Cart

CCNA 200-301 Official Cert Guide, Volume 2, 1st edition

BRAND: PEARSON

Publisher:Cisco Press
Author: Wendell Odom
Edition: (December 22, 2019) © 2020
eBook ISBN:9780137459957
Print ISBN: 9781587147135
Type: 4 Months Subscription. Dành cho Cá nhân 

eBook edition. Monthly Subscription. Dành cho Cá nhân  |  Trường ĐH, Nhóm, Thư Viện: Gọi 0915920514 để báo giá Pearson, Vital Source eBook hoặc mua Sách In  

Số lượng:
Tổng tiền:
Giá có thể thay đổi bất kỳ khi nào.
Thời hạn giao hàng: 03 ngày làm việc với sách eBook và 30 ngày với sách In. Gọi để được Tư vấn Giáo Trình.

Mô tả sản phẩm


Hướng dẫn cấp chứng chỉ chính thức CCNA 200-301 giúp học viên đạt được thành công trong kỳ thi ngay lần đầu tiên và là tài nguyên tự học duy nhất được Cisco phê duyệt.

Tác giả sách bán chạy nhất và chuyên gia hướng dẫn Wendell Odom chia sẻ những gợi ý chuẩn bị và mẹo làm bài kiểm tra, giúp học sinh xác định những điểm yếu và cải thiện cả kiến ​​thức khái niệm lẫn kỹ năng thực hành.
Được đánh giá cao về mức độ chi tiết, kế hoạch học tập, tính năng đánh giá, câu hỏi và bài tập ôn tập đầy thử thách, hướng dẫn bằng video và phòng thí nghiệm thực hành, hướng dẫn học tập chính thức này giúp sinh viên nắm vững các khái niệm và kỹ thuật đảm bảo thành công trong kỳ thi.


Introduction xxvii

Part I IP Access Control Lists 3

Chapter 1
Introduction to TCP/IP Transport and Applications 4

“Do I Know This Already?” Quiz 4

Foundation Topics 6

TCP/IP Layer 4 Protocols: TCP and UDP 6

Transmission Control Protocol 7

Multiplexing Using TCP Port Numbers 7

Popular TCP/IP Applications 10

Connection Establishment and Termination 12

Error Recovery and Reliability 13

Flow Control Using Windowing 15

User Datagram Protocol 16

TCP/IP Applications 16

Uniform Resource Identifiers 17

Finding the Web Server Using DNS 18

Transferring Files with HTTP 20

How the Receiving Host Identifies the Correct Receiving Application 21

Chapter Review 22

Chapter 2
Basic IPv4 Access Control Lists 24

“Do I Know This Already?” Quiz 24

Foundation Topics 26

IPv4 Access Control List Basics 26

ACL Location and Direction 26

Matching Packets 27

Taking Action When a Match Occurs 28

Types of IP ACLs 28

Standard Numbered IPv4 ACLs 29

List Logic with IP ACLs 29

Matching Logic and Command Syntax 31

Matching the Exact IP Address 31

Matching a Subset of the Address with Wildcards 31

Binary Wildcard Masks 33

Finding the Right Wildcard Mask to Match a Subnet 33

Matching Any/All Addresses 34

Implementing Standard IP ACLs 34

Standard Numbered ACL Example 1 35

Standard Numbered ACL Example 2 36

Troubleshooting and Verification Tips 38

Practice Applying Standard IP ACLs 39

Practice Building access-list Commands 39

Reverse Engineering from ACL to Address Range 40

Chapter Review 41

Chapter 3
Advanced IPv4 Access Control Lists 44

“Do I Know This Already?” Quiz 44

Foundation Topics 46

Extended Numbered IP Access Control Lists 46

Matching the Protocol, Source IP, and Destination IP 46

Matching TCP and UDP Port Numbers 48

Extended IP ACL Configuration 51

Extended IP Access Lists: Example 1 51

Extended IP Access Lists: Example 2 53

Practice Building access-list Commands 54

Named ACLs and ACL Editing 54

Named IP Access Lists 54

Editing ACLs Using Sequence Numbers 56

Numbered ACL Configuration Versus Named ACL Configuration 58

ACL Implementation Considerations 59

Additional Reading on ACLs 60

Chapter Review 61

Part I Review 64

Part II Security Services 67

Chapter 4
Security Architectures 68

“Do I Know This Already?” Quiz 68

Foundation Topics 70

Security Terminology 70

Common Security Threats 72

Attacks That Spoof Addresses 72

Denial-of-Service Attacks 73

Reflection and Amplification Attacks 75

Man-in-the-Middle Attacks 76

Address Spoofing Attack Summary 77

Reconnaissance Attacks 77

Buffer Overflow Attacks 78

Malware 78

Human Vulnerabilities 79

Password Vulnerabilities 80

Password Alternatives 80

Controlling and Monitoring User Access 82

Developing a Security Program to Educate Users 83

Chapter Review 84

Chapter 5
Securing Network Devices 86

“Do I Know This Already?” Quiz 86

Foundation Topics 88

Securing IOS Passwords 88

Encrypting Older IOS Passwords with service password-encryption 89

Encoding the Enable Passwords with Hashes 90

Interactions Between Enable Password and Enable Secret 90

Making the Enable Secret Truly Secret with a Hash 91

Improved Hashes for Cisco's Enable Secret 92

Encoding the Passwords for Local Usernames 94

Controlling Password Attacks with ACLs 95

Firewalls and Intrusion Prevention Systems 95

Traditional Firewalls 96

Security Zones 97

Intrusion Prevention Systems (IPS) 99

Cisco Next-Generation Firewalls 100

Cisco Next-Generation IPS 102

Chapter Review 103

Chapter 6
Implementing Switch Port Security 106

“Do I Know This Already?” Quiz 106

Foundation Topics 108

Port Security Concepts and Configuration 108

Configuring Port Security 109

Verifying Port Security 112

Port Security MAC Addresses 113

Port Security Violation Modes 114

Port Security Shutdown Mode 115

Port Security Protect and Restrict Modes 117

Chapter Review 119

Chapter 7
Implementing DHCP 122

“Do I Know This Already?” Quiz 122

Foundation Topics 124

Dynamic Host Configuration Protocol 124

DHCP Concepts 125

Supporting DHCP for Remote Subnets with DHCP Relay 126

Information Stored at the DHCP Server 128

Configuring DHCP Features on Routers and Switches 129

Configuring DHCP Relay 130

Configuring a Switch as DHCP Client 130

Configuring a Router as DHCP Client 132

Identifying Host IPv4 Settings 133

Host Settings for IPv4 133

Host IP Settings on Windows 134

Host IP Settings on macOS 136

Host IP Settings on Linux 138

Chapter Review 140

Chapter 8
DHCP Snooping and ARP Inspection 144

“Do I Know This Already?” Quiz 144

Foundation Topics 146

DHCP Snooping 146

DHCP Snooping Concepts 146

A Sample Attack: A Spurious DHCP Server 147

DHCP Snooping Logic 148

Filtering DISCOVER Messages Based on MAC Address 150

Filtering Messages that Release IP Addresses 150

DHCP Snooping Configuration 152

Configuring DHCP Snooping on a Layer 2 Switch 152

Limiting DHCP Message Rates 154

DHCP Snooping Configuration Summary 155

Dynamic ARP Inspection 156

DAI Concepts 156

Review of Normal IP ARP 156

Gratuitous ARP as an Attack Vector 157

Dynamic ARP Inspection Logic 158

Dynamic ARP Inspection Configuration 160

Configuring ARP Inspection on a Layer 2 Switch 160

Limiting DAI Message Rates 163

Configuring Optional DAI Message Checks 164

IP ARP Inspection Configuration Summary 165

Chapter Review 166

Part II Review 168

Part III IP Services 171

Chapter 9
Device Management Protocols 172

“Do I Know This Already?” Quiz 172

Foundation Topics 174

System Message Logging (Syslog) 174

Sending Messages in Real Time to Current Users 174

Storing Log Messages for Later Review 175

Log Message Format 176

Log Message Severity Levels 177

Configuring and Verifying System Logging 178

The debug Command and Log Messages 180

Network Time Protocol (NTP) 181

Setting the Time and Timezone 182

Basic NTP Configuration 183

NTP Reference Clock and Stratum 185

Redundant NTP Configuration 186

NTP Using a Loopback Interface for Better Availability 188

Analyzing Topology Using CDP and LLDP 190

Examining Information Learned by CDP 190

Configuring and Verifying CDP 193

Examining Information Learned by LLDP 194

Configuring and Verifying LLDP 197

Chapter Review 199

Chapter 10
Network Address Translation 202

“Do I Know This Already?” Quiz 202

Foundation Topics 204

Perspectives on IPv4 Address Scalability 204

CIDR 205

Private Addressing 206

Network Address Translation Concepts 207

Static NAT 208

Dynamic NAT 210

Overloading NAT with Port Address Translation 211

NAT Configuration and Troubleshooting 213

Static NAT Configuration 213

Dynamic NAT Configuration 215

Dynamic NAT Verification 217

NAT Overload (PAT) Configuration 219

NAT Troubleshooting 222

Chapter Review 223

Chapter 11
Quality of Service (QoS) 226

“Do I Know This Already?” Quiz 226

Foundation Topics 228

Introduction to QoS 228

QoS: Managing Bandwidth, Delay, Jitter, and Loss 228

Types of Traffic 229

Data Applications 229

Voice and Video Applications 230

QoS as Mentioned in This Book 232

QoS on Switches and Routers 233

Classification and Marking 233

Classification Basics 233

Matching (Classification) Basics 234

Classification on Routers with ACLs and NBAR 235

Marking IP DSCP and Ethernet CoS 236

Marking the IP Header 237

Marking the Ethernet 802.1Q Header 237

Other Marking Fields 238

Defining Trust Boundaries 238

DiffServ Suggested Marking Values 239

Expedited Forwarding (EF) 240

Assured Forwarding (AF) 240

Class Selector (CS) 241

Guidelines for DSCP Marking Values 241

Queuing 242

Round-Robin Scheduling (Prioritization) 243

Low Latency Queuing 243

A Prioritization Strategy for Data, Voice, and Video 245

Shaping and Policing 245

Policing 246

Where to Use Policing 246

Shaping 248

Setting a Good Shaping Time Interval for Voice and Video 249

Congestion Avoidance 250

TCP Windowing Basics 250

Congestion Avoidance Tools 251

Chapter Review 252

Chapter 12
Miscellaneous IP Services 254

“Do I Know This Already?” Quiz 254

Foundation Topics 256

First Hop Redundancy Protocol 256

The Need for Redundancy in Networks 257

The Need for a First Hop Redundancy Protocol 259

The Three Solutions for First-Hop Redundancy 260

HSRP Concepts 261

HSRP Failover 261

HSRP Load Balancing 262

Simple Network Management Protocol 263

SNMP Variable Reading and Writing: SNMP Get and Set 264

SNMP Notifications: Traps and Informs 265

The Management Information Base 266

Securing SNMP 267

FTP and TFTP 268

Managing Cisco IOS Images with FTP/TFTP 268

The IOS File System 268

Upgrading IOS Images 270

Copying a New IOS Image to a Local IOS File System Using TFTP 271

Verifying IOS Code Integrity with MD5 273

Copying Images with FTP 273

The FTP and TFTP Protocols 275

FTP Protocol Basics 275

FTP Active and Passive Modes 276

FTP over TLS (FTP Secure) 278

TFTP Protocol Basics 279

Chapter Review 280

Part III Review 284

Part IV Network Architecture 287

Chapter 13
LAN Architecture 288

“Do I Know This Already?” Quiz 288

Foundation Topics 290

Analyzing Campus LAN Topologies 290

Two-Tier Campus Design (Collapsed Core) 290

The Two-Tier Campus Design 290

Topology Terminology Seen Within a Two-Tier Design 291

Three-Tier Campus Design (Core) 293

Topology Design Terminology 295

Small Office/Home Office 295

Power over Ethernet (PoE) 297

PoE Basics 297

PoE Operation 298

PoE and LAN Design 299

Chapter Review 300

Chapter 14
WAN Architecture 302

“Do I Know This Already?” Quiz 302

Foundation Topics 304

Metro Ethernet 304

Metro Ethernet Physical Design and Topology 305

Ethernet WAN Services and Topologies 306

Ethernet Line Service (Point-to-Point) 307

Ethernet LAN Service (Full Mesh) 308

Ethernet Tree Service (Hub and Spoke) 309

Layer 3 Design Using Metro Ethernet 309

Layer 3 Design with E-Line Service 309

Layer 3 Design with E-LAN Service 311

Multiprotocol Label Switching (MPLS) 311

MPLS VPN Physical Design and Topology 313

MPLS and Quality of Service 314

Layer 3 with MPLS VPN 315

Internet VPNs 317

Internet Access 317

Digital Subscriber Line 318

Cable Internet 319

Wireless WAN (3G, 4G, LTE, 5G) 320

Fiber (Ethernet) Internet Access 321

Internet VPN Fundamentals 321

Site-to-Site VPNs with IPsec 322

Remote Access VPNs with TLS 324

VPN Comparisons 326

Chapter Review 326

Chapter 15
Cloud Architecture 328

“Do I Know This Already?” Quiz 328

Foundation Topics 330

Server Virtualization 330

Cisco Server Hardware 330

Server Virtualization Basics 331

Networking with Virtual Switches on a Virtualized Host 333

The Physical Data Center Network 334

Workflow with a Virtualized Data Center 335

Cloud Computing Services 336

Private Cloud (On-Premise) 337

Public Cloud 338

Cloud and the “As a Service” Model 339

Infrastructure as a Service 339

Software as a Service 341

(Development) Platform as a Service 341

WAN Traffic Paths to Reach Cloud Services 342

Enterprise WAN Connections to Public Cloud 342

Accessing Public Cloud Services Using the Internet 342

Pros and Cons with Connecting to Public Cloud with Internet 343

Private WAN and Internet VPN Access to Public Cloud 344

Pros and Cons of Connecting to Cloud with Private WANs 345

Intercloud Exchanges 346

Summarizing the Pros and Cons of Public Cloud WAN Options 346

A Scenario: Branch Offices and the Public Cloud 347

Migrating Traffic Flows When Migrating to Email SaaS 347

Branch Offices with Internet and Private WAN 349

Chapter Review 350

Part IV Review 352

Part V Network Automation 355

Chapter 16
Introduction to Controller-Based Networking 356

“Do I Know This Already?” Quiz 357

Foundation Topics 358

SDN and Controller-Based Networks 358

The Data, Control, and Management Planes 358

The Data Plane 359

The Control Plane 360

The Management Plane 361

Cisco Switch Data Plane Internals 361

Controllers and Software-Defined Architecture 362

Controllers and Centralized Control 363

The Southbound Interface 364

The Northbound Interface 365

Software Defined Architecture Summary 367

Examples of Network Programmability and SDN 367

OpenDaylight and OpenFlow 367

The OpenDaylight Controller 368

The Cisco Open SDN Controller (OSC) 369

Cisco Application Centric Infrastructure (ACI) 369

ACI Physical Design: Spine and Leaf 370

ACI Operating Model with Intent-Based Networking 371

Cisco APIC Enterprise Module 373

APIC-EM Basics 373

APIC-EM Replacement 374

Summary of the SDN Examples 375

Comparing Traditional Versus Controller-Based Networks 375

How Automation Impacts Network Management 376

Comparing Traditional Networks with Controller-Based Networks 378

Chapter Review 379

Chapter 17
Cisco Software-Defined Access (SDA) 382

“Do I Know This Already?” Quiz 383

Foundation Topics 384

SDA Fabric, Underlay, and Overlay 384

The SDA Underlay 386

Using Existing Gear for the SDA Underlay 386

Using New Gear for the SDA Underlay 387

The SDA Overlay 390

VXLAN Tunnels in the Overlay (Data Plane) 390

LISP for Overlay Discovery and Location (Control Plane) 392

DNA Center and SDA Operation 395

Cisco DNA Center 395

Cisco DNA Center and Scalable Groups 396

Issues with Traditional IP-Based Security 397

SDA Security Based on User Groups 398

DNA Center as a Network Management Platform 400

DNA Center Similarities to Traditional Management 401

DNA Center Differences with Traditional Management 402

Chapter Review 403

Chapter 18
Understanding REST and JSON 406

“Do I Know This Already?” Quiz 406

Foundation Topics 408

REST-Based APIs 408

REST-Based (RESTful) APIs 408

Client/Server Architecture 409

Stateless Operation 410

Cacheable (or Not) 410

Background: Data and Variables 410

Simple Variables 410

List and Dictionary Variables 411

REST APIs and HTTP 413

Software CRUD Actions and HTTP Verbs 413

Using URIs with HTTP to Specify the Resource 414

Example of REST API Call to DNA Center 417

Data Serialization and JSON 418

The Need for a Data Model with APIs 419

Data Serialization Languages 421

JSON 421

XML 421

YAML 422

S

TỔNG QUAN SÁCH

Hướng dẫn cấp chứng chỉ chính thức CCNA 200-301 giúp học viên đạt được thành công trong kỳ thi ngay lần đầu tiên và là tài nguyên tự học duy nhất được Cisco phê duyệt.

Tác giả sách bán chạy nhất và chuyên gia hướng dẫn Wendell Odom chia sẻ những gợi ý chuẩn bị và mẹo làm bài kiểm tra, giúp học sinh xác định những điểm yếu và cải thiện cả kiến ​​thức khái niệm lẫn kỹ năng thực hành.
Được đánh giá cao về mức độ chi tiết, kế hoạch học tập, tính năng đánh giá, câu hỏi và bài tập ôn tập đầy thử thách, hướng dẫn bằng video và phòng thí nghiệm thực hành, hướng dẫn học tập chính thức này giúp sinh viên nắm vững các khái niệm và kỹ thuật đảm bảo thành công trong kỳ thi.

MỤC LỤC

Introduction xxvii

Part I IP Access Control Lists 3

Chapter 1
Introduction to TCP/IP Transport and Applications 4

“Do I Know This Already?” Quiz 4

Foundation Topics 6

TCP/IP Layer 4 Protocols: TCP and UDP 6

Transmission Control Protocol 7

Multiplexing Using TCP Port Numbers 7

Popular TCP/IP Applications 10

Connection Establishment and Termination 12

Error Recovery and Reliability 13

Flow Control Using Windowing 15

User Datagram Protocol 16

TCP/IP Applications 16

Uniform Resource Identifiers 17

Finding the Web Server Using DNS 18

Transferring Files with HTTP 20

How the Receiving Host Identifies the Correct Receiving Application 21

Chapter Review 22

Chapter 2
Basic IPv4 Access Control Lists 24

“Do I Know This Already?” Quiz 24

Foundation Topics 26

IPv4 Access Control List Basics 26

ACL Location and Direction 26

Matching Packets 27

Taking Action When a Match Occurs 28

Types of IP ACLs 28

Standard Numbered IPv4 ACLs 29

List Logic with IP ACLs 29

Matching Logic and Command Syntax 31

Matching the Exact IP Address 31

Matching a Subset of the Address with Wildcards 31

Binary Wildcard Masks 33

Finding the Right Wildcard Mask to Match a Subnet 33

Matching Any/All Addresses 34

Implementing Standard IP ACLs 34

Standard Numbered ACL Example 1 35

Standard Numbered ACL Example 2 36

Troubleshooting and Verification Tips 38

Practice Applying Standard IP ACLs 39

Practice Building access-list Commands 39

Reverse Engineering from ACL to Address Range 40

Chapter Review 41

Chapter 3
Advanced IPv4 Access Control Lists 44

“Do I Know This Already?” Quiz 44

Foundation Topics 46

Extended Numbered IP Access Control Lists 46

Matching the Protocol, Source IP, and Destination IP 46

Matching TCP and UDP Port Numbers 48

Extended IP ACL Configuration 51

Extended IP Access Lists: Example 1 51

Extended IP Access Lists: Example 2 53

Practice Building access-list Commands 54

Named ACLs and ACL Editing 54

Named IP Access Lists 54

Editing ACLs Using Sequence Numbers 56

Numbered ACL Configuration Versus Named ACL Configuration 58

ACL Implementation Considerations 59

Additional Reading on ACLs 60

Chapter Review 61

Part I Review 64

Part II Security Services 67

Chapter 4
Security Architectures 68

“Do I Know This Already?” Quiz 68

Foundation Topics 70

Security Terminology 70

Common Security Threats 72

Attacks That Spoof Addresses 72

Denial-of-Service Attacks 73

Reflection and Amplification Attacks 75

Man-in-the-Middle Attacks 76

Address Spoofing Attack Summary 77

Reconnaissance Attacks 77

Buffer Overflow Attacks 78

Malware 78

Human Vulnerabilities 79

Password Vulnerabilities 80

Password Alternatives 80

Controlling and Monitoring User Access 82

Developing a Security Program to Educate Users 83

Chapter Review 84

Chapter 5
Securing Network Devices 86

“Do I Know This Already?” Quiz 86

Foundation Topics 88

Securing IOS Passwords 88

Encrypting Older IOS Passwords with service password-encryption 89

Encoding the Enable Passwords with Hashes 90

Interactions Between Enable Password and Enable Secret 90

Making the Enable Secret Truly Secret with a Hash 91

Improved Hashes for Cisco's Enable Secret 92

Encoding the Passwords for Local Usernames 94

Controlling Password Attacks with ACLs 95

Firewalls and Intrusion Prevention Systems 95

Traditional Firewalls 96

Security Zones 97

Intrusion Prevention Systems (IPS) 99

Cisco Next-Generation Firewalls 100

Cisco Next-Generation IPS 102

Chapter Review 103

Chapter 6
Implementing Switch Port Security 106

“Do I Know This Already?” Quiz 106

Foundation Topics 108

Port Security Concepts and Configuration 108

Configuring Port Security 109

Verifying Port Security 112

Port Security MAC Addresses 113

Port Security Violation Modes 114

Port Security Shutdown Mode 115

Port Security Protect and Restrict Modes 117

Chapter Review 119

Chapter 7
Implementing DHCP 122

“Do I Know This Already?” Quiz 122

Foundation Topics 124

Dynamic Host Configuration Protocol 124

DHCP Concepts 125

Supporting DHCP for Remote Subnets with DHCP Relay 126

Information Stored at the DHCP Server 128

Configuring DHCP Features on Routers and Switches 129

Configuring DHCP Relay 130

Configuring a Switch as DHCP Client 130

Configuring a Router as DHCP Client 132

Identifying Host IPv4 Settings 133

Host Settings for IPv4 133

Host IP Settings on Windows 134

Host IP Settings on macOS 136

Host IP Settings on Linux 138

Chapter Review 140

Chapter 8
DHCP Snooping and ARP Inspection 144

“Do I Know This Already?” Quiz 144

Foundation Topics 146

DHCP Snooping 146

DHCP Snooping Concepts 146

A Sample Attack: A Spurious DHCP Server 147

DHCP Snooping Logic 148

Filtering DISCOVER Messages Based on MAC Address 150

Filtering Messages that Release IP Addresses 150

DHCP Snooping Configuration 152

Configuring DHCP Snooping on a Layer 2 Switch 152

Limiting DHCP Message Rates 154

DHCP Snooping Configuration Summary 155

Dynamic ARP Inspection 156

DAI Concepts 156

Review of Normal IP ARP 156

Gratuitous ARP as an Attack Vector 157

Dynamic ARP Inspection Logic 158

Dynamic ARP Inspection Configuration 160

Configuring ARP Inspection on a Layer 2 Switch 160

Limiting DAI Message Rates 163

Configuring Optional DAI Message Checks 164

IP ARP Inspection Configuration Summary 165

Chapter Review 166

Part II Review 168

Part III IP Services 171

Chapter 9
Device Management Protocols 172

“Do I Know This Already?” Quiz 172

Foundation Topics 174

System Message Logging (Syslog) 174

Sending Messages in Real Time to Current Users 174

Storing Log Messages for Later Review 175

Log Message Format 176

Log Message Severity Levels 177

Configuring and Verifying System Logging 178

The debug Command and Log Messages 180

Network Time Protocol (NTP) 181

Setting the Time and Timezone 182

Basic NTP Configuration 183

NTP Reference Clock and Stratum 185

Redundant NTP Configuration 186

NTP Using a Loopback Interface for Better Availability 188

Analyzing Topology Using CDP and LLDP 190

Examining Information Learned by CDP 190

Configuring and Verifying CDP 193

Examining Information Learned by LLDP 194

Configuring and Verifying LLDP 197

Chapter Review 199

Chapter 10
Network Address Translation 202

“Do I Know This Already?” Quiz 202

Foundation Topics 204

Perspectives on IPv4 Address Scalability 204

CIDR 205

Private Addressing 206

Network Address Translation Concepts 207

Static NAT 208

Dynamic NAT 210

Overloading NAT with Port Address Translation 211

NAT Configuration and Troubleshooting 213

Static NAT Configuration 213

Dynamic NAT Configuration 215

Dynamic NAT Verification 217

NAT Overload (PAT) Configuration 219

NAT Troubleshooting 222

Chapter Review 223

Chapter 11
Quality of Service (QoS) 226

“Do I Know This Already?” Quiz 226

Foundation Topics 228

Introduction to QoS 228

QoS: Managing Bandwidth, Delay, Jitter, and Loss 228

Types of Traffic 229

Data Applications 229

Voice and Video Applications 230

QoS as Mentioned in This Book 232

QoS on Switches and Routers 233

Classification and Marking 233

Classification Basics 233

Matching (Classification) Basics 234

Classification on Routers with ACLs and NBAR 235

Marking IP DSCP and Ethernet CoS 236

Marking the IP Header 237

Marking the Ethernet 802.1Q Header 237

Other Marking Fields 238

Defining Trust Boundaries 238

DiffServ Suggested Marking Values 239

Expedited Forwarding (EF) 240

Assured Forwarding (AF) 240

Class Selector (CS) 241

Guidelines for DSCP Marking Values 241

Queuing 242

Round-Robin Scheduling (Prioritization) 243

Low Latency Queuing 243

A Prioritization Strategy for Data, Voice, and Video 245

Shaping and Policing 245

Policing 246

Where to Use Policing 246

Shaping 248

Setting a Good Shaping Time Interval for Voice and Video 249

Congestion Avoidance 250

TCP Windowing Basics 250

Congestion Avoidance Tools 251

Chapter Review 252

Chapter 12
Miscellaneous IP Services 254

“Do I Know This Already?” Quiz 254

Foundation Topics 256

First Hop Redundancy Protocol 256

The Need for Redundancy in Networks 257

The Need for a First Hop Redundancy Protocol 259

The Three Solutions for First-Hop Redundancy 260

HSRP Concepts 261

HSRP Failover 261

HSRP Load Balancing 262

Simple Network Management Protocol 263

SNMP Variable Reading and Writing: SNMP Get and Set 264

SNMP Notifications: Traps and Informs 265

The Management Information Base 266

Securing SNMP 267

FTP and TFTP 268

Managing Cisco IOS Images with FTP/TFTP 268

The IOS File System 268

Upgrading IOS Images 270

Copying a New IOS Image to a Local IOS File System Using TFTP 271

Verifying IOS Code Integrity with MD5 273

Copying Images with FTP 273

The FTP and TFTP Protocols 275

FTP Protocol Basics 275

FTP Active and Passive Modes 276

FTP over TLS (FTP Secure) 278

TFTP Protocol Basics 279

Chapter Review 280

Part III Review 284

Part IV Network Architecture 287

Chapter 13
LAN Architecture 288

“Do I Know This Already?” Quiz 288

Foundation Topics 290

Analyzing Campus LAN Topologies 290

Two-Tier Campus Design (Collapsed Core) 290

The Two-Tier Campus Design 290

Topology Terminology Seen Within a Two-Tier Design 291

Three-Tier Campus Design (Core) 293

Topology Design Terminology 295

Small Office/Home Office 295

Power over Ethernet (PoE) 297

PoE Basics 297

PoE Operation 298

PoE and LAN Design 299

Chapter Review 300

Chapter 14
WAN Architecture 302

“Do I Know This Already?” Quiz 302

Foundation Topics 304

Metro Ethernet 304

Metro Ethernet Physical Design and Topology 305

Ethernet WAN Services and Topologies 306

Ethernet Line Service (Point-to-Point) 307

Ethernet LAN Service (Full Mesh) 308

Ethernet Tree Service (Hub and Spoke) 309

Layer 3 Design Using Metro Ethernet 309

Layer 3 Design with E-Line Service 309

Layer 3 Design with E-LAN Service 311

Multiprotocol Label Switching (MPLS) 311

MPLS VPN Physical Design and Topology 313

MPLS and Quality of Service 314

Layer 3 with MPLS VPN 315

Internet VPNs 317

Internet Access 317

Digital Subscriber Line 318

Cable Internet 319

Wireless WAN (3G, 4G, LTE, 5G) 320

Fiber (Ethernet) Internet Access 321

Internet VPN Fundamentals 321

Site-to-Site VPNs with IPsec 322

Remote Access VPNs with TLS 324

VPN Comparisons 326

Chapter Review 326

Chapter 15
Cloud Architecture 328

“Do I Know This Already?” Quiz 328

Foundation Topics 330

Server Virtualization 330

Cisco Server Hardware 330

Server Virtualization Basics 331

Networking with Virtual Switches on a Virtualized Host 333

The Physical Data Center Network 334

Workflow with a Virtualized Data Center 335

Cloud Computing Services 336

Private Cloud (On-Premise) 337

Public Cloud 338

Cloud and the “As a Service” Model 339

Infrastructure as a Service 339

Software as a Service 341

(Development) Platform as a Service 341

WAN Traffic Paths to Reach Cloud Services 342

Enterprise WAN Connections to Public Cloud 342

Accessing Public Cloud Services Using the Internet 342

Pros and Cons with Connecting to Public Cloud with Internet 343

Private WAN and Internet VPN Access to Public Cloud 344

Pros and Cons of Connecting to Cloud with Private WANs 345

Intercloud Exchanges 346

Summarizing the Pros and Cons of Public Cloud WAN Options 346

A Scenario: Branch Offices and the Public Cloud 347

Migrating Traffic Flows When Migrating to Email SaaS 347

Branch Offices with Internet and Private WAN 349

Chapter Review 350

Part IV Review 352

Part V Network Automation 355

Chapter 16
Introduction to Controller-Based Networking 356

“Do I Know This Already?” Quiz 357

Foundation Topics 358

SDN and Controller-Based Networks 358

The Data, Control, and Management Planes 358

The Data Plane 359

The Control Plane 360

The Management Plane 361

Cisco Switch Data Plane Internals 361

Controllers and Software-Defined Architecture 362

Controllers and Centralized Control 363

The Southbound Interface 364

The Northbound Interface 365

Software Defined Architecture Summary 367

Examples of Network Programmability and SDN 367

OpenDaylight and OpenFlow 367

The OpenDaylight Controller 368

The Cisco Open SDN Controller (OSC) 369

Cisco Application Centric Infrastructure (ACI) 369

ACI Physical Design: Spine and Leaf 370

ACI Operating Model with Intent-Based Networking 371

Cisco APIC Enterprise Module 373

APIC-EM Basics 373

APIC-EM Replacement 374

Summary of the SDN Examples 375

Comparing Traditional Versus Controller-Based Networks 375

How Automation Impacts Network Management 376

Comparing Traditional Networks with Controller-Based Networks 378

Chapter Review 379

Chapter 17
Cisco Software-Defined Access (SDA) 382

“Do I Know This Already?” Quiz 383

Foundation Topics 384

SDA Fabric, Underlay, and Overlay 384

The SDA Underlay 386

Using Existing Gear for the SDA Underlay 386

Using New Gear for the SDA Underlay 387

The SDA Overlay 390

VXLAN Tunnels in the Overlay (Data Plane) 390

LISP for Overlay Discovery and Location (Control Plane) 392

DNA Center and SDA Operation 395

Cisco DNA Center 395

Cisco DNA Center and Scalable Groups 396

Issues with Traditional IP-Based Security 397

SDA Security Based on User Groups 398

DNA Center as a Network Management Platform 400

DNA Center Similarities to Traditional Management 401

DNA Center Differences with Traditional Management 402

Chapter Review 403

Chapter 18
Understanding REST and JSON 406

“Do I Know This Already?” Quiz 406

Foundation Topics 408

REST-Based APIs 408

REST-Based (RESTful) APIs 408

Client/Server Architecture 409

Stateless Operation 410

Cacheable (or Not) 410

Background: Data and Variables 410

Simple Variables 410

List and Dictionary Variables 411

REST APIs and HTTP 413

Software CRUD Actions and HTTP Verbs 413

Using URIs with HTTP to Specify the Resource 414

Example of REST API Call to DNA Center 417

Data Serialization and JSON 418

The Need for a Data Model with APIs 419

Data Serialization Languages 421

JSON 421

XML 421

YAML 422

S

-%
0₫ 0₫
0915920514
0915920514