||||||||||||||||||||

Practice Building access-list Commands

Named ACLs and ACL Editing
Named IP Access Lists
Editing ACLs Using Sequence Numbers
Numbered ACL Configuration Versus
Named ACL Configuration
ACL Implementation Considerations
Additional Reading on ACLs
Chapter Review
Part I Review

Part II Security Services

Chapter 4 Security Architectures

“Do I Know This Already?” Quiz
Foundation Topics
Security Terminology
Common Security Threats
Attacks That Spoof Addresses
Denial-of-Service Attacks
Reflection and Amplification
Attacks
Man-in-the-Middle Attacks
Address Spoofing Attack Summary

||||||||||||||||||||
||||||||||||||||||||

Reconnaissance Attacks
Buffer Overflow Attacks
Malware
Human Vulnerabilities
Password Vulnerabilities
Password Alternatives
Controlling and Monitoring User Access
Developing a Security Program to Educate
Users
Chapter Review

Chapter 5 Securing Network Devices

“Do I Know This Already?” Quiz
Foundation Topics
Securing IOS Passwords
Encrypting Older IOS Passwords with
service password-encryption
Encoding the Enable Passwords with
Hashes
Interactions Between Enable
Password and Enable Secret
Making the Enable Secret Truly
Secret with a Hash
Improved Hashes for Cisco’s Enable

Technet24
||||||||||||||||||||
||||||||||||||||||||

Secret
Encoding the Passwords for Local
Usernames
Controlling Password Attacks with
ACLs
Firewalls and Intrusion Prevention Systems
Traditional Firewalls
Security Zones
Intrusion Prevention Systems (IPS)
Cisco Next-Generation Firewalls
Cisco Next-Generation IPS
Chapter Review

Chapter 6 Implementing Switch Port Security

“Do I Know This Already?” Quiz
Foundation Topics
Port Security Concepts and Configuration
Configuring Port Security
Verifying Port Security
Port Security MAC Addresses
Port Security Violation Modes
Port Security Shutdown Mode
Port Security Protect and Restrict

||||||||||||||||||||
||||||||||||||||||||

Modes
Chapter Review

Chapter 7 Implementing DHCP

“Do I Know This Already?” Quiz
Foundation Topics
Dynamic Host Configuration Protocol
DHCP Concepts
Supporting DHCP for Remote
Subnets with DHCP Relay
Information Stored at the DHCP
Server
Configuring DHCP Features on Routers
and Switches
Configuring DHCP Relay
Configuring a Switch as DHCP
Client
Configuring a Router as DHCP
Client
Identifying Host IPv4 Settings
Host Settings for IPv4
Host IP Settings on Windows
Host IP Settings on macOS
Host IP Settings on Linux

Technet24
||||||||||||||||||||
||||||||||||||||||||

Chapter Review

Chapter 8 DHCP Snooping and ARP

Inspection
“Do I Know This Already?” Quiz
Foundation Topics
DHCP Snooping
DHCP Snooping Concepts
A Sample Attack: A Spurious DHCP
Server
DHCP Snooping Logic
Filtering DISCOVER Messages
Based on MAC Address
Filtering Messages that Release IP
Addresses
DHCP Snooping Configuration
Configuring DHCP Snooping on a
Layer 2 Switch
Limiting DHCP Message Rates
DHCP Snooping Configuration
Summary
Dynamic ARP Inspection
DAI Concepts
Review of Normal IP ARP

||||||||||||||||||||
||||||||||||||||||||

Gratuitous ARP as an Attack Vector

Dynamic ARP Inspection Logic
Dynamic ARP Inspection Configuration
Configuring ARP Inspection on a
Layer 2 Switch
Limiting DAI Message Rates
Configuring Optional DAI Message
Checks
IP ARP Inspection Configuration
Summary
Chapter Review
Part II Review

Part III IP Services

Chapter 9 Device Management Protocols

“Do I Know This Already?” Quiz
Foundation Topics
System Message Logging (Syslog)
Sending Messages in Real Time to
Current Users
Storing Log Messages for Later Review
Log Message Format
Log Message Severity Levels

Technet24
||||||||||||||||||||
||||||||||||||||||||

Configuring and Verifying System

Logging
The debug Command and Log Messages
Network Time Protocol (NTP)
Setting the Time and Timezone
Basic NTP Configuration
NTP Reference Clock and Stratum
Redundant NTP Configuration
NTP Using a Loopback Interface for
Better Availability
Analyzing Topology Using CDP and LLDP
Examining Information Learned by
CDP
Configuring and Verifying CDP
Examining Information Learned by
LLDP
Configuring and Verifying LLDP
Chapter Review

Chapter 10 Network Address Translation

“Do I Know This Already?” Quiz
Foundation Topics
Perspectives on IPv4 Address Scalability
CIDR

||||||||||||||||||||
||||||||||||||||||||

Private Addressing
Network Address Translation Concepts
Static NAT
Dynamic NAT
Overloading NAT with Port Address
Translation
NAT Configuration and Troubleshooting
Static NAT Configuration
Dynamic NAT Configuration
Dynamic NAT Verification
NAT Overload (PAT) Configuration
NAT Troubleshooting
Chapter Review

Chapter 11 Quality of Service (QoS)

“Do I Know This Already?” Quiz
Foundation Topics
Introduction to QoS
QoS: Managing Bandwidth, Delay,
Jitter, and Loss
Types of Traffic
Data Applications
Voice and Video Applications

Technet24
||||||||||||||||||||
||||||||||||||||||||

QoS as Mentioned in This Book

QoS on Switches and Routers
Classification and Marking
Classification Basics
Matching (Classification) Basics
Classification on Routers with ACLs and
NBAR
Marking IP DSCP and Ethernet CoS
Marking the IP Header
Marking the Ethernet 802.1Q
Header
Other Marking Fields
Defining Trust Boundaries
DiffServ Suggested Marking Values
Expedited Forwarding (EF)
Assured Forwarding (AF)
Class Selector (CS)
Guidelines for DSCP Marking
Values
Queuing
Round-Robin Scheduling
(Prioritization)
Low Latency Queuing

||||||||||||||||||||
||||||||||||||||||||

A Prioritization Strategy for Data,

Voice, and Video
Shaping and Policing
Policing
Where to Use Policing
Shaping
Setting a Good Shaping Time
Interval for Voice and Video
Congestion Avoidance
TCP Windowing Basics
Congestion Avoidance Tools
Chapter Review

Chapter 12 Miscellaneous IP Services

“Do I Know This Already?” Quiz
Foundation Topics
First Hop Redundancy Protocol
The Need for Redundancy in Networks
The Need for a First Hop Redundancy
Protocol
The Three Solutions for First-Hop
Redundancy
HSRP Concepts
HSRP Failover

Technet24
||||||||||||||||||||