Enterprise Networking, Security, and Automation Course Booklet (CCNAv7)

Read more

List of contents

Introduction xxx
Chapter 1 Single-Area OSPFv2 Concepts 1
Introduction - 1.0 1
    Why should I take this module? - 1.0.1 1
    What will I learn to do in this module? - 1.0.2 1
OSPF Features and Characteristics - 1.1 1
    Introduction to OSPF - 1.1.1 1
    Components of OSPF - 1.1.2 2
    Link-State Operation - 1.1.3 3
    Single-Area and Multiarea OSPF - 1.1.4 4
    Multiarea OSPF - 1.1.5 4
    OSPFv3 - 1.1.6 5
    Check Your Understanding - OSPF Features and Characteristics - 1.1.7 6
OSPF Packets - 1.2 6
    Video - OSPF Packets - 1.2.1 6
    Types of OSPF Packets - 1.2.2 6
    Link-State Updates - 1.2.3 7
    Hello Packet - 1.2.4 7
    Check Your Understanding - OSPF Packets - 1.2.5 7
OSPF Operation - 1.3 7
    Video - OSPF Operation - 1.3.1 7
    OSPF Operational States - 1.3.2 7
    Establish Neighbor Adjacencies - 1.3.3 8
    Synchronizing OSPF Databases - 1.3.4 9
    The Need for a DR - 1.3.5 10
    LSA Flooding With a DR - 1.3.6 11
    Check Your Understanding - OPSF Operation - 1.3.7 11
Module Practice and Quiz - 1.4 11
    What did I learn in this module? - 1.4.1 11
Chapter Quiz - Single-Area OSPFv2 Concepts 14
Your Chapter Notes 14
Chapter 2 Single-Area OSPFv2 Configuration 15
Introduction - 2.0 15
    Why should I take this module? - 2.0.1 15
    What will I learn to do in this module? - 2.0.2 15
OSPF Router ID - 2.1 15
    OSPF Reference Topology - 2.1.1 15
    Router Configuration Mode for OSPF - 2.1.2 16
    Router IDs - 2.1.3 16
    Router ID Order of Precedence - 2.1.4 17
    Configure a Loopback Interface as the Router ID - 2.1.5 17
    Explicitly Configure a Router ID - 2.1.6 18
    Modify a Router ID - 2.1.7 18
    Syntax Checker - Configure R2 and R3 Router IDs - 2.1.8 19
    Check Your Understanding - OSPF Router ID - 2.1.9 19
Point-to-Point OSPF Networks - 2.2 20
    The network Command Syntax - 2.2.1 20
    The Wildcard Mask - 2.2.2 20
    Check Your Understanding - The Wildcard Masks - 2.2.3 20
    Configure OSPF Using the network Command - 2.2.4 20
    Syntax Checker - Configure R2 and R3 Using the network Command - 2.2.5 21
    Configure OSPF Using the ip ospf Command - 2.2.6 21
    Syntax Checker - Configure R2 and R3 Using the ip ospf Command - 2.2.7 22
    Passive Interface - 2.2.8 22
    Configure Passive Interfaces - 2.2.9 23
    Syntax Checker - Configure R2 and R3 Passive Interfaces - 2.2.10 24
    OSPF Point-to-Point Networks - 2.2.11 24
    Loopbacks and Point-to-Point Networks - 2.2.12 26
    Packet Tracer - Point-to-Point Single-Area OSPFv2 Configuration - 2.2.13 26
Multiaccess OSPF Networks - 2.3 27
    OSPF Network Types - 2.3.1 27
    OSPF Designated Router - 2.3.2 27
    OSPF Multiaccess Reference Topology - 2.3.3 27
    Verify OSPF Router Roles - 2.3.4 28
    Verify DR/BDR Adjacencies - 2.3.5 30
    Default DR/BDR Election Process - 2.3.6 32
    DR Failure and Recovery - 2.3.7 33
    The ip ospf priority Command - 2.3.8 33
    Configure OSPF Priority - 2.3.9 34
    Syntax Checker - Configure OSPF Priority - 2.3.10 35
    Packet Tracer - Determine the DR and BDR - 2.3.11 35
Modify Single-Area OSPFv2 - 2.4 36
    Cisco OSPF Cost Metric - 2.4.1 36
    Adjust the Reference Bandwidth - 2.4.2 36
    OSPF Accumulates Costs - 2.4.3 38
    Manually Set OSPF Cost Value - 2.4.4 38
    Test Failover to Backup Route - 2.4.5 39
    Syntax Checker - Modify the Cost Values for R2 and R3 - 2.4.6 40
    Hello Packet Intervals - 2.4.7 40
    Verify Hello and Dead Intervals - 2.4.8 40
    Modify OSPFv2 Intervals - 2.4.9 42
    Syntax Checker - Modifying Hello and Dead Intervals on R3 - 2.4.10 43
    Packet Tracer - Modify Single-Area OSPFv2 - 2.4.11 43
Default Route Propagation - 2.5 43
    Propagate a Default Static Route in OSPFv2 - 2.5.1 43
    Verify the Propagated Default Route - 2.5.2 44
    Packet Tracer - Propagate a Default Route in OSPFv2 - 2.5.3 46
Verify Single-Area OSPFv2 - 2.6 46
    Verify OSPF Neighbors - 2.6.1 46
    Verify OSPF Protocol Settings - 2.6.2 48
    Verify OSPF Process Information - 2.6.3 48
    Verify OSPF Interface Settings - 2.6.4 50
    Syntax Checker - Verify Single-Area OSPFv2 - 2.6.5 51
    Packet Tracer - Verify Single-Area OSPFv2 - 2.6.6 51
Module Practice and Quiz - 2.7 51
    Packet Tracer - Single-Area OSPFv2 Configuration - 2.7.1 51
    Lab - Single-Area OSPFv2 Configuration - 2.7.2 51
    What did I learn in this module? - 2.7.3 52
Chapter Quiz - Single-Area OSPFv2 Configuration 56
Your Chapter Notes 56
Chapter 3 Network Security Concepts 57
Introduction - 3.0 57
    Why should I take this module? - 3.0.1 57
    What will I learn in this module? - 3.0.2 57
    Ethical Hacking Statement - 3.0.3 57
Current State of Cybersecurity - 3.1 58
    Current State of Affairs - 3.1.1 58
    Vectors of Network Attacks - 3.1.2 58
    Data Loss - 3.1.3 59
    Check Your Understanding - Current State of Cybersecurity - 3.1.4 60
Threat Actors - 3.2 60
    The Hacker - 3.2.1 60
    Evolution of Hackers - 3.2.2 61
    Cyber Criminals - 3.2.3 61
    Hacktivists - 3.2.4 61
    State-Sponsored Hackers - 3.2.5 61
    Check Your Understanding - Threat Actors - 3.2.6 62
Threat Actor Tools - 3.3 62
    Video - Threat Actor Tools - 3.3.1 62
    Introduction to Attack Tools - 3.3.2 62
    Evolution of Security Tools - 3.3.3 62
    Attack Types - 3.3.4 63
    Check Your Understanding - Threat Actor Tools - 3.3.5 64
Malware - 3.4 64
    Overview of Malware - 3.4.1 64
    Viruses and Trojan Horses - 3.4.2 64
    Other Types of Malware - 3.4.3 65
    Check Your Understanding - Malware - 3.4.4 66
Common Network Attacks - 3.5 66
    Overview of Network Attacks - 3.5.1 66
    Video - Reconnaissance Attacks - 3.5.2 67
    Reconnaissance Attacks - 3.5.3 67
    Video - Access and Social Engineering Attacks - 3.5.4 68
    Access Attacks - 3.5.5 68
    Social Engineering Attacks - 3.5.6 69
    Lab - Social Engineering - 3.5.7 70
    Video - Denial of Service Attacks - 3.5.8 70
    DoS and DDoS Attacks - 3.5.9 70
    Check Your Understanding - Common Network Attacks - 3.5.10 71
IP Vulnerabilities and Threats - 3.6 71
    Video - Common IP and ICMP Attacks - 3.6.1 71
    IPv4 and IPv6 - 3.6.2 71
    ICMP Attacks - 3.6.3 71
    Video - Amplification, Reflection, and Spoofing Attacks - 3.6.4 72
    Amplification and Reflection Attacks - 3.6.5 72
    Address Spoofing Attacks - 3.6.6 72
    Check Your Understanding - IP Vulnerabilities and Threats - 3.6.7 73
TCP and UDP Vulnerabilities - 3.7 73
    TCP Segment Header - 3.7.1 73
    TCP Services - 3.7.2 73
    TCP Attacks - 3.7.3 74
    UDP Segment Header and Operation - 3.7.4 74
    UDP Attacks - 3.7.5 75
    Check Your Understanding - TCP and UDP Vulnerabilities - 3.7.6 75
IP Services - 3.8 75
    ARP Vulnerabilities - 3.8.1 75
    ARP Cache Poisoning - 3.8.2 76
    Video - ARP Spoofing - 3.8.3 76
    DNS Attacks - 3.8.4 76
    DNS Tunneling - 3.8.5 78
    DHCP - 3.8.6 78
    DHCP Attacks - 3.8.7 78
    Lab - Explore DNS Traffic - 3.8.8 79
Network Security Best Practices - 3.9 80
    Confidentiality, Integrity, and Availability - 3.9.1 80
    The Defense-in-Depth Approach - 3.9.2 80
    Firewalls - 3.9.3 80
    IPS - 3.9.4 81
    Content Security Appliances - 3.9.5 81
    Check Your Understanding - Network Security Best Practices - 3.9.6 82
Cryptography - 3.10 82
    Video - Cryptography - 3.10.1 82
    Securing Communications - 3.10.2 82
    Data Integrity - 3.10.3 83
    Hash Functions - 3.10.4 83
    Origin Authentication - 3.10.5 84
    Data Confidentiality - 3.10.6 85
    Symmetric Encryption - 3.10.7 85
    Asymmetric Encryption - 3.10.8 86
    Diffie-Hellman - 3.10.9 87
    Check Your Understanding - Cryptography - 3.10.10 88
Module Practice and Quiz - 3.11 88
    What did I learn in this module? - 3.11.1 88
Chapter Quiz - Network Security Concepts 91
Your Chapter Notes 91
Chapter 4 ACL Concepts 93
Introduction - 4.0 93
    Why should I take this module? - 4.0.1 93
    What will I learn to do in this module? - 4.0.2 93
Purpose of ACLs - 4.1 93
    What is an ACL? - 4.1.1 93
    Packet Filtering - 4.1.2 95
    ACL Operation - 4.1.3 95
    Packet Tracer - ACL Demonstration - 4.1.4 96
    Check Your Understanding - Purpose of ACLs - 4.1.5 96
Wildcard Masks in ACLs - 4.2 96
    Wildcard Mask Overview - 4.2.1 96
    Wildcard Mask Types - 4.2.2 97
    Wildcard Mask Calculation - 4.2.3 97
    Wildcard Mask Keywords - 4.2.4 98
    Check Your Understanding - Wildcard Masks in ACLs - 4.2.5 99
Guidelines for ACL Creation - 4.3 99
    Limited Number of ACLs per Interface - 4.3.1 99
    ACL Best Practices - 4.3.2 99
    Check Your Understanding - Guidelines for ACL Creation - 4.3.3 100
Types of IPv4 ACLs - 4.4 100
    Standard and Extended ACLs - 4.4.1 100
    Numbered and Named ACLs - 4.4.2 101
    Where to Place ACLs - 4.4.3 102
    Standard ACL Placement Example - 4.4.4 102
    Extended ACL Placement Example - 4.4.5 103
    Check Your Understanding - Guidelines for ACL Placement - 4.4.6 103
Module Practice and Quiz - 4.5 103
    What did I learn in this module? - 4.5.1 103
Chapter Quiz - ACL Concepts 106
Your Chapter Notes 106
Chapter 5 ACLs for IPv4 Configuration 107
Introduction - 5.0 107
    Why should I take this module? - 5.0.1 107
    What will I learn to do in this module? - 5.0.2 107
Configure Standard IPv4 ACLs - 5.1 107
    Create an ACL - 5.1.1 107
    Numbered Standard IPv4 ACL Syntax - 5.1.2 108
    Named Standard IPv4 ACL Syntax - 5.1.3 109
    Apply a Standard IPv4 ACL - 5.1.4 109
    Numbered Standard IPv4 ACL Example - 5.1.5 110
    Named Standard IPv4 ACL Example - 5.1.6 111
    Syntax Check - Configure Standard IPv4 ACLs - 5.1.7 112
    Packet Tracer - Configure Numbered Standard IPv4 ACLs - 5.1.8 113
    Packet Tracer - Configure Named Standard IPv4 ACLs - 5.1.9 113
Modify IPv4 ACLs - 5.2 113
    Two Methods to Modify an ACL - 5.2.1 113
    Text Editor Method - 5.2.2 113
    Sequence Numbers Method - 5.2.3 114
    Modify a Named ACL Example - 5.2.4 115
    ACL Statistics - 5.2.5 116
    Syntax Checker - Modify IPv4 ACLs - 5.2.6 116
    Packet Tracer - Configure and Modify Standard IPv4 ACLs - 5.2.7 116
Secure VTY Ports with a Standard IPv4 ACL - 5.3 116
    The access-class Command - 5.3.1 116
    Secure VTY Access Example - 5.3.2 117
    Verify the VTY Port is Secured - 5.3.3 118
    Syntax Checker - Secure the VTY Ports - 5.3.4 118
Configure Extended IPv4 ACLs - 5.4 119
    Extended ACLs - 5.4.1 119
    Numbered Extended IPv4 ACL Syntax - 5.4.2 119
    Protocols and Ports - 5.4.3 120
    Protocols and Port Numbers Configuration Examples - 5.4.4 123
    Apply a Numbered Extended IPv4 ACL - 5.4.5 123
    TCP Established Extended ACL - 5.4.6 123
    Named Extended IPv4 ACL Syntax - 5.4.7 124
    Named Extended IPv4 ACL Example - 5.4.8 125
    Edit Extended ACLs - 5.4.9 126
    Another Named Extended IPv4 ACL Example - 5.4.10 127
    Verify Extended ACLs - 5.4.11 128
    Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - 5.4.12 130
    Packet Tracer - Configure Extended IPv4 ACLs - Scenario 2 - 5.4.13 130
Module Practice and Quiz - 5.5 130
    Packet Tracer - IPv4 ACL Implementation Challenge - 5.5.1 130
    Lab - Configure and Verify Extended IPv4 ACLs - 5.5.2 131
    What did I learn in this module? - 5.5.3 131
Chapter Quiz - ACLs for IPv4 Implementation 133
Your Chapter Notes 133
Chapter 6 NAT for IPv4 135
Introduction - 6.0 135
    Why should I take this module? - 6.0.1 135
    What will I learn to do in this module? - 6.0.2 135
NAT Characteristics - 6.1 135
    IPv4 Private Address Space - 6.1.1 135
    What is NAT - 6.1.2 136
    How NAT Works - 6.1.3 137
    NAT Terminology - 6.1.4 137
    Check Your Understanding - NAT Characteristics - 6.1.5 138
Types of NAT - 6.2 139
    Static NAT - 6.2.1 139
    Dynamic NAT - 6.2.2 139
    Port Address Translation - 6.2.3 139
    Next Available Port - 6.2.4 140
    NAT and PAT Comparison - 6.2.5 140
    Packets without a Layer 4 Segment - 6.2.6 141
    Packet Tracer - Investigate NAT Operations - 6.2.7 141
NAT Advantages and Disadvantages - 6.3 142
    Advantages of NAT - 6.3.1 142
    Disadvantages of NAT - 6.3.2 142
    Check Your Understanding - NAT Advantages and Disadvantages - 6.3.3 143
Static NAT - 6.4 143
    Static NAT Scenario - 6.4.1 143
    Configure Static NAT - 6.4.2 143
    Analyze Static NAT - 6.4.3 144
    Verify Static NAT - 6.4.4 144
    Packet Tracer - Configure Static NAT - 6.4.5 145
Dynamic NAT - 6.5 146
    Dynamic NAT Scenario - 6.5.1 146
    Configure Dynamic NAT - 6.5.2 146
    Analyze Dynamic NAT - Inside to Outside - 6.5.3 147
    Analyze Dynamic NAT - Outside to Inside - 6.5.4 147
    Verify Dynamic NAT - 6.5.5 148
    Packet Tracer - Configure Dynamic NAT - 6.5.6 150
PAT - 6.6 150
    PAT Scenario - 6.6.1 150
    Configure PAT to Use a Single IPv4 Address - 6.6.2 150
    Configure PAT to Use an Address Pool - 6.6.3 151
    Analyze PAT - PC to Server - 6.6.4 151
    Analyze PAT - Server to PC - 6.6.5 151
    Verify PAT - 6.6.6 151
    Packet Tracer - Configure PAT - 6.6.7 152
NAT64 - 6.7 153
    NAT for IPv6? - 6.7.1 153
    NAT64 - 6.7.2 153
Module Practice and Quiz - 6.8 153
    Packet Tracer - Configure NAT for IPv4 - 6.8.1 153
    Lab - Configure NAT for IPv4 - 6.8.2 154
    What did I learn in this module? - 6.8.3 154
Chapter Quiz - NAT for IPv4 158
Your Chapter Notes 158
Chapter 7 WAN Concepts 159
Introduction - 7.0 159
    Why should I take this module? - 7.0.1 159
    What will I learn to do in this module? - 7.0.2 159
Purpose of WANs - 7.1 159
    LANs and WANs - 7.1.1 159
    Private and Public WANs - 7.1.2 160
    WAN Topologies - 7.1.3 160
    Carrier Connections - 7.1.4 162
    Evolving Networks - 7.1.5 162
    Check Your Understanding - Purpose of WANs - 7.1.6 164
WAN Operations - 7.2 164
    WAN Standards - 7.2.1 164
    WANs in the OSI Model - 7.2.2 164
    Common WAN Terminology - 7.2.3 165
    WAN Devices - 7.2.4 166
    Serial Communication - 7.2.5 167
    Circuit-Switched Communication - 7.2.6 168
    Packet-Switched Communications - 7.2.7 168
    SDH, SONET, and DWDM - 7.2.8 169
    Check Your Understanding - WAN Operations - 7.2.9 169
Traditional WAN Connectivity - 7.3 169
    Traditional WAN Connectivity Options - 7.3.1 169
    Common WAN Terminology - 7.3.2 169
    Circuit-Switched Options - 7.3.3 170
    Packet-Switched Options - 7.3.4 171
    Check Your Understanding - Traditional WAN Connectivity - 7.3.5 172
Modern WAN Connectivity - 7.4 172
    Modern WANs - 7.4.1 172
    Modern WAN Connectivity Options - 7.4.2 172
    Ethernet WAN - 7.4.3 173
    MPLS - 7.4.4 174
    Check Your Understanding - Modern WAN Connectivity - 7.4.5 174
Internet-Based Connectivity - 7.5 174
    Internet-Based Connectivity Options - 7.5.1 174
    DSL Technology - 7.5.2 175
    DSL Connections - 7.5.3 175
    DSL and PPP - 7.5.4 176
    Cable Technology - 7.5.5 176
    Optical Fiber - 7.5.6 177
    Wireless Internet-Based Broadband - 7.5.7 177
    VPN Technology - 7.5.8 179
    ISP Connectivity Options - 7.5.9 179
    Broadband Solution Comparison - 7.5.10 180
    Lab - Research Broadband Internet Access Options - 7.5.11 181
Module Practice and Quiz - 7.6 181
    Packet Tracer - WAN Concepts - 7.6.1 181
    What did I learn in this module? - 7.6.2 181
Chapter Quiz - WAN Concepts 184
Your Chapter Notes 184
Chapter 8 VPN and IPsec Concepts 185
Introduction - 8.0 185
    Why should I take this module? - 8.0.1 185
    What will I learn in this module? - 8.0.2 185
VPN Technology - 8.1 185
    Virtual Private Networks - 8.1.1 185
    VPN Benefits - 8.1.2 186
    Site-to-Site and Remote-Access VPNs - 8.1.3 186
    Enterprise and Service Provider VPNs - 8.1.4 186
    Check Your Understanding - VPN Technology - 8.1.5 187
Types of VPNs - 8.2 187
    Remote-Access VPNs - 8.2.1 187
    SSL VPNs - 8.2.2 187
    Site-to-Site IPsec VPNs - 8.2.3 188
    GRE over IPsec - 8.2.4 188
    Dynamic Multipoint VPNs - 8.2.5 189
    IPsec Virtual Tunnel Interface - 8.2.6 189
    Service Provider MPLS VPNs - 8.2.7 190
    Check Your Understanding - Types of VPNs - 8.2.8 190
IPsec - 8.3 190
    Video - IPsec Concepts - 8.3.1 190
    IPsec Technologies - 8.3.2 190
    IPsec Protocol Encapsulation - 8.3.3 191
    Confidentiality - 8.3.4 192
    Integrity - 8.3.5 192
    Authentication - 8.3.6 192
    Secure Key Exchange with Diffie-Hellman - 8.3.7 193
    Video - IPsec Transport and Tunnel Mode - 8.3.8 193
    Check Your Understanding - IPsec - 8.3.9 193
Module Practice and Quiz - 8.4 193
    What did I learn in this module? - 8.4.1 193
Chapter Quiz - VPN and IPsec Concepts 195
Your Chapter Notes 195
Chapter 9 QoS Concepts 197
Introduction - 9.0 197
    Why should I take this module? - 9.0.1 197
    What will I learn to do in this module? - 9.0.2 197
Network Transmission Quality - 9.1 197
    Video Tutorial - The Purpose of QoS - 9.1.1 197
    Prioritizing Traffic - 9.1.2 197
    Bandwidth, Congestion, Delay, and Jitter - 9.1.3 198
    Packet Loss - 9.1.4 199
    Check Your Understanding - Network Transmission Quality - 9.1.5 199
Traffic Characteristics - 9.2 199
    Video Tutorial - Traffic Characteristics - 9.2.1 199
    Network Traffic Trends - 9.2.2 199
    Voice - 9.2.3 200
    Video - 9.2.4 200
    Data - 9.2.5 201
    Check Your Understanding - Traffic C...

About the author

Cisco Networking Academy teaches hundreds of thousands of students annually the skills needed to build, design, and maintain networks, improving their career prospects while filling the global demand for networking professionals. With 10,000 academies in 165 countries, it helps individuals prepare for industry-recognized certifications and entry-level information and communication technology careers in virtually every industry—developing foundational technical skills while acquiring vital 21st-century career skills in problem solving, collaboration, and critical thinking. Cisco Networking Academy uses a public-private partnership model to create the "world's largest classroom."

Summary