Donald Bacha
CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
Donald Bacha
CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram delivers expert coverage and practice questions for every exam topic, including implementation of core enterprise network technologies involving dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security and automation. It also offers comprehensive, proven preparation tools, including: * Exam objective mapping to help students focus their study * A self-assessment section for evaluating students' motivations and readiness * Concise, easy-to-read exam topic overviews Exam Alerts that highlight key…mehr
Andere Kunden interessierten sich auch für
- Narbik KochariansCCIE Routing and Switching v5.0 Official Cert Guide, Volume 277,99 €
- Jim DaviesITIL Foundation All-In-One Exam Guide34,99 €
- Avixa Inc NaCts-I Certified Technology Specialist-Installation Exam Guide, Second Edition73,99 €
- Jason CouchmanOcp Introduction to Oracle9i: SQL Exam Guide43,99 €
- Sam R. AlapatiOCP Upgrade to Oracle Database 12c Exam Guide: (Exam 1Z0-060) [With CDROM]59,99 €
- Daniil MaslyukExam Ref PL-300 Power BI Data Analyst22,99 €
- Andy CiddorCts-D Certified Technology Specialist-Design Exam Guide, Second Edition73,99 €
-
-
-
CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram delivers expert coverage and practice questions for every exam topic, including implementation of core enterprise network technologies involving dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security and automation. It also offers comprehensive, proven preparation tools, including: * Exam objective mapping to help students focus their study * A self-assessment section for evaluating students' motivations and readiness * Concise, easy-to-read exam topic overviews Exam Alerts that highlight key concepts Bullet lists and summaries for easy review * Cram Savers, Cram Quizzes, and chapter-ending practice questions to help students assess their understanding * Notes indicating areas of concern or specialty training * Tips to help students build a better foundation of knowledge * An extensive Glossary of terms and acronyms * The popular Cram Sheet tear-out, collecting the most difficult-to-remember facts and numbers students should memorize before taking the test Complementing all these study tools is the powerful Pearson IT Certification Practice Test software, with hundreds of exam-realistic practice questions. This assessment software offers students a wealth of customization option and reporting features, allowing them to test their knowledge in study mode, practice exam mode, or flash card mode.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Exam Cram (Pearson)
- Verlag: Pearson
- Seitenzahl: 800
- Erscheinungstermin: 13. Mai 2022
- Englisch
- Abmessung: 229mm x 157mm x 45mm
- Gewicht: 1125g
- ISBN-13: 9780136891932
- ISBN-10: 0136891934
- Artikelnr.: 61991932
- Exam Cram (Pearson)
- Verlag: Pearson
- Seitenzahl: 800
- Erscheinungstermin: 13. Mai 2022
- Englisch
- Abmessung: 229mm x 157mm x 45mm
- Gewicht: 1125g
- ISBN-13: 9780136891932
- ISBN-10: 0136891934
- Artikelnr.: 61991932
Donald Bacha is a systems engineer with a health research organization. He's the technical lead responsible for the design and implementation of networking, compute, virtualization, storage, and disaster recovery systems. Over the past 18 years, Donald has supported cloud services provider, enterprise, and data center environments by contributing to complex routing and switching, data center, storage, and virtualization projects in both greenfield and brownfield deployments. His certifications include CCNP Enterprise, CCNP Data Center, and VCAP-DCV. He holds a master's of business administration. Donald can be found at www.allthingsvirtual.net and on Twitter at @donald_bacha.
Introduction. . . . . . . . . . . . . . . . . . . . . . . xxiii
Part I: Infrastructure
CHAPTER 1
Understanding Layer 2.. . . . . . . . . . . . . . . . . . . . 1
VLANs Overview.. . . . . . . . . . . . . . . . . . . . 3
Spanning Tree Protocol Overview. . . . . . . . . . . . . . 19
EtherChannels.. . . . . . . . . . . . . . . . . . . . 47
Review Questions.. . . . . . . . . . . . . . . . . . . 57
Further Reading.. . . . . . . . . . . . . . . . . . . . 58
What's Next?.. . . . . . . . . . . . . . . . . . . . . 58
CHAPTER 2
Understanding Layer 3: IGPs.. . . . . . . . . . . . . . . . . 59
IP Routing Essentials. . . . . . . . . . . . . . . . . . 60
Enhanced Interior Gateway Routing Protocol (EIGRP). . . . . . 68
Open Shortest Path First (OSPF).. . . . . . . . . . . . . . 80
Review Questions.. . . . . . . . . . . . . . . . . . . 100
Further Reading.. . . . . . . . . . . . . . . . . . . . 101
What's Next?.. . . . . . . . . . . . . . . . . . . . . 101
CHAPTER 3
Understanding Layer 3: BGP. . . . . . . . . . . . . . . . . 103
BGP Fundamentals.. . . . . . . . . . . . . . . . . . . 104
BGP Configuration and Verification.. . . . . . . . . . . . . 112
Review Questions.. . . . . . . . . . . . . . . . . . . 120
Further Reading.. . . . . . . . . . . . . . . . . . . . 121
What's Next?.. . . . . . . . . . . . . . . . . . . . . 121
CHAPTER 4
IP Services.. . . . . . . . . . . . . . . . . . . . . . . 123
Network Time Protocol (NTP).. . . . . . . . . . . . . . 124
Network Address Translation (NAT).. . . . . . . . . . . . . 134
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 143
Multicast.. . . . . . . . . . . . . . . . . . . . . . 156
Review Questions.. . . . . . . . . . . . . . . . . . . 165
Further Reading.. . . . . . . . . . . . . . . . . . . . 166
What's Next?.. . . . . . . . . . . . . . . . . . . . . 166
CHAPTER 5
Enterprise Wireless.. . . . . . . . . . . . . . . . . . . . 167
Wireless Basics.. . . . . . . . . . . . . . . . . . . . 168
WLC and AP Operation and Pairing. . . . . . . . . . . . . 176
Wireless Roaming. . . . . . . . . . . . . . . . . . . 185
Review Questions.. . . . . . . . . . . . . . . . . . . 191
Further Reading.. . . . . . . . . . . . . . . . . . . . 192
What's Next?.. . . . . . . . . . . . . . . . . . . . . 192
Part II: Security
CHAPTER 6
Device Access Control.. . . . . . . . . . . . . . . . . . . 193
Cisco IOS CLI Session Overview.. . . . . . . . . . . . . . 194
Authentication, Authorization, and Accounting (AAA) Overview.. . . 210
Review Questions.. . . . . . . . . . . . . . . . . . . 217
Further Reading.. . . . . . . . . . . . . . . . . . . . 218
What's Next?.. . . . . . . . . . . . . . . . . . . . . 218
CHAPTER 7
Infrastructure Security.. . . . . . . . . . . . . . . . . . . 219
Access Control Lists (ACLs) Overview. . . . . . . . . . . . 220
Control Plane Policing (CoPP). . . . . . . . . . . . . . . 233
Review Questions.. . . . . . . . . . . . . . . . . . . 236
Further Reading.. . . . . . . . . . . . . . . . . . . . 237
What's Next?.. . . . . . . . . . . . . . . . . . . . . 237
CHAPTER 8
Securing REST APIs. . . . . . . . . . . . . . . . . . . . 239
REST API Security.. . . . . . . . . . . . . . . . . . . 240
Review Questions.. . . . . . . . . . . . . . . . . . . 245
Further Reading.. . . . . . . . . . . . . . . . . . . . 245
What's Next?.. . . . . . . . . . . . . . . . . . . . . 245
CHAPTER 9
Wireless Security.. . . . . . . . . . . . . . . . . . . . . 247
Wireless Authentication Overview. . . . . . . . . . . . . . 248
Review Questions.. . . . . . . . . . . . . . . . . . . 262
Further Reading.. . . . . . . . . . . . . . . . . . . . 262
What's Next?.. . . . . . . . . . . . . . . . . . . . . 263
CHAPTER 10
Network Security Design.. . . . . . . . . . . . . . . . . . 265
Threat Defense. . . . . . . . . . . . . . . . . . . . 266
TrustSec, MACsec. . . . . . . . . . . . . . . . . . . 279
Review Questions.. . . . . . . . . . . . . . . . . . . 284
Further Reading.. . . . . . . . . . . . . . . . . . . . 285
What's Next?.. . . . . . . . . . . . . . . . . . . . . 285
CHAPTER 11
Network Access Control. . . . . . . . . . . . . . . . . . . 287
Cisco Identity Services Engine (ISE).. . . . . . . . . . . . . 288
Review Questions.. . . . . . . . . . . . . . . . . . . 296
Further Reading.. . . . . . . . . . . . . . . . . . . . 296
What's Next?.. . . . . . . . . . . . . . . . . . . . . 297
Part III: Automation
CHAPTER 12
Anatomy of Python. . . . . . . . . . . . . . . . . . . . . 299
Interpreting Python Components and Scripts.. . . . . . . . . . 300
Review Questions.. . . . . . . . . . . . . . . . . . . 313
Further Reading.. . . . . . . . . . . . . . . . . . . . 314
What's Next?.. . . . . . . . . . . . . . . . . . . . . 314
CHAPTER 13
Building JSON Files.. . . . . . . . . . . . . . . . . . . . 315
Data Formats (XML and JSON).. . . . . . . . . . . . . . 316
Review Questions.. . . . . . . . . . . . . . . . . . . 323
Further Reading.. . . . . . . . . . . . . . . . . . . . 324
What's Next?.. . . . . . . . . . . . . . . . . . . . . 324
CHAPTER 14
YANG Data Modeling.. . . . . . . . . . . . . . . . . . . . 325
YANG Data Modeling. . . . . . . . . . . . . . . . . . 326
Review Questions.. . . . . . . . . . . . . . . . . . . 332
Further Reading.. . . . . . . . . . . . . . . . . . . . 332
What's Next?.. . . . . . . . . . . . . . . . . . . . . 332
CHAPTER 15
DNA Center and vManage APIs. . . . . . . . . . . . . . . . 333
APIs for Cisco DNA Center and vManage.. . . . . . . . . . . 334
Review Questions.. . . . . . . . . . . . . . . . . . . 344
Further Reading.. . . . . . . . . . . . . . . . . . . . 344
What's Next?.. . . . . . . . . . . . . . . . . . . . . 344
CHAPTER 16
Interpreting REST API Codes.. . . . . . . . . . . . . . . . . 345
Interpreting REST API Response Codes.. . . . . . . . . . . 346
Review Questions.. . . . . . . . . . . . . . . . . . . 349
Further Reading.. . . . . . . . . . . . . . . . . . . . 349
What's Next?.. . . . . . . . . . . . . . . . . . . . . 349
CHAPTER 17
EEM Applets.. . . . . . . . . . . . . . . . . . . . . . . 351
Embedded Event Manager (EEM).. . . . . . . . . . . . . 352
Review Questions.. . . . . . . . . . . . . . . . . . . 362
Further Reading.. . . . . . . . . . . . . . . . . . . . 362
What's Next?.. . . . . . . . . . . . . . . . . . . . . 362
CHAPTER 18
Configuration Management and Orchestration.. . . . . . . . . . 363
Agent-Based Orchestration Tools.. . . . . . . . . . . . . . 365
Agentless Orchestration Tools. . . . . . . . . . . . . . . 372
Review Questions.. . . . . . . . . . . . . . . . . . . 378
Further Reading.. . . . . . . . . . . . . . . . . . . . 378
What's Next?.. . . . . . . . . . . . . . . . . . . . . 378
Part IV: Architecture
CHAPTER 19
Enterprise Network Design Principles.. . . . . . . . . . . . . . 379
Hierarchical LAN Design Model.. . . . . . . . . . . . . . 380
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 392
Hardware Redundancy Mechanisms.. . . . . . . . . . . . . 400
Review Questions.. . . . . . . . . . . . . . . . . . . 407
Further Reading.. . . . . . . . . . . . . . . . . . . . 408
What's Next?.. . . . . . . . . . . . . . . . . . . . . 408
CHAPTER 20
Wireless LAN Deployments. . . . . . . . . . . . . . . . . . 409
Wireless Deployment Models. . . . . . . . . . . . . . . 410
Wireless Location Services. . . . . . . . . . . . . . . . 427
Review Questions.. . . . . . . . . . . . . . . . . . . 430
Further Reading.. . . . . . . . . . . . . . . . . . . . 431
What's Next?.. . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 21
On-Premises vs. Cloud Infrastructure.. . . . . . . . . . . . . . 433
Cloud Infrastructure Basics.. . . . . . . . . . . . . . . . 434
Cloud Services Models. . . . . . . . . . . . . . . . . . 438
Cloud Deployment Models.. . . . . . . . . . . . . . . . 444
On-Premises or Cloud Infrastructure. . . . . . . . . . . . . 447
Review Questions.. . . . . . . . . . . . . . . . . . . 449
Further Reading.. . . . . . . . . . . . . . . . . . . . 450
What's Next?.. . . . . . . . . . . . . . . . . . . . . 450
CHAPTER 22
SD-WAN.. . . . . . . . . . . . . . . . . . . . . . . . 451
SD-WAN Overview.. . . . . . . . . . . . . . . . . . 452
SD-WAN Architecture Components.. . . . . . . . . . . . . 459
Review Questions.. . . . . . . . . . . . . . . . . . . 465
Further Reading.. . . . . . . . . . . . . . . . . . . . 466
What's Next?.. . . . . . . . . . . . . . . . . . . . . 466
CHAPTER 23
SD-Access. . . . . . . . . . . . . . . . . . . . . . . . 467
SD-Access Overview.. . . . . . . . . . . . . . . . . . 468
SD-Access Architecture.. . . . . . . . . . . . . . . . . 471
SD-Access Operational Planes.. . . . . . . . . . . . . . . 474
SD-Access Fabric Roles and Components.. . . . . . . . . . . 477
Review Questions.. . . . . . . . . . . . . . . . . . . 484
Further Reading.. . . . . . . . . . . . . . . . . . . . 484
What's Next?.. . . . . . . . . . . . . . . . . . . . . 485
CHAPTER 24
QoS. . . . . . . . . . . . . . . . . . . . . . . . . . 487
The Need for QoS.. . . . . . . . . . . . . . . . . . . 488
QoS Models and Components.. . . . . . . . . . . . . . . 493
Congestion Management and Congestion Avoidance.. . . . . . . 499
Review Questions.. . . . . . . . . . . . . . . . . . . 503
Further Reading.. . . . . . . . . . . . . . . . . . . . 503
What's Next?.. . . . . . . . . . . . . . . . . . . . . 504
CHAPTER 25
Switching.. . . . . . . . . . . . . . . . . . . . . . . . 505
Traffic Forwarding Basics. . . . . . . . . . . . . . . . . 506
Forwarding Architectures. . . . . . . . . . . . . . . . . 511
Review Questions.. . . . . . . . . . . . . . . . . . . 522
Further Reading.. . . . . . . . . . . . . . . . . . . . 523
What's Next?.. . . . . . . . . . . . . . . . . . . . . 523
Part V: Virtualization
CHAPTER 26
Basic Virtualization.. . . . . . . . . . . . . . . . . . . . 525
Virtualization Overview.. . . . . . . . . . . . . . . . . 526
Virtual Machines (VMs). . . . . . . . . . . . . . . . . 532
Virtual Switching.. . . . . . . . . . . . . . . . . . . 535
Review Questions.. . . . . . . . . . . . . . . . . . . 542
Further Reading.. . . . . . . . . . . . . . . . . . . . 543
What's Next?.. . . . . . . . . . . . . . . . . . . . . 543
CHAPTER 27
VRF Instances, GRE, and IPsec. . . . . . . . . . . . . . . . 545
Virtual Routing and Forwarding (VRF).. . . . . . . . . . . . 546
Generic Routing Encapsulation (GRE).. . . . . . . . . . . . 552
IPsec VPNs.. . . . . . . . . . . . . . . . . . . . . 558
Review Questions.. . . . . . . . . . . . . . . . . . . 570
Further Reading.. . . . . . . . . . . . . . . . . . . . 571
What's Next?.. . . . . . . . . . . . . . . . . . . . . 571
CHAPTER 28
Extending the Network Virtually.. . . . . . . . . . . . . . . . 573
Locator ID/Separation Protocol (LISP).. . . . . . . . . . . . 574
Virtual Extensible LAN (VXLAN).. . . . . . . . . . . . . 580
Review Questions.. . . . . . . . . . . . . . . . . . . 585
Further Reading.. . . . . . . . . . . . . . . . . . . . 586
What's Next?.. . . . . . . . . . . . . . . . . . . . . 586
Part VI: Network Assurance
CHAPTER 29
Troubleshooting.. . . . . . . . . . . . . . . . . . . . . . 587
Troubleshooting Overview.. . . . . . . . . . . . . . . . 588
Simple Network Management Protocol (SNMP).. . . . . . . . 604
Review Questions.. . . . . . . . . . . . . . . . . . . 610
Further Reading.. . . . . . . . . . . . . . . . . . . . 611
What's Next?.. . . . . . . . . . . . . . . . . . . . . 611
CHAPTER 30
Monitoring. . . . . . . . . . . . . . . . . . . . . . . . 613
Syslog.. . . . . . . . . . . . . . . . . . . . . . . 614
NetFlow and Flexible NetFlow. . . . . . . . . . . . . . . 620
Switch Port Analyzer (SPAN), Remote SPAN (RSPAN), and Encapsulated
Remote SPAN (ERSPAN)... 632
Review Questions.. . . . . . . . . . . . . . . . . . . 639
Further Reading.. . . . . . . . . . . . . . . . . . . . 640
What's Next?.. . . . . . . . . . . . . . . . . . . . . 640
CHAPTER 31
IP SLA and DNA Center.. . . . . . . . . . . . . . . . . . . 641
IP SLA Overview.. . . . . . . . . . . . . . . . . . . 642
Cisco DNA Center Assurance. . . . . . . . . . . . . . . 652
Review Questions.. . . . . . . . . . . . . . . . . . . 660
Further Reading.. . . . . . . . . . . . . . . . . . . . 660
What's Next?.. . . . . . . . . . . . . . . . . . . . . 660
CHAPTER 32
NETCONF and RESTCONF.. . . . . . . . . . . . . . . . . . 661
NETCONF. . . . . . . . . . . . . . . . . . . . . 662
RESTCONF.. . . . . . . . . . . . . . . . . . . . . 668
Review Questions.. . . . . . . . . . . . . . . . . . . 671
Further Reading.. . . . . . . . . . . . . . . . . . . . 671
What's Next?.. . . . . . . . . . . . . . . . . . . . . 671
Glossary.. . . . . . . . . . . . . . . . . . . . . . . . 673
9780136891932, TOC, 2/15/2022
Part I: Infrastructure
CHAPTER 1
Understanding Layer 2.. . . . . . . . . . . . . . . . . . . . 1
VLANs Overview.. . . . . . . . . . . . . . . . . . . . 3
Spanning Tree Protocol Overview. . . . . . . . . . . . . . 19
EtherChannels.. . . . . . . . . . . . . . . . . . . . 47
Review Questions.. . . . . . . . . . . . . . . . . . . 57
Further Reading.. . . . . . . . . . . . . . . . . . . . 58
What's Next?.. . . . . . . . . . . . . . . . . . . . . 58
CHAPTER 2
Understanding Layer 3: IGPs.. . . . . . . . . . . . . . . . . 59
IP Routing Essentials. . . . . . . . . . . . . . . . . . 60
Enhanced Interior Gateway Routing Protocol (EIGRP). . . . . . 68
Open Shortest Path First (OSPF).. . . . . . . . . . . . . . 80
Review Questions.. . . . . . . . . . . . . . . . . . . 100
Further Reading.. . . . . . . . . . . . . . . . . . . . 101
What's Next?.. . . . . . . . . . . . . . . . . . . . . 101
CHAPTER 3
Understanding Layer 3: BGP. . . . . . . . . . . . . . . . . 103
BGP Fundamentals.. . . . . . . . . . . . . . . . . . . 104
BGP Configuration and Verification.. . . . . . . . . . . . . 112
Review Questions.. . . . . . . . . . . . . . . . . . . 120
Further Reading.. . . . . . . . . . . . . . . . . . . . 121
What's Next?.. . . . . . . . . . . . . . . . . . . . . 121
CHAPTER 4
IP Services.. . . . . . . . . . . . . . . . . . . . . . . 123
Network Time Protocol (NTP).. . . . . . . . . . . . . . 124
Network Address Translation (NAT).. . . . . . . . . . . . . 134
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 143
Multicast.. . . . . . . . . . . . . . . . . . . . . . 156
Review Questions.. . . . . . . . . . . . . . . . . . . 165
Further Reading.. . . . . . . . . . . . . . . . . . . . 166
What's Next?.. . . . . . . . . . . . . . . . . . . . . 166
CHAPTER 5
Enterprise Wireless.. . . . . . . . . . . . . . . . . . . . 167
Wireless Basics.. . . . . . . . . . . . . . . . . . . . 168
WLC and AP Operation and Pairing. . . . . . . . . . . . . 176
Wireless Roaming. . . . . . . . . . . . . . . . . . . 185
Review Questions.. . . . . . . . . . . . . . . . . . . 191
Further Reading.. . . . . . . . . . . . . . . . . . . . 192
What's Next?.. . . . . . . . . . . . . . . . . . . . . 192
Part II: Security
CHAPTER 6
Device Access Control.. . . . . . . . . . . . . . . . . . . 193
Cisco IOS CLI Session Overview.. . . . . . . . . . . . . . 194
Authentication, Authorization, and Accounting (AAA) Overview.. . . 210
Review Questions.. . . . . . . . . . . . . . . . . . . 217
Further Reading.. . . . . . . . . . . . . . . . . . . . 218
What's Next?.. . . . . . . . . . . . . . . . . . . . . 218
CHAPTER 7
Infrastructure Security.. . . . . . . . . . . . . . . . . . . 219
Access Control Lists (ACLs) Overview. . . . . . . . . . . . 220
Control Plane Policing (CoPP). . . . . . . . . . . . . . . 233
Review Questions.. . . . . . . . . . . . . . . . . . . 236
Further Reading.. . . . . . . . . . . . . . . . . . . . 237
What's Next?.. . . . . . . . . . . . . . . . . . . . . 237
CHAPTER 8
Securing REST APIs. . . . . . . . . . . . . . . . . . . . 239
REST API Security.. . . . . . . . . . . . . . . . . . . 240
Review Questions.. . . . . . . . . . . . . . . . . . . 245
Further Reading.. . . . . . . . . . . . . . . . . . . . 245
What's Next?.. . . . . . . . . . . . . . . . . . . . . 245
CHAPTER 9
Wireless Security.. . . . . . . . . . . . . . . . . . . . . 247
Wireless Authentication Overview. . . . . . . . . . . . . . 248
Review Questions.. . . . . . . . . . . . . . . . . . . 262
Further Reading.. . . . . . . . . . . . . . . . . . . . 262
What's Next?.. . . . . . . . . . . . . . . . . . . . . 263
CHAPTER 10
Network Security Design.. . . . . . . . . . . . . . . . . . 265
Threat Defense. . . . . . . . . . . . . . . . . . . . 266
TrustSec, MACsec. . . . . . . . . . . . . . . . . . . 279
Review Questions.. . . . . . . . . . . . . . . . . . . 284
Further Reading.. . . . . . . . . . . . . . . . . . . . 285
What's Next?.. . . . . . . . . . . . . . . . . . . . . 285
CHAPTER 11
Network Access Control. . . . . . . . . . . . . . . . . . . 287
Cisco Identity Services Engine (ISE).. . . . . . . . . . . . . 288
Review Questions.. . . . . . . . . . . . . . . . . . . 296
Further Reading.. . . . . . . . . . . . . . . . . . . . 296
What's Next?.. . . . . . . . . . . . . . . . . . . . . 297
Part III: Automation
CHAPTER 12
Anatomy of Python. . . . . . . . . . . . . . . . . . . . . 299
Interpreting Python Components and Scripts.. . . . . . . . . . 300
Review Questions.. . . . . . . . . . . . . . . . . . . 313
Further Reading.. . . . . . . . . . . . . . . . . . . . 314
What's Next?.. . . . . . . . . . . . . . . . . . . . . 314
CHAPTER 13
Building JSON Files.. . . . . . . . . . . . . . . . . . . . 315
Data Formats (XML and JSON).. . . . . . . . . . . . . . 316
Review Questions.. . . . . . . . . . . . . . . . . . . 323
Further Reading.. . . . . . . . . . . . . . . . . . . . 324
What's Next?.. . . . . . . . . . . . . . . . . . . . . 324
CHAPTER 14
YANG Data Modeling.. . . . . . . . . . . . . . . . . . . . 325
YANG Data Modeling. . . . . . . . . . . . . . . . . . 326
Review Questions.. . . . . . . . . . . . . . . . . . . 332
Further Reading.. . . . . . . . . . . . . . . . . . . . 332
What's Next?.. . . . . . . . . . . . . . . . . . . . . 332
CHAPTER 15
DNA Center and vManage APIs. . . . . . . . . . . . . . . . 333
APIs for Cisco DNA Center and vManage.. . . . . . . . . . . 334
Review Questions.. . . . . . . . . . . . . . . . . . . 344
Further Reading.. . . . . . . . . . . . . . . . . . . . 344
What's Next?.. . . . . . . . . . . . . . . . . . . . . 344
CHAPTER 16
Interpreting REST API Codes.. . . . . . . . . . . . . . . . . 345
Interpreting REST API Response Codes.. . . . . . . . . . . 346
Review Questions.. . . . . . . . . . . . . . . . . . . 349
Further Reading.. . . . . . . . . . . . . . . . . . . . 349
What's Next?.. . . . . . . . . . . . . . . . . . . . . 349
CHAPTER 17
EEM Applets.. . . . . . . . . . . . . . . . . . . . . . . 351
Embedded Event Manager (EEM).. . . . . . . . . . . . . 352
Review Questions.. . . . . . . . . . . . . . . . . . . 362
Further Reading.. . . . . . . . . . . . . . . . . . . . 362
What's Next?.. . . . . . . . . . . . . . . . . . . . . 362
CHAPTER 18
Configuration Management and Orchestration.. . . . . . . . . . 363
Agent-Based Orchestration Tools.. . . . . . . . . . . . . . 365
Agentless Orchestration Tools. . . . . . . . . . . . . . . 372
Review Questions.. . . . . . . . . . . . . . . . . . . 378
Further Reading.. . . . . . . . . . . . . . . . . . . . 378
What's Next?.. . . . . . . . . . . . . . . . . . . . . 378
Part IV: Architecture
CHAPTER 19
Enterprise Network Design Principles.. . . . . . . . . . . . . . 379
Hierarchical LAN Design Model.. . . . . . . . . . . . . . 380
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 392
Hardware Redundancy Mechanisms.. . . . . . . . . . . . . 400
Review Questions.. . . . . . . . . . . . . . . . . . . 407
Further Reading.. . . . . . . . . . . . . . . . . . . . 408
What's Next?.. . . . . . . . . . . . . . . . . . . . . 408
CHAPTER 20
Wireless LAN Deployments. . . . . . . . . . . . . . . . . . 409
Wireless Deployment Models. . . . . . . . . . . . . . . 410
Wireless Location Services. . . . . . . . . . . . . . . . 427
Review Questions.. . . . . . . . . . . . . . . . . . . 430
Further Reading.. . . . . . . . . . . . . . . . . . . . 431
What's Next?.. . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 21
On-Premises vs. Cloud Infrastructure.. . . . . . . . . . . . . . 433
Cloud Infrastructure Basics.. . . . . . . . . . . . . . . . 434
Cloud Services Models. . . . . . . . . . . . . . . . . . 438
Cloud Deployment Models.. . . . . . . . . . . . . . . . 444
On-Premises or Cloud Infrastructure. . . . . . . . . . . . . 447
Review Questions.. . . . . . . . . . . . . . . . . . . 449
Further Reading.. . . . . . . . . . . . . . . . . . . . 450
What's Next?.. . . . . . . . . . . . . . . . . . . . . 450
CHAPTER 22
SD-WAN.. . . . . . . . . . . . . . . . . . . . . . . . 451
SD-WAN Overview.. . . . . . . . . . . . . . . . . . 452
SD-WAN Architecture Components.. . . . . . . . . . . . . 459
Review Questions.. . . . . . . . . . . . . . . . . . . 465
Further Reading.. . . . . . . . . . . . . . . . . . . . 466
What's Next?.. . . . . . . . . . . . . . . . . . . . . 466
CHAPTER 23
SD-Access. . . . . . . . . . . . . . . . . . . . . . . . 467
SD-Access Overview.. . . . . . . . . . . . . . . . . . 468
SD-Access Architecture.. . . . . . . . . . . . . . . . . 471
SD-Access Operational Planes.. . . . . . . . . . . . . . . 474
SD-Access Fabric Roles and Components.. . . . . . . . . . . 477
Review Questions.. . . . . . . . . . . . . . . . . . . 484
Further Reading.. . . . . . . . . . . . . . . . . . . . 484
What's Next?.. . . . . . . . . . . . . . . . . . . . . 485
CHAPTER 24
QoS. . . . . . . . . . . . . . . . . . . . . . . . . . 487
The Need for QoS.. . . . . . . . . . . . . . . . . . . 488
QoS Models and Components.. . . . . . . . . . . . . . . 493
Congestion Management and Congestion Avoidance.. . . . . . . 499
Review Questions.. . . . . . . . . . . . . . . . . . . 503
Further Reading.. . . . . . . . . . . . . . . . . . . . 503
What's Next?.. . . . . . . . . . . . . . . . . . . . . 504
CHAPTER 25
Switching.. . . . . . . . . . . . . . . . . . . . . . . . 505
Traffic Forwarding Basics. . . . . . . . . . . . . . . . . 506
Forwarding Architectures. . . . . . . . . . . . . . . . . 511
Review Questions.. . . . . . . . . . . . . . . . . . . 522
Further Reading.. . . . . . . . . . . . . . . . . . . . 523
What's Next?.. . . . . . . . . . . . . . . . . . . . . 523
Part V: Virtualization
CHAPTER 26
Basic Virtualization.. . . . . . . . . . . . . . . . . . . . 525
Virtualization Overview.. . . . . . . . . . . . . . . . . 526
Virtual Machines (VMs). . . . . . . . . . . . . . . . . 532
Virtual Switching.. . . . . . . . . . . . . . . . . . . 535
Review Questions.. . . . . . . . . . . . . . . . . . . 542
Further Reading.. . . . . . . . . . . . . . . . . . . . 543
What's Next?.. . . . . . . . . . . . . . . . . . . . . 543
CHAPTER 27
VRF Instances, GRE, and IPsec. . . . . . . . . . . . . . . . 545
Virtual Routing and Forwarding (VRF).. . . . . . . . . . . . 546
Generic Routing Encapsulation (GRE).. . . . . . . . . . . . 552
IPsec VPNs.. . . . . . . . . . . . . . . . . . . . . 558
Review Questions.. . . . . . . . . . . . . . . . . . . 570
Further Reading.. . . . . . . . . . . . . . . . . . . . 571
What's Next?.. . . . . . . . . . . . . . . . . . . . . 571
CHAPTER 28
Extending the Network Virtually.. . . . . . . . . . . . . . . . 573
Locator ID/Separation Protocol (LISP).. . . . . . . . . . . . 574
Virtual Extensible LAN (VXLAN).. . . . . . . . . . . . . 580
Review Questions.. . . . . . . . . . . . . . . . . . . 585
Further Reading.. . . . . . . . . . . . . . . . . . . . 586
What's Next?.. . . . . . . . . . . . . . . . . . . . . 586
Part VI: Network Assurance
CHAPTER 29
Troubleshooting.. . . . . . . . . . . . . . . . . . . . . . 587
Troubleshooting Overview.. . . . . . . . . . . . . . . . 588
Simple Network Management Protocol (SNMP).. . . . . . . . 604
Review Questions.. . . . . . . . . . . . . . . . . . . 610
Further Reading.. . . . . . . . . . . . . . . . . . . . 611
What's Next?.. . . . . . . . . . . . . . . . . . . . . 611
CHAPTER 30
Monitoring. . . . . . . . . . . . . . . . . . . . . . . . 613
Syslog.. . . . . . . . . . . . . . . . . . . . . . . 614
NetFlow and Flexible NetFlow. . . . . . . . . . . . . . . 620
Switch Port Analyzer (SPAN), Remote SPAN (RSPAN), and Encapsulated
Remote SPAN (ERSPAN)... 632
Review Questions.. . . . . . . . . . . . . . . . . . . 639
Further Reading.. . . . . . . . . . . . . . . . . . . . 640
What's Next?.. . . . . . . . . . . . . . . . . . . . . 640
CHAPTER 31
IP SLA and DNA Center.. . . . . . . . . . . . . . . . . . . 641
IP SLA Overview.. . . . . . . . . . . . . . . . . . . 642
Cisco DNA Center Assurance. . . . . . . . . . . . . . . 652
Review Questions.. . . . . . . . . . . . . . . . . . . 660
Further Reading.. . . . . . . . . . . . . . . . . . . . 660
What's Next?.. . . . . . . . . . . . . . . . . . . . . 660
CHAPTER 32
NETCONF and RESTCONF.. . . . . . . . . . . . . . . . . . 661
NETCONF. . . . . . . . . . . . . . . . . . . . . 662
RESTCONF.. . . . . . . . . . . . . . . . . . . . . 668
Review Questions.. . . . . . . . . . . . . . . . . . . 671
Further Reading.. . . . . . . . . . . . . . . . . . . . 671
What's Next?.. . . . . . . . . . . . . . . . . . . . . 671
Glossary.. . . . . . . . . . . . . . . . . . . . . . . . 673
9780136891932, TOC, 2/15/2022
Introduction. . . . . . . . . . . . . . . . . . . . . . . xxiii
Part I: Infrastructure
CHAPTER 1
Understanding Layer 2.. . . . . . . . . . . . . . . . . . . . 1
VLANs Overview.. . . . . . . . . . . . . . . . . . . . 3
Spanning Tree Protocol Overview. . . . . . . . . . . . . . 19
EtherChannels.. . . . . . . . . . . . . . . . . . . . 47
Review Questions.. . . . . . . . . . . . . . . . . . . 57
Further Reading.. . . . . . . . . . . . . . . . . . . . 58
What's Next?.. . . . . . . . . . . . . . . . . . . . . 58
CHAPTER 2
Understanding Layer 3: IGPs.. . . . . . . . . . . . . . . . . 59
IP Routing Essentials. . . . . . . . . . . . . . . . . . 60
Enhanced Interior Gateway Routing Protocol (EIGRP). . . . . . 68
Open Shortest Path First (OSPF).. . . . . . . . . . . . . . 80
Review Questions.. . . . . . . . . . . . . . . . . . . 100
Further Reading.. . . . . . . . . . . . . . . . . . . . 101
What's Next?.. . . . . . . . . . . . . . . . . . . . . 101
CHAPTER 3
Understanding Layer 3: BGP. . . . . . . . . . . . . . . . . 103
BGP Fundamentals.. . . . . . . . . . . . . . . . . . . 104
BGP Configuration and Verification.. . . . . . . . . . . . . 112
Review Questions.. . . . . . . . . . . . . . . . . . . 120
Further Reading.. . . . . . . . . . . . . . . . . . . . 121
What's Next?.. . . . . . . . . . . . . . . . . . . . . 121
CHAPTER 4
IP Services.. . . . . . . . . . . . . . . . . . . . . . . 123
Network Time Protocol (NTP).. . . . . . . . . . . . . . 124
Network Address Translation (NAT).. . . . . . . . . . . . . 134
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 143
Multicast.. . . . . . . . . . . . . . . . . . . . . . 156
Review Questions.. . . . . . . . . . . . . . . . . . . 165
Further Reading.. . . . . . . . . . . . . . . . . . . . 166
What's Next?.. . . . . . . . . . . . . . . . . . . . . 166
CHAPTER 5
Enterprise Wireless.. . . . . . . . . . . . . . . . . . . . 167
Wireless Basics.. . . . . . . . . . . . . . . . . . . . 168
WLC and AP Operation and Pairing. . . . . . . . . . . . . 176
Wireless Roaming. . . . . . . . . . . . . . . . . . . 185
Review Questions.. . . . . . . . . . . . . . . . . . . 191
Further Reading.. . . . . . . . . . . . . . . . . . . . 192
What's Next?.. . . . . . . . . . . . . . . . . . . . . 192
Part II: Security
CHAPTER 6
Device Access Control.. . . . . . . . . . . . . . . . . . . 193
Cisco IOS CLI Session Overview.. . . . . . . . . . . . . . 194
Authentication, Authorization, and Accounting (AAA) Overview.. . . 210
Review Questions.. . . . . . . . . . . . . . . . . . . 217
Further Reading.. . . . . . . . . . . . . . . . . . . . 218
What's Next?.. . . . . . . . . . . . . . . . . . . . . 218
CHAPTER 7
Infrastructure Security.. . . . . . . . . . . . . . . . . . . 219
Access Control Lists (ACLs) Overview. . . . . . . . . . . . 220
Control Plane Policing (CoPP). . . . . . . . . . . . . . . 233
Review Questions.. . . . . . . . . . . . . . . . . . . 236
Further Reading.. . . . . . . . . . . . . . . . . . . . 237
What's Next?.. . . . . . . . . . . . . . . . . . . . . 237
CHAPTER 8
Securing REST APIs. . . . . . . . . . . . . . . . . . . . 239
REST API Security.. . . . . . . . . . . . . . . . . . . 240
Review Questions.. . . . . . . . . . . . . . . . . . . 245
Further Reading.. . . . . . . . . . . . . . . . . . . . 245
What's Next?.. . . . . . . . . . . . . . . . . . . . . 245
CHAPTER 9
Wireless Security.. . . . . . . . . . . . . . . . . . . . . 247
Wireless Authentication Overview. . . . . . . . . . . . . . 248
Review Questions.. . . . . . . . . . . . . . . . . . . 262
Further Reading.. . . . . . . . . . . . . . . . . . . . 262
What's Next?.. . . . . . . . . . . . . . . . . . . . . 263
CHAPTER 10
Network Security Design.. . . . . . . . . . . . . . . . . . 265
Threat Defense. . . . . . . . . . . . . . . . . . . . 266
TrustSec, MACsec. . . . . . . . . . . . . . . . . . . 279
Review Questions.. . . . . . . . . . . . . . . . . . . 284
Further Reading.. . . . . . . . . . . . . . . . . . . . 285
What's Next?.. . . . . . . . . . . . . . . . . . . . . 285
CHAPTER 11
Network Access Control. . . . . . . . . . . . . . . . . . . 287
Cisco Identity Services Engine (ISE).. . . . . . . . . . . . . 288
Review Questions.. . . . . . . . . . . . . . . . . . . 296
Further Reading.. . . . . . . . . . . . . . . . . . . . 296
What's Next?.. . . . . . . . . . . . . . . . . . . . . 297
Part III: Automation
CHAPTER 12
Anatomy of Python. . . . . . . . . . . . . . . . . . . . . 299
Interpreting Python Components and Scripts.. . . . . . . . . . 300
Review Questions.. . . . . . . . . . . . . . . . . . . 313
Further Reading.. . . . . . . . . . . . . . . . . . . . 314
What's Next?.. . . . . . . . . . . . . . . . . . . . . 314
CHAPTER 13
Building JSON Files.. . . . . . . . . . . . . . . . . . . . 315
Data Formats (XML and JSON).. . . . . . . . . . . . . . 316
Review Questions.. . . . . . . . . . . . . . . . . . . 323
Further Reading.. . . . . . . . . . . . . . . . . . . . 324
What's Next?.. . . . . . . . . . . . . . . . . . . . . 324
CHAPTER 14
YANG Data Modeling.. . . . . . . . . . . . . . . . . . . . 325
YANG Data Modeling. . . . . . . . . . . . . . . . . . 326
Review Questions.. . . . . . . . . . . . . . . . . . . 332
Further Reading.. . . . . . . . . . . . . . . . . . . . 332
What's Next?.. . . . . . . . . . . . . . . . . . . . . 332
CHAPTER 15
DNA Center and vManage APIs. . . . . . . . . . . . . . . . 333
APIs for Cisco DNA Center and vManage.. . . . . . . . . . . 334
Review Questions.. . . . . . . . . . . . . . . . . . . 344
Further Reading.. . . . . . . . . . . . . . . . . . . . 344
What's Next?.. . . . . . . . . . . . . . . . . . . . . 344
CHAPTER 16
Interpreting REST API Codes.. . . . . . . . . . . . . . . . . 345
Interpreting REST API Response Codes.. . . . . . . . . . . 346
Review Questions.. . . . . . . . . . . . . . . . . . . 349
Further Reading.. . . . . . . . . . . . . . . . . . . . 349
What's Next?.. . . . . . . . . . . . . . . . . . . . . 349
CHAPTER 17
EEM Applets.. . . . . . . . . . . . . . . . . . . . . . . 351
Embedded Event Manager (EEM).. . . . . . . . . . . . . 352
Review Questions.. . . . . . . . . . . . . . . . . . . 362
Further Reading.. . . . . . . . . . . . . . . . . . . . 362
What's Next?.. . . . . . . . . . . . . . . . . . . . . 362
CHAPTER 18
Configuration Management and Orchestration.. . . . . . . . . . 363
Agent-Based Orchestration Tools.. . . . . . . . . . . . . . 365
Agentless Orchestration Tools. . . . . . . . . . . . . . . 372
Review Questions.. . . . . . . . . . . . . . . . . . . 378
Further Reading.. . . . . . . . . . . . . . . . . . . . 378
What's Next?.. . . . . . . . . . . . . . . . . . . . . 378
Part IV: Architecture
CHAPTER 19
Enterprise Network Design Principles.. . . . . . . . . . . . . . 379
Hierarchical LAN Design Model.. . . . . . . . . . . . . . 380
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 392
Hardware Redundancy Mechanisms.. . . . . . . . . . . . . 400
Review Questions.. . . . . . . . . . . . . . . . . . . 407
Further Reading.. . . . . . . . . . . . . . . . . . . . 408
What's Next?.. . . . . . . . . . . . . . . . . . . . . 408
CHAPTER 20
Wireless LAN Deployments. . . . . . . . . . . . . . . . . . 409
Wireless Deployment Models. . . . . . . . . . . . . . . 410
Wireless Location Services. . . . . . . . . . . . . . . . 427
Review Questions.. . . . . . . . . . . . . . . . . . . 430
Further Reading.. . . . . . . . . . . . . . . . . . . . 431
What's Next?.. . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 21
On-Premises vs. Cloud Infrastructure.. . . . . . . . . . . . . . 433
Cloud Infrastructure Basics.. . . . . . . . . . . . . . . . 434
Cloud Services Models. . . . . . . . . . . . . . . . . . 438
Cloud Deployment Models.. . . . . . . . . . . . . . . . 444
On-Premises or Cloud Infrastructure. . . . . . . . . . . . . 447
Review Questions.. . . . . . . . . . . . . . . . . . . 449
Further Reading.. . . . . . . . . . . . . . . . . . . . 450
What's Next?.. . . . . . . . . . . . . . . . . . . . . 450
CHAPTER 22
SD-WAN.. . . . . . . . . . . . . . . . . . . . . . . . 451
SD-WAN Overview.. . . . . . . . . . . . . . . . . . 452
SD-WAN Architecture Components.. . . . . . . . . . . . . 459
Review Questions.. . . . . . . . . . . . . . . . . . . 465
Further Reading.. . . . . . . . . . . . . . . . . . . . 466
What's Next?.. . . . . . . . . . . . . . . . . . . . . 466
CHAPTER 23
SD-Access. . . . . . . . . . . . . . . . . . . . . . . . 467
SD-Access Overview.. . . . . . . . . . . . . . . . . . 468
SD-Access Architecture.. . . . . . . . . . . . . . . . . 471
SD-Access Operational Planes.. . . . . . . . . . . . . . . 474
SD-Access Fabric Roles and Components.. . . . . . . . . . . 477
Review Questions.. . . . . . . . . . . . . . . . . . . 484
Further Reading.. . . . . . . . . . . . . . . . . . . . 484
What's Next?.. . . . . . . . . . . . . . . . . . . . . 485
CHAPTER 24
QoS. . . . . . . . . . . . . . . . . . . . . . . . . . 487
The Need for QoS.. . . . . . . . . . . . . . . . . . . 488
QoS Models and Components.. . . . . . . . . . . . . . . 493
Congestion Management and Congestion Avoidance.. . . . . . . 499
Review Questions.. . . . . . . . . . . . . . . . . . . 503
Further Reading.. . . . . . . . . . . . . . . . . . . . 503
What's Next?.. . . . . . . . . . . . . . . . . . . . . 504
CHAPTER 25
Switching.. . . . . . . . . . . . . . . . . . . . . . . . 505
Traffic Forwarding Basics. . . . . . . . . . . . . . . . . 506
Forwarding Architectures. . . . . . . . . . . . . . . . . 511
Review Questions.. . . . . . . . . . . . . . . . . . . 522
Further Reading.. . . . . . . . . . . . . . . . . . . . 523
What's Next?.. . . . . . . . . . . . . . . . . . . . . 523
Part V: Virtualization
CHAPTER 26
Basic Virtualization.. . . . . . . . . . . . . . . . . . . . 525
Virtualization Overview.. . . . . . . . . . . . . . . . . 526
Virtual Machines (VMs). . . . . . . . . . . . . . . . . 532
Virtual Switching.. . . . . . . . . . . . . . . . . . . 535
Review Questions.. . . . . . . . . . . . . . . . . . . 542
Further Reading.. . . . . . . . . . . . . . . . . . . . 543
What's Next?.. . . . . . . . . . . . . . . . . . . . . 543
CHAPTER 27
VRF Instances, GRE, and IPsec. . . . . . . . . . . . . . . . 545
Virtual Routing and Forwarding (VRF).. . . . . . . . . . . . 546
Generic Routing Encapsulation (GRE).. . . . . . . . . . . . 552
IPsec VPNs.. . . . . . . . . . . . . . . . . . . . . 558
Review Questions.. . . . . . . . . . . . . . . . . . . 570
Further Reading.. . . . . . . . . . . . . . . . . . . . 571
What's Next?.. . . . . . . . . . . . . . . . . . . . . 571
CHAPTER 28
Extending the Network Virtually.. . . . . . . . . . . . . . . . 573
Locator ID/Separation Protocol (LISP).. . . . . . . . . . . . 574
Virtual Extensible LAN (VXLAN).. . . . . . . . . . . . . 580
Review Questions.. . . . . . . . . . . . . . . . . . . 585
Further Reading.. . . . . . . . . . . . . . . . . . . . 586
What's Next?.. . . . . . . . . . . . . . . . . . . . . 586
Part VI: Network Assurance
CHAPTER 29
Troubleshooting.. . . . . . . . . . . . . . . . . . . . . . 587
Troubleshooting Overview.. . . . . . . . . . . . . . . . 588
Simple Network Management Protocol (SNMP).. . . . . . . . 604
Review Questions.. . . . . . . . . . . . . . . . . . . 610
Further Reading.. . . . . . . . . . . . . . . . . . . . 611
What's Next?.. . . . . . . . . . . . . . . . . . . . . 611
CHAPTER 30
Monitoring. . . . . . . . . . . . . . . . . . . . . . . . 613
Syslog.. . . . . . . . . . . . . . . . . . . . . . . 614
NetFlow and Flexible NetFlow. . . . . . . . . . . . . . . 620
Switch Port Analyzer (SPAN), Remote SPAN (RSPAN), and Encapsulated
Remote SPAN (ERSPAN)... 632
Review Questions.. . . . . . . . . . . . . . . . . . . 639
Further Reading.. . . . . . . . . . . . . . . . . . . . 640
What's Next?.. . . . . . . . . . . . . . . . . . . . . 640
CHAPTER 31
IP SLA and DNA Center.. . . . . . . . . . . . . . . . . . . 641
IP SLA Overview.. . . . . . . . . . . . . . . . . . . 642
Cisco DNA Center Assurance. . . . . . . . . . . . . . . 652
Review Questions.. . . . . . . . . . . . . . . . . . . 660
Further Reading.. . . . . . . . . . . . . . . . . . . . 660
What's Next?.. . . . . . . . . . . . . . . . . . . . . 660
CHAPTER 32
NETCONF and RESTCONF.. . . . . . . . . . . . . . . . . . 661
NETCONF. . . . . . . . . . . . . . . . . . . . . 662
RESTCONF.. . . . . . . . . . . . . . . . . . . . . 668
Review Questions.. . . . . . . . . . . . . . . . . . . 671
Further Reading.. . . . . . . . . . . . . . . . . . . . 671
What's Next?.. . . . . . . . . . . . . . . . . . . . . 671
Glossary.. . . . . . . . . . . . . . . . . . . . . . . . 673
9780136891932, TOC, 2/15/2022
Part I: Infrastructure
CHAPTER 1
Understanding Layer 2.. . . . . . . . . . . . . . . . . . . . 1
VLANs Overview.. . . . . . . . . . . . . . . . . . . . 3
Spanning Tree Protocol Overview. . . . . . . . . . . . . . 19
EtherChannels.. . . . . . . . . . . . . . . . . . . . 47
Review Questions.. . . . . . . . . . . . . . . . . . . 57
Further Reading.. . . . . . . . . . . . . . . . . . . . 58
What's Next?.. . . . . . . . . . . . . . . . . . . . . 58
CHAPTER 2
Understanding Layer 3: IGPs.. . . . . . . . . . . . . . . . . 59
IP Routing Essentials. . . . . . . . . . . . . . . . . . 60
Enhanced Interior Gateway Routing Protocol (EIGRP). . . . . . 68
Open Shortest Path First (OSPF).. . . . . . . . . . . . . . 80
Review Questions.. . . . . . . . . . . . . . . . . . . 100
Further Reading.. . . . . . . . . . . . . . . . . . . . 101
What's Next?.. . . . . . . . . . . . . . . . . . . . . 101
CHAPTER 3
Understanding Layer 3: BGP. . . . . . . . . . . . . . . . . 103
BGP Fundamentals.. . . . . . . . . . . . . . . . . . . 104
BGP Configuration and Verification.. . . . . . . . . . . . . 112
Review Questions.. . . . . . . . . . . . . . . . . . . 120
Further Reading.. . . . . . . . . . . . . . . . . . . . 121
What's Next?.. . . . . . . . . . . . . . . . . . . . . 121
CHAPTER 4
IP Services.. . . . . . . . . . . . . . . . . . . . . . . 123
Network Time Protocol (NTP).. . . . . . . . . . . . . . 124
Network Address Translation (NAT).. . . . . . . . . . . . . 134
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 143
Multicast.. . . . . . . . . . . . . . . . . . . . . . 156
Review Questions.. . . . . . . . . . . . . . . . . . . 165
Further Reading.. . . . . . . . . . . . . . . . . . . . 166
What's Next?.. . . . . . . . . . . . . . . . . . . . . 166
CHAPTER 5
Enterprise Wireless.. . . . . . . . . . . . . . . . . . . . 167
Wireless Basics.. . . . . . . . . . . . . . . . . . . . 168
WLC and AP Operation and Pairing. . . . . . . . . . . . . 176
Wireless Roaming. . . . . . . . . . . . . . . . . . . 185
Review Questions.. . . . . . . . . . . . . . . . . . . 191
Further Reading.. . . . . . . . . . . . . . . . . . . . 192
What's Next?.. . . . . . . . . . . . . . . . . . . . . 192
Part II: Security
CHAPTER 6
Device Access Control.. . . . . . . . . . . . . . . . . . . 193
Cisco IOS CLI Session Overview.. . . . . . . . . . . . . . 194
Authentication, Authorization, and Accounting (AAA) Overview.. . . 210
Review Questions.. . . . . . . . . . . . . . . . . . . 217
Further Reading.. . . . . . . . . . . . . . . . . . . . 218
What's Next?.. . . . . . . . . . . . . . . . . . . . . 218
CHAPTER 7
Infrastructure Security.. . . . . . . . . . . . . . . . . . . 219
Access Control Lists (ACLs) Overview. . . . . . . . . . . . 220
Control Plane Policing (CoPP). . . . . . . . . . . . . . . 233
Review Questions.. . . . . . . . . . . . . . . . . . . 236
Further Reading.. . . . . . . . . . . . . . . . . . . . 237
What's Next?.. . . . . . . . . . . . . . . . . . . . . 237
CHAPTER 8
Securing REST APIs. . . . . . . . . . . . . . . . . . . . 239
REST API Security.. . . . . . . . . . . . . . . . . . . 240
Review Questions.. . . . . . . . . . . . . . . . . . . 245
Further Reading.. . . . . . . . . . . . . . . . . . . . 245
What's Next?.. . . . . . . . . . . . . . . . . . . . . 245
CHAPTER 9
Wireless Security.. . . . . . . . . . . . . . . . . . . . . 247
Wireless Authentication Overview. . . . . . . . . . . . . . 248
Review Questions.. . . . . . . . . . . . . . . . . . . 262
Further Reading.. . . . . . . . . . . . . . . . . . . . 262
What's Next?.. . . . . . . . . . . . . . . . . . . . . 263
CHAPTER 10
Network Security Design.. . . . . . . . . . . . . . . . . . 265
Threat Defense. . . . . . . . . . . . . . . . . . . . 266
TrustSec, MACsec. . . . . . . . . . . . . . . . . . . 279
Review Questions.. . . . . . . . . . . . . . . . . . . 284
Further Reading.. . . . . . . . . . . . . . . . . . . . 285
What's Next?.. . . . . . . . . . . . . . . . . . . . . 285
CHAPTER 11
Network Access Control. . . . . . . . . . . . . . . . . . . 287
Cisco Identity Services Engine (ISE).. . . . . . . . . . . . . 288
Review Questions.. . . . . . . . . . . . . . . . . . . 296
Further Reading.. . . . . . . . . . . . . . . . . . . . 296
What's Next?.. . . . . . . . . . . . . . . . . . . . . 297
Part III: Automation
CHAPTER 12
Anatomy of Python. . . . . . . . . . . . . . . . . . . . . 299
Interpreting Python Components and Scripts.. . . . . . . . . . 300
Review Questions.. . . . . . . . . . . . . . . . . . . 313
Further Reading.. . . . . . . . . . . . . . . . . . . . 314
What's Next?.. . . . . . . . . . . . . . . . . . . . . 314
CHAPTER 13
Building JSON Files.. . . . . . . . . . . . . . . . . . . . 315
Data Formats (XML and JSON).. . . . . . . . . . . . . . 316
Review Questions.. . . . . . . . . . . . . . . . . . . 323
Further Reading.. . . . . . . . . . . . . . . . . . . . 324
What's Next?.. . . . . . . . . . . . . . . . . . . . . 324
CHAPTER 14
YANG Data Modeling.. . . . . . . . . . . . . . . . . . . . 325
YANG Data Modeling. . . . . . . . . . . . . . . . . . 326
Review Questions.. . . . . . . . . . . . . . . . . . . 332
Further Reading.. . . . . . . . . . . . . . . . . . . . 332
What's Next?.. . . . . . . . . . . . . . . . . . . . . 332
CHAPTER 15
DNA Center and vManage APIs. . . . . . . . . . . . . . . . 333
APIs for Cisco DNA Center and vManage.. . . . . . . . . . . 334
Review Questions.. . . . . . . . . . . . . . . . . . . 344
Further Reading.. . . . . . . . . . . . . . . . . . . . 344
What's Next?.. . . . . . . . . . . . . . . . . . . . . 344
CHAPTER 16
Interpreting REST API Codes.. . . . . . . . . . . . . . . . . 345
Interpreting REST API Response Codes.. . . . . . . . . . . 346
Review Questions.. . . . . . . . . . . . . . . . . . . 349
Further Reading.. . . . . . . . . . . . . . . . . . . . 349
What's Next?.. . . . . . . . . . . . . . . . . . . . . 349
CHAPTER 17
EEM Applets.. . . . . . . . . . . . . . . . . . . . . . . 351
Embedded Event Manager (EEM).. . . . . . . . . . . . . 352
Review Questions.. . . . . . . . . . . . . . . . . . . 362
Further Reading.. . . . . . . . . . . . . . . . . . . . 362
What's Next?.. . . . . . . . . . . . . . . . . . . . . 362
CHAPTER 18
Configuration Management and Orchestration.. . . . . . . . . . 363
Agent-Based Orchestration Tools.. . . . . . . . . . . . . . 365
Agentless Orchestration Tools. . . . . . . . . . . . . . . 372
Review Questions.. . . . . . . . . . . . . . . . . . . 378
Further Reading.. . . . . . . . . . . . . . . . . . . . 378
What's Next?.. . . . . . . . . . . . . . . . . . . . . 378
Part IV: Architecture
CHAPTER 19
Enterprise Network Design Principles.. . . . . . . . . . . . . . 379
Hierarchical LAN Design Model.. . . . . . . . . . . . . . 380
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 392
Hardware Redundancy Mechanisms.. . . . . . . . . . . . . 400
Review Questions.. . . . . . . . . . . . . . . . . . . 407
Further Reading.. . . . . . . . . . . . . . . . . . . . 408
What's Next?.. . . . . . . . . . . . . . . . . . . . . 408
CHAPTER 20
Wireless LAN Deployments. . . . . . . . . . . . . . . . . . 409
Wireless Deployment Models. . . . . . . . . . . . . . . 410
Wireless Location Services. . . . . . . . . . . . . . . . 427
Review Questions.. . . . . . . . . . . . . . . . . . . 430
Further Reading.. . . . . . . . . . . . . . . . . . . . 431
What's Next?.. . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 21
On-Premises vs. Cloud Infrastructure.. . . . . . . . . . . . . . 433
Cloud Infrastructure Basics.. . . . . . . . . . . . . . . . 434
Cloud Services Models. . . . . . . . . . . . . . . . . . 438
Cloud Deployment Models.. . . . . . . . . . . . . . . . 444
On-Premises or Cloud Infrastructure. . . . . . . . . . . . . 447
Review Questions.. . . . . . . . . . . . . . . . . . . 449
Further Reading.. . . . . . . . . . . . . . . . . . . . 450
What's Next?.. . . . . . . . . . . . . . . . . . . . . 450
CHAPTER 22
SD-WAN.. . . . . . . . . . . . . . . . . . . . . . . . 451
SD-WAN Overview.. . . . . . . . . . . . . . . . . . 452
SD-WAN Architecture Components.. . . . . . . . . . . . . 459
Review Questions.. . . . . . . . . . . . . . . . . . . 465
Further Reading.. . . . . . . . . . . . . . . . . . . . 466
What's Next?.. . . . . . . . . . . . . . . . . . . . . 466
CHAPTER 23
SD-Access. . . . . . . . . . . . . . . . . . . . . . . . 467
SD-Access Overview.. . . . . . . . . . . . . . . . . . 468
SD-Access Architecture.. . . . . . . . . . . . . . . . . 471
SD-Access Operational Planes.. . . . . . . . . . . . . . . 474
SD-Access Fabric Roles and Components.. . . . . . . . . . . 477
Review Questions.. . . . . . . . . . . . . . . . . . . 484
Further Reading.. . . . . . . . . . . . . . . . . . . . 484
What's Next?.. . . . . . . . . . . . . . . . . . . . . 485
CHAPTER 24
QoS. . . . . . . . . . . . . . . . . . . . . . . . . . 487
The Need for QoS.. . . . . . . . . . . . . . . . . . . 488
QoS Models and Components.. . . . . . . . . . . . . . . 493
Congestion Management and Congestion Avoidance.. . . . . . . 499
Review Questions.. . . . . . . . . . . . . . . . . . . 503
Further Reading.. . . . . . . . . . . . . . . . . . . . 503
What's Next?.. . . . . . . . . . . . . . . . . . . . . 504
CHAPTER 25
Switching.. . . . . . . . . . . . . . . . . . . . . . . . 505
Traffic Forwarding Basics. . . . . . . . . . . . . . . . . 506
Forwarding Architectures. . . . . . . . . . . . . . . . . 511
Review Questions.. . . . . . . . . . . . . . . . . . . 522
Further Reading.. . . . . . . . . . . . . . . . . . . . 523
What's Next?.. . . . . . . . . . . . . . . . . . . . . 523
Part V: Virtualization
CHAPTER 26
Basic Virtualization.. . . . . . . . . . . . . . . . . . . . 525
Virtualization Overview.. . . . . . . . . . . . . . . . . 526
Virtual Machines (VMs). . . . . . . . . . . . . . . . . 532
Virtual Switching.. . . . . . . . . . . . . . . . . . . 535
Review Questions.. . . . . . . . . . . . . . . . . . . 542
Further Reading.. . . . . . . . . . . . . . . . . . . . 543
What's Next?.. . . . . . . . . . . . . . . . . . . . . 543
CHAPTER 27
VRF Instances, GRE, and IPsec. . . . . . . . . . . . . . . . 545
Virtual Routing and Forwarding (VRF).. . . . . . . . . . . . 546
Generic Routing Encapsulation (GRE).. . . . . . . . . . . . 552
IPsec VPNs.. . . . . . . . . . . . . . . . . . . . . 558
Review Questions.. . . . . . . . . . . . . . . . . . . 570
Further Reading.. . . . . . . . . . . . . . . . . . . . 571
What's Next?.. . . . . . . . . . . . . . . . . . . . . 571
CHAPTER 28
Extending the Network Virtually.. . . . . . . . . . . . . . . . 573
Locator ID/Separation Protocol (LISP).. . . . . . . . . . . . 574
Virtual Extensible LAN (VXLAN).. . . . . . . . . . . . . 580
Review Questions.. . . . . . . . . . . . . . . . . . . 585
Further Reading.. . . . . . . . . . . . . . . . . . . . 586
What's Next?.. . . . . . . . . . . . . . . . . . . . . 586
Part VI: Network Assurance
CHAPTER 29
Troubleshooting.. . . . . . . . . . . . . . . . . . . . . . 587
Troubleshooting Overview.. . . . . . . . . . . . . . . . 588
Simple Network Management Protocol (SNMP).. . . . . . . . 604
Review Questions.. . . . . . . . . . . . . . . . . . . 610
Further Reading.. . . . . . . . . . . . . . . . . . . . 611
What's Next?.. . . . . . . . . . . . . . . . . . . . . 611
CHAPTER 30
Monitoring. . . . . . . . . . . . . . . . . . . . . . . . 613
Syslog.. . . . . . . . . . . . . . . . . . . . . . . 614
NetFlow and Flexible NetFlow. . . . . . . . . . . . . . . 620
Switch Port Analyzer (SPAN), Remote SPAN (RSPAN), and Encapsulated
Remote SPAN (ERSPAN)... 632
Review Questions.. . . . . . . . . . . . . . . . . . . 639
Further Reading.. . . . . . . . . . . . . . . . . . . . 640
What's Next?.. . . . . . . . . . . . . . . . . . . . . 640
CHAPTER 31
IP SLA and DNA Center.. . . . . . . . . . . . . . . . . . . 641
IP SLA Overview.. . . . . . . . . . . . . . . . . . . 642
Cisco DNA Center Assurance. . . . . . . . . . . . . . . 652
Review Questions.. . . . . . . . . . . . . . . . . . . 660
Further Reading.. . . . . . . . . . . . . . . . . . . . 660
What's Next?.. . . . . . . . . . . . . . . . . . . . . 660
CHAPTER 32
NETCONF and RESTCONF.. . . . . . . . . . . . . . . . . . 661
NETCONF. . . . . . . . . . . . . . . . . . . . . 662
RESTCONF.. . . . . . . . . . . . . . . . . . . . . 668
Review Questions.. . . . . . . . . . . . . . . . . . . 671
Further Reading.. . . . . . . . . . . . . . . . . . . . 671
What's Next?.. . . . . . . . . . . . . . . . . . . . . 671
Glossary.. . . . . . . . . . . . . . . . . . . . . . . . 673
9780136891932, TOC, 2/15/2022