Part I IP Access Control Lists
Chapter 1 Introduction to TCP/IP Transport and Applications
“Do I Know This Already?” Quiz
TCP/IP Layer 4 Protocols: TCP and UDP
Multiplexing Using TCP Port Numbers
Connection Establishment and Termination
Error Recovery and Reliability
Finding the Web Server Using DNS
How the Receiving Host Identifies the Correct Receiving Application
Chapter 2 Basic IPv4 Access Control Lists
“Do I Know This Already?” Quiz
IPv4 Access Control List Basics
Taking Action When a Match Occurs
Matching Logic and Command Syntax
Matching a Subset of the Address with Wildcards
Finding the Right Wildcard Mask to Match a Subnet
Standard Numbered ACL Example 1
Standard Numbered ACL Example 2
Troubleshooting and Verification Tips
Practice Applying Standard IP ACLs
Practice Building access-list Commands
Reverse Engineering from ACL to Address Range
Chapter 3 Advanced IPv4 Access Control Lists
“Do I Know This Already?” Quiz
Extended Numbered IP Access Control Lists
Matching the Protocol, Source IP, and Destination IP
Matching TCP and UDP Port Numbers
Extended IP Access Lists: Example 1
Extended IP Access Lists: Example 2
Practice Building access-list Commands
Editing ACLs Using Sequence Numbers
Numbered ACL Configuration Versus Named ACL Configuration
ACL Implementation Considerations
Chapter 4 Security Architectures
“Do I Know This Already?” Quiz
Reflection and Amplification Attacks
Address Spoofing Attack Summary
Controlling and Monitoring User Access
Developing a Security Program to Educate Users
Chapter 5 Securing Network Devices
“Do I Know This Already?” Quiz
Encrypting Older IOS Passwords with service password-encryption
Encoding the Enable Passwords with Hashes
Interactions Between Enable Password and Enable Secret
Making the Enable Secret Truly Secret with a Hash
Improved Hashes for Cisco’s Enable Secret
Encoding the Passwords for Local Usernames
Controlling Password Attacks with ACLs
Firewalls and Intrusion Prevention Systems
Intrusion Prevention Systems (IPS)
Cisco Next-Generation Firewalls
Chapter 6 Implementing Switch Port Security
“Do I Know This Already?” Quiz
Port Security Concepts and Configuration
Port Security Protect and Restrict Modes
“Do I Know This Already?” Quiz
Dynamic Host Configuration Protocol
Supporting DHCP for Remote Subnets with DHCP Relay
Information Stored at the DHCP Server
Configuring DHCP Features on Routers and Switches
Configuring a Switch as DHCP Client
Configuring a Router as DHCP Client
Identifying Host IPv4 Settings
Chapter 8 DHCP Snooping and ARP Inspection
“Do I Know This Already?” Quiz
A Sample Attack: A Spurious DHCP Server
Filtering DISCOVER Messages Based on MAC Address
Filtering Messages that Release IP Addresses
Configuring DHCP Snooping on a Layer 2 Switch
DHCP Snooping Configuration Summary
Gratuitous ARP as an Attack Vector
Dynamic ARP Inspection Configuration
Configuring ARP Inspection on a Layer 2 Switch
Configuring Optional DAI Message Checks
IP ARP Inspection Configuration Summary
Chapter 9 Device Management Protocols
“Do I Know This Already?” Quiz
System Message Logging (Syslog)
Sending Messages in Real Time to Current Users
Storing Log Messages for Later Review
Configuring and Verifying System Logging
The debug Command and Log Messages
NTP Reference Clock and Stratum
NTP Using a Loopback Interface for Better Availability
Analyzing Topology Using CDP and LLDP
Examining Information Learned by CDP
Examining Information Learned by LLDP
Configuring and Verifying LLDP
Chapter 10 Network Address Translation
“Do I Know This Already?” Quiz
Perspectives on IPv4 Address Scalability
Network Address Translation Concepts
Overloading NAT with Port Address Translation
NAT Configuration and Troubleshooting
NAT Overload (PAT) Configuration
Chapter 11 Quality of Service (QoS)
“Do I Know This Already?” Quiz
QoS: Managing Bandwidth, Delay, Jitter, and Loss
Matching (Classification) Basics
Classification on Routers with ACLs and NBAR
Marking IP DSCP and Ethernet CoS
Marking the Ethernet 802.1Q Header
DiffServ Suggested Marking Values
Guidelines for DSCP Marking Values
Round-Robin Scheduling (Prioritization)
A Prioritization Strategy for Data, Voice, and Video
Setting a Good Shaping Time Interval for Voice and Video
Chapter 12 Miscellaneous IP Services
“Do I Know This Already?” Quiz
The Need for Redundancy in Networks
The Need for a First Hop Redundancy Protocol
The Three Solutions for First-Hop Redundancy
Simple Network Management Protocol
SNMP Variable Reading and Writing: SNMP Get and Set
SNMP Notifications: Traps and Informs
The Management Information Base
Managing Cisco IOS Images with FTP/TFTP
Copying a New IOS Image to a Local IOS File System Using TFTP
Verifying IOS Code Integrity with MD5
“Do I Know This Already?” Quiz
Analyzing Campus LAN Topologies
Two-Tier Campus Design (Collapsed Core)
Topology Terminology Seen Within a Two-Tier Design
Three-Tier Campus Design (Core)
“Do I Know This Already?” Quiz
Metro Ethernet Physical Design and Topology
Ethernet WAN Services and Topologies
Ethernet Line Service (Point-to-Point)
Ethernet LAN Service (Full Mesh)
Ethernet Tree Service (Hub and Spoke)
Layer 3 Design Using Metro Ethernet
Layer 3 Design with E-Line Service
Layer 3 Design with E-LAN Service
Multiprotocol Label Switching (MPLS)
MPLS VPN Physical Design and Topology
Wireless WAN (3G, 4G, LTE, 5G)
Fiber (Ethernet) Internet Access
“Do I Know This Already?” Quiz
Networking with Virtual Switches on a Virtualized Host
The Physical Data Center Network
Workflow with a Virtualized Data Center
Cloud and the “As a Service” Model
(Development) Platform as a Service
WAN Traffic Paths to Reach Cloud Services
Enterprise WAN Connections to Public Cloud
Accessing Public Cloud Services Using the Internet
Pros and Cons with Connecting to Public Cloud with Internet
Private WAN and Internet VPN Access to Public Cloud
Pros and Cons of Connecting to Cloud with Private WANs
Summarizing the Pros and Cons of Public Cloud WAN Options
A Scenario: Branch Offices and the Public Cloud
Migrating Traffic Flows When Migrating to Email SaaS
Branch Offices with Internet and Private WAN
Chapter 16 Introduction to Controller-Based Networking
“Do I Know This Already?” Quiz
SDN and Controller-Based Networks
The Data, Control, and Management Planes
Cisco Switch Data Plane Internals
Controllers and Software-Defined Architecture
Controllers and Centralized Control
Software Defined Architecture Summary
Examples of Network Programmability and SDN
The Cisco Open SDN Controller (OSC)
Cisco Application Centric Infrastructure (ACI)
ACI Physical Design: Spine and Leaf
ACI Operating Model with Intent-Based Networking
Comparing Traditional Versus Controller-Based Networks
How Automation Impacts Network Management
Comparing Traditional Networks with Controller-Based Networks
Chapter 17 Cisco Software-Defined Access (SDA)
“Do I Know This Already?” Quiz
SDA Fabric, Underlay, and Overlay
Using Existing Gear for the SDA Underlay
Using New Gear for the SDA Underlay
VXLAN Tunnels in the Overlay (Data Plane)
LISP for Overlay Discovery and Location (Control Plane)
Cisco DNA Center and Scalable Groups
Issues with Traditional IP-Based Security
SDA Security Based on User Groups
DNA Center as a Network Management Platform
DNA Center Similarities to Traditional Management
DNA Center Differences with Traditional Management
Chapter 18 Understanding REST and JSON
“Do I Know This Already?” Quiz
Background: Data and Variables
Software CRUD Actions and HTTP Verbs
Using URIs with HTTP to Specify the Resource
Example of REST API Call to DNA Center
The Need for a Data Model with APIs
Interpreting JSON Key:Value Pairs
Interpreting JSON Objects and Arrays
Chapter 19 Understanding Ansible, Puppet, and Chef
“Do I Know This Already?” Quiz
Device Configuration Challenges and Solutions
Centralized Configuration Files and Version Control
Configuration Monitoring and Enforcement
Configuration Templates and Variables
Files That Control Configuration Automation
Ansible, Puppet, and Chef Basics
Summary of Configuration Management Tools
Exam Event: Learn About Question Types
Exam Event: Think About Your Time Budget
Exam Event: A Sample Time-Check Method
Exam Event: 24 Hours Before the Exam
Exam Event: The Last 30 Minutes
Exam Event: Reserve the Hour After the Exam
Exam Review: Take Practice Exams
Exam Review: Advice on How to Answer Exam Questions
Exam Review: Additional Exams with the Premium Edition
Exam Review: Find Knowledge Gaps
Exam Review: Practice Hands-On CLI Skills
CCNA Exam Topics with CLI Skill Requirements
Exam Review: Self-Assessment Pitfalls
Exam Review: Adjustments for Your Second Attempt
Exam Review: Other Study Tasks
Appendix A Numeric Reference Tables
Appendix B CCNA 200-301, Volume 2 Exam Updates
Appendix C Answers to the “Do I Know This Already?” Quizzes
Appendix D Topics from Previous Editions
Appendix E Practice for Chapter 2: Basic IPv4 Access Control Lists
Appendix F Previous Edition ICND1 Chapter 35: Managing IOS Files