Enterprise Networking, Security, and Automation Companion Guide (CCNAv7), 1st edition
- Listen on the go
Learn how you like with full eTextbook audio
- Find it fast
Quickly navigate your eTextbook with search
- Stay organized
Access all your eTextbooks in one place
- Easily continue access
Keep learning with auto-renew
Introduction xxxi
Chapter 1 Single-Area OSPFv2 Concepts 1
Objectives 1
Key Terms 1
Introduction (1.0) 3
OSPF Features and Characteristics (1.1) 3
Introduction to OSPF (1.1.1) 3
Components of OSPF (1.1.2) 4
Routing Protocol Messages 4
Data Structures 4
Algorithm 5
Link-State Operation (1.1.3) 6
1. Establish Neighbor Adjacencies 6
2. Exchange Link-State Advertisements 6
3. Build the Link-State Database 7
4. Execute the SPF Algorithm 8
5. Choose the Best Route 8
Single-Area and Multiarea OSPF (1.1.4) 9
Multiarea OSPF (1.1.5) 10
OSPFv3 (1.1.6) 12
OSPF Packets (1.2) 13
Types of OSPF Packets (1.2.2) 13
Link-State Updates (1.2.3) 14
Hello Packet (1.2.4) 15
OSPF Operation (1.3) 17
OSPF Operational States (1.3.2) 17
Establish Neighbor Adjacencies (1.3.3) 18
1. Down State to Init State 18
2. The Init State 19
3. Two-Way State 19
4. Elect the DR and BDR 20
Synchronizing OSPF Databases (1.3.4) 20
1. Decide First Router 21
2. Exchange DBDs 21
3. Send an LSR 22
The Need for a DR (1.3.5) 23
LSA Flooding with a DR (1.3.6) 24
Flooding LSAs 24
LSAs and DR 25
Summary (1.4) 27
OSPF Features and Characteristics 27
OSPF Packets 28
OSPF Operation 28
Practice 29
Check Your Understanding 29
Chapter 2 Single-Area OSPFv2 Configuration 33
Objectives 33
Key Terms 33
Introduction (2.0) 34
OSPF Router ID (2.1) 34
OSPF Reference Topology (2.1.1) 34
Router Configuration Mode for OSPF (2.1.2) 35
Router IDs (2.1.3) 36
Router ID Order of Precedence (2.1.4) 36
Configure a Loopback Interface as the Router ID (2.1.5) 37
Explicitly Configure a Router ID (2.1.6) 38
Modify a Router ID (2.1.7) 39
Point-to-Point OSPF Networks (2.2) 40
The network Command Syntax (2.2.1) 40
The Wildcard Mask (2.2.2) 41
Configure OSPF Using the network Command (2.2.4) 41
Configure OSPF Using the ip ospf Command (2.2.6) 43
Passive Interface (2.2.8) 44
Configure Passive Interfaces (2.2.9) 45
OSPF Point-to-Point Networks (2.2.11) 46
Loopbacks and Point-to-Point Networks (2.2.12) 48
Multiaccess OSPF Networks (2.3) 49
OSPF Network Types (2.3.1) 49
OSPF Designated Router (2.3.2) 49
OSPF Multiaccess Reference Topology (2.3.3) 51
Verify OSPF Router Roles (2.3.4) 52
R1 DROTHER 52
R2 BDR 53
R3 DR 53
Verify DR/BDR Adjacencies (2.3.5) 54
R1 Adjacencies 55
R2 Adjacencies 55
R3 Adjacencies 56
Default DR/BDR Election Process (2.3.6) 56
DR Failure and Recovery (2.3.7) 58
R3 Fails 58
R3 Rejoins Network 59
R4 Joins Network 59
R2 Fails 59
The ip ospf priority Command (2.3.8) 61
Configure OSPF Priority (2.3.9) 61
Modify Single-Area OSPFv2 (2.4) 63
Cisco OSPF Cost Metric (2.4.1) 63
Adjust the Reference Bandwidth (2.4.2) 64
OSPF Accumulates Costs (2.4.3) 66
Manually Set OSPF Cost Value (2.4.4) 67
Test Failover to Backup Route (2.4.5) 69
Hello Packet Intervals (2.4.7) 69
Verify Hello and Dead Intervals (2.4.8) 70
Modify OSPFv2 Intervals (2.4.9) 71
Default Route Propagation (2.5) 73
Propagate a Default Static Route in OSPFv2 (2.5.1) 74
Verify the Propagated Default Route (2.5.2) 75
Verify Single-Area OSPFv2 (2.6) 77
Verify OSPF Neighbors (2.6.1) 77
Verify OSPF Protocol Settings (2.6.2) 79
Verify OSPF Process Information (2.6.3) 80
Verify OSPF Interface Settings (2.6.4) 81
Summary (2.7) 83
OSPF Router ID 83
Point-to-Point OSPF Networks 83
OSPF Network Types 84
Modify Single-Area OSPFv2 85
Default Route Propagation 86
Verify Single-Area OSPFv2 86
Practice 87
Check Your Understanding 88
Chapter 3 Network Security Concepts 93
Objectives 93
Key Terms 93
Introduction 95
Ethical Hacking Statement (3.0.3) 95
Current State of Cybersecurity (3.1) 95
Current State of Affairs (3.1.1) 95
Vectors of Network Attacks (3.1.2) 96
Data Loss (3.1.3) 97
Threat Actors (3.2) 98
The Hacker (3.2.1) 98
Evolution of Hackers (3.2.2) 99
Cyber Criminals (3.2.3) 100
Hacktivists (3.2.4) 100
State-Sponsored Hackers (3.2.5) 100
Threat Actor Tools (3.3) 101
Introduction to Attack Tools (3.3.2) 101
Evolution of Security Tools (3.3.3) 102
Attack Types (3.3.4) 104
Malware (3.4) 106
Overview of Malware (3.4.1) 106
Viruses and Trojan Horses (3.4.2) 106
Other Types of Malware (3.4.3) 108
Common Network Attacks (3.5) 109
Overview of Network Attacks (3.5.1) 109
Reconnaissance Attacks (3.5.3) 109
Access Attacks (3.5.5) 110
Trust Exploitation Example 111
Port Redirection Example 112
Man-in-the-Middle Attack Example 112
Buffer Overflow Attack 112
Social Engineering Attacks (3.5.6) 114
DoS and DDoS Attacks (3.5.9) 115
DoS Attack 116
DDoS Attack 116
IP Vulnerabilities and Threats (3.6) 117
IPv4 and IPv6 (3.6.2) 118
ICMP Attacks (3.6.3) 118
Amplification and Reflection Attacks (3.6.5) 119
Address Spoofing Attacks (3.6.6) 120
TCP and UDP Vulnerabilities (3.7) 122
TCP Segment Header (3.7.1) 122
TCP Services (3.7.2) 123
TCP Attacks (3.7.3) 124
TCP SYN Flood Attack 124
TCP Reset Attack 125
TCP Session Hijacking 126
UDP Segment Header and Operation (3.7.4) 126
UDP Attacks (3.7.5) 127
UDP Flood Attacks 127
IP Services 127
ARP Vulnerabilities (3.8.1) 127
ARP Cache Poisoning (3.8.2) 128
ARP Request 128
ARP Reply 129
Spoofed Gratuitous ARP Replies 130
DNS Attacks (3.8.4) 131
DNS Open Resolver Attacks 131
DNS Stealth Attacks 132
DNS Domain Shadowing Attacks 132
DNS Tunneling (3.8.5) 132
DHCP (3.8.6) 133
DHCP Attacks (3.8.7) 134
1. Client Broadcasts DHCP Discovery Messages 134
2. DHCP Servers Respond with Offers 134
3. Client Accepts Rogue DHCP Request 136
4. Rogue DHCP Acknowledges the Request 136
Network Security Best Practices (3.9) 137
Confidentiality, Integrity, and Availability (3.9.1) 137
The Defense-in-Depth Approach (3.9.2) 138
Firewalls (3.9.3) 139
IPS (3.9.4) 140
Content Security Appliances (3.9.5) 141
Cisco Email Security Appliance (ESA) 142
Cisco Web Security Appliance (WSA) 142
Cryptography (3.10) 143
Securing Communications (3.10.2) 143
Data Integrity (3.10.3) 144
Hash Functions (3.10.4) 145
MD5 with 128-Bit Digest 145
SHA Hashing Algorithm 146
SHA-2 146
SHA-3 146
Origin Authentication (3.10.5) 147
HMAC Hashing Algorithm 147
Creating the HMAC Value 148
Verifying the HMAC Value 149
Cisco Router HMAC Example 149
Data Confidentiality (3.10.6) 150
Symmetric Encryption (3.10.7) 151
Asymmetric Encryption (3.10.8) 152
Diffie-Hellman (3.10.9) 155
Summary (3.11) 157
Current State of Cybersecurity 157
Threat Actors 157
Threat Actor Tools 157
Malware 157
Common Network Attacks 158
IP Vulnerabilities and Threats 158
TCP and UDP Vulnerabilities 158
IP Services 158
Network Security Best Practices 159
Cryptography 159
Practice 159
Check Your Understanding 160
Chapter 4 ACL Concepts 163
Objectives 163
Key Terms 163
Introduction (4.0) 164
Purpose of ACLs (4.1) 164
What Is an ACL? (4.1.1) 164
Packet Filtering (4.1.2) 165
ACL Operation (4.1.3) 166
Wildcard Masks in ACLs (4.2) 168
Wildcard Mask Overview (4.2.1) 168
Wildcard Mask Types (4.2.2) 169
Wildcard to Match a Host 169
Wildcard Mask to Match an IPv4 Subnet 169
Wildcard Mask to Match an IPv4 Address Range 170
Wildcard Mask Calculation (4.2.3) 170
Example 1 171
Example 2 171
Example 3 171
Example 4 172
Wildcard Mask Keywords (4.2.4) 172
Guidelines for ACL Creation (4.3) 173
Limited Number of ACLs per Interface (4.3.1) 173
ACL Best Practices (4.3.2) 174
Types of IPv4 ACLs (4.4) 175
Standard and Extended ACLs (4.4.1) 175
Numbered and Named ACLs (4.4.2) 176
Numbered ACLs 176
Named ACLs 177
Where to Place ACLs (4.4.3) 177
Standard ACL Placement Example (4.4.4) 179
Extended ACL Placement Example (4.4.5) 180
Summary (4.5) 182
Purpose of ACLs 182
Wildcard Masks 182
Guidelines for ACL Creation 183
Types of IPv4 ACLs 183
Practice 184
Check Your Understanding Questions 184
Chapter 5 ACLs for IPv4 Configuration 187
Objectives 187
Key Term 187
Introduction (5.0) 188
Configure Standard IPv4 ACLs (5.1) 188
Create an ACL (5.1.1) 188
Numbered Standard IPv4 ACL Syntax (5.1.2) 188
Named Standard IPv4 ACL Syntax (5.1.3) 189
Apply a Standard IPv4 ACL (5.1.4) 190
Numbered Standard IPv4 ACL Example (5.1.5) 191
Named Standard IPv4 ACL Example (5.1.6) 193
Modify IPv4 ACLs (5.2) 195
Two Methods to Modify an ACL (5.2.1) 196
Text Editor Method (5.2.2) 196
Sequence Numbers Method (5.2.3) 197
Modify a Named ACL Example (5.2.4) 198
ACL Statistics (5.2.5) 199
Secure VTY Ports with a Standard IPv4 ACL (5.3) 200
The access-class Command (5.3.1) 200
Secure VTY Access Example (5.3.2) 200
Verify the VTY Port Is Secured (5.3.3) 202
Configure Extended IPv4 ACLs (5.4) 203
Extended ACLs (5.4.1) 203
Numbered Extended IPv4 ACL Syntax (5.4.2) 204
Protocols and Ports (5.4.3) 206
Protocol Options 206
Port Keyword Options 207
Protocols and Port Numbers Configuration Examples (5.4.4) 208
Apply a Numbered Extended IPv4 ACL (5.4.5) 209
TCP Established Extended ACL (5.4.6) 210
Named Extended IPv4 ACL Syntax (5.4.7) 212
Named Extended IPv4 ACL Example (5.4.8) 212
Edit Extended ACLs (5.4.9) 213
Another Named Extended IPv4 ACL Example (5.4.10) 214
Verify Extended ACLs (5.4.11) 216
show ip interface 216
show access-lists 217
show running-config 218
Summary (5.5) 219
Configure Standard IPv4 ACLs 219
Modify IPv4 ACLs 219
Secure VTY Ports with a Standard IPv4 ACL 220
Configure Extended IPv4 ACLs 220
Practice 221
Check Your Understanding Questions 222
Chapter 6 NAT for IPv4 225
Objectives 225
Key Terms 225
Introduction (6.0) 226
NAT Characteristics (6.1) 226
IPv4 Private Address Space (6.1.1) 226
What Is NAT? (6.1.2) 227
How NAT Works (6.1.3) 228
NAT Terminology (6.1.4) 229
Inside Local 230
Inside Global 230
Outside Global 231
Outside Local 231
Types of NAT (6.2) 231
Static NAT (6.2.1) 231
Dynamic NAT (6.2.2) 232
Port Address Translation (6.2.3) 233
Next Available Port (6.2.4) 235
NAT and PAT Comparison (6.2.5) 236
NAT 236
PAT 237
Packets Without a Layer 4 Segment (6.2.6) 237
NAT Advantages and Disadvantages (6.3) 238
Advantages of NAT (6.3.1) 238
Disadvantages of NAT (6.3.2) 238
Static NAT (6.4) 239
Static NAT Scenario (6.4.1) 240
Configure Static NAT (6.4.2) 240
Analyze Static NAT (6.4.3) 241
Verify Static NAT (6.4.4) 242
Dynamic NAT (6.5) 244
Dynamic NAT Scenario (6.5.1) 244
Configure Dynamic NAT (6.5.2) 245
Analyze Dynamic NAT—Inside to Outside (6.5.3) 247
Analyze Dynamic NAT—Outside to Inside (6.5.4) 248
Verify Dynamic NAT (6.5.5) 249
PAT (6.6) 251
PAT Scenario (6.6.1) 251
Configure PAT to Use a Single IPv4 Address (6.6.2) 252
Configure PAT to Use an Address Pool (6.6.3) 253
Analyze PAT—PC to Server (6.6.4) 254
Analyze PAT—Server to PC (6.6.5) 255
Verify PAT (6.6.6) 256
NAT64 (6.7) 258
NAT for IPv6? (6.7.1) 258
NAT64 (6.7.2) 258
Summary (6.8) 260
NAT Characteristics 260
Types of NAT 260
NAT Advantages and Disadvantages 261
Static NAT 261
Dynamic NAT 262
PAT 262
NAT64 263
Practice 264
Check Your Understanding Questions 264
Chapter 7 WAN Concepts 269
Objectives 269
Key Terms 269
Introduction (7.0) 272
Purpose of WANs (7.1) 272
LANs and WANs (7.1.1) 272
Private and Public WANs (7.1.2) 273
WAN Topologies (7.1.3) 274
Point-to-Point Topology 274
Hub-and-Spoke Topology 275
Dual-homed Topology 276
Fully Meshed Topology 276
Partially Meshed Topology 277
Carrier Connections (7.1.4) 278
Single-Carrier WAN Connection 278
Dual-Carrier WAN Connection 278
Evolving Networks (7.1.5) 279
Small Network 279
Campus Network 280
Branch Network 281
Distributed Network 282
WAN Operations (7.2) 283
WAN Standards (7.2.1) 283
WANs in the OSI Model (7.2.2) 284
Layer 1 Protocols 284
Layer 2 Protocols 284
Common WAN Terminology (7.2.3) 285
WAN Devices (7.2.4) 287
Serial Communication (7.2.5) 289
Circuit-Switched Communication (7.2.6) 290
Packet-Switched Communications (7.2.7) 290
SDH, SONET, and DWDM (7.2.8) 291
Traditional WAN Connectivity (7.3) 292
Traditional WAN Connectivity Options (7.3.1) 293
Common WAN Terminology (7.3.2) 293
Circuit-Switched Options (7.3.3) 295
Public Service Telephone Network (PSTN) 295
Integrated Services Digital Network (ISDN) 295
Packet-Switched Options (7.3.4) 295
Frame Relay 295
Asynchronous Transfer Mode (ATM) 296
Modern WAN Connectivity (7.4) 296
Modern WANs (7.4.1) 296
Modern WAN Connectivity Options (7.4.2) 297
Dedicated Broadband 297
Packet-Switched 298
Internet-Based Broadband 298
Ethernet WAN (7.4.3) 298
MPLS (7.4.4) 300
Internet-Based Connectivity (7.5) 301
Internet-Based Connectivity Options (7.5.1) 301
Wired Options 302
Wireless Options 302
DSL Technology (7.5.2) 302
DSL Connections (7.5.3) 303
DSL and PPP (7.5.4) 303
Host with PPPoE Client 304
Router PPPoE Client 304
Cable Technology (7.5.5) 305
Optical Fiber (7.5.6) 305
Wireless Internet-Based Broadband (7.5.7) 306
Municipal Wi-Fi 306
Cellular 306
Satellite Internet 307
WiMAX 307
VPN Technology (7.5.8) 308
ISP Connectivity Options (7.5.9) 309
Single-Homed 309
Dual-Homed 309
Multihomed 309
Dual-Multihomed 310
Broadband Solution Comparison (7.5.10) 311
Summary (7.6) 312
Purpose of WANs 312
WAN Operations 312
Traditional WAN Connectivity 313
Modern WAN Connectivity 314
Internet-Based Connectivity 314
Practice 315
Check Your Understanding Questions 316
Chapter 8 VPN and IPsec Concepts 319
Objectives 319
Key Terms 319
Introduction (8.0) 321
VPN Technology (8.1) 321
Virtual Private Networks (8.1.1) 321
VPN Benefits (8.1.2) 322
Site-to-Site and Remote-Access VPNs (8.1.3) 323
Site-to-Site VPN 323
Remote-Access VPN 324
Enterprise and Service Provider VPNs (8.1.4) 324
Types of VPNs (8.2) 325
Remote-Access VPNs (8.2.1) 325
SSL VPNs (8.2.2) 326
Site-to-Site IPsec VPNs (8.2.3) 327
GRE over IPsec (8.2.4) 328
Dynamic Multipoint VPNs (8.2.5) 330
IPsec Virtual Tunnel Interface (8.2.6) 331
Service Provider MPLS VPNs (8.2.7) 332
IPsec (8.3) 333
IPsec Technologies (8.3.2) 333
IPsec Protocol Encapsulation (8.3.3) 336
Confidentiality (8.3.4) 336
Integrity (8.3.5) 338
Authentication (8.3.6) 339
Secure Key Exchange with Diffie-Hellman (8.3.7) 342
Summary (8.4) 344
VPN Technology 344
Types of VPNs 344
IPsec 344
Practice 345
Check Your Understanding Questions 345
Chapter 9 QoS Concepts 351
Objectives 351
Key Terms 351
Introduction (9.0) 353
Network Transmission Quality (9.1) 353
Prioritizing Traffic (9.1.2) 353
Bandwidth, Congestion, Delay, and Jitter (9.1.3) 354
Packet Loss (9.1.4) 355
Traffic Characteristics (9.2) 357
Network Traffic Trends (9.2.2) 357
Voice (9.2.3) 358
Video (9.2.4) 358
Data (9.2.5) 360
Queuing Algorithms (9.3) 361
Queuing Overview (9.3.2) 361
First-In, First Out (9.3.3) 362
Weighted Fair Queuing (WFQ) (9.3.4) 362
Limitations of WFQ 363
Class-Based Weighted Fair Queuing (CBWFQ) (9.3.5) 364
Low Latency Queuing (LLQ) (9.3.6) 365
QoS Models (9.4) 366
Selecting an Appropriate QoS Policy Model (9.4.2) 366
Best Effort (9.4.3) 366
Integrated Services (9.4.4) 367
Differentiated Services (9.4.5) 369
QoS Implementation Techniques (9.5) 370
Avoiding Packet Loss (9.5.2) 371
QoS Tools (9.5.3) 371
Classification and Marking (9.5.4) 372
Marking at Layer 2 (9.5.5) 373
Marking at Layer 3 (9.5.6) 374
Type of Service and Traffic Class Field (9.5.7) 375
DSCP Values (9.5.8) 376
Class Selector Bits (9.5.9) 377
Trust Boundaries (9.5.10) 378
Congestion Avoidance (9.5.11) 379
Shaping and Policing (9.5.12) 380
QoS Policy Guidelines (9.5.13) 381
Summary (9.6) 382
Network Transmission Quality 382
Traffic Characteristics 382
Queuing Algorithms 383
QoS Models 383
QoS Implementation Techniques 384
Practice 385
Check Your Understanding Questions 385
Chapter 10 Network Management 389
Objectives 389
Key Terms 389
Introduction (10.0) 390
Device Discovery with CDP (10.1) 390
CDP Overview (10.1.1) 390
Configure and Verify CDP (10.1.2) 391
Discover Devices by Using CDP (10.1.3) 393
Device Discovery with LLDP (10.2) 396
LLDP Overview (10.2.1) 396
Configure and Verify LLDP (10.2.2) 397
Discover Devices by Using LLDP (10.2.3) 397
NTP (10.3) 400
Time and Calendar Services (10.3.1) 400
NTP Operation (10.3.2) 401
Stratum 0 402
Stratum 1 402
Stratum 2 and Lower 402
Configure and Verify NTP (10.3.3) 402
SNMP 405
Introduction to SNMP (10.4.1) 405
SNMP Operation (10.4.2) 406
SNMP Agent Traps (10.4.3) 408
SNMP Versions (10.4.4) 409
Community Strings (10.4.6) 412
MIB Object ID (10.4.7) 415
SNMP Polling Scenario (10.4.8) 415
SNMP Object Navigator (10.4.9) 417
Syslog (10.5) 418
Introduction to Syslog (10.5.1) 418
Syslog Operation (10.5.2) 420
Syslog Message Format (10.5.3) 421
Syslog Facilities (10.5.4) 422
Configure Syslog Timestamp (10.5.5) 422
Router and Switch File Maintenance (10.6) 423
Router File Systems (10.6.1) 424
The Flash File System 425
The NVRAM File System 425
Switch File Systems (10.6.2) 426
Use a Text File to Back Up a Configuration (10.6.3) 427
Use a Text File to Restore a Configuration (10.6.4) 428
Use TFTP to Back Up and Restore a Configuration (10.6.5) 428
USB Ports on a Cisco Router (10.6.6) 430
Use USB to Back Up and Restore a Configuration (10.6.7) 430
Restore Configurations with a USB Flash Drive 432
Password Recovery Procedures (10.6.8) 433
Password Recovery Example (10.6.9) 433
Step 1. Enter the ROMMON mode 433
Step 2. Change the configuration register 434
Step 3. Copy the startup-config to the running-config 434
Step 4. Change the password 435
Step 5. Save the running-config as the new startup-config 435
Step 6. Reload the device 435
IOS Image Management 437
TFTP Servers as a Backup Location (10.7.2) 437
Backup IOS Image to TFTP Server Example (10.7.3) 438
Step 1. Ping the TFTP server 438
Step 2. Verify image size in flash 439
Step 3. Copy the image to the TFTP server 439
Copy an IOS Image to a Device Example (10.7.4) 439
Step 1. Ping the TFTP server 440
Step 2. Verify the amount of free flash 440
Step 3. Copy the new IOS image to flash 441
The boot system Command (10.7.5) 441
Summary (10.8) 443
Device Discovery with CDP 443
Device Discovery with LLDP 443
NTP 443
SNMP 444
Syslog 444
Router and Switch File Maintenance 445
IOS Image Management 446
Practice 446
Check Your Understanding Questions 447
Chapter 11 Network Design 453
Objectives 453
Key Terms 453
Introduction (11.0) 455
Hierarchical Networks (11.1) 455
The Need to Scale the Network (11.1.2) 455
Borderless Switched Networks (11.1.3) 458
Hierarchy in the Borderless Switched Network (11.1.4) 459
Three-Tier Model 460
Two-Tier Model 461
Access, Distribution, and Core Layer Functions (11.1.5) 462
Access Layer 462
Distribution Layer 462
Core Layer 462
Three-Tier and Two-Tier Examples (11.1.6) 462
Three-Tier Example 463
Two-Tier Example 464
Role of Switched Networks (11.1.7) 464
Scalable Networks (11.2) 465
Design for Scalability (11.2.1) 465
Redundant Links 466
Multiple Links 466
Scalable Routing Protocol 467
Wireless Connectivity 468
Plan for Redundancy (11.2.2) 469
Reduce Failure Domain Size (11.2.3) 470
Edge Router 470
AP1 471
S1 472
S2 472
S3 473
Limiting the Size of Failure Domains 474
Switch Block Deployment 474
Increase Bandwidth (11.2.4) 474
Expand the Access Layer (11.2.5) 475
Tune Routing Protocols (11.2.6) 476
Switch Hardware (11.3) 477
Switch Platforms (11.3.1) 477
Campus LAN Switches 477
Cloud-Managed Switches 478
Data Center Switches 478
Service Provider Switches 479
Virtual Networking 479
Switch Form Factors (11.3.2) 479
Fixed Configuration Switches 480
Modular Configuration Switches 480
Stackable Configuration Switches 481
Thickness 481
Port Density (11.3.3) 482
Forwarding Rates (11.3.4) 483
Power over Ethernet (11.3.5) 484
Switch 484
IP Phone 484
WAP 485
Cisco Catalyst 2960-C 485
Multilayer Switching (11.3.6) 485
Business Considerations for Switch Selection (11.3.7) 486
Router Hardware (11.4) 487
Router Requirements (11.4.1) 487
Cisco Routers (11.4.2) 488
Branch Routers 488
Network Edge Routers 488
Service Provider Routers 489
Industrial 490
Router Form Factors (11.4.3) 490
Cisco 900 Series 490
ASR 9000 and 1000 Series 490
5500 Series 491
Cisco 800 492
Fixed Configuration or Modular 492
Summary (11.5) 493
Hierarchical Networks 493
Scalable Networks 493
Switch Hardware 494
Router Hardware 494
Practice 495
Check Your Understanding Questions 496
Chapter 12 Network Troubleshooting 501
Objectives 501
Key Terms 501
Introduction (12.0) 502
Network Documentation (12.1) 502
Documentation Overview (12.1.1) 502
Network Topology Diagrams (12.1.2) 503
Physical Topology 503
Logical IPv4 Topology 504
Logical IPv6 Topology 505
Network Device Documentation (12.1.3) 505
Router Device Documentation 505
LAN Switch Device Documentation 506
End-System Documentation Files 506
Establish a Network Baseline (12.1.4) 507
Step 1—Determine What Types of Data to Collect (12.1.5) 508
Step 2—Identify Devices and Ports of Interest (12.1.6) 508
Step 3—Determine the Baseline Duration (12.1.7) 509
Data Measurement (12.1.8) 510
Troubleshooting Process (12.2) 512
General Troubleshooting Procedures (12.2.1) 512
Seven-Step Troubleshooting Process (12.2.2) 513
Define the Problem 514
Gather Information 514
Analyze Information 514
Eliminate Possible Causes 514
Propose Hypothesis 514
Test Hypothesis 515
Solve the Problem 515
Question End Users (12.2.3) 515
Gather Information (12.2.4) 516
Troubleshooting with Layered Models (12.2.5) 517
Structured Troubleshooting Methods (12.2.6) 518
Bottom-Up 518
Top-Down 519
Divide-and-Conquer 520
Follow-the-Path 521
Substitution 522
Comparison 522
Educated Guess 522
Guidelines for Selecting a Troubleshooting Method (12.2.7) 523
Troubleshooting Tools (12.3) 524
Software Troubleshooting Tools (12.3.1) 524
Network Management System Tools 524
Knowledge Bases 524
Baselining Tools 524
Protocol Analyzers (12.3.2) 525
Hardware Troubleshooting Tools (12.3.3) 525
Digital Multimeters 525
Cable Testers 526
Cable Analyzers 527
Portable Network Analyzers 528
Cisco Prime NAM 528
Syslog Server as a Troubleshooting Tool (12.3.4) 529
Symptoms and Causes of Network Problems (12.4) 531
Physical Layer Troubleshooting (12.4.1) 531
Data Link Layer Troubleshooting (12.4.2) 534
Network Layer Troubleshooting (12.4.3) 537
Transport Layer Troubleshooting—ACLs (12.4.4) 539
Transport Layer Troubleshooting—NAT for IPv4 (12.4.5) 542
Application Layer Troubleshooting (12.4.6) 543
Troubleshooting IP Connectivity (12.5) 545
Components of Troubleshooting End-to-End Connectivity (12.5.1) 545
End-to-End Connectivity Problem Initiates Troubleshooting (12.5.2) 547
IPv4 ping 547
IPv4 traceroute 548
IPv6 ping and traceroute 548
Step 1—Verify the Physical Layer (12.5.3) 549
Input Queue Drops 550
Output Queue Drops 550
Input Errors 551
Output Errors 551
Step 2—Check for Duplex Mismatches (12.5.4) 551
Troubleshooting Example 552
Step 3—Verify Addressing on the Local Network (12.5.5) 553
Windows IPv4 ARP Table 553
Windows IPv6 Neighbor Table 554
IOS IPv6 Neighbor Table 555
Switch MAC Address Table 555
Troubleshoot VLAN Assignment Example (12.5.6) 556
Check the ARP Table 557
Check the Switch MAC Table 557
Correct the VLAN Assignment 557
Step 4—Verify Default Gateway (12.5.7) 558
Troubleshooting IPv4 Default Gateway Example 559
R1 Routing Table 559
PC1 Routing Table 559
Troubleshoot IPv6 Default Gateway Example (12.5.8) 560
R1 Routing Table 560
PC1 Addressing 560
Check R1 Interface Settings 561
Correct R1 IPv6 Routing 561
Verify PC1 Has an IPv6 Default Gateway 562
Step 5—Verify Correct Path (12.5.9) 562
Troubleshooting Example 566
Step 6—Verify the Transport Layer (12.5.10) 566
Troubleshooting Example 566
Step 7—Verify ACLs (12.5.11) 568
Troubleshooting Example 568
show ip access-lists 569
show ip interfaces 569
Correct the Issue 570
Step 8—Verify DNS (12.5.12) 570
Summary (12.6) 572
Network Documentation 572
Troubleshooting Process 572
Troubleshooting Tools 573
Symptoms and Causes of Network Problems 573
Troubleshooting IP Connectivity 574
Practice 577
Check Your Understanding Questions 577
Chapter 13 Network Virtualization 581
Objectives 581
Key Terms 581
Introduction (13.0) 583
Cloud Computing (13.1) 583
Cloud Overview (13.1.2) 583
Cloud Services (13.1.3) 584
Cloud Models (13.1.4) 584
Cloud Computing Versus Data Center (13.1.5) 585
Virtualization (13.2) 585
Cloud Computing and Virtualization (13.2.1) 585
Dedicated Servers (13.2.2) 586
Server Virtualization (13.2.3) 587
Advantages of Virtualization (13.2.4) 589
Abstraction Layers (13.2.5) 589
Type 2 Hypervisors (13.2.6) 591
Virtual Network Infrastructure (13.3) 592
Type 1 Hypervisors (13.3.1) 592
Installing a VM on a Hypervisor (13.3.2) 592
The Complexity of Network Virtualization (13.3.3) 594
Software-Defined Networking (13.4) 595
Control Plane and Data Plane (13.4.2) 595
Layer 3 Switch and CEF 596
SDN and Central Controller 597
Management Plane 598
Network Virtualization Technologies (13.4.3) 598
Traditional and SDN Architectures (13.4.4) 599
Controllers (13.5) 600
SDN Controller and Operations (13.5.1) 600
Core Components of ACI (13.5.3) 602
Spine-Leaf Topology (13.5.4) 603
SDN Types (13.5.5) 604
Device-Based SDN 604
Controller-Based SDN 605
Policy-Based SDN 605
APIC-EM Features (13.5.6) 606
APIC-EM Path Trace (13.5.7) 606
Summary (13.6) 609
Cloud Computing 609
Virtualization 609
Virtual Network Infrastructure 610
Software-Defined Networking 610
Controllers 611
Practice 612
Check Your Understanding Questions 613
Chapter 14 Network Automation 617
Objectives 617
Key Terms 617
Introduction (14.0) 619
Automation Overview (14.1) 619
The Increase in Automation (14.1.2) 619
Thinking Devices (14.1.3) 620
Data Formats (14.2) 620
The Data Formats Concept (14.2.2) 620
Data Format Rules (14.2.3) 622
Compare Data Formats (14.2.4) 623
JSON Data Format (14.2.5) 624
JSON Syntax Rules (14.2.6) 624
YAML Data Format (14.2.7) 626
XML Data Format (14.2.8) 627
APIs (14.3) 628
The API Concept (14.3.2) 628
An API Example (14.3.3) 629
Open, Internal, and Partner APIs (14.3.4) 631
Types of Web Service APIs (14.3.5) 632
REST (14.4) 633
REST and RESTful API (14.4.2) 633
RESTful Implementation (14.4.3) 634
URI, URN, and URL (14.4.4) 635
Anatomy of a RESTful Request (14.4.5) 636
RESTful API Applications (14.4.6) 638
Developer Website 638
Postman 638
Python 638
Network Operating Systems 638
Configuration Management Tools (14.5) 639
Traditional Network Configuration (14.5.2) 639
Network Automation (14.5.3) 641
Configuration Management Tools (14.5.4) 642
Compare Ansible, Chef, Puppet, and SaltStack (14.5.5) 642
IBN and Cisco DNA Center (14.6) 644
Intent-Based Networking Overview (14.6.2) 644
Network Infrastructure as Fabric (14.6.3) 644
Cisco Digital Network Architecture (DNA) (14.6.4) 647
Cisco DNA Center (14.6.5) 648
Summary (14.7) 651
Automation Overview 651
Data Formats 651
APIs 651
REST 651
Configuration and Management 652
IBN and Cisco DNA Center 652
Practice 652
Check Your Understanding Questions 653
Appendix A Answers to the “Check Your Understanding” Questions 657
Glossary 677
9780136634324 TOC 6/5/2020
Chapter 1 Single-Area OSPFv2 Concepts 1
Objectives 1
Key Terms 1
Introduction (1.0) 3
OSPF Features and Characteristics (1.1) 3
Introduction to OSPF (1.1.1) 3
Components of OSPF (1.1.2) 4
Routing Protocol Messages 4
Data Structures 4
Algorithm 5
Link-State Operation (1.1.3) 6
1. Establish Neighbor Adjacencies 6
2. Exchange Link-State Advertisements 6
3. Build the Link-State Database 7
4. Execute the SPF Algorithm 8
5. Choose the Best Route 8
Single-Area and Multiarea OSPF (1.1.4) 9
Multiarea OSPF (1.1.5) 10
OSPFv3 (1.1.6) 12
OSPF Packets (1.2) 13
Types of OSPF Packets (1.2.2) 13
Link-State Updates (1.2.3) 14
Hello Packet (1.2.4) 15
OSPF Operation (1.3) 17
OSPF Operational States (1.3.2) 17
Establish Neighbor Adjacencies (1.3.3) 18
1. Down State to Init State 18
2. The Init State 19
3. Two-Way State 19
4. Elect the DR and BDR 20
Synchronizing OSPF Databases (1.3.4) 20
1. Decide First Router 21
2. Exchange DBDs 21
3. Send an LSR 22
The Need for a DR (1.3.5) 23
LSA Flooding with a DR (1.3.6) 24
Flooding LSAs 24
LSAs and DR 25
Summary (1.4) 27
OSPF Features and Characteristics 27
OSPF Packets 28
OSPF Operation 28
Practice 29
Check Your Understanding 29
Chapter 2 Single-Area OSPFv2 Configuration 33
Objectives 33
Key Terms 33
Introduction (2.0) 34
OSPF Router ID (2.1) 34
OSPF Reference Topology (2.1.1) 34
Router Configuration Mode for OSPF (2.1.2) 35
Router IDs (2.1.3) 36
Router ID Order of Precedence (2.1.4) 36
Configure a Loopback Interface as the Router ID (2.1.5) 37
Explicitly Configure a Router ID (2.1.6) 38
Modify a Router ID (2.1.7) 39
Point-to-Point OSPF Networks (2.2) 40
The network Command Syntax (2.2.1) 40
The Wildcard Mask (2.2.2) 41
Configure OSPF Using the network Command (2.2.4) 41
Configure OSPF Using the ip ospf Command (2.2.6) 43
Passive Interface (2.2.8) 44
Configure Passive Interfaces (2.2.9) 45
OSPF Point-to-Point Networks (2.2.11) 46
Loopbacks and Point-to-Point Networks (2.2.12) 48
Multiaccess OSPF Networks (2.3) 49
OSPF Network Types (2.3.1) 49
OSPF Designated Router (2.3.2) 49
OSPF Multiaccess Reference Topology (2.3.3) 51
Verify OSPF Router Roles (2.3.4) 52
R1 DROTHER 52
R2 BDR 53
R3 DR 53
Verify DR/BDR Adjacencies (2.3.5) 54
R1 Adjacencies 55
R2 Adjacencies 55
R3 Adjacencies 56
Default DR/BDR Election Process (2.3.6) 56
DR Failure and Recovery (2.3.7) 58
R3 Fails 58
R3 Rejoins Network 59
R4 Joins Network 59
R2 Fails 59
The ip ospf priority Command (2.3.8) 61
Configure OSPF Priority (2.3.9) 61
Modify Single-Area OSPFv2 (2.4) 63
Cisco OSPF Cost Metric (2.4.1) 63
Adjust the Reference Bandwidth (2.4.2) 64
OSPF Accumulates Costs (2.4.3) 66
Manually Set OSPF Cost Value (2.4.4) 67
Test Failover to Backup Route (2.4.5) 69
Hello Packet Intervals (2.4.7) 69
Verify Hello and Dead Intervals (2.4.8) 70
Modify OSPFv2 Intervals (2.4.9) 71
Default Route Propagation (2.5) 73
Propagate a Default Static Route in OSPFv2 (2.5.1) 74
Verify the Propagated Default Route (2.5.2) 75
Verify Single-Area OSPFv2 (2.6) 77
Verify OSPF Neighbors (2.6.1) 77
Verify OSPF Protocol Settings (2.6.2) 79
Verify OSPF Process Information (2.6.3) 80
Verify OSPF Interface Settings (2.6.4) 81
Summary (2.7) 83
OSPF Router ID 83
Point-to-Point OSPF Networks 83
OSPF Network Types 84
Modify Single-Area OSPFv2 85
Default Route Propagation 86
Verify Single-Area OSPFv2 86
Practice 87
Check Your Understanding 88
Chapter 3 Network Security Concepts 93
Objectives 93
Key Terms 93
Introduction 95
Ethical Hacking Statement (3.0.3) 95
Current State of Cybersecurity (3.1) 95
Current State of Affairs (3.1.1) 95
Vectors of Network Attacks (3.1.2) 96
Data Loss (3.1.3) 97
Threat Actors (3.2) 98
The Hacker (3.2.1) 98
Evolution of Hackers (3.2.2) 99
Cyber Criminals (3.2.3) 100
Hacktivists (3.2.4) 100
State-Sponsored Hackers (3.2.5) 100
Threat Actor Tools (3.3) 101
Introduction to Attack Tools (3.3.2) 101
Evolution of Security Tools (3.3.3) 102
Attack Types (3.3.4) 104
Malware (3.4) 106
Overview of Malware (3.4.1) 106
Viruses and Trojan Horses (3.4.2) 106
Other Types of Malware (3.4.3) 108
Common Network Attacks (3.5) 109
Overview of Network Attacks (3.5.1) 109
Reconnaissance Attacks (3.5.3) 109
Access Attacks (3.5.5) 110
Trust Exploitation Example 111
Port Redirection Example 112
Man-in-the-Middle Attack Example 112
Buffer Overflow Attack 112
Social Engineering Attacks (3.5.6) 114
DoS and DDoS Attacks (3.5.9) 115
DoS Attack 116
DDoS Attack 116
IP Vulnerabilities and Threats (3.6) 117
IPv4 and IPv6 (3.6.2) 118
ICMP Attacks (3.6.3) 118
Amplification and Reflection Attacks (3.6.5) 119
Address Spoofing Attacks (3.6.6) 120
TCP and UDP Vulnerabilities (3.7) 122
TCP Segment Header (3.7.1) 122
TCP Services (3.7.2) 123
TCP Attacks (3.7.3) 124
TCP SYN Flood Attack 124
TCP Reset Attack 125
TCP Session Hijacking 126
UDP Segment Header and Operation (3.7.4) 126
UDP Attacks (3.7.5) 127
UDP Flood Attacks 127
IP Services 127
ARP Vulnerabilities (3.8.1) 127
ARP Cache Poisoning (3.8.2) 128
ARP Request 128
ARP Reply 129
Spoofed Gratuitous ARP Replies 130
DNS Attacks (3.8.4) 131
DNS Open Resolver Attacks 131
DNS Stealth Attacks 132
DNS Domain Shadowing Attacks 132
DNS Tunneling (3.8.5) 132
DHCP (3.8.6) 133
DHCP Attacks (3.8.7) 134
1. Client Broadcasts DHCP Discovery Messages 134
2. DHCP Servers Respond with Offers 134
3. Client Accepts Rogue DHCP Request 136
4. Rogue DHCP Acknowledges the Request 136
Network Security Best Practices (3.9) 137
Confidentiality, Integrity, and Availability (3.9.1) 137
The Defense-in-Depth Approach (3.9.2) 138
Firewalls (3.9.3) 139
IPS (3.9.4) 140
Content Security Appliances (3.9.5) 141
Cisco Email Security Appliance (ESA) 142
Cisco Web Security Appliance (WSA) 142
Cryptography (3.10) 143
Securing Communications (3.10.2) 143
Data Integrity (3.10.3) 144
Hash Functions (3.10.4) 145
MD5 with 128-Bit Digest 145
SHA Hashing Algorithm 146
SHA-2 146
SHA-3 146
Origin Authentication (3.10.5) 147
HMAC Hashing Algorithm 147
Creating the HMAC Value 148
Verifying the HMAC Value 149
Cisco Router HMAC Example 149
Data Confidentiality (3.10.6) 150
Symmetric Encryption (3.10.7) 151
Asymmetric Encryption (3.10.8) 152
Diffie-Hellman (3.10.9) 155
Summary (3.11) 157
Current State of Cybersecurity 157
Threat Actors 157
Threat Actor Tools 157
Malware 157
Common Network Attacks 158
IP Vulnerabilities and Threats 158
TCP and UDP Vulnerabilities 158
IP Services 158
Network Security Best Practices 159
Cryptography 159
Practice 159
Check Your Understanding 160
Chapter 4 ACL Concepts 163
Objectives 163
Key Terms 163
Introduction (4.0) 164
Purpose of ACLs (4.1) 164
What Is an ACL? (4.1.1) 164
Packet Filtering (4.1.2) 165
ACL Operation (4.1.3) 166
Wildcard Masks in ACLs (4.2) 168
Wildcard Mask Overview (4.2.1) 168
Wildcard Mask Types (4.2.2) 169
Wildcard to Match a Host 169
Wildcard Mask to Match an IPv4 Subnet 169
Wildcard Mask to Match an IPv4 Address Range 170
Wildcard Mask Calculation (4.2.3) 170
Example 1 171
Example 2 171
Example 3 171
Example 4 172
Wildcard Mask Keywords (4.2.4) 172
Guidelines for ACL Creation (4.3) 173
Limited Number of ACLs per Interface (4.3.1) 173
ACL Best Practices (4.3.2) 174
Types of IPv4 ACLs (4.4) 175
Standard and Extended ACLs (4.4.1) 175
Numbered and Named ACLs (4.4.2) 176
Numbered ACLs 176
Named ACLs 177
Where to Place ACLs (4.4.3) 177
Standard ACL Placement Example (4.4.4) 179
Extended ACL Placement Example (4.4.5) 180
Summary (4.5) 182
Purpose of ACLs 182
Wildcard Masks 182
Guidelines for ACL Creation 183
Types of IPv4 ACLs 183
Practice 184
Check Your Understanding Questions 184
Chapter 5 ACLs for IPv4 Configuration 187
Objectives 187
Key Term 187
Introduction (5.0) 188
Configure Standard IPv4 ACLs (5.1) 188
Create an ACL (5.1.1) 188
Numbered Standard IPv4 ACL Syntax (5.1.2) 188
Named Standard IPv4 ACL Syntax (5.1.3) 189
Apply a Standard IPv4 ACL (5.1.4) 190
Numbered Standard IPv4 ACL Example (5.1.5) 191
Named Standard IPv4 ACL Example (5.1.6) 193
Modify IPv4 ACLs (5.2) 195
Two Methods to Modify an ACL (5.2.1) 196
Text Editor Method (5.2.2) 196
Sequence Numbers Method (5.2.3) 197
Modify a Named ACL Example (5.2.4) 198
ACL Statistics (5.2.5) 199
Secure VTY Ports with a Standard IPv4 ACL (5.3) 200
The access-class Command (5.3.1) 200
Secure VTY Access Example (5.3.2) 200
Verify the VTY Port Is Secured (5.3.3) 202
Configure Extended IPv4 ACLs (5.4) 203
Extended ACLs (5.4.1) 203
Numbered Extended IPv4 ACL Syntax (5.4.2) 204
Protocols and Ports (5.4.3) 206
Protocol Options 206
Port Keyword Options 207
Protocols and Port Numbers Configuration Examples (5.4.4) 208
Apply a Numbered Extended IPv4 ACL (5.4.5) 209
TCP Established Extended ACL (5.4.6) 210
Named Extended IPv4 ACL Syntax (5.4.7) 212
Named Extended IPv4 ACL Example (5.4.8) 212
Edit Extended ACLs (5.4.9) 213
Another Named Extended IPv4 ACL Example (5.4.10) 214
Verify Extended ACLs (5.4.11) 216
show ip interface 216
show access-lists 217
show running-config 218
Summary (5.5) 219
Configure Standard IPv4 ACLs 219
Modify IPv4 ACLs 219
Secure VTY Ports with a Standard IPv4 ACL 220
Configure Extended IPv4 ACLs 220
Practice 221
Check Your Understanding Questions 222
Chapter 6 NAT for IPv4 225
Objectives 225
Key Terms 225
Introduction (6.0) 226
NAT Characteristics (6.1) 226
IPv4 Private Address Space (6.1.1) 226
What Is NAT? (6.1.2) 227
How NAT Works (6.1.3) 228
NAT Terminology (6.1.4) 229
Inside Local 230
Inside Global 230
Outside Global 231
Outside Local 231
Types of NAT (6.2) 231
Static NAT (6.2.1) 231
Dynamic NAT (6.2.2) 232
Port Address Translation (6.2.3) 233
Next Available Port (6.2.4) 235
NAT and PAT Comparison (6.2.5) 236
NAT 236
PAT 237
Packets Without a Layer 4 Segment (6.2.6) 237
NAT Advantages and Disadvantages (6.3) 238
Advantages of NAT (6.3.1) 238
Disadvantages of NAT (6.3.2) 238
Static NAT (6.4) 239
Static NAT Scenario (6.4.1) 240
Configure Static NAT (6.4.2) 240
Analyze Static NAT (6.4.3) 241
Verify Static NAT (6.4.4) 242
Dynamic NAT (6.5) 244
Dynamic NAT Scenario (6.5.1) 244
Configure Dynamic NAT (6.5.2) 245
Analyze Dynamic NAT—Inside to Outside (6.5.3) 247
Analyze Dynamic NAT—Outside to Inside (6.5.4) 248
Verify Dynamic NAT (6.5.5) 249
PAT (6.6) 251
PAT Scenario (6.6.1) 251
Configure PAT to Use a Single IPv4 Address (6.6.2) 252
Configure PAT to Use an Address Pool (6.6.3) 253
Analyze PAT—PC to Server (6.6.4) 254
Analyze PAT—Server to PC (6.6.5) 255
Verify PAT (6.6.6) 256
NAT64 (6.7) 258
NAT for IPv6? (6.7.1) 258
NAT64 (6.7.2) 258
Summary (6.8) 260
NAT Characteristics 260
Types of NAT 260
NAT Advantages and Disadvantages 261
Static NAT 261
Dynamic NAT 262
PAT 262
NAT64 263
Practice 264
Check Your Understanding Questions 264
Chapter 7 WAN Concepts 269
Objectives 269
Key Terms 269
Introduction (7.0) 272
Purpose of WANs (7.1) 272
LANs and WANs (7.1.1) 272
Private and Public WANs (7.1.2) 273
WAN Topologies (7.1.3) 274
Point-to-Point Topology 274
Hub-and-Spoke Topology 275
Dual-homed Topology 276
Fully Meshed Topology 276
Partially Meshed Topology 277
Carrier Connections (7.1.4) 278
Single-Carrier WAN Connection 278
Dual-Carrier WAN Connection 278
Evolving Networks (7.1.5) 279
Small Network 279
Campus Network 280
Branch Network 281
Distributed Network 282
WAN Operations (7.2) 283
WAN Standards (7.2.1) 283
WANs in the OSI Model (7.2.2) 284
Layer 1 Protocols 284
Layer 2 Protocols 284
Common WAN Terminology (7.2.3) 285
WAN Devices (7.2.4) 287
Serial Communication (7.2.5) 289
Circuit-Switched Communication (7.2.6) 290
Packet-Switched Communications (7.2.7) 290
SDH, SONET, and DWDM (7.2.8) 291
Traditional WAN Connectivity (7.3) 292
Traditional WAN Connectivity Options (7.3.1) 293
Common WAN Terminology (7.3.2) 293
Circuit-Switched Options (7.3.3) 295
Public Service Telephone Network (PSTN) 295
Integrated Services Digital Network (ISDN) 295
Packet-Switched Options (7.3.4) 295
Frame Relay 295
Asynchronous Transfer Mode (ATM) 296
Modern WAN Connectivity (7.4) 296
Modern WANs (7.4.1) 296
Modern WAN Connectivity Options (7.4.2) 297
Dedicated Broadband 297
Packet-Switched 298
Internet-Based Broadband 298
Ethernet WAN (7.4.3) 298
MPLS (7.4.4) 300
Internet-Based Connectivity (7.5) 301
Internet-Based Connectivity Options (7.5.1) 301
Wired Options 302
Wireless Options 302
DSL Technology (7.5.2) 302
DSL Connections (7.5.3) 303
DSL and PPP (7.5.4) 303
Host with PPPoE Client 304
Router PPPoE Client 304
Cable Technology (7.5.5) 305
Optical Fiber (7.5.6) 305
Wireless Internet-Based Broadband (7.5.7) 306
Municipal Wi-Fi 306
Cellular 306
Satellite Internet 307
WiMAX 307
VPN Technology (7.5.8) 308
ISP Connectivity Options (7.5.9) 309
Single-Homed 309
Dual-Homed 309
Multihomed 309
Dual-Multihomed 310
Broadband Solution Comparison (7.5.10) 311
Summary (7.6) 312
Purpose of WANs 312
WAN Operations 312
Traditional WAN Connectivity 313
Modern WAN Connectivity 314
Internet-Based Connectivity 314
Practice 315
Check Your Understanding Questions 316
Chapter 8 VPN and IPsec Concepts 319
Objectives 319
Key Terms 319
Introduction (8.0) 321
VPN Technology (8.1) 321
Virtual Private Networks (8.1.1) 321
VPN Benefits (8.1.2) 322
Site-to-Site and Remote-Access VPNs (8.1.3) 323
Site-to-Site VPN 323
Remote-Access VPN 324
Enterprise and Service Provider VPNs (8.1.4) 324
Types of VPNs (8.2) 325
Remote-Access VPNs (8.2.1) 325
SSL VPNs (8.2.2) 326
Site-to-Site IPsec VPNs (8.2.3) 327
GRE over IPsec (8.2.4) 328
Dynamic Multipoint VPNs (8.2.5) 330
IPsec Virtual Tunnel Interface (8.2.6) 331
Service Provider MPLS VPNs (8.2.7) 332
IPsec (8.3) 333
IPsec Technologies (8.3.2) 333
IPsec Protocol Encapsulation (8.3.3) 336
Confidentiality (8.3.4) 336
Integrity (8.3.5) 338
Authentication (8.3.6) 339
Secure Key Exchange with Diffie-Hellman (8.3.7) 342
Summary (8.4) 344
VPN Technology 344
Types of VPNs 344
IPsec 344
Practice 345
Check Your Understanding Questions 345
Chapter 9 QoS Concepts 351
Objectives 351
Key Terms 351
Introduction (9.0) 353
Network Transmission Quality (9.1) 353
Prioritizing Traffic (9.1.2) 353
Bandwidth, Congestion, Delay, and Jitter (9.1.3) 354
Packet Loss (9.1.4) 355
Traffic Characteristics (9.2) 357
Network Traffic Trends (9.2.2) 357
Voice (9.2.3) 358
Video (9.2.4) 358
Data (9.2.5) 360
Queuing Algorithms (9.3) 361
Queuing Overview (9.3.2) 361
First-In, First Out (9.3.3) 362
Weighted Fair Queuing (WFQ) (9.3.4) 362
Limitations of WFQ 363
Class-Based Weighted Fair Queuing (CBWFQ) (9.3.5) 364
Low Latency Queuing (LLQ) (9.3.6) 365
QoS Models (9.4) 366
Selecting an Appropriate QoS Policy Model (9.4.2) 366
Best Effort (9.4.3) 366
Integrated Services (9.4.4) 367
Differentiated Services (9.4.5) 369
QoS Implementation Techniques (9.5) 370
Avoiding Packet Loss (9.5.2) 371
QoS Tools (9.5.3) 371
Classification and Marking (9.5.4) 372
Marking at Layer 2 (9.5.5) 373
Marking at Layer 3 (9.5.6) 374
Type of Service and Traffic Class Field (9.5.7) 375
DSCP Values (9.5.8) 376
Class Selector Bits (9.5.9) 377
Trust Boundaries (9.5.10) 378
Congestion Avoidance (9.5.11) 379
Shaping and Policing (9.5.12) 380
QoS Policy Guidelines (9.5.13) 381
Summary (9.6) 382
Network Transmission Quality 382
Traffic Characteristics 382
Queuing Algorithms 383
QoS Models 383
QoS Implementation Techniques 384
Practice 385
Check Your Understanding Questions 385
Chapter 10 Network Management 389
Objectives 389
Key Terms 389
Introduction (10.0) 390
Device Discovery with CDP (10.1) 390
CDP Overview (10.1.1) 390
Configure and Verify CDP (10.1.2) 391
Discover Devices by Using CDP (10.1.3) 393
Device Discovery with LLDP (10.2) 396
LLDP Overview (10.2.1) 396
Configure and Verify LLDP (10.2.2) 397
Discover Devices by Using LLDP (10.2.3) 397
NTP (10.3) 400
Time and Calendar Services (10.3.1) 400
NTP Operation (10.3.2) 401
Stratum 0 402
Stratum 1 402
Stratum 2 and Lower 402
Configure and Verify NTP (10.3.3) 402
SNMP 405
Introduction to SNMP (10.4.1) 405
SNMP Operation (10.4.2) 406
SNMP Agent Traps (10.4.3) 408
SNMP Versions (10.4.4) 409
Community Strings (10.4.6) 412
MIB Object ID (10.4.7) 415
SNMP Polling Scenario (10.4.8) 415
SNMP Object Navigator (10.4.9) 417
Syslog (10.5) 418
Introduction to Syslog (10.5.1) 418
Syslog Operation (10.5.2) 420
Syslog Message Format (10.5.3) 421
Syslog Facilities (10.5.4) 422
Configure Syslog Timestamp (10.5.5) 422
Router and Switch File Maintenance (10.6) 423
Router File Systems (10.6.1) 424
The Flash File System 425
The NVRAM File System 425
Switch File Systems (10.6.2) 426
Use a Text File to Back Up a Configuration (10.6.3) 427
Use a Text File to Restore a Configuration (10.6.4) 428
Use TFTP to Back Up and Restore a Configuration (10.6.5) 428
USB Ports on a Cisco Router (10.6.6) 430
Use USB to Back Up and Restore a Configuration (10.6.7) 430
Restore Configurations with a USB Flash Drive 432
Password Recovery Procedures (10.6.8) 433
Password Recovery Example (10.6.9) 433
Step 1. Enter the ROMMON mode 433
Step 2. Change the configuration register 434
Step 3. Copy the startup-config to the running-config 434
Step 4. Change the password 435
Step 5. Save the running-config as the new startup-config 435
Step 6. Reload the device 435
IOS Image Management 437
TFTP Servers as a Backup Location (10.7.2) 437
Backup IOS Image to TFTP Server Example (10.7.3) 438
Step 1. Ping the TFTP server 438
Step 2. Verify image size in flash 439
Step 3. Copy the image to the TFTP server 439
Copy an IOS Image to a Device Example (10.7.4) 439
Step 1. Ping the TFTP server 440
Step 2. Verify the amount of free flash 440
Step 3. Copy the new IOS image to flash 441
The boot system Command (10.7.5) 441
Summary (10.8) 443
Device Discovery with CDP 443
Device Discovery with LLDP 443
NTP 443
SNMP 444
Syslog 444
Router and Switch File Maintenance 445
IOS Image Management 446
Practice 446
Check Your Understanding Questions 447
Chapter 11 Network Design 453
Objectives 453
Key Terms 453
Introduction (11.0) 455
Hierarchical Networks (11.1) 455
The Need to Scale the Network (11.1.2) 455
Borderless Switched Networks (11.1.3) 458
Hierarchy in the Borderless Switched Network (11.1.4) 459
Three-Tier Model 460
Two-Tier Model 461
Access, Distribution, and Core Layer Functions (11.1.5) 462
Access Layer 462
Distribution Layer 462
Core Layer 462
Three-Tier and Two-Tier Examples (11.1.6) 462
Three-Tier Example 463
Two-Tier Example 464
Role of Switched Networks (11.1.7) 464
Scalable Networks (11.2) 465
Design for Scalability (11.2.1) 465
Redundant Links 466
Multiple Links 466
Scalable Routing Protocol 467
Wireless Connectivity 468
Plan for Redundancy (11.2.2) 469
Reduce Failure Domain Size (11.2.3) 470
Edge Router 470
AP1 471
S1 472
S2 472
S3 473
Limiting the Size of Failure Domains 474
Switch Block Deployment 474
Increase Bandwidth (11.2.4) 474
Expand the Access Layer (11.2.5) 475
Tune Routing Protocols (11.2.6) 476
Switch Hardware (11.3) 477
Switch Platforms (11.3.1) 477
Campus LAN Switches 477
Cloud-Managed Switches 478
Data Center Switches 478
Service Provider Switches 479
Virtual Networking 479
Switch Form Factors (11.3.2) 479
Fixed Configuration Switches 480
Modular Configuration Switches 480
Stackable Configuration Switches 481
Thickness 481
Port Density (11.3.3) 482
Forwarding Rates (11.3.4) 483
Power over Ethernet (11.3.5) 484
Switch 484
IP Phone 484
WAP 485
Cisco Catalyst 2960-C 485
Multilayer Switching (11.3.6) 485
Business Considerations for Switch Selection (11.3.7) 486
Router Hardware (11.4) 487
Router Requirements (11.4.1) 487
Cisco Routers (11.4.2) 488
Branch Routers 488
Network Edge Routers 488
Service Provider Routers 489
Industrial 490
Router Form Factors (11.4.3) 490
Cisco 900 Series 490
ASR 9000 and 1000 Series 490
5500 Series 491
Cisco 800 492
Fixed Configuration or Modular 492
Summary (11.5) 493
Hierarchical Networks 493
Scalable Networks 493
Switch Hardware 494
Router Hardware 494
Practice 495
Check Your Understanding Questions 496
Chapter 12 Network Troubleshooting 501
Objectives 501
Key Terms 501
Introduction (12.0) 502
Network Documentation (12.1) 502
Documentation Overview (12.1.1) 502
Network Topology Diagrams (12.1.2) 503
Physical Topology 503
Logical IPv4 Topology 504
Logical IPv6 Topology 505
Network Device Documentation (12.1.3) 505
Router Device Documentation 505
LAN Switch Device Documentation 506
End-System Documentation Files 506
Establish a Network Baseline (12.1.4) 507
Step 1—Determine What Types of Data to Collect (12.1.5) 508
Step 2—Identify Devices and Ports of Interest (12.1.6) 508
Step 3—Determine the Baseline Duration (12.1.7) 509
Data Measurement (12.1.8) 510
Troubleshooting Process (12.2) 512
General Troubleshooting Procedures (12.2.1) 512
Seven-Step Troubleshooting Process (12.2.2) 513
Define the Problem 514
Gather Information 514
Analyze Information 514
Eliminate Possible Causes 514
Propose Hypothesis 514
Test Hypothesis 515
Solve the Problem 515
Question End Users (12.2.3) 515
Gather Information (12.2.4) 516
Troubleshooting with Layered Models (12.2.5) 517
Structured Troubleshooting Methods (12.2.6) 518
Bottom-Up 518
Top-Down 519
Divide-and-Conquer 520
Follow-the-Path 521
Substitution 522
Comparison 522
Educated Guess 522
Guidelines for Selecting a Troubleshooting Method (12.2.7) 523
Troubleshooting Tools (12.3) 524
Software Troubleshooting Tools (12.3.1) 524
Network Management System Tools 524
Knowledge Bases 524
Baselining Tools 524
Protocol Analyzers (12.3.2) 525
Hardware Troubleshooting Tools (12.3.3) 525
Digital Multimeters 525
Cable Testers 526
Cable Analyzers 527
Portable Network Analyzers 528
Cisco Prime NAM 528
Syslog Server as a Troubleshooting Tool (12.3.4) 529
Symptoms and Causes of Network Problems (12.4) 531
Physical Layer Troubleshooting (12.4.1) 531
Data Link Layer Troubleshooting (12.4.2) 534
Network Layer Troubleshooting (12.4.3) 537
Transport Layer Troubleshooting—ACLs (12.4.4) 539
Transport Layer Troubleshooting—NAT for IPv4 (12.4.5) 542
Application Layer Troubleshooting (12.4.6) 543
Troubleshooting IP Connectivity (12.5) 545
Components of Troubleshooting End-to-End Connectivity (12.5.1) 545
End-to-End Connectivity Problem Initiates Troubleshooting (12.5.2) 547
IPv4 ping 547
IPv4 traceroute 548
IPv6 ping and traceroute 548
Step 1—Verify the Physical Layer (12.5.3) 549
Input Queue Drops 550
Output Queue Drops 550
Input Errors 551
Output Errors 551
Step 2—Check for Duplex Mismatches (12.5.4) 551
Troubleshooting Example 552
Step 3—Verify Addressing on the Local Network (12.5.5) 553
Windows IPv4 ARP Table 553
Windows IPv6 Neighbor Table 554
IOS IPv6 Neighbor Table 555
Switch MAC Address Table 555
Troubleshoot VLAN Assignment Example (12.5.6) 556
Check the ARP Table 557
Check the Switch MAC Table 557
Correct the VLAN Assignment 557
Step 4—Verify Default Gateway (12.5.7) 558
Troubleshooting IPv4 Default Gateway Example 559
R1 Routing Table 559
PC1 Routing Table 559
Troubleshoot IPv6 Default Gateway Example (12.5.8) 560
R1 Routing Table 560
PC1 Addressing 560
Check R1 Interface Settings 561
Correct R1 IPv6 Routing 561
Verify PC1 Has an IPv6 Default Gateway 562
Step 5—Verify Correct Path (12.5.9) 562
Troubleshooting Example 566
Step 6—Verify the Transport Layer (12.5.10) 566
Troubleshooting Example 566
Step 7—Verify ACLs (12.5.11) 568
Troubleshooting Example 568
show ip access-lists 569
show ip interfaces 569
Correct the Issue 570
Step 8—Verify DNS (12.5.12) 570
Summary (12.6) 572
Network Documentation 572
Troubleshooting Process 572
Troubleshooting Tools 573
Symptoms and Causes of Network Problems 573
Troubleshooting IP Connectivity 574
Practice 577
Check Your Understanding Questions 577
Chapter 13 Network Virtualization 581
Objectives 581
Key Terms 581
Introduction (13.0) 583
Cloud Computing (13.1) 583
Cloud Overview (13.1.2) 583
Cloud Services (13.1.3) 584
Cloud Models (13.1.4) 584
Cloud Computing Versus Data Center (13.1.5) 585
Virtualization (13.2) 585
Cloud Computing and Virtualization (13.2.1) 585
Dedicated Servers (13.2.2) 586
Server Virtualization (13.2.3) 587
Advantages of Virtualization (13.2.4) 589
Abstraction Layers (13.2.5) 589
Type 2 Hypervisors (13.2.6) 591
Virtual Network Infrastructure (13.3) 592
Type 1 Hypervisors (13.3.1) 592
Installing a VM on a Hypervisor (13.3.2) 592
The Complexity of Network Virtualization (13.3.3) 594
Software-Defined Networking (13.4) 595
Control Plane and Data Plane (13.4.2) 595
Layer 3 Switch and CEF 596
SDN and Central Controller 597
Management Plane 598
Network Virtualization Technologies (13.4.3) 598
Traditional and SDN Architectures (13.4.4) 599
Controllers (13.5) 600
SDN Controller and Operations (13.5.1) 600
Core Components of ACI (13.5.3) 602
Spine-Leaf Topology (13.5.4) 603
SDN Types (13.5.5) 604
Device-Based SDN 604
Controller-Based SDN 605
Policy-Based SDN 605
APIC-EM Features (13.5.6) 606
APIC-EM Path Trace (13.5.7) 606
Summary (13.6) 609
Cloud Computing 609
Virtualization 609
Virtual Network Infrastructure 610
Software-Defined Networking 610
Controllers 611
Practice 612
Check Your Understanding Questions 613
Chapter 14 Network Automation 617
Objectives 617
Key Terms 617
Introduction (14.0) 619
Automation Overview (14.1) 619
The Increase in Automation (14.1.2) 619
Thinking Devices (14.1.3) 620
Data Formats (14.2) 620
The Data Formats Concept (14.2.2) 620
Data Format Rules (14.2.3) 622
Compare Data Formats (14.2.4) 623
JSON Data Format (14.2.5) 624
JSON Syntax Rules (14.2.6) 624
YAML Data Format (14.2.7) 626
XML Data Format (14.2.8) 627
APIs (14.3) 628
The API Concept (14.3.2) 628
An API Example (14.3.3) 629
Open, Internal, and Partner APIs (14.3.4) 631
Types of Web Service APIs (14.3.5) 632
REST (14.4) 633
REST and RESTful API (14.4.2) 633
RESTful Implementation (14.4.3) 634
URI, URN, and URL (14.4.4) 635
Anatomy of a RESTful Request (14.4.5) 636
RESTful API Applications (14.4.6) 638
Developer Website 638
Postman 638
Python 638
Network Operating Systems 638
Configuration Management Tools (14.5) 639
Traditional Network Configuration (14.5.2) 639
Network Automation (14.5.3) 641
Configuration Management Tools (14.5.4) 642
Compare Ansible, Chef, Puppet, and SaltStack (14.5.5) 642
IBN and Cisco DNA Center (14.6) 644
Intent-Based Networking Overview (14.6.2) 644
Network Infrastructure as Fabric (14.6.3) 644
Cisco Digital Network Architecture (DNA) (14.6.4) 647
Cisco DNA Center (14.6.5) 648
Summary (14.7) 651
Automation Overview 651
Data Formats 651
APIs 651
REST 651
Configuration and Management 652
IBN and Cisco DNA Center 652
Practice 652
Check Your Understanding Questions 653
Appendix A Answers to the “Check Your Understanding” Questions 657
Glossary 677
9780136634324 TOC 6/5/2020