Wendell Odom
CCNA 200-301 Official Cert Guide, Volume 2
Wendell Odom
CCNA 200-301 Official Cert Guide, Volume 2
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
CCNA 200-301 Official Cert Guide enables students to succeed on the exam the first time and is the only self-study resource approved by Cisco. Best-selling author and expert instructor Wendell Odom shares preparation hints and test-taking tips, helping students identify areas of weakness and improve both conceptual knowledge and hands-on skills. Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this official study guide helps students master the concepts and techniques that ensure exam…mehr
Andere Kunden interessierten sich auch für
- Wendell OdomCCNA 200-301 Official Cert Guide, Volume 131,99 €
- Odom WendellCCNA 200-301 Official Cert Guide, Volume 2 (eBook, PDF)39,95 €
- Brad EdgeworthCCNP and CCIE Enterprise Core Encor 350-401 Official Cert Guide65,99 €
- Omar SantosCCNA Cyber Ops SECFND #210-250 Official Cert Guide56,99 €
- Gustavo SantanaCCNA Cloud CLDFND 210-451 Official Cert Guide54,99 €
- Chris JacksonCCNA Cloud CLDADM 210-455 Official Cert Guide42,99 €
- Wendell OdomCCNA Routing and Switching 200-125 Pearson Ucertify Course and Network Simulator Academic Edition Bundle291,99 €
-
-
-
-
CCNA 200-301 Official Cert Guide enables students to succeed on the exam the first time and is the only self-study resource approved by Cisco. Best-selling author and expert instructor Wendell Odom shares preparation hints and test-taking tips, helping students identify areas of weakness and improve both conceptual knowledge and hands-on skills. Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this official study guide helps students master the concepts and techniques that ensure exam success. * Revised edition of the #1 selling CCNA preparation self-study guide * Book content is fully updated to align to the new CCNA 200-301 exam objectives * Books and online materials are packed with features to help candidates master difficult testing methods on actual exams * Practice tests contain scenario-based questions that closely mimic the difficulty of the actual exam * In-depth expert explanations of all protocols, commands, and technologies on the CCNA exam * Online ancillary materials such as lecture slides, instructor's notes, and test bank reinforce concepts discussed in this text Assessment, review, and practice for the CCNA 200-301 exam * Revised edition of the #1 selling CCNA preparation self-study guide * Book content is fully updated to align to the new CCNA 200-301 exam objectives * Books and online materials are packed with features to help candidates master difficult testing methods on actual exams * Practice tests contain scenario-based questions that closely mimic the difficulty of the actual exam * In-depth expert explanations of all protocols, commands, and technologies on the CCNA exam
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Pearson Education / Pearson Education Limited
- Seitenzahl: 624
- Erscheinungstermin: 22. Dezember 2019
- Englisch
- Abmessung: 197mm x 238mm x 38mm
- Gewicht: 1294g
- ISBN-13: 9781587147135
- ISBN-10: 1587147130
- Artikelnr.: 57095846
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Verlag: Pearson Education / Pearson Education Limited
- Seitenzahl: 624
- Erscheinungstermin: 22. Dezember 2019
- Englisch
- Abmessung: 197mm x 238mm x 38mm
- Gewicht: 1294g
- ISBN-13: 9781587147135
- ISBN-10: 1587147130
- Artikelnr.: 57095846
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
Wendell Odom, CCIE No. 1624 Emeritus, has been in the networking industry since 1981. He has worked as a network engineer, consultant, systems engineer, instructor, and course developer; he currently works writing and creating certification study tools. This book is his 29th edition of some product for Pearson, and he is the author of all editions of the CCNA Cert Guides about Routing and Switching from Cisco Press. He has written books about topics from networking basics, certification guides throughout the years for CCENT, CCNA R&S, CCNA DC, CCNP ROUTE, CCNP QoS, and CCIE R&S. He maintains study tools, links to his blogs, and other resources at www.certskills.com.
Introduction xxvii
Part I IP Access Control Lists 3
Chapter 1 Introduction to TCP/IP Transport and Applications 4
Do I Know This Already? Quiz 4
Foundation Topics 6
TCP/IP Layer 4 Protocols: TCP and UDP 6
Transmission Control Protocol 7
Multiplexing Using TCP Port Numbers 7
Popular TCP/IP Applications 10
Connection Establishment and Termination 12
Error Recovery and Reliability 13
Flow Control Using Windowing 15
User Datagram Protocol 16
TCP/IP Applications 16
Uniform Resource Identifiers 17
Finding the Web Server Using DNS 18
Transferring Files with HTTP 20
How the Receiving Host Identifies the Correct Receiving Application 21
Chapter Review 22
Chapter 2 Basic IPv4 Access Control Lists 24
Do I Know This Already? Quiz 24
Foundation Topics 26
IPv4 Access Control List Basics 26
ACL Location and Direction 26
Matching Packets 27
Taking Action When a Match Occurs 28
Types of IP ACLs 28
Standard Numbered IPv4 ACLs 29
List Logic with IP ACLs 29
Matching Logic and Command Syntax 31
Matching the Exact IP Address 31
Matching a Subset of the Address with Wildcards 31
Binary Wildcard Masks 33
Finding the Right Wildcard Mask to Match a Subnet 33
Matching Any/All Addresses 34
Implementing Standard IP ACLs 34
Standard Numbered ACL Example 1 35
Standard Numbered ACL Example 2 36
Troubleshooting and Verification Tips 38
Practice Applying Standard IP ACLs 39
Practice Building access-list Commands 39
Reverse Engineering from ACL to Address Range 40
Chapter Review 41
Chapter 3 Advanced IPv4 Access Control Lists 44
Do I Know This Already? Quiz 44
Foundation Topics 46
Extended Numbered IP Access Control Lists 46
Matching the Protocol, Source IP, and Destination IP 46
Matching TCP and UDP Port Numbers 48
Extended IP ACL Configuration 51
Extended IP Access Lists: Example 1 51
Extended IP Access Lists: Example 2 53
Practice Building access-list Commands 54
Named ACLs and ACL Editing 54
Named IP Access Lists 54
Editing ACLs Using Sequence Numbers 56
Numbered ACL Configuration Versus Named ACL Configuration 58
ACL Implementation Considerations 59
Additional Reading on ACLs 60
Chapter Review 61
Part I Review 64
Part II Security Services 67
Chapter 4 Security Architectures 68
Do I Know This Already? Quiz 68
Foundation Topics 70
Security Terminology 70
Common Security Threats 72
Attacks That Spoof Addresses 72
Denial-of-Service Attacks 73
Reflection and Amplification Attacks 75
Man-in-the-Middle Attacks 76
Address Spoofing Attack Summary 77
Reconnaissance Attacks 77
Buffer Overflow Attacks 78
Malware 78
Human Vulnerabilities 79
Password Vulnerabilities 80
Password Alternatives 80
Controlling and Monitoring User Access 82
Developing a Security Program to Educate Users 83
Chapter Review 84
Chapter 5 Securing Network Devices 86
Do I Know This Already? Quiz 86
Foundation Topics 88
Securing IOS Passwords 88
Encrypting Older IOS Passwords with service password-encryption 89
Encoding the Enable Passwords with Hashes 90
Interactions Between Enable Password and Enable Secret 90
Making the Enable Secret Truly Secret with a Hash 91
Improved Hashes for Cisco's Enable Secret 92
Encoding the Passwords for Local Usernames 94
Controlling Password Attacks with ACLs 95
Firewalls and Intrusion Prevention Systems 95
Traditional Firewalls 96
Security Zones 97
Intrusion Prevention Systems (IPS) 99
Cisco Next-Generation Firewalls 100
Cisco Next-Generation IPS 102
Chapter Review 103
Chapter 6 Implementing Switch Port Security 106
Do I Know This Already? Quiz 106
Foundation Topics 108
Port Security Concepts and Configuration 108
Configuring Port Security 109
Verifying Port Security 112
Port Security MAC Addresses 113
Port Security Violation Modes 114
Port Security Shutdown Mode 115
Port Security Protect and Restrict Modes 117
Chapter Review 119
Chapter 7 Implementing DHCP 122
Do I Know This Already? Quiz 122
Foundation Topics 124
Dynamic Host Configuration Protocol 124
DHCP Concepts 125
Supporting DHCP for Remote Subnets with DHCP Relay 126
Information Stored at the DHCP Server 128
Configuring DHCP Features on Routers and Switches 129
Configuring DHCP Relay 130
Configuring a Switch as DHCP Client 130
Configuring a Router as DHCP Client 132
Identifying Host IPv4 Settings 133
Host Settings for IPv4 133
Host IP Settings on Windows 134
Host IP Settings on macOS 136
Host IP Settings on Linux 138
Chapter Review 140
Chapter 8 DHCP Snooping and ARP Inspection 144
Do I Know This Already? Quiz 144
Foundation Topics 146
DHCP Snooping 146
DHCP Snooping Concepts 146
A Sample Attack: A Spurious DHCP Server 147
DHCP Snooping Logic 148
Filtering DISCOVER Messages Based on MAC Address 150
Filtering Messages that Release IP Addresses 150
DHCP Snooping Configuration 152
Configuring DHCP Snooping on a Layer 2 Switch 152
Limiting DHCP Message Rates 154
DHCP Snooping Configuration Summary 155
Dynamic ARP Inspection 156
DAI Concepts 156
Review of Normal IP ARP 156
Gratuitous ARP as an Attack Vector 157
Dynamic ARP Inspection Logic 158
Dynamic ARP Inspection Configuration 160
Configuring ARP Inspection on a Layer 2 Switch 160
Limiting DAI Message Rates 163
Configuring Optional DAI Message Checks 164
IP ARP Inspection Configuration Summary 165
Chapter Review 166
Part II Review 168
Part III IP Services 171
Chapter 9 Device Management Protocols 172
Do I Know This Already? Quiz 172
Foundation Topics 174
System Message Logging (Syslog) 174
Sending Messages in Real Time to Current Users 174
Storing Log Messages for Later Review 175
Log Message Format 176
Log Message Severity Levels 177
Configuring and Verifying System Logging 178
The debug Command and Log Messages 180
Network Time Protocol (NTP) 181
Setting the Time and Timezone 182
Basic NTP Configuration 183
NTP Reference Clock and Stratum 185
Redundant NTP Configuration 186
NTP Using a Loopback Interface for Better Availability 188
Analyzing Topology Using CDP and LLDP 190
Examining Information Learned by CDP 190
Configuring and Verifying CDP 193
Examining Information Learned by LLDP 194
Configuring and Verifying LLDP 197
Chapter Review 199
Chapter 10 Network Address Translation 202
Do I Know This Already? Quiz 202
Foundation Topics 204
Perspectives on IPv4 Address Scalability 204
CIDR 205
Private Addressing 206
Network Address Translation Concepts 207
Static NAT 208
Dynamic NAT 210
Overloading NAT with Port Address Translation 211
NAT Configuration and Troubleshooting 213
Static NAT Configuration 213
Dynamic NAT Configuration 215
Dynamic NAT Verification 217
NAT Overload (PAT) Configuration 219
NAT Troubleshooting 222
Chapter Review 223
Chapter 11 Quality of Service (QoS) 226
Do I Know This Already? Quiz 226
Foundation Topics 228
Introduction to QoS 228
QoS: Managing Bandwidth, Delay, Jitter, and Loss 228
Types of Traffic 229
Data Applications 229
Voice and Video Applications 230
QoS as Mentioned in This Book 232
QoS on Switches and Routers 233
Classification and Marking 233
Classification Basics 233
Matching (Classification) Basics 234
Classification on Routers with ACLs and NBAR 235
Marking IP DSCP and Ethernet CoS 236
Marking the IP Header 237
Marking the Ethernet 802.1Q Header 237
Other Marking Fields 238
Defining Trust Boundaries 238
DiffServ Suggested Marking Values 239
Expedited Forwarding (EF) 240
Assured Forwarding (AF) 240
Class Selector (CS) 241
Guidelines for DSCP Marking Values 241
Queuing 242
Round-Robin Scheduling (Prioritization) 243
Low Latency Queuing 243
A Prioritization Strategy for Data, Voice, and Video 245
Shaping and Policing 245
Policing 246
Where to Use Policing 246
Shaping 248
Setting a Good Shaping Time Interval for Voice and Video 249
Congestion Avoidance 250
TCP Windowing Basics 250
Congestion Avoidance Tools 251
Chapter Review 252
Chapter 12 Miscellaneous IP Services 254
Do I Know This Already? Quiz 254
Foundation Topics 256
First Hop Redundancy Protocol 256
The Need for Redundancy in Networks 257
The Need for a First Hop Redundancy Protocol 259
The Three Solutions for First-Hop Redundancy 260
HSRP Concepts 261
HSRP Failover 261
HSRP Load Balancing 262
Simple Network Management Protocol 263
SNMP Variable Reading and Writing: SNMP Get and Set 264
SNMP Notifications: Traps and Informs 265
The Management Information Base 266
Securing SNMP 267
FTP and TFTP 268
Managing Cisco IOS Images with FTP/TFTP 268
The IOS File System 268
Upgrading IOS Images 270
Copying a New IOS Image to a Local IOS File System Using TFTP 271
Verifying IOS Code Integrity with MD5 273
Copying Images with FTP 273
The FTP and TFTP Protocols 275
FTP Protocol Basics 275
FTP Active and Passive Modes 276
FTP over TLS (FTP Secure) 278
TFTP Protocol Basics 279
Chapter Review 280
Part III Review 284
Part IV Network Architecture 287
Chapter 13 LAN Architecture 288
Do I Know This Already? Quiz 288
Foundation Topics 290
Analyzing Campus LAN Topologies 290
Two-Tier Campus Design (Collapsed Core) 290
The Two-Tier Campus Design 290
Topology Terminology Seen Within a Two-Tier Design 291
Three-Tier Campus Design (Core) 293
Topology Design Terminology 295
Small Office/Home Office 295
Power over Ethernet (PoE) 297
PoE Basics 297
PoE Operation 298
PoE and LAN Design 299
Chapter Review 300
Chapter 14 WAN Architecture 302
Do I Know This Already? Quiz 302
Foundation Topics 304
Metro Ethernet 304
Metro Ethernet Physical Design and Topology 305
Ethernet WAN Services and Topologies 306
Ethernet Line Service (Point-to-Point) 307
Ethernet LAN Service (Full Mesh) 308
Ethernet Tree Service (Hub and Spoke) 309
Layer 3 Design Using Metro Ethernet 309
Layer 3 Design with E-Line Service 309
Layer 3 Design with E-LAN Service 311
Multiprotocol Label Switching (MPLS) 311
MPLS VPN Physical Design and Topology 313
MPLS and Quality of Service 314
Layer 3 with MPLS VPN 315
Internet VPNs 317
Internet Access 317
Digital Subscriber Line 318
Cable Internet 319
Wireless WAN (3G, 4G, LTE, 5G) 320
Fiber (Ethernet) Internet Access 321
Internet VPN Fundamentals 321
Site-to-Site VPNs with IPsec 322
Remote Access VPNs with TLS 324
VPN Comparisons 326
Chapter Review 326
Chapter 15 Cloud Architecture 328
Do I Know This Already? Quiz 328
Foundation Topics 330
Server Virtualization 330
Cisco Server Hardware 330
Server Virtualization Basics 331
Networking with Virtual Switches on a Virtualized Host 333
The Physical Data Center Network 334
Workflow with a Virtualized Data Center 335
Cloud Computing Services 336
Private Cloud (On-Premise) 337
Public Cloud 338
Cloud and the As a Service Model 339
Infrastructure as a Service 339
Software as a Service 341
(Development) Platform as a Service 341
WAN Traffic Paths to Reach Cloud Services 342
Enterprise WAN Connections to Public Cloud 342
Accessing Public Cloud Services Using the Internet 342
Pros and Cons with Connecting to Public Cloud with Internet 343
Private WAN and Internet VPN Access to Public Cloud 344
Pros and Cons of Connecting to Cloud with Private WANs 345
Intercloud Exchanges 346
Summarizing the Pros and Cons of Public Cloud WAN Options 346
A Scenario: Branch Offices and the Public Cloud 347
Migrating Traffic Flows When Migrating to Email SaaS 347
Branch Offices with Internet and Private WAN 349
Chapter Review 350
Part IV Review 352
Part V Network Automation 355
Chapter 16 Introduction to Controller-Based Networking 356
Do I Know This Already? Quiz 357
Foundation Topics 358
SDN and Controller-Based Networks 358
The Data, Control, and Management Planes 358
The Data Plane 359
The Control Plane 360
The Management Plane 361
Cisco Switch Data Plane Internals 361
Controllers and Software-Defined Architecture 362
Controllers and Centralized Control 363
The Southbound Interface 364
The Northbound Interface 365
Software Defined Architecture Summary 367
Examples of Network Programmability and SDN 367
OpenDaylight and OpenFlow 367
The OpenDaylight Controller 368
The Cisco Open SDN Controller (OSC) 369
Cisco Application Centric Infrastructure (ACI) 369
ACI Physical Design: Spine and Leaf 370
ACI Operating Model with Intent-Based Networking 371
Cisco APIC Enterprise Module 373
APIC-EM Basics 373
APIC-EM Replacement 374
Summary of the SDN Examples 375
Comparing Traditional Versus Controller-Based Networks 375
How Automation Impacts Network Management 376
Comparing Traditional Networks with Controller-Based Networks 378
Chapter Review 379
Chapter 17 Cisco Software-Defined Access (SDA) 382
Do I Know This Already? Quiz 383
Foundation Topics 384
SDA Fabric, Underlay, and Overlay 384
The SDA Underlay 386
Using Existing Gear for the SDA Underlay 386
Using New Gear for the SDA Underlay 387
The SDA Overlay 390
VXLAN Tunnels in the Overlay (Data Plane) 390
LISP for Overlay Discovery and Location (Control Plane) 392
DNA Center and SDA Operation 395
Cisco DNA Center 395
Cisco DNA Center and Scalable Groups 396
Issues with Traditional IP-Based Security 397
SDA Security Based on User Groups 398
DNA Center as a Network Management Platform 400
DNA Center Similarities to Traditional Management 401
DNA Center Differences with Traditional Management 402
Chapter Review 403
Chapter 18 Understanding REST and JSON 406
Do I Know This Already? Quiz 406
Foundation Topics 408
REST-Based APIs 408
REST-Based (RESTful) APIs 408
Client/Server Architecture 409
Stateless Operation 410
Cacheable (or Not) 410
Background: Data and Variables 410
Simple Variables 410
List and Dictionary Variables 411
REST APIs and HTTP 413
Software CRUD Actions and HTTP Verbs 413
Using URIs with HTTP to Specify the Resource 414
Example of REST API Call to DNA Center 417
Data Serialization and JSON 418
The Need for a Data Model with APIs 419
Data Serialization Languages 421
JSON 421
XML 421
YAML 422
S
Part I IP Access Control Lists 3
Chapter 1 Introduction to TCP/IP Transport and Applications 4
Do I Know This Already? Quiz 4
Foundation Topics 6
TCP/IP Layer 4 Protocols: TCP and UDP 6
Transmission Control Protocol 7
Multiplexing Using TCP Port Numbers 7
Popular TCP/IP Applications 10
Connection Establishment and Termination 12
Error Recovery and Reliability 13
Flow Control Using Windowing 15
User Datagram Protocol 16
TCP/IP Applications 16
Uniform Resource Identifiers 17
Finding the Web Server Using DNS 18
Transferring Files with HTTP 20
How the Receiving Host Identifies the Correct Receiving Application 21
Chapter Review 22
Chapter 2 Basic IPv4 Access Control Lists 24
Do I Know This Already? Quiz 24
Foundation Topics 26
IPv4 Access Control List Basics 26
ACL Location and Direction 26
Matching Packets 27
Taking Action When a Match Occurs 28
Types of IP ACLs 28
Standard Numbered IPv4 ACLs 29
List Logic with IP ACLs 29
Matching Logic and Command Syntax 31
Matching the Exact IP Address 31
Matching a Subset of the Address with Wildcards 31
Binary Wildcard Masks 33
Finding the Right Wildcard Mask to Match a Subnet 33
Matching Any/All Addresses 34
Implementing Standard IP ACLs 34
Standard Numbered ACL Example 1 35
Standard Numbered ACL Example 2 36
Troubleshooting and Verification Tips 38
Practice Applying Standard IP ACLs 39
Practice Building access-list Commands 39
Reverse Engineering from ACL to Address Range 40
Chapter Review 41
Chapter 3 Advanced IPv4 Access Control Lists 44
Do I Know This Already? Quiz 44
Foundation Topics 46
Extended Numbered IP Access Control Lists 46
Matching the Protocol, Source IP, and Destination IP 46
Matching TCP and UDP Port Numbers 48
Extended IP ACL Configuration 51
Extended IP Access Lists: Example 1 51
Extended IP Access Lists: Example 2 53
Practice Building access-list Commands 54
Named ACLs and ACL Editing 54
Named IP Access Lists 54
Editing ACLs Using Sequence Numbers 56
Numbered ACL Configuration Versus Named ACL Configuration 58
ACL Implementation Considerations 59
Additional Reading on ACLs 60
Chapter Review 61
Part I Review 64
Part II Security Services 67
Chapter 4 Security Architectures 68
Do I Know This Already? Quiz 68
Foundation Topics 70
Security Terminology 70
Common Security Threats 72
Attacks That Spoof Addresses 72
Denial-of-Service Attacks 73
Reflection and Amplification Attacks 75
Man-in-the-Middle Attacks 76
Address Spoofing Attack Summary 77
Reconnaissance Attacks 77
Buffer Overflow Attacks 78
Malware 78
Human Vulnerabilities 79
Password Vulnerabilities 80
Password Alternatives 80
Controlling and Monitoring User Access 82
Developing a Security Program to Educate Users 83
Chapter Review 84
Chapter 5 Securing Network Devices 86
Do I Know This Already? Quiz 86
Foundation Topics 88
Securing IOS Passwords 88
Encrypting Older IOS Passwords with service password-encryption 89
Encoding the Enable Passwords with Hashes 90
Interactions Between Enable Password and Enable Secret 90
Making the Enable Secret Truly Secret with a Hash 91
Improved Hashes for Cisco's Enable Secret 92
Encoding the Passwords for Local Usernames 94
Controlling Password Attacks with ACLs 95
Firewalls and Intrusion Prevention Systems 95
Traditional Firewalls 96
Security Zones 97
Intrusion Prevention Systems (IPS) 99
Cisco Next-Generation Firewalls 100
Cisco Next-Generation IPS 102
Chapter Review 103
Chapter 6 Implementing Switch Port Security 106
Do I Know This Already? Quiz 106
Foundation Topics 108
Port Security Concepts and Configuration 108
Configuring Port Security 109
Verifying Port Security 112
Port Security MAC Addresses 113
Port Security Violation Modes 114
Port Security Shutdown Mode 115
Port Security Protect and Restrict Modes 117
Chapter Review 119
Chapter 7 Implementing DHCP 122
Do I Know This Already? Quiz 122
Foundation Topics 124
Dynamic Host Configuration Protocol 124
DHCP Concepts 125
Supporting DHCP for Remote Subnets with DHCP Relay 126
Information Stored at the DHCP Server 128
Configuring DHCP Features on Routers and Switches 129
Configuring DHCP Relay 130
Configuring a Switch as DHCP Client 130
Configuring a Router as DHCP Client 132
Identifying Host IPv4 Settings 133
Host Settings for IPv4 133
Host IP Settings on Windows 134
Host IP Settings on macOS 136
Host IP Settings on Linux 138
Chapter Review 140
Chapter 8 DHCP Snooping and ARP Inspection 144
Do I Know This Already? Quiz 144
Foundation Topics 146
DHCP Snooping 146
DHCP Snooping Concepts 146
A Sample Attack: A Spurious DHCP Server 147
DHCP Snooping Logic 148
Filtering DISCOVER Messages Based on MAC Address 150
Filtering Messages that Release IP Addresses 150
DHCP Snooping Configuration 152
Configuring DHCP Snooping on a Layer 2 Switch 152
Limiting DHCP Message Rates 154
DHCP Snooping Configuration Summary 155
Dynamic ARP Inspection 156
DAI Concepts 156
Review of Normal IP ARP 156
Gratuitous ARP as an Attack Vector 157
Dynamic ARP Inspection Logic 158
Dynamic ARP Inspection Configuration 160
Configuring ARP Inspection on a Layer 2 Switch 160
Limiting DAI Message Rates 163
Configuring Optional DAI Message Checks 164
IP ARP Inspection Configuration Summary 165
Chapter Review 166
Part II Review 168
Part III IP Services 171
Chapter 9 Device Management Protocols 172
Do I Know This Already? Quiz 172
Foundation Topics 174
System Message Logging (Syslog) 174
Sending Messages in Real Time to Current Users 174
Storing Log Messages for Later Review 175
Log Message Format 176
Log Message Severity Levels 177
Configuring and Verifying System Logging 178
The debug Command and Log Messages 180
Network Time Protocol (NTP) 181
Setting the Time and Timezone 182
Basic NTP Configuration 183
NTP Reference Clock and Stratum 185
Redundant NTP Configuration 186
NTP Using a Loopback Interface for Better Availability 188
Analyzing Topology Using CDP and LLDP 190
Examining Information Learned by CDP 190
Configuring and Verifying CDP 193
Examining Information Learned by LLDP 194
Configuring and Verifying LLDP 197
Chapter Review 199
Chapter 10 Network Address Translation 202
Do I Know This Already? Quiz 202
Foundation Topics 204
Perspectives on IPv4 Address Scalability 204
CIDR 205
Private Addressing 206
Network Address Translation Concepts 207
Static NAT 208
Dynamic NAT 210
Overloading NAT with Port Address Translation 211
NAT Configuration and Troubleshooting 213
Static NAT Configuration 213
Dynamic NAT Configuration 215
Dynamic NAT Verification 217
NAT Overload (PAT) Configuration 219
NAT Troubleshooting 222
Chapter Review 223
Chapter 11 Quality of Service (QoS) 226
Do I Know This Already? Quiz 226
Foundation Topics 228
Introduction to QoS 228
QoS: Managing Bandwidth, Delay, Jitter, and Loss 228
Types of Traffic 229
Data Applications 229
Voice and Video Applications 230
QoS as Mentioned in This Book 232
QoS on Switches and Routers 233
Classification and Marking 233
Classification Basics 233
Matching (Classification) Basics 234
Classification on Routers with ACLs and NBAR 235
Marking IP DSCP and Ethernet CoS 236
Marking the IP Header 237
Marking the Ethernet 802.1Q Header 237
Other Marking Fields 238
Defining Trust Boundaries 238
DiffServ Suggested Marking Values 239
Expedited Forwarding (EF) 240
Assured Forwarding (AF) 240
Class Selector (CS) 241
Guidelines for DSCP Marking Values 241
Queuing 242
Round-Robin Scheduling (Prioritization) 243
Low Latency Queuing 243
A Prioritization Strategy for Data, Voice, and Video 245
Shaping and Policing 245
Policing 246
Where to Use Policing 246
Shaping 248
Setting a Good Shaping Time Interval for Voice and Video 249
Congestion Avoidance 250
TCP Windowing Basics 250
Congestion Avoidance Tools 251
Chapter Review 252
Chapter 12 Miscellaneous IP Services 254
Do I Know This Already? Quiz 254
Foundation Topics 256
First Hop Redundancy Protocol 256
The Need for Redundancy in Networks 257
The Need for a First Hop Redundancy Protocol 259
The Three Solutions for First-Hop Redundancy 260
HSRP Concepts 261
HSRP Failover 261
HSRP Load Balancing 262
Simple Network Management Protocol 263
SNMP Variable Reading and Writing: SNMP Get and Set 264
SNMP Notifications: Traps and Informs 265
The Management Information Base 266
Securing SNMP 267
FTP and TFTP 268
Managing Cisco IOS Images with FTP/TFTP 268
The IOS File System 268
Upgrading IOS Images 270
Copying a New IOS Image to a Local IOS File System Using TFTP 271
Verifying IOS Code Integrity with MD5 273
Copying Images with FTP 273
The FTP and TFTP Protocols 275
FTP Protocol Basics 275
FTP Active and Passive Modes 276
FTP over TLS (FTP Secure) 278
TFTP Protocol Basics 279
Chapter Review 280
Part III Review 284
Part IV Network Architecture 287
Chapter 13 LAN Architecture 288
Do I Know This Already? Quiz 288
Foundation Topics 290
Analyzing Campus LAN Topologies 290
Two-Tier Campus Design (Collapsed Core) 290
The Two-Tier Campus Design 290
Topology Terminology Seen Within a Two-Tier Design 291
Three-Tier Campus Design (Core) 293
Topology Design Terminology 295
Small Office/Home Office 295
Power over Ethernet (PoE) 297
PoE Basics 297
PoE Operation 298
PoE and LAN Design 299
Chapter Review 300
Chapter 14 WAN Architecture 302
Do I Know This Already? Quiz 302
Foundation Topics 304
Metro Ethernet 304
Metro Ethernet Physical Design and Topology 305
Ethernet WAN Services and Topologies 306
Ethernet Line Service (Point-to-Point) 307
Ethernet LAN Service (Full Mesh) 308
Ethernet Tree Service (Hub and Spoke) 309
Layer 3 Design Using Metro Ethernet 309
Layer 3 Design with E-Line Service 309
Layer 3 Design with E-LAN Service 311
Multiprotocol Label Switching (MPLS) 311
MPLS VPN Physical Design and Topology 313
MPLS and Quality of Service 314
Layer 3 with MPLS VPN 315
Internet VPNs 317
Internet Access 317
Digital Subscriber Line 318
Cable Internet 319
Wireless WAN (3G, 4G, LTE, 5G) 320
Fiber (Ethernet) Internet Access 321
Internet VPN Fundamentals 321
Site-to-Site VPNs with IPsec 322
Remote Access VPNs with TLS 324
VPN Comparisons 326
Chapter Review 326
Chapter 15 Cloud Architecture 328
Do I Know This Already? Quiz 328
Foundation Topics 330
Server Virtualization 330
Cisco Server Hardware 330
Server Virtualization Basics 331
Networking with Virtual Switches on a Virtualized Host 333
The Physical Data Center Network 334
Workflow with a Virtualized Data Center 335
Cloud Computing Services 336
Private Cloud (On-Premise) 337
Public Cloud 338
Cloud and the As a Service Model 339
Infrastructure as a Service 339
Software as a Service 341
(Development) Platform as a Service 341
WAN Traffic Paths to Reach Cloud Services 342
Enterprise WAN Connections to Public Cloud 342
Accessing Public Cloud Services Using the Internet 342
Pros and Cons with Connecting to Public Cloud with Internet 343
Private WAN and Internet VPN Access to Public Cloud 344
Pros and Cons of Connecting to Cloud with Private WANs 345
Intercloud Exchanges 346
Summarizing the Pros and Cons of Public Cloud WAN Options 346
A Scenario: Branch Offices and the Public Cloud 347
Migrating Traffic Flows When Migrating to Email SaaS 347
Branch Offices with Internet and Private WAN 349
Chapter Review 350
Part IV Review 352
Part V Network Automation 355
Chapter 16 Introduction to Controller-Based Networking 356
Do I Know This Already? Quiz 357
Foundation Topics 358
SDN and Controller-Based Networks 358
The Data, Control, and Management Planes 358
The Data Plane 359
The Control Plane 360
The Management Plane 361
Cisco Switch Data Plane Internals 361
Controllers and Software-Defined Architecture 362
Controllers and Centralized Control 363
The Southbound Interface 364
The Northbound Interface 365
Software Defined Architecture Summary 367
Examples of Network Programmability and SDN 367
OpenDaylight and OpenFlow 367
The OpenDaylight Controller 368
The Cisco Open SDN Controller (OSC) 369
Cisco Application Centric Infrastructure (ACI) 369
ACI Physical Design: Spine and Leaf 370
ACI Operating Model with Intent-Based Networking 371
Cisco APIC Enterprise Module 373
APIC-EM Basics 373
APIC-EM Replacement 374
Summary of the SDN Examples 375
Comparing Traditional Versus Controller-Based Networks 375
How Automation Impacts Network Management 376
Comparing Traditional Networks with Controller-Based Networks 378
Chapter Review 379
Chapter 17 Cisco Software-Defined Access (SDA) 382
Do I Know This Already? Quiz 383
Foundation Topics 384
SDA Fabric, Underlay, and Overlay 384
The SDA Underlay 386
Using Existing Gear for the SDA Underlay 386
Using New Gear for the SDA Underlay 387
The SDA Overlay 390
VXLAN Tunnels in the Overlay (Data Plane) 390
LISP for Overlay Discovery and Location (Control Plane) 392
DNA Center and SDA Operation 395
Cisco DNA Center 395
Cisco DNA Center and Scalable Groups 396
Issues with Traditional IP-Based Security 397
SDA Security Based on User Groups 398
DNA Center as a Network Management Platform 400
DNA Center Similarities to Traditional Management 401
DNA Center Differences with Traditional Management 402
Chapter Review 403
Chapter 18 Understanding REST and JSON 406
Do I Know This Already? Quiz 406
Foundation Topics 408
REST-Based APIs 408
REST-Based (RESTful) APIs 408
Client/Server Architecture 409
Stateless Operation 410
Cacheable (or Not) 410
Background: Data and Variables 410
Simple Variables 410
List and Dictionary Variables 411
REST APIs and HTTP 413
Software CRUD Actions and HTTP Verbs 413
Using URIs with HTTP to Specify the Resource 414
Example of REST API Call to DNA Center 417
Data Serialization and JSON 418
The Need for a Data Model with APIs 419
Data Serialization Languages 421
JSON 421
XML 421
YAML 422
S
Introduction xxvii
Part I IP Access Control Lists 3
Chapter 1 Introduction to TCP/IP Transport and Applications 4
Do I Know This Already? Quiz 4
Foundation Topics 6
TCP/IP Layer 4 Protocols: TCP and UDP 6
Transmission Control Protocol 7
Multiplexing Using TCP Port Numbers 7
Popular TCP/IP Applications 10
Connection Establishment and Termination 12
Error Recovery and Reliability 13
Flow Control Using Windowing 15
User Datagram Protocol 16
TCP/IP Applications 16
Uniform Resource Identifiers 17
Finding the Web Server Using DNS 18
Transferring Files with HTTP 20
How the Receiving Host Identifies the Correct Receiving Application 21
Chapter Review 22
Chapter 2 Basic IPv4 Access Control Lists 24
Do I Know This Already? Quiz 24
Foundation Topics 26
IPv4 Access Control List Basics 26
ACL Location and Direction 26
Matching Packets 27
Taking Action When a Match Occurs 28
Types of IP ACLs 28
Standard Numbered IPv4 ACLs 29
List Logic with IP ACLs 29
Matching Logic and Command Syntax 31
Matching the Exact IP Address 31
Matching a Subset of the Address with Wildcards 31
Binary Wildcard Masks 33
Finding the Right Wildcard Mask to Match a Subnet 33
Matching Any/All Addresses 34
Implementing Standard IP ACLs 34
Standard Numbered ACL Example 1 35
Standard Numbered ACL Example 2 36
Troubleshooting and Verification Tips 38
Practice Applying Standard IP ACLs 39
Practice Building access-list Commands 39
Reverse Engineering from ACL to Address Range 40
Chapter Review 41
Chapter 3 Advanced IPv4 Access Control Lists 44
Do I Know This Already? Quiz 44
Foundation Topics 46
Extended Numbered IP Access Control Lists 46
Matching the Protocol, Source IP, and Destination IP 46
Matching TCP and UDP Port Numbers 48
Extended IP ACL Configuration 51
Extended IP Access Lists: Example 1 51
Extended IP Access Lists: Example 2 53
Practice Building access-list Commands 54
Named ACLs and ACL Editing 54
Named IP Access Lists 54
Editing ACLs Using Sequence Numbers 56
Numbered ACL Configuration Versus Named ACL Configuration 58
ACL Implementation Considerations 59
Additional Reading on ACLs 60
Chapter Review 61
Part I Review 64
Part II Security Services 67
Chapter 4 Security Architectures 68
Do I Know This Already? Quiz 68
Foundation Topics 70
Security Terminology 70
Common Security Threats 72
Attacks That Spoof Addresses 72
Denial-of-Service Attacks 73
Reflection and Amplification Attacks 75
Man-in-the-Middle Attacks 76
Address Spoofing Attack Summary 77
Reconnaissance Attacks 77
Buffer Overflow Attacks 78
Malware 78
Human Vulnerabilities 79
Password Vulnerabilities 80
Password Alternatives 80
Controlling and Monitoring User Access 82
Developing a Security Program to Educate Users 83
Chapter Review 84
Chapter 5 Securing Network Devices 86
Do I Know This Already? Quiz 86
Foundation Topics 88
Securing IOS Passwords 88
Encrypting Older IOS Passwords with service password-encryption 89
Encoding the Enable Passwords with Hashes 90
Interactions Between Enable Password and Enable Secret 90
Making the Enable Secret Truly Secret with a Hash 91
Improved Hashes for Cisco's Enable Secret 92
Encoding the Passwords for Local Usernames 94
Controlling Password Attacks with ACLs 95
Firewalls and Intrusion Prevention Systems 95
Traditional Firewalls 96
Security Zones 97
Intrusion Prevention Systems (IPS) 99
Cisco Next-Generation Firewalls 100
Cisco Next-Generation IPS 102
Chapter Review 103
Chapter 6 Implementing Switch Port Security 106
Do I Know This Already? Quiz 106
Foundation Topics 108
Port Security Concepts and Configuration 108
Configuring Port Security 109
Verifying Port Security 112
Port Security MAC Addresses 113
Port Security Violation Modes 114
Port Security Shutdown Mode 115
Port Security Protect and Restrict Modes 117
Chapter Review 119
Chapter 7 Implementing DHCP 122
Do I Know This Already? Quiz 122
Foundation Topics 124
Dynamic Host Configuration Protocol 124
DHCP Concepts 125
Supporting DHCP for Remote Subnets with DHCP Relay 126
Information Stored at the DHCP Server 128
Configuring DHCP Features on Routers and Switches 129
Configuring DHCP Relay 130
Configuring a Switch as DHCP Client 130
Configuring a Router as DHCP Client 132
Identifying Host IPv4 Settings 133
Host Settings for IPv4 133
Host IP Settings on Windows 134
Host IP Settings on macOS 136
Host IP Settings on Linux 138
Chapter Review 140
Chapter 8 DHCP Snooping and ARP Inspection 144
Do I Know This Already? Quiz 144
Foundation Topics 146
DHCP Snooping 146
DHCP Snooping Concepts 146
A Sample Attack: A Spurious DHCP Server 147
DHCP Snooping Logic 148
Filtering DISCOVER Messages Based on MAC Address 150
Filtering Messages that Release IP Addresses 150
DHCP Snooping Configuration 152
Configuring DHCP Snooping on a Layer 2 Switch 152
Limiting DHCP Message Rates 154
DHCP Snooping Configuration Summary 155
Dynamic ARP Inspection 156
DAI Concepts 156
Review of Normal IP ARP 156
Gratuitous ARP as an Attack Vector 157
Dynamic ARP Inspection Logic 158
Dynamic ARP Inspection Configuration 160
Configuring ARP Inspection on a Layer 2 Switch 160
Limiting DAI Message Rates 163
Configuring Optional DAI Message Checks 164
IP ARP Inspection Configuration Summary 165
Chapter Review 166
Part II Review 168
Part III IP Services 171
Chapter 9 Device Management Protocols 172
Do I Know This Already? Quiz 172
Foundation Topics 174
System Message Logging (Syslog) 174
Sending Messages in Real Time to Current Users 174
Storing Log Messages for Later Review 175
Log Message Format 176
Log Message Severity Levels 177
Configuring and Verifying System Logging 178
The debug Command and Log Messages 180
Network Time Protocol (NTP) 181
Setting the Time and Timezone 182
Basic NTP Configuration 183
NTP Reference Clock and Stratum 185
Redundant NTP Configuration 186
NTP Using a Loopback Interface for Better Availability 188
Analyzing Topology Using CDP and LLDP 190
Examining Information Learned by CDP 190
Configuring and Verifying CDP 193
Examining Information Learned by LLDP 194
Configuring and Verifying LLDP 197
Chapter Review 199
Chapter 10 Network Address Translation 202
Do I Know This Already? Quiz 202
Foundation Topics 204
Perspectives on IPv4 Address Scalability 204
CIDR 205
Private Addressing 206
Network Address Translation Concepts 207
Static NAT 208
Dynamic NAT 210
Overloading NAT with Port Address Translation 211
NAT Configuration and Troubleshooting 213
Static NAT Configuration 213
Dynamic NAT Configuration 215
Dynamic NAT Verification 217
NAT Overload (PAT) Configuration 219
NAT Troubleshooting 222
Chapter Review 223
Chapter 11 Quality of Service (QoS) 226
Do I Know This Already? Quiz 226
Foundation Topics 228
Introduction to QoS 228
QoS: Managing Bandwidth, Delay, Jitter, and Loss 228
Types of Traffic 229
Data Applications 229
Voice and Video Applications 230
QoS as Mentioned in This Book 232
QoS on Switches and Routers 233
Classification and Marking 233
Classification Basics 233
Matching (Classification) Basics 234
Classification on Routers with ACLs and NBAR 235
Marking IP DSCP and Ethernet CoS 236
Marking the IP Header 237
Marking the Ethernet 802.1Q Header 237
Other Marking Fields 238
Defining Trust Boundaries 238
DiffServ Suggested Marking Values 239
Expedited Forwarding (EF) 240
Assured Forwarding (AF) 240
Class Selector (CS) 241
Guidelines for DSCP Marking Values 241
Queuing 242
Round-Robin Scheduling (Prioritization) 243
Low Latency Queuing 243
A Prioritization Strategy for Data, Voice, and Video 245
Shaping and Policing 245
Policing 246
Where to Use Policing 246
Shaping 248
Setting a Good Shaping Time Interval for Voice and Video 249
Congestion Avoidance 250
TCP Windowing Basics 250
Congestion Avoidance Tools 251
Chapter Review 252
Chapter 12 Miscellaneous IP Services 254
Do I Know This Already? Quiz 254
Foundation Topics 256
First Hop Redundancy Protocol 256
The Need for Redundancy in Networks 257
The Need for a First Hop Redundancy Protocol 259
The Three Solutions for First-Hop Redundancy 260
HSRP Concepts 261
HSRP Failover 261
HSRP Load Balancing 262
Simple Network Management Protocol 263
SNMP Variable Reading and Writing: SNMP Get and Set 264
SNMP Notifications: Traps and Informs 265
The Management Information Base 266
Securing SNMP 267
FTP and TFTP 268
Managing Cisco IOS Images with FTP/TFTP 268
The IOS File System 268
Upgrading IOS Images 270
Copying a New IOS Image to a Local IOS File System Using TFTP 271
Verifying IOS Code Integrity with MD5 273
Copying Images with FTP 273
The FTP and TFTP Protocols 275
FTP Protocol Basics 275
FTP Active and Passive Modes 276
FTP over TLS (FTP Secure) 278
TFTP Protocol Basics 279
Chapter Review 280
Part III Review 284
Part IV Network Architecture 287
Chapter 13 LAN Architecture 288
Do I Know This Already? Quiz 288
Foundation Topics 290
Analyzing Campus LAN Topologies 290
Two-Tier Campus Design (Collapsed Core) 290
The Two-Tier Campus Design 290
Topology Terminology Seen Within a Two-Tier Design 291
Three-Tier Campus Design (Core) 293
Topology Design Terminology 295
Small Office/Home Office 295
Power over Ethernet (PoE) 297
PoE Basics 297
PoE Operation 298
PoE and LAN Design 299
Chapter Review 300
Chapter 14 WAN Architecture 302
Do I Know This Already? Quiz 302
Foundation Topics 304
Metro Ethernet 304
Metro Ethernet Physical Design and Topology 305
Ethernet WAN Services and Topologies 306
Ethernet Line Service (Point-to-Point) 307
Ethernet LAN Service (Full Mesh) 308
Ethernet Tree Service (Hub and Spoke) 309
Layer 3 Design Using Metro Ethernet 309
Layer 3 Design with E-Line Service 309
Layer 3 Design with E-LAN Service 311
Multiprotocol Label Switching (MPLS) 311
MPLS VPN Physical Design and Topology 313
MPLS and Quality of Service 314
Layer 3 with MPLS VPN 315
Internet VPNs 317
Internet Access 317
Digital Subscriber Line 318
Cable Internet 319
Wireless WAN (3G, 4G, LTE, 5G) 320
Fiber (Ethernet) Internet Access 321
Internet VPN Fundamentals 321
Site-to-Site VPNs with IPsec 322
Remote Access VPNs with TLS 324
VPN Comparisons 326
Chapter Review 326
Chapter 15 Cloud Architecture 328
Do I Know This Already? Quiz 328
Foundation Topics 330
Server Virtualization 330
Cisco Server Hardware 330
Server Virtualization Basics 331
Networking with Virtual Switches on a Virtualized Host 333
The Physical Data Center Network 334
Workflow with a Virtualized Data Center 335
Cloud Computing Services 336
Private Cloud (On-Premise) 337
Public Cloud 338
Cloud and the As a Service Model 339
Infrastructure as a Service 339
Software as a Service 341
(Development) Platform as a Service 341
WAN Traffic Paths to Reach Cloud Services 342
Enterprise WAN Connections to Public Cloud 342
Accessing Public Cloud Services Using the Internet 342
Pros and Cons with Connecting to Public Cloud with Internet 343
Private WAN and Internet VPN Access to Public Cloud 344
Pros and Cons of Connecting to Cloud with Private WANs 345
Intercloud Exchanges 346
Summarizing the Pros and Cons of Public Cloud WAN Options 346
A Scenario: Branch Offices and the Public Cloud 347
Migrating Traffic Flows When Migrating to Email SaaS 347
Branch Offices with Internet and Private WAN 349
Chapter Review 350
Part IV Review 352
Part V Network Automation 355
Chapter 16 Introduction to Controller-Based Networking 356
Do I Know This Already? Quiz 357
Foundation Topics 358
SDN and Controller-Based Networks 358
The Data, Control, and Management Planes 358
The Data Plane 359
The Control Plane 360
The Management Plane 361
Cisco Switch Data Plane Internals 361
Controllers and Software-Defined Architecture 362
Controllers and Centralized Control 363
The Southbound Interface 364
The Northbound Interface 365
Software Defined Architecture Summary 367
Examples of Network Programmability and SDN 367
OpenDaylight and OpenFlow 367
The OpenDaylight Controller 368
The Cisco Open SDN Controller (OSC) 369
Cisco Application Centric Infrastructure (ACI) 369
ACI Physical Design: Spine and Leaf 370
ACI Operating Model with Intent-Based Networking 371
Cisco APIC Enterprise Module 373
APIC-EM Basics 373
APIC-EM Replacement 374
Summary of the SDN Examples 375
Comparing Traditional Versus Controller-Based Networks 375
How Automation Impacts Network Management 376
Comparing Traditional Networks with Controller-Based Networks 378
Chapter Review 379
Chapter 17 Cisco Software-Defined Access (SDA) 382
Do I Know This Already? Quiz 383
Foundation Topics 384
SDA Fabric, Underlay, and Overlay 384
The SDA Underlay 386
Using Existing Gear for the SDA Underlay 386
Using New Gear for the SDA Underlay 387
The SDA Overlay 390
VXLAN Tunnels in the Overlay (Data Plane) 390
LISP for Overlay Discovery and Location (Control Plane) 392
DNA Center and SDA Operation 395
Cisco DNA Center 395
Cisco DNA Center and Scalable Groups 396
Issues with Traditional IP-Based Security 397
SDA Security Based on User Groups 398
DNA Center as a Network Management Platform 400
DNA Center Similarities to Traditional Management 401
DNA Center Differences with Traditional Management 402
Chapter Review 403
Chapter 18 Understanding REST and JSON 406
Do I Know This Already? Quiz 406
Foundation Topics 408
REST-Based APIs 408
REST-Based (RESTful) APIs 408
Client/Server Architecture 409
Stateless Operation 410
Cacheable (or Not) 410
Background: Data and Variables 410
Simple Variables 410
List and Dictionary Variables 411
REST APIs and HTTP 413
Software CRUD Actions and HTTP Verbs 413
Using URIs with HTTP to Specify the Resource 414
Example of REST API Call to DNA Center 417
Data Serialization and JSON 418
The Need for a Data Model with APIs 419
Data Serialization Languages 421
JSON 421
XML 421
YAML 422
S
Part I IP Access Control Lists 3
Chapter 1 Introduction to TCP/IP Transport and Applications 4
Do I Know This Already? Quiz 4
Foundation Topics 6
TCP/IP Layer 4 Protocols: TCP and UDP 6
Transmission Control Protocol 7
Multiplexing Using TCP Port Numbers 7
Popular TCP/IP Applications 10
Connection Establishment and Termination 12
Error Recovery and Reliability 13
Flow Control Using Windowing 15
User Datagram Protocol 16
TCP/IP Applications 16
Uniform Resource Identifiers 17
Finding the Web Server Using DNS 18
Transferring Files with HTTP 20
How the Receiving Host Identifies the Correct Receiving Application 21
Chapter Review 22
Chapter 2 Basic IPv4 Access Control Lists 24
Do I Know This Already? Quiz 24
Foundation Topics 26
IPv4 Access Control List Basics 26
ACL Location and Direction 26
Matching Packets 27
Taking Action When a Match Occurs 28
Types of IP ACLs 28
Standard Numbered IPv4 ACLs 29
List Logic with IP ACLs 29
Matching Logic and Command Syntax 31
Matching the Exact IP Address 31
Matching a Subset of the Address with Wildcards 31
Binary Wildcard Masks 33
Finding the Right Wildcard Mask to Match a Subnet 33
Matching Any/All Addresses 34
Implementing Standard IP ACLs 34
Standard Numbered ACL Example 1 35
Standard Numbered ACL Example 2 36
Troubleshooting and Verification Tips 38
Practice Applying Standard IP ACLs 39
Practice Building access-list Commands 39
Reverse Engineering from ACL to Address Range 40
Chapter Review 41
Chapter 3 Advanced IPv4 Access Control Lists 44
Do I Know This Already? Quiz 44
Foundation Topics 46
Extended Numbered IP Access Control Lists 46
Matching the Protocol, Source IP, and Destination IP 46
Matching TCP and UDP Port Numbers 48
Extended IP ACL Configuration 51
Extended IP Access Lists: Example 1 51
Extended IP Access Lists: Example 2 53
Practice Building access-list Commands 54
Named ACLs and ACL Editing 54
Named IP Access Lists 54
Editing ACLs Using Sequence Numbers 56
Numbered ACL Configuration Versus Named ACL Configuration 58
ACL Implementation Considerations 59
Additional Reading on ACLs 60
Chapter Review 61
Part I Review 64
Part II Security Services 67
Chapter 4 Security Architectures 68
Do I Know This Already? Quiz 68
Foundation Topics 70
Security Terminology 70
Common Security Threats 72
Attacks That Spoof Addresses 72
Denial-of-Service Attacks 73
Reflection and Amplification Attacks 75
Man-in-the-Middle Attacks 76
Address Spoofing Attack Summary 77
Reconnaissance Attacks 77
Buffer Overflow Attacks 78
Malware 78
Human Vulnerabilities 79
Password Vulnerabilities 80
Password Alternatives 80
Controlling and Monitoring User Access 82
Developing a Security Program to Educate Users 83
Chapter Review 84
Chapter 5 Securing Network Devices 86
Do I Know This Already? Quiz 86
Foundation Topics 88
Securing IOS Passwords 88
Encrypting Older IOS Passwords with service password-encryption 89
Encoding the Enable Passwords with Hashes 90
Interactions Between Enable Password and Enable Secret 90
Making the Enable Secret Truly Secret with a Hash 91
Improved Hashes for Cisco's Enable Secret 92
Encoding the Passwords for Local Usernames 94
Controlling Password Attacks with ACLs 95
Firewalls and Intrusion Prevention Systems 95
Traditional Firewalls 96
Security Zones 97
Intrusion Prevention Systems (IPS) 99
Cisco Next-Generation Firewalls 100
Cisco Next-Generation IPS 102
Chapter Review 103
Chapter 6 Implementing Switch Port Security 106
Do I Know This Already? Quiz 106
Foundation Topics 108
Port Security Concepts and Configuration 108
Configuring Port Security 109
Verifying Port Security 112
Port Security MAC Addresses 113
Port Security Violation Modes 114
Port Security Shutdown Mode 115
Port Security Protect and Restrict Modes 117
Chapter Review 119
Chapter 7 Implementing DHCP 122
Do I Know This Already? Quiz 122
Foundation Topics 124
Dynamic Host Configuration Protocol 124
DHCP Concepts 125
Supporting DHCP for Remote Subnets with DHCP Relay 126
Information Stored at the DHCP Server 128
Configuring DHCP Features on Routers and Switches 129
Configuring DHCP Relay 130
Configuring a Switch as DHCP Client 130
Configuring a Router as DHCP Client 132
Identifying Host IPv4 Settings 133
Host Settings for IPv4 133
Host IP Settings on Windows 134
Host IP Settings on macOS 136
Host IP Settings on Linux 138
Chapter Review 140
Chapter 8 DHCP Snooping and ARP Inspection 144
Do I Know This Already? Quiz 144
Foundation Topics 146
DHCP Snooping 146
DHCP Snooping Concepts 146
A Sample Attack: A Spurious DHCP Server 147
DHCP Snooping Logic 148
Filtering DISCOVER Messages Based on MAC Address 150
Filtering Messages that Release IP Addresses 150
DHCP Snooping Configuration 152
Configuring DHCP Snooping on a Layer 2 Switch 152
Limiting DHCP Message Rates 154
DHCP Snooping Configuration Summary 155
Dynamic ARP Inspection 156
DAI Concepts 156
Review of Normal IP ARP 156
Gratuitous ARP as an Attack Vector 157
Dynamic ARP Inspection Logic 158
Dynamic ARP Inspection Configuration 160
Configuring ARP Inspection on a Layer 2 Switch 160
Limiting DAI Message Rates 163
Configuring Optional DAI Message Checks 164
IP ARP Inspection Configuration Summary 165
Chapter Review 166
Part II Review 168
Part III IP Services 171
Chapter 9 Device Management Protocols 172
Do I Know This Already? Quiz 172
Foundation Topics 174
System Message Logging (Syslog) 174
Sending Messages in Real Time to Current Users 174
Storing Log Messages for Later Review 175
Log Message Format 176
Log Message Severity Levels 177
Configuring and Verifying System Logging 178
The debug Command and Log Messages 180
Network Time Protocol (NTP) 181
Setting the Time and Timezone 182
Basic NTP Configuration 183
NTP Reference Clock and Stratum 185
Redundant NTP Configuration 186
NTP Using a Loopback Interface for Better Availability 188
Analyzing Topology Using CDP and LLDP 190
Examining Information Learned by CDP 190
Configuring and Verifying CDP 193
Examining Information Learned by LLDP 194
Configuring and Verifying LLDP 197
Chapter Review 199
Chapter 10 Network Address Translation 202
Do I Know This Already? Quiz 202
Foundation Topics 204
Perspectives on IPv4 Address Scalability 204
CIDR 205
Private Addressing 206
Network Address Translation Concepts 207
Static NAT 208
Dynamic NAT 210
Overloading NAT with Port Address Translation 211
NAT Configuration and Troubleshooting 213
Static NAT Configuration 213
Dynamic NAT Configuration 215
Dynamic NAT Verification 217
NAT Overload (PAT) Configuration 219
NAT Troubleshooting 222
Chapter Review 223
Chapter 11 Quality of Service (QoS) 226
Do I Know This Already? Quiz 226
Foundation Topics 228
Introduction to QoS 228
QoS: Managing Bandwidth, Delay, Jitter, and Loss 228
Types of Traffic 229
Data Applications 229
Voice and Video Applications 230
QoS as Mentioned in This Book 232
QoS on Switches and Routers 233
Classification and Marking 233
Classification Basics 233
Matching (Classification) Basics 234
Classification on Routers with ACLs and NBAR 235
Marking IP DSCP and Ethernet CoS 236
Marking the IP Header 237
Marking the Ethernet 802.1Q Header 237
Other Marking Fields 238
Defining Trust Boundaries 238
DiffServ Suggested Marking Values 239
Expedited Forwarding (EF) 240
Assured Forwarding (AF) 240
Class Selector (CS) 241
Guidelines for DSCP Marking Values 241
Queuing 242
Round-Robin Scheduling (Prioritization) 243
Low Latency Queuing 243
A Prioritization Strategy for Data, Voice, and Video 245
Shaping and Policing 245
Policing 246
Where to Use Policing 246
Shaping 248
Setting a Good Shaping Time Interval for Voice and Video 249
Congestion Avoidance 250
TCP Windowing Basics 250
Congestion Avoidance Tools 251
Chapter Review 252
Chapter 12 Miscellaneous IP Services 254
Do I Know This Already? Quiz 254
Foundation Topics 256
First Hop Redundancy Protocol 256
The Need for Redundancy in Networks 257
The Need for a First Hop Redundancy Protocol 259
The Three Solutions for First-Hop Redundancy 260
HSRP Concepts 261
HSRP Failover 261
HSRP Load Balancing 262
Simple Network Management Protocol 263
SNMP Variable Reading and Writing: SNMP Get and Set 264
SNMP Notifications: Traps and Informs 265
The Management Information Base 266
Securing SNMP 267
FTP and TFTP 268
Managing Cisco IOS Images with FTP/TFTP 268
The IOS File System 268
Upgrading IOS Images 270
Copying a New IOS Image to a Local IOS File System Using TFTP 271
Verifying IOS Code Integrity with MD5 273
Copying Images with FTP 273
The FTP and TFTP Protocols 275
FTP Protocol Basics 275
FTP Active and Passive Modes 276
FTP over TLS (FTP Secure) 278
TFTP Protocol Basics 279
Chapter Review 280
Part III Review 284
Part IV Network Architecture 287
Chapter 13 LAN Architecture 288
Do I Know This Already? Quiz 288
Foundation Topics 290
Analyzing Campus LAN Topologies 290
Two-Tier Campus Design (Collapsed Core) 290
The Two-Tier Campus Design 290
Topology Terminology Seen Within a Two-Tier Design 291
Three-Tier Campus Design (Core) 293
Topology Design Terminology 295
Small Office/Home Office 295
Power over Ethernet (PoE) 297
PoE Basics 297
PoE Operation 298
PoE and LAN Design 299
Chapter Review 300
Chapter 14 WAN Architecture 302
Do I Know This Already? Quiz 302
Foundation Topics 304
Metro Ethernet 304
Metro Ethernet Physical Design and Topology 305
Ethernet WAN Services and Topologies 306
Ethernet Line Service (Point-to-Point) 307
Ethernet LAN Service (Full Mesh) 308
Ethernet Tree Service (Hub and Spoke) 309
Layer 3 Design Using Metro Ethernet 309
Layer 3 Design with E-Line Service 309
Layer 3 Design with E-LAN Service 311
Multiprotocol Label Switching (MPLS) 311
MPLS VPN Physical Design and Topology 313
MPLS and Quality of Service 314
Layer 3 with MPLS VPN 315
Internet VPNs 317
Internet Access 317
Digital Subscriber Line 318
Cable Internet 319
Wireless WAN (3G, 4G, LTE, 5G) 320
Fiber (Ethernet) Internet Access 321
Internet VPN Fundamentals 321
Site-to-Site VPNs with IPsec 322
Remote Access VPNs with TLS 324
VPN Comparisons 326
Chapter Review 326
Chapter 15 Cloud Architecture 328
Do I Know This Already? Quiz 328
Foundation Topics 330
Server Virtualization 330
Cisco Server Hardware 330
Server Virtualization Basics 331
Networking with Virtual Switches on a Virtualized Host 333
The Physical Data Center Network 334
Workflow with a Virtualized Data Center 335
Cloud Computing Services 336
Private Cloud (On-Premise) 337
Public Cloud 338
Cloud and the As a Service Model 339
Infrastructure as a Service 339
Software as a Service 341
(Development) Platform as a Service 341
WAN Traffic Paths to Reach Cloud Services 342
Enterprise WAN Connections to Public Cloud 342
Accessing Public Cloud Services Using the Internet 342
Pros and Cons with Connecting to Public Cloud with Internet 343
Private WAN and Internet VPN Access to Public Cloud 344
Pros and Cons of Connecting to Cloud with Private WANs 345
Intercloud Exchanges 346
Summarizing the Pros and Cons of Public Cloud WAN Options 346
A Scenario: Branch Offices and the Public Cloud 347
Migrating Traffic Flows When Migrating to Email SaaS 347
Branch Offices with Internet and Private WAN 349
Chapter Review 350
Part IV Review 352
Part V Network Automation 355
Chapter 16 Introduction to Controller-Based Networking 356
Do I Know This Already? Quiz 357
Foundation Topics 358
SDN and Controller-Based Networks 358
The Data, Control, and Management Planes 358
The Data Plane 359
The Control Plane 360
The Management Plane 361
Cisco Switch Data Plane Internals 361
Controllers and Software-Defined Architecture 362
Controllers and Centralized Control 363
The Southbound Interface 364
The Northbound Interface 365
Software Defined Architecture Summary 367
Examples of Network Programmability and SDN 367
OpenDaylight and OpenFlow 367
The OpenDaylight Controller 368
The Cisco Open SDN Controller (OSC) 369
Cisco Application Centric Infrastructure (ACI) 369
ACI Physical Design: Spine and Leaf 370
ACI Operating Model with Intent-Based Networking 371
Cisco APIC Enterprise Module 373
APIC-EM Basics 373
APIC-EM Replacement 374
Summary of the SDN Examples 375
Comparing Traditional Versus Controller-Based Networks 375
How Automation Impacts Network Management 376
Comparing Traditional Networks with Controller-Based Networks 378
Chapter Review 379
Chapter 17 Cisco Software-Defined Access (SDA) 382
Do I Know This Already? Quiz 383
Foundation Topics 384
SDA Fabric, Underlay, and Overlay 384
The SDA Underlay 386
Using Existing Gear for the SDA Underlay 386
Using New Gear for the SDA Underlay 387
The SDA Overlay 390
VXLAN Tunnels in the Overlay (Data Plane) 390
LISP for Overlay Discovery and Location (Control Plane) 392
DNA Center and SDA Operation 395
Cisco DNA Center 395
Cisco DNA Center and Scalable Groups 396
Issues with Traditional IP-Based Security 397
SDA Security Based on User Groups 398
DNA Center as a Network Management Platform 400
DNA Center Similarities to Traditional Management 401
DNA Center Differences with Traditional Management 402
Chapter Review 403
Chapter 18 Understanding REST and JSON 406
Do I Know This Already? Quiz 406
Foundation Topics 408
REST-Based APIs 408
REST-Based (RESTful) APIs 408
Client/Server Architecture 409
Stateless Operation 410
Cacheable (or Not) 410
Background: Data and Variables 410
Simple Variables 410
List and Dictionary Variables 411
REST APIs and HTTP 413
Software CRUD Actions and HTTP Verbs 413
Using URIs with HTTP to Specify the Resource 414
Example of REST API Call to DNA Center 417
Data Serialization and JSON 418
The Need for a Data Model with APIs 419
Data Serialization Languages 421
JSON 421
XML 421
YAML 422
S