larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Enterprise Networking, Security, and Automation Companion Guide (CCNAv7)

eBook (Watermarked)

  • Your Price: $69.29
  • List Price: $76.99
  • Includes EPUB and PDF
  • About eBook Formats
  • This eBook includes the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    Adobe Reader PDF The popular standard, used most often with the free Acrobat® Reader® software.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

Also available in other formats.

  • Description
  • Sample Content
  • Updates
  • Copyright 2021
  • Dimensions: 8" x 9-1/8"
  • Pages: 800
  • Edition: 1st
  • eBook (Watermarked)
  • ISBN-10: 0-13-663430-3
  • ISBN-13: 978-0-13-663430-0

Enterprise Networking, Security, and Automation Companion Guide is the official supplemental textbook for the Enterprise Networking, Security, and Automation v7 course in the Cisco Networking Academy CCNA curriculum.


This course describes the architectures and considerations related to designing, securing, operating, and troubleshooting enterprise networks. You will implement the OSPF dynamic routing protocol, identify and protect against cybersecurity threats, configure access control lists (ACLs), implement Network Address Translation (NAT), and learn about WANs and IPsec VPNs. You will also learn about QoS mechanisms, network management tools, network virtualization, and network automation.


The Companion Guide is designed as a portable desk reference to use anytime, anywhere to reinforce the material from the course and organize your time.


The book's features help you focus on important concepts to succeed in this course:

* Chapter objectives:  Review core concepts by answering the focus questions listed at the beginning of each chapter.
* Key terms:  Refer to the lists of networking vocabulary introduced and highlighted in context in each chapter.
* Glossary:  Consult the comprehensive Glossary with more than 500 terms.
* Summary of Activities and Labs:  Maximize your study time with this complete list of all associated practice exercises at the end of each chapter.
* Check Your Understanding:  Evaluate your readiness with the end-of-chapter questions that match the style of questions you see in the online course quizzes. The answer key explains each answer.


How To:  Look for this icon to study the steps you need to learn to perform certain tasks.
Interactive Activities:  Reinforce your understanding of topics with dozens of exercises from the online course identified throughout the book with this icon.
Videos:  Watch the videos embedded within the online course.
Packet Tracer Activities:  Explore and visualize networking concepts using Packet Tracer exercises interspersed throughout the chapters and provided in the accompanying Labs & Study Guide book.
Hands-on Labs:  Work through all the course labs and additional Class Activities that are included in the course and published in the separate Labs & Study Guide.


Sample Pages

Download the sample pages (includes Chapter 4)

Table of Contents

Introduction xxxi
Chapter 1 Single-Area OSPFv2 Concepts 1
Objectives 1
Key Terms 1
Introduction (1.0) 3
OSPF Features and Characteristics (1.1) 3
    Introduction to OSPF (1.1.1) 3
    Components of OSPF (1.1.2) 4
        Routing Protocol Messages 4
        Data Structures 4
        Algorithm 5
    Link-State Operation (1.1.3) 6
        1. Establish Neighbor Adjacencies 6
        2. Exchange Link-State Advertisements 6
        3. Build the Link-State Database 7
        4. Execute the SPF Algorithm 8
        5. Choose the Best Route 8
    Single-Area and Multiarea OSPF (1.1.4) 9
    Multiarea OSPF (1.1.5) 10
    OSPFv3 (1.1.6) 12
OSPF Packets (1.2) 13
    Types of OSPF Packets (1.2.2) 13
    Link-State Updates (1.2.3) 14
    Hello Packet (1.2.4) 15
OSPF Operation (1.3) 17
    OSPF Operational States (1.3.2) 17
    Establish Neighbor Adjacencies (1.3.3) 18
        1. Down State to Init State 18
        2. The Init State 19
        3. Two-Way State 19
        4. Elect the DR and BDR 20
    Synchronizing OSPF Databases (1.3.4) 20
        1. Decide First Router 21
        2. Exchange DBDs 21
        3. Send an LSR 22
    The Need for a DR (1.3.5) 23
    LSA Flooding with a DR (1.3.6) 24
        Flooding LSAs 24
        LSAs and DR 25
Summary (1.4) 27
    OSPF Features and Characteristics 27
    OSPF Packets 28
    OSPF Operation 28
Practice 29
Check Your Understanding 29
Chapter 2 Single-Area OSPFv2 Configuration 33
Objectives 33
Key Terms 33
Introduction (2.0) 34
OSPF Router ID (2.1) 34
    OSPF Reference Topology (2.1.1) 34
    Router Configuration Mode for OSPF (2.1.2) 35
    Router IDs (2.1.3) 36
    Router ID Order of Precedence (2.1.4) 36
    Configure a Loopback Interface as the Router ID (2.1.5) 37
    Explicitly Configure a Router ID (2.1.6) 38
    Modify a Router ID (2.1.7) 39
Point-to-Point OSPF Networks (2.2) 40
    The network Command Syntax (2.2.1) 40
    The Wildcard Mask (2.2.2) 41
    Configure OSPF Using the network Command (2.2.4) 41
    Configure OSPF Using the ip ospf Command (2.2.6) 43
    Passive Interface (2.2.8) 44
    Configure Passive Interfaces (2.2.9) 45
    OSPF Point-to-Point Networks (2.2.11) 46
    Loopbacks and Point-to-Point Networks (2.2.12) 48
Multiaccess OSPF Networks (2.3) 49
    OSPF Network Types (2.3.1) 49
    OSPF Designated Router (2.3.2) 49
    OSPF Multiaccess Reference Topology (2.3.3) 51
    Verify OSPF Router Roles (2.3.4) 52
        R1 DROTHER 52
        R2 BDR 53
        R3 DR 53
    Verify DR/BDR Adjacencies (2.3.5) 54
        R1 Adjacencies 55
        R2 Adjacencies 55
        R3 Adjacencies 56
    Default DR/BDR Election Process (2.3.6) 56
    DR Failure and Recovery (2.3.7) 58
        R3 Fails 58
        R3 Rejoins Network 59
        R4 Joins Network 59
        R2 Fails 59
    The ip ospf priority Command (2.3.8) 61
    Configure OSPF Priority (2.3.9) 61
Modify Single-Area OSPFv2 (2.4) 63
    Cisco OSPF Cost Metric (2.4.1) 63
    Adjust the Reference Bandwidth (2.4.2) 64
    OSPF Accumulates Costs (2.4.3) 66
    Manually Set OSPF Cost Value (2.4.4) 67
    Test Failover to Backup Route (2.4.5) 69
    Hello Packet Intervals (2.4.7) 69
    Verify Hello and Dead Intervals (2.4.8) 70
    Modify OSPFv2 Intervals (2.4.9) 71
Default Route Propagation (2.5) 73
    Propagate a Default Static Route in OSPFv2 (2.5.1) 74
    Verify the Propagated Default Route (2.5.2) 75
Verify Single-Area OSPFv2 (2.6) 77
    Verify OSPF Neighbors (2.6.1) 77
    Verify OSPF Protocol Settings (2.6.2) 79
    Verify OSPF Process Information (2.6.3) 80
    Verify OSPF Interface Settings (2.6.4) 81
Summary (2.7) 83
    OSPF Router ID 83
    Point-to-Point OSPF Networks 83
    OSPF Network Types 84
    Modify Single-Area OSPFv2 85
    Default Route Propagation 86
    Verify Single-Area OSPFv2 86
Practice 87
Check Your Understanding 88
Chapter 3 Network Security Concepts 93
Objectives 93
Key Terms 93
Introduction 95
    Ethical Hacking Statement (3.0.3) 95
Current State of Cybersecurity (3.1) 95
    Current State of Affairs (3.1.1) 95
    Vectors of Network Attacks (3.1.2) 96
    Data Loss (3.1.3) 97
Threat Actors (3.2) 98
    The Hacker (3.2.1) 98
    Evolution of Hackers (3.2.2) 99
    Cyber Criminals (3.2.3) 100
    Hacktivists (3.2.4) 100
    State-Sponsored Hackers (3.2.5) 100
Threat Actor Tools (3.3) 101
    Introduction to Attack Tools (3.3.2) 101
    Evolution of Security Tools (3.3.3) 102
    Attack Types (3.3.4) 104
Malware (3.4) 106
    Overview of Malware (3.4.1) 106
    Viruses and Trojan Horses (3.4.2) 106
    Other Types of Malware (3.4.3) 108
Common Network Attacks (3.5) 109
    Overview of Network Attacks (3.5.1) 109
    Reconnaissance Attacks (3.5.3) 109
    Access Attacks (3.5.5) 110
        Trust Exploitation Example 111
        Port Redirection Example 112
        Man-in-the-Middle Attack Example 112
        Buffer Overflow Attack 112
    Social Engineering Attacks (3.5.6) 114
    DoS and DDoS Attacks (3.5.9) 115
        DoS Attack 116
        DDoS Attack 116
IP Vulnerabilities and Threats (3.6) 117
    IPv4 and IPv6 (3.6.2) 118
    ICMP Attacks (3.6.3) 118
    Amplification and Reflection Attacks (3.6.5) 119
    Address Spoofing Attacks (3.6.6) 120
TCP and UDP Vulnerabilities (3.7) 122
    TCP Segment Header (3.7.1) 122
    TCP Services (3.7.2) 123
    TCP Attacks (3.7.3) 124
        TCP SYN Flood Attack 124
        TCP Reset Attack 125
        TCP Session Hijacking 126
    UDP Segment Header and Operation (3.7.4) 126
    UDP Attacks (3.7.5) 127
        UDP Flood Attacks 127
IP Services 127
    ARP Vulnerabilities (3.8.1) 127
    ARP Cache Poisoning (3.8.2) 128
        ARP Request 128
        ARP Reply 129
        Spoofed Gratuitous ARP Replies 130
    DNS Attacks (3.8.4) 131
        DNS Open Resolver Attacks 131
        DNS Stealth Attacks 132
        DNS Domain Shadowing Attacks 132
    DNS Tunneling (3.8.5) 132
    DHCP (3.8.6) 133
    DHCP Attacks (3.8.7) 134
        1. Client Broadcasts DHCP Discovery Messages 134
        2. DHCP Servers Respond with Offers 134
        3. Client Accepts Rogue DHCP Request 136
        4. Rogue DHCP Acknowledges the Request 136
Network Security Best Practices (3.9) 137
    Confidentiality, Integrity, and Availability (3.9.1) 137
    The Defense-in-Depth Approach (3.9.2) 138
    Firewalls (3.9.3) 139
    IPS (3.9.4) 140
    Content Security Appliances (3.9.5) 141
        Cisco Email Security Appliance (ESA) 142
        Cisco Web Security Appliance (WSA) 142
Cryptography (3.10) 143
    Securing Communications (3.10.2) 143
    Data Integrity (3.10.3) 144
    Hash Functions (3.10.4) 145
    MD5 with 128-Bit Digest 145
        SHA Hashing Algorithm 146
        SHA-2 146
        SHA-3 146
    Origin Authentication (3.10.5) 147
        HMAC Hashing Algorithm 147
        Creating the HMAC Value 148
        Verifying the HMAC Value 149
        Cisco Router HMAC Example 149
    Data Confidentiality (3.10.6) 150
    Symmetric Encryption (3.10.7) 151
    Asymmetric Encryption (3.10.8) 152
    Diffie-Hellman (3.10.9) 155
Summary (3.11) 157
    Current State of Cybersecurity 157
    Threat Actors 157
    Threat Actor Tools 157
    Malware 157
    Common Network Attacks 158
    IP Vulnerabilities and Threats 158
    TCP and UDP Vulnerabilities 158
    IP Services 158
    Network Security Best Practices 159
    Cryptography 159
Practice 159
Check Your Understanding 160
Chapter 4 ACL Concepts 163
Objectives 163
Key Terms 163
Introduction (4.0) 164
Purpose of ACLs (4.1) 164
    What Is an ACL? (4.1.1) 164
    Packet Filtering (4.1.2) 165
    ACL Operation (4.1.3) 166
Wildcard Masks in ACLs (4.2) 168
    Wildcard Mask Overview (4.2.1) 168
    Wildcard Mask Types (4.2.2) 169
        Wildcard to Match a Host 169
        Wildcard Mask to Match an IPv4 Subnet 169
        Wildcard Mask to Match an IPv4 Address Range 170
    Wildcard Mask Calculation (4.2.3) 170
        Example 1 171
        Example 2 171
        Example 3 171
        Example 4 172
    Wildcard Mask Keywords (4.2.4) 172
Guidelines for ACL Creation (4.3) 173
    Limited Number of ACLs per Interface (4.3.1) 173
    ACL Best Practices (4.3.2) 174
Types of IPv4 ACLs (4.4) 175
    Standard and Extended ACLs (4.4.1) 175
    Numbered and Named ACLs (4.4.2) 176
        Numbered ACLs 176
        Named ACLs 177
    Where to Place ACLs (4.4.3) 177
    Standard ACL Placement Example (4.4.4) 179
    Extended ACL Placement Example (4.4.5) 180
Summary (4.5) 182
    Purpose of ACLs 182
    Wildcard Masks 182
    Guidelines for ACL Creation 183
    Types of IPv4 ACLs 183
Practice 184
Check Your Understanding Questions 184
Chapter 5 ACLs for IPv4 Configuration 187
Objectives 187
Key Term 187
Introduction (5.0) 188
Configure Standard IPv4 ACLs (5.1) 188
    Create an ACL (5.1.1) 188
    Numbered Standard IPv4 ACL Syntax (5.1.2) 188
    Named Standard IPv4 ACL Syntax (5.1.3) 189
    Apply a Standard IPv4 ACL (5.1.4) 190
    Numbered Standard IPv4 ACL Example (5.1.5) 191
    Named Standard IPv4 ACL Example (5.1.6) 193
Modify IPv4 ACLs (5.2) 195
    Two Methods to Modify an ACL (5.2.1) 196
    Text Editor Method (5.2.2) 196
    Sequence Numbers Method (5.2.3) 197
    Modify a Named ACL Example (5.2.4) 198
    ACL Statistics (5.2.5) 199
Secure VTY Ports with a Standard IPv4 ACL (5.3) 200
    The access-class Command (5.3.1) 200
    Secure VTY Access Example (5.3.2) 200
    Verify the VTY Port Is Secured (5.3.3) 202
Configure Extended IPv4 ACLs (5.4) 203
    Extended ACLs (5.4.1) 203
    Numbered Extended IPv4 ACL Syntax (5.4.2) 204
    Protocols and Ports (5.4.3) 206
        Protocol Options 206
        Port Keyword Options 207
    Protocols and Port Numbers Configuration Examples (5.4.4) 208
    Apply a Numbered Extended IPv4 ACL (5.4.5) 209
    TCP Established Extended ACL (5.4.6) 210
    Named Extended IPv4 ACL Syntax (5.4.7) 212
    Named Extended IPv4 ACL Example (5.4.8) 212
    Edit Extended ACLs (5.4.9) 213
    Another Named Extended IPv4 ACL Example (5.4.10) 214
    Verify Extended ACLs (5.4.11) 216
        show ip interface 216
        show access-lists 217
        show running-config 218
Summary (5.5) 219
    Configure Standard IPv4 ACLs 219
    Modify IPv4 ACLs 219
    Secure VTY Ports with a Standard IPv4 ACL 220
    Configure Extended IPv4 ACLs 220
Practice 221
Check Your Understanding Questions 222
Chapter 6 NAT for IPv4 225
Objectives 225
Key Terms 225
Introduction (6.0) 226
NAT Characteristics (6.1) 226
    IPv4 Private Address Space (6.1.1) 226
    What Is NAT? (6.1.2) 227
    How NAT Works (6.1.3) 228
    NAT Terminology (6.1.4) 229
        Inside Local 230
        Inside Global 230
        Outside Global 231
        Outside Local 231
Types of NAT (6.2) 231
    Static NAT (6.2.1) 231
    Dynamic NAT (6.2.2) 232
    Port Address Translation (6.2.3) 233
    Next Available Port (6.2.4) 235
    NAT and PAT Comparison (6.2.5) 236
        NAT 236
        PAT 237
    Packets Without a Layer 4 Segment (6.2.6) 237
NAT Advantages and Disadvantages (6.3) 238
    Advantages of NAT (6.3.1) 238
    Disadvantages of NAT (6.3.2) 238
Static NAT (6.4) 239
    Static NAT Scenario (6.4.1) 240
    Configure Static NAT (6.4.2) 240
    Analyze Static NAT (6.4.3) 241
    Verify Static NAT (6.4.4) 242
Dynamic NAT (6.5) 244
    Dynamic NAT Scenario (6.5.1) 244
    Configure Dynamic NAT (6.5.2) 245
    Analyze Dynamic NATInside to Outside (6.5.3) 247
    Analyze Dynamic NATOutside to Inside (6.5.4) 248
    Verify Dynamic NAT (6.5.5) 249
PAT (6.6) 251
    PAT Scenario (6.6.1) 251
    Configure PAT to Use a Single IPv4 Address (6.6.2) 252
    Configure PAT to Use an Address Pool (6.6.3) 253
    Analyze PATPC to Server (6.6.4) 254
    Analyze PATServer to PC (6.6.5) 255
    Verify PAT (6.6.6) 256
NAT64 (6.7) 258
    NAT for IPv6? (6.7.1) 258
    NAT64 (6.7.2) 258
Summary (6.8) 260
    NAT Characteristics 260
    Types of NAT 260
    NAT Advantages and Disadvantages 261
    Static NAT 261
    Dynamic NAT 262
    PAT 262
    NAT64 263
Practice 264
Check Your Understanding Questions 264
Chapter 7 WAN Concepts 269
Objectives 269
Key Terms 269
Introduction (7.0) 272
Purpose of WANs (7.1) 272
    LANs and WANs (7.1.1) 272
    Private and Public WANs (7.1.2) 273
    WAN Topologies (7.1.3) 274
        Point-to-Point Topology 274
        Hub-and-Spoke Topology 275
        Dual-homed Topology 276
        Fully Meshed Topology 276
        Partially Meshed Topology 277
    Carrier Connections (7.1.4) 278
        Single-Carrier WAN Connection 278
        Dual-Carrier WAN Connection 278
    Evolving Networks (7.1.5) 279
        Small Network 279
        Campus Network 280
        Branch Network 281
        Distributed Network 282
WAN Operations (7.2) 283
    WAN Standards (7.2.1) 283
    WANs in the OSI Model (7.2.2) 284
        Layer 1 Protocols 284
        Layer 2 Protocols 284
    Common WAN Terminology (7.2.3) 285
    WAN Devices (7.2.4) 287
    Serial Communication (7.2.5) 289
    Circuit-Switched Communication (7.2.6) 290
    Packet-Switched Communications (7.2.7) 290
    SDH, SONET, and DWDM (7.2.8) 291
Traditional WAN Connectivity (7.3) 292
    Traditional WAN Connectivity Options (7.3.1) 293
    Common WAN Terminology (7.3.2) 293
    Circuit-Switched Options (7.3.3) 295
        Public Service Telephone Network (PSTN) 295
        Integrated Services Digital Network (ISDN) 295
    Packet-Switched Options (7.3.4) 295
        Frame Relay 295
        Asynchronous Transfer Mode (ATM) 296
Modern WAN Connectivity (7.4) 296
    Modern WANs (7.4.1) 296
    Modern WAN Connectivity Options (7.4.2) 297
        Dedicated Broadband 297
        Packet-Switched 298
        Internet-Based Broadband 298
    Ethernet WAN (7.4.3) 298
    MPLS (7.4.4) 300
Internet-Based Connectivity (7.5) 301
    Internet-Based Connectivity Options (7.5.1) 301
        Wired Options 302
        Wireless Options 302
    DSL Technology (7.5.2) 302
    DSL Connections (7.5.3) 303
    DSL and PPP (7.5.4) 303
        Host with PPPoE Client 304
        Router PPPoE Client 304
    Cable Technology (7.5.5) 305
    Optical Fiber (7.5.6) 305
    Wireless Internet-Based Broadband (7.5.7) 306
        Municipal Wi-Fi 306
        Cellular 306
        Satellite Internet 307
        WiMAX 307
    VPN Technology (7.5.8) 308
    ISP Connectivity Options (7.5.9) 309
        Single-Homed 309
        Dual-Homed 309
        Multihomed 309
        Dual-Multihomed 310
    Broadband Solution Comparison (7.5.10) 311
Summary (7.6) 312
    Purpose of WANs 312
    WAN Operations 312
    Traditional WAN Connectivity 313
    Modern WAN Connectivity 314
    Internet-Based Connectivity 314
Practice 315
Check Your Understanding Questions 316
Chapter 8 VPN and IPsec Concepts 319
Objectives 319
Key Terms 319
Introduction (8.0) 321
VPN Technology (8.1) 321
    Virtual Private Networks (8.1.1) 321
    VPN Benefits (8.1.2) 322
    Site-to-Site and Remote-Access VPNs (8.1.3) 323
        Site-to-Site VPN 323
        Remote-Access VPN 324
    Enterprise and Service Provider VPNs (8.1.4) 324
Types of VPNs (8.2) 325
    Remote-Access VPNs (8.2.1) 325
    SSL VPNs (8.2.2) 326
    Site-to-Site IPsec VPNs (8.2.3) 327
    GRE over IPsec (8.2.4) 328
    Dynamic Multipoint VPNs (8.2.5) 330
    IPsec Virtual Tunnel Interface (8.2.6) 331
    Service Provider MPLS VPNs (8.2.7) 332
IPsec (8.3) 333
    IPsec Technologies (8.3.2) 333
    IPsec Protocol Encapsulation (8.3.3) 336
    Confidentiality (8.3.4) 336
    Integrity (8.3.5) 338
    Authentication (8.3.6) 339
    Secure Key Exchange with Diffie-Hellman (8.3.7) 342
Summary (8.4) 344
    VPN Technology 344
    Types of VPNs 344
    IPsec 344
Practice 345
Check Your Understanding Questions 345
Chapter 9 QoS Concepts 351
Objectives 351
Key Terms 351
Introduction (9.0) 353
Network Transmission Quality (9.1) 353
    Prioritizing Traffic (9.1.2) 353
    Bandwidth, Congestion, Delay, and Jitter (9.1.3) 354
    Packet Loss (9.1.4) 355
Traffic Characteristics (9.2) 357
    Network Traffic Trends (9.2.2) 357
    Voice (9.2.3) 358
    Video (9.2.4) 358
    Data (9.2.5) 360
Queuing Algorithms (9.3) 361
    Queuing Overview (9.3.2) 361
    First-In, First Out (9.3.3) 362
    Weighted Fair Queuing (WFQ) (9.3.4) 362
        Limitations of WFQ 363
    Class-Based Weighted Fair Queuing (CBWFQ) (9.3.5) 364
    Low Latency Queuing (LLQ) (9.3.6) 365
QoS Models (9.4) 366
    Selecting an Appropriate QoS Policy Model (9.4.2) 366
    Best Effort (9.4.3) 366
    Integrated Services (9.4.4) 367
    Differentiated Services (9.4.5) 369
QoS Implementation Techniques (9.5) 370
    Avoiding Packet Loss (9.5.2) 371
    QoS Tools (9.5.3) 371
    Classification and Marking (9.5.4) 372
    Marking at Layer 2 (9.5.5) 373
    Marking at Layer 3 (9.5.6) 374
    Type of Service and Traffic Class Field (9.5.7) 375
    DSCP Values (9.5.8) 376
    Class Selector Bits (9.5.9) 377
    Trust Boundaries (9.5.10) 378
    Congestion Avoidance (9.5.11) 379
    Shaping and Policing (9.5.12) 380
    QoS Policy Guidelines (9.5.13) 381
Summary (9.6) 382
    Network Transmission Quality 382
    Traffic Characteristics 382
    Queuing Algorithms 383
    QoS Models 383
    QoS Implementation Techniques 384
Practice 385
Check Your Understanding Questions 385
Chapter 10 Network Management 389
Objectives 389
Key Terms 389
Introduction (10.0) 390
Device Discovery with CDP (10.1) 390
    CDP Overview (10.1.1) 390
    Configure and Verify CDP (10.1.2) 391
    Discover Devices by Using CDP (10.1.3) 393
Device Discovery with LLDP (10.2) 396
    LLDP Overview (10.2.1) 396
    Configure and Verify LLDP (10.2.2) 397
    Discover Devices by Using LLDP (10.2.3) 397
NTP (10.3) 400
    Time and Calendar Services (10.3.1) 400
    NTP Operation (10.3.2) 401
        Stratum 0 402
        Stratum 1 402
        Stratum 2 and Lower 402
    Configure and Verify NTP (10.3.3) 402
SNMP 405
    Introduction to SNMP (10.4.1) 405
    SNMP Operation (10.4.2) 406
    SNMP Agent Traps (10.4.3) 408
    SNMP Versions (10.4.4) 409
    Community Strings (10.4.6) 412
    MIB Object ID (10.4.7) 415
    SNMP Polling Scenario (10.4.8) 415
    SNMP Object Navigator (10.4.9) 417
Syslog (10.5) 418
    Introduction to Syslog (10.5.1) 418
    Syslog Operation (10.5.2) 420
    Syslog Message Format (10.5.3) 421
    Syslog Facilities (10.5.4) 422
    Configure Syslog Timestamp (10.5.5) 422
Router and Switch File Maintenance (10.6) 423
    Router File Systems (10.6.1) 424
        The Flash File System 425
        The NVRAM File System 425
    Switch File Systems (10.6.2) 426
    Use a Text File to Back Up a Configuration (10.6.3) 427
    Use a Text File to Restore a Configuration (10.6.4) 428
    Use TFTP to Back Up and Restore a Configuration (10.6.5) 428
    USB Ports on a Cisco Router (10.6.6) 430
    Use USB to Back Up and Restore a Configuration (10.6.7) 430
        Restore Configurations with a USB Flash Drive 432
    Password Recovery Procedures (10.6.8) 433
    Password Recovery Example (10.6.9) 433
        Step 1. Enter the ROMMON mode 433
        Step 2. Change the configuration register 434
        Step 3. Copy the startup-config to the running-config 434
        Step 4. Change the password 435
        Step 5. Save the running-config as the new startup-config 435
        Step 6. Reload the device 435
IOS Image Management 437
    TFTP Servers as a Backup Location (10.7.2) 437
    Backup IOS Image to TFTP Server Example (10.7.3) 438
        Step 1. Ping the TFTP server 438
        Step 2. Verify image size in flash 439
        Step 3. Copy the image to the TFTP server 439
    Copy an IOS Image to a Device Example (10.7.4) 439
        Step 1. Ping the TFTP server 440
        Step 2. Verify the amount of free flash 440
        Step 3. Copy the new IOS image to flash 441
    The boot system Command (10.7.5) 441
Summary (10.8) 443
    Device Discovery with CDP 443
    Device Discovery with LLDP 443
    NTP 443
    SNMP 444
    Syslog 444
    Router and Switch File Maintenance 445
    IOS Image Management 446
Practice 446
Check Your Understanding Questions 447
Chapter 11 Network Design 453
Objectives 453
Key Terms 453
Introduction (11.0) 455
Hierarchical Networks (11.1) 455
    The Need to Scale the Network (11.1.2) 455
    Borderless Switched Networks (11.1.3) 458
    Hierarchy in the Borderless Switched Network (11.1.4) 459
        Three-Tier Model 460
        Two-Tier Model 461
    Access, Distribution, and Core Layer Functions (11.1.5) 462
        Access Layer 462
        Distribution Layer 462
        Core Layer 462
    Three-Tier and Two-Tier Examples (11.1.6) 462
        Three-Tier Example 463
        Two-Tier Example 464
    Role of Switched Networks (11.1.7) 464
Scalable Networks (11.2) 465
    Design for Scalability (11.2.1) 465
        Redundant Links 466
        Multiple Links 466
        Scalable Routing Protocol 467
        Wireless Connectivity 468
    Plan for Redundancy (11.2.2) 469
    Reduce Failure Domain Size (11.2.3) 470
        Edge Router 470
        AP1 471
        S1 472
        S2 472
        S3 473
        Limiting the Size of Failure Domains 474
        Switch Block Deployment 474
    Increase Bandwidth (11.2.4) 474
    Expand the Access Layer (11.2.5) 475
    Tune Routing Protocols (11.2.6) 476
Switch Hardware (11.3) 477
    Switch Platforms (11.3.1) 477
        Campus LAN Switches 477
        Cloud-Managed Switches 478
        Data Center Switches 478
        Service Provider Switches 479
        Virtual Networking 479
    Switch Form Factors (11.3.2) 479
        Fixed Configuration Switches 480
        Modular Configuration Switches 480
        Stackable Configuration Switches 481
        Thickness 481
    Port Density (11.3.3) 482
    Forwarding Rates (11.3.4) 483
    Power over Ethernet (11.3.5) 484
        Switch 484
        IP Phone 484
        WAP 485
        Cisco Catalyst 2960-C 485
    Multilayer Switching (11.3.6) 485
    Business Considerations for Switch Selection (11.3.7) 486
Router Hardware (11.4) 487
    Router Requirements (11.4.1) 487
    Cisco Routers (11.4.2) 488
        Branch Routers 488
        Network Edge Routers 488
        Service Provider Routers 489
        Industrial 490
    Router Form Factors (11.4.3) 490
        Cisco 900 Series 490
        ASR 9000 and 1000 Series 490
        5500 Series 491
        Cisco 800 492
        Fixed Configuration or Modular 492
Summary (11.5) 493
    Hierarchical Networks 493
    Scalable Networks 493
    Switch Hardware 494
    Router Hardware 494
Practice 495
Check Your Understanding Questions 496
Chapter 12 Network Troubleshooting 501
Objectives 501
Key Terms 501
Introduction (12.0) 502
Network Documentation (12.1) 502
    Documentation Overview (12.1.1) 502
    Network Topology Diagrams (12.1.2) 503
        Physical Topology 503
        Logical IPv4 Topology 504
        Logical IPv6 Topology 505
    Network Device Documentation (12.1.3) 505
        Router Device Documentation 505
        LAN Switch Device Documentation 506
        End-System Documentation Files 506
    Establish a Network Baseline (12.1.4) 507
    Step 1Determine What Types of Data to Collect (12.1.5) 508
    Step 2Identify Devices and Ports of Interest (12.1.6) 508
    Step 3Determine the Baseline Duration (12.1.7) 509
    Data Measurement (12.1.8) 510
Troubleshooting Process (12.2) 512
    General Troubleshooting Procedures (12.2.1) 512
    Seven-Step Troubleshooting Process (12.2.2) 513
        Define the Problem 514
        Gather Information 514
        Analyze Information 514
        Eliminate Possible Causes 514
        Propose Hypothesis 514
        Test Hypothesis 515
        Solve the Problem 515
    Question End Users (12.2.3) 515
    Gather Information (12.2.4) 516
    Troubleshooting with Layered Models (12.2.5) 517
    Structured Troubleshooting Methods (12.2.6) 518
        Bottom-Up 518
        Top-Down 519
        Divide-and-Conquer 520
        Follow-the-Path 521
        Substitution 522
        Comparison 522
        Educated Guess 522
    Guidelines for Selecting a Troubleshooting Method (12.2.7) 523
Troubleshooting Tools (12.3) 524
    Software Troubleshooting Tools (12.3.1) 524
        Network Management System Tools 524
        Knowledge Bases 524
        Baselining Tools 524
    Protocol Analyzers (12.3.2) 525
    Hardware Troubleshooting Tools (12.3.3) 525
        Digital Multimeters 525
        Cable Testers 526
        Cable Analyzers 527
        Portable Network Analyzers 528
        Cisco Prime NAM 528
    Syslog Server as a Troubleshooting Tool (12.3.4) 529
Symptoms and Causes of Network Problems (12.4) 531
    Physical Layer Troubleshooting (12.4.1) 531
    Data Link Layer Troubleshooting (12.4.2) 534
    Network Layer Troubleshooting (12.4.3) 537
    Transport Layer TroubleshootingACLs (12.4.4) 539
    Transport Layer TroubleshootingNAT for IPv4 (12.4.5) 542
    Application Layer Troubleshooting (12.4.6) 543
Troubleshooting IP Connectivity (12.5) 545
    Components of Troubleshooting End-to-End Connectivity (12.5.1) 545
    End-to-End Connectivity Problem Initiates Troubleshooting (12.5.2) 547
        IPv4 ping 547
        IPv4 traceroute 548
        IPv6 ping and traceroute 548
    Step 1Verify the Physical Layer (12.5.3) 549
        Input Queue Drops 550
        Output Queue Drops 550
        Input Errors 551
        Output Errors 551
    Step 2Check for Duplex Mismatches (12.5.4) 551
        Troubleshooting Example 552
    Step 3Verify Addressing on the Local Network (12.5.5) 553
        Windows IPv4 ARP Table 553
        Windows IPv6 Neighbor Table 554
        IOS IPv6 Neighbor Table 555
        Switch MAC Address Table 555
    Troubleshoot VLAN Assignment Example (12.5.6) 556
        Check the ARP Table 557
        Check the Switch MAC Table 557
        Correct the VLAN Assignment 557
    Step 4Verify Default Gateway (12.5.7) 558
        Troubleshooting IPv4 Default Gateway Example 559
        R1 Routing Table 559
        PC1 Routing Table 559
    Troubleshoot IPv6 Default Gateway Example (12.5.8) 560
        R1 Routing Table 560
        PC1 Addressing 560
        Check R1 Interface Settings 561
        Correct R1 IPv6 Routing 561
        Verify PC1 Has an IPv6 Default Gateway 562
    Step 5Verify Correct Path (12.5.9) 562
        Troubleshooting Example 566
    Step 6Verify the Transport Layer (12.5.10) 566
        Troubleshooting Example 566
    Step 7Verify ACLs (12.5.11) 568
        Troubleshooting Example 568
        show ip access-lists 569
        show ip interfaces 569
        Correct the Issue 570
    Step 8Verify DNS (12.5.12) 570
Summary (12.6) 572
    Network Documentation 572
    Troubleshooting Process 572
    Troubleshooting Tools 573
    Symptoms and Causes of Network Problems 573
    Troubleshooting IP Connectivity 574
Practice 577
Check Your Understanding Questions 577
Chapter 13 Network Virtualization 581
Objectives 581
Key Terms 581
Introduction (13.0) 583
Cloud Computing (13.1) 583
    Cloud Overview (13.1.2) 583
    Cloud Services (13.1.3) 584
    Cloud Models (13.1.4) 584
    Cloud Computing Versus Data Center (13.1.5) 585
Virtualization (13.2) 585
    Cloud Computing and Virtualization (13.2.1) 585
    Dedicated Servers (13.2.2) 586
    Server Virtualization (13.2.3) 587
    Advantages of Virtualization (13.2.4) 589
    Abstraction Layers (13.2.5) 589
    Type 2 Hypervisors (13.2.6) 591
Virtual Network Infrastructure (13.3) 592
    Type 1 Hypervisors (13.3.1) 592
    Installing a VM on a Hypervisor (13.3.2) 592
    The Complexity of Network Virtualization (13.3.3) 594
Software-Defined Networking (13.4) 595
    Control Plane and Data Plane (13.4.2) 595
        Layer 3 Switch and CEF 596
        SDN and Central Controller 597
        Management Plane 598
    Network Virtualization Technologies (13.4.3) 598
    Traditional and SDN Architectures (13.4.4) 599
Controllers (13.5) 600
    SDN Controller and Operations (13.5.1) 600
    Core Components of ACI (13.5.3) 602
    Spine-Leaf Topology (13.5.4) 603
    SDN Types (13.5.5) 604
        Device-Based SDN 604
        Controller-Based SDN 605
        Policy-Based SDN 605
    APIC-EM Features (13.5.6) 606
    APIC-EM Path Trace (13.5.7) 606
Summary (13.6) 609
    Cloud Computing 609
    Virtualization 609
    Virtual Network Infrastructure 610
    Software-Defined Networking 610
    Controllers 611
Practice 612
Check Your Understanding Questions 613
Chapter 14 Network Automation 617
Objectives 617
Key Terms 617
Introduction (14.0) 619
Automation Overview (14.1) 619
    The Increase in Automation (14.1.2) 619
    Thinking Devices (14.1.3) 620
Data Formats (14.2) 620
    The Data Formats Concept (14.2.2) 620
    Data Format Rules (14.2.3) 622
    Compare Data Formats (14.2.4) 623
    JSON Data Format (14.2.5) 624
    JSON Syntax Rules (14.2.6) 624
    YAML Data Format (14.2.7) 626
    XML Data Format (14.2.8) 627
APIs (14.3) 628
    The API Concept (14.3.2) 628
    An API Example (14.3.3) 629
    Open, Internal, and Partner APIs (14.3.4) 631
    Types of Web Service APIs (14.3.5) 632
REST (14.4) 633
    REST and RESTful API (14.4.2) 633
    RESTful Implementation (14.4.3) 634
    URI, URN, and URL (14.4.4) 635
    Anatomy of a RESTful Request (14.4.5) 636
    RESTful API Applications (14.4.6) 638
        Developer Website 638
        Postman 638
        Python 638
        Network Operating Systems 638
Configuration Management Tools (14.5) 639
    Traditional Network Configuration (14.5.2) 639
    Network Automation (14.5.3) 641
    Configuration Management Tools (14.5.4) 642
    Compare Ansible, Chef, Puppet, and SaltStack (14.5.5) 642
IBN and Cisco DNA Center (14.6) 644
    Intent-Based Networking Overview (14.6.2) 644
    Network Infrastructure as Fabric (14.6.3) 644
    Cisco Digital Network Architecture (DNA) (14.6.4) 647
    Cisco DNA Center (14.6.5) 648
Summary (14.7) 651
    Automation Overview 651
    Data Formats 651
    APIs 651
    REST 651
    Configuration and Management 652
    IBN and Cisco DNA Center 652
Practice 652
Check Your Understanding Questions 653
Appendix A Answers to the Check Your Understanding Questions 657
Glossary 677


9780136634324    TOC    6/5/2020

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020