Network Fundamentals
-
- Lab Introduction
- Cisco Packet tracer
- GNS3
- EVE-NG
- Open Systems Interconnection OSI Model Review
- OSI Layer 1 – The Physical Layer
- OSI Layer 2 – Data-Link, Describe and verify switching concepts
- MAC
- LLC
- OSI Layer 3 – The Network Layer
- OSI Layer 4 – The Transport Layer
- TCP
- UDP
- Compare TCP to UDP
- OSI Layer 5 – Session
- OSI Layer 6 – Presentation
- OSI Layer 7 – Application
- The TCP/IP Stack
- IP Address
- IPv4
- Configure and verify IPv4 addressing and subnetting
- Describe the need for private IPv4 addressing
- CIDR and Subnetting
- VLSM
- Supernetting, IP Aggregation, IP Summarization
- IPv6
- Configure and verify IPv6 addressing and prefix
- Compare IPv6 address types
- Global unicast
- Unique local
- Link local
- Anycast
- Multicast
- Modified EUI 64
- SLAAC Stateless Address Autoconfiguration
- The Cisco Operating Systems Introduction – Naming & Versioning Convention
- IOS
- IOS-XE
- IOS-XR
- NX-OS
- Cisco ACI for Data Center [Application Centric Infrastructure – SDN]
- Cisco ASA [Adaptive Security Appliance Software]
- Cisco Licensing
- Initial Connection to a Cisco Devices
- Setup
- The boot Up Process
- Speed and Duplex Settings
- Explain the role and function of network components
- Cisco Products Name Convention
- Cisco Hardware Products Family
- Routers
- L2 and L3 switches
- Next-generation firewalls and IPS
- Access points
- Controllers (Cisco DNA Center and WLC)
- Endpoints
- Servers
- Describe characteristics of network topology architectures
- 3-Tier, Three-Tier Hierarchical Model
- 2-Tier Collapsed Core Architecture
- 2-Tier Spine-Leaf Architecture; Datacenter topology
- WAN Technologies
- Configure and verify PPP and MLPPP on WAN interfaces using local authentication
- Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication
- Configure, verify, and troubleshoot GRE tunnel connectivity
- WAN Topology Options
- Point-to-point
- Hub and spoke
- Full Mesh
- Single vs dual-homed
- Describe WAN access connectivity options
- MPLS
- Metro Ethernet
- Broadband PPPoE
- Internet VPN (DMVPN, site-to-site VPN, client VPN)
- Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only)
- Leased Lines
- Small office/home office (SOHO)
- On-premises and cloud
- Three primary modular interdependent components
- Network Foundation
- Network Services
- Network Reliant-User Services
- CSBA, Cisco Smart Business Architecture
- Redundancy System Standard
- UPTIME-2019
- ISO22237-2018
- EN 50600-2018
- TIA-942 B 2017
- BICSI 002-2019
- Compare physical interface and cabling types
- Single-mode fiber, multimode fiber, copper
- Connections (Ethernet shared media and point-to-point)
- Concepts of PoE
- Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)
- Verify IP parameters for Client OS (Windows, Mac OS, Linux)
- Describe wireless principles, Wireless Network Types
- Infrastructure Mode and Wireless Access Points
- Wireless LAN Controllers and CAPWAP
- Nonoverlapping Wi-Fi channels
- SSID
- RF, Wireless Channels and Radio Frequencies
- Encryption
- Explain virtualization fundamentals (virtual machines)
- Describe switching concepts
- MAC learning and aging
- Frame switching
- Frame flooding
- MAC address table
- ARP Address Resolution Protocol
- ARP for Routed Traffic
- The Cisco Troubleshooting Methodology
- Layer 1 and 2 Troubleshooting
- Network Device Management
- SNMPv2 Simple Network Management Protocol
- SNMPv3
- Syslog
- Configure and verify device management and Maintenance
- Backup and restore device configuration
- NTP and Time zone
- Cisco IOS upgrades and recovery (SCP, FTP, TFTP, and MD5 verify)
- Password recovery and configuration register
- File system management
- Cisco IOS tools to troubleshoot and resolve problems
- Ping and traceroute with extended option
- Terminal Monitor
- Log Events
- Local SPAN
- Cloud Computing
- Traditional IT Deployment Models
- Server Virtualization
- Cloud Service Models
- Cloud Deployment Models
- Lab Introduction
Network Access
- Configure and verify VLANs (normal/Extended range) spanning multiple switches
- Data Vlan
- Voice Vlan
- Management Vlan
- Native Vlan
- Private VLAN
- Primary VLAN, Promiscuous port
- Community VLAN, Community ports
- Isolated VLAN, Isolated ports
- Default VLAN
- Configure, verify, and troubleshoot Interswitch connectivity
- Trunk ports
- Add and remove VLANs on a trunk
- DTP
- VTP (v1&v2), and 802.1Q
- Configure and verify Layer 2 discovery protocols
- Cisco Discovery Protocol and
- LLDP
- Configure and verify (Layer 2/Layer 3) EtherChannel
- Static
- PAgP
- LACP
- STP – Spanning Tree Protocol
- STP mode (PVST+ and RPVST+), Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations
- STP root bridge selection
- MST
- Root port, root bridge (primary/secondary), and other port names
- Port states (forwarding/blocking)
- PortFast benefits
- BPDU Guard and Root Guard
- Spanning Tree and HSRP Alignment
- Compare Cisco Wireless Architectures and AP modes
- Describe physical infrastructure connections of WLAN components (AP, WLC, access/trunk ports, and LAG)
- Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console, and TACACS+/RADIUS)
- Configure the components of a wireless LAN access for client connectivity using GUI only such as WLAN creation, security settings, QoS profiles, and advanced WLAN settings
- Describe basic QoS concepts
- Marking
- Device Trust
- Prioritization
- Voice
- Video
- Data
- Shaping
- Policing
- Congestion Management
- Troubleshoot network connectivity issues using ICMP echo-based IP SLA
- Network Redundancy
- HSRP – Hot Standby Router Protocol
- Priority
- Preemption
- Version
- FHRP First Hop Redundancy Protocols
- HSRP – Hot Standby Router Protocol
- EtherChannel
- EtherChannel Load Balancing
- EtherChannel Protocols and Configuration
- StackWise, VSS and vPC
- Layer 3 EtherChannel
IP Connectivity
-
-
- Describe the routing concepts
- Packet handling along the path through a network
- Forwarding decision based on route lookup
- Frame rewrite
- Interpret the components of routing table
- Prefix
- Network mask
- Next hop
- Routing protocol code
- Administrative distance
- Metrics
- Hop Count
- Bandwidth Capacity
- Delay
- Reliability
- Gateway of last resort
- Determine how a router makes a forwarding decision by default
- Longest match
- Administrative distance
- Routing protocol metric
- Configure and verify IPv4 and IPv6 static routing
- Default route
- Network route
- Host route
- Floating static
- Connected and Local Routes
- Summary Route
- Compare and contrast distance vector and link state routing protocols
- Compare and contrast interior [IGP] and exterior routing [EGP] protocols
- Dynamic Routing Protocols
- Routing Protocol Types
- Routing Protocol Metrics
- Equal Cost Multi Path
- Administrative Distance
- Loopback Interfaces
- Adjacencies and Passive Interfaces
- Connectivity Troubleshooting
- IGP Interior Gateway Protocol Fundamentals
- Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution)
- Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)
- Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)
- Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)
- Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs
- BGP
- IS-IS
- Describe the purpose of first hop redundancy protocol
- Configure, verify, and troubleshoot inter-VLAN routing
- Router on a Stick
- SVI
- Describe the routing concepts
-
IP Services
-
- Configure and verify inside source NAT using static and pools
- IPv4 Address Exhaustion and NAT
- Static NAT
- NAT Translations – Inside Local, Inside Global, Outside Local, Outside Global
- Dynamic NAT
- PAT Port Address Translation
- Configure and verify NTP operating in a client and server mode
- Explain the role of DNS within the network, DNS Lookup Operation
- Explain the function of SNMP in network operations
- Describe the use of syslog features including facilities and levels
- DHCP – Dynamic Host Configuration Protocol
- Cisco DHCP Server
- External DHCP Server
- Cisco DHCP Client
- Configure and verify DHCP relay
- TFTP, DNS, and gateway options
- Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing, congestion, policing, shaping
- Configure network devices for remote access using SSH
- Describe the capabilities and function of TFTP/FTP in the network
- Configure and verify inside source NAT using static and pools
Security Fundamentals
-
- Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)
- Describe security program elements (user awareness, training, and physical access Control)
- Common Attacks
- Configure device access control using local passwords
- Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
- VPN
- Describe remote access and site-to-site VPNs
- DMVPN
- Cisco Any Connect
- Configure and verify access control lists, ACLs – Access Control Lists
- Standard ACL
- Extended ACL
- Named ACLs
- Verify ACLs using the APIC-EM Path Trace ACL analysis tool
- Configure Layer 2 security features
- DHCP snooping,
- dynamic ARP inspection
- port security
- Static
- Dynamic
- Sticky
- Max MAC addresses
- Violation
- Err-disable recovery
- 1X Identity Based Networking
- Differentiate authentication, authorization, and accounting concepts
- Describe wireless security protocols (WPA, WPA2, and WPA3)
- Configure WLAN using WPA2 PSK using the GUI
- Firewalls and IDS/Ips
- Firewalls vs Packet Filters
- Cryptography
- TLS Transport Layer Security
- Configure, verify, and troubleshoot basic device hardening
- Local authentication, Usernames and Privilege Levels
- Secure Password, Privileged Exec and Password Encryption
- Access to device
- SSH Secure Shell
- Telnet
- Login banner
- Describe device security using AAA with TACACS+ and RADIUS
Automation and Programmability
-
- Explain how automation impacts network management
- Compare traditional networks with controller-based networking
- Describe controller-based and software defined architectures (overlay, underlay, and fabric)
- Separation of control plane and data plane
- North-bound and south-bound APIs
- The Benefits of Network Automation and Programmability
- Compare traditional campus device management with Cisco DNA Center enabled device management
- Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)
- Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible
- Data Serialization Formats – XML, JSON and YAML
- Python, Git, GitHub and CI-CD
- Model Driven Programmability – YANG, NETCONF, RESTCONF and gRPC
- Configuration Management Tools – Ansible
- SDN Software Defined Networking
- Software Defined Architecture – Cisco DNA Center
- Software Defined Architecture – Cisco SD-Access
- Software Defined Architecture – Cisco SD-WAN
