Lecture Notes for Enterprise Networking, Security, and Automation Labs and Study Guide (CCNAv7)

Preview (31 of 508 Pages)

100%

Purchase to unlock

Loading page image...

Enterprise Networking,Security, and Automation Labsand Study Guide (CCNAv7)Instructor’s Answer KeyAllan Johnson

Loading page image...

viEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Contents at a GlanceIntroductionxxviiiChapter 1Single-Area OSPFv2 Concepts1Chapter 2Single-Area OSPFv2 Configuration15Chapter 3Network Security Concepts77Chapter 4ACL Concepts123Chapter 5ACLs for IPv4 Configuration135Chapter 6NAT for IPv4201Chapter 7WAN Concepts249Chapter 8VPN and IPsec Concepts271Chapter 9QoS Concepts289Chapter 10Network Management305Chapter 11Network Design399Chapter 12Network Troubleshooting413Chapter 13Network Virtualization449Chapter 14Network Automation463

Loading page image...

ContentsIntroductionxxviiiChapter 1Single-Area OSPFv2 Concepts1Study Guide2OSPF Features and Characteristics2Components of OSPF2Link-State Operation2Single-Area and Multiarea OSPF3OSPFv33Check Your Understanding—OSPF Features andCharacteristics4OSPF Packets5Types of OSPF Packets5Link-State Updates5Hello Packet6Check Your Understanding—OSPF Packets7OSPF Operation8OSPF Operational States8The Need for a DR11LSA Flooding with a DR12Check Your Understanding—OSPF Operation12Labs and Activities14Chapter 2Single-Area OSPFv2 Configuration15Study Guide16OSPF Router ID16OSPF Reference Topology16Router IDs16Router ID Order of Precedence17Configure a Loopback Interface as the Router ID18Explicitly Configure a Router ID18Modify the Router ID18Check Your Understanding—OSPF Router ID18Point-to-Point OSPF Networks19The network Command Syntax19The Wildcard Mask20Configure OSPF Using the network Command20Configure OSPF Using the ip ospf Command20Passive Interface21Configure Passive Interfaces21Packet Tracer Exercise 2-1: Point-to-Point Single-AreaOSPFv2 Configuration21Contentsvii

Loading page image...

viiiEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Multiaccess OSPF Networks22OSPF Designated Router22OSPF Multiaccess Reference Topology22Verify OSPF Multiaccess Router Roles23DR Failure and Recovery24Configure OSPF Priority24Modify Single-Area OSPFv225Cisco OSPF Cost Metric25Adjust the Reference Bandwidth25OSPF Accumulates Cost26Manually Set OSPF Cost Value27Modify OSPFv2 Intervals28Default Route Propagation28Propagate and Verify a Default Route28Packet Tracer Exercise 2-2—Modify a Point-to-Point Single-AreaOSPFv2 Configuration29Verify Single-Area OSPFv230Verify OSPF Neighbors30Verify OSPF Protocol Settings31Verify OSPF Process Information31Verify OSPF Interface Settings32Labs and Activities34Command Reference342.2.13 Packet Tracer—Point-to-Point Single-Area OSPFv2Configuration (Instructor Version)35Addressing Table35Objectives35Background35Instructions35Part 1: Configure Router IDs35Part 2: Configure Networks for OSPF Routing36Part 3: Configure Passive Interfaces38Part 4: Verify OSPF Configuration38Answer Scripts38Router R138Router R239Router R3392.3.11 Packet Tracer—Determine the DR and BDR (Instructor Version)40Addressing Table40Objectives40Scenario40Instructions40

Loading page image...

Part 1: Examine DR and BDR Changing Roles40Part 2: Modify OSPF Priority and Force Elections432.4.11 Packet Tracer—Modify Single-Area OSPFv2 (Instructor Version)44Addressing Table44Objectives44Scenario44Instructions44Part 1: Modify OSPF Default Settings44Part 2: Verify Connectivity46Answer Scripts46Router R146Router R2462.5.3 Packet Tracer—Propagate a Default Route in OSPFv2(Instructor Version)47Addressing Table47Objectives47Background47Instructions47Part 1: Propagate a Default Route47Part 2: Verify Connectivity49Answer Script49Router R2492.6.6 Packet Tracer—Verify Single-Area OSPFv2 (Instructor Version)50Addressing Table50Objectives50Background / Scenario50Instructions51Part 1: Verify the Existing OSPFv2 Network Operation51Part 2: Add the New Branch Office LAN to the OSPFv2 Network542.7.1 Packet Tracer—Single-Area OSPFv2 Configuration(Instructor Version)55Addressing Table55Objectives55Background55Instructions56Requirements56Answer Configurations56P2P-156P2P-257P2P-357BC-157BC-258BC-358Contents ix

Loading page image...

xEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)2.7.2 Lab—Configure Single-Area OSPFv2 (Instructor Version)59Topology59Addressing Table59Objectives59Background / Scenario59Required Resources60Instructions60Part 1: Build the Network and Configure Basic Device Settings60Part 2: Configure and Verify Single-Area OSPFv2 for Basic Operation62Part 3: Optimize the Single-Area OSPFv2 Configuration64Router Interface Summary Table66Device Configs67Router R167Router R269Switch S171Switch S274Chapter 3Network Security Concepts77Study Guide78Current State of Cybersecurity78Current State of Affairs78Vectors of Network Attacks78Data Loss79Check Your Understanding—Current State of Cybersecurity80Threat Actors81The Hacker81Evolution of Hackers81Check Your Understanding—Threat Actors82Threat Actor Tools82Video—Threat Actor Tools83Evolution of Security Tools83Attack Types84Check Your Understanding—Threat Actor Tools84Malware85Viruses and Trojan Horses85Other Types of Malware86Check Your Understanding—Malware87Common Network Attacks89Overview of Network Attacks89Video—Reconnaissance Attacks89Reconnaissance Attacks89Video—Access and Social Engineering Attacks90Access Attacks90

Loading page image...

Social Engineering Attacks90Video—Denial of Service Attacks91DoS and DDoS Attacks91Check Your Understanding—Common Network Attacks92IP Vulnerabilities and Threats92Video—Common IP and ICMP Attacks93IPv4 and IPv693ICMP Attacks93Video—Amplification, Reflection, and Spoofing Attacks94Amplification and Reflection Attacks94Address Spoofing Attacks94Check Your Understanding—IP Vulnerabilities and Threats95TCP and UDP Vulnerabilities96TCP Segment Header96TCP Services97TCP Attacks98Check Your Understanding—TCP and UDP Vulnerabilities99IP Services100ARP Vulnerabilities100Video—ARP Spoofing100DNS Attacks101DHCP101DCHP Spoofing Attacks102Network Security Best Practices102Confidentiality, Integrity, and Availability (CIA)102The Defense-in-Depth Approach102IPS103Content Security Appliances104Check Your Understanding—Network Security Best Practices105Cryptography106Video—Cryptography106Securing Communications106Data Integrity107Origin Authentication107Data Confidentiality108Symmetric Encryption108Asymmetric Encryption109Diffie-Hellman110Check Your Understanding—Cryptography111Labs and Activities1123.5.7 Lab—Social Engineering (Instructor Version)112Objective112Contents xi

Loading page image...

xiiEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Resources112Instructions1123.8.8 Lab—Explore DNS Traffic (Instructor Version)114Objectives114Background / Scenario114Required Resources114Instructions114Reflection Question121Chapter 4ACL Concepts123Study Guide124Purpose of ACLs124ACL Operation124Check Your Understanding—Purpose of ACLs124Wildcard Masks in ACLs125Wildcard Mask Overview125Wildcard Mask Types126Wildcard Mask Calculation126Wildcard Mask Keywords127Check Your Understanding—Wildcard Masks in ACLs127Guidelines for ACL Creation128Limited Number of ACLs per Interface128ACL Best Practices129Check Your Understanding—Guidelines for ACL Creation129Types of IPv4 ACLs129Standard and Extended ACLs130Numbered and Named ACLs130Standard and Extended ACL Placement130Check Your Understanding—Types of IPv4 ACLs131Labs and Activities1324.1.4 Packet Tracer—Access Control List Demonstration(Instructor Version)132Objectives132Background132Addressing Table132Instructions133Part 1: Verify Local Connectivity and Test Access Control List133Part 2: Remove the ACL and Repeat the Test133Chapter 5ACLs for IPv4 Configuration135Study Guide136Configure Standard IPv4 ACLs136

Loading page image...

Create an ACL136Numbered Standard IPv4 ACLs136Apply a Standard IPv4 ACL137Named Standard IPv4 ACLs137Standard IPv4 ACL Scenarios138Modify IPv4 ACLs139Sequence Numbers Method139Secure VTY Ports with a Standard IPv4 ACL140The access-class Command140Secure VTP Access Example140Configure Extended IPv4 ACLs140Extended ACLs141Numbered Extended IPv4 ACLs141Numbered Extended ACL Configuration Scenarios141Evaluate Extended IPv4 ACL Statements142Extended ACL Quiz144Labs and Activities146Command Reference1465.1.8 Packet Tracer—Configure Numbered StandardIPv4 ACLs (Instructor Version)147Addressing Table147Objectives147Background / Scenario147Instructions147Part 1: Plan an ACL Implementation147Part 2: Configure, Apply, and Verify a Standard ACL148Answer Configurations150Router R2150Router R31505.1.9 Packet Tracer—Configure Named StandardIPv4 ACLs (Instructor Version)151Addressing Table151Objectives151Background / Scenario151Instructions151Part 1: Configure and Apply a Named Standard ACL151Part 2: Verify the ACL Implementation152Answer Scripts152Router R11525.2.7 Packet Tracer—Configure and Modify Standard IPv4 ACLs(Instructor Version)153Addressing Table153Objectives153Contentsxiii

Loading page image...

xivEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Background / Scenario153Instructions154Part 1: Verify Connectivity154Part 2: Configure and Verify Standard Numbered and Named ACLs154Part 3: Modify a Standard ACL159Reflection Questions161Answer Scripts161Router R1161Router R31625.4.12 Packet Tracer—Configure Extended ACLs—Scenario 1(Instructor Version)163Addressing Table163Objectives163Background / Scenario163Instructions163Part 1: Configure, Apply, and Verify an Extended NumberedACL163Part 2: Configure, Apply, and Verify an Extended Named ACL166Answer Script167Router R11675.4.13 Packet Tracer—Configure Extended IPv4 ACLs—Scenario 2(Instructor Version)168Addressing Table168Objectives168Background / Scenario168Instructions168Part 1: Configure a Named Extended ACL168Part 2: Apply and Verify the Extended ACL170Answer Configuration171Router RT11715.5.1 Packet Tracer—IPv4 ACL Implementation Challenge(Instructor Version)173Addressing Table173Objectives173Background / Scenario173Instructions174Answer Scripts176Router HQ176Router Branch1765.5.2 Lab—Configure and Verify Extended IPv4 ACLs(Instructor Version)177Topology177Addressing Table177VLAN Table177

Loading page image...

Objectives178Background / Scenario178Required Resources178Instructions178Part 1: Build the Network and Configure Basic Device Settings178Part 2: Configure VLANs on the Switches180Part 3: Configure Trunking182Part 4: Configure Routing183Part 5: Configure Remote Access184Part 6: Verify Connectivity185Part 7: Configure and Verify Extended Access Control Lists185Device Configs186Router R1186Router R2190Switch S1192Switch S2196Chapter 6NAT for IPv4201Study Guide202NAT Characteristics202IPv4 Private Address Space202NAT Terminology202Check Your Understanding—NAT Characteristics203Types of NAT204Static NAT204Dynamic NAT204Port Address Translation204NAT and PAT Comparison204NAT Advantages and Disadvantages204Check Your Understanding—NAT Advantages and Disadvantages205Static NAT205Configure Static NAT206Packet Tracer Exercise 6-1: Configure Static NAT206Dynamic NAT207Configure Dynamic NAT207Packet Tracer Exercise 6-2: Configure Dynamic NAT208PAT209Configure PAT209NAT64213Labs and Activities214Command Reference214Contents xv

Loading page image...

xviEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)6.2.7 Packet Tracer—Investigate NAT Operations (Instructor Version)214Addressing Table214Objectives215Scenario215Instructions215Part 1: Investigate NAT Operation Across the Intranet215Part 2: Investigate NAT Operation Across the Internet216Part 3: Conduct Further Investigations2176.4.5 Packet Tracer—Configure Static NAT (Instructor Version)219Objectives219Scenario219Instructions219Part 1: Test Access Without NAT219Part 2: Configure Static NAT220Part 3: Test Access with NAT2206.5.6 Packet Tracer—Configure Dynamic NAT (Instructor Version)221Objectives221Instructions221Part 1: Configure Dynamic NAT221Part 2: Verify NAT Implementation222Answer Script222Router R22226.6.7 Packet Tracer—Configure PAT (Instructor Version)223Objectives223Part 1: Configure Dynamic NAT with Overload223Part 2: Verify Dynamic NAT with Overload Implementation224Part 3: Configure PAT Using an Interface224Part 4: Verify PAT Interface Implementation225Answer Configurations225Router R1225Router R22266.8.1 Packet Tracer—Configure NAT for IPv4 (Instructor Version)227Addressing Table227Objectives227Background / Scenario227Instructions227Answer Configurations228Router R22286.8.2 Lab—Configure NAT for IPv4 (Instructor Version)229Topology229Addressing Table229Objectives229

Loading page image...

Background / Scenario229Required Resources230Instructions230Part 1: Build the Network and Configure Basic Device Settings230Part 2: Configure and Verify NAT for IPv4232Part 3: Configure and Verify PAT for IPv4234Part 4: Configure and Verify Static NAT for IPv4237Router Interface Summary Table238Device Configs - Final238Router R1238Router R2240Switch S1242Switch S2245Chapter 7WAN Concepts249Study Guide250Purpose of WANs250LANs and WANs250WAN Topologies250Evolving Networks251Check Your Understanding—Purpose of WANs252WAN Operations253WAN Standards253WAN Terminology and Devices254Check Your Understanding—WAN Operations255Traditional WAN Connectivity256Traditional WAN Connectivity Options256Leased Lines257Legacy Switched WAN Options258Check Your Understanding—Traditional WAN Connectivity258Modern WAN Connectivity259Modern WANs259Modern WAN Connectivity Options260Check Your Understanding—Modern WAN Connectivity261Internet-Based Connectivity261Internet-Based Connectivity Terminology261Labs and Activities2637.5.11 Lab—Research Broadband Internet Access Technologies(Instructor Version)263Objectives263Background / Scenario263Required Resources263Contentsxvii

Loading page image...

xviiiEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Part 1: Investigate Broadband Distribution263Part 2: Research Broadband Access Options for Specific Scenarios265Reflection Question2667.6.1 Packet Tracer—WAN Concepts (Instructor Version)267Objectives267Background / Scenario267Instructions267Part 1: Investigate Consumer WAN Technologies for Homeand Mobile Devices267Part 2: Explore Connectivity270Chapter 8VPN and IPsec Concepts271Study Guide272VPN Technology272Virtual Private Networks272VPN Benefits272Site-to-Site and Remote-Access VPNs273Enterprise and Service Provider VPNs273Check Your Understanding—VPN Technology274Types of VPNs275Remote-Access VPNs275SSL and IPsec276Site-to-Site IPsec VPNs276GRE over IPsec276Dynamic Multipoint VPNs277IPsec Virtual Tunnel Interface278Service Provider MPLS VPNs278Check Your Understanding—Types of VPNs278IPsec279Video—IPsec Concepts279IPsec Technologies279IPsec Protocol Encapsulation281Confidentiality281Integrity282Authentication283Secure Key Exchange with Diffie-Hellman283Video—IPsec Transport and Tunnel Mode284Check Your Understanding—IPsec284Labs and Activities287Chapter 9QoS Concepts289Study Guide290Network Transmission Quality290

Loading page image...

Video Tutorial—The Purpose of QoS290Network Transmission Quality Terminology290Check Your Understanding—Network Transmission Quality291Traffic Characteristics292Video Tutorial—Traffic Characteristics292Traffic Characteristics292Check Your Understanding—Traffic Characteristics292Queuing Algorithms293Video Tutorial—QoS Algorithms293Identify the Queuing Algorithm293Queuing Algorithm Characteristics295Check Your Understanding—Queuing Algorithms296QoS Models297Video Tutorial—QoS Models297QoS Model Characteristics297Check Your Understanding—QoS Models298QoS Implementation Techniques299Video Tutorial—QoS Implementation Techniques299QoS Implementation Techniques Overview299Traffic Marking Tools299Marking at Layer 2300Marking at Layer 3300QoS Mechanism Terminology302Check Your Understanding—QoS Implementation Techniques303Labs and Activities304Chapter 10Network Management305Study Guide306Device Discovery with CDP and LLDP306Configure and Verify CDP306Configure and Verify LLDP307Draw and Label the Network Topology308Compare CDP and LLDP309NTP310Set the Clock310NTP Operation310Configure and Verify NTP311SNMP311SNMP Operation311SNMP Versions312Community Strings312MIB Object ID312Contentsxix

Loading page image...

xxEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Syslog314Introduction to Syslog314Syslog Operation314Syslog Message Format314Check Your Understanding—Syslog Operation315Router and Switch File Maintenance315Router File Systems315Use a Text File to Back Up a Configuration317Use a Text File to Restore a Configuration318Use TFTP to Back Up and Restore a Configuration319Use USB to Back Up and Restore a Configuration319Password Recovery Procedures319Labs and Packet Tracers320IOS Image Management320Video—Managing Cisco IOS Images320Back Up an IOS Image to a TFTP Server320The boot system Command321Labs and Activities322Command Reference32210.1.5 Packet Tracer—Use CDP to Map a Network (Instructor Version)323Addressing Table323Objectives323Background / Scenario323Instructions324Part 1: Use SSH to Remotely Access Network Devices324Part 2: Use CDP to Discover Neighboring Devices32410.2.6 Packet Tracer—Use LLDP to Map a Network (Instructor Version)327Addressing Table327Objectives327Background / Scenario327Instructions328Part 1: Use SSH to Remotely Access Network Devices328Part 2: Use LLDP to Discover Neighboring Devices32910.3.4 Packet Tracer—Configure and Verify NTP (Instructor Version)332Addressing Table332Objectives332Background / Scenario332Instructions33210.4.10 Lab—Research Network Monitoring Software(Instructor Version)334Objectives334Background / Scenario334Required Resources334

Loading page image...

Instructions334Part 1: Survey Your Understanding of Network Monitoring334Part 2: Research Network Monitoring Tools335Part 3: Select a Network Monitoring Tool336Reflection Question33610.6.10 Packet Tracer—Back UpConfiguration Files (Instructor Version)337Objectives337Background / Scenario337Instructions337Part 1: Establish Connectivity to the TFTP Server337Part 2: Transfer the Configuration File from the TFTP Server337Part 3: Back Up Configuration and IOS to TFTP Server33810.6.11 Lab—Use Tera Term to Manage Router Configuration Files(Instructor Version)340Topology340Addressing Table340Objectives340Background / Scenario340Required Resources341Part 1: Configure Basic Device Settings341Part 2: Create a Backup Configuration File343Part 3: Use a Backup Configuration File to Restore a Routerand Switch Configuration343Reflection Question345Router Interface Summary Table345Device Configs - Final346Router R1346Switch S134810.6.12 Lab—Use TFTP, Flash, and USB to ManageConfiguration Files (Instructor Version)351Topology351Addressing Table351Objectives351Background / Scenario351Required Resources352Instructions352Part 1: Build the Network and Configure Basic Device Settings352Part 2: Use TFTP to Back Up and Restore the Switch RunningConfiguration354Part 3: Use TFTP to Back Up and Restore the Router RunningConfiguration358Part 4: Back Up and Restore Configurations Using Router FlashMemory358Contents xxi

Loading page image...

xxiiEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Part 5: (Optional) Use a USB Drive to Back Up and Restorethe Running Configuration361Reflection Questions363Router Interface Summary Table364Device Configs364Router R1364Switch S136610.6.13 Lab—Research Password RecoveryProcedures (Instructor Version)370Objectives370Background / Scenario370Required Resources370Instructions370Part 1: Research the Configuration Register370Part 2: Document the Password Recovery Procedure fora Specific Cisco Router372Reflection Question37310.7.6 Packet Tracer—Use a TFTP Server to Upgrade a CiscoIOS Image (Instructor Version)374Addressing Table374Objectives374Scenario374Instructions374Part 1: Upgrade an IOS Image on a Cisco Device374Part 2: Back Up an IOS Image to a TFTP Server37610.8.1 Packet Tracer—Configure CDP, LLDP,andNTP (Instructor Version)377Addressing Table377Objectives377Background / Scenario377Instructions378Answer Scripts378Router HQ378Router Branch379Switch HQ-SW-1379Switch HQ-SW2379Switch BR-SW-2380Switch BR-SW-338010.8.2 Lab—Configure CDP, LLDP, and NTP (Instructor Version)381Topology381Addressing Table381Objectives381Background / Scenario381

Loading page image...

Required Resources382Part 1: Build the Network and Configure Basic Device Settings382Part 2: Network Discovery with CDP384Part 3: Network Discovery with LLDP386Part 4: Configure NTP388Reflection Question389Router Interface Summary Table389Device Configs - Final390Router R1390Switch S1392Switch S2395Chapter 11Network Design399Study Guide400Hierarchical Networks400Video—Three-Layer Network Design400Borderless Switched Networks400Hierarchy in the Borderless Switched Network400Access, Distribution, and Core Layer Functions402Check Your Understanding—Hierarchical Networks403Scalable Networks403Identify Scalability Terminology404Check Your Understanding—Scalable Networks404Switch Hardware405Switch Hardware Features405Check Your Understanding—Switch Hardware406Router Hardware407Router Categories407Check Your Understanding—Router Hardware407Labs and Activities40911.5.1 Packet Tracer—Compare Layer 2 andLayer 3 Devices (Instructor Version)409Objective409Background409Instructions409Chapter 12Network Troubleshooting413Study Guide414Network Documentation414Documentation Overview414Network Topology Diagrams414Network Device Documentation416Establish a Network Baseline418Contentsxxiii

Loading page image...

xxivEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Data Measurement418Check Your Understanding—Network Documentation419Troubleshooting Process419General Troubleshooting Procedures420Seven-Step Troubleshooting Process421Gather Information421Structured Troubleshooting Methods422Check Your Understanding—Troubleshooting Process423Troubleshooting Tools425Identify the Troubleshooting Tool425Syslog Server as a Troubleshooting Tool426Check Your Understanding—Troubleshooting Tools426Symptoms and Causes of Network Problems427Isolate the OSI Layer427Check Your Understanding—Symptoms and Causes of NetworkProblems428Troubleshooting IP Connectivity429Labs and Activities43112.5.13 Packet Tracer—Troubleshoot EnterpriseNetwork (Instructor Version)431Objectives431Scenario431Addressing Table431Instructions432Part 1: Verify Switching Technologies432Part 2: Verify DHCP434Part 3: Verify Routing435Part 4: Verify WAN Technologies436Part 5: Verify Connectivity43812.6.1 Packet Tracer—Troubleshooting Challenge—Document the Network (Instructor Version)439Addressing Table439Objectives440Background / Scenario440Instructions440Part 1: Test Connectivity440Part 2: Discover PC Configuration Information440Part 3: Discover Information About the Default Gateway Devices440Part 4: Reconstruct the Network Topology441Part 5: Further Explore Device Configurations and Interconnections441Reflection441Network Topology Diagram442

Loading page image...

12.6.2 Packet Tracer—Troubleshooting Challenge—Use Documentationto Solve Issues (Instructor Version)444Addressing Table444Objectives445Background / Scenario445Instructions445Part 1: Assess Connectivity445Part 2: Access Network Devices445Part 3: Repair the Network445Part 4: Document the Issues446Chapter 13Network Virtualization449Study Guide450Cloud Computing450Video—Cloud and Virtualization450Cloud Computing Terminology450Check Your Understanding—Cloud Computing451Virtualization and Virtual Network Infrastructure451Virtualization Terminology452Check Your Understanding—Virtualization and Virtual NetworkInfrastructure452Software-Defined Networking453Video—Software-Defined Networking454Control Plane and Data Plane454Check Your Understanding—Software-Defined Networking454Controllers455Video—Cisco ACI455Types of SDN Controllers456Check Your Understanding—Controllers456Labs and Activities45813.6.1 Lab—Install Linux in a Virtual Machine andExplore the GUI (Instructor Version)458Objectives458Background / Scenario458Required Resources458Instructions458Part 1: Prepare a Computer for Virtualization458Part 2: Install Ubuntu on the Virtual Machine459Part 3: Explore the GUI461Reflection Question462Contents xxv

Loading page image...

xxviEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Chapter 14Network Automation463Study Guide464Automation Overview464Video—Automation Everywhere464Check Your Understanding—Benefits of Automation464Data Formats465Video—Data Formats465Identify the Data Formats465Check Your Understanding—Data Formats466APIs467Video—APIs467An API Example467Types of Web Service APIs467Check Your Understanding—APIs468REST469Video—REST469RESTful Implementation469URI, URN, and URL469Anatomy of a RESTful Request470Check Your Understanding—REST470Configuration Management471Video—Configuration Management471Compare Ansible, Chef, Puppet, and SaltStack471Check Your Understanding—Configuration Management472IBN and Cisco DNA Center473Video—Intent-Based Networking473Intent-Based Networking Overview473Network Infrastructure as Fabric474Cisco Digital Network Architecture (DNA)475Cisco DNA Center477Videos—Cisco DNA Center478Check Your Understanding—IBN and Cisco DNA Center478Labs and Activities479

Loading page image...

xxviiCommand Syntax ConventionsThe conventions used to present command syntax in this book are the same conventions usedin the IOS Command Reference. The Command Reference describes these conventions asfollows:■■Boldfaceindicates commands and keywords that are entered literally as shown. In actualconfiguration examples and output (not general command syntax), boldface indicatescommands that are manually input by the user (such as ashowcommand).■■Italicindicates arguments for which you supply actual values.■■Vertical bars (|) separate alternative, mutually exclusive elements.■■Square brackets ([ ]) indicate an optional element.■■Braces ({ }) indicate a required choice.■■Braces within brackets ([{ }]) indicate a required choice within an optional element.

Loading page image...

xxviiiEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)IntroductionThis book supports instructors and students in Cisco Networking Academy, an IT skills andcareer-building program for learning institutions and individuals worldwide. Cisco NetworkingAcademy provides a variety of curriculum choices, including the very popular CCNA curricu-lum. It includes three courses oriented around the topics of Cisco Certified Network Associate(CCNA) certifications.Enterprise Networking, Security, and Automation Labs and Study Guideis a supplement toyour classroom and laboratory experience with Cisco Networking Academy. To be successfulon the exam and achieve your CCNA certification, you should do everything in your powerto arm yourself with a variety of tools and training materials to support your learning efforts.ThisLabs and Study Guideprovides just such a collection of tools. Used to its fullest extent,it will help you gain knowledge as well as practice skills associated with the content area of theEnterprise Networking, Security, and Automation v7 course. Specifically, this book will helpyou work on these main areas:■■Explain how single-area OSPF operates in both point-to-point and broadcast multiaccessnetworks.■■Implement single-area OSPFv2 in both point-to-point and broadcast multiaccessnetworks.■■Explain how vulnerabilities, threats, and exploits can be mitigated to enhance networksecurity.■■Explain how ACLs are used as part of a network security policy.■■Implement IPv4 ACLs to filter traffic and secure administrative access.■■Configure NAT services on the edge router to provide IPv4 address scalability.■■Explain how WAN access technologies can be used to satisfy business requirements.■■Explain how VPNs and IPsec secure site-to-site and remote access connectivity.■■Explain how networking devices implement QoS.■■Implement protocols to manage the network.■■Explain the characteristics of scalable network architectures.■■Troubleshoot enterprise networks.■■Explain the purpose and characteristics of network virtualization.■■Explain how network automation is enabled through RESTful APIs and configurationmanagement tools.Labs and Study Guidesimilar to this one are also available for the other two courses:Introduction to Networks Labs and Study GuideandSwitching, Routing, and WirelessEssentials Labs and Study Guide.Who Should Read This BookThis book’s main audience is anyone taking the Enterprise Networking, Security, and Automa-tion course of the Cisco Networking Academy curriculum. Many Academies use thisLabsand Study Guideas a required tool in the course; other Academies recommend theLabs andStudy Guideas an additional resource to prepare for class exams and the CCNA certification.

Loading page image...

IntroductionxxixThe secondary audiences for this book include people taking CCNA-related classes from pro-fessional training organizations, those in college- and university-level networking courses, andanyone wanting to gain a detailed understanding of routing. However, the reader should knowthat the content of this book tightly aligns with the Cisco Networking Academy course. It maynot be possible to complete some of the “Study Guide” sections and Labs without access tothe online course. Fortunately, you can purchase theEnterprise Networking, Security, andAutomation v7.0 Companion Guide(ISBN: 9780136634324).Goals and MethodsThe most important goal of this book is to help you pass the 200-301 Cisco CertifiedNetwork Associate exam, which is associated with the Cisco Certified Network Associate(CCNA) certification. Passing the CCNA exam means that you have the knowledge and skillsrequired to manage a small, enterprise network. You can view the detailed exam topics athttp://learningnetwork.cisco.com. They are divided into six broad categories:■■Network Fundamentals■■Network Access■■IP Connectivity■■IP Services■■Security Fundamentals■■Automation and ProgrammabilityThe Enterprise Networking, Security, and Automation v7 course covers introductory materialin the last four bullets. The previous two courses, Introduction to Networks v7 and Switching,Routing, and Wireless Essentials v7, cover the material in the first two bullets.Each chapter of this book is divided into a “Study Guide” section followed by a “Labs andActivities” section. The “Study Guide” section offers exercises that help you learn the con-cepts, configurations, and troubleshooting skills crucial to your success as a CCNA examcandidate. Each chapter is slightly different and includes some or all of the following types ofexercises:■■Vocabulary matching exercises■■Concept questions exercises■■Skill-building activities and scenarios■■Configuration scenarios■■Packet Tracer exercises■■Troubleshooting scenariosThe “Labs and Activities” sections include all the online course labs and Packet Tracer activityinstructions. If applicable, this section begins with a Command Reference that you will com-plete to highlight all the commands introduced in the chapter.Packet Tracer and Companion WebsiteThis book includes the instructions for all the Packet Tracer activities in the online course. Youneed to be enrolled in the Enterprise Networking, Security, and Automation Companion Guidev7 course to access these Packet Tracer files.

Loading page image...

xxxEnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Four Packet Tracer activities have been created exclusively for this book. You can access theseunique Packet Tracer files at this book’s companion website.To get your copy of Packet Tracer software and the four unique files for this book, please go tothe companion website for instructions. To access this companion website, follow these steps:Step 1.Go to www.ciscopress.com/register and log in or create a new account.Step 2.Enter the ISBN: 9780136634690.Step 3.Answer the challenge question as proof of purchase.Step 4.Click on the Access Bonus Content link in the Registered Products section of youraccount page to be taken to the page where your downloadable content is available.How This Book Is OrganizedThis book corresponds closely to the Cisco Networking Academy Switching, Routing, andWireless Essentials v7 course and is divided into 14 chapters:■■Chapter 1, “Single-Area OSPFv2 Concepts”:This chapter reviews single-area OSPF.It describes basic OSPF features and characteristics, packet types, and single-areaoperation.■■Chapter 2, “Single-Area OSPFv2 Configuration”:This chapter reviews how to imple-ment single-area OSPFv2 networks. It includes router ID configuration, point-to-pointconfiguration, DR/BDR election, single-area modification, default route propagation, andverification of single-area OSPFv2 configuration.■■Chapter 3, “Network Security Concepts”:This chapter reviews how vulnerabilities,threats, and exploits can be mitigated to enhance network security. It includes descrip-tions of the current state of cybersecurity, tools used by threat actors, malware types,common network attacks, IP vulnerabilities, TCP and UDP vulnerabilities, network bestpractices, and cryptography.■■Chapter 4, “ACL Concepts”:This chapter reviews how ACLs are used to filter traffic,how wildcard masks are used, the creation of ACLs, and the difference between standardand extended IPv4 ACLs.■■Chapter 5, “ACLs for IPv4 Configuration”:This chapter reviews how to implementACLs. It includes standard IPv4 ACL configuration, ACL modifications using sequencenumbers, applying an ACL to vty lines, and extended IPv4 ACL configuration.■■Chapter 6, “NAT for IPv4”:This chapter reviews how to enable NAT services on arouter to provide IPv4 address scalability. It includes descriptions of the purpose andfunction of NAT, the different types of NAT, and the advantages and disadvantages ofNAT. Configuration topics include static NAT, dynamic NAT, and PAT. NAT64 is alsobriefly discussed.■■Chapter 7, “WAN Concepts”:This chapter reviews how WAN access technologies canbe used to satisfy business requirements. It includes descriptions of the purpose of aWAN, how WANs operate, traditional WAN connectivity options, modern WAN con-nectivity options, and internet-based connectivity options.■■Chapter 8, “VPN and IPsec Concepts”:This chapter reviews how VPNs and IPsec areused to secure communications. It includes descriptions of different types of VPNs andan explanation of how the IPsec framework is used to secure network traffic.

Loading page image...

■■Chapter 9, “QoS Concepts”:This chapter reviews how network devices use QoS to pri-oritize network traffic. It includes descriptions of network transmission characteristics,queuing algorithms, different queueing models, and QoS implementation techniques.■■Chapter 10, “Network Management”:This chapter reviews how to use a variety ofprotocols and techniques to manage the network, including CDP, LLDP, NTP, SNMP, andsyslog. In addition, this chapter discusses the management of configuration files andIOS images.■■Chapter 11, “Network Design”:This chapter reviews the characteristics of scalablenetworks. It includes descriptions of network convergence, considerations for designingscalable networks, and switch and router hardware.■■Chapter 12, “Network Troubleshooting”:This chapter reviews how to troubleshootnetworks. It includes explanations of network documentation, troubleshooting methods,and troubleshooting tools. This chapter also demonstrates how to troubleshoot symp-toms and causes of network problems using a layered approach.■■Chapter 13, “Network Virtualization”:This chapter reviews the purpose and character-istics of network virtualization. It includes descriptions of cloud computing, the impor-tance of virtualization, network device virtualization, software-defined network, andcontrollers used in network programming.■■Chapter 14, “Network Automation”:This chapter reviews network automation. Itincludes descriptions of automation, data formats, APIs, REST, configuration manage-ment tools, and Cisco DNA Center.Introductionxxxi

Loading page image...

CHAPTER 1Single-Area OSPFv2 ConceptsThe “Study Guide” portion of this chapter uses a variety of exercises to test your knowledge of howsingle-area Open Shortest Path First (OSPF) operates in both point-to-point and broadcast multiaccessnetworks. There are no labs or Packet Tracer activities for this chapter.As you work through this chapter, use Chapter 1 inEnterprise Networking, Security, andAutomation v7 Companion Guideor use the corresponding Module 1 in the Enterprise Networking,Security, and Automation online curriculum for assistance.

Loading page image...

2EnterpriseNetworking,Security,andAutomationLabsandStudyGuide(CCNAv7)Study GuideOSPF Features and CharacteristicsIn this section, you review basic OSPF features and characteristics.Components of OSPFOSPF is a link-state routing protocol that was developed as an alternative for the distance vec-tor protocol Routing Information Protocol (RIP). OSPF uses the concept of areas. A networkadministrator can divide the routing domain into distinct areas that help control routing updatetraffic. A link is an interface on a router. Information about the state of a link is known as link-state information; this information includes the network prefix, prefix length, and cost.The components of OSPF include■■Router protocol messages: OSPF routers exchange routing information using five typesof packets. List them.■■Hello packet■■Database description packet■■Link-state request packet■■Link-state update packet■■Link-state acknowledgment packet■■Data structures: OSPF messages are used to create and maintain three OSPF databases.List and briefly describe each of them in a few words.■■Adjacency database:This creates the neighbor table.■■Link-state database (LSDB):This creates the topology table.■■Forwarding database:This creates the routing table.■■Algorithm: OSPF route calculations are based on Dijkstra’s shortest-path first (SPF)algorithm, which accumulates the cost to reach a destination. This algorithm then buildsa tree that is used to calculate the best routes to install in the routing table.Link-State OperationOSPF routers use the link-state routing process to reach a state of convergence where theLSDBs of all routers in the area have the same topology table. List and briefly describe the fivesteps in the link-state routing process.Step 1.Establish neighbor adjacencies:Routers send Hello packets out all OSPF-enabledinterfaces to attempt to establish a neighbor adjacency with any other OSPF-enabledrouters.Step 2.Exchange link-state advertisements:Routers exchange link-state advertisements(LSAs). LSAs contain the state and cost of each directly connected link.Step 3.Build the link state:Routers build the topology table (LSDB) based on the receivedLSAs.

Preview Mode

This document has 508 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

Solution Manual for Enterprise Networking, Security, and Automation Labs and Study Guide (CCNAv7)

DevOps and Its Importance Study Notes

Veeam Certified Engineer VMCE-V12

Modules 1 - 3 Basic Network Connectivity and Commu

Notes CCNA

CCNA 200-301 Portable Command Guide 5th Edition 20

CCNA 200-301 Portable Command Guide 5th Edition 22

CCNA 200-301 Portable Command Guide 5th Edition 36

Foundations of Novell Networking Section 26

Modulo 7 DHCPv4

Company

Explore

Study Tools