Cisco Networks

For beginning and experienced network engineers tasked with building LAN, WAN, and data center connections, this book lays out clear directions for installing, configuring, and troubleshooting networks with Cisco devices. Cisco Networks, 2nd Edition is a practical guide and desk reference for Cisco engineers. This new edition will discuss tools that can be used to automate and troubleshoot networks. A new chapter on quality of service has been added to teach managing network resources by prioritizing specific types of network traffic. The new edition has an updated wireless section which focuses on an updated controller and integration with Cisco Identity Services Engine (ISE) and Cisco Prime Infrastructure.

This practical desk companion doubles as a comprehensive overview of the basic knowledge and skills needed by CCNA and CCNP exam takers. Prior familiarity with Cisco routing and switching is desirable but not necessary, as Chris Carthern, Dr. Will Wilson, and Noel Rivera start their book with a review of network basics. Further they explain practical considerations and troubleshooting when establishing a physical medium for network communications. Later they explain the concept of network layers, intermediate LAN switching, and routing. Next they introduce you to the tools and automation used with Cisco networks. Moving forward they explain management planes, data planes, and control planes. Next they describe advanced security, trouble shooting, and network management. They conclude the book with a section which focuses on using network automation to automate Cisco IOS networks.

WHAT YOU WILL LEARN

* Configure Cisco switches, routers, and data center devices in typical corporate network architectures
* Use black-hat tools to conduct penetration testing on the security of your network
* Configure and secure virtual private networks (VPNs)
* Enable identity management in your network with the Cisco Identity Services Engine (ISE)

WHO THIS BOOK IS FOR

Network designers, engineers, programmers, managers, and students.

CHRIS is a senior network engineer for Mantech and has worked for the department of defense. He is responsible for designing, installing, and maintaining the Cisco network infrastructure and mentoring junior network engineers. Carthern took his BS (honors) in computer science from Morehouse College and his MS in system engineering from the University of Maryland Baltimore County (UMBC). He holds the following certifications: Cisco Certified Network Professional (CCNP), Certified Information Systems Security Professional (CISSP), Brocade Certified Network Professional (BCNP), and ITIL v3. He is also an award winning photographer and indie movie producer.

NOEL RIVERA is a systems architect with CACI who specializes in communications networks, IT security, and infrastructure automation. He has worked at NASA, DoD, Lockheed Martin, and CACI. Mr. Rivera holds a bachelors of electrical engineering from the University of Puerto Rico at Mayaguez and two masters degrees one in electrical engineering and another in computer science from Johns Hopkins University. Mr. Rivera holds the following certifications: Cisco Internetwork Expert in Routing and Switching (CCIE-RS), Cisco Internetwork Expert in Security (CCIE-SEC), Certified Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Juniper Network Certified Service Provider Professional (JNCIP-SP ), Juniper Networks Certified Cloud Professional (JNCIP-Cloud), VMWare Certified Data Center Virtualization Professional (VCP-DCV), VMWare Certified Network Virtualization Professional (VCP-NV), ITILv3 and is currently working on his Juniper Networks Certified Service Provider Expert certification (JNCIE-SP) and Microsoft Azure Solutions Architect Expert certification.

DR. WILSON is a senior network consulting engineer. He specializes in optimization of routing and in security. He is responsible for assisting customers with resolving complex architectural and operation issues. He holds a bachelor’s degree in mathematics from the University of Colorado. His doctorate is in computer science with a focus on applications of artificial intelligence in information security. He maintains the following certifications: Cisco CCIE Routing and Switching, CCIE Security, all of the CCNP tracks, Cisco DevNet Professional, VMware VCP-NV, Certified Ethical Hacker, CISSP, MCSE, and PMP.

CHAPTER 1. PRACTICAL NETWORKING INTRO

[The purposes and functions each layer in network communications; discussion of OSI and TCP/IP protocols. How the layers work together and what do they tell us about the layers below.]

1.1 OSI Model

1.2 Physical layer

1.3 Data Link layer

1.4 Network layer

1.5 Transport layer

1.6 Session layer

1.7 Presentation layer

1.8 Application layer

1.9 TCP/IP Protocol

1.10 Port Numbers - (List common enterprise port numbers)

1.11 Types of Communications - Broadcast, Unicast, Multicast and Anycast

1.12 Types of Networks

1.13 Network Architectures

1.14 Intro and use case for software define networking

1.15 Summary

CHAPTER 2. THE PHYSICAL MEDIUM

[Practical considerations and troubleshooting when establishing a physical medium for network communications. Common problems at the physical layer.]

2.1 Physical medium

2.2 Standards

2.3 Cables

2.4 Ethernet

2.5 Negotiation

2.6 Duplex

2.7 Unidirectional Link Detection (UDLD)

2.8 Common issues

2.9 Summary

CHAPTER 3. PROTOCOLS AND THE DATA LINK LAYER

[The idea of protocols and their use, functions of the data link layer using IEEE 802.3 and switching. What the data link tells about the physical medium state and the higher layer protocols.]

3.1 Protocols -- Ethernet, MPLS, LLDP, CDP, Spanning Tree, LACP, DOT1Q,

3.2 Link layer functions

3.3 Link layer discovery protocol

3.4 Link layer related to other layers

3.5 Types of messages

3.6 Summary

CHAPTER 4. THE NETWORK LAYER

[The concept of routing, which protocol transmissions are routable and IP addressing, including architecture requirements for IPv4 and IPv6 networks; subnetting. Observing the protocol layer transitions with packet captures]

4.1 IP Communication Types - Broadcast, Multicast, Unicast, Anycast

4.2 IP Addressing (Public vs Private) Bogons and Martians

4.3 CIDR

4.4 IPv4

4.5 IPv6

4.6 Subnetting

4.7 Subnetting exercises

4.8 Summary

CHAPTER 5. INTERMEDIATE LAN SWITCHING

[Basic switching concepts, switch operations, common switching helper protocols their use and functions: (Trunking 802.1q, EtherChannels 802.3ad, RSTP 802.1D. Review the purpose of VLANs; their implementation and multilayer devices.]

5.1 Switching

5.2 LAGs

5.3 Spanning Tree and Spanning Tree interop, Spanning Tree Convergence

5.4 VLANs

5.5 Trunking

5.6 VTP

5.7 MSTP

5.8 Labs; Exercises

5.9 Summary

CHAPTER 6. ROUTING

[Routing concepts with practical implementation, including static routing and dynamic protocols such as OSPF, BGP, RIP and EIGRP.]

6.1 Static routing

6.2 Routing protocols

6.3 IS-IS

6.4 EIGRP

6.5 OSFP

6.6 BGP

6.7 Labs; Exercises

6.8 Summary

CHAPTER 7. INTRODUCTION TO TOOLS AND AUTOMATION

[Introduction into using tools and automation that will be used in further chapters for different use cases.]

7.1 Tools overview

7.2 Introduction to prime infrastructure

7.3 Introduction to ISE

7.4 Introduction to SD-WAN / vManage

7.5 Introduction to DNA

CHAPTER 8. SWITCH AND ROUTER TROUBLESHOOTING (NOTE: NEEDS WORK, ADD MPLS TROUBLESHOOTING.ROUTING TROUBLESHOOTING CAN BE QUIET BIG SHOULD WE BREAK IT DOWN?

WE ALSO NEED TO ADD DATA STRUCTURES FOR SWITCHING/ROUTING: MAC TABLE, ARP TABLE, CEF ADJACENCY TABLE, FIB TABLES, RIB TABLE ETC.)

[How to troubleshoot and resolve issues with Cisco network devices and Client side tools.]

8.1 Techniques

8.2 VLANs

8.3 Trunking

8.4 Routing

8.5 Dynamic routing

8.6 Spanning tree

8.7 EtherChannel

8.8 Tools

8.9 Labs; Exercises

8.10 Summary

CHAPTER 9. NAT/DHCP (ADD A SECTION ON NAT AND IPSEC AND NAT AFFECTED PROTOCOLS)

[The purpose of NAT and DCHP and how to configure them on network devices.]

9.1 NAT

9.2 Static Nat

9.3 Dynamic Nat

9.4 PAT

9.5 DHCP

9.6 Setting up router as DHCP server

9.7 NAT affected protocols

9.8 Labs; Exercises

9.9 Summary

CHAPTER 10. MANAGEMENT PLANE

[How to administer Cisco devices, including booting, working from rommom, managing cisco images, upgrading the IOS, and configuring syslog and SNMPv3. Also port security, access-lists, password security and ssh, SNMPv3, TACACS, RADIUS, Logging]

10.1 Authentication and authorization

10.2 SSH

10.3 Password recovery

10.4 User accounts

10.5 Logging

10.6 Banners

10.7 AAA

10.8 Disabling services

10.9 IOS switch upgrade

10.10 Configuration using prime infrastructure

10.11 Introduction to netconf

10.12Labs; Exercises

10.13 Summary

CHAPTER 11. DATA PLANE

[Commons traffic protocols and the applications of filters. Netflow/Sflow]

11.1 Traffic protocols

11.2 Filters

11.3 Netflow/Sflow

11.4 Labs; Exercises

11.5 Summary

CHAPTER 12. CONTROL PLANE

[Securing the protocol exchange, IGP, BGP, DNS and NTP]

12.1 Layer 2

12.2 IGP

12.3 BGP

12.4 DNS

12.5 Protocol independent multicasting

12.6 NTP

12.7 Managing control plane using tools

12.8 Labs; Exercises

12.9 Summary

CHAPTER 13. INTRODUCTION TO AVAILABILITY

[Redundancy at layer 2 and layer 3: GLBP, VRRP and multilinks. How to VoIP and video configurations; creating high availability and redundancy.]

13.1 High availability

13.2 HSRP

13.3 VRRP

13.4 GLBP

13.5 SLB

13.6 Multilinks

13.7 Layer 2 extensions overview

13.8 Labs; Exercises

13.9 Summary

CHAPTER 14. ADVANCED ROUTING

[How to implement multi-area OSPF, eBGP, IPv6 routing, IPv4 route redistribution to static routes, and dynamic routing protocols; layer 3 path control; implementing basic teleworker and branch services, including GRE tunnels]

14.1 Route maps

14.2 Policy based routing

14.3 Redistribution

14.4 EIGRP

14.5 Multi-area OSPF

14.6 BGP

14.7 IPv6 routing

14.8 GRE tunnels

14.9 IPsec VPNs

14.10 Labs; Exercises

14.11 Summary

CHAPTER 15. QOS

[How to implement, manage and optimize QoS in Cisco Networks]

15.1 Intro to QoS

15.2 Classification and marking

15.3 Policing and shaping

15.4 QoS in IPv6

15.5 QoS design strategies

15.6 QoS for tunnels and sub-interfaces

15.7 Troubleshooting

15.8 Labs

15.9 Summary

CHAPTER 16. ADVANCED SECURITY

[How to implement advanced security solutions, including private VLANs, VACLs and PACLs; implementing port authentication, and Extended ACLs.]

16.1 Private VLANs

16.2 Dot1x

16.3 Extended ACL

16.4 VACL

16.5 PACL

16.6 MAC ACL

16.7 DHCP snooping

16.8 IDS/IPS

16.9 MAC SEC

16.10 Compliance

16.11 Labs; Exercises

16.12 Summary

CHAPTER 17. ADVANCED TROUBLESHOOTING

[How to verify advanced routing problems, including EIGRP, OSPF, eBGP, route redistribution, NAT, DHCP, VACLs, PACLs, and IPv6 routing.]

17.1 Route redistribution

17.2 ACLs

17.3 NAT

17.4 PACL

17.5 Dynamic routing protocols

17.6 IPv6

17.7 IPsec

17.8 GRE tunnels

17.9 HSRP, VRRP, GLBP

17.10 Labs; Exercises

17.11 Summary

CHAPTER 18. EFFECTIVE NETWORK MANAGEMENT

[Aggregation of data from the control, data and management

plane for effective network and data flow management. Use of logs, SNMP, IDS

alerts and Netflow/Sflow]

18.1 Logs

18.2 SNMP

18.3 SLAs and embedded event manager

18.4 sFlow/NetFlow

18.5 Tools

18.6 Labs; Exercises

18.7 Summary

CHAPTER 19. DATA CENTER

[How to configure VLANs and interswitch communications using a Nexus with NX-OS software; configuring routing on NX-OS software, including OSPF and BGP; port channels and port profiles; configuring the Nexus for Fabric Extender (FEX) support.]

19.1 NX-OS

19.2 NX-OSv overview

19.3 VLAN

19.4 VTP

19.5 Virtual Route Forwarding (VRF)

19.6 EIGRP

19.7 OSPF

19.8 BGP

19.9 Port profiles

19.10 Fabric extenders

19.11 Fabric design

19.12 GLBP

19.13 Virtual Port Channel (vPC)

19.14Virtual Device Context (VDC)

19.15 VXLAN

19.16 OTV

19.17 ACI overview

19.18 Labs; Exercises

19.19 Summary

CHAPTER 20. WIRELESS LAN

[The basic components of the Cisco Wireless Network architecture; how to install access points and wireless controllers and incorporate them into switches; wireless security, including port authentication, authentication, and encryption.]

20.1 Wireless components

20.2 Wireless access points

20.3 Wireless controllers

20.4 Integration with ISE

20.5 Cisco prime infrastructure

20.6 Security and authentication

20.7 Labs; Exercises

20.8 Summary

CHAPTER 21. FIREPOWER

[The basic components of the Cisco Firepower; how to configure and manage firewalls and Intrusion Prevention and incorporating them into network architectures, including traffic analysis, Packet filtering, NAT, VPNs, Remote Access and device management.]

21.1 Testing Policies in a Safe Environment

21.2 Baseline network

21.3 Access rules

21.4 Open services

21.5 Anti-Spoofing

21.6 Service policies

21.7 Cluster

21.8 Multi-Context

21.9 Virtual

21.10 Active/Active

21.11 Active/Standby

21.12 SGT based ACLs

21.13 Routing

21.14 VPNs

21.15 Labs; Exercises

21.16 Summary

CHAPTER 22. NETWORK PENETRATION TESTING

[This section will focus on testing the security of your network; performing basic network penetration testing using NMAP, NESSUS, Linux Backtrack and Metasploit tools.]

22.1 Reconnaissance and scanning

22.2 Vulnerability assessment

22.3 Exploitation

22.4 Labs

22.5 Summary

CHAPTER 23. MPLS

[This section will focus on Multiprotocol Label Switching (MPLS) and its implementation in modern networks that is mostly used by enterprises and service providers.]

23.1 Intro to MPLS

23.2 LDP

23.3 MPLS Layer3 VPN

23.4 MPLS Layer2 VPN (VPLS)

23.5 VRF Lite

23.6 IPv6 over MPLS

23.7 MPLS troubleshooting

23.8 Labs

23.9 Summary

CHAPTER 24. DMVPN

[This section will focus on the implementation of dynamic multipoint virtual private networks (DMVPN). We will explore implementing DMVPNs with a hub and spoke architecture; using routing protocols and IPsec.]

24.1 Intro DMVPN

24.2 Phase 1

24.3 Phase 2

24.4 Phase 3

24.5 Flex VPN

24.6 DMVPN troubleshooting

24.7 Labs

24.8 Summary

CHAPTER 25. NETWORK AUTOMATION

[This section will focus on using network automation to automate Cisco IOS networks.]

25.1 Python

25.2 Python APIs

25.3 Napalm

25.4 Nornir

25.5 Labs

25.6 Summary