Description

Book Synopsis
Scott Empson is an instructor in the Department of Information Systems Technology at the Northern Alberta Institute of Technology in Edmonton, Alberta, Canada, where he has taught for over 21 years. He teaches technical courses in Cisco routing and switching, along with courses in professional development and leadership. Scott created the CCNA Command Quick Reference in 2004 as a companion guide to the Cisco Networking Academy Program, and this guide became the CCNA Portable Command Guide in 2005. Other titles in the series in the areas of CCNP, Wireless, Security, Microsoft, and Linux followed beginning in 2006.

Scott has a Master of Education degree along with three undergraduate degrees: a Bachelor of Arts, with a major in English; a Bachelor of Education, again with a major in English/language arts; and a Bachelor of Applied Information Systems Technology, with a major in network management.

Patrick Gargano has been an educator since 1

Table of Contents
Introduction xix
PART I: LAYER 2 INFRASTRUCTURE
Chapter 1 VLANs 1
Virtual LANs 1
Creating Static VLANs Using VLAN Configuration Mode 2
Assigning Ports to Data and Voice VLANs 2
Using the range Command 3
Dynamic Trunking Protocol (DTP) 3
Setting the Trunk Encapsulation and Allowed VLANs 4
VLAN Trunking Protocol (VTP) 5
Verifying VTP 6
Verifying VLAN Information 7
Saving VLAN Configurations 7
Erasing VLAN Configurations 7
Configuration Example: VLANs 8
Layer 2 Link Aggregation 11
Interface Modes in EtherChannel 12
Default EtherChannel Configuration 12
Guidelines for Configuring EtherChannel 12
Configuring Layer 2 EtherChannel 14
Configuring Layer 3 EtherChannel 14
Configuring EtherChannel Load Balancing 15
Configuring LACP Hot-Standby Ports 16
Monitoring and Verifying EtherChannel 17
Configuration Example: EtherChannel 18
Chapter 2 Spanning Tree Protocol 23
Spanning Tree Protocol Definition 24
Enabling Spanning Tree Protocol 24
Changing the Spanning-Tree Mode 25
Configuring the Root Switch 25
Configuring a Secondary Root Switch 26
Configuring Port Priority 26
Configuring the Path Cost 27
Configuring the Switch Priority of a VLAN 27
Configuring STP Timers 27
Configuring Optional Spanning-Tree Features 28
PortFast 28
BPDU Guard (2xxx/older 3xxx Series) 29
BPDU Guard (3650/9xxx Series) 29
BPDU Filter 30
UplinkFast 30
BackboneFast 31
Root Guard 31
Loop Guard 32
Unidirectional Link Detection 33
Configuring and Verifying Port Error Conditions 33
Enabling Rapid Spanning Tree 36
Rapid Spanning Tree Link Types 36
Enabling Multiple Spanning Tree 37
Verifying the Extended System ID 39
Verifying STP 39
Troubleshooting Spanning Tree Protocol 40
Configuration Example: PVST+ 40
Spanning-Tree Migration Example: PVST+ to Rapid-PVST+ 43
Chapter 3 Implementing Inter-VLAN Routing 45
Inter-VLAN Communication Using an External Router: Router-on-a-Stick 45
Inter-VLAN Communication Tips 46
Inter-VLAN Communication on a Multilayer Switch Through a Switch Virtual Interface 46
Configuring Inter-VLAN Communication on an L3 Switch 47
Removing L2 Switchport Capability of an Interface on an L3 Switch 47
Configuration Example: Inter-VLAN Communication 47
Configuration Example: IPv6 Inter-VLAN Communication 55

PART II: LAYER 3 INFRASTRUCTURE
Chapter 4 EIGRP 61
Enhanced Interior Gateway Routing Protocol (EIGRP) 62
Enabling EIGRP for IPv4 Using Classic Mode Configuration 62
Enabling EIGRP for IPv6 Using Classic Mode Configuration 63
EIGRP Using Named Mode Configuration 64
EIGRP Named Mode Subconfiguration Modes 66
Upgrading Classic Mode to Named Mode Configuration 66
EIGRP Router ID 67
Authentication for EIGRP 67
Configuring Authentication in Classic Mode 67
Configuring Authentication in Named Mode 68
Verifying and Troubleshooting EIGRP Authentication 70
Auto-Summarization for EIGRP 70
IPv4 Manual Summarization for EIGRP 70
IPv6 Manual Summarization for EIGRP 71
Timers for EIGRP 71
Passive Interfaces for EIGRP 72
“Pseudo” Passive EIGRP Interfaces 72
Injecting a Default Route into EIGRP: Redistribution of a Static Route 73
Injecting a Default Route into EIGRP: ip default-network 74
Injecting a Default Route into EIGRP: Summarize to 0.0.0.0/0 74
Accepting Exterior Routing Information: default-information 75
Equal-cost Load Balancing: maximum-paths 75
Unequal-cost Load Balancing: variance 76
EIGRP Traffic Sharing 76
Bandwidth Use for EIGRP 77
Stub Routing for EIGRP 77
EIGRP Unicast Neighbors 79
EIGRP Wide Metrics 79
Adjusting the EIGRP Metric Weights 80
Verifying EIGRP 80
Troubleshooting EIGRP 82
Configuration Example: EIGRP for IPv4 and IPv6 Using Named Mode 83
Chapter 5 OSPF 87
Comparing OSPFv2 and OSPFv3 88
Configuring OSPF 89
Configuring Multiarea OSPF 89
Using Wildcard Masks with OSPF Areas 90
Configuring Traditional OSPFv3 91
Enabling OSPF for IPv6 on an Interface 91
OSPFv3 and Stub/NSSA Areas 92
Interarea OSPFv3 Route Summarization 92
Enabling an IPv4 Router ID for OSPFv3 93
Forcing an SPF Calculation 93
OSPFv3 Address Families 93
Configuring the IPv6 Address Family in OSPFv3 94
Configuring the IPv4 Address Family in OSPFv3 94
Applying Parameters in Address Family Configuration Mode 94
Authentication for OSPF 95
Configuring OSPFv2 Authentication: Simple Password 95
Configuring OSPFv2 Cryptographic Authentication: SHA-256 96
Configuring OSPFv3 Authentication and Encryption 97
Verifying OSPFv2 and OSPFv3 Authentication 98
Optimizing OSPF Parameters 98
Loopback Interfaces 98
Router ID 99
DR/BDR Elections 99
Passive Interfaces 100
Modifying Cost Metrics 100
OSPF Reference Bandwidth 101
OSPF LSDB Overload Protection 101
Timers 101
IP MTU 102
Propagating a Default Route 102
Route Summarization 103
Interarea Route Summarization 103
External Route Summarization 103
OSPF Route Filtering 104
Using the filter-list Command 104
Using the area range not-advertise Command 104
Using the distribute-list in Command 104
Using the summary-address not-advertise Command 105
OSPF Special Area Types 105
Stub Areas 105
Totally Stubby Areas 106
Not-So-Stubby Areas (NSSA) 106
Totally NSSA 107
Virtual Links 108
Configuration Example: Virtual Links 108
Verifying OSPF Configuration 109
Troubleshooting OSPF 111
Configuration Example: Single-Area OSPF 111
Configuration Example: Multiarea OSPF 114
Configuration Example: Traditional OSPFv3 117
Configuration Example: OSPFv3 with Address Families 120
Chapter 6 Redistribution and Path Control 127
Defining Seed and Default Metrics 128
Redistributing Connected Networks 129
Redistributing Static Routes 129
Redistributing Subnets into OSPF 130
Assigning E1 or E2 Routes in OSPF 130
Redistributing OSPF Internal and External Routes 131
Configuration Example: Route Redistribution for IPv4 131
Configuration Example: Route Redistribution for IPv6 132
Verifying Route Redistribution 134
Route Filtering Using the distribute-list Command 134
Configuration Example: Inbound and Outbound Distribute List Route Filters 134
Configuration Example: Controlling Redistribution with Outbound Distribute Lists 135
Verifying Route Filters 136
Route Filtering Using Prefix Lists 137
Configuration Example: Using a Distribute List That References a Prefix List to Control Redistribution 139
Verifying Prefix Lists 140
Using Route Maps with Route Redistribution 140
Configuration Example: Route Maps 141
Manipulating Redistribution Using Route Tagging 142
Changing Administrative Distance 143
Path Control with Policy-Based Routing 144
Verifying Policy-Based Routing 145
Configuration Example: PBR with Route Maps 146
Cisco IOS IP SLA 147
Configuring Authentication for IP SLA 149
Monitoring IP SLA Operations 150
PBR with Cisco IOS IP SLA 150
Step 1: Define Probe(s) 151
Step 2: Define Tracking Object(s) 152
Step 3a: Define the Action on the Tracking Object(s) 152
Step 3b: Define Policy Routing Using the Tracking Object(s) 152
Step 4: Verify IP SLA Operations 152
Chapter 7 BGP 155
Configuring BGP: Classic Configuration 156
Configuring Multiprotocol BGP (MP-BGP) 157
Configuring BGP: Address Families 158
Configuration Example: Using MP-BGP Address Families to Exchange IPv4 and IPv6 Routes 159
BGP Support for 4-Byte AS Numbers 160
BGP Timers 161
BGP and update-source 161
IBGP Next-Hop Behavior 162
EBGP Multihop 162
Attributes 164
Route Selection Decision Process–The BGP Best Path Algorithm 164
Weight Attribute 164
Using AS Path Access Lists to Manipulate the Weight Attribute 166
Using Prefix Lists and Route Maps to Manipulate the Weight Attribute 166
Local Preference Attribute 167
Using AS Path Access Lists with Route Maps to Manipulate the Local Preference Attribute 167
AS Path Attribute Prepending 169
AS Path: Removing Private Autonomous Systems 171
Multi-Exit Discriminator (MED) Attribute 171
Verifying BGP 174
Troubleshooting BGP 175
Default Routes 177
Route Aggregation 177
Route Reflectors 177
Regular Expressions 178
Regular Expressions: Examples 179
BGP Route Filtering Using Access Lists and Distribute Lists 180
Configuration Example: Using Prefix Lists and AS Path Access Lists 181
BGP Peer Groups 182
Authentication for BGP 184
Configuring Authentication Between BGP Peers 184
Verifying BGP Authentication 184

PART III: INFRASTRUCTURE SERVICES
Chapter 8 IP Services 185
Network Address Translation (NAT) 186
Private IP Addresses: RFC 1918 186
Configuring Static NAT 187
Configuring Dynamic NAT 188
Configuring Port Address Translation (PAT) 189
Configuring a NAT Virtual Interface 190
Verifying NAT and PAT Configurations 190
Troubleshooting NAT and PAT Configurations 191
Configuration Example: PAT 191
Configuration Example: NAT Virtual Interfaces and Static NAT 193
First-Hop Redundancy Protocols 194
Hot Standby Router Protocol 194
Virtual Router Redundancy Protocol 201
IPv4 Configuration Example: HSRP on L3 Switch 204
IPv4 Configuration Example: VRRPv2 on Router and L3 Switch with IP SLA Tracking 209
IPv6 Configuration Example: HSRPv2 on Router and L3 Switch 212
Dynamic Host Control Protocol (DHCP) 217
Implementing DHCP for IPv4 217
Implementing DHCP for IPv6 221
Configuration Example: DHCP for IPv4 224
Configuration Example: DHCP for IPv6 226
Chapter 9 Device Management 231
Configuring Passwords 231
Cleartext Password Encryption 232
Password Encryption Algorithm Types 233
Configuring SSH 234
Verifying SSH 235
Boot System Commands 235
The Cisco IOS File System 236
Viewing the Cisco IOS File System 236
Commonly Used URL Prefixes for Cisco Network Devices 236
Deciphering IOS Image Filenames 237
Backing Up Configurations to a TFTP Server 238
Restoring Configurations from a TFTP Server 238
Backing Up the Cisco IOS Software to a TFTP Server 239
Restoring/Upgrading the Cisco IOS Software from a TFTP Server 239
Restoring the Cisco IOS Software Using the ROM Monitor Environmental Variables and tftpdnld Command 240
Secure Copy Protocol (SCP) 241
Configuring an SCP Server 241
Verifying and Troubleshooting SCP 241
Configuration Example: SCP 241
Disabling Unneeded Services 242
Useful Device Management Options 243

PART IV: INFRASTRUCTURE SECURITY
Chapter 10 Infrastructure Security 245
IPv4 Access Control Lists (ACLs) 246
Configuring and Applying Standard IPv4 ACLs 246
Configuring and Applying Extended IPv4 ACLs 247
Configuring and Applying Time-based ACLs 248
Configuring and Applying VTY ACLs 249
IPv6 ACLs 250
Configuring and Applying IPv6 ACLs 250
Verifying IPv4 and IPv6 ACLs 251
Implementing Authentication Methods 251
Simple Local Database Authentication 252
AAA-based Local Database Authentication 252
RADIUS Authentication 253
TACACS+ Authentication 255
Configuring Authorization and Accounting 256
Troubleshooting AAA 257
Control Plane Policing (CoPP) 257
Step 1: Define ACLs to Identify Permitted CoPP Traffic Flows 258
Step 2: Define Class Maps for Matched Traffic 258
Step 3: Define a Policy Map to Police Matched Traffic 259
Step 4: Assign a Policy Map to the Control Plane 259
Verifying CoPP 260
Unicast Reverse Path Forwarding (uRPF) 260
Configuring uRPF 260
Verifying and Troubleshooting uRPF 260

PART V: NETWORK ASSURANCE
Chapter 11 Network Assurance 261
Internet Control Message Protocol Redirect Messages 262
The ping Command 262
Examples of Using the ping and the Extended ping Commands 263
The traceroute Command 265
The debug Command 265
Conditionally Triggered Debugs 266
Configuring Secure SNMP 267
Securing SNMPv1 or SNMPv2c 267
Securing SNMPv3 268
Verifying SNMP 269
Implementing Logging 269
Configuring Syslog 269
Syslog Message Format 269
Syslog Severity Levels 270
Syslog Message Example 270
Configuring NetFlow 271
Configuring Flexible NetFlow 272
Step 1: Configure a Flow Record 272
Step 2: Configure a Flow Exporter 272
Step 3: Configure a Flow Monitor 272
Step 4: Apply the Flow Monitor to an Interface 273
Verifying NetFlow 273
Implementing Port Mirroring 273
Default SPAN and RSPAN Configuration 273
Configuring Local SPAN 274
Local SPAN Guidelines for Configuration 274
Configuration Example: Local SPAN 274
Configuring Remote SPAN 277
Remote SPAN Guidelines for Configuration 278
Configuration Example: Remote SPAN 278
Configuring Encapsulated RSPAN (ERSPAN) 280
Verifying and Troubleshooting Local and Remote SPAN 281
Configuring Network Time Protocol 281
NTP Configuration 281
NTP Design 282
Securing NTP 284
Verifying and Troubleshooting NTP 286
Setting the Clock on a Router 286
Using Time Stamps 290
Configuration Example: NTP 290
Tool Command Language (Tcl) 294
Embedded Event Manager (EEM) 295
EEM Configuration Examples 296
EEM and Tcl Scripts 298
Verifying EEM 298

PART VI: WIRELESS
Chapter 12 Wireless Security and Troubleshooting 299
Authenticating Wireless Clients 299
Open Authentication 300
Authenticating with a Pre-shared Key 302
Authenticating with EAP 304
Authenticating with WebAuth 310
Troubleshooting from the Wireless LAN Controller 312
Troubleshooting Wireless Client Connectivity 318
Cisco AireOS Monitoring Dashboard GUI 318
Cisco IOS XE GUI 322

PART VII: OVERLAYS AND VIRTUALIZATION
Chapter 13 Overlay Tunnels and VRF 325
Generic Routing Encapsulation (GRE) 325
Configuring an IPv4 GRE Tunnel 326
Configuring an IPv6 GRE Tunnel 326
Verifying IPv4 and IPv6 GRE Tunnels 327
Configuration Example: IPv4 and IPv6 GRE Tunnels with OSPFv3 327
Site-to-Site GRE over IPsec 331
GRE/IPsec Using Crypto Maps 332
GRE/IPsec Using IPsec Profiles 333
Verifying GRE/IPsec 335
Site-to-Site Virtual Tunnel Interface (VTI) over IPsec 335
Cisco Dynamic Multipoint VPN (DMVPN) 336
Configuration Example: Cisco DMVPN for IPv4 337
Verifying Cisco DMVPN 342
VRF-Lite 343
Configuring VRF-Lite 343
Verifying VRF-Lite 345

Appendix A: Create Your Own Journal Here 347
 Index 361

CCNP and CCIE Enterprise Core CCNP Enterprise

    Product form

    £999.99

    Includes FREE delivery

    A Paperback / softback by Patrick Gargano, Scott Empson

    Out of stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of CCNP and CCIE Enterprise Core CCNP Enterprise by Patrick Gargano

      Publisher: Pearson Education (US)
      Publication Date: 08/07/2020
      ISBN13: 9780135768167, 978-0135768167
      ISBN10: 0135768160

      Description

      Book Synopsis
      Scott Empson is an instructor in the Department of Information Systems Technology at the Northern Alberta Institute of Technology in Edmonton, Alberta, Canada, where he has taught for over 21 years. He teaches technical courses in Cisco routing and switching, along with courses in professional development and leadership. Scott created the CCNA Command Quick Reference in 2004 as a companion guide to the Cisco Networking Academy Program, and this guide became the CCNA Portable Command Guide in 2005. Other titles in the series in the areas of CCNP, Wireless, Security, Microsoft, and Linux followed beginning in 2006.

      Scott has a Master of Education degree along with three undergraduate degrees: a Bachelor of Arts, with a major in English; a Bachelor of Education, again with a major in English/language arts; and a Bachelor of Applied Information Systems Technology, with a major in network management.

      Patrick Gargano has been an educator since 1

      Table of Contents
      Introduction xix
      PART I: LAYER 2 INFRASTRUCTURE
      Chapter 1 VLANs 1
      Virtual LANs 1
      Creating Static VLANs Using VLAN Configuration Mode 2
      Assigning Ports to Data and Voice VLANs 2
      Using the range Command 3
      Dynamic Trunking Protocol (DTP) 3
      Setting the Trunk Encapsulation and Allowed VLANs 4
      VLAN Trunking Protocol (VTP) 5
      Verifying VTP 6
      Verifying VLAN Information 7
      Saving VLAN Configurations 7
      Erasing VLAN Configurations 7
      Configuration Example: VLANs 8
      Layer 2 Link Aggregation 11
      Interface Modes in EtherChannel 12
      Default EtherChannel Configuration 12
      Guidelines for Configuring EtherChannel 12
      Configuring Layer 2 EtherChannel 14
      Configuring Layer 3 EtherChannel 14
      Configuring EtherChannel Load Balancing 15
      Configuring LACP Hot-Standby Ports 16
      Monitoring and Verifying EtherChannel 17
      Configuration Example: EtherChannel 18
      Chapter 2 Spanning Tree Protocol 23
      Spanning Tree Protocol Definition 24
      Enabling Spanning Tree Protocol 24
      Changing the Spanning-Tree Mode 25
      Configuring the Root Switch 25
      Configuring a Secondary Root Switch 26
      Configuring Port Priority 26
      Configuring the Path Cost 27
      Configuring the Switch Priority of a VLAN 27
      Configuring STP Timers 27
      Configuring Optional Spanning-Tree Features 28
      PortFast 28
      BPDU Guard (2xxx/older 3xxx Series) 29
      BPDU Guard (3650/9xxx Series) 29
      BPDU Filter 30
      UplinkFast 30
      BackboneFast 31
      Root Guard 31
      Loop Guard 32
      Unidirectional Link Detection 33
      Configuring and Verifying Port Error Conditions 33
      Enabling Rapid Spanning Tree 36
      Rapid Spanning Tree Link Types 36
      Enabling Multiple Spanning Tree 37
      Verifying the Extended System ID 39
      Verifying STP 39
      Troubleshooting Spanning Tree Protocol 40
      Configuration Example: PVST+ 40
      Spanning-Tree Migration Example: PVST+ to Rapid-PVST+ 43
      Chapter 3 Implementing Inter-VLAN Routing 45
      Inter-VLAN Communication Using an External Router: Router-on-a-Stick 45
      Inter-VLAN Communication Tips 46
      Inter-VLAN Communication on a Multilayer Switch Through a Switch Virtual Interface 46
      Configuring Inter-VLAN Communication on an L3 Switch 47
      Removing L2 Switchport Capability of an Interface on an L3 Switch 47
      Configuration Example: Inter-VLAN Communication 47
      Configuration Example: IPv6 Inter-VLAN Communication 55

      PART II: LAYER 3 INFRASTRUCTURE
      Chapter 4 EIGRP 61
      Enhanced Interior Gateway Routing Protocol (EIGRP) 62
      Enabling EIGRP for IPv4 Using Classic Mode Configuration 62
      Enabling EIGRP for IPv6 Using Classic Mode Configuration 63
      EIGRP Using Named Mode Configuration 64
      EIGRP Named Mode Subconfiguration Modes 66
      Upgrading Classic Mode to Named Mode Configuration 66
      EIGRP Router ID 67
      Authentication for EIGRP 67
      Configuring Authentication in Classic Mode 67
      Configuring Authentication in Named Mode 68
      Verifying and Troubleshooting EIGRP Authentication 70
      Auto-Summarization for EIGRP 70
      IPv4 Manual Summarization for EIGRP 70
      IPv6 Manual Summarization for EIGRP 71
      Timers for EIGRP 71
      Passive Interfaces for EIGRP 72
      “Pseudo” Passive EIGRP Interfaces 72
      Injecting a Default Route into EIGRP: Redistribution of a Static Route 73
      Injecting a Default Route into EIGRP: ip default-network 74
      Injecting a Default Route into EIGRP: Summarize to 0.0.0.0/0 74
      Accepting Exterior Routing Information: default-information 75
      Equal-cost Load Balancing: maximum-paths 75
      Unequal-cost Load Balancing: variance 76
      EIGRP Traffic Sharing 76
      Bandwidth Use for EIGRP 77
      Stub Routing for EIGRP 77
      EIGRP Unicast Neighbors 79
      EIGRP Wide Metrics 79
      Adjusting the EIGRP Metric Weights 80
      Verifying EIGRP 80
      Troubleshooting EIGRP 82
      Configuration Example: EIGRP for IPv4 and IPv6 Using Named Mode 83
      Chapter 5 OSPF 87
      Comparing OSPFv2 and OSPFv3 88
      Configuring OSPF 89
      Configuring Multiarea OSPF 89
      Using Wildcard Masks with OSPF Areas 90
      Configuring Traditional OSPFv3 91
      Enabling OSPF for IPv6 on an Interface 91
      OSPFv3 and Stub/NSSA Areas 92
      Interarea OSPFv3 Route Summarization 92
      Enabling an IPv4 Router ID for OSPFv3 93
      Forcing an SPF Calculation 93
      OSPFv3 Address Families 93
      Configuring the IPv6 Address Family in OSPFv3 94
      Configuring the IPv4 Address Family in OSPFv3 94
      Applying Parameters in Address Family Configuration Mode 94
      Authentication for OSPF 95
      Configuring OSPFv2 Authentication: Simple Password 95
      Configuring OSPFv2 Cryptographic Authentication: SHA-256 96
      Configuring OSPFv3 Authentication and Encryption 97
      Verifying OSPFv2 and OSPFv3 Authentication 98
      Optimizing OSPF Parameters 98
      Loopback Interfaces 98
      Router ID 99
      DR/BDR Elections 99
      Passive Interfaces 100
      Modifying Cost Metrics 100
      OSPF Reference Bandwidth 101
      OSPF LSDB Overload Protection 101
      Timers 101
      IP MTU 102
      Propagating a Default Route 102
      Route Summarization 103
      Interarea Route Summarization 103
      External Route Summarization 103
      OSPF Route Filtering 104
      Using the filter-list Command 104
      Using the area range not-advertise Command 104
      Using the distribute-list in Command 104
      Using the summary-address not-advertise Command 105
      OSPF Special Area Types 105
      Stub Areas 105
      Totally Stubby Areas 106
      Not-So-Stubby Areas (NSSA) 106
      Totally NSSA 107
      Virtual Links 108
      Configuration Example: Virtual Links 108
      Verifying OSPF Configuration 109
      Troubleshooting OSPF 111
      Configuration Example: Single-Area OSPF 111
      Configuration Example: Multiarea OSPF 114
      Configuration Example: Traditional OSPFv3 117
      Configuration Example: OSPFv3 with Address Families 120
      Chapter 6 Redistribution and Path Control 127
      Defining Seed and Default Metrics 128
      Redistributing Connected Networks 129
      Redistributing Static Routes 129
      Redistributing Subnets into OSPF 130
      Assigning E1 or E2 Routes in OSPF 130
      Redistributing OSPF Internal and External Routes 131
      Configuration Example: Route Redistribution for IPv4 131
      Configuration Example: Route Redistribution for IPv6 132
      Verifying Route Redistribution 134
      Route Filtering Using the distribute-list Command 134
      Configuration Example: Inbound and Outbound Distribute List Route Filters 134
      Configuration Example: Controlling Redistribution with Outbound Distribute Lists 135
      Verifying Route Filters 136
      Route Filtering Using Prefix Lists 137
      Configuration Example: Using a Distribute List That References a Prefix List to Control Redistribution 139
      Verifying Prefix Lists 140
      Using Route Maps with Route Redistribution 140
      Configuration Example: Route Maps 141
      Manipulating Redistribution Using Route Tagging 142
      Changing Administrative Distance 143
      Path Control with Policy-Based Routing 144
      Verifying Policy-Based Routing 145
      Configuration Example: PBR with Route Maps 146
      Cisco IOS IP SLA 147
      Configuring Authentication for IP SLA 149
      Monitoring IP SLA Operations 150
      PBR with Cisco IOS IP SLA 150
      Step 1: Define Probe(s) 151
      Step 2: Define Tracking Object(s) 152
      Step 3a: Define the Action on the Tracking Object(s) 152
      Step 3b: Define Policy Routing Using the Tracking Object(s) 152
      Step 4: Verify IP SLA Operations 152
      Chapter 7 BGP 155
      Configuring BGP: Classic Configuration 156
      Configuring Multiprotocol BGP (MP-BGP) 157
      Configuring BGP: Address Families 158
      Configuration Example: Using MP-BGP Address Families to Exchange IPv4 and IPv6 Routes 159
      BGP Support for 4-Byte AS Numbers 160
      BGP Timers 161
      BGP and update-source 161
      IBGP Next-Hop Behavior 162
      EBGP Multihop 162
      Attributes 164
      Route Selection Decision Process–The BGP Best Path Algorithm 164
      Weight Attribute 164
      Using AS Path Access Lists to Manipulate the Weight Attribute 166
      Using Prefix Lists and Route Maps to Manipulate the Weight Attribute 166
      Local Preference Attribute 167
      Using AS Path Access Lists with Route Maps to Manipulate the Local Preference Attribute 167
      AS Path Attribute Prepending 169
      AS Path: Removing Private Autonomous Systems 171
      Multi-Exit Discriminator (MED) Attribute 171
      Verifying BGP 174
      Troubleshooting BGP 175
      Default Routes 177
      Route Aggregation 177
      Route Reflectors 177
      Regular Expressions 178
      Regular Expressions: Examples 179
      BGP Route Filtering Using Access Lists and Distribute Lists 180
      Configuration Example: Using Prefix Lists and AS Path Access Lists 181
      BGP Peer Groups 182
      Authentication for BGP 184
      Configuring Authentication Between BGP Peers 184
      Verifying BGP Authentication 184

      PART III: INFRASTRUCTURE SERVICES
      Chapter 8 IP Services 185
      Network Address Translation (NAT) 186
      Private IP Addresses: RFC 1918 186
      Configuring Static NAT 187
      Configuring Dynamic NAT 188
      Configuring Port Address Translation (PAT) 189
      Configuring a NAT Virtual Interface 190
      Verifying NAT and PAT Configurations 190
      Troubleshooting NAT and PAT Configurations 191
      Configuration Example: PAT 191
      Configuration Example: NAT Virtual Interfaces and Static NAT 193
      First-Hop Redundancy Protocols 194
      Hot Standby Router Protocol 194
      Virtual Router Redundancy Protocol 201
      IPv4 Configuration Example: HSRP on L3 Switch 204
      IPv4 Configuration Example: VRRPv2 on Router and L3 Switch with IP SLA Tracking 209
      IPv6 Configuration Example: HSRPv2 on Router and L3 Switch 212
      Dynamic Host Control Protocol (DHCP) 217
      Implementing DHCP for IPv4 217
      Implementing DHCP for IPv6 221
      Configuration Example: DHCP for IPv4 224
      Configuration Example: DHCP for IPv6 226
      Chapter 9 Device Management 231
      Configuring Passwords 231
      Cleartext Password Encryption 232
      Password Encryption Algorithm Types 233
      Configuring SSH 234
      Verifying SSH 235
      Boot System Commands 235
      The Cisco IOS File System 236
      Viewing the Cisco IOS File System 236
      Commonly Used URL Prefixes for Cisco Network Devices 236
      Deciphering IOS Image Filenames 237
      Backing Up Configurations to a TFTP Server 238
      Restoring Configurations from a TFTP Server 238
      Backing Up the Cisco IOS Software to a TFTP Server 239
      Restoring/Upgrading the Cisco IOS Software from a TFTP Server 239
      Restoring the Cisco IOS Software Using the ROM Monitor Environmental Variables and tftpdnld Command 240
      Secure Copy Protocol (SCP) 241
      Configuring an SCP Server 241
      Verifying and Troubleshooting SCP 241
      Configuration Example: SCP 241
      Disabling Unneeded Services 242
      Useful Device Management Options 243

      PART IV: INFRASTRUCTURE SECURITY
      Chapter 10 Infrastructure Security 245
      IPv4 Access Control Lists (ACLs) 246
      Configuring and Applying Standard IPv4 ACLs 246
      Configuring and Applying Extended IPv4 ACLs 247
      Configuring and Applying Time-based ACLs 248
      Configuring and Applying VTY ACLs 249
      IPv6 ACLs 250
      Configuring and Applying IPv6 ACLs 250
      Verifying IPv4 and IPv6 ACLs 251
      Implementing Authentication Methods 251
      Simple Local Database Authentication 252
      AAA-based Local Database Authentication 252
      RADIUS Authentication 253
      TACACS+ Authentication 255
      Configuring Authorization and Accounting 256
      Troubleshooting AAA 257
      Control Plane Policing (CoPP) 257
      Step 1: Define ACLs to Identify Permitted CoPP Traffic Flows 258
      Step 2: Define Class Maps for Matched Traffic 258
      Step 3: Define a Policy Map to Police Matched Traffic 259
      Step 4: Assign a Policy Map to the Control Plane 259
      Verifying CoPP 260
      Unicast Reverse Path Forwarding (uRPF) 260
      Configuring uRPF 260
      Verifying and Troubleshooting uRPF 260

      PART V: NETWORK ASSURANCE
      Chapter 11 Network Assurance 261
      Internet Control Message Protocol Redirect Messages 262
      The ping Command 262
      Examples of Using the ping and the Extended ping Commands 263
      The traceroute Command 265
      The debug Command 265
      Conditionally Triggered Debugs 266
      Configuring Secure SNMP 267
      Securing SNMPv1 or SNMPv2c 267
      Securing SNMPv3 268
      Verifying SNMP 269
      Implementing Logging 269
      Configuring Syslog 269
      Syslog Message Format 269
      Syslog Severity Levels 270
      Syslog Message Example 270
      Configuring NetFlow 271
      Configuring Flexible NetFlow 272
      Step 1: Configure a Flow Record 272
      Step 2: Configure a Flow Exporter 272
      Step 3: Configure a Flow Monitor 272
      Step 4: Apply the Flow Monitor to an Interface 273
      Verifying NetFlow 273
      Implementing Port Mirroring 273
      Default SPAN and RSPAN Configuration 273
      Configuring Local SPAN 274
      Local SPAN Guidelines for Configuration 274
      Configuration Example: Local SPAN 274
      Configuring Remote SPAN 277
      Remote SPAN Guidelines for Configuration 278
      Configuration Example: Remote SPAN 278
      Configuring Encapsulated RSPAN (ERSPAN) 280
      Verifying and Troubleshooting Local and Remote SPAN 281
      Configuring Network Time Protocol 281
      NTP Configuration 281
      NTP Design 282
      Securing NTP 284
      Verifying and Troubleshooting NTP 286
      Setting the Clock on a Router 286
      Using Time Stamps 290
      Configuration Example: NTP 290
      Tool Command Language (Tcl) 294
      Embedded Event Manager (EEM) 295
      EEM Configuration Examples 296
      EEM and Tcl Scripts 298
      Verifying EEM 298

      PART VI: WIRELESS
      Chapter 12 Wireless Security and Troubleshooting 299
      Authenticating Wireless Clients 299
      Open Authentication 300
      Authenticating with a Pre-shared Key 302
      Authenticating with EAP 304
      Authenticating with WebAuth 310
      Troubleshooting from the Wireless LAN Controller 312
      Troubleshooting Wireless Client Connectivity 318
      Cisco AireOS Monitoring Dashboard GUI 318
      Cisco IOS XE GUI 322

      PART VII: OVERLAYS AND VIRTUALIZATION
      Chapter 13 Overlay Tunnels and VRF 325
      Generic Routing Encapsulation (GRE) 325
      Configuring an IPv4 GRE Tunnel 326
      Configuring an IPv6 GRE Tunnel 326
      Verifying IPv4 and IPv6 GRE Tunnels 327
      Configuration Example: IPv4 and IPv6 GRE Tunnels with OSPFv3 327
      Site-to-Site GRE over IPsec 331
      GRE/IPsec Using Crypto Maps 332
      GRE/IPsec Using IPsec Profiles 333
      Verifying GRE/IPsec 335
      Site-to-Site Virtual Tunnel Interface (VTI) over IPsec 335
      Cisco Dynamic Multipoint VPN (DMVPN) 336
      Configuration Example: Cisco DMVPN for IPv4 337
      Verifying Cisco DMVPN 342
      VRF-Lite 343
      Configuring VRF-Lite 343
      Verifying VRF-Lite 345

      Appendix A: Create Your Own Journal Here 347
       Index 361

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account