CCNP2 Course Detail

Special package pricing available at certain locations depending on availability. Please call 949-477-2000 x300 for details.

CCNP2 – Implementing & Optimizing Converged Cisco Networks

Course Description (ISCW & ONT )

Cisco Routing/Switching certifications focus on the growing need for knowledgeable network professionals who can implement complete network solutions. The range of available certifications enable candidates to validate their expertise in specific focused areas.

This CCNP Part 2 – Optimization & Securing WAN Networks course is a 5-day, lab-intensive course designed for delivery by Ascolta. This task-oriented course, taken with Cisco Certified Network Professional Part 1 – (CCNP1), teaches the knowledge and skills needed to achieve the CCNP certification.

The Cisco Certified Network Professional Part 2 – Optimization & Securing WAN Networks (CCNP2) course is a combination of the Optimizing Converged Cisco Networks (ONT) and Implementing Secure Converged Wide Area Networks (ISCW) courses.

Because of the accelerated nature of the course, be prepared for long days in class -- 8:00 AM to 6:00 PM -- and a heavy study load. Also, not all material in the student manuals for each course will be reviewed in class. Students will have opportunities to ask questions on the material covered in the course kits that is not presented in class.

Optimizing Converged Cisco Networks (ONT)

Course Description

As converged networks and mobility are getting more and more important in the daily business, these technologies need to be optimized in order to support the business requirements. Students will learn about the new Cisco Intelligent Information Network model (IIN) and the Cisco Service-Oriented Network Architecture (SONA) as architectural frameworks for converged networks.

You will gather VoIP network essentials and focus on the VoIP related challenges in such networks. In order to ensure the quality in a converged network, you will deal with concepts and implementation methods for Quality of Service (QoS). Finally, you will face the evolution of wireless security standards, and describe elements of Cisco wireless LAN (WLAN) network. You will work on case studies and several labs based on the Cisco Integrated Services Routers (ISR) related to the converged network topics.

Optimizing Converged Cisco Networks (ONT) is part of the recommended learning path for students seeking the Cisco Certified Internetworking Professional (CCIP), Cisco Certified Network Professional (CCNP), Cisco Certified Design Professional (CCDP), and Cisco Certified Internetwork Expert (CCIE) certifications.

Who should attend this course?

Network Designers
Network Administrators
Network Engineers
Network Managers
Systems Engineers
Sales Support Engineers
Network technicians who are responsible for implementing and troubleshooting complex network environments.
Cisco Channel Partner/Resellers
CCIP, CCNP and CCDP candidates
CCIE Routing and Switching candidates

Pre-ONT course recommendations

INTRO
ICND
BSCI
BCMSN

Prerequisites

Introduction to Cisco Networking Technologies (INTRO) 2.1
Interconnecting Cisco Network Devices (ICND) 2.3
Complete the initial configuration of a switch
Create basic interswitch connections
Complete the initial configuration of a router
Routing (static, default router, default gateway, and basic NAT and PAT)
Concepts linked to routing protocols (classful versus classless routing protocol, Single Area OSPF, RIP, EIGRP, Administrative Distance, and interoperations)
Standard WAN technologies (Frame Relay, PPP, and HDLC)
Fundamental security knowledge including the presence of hackers, viruses, and other security threats
Fundamental knowledge of IP Addressing including the format of IPv4 addresses, the concept of subnetting, and VLSM and CIDR as well as static and default routing
Standard and extended ACLs
Use client utilities including Telnet, IPCONFIG, Trace Route, Ping, FTP, TFTP, and HyperTerminal
Basic IOS familiarity, including accessing the CLI on a Cisco device and specifically implementing the debug and show commands

Follow-on courses

BGP
MPLS
ARSFE
QOS

Certifications

CCNP

Number of Days:

5- Days instructor-led classroom training. (Approx. 7 hours each day.)

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

Describe the converged network requirements within the Cisco conceptual network models with focus on performance and wireless security
Describe Cisco VoIP implementations
Describe the need to implement QoS and the methods for implementing QoS on a converged network using Cisco routers and Catalyst switches
Explain the key IP QoS mechanisms used to implement the DiffServ QoS model
Configure Cisco AutoQoS for the Enterprise
Describe and configure wireless security, and basic wireless management

Lab Topology

Click Image to see full size

Hands-on Lab Exercises

Lab 2-1: ONT Lab Setup and Initialization
Lab 2-2: Placing and Examining VoIP Calls
Lab 3-2: Introducing MQC and the SDM QoS Wizard
Lab 4-1: Configuring NBAR
Lab 4-2: Configuring FIFO and WFQ Queuing Mechanisms
Lab 4-3: Configuring LLQ Queuing Mechanism
Lab 4-4: Class-Based Header Compression
Lab 4-5: Configuring LFI
Lab 4-6: Configuring QoS Preclassify
Lab 5-1: Configuring QoS with Cisco AutoQoS
Lab 5-2: Using MQC to Tune QoS Mechanisms Configured with Cisco AutoQoS
Lab 5-3: Troubleshooting Converged Networks
Lab 6-1: Setting Up the Wireless LAN Controller
Lab 6-2: Basic Security Configuration Using WPA-PSK
Lab 6-3: Advanced Security Configuration Using LEAP Server-Based Authentication
Lab 6-4: Configuring Wireless Control System for WLANs
Configuration Files Summary
Lab Activity Solutions

Implementing Secured Converged Wide Area Networks (ISCW)

Course Description

The Implementing Secure Converged Wide Area Networks (ISCW) is an advanced instructor-led course that introduces techniques and features enabling or enhancing WAN and remote access solutions. This five-day course focuses on using one or more of the available WAN connection technologies for remote access between enterprise sites.

This course includes cable-modems and Digital Subscriber Line (DSL) with Network Address Translation (NAT), Multi Protocol Label Switching (MPLS) virtual private networks (VPNs), and network security using VPNs with IPsec encryption and Internet Key Exchange (IKE) keys. Successful graduates will be able to secure the network environment using existing Cisco IOS security features, and configure the three primary components of the Cisco IOS Firewall Feature set (Firewall, Intrusion Prevention System [IPS], and Authentication, Authorization, and Accounting [AAA]). This task-oriented course teaches the knowledge and skills needed to secure Cisco IOS router networks using features and commands in Cisco IOS software, and using a router configuration application. ISCW is part of the recommended learning path for students seeking the Cisco Certified Network Professional (CCNP).

Implementing Secure Converged Wide Area Networks (ISCW) is part of the recommended learning path for students seeking the Cisco Certified Internetworking Professional (CCIP), Cisco Certified Network Professional (CCNP), Cisco Certified Design Professional (CCDP), and Cisco Certified Internetwork Expert (CCIE) certifications.

Who should attend this course?

Candidates for Cisco CCNP, CCDP®, and CCIP® certifications
Candidates for Cisco CCIE® Routing and Switching and CCIE Communications and Services certifications
Network administrators and technicians who are responsible for implementing and troubleshooting complex routed network environments
Customers or channel resellers who are experienced with Cisco products or who have a broad knowledge of the internetworking industry
Network technicians who are experienced with Cisco products and services
Network administrators who are responsible for implementing and managing medium-to-large business networks
Senior network support staff who perform a help-desk role in a medium- or enterprise-sized company that has internal network support-escalation staff
Network support staff who design, implement, and troubleshoot Layer 3 connectivity issues

Pre-ISCW course recommendations

INTRO
ICND
BSCI
BCMSN
CCNP Part 1

Prerequisites

Completion of the Introduction to Cisco Networking Technologies (INTRO) and the Interconnecting Cisco Network Devices (ICND) courses, or Cisco CCNA® certification
Ability to complete the initial configuration of a Cisco switch
Ability to create basic interswitch connections
Ability to complete the initial configuration of a Cisco router
Basic knowledge of routing (static, default router, default gateway, and basic NAT and PAT)
Basic knowledge of concepts linked to routing protocols (classful versus classless routing protocol, single area OSPF, RIP, EIGRP, administrative distance, and interoperations)
Basic knowledge of standard WAN technologies (Frame Relay, PPP, and HDLC)
Fundamental security knowledge, including the presence of hackers, viruses, and other security threats
Fundamental knowledge of IP addressing, including the format of IPv4 addresses, the concept of subnetting, VLSM and CIDR, and static and default routing
Basic knowledge of standard and extended ACLs
Ability to use client utilities including Telnet, IPCONFIG, Trace Route, Ping, FTP, TFTP, and HyperTerminal or other terminal emulation programs
Basic IOS familiarity, including accessing the CLI on a Cisco device and specifically implementing the debug and show commands

Follow-on courses

BGP
MPLS
ARSFE
QOS

Certifications

CCNP

Number of Days:

5- Days instructor-led classroom training. (Approx. 7 hours each day.)

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

Describe the remote connectivity requirements for secured access and explain the alignment of these requirements with Cisco network architectures
Describe and implement teleworker broadband connectivity
Implement and verify frame mode MPLS
Describe and configure a site-to-site IPsec VPN
Describe and configure Cisco device hardening
Describe and configure IOS firewall features

Lab Topology

Click Image to see full size

Hands-on Lab Exercises

Lab 3-1: Configuring Frame Mode MPLS
Lab 4-1: Configuring Site-to-Site IPsec VPNs
Lab 4-2: Configuring GRE Tunnels over IPsec Using SDM
Lab 4-3: Configuring IPsec VPN to Back Up a WAN Connection
Lab 4-4: Configuring Cisco Easy VPN Server Using SDM
Lab 5-1: Securing Cisco Routers
Lab 5-2: Securing Cisco Router Management
Lab 5-3: Configuring AAA Login Authentication and Exec Authorization on Cisco Routers
Lab 6-1: Configuring a Cisco IOS Firewall
Lab 6-2: Configuring Cisco IOS IPS
Lab 6-3: Troubleshooting Security
Configuration Files Summary
Lab Activity Solutions

CCNP Part 2 - Optimization & Securing WAN Networks Course Outline

Day 1: ONT - Describe Network Requirements, Describe Cisco VoIP Implementations

Module 1: Describe Network Requirements

Describe the converged network requirements within the Cisco conceptual network models with focus on performance and wireless security.

Lesson 1: Describing Network Requirements

This lesson defines how to describe the converged network requirements of various network and networked applications within the Cisco network architectures.

The lesson includes these topics:

IIN and Cisco SONA Framework

Cisco Network Models

Traffic Conditions in a Converged Network

Module 2: Describe Cisco VoIP Implementations

Describe Cisco VoIP implementations.

Lesson 1: Introducing VoIP Networks

This lesson defines how to describe basic principles of VoIP networks.

The lesson includes these topics:

Benefits of Packet Telephony Networks

Packet Telephony Components

Analog Interfaces

Digital Interfaces

Stages of a Phone Call

Distributed vs. Centralized Call Control

Lesson 2: Digitizing and Packetizing Voice

This lesson defines how to describe the process by which voice is digitized and packetized for transport on a data network.

The lesson includes these topics:

Basic Voice Encoding: Converting Analog to Digital

Basic Voice Encoding: Converting Digital to Analog
The Nyquist Theorem

Quantization

Compression Bandwidth Requirements

What is a DSP?

Lesson 3: Encapsulating Voice Packets for Transport

This lesson defines how to explain the encapsulation of voice into IP packets.

The lesson includes these topics:

End-to-End Delivery of Voice Packets

Explaining Protocols Used in Voice Encapsulation

Reducing Header Overhead

Lesson 4: Calculating Bandwidth Requirements

This lesson defines how to list the bandwidth requirements for various codecs and data links, and, given the formula to calculate total bandwidth for a VoIP call, list the methods to reduce bandwidth consumption.

The lesson includes these topics:

Impact of Voice Samples and Packet Size on Bandwidth

Data Link Overhead

Security and Tunneling Overhead

Calculating the Total Bandwidth for a VoIP Call

Effects of VAD on Bandwidth

Lesson 5: Implementing Voice Support in an Enterprise Network

This lesson defines how to understand different aspects of voice network implementation.

The lesson includes these topics:

Enterprise Voice Implementations

Voice Gateway Functions on a Cisco Router

Cisco CallManager Functions

Enterprise IP Telephony Deployment Models

Identifying Voice Commands in IOS Configurations

What is CAC?

The Module includes these activities:

Lab 2-1 ONT Lab Setup and Initialization

Lab 2-2 Placing and Examining VoIP Calls

Day 2: ONT - Introduction to IP QOS, Implement the DiffServ QoS Model, Implement AutoQoS

Module 3: Introduction to IP QoS

Describe the need to implement QoS and the methods for implementing QoS on a converged network using Cisco routers and Catalyst switches.

Lesson 1: Introducing QoS

This lesson defines how to describe the conditions and nature of traffic in enterprise networks that lead to QoS problems, and explain the IP QoS mechanisms and Cisco QoS best practices that ensure the best possible network performance.

The lesson includes these topics:

Converged Networks Quality Issues

Available Bandwidth

End-to-End Delay

Packet Loss

QoS Defined

Explaining What QoS Does

QoS Traffic Classes—The Requirements of Different Traffic Types

QoS Policy

Lesson 2: Identifying Models for Implementing QoS

This lesson defines how to explain the use of the three models for providing QoS in a network: best effort, Intserv, Diffserv.

The lesson includes these topics:

QoS Models

Best Effort Model

IntServ Model

RSVP and the IntServ QoS Model

DiffServ Model

The lesson includes this activity:

Selecting a Converged Network Strategy

Lesson 3: Methods for Implementing QoS

This lesson defines how to explain how to implement QoS policies using both MQC and the SDM QoS wizard.

The lesson includes these topics:

Methods for Implementing QoS Policy

Legacy CLI

Modular QoS CLI

AutoQoS

SDM QoS Wizard

QoS Implementation Methods Compared

The lesson includes this activity:

Introducing MQC and the SDM QoS Wizard

Module 4: Implement the DiffServ QoS Model

Explain the key IP QoS mechanisms used to implement the DiffServ QoS model.

Lesson 1: Introducing Classification and Marking

This lesson defines how to explain the purpose of classification and marking, and how they can be used to define a QoS service class.

The lesson includes these topics:

Classification

Marking

Classification and Marking at the Link Layer

DiffServ Model

IP Precedence and DSCP Compatibility

Per Hop Behaviors

DSCP Summary

Mapping CoS to Network Layer QoS

QoS Service Class Defined

Implementing QoS Policy Using a QoS Service Class

Trust Boundaries

Lesson 2: Using NBAR for Classification

This lesson defines how to explain Cisco MQC class-based classification and marking operations and configuration using NBAR.

The lesson includes these topics:

Network Based Application Recognition

NBAR Application Support

Packet Description Language Module

Protocol Discovery

Configuring and Monitoring Protocol Discovery

Configuring NBAR for Static Protocols

Configuring NBAR for Dynamic Protocols

The lesson includes this activity:

Lab 4-1 Configuring NBAR

Lesson 3: Introducing Queuing Implementations

This lesson defines how to explain Cisco queuing operations and basic configurations.

The lesson includes these topics:

Congestion and Queuing

Queuing Algorithms

FIFO

Priority Queuing

Round Robin

Router Queuing Components

Lesson 4: Configuring WFQ

This lesson defines how to explain the procedure for configuring queuing mechanism of WFQ and on a router.

The lesson includes these topics:

Weighted Fair Queuing

WFQ Architecture and Benefits

Configuring and Monitoring WFQ

The lesson includes this activity:

Lab 4-2 Configuring FIFO and WFQ Queuing Mechanisms

Lesson 5: Configuring CBWFQ and LLQ

This lesson defines how to explain the procedure for configuring queuing mechanisms including CBWFQ and LLQ on a router.

The lesson includes these topics:

Describing Advanced Queuing Mechanisms

Class-Based Weighted Fair Queuing

CBWFQ Architecture and Benefits

Configuring and Monitoring CBWFQ

Low Latency Queuing

LLQ Architecture and Benefits

Configuring and Monitoring LLQ

The lesson includes this activity:

Lab 4-3 Configuring LLQ Queuing Mechanisms

Lesson 6: Introducing Congestion Avoidance

This lesson defines how to explain Cisco CB-WRED operations and basic configurations.

The lesson includes these topics:

Managing Interface Congestion with Tail Drop

Tail Drop Limitations

Random Early Detection

Weighted Random Early Detection

WRED Profiles

Configuring CB-WRED

Monitoring CB-WRED

Lesson 7: Introducing Traffic Policing and Shaping

This lesson defines how to explain Cisco class-based traffic policing and class-based traffic shaping operations and basic configurations.

The lesson includes these topics:

Traffic Policing and Shaping Overview

Why Use Traffic Conditioners?

Policing vs. Shaping

Cisco IOS Traffic Policing and Shaping Mechanisms

Applying Traffic Conditioners

Lesson 8: WAN Link Efficiency Mechanisms

This lesson defines how to explain Cisco class-based header compression operations and basic configurations.

The lesson includes these topics:

Link Efficiency Mechanisms Overview

Layer 2 Payload Compression

Header Compression

Large Packets “Freeze Out” Voice on Slow WAN Links

Link Fragmentation and Interleaving

Applying Link Efficiency Mechanisms

The lesson includes these activities:

Lab 4-4 Class Based Header Compression

Lab 4-5 Configuring LFI

Lesson 9: Implementing QoS Pre-Classify

This lesson defines how to explain the purpose and basic configuration of QoS pre-classify for traffic going over IPsec and GRE tunnels.

The lesson includes these topics:

Virtual Private Networks

Implementing QoS with Pre-Classify
QoS Pre-Classify Applications

QoS Pre-Classification Deployment Options

The lesson includes this activity:

Lab 4-6 Configuring QoS Pre-Classify

Lesson 10: Deploying End-to-End QoS

This lesson defines how to describe the set of QoS mechanisms used to implement Cisco end-
to-end QoS “best practices” in a typical enterprise network connected through a service provider that is providing Layer 3 IP services.

The lesson includes these topics:

QoS SLAs

Deploying End-to-End QoS

Enterprise Campus QoS Implementations

WAN Edge QoS Implementations

What is CoPP?

Module 5: Implement AutoQoS

Configure AutoQoS for enterprise.

Lesson 1: Introducing AutoQoS

This lesson defines how to identify capabilities provided by AutoQoS and explain the procedure to configure QoS on a network using AutoQoS.

The lesson includes these topics:

AutoQoS

Configuring AutoQoS

Verifying AutoQoS

The lesson includes this activity:

Lab 5-1 Configuring QoS with Cisco AutoQoS

Lesson 2: Mitigating Common AutoQoS Problems

This lesson defines how to explain how to tune an AutoQoS configuration once specific problems in the configuration have been identified by reading through the show output

The lesson includes these topics:

Automation with Cisco AutoQoS

Common AutoQoS Problems

Interpreting AutoQoS Configurations

Modifying the Active AutoQoS Configuration with MQC

The lesson includes this activity:
Lab 5-2 Using MQC to Tune QoS Mechanisms Configured With AutoQoS

Lab5-3 Troubleshooting Converged Networks

Day 3: ONT - Wireless Security, ISCW - Describe Network Requirements, Connect Teleworkers

Module 6: Wireless Security

Describe and configure wireless security and basic wireless management.

Lesson 1: WLAN QoS Implementation

Upon completing this lesson, you will be able to describe WLAN QoS and its current implementation.

The lesson includes these topics:

The Need for WLAN QoS

WLAN QoS Description

WLAN QoS RF Backoff Timing

Lightweight AP – Split MAC Architecture

QoS Deploymennt Issues

QoS Description

WLAN QoS Implemention

WLAN QoS Configuration

The lesson includes these activities:

Lab 6-1 Configure QoS features on lightweight APs through the use of WLC

Lesson 2: Introducing 802.1x

This lesson defines how to describe various 802.1x EAP types.

The lesson includes these topics:

The Need for WLAN Security

Security Methods—Authentication and Encryption

Improved Encryption

Enhanced 802.11 Security

Improved Authentication

Authentication Process

EAP Authentication Processes

Wi-Fi Protected Access

Lesson 3: Configuring Encryption and Authentication on Lightweight Access Points

This lesson defines how to describe configuring an advanced feature set WLAN for encryption and authentication on lightweight APs.

The lesson includes these topics:

Open Authentication

Pre-Shared Key Authentication

Web Authentication

Public Key Infrastructure

802.1X

The lesson includes these activities:

Lab 6-2 Configuring WEP Authentication

Lab 6-3 Configuring 802.1x EAP-PEAP-MSCHAPv2 Authentication

Lesson 4: Basic WLAN Management

This lesson defines how to compare wireless feature set and architecture of wireless networks using autonomous or lightweight APs.

The lesson includes these topics:

Cisco Unified Wireless Networks

The WLAN Solution Engine

The Cisco Wireless Control System

WCS Location Tracking Options

Wireless Location Appliance

Cisco WCS Configuration Example

Cisco WCS Maps

Rogue AP Detection

The lesson includes this activity:

Lab 6-4 Configuring the Cisco WCS

Module 1: ISCW Describe Network Requirements

Describe the remote connectivity requirements for secured access and explain the alignment of these requirements with Cisco network architectures.

Lesson 1: Describing Network Requirements

This lesson defines how to describe the remote connectivity requirements and their alignment with Cisco network architectures.

The lesson includes these topics:

IIN and Cisco SONA Framework

Cisco Network Models

Remote Connection Requirements in a Converged Network

Module 2: Connect Teleworkers

Describe and implement teleworker broadband connectivity.

Lesson 1: Topologies for Facilitating Remote Connections

This lesson defines how to describe the WAN, Branch, and SOHO modules that represent remote connections to the enterprise network.

The lesson includes these topics:

Remote Connection Topologies

The Challenge of Connecting the Teleworker

Lesson 2: Describing Cable Technology

This lesson defines how to describe cable technology.

The lesson includes these topics:

Cable Technology Terms

Cable System Components

Cable Features

Digital Signals over RF Channels

Data over Cable

Cable Technology: Putting It All Together

Provisioning a Cable Modem

Lesson 3: Describing DSL Technology

This lesson defines how to describe xDSL technologies.

The lesson includes these topics:

DSL Features

DSL Types

DSL Limitations

ADSL

ADSL and POTS Coexistence

ADSL Channels and Encoding

Data over ADSL: PPPoE

Data over ADSL: PPPoA

Lesson 4: Configuring the CPE as the PPPoE Client

This lesson defines how to configure the PPPoE client over DSL.

The lesson includes these topics:

Configuration of a Cisco Router as the PPPoE Client

Configuration of PPPoE in a VPDN Group

Configuration of a PPPoE Client

Configuration of the PPPoE DSL Dialer Interface

Configuration of PAT

Configuring DHCP to Scale DSL

Configuration of a Static Default Route

Verifying a PPPoE Configuration

Lesson 5: Configuring DSL with PPPoA

This lesson defines how to configure the PPPoA client over DSL.

The lesson includes these topics:

Configuration of a PPPoA DSL Connection

Configuration of the DSL ATM Interface

PPPoA Sample Configuration

Lesson 6: Verifying Broadband ADSL Configurations

This lesson defines how to verify typical broadband configurations.

The lesson includes these topics:

Layer Troubleshooting

Layer 1 Issues

Administratively Down State for an ATM Interface

Correct Power Supply?

Correct DSL Operating Mode

Layer 2 Issues

Data Received from the ISP
Proper PPP Negotiation

The lesson includes these activities:

Configuring DSL

Day 4: ISCW - Implement Frame Mode MPLS, IPSec VPNs

Module 3: Implement Frame Mode MPLS

Implement and verify frame mode MPLS.

Lesson 1: Introducing MPLS Networks

This lesson defines how to describe the MPLS conceptual model with data and control planes, and describe the function of the MPLS label.

The lesson includes these topics:

The MPLS Conceptual Model

Router Switching Mechanisms

MPLS Architecture

MPLS Labels

Label Switch Routers

LSR Component Architecture

Lesson 2: Assigning MPLS Labels to Packets

This lesson defines how to describe how labels are allocated and distributed in a frame mode MPLS network, and describe how IP packets cross an MPLS network.

The lesson includes these topics:

Label Allocation in a Frame Mode MPLS Environment

Label Distribution and Advertisement

Populating the LFIB Table

Packet Propagation Across an MPLS Network
Penultimate Hop Popping

Lesson 3: Implementing Frame Mode MPLS

This lesson defines how to describe the steps that are required to successfully implement MPLS.

The lesson includes these topics:

The Procedure to Configure MPLS

Configuring IP CEF

Configuring MPLS on a Frame Mode Interface

Configuring the MTU Size in Label Switching

The lesson includes these activities:

Configuring Frame Mode MPLS

Lesson 4: MPLS VPN Technology

This lesson defines how to explain the evolution of MPLS VPNs, and describe MPLS VPN routing and packet flow.

The lesson includes these topics:

Defining MPLS VPN

MPLS VPN Architecture

Propagation of Routing Information Across the P-Network

End-to-End Routing Information Flow

MPLS VPNs and Packet Forwarding

Configuring Routing Between PE and CE Routers

Module 4: IPsec VPNs

Describe and configure a site-to-site IPsec VPN.

Lesson 1: IPsec Components and IPsec VPN Features

This lesson defines how to describe the fundamental concepts, technologies, and terms used with IPsec VPNs.

The lesson includes these topics:

IPsec Overview

Internet Key Exchange

IKE: Other Functions

ESP and AH

Message Authentication and Integrity Check

Symmetric vs. Asymmetric Encryption Algorithms

PKI Environment

Lesson 2: Site-to-Site IPsec VPN Operations

This lesson defines how to describe IPsec site-to-site VPN operations.

The lesson includes these topics:

Site-to-Site IPsec VPN Operations
Configuring IPsec

Site-to-Site IPsec Configuration: Phase 1

Site-to-Site IPsec Configuration: Phase 2

Site-to-Site IPsec Configuration: Apply VPN Configuration

Site-to-Site IPsec Configuration: Interface ACL

Lesson 3: Configuring IPsec Site-to-Site VPN Using SDM

This lesson defines how to configure a site-to-site IPsec VPN with preshared key authentication using SDM, and explain the resulting CLI configurations.

The lesson includes these topics:

Introducing the SDM VPN Wizard Interface

Site-to-Site VPN Components

Launching the Site-to-Site VPN Wizard

Connection Settings

IKE Proposals

Transform Set

Defining What Traffic to Protect

Completing the Configuration

The lesson includes these activities:

Configuring Site-to-Site IPsec VPNs

Lesson 4: Configuring GRE Tunnels over IPsec

This lesson defines how to explain GRE encapsulations, operations, and configurations.

The lesson includes these topics:

Generic Routing Encapsulation

Introducing Secure GRE Tunnels

Configuring GRE over IPsec Site-to-Site Tunnel Using SDM

Backup GRE Tunnel Information

VPN Authentication Information

IKE Proposals

Transform Set

Routing Information

Completing the Configuration

The lesson includes these activities:

Configuring GRE Tunnels over IPsec Using SDM

Lesson 5: High Availability Options

This lesson defines how to describe the procedure to configure VPN backup interfaces.

The lesson includes these topics:

High Availability for IOS IPsec VPNs

IPsec Backup Peer

Hot Standby Routing Protocol

IPsec Stateful Failover

Backing Up a WAN Connection with an IPsec VPN

The lesson includes these activities:

Configuring IPsec VPN to Backup a PPP WAN Connection

Lesson 6: Configuring Cisco Easy VPN and Easy VPN Server Using SDM

This lesson defines how to describe the procedure to configure and verify a Cisco Easy VPN Server and an IPsec VPN, configured with Cisco Easy VPN, using SDM to support remote access VPNs.

The lesson includes these topics:

Introducing Cisco Easy VPN

Describe Easy VPN Server and Easy VPN Remote

Cisco Easy VPN Server Configuration Tasks

Configuring Easy VPN Server

IKE Proposals

Transform Set

Group Policy Configuration Location

User Authentication

Local Group Policies

Completing the Configuration

Lesson 7: Implementing the Cisco VPN Client

This lesson defines how to describe, configure, and verify the Cisco VPN Client on a Windows PC.
The lesson includes these topics:

Cisco VPN Client Configuration Tasks

Use the Cisco VPN Client to Establish an RA VPN Connection and Verify the Connection Status

The lesson includes these activities:

Configuring Cisco Easy VPN Server Using SDM

Day 5: ISCW - Cisco Device Hardening, Cisco IOS Threat Defense Features

Module 5: Cisco Device Hardening

Describe and configure Cisco device hardening.

Lesson 1: Mitigating Network Attacks

This lesson defines how to explain the strategies that are used to mitigate network attacks.

The lesson includes these topics:

Cisco Self-Defending Network

Types of Network Attacks

Reconnaissance Attacks and Mitigation

Access Attacks and Mitigation

DoS Attacks and Mitigation

Worm, Virus, and Trojan Horse Attacks and Mitigation

Application Layer Attacks and Mitigation

Management Protocols and Vulnerabilities

Determining Vulnerabilities and Threats

Lesson 2: Disabling Unused Cisco Router Network Services and Interfaces

This lesson defines how to describe the techniques used to harden a Cisco device.
The lesson includes these topics:

Vulnerable Router Services and Interfaces

Locking Down Routers with AutoSecure

AutoSecure Process Overview

Locking Down Routers with the SDM

Lesson 3: Securing Cisco Router Installations and Administrative Access

This lesson defines how to secure Cisco router physical installations and administrative access using passwords.

The lesson includes these topics:

Configuring Router Passwords

Setting a Login Failure Rate

Setting Timeouts

Setting Multiple Privilege Levels

Configuring Banner Messages

Configuring Role-Based CLI

Secure Configuration Files

The lesson includes these activities:

Securing Cisco Routers

Lesson 4: Mitigating Threats and Attacks with Access Lists

This lesson defines how to mitigate threats and attacks to Cisco perimeter routers by
configuring and applying ACLs to filter traffic.

The lesson includes these topics:

Cisco ACLs

Applying ACLs to Router Interfaces

Using Traffic Filtering with ACLs

Filtering Router Service Traffic

Filtering Network Traffic to Mitigate Threats

Mitigating DDoS with ACLs

Combining Access Functions

Caveats

Lesson 5: Securing Management and Reporting Features

This lesson defines how to explain the procedures to securely implement management and reporting features of syslog, SSH, SNMPv3, and NTP.

The lesson includes these topics:

Secure Management and Reporting Planning Considerations

Secure Management and Reporting Architecture

Configuring an SSH Server for Secure Management and Reporting
Using Syslog Logging for Network Security

Configuring Syslog Logging

SNMP Version 3

Configuring an SNMP Managed Node

Configuring NTP Client

Configuring NTP Server

The lesson includes these activities:

Securing Cisco Router Management

Lesson 6: Configuring AAA on Cisco Routers

This lesson defines how to explain the procedures to configure AAA implementation on a Cisco router using both SDM and CLI.

The lesson includes these topics:

Introduction to AAA

Router Access Modes

AAA Protocols: RADIUS and TACACS+

Configure AAA Login Authentication on Cisco Routers Using CLI

Configure AAA Login Authentication on Cisco Routers Using SDM

Troubleshoot AAA Login Authentication on Cisco Routers

AAA Authorization Commands

AAA Accounting Commands

The lesson includes these activities:

Configuring AAA Login Authentication on Cisco Routers

Module 6: Cisco IOS Threat Defense Features

Describe and configure lOS firewall features.

Lesson 1: Introducing the Cisco IOS Firewall

This lesson defines how to explain the Cisco lOS Firewall functionality.

The lesson includes these topics:

Layered Defense Strategy

Firewall Technologies

Stateful Firewall Operation

lntroducing the Cisco lOS Firewall Feature Set

Cisco lOS Firewall Functions

Cisco lOS Firewall Process

Lesson 2: Implementing Cisco IOS Firewalls

This lesson defines how to describe the procedure to configure Cisco lOS Firewall features using the CLl and SDM, explain the resulting configurations, and verify firewall operations
using SDM and show commands.

The lesson includes these topics:
Configuring Cisco 1OS Firewall from the CLI

Basic and Advanced Firewall Wizards

Configuring a Basic Firewall

Configuring 1nterfaces on an Advanced Firewall

Configuring a DMZ on an Advanced Firewall

Advanced Firewall Security Configuration

Complete the Configuration

Viewing Firewall Activity

The lesson includes these activities:

Configuring a Cisco IOS Firewall

Lesson 3: Introducing Cisco IOS IPS

This lesson defines how to explain the features, components, and functionality of Cisco IOS IPS.

The lesson includes these topics:

Introducing Cisco IOS IDS and IPS

Types of IDS and IPS Systems

IDS and IPS Signatures

Cisco IOS IPS Signature Definition Files and Signature Microengines

Cisco IOS IPS Alarms

Lesson 4: Configuring Cisco IOS IPS

This lesson defines how to describe the procedure to configure Cisco IOS IPS operations using SDM.

The lesson includes these topics:

Configuring Cisco IOS IPS

Cisco IOS IPS SDM Tasks

Selecting Interfaces and Configuring SDF Locations

Viewing the IPS Policy Summary and Delivering the Configuration to the Router

Configuring IPS Policies and Global Settings

Viewing SDEE Messages

Tuning Signatures

The lesson includes these activities:

Configuring Cisco IOS IPS

Troubleshooting Security