Cisco Networking Academy
Enterprise Networking, Security, and Automation Companion Guide (Ccnav7)
Cisco Networking Academy
Enterprise Networking, Security, and Automation Companion Guide (Ccnav7)
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Enterprise Networking, Security, and Automation (CCNA v7) Companion Guide is designed as a portable desk reference to use anytime, anywhere to reinforce the material from the Enterprise Networking, Security, and Automation course and organize your time. The book's features help students focus on important concepts to succeed in this course: * Chapter Objectives ? Review core concepts by answering the focus questions listed at the beginning of each chapter. * Key Terms ? Refer to the lists of networking vocabulary introduced and highlighted in context in each chapter. * Glossary ? Consult the…mehr
Andere Kunden interessierten sich auch für
- Allan JohnsonEnterprise Networking, Security, and Automation Course Booklet (Ccnav7)47,99 €
- Cisco Networking AcademyIntroduction to Networks Companion Guide (Ccnav7)108,99 €
- Cisco Networking AcademyIntroduction to Networks Course Booklet (Ccnav7)48,99 €
- Allan JohnsonIntroduction to Networks V6 Labs & Study Guide67,99 €
- Cisco Networking AcademyRouting and Switching Essentials V6 Labs & Study Guide67,99 €
- Ryan ChaneySecuring Enterprise Networks with Cisco Meraki77,99 €
- Cisco Networking AcademyIntroduction to Networks V6 Course Booklet43,99 €
-
-
-
Enterprise Networking, Security, and Automation (CCNA v7) Companion Guide is designed as a portable desk reference to use anytime, anywhere to reinforce the material from the Enterprise Networking, Security, and Automation course and organize your time. The book's features help students focus on important concepts to succeed in this course: * Chapter Objectives ? Review core concepts by answering the focus questions listed at the beginning of each chapter. * Key Terms ? Refer to the lists of networking vocabulary introduced and highlighted in context in each chapter. * Glossary ? Consult the comprehensive Glossary with more than 250 terms. * Summary of Activities and Labs ? Maximize your study time with this complete list of all associated practice exercises at the end of each chapter. * Check Your Understanding ? Evaluate your readiness with the end-of-chapter questions that match the style of questions you see in the online course quizzes. The answer key explains each answer. * How To ? Look for this icon to study the steps you need to learn to perform certain tasks. * Interactive Activities ? Reinforce your understanding of topics with dozens of exercises from the online course identified throughout the book with this icon. * Packet Tracer Activities ? Explore and visualize networking concepts using Packet Tracer exercises interspersed throughout the chapters and provided in the accompanying Labs & Study Guide book. * Videos ? Watch the videos embedded within the online course. * Hands-on Labs ? Work through all the course labs and additional Class Activities that are included in the course and published in the separate Labs & Study Guide. Part of the Cisco Networking Academy Series from Cisco Press, books in this series support and complement the Cisco Networking Academy curriculum.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Produktdetails
- Produktdetails
- Verlag: Pearson Education
- Seitenzahl: 800
- Erscheinungstermin: 16. Juli 2020
- Englisch
- Abmessung: 234mm x 203mm x 30mm
- Gewicht: 1247g
- ISBN-13: 9780136634324
- ISBN-10: 013663432X
- Artikelnr.: 58342868
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
- Verlag: Pearson Education
- Seitenzahl: 800
- Erscheinungstermin: 16. Juli 2020
- Englisch
- Abmessung: 234mm x 203mm x 30mm
- Gewicht: 1247g
- ISBN-13: 9780136634324
- ISBN-10: 013663432X
- Artikelnr.: 58342868
- Herstellerkennzeichnung
- Libri GmbH
- Europaallee 1
- 36244 Bad Hersfeld
- 06621 890
Cisco Networking Academy teaches hundreds of thousands of students annually the skills needed to build, design, and maintain networks, improving their career prospects while filling the global demand for networking professionals. With 10,000 academies in 165 countries, it helps individuals prepare for industry-recognized certifications and entry-level information and communication technology careers in virtually every industry—developing foundational technical skills while acquiring vital 21st-century career skills in problem solving, collaboration, and critical thinking. Cisco Networking Academy uses a public-private partnership model to create the "world's largest classroom."
Introduction xxxi
Chapter 1 Single-Area OSPFv2 Concepts 1
Objectives 1
Key Terms 1
Introduction (1.0) 3
OSPF Features and Characteristics (1.1) 3
Introduction to OSPF (1.1.1) 3
Components of OSPF (1.1.2) 4
Routing Protocol Messages 4
Data Structures 4
Algorithm 5
Link-State Operation (1.1.3) 6
1. Establish Neighbor Adjacencies 6
2. Exchange Link-State Advertisements 6
3. Build the Link-State Database 7
4. Execute the SPF Algorithm 8
5. Choose the Best Route 8
Single-Area and Multiarea OSPF (1.1.4) 9
Multiarea OSPF (1.1.5) 10
OSPFv3 (1.1.6) 12
OSPF Packets (1.2) 13
Types of OSPF Packets (1.2.2) 13
Link-State Updates (1.2.3) 14
Hello Packet (1.2.4) 15
OSPF Operation (1.3) 17
OSPF Operational States (1.3.2) 17
Establish Neighbor Adjacencies (1.3.3) 18
1. Down State to Init State 18
2. The Init State 19
3. Two-Way State 19
4. Elect the DR and BDR 20
Synchronizing OSPF Databases (1.3.4) 20
1. Decide First Router 21
2. Exchange DBDs 21
3. Send an LSR 22
The Need for a DR (1.3.5) 23
LSA Flooding with a DR (1.3.6) 24
Flooding LSAs 24
LSAs and DR 25
Summary (1.4) 27
OSPF Features and Characteristics 27
OSPF Packets 28
OSPF Operation 28
Practice 29
Check Your Understanding 29
Chapter 2 Single-Area OSPFv2 Configuration 33
Objectives 33
Key Terms 33
Introduction (2.0) 34
OSPF Router ID (2.1) 34
OSPF Reference Topology (2.1.1) 34
Router Configuration Mode for OSPF (2.1.2) 35
Router IDs (2.1.3) 36
Router ID Order of Precedence (2.1.4) 36
Configure a Loopback Interface as the Router ID (2.1.5) 37
Explicitly Configure a Router ID (2.1.6) 38
Modify a Router ID (2.1.7) 39
Point-to-Point OSPF Networks (2.2) 40
The network Command Syntax (2.2.1) 40
The Wildcard Mask (2.2.2) 41
Configure OSPF Using the network Command (2.2.4) 41
Configure OSPF Using the ip ospf Command (2.2.6) 43
Passive Interface (2.2.8) 44
Configure Passive Interfaces (2.2.9) 45
OSPF Point-to-Point Networks (2.2.11) 46
Loopbacks and Point-to-Point Networks (2.2.12) 48
Multiaccess OSPF Networks (2.3) 49
OSPF Network Types (2.3.1) 49
OSPF Designated Router (2.3.2) 49
OSPF Multiaccess Reference Topology (2.3.3) 51
Verify OSPF Router Roles (2.3.4) 52
R1 DROTHER 52
R2 BDR 53
R3 DR 53
Verify DR/BDR Adjacencies (2.3.5) 54
R1 Adjacencies 55
R2 Adjacencies 55
R3 Adjacencies 56
Default DR/BDR Election Process (2.3.6) 56
DR Failure and Recovery (2.3.7) 58
R3 Fails 58
R3 Rejoins Network 59
R4 Joins Network 59
R2 Fails 59
The ip ospf priority Command (2.3.8) 61
Configure OSPF Priority (2.3.9) 61
Modify Single-Area OSPFv2 (2.4) 63
Cisco OSPF Cost Metric (2.4.1) 63
Adjust the Reference Bandwidth (2.4.2) 64
OSPF Accumulates Costs (2.4.3) 66
Manually Set OSPF Cost Value (2.4.4) 67
Test Failover to Backup Route (2.4.5) 69
Hello Packet Intervals (2.4.7) 69
Verify Hello and Dead Intervals (2.4.8) 70
Modify OSPFv2 Intervals (2.4.9) 71
Default Route Propagation (2.5) 73
Propagate a Default Static Route in OSPFv2 (2.5.1) 74
Verify the Propagated Default Route (2.5.2) 75
Verify Single-Area OSPFv2 (2.6) 77
Verify OSPF Neighbors (2.6.1) 77
Verify OSPF Protocol Settings (2.6.2) 79
Verify OSPF Process Information (2.6.3) 80
Verify OSPF Interface Settings (2.6.4) 81
Summary (2.7) 83
OSPF Router ID 83
Point-to-Point OSPF Networks 83
OSPF Network Types 84
Modify Single-Area OSPFv2 85
Default Route Propagation 86
Verify Single-Area OSPFv2 86
Practice 87
Check Your Understanding 88
Chapter 3 Network Security Concepts 93
Objectives 93
Key Terms 93
Introduction 95
Ethical Hacking Statement (3.0.3) 95
Current State of Cybersecurity (3.1) 95
Current State of Affairs (3.1.1) 95
Vectors of Network Attacks (3.1.2) 96
Data Loss (3.1.3) 97
Threat Actors (3.2) 98
The Hacker (3.2.1) 98
Evolution of Hackers (3.2.2) 99
Cyber Criminals (3.2.3) 100
Hacktivists (3.2.4) 100
State-Sponsored Hackers (3.2.5) 100
Threat Actor Tools (3.3) 101
Introduction to Attack Tools (3.3.2) 101
Evolution of Security Tools (3.3.3) 102
Attack Types (3.3.4) 104
Malware (3.4) 106
Overview of Malware (3.4.1) 106
Viruses and Trojan Horses (3.4.2) 106
Other Types of Malware (3.4.3) 108
Common Network Attacks (3.5) 109
Overview of Network Attacks (3.5.1) 109
Reconnaissance Attacks (3.5.3) 109
Access Attacks (3.5.5) 110
Trust Exploitation Example 111
Port Redirection Example 112
Man-in-the-Middle Attack Example 112
Buffer Overflow Attack 112
Social Engineering Attacks (3.5.6) 114
DoS and DDoS Attacks (3.5.9) 115
DoS Attack 116
DDoS Attack 116
IP Vulnerabilities and Threats (3.6) 117
IPv4 and IPv6 (3.6.2) 118
ICMP Attacks (3.6.3) 118
Amplification and Reflection Attacks (3.6.5) 119
Address Spoofing Attacks (3.6.6) 120
TCP and UDP Vulnerabilities (3.7) 122
TCP Segment Header (3.7.1) 122
TCP Services (3.7.2) 123
TCP Attacks (3.7.3) 124
TCP SYN Flood Attack 124
TCP Reset Attack 125
TCP Session Hijacking 126
UDP Segment Header and Operation (3.7.4) 126
UDP Attacks (3.7.5) 127
UDP Flood Attacks 127
IP Services 127
ARP Vulnerabilities (3.8.1) 127
ARP Cache Poisoning (3.8.2) 128
ARP Request 128
ARP Reply 129
Spoofed Gratuitous ARP Replies 130
DNS Attacks (3.8.4) 131
DNS Open Resolver Attacks 131
DNS Stealth Attacks 132
DNS Domain Shadowing Attacks 132
DNS Tunneling (3.8.5) 132
DHCP (3.8.6) 133
DHCP Attacks (3.8.7) 134
1. Client Broadcasts DHCP Discovery Messages 134
2. DHCP Servers Respond with Offers 134
3. Client Accepts Rogue DHCP Request 136
4. Rogue DHCP Acknowledges the Request 136
Network Security Best Practices (3.9) 137
Confidentiality, Integrity, and Availability (3.9.1) 137
The Defense-in-Depth Approach (3.9.2) 138
Firewalls (3.9.3) 139
IPS (3.9.4) 140
Content Security Appliances (3.9.5) 141
Cisco Email Security Appliance (ESA) 142
Cisco Web Security Appliance (WSA) 142
Cryptography (3.10) 143
Securing Communications (3.10.2) 143
Data Integrity (3.10.3) 144
Hash Functions (3.10.4) 145
MD5 with 128-Bit Digest 145
SHA Hashing Algorithm 146
SHA-2 146
SHA-3 146
Origin Authentication (3.10.5) 147
HMAC Hashing Algorithm 147
Creating the HMAC Value 148
Verifying the HMAC Value 149
Cisco Router HMAC Example 149
Data Confidentiality (3.10.6) 150
Symmetric Encryption (3.10.7) 151
Asymmetric Encryption (3.10.8) 152
Diffie-Hellman (3.10.9) 155
Summary (3.11) 157
Current State of Cybersecurity 157
Threat Actors 157
Threat Actor Tools 157
Malware 157
Common Network Attacks 158
IP Vulnerabilities and Threats 158
TCP and UDP Vulnerabilities 158
IP Services 158
Network Security Best Practices 159
Cryptography 159
Practice 159
Check Your Understanding 160
Chapter 4 ACL Concepts 163
Objectives 163
Key Terms 163
Introduction (4.0) 164
Purpose of ACLs (4.1) 164
What Is an ACL? (4.1.1) 164
Packet Filtering (4.1.2) 165
ACL Operation (4.1.3) 166
Wildcard Masks in ACLs (4.2) 168
Wildcard Mask Overview (4.2.1) 168
Wildcard Mask Types (4.2.2) 169
Wildcard to Match a Host 169
Wildcard Mask to Match an IPv4 Subnet 169
Wildcard Mask to Match an IPv4 Address Range 170
Wildcard Mask Calculation (4.2.3) 170
Example 1 171
Example 2 171
Example 3 171
Example 4 172
Wildcard Mask Keywords (4.2.4) 172
Guidelines for ACL Creation (4.3) 173
Limited Number of ACLs per Interface (4.3.1) 173
ACL Best Practices (4.3.2) 174
Types of IPv4 ACLs (4.4) 175
Standard and Extended ACLs (4.4.1) 175
Numbered and Named ACLs (4.4.2) 176
Numbered ACLs 176
Named ACLs 177
Where to Place ACLs (4.4.3) 177
Standard ACL Placement Example (4.4.4) 179
Extended ACL Placement Example (4.4.5) 180
Summary (4.5) 182
Purpose of ACLs 182
Wildcard Masks 182
Guidelines for ACL Creation 183
Types of IPv4 ACLs 183
Practice 184
Check Your Understanding Questions 184
Chapter 5 ACLs for IPv4 Configuration 187
Objectives 187
Key Term 187
Introduction (5.0) 188
Configure Standard IPv4 ACLs (5.1) 188
Create an ACL (5.1.1) 188
Numbered Standard IPv4 ACL Syntax (5.1.2) 188
Named Standard IPv4 ACL Syntax (5.1.3) 189
Apply a Standard IPv4 ACL (5.1.4) 190
Numbered Standard IPv4 ACL Example (5.1.5) 191
Named Standard IPv4 ACL Example (5.1.6) 193
Modify IPv4 ACLs (5.2) 195
Two Methods to Modify an ACL (5.2.1) 196
Text Editor Method (5.2.2) 196
Sequence Numbers Method (5.2.3) 197
Modify a Named ACL Example (5.2.4) 198
ACL Statistics (5.2.5) 199
Secure VTY Ports with a Standard IPv4 ACL (5.3) 200
The access-class Command (5.3.1) 200
Secure VTY Access Example (5.3.2) 200
Verify the VTY Port Is Secured (5.3.3) 202
Configure Extended IPv4 ACLs (5.4) 203
Extended ACLs (5.4.1) 203
Numbered Extended IPv4 ACL Syntax (5.4.2) 204
Protocols and Ports (5.4.3) 206
Protocol Options 206
Port Keyword Options 207
Protocols and Port Numbers Configuration Examples (5.4.4) 208
Apply a Numbered Extended IPv4 ACL (5.4.5) 209
TCP Established Extended ACL (5.4.6) 210
Named Extended IPv4 ACL Syntax (5.4.7) 212
Named Extended IPv4 ACL Example (5.4.8) 212
Edit Extended ACLs (5.4.9) 213
Another Named Extended IPv4 ACL Example (5.4.10) 214
Verify Extended ACLs (5.4.11) 216
show ip interface 216
show access-lists 217
show running-config 218
Summary (5.5) 219
Configure Standard IPv4 ACLs 219
Modify IPv4 ACLs 219
Secure VTY Ports with a Standard IPv4 ACL 220
Configure Extended IPv4 ACLs 220
Practice 221
Check Your Understanding Questions 222
Chapter 6 NAT for IPv4 225
Objectives 225
Key Terms 225
Introduction (6.0) 226
NAT Characteristics (6.1) 226
IPv4 Private Address Space (6.1.1) 226
What Is NAT? (6.1.2) 227
How NAT Works (6.1.3) 228
NAT Terminology (6.1.4) 229
Inside Local 230
Inside Global 230
Outside Global 231
Outside Local 231
Types of NAT (6.2) 231
Static NAT (6.2.1) 231
Dynamic NAT (6.2.2) 232
Port Address Translation (6.2.3) 233
Next Available Port (6.2.4) 235
NAT and PAT Comparison (6.2.5) 236
NAT 236
PAT 237
Packets Without a Layer 4 Segment (6.2.6) 237
NAT Advantages and Disadvantages (6.3) 238
Advantages of NAT (6.3.1) 238
Disadvantages of NAT (6.3.2) 238
Static NAT (6.4) 239
Static NAT Scenario (6.4.1) 240
Configure Static NAT (6.4.2) 240
Analyze Static NAT (6.4.3) 241
Verify Static NAT (6.4.4) 242
Dynamic NAT (6.5) 244
Dynamic NAT Scenario (6.5.1) 244
Configure Dynamic NAT (6.5.2) 245
Analyze Dynamic NATInside to Outside (6.5.3) 247
Analyze Dynamic NATOutside to Inside (6.5.4) 248
Verify Dynamic NAT (6.5.5) 249
PAT (6.6) 251
PAT Scenario (6.6.1) 251
Configure PAT to Use a Single IPv4 Address (6.6.2) 252
Configure PAT to Use an Address Pool (6.6.3) 253
Analyze PATPC to Server (6.6.4) 254
Analyze PATServer to PC (6.6.5) 255
Verify PAT (6.6.6) 256
NAT64 (6.7) 258
NAT for IPv6? (6.7.1) 258
NAT64 (6.7.2) 258
Summary (6.8) 260
NAT Characteristics 260
Types of NAT 260
NAT Advantages and Disadvantages 261
Static NAT 261
Dynamic NAT 262
PAT 262
NAT64 263
Practice 264
Check Your Understanding Questions 264
Chapter 7 WAN Concepts 269
Objectives 269
Key Terms 269
Introduction (7.0) 272
Purpose of WANs (7.1) 272
LANs and WANs (7.1.1) 272
Private and Public WANs (7.1.2) 273
WAN Topologies (7.1.3) 274
Point-to-Point Topology 274
Hub-and-Spoke Topology 275
Dual-homed Topology 276
Fully Meshed Topology 276
Partially Meshed Topology 277
Carrier Connections (7.1.4) 278
Single-Carrier WAN Connection 278
Dual-Carrier WAN Connection 278
Evolving Networks (7.1.5) 279
Small Network 279
Campus Network 280
Branch Network 281
Distributed Network 282
WAN Operations (7.2) 283
WAN Standards (7.2.1) 283
WANs in the OSI Model (7.2.2) 284
Layer 1 Protocols 284
Layer 2 Protocols 284
Common WAN Terminology (7.2.3) 285
WAN Devices (7.2.4) 287
Serial Communication (7.2.5) 289
Circuit-Switched Communication (7.2.6) 290
Packet-Switched Communications (7.2.7) 290
SDH, SONET, and DWDM (7.2.8) 291
Traditional WAN Connectivity (7.3) 292
Traditional WAN Connectivity Options (7.3.1) 293
Common WAN Terminology (7.3.2) 293
Circuit-Switched Options (7.3.3) 295
Public Service Telephone Network (PSTN) 295
Integrated Services Digital Network (ISDN) 295
Packet-Switched Options (7.3.4) 295
Frame Relay 295
Asynchronous Transfer Mode (ATM) 296
Modern WAN Connectivity (7.4) 296
Modern WANs (7.4.1) 296
Modern WAN Connectivity Options (7.4.2) 297
Dedicated Broadband 297
Packet-Switched 298
Internet-Based Broadband 298
Ethernet WAN (7.4.3) 298
MPLS (7.4.4) 300
Internet-Based Connectivity (7.5) 301
Internet-Based Connectivity Options (7.5.1) 301
Wired Options 302
Wireless Options 302
DSL Technology (7.5.2) 302
DSL Connections (7.5.3) 303
DSL and PPP (7.5.4) 303
Host with PPPoE Client 304
Router PPPoE Client 304
Cable Technology (7.5.5) 305
Optical Fiber (7.5.6) 305
Wireless Internet-Based Broadband (7.5.7) 306
Municipal Wi-Fi 306
Cellular 306
Satellite Internet 307
WiMAX 307
VPN Technology (7.5.8) 308
ISP Connectivity Options (7.5.9) 309
Single-Homed 309
Dual-Homed 309
Multihomed 309
Dual-Multihomed 310
Broadband Solution Comparison (7.5.10) 311
Summary (7.6) 312
Purpose of WANs 312
WAN Operations 312
Traditional WAN Connectivity 313
Modern WAN Connectivity 314
Internet-Based Connectivity 314
Practice 315
Check Your Understanding Questions 316
Chapter 8 VPN and IPsec Concepts 319
Objectives 319
Key Terms 319
Introduction (8.0) 321
VPN Technology (8.1) 321
Virtual Private Networks (8.1.1) 321
VPN Benefits (8.1.2) 322
Site-to-Site and Remote-Access VPNs (8.1.3) 323
Site-to-Site VPN 323
Remote-Access VPN 324
Enterprise and Service Provider VPNs (8.1.4) 324
Types of VPNs (8.2) 325
Remote-Access VPNs (8.2.1) 325
SSL VPNs (8.2.2) 326
Site-to-Site IPsec VPNs (8.2.3) 327
GRE over IPsec (8.2.4) 328
Dynamic Multipoint VPNs (8.2.5) 330
IPsec Virtual Tunnel Interface (8.2.6) 331
Service Provider MPLS VPNs (8.2.7) 332
IPsec (8.3) 333
IPsec Technologies (8.3.2) 333
IPsec Protocol Encapsulation (8.3.3) 336
Confidentiality (8.3.4) 336
Integrity (8.3.5) 338
Authentication (8.3.6) 339
Secure Key Exchange with Diffie-Hellman (8.3.7) 342
Summary (8.4) 344
VPN Technology 344
Types of VPNs 344
IPsec 344
Practice 345
Check Your Understanding Questions 345
Chapter 9 QoS Concepts 351
Objectives 351
Key Terms 351
Introduction (9.0) 353
Network Transmission Quality (9.1) 353
Prioritizing Traffic (9.1.2) 353
Bandwidth, Congestion, Delay, and Jitter (9.1.3) 354
Packet Loss (9.1.4) 355
Traffic Characteristics (9.2) 357
Network Traffic Trends (9.2.2) 357
Voice (9.2.3) 358
Video (9.2.4) 358
Data (9.2.5) 360
Queuing Algorithms (9.3) 361
Queuing Overview (9.3.2) 361
First-In, First Out (9.3.3) 362
Weighted Fair Queuing (WFQ) (9.3.4) 362
Limitations of WFQ 363
Class-Based Weighted Fair Queuing (CBWFQ) (9.3.5) 364
Low Latency Queuing (LLQ) (9.3.6) 365
QoS Models (9.4) 366
Selecting an Appropriate QoS Policy Model (9.4.2) 366
Best Effort (9.4.3) 366
Integrated Services (9.4.4) 367
Differentiated Services (9.4.5) 369
QoS Implementation Techniques (9.5) 370
Avoiding Packet Loss (9.5.2) 371
QoS Tools (9.5.3) 371
Classification and Marking (9.5.4) 372
Marking at Layer 2 (9.5.5) 373
Marking at Layer 3 (9.5.6) 374
Type of Service and Traffic Class Field (9.5.7) 375
DSCP Values (9.5.8) 376
Class Selector Bits (9.5.9) 377
Trust Boundaries (9.5.10) 378
Congestion Avoidance (9.5.11) 379
Shaping and Policing (9.5.12) 380
QoS Policy Guidelines (9.5.13) 381
Summary (9.6) 382
Network Transmission Quality 382
Traffic Characteristics 382
Queuing Algorithms 383
QoS Models 383
QoS Implementation Techniques 384
Practice 385
Check Your Understanding Questions 385
Chapter 10 Network Management 389
Objectives 389
Key Terms 389
Introduction (10.0) 390
Device Discovery with CDP (10.1) 390
CDP Overview (10.1.1) 390
Configure and Verify CDP (10.1.2) 391
Discover Devices by Using CDP (10.1.3) 393
Device Discovery with LLDP (10.2) 396
LLDP Overview (10.2.1) 396
Configure and Verify LLDP (10.2.2) 397
Discover Devices by Using LLDP (10.2.3) 397
NTP (10.3) 400
Time and Calendar Services (10.3.1) 400
NTP Operation (10.3.2) 401
Stratum 0 402
Stratum 1 402
Stratum 2 and Lower 402
Configure and Verify NTP (10.3.3) 402
SNMP 405
Introduction to SNMP (10.4.1) 405
SNMP Operation (10.4.2) 406
SNMP Agent Traps (10.4.3) 408
SNMP Versions (10.4.4) 409
Community Strings (10.4.6) 412
MIB Object ID (10.4.7) 415
SNMP Polling Scenario (10.4.8) 415
SNMP Object Navigator (10.4.9) 417
Syslog (10.5) 418
Introduction to Syslog (10.5.1) 418
Syslog Operation (10.5.2) 420
Syslog Message Format (10.5.3) 421
Syslog Facilities (10.5.4) 422
Configure Syslog Timestamp (10.5.5) 422
Router and Switch File Maintenance (10.6) 423
Router File Systems (10.6.1) 424
The Flash File System 425
The NVRAM File System 425
Switch File Systems (10.6.2) 426
Use a Text File to Back Up a Configuration (10.6.3) 427
Use a Text File to Restore a Configuration (10.6.4) 428
Use TFTP to Back Up and Restore a Configuration (10.6.5) 428
USB Ports on a Cisco Router (10.6.6) 430
Use USB to Back Up and Restore a Configuration (10.6.7) 430
Restore Configurations with a USB Flash Drive 432
Password Recovery Procedures (10.6.8) 433
Password Recovery Example (10.6.9) 433
Step 1. Enter the ROMMON mode 433
Step 2. Change the configuration register 434
Step 3. Copy the startup-config to the running-config 434
Step 4. Change the password 435
Step 5. Save the running-config as the new startup-config 435
Step 6. Reload the device 435
IOS Image Management 437
TFTP Servers as a Backup Location (10.7.2) 437
Backup IOS Image to TFTP Server Example (10.7.3) 438
Step 1. Ping the TFTP server 438
Step 2. Verify image size in flash 439
Step 3. Copy the image to the TFTP server 439
Copy an IOS Image to a Device Example (10.7.4) 439
Step 1. Ping the TFTP server 440
Step 2. Verify the amount of free flash 440
Step 3. Copy the new IOS image to flash 441
The boot system Command (10.7.5) 441
Summary (10.8) 443
Device Discovery with CDP 443
Device Discovery with LLDP 443
NTP 443
SNMP 444
Syslog 444
Router and Switch File Maintenance 445
IOS Image Management 446
Practice 446
Check Your Understanding Questions 447
Chapter 11 Network Design 453
Objectives 453
Key Terms 453
Introduction (11.0) 455
Hierarchical Networks (11.1) 455
The Need to Scale the Network (11.1.2) 455
Borderless Switched Networks (11.1.3) 458
Hierarchy in the Borderless Switched Network (11.1.4) 459
Three-Tier Model 460
Two-Tier Model 461
Access, Distribution, and Core Layer Functions (11.1.5) 462
Access Layer 462
Distribution Layer 462
Core Layer 462
Three-Tier and Two-Tier Examples (11.1.6) 462
Three-Tier Example 463
Two-Tier Example 464
Role of Switched Networks (11.1.7) 464
Scalable Networks (11.2) 465
Design for Scalability (11.2.1) 465
Redundant Links 466
Multiple Links 466
Scalable Routing Protocol 467
Wireless Connectivity 468
Plan for Re
Chapter 1 Single-Area OSPFv2 Concepts 1
Objectives 1
Key Terms 1
Introduction (1.0) 3
OSPF Features and Characteristics (1.1) 3
Introduction to OSPF (1.1.1) 3
Components of OSPF (1.1.2) 4
Routing Protocol Messages 4
Data Structures 4
Algorithm 5
Link-State Operation (1.1.3) 6
1. Establish Neighbor Adjacencies 6
2. Exchange Link-State Advertisements 6
3. Build the Link-State Database 7
4. Execute the SPF Algorithm 8
5. Choose the Best Route 8
Single-Area and Multiarea OSPF (1.1.4) 9
Multiarea OSPF (1.1.5) 10
OSPFv3 (1.1.6) 12
OSPF Packets (1.2) 13
Types of OSPF Packets (1.2.2) 13
Link-State Updates (1.2.3) 14
Hello Packet (1.2.4) 15
OSPF Operation (1.3) 17
OSPF Operational States (1.3.2) 17
Establish Neighbor Adjacencies (1.3.3) 18
1. Down State to Init State 18
2. The Init State 19
3. Two-Way State 19
4. Elect the DR and BDR 20
Synchronizing OSPF Databases (1.3.4) 20
1. Decide First Router 21
2. Exchange DBDs 21
3. Send an LSR 22
The Need for a DR (1.3.5) 23
LSA Flooding with a DR (1.3.6) 24
Flooding LSAs 24
LSAs and DR 25
Summary (1.4) 27
OSPF Features and Characteristics 27
OSPF Packets 28
OSPF Operation 28
Practice 29
Check Your Understanding 29
Chapter 2 Single-Area OSPFv2 Configuration 33
Objectives 33
Key Terms 33
Introduction (2.0) 34
OSPF Router ID (2.1) 34
OSPF Reference Topology (2.1.1) 34
Router Configuration Mode for OSPF (2.1.2) 35
Router IDs (2.1.3) 36
Router ID Order of Precedence (2.1.4) 36
Configure a Loopback Interface as the Router ID (2.1.5) 37
Explicitly Configure a Router ID (2.1.6) 38
Modify a Router ID (2.1.7) 39
Point-to-Point OSPF Networks (2.2) 40
The network Command Syntax (2.2.1) 40
The Wildcard Mask (2.2.2) 41
Configure OSPF Using the network Command (2.2.4) 41
Configure OSPF Using the ip ospf Command (2.2.6) 43
Passive Interface (2.2.8) 44
Configure Passive Interfaces (2.2.9) 45
OSPF Point-to-Point Networks (2.2.11) 46
Loopbacks and Point-to-Point Networks (2.2.12) 48
Multiaccess OSPF Networks (2.3) 49
OSPF Network Types (2.3.1) 49
OSPF Designated Router (2.3.2) 49
OSPF Multiaccess Reference Topology (2.3.3) 51
Verify OSPF Router Roles (2.3.4) 52
R1 DROTHER 52
R2 BDR 53
R3 DR 53
Verify DR/BDR Adjacencies (2.3.5) 54
R1 Adjacencies 55
R2 Adjacencies 55
R3 Adjacencies 56
Default DR/BDR Election Process (2.3.6) 56
DR Failure and Recovery (2.3.7) 58
R3 Fails 58
R3 Rejoins Network 59
R4 Joins Network 59
R2 Fails 59
The ip ospf priority Command (2.3.8) 61
Configure OSPF Priority (2.3.9) 61
Modify Single-Area OSPFv2 (2.4) 63
Cisco OSPF Cost Metric (2.4.1) 63
Adjust the Reference Bandwidth (2.4.2) 64
OSPF Accumulates Costs (2.4.3) 66
Manually Set OSPF Cost Value (2.4.4) 67
Test Failover to Backup Route (2.4.5) 69
Hello Packet Intervals (2.4.7) 69
Verify Hello and Dead Intervals (2.4.8) 70
Modify OSPFv2 Intervals (2.4.9) 71
Default Route Propagation (2.5) 73
Propagate a Default Static Route in OSPFv2 (2.5.1) 74
Verify the Propagated Default Route (2.5.2) 75
Verify Single-Area OSPFv2 (2.6) 77
Verify OSPF Neighbors (2.6.1) 77
Verify OSPF Protocol Settings (2.6.2) 79
Verify OSPF Process Information (2.6.3) 80
Verify OSPF Interface Settings (2.6.4) 81
Summary (2.7) 83
OSPF Router ID 83
Point-to-Point OSPF Networks 83
OSPF Network Types 84
Modify Single-Area OSPFv2 85
Default Route Propagation 86
Verify Single-Area OSPFv2 86
Practice 87
Check Your Understanding 88
Chapter 3 Network Security Concepts 93
Objectives 93
Key Terms 93
Introduction 95
Ethical Hacking Statement (3.0.3) 95
Current State of Cybersecurity (3.1) 95
Current State of Affairs (3.1.1) 95
Vectors of Network Attacks (3.1.2) 96
Data Loss (3.1.3) 97
Threat Actors (3.2) 98
The Hacker (3.2.1) 98
Evolution of Hackers (3.2.2) 99
Cyber Criminals (3.2.3) 100
Hacktivists (3.2.4) 100
State-Sponsored Hackers (3.2.5) 100
Threat Actor Tools (3.3) 101
Introduction to Attack Tools (3.3.2) 101
Evolution of Security Tools (3.3.3) 102
Attack Types (3.3.4) 104
Malware (3.4) 106
Overview of Malware (3.4.1) 106
Viruses and Trojan Horses (3.4.2) 106
Other Types of Malware (3.4.3) 108
Common Network Attacks (3.5) 109
Overview of Network Attacks (3.5.1) 109
Reconnaissance Attacks (3.5.3) 109
Access Attacks (3.5.5) 110
Trust Exploitation Example 111
Port Redirection Example 112
Man-in-the-Middle Attack Example 112
Buffer Overflow Attack 112
Social Engineering Attacks (3.5.6) 114
DoS and DDoS Attacks (3.5.9) 115
DoS Attack 116
DDoS Attack 116
IP Vulnerabilities and Threats (3.6) 117
IPv4 and IPv6 (3.6.2) 118
ICMP Attacks (3.6.3) 118
Amplification and Reflection Attacks (3.6.5) 119
Address Spoofing Attacks (3.6.6) 120
TCP and UDP Vulnerabilities (3.7) 122
TCP Segment Header (3.7.1) 122
TCP Services (3.7.2) 123
TCP Attacks (3.7.3) 124
TCP SYN Flood Attack 124
TCP Reset Attack 125
TCP Session Hijacking 126
UDP Segment Header and Operation (3.7.4) 126
UDP Attacks (3.7.5) 127
UDP Flood Attacks 127
IP Services 127
ARP Vulnerabilities (3.8.1) 127
ARP Cache Poisoning (3.8.2) 128
ARP Request 128
ARP Reply 129
Spoofed Gratuitous ARP Replies 130
DNS Attacks (3.8.4) 131
DNS Open Resolver Attacks 131
DNS Stealth Attacks 132
DNS Domain Shadowing Attacks 132
DNS Tunneling (3.8.5) 132
DHCP (3.8.6) 133
DHCP Attacks (3.8.7) 134
1. Client Broadcasts DHCP Discovery Messages 134
2. DHCP Servers Respond with Offers 134
3. Client Accepts Rogue DHCP Request 136
4. Rogue DHCP Acknowledges the Request 136
Network Security Best Practices (3.9) 137
Confidentiality, Integrity, and Availability (3.9.1) 137
The Defense-in-Depth Approach (3.9.2) 138
Firewalls (3.9.3) 139
IPS (3.9.4) 140
Content Security Appliances (3.9.5) 141
Cisco Email Security Appliance (ESA) 142
Cisco Web Security Appliance (WSA) 142
Cryptography (3.10) 143
Securing Communications (3.10.2) 143
Data Integrity (3.10.3) 144
Hash Functions (3.10.4) 145
MD5 with 128-Bit Digest 145
SHA Hashing Algorithm 146
SHA-2 146
SHA-3 146
Origin Authentication (3.10.5) 147
HMAC Hashing Algorithm 147
Creating the HMAC Value 148
Verifying the HMAC Value 149
Cisco Router HMAC Example 149
Data Confidentiality (3.10.6) 150
Symmetric Encryption (3.10.7) 151
Asymmetric Encryption (3.10.8) 152
Diffie-Hellman (3.10.9) 155
Summary (3.11) 157
Current State of Cybersecurity 157
Threat Actors 157
Threat Actor Tools 157
Malware 157
Common Network Attacks 158
IP Vulnerabilities and Threats 158
TCP and UDP Vulnerabilities 158
IP Services 158
Network Security Best Practices 159
Cryptography 159
Practice 159
Check Your Understanding 160
Chapter 4 ACL Concepts 163
Objectives 163
Key Terms 163
Introduction (4.0) 164
Purpose of ACLs (4.1) 164
What Is an ACL? (4.1.1) 164
Packet Filtering (4.1.2) 165
ACL Operation (4.1.3) 166
Wildcard Masks in ACLs (4.2) 168
Wildcard Mask Overview (4.2.1) 168
Wildcard Mask Types (4.2.2) 169
Wildcard to Match a Host 169
Wildcard Mask to Match an IPv4 Subnet 169
Wildcard Mask to Match an IPv4 Address Range 170
Wildcard Mask Calculation (4.2.3) 170
Example 1 171
Example 2 171
Example 3 171
Example 4 172
Wildcard Mask Keywords (4.2.4) 172
Guidelines for ACL Creation (4.3) 173
Limited Number of ACLs per Interface (4.3.1) 173
ACL Best Practices (4.3.2) 174
Types of IPv4 ACLs (4.4) 175
Standard and Extended ACLs (4.4.1) 175
Numbered and Named ACLs (4.4.2) 176
Numbered ACLs 176
Named ACLs 177
Where to Place ACLs (4.4.3) 177
Standard ACL Placement Example (4.4.4) 179
Extended ACL Placement Example (4.4.5) 180
Summary (4.5) 182
Purpose of ACLs 182
Wildcard Masks 182
Guidelines for ACL Creation 183
Types of IPv4 ACLs 183
Practice 184
Check Your Understanding Questions 184
Chapter 5 ACLs for IPv4 Configuration 187
Objectives 187
Key Term 187
Introduction (5.0) 188
Configure Standard IPv4 ACLs (5.1) 188
Create an ACL (5.1.1) 188
Numbered Standard IPv4 ACL Syntax (5.1.2) 188
Named Standard IPv4 ACL Syntax (5.1.3) 189
Apply a Standard IPv4 ACL (5.1.4) 190
Numbered Standard IPv4 ACL Example (5.1.5) 191
Named Standard IPv4 ACL Example (5.1.6) 193
Modify IPv4 ACLs (5.2) 195
Two Methods to Modify an ACL (5.2.1) 196
Text Editor Method (5.2.2) 196
Sequence Numbers Method (5.2.3) 197
Modify a Named ACL Example (5.2.4) 198
ACL Statistics (5.2.5) 199
Secure VTY Ports with a Standard IPv4 ACL (5.3) 200
The access-class Command (5.3.1) 200
Secure VTY Access Example (5.3.2) 200
Verify the VTY Port Is Secured (5.3.3) 202
Configure Extended IPv4 ACLs (5.4) 203
Extended ACLs (5.4.1) 203
Numbered Extended IPv4 ACL Syntax (5.4.2) 204
Protocols and Ports (5.4.3) 206
Protocol Options 206
Port Keyword Options 207
Protocols and Port Numbers Configuration Examples (5.4.4) 208
Apply a Numbered Extended IPv4 ACL (5.4.5) 209
TCP Established Extended ACL (5.4.6) 210
Named Extended IPv4 ACL Syntax (5.4.7) 212
Named Extended IPv4 ACL Example (5.4.8) 212
Edit Extended ACLs (5.4.9) 213
Another Named Extended IPv4 ACL Example (5.4.10) 214
Verify Extended ACLs (5.4.11) 216
show ip interface 216
show access-lists 217
show running-config 218
Summary (5.5) 219
Configure Standard IPv4 ACLs 219
Modify IPv4 ACLs 219
Secure VTY Ports with a Standard IPv4 ACL 220
Configure Extended IPv4 ACLs 220
Practice 221
Check Your Understanding Questions 222
Chapter 6 NAT for IPv4 225
Objectives 225
Key Terms 225
Introduction (6.0) 226
NAT Characteristics (6.1) 226
IPv4 Private Address Space (6.1.1) 226
What Is NAT? (6.1.2) 227
How NAT Works (6.1.3) 228
NAT Terminology (6.1.4) 229
Inside Local 230
Inside Global 230
Outside Global 231
Outside Local 231
Types of NAT (6.2) 231
Static NAT (6.2.1) 231
Dynamic NAT (6.2.2) 232
Port Address Translation (6.2.3) 233
Next Available Port (6.2.4) 235
NAT and PAT Comparison (6.2.5) 236
NAT 236
PAT 237
Packets Without a Layer 4 Segment (6.2.6) 237
NAT Advantages and Disadvantages (6.3) 238
Advantages of NAT (6.3.1) 238
Disadvantages of NAT (6.3.2) 238
Static NAT (6.4) 239
Static NAT Scenario (6.4.1) 240
Configure Static NAT (6.4.2) 240
Analyze Static NAT (6.4.3) 241
Verify Static NAT (6.4.4) 242
Dynamic NAT (6.5) 244
Dynamic NAT Scenario (6.5.1) 244
Configure Dynamic NAT (6.5.2) 245
Analyze Dynamic NATInside to Outside (6.5.3) 247
Analyze Dynamic NATOutside to Inside (6.5.4) 248
Verify Dynamic NAT (6.5.5) 249
PAT (6.6) 251
PAT Scenario (6.6.1) 251
Configure PAT to Use a Single IPv4 Address (6.6.2) 252
Configure PAT to Use an Address Pool (6.6.3) 253
Analyze PATPC to Server (6.6.4) 254
Analyze PATServer to PC (6.6.5) 255
Verify PAT (6.6.6) 256
NAT64 (6.7) 258
NAT for IPv6? (6.7.1) 258
NAT64 (6.7.2) 258
Summary (6.8) 260
NAT Characteristics 260
Types of NAT 260
NAT Advantages and Disadvantages 261
Static NAT 261
Dynamic NAT 262
PAT 262
NAT64 263
Practice 264
Check Your Understanding Questions 264
Chapter 7 WAN Concepts 269
Objectives 269
Key Terms 269
Introduction (7.0) 272
Purpose of WANs (7.1) 272
LANs and WANs (7.1.1) 272
Private and Public WANs (7.1.2) 273
WAN Topologies (7.1.3) 274
Point-to-Point Topology 274
Hub-and-Spoke Topology 275
Dual-homed Topology 276
Fully Meshed Topology 276
Partially Meshed Topology 277
Carrier Connections (7.1.4) 278
Single-Carrier WAN Connection 278
Dual-Carrier WAN Connection 278
Evolving Networks (7.1.5) 279
Small Network 279
Campus Network 280
Branch Network 281
Distributed Network 282
WAN Operations (7.2) 283
WAN Standards (7.2.1) 283
WANs in the OSI Model (7.2.2) 284
Layer 1 Protocols 284
Layer 2 Protocols 284
Common WAN Terminology (7.2.3) 285
WAN Devices (7.2.4) 287
Serial Communication (7.2.5) 289
Circuit-Switched Communication (7.2.6) 290
Packet-Switched Communications (7.2.7) 290
SDH, SONET, and DWDM (7.2.8) 291
Traditional WAN Connectivity (7.3) 292
Traditional WAN Connectivity Options (7.3.1) 293
Common WAN Terminology (7.3.2) 293
Circuit-Switched Options (7.3.3) 295
Public Service Telephone Network (PSTN) 295
Integrated Services Digital Network (ISDN) 295
Packet-Switched Options (7.3.4) 295
Frame Relay 295
Asynchronous Transfer Mode (ATM) 296
Modern WAN Connectivity (7.4) 296
Modern WANs (7.4.1) 296
Modern WAN Connectivity Options (7.4.2) 297
Dedicated Broadband 297
Packet-Switched 298
Internet-Based Broadband 298
Ethernet WAN (7.4.3) 298
MPLS (7.4.4) 300
Internet-Based Connectivity (7.5) 301
Internet-Based Connectivity Options (7.5.1) 301
Wired Options 302
Wireless Options 302
DSL Technology (7.5.2) 302
DSL Connections (7.5.3) 303
DSL and PPP (7.5.4) 303
Host with PPPoE Client 304
Router PPPoE Client 304
Cable Technology (7.5.5) 305
Optical Fiber (7.5.6) 305
Wireless Internet-Based Broadband (7.5.7) 306
Municipal Wi-Fi 306
Cellular 306
Satellite Internet 307
WiMAX 307
VPN Technology (7.5.8) 308
ISP Connectivity Options (7.5.9) 309
Single-Homed 309
Dual-Homed 309
Multihomed 309
Dual-Multihomed 310
Broadband Solution Comparison (7.5.10) 311
Summary (7.6) 312
Purpose of WANs 312
WAN Operations 312
Traditional WAN Connectivity 313
Modern WAN Connectivity 314
Internet-Based Connectivity 314
Practice 315
Check Your Understanding Questions 316
Chapter 8 VPN and IPsec Concepts 319
Objectives 319
Key Terms 319
Introduction (8.0) 321
VPN Technology (8.1) 321
Virtual Private Networks (8.1.1) 321
VPN Benefits (8.1.2) 322
Site-to-Site and Remote-Access VPNs (8.1.3) 323
Site-to-Site VPN 323
Remote-Access VPN 324
Enterprise and Service Provider VPNs (8.1.4) 324
Types of VPNs (8.2) 325
Remote-Access VPNs (8.2.1) 325
SSL VPNs (8.2.2) 326
Site-to-Site IPsec VPNs (8.2.3) 327
GRE over IPsec (8.2.4) 328
Dynamic Multipoint VPNs (8.2.5) 330
IPsec Virtual Tunnel Interface (8.2.6) 331
Service Provider MPLS VPNs (8.2.7) 332
IPsec (8.3) 333
IPsec Technologies (8.3.2) 333
IPsec Protocol Encapsulation (8.3.3) 336
Confidentiality (8.3.4) 336
Integrity (8.3.5) 338
Authentication (8.3.6) 339
Secure Key Exchange with Diffie-Hellman (8.3.7) 342
Summary (8.4) 344
VPN Technology 344
Types of VPNs 344
IPsec 344
Practice 345
Check Your Understanding Questions 345
Chapter 9 QoS Concepts 351
Objectives 351
Key Terms 351
Introduction (9.0) 353
Network Transmission Quality (9.1) 353
Prioritizing Traffic (9.1.2) 353
Bandwidth, Congestion, Delay, and Jitter (9.1.3) 354
Packet Loss (9.1.4) 355
Traffic Characteristics (9.2) 357
Network Traffic Trends (9.2.2) 357
Voice (9.2.3) 358
Video (9.2.4) 358
Data (9.2.5) 360
Queuing Algorithms (9.3) 361
Queuing Overview (9.3.2) 361
First-In, First Out (9.3.3) 362
Weighted Fair Queuing (WFQ) (9.3.4) 362
Limitations of WFQ 363
Class-Based Weighted Fair Queuing (CBWFQ) (9.3.5) 364
Low Latency Queuing (LLQ) (9.3.6) 365
QoS Models (9.4) 366
Selecting an Appropriate QoS Policy Model (9.4.2) 366
Best Effort (9.4.3) 366
Integrated Services (9.4.4) 367
Differentiated Services (9.4.5) 369
QoS Implementation Techniques (9.5) 370
Avoiding Packet Loss (9.5.2) 371
QoS Tools (9.5.3) 371
Classification and Marking (9.5.4) 372
Marking at Layer 2 (9.5.5) 373
Marking at Layer 3 (9.5.6) 374
Type of Service and Traffic Class Field (9.5.7) 375
DSCP Values (9.5.8) 376
Class Selector Bits (9.5.9) 377
Trust Boundaries (9.5.10) 378
Congestion Avoidance (9.5.11) 379
Shaping and Policing (9.5.12) 380
QoS Policy Guidelines (9.5.13) 381
Summary (9.6) 382
Network Transmission Quality 382
Traffic Characteristics 382
Queuing Algorithms 383
QoS Models 383
QoS Implementation Techniques 384
Practice 385
Check Your Understanding Questions 385
Chapter 10 Network Management 389
Objectives 389
Key Terms 389
Introduction (10.0) 390
Device Discovery with CDP (10.1) 390
CDP Overview (10.1.1) 390
Configure and Verify CDP (10.1.2) 391
Discover Devices by Using CDP (10.1.3) 393
Device Discovery with LLDP (10.2) 396
LLDP Overview (10.2.1) 396
Configure and Verify LLDP (10.2.2) 397
Discover Devices by Using LLDP (10.2.3) 397
NTP (10.3) 400
Time and Calendar Services (10.3.1) 400
NTP Operation (10.3.2) 401
Stratum 0 402
Stratum 1 402
Stratum 2 and Lower 402
Configure and Verify NTP (10.3.3) 402
SNMP 405
Introduction to SNMP (10.4.1) 405
SNMP Operation (10.4.2) 406
SNMP Agent Traps (10.4.3) 408
SNMP Versions (10.4.4) 409
Community Strings (10.4.6) 412
MIB Object ID (10.4.7) 415
SNMP Polling Scenario (10.4.8) 415
SNMP Object Navigator (10.4.9) 417
Syslog (10.5) 418
Introduction to Syslog (10.5.1) 418
Syslog Operation (10.5.2) 420
Syslog Message Format (10.5.3) 421
Syslog Facilities (10.5.4) 422
Configure Syslog Timestamp (10.5.5) 422
Router and Switch File Maintenance (10.6) 423
Router File Systems (10.6.1) 424
The Flash File System 425
The NVRAM File System 425
Switch File Systems (10.6.2) 426
Use a Text File to Back Up a Configuration (10.6.3) 427
Use a Text File to Restore a Configuration (10.6.4) 428
Use TFTP to Back Up and Restore a Configuration (10.6.5) 428
USB Ports on a Cisco Router (10.6.6) 430
Use USB to Back Up and Restore a Configuration (10.6.7) 430
Restore Configurations with a USB Flash Drive 432
Password Recovery Procedures (10.6.8) 433
Password Recovery Example (10.6.9) 433
Step 1. Enter the ROMMON mode 433
Step 2. Change the configuration register 434
Step 3. Copy the startup-config to the running-config 434
Step 4. Change the password 435
Step 5. Save the running-config as the new startup-config 435
Step 6. Reload the device 435
IOS Image Management 437
TFTP Servers as a Backup Location (10.7.2) 437
Backup IOS Image to TFTP Server Example (10.7.3) 438
Step 1. Ping the TFTP server 438
Step 2. Verify image size in flash 439
Step 3. Copy the image to the TFTP server 439
Copy an IOS Image to a Device Example (10.7.4) 439
Step 1. Ping the TFTP server 440
Step 2. Verify the amount of free flash 440
Step 3. Copy the new IOS image to flash 441
The boot system Command (10.7.5) 441
Summary (10.8) 443
Device Discovery with CDP 443
Device Discovery with LLDP 443
NTP 443
SNMP 444
Syslog 444
Router and Switch File Maintenance 445
IOS Image Management 446
Practice 446
Check Your Understanding Questions 447
Chapter 11 Network Design 453
Objectives 453
Key Terms 453
Introduction (11.0) 455
Hierarchical Networks (11.1) 455
The Need to Scale the Network (11.1.2) 455
Borderless Switched Networks (11.1.3) 458
Hierarchy in the Borderless Switched Network (11.1.4) 459
Three-Tier Model 460
Two-Tier Model 461
Access, Distribution, and Core Layer Functions (11.1.5) 462
Access Layer 462
Distribution Layer 462
Core Layer 462
Three-Tier and Two-Tier Examples (11.1.6) 462
Three-Tier Example 463
Two-Tier Example 464
Role of Switched Networks (11.1.7) 464
Scalable Networks (11.2) 465
Design for Scalability (11.2.1) 465
Redundant Links 466
Multiple Links 466
Scalable Routing Protocol 467
Wireless Connectivity 468
Plan for Re
Introduction xxxi
Chapter 1 Single-Area OSPFv2 Concepts 1
Objectives 1
Key Terms 1
Introduction (1.0) 3
OSPF Features and Characteristics (1.1) 3
Introduction to OSPF (1.1.1) 3
Components of OSPF (1.1.2) 4
Routing Protocol Messages 4
Data Structures 4
Algorithm 5
Link-State Operation (1.1.3) 6
1. Establish Neighbor Adjacencies 6
2. Exchange Link-State Advertisements 6
3. Build the Link-State Database 7
4. Execute the SPF Algorithm 8
5. Choose the Best Route 8
Single-Area and Multiarea OSPF (1.1.4) 9
Multiarea OSPF (1.1.5) 10
OSPFv3 (1.1.6) 12
OSPF Packets (1.2) 13
Types of OSPF Packets (1.2.2) 13
Link-State Updates (1.2.3) 14
Hello Packet (1.2.4) 15
OSPF Operation (1.3) 17
OSPF Operational States (1.3.2) 17
Establish Neighbor Adjacencies (1.3.3) 18
1. Down State to Init State 18
2. The Init State 19
3. Two-Way State 19
4. Elect the DR and BDR 20
Synchronizing OSPF Databases (1.3.4) 20
1. Decide First Router 21
2. Exchange DBDs 21
3. Send an LSR 22
The Need for a DR (1.3.5) 23
LSA Flooding with a DR (1.3.6) 24
Flooding LSAs 24
LSAs and DR 25
Summary (1.4) 27
OSPF Features and Characteristics 27
OSPF Packets 28
OSPF Operation 28
Practice 29
Check Your Understanding 29
Chapter 2 Single-Area OSPFv2 Configuration 33
Objectives 33
Key Terms 33
Introduction (2.0) 34
OSPF Router ID (2.1) 34
OSPF Reference Topology (2.1.1) 34
Router Configuration Mode for OSPF (2.1.2) 35
Router IDs (2.1.3) 36
Router ID Order of Precedence (2.1.4) 36
Configure a Loopback Interface as the Router ID (2.1.5) 37
Explicitly Configure a Router ID (2.1.6) 38
Modify a Router ID (2.1.7) 39
Point-to-Point OSPF Networks (2.2) 40
The network Command Syntax (2.2.1) 40
The Wildcard Mask (2.2.2) 41
Configure OSPF Using the network Command (2.2.4) 41
Configure OSPF Using the ip ospf Command (2.2.6) 43
Passive Interface (2.2.8) 44
Configure Passive Interfaces (2.2.9) 45
OSPF Point-to-Point Networks (2.2.11) 46
Loopbacks and Point-to-Point Networks (2.2.12) 48
Multiaccess OSPF Networks (2.3) 49
OSPF Network Types (2.3.1) 49
OSPF Designated Router (2.3.2) 49
OSPF Multiaccess Reference Topology (2.3.3) 51
Verify OSPF Router Roles (2.3.4) 52
R1 DROTHER 52
R2 BDR 53
R3 DR 53
Verify DR/BDR Adjacencies (2.3.5) 54
R1 Adjacencies 55
R2 Adjacencies 55
R3 Adjacencies 56
Default DR/BDR Election Process (2.3.6) 56
DR Failure and Recovery (2.3.7) 58
R3 Fails 58
R3 Rejoins Network 59
R4 Joins Network 59
R2 Fails 59
The ip ospf priority Command (2.3.8) 61
Configure OSPF Priority (2.3.9) 61
Modify Single-Area OSPFv2 (2.4) 63
Cisco OSPF Cost Metric (2.4.1) 63
Adjust the Reference Bandwidth (2.4.2) 64
OSPF Accumulates Costs (2.4.3) 66
Manually Set OSPF Cost Value (2.4.4) 67
Test Failover to Backup Route (2.4.5) 69
Hello Packet Intervals (2.4.7) 69
Verify Hello and Dead Intervals (2.4.8) 70
Modify OSPFv2 Intervals (2.4.9) 71
Default Route Propagation (2.5) 73
Propagate a Default Static Route in OSPFv2 (2.5.1) 74
Verify the Propagated Default Route (2.5.2) 75
Verify Single-Area OSPFv2 (2.6) 77
Verify OSPF Neighbors (2.6.1) 77
Verify OSPF Protocol Settings (2.6.2) 79
Verify OSPF Process Information (2.6.3) 80
Verify OSPF Interface Settings (2.6.4) 81
Summary (2.7) 83
OSPF Router ID 83
Point-to-Point OSPF Networks 83
OSPF Network Types 84
Modify Single-Area OSPFv2 85
Default Route Propagation 86
Verify Single-Area OSPFv2 86
Practice 87
Check Your Understanding 88
Chapter 3 Network Security Concepts 93
Objectives 93
Key Terms 93
Introduction 95
Ethical Hacking Statement (3.0.3) 95
Current State of Cybersecurity (3.1) 95
Current State of Affairs (3.1.1) 95
Vectors of Network Attacks (3.1.2) 96
Data Loss (3.1.3) 97
Threat Actors (3.2) 98
The Hacker (3.2.1) 98
Evolution of Hackers (3.2.2) 99
Cyber Criminals (3.2.3) 100
Hacktivists (3.2.4) 100
State-Sponsored Hackers (3.2.5) 100
Threat Actor Tools (3.3) 101
Introduction to Attack Tools (3.3.2) 101
Evolution of Security Tools (3.3.3) 102
Attack Types (3.3.4) 104
Malware (3.4) 106
Overview of Malware (3.4.1) 106
Viruses and Trojan Horses (3.4.2) 106
Other Types of Malware (3.4.3) 108
Common Network Attacks (3.5) 109
Overview of Network Attacks (3.5.1) 109
Reconnaissance Attacks (3.5.3) 109
Access Attacks (3.5.5) 110
Trust Exploitation Example 111
Port Redirection Example 112
Man-in-the-Middle Attack Example 112
Buffer Overflow Attack 112
Social Engineering Attacks (3.5.6) 114
DoS and DDoS Attacks (3.5.9) 115
DoS Attack 116
DDoS Attack 116
IP Vulnerabilities and Threats (3.6) 117
IPv4 and IPv6 (3.6.2) 118
ICMP Attacks (3.6.3) 118
Amplification and Reflection Attacks (3.6.5) 119
Address Spoofing Attacks (3.6.6) 120
TCP and UDP Vulnerabilities (3.7) 122
TCP Segment Header (3.7.1) 122
TCP Services (3.7.2) 123
TCP Attacks (3.7.3) 124
TCP SYN Flood Attack 124
TCP Reset Attack 125
TCP Session Hijacking 126
UDP Segment Header and Operation (3.7.4) 126
UDP Attacks (3.7.5) 127
UDP Flood Attacks 127
IP Services 127
ARP Vulnerabilities (3.8.1) 127
ARP Cache Poisoning (3.8.2) 128
ARP Request 128
ARP Reply 129
Spoofed Gratuitous ARP Replies 130
DNS Attacks (3.8.4) 131
DNS Open Resolver Attacks 131
DNS Stealth Attacks 132
DNS Domain Shadowing Attacks 132
DNS Tunneling (3.8.5) 132
DHCP (3.8.6) 133
DHCP Attacks (3.8.7) 134
1. Client Broadcasts DHCP Discovery Messages 134
2. DHCP Servers Respond with Offers 134
3. Client Accepts Rogue DHCP Request 136
4. Rogue DHCP Acknowledges the Request 136
Network Security Best Practices (3.9) 137
Confidentiality, Integrity, and Availability (3.9.1) 137
The Defense-in-Depth Approach (3.9.2) 138
Firewalls (3.9.3) 139
IPS (3.9.4) 140
Content Security Appliances (3.9.5) 141
Cisco Email Security Appliance (ESA) 142
Cisco Web Security Appliance (WSA) 142
Cryptography (3.10) 143
Securing Communications (3.10.2) 143
Data Integrity (3.10.3) 144
Hash Functions (3.10.4) 145
MD5 with 128-Bit Digest 145
SHA Hashing Algorithm 146
SHA-2 146
SHA-3 146
Origin Authentication (3.10.5) 147
HMAC Hashing Algorithm 147
Creating the HMAC Value 148
Verifying the HMAC Value 149
Cisco Router HMAC Example 149
Data Confidentiality (3.10.6) 150
Symmetric Encryption (3.10.7) 151
Asymmetric Encryption (3.10.8) 152
Diffie-Hellman (3.10.9) 155
Summary (3.11) 157
Current State of Cybersecurity 157
Threat Actors 157
Threat Actor Tools 157
Malware 157
Common Network Attacks 158
IP Vulnerabilities and Threats 158
TCP and UDP Vulnerabilities 158
IP Services 158
Network Security Best Practices 159
Cryptography 159
Practice 159
Check Your Understanding 160
Chapter 4 ACL Concepts 163
Objectives 163
Key Terms 163
Introduction (4.0) 164
Purpose of ACLs (4.1) 164
What Is an ACL? (4.1.1) 164
Packet Filtering (4.1.2) 165
ACL Operation (4.1.3) 166
Wildcard Masks in ACLs (4.2) 168
Wildcard Mask Overview (4.2.1) 168
Wildcard Mask Types (4.2.2) 169
Wildcard to Match a Host 169
Wildcard Mask to Match an IPv4 Subnet 169
Wildcard Mask to Match an IPv4 Address Range 170
Wildcard Mask Calculation (4.2.3) 170
Example 1 171
Example 2 171
Example 3 171
Example 4 172
Wildcard Mask Keywords (4.2.4) 172
Guidelines for ACL Creation (4.3) 173
Limited Number of ACLs per Interface (4.3.1) 173
ACL Best Practices (4.3.2) 174
Types of IPv4 ACLs (4.4) 175
Standard and Extended ACLs (4.4.1) 175
Numbered and Named ACLs (4.4.2) 176
Numbered ACLs 176
Named ACLs 177
Where to Place ACLs (4.4.3) 177
Standard ACL Placement Example (4.4.4) 179
Extended ACL Placement Example (4.4.5) 180
Summary (4.5) 182
Purpose of ACLs 182
Wildcard Masks 182
Guidelines for ACL Creation 183
Types of IPv4 ACLs 183
Practice 184
Check Your Understanding Questions 184
Chapter 5 ACLs for IPv4 Configuration 187
Objectives 187
Key Term 187
Introduction (5.0) 188
Configure Standard IPv4 ACLs (5.1) 188
Create an ACL (5.1.1) 188
Numbered Standard IPv4 ACL Syntax (5.1.2) 188
Named Standard IPv4 ACL Syntax (5.1.3) 189
Apply a Standard IPv4 ACL (5.1.4) 190
Numbered Standard IPv4 ACL Example (5.1.5) 191
Named Standard IPv4 ACL Example (5.1.6) 193
Modify IPv4 ACLs (5.2) 195
Two Methods to Modify an ACL (5.2.1) 196
Text Editor Method (5.2.2) 196
Sequence Numbers Method (5.2.3) 197
Modify a Named ACL Example (5.2.4) 198
ACL Statistics (5.2.5) 199
Secure VTY Ports with a Standard IPv4 ACL (5.3) 200
The access-class Command (5.3.1) 200
Secure VTY Access Example (5.3.2) 200
Verify the VTY Port Is Secured (5.3.3) 202
Configure Extended IPv4 ACLs (5.4) 203
Extended ACLs (5.4.1) 203
Numbered Extended IPv4 ACL Syntax (5.4.2) 204
Protocols and Ports (5.4.3) 206
Protocol Options 206
Port Keyword Options 207
Protocols and Port Numbers Configuration Examples (5.4.4) 208
Apply a Numbered Extended IPv4 ACL (5.4.5) 209
TCP Established Extended ACL (5.4.6) 210
Named Extended IPv4 ACL Syntax (5.4.7) 212
Named Extended IPv4 ACL Example (5.4.8) 212
Edit Extended ACLs (5.4.9) 213
Another Named Extended IPv4 ACL Example (5.4.10) 214
Verify Extended ACLs (5.4.11) 216
show ip interface 216
show access-lists 217
show running-config 218
Summary (5.5) 219
Configure Standard IPv4 ACLs 219
Modify IPv4 ACLs 219
Secure VTY Ports with a Standard IPv4 ACL 220
Configure Extended IPv4 ACLs 220
Practice 221
Check Your Understanding Questions 222
Chapter 6 NAT for IPv4 225
Objectives 225
Key Terms 225
Introduction (6.0) 226
NAT Characteristics (6.1) 226
IPv4 Private Address Space (6.1.1) 226
What Is NAT? (6.1.2) 227
How NAT Works (6.1.3) 228
NAT Terminology (6.1.4) 229
Inside Local 230
Inside Global 230
Outside Global 231
Outside Local 231
Types of NAT (6.2) 231
Static NAT (6.2.1) 231
Dynamic NAT (6.2.2) 232
Port Address Translation (6.2.3) 233
Next Available Port (6.2.4) 235
NAT and PAT Comparison (6.2.5) 236
NAT 236
PAT 237
Packets Without a Layer 4 Segment (6.2.6) 237
NAT Advantages and Disadvantages (6.3) 238
Advantages of NAT (6.3.1) 238
Disadvantages of NAT (6.3.2) 238
Static NAT (6.4) 239
Static NAT Scenario (6.4.1) 240
Configure Static NAT (6.4.2) 240
Analyze Static NAT (6.4.3) 241
Verify Static NAT (6.4.4) 242
Dynamic NAT (6.5) 244
Dynamic NAT Scenario (6.5.1) 244
Configure Dynamic NAT (6.5.2) 245
Analyze Dynamic NATInside to Outside (6.5.3) 247
Analyze Dynamic NATOutside to Inside (6.5.4) 248
Verify Dynamic NAT (6.5.5) 249
PAT (6.6) 251
PAT Scenario (6.6.1) 251
Configure PAT to Use a Single IPv4 Address (6.6.2) 252
Configure PAT to Use an Address Pool (6.6.3) 253
Analyze PATPC to Server (6.6.4) 254
Analyze PATServer to PC (6.6.5) 255
Verify PAT (6.6.6) 256
NAT64 (6.7) 258
NAT for IPv6? (6.7.1) 258
NAT64 (6.7.2) 258
Summary (6.8) 260
NAT Characteristics 260
Types of NAT 260
NAT Advantages and Disadvantages 261
Static NAT 261
Dynamic NAT 262
PAT 262
NAT64 263
Practice 264
Check Your Understanding Questions 264
Chapter 7 WAN Concepts 269
Objectives 269
Key Terms 269
Introduction (7.0) 272
Purpose of WANs (7.1) 272
LANs and WANs (7.1.1) 272
Private and Public WANs (7.1.2) 273
WAN Topologies (7.1.3) 274
Point-to-Point Topology 274
Hub-and-Spoke Topology 275
Dual-homed Topology 276
Fully Meshed Topology 276
Partially Meshed Topology 277
Carrier Connections (7.1.4) 278
Single-Carrier WAN Connection 278
Dual-Carrier WAN Connection 278
Evolving Networks (7.1.5) 279
Small Network 279
Campus Network 280
Branch Network 281
Distributed Network 282
WAN Operations (7.2) 283
WAN Standards (7.2.1) 283
WANs in the OSI Model (7.2.2) 284
Layer 1 Protocols 284
Layer 2 Protocols 284
Common WAN Terminology (7.2.3) 285
WAN Devices (7.2.4) 287
Serial Communication (7.2.5) 289
Circuit-Switched Communication (7.2.6) 290
Packet-Switched Communications (7.2.7) 290
SDH, SONET, and DWDM (7.2.8) 291
Traditional WAN Connectivity (7.3) 292
Traditional WAN Connectivity Options (7.3.1) 293
Common WAN Terminology (7.3.2) 293
Circuit-Switched Options (7.3.3) 295
Public Service Telephone Network (PSTN) 295
Integrated Services Digital Network (ISDN) 295
Packet-Switched Options (7.3.4) 295
Frame Relay 295
Asynchronous Transfer Mode (ATM) 296
Modern WAN Connectivity (7.4) 296
Modern WANs (7.4.1) 296
Modern WAN Connectivity Options (7.4.2) 297
Dedicated Broadband 297
Packet-Switched 298
Internet-Based Broadband 298
Ethernet WAN (7.4.3) 298
MPLS (7.4.4) 300
Internet-Based Connectivity (7.5) 301
Internet-Based Connectivity Options (7.5.1) 301
Wired Options 302
Wireless Options 302
DSL Technology (7.5.2) 302
DSL Connections (7.5.3) 303
DSL and PPP (7.5.4) 303
Host with PPPoE Client 304
Router PPPoE Client 304
Cable Technology (7.5.5) 305
Optical Fiber (7.5.6) 305
Wireless Internet-Based Broadband (7.5.7) 306
Municipal Wi-Fi 306
Cellular 306
Satellite Internet 307
WiMAX 307
VPN Technology (7.5.8) 308
ISP Connectivity Options (7.5.9) 309
Single-Homed 309
Dual-Homed 309
Multihomed 309
Dual-Multihomed 310
Broadband Solution Comparison (7.5.10) 311
Summary (7.6) 312
Purpose of WANs 312
WAN Operations 312
Traditional WAN Connectivity 313
Modern WAN Connectivity 314
Internet-Based Connectivity 314
Practice 315
Check Your Understanding Questions 316
Chapter 8 VPN and IPsec Concepts 319
Objectives 319
Key Terms 319
Introduction (8.0) 321
VPN Technology (8.1) 321
Virtual Private Networks (8.1.1) 321
VPN Benefits (8.1.2) 322
Site-to-Site and Remote-Access VPNs (8.1.3) 323
Site-to-Site VPN 323
Remote-Access VPN 324
Enterprise and Service Provider VPNs (8.1.4) 324
Types of VPNs (8.2) 325
Remote-Access VPNs (8.2.1) 325
SSL VPNs (8.2.2) 326
Site-to-Site IPsec VPNs (8.2.3) 327
GRE over IPsec (8.2.4) 328
Dynamic Multipoint VPNs (8.2.5) 330
IPsec Virtual Tunnel Interface (8.2.6) 331
Service Provider MPLS VPNs (8.2.7) 332
IPsec (8.3) 333
IPsec Technologies (8.3.2) 333
IPsec Protocol Encapsulation (8.3.3) 336
Confidentiality (8.3.4) 336
Integrity (8.3.5) 338
Authentication (8.3.6) 339
Secure Key Exchange with Diffie-Hellman (8.3.7) 342
Summary (8.4) 344
VPN Technology 344
Types of VPNs 344
IPsec 344
Practice 345
Check Your Understanding Questions 345
Chapter 9 QoS Concepts 351
Objectives 351
Key Terms 351
Introduction (9.0) 353
Network Transmission Quality (9.1) 353
Prioritizing Traffic (9.1.2) 353
Bandwidth, Congestion, Delay, and Jitter (9.1.3) 354
Packet Loss (9.1.4) 355
Traffic Characteristics (9.2) 357
Network Traffic Trends (9.2.2) 357
Voice (9.2.3) 358
Video (9.2.4) 358
Data (9.2.5) 360
Queuing Algorithms (9.3) 361
Queuing Overview (9.3.2) 361
First-In, First Out (9.3.3) 362
Weighted Fair Queuing (WFQ) (9.3.4) 362
Limitations of WFQ 363
Class-Based Weighted Fair Queuing (CBWFQ) (9.3.5) 364
Low Latency Queuing (LLQ) (9.3.6) 365
QoS Models (9.4) 366
Selecting an Appropriate QoS Policy Model (9.4.2) 366
Best Effort (9.4.3) 366
Integrated Services (9.4.4) 367
Differentiated Services (9.4.5) 369
QoS Implementation Techniques (9.5) 370
Avoiding Packet Loss (9.5.2) 371
QoS Tools (9.5.3) 371
Classification and Marking (9.5.4) 372
Marking at Layer 2 (9.5.5) 373
Marking at Layer 3 (9.5.6) 374
Type of Service and Traffic Class Field (9.5.7) 375
DSCP Values (9.5.8) 376
Class Selector Bits (9.5.9) 377
Trust Boundaries (9.5.10) 378
Congestion Avoidance (9.5.11) 379
Shaping and Policing (9.5.12) 380
QoS Policy Guidelines (9.5.13) 381
Summary (9.6) 382
Network Transmission Quality 382
Traffic Characteristics 382
Queuing Algorithms 383
QoS Models 383
QoS Implementation Techniques 384
Practice 385
Check Your Understanding Questions 385
Chapter 10 Network Management 389
Objectives 389
Key Terms 389
Introduction (10.0) 390
Device Discovery with CDP (10.1) 390
CDP Overview (10.1.1) 390
Configure and Verify CDP (10.1.2) 391
Discover Devices by Using CDP (10.1.3) 393
Device Discovery with LLDP (10.2) 396
LLDP Overview (10.2.1) 396
Configure and Verify LLDP (10.2.2) 397
Discover Devices by Using LLDP (10.2.3) 397
NTP (10.3) 400
Time and Calendar Services (10.3.1) 400
NTP Operation (10.3.2) 401
Stratum 0 402
Stratum 1 402
Stratum 2 and Lower 402
Configure and Verify NTP (10.3.3) 402
SNMP 405
Introduction to SNMP (10.4.1) 405
SNMP Operation (10.4.2) 406
SNMP Agent Traps (10.4.3) 408
SNMP Versions (10.4.4) 409
Community Strings (10.4.6) 412
MIB Object ID (10.4.7) 415
SNMP Polling Scenario (10.4.8) 415
SNMP Object Navigator (10.4.9) 417
Syslog (10.5) 418
Introduction to Syslog (10.5.1) 418
Syslog Operation (10.5.2) 420
Syslog Message Format (10.5.3) 421
Syslog Facilities (10.5.4) 422
Configure Syslog Timestamp (10.5.5) 422
Router and Switch File Maintenance (10.6) 423
Router File Systems (10.6.1) 424
The Flash File System 425
The NVRAM File System 425
Switch File Systems (10.6.2) 426
Use a Text File to Back Up a Configuration (10.6.3) 427
Use a Text File to Restore a Configuration (10.6.4) 428
Use TFTP to Back Up and Restore a Configuration (10.6.5) 428
USB Ports on a Cisco Router (10.6.6) 430
Use USB to Back Up and Restore a Configuration (10.6.7) 430
Restore Configurations with a USB Flash Drive 432
Password Recovery Procedures (10.6.8) 433
Password Recovery Example (10.6.9) 433
Step 1. Enter the ROMMON mode 433
Step 2. Change the configuration register 434
Step 3. Copy the startup-config to the running-config 434
Step 4. Change the password 435
Step 5. Save the running-config as the new startup-config 435
Step 6. Reload the device 435
IOS Image Management 437
TFTP Servers as a Backup Location (10.7.2) 437
Backup IOS Image to TFTP Server Example (10.7.3) 438
Step 1. Ping the TFTP server 438
Step 2. Verify image size in flash 439
Step 3. Copy the image to the TFTP server 439
Copy an IOS Image to a Device Example (10.7.4) 439
Step 1. Ping the TFTP server 440
Step 2. Verify the amount of free flash 440
Step 3. Copy the new IOS image to flash 441
The boot system Command (10.7.5) 441
Summary (10.8) 443
Device Discovery with CDP 443
Device Discovery with LLDP 443
NTP 443
SNMP 444
Syslog 444
Router and Switch File Maintenance 445
IOS Image Management 446
Practice 446
Check Your Understanding Questions 447
Chapter 11 Network Design 453
Objectives 453
Key Terms 453
Introduction (11.0) 455
Hierarchical Networks (11.1) 455
The Need to Scale the Network (11.1.2) 455
Borderless Switched Networks (11.1.3) 458
Hierarchy in the Borderless Switched Network (11.1.4) 459
Three-Tier Model 460
Two-Tier Model 461
Access, Distribution, and Core Layer Functions (11.1.5) 462
Access Layer 462
Distribution Layer 462
Core Layer 462
Three-Tier and Two-Tier Examples (11.1.6) 462
Three-Tier Example 463
Two-Tier Example 464
Role of Switched Networks (11.1.7) 464
Scalable Networks (11.2) 465
Design for Scalability (11.2.1) 465
Redundant Links 466
Multiple Links 466
Scalable Routing Protocol 467
Wireless Connectivity 468
Plan for Re
Chapter 1 Single-Area OSPFv2 Concepts 1
Objectives 1
Key Terms 1
Introduction (1.0) 3
OSPF Features and Characteristics (1.1) 3
Introduction to OSPF (1.1.1) 3
Components of OSPF (1.1.2) 4
Routing Protocol Messages 4
Data Structures 4
Algorithm 5
Link-State Operation (1.1.3) 6
1. Establish Neighbor Adjacencies 6
2. Exchange Link-State Advertisements 6
3. Build the Link-State Database 7
4. Execute the SPF Algorithm 8
5. Choose the Best Route 8
Single-Area and Multiarea OSPF (1.1.4) 9
Multiarea OSPF (1.1.5) 10
OSPFv3 (1.1.6) 12
OSPF Packets (1.2) 13
Types of OSPF Packets (1.2.2) 13
Link-State Updates (1.2.3) 14
Hello Packet (1.2.4) 15
OSPF Operation (1.3) 17
OSPF Operational States (1.3.2) 17
Establish Neighbor Adjacencies (1.3.3) 18
1. Down State to Init State 18
2. The Init State 19
3. Two-Way State 19
4. Elect the DR and BDR 20
Synchronizing OSPF Databases (1.3.4) 20
1. Decide First Router 21
2. Exchange DBDs 21
3. Send an LSR 22
The Need for a DR (1.3.5) 23
LSA Flooding with a DR (1.3.6) 24
Flooding LSAs 24
LSAs and DR 25
Summary (1.4) 27
OSPF Features and Characteristics 27
OSPF Packets 28
OSPF Operation 28
Practice 29
Check Your Understanding 29
Chapter 2 Single-Area OSPFv2 Configuration 33
Objectives 33
Key Terms 33
Introduction (2.0) 34
OSPF Router ID (2.1) 34
OSPF Reference Topology (2.1.1) 34
Router Configuration Mode for OSPF (2.1.2) 35
Router IDs (2.1.3) 36
Router ID Order of Precedence (2.1.4) 36
Configure a Loopback Interface as the Router ID (2.1.5) 37
Explicitly Configure a Router ID (2.1.6) 38
Modify a Router ID (2.1.7) 39
Point-to-Point OSPF Networks (2.2) 40
The network Command Syntax (2.2.1) 40
The Wildcard Mask (2.2.2) 41
Configure OSPF Using the network Command (2.2.4) 41
Configure OSPF Using the ip ospf Command (2.2.6) 43
Passive Interface (2.2.8) 44
Configure Passive Interfaces (2.2.9) 45
OSPF Point-to-Point Networks (2.2.11) 46
Loopbacks and Point-to-Point Networks (2.2.12) 48
Multiaccess OSPF Networks (2.3) 49
OSPF Network Types (2.3.1) 49
OSPF Designated Router (2.3.2) 49
OSPF Multiaccess Reference Topology (2.3.3) 51
Verify OSPF Router Roles (2.3.4) 52
R1 DROTHER 52
R2 BDR 53
R3 DR 53
Verify DR/BDR Adjacencies (2.3.5) 54
R1 Adjacencies 55
R2 Adjacencies 55
R3 Adjacencies 56
Default DR/BDR Election Process (2.3.6) 56
DR Failure and Recovery (2.3.7) 58
R3 Fails 58
R3 Rejoins Network 59
R4 Joins Network 59
R2 Fails 59
The ip ospf priority Command (2.3.8) 61
Configure OSPF Priority (2.3.9) 61
Modify Single-Area OSPFv2 (2.4) 63
Cisco OSPF Cost Metric (2.4.1) 63
Adjust the Reference Bandwidth (2.4.2) 64
OSPF Accumulates Costs (2.4.3) 66
Manually Set OSPF Cost Value (2.4.4) 67
Test Failover to Backup Route (2.4.5) 69
Hello Packet Intervals (2.4.7) 69
Verify Hello and Dead Intervals (2.4.8) 70
Modify OSPFv2 Intervals (2.4.9) 71
Default Route Propagation (2.5) 73
Propagate a Default Static Route in OSPFv2 (2.5.1) 74
Verify the Propagated Default Route (2.5.2) 75
Verify Single-Area OSPFv2 (2.6) 77
Verify OSPF Neighbors (2.6.1) 77
Verify OSPF Protocol Settings (2.6.2) 79
Verify OSPF Process Information (2.6.3) 80
Verify OSPF Interface Settings (2.6.4) 81
Summary (2.7) 83
OSPF Router ID 83
Point-to-Point OSPF Networks 83
OSPF Network Types 84
Modify Single-Area OSPFv2 85
Default Route Propagation 86
Verify Single-Area OSPFv2 86
Practice 87
Check Your Understanding 88
Chapter 3 Network Security Concepts 93
Objectives 93
Key Terms 93
Introduction 95
Ethical Hacking Statement (3.0.3) 95
Current State of Cybersecurity (3.1) 95
Current State of Affairs (3.1.1) 95
Vectors of Network Attacks (3.1.2) 96
Data Loss (3.1.3) 97
Threat Actors (3.2) 98
The Hacker (3.2.1) 98
Evolution of Hackers (3.2.2) 99
Cyber Criminals (3.2.3) 100
Hacktivists (3.2.4) 100
State-Sponsored Hackers (3.2.5) 100
Threat Actor Tools (3.3) 101
Introduction to Attack Tools (3.3.2) 101
Evolution of Security Tools (3.3.3) 102
Attack Types (3.3.4) 104
Malware (3.4) 106
Overview of Malware (3.4.1) 106
Viruses and Trojan Horses (3.4.2) 106
Other Types of Malware (3.4.3) 108
Common Network Attacks (3.5) 109
Overview of Network Attacks (3.5.1) 109
Reconnaissance Attacks (3.5.3) 109
Access Attacks (3.5.5) 110
Trust Exploitation Example 111
Port Redirection Example 112
Man-in-the-Middle Attack Example 112
Buffer Overflow Attack 112
Social Engineering Attacks (3.5.6) 114
DoS and DDoS Attacks (3.5.9) 115
DoS Attack 116
DDoS Attack 116
IP Vulnerabilities and Threats (3.6) 117
IPv4 and IPv6 (3.6.2) 118
ICMP Attacks (3.6.3) 118
Amplification and Reflection Attacks (3.6.5) 119
Address Spoofing Attacks (3.6.6) 120
TCP and UDP Vulnerabilities (3.7) 122
TCP Segment Header (3.7.1) 122
TCP Services (3.7.2) 123
TCP Attacks (3.7.3) 124
TCP SYN Flood Attack 124
TCP Reset Attack 125
TCP Session Hijacking 126
UDP Segment Header and Operation (3.7.4) 126
UDP Attacks (3.7.5) 127
UDP Flood Attacks 127
IP Services 127
ARP Vulnerabilities (3.8.1) 127
ARP Cache Poisoning (3.8.2) 128
ARP Request 128
ARP Reply 129
Spoofed Gratuitous ARP Replies 130
DNS Attacks (3.8.4) 131
DNS Open Resolver Attacks 131
DNS Stealth Attacks 132
DNS Domain Shadowing Attacks 132
DNS Tunneling (3.8.5) 132
DHCP (3.8.6) 133
DHCP Attacks (3.8.7) 134
1. Client Broadcasts DHCP Discovery Messages 134
2. DHCP Servers Respond with Offers 134
3. Client Accepts Rogue DHCP Request 136
4. Rogue DHCP Acknowledges the Request 136
Network Security Best Practices (3.9) 137
Confidentiality, Integrity, and Availability (3.9.1) 137
The Defense-in-Depth Approach (3.9.2) 138
Firewalls (3.9.3) 139
IPS (3.9.4) 140
Content Security Appliances (3.9.5) 141
Cisco Email Security Appliance (ESA) 142
Cisco Web Security Appliance (WSA) 142
Cryptography (3.10) 143
Securing Communications (3.10.2) 143
Data Integrity (3.10.3) 144
Hash Functions (3.10.4) 145
MD5 with 128-Bit Digest 145
SHA Hashing Algorithm 146
SHA-2 146
SHA-3 146
Origin Authentication (3.10.5) 147
HMAC Hashing Algorithm 147
Creating the HMAC Value 148
Verifying the HMAC Value 149
Cisco Router HMAC Example 149
Data Confidentiality (3.10.6) 150
Symmetric Encryption (3.10.7) 151
Asymmetric Encryption (3.10.8) 152
Diffie-Hellman (3.10.9) 155
Summary (3.11) 157
Current State of Cybersecurity 157
Threat Actors 157
Threat Actor Tools 157
Malware 157
Common Network Attacks 158
IP Vulnerabilities and Threats 158
TCP and UDP Vulnerabilities 158
IP Services 158
Network Security Best Practices 159
Cryptography 159
Practice 159
Check Your Understanding 160
Chapter 4 ACL Concepts 163
Objectives 163
Key Terms 163
Introduction (4.0) 164
Purpose of ACLs (4.1) 164
What Is an ACL? (4.1.1) 164
Packet Filtering (4.1.2) 165
ACL Operation (4.1.3) 166
Wildcard Masks in ACLs (4.2) 168
Wildcard Mask Overview (4.2.1) 168
Wildcard Mask Types (4.2.2) 169
Wildcard to Match a Host 169
Wildcard Mask to Match an IPv4 Subnet 169
Wildcard Mask to Match an IPv4 Address Range 170
Wildcard Mask Calculation (4.2.3) 170
Example 1 171
Example 2 171
Example 3 171
Example 4 172
Wildcard Mask Keywords (4.2.4) 172
Guidelines for ACL Creation (4.3) 173
Limited Number of ACLs per Interface (4.3.1) 173
ACL Best Practices (4.3.2) 174
Types of IPv4 ACLs (4.4) 175
Standard and Extended ACLs (4.4.1) 175
Numbered and Named ACLs (4.4.2) 176
Numbered ACLs 176
Named ACLs 177
Where to Place ACLs (4.4.3) 177
Standard ACL Placement Example (4.4.4) 179
Extended ACL Placement Example (4.4.5) 180
Summary (4.5) 182
Purpose of ACLs 182
Wildcard Masks 182
Guidelines for ACL Creation 183
Types of IPv4 ACLs 183
Practice 184
Check Your Understanding Questions 184
Chapter 5 ACLs for IPv4 Configuration 187
Objectives 187
Key Term 187
Introduction (5.0) 188
Configure Standard IPv4 ACLs (5.1) 188
Create an ACL (5.1.1) 188
Numbered Standard IPv4 ACL Syntax (5.1.2) 188
Named Standard IPv4 ACL Syntax (5.1.3) 189
Apply a Standard IPv4 ACL (5.1.4) 190
Numbered Standard IPv4 ACL Example (5.1.5) 191
Named Standard IPv4 ACL Example (5.1.6) 193
Modify IPv4 ACLs (5.2) 195
Two Methods to Modify an ACL (5.2.1) 196
Text Editor Method (5.2.2) 196
Sequence Numbers Method (5.2.3) 197
Modify a Named ACL Example (5.2.4) 198
ACL Statistics (5.2.5) 199
Secure VTY Ports with a Standard IPv4 ACL (5.3) 200
The access-class Command (5.3.1) 200
Secure VTY Access Example (5.3.2) 200
Verify the VTY Port Is Secured (5.3.3) 202
Configure Extended IPv4 ACLs (5.4) 203
Extended ACLs (5.4.1) 203
Numbered Extended IPv4 ACL Syntax (5.4.2) 204
Protocols and Ports (5.4.3) 206
Protocol Options 206
Port Keyword Options 207
Protocols and Port Numbers Configuration Examples (5.4.4) 208
Apply a Numbered Extended IPv4 ACL (5.4.5) 209
TCP Established Extended ACL (5.4.6) 210
Named Extended IPv4 ACL Syntax (5.4.7) 212
Named Extended IPv4 ACL Example (5.4.8) 212
Edit Extended ACLs (5.4.9) 213
Another Named Extended IPv4 ACL Example (5.4.10) 214
Verify Extended ACLs (5.4.11) 216
show ip interface 216
show access-lists 217
show running-config 218
Summary (5.5) 219
Configure Standard IPv4 ACLs 219
Modify IPv4 ACLs 219
Secure VTY Ports with a Standard IPv4 ACL 220
Configure Extended IPv4 ACLs 220
Practice 221
Check Your Understanding Questions 222
Chapter 6 NAT for IPv4 225
Objectives 225
Key Terms 225
Introduction (6.0) 226
NAT Characteristics (6.1) 226
IPv4 Private Address Space (6.1.1) 226
What Is NAT? (6.1.2) 227
How NAT Works (6.1.3) 228
NAT Terminology (6.1.4) 229
Inside Local 230
Inside Global 230
Outside Global 231
Outside Local 231
Types of NAT (6.2) 231
Static NAT (6.2.1) 231
Dynamic NAT (6.2.2) 232
Port Address Translation (6.2.3) 233
Next Available Port (6.2.4) 235
NAT and PAT Comparison (6.2.5) 236
NAT 236
PAT 237
Packets Without a Layer 4 Segment (6.2.6) 237
NAT Advantages and Disadvantages (6.3) 238
Advantages of NAT (6.3.1) 238
Disadvantages of NAT (6.3.2) 238
Static NAT (6.4) 239
Static NAT Scenario (6.4.1) 240
Configure Static NAT (6.4.2) 240
Analyze Static NAT (6.4.3) 241
Verify Static NAT (6.4.4) 242
Dynamic NAT (6.5) 244
Dynamic NAT Scenario (6.5.1) 244
Configure Dynamic NAT (6.5.2) 245
Analyze Dynamic NATInside to Outside (6.5.3) 247
Analyze Dynamic NATOutside to Inside (6.5.4) 248
Verify Dynamic NAT (6.5.5) 249
PAT (6.6) 251
PAT Scenario (6.6.1) 251
Configure PAT to Use a Single IPv4 Address (6.6.2) 252
Configure PAT to Use an Address Pool (6.6.3) 253
Analyze PATPC to Server (6.6.4) 254
Analyze PATServer to PC (6.6.5) 255
Verify PAT (6.6.6) 256
NAT64 (6.7) 258
NAT for IPv6? (6.7.1) 258
NAT64 (6.7.2) 258
Summary (6.8) 260
NAT Characteristics 260
Types of NAT 260
NAT Advantages and Disadvantages 261
Static NAT 261
Dynamic NAT 262
PAT 262
NAT64 263
Practice 264
Check Your Understanding Questions 264
Chapter 7 WAN Concepts 269
Objectives 269
Key Terms 269
Introduction (7.0) 272
Purpose of WANs (7.1) 272
LANs and WANs (7.1.1) 272
Private and Public WANs (7.1.2) 273
WAN Topologies (7.1.3) 274
Point-to-Point Topology 274
Hub-and-Spoke Topology 275
Dual-homed Topology 276
Fully Meshed Topology 276
Partially Meshed Topology 277
Carrier Connections (7.1.4) 278
Single-Carrier WAN Connection 278
Dual-Carrier WAN Connection 278
Evolving Networks (7.1.5) 279
Small Network 279
Campus Network 280
Branch Network 281
Distributed Network 282
WAN Operations (7.2) 283
WAN Standards (7.2.1) 283
WANs in the OSI Model (7.2.2) 284
Layer 1 Protocols 284
Layer 2 Protocols 284
Common WAN Terminology (7.2.3) 285
WAN Devices (7.2.4) 287
Serial Communication (7.2.5) 289
Circuit-Switched Communication (7.2.6) 290
Packet-Switched Communications (7.2.7) 290
SDH, SONET, and DWDM (7.2.8) 291
Traditional WAN Connectivity (7.3) 292
Traditional WAN Connectivity Options (7.3.1) 293
Common WAN Terminology (7.3.2) 293
Circuit-Switched Options (7.3.3) 295
Public Service Telephone Network (PSTN) 295
Integrated Services Digital Network (ISDN) 295
Packet-Switched Options (7.3.4) 295
Frame Relay 295
Asynchronous Transfer Mode (ATM) 296
Modern WAN Connectivity (7.4) 296
Modern WANs (7.4.1) 296
Modern WAN Connectivity Options (7.4.2) 297
Dedicated Broadband 297
Packet-Switched 298
Internet-Based Broadband 298
Ethernet WAN (7.4.3) 298
MPLS (7.4.4) 300
Internet-Based Connectivity (7.5) 301
Internet-Based Connectivity Options (7.5.1) 301
Wired Options 302
Wireless Options 302
DSL Technology (7.5.2) 302
DSL Connections (7.5.3) 303
DSL and PPP (7.5.4) 303
Host with PPPoE Client 304
Router PPPoE Client 304
Cable Technology (7.5.5) 305
Optical Fiber (7.5.6) 305
Wireless Internet-Based Broadband (7.5.7) 306
Municipal Wi-Fi 306
Cellular 306
Satellite Internet 307
WiMAX 307
VPN Technology (7.5.8) 308
ISP Connectivity Options (7.5.9) 309
Single-Homed 309
Dual-Homed 309
Multihomed 309
Dual-Multihomed 310
Broadband Solution Comparison (7.5.10) 311
Summary (7.6) 312
Purpose of WANs 312
WAN Operations 312
Traditional WAN Connectivity 313
Modern WAN Connectivity 314
Internet-Based Connectivity 314
Practice 315
Check Your Understanding Questions 316
Chapter 8 VPN and IPsec Concepts 319
Objectives 319
Key Terms 319
Introduction (8.0) 321
VPN Technology (8.1) 321
Virtual Private Networks (8.1.1) 321
VPN Benefits (8.1.2) 322
Site-to-Site and Remote-Access VPNs (8.1.3) 323
Site-to-Site VPN 323
Remote-Access VPN 324
Enterprise and Service Provider VPNs (8.1.4) 324
Types of VPNs (8.2) 325
Remote-Access VPNs (8.2.1) 325
SSL VPNs (8.2.2) 326
Site-to-Site IPsec VPNs (8.2.3) 327
GRE over IPsec (8.2.4) 328
Dynamic Multipoint VPNs (8.2.5) 330
IPsec Virtual Tunnel Interface (8.2.6) 331
Service Provider MPLS VPNs (8.2.7) 332
IPsec (8.3) 333
IPsec Technologies (8.3.2) 333
IPsec Protocol Encapsulation (8.3.3) 336
Confidentiality (8.3.4) 336
Integrity (8.3.5) 338
Authentication (8.3.6) 339
Secure Key Exchange with Diffie-Hellman (8.3.7) 342
Summary (8.4) 344
VPN Technology 344
Types of VPNs 344
IPsec 344
Practice 345
Check Your Understanding Questions 345
Chapter 9 QoS Concepts 351
Objectives 351
Key Terms 351
Introduction (9.0) 353
Network Transmission Quality (9.1) 353
Prioritizing Traffic (9.1.2) 353
Bandwidth, Congestion, Delay, and Jitter (9.1.3) 354
Packet Loss (9.1.4) 355
Traffic Characteristics (9.2) 357
Network Traffic Trends (9.2.2) 357
Voice (9.2.3) 358
Video (9.2.4) 358
Data (9.2.5) 360
Queuing Algorithms (9.3) 361
Queuing Overview (9.3.2) 361
First-In, First Out (9.3.3) 362
Weighted Fair Queuing (WFQ) (9.3.4) 362
Limitations of WFQ 363
Class-Based Weighted Fair Queuing (CBWFQ) (9.3.5) 364
Low Latency Queuing (LLQ) (9.3.6) 365
QoS Models (9.4) 366
Selecting an Appropriate QoS Policy Model (9.4.2) 366
Best Effort (9.4.3) 366
Integrated Services (9.4.4) 367
Differentiated Services (9.4.5) 369
QoS Implementation Techniques (9.5) 370
Avoiding Packet Loss (9.5.2) 371
QoS Tools (9.5.3) 371
Classification and Marking (9.5.4) 372
Marking at Layer 2 (9.5.5) 373
Marking at Layer 3 (9.5.6) 374
Type of Service and Traffic Class Field (9.5.7) 375
DSCP Values (9.5.8) 376
Class Selector Bits (9.5.9) 377
Trust Boundaries (9.5.10) 378
Congestion Avoidance (9.5.11) 379
Shaping and Policing (9.5.12) 380
QoS Policy Guidelines (9.5.13) 381
Summary (9.6) 382
Network Transmission Quality 382
Traffic Characteristics 382
Queuing Algorithms 383
QoS Models 383
QoS Implementation Techniques 384
Practice 385
Check Your Understanding Questions 385
Chapter 10 Network Management 389
Objectives 389
Key Terms 389
Introduction (10.0) 390
Device Discovery with CDP (10.1) 390
CDP Overview (10.1.1) 390
Configure and Verify CDP (10.1.2) 391
Discover Devices by Using CDP (10.1.3) 393
Device Discovery with LLDP (10.2) 396
LLDP Overview (10.2.1) 396
Configure and Verify LLDP (10.2.2) 397
Discover Devices by Using LLDP (10.2.3) 397
NTP (10.3) 400
Time and Calendar Services (10.3.1) 400
NTP Operation (10.3.2) 401
Stratum 0 402
Stratum 1 402
Stratum 2 and Lower 402
Configure and Verify NTP (10.3.3) 402
SNMP 405
Introduction to SNMP (10.4.1) 405
SNMP Operation (10.4.2) 406
SNMP Agent Traps (10.4.3) 408
SNMP Versions (10.4.4) 409
Community Strings (10.4.6) 412
MIB Object ID (10.4.7) 415
SNMP Polling Scenario (10.4.8) 415
SNMP Object Navigator (10.4.9) 417
Syslog (10.5) 418
Introduction to Syslog (10.5.1) 418
Syslog Operation (10.5.2) 420
Syslog Message Format (10.5.3) 421
Syslog Facilities (10.5.4) 422
Configure Syslog Timestamp (10.5.5) 422
Router and Switch File Maintenance (10.6) 423
Router File Systems (10.6.1) 424
The Flash File System 425
The NVRAM File System 425
Switch File Systems (10.6.2) 426
Use a Text File to Back Up a Configuration (10.6.3) 427
Use a Text File to Restore a Configuration (10.6.4) 428
Use TFTP to Back Up and Restore a Configuration (10.6.5) 428
USB Ports on a Cisco Router (10.6.6) 430
Use USB to Back Up and Restore a Configuration (10.6.7) 430
Restore Configurations with a USB Flash Drive 432
Password Recovery Procedures (10.6.8) 433
Password Recovery Example (10.6.9) 433
Step 1. Enter the ROMMON mode 433
Step 2. Change the configuration register 434
Step 3. Copy the startup-config to the running-config 434
Step 4. Change the password 435
Step 5. Save the running-config as the new startup-config 435
Step 6. Reload the device 435
IOS Image Management 437
TFTP Servers as a Backup Location (10.7.2) 437
Backup IOS Image to TFTP Server Example (10.7.3) 438
Step 1. Ping the TFTP server 438
Step 2. Verify image size in flash 439
Step 3. Copy the image to the TFTP server 439
Copy an IOS Image to a Device Example (10.7.4) 439
Step 1. Ping the TFTP server 440
Step 2. Verify the amount of free flash 440
Step 3. Copy the new IOS image to flash 441
The boot system Command (10.7.5) 441
Summary (10.8) 443
Device Discovery with CDP 443
Device Discovery with LLDP 443
NTP 443
SNMP 444
Syslog 444
Router and Switch File Maintenance 445
IOS Image Management 446
Practice 446
Check Your Understanding Questions 447
Chapter 11 Network Design 453
Objectives 453
Key Terms 453
Introduction (11.0) 455
Hierarchical Networks (11.1) 455
The Need to Scale the Network (11.1.2) 455
Borderless Switched Networks (11.1.3) 458
Hierarchy in the Borderless Switched Network (11.1.4) 459
Three-Tier Model 460
Two-Tier Model 461
Access, Distribution, and Core Layer Functions (11.1.5) 462
Access Layer 462
Distribution Layer 462
Core Layer 462
Three-Tier and Two-Tier Examples (11.1.6) 462
Three-Tier Example 463
Two-Tier Example 464
Role of Switched Networks (11.1.7) 464
Scalable Networks (11.2) 465
Design for Scalability (11.2.1) 465
Redundant Links 466
Multiple Links 466
Scalable Routing Protocol 467
Wireless Connectivity 468
Plan for Re