Trust the best-selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. It is built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam. This book, combined with the CCNA 200-301 Official Cert Guide Volume 1, cover all of exam topics on the CCNA 200-301 exam.
CCNA 200-301 Official Cert Guide, Volume 2 presents you with an organized test-preparation routine using proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.
· Master Cisco CCNA 200-301 exam topics
· Assess your knowledge with chapter-opening quizzes
· Review key concepts with exam preparation tasks
· Practice with realistic exam questions in the practice test software
CCNA 200-301 Official Cert Guide, Volume 2 from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Best-selling author Wendell Odom shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.
This complete study package includes
· A test-preparation routine proven to help you pass the exams
· Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section
· Chapter-ending Key Topic tables, which help you drill on key concepts you must know thoroughly
· The powerful Pearson Test Prep Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
· A free copy of the CCNA 200-301 Network Simulator, Volume 2 Lite software, complete with meaningful lab exercises that help you hone your hands-on skills with the command-line interface for routers and switches
· Links to a series of hands-on config labs developed by the author
· Online interactive practice exercises that help you enhance your knowledge
· More than 50 minutes of video mentoring from the author
· An online interactive Flash Cards application to help you drill on Key Terms by chapter
· A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
· Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, study plans, assessment features, hands-on labs, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.
The CCNA 200-301 Official Cert Guide, Volume 2, combined with CCNA 200-301 Official Cert Guide, Volume 1, walk you through all the exam topics found in the Cisco 200-301 exam. Topics covered in Volume 2 include:
· IP access control lists
· Security services
· IP services
· Network architecture
· Network automation
Companion Website:
The companion website contains more than 300 unique practice exam questions, CCNA Network Simulator Lite software, online practice exercises, and 50 minutes of video training.
Includes Exclusive Offers For Up to 70% Off Video Training, Practice Tests, and more
Pearson Test Prep online system requirements:
Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above.
Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.
Pearson Test Prep offline system requirements: Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases
In addition to the wealth of updated content, this new edition includes a series of free hands-on exercises to help you master several real-world configuration activities. These exercises can be performed on the CCNA 200-301 Network Simulator Lite, Volume 2 software included for free on the companion website that accompanies this book. This software, which simulates the experience of working on actual Cisco routers and switches, contains the following 13 free lab exercises, covering ACL topics in Part I:
1. ACL I
2. ACL II
3. ACL III
4. ACL IV
5. ACL V
6. ACL VI
7. ACL Analysis I
8. Named ACL I
9. Named ACL II
10. Named ACL III
11. Standard ACL Configuration Scenario
12. Extended ACL I Configuration Scenario
13. Extended ACL II Configuration Scenario
If you are interested in exploring more hands-on labs and practicing configuration and troubleshooting with more router and switch commands, see the special discount offer in the coupon code included in the sleeve in the back of this book.
Windows system requirements (minimum):
· Windows 10 (32/64-bit), Windows 8.1 (32/64-bit), or Windows 7 (32/64-bit)
· 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor
· 1 GB RAM (32-bit) or 2 GB RAM (64-bit)
· 16 GB available hard disk space (32-bit) or 20 GB (64-bit)
· DirectX 9 graphics device with WDDM 1.0 or higher driver
· Adobe Acrobat Reader version 8 and above
Mac system requirements (minimum)
· macOS 10.14, 10.13, 10.12, or 10.11
· Intel core Duo 1.83 GHz
· 512 MB RAM (1 GB recommended)
· 1.5 GB hard disk space
· 32-bit color depth at 1024x768 resolution
· Adobe Acrobat Reader version 8 and above
CCNA 200-301 Official Cert Guide, Volume 2 Companion Website
Access interactive study tools on this book's companion website, including practice test software, video training, CCNA Network Simulator Lite software, memory table and config checklist review exercises, a Key Term flash card application, a study planner, and more!
To access the companion website, simply follow these steps:
1. Go to www.ciscopress.com/register.
2. Enter the print book ISBN: 9781587147135.
3. Answer the security question to validate your purchase.
4. Go to your account page.
5. Click on the Registered Products tab.
6. Under the book listing, click on the Access Bonus Content link.
If you have any issues accessing the companion website, you can contact our support team by going to http://pearsonitp.echelp.org.
Also available from Cisco Press for CCNA study is the CCNA 200-301 Official Cert Guide Volume 2 Premium Edition eBook and Practice Test . This digital-only certification preparation product combines an eBook with enhanced Pearson Test Prep Practice Test.
This integrated learning package
· Enables you to focus on individual topic areas or take complete, timed exams
· Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
· Provides unique sets of exam-realistic practice questions
· Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
Introduction xxvii
Part I IP Access Control Lists 3
Chapter 1 Introduction to TCP/IP Transport and Applications 4
"Do I Know This Already?" Quiz 4
Foundation Topics 6
TCP/IP Layer 4 Protocols: TCP and UDP 6
Transmission Control Protocol 7
Multiplexing Using TCP Port Numbers 7
Popular TCP/IP Applications 10
Connection Establishment and Termination 12
Error Recovery and Reliability 13
Flow Control Using Windowing 15
User Datagram Protocol 16
TCP/IP Applications 16
Uniform Resource Identifiers 17
Finding the Web Server Using DNS 18
Transferring Files with HTTP 20
How the Receiving Host Identifies the Correct Receiving Application 21
Chapter Review 22
Chapter 2 Basic IPv4 Access Control Lists 24
"Do I Know This Already?" Quiz 24
Foundation Topics 26
IPv4 Access Control List Basics 26
ACL Location and Direction 26
Matching Packets 27
Taking Action When a Match Occurs 28
Types of IP ACLs 28
Standard Numbered IPv4 ACLs 29
List Logic with IP ACLs 29
Matching Logic and Command Syntax 31
Matching the Exact IP Address 31
Matching a Subset of the Address with Wildcards 31
Binary Wildcard Masks 33
Finding the Right Wildcard Mask to Match a Subnet 33
Matching Any/All Addresses 34
Implementing Standard IP ACLs 34
Standard Numbered ACL Example 1 35
Standard Numbered ACL Example 2 36
Troubleshooting and Verification Tips 38
Practice Applying Standard IP ACLs 39
Practice Building access-list Commands 39
Reverse Engineering from ACL to Address Range 40
Chapter Review 41
Chapter 3 Advanced IPv4 Access Control Lists 44
"Do I Know This Already?" Quiz 44
Foundation Topics 46
Extended Numbered IP Access Control Lists 46
Matching the Protocol, Source IP, and Destination IP 46
Matching TCP and UDP Port Numbers 48
Extended IP ACL Configuration 51
Extended IP Access Lists: Example 1 51
Extended IP Access Lists: Example 2 53
Practice Building access-list Commands 54
Named ACLs and ACL Editing 54
Named IP Access Lists 54
Editing ACLs Using Sequence Numbers 56
Numbered ACL Configuration Versus Named ACL Configuration 58
ACL Implementation Considerations 59
Additional Reading on ACLs 60
Chapter Review 61
Part I Review 64
Part II Security Services 67
Chapter 4 Security Architectures 68
"Do I Know This Already?" Quiz 68
Foundation Topics 70
Security Terminology 70
Common Security Threats 72
Attacks That Spoof Addresses 72
Denial-of-Service Attacks 73
Reflection and Amplification Attacks 75
Man-in-the-Middle Attacks 76
Address Spoofing Attack Summary 77
Reconnaissance Attacks 77
Buffer Overflow Attacks 78
Malware 78
Human Vulnerabilities 79
Password Vulnerabilities 80
Password Alternatives 80
Controlling and Monitoring User Access 82
Developing a Security Program to Educate Users 83
Chapter Review 84
Chapter 5 Securing Network Devices 86
"Do I Know This Already?" Quiz 86
Foundation Topics 88
Securing IOS Passwords 88
Encrypting Older IOS Passwords with service password-encryption 89
Encoding the Enable Passwords with Hashes 90
Interactions Between Enable Password and Enable Secret 90
Making the Enable Secret Truly Secret with a Hash 91
Improved Hashes for Cisco's Enable Secret 92
Encoding the Passwords for Local Usernames 94
Controlling Password Attacks with ACLs 95
Firewalls and Intrusion Prevention Systems 95
Traditional Firewalls 96
Security Zones 97
Intrusion Prevention Systems (IPS) 99
Cisco Next-Generation Firewalls 100
Cisco Next-Generation IPS 102
Chapter Review 103
Chapter 6 Implementing Switch Port Security 106
"Do I Know This Already?" Quiz 106
Foundation Topics 108
Port Security Concepts and Configuration 108
Configuring Port Security 109
Verifying Port Security 112
Port Security MAC Addresses 113
Port Security Violation Modes 114
Port Security Shutdown Mode 115
Port Security Protect and Restrict Modes 117
Chapter Review 119
Chapter 7 Implementing DHCP 122
"Do I Know This Already?" Quiz 122
Foundation Topics 124
Dynamic Host Configuration Protocol 124
DHCP Concepts 125
Supporting DHCP for Remote Subnets with DHCP Relay 126
Information Stored at the DHCP Server 128
Configuring DHCP Features on Routers and Switches 129
Configuring DHCP Relay 130
Configuring a Switch as DHCP Client 130
Configuring a Router as DHCP Client 132
Identifying Host IPv4 Settings 133
Host Settings for IPv4 133
Host IP Settings on Windows 134
Host IP Settings on macOS 136
Host IP Settings on Linux 138
Chapter Review 140
Chapter 8 DHCP Snooping and ARP Inspection 144
"Do I Know This Already?" Quiz 144
Foundation Topics 146
DHCP Snooping 146
DHCP Snooping Concepts 146
A Sample Attack: A Spurious DHCP Server 147
DHCP Snooping Logic 148
Filtering DISCOVER Messages Based on MAC Address 150
Filtering Messages that Release IP Addresses 150
DHCP Snooping Configuration 152
Configuring DHCP Snooping on a Layer 2 Switch 152
Limiting DHCP Message Rates 154
DHCP Snooping Configuration Summary 155
Dynamic ARP Inspection 156
DAI Concepts 156
Review of Normal IP ARP 156
Gratuitous ARP as an Attack Vector 157
Dynamic ARP Inspection Logic 158
Dynamic ARP Inspection Configuration 160
Configuring ARP Inspection on a Layer 2 Switch 160
Limiting DAI Message Rates 163
Configuring Optional DAI Message Checks 164
IP ARP Inspection Configuration Summary 165
Chapter Review 166
Part II Review 168
Part III IP Services 171
Chapter 9 Device Management Protocols 172
"Do I Know This Already?" Quiz 172
Foundation Topics 174
System Message Logging (Syslog) 174
Sending Messages in Real Time to Current Users 174
Storing Log Messages for Later Review 175
Log Message Format 176
Log Message Severity Levels 177
Configuring and Verifying System Logging 178
The debug Command and Log Messages 180
Network Time Protocol (NTP) 181
Setting the Time and Timezone 182
Basic NTP Configuration 183
NTP Reference Clock and Stratum 185
Redundant NTP Configuration 186
NTP Using a Loopback Interface for Better Availability 188
Analyzing Topology Using CDP and LLDP 190
Examining Information Learned by CDP 190
Configuring and Verifying CDP 193
Examining Information Learned by LLDP 194
Configuring and Verifying LLDP 197
Chapter Review 199
Chapter 10 Network Address Translation 202
"Do I Know This Already?" Quiz 202
Foundation Topics 204
Perspectives on IPv4 Address Scalability 204
CIDR 205
Private Addressing 206
Network Address Translation Concepts 207
Static NAT 208
Dynamic NAT 210
Overloading NAT with Port Address Translation 211
NAT Configuration and Troubleshooting 213
Static NAT Configuration 213
Dynamic NAT Configuration 215
Dynamic NAT Verification 217
NAT Overload (PAT) Configuration 219
NAT Troubleshooting 222
Chapter Review 223
Chapter 11 Quality of Service (QoS) 226
"Do I Know This Already?" Quiz 226
Foundation Topics 228
Introduction to QoS 228
QoS: Managing Bandwidth, Delay, Jitter, and Loss 228
Types of Traffic 229
Data Applications 229
Voice and Video Applications 230
QoS as Mentioned in This Book 232
QoS on Switches and Routers 233
Classification and Marking 233
Classification Basics 233
Matching (Classification) Basics 234
Classification on Routers with ACLs and NBAR 235
Marking IP DSCP and Ethernet CoS 236
Marking the IP Header 237
Marking the Ethernet 802.1Q Header 237
Other Marking Fields 238
Defining Trust Boundaries 238
DiffServ Suggested Marking Values 239
Expedited Forwarding (EF) 240
Assured Forwarding (AF) 240
Class Selector (CS) 241
Guidelines for DSCP Marking Values 241
Queuing 242
Round-Robin Scheduling (Prioritization) 243
Low Latency Queuing 243
A Prioritization Strategy for Data, Voice, and Video 245
Shaping and Policing 245
Policing 246
Where to Use Policing 246
Shaping 248
Setting a Good Shaping Time Interval for Voice and Video 249
Congestion Avoidance 250
TCP Windowing Basics 250
Congestion Avoidance Tools 251
Chapter Review 252
Chapter 12 Miscellaneous IP Services 254
"Do I Know This Already?" Quiz 254
Foundation Topics 256
First Hop Redundancy Protocol 256
The Need for Redundancy in Networks 257
The Need for a First Hop Redundancy Protocol 259
The Three Solutions for First-Hop Redundancy 260
HSRP Concepts 261
HSRP Failover 261
HSRP Load Balancing 262
Simple Network Management Protocol 263
SNMP Variable Reading and Writing: SNMP Get and Set 264
SNMP Notifications: Traps and Informs 265
The Management Information Base 266
Securing SNMP 267
FTP and TFTP 268
Managing Cisco IOS Images with FTP/TFTP 268
The IOS File System 268
Upgrading IOS Images 270
Copying a New IOS Image to a Local IOS File System Using TFTP 271
Verifying IOS Code Integrity with MD5 273
Copying Images with FTP 273
The FTP and TFTP Protocols 275
FTP Protocol Basics 275
FTP Active and Passive Modes 276
FTP over TLS (FTP Secure) 278
TFTP Protocol Basics 279
Chapter Review 280
Part III Review 284
Part IV Network Architecture 287
Chapter 13 LAN Architecture 288
"Do I Know This Already?" Quiz 288
Foundation Topics 290
Analyzing Campus LAN Topologies 290
Two-Tier Campus Design (Collapsed Core) 290
The Two-Tier Campus Design 290
Topology Terminology Seen Within a Two-Tier Design 291
Three-Tier Campus Design (Core) 293
Topology Design Terminology 295
Small Office/Home Office 295
Power over Ethernet (PoE) 297
PoE Basics 297
PoE Operation 298
PoE and LAN Design 299
Chapter Review 300
Chapter 14 WAN Architecture 302
"Do I Know This Already?" Quiz 302
Foundation Topics 304
Metro Ethernet 304
Metro Ethernet Physical Design and Topology 305
Ethernet WAN Services and Topologies 306
Ethernet Line Service (Point-to-Point) 307
Ethernet LAN Service (Full Mesh) 308
Ethernet Tree Service (Hub and Spoke) 309
Layer 3 Design Using Metro Ethernet 309
Layer 3 Design with E-Line Service 309
Layer 3 Design with E-LAN Service 311
Multiprotocol Label Switching (MPLS) 311
MPLS VPN Physical Design and Topology 313
MPLS and Quality of Service 314
Layer 3 with MPLS VPN 315
Internet VPNs 317
Internet Access 317
Digital Subscriber Line 318
Cable Internet 319
Wireless WAN (3G, 4G, LTE, 5G) 320
Fiber (Ethernet) Internet Access 321
Internet VPN Fundamentals 321
Site-to-Site VPNs with IPsec 322
Remote Access VPNs with TLS 324
VPN Comparisons 326
Chapter Review 326
Chapter 15 Cloud Architecture 328
"Do I Know This Already?" Quiz 328
Foundation Topics 330
Server Virtualization 330
Cisco Server Hardware 330
Server Virtualization Basics 331
Networking with Virtual Switches on a Virtualized Host 333
The Physical Data Center Network 334
Workflow with a Virtualized Data Center 335
Cloud Computing Services 336
Private Cloud (On-Premise) 337
Public Cloud 338
Cloud and the "As a Service" Model 339
Infrastructure as a Service 339
Software as a Service 341
(Development) Platform as a Service 341
WAN Traffic Paths to Reach Cloud Services 342
Enterprise WAN Connections to Public Cloud 342
Accessing Public Cloud Services Using the Internet 342
Pros and Cons with Connecting to Public Cloud with Internet 343
Private WAN and Internet VPN Access to Public Cloud 344
Pros and Cons of Connecting to Cloud with Private WANs 345
Intercloud Exchanges 346
Summarizing the Pros and Cons of Public Cloud WAN Options 346
A Scenario: Branch Offices and the Public Cloud 347
Migrating Traffic Flows When Migrating to Email SaaS 347
Branch Offices with Internet and Private WAN 349
Chapter Review 350
Part IV Review 352
Part V Network Automation 355
Chapter 16 Introduction to Controller-Based Networking 356
"Do I Know This Already?" Quiz 357
Foundation Topics 358
SDN and Controller-Based Networks 358
The Data, Control, and Management Planes 358
The Data Plane 359
The Control Plane 360
The Management Plane 361
Cisco Switch Data Plane Internals 361
Controllers and Software-Defined Architecture 362
Controllers and Centralized Control 363
The Southbound Interface 364
The Northbound Interface 365
Software Defined Architecture Summary 367
Examples of Network Programmability and SDN 367
OpenDaylight and OpenFlow 367
The OpenDaylight Controller 368
The Cisco Open SDN Controller (OSC) 369
Cisco Application Centric Infrastructure (ACI) 369
ACI Physical Design: Spine and Leaf 370
ACI Operating Model with Intent-Based Networking 371
Cisco APIC Enterprise Module 373
APIC-EM Basics 373
APIC-EM Replacement 374
Summary of the SDN Examples 375
Comparing Traditional Versus Controller-Based Networks 375
How Automation Impacts Network Management 376
Comparing Traditional Networks with Controller-Based Networks 378
Chapter Review 379
Chapter 17 Cisco Software-Defined Access (SDA) 382
"Do I Know This Already?" Quiz 383
Foundation Topics 384
SDA Fabric, Underlay, and Overlay 384
The SDA Underlay 386
Using Existing Gear for the SDA Underlay 386
Using New Gear for the SDA Underlay 387
The SDA Overlay 390
VXLAN Tunnels in the Overlay (Data Plane) 390
LISP for Overlay Discovery and Location (Control Plane) 392
DNA Center and SDA Operation 395
Cisco DNA Center 395
Cisco DNA Center and Scalable Groups 396
Issues with Traditional IP-Based Security 397
SDA Security Based on User Groups 398
DNA Center as a Network Management Platform 400
DNA Center Similarities to Traditional Management 401
DNA Center Differences with Traditional Management 402
Chapter Review 403
Chapter 18 Understanding REST and JSON 406
"Do I Know This Already?" Quiz 406
Foundation Topics 408
REST-Based APIs 408
REST-Based (RESTful) APIs 408
Client/Server Architecture 409
Stateless Operation 410
Cacheable (or Not) 410
Background: Data and Variables 410
Simple Variables 410
List and Dictionary Variables 411
REST APIs and HTTP 413
Software CRUD Actions and HTTP Verbs 413
Using URIs with HTTP to Specify the Resource 414
Example of REST API Call to DNA Center 417
Data Serialization and JSON 418
The Need for a Data Model with APIs 419
Data Serialization Languages 421
JSON 421
XML 421
YAML 422
S
