CCNP ISCW Portable Command Guide
- By Scott D. Empson, Hans Roth
- Published Mar 12, 2008 by Cisco Press. Part of the Portable Command Guide series.
Book
- Sorry, this book is no longer in print.
Features
All the CCNP ISCW 642-825 commands in one compact and portable resource
- All CCNP ISCW commands in an easily referenced resource, no need to be near the Internet for searching online resources
- Compact size makes it easy to carry with you as a reference in the workplace. No need to carry around big thick books
- ONLY book published with all CCNP ISCW commands from the only official Cisco certification self study publisher
- Copyright 2008
- Edition: 1st
- Book
- ISBN-10: 1-58720-186-0
- ISBN-13: 978-1-58720-186-8
CCNP ISCW Portable Command Guide
All the ISCW 642-825 commands in one compact, portable resource
Scott Empson
Hans Roth
Preparing for the CCNP certification? Working as a network professional? Here are all the CCNP-level commands for the ISCW exam you need in one condensed, portable resource. The CCNP ISCW Portable Command Guide is filled with valuable, easy-to-access information and is portable enough for use whether you’re in the server room or the equipment closet.
This book can help you memorize commands and concepts as you work to pass the CCNP ISCW exam (642-825). The guide summarizes all CCNP certification-level Cisco IOS Software commands, keywords, command arguments, and associated prompts, providing you with tips and examples of how to apply the commands to real-world scenarios. Sample configurations throughout the book provide you with a better understanding of how these commands are used in simple network designs.
The topics in this portable command guide cover how to do the following:
- Implement basic teleworker services
- Implement Frame-Mode MPLS
- Implement a site-to-site IPsec VPN
- Describe network security strategies
- Implement Cisco Device Hardening
- Implement Cisco IOS Firewall
- Describe and configure Cisco IOS IPS
Scott Empson is currently the assistant program chair of the bachelor of applied information systems technology degree program at the Northern Alberta Institute of Technology in Edmonton, Alberta, Canada, teaching Cisco routing, switching, and network design courses in certificate, diploma, and applied degree programs at the post-secondary level.
Hans Roth is an instructor in the electrical/electronic engineering technology department at Red River College in Winnipeg, Canada.
- Access all CCNP ISCW commands–use as a quick, offline resource for research and solutions
- Logical “how-to” topic groupings provide one-stop research
- Great for review before taking the CCNP ISCW certification exam
- Compact size makes it easy to carry with you, wherever you go
- “Create your own journal” section with blank, lined pages allows you to personalize the book for your needs
This book is part of the Cisco Press Certification Self-Study Product Family, which offers readers a self-paced study routine for Cisco certification exams. Titles in the Cisco Press Certification Self-Study Product Family are part of a recommended learning program from Cisco that includes simulation and hands-on training from authorized
Cisco Learning Partners and self-study products from Cisco Press.
Category: Cisco Press–Cisco Certification
Covers: CCNP ISCW Certification 642-825
Online Sample Chapter
Sample Pages
Download chapter 3, Implementing Frame Mode MPLS
Table of Contents
Chapter 1 Network Design Requirements 1
Cisco Service-Oriented Network Architecture 1
Cisco Enterprise Composite Network Model 2
Chapter 2 Connecting Teleworkers 3
Configuration Example: DSL Using PPPoE 3
Step 1: Configure PPPoE (External Modem) 5
Virtual Private Dial-Up Network (VPDN) Programming 5
Step 2: Configure the Dialer Interface 6
For Password Authentication Protocol (PAP) 7
For Challenge Handshake Authentication Protocol (CHAP) 7
Step 3: Define Interesting Traffic and Specify Default
Routing 7
Step 4a: Configure NAT Using an ACL 8
Step 4b: Configure NAT Using a Route Map 9
Step 5: Configure DHCP Service 10
Step 6: Apply NAT Programming 10
Step 7: Verify a PPPoE Connection 11
Configuring PPPoA 11
Step 1: Configure PPPoA on the WAN Interface (Using
Subinterfaces) 12
Step 2: Configure the Dialer Interface 13
For Password Authentication Protocol (PAP) 13
For Challenge Handshake Authentication Protocol (CHAP) 13
Step 3: Verify a PPPoA Connection 14
Configuring a Cable Modem Connection 15
Step 1: Configure WAN Connectivity 16
Step 2: Configure Local DHCP Service 17
Step 3: Configure NAT Using a Route Map 18
Step 4: Configure Default Routing 18
Step 5: Apply NAT Programming 19
Configuring L2 Bridging Using a Cisco Cable Modem HWIC 19
Step 1: Configure Global Bridging Parameters 19
Step 2: Configure WAN to LAN Bridging 20
Configuring L3 Routing Using a Cisco Cable Modem HWIC 20
Step 1: Remove Bridge Group Programming from All Interfaces 21
Step 2: Configure LAN Connectivity 21
Step 3: Configure WAN Connectivity 21
Chapter 3 Implementing Frame Mode MPLS 23
Configuring Cisco Express Forwarding 23
Verifying CEF 24
Troubleshooting CEF 24
Configuring MPLS on a Frame Mode Interface 25
Configuring MTU Size in Label Switching 26
Configuration Example: Configuring Frame Mode MPLS 27
R1 Router 27
R2 Router 28
R3 Router 30
Chapter 4 IPsec VPNs 33
Configuring a Teleworker to Branch Office VPN Using CLI 34
Step 1: Configure the ISAKMP Policy (IKE Phase 1) 35
Step 2: Configure Policies for the Client Group(s) 35
Step 3: Configure the IPsec Transform Sets (IKE Phase 2, Tunnel Termination) 36
Step 4: Configure Router AAA and Add VPN Client
Users 36
Step 5: Create VPN Client Policy for Security Association Negotiation 37
Step 6: Configure the Crypto Map (IKE Phase 2) 37
Step 7: Apply the Crypto Map to the Interface 38
Step 8: Verify the VPN Service 38
Configuring IPsec Site-to-Site VPNs Using CLI 39
Step 1: Configure the ISAKMP Policy (IKE Phase 1) 39
Step 2: Configure the IPsec Transform Sets (IKE Phase 2,
Tunnel Termination) 40
Step 3: Configure the Crypto ACL (Interesting Traffic, Secure
Data Transfer) 40
Step 4: Configure the Crypto Map (IKE Phase 2) 41
Step 5: Apply the Crypto Map to the Interface (IKE Phase 2) 42
Step 6: Configure the Firewall Interface ACL 42
Step 7: Verify the VPN Service 42
Configuring IPsec Site-to-Site VPNs Using SDM 43
Configuring GRE Tunnels over IPsec 46
Step 1: Create the GRE Tunnel 46
Step 2: Specify the IPsec VPN Authentication Method 47
Step 3: Specify the IPsec VPN IKE Proposals 47
Step 4: Specify the IPsec VPN Transform Sets 48
Step 5a: Specify Static Routing for the GRE over IPsec Tunnel 49
Step 5b: Specify Routing with OSPF for the GRE over IPsec
Tunnel 49
Step 6: Enable the Crypto Programming at the Interfaces 50
Configuring a Static IPsec Virtual Tunnel Interface 50
Step 1: Configure EIGRP AS 1 51
Step 2: Configure Static Routing 51
Step 3: Create IKE Policies and Peers 52
Step 4: Create IPsec Transform Sets 54
Step 5: Create an IPsec Profile 54
Step 6: Create the IPsec Virtual Tunnel Interface 55
Configuring High Availability VPNs 56
Step 1: Configure Hot Standby Routing Protocol Configuration on HSRP1 58
Step 2: Configure Site-to-Site VPN on HSRP1 59
HSRP1 Configuration 59
Tunnel Traffic Filter 59
Key Exchange Policy 60
Addressing, Authentication Credentials, and Transform Set 60
IPsec Tunnel 60
HSRP2 Configuration 61
Tunnel Traffic Filter 61
Key Exchange Policy 61
Addressing, Authentication Credentials, and Transform Set 61
IPsec Tunnel 61
Step 3: Add Programming for Crypto Redundancy Configuration 62
Step 4: Define the Interdevice Communication Protocol (HSRP1 and HSRP) 63
Step 5: Apply the Programming at the Interface 65
Configuring Easy VPN Server Using Cisco SDM 65
Implementing the Cisco VPN Client 69
Chapter 5 Cisco Device Hardening 71
Disabling Unneeded Services and Interfaces 72
Disabling Commonly Configured Management Services 74
Disabling Path Integrity Mechanisms 74
Disabling Features Related to Probes and Scans 75
Terminal Access Security 75
Gratuitous and Proxy Address Resolution Protocol 76
Disabling IP Directed Broadcasts 76
Locking Down Routers with AutoSecure 76
Optional AutoSecure Parameters 82
Locking Down Routers with Cisco SDM 83
SDM Security Audit Wizard 83
One-Step Lockdown 88
Setting Cisco Passwords and Password Security 90
Securing ROMMON 94
Setting a Login Failure Rate 95
Setting Timeouts 97
Setting Multiple Privilege Levels 97
Configuring Banner Messages 98
Role-Based CLI 100
Secure Configuration Files 102
Tips for Using Access Control Lists 103
Using ACLs to Filter Network Traffic to Mitigate Threats 104
IP Address Spoofing: Inbound 104
IP Address Spoofing: Outbound 106
DoS TCP SYN Attacks: Blocking External Attacks 107
DoS TCP SYN Attacks: Using TCP Intercept 108
DoS Smurf Attacks 109
Filtering ICMP Messages: Inbound 110
Filtering ICMP Messages: Outbound 111
Filtering UDP Traceroute Messages 112
Mitigating Dedicated DoS Attacks with ACLs 113
Mitigating TRIN00 114
Mitigating Stacheldraht 115
Mitigating Trinity v3 117
Mitigating SubSeven 118
Configuring an SSH Server for Secure Management and
Reporting 121
Configuring Syslog Logging 122
Configuring an SNMP Managed Node 123
Configuring NTP Clients and Servers 125
Configuration Example: NTP 127
Winnipeg Router (NTP Source) 127
Brandon Router (Intermediate Router) 128
Dauphin Router (Client Router) 128
Configuring AAA on Cisco Routers Using CLI 129
TACACS+ 129
RADIUS 130
Authentication 130
Authorization 131
Accounting 131
Configuring AAA on Cisco Routers Using SDM 132
Chapter 6 Cisco IOS Threat Defense Features 139
Configuring an IOS Firewall from the CLI 139
Step 1: Choose the Interface and Packet Direction to Inspect 140
Step 2: Configure an IP ACL for the Interface 140
Step 3: Set Audit Trails and Alerts 141
Step 4: Define the Inspection Rules 142
Step 5: Apply the Inspection Rules and the ACL to the Outside Interface 143
Step 6: Verify the Configuration 144
Troubleshooting the Configuration 145
Configuring a Basic Firewall Using SDM 145
Configuring an Advanced Firewall Using SDM 149
Verifying Firewall Activity Using CLI 158
Verifying Firewall Activity Using SDM 158
Configuring Cisco IOS Intrusion Prevention System from the CLI 160
Step 1: Specify the Location of the SDF 161
Step 2: Configure the Failure Parameter 161
Step 3: Create an IPS Rule, and Optionally Apply an ACL 162
Step 4: Apply the IPS Rule to an Interface 162
Step 5: Verify the IPS Configuration 163
IPS Enhancements 163
Configuring Cisco IOS IPS from the SDM 165
Viewing Security Device Event Exchange Messages Through SDM 170
Tuning Signatures Through SDM 171
Appendix Create Your Own Journal Here 175