Published by Pearson (December 22, 2019) © 2020
Introduction xxvii
Part I IP Access Control Lists 3
Chapter 1 Introduction to TCP/IP Transport and Applications 4
“Do I Know This Already?” Quiz 4
Foundation Topics 6
TCP/IP Layer 4 Protocols: TCP and UDP 6
Transmission Control Protocol 7
Multiplexing Using TCP Port Numbers 7
Popular TCP/IP Applications 10
Connection Establishment and Termination 12
Error Recovery and Reliability 13
Flow Control Using Windowing 15
User Datagram Protocol 16
TCP/IP Applications 16
Uniform Resource Identifiers 17
Finding the Web Server Using DNS 18
Transferring Files with HTTP 20
How the Receiving Host Identifies the Correct Receiving Application 21
Chapter Review 22
Chapter 2 Basic IPv4 Access Control Lists 24
“Do I Know This Already?” Quiz 24
Foundation Topics 26
IPv4 Access Control List Basics 26
ACL Location and Direction 26
Matching Packets 27
Taking Action When a Match Occurs 28
Types of IP ACLs 28
Standard Numbered IPv4 ACLs 29
List Logic with IP ACLs 29
Matching Logic and Command Syntax 31
Matching the Exact IP Address 31
Matching a Subset of the Address with Wildcards 31
Binary Wildcard Masks 33
Finding the Right Wildcard Mask to Match a Subnet 33
Matching Any/All Addresses 34
Implementing Standard IP ACLs 34
Standard Numbered ACL Example 1 35
Standard Numbered ACL Example 2 36
Troubleshooting and Verification Tips 38
Practice Applying Standard IP ACLs 39
Practice Building access-list Commands 39
Reverse Engineering from ACL to Address Range 40
Chapter Review 41
Chapter 3 Advanced IPv4 Access Control Lists 44
“Do I Know This Already?” Quiz 44
Foundation Topics 46
Extended Numbered IP Access Control Lists 46
Matching the Protocol, Source IP, and Destination IP 46
Matching TCP and UDP Port Numbers 48
Extended IP ACL Configuration 51
Extended IP Access Lists: Example 1 51
Extended IP Access Lists: Example 2 53
Practice Building access-list Commands 54
Named ACLs and ACL Editing 54
Named IP Access Lists 54
Editing ACLs Using Sequence Numbers 56
Numbered ACL Configuration Versus Named ACL Configuration 58
ACL Implementation Considerations 59
Additional Reading on ACLs 60
Chapter Review 61
Part I Review 64
Part II Security Services 67
Chapter 4 Security Architectures 68
“Do I Know This Already?” Quiz 68
Foundation Topics 70
Security Terminology 70
Common Security Threats 72
Attacks That Spoof Addresses 72
Denial-of-Service Attacks 73
Reflection and Amplification Attacks 75
Man-in-the-Middle Attacks 76
Address Spoofing Attack Summary 77
Reconnaissance Attacks 77
Buffer Overflow Attacks 78
Malware 78
Human Vulnerabilities 79
Password Vulnerabilities 80
Password Alternatives 80
Controlling and Monitoring User Access 82
Developing a Security Program to Educate Users 83
Chapter Review 84
Chapter 5 Securing Network Devices 86
“Do I Know This Already?” Quiz 86
Foundation Topics 88
Securing IOS Passwords 88
Encrypting Older IOS Passwords with service password-encryption 89
Encoding the Enable Passwords with Hashes 90
Interactions Between Enable Password and Enable Secret 90
Making the Enable Secret Truly Secret with a Hash 91
Improved Hashes for Cisco’s Enable Secret 92
Encoding the Passwords for Local Usernames 94
Controlling Password Attacks with ACLs 95
Firewalls and Intrusion Prevention Systems 95
Traditional Firewalls 96
Security Zones 97
Intrusion Prevention Systems (IPS) 99
Cisco Next-Generation Firewalls 100
Cisco Next-Generation IPS 102
Chapter Review 103
Chapter 6 Implementing Switch Port Security 106
“Do I Know This Already?” Quiz 106
Foundation Topics 108
Port Security Concepts and Configuration 108
Configuring Port Security 109
Verifying Port Security 112
Port Security MAC Addresses 113
Port Security Violation Modes 114
Port Security Shutdown Mode 115
Port Security Protect and Restrict Modes 117
Chapter Review 119
Chapter 7 Implementing DHCP 122
“Do I Know This Already?” Quiz 122
Foundation Topics 124
Dynamic Host Configuration Protocol 124
DHCP Concepts 125
Supporting DHCP for Remote Subnets with DHCP Relay 126
Information Stored at the DHCP Server 128
Configuring DHCP Features on Routers and Switches 129
Configuring DHCP Relay 130
Configuring a Switch as DHCP Client 130
Configuring a Router as DHCP Client 132
Identifying Host IPv4 Settings 133
Host Settings for IPv4 133
Host IP Settings on Windows 134
Host IP Settings on macOS 136
Host IP Settings on Linux 138
Chapter Review 140
Chapter 8 DHCP Snooping and ARP Inspection 144
“Do I Know This Already?” Quiz 144
Foundation Topics 146
DHCP Snooping 146
DHCP Snooping Concepts 146
A Sample Attack: A Spurious DHCP Server 147
DHCP Snooping Logic 148
Filtering DISCOVER Messages Based on MAC Address 150
Filtering Messages that Release IP Addresses 150
DHCP Snooping Configuration 152
Configuring DHCP Snooping on a Layer 2 Switch 152
Limiting DHCP Message Rates 154
DHCP Snooping Configuration Summary 155
Dynamic ARP Inspection 156
DAI Concepts 156
Review of Normal IP ARP 156
Gratuitous ARP as an Attack Vector 157
Dynamic ARP Inspection Logic 158
Dynamic ARP Inspection Configuration 160
Configuring ARP Inspection on a Layer 2 Switch 160
Limiting DAI Message Rates 163
Configuring Optional DAI Message Checks 164
IP ARP Inspection Configuration Summary 165
Chapter Review 166
Part II Review 168
Part III IP Services 171
Chapter 9 Device Management Protocols 172
“Do I Know This Already?” Quiz 172
Foundation Topics 174
System Message Logging (Syslog) 174
Sending Messages in Real Time to Current Users 174
Storing Log Messages for Later Review 175
Log Message Format 176
Log Message Severity Levels 177
Configuring and Verifying System Logging 178
The debug Command and Log Messages 180
Network Time Protocol (NTP) 181
Setting the Time and Timezone 182
Basic NTP Configuration 183
NTP Reference Clock and Stratum 185
Redundant NTP Configuration 186
NTP Using a Loopback Interface for Better Availability 188
Analyzing Topology Using CDP and LLDP 190
Examining Information Learned by CDP 190
Configuring and Verifying CDP 193
Examining Information Learned by LLDP 194
Configuring and Verifying LLDP 197
Chapter Review 199
Chapter 10 Network Address Translation 202
“Do I Know This Already?” Quiz 202
Foundation Topics 204
Perspectives on IPv4 Address Scalability 204
CIDR 205
Private Addressing 206
Network Address Translation Concepts 207
Static NAT 208
Dynamic NAT 210
Overloading NAT with Port Address Translation 211
NAT Configuration and Troubleshooting 213
Static NAT Configuration 213
Dynamic NAT Configuration 215
Dynamic NAT Verification 217
NAT Overload (PAT) Configuration 219
NAT Troubleshooting 222
Chapter Review 223
Chapter 11 Quality of Service (QoS) 226
“Do I Know This Already?” Quiz 226
Foundation Topics 228
Introduction to QoS 228
QoS: Managing Bandwidth, Delay, Jitter, and Loss 228
Types of Traffic 229
Data Applications 229
Voice and Video Applications 230
QoS as Mentioned in This Book 232
QoS on Switches and Routers 233
Classification and Marking 233
Classification Basics 233
Matching (Classification) Basics 234
Classification on Routers with ACLs and NBAR 235
Marking IP DSCP and Ethernet CoS 236
Marking the IP Header 237
Marking the Ethernet 802.1Q Header 237
Other Marking Fields 238
Defining Trust Boundaries 238
DiffServ Suggested Marking Values 239
Expedited Forwarding (EF) 240
Assured Forwarding (AF) 240
Class Selector (CS) 241
Guidelines for DSCP Marking Values 241
Queuing 242
Round-Robin Scheduling (Prioritization) 243
Low Latency Queuing 243
A Prioritization Strategy for Data, Voice, and Video 245
Shaping and Policing 245
Policing 246
Where to Use Policing 246
Shaping 248
Setting a Good Shaping Time Interval for Voice and Video 249
Congestion Avoidance 250
TCP Windowing Basics 250
Congestion Avoidance Tools 251
Chapter Review 252
Chapter 12 Miscellaneous IP Services 254
“Do I Know This Already?” Quiz 254
Foundation Topics 256
First Hop Redundancy Protocol 256
The Need for Redundancy in Networks 257
The Need for a First Hop Redundancy Protocol 259
The Three Solutions for First-Hop Redundancy 260
HSRP Concepts 261
HSRP Failover 261
HSRP Load Balancing 262
Simple Network Management Protocol 263
SNMP Variable Reading and Writing: SNMP Get and Set 264
SNMP Notifications: Traps and Informs 265
The Management Information Base 266
Securing SNMP 267
FTP and TFTP 268
Managing Cisco IOS Images with FTP/TFTP 268
The IOS File System 268
Upgrading IOS Images 270
Copying a New IOS Image to a Local IOS File System Using TFTP 271
Verifying IOS Code Integrity with MD5 273
Copying Images with FTP 273
The FTP and TFTP Protocols 275
FTP Protocol Basics 275
FTP Active and Passive Modes 276
FTP over TLS (FTP Secure) 278
TFTP Protocol Basics 279
Chapter Review 280
Part III Review 284
Part IV Network Architecture 287
Chapter 13 LAN Architecture 288
“Do I Know This Already?” Quiz 288
Foundation Topics 290
Analyzing Campus LAN Topologies 290
Two-Tier Campus Design (Collapsed Core) 290
The Two-Tier Campus Design 290
Topology Terminology Seen Within a Two-Tier Design 291
Three-Tier Campus Design (Core) 293
Topology Design Terminology 295
Small Office/Home Office 295
Power over Ethernet (PoE) 297
PoE Basics 297
PoE Operation 298
PoE and LAN Design 299
Chapter Review 300
Chapter 14 WAN Architecture 302
“Do I Know This Already?” Quiz 302
Foundation Topics 304
Metro Ethernet 304
Metro Ethernet Physical Design and Topology 305
Ethernet WAN Services and Topologies 306
Ethernet Line Service (Point-to-Point) 307
Ethernet LAN Service (Full Mesh) 308
Ethernet Tree Service (Hub and Spoke) 309
Layer 3 Design Using Metro Ethernet 309
Layer 3 Design with E-Line Service 309
Layer 3 Design with E-LAN Service 311
Multiprotocol Label Switching (MPLS) 311
MPLS VPN Physical Design and Topology 313
MPLS and Quality of Service 314
Layer 3 with MPLS VPN 315
Internet VPNs 317
Internet Access 317
Digital Subscriber Line 318
Cable Internet 319
Wireless WAN (3G, 4G, LTE, 5G) 320
Fiber (Ethernet) Internet Access 321
Internet VPN Fundamentals 321
Site-to-Site VPNs with IPsec 322
Remote Access VPNs with TLS 324
VPN Comparisons 326
Chapter Review 326
Chapter 15 Cloud Architecture 328
“Do I Know This Already?” Quiz 328
Foundation Topics 330
Server Virtualization 330
Cisco Server Hardware 330
Server Virtualization Basics 331
Networking with Virtual Switches on a Virtualized Host 333
The Physical Data Center Network 334
Workflow with a Virtualized Data Center 335
Cloud Computing Services 336
Private Cloud (On-Premise) 337
Public Cloud 338
Cloud and the “As a Service” Model 339
Infrastructure as a Service 339
Software as a Service 341
(Development) Platform as a Service 341
WAN Traffic Paths to Reach Cloud Services 342
Enterprise WAN Connections to Public Cloud 342
Accessing Public Cloud Services Using the Internet 342
Pros and Cons with Connecting to Public Cloud with Internet 343
Private WAN and Internet VPN Access to Public Cloud 344
Pros and Cons of Connecting to Cloud with Private WANs 345
Intercloud Exchanges 346
Summarizing the Pros and Cons of Public Cloud WAN Options 346
A Scenario: Branch Offices and the Public Cloud 347
Migrating Traffic Flows When Migrating to Email SaaS 347
Branch Offices with Internet and Private WAN 349
Chapter Review 350
Part IV Review 352
Part V Network Automation 355
Chapter 16 Introduction to Controller-Based Networking 356
“Do I Know This Already?” Quiz 357
Foundation Topics 358
SDN and Controller-Based Networks 358
The Data, Control, and Management Planes 358
The Data Plane 359
The Control Plane 360
The Management Plane 361
Cisco Switch Data Plane Internals 361
Controllers and Software-Defined Architecture 362
Controllers and Centralized Control 363
The Southbound Interface 364
The Northbound Interface 365
Software Defined Architecture Summary 367
Examples of Network Programmability and SDN 367
OpenDaylight and OpenFlow 367
The OpenDaylight Controller 368
The Cisco Open SDN Controller (OSC) 369
Cisco Application Centric Infrastructure (ACI) 369
ACI Physical Design: Spine and Leaf 370
ACI Operating Model with Intent-Based Networking 371
Cisco APIC Enterprise Module 373
APIC-EM Basics 373
APIC-EM Replacement 374
Summary of the SDN Examples 375
Comparing Traditional Versus Controller-Based Networks 375
How Automation Impacts Network Management 376
Comparing Traditional Networks with Controller-Based Networks 378
Chapter Review 379
Chapter 17 Cisco Software-Defined Access (SDA) 382
“Do I Know This Already?” Quiz 383
Foundation Topics 384
SDA Fabric, Underlay, and Overlay 384
The SDA Underlay 386
Using Existing Gear for the SDA Underlay 386
Using New Gear for the SDA Underlay 387
The SDA Overlay 390
VXLAN Tunnels in the Overlay (Data Plane) 390
LISP for Overlay Discovery and Location (Control Plane) 392
DNA Center and SDA Operation 395
Cisco DNA Center 395
Cisco DNA Center and Scalable Groups 396
Issues with Traditional IP-Based Security 397
SDA Security Based on User Groups 398
DNA Center as a Network Management Platform 400
DNA Center Similarities to Traditional Management 401
DNA Center Differences with Traditional Management 402
Chapter Review 403
Chapter 18 Understanding REST and JSON 406
“Do I Know This Already?” Quiz 406
Foundation Topics 408
REST-Based APIs 408
REST-Based (RESTful) APIs 408
Client/Server Architecture 409
Stateless Operation 410
Cacheable (or Not) 410
Background: Data and Variables 410
Simple Variables 410
List and Dictionary Variables 411
REST APIs and HTTP 413
Software CRUD Actions and HTTP Verbs 413
Using URIs with HTTP to Specify the Resource 414
Example of REST API Call to DNA Center 417
Data Serialization and JSON 418
The Need for a Data Model with APIs 419
Data Serialization Languages 421
JSON 421
XML 421
YAML 422
Summary of Data Serialization 423
Interpreting JSON 423
Interpreting JSON Key:Value Pairs 423
Interpreting JSON Objects and Arrays 424
Minified and Beautified JSON 426
Chapter Review 427
Chapter 19 Understanding Ansible, Puppet, and Chef 428
“Do I Know This Already?” Quiz 428
Foundation Topics 430
Device Configuration Challenges and Solutions 430
Configuration Drift 430
Centralized Configuration Files and Version Control 431
Configuration Monitoring and Enforcement 433
Configuration Provisioning 434
Configuration Templates and Variables 435
Files That Control Configuration Automation 437
Ansible, Puppet, and Chef Basics 438
Ansible 438
Puppet 440
Chef 441
Summary of Configuration Management Tools 442
Chapter Review 442
Part V Review 444
Part VI Final Review 447
Chapter 20 Final Review 448
Advice About the Exam Event 448
Exam Event: Learn About Question Types 448
Exam Event: Think About Your Time Budget 450
Exam Event: A Sample Time-Check Method 451
Exam Event: One Week Away 451
Exam Event: 24 Hours Before the Exam 452
Exam Event: The Last 30 Minutes 452
Exam Event: Reserve the Hour After the Exam 453
Exam Review 454
Exam Review: Take Practice Exams 454
Using the Practice CCNA Exams 455
Exam Review: Advice on How to Answer Exam Questions 456
Exam Review: Additional Exams with the Premium Edition 457
Exam Review: Find Knowledge Gaps 458
Exam Review: Practice Hands-On CLI Skills 460
CCNA Exam Topics with CLI Skill Requirements 460
Exam Review: Self-Assessment Pitfalls 462
Exam Review: Adjustments for Your Second Attempt 463
Exam Review: Other Study Tasks 464
Final Thoughts 464
Part VII Appendixes 467
Appendix A Numeric Reference Tables 469
Appendix B CCNA 200-301, Volume 2 Exam Updates 476
Appendix C Answers to the “Do I Know This Already?” Quizzes 478
Glossary 494
Online Appendixes
Appendix D Topics from Previous Editions
Appendix E Practice for Chapter 2: Basic IPv4 Access Control Lists
Appendix F Previous Edition ICND1 Chapter 35: Managing IOS Files
Appendix G Exam Topics Cross-Reference
Appendix H Study Planner
9781587147135 TOC 10/18/2019
Wendell Odom, CCIE No. 1624 Emeritus, has been in the networking industry since 1981. He has worked as a network engineer, consultant, systems engineer, instructor, and course developer; he currently works writing and creating certification study tools. This book is his 29th edition of some product for Pearson, and he is the author of all editions of the CCNA Cert Guides about Routing and Switching from Cisco Press. He has written books about topics from networking basics, certification guides throughout the years for CCENT, CCNA R&S, CCNA DC, CCNP ROUTE, CCNP QoS, and CCIE R&S. He maintains study tools, links to his blogs, and other resources at www.certskills.com.
Need help? Get in touch
All in one place. Pearson+ offers instant access to eTextbooks, videos and study tools in one intuitive interface. Students choose how they learn best with enhanced search, audio and flashcards. The Pearson+ app lets them read where life takes them, no wi-fi needed. Students can access Pearson+ through a subscription or their MyLab or Mastering course.
The Pearson uCertify Courses and Labs combine Pearson's authorized and peer-reviewed content with uCertify's accessible, flexible, and scalable online learning platform. All Courses and Labs are mapped directly to Pearson texts to make integration into your current courses easy and convenient
The uCertify Courses are a foundational learning tool and come with the complete Pearson interactive e-text, pre- and post- assessments, quizzes, exercises, tests, instructional videos, and more. The uCertify Labs and Simulators provide hands-on skills and bridge the gap between conceptual knowledge and real-world application
Play
They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle.
Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.
