSPF networks
command syntax, 40
network layer, troubleshooting, 537–539
network masks, hello packets, 16
networks
defined, 164
extended ACL, 175–176, 180–181, 203–206, 207–218, 220
modifying, sequence numbers method, 197–198
modifying with text method, 196–197
named ACL, 177, 189–190, 193–195, 198–199, 212–216
numbered ACL, 176, 188–189, 191–193, 195, 204–206, 209–210
standard ACL, 175–176, 179, 190, 200–203, 219–220
stateful firewall services, 210, 220
statistics, 199
wildcard masks, 168–173, 182–183
attacks, 109, 117, 158. See also security
address spoofing attacks, 118, 120–121
amplification attacks, 118–120
ARP vulnerabilities/attacks, 127–130
baiting attacks, 114
buffer overflow attacks, 112–113
dumpster diving attacks, 114
impersonation attacks, 114
password attacks, 111
phishing attacks 114. See also spear phishing attacks
port redirection attacks, 112
pretexting attacks, 114
reconnaissance attacks, 109–110
session hijacking attacks, 118
shoulder surfing attacks, 114
social engineering attacks, 114–115
something for something (quid pro quo) attacks, 114
spam attacks, 114
spear phishing attacks, 114. See also phishing attacks
spoofing attacks, 111
tailgaiting attacks, 114
TCP vulnerabilities/attacks, 122–126, 158
trust exploitation attacks, 111
UDP vulnerabilities/attacks, 122, 126–127, 158
zombies, 116
Cisco DNA Center, 648–650, 652
configuration management tools, 639–643, 652
smart devices, 620
backbone networks, 287
backhaul networks, 287
bandwidth, 354
borderless switched networks, 458–461
bottlenecks/congestion, troubleshooting, 532
branch networks, 281
broadcast multiaccess networks, 49, 84
campus networks, 280
Cisco DNA Assurance, 648
Cisco DNA Center, 648–650, 652
Cisco DNA Security, 648
CLI, 639
communications
circuit-switched network communications, 290
DWDM multiplexing, 292
packet-switched network communications, 290–291, 295–296
parallel network communications, 289
serial network communications, 289
SONET cabling standard, 291–292
configuring
CLI, 639
data link layer, troubleshooting, 534–537
delays, 353
code delays, 355
de-jitter delays, 355
fixed delays, 355
packetization delays, 355
propagation delays, 355
queuing delays, 355
serialization delays, 355
variable delays, 355
designing, 455
borderless switched networks, 458–461
collapsed core network design, 464
hierarchical networks, 455–465, 475
scalable networks, 455–458, 465–477
SFP devices, 482
three-tier network design, 455, 460, 463
two-tier network design, 461, 464
distributed networks, 282
device documentation, 505–507, 512
logical network topologies, 504–505
overview of, 502
physical network topologies, 503
enterprise networks, 458, 477, 487, 491, 493, 494
Ethernet networks, adjacencies, 23–24
hacking tools, 103
HFC networks, cable modems, 305
hierarchical networks, 493
borderless switched networks, 458–461
core layer, 462
distribution layer, 462
distribution layer switches, 461, 462, 493
three-tier network design, 455, 460, 463
two-tier network design, 461, 464
ISDN, 295
knowledge bases, 524
LAN
local network addressing, verifying, 553–556
managing, 390
backing up configurations, 428–430, 436
calendar services, 400
changing passwords, 435
password recovery, 433–436, 437
restoring configurations from text files, 428–430
router configurations, 431–432
router file systems, 423–424, 445–446
switch file systems, 426–427, 445–446
time services, 400
multiaccess OSPF networks, 49–51
NBMA, 70
network layer, troubleshooting, 537–539
NMS
tools, 524
NOC, 457
physical layer
point-to-point OSPF networks, 40, 83–84
area ID, 40
configuring, 49
configuring with ipospf command, 43–44
configuring with network command, 41–43
loopback interfaces, 48
PSTN, 295
hierarchical networks, 455–458
scanning tools, 103
SD-Access, 647
CEF, 596
central controller, 597
control plane, 595
controller-based SDN, 605, 611–612
data plane, 596
framework, 599
Layer 3 switches, 596
management plane, 598
OpenFlow, 598
OpenStack, 598
policy-based SDN, 605
traditional architectures and, 599
SD-WAN, 648
security, 95, 157. See also attacks; VPN
adware, 108
ASA, 140
assets, 96
availability, 138
blacklisting URL, 142
breaches, 95
confidentiality, 138
content security appliances, 141–143
cybersecurity, current state of, 95–98
data confidentiality, 144, 150
data nonrepudiation, 144
debuggers, 104
defense-in-depth approach, 138–139
ESA, 142
ethical hacking, 95
exploits, 96
forensic tools, 103
fuzzers, 103
hacking OS, 104
hacking tools, 103
hacktivists, 100
integrity, 138
mitigation, 96
origin authentication, 144, 147–149
packet crafting tools, 103
packet sniffers, 103
password crackers, 103
penetration testing tools, 102–104
ransomware, 108
risk, 96
rootkit detectors, 103
rootkits, 108
scanning tools, 103
script kiddies, 100
spyware, 108
threats, 96
URL filtering, 142
vectors of network attacks, 96–97
vulnerabilities, 96
vulnerability brokers, 100
vulnerability exploitation tools, 104
vulnerability scanners, 104
wireless hacking tools, 103
SFP devices, 482
stub networks, NAT and, 228
switched networks, borderless switched networks, 458–461, 464–465
toll networks, 286
topologies
logical network topologies, 504–505
physical network topologies, 503
traffic
transmission quality, 353, 382
troubleshooting
analyzing information, 514
bottom-up troubleshooting method, 518–519
buffered logging, 529
comparison troubleshooting method, 522
console logging, 529
defining problems, 514
divide-and-conquer troubleshooting method, 520–521
educated guess troubleshooting method, 522
eliminating probable cause, 514
follow-the-path troubleshooting method, 521–522
gathering information, 514, 516–517
general troubleshooting procedures, 512–513
hardware troubleshooting tools, 525–528
proposing hypotheses, 514
protocol analyzers, 525
questioning end users, 515–516
selecting troubleshooting method, 523
seven-step troubleshooting process, 513–515
SNMP traps, 530
software troubleshooting tools, 524
solving problems, 515
structured troubleshooting methods, 518–522
substitution troubleshooting method, 522
symptoms/causes of network problems, 531–545, 573–574
terminal lines, 529
testing hypotheses, 515
top-down troubleshooting method, 519–520
switches, 479
advantages of, 589
AWA Management Console, 586
disaster recovery, 589
legacy support, 589
prototyping, 589
virtual network infrastructure, 592–595, 610
VNI, 357
VPN, 283, 308, 321, 344. See also IPsec
AnyConnect Secure Mobility Client, 321
ASA, 321
clientless VPN, 326
cost metrics, 322
digital certificates, 327, 333, 335, 339, 341–342, 344–345
MPLS VPN, 332
remote access VPN, 283, 308, 312, 314–315, 324, 325–326
scalability, 323
site-to-site VPN, 283, 308, 312, 314–315, 323, 327–328
SOHO, 321
VRF, 595
WAN
AP, 288
backbone networks, 287
backhaul networks, 287
branch networks, 281
cable Internet connectivity, 305–306
cable modems, 288
campus networks, 280
circuit-switched network communications, 290
circuit-switched WAN connectivity, 295
CO, 286
core devices, 288
CPE, 286
CSU, 288
dedicated broadband WAN connectivity, 297–298
demarcation points, 286
distributed networks, 282
DSL Internet connectivity, 302–304
DSL modems, 288
DSU, 288
DWDM multiplexing, 292
E-carriers, 294
Internet-based broadband WAN connectivity, 298, 301–311, 314–315
ISDN, 295
ISP Internet connectivity, 309–310
leased-line WAN connectivity, 293–294
local loops (last mile), 286
LTE, 307
Metro Ethernet WAN connectivity, 298–300, 332
modern WAN connectivity, 296–301, 314
operation of, 283–292, 312–313
optical converters, 288
packet-switched network communications, 290–291, 295–296
packet-switched WAN connectivity, 298
parallel network communications, 289
POP, 286
private WAN, 273
PSTN, 295
public WAN, 273
serial network communications, 289
SONET cabling standard, 291–292
standards, 283
T-carriers, 294
teleworking, 283, 302, 308, 312, 314
toll networks, 286
traditional WAN connectivity, 292–296, 312–313
voiceband modems, 288
wired Internet connectivity, 301–302
wireless Internet connectivity, 302
wireless Internet-based broadband connectivity, 306–307
wireless routers, 288
next available port (PAT), 235–236
Nexus 9000 series switches, 602
NFS (Network File System), 544
NMS (Network Management System)
MIB OID, 415
snmpget utility, 417
tools, 524
NOC (Network Operations Center), 457
noise, troubleshooting, 534
nonrepudiation of data, 144
NTP (Network Time Protocol), 400, 443–444
authoritative time sources, 401–402, 443–444
calendar services, 400
time services, 400
numbered ACL (Access Control Lists), 176
numbered extended IPv4 ACL, 204–206, 209–210
numbered standard IPv4 ACL, 188–189, 191–193, 195
O
Object Navigator (SNMP), 417–418
OC (Optical Carriers), 294
OID (Object ID), MIB OID, 415
open resolver attacks (DNS), 131
OpenFlow, 598
OpenStack, 598
optical converters, 288
optical fiber Internet connectivity, 305–306
optical nodes, 305
Optical Time-Domain Reflectometers (OTDR), 527
order of precedence, router ID, 36–37
origin authentication, 144
OS (Operating Systems), hacking, 104
OSI model
OSPF (Open Shortest Path First), 17
algorithms, 5
BDR
election process, 20, 23–24, 56–59
multiaccess OSPF networks, 49–51, 53, 56–59
DR
multiaccess OSPF networks, 49–51, 53–54, 56–59
Exchange state, 18
ExStart state, 18
Full state, 18
hierarchical networks, 476–477
introduction to, 3
link-state operation, 6
establishing neighbor adjacencies, 6
LSDB, 7
Loading state, 18
LSA
multiaccess OSPF networks, 49
reference topologies, 51–52, 57
router election process, 56–59
neighbor adjacencies, 6, 18–20
OSPFv2, 12
OSPFv4, 12
overview of, 3
LSU packets, 14
point-to-point OSPF networks, 40, 83–84
area ID, 40
configuring, 49
configuring with ipospf command, 43–44
configuring with network command, 41–43
loopback interfaces, 48
routers
configuration mode, 35
routing protocol messages, 4
single-area OSPF, 9, 10, 34, 38
default route propagation, 73–77, 86
point-to-point OSPF networks, 40–49
reference bandwidth adjustments, 64–66
test failover to backup routes, 69
OTDR (Optical Time-Domain Reflectometers), 527
outbound ACL filters, 167
output errors, troubleshooting, 551
output queue drops, 550
outside global NAT addresses, 231
outside local NAT addresses, 231
outside NAT addresses, 229, 231
P
packetization delays, 355
packets
crafting tools, 103
ingress packets, 372
queuing. See delay
sniffers, 103
packet-switched network communications, 290–291
packet-switched WAN connectivity, 298
parallel network communications, 289
partially meshed WAN topology, 277
partner API, 632
passive interfaces, point-to-point OSPF networks, 44–46
passwords
changing, 435
configuration register, 433–435, 437
password crackers, 103
plaintext passwords, 415
PAT (Port Address Translation), 233–234, 251, 260–261
configuring
address pools, 253
single IP addresses, 252
source port assignments, 235
paths (network), verifying, 562–566
penetration testing tools, 102–104
performance, troubleshooting, 532, 535
phishing attacks, 114. See also spear phishing attacks
physical layer (networks)
physical network topologies, 503
gathering information (troubleshooting process), 517
PKI (Public Key Infrastructure), 327, 344
plaintext passwords, 415
playout delay buffers, 355–356
PoE (Power over Ethernet), switches, 484–486
point-to-point OSPF networks, 40, 83–84
area ID, 40
configuring, 49
ipospf command, configuring OSPF, 43–44
loopback interfaces, 48
network command
syntax, 40
point-to-point WAN topology, 274–275
policing traffic, QoS, 380–381
policy-based SDN, 605
polling scenarios, SNMP, 415–417
POP (Point of Presence), 286, 312, 544
portable network analyzers, 528
ports
destination ports, troubleshooting, 541
next available port (PAT), 235–236
redirection attacks, 112
source ports
assigning, 235
troubleshooting, 541
speeds, switches, 487
USB ports on routers, 430
VTY port security, standard IPv4 ACL, 200–203, 220
wire speeds, 483
Postman, 638
power supplies, troubleshooting, 533
PPP (Point-to-Point Protocol), DSL Internet connectivity, 303–304
precedence (router ID), order of, 36–37
prefixes, 12
pretexting attacks, 114
PRI (Priority) fields, 373
Prime NAM (Network Analysis Module), 528
prioritizing network traffic, 353–354
private (internal) API, 632
private clouds, 584
private IPv4 addresses, 226–227
private WAN (Wide-Area Networks), 273
probable cause (troubleshooting process), eliminating, 514
problems (troubleshooting process)
defining, 514
solving, 515
program viruses, 107
propagating
delays, 355
static routes
default route propagation, 73–77, 86
proposing hypotheses (troubleshooting process), 514
protocols
analyzers, 525
encapsulation (IPsec), 336
prototyping, virtualization, 589
proxy Trojan horses, 107
PSK (Pre-Shared Keys), 339–340
PSTN (Public Service Telephone Networks), 295
public clouds, 584
public key algorithms, 152–156
public WAN (Wide-Area Networks), 273
Puppet, 643
PVC (Permanent Virtual Circuits), 295–296
Python, 638
Q
QoS (Quality of Service)
classification/marking tools, 371–372
congestion
management tools, 371, 379–380
DSP, 357
egress packets, 372
implementation techniques, 384–385
ingress packets, 372
network traffic
network transmissions, 353, 382
packet loss, avoiding, 371
playout delay buffers, 355–356
policy guidelines, 381
policy models
best-effort QoS policy model, 366–367
selecting, 366
CBWFQ, 364
FIFO, 362
LLQ, 365
tool usage, sequence of, 372
ToS values, 363, 374–375, 377, 383
traffic
WRED, 371
questioning end users (troubleshooting process), 515–516
queue drops
input queue drops, 550
output queue drops, 550
queueing algorithms (QoS), 383
CBWFQ, 364
FIFO, 362
LLQ, 365
overview of, 361
queuing delays, 355
queuing packets. See delay
quid pro quo (something for something) attacks, 114
R
ransomware, 108
RC (Rivest Cipher) series algorithms, 152
reconnaissance attacks, 109–110
redundancy
network design, 469
scalable networks, 469
redundant links, scalable networks, 466–467
reference bandwidths, single-area OSPF, 64–66
reference topologies
end-to-end IP connectivity, troubleshooting, 545–547
multiaccess OSPF networks, 51–52, 57
single-area OSPF, 34–35, 38, 74
rejoins, routers, multiaccess OSPF networks, 58–59
reliability, switches, 486
remote access Trojan horses, 107
remote access VPN (Virtual Private Networks), 283, 308, 312, 314–315, 324–326
removable media, data loss, 98
resiliency, borderless switched networks, 459
REST (Representational State Transfer), 632–639, 651–652
restoring configurations
router configurations, 432
rid values, 37
risk (security), defined, 96
rogue DHCP servers, 121, 134–136
rootkit detectors, 103
rootkits, 108
800 series routers, 492
900 series routers, 490
5500 series routers, 491
ASBR, 74
ASR 1000 series routers, 490–491
ASR 9000 series routers, 488–491
BDR, 17
multiaccess OSPF networks, 49–51, 53, 56–59
branch routers, 488
configurations
copying, 431
restoring, 432
saving, 435
verifying, 432
Dijkstra’s algorithm, 5
DR, 16
multiaccess OSPF networks, 49–51, 53–54, 56–59
router ID, 36
edge routers, 74, 470–471, 488–489
failover tests to backup routes, single-area OSPF, 69
file systems, 423–424, 445–446
Flash file systems, 425
fixed configuration routers, 492
assigning, 40
configuration mode, 35
DR election, 36
rid values, 37
synchronization of OSPF databases, 36
ISR 4000 series routers, 488
list of neighbors, 17
LSR packets, 22
modular routers, 492
NAT routers, private/public IPv4 address translations, 227
NCS 6000 series routers, 489
OSPF
database synchronization, 20–21
service provider routers, 489
software clock, setting manually, 400
USB ports, 430
wireless routers, 288
routing
GRE
OSPF
default route propagation, 73–77, 86
link-state operation, route selection, 8–9
protocols
failover tests to backup routes, single-area OSPF, 69
link-state routing protocols. See OSPF
messages, 4
scalable routing protocol, 467–468
show ip route command, 517
show ipv6 route command, 517
tables, troubleshooting, 539
tuning protocols, scalable networks, 476–477
VRF, 595
RPC (Remote Procedure Calls)
JSON-RPC, 632
XML-RPC, 632
RSA (Rivest, Shamir, Adleman)
encryption algorithms, 154
RSVP (Resource Reservation Protocol), 368, 370
Ruby, 643
S
SA (Security Associations), 334–335
SaaS (Software as a Service), 584
SaltStack, 643
satellite Internet connectivity, 307
saving router configurations, 435
scalability
switches, 487
VPN, 323
access layer, 475
redundancy plans, 469
scalable routing protocol, 467–468
tuning routing protocols, 476–477
wireless connectivity, 468
hierarchical networks, 455–458
scalable routing protocol, 467–468
script kiddies, 100
script viruses, 107
SD-Access, 647
SDN (Software-Defined Networking), 595, 598, 600, 610–611
ANP, 602
Nexus 9000 series switches, 602
spine-leaf topologies, 603
CEF, 596
central controller, 597
control plane, 595
controller-based SDN, 605, 611–612
data plane, 596
framework, 599
Layer 3 switches, 596
management plane, 598
OpenFlow, 598
OpenStack, 598
policy-based SDN, 605
traditional architectures and, 599
SD-WAN, 648
SEAL (Software-Optimized Encryption Algorithm), 152, 338
security. See also VPN
AnyConnect Secure Mobility Client, 321
MD5, 339
SHA, 339
data confidentiality, 144, 150
data nonrepudiation, 144
origin authentication, 144, 147–149
data confidentiality, 144, 150
data nonrepudiation, 144
encryption
asymmetric encryption, 152–156
DSA, 154
DSS, 154
ElGamal, 154
elliptic curve cryptography, 154
public key algorithms, 152–156
RC series algorithms, 152
RSA, 154
ESA, 142
hash functions, 144
MD5, 145
IKE, 335
IPsec, 333, 344–345. See also VPN
AH, 336
confidentiality, 333–334, 336–338
data integrity, 333–335, 338–339
Diffie-Hellman key exchanges, 333–335, 342–343
ESP, 336
protocol encapsulation, 336
transport and tunnel mode, 343
keys, compromised-key attacks, 105
adware, 108
overview of, 106
ransomware, 108
rootkits, 108
spyware, 108
MD5, 339
address spoofing attacks, 118, 120–121
amplification attacks, 118–120
ARP vulnerabilities/attacks, 127–130
ASA, 140
assets, 96
availability, 138
baiting attacks, 114
blacklisting URL, 142
breaches, 95
buffer overflow attacks, 112–113
confidentiality, 138
content security appliances, 141–143
cybercriminals, 95
cybersecurity, current state of, 95–98
defense-in-depth approach, 138–139
dumpster diving attacks, 114
ethical hacking, 95
exploits, 96
impersonation attacks, 114
integrity, 138
mitigation, 96
password attacks, 111
phishing attacks, 114. See also spear phishing attacks
port redirection attacks, 112
pretexting attacks, 114
reconnaissance attacks, 109–110
risk, 96
session hijacking attacks, 118
shoulder surfing attacks, 114
social engineering attacks, 114–115
something for something (quid pro quo) attacks, 114
spam attacks, 114
spear phishing attacks, 114. See also phishing attacks
spoofing attacks, 111
tailgaiting attacks, 114
TCP vulnerabilities/attacks, 122–126, 158
threats, 96
trust exploitation attacks, 111
UDP vulnerabilities/attacks, 122, 126–127, 158
URL filtering, 142
vectors of network attacks, 96–97
vulnerabilities, 96
zombies, 116
origin authentication, 144, 147–149
passwords
changing, 435
configuration register, 433–437
SHA, 339
software disablers, 107
SSL
SSL VPN, 326
stateful firewall services, 210, 220
Syslog security levels, 421
cybercriminals, 100
hacktivists, 100
script kiddies, 100
vulnerability brokers, 100
TLS, VPN, 326
tools
debuggers, 104
encryption tools, 104
forensic tools, 103
fuzzers, 103
hacking OS, 104
hacking tools, 103
packet crafting tools, 103
packet sniffers, 103
password crackers, 103
penetration testing tools, 102–104
rootkit detectors, 103
scanning tools, 103
SET, 115
vulnerability exploitation tools, 104
vulnerability scanners, 104
wireless hacking tools, 103
VTY ports, standard IPv4 ACL, 200–203, 220
vulnerabilities
defined, 96
exploitation tools, 104
fuzzers, 103
scanners, 104
vulnerability brokers, 100
sequence numbers method, modifying ACL, 197–198
serial network communications, 289
serialization delays, 355
servers
DHCP servers, rogue DHCP servers, 121, 134–136, 158
Syslog server
messages, 419
as troubleshooting tool, 529–531
TFTP servers
backing up configurations from, 428–430, 436
virtualization, 589
service providers. See ISP
services
cloud services, 584
IaaS, 584
PaaS, 584
SaaS, 584
stateful firewall services, 210, 220
session hijacking attacks, 118, 126
SET (Social Engineering Toolkits), 115
set operations (SNMP), 406–407
seven-step troubleshooting process, 513–515
severity levels (Syslog), 444–445, 530
SFP (Small Form-Factor Pluggable) devices, 482
SHA (Secure Hash Algorithm), 146–147, 339
shoulder surfing attacks, 114
show interfaces command, 549–550
show ip interface brief command, 517
show ip route command, 517
show ipv6 interface brief command, 517
show ipv6 route command, 517
single point of failure, 275, 278
manually setting cost value, 67–69
reference bandwidths, 65
default route propagation, 73–77, 86
point-to-point OSPF networks, 40
area ID, 40
configuring, 49
configuring with ipospf command, 43–44
configuring with network command, 41–43
loopback interfaces, 48
reference bandwidth adjustments, 64–66
reference topologies, 34–35, 38
assigning, 40
configuration mode, 35
DR election, 36
reference topologies, 34–35, 38
synchronization of OSPF databases, 36
routers, test failover to backup routes, 69
single-carrier WAN connections, 278
single-homed ISP connectivity, 309
site-to-site VPN (Virtual-Private Networks), 283, 308, 312, 314–315, 323–324, 327–328
SLA (Service Level Agreements), 278
smart devices, 620
SMTP (Simple Mail Transfer Protocol), 544
sniffer attacks, 105
SNMP (Simple Network Management Protocol), 405, 444, 544, 640–641
messages, exchanging, 409
MIB OID, 415
NMS, 405
snmpget utility, 417
traps, 530
troubleshooting, 543
SOAP (Simple Object Access Protocol), 632
social engineering attacks, 114–115
social networking, data loss, 98
software
clock
displaying clock source, 403
setting manually, 400
security software disablers, 107
troubleshooting tools, 524
baselining tools, 524
knowledge bases, 524
NMS tools, 524
protocol analyzers, 525
SOHO (Small Office, Home Office), VPN, 321
solving problems (troubleshooting process), 515
something for something (quid pro quo) attacks, 114
SONET cabling standard, 291–292
source ports
assigning, 235
troubleshooting, 541
spam attacks, 114
spear phishing attacks, 114. See also phishing attacks
SPF (Shortest-Path First) algorithm, 5, 8–9, 10–11
spine-leaf topologies, 603
spoke-to-spoke tunnels, 331
address spoofing attacks, 118, 120–121
ARP, 130
CAM tables, 121
spyware, 108
SSH (Secure Shell), 544
ssh -1 command, 517
SSL (Secure Socket Layer)
stackable configuration switches, 481
standard ACL (Access Control Lists), 166, 175, 175–176, 179, 190, 200–203, 219–220
stateful firewall services, 210, 220
state-sponsored hackers, 100
static NAT (Network Address Translation), 231–232, 239–240, 260–261
topology, 240
stealth attacks (DNS), 132
storage devices (cloud), data loss, 98
STP failures/loops, troubleshooting, 537
stratum (NTP), 401–405, 443–444
structured troubleshooting methods, 518
bottom-up troubleshooting method, 518–519
comparison troubleshooting method, 522
divide-and-conquer troubleshooting method, 520–521
educated guess troubleshooting method, 522
follow-the-path troubleshooting method, 521–522
selecting, 523
substitution troubleshooting method, 522
top-down troubleshooting method, 519–520
stub networks, NAT, 228
subnet masks, prefix lengths, 12
substitution troubleshooting method, 522
switch blocks, failure domains, 474
business considerations for switch selection, 486–487
Catalyst 2960-C series switches, 485–486
Catalyst 3560-C series switches, 485
cloud-managed switches, 478
configuring
fixed configuration switches, 480
modular configuration switches, 480
stackable configuration switches, 481
cost metrics, 486
data center switches, 478
device documentation, 506
distribution layer switches, 461, 462, 493
file systems, 426–427, 445–446
fixed configuration switches, 480
flow tables, 601
forwarding rates, 483
frame buffers, 487
group tables, 602
LAN switches, device documentation, 506
Layer 3 switches, SDN, 596
meter tables, 602
modular configuration switches, 480
business considerations for switch selection, 486–487
Catalyst 2960-C series switches, 485–486
Catalyst 3560-C series switches, 485
cloud-managed switches, 478
data center switches, 478
fixed configuration switches, 480
forwarding rates, 483
modular configuration switches, 480
port density, 482
service provider switches, 479
stackable configuration switches, 481
thickness of switches, 481
virtual networks, 479
Nexus 9000 series switches, 602
port speeds, 487
reliability, 486
scalability, 487
service provider switches, 479
stackable configuration switches, 481
thickness of, 481
virtual networks, 479
wire speeds, 483
symptoms/causes of network problems, troubleshooting, 573–574
synchronizing OSPF databases, 20–22
syntax
data formats, 622
Syslog
messages
destination of, 420
facilities, 422
format of, 421
server messages, 419
operation of, 420
security levels, 421
Syslog server as troubleshooting tool, 529–531
T
tailgaiting attacks, 114
Talos, ESA, 142
T-carriers, 294
TCI (Tag Control Information) fields, 373
TCP (Transmission Control Protocol)
flow control, 123
headers, 122
services, 123
session hijacking attacks, 126
TCP-established extended ACL, 210–211
TCP SYN flood attacks, 124
TDR (Time-Domain Reflectometers), 527
teleworking, 283, 302, 308, 312, 314
Tera Term, configuration backups from TFTP servers, 427–428, 436
terminal lines, 529
testing
failover to backup routes, single-area OSPF, 69
hypotheses (troubleshooting process), 515
portable network analyzers, 528
Prime NAM, 528
text files, restoring configurations from, 428–430
text method, modifying ACL, 196–197
TFTP (Trivial File Transfer Protocol), 544
backing up configurations from, 428–430, 436
servers
thickness of switches, 481
threat actors (security), 98, 157
cybercriminals, 100
hacktivists, 100
script kiddies, 100
vulnerability brokers, 100
threats (security), defined, 96
three-tier network design, 455, 460, 463
time, authoritative time sources, 401–402, 443–444
time services, network management, 400
Time-Domain Reflectometers. See TDR
timestamps, Syslog messages, 422–423
TLS (Transport Layer Security), SSL VPN, 326
toll networks, 286
tools (security)
debuggers, 104
encryption tools, 104
forensic tools, 103
fuzzers, 103
hacking OS, 104
hacking tools, 103
packet crafting tools, 103
packet sniffers, 103
password crackers, 103
penetration testing tools, 102–104
rootkit detectors, 103
scanning tools, 103
SET, 115
vulnerability exploitation tools, 104
vulnerability scanners, 104
wireless hacking tools, 103
top-down troubleshooting method, 519–520
topologies
databases, troubleshooting, 539
hierarchical topologies, multi-area OSPF, 11
logical network topologies, 504–505
MPLS, 300
NAT terminology, 230
physical network topologies, 503
reference topologies
multiaccess OSPF networks, 51–52, 57
single-area OSPF, 34–35, 38, 74
troubleshooting end-to-end IP connectivity, 545–547
spine-leaf topologies, 603
tables, LSDB, 7
VPN, 323
remote access VPN, 324
WAN, 274
dual-homed WAN topology, 276
fully meshed WAN topology, 276
hub-and-spoke WAN topology, 275, 330–331
partially meshed WAN topology, 277
point-to-point WAN topology, 274–275
ToS (Type of Service) values, 363, 374–375, 377, 383
traceroute command, 517
IPv4, 548
traditional WAN connectivity, 292–296, 312–313
traffic (networks)
classification, 362, 363, 368. See also classification/marking tools
flows
ACL, 165
troubleshooting, 541
Ethernet, 373
MPLS, 373
NBAR classifications, 372
Traffic Class field (IPv6), 375
Type of Service field (IPv4), 375
Wi-Fi (802.11), 373
Traffic Class field (IPv6), 375
transmission quality, networks, 353, 382
delays, 353
code delays, 355
de-jitter delays, 355
fixed delays, 355
packetization delays, 355
propagation delays, 355
queuing delays, 355
serialization delays, 355
variable delays, 355
transport and tunnel mode (IPsec), 343
transport layer
troubleshooting
interoperability areas (common), 542–543
transport protocols, 329
troubleshooting
access control, 541
address mapping errors, 536
attenuation, 533
BOOTP, 543
bottlenecks/congestion, 532
broadcasts, 536
cable analyzers, 527
cabling faults, 533
connectivity, loss of, 532
console error messages, 533
console messages, 536
CPU overloads, 534
design limits, 534
destination ports, 541
DHCP, 543
DNS, 543
EMI, 534
encapsulation errors, 536
encryption protocols, 542, 543
end-to-end IP connectivity
IPv4 traceroute command, 548
IPv6 traceroute command, 548–549
verifying physical layer, 549–551
established keyword, 542
framing errors, 537
functionality, 535
general network issues, 539
hardware faults, 533
hardware troubleshooting tools
cable analyzers, 527
portable network analyzers, 528
Prime NAM, 528
high CPU utilization rates, 533
implicit denies, 541
input errors, 551
input queue drops, 550
interference, 534
interference configuration errors, 534
end-to-end connectivity, 545–549
local network addressing, 553–556
verifying default gateways, 558–562
verifying network paths, 562–566
verifying physical layer, 549–551
verifying transport layer, 566–567
IPv4 addressing, 541
neighbor adjacencies, 539
networks
analyzing information, 514
bottom-up troubleshooting, 518–519
buffered logging, 529
comparison troubleshooting method, 522
console logging, 529
defining problems, 514
divide-and-conquer troubleshooting method, 520–521
educated guess troubleshooting method, 522
eliminating probable cause, 514
follow-the-path troubleshooting method, 521–522
gathering information, 514, 516–517
general troubleshooting procedures, 512–513
hardware troubleshooting tools, 525–528
proposing hypotheses, 514
protocol analyzers, 525
questioning end users, 515–516
selecting troubleshooting method, 523
seven-step troubleshooting process, 513–515
SNMP traps, 530
software troubleshooting tools, 524
solving problems, 515
structured troubleshooting methods, 518–522
substitution troubleshooting method, 522
symptoms/causes of network problems, 531–545, 573–574
terminal lines, 529
testing hypotheses, 515
top-down troubleshooting method, 519–520
noise, 534
output errors, 551
output queue drops, 550
physical layer, verifying, 549–551
portable network analyzers, 528
power supplies, 533
Prime NAM, 528
protocol analyzers, 525
routing tables, 539
SNMP, 543
software troubleshooting tools, 524
baselining tools, 524
knowledge bases, 524
NMS tools, 524
protocol analyzers, 525
source ports, 541
STP failures/loops, 537
tools, 573
topology databases, 539
traffic flows, 541
transport layer
tunneling protocols, 543
VPN protocols, 542
wildcard masks, 541
trust boundaries, QoS traffic marking, 378–379
trust exploitation attacks, 111
tunneling
protocols, troubleshooting, 543
two-tier network design, 461, 464
Type of Service field (IPv4), 375
U
UDP (User Datagram Protocol), 122, 127, 158
flood attacks, 127
headers, 126
unencrypted devices, data loss, 98
URI (Universal Resource Identifiers), 635, 636
URL (Uniform Resource Locators), 635
blacklisting, 142
filtering, 142
URN (Uniform Resource Names), 635
USB (Universal Serial Buses)
backing up configurations from, 436
drives
copying router configurations to, 431–432
displaying contents of, 430
verifying connections, 430–431
routers and USB ports, 430
V
variable delays, 355
vectors of
verifying
dead intervals, single-area OSPF, 70–71
IPv4, 559
default route propagation, single-area OSPF, 75–77
hello intervals, single-area OSPF, 70–71
IOS image size in Flash, 439, 440–441
LLDP, 397
local network addressing, 553–556
router configurations to USB drives, 432
virtual circuits, 275–276, 295–296
virtual machines (VM), VLAN, 594
virtual networks, 610
switches, 479
VRF, 595
advantages of, 589
AWA Management Console, 586
cloud computing, 583, 585–586, 609
cloud services, 584
community clouds, 585
data centers versus, 585
IaaS, 584
PaaS, 584
private clouds, 584
public clouds, 584
SaaS, 584
disaster recovery, 589
legacy support, 589
prototyping, 589
SDN, 592–593, 598, 600, 610–611
CEF, 596
central controller, 597
control plane, 595
controller-based SDN, 605, 611–612
data plane, 596
framework, 599
Layer 3 switches, 596
management plane, 598
OpenFlow, 598
OpenStack, 598
policy-based SDN, 605
traditional architectures and, 599
servers, 589
virtual network infrastructure, 592–593
VRF, 595
VLAN (Virtual Local Area Networks), 556–558, 594
VM (Virtual Machines), VLAN, 594
VNI (Visual Networking Index), 357
voiceband modems, 288
VoIP (Voice over Internet Protocol), 294
VPLS. See Metro Ethernet WAN connectivity
VPN (Virtual Private Networks), 283, 308, 321, 344. See also IPsec
AnyConnect Secure Mobility Client, 321
ASA, 321
clientless VPN, 326
cost metrics, 322
digital certificates, 327, 333, 335, 339, 341–342, 344–345
Layer 2 MPLS VPN, 324, 332–344
Layer 3 MPLS VPN, 324, 332–334
protocols, troubleshooting, 542
remote access VPN, 283, 308, 312, 314–315, 324, 325–326
scalability, 323
site-to-site VPN, 283, 308, 312, 314–315, 323–324, 327–328
SOHO, 321
VRF (Virtual Routing and Forwarding), 595
VTI (Virtual Tunnel Interfaces), 331–332
VTY port security, standard IPv4 ACL, 200–203, 220
vulnerabilities (security)
defined, 96
exploitation tools, 104
fuzzers, 103
scanners, 104
vulnerability brokers, 100
W
WAN (Wide-Area Networks)
AP, 288
backbone networks, 287
backhaul networks, 287
branch networks, 281
cable modems, 288
campus networks, 280
carrier WAN connections, 278
dual-carrier WAN connections, 278–279
single-carrier WAN connections, 278
CO, 286
communications
circuit-switched network communications, 290
DWDM multiplexing, 292
packet-switched network communications, 290–291, 295–296
parallel network communications, 289
serial network communications, 289
SONET cabling standard, 291–292
connectivity
cable Internet connectivity, 305, 306
circuit-switched WAN connectivity, 295
dedicated broadband WAN connectivity, 297–298
DSL Internet connectivity, 302–304
Internet-based broadband WAN connectivity, 298, 301–311, 314–315
ISDN, 295
ISP Internet connectivity, 309–310
leased-line WAN connectivity, 293–294
LTE, 307
Metro Ethernet WAN connectivity, 298–300, 332
modern WAN connectivity, 296–301, 314
packet-switched WAN connectivity, 298
PSTN, 295
solution comparisons, 311
teleworking, 283, 302, 308, 312, 314
traditional WAN connectivity, 292–296, 312–313
wired Internet connectivity, 301–302
wireless Internet connectivity, 302
wireless Internet-based broadband connectivity, 306–307
core devices, 288
CPE, 286
CSU, 288
demarcation points, 286
distributed networks, 282
DSL modems, 288
DSU, 288
E-carriers, 294
local loops (last mile), 286
operation of, 283–292, 312–313
optical converters, 288
POP, 286
private WAN, 273
public WAN, 273
standards, 283
T-carriers, 294
toll networks, 286
topologies, 274
dual-homed WAN topology, 276
fully meshed WAN topology, 276
hub-and-spoke WAN topology, 275, 330–331
partially meshed WAN topology, 277
point-to-point WAN topology, 274–275
voiceband modems, 288
wireless routers, 288
WAP (Wireless Access Points), PoE, 485
SOAP, 632
WFQ (Weight Fair Queuing), 362–364
white hat hackers, 99
Wi-Fi (802.11), QoS traffic marking, 373
IPv4
address ranges, 170
point-to-point OSPF networks, 40–43
troubleshooting, 541
WiMAX (Worldwide Interoperability Microwave Access), 307
wire speeds, 483
wired Internet connectivity, 301–302
wireless connectivity, scalable networks, 466–467
wireless hacking tools, 103
wireless Internet connectivity, 302
wireless Internet-based broadband connectivity, 306
cellular Internet connectivity, 306–307
municipal Wi-Fi Internet connectivity, 306
satellite Internet connectivity, 307
AnyConnect Secure Mobility Client, 321
ASA, 321
clientless VPN, 326
cost metrics, 322
digital certificates, 327, 333, 335, 339, 341–342, 344–345
MPLS VPN, 332
remote access VPN, 283, 308, 312, 314–315, 324–326
scalability, 323
site-to-site VPN, 283, 308, 312, 314–315, 323, 327–328
SOHO, 321
VPN. See also IPsec
WiMAX, 307
wireless routers, 288
WRED (Weighted Random Early Detection), 371
WSA (Web Security Appliance), 142–143
X
XML (Extensible Markup Language), 623, 627–628
XML-RPC (Extensible Markup Language-Remote Procedure Call), 632–633
Y
YAML (YAML Ain’t Markup Language), 623, 626–627
Z
zombies, 116