Cisco Networks Engineers Handbook of Routing Switching and Security With IOS NX OS and ASA 2nd Edition Chris Carthern William Wilson Noel Rivera

Cisco Networks Engineers Handbook of
Routing Switching and Security with

IOS NX OS and ASA 2nd Edition Chris
Carthern William Wilson Noel Rivera
Visit to download the full and correct content document:
https://textbookfull.com/product/cisco-networks-engineers-handbook-of-routing-switch
ing-and-security-with-ios-nx-os-and-asa-2nd-edition-chris-carthern-william-wilson-noel
-rivera/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
Building Data Centers with VXLAN BGP EVPN A Cisco NX OS

Perspective 1st Edition Lukas Krattiger
https://textbookfull.com/product/building-data-centers-with-
vxlan-bgp-evpn-a-cisco-nx-os-perspective-1st-edition-lukas-
krattiger/
Cisco CCNA Simplified Your Complete Guide to Passing

the Cisco CCNA Routing and Switching Exam 5th Edition
Paul W Browning
https://textbookfull.com/product/cisco-ccna-simplified-your-
complete-guide-to-passing-the-cisco-ccna-routing-and-switching-
exam-5th-edition-paul-w-browning/
LISP Network Deployment and Troubleshooting The

Complete Guide to LISP Implementation on IOS XE IOS XR
and NX OS 1st Edition Tarique Shakil
https://textbookfull.com/product/lisp-network-deployment-and-
troubleshooting-the-complete-guide-to-lisp-implementation-on-ios-
xe-ios-xr-and-nx-os-1st-edition-tarique-shakil/
Getting Started with NSX-T: Logical Routing and

Switching 1st Edition Iwan Hoogendoorn
https://textbookfull.com/product/getting-started-with-nsx-t-
logical-routing-and-switching-1st-edition-iwan-hoogendoorn/
31 Days Before Your CCNA Routing Switching Exam Allan
Johnson
https://textbookfull.com/product/31-days-before-your-ccna-
routing-switching-exam-allan-johnson/
CCNA Routing and Switching ICND2 200 105 Official Cert

Guide 1st Edition Wendell Odom
https://textbookfull.com/product/ccna-routing-and-switching-
icnd2-200-105-official-cert-guide-1st-edition-wendell-odom/
CCNA Routing and Switching ICND2 200 105 Official Cert

Guide Academic Edition Wendell Odom
icnd2-200-105-official-cert-guide-academic-edition-wendell-odom/
CCNA Routing and Switching Complete Study Guide Exam

100 105 Exam 200 105 Exam 200 125 2nd Edition Todd
Lammle
complete-study-guide-exam-100-105-exam-200-105-exam-200-125-2nd-
edition-todd-lammle/
iOS 10 SDK Development Creating iPhone and iPad Apps

with Swift Chris Adamson
https://textbookfull.com/product/ios-10-sdk-development-creating-
iphone-and-ipad-apps-with-swift-chris-adamson/
Cisco
Networks
Engineers‘ Handbook of Routing, Switching,
and Security with IOS, NX-OS, and ASA
—
Second Edition
—
Chris Carthern
William Wilson
Noel Rivera
Cisco Networks
Engineers’ Handbook of Routing, Switching,
and Security with IOS, NX-OS, and ASA
Second Edition
Chris Carthern
William Wilson
Noel Rivera
8 Cisco Networks: Engineers’ Handbook of Routing, Switching, and Security with IOS,
9 NX-OS, and ASA
50
53
48
51 Chris Carthern William Wilson
49
52 Bangkok, Krung Thep, Thailand PSC 559 box 6092 FPO AP 96377 USA, HI, USA
54 Noel Rivera
55 PSC 559 BOX 6092. FPO, AP, HI, USA
10 ISBN-13 (pbk): 978-1-4842-6671-7 ISBN-13 (electronic): 978-1-4842-6672-4

11 https://doi.org/10.1007/978-1-4842-6672-4
12 Copyright © 2021 by Chris Carthern and William Wilson and Noel Rivera
13 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
14 material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
15 broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
16 storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
17 known or hereafter developed.
18 Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every
19 occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial
20 fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
21 The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are
22 not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to
23 proprietary rights.
24 While the advice and information in this book are believed to be true and accurate at the date of publication,
25 neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or
26 omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
27 material contained herein.
28 Managing Director, Apress Media LLC: Welmoed Spahr
29 Acquisitions Editor: Aditee Mirashi
30 Development Editor: Matthew Moodie
31 Coordinating Editor: Aditee Mirashi
32 Cover designed by eStudioCalamar
33 Cover image designed by Freepik (www.freepik.com)
34 Distributed to the book trade worldwide by Springer Science+Business Media New York, 1 New York
35 Plaza, Suite 4600, New York, NY 10004-1562, USA. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail
36 orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC
37 and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc).
38 SSBM Finance Inc is a Delaware corporation.
39 For information on translations, please e-mail booktranslations@springernature.com; for reprint,
40 paperback, or audio rights, please e-mail bookpermissions@springernature.com.
41 Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and
42 licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales
43 web page at http://www.apress.com/bulk-sales.
44 Any source code or other supplementary material referenced by the author in this book is available to
45 readers on GitHub via the book’s product page, located at www.apress.com/978-1-4842-6671-7. For more
46 detailed information, please visit http://www.apress.com/source-code.
47 Printed on acid-free paper
This book is dedicated to Chadwick Boseman who was a real-life superhero who inspired generations 56
to take up the mantle and make sure his legacy lives on through us. Wakanda Forever. 57
Table of Contents 58
About the Authors��xxv 59
About the Technical Reviewer��xxvii 60
Acknowledgments��xxix 61
Introduction��xxxi 62
■
■Chapter 1: Introduction to Practical Networking�� 1 63
Tools of the Trade�� 1 64
Open Systems Interconnection (OSI) Model�� 3 65
Physical Layer�� 7 66
Data Link Layer�� 8 67
Network Layer�� 9 68
Transport Layer�� 10 69
Connection-Oriented�� 10 70
Session Layer�� 10 71
Presentation Layer�� 11 72
Application Layer�� 11 73
The OSI Model: Bringing It All Together�� 12 74
TCP/IP�� 13 75
TCP/IP Application Layer�� 14 76
TCP/IP Transport Layer�� 14 77
TCP/IP Internet Layer�� 15 78
TCP/IP Network Interface Layer�� 16 79
Reliability�� 17 80
v
■ Table of Contents
81 Three-Way Handshake and Connection Termination�� 18

82 User Datagram Protocol�� 19
83 Port Numbers�� 20
84 Types of Networks�� 21
85 Personal Area Network�� 21
86 Local Area Network�� 21
87 Campus Area Network�� 21
88 Metropolitan Area Network�� 21
89 Wide Area Network�� 22
90 Wireless Wide Area Network�� 22
91 Virtual Private Network�� 22
92 Hierarchical Internetwork Model�� 23
93 Software-Defined Networking Overview�� 24
94 Software-Defined Network Control Models�� 24
95 Summary�� 24
96 ■
■Chapter 2: The Physical Medium�� 27
97 Layer 1�� 27
98 Standards�� 28
99 Cables�� 29
100 Twisted Pair Cable�� 29
101 Coaxial Cable�� 31
102 Fiber-Optic Cabling�� 32
103 Fiber-Optic Transmission Rates�� 33
104 Wireless Communication�� 33
105 Ethernet�� 34
106 Duplex�� 34
107 Time Division Duplexing�� 35
108 Frequency Division Duplexing�� 35
109 Autonegotiation�� 35
110 Unidirectional Link Detection�� 37
vi
Common Issues�� 37 111
Duplex Mismatch�� 37 112
Bad Connector Terminations�� 38 113
Summary�� 38 114
■
■Chapter 3: Data Link Layer�� 39 115
Protocols�� 39 116
The Address Resolution Protocol (ARP)�� 39 117
The Reverse Address Resolution Protocol (RARP)�� 42 118
Link Layer Functions�� 42 119
Framing�� 42 120
Addressing�� 42 121
Synchronizing�� 43 122
Flow Control�� 43 123
Link Layer Discovery Protocol (LLDP)�� 44 124
Class of Endpoints�� 44 125
LLDP Benefits�� 45 126
Cisco Discovery Protocol (CDP)�� 48 127
Address Resolution Mapping on IPv6 Networks�� 52 128
■
■Chapter 4: The Network Layer with IP�� 59 130
IP Addressing (Public vs. Private)�� 60 131
Public�� 60 132
Private�� 60 133
IPv4�� 60 134
Class A�� 61 135
Class B�� 61 136
Class C�� 61 137
IPv4 Packet Header�� 61 138
vii
139 IPv6�� 63
140 IPv6 Addresses�� 63
141 IPv6 Packet Header�� 64
142 Classless Inter-Domain Routing�� 65

143 Subnetting�� 65
144 Subnet Mask�� 66
145 A Simple Guide to Subnetting�� 66
146 Variable-Length Subnet Masking�� 69

147 Classful Subnetting�� 71
148 VLSM Subnetting�� 71
149 Subnetting Exercises�� 72

150 Subnetting Exercise Answers�� 75
151 Exercise 1 Answers�� 75
155 Summary�� 77
156 ■
■Chapter 5: Intermediate LAN Switching�� 79
157 Cisco Console Access�� 79
158 Configuration Help�� 82
159 Displaying the Running Configuration�� 83
160 Configuring the Router�� 84
161 Switching�� 86
162 Link Aggregation Group (LAG)�� 86
163 Spanning Tree Protocol�� 91
164 Why Do You Need STP?�� 91
165 How STP Works�� 91
166 Bridge Protocol Data Units�� 92
167 Rapid Spanning Tree Protocol�� 93
viii
Virtual Logical Network (VLAN)�� 96 168
VLAN Configuration�� 97 169
IOU1 Configuration�� 98 170
Trunking�� 103 171
Trunk Configuration�� 105 172
Routing Between VLANs�� 107 173
Routing VLAN Configurations�� 108 174
VLAN Trunking Protocol�� 109 175
VTP Modes�� 109 176
VTP Pruning�� 110 177
VTP Configuration�� 110 178
Multiple Spanning Tree Protocol�� 113 179
MSTP Configuration�� 115 180
Exercises�� 121 182
Exercise Answers�� 127 183
Exercise 1�� 127 184
■
■Chapter 6: Routing�� 141 190
Static Routing�� 141 191
The Process of Routing�� 142 192
Default Routing�� 146 193
Testing Connectivity�� 146 194
Dynamic Routing Protocols�� 148 195
Distance-Vector Routing Protocol�� 149 196
Link-State Routing Protocol�� 149 197
Hybrid Routing Protocol�� 150 198
ix
199 RIP�� 150

200 RIP Configuration�� 150
201 Authentication�� 152
202 EIGRP�� 156

203 OSPF�� 162
204 Configuring OSPF�� 166
205 Router ID�� 171
206 IS-IS�� 172

207 IS-IS Addressing�� 173
208 IS-IS Configuration�� 173
209 Link-State Packet Database�� 177
210 Authentication�� 179
211 Passive Interfaces�� 182
212 IS-IS Adjacency�� 183
213 BGP�� 183

214 BGP Configuration�� 184
215 Administrative Distance�� 189

216 RIP�� 189
217 EIGRP�� 190
218 OSPF�� 190
219 IS-IS�� 191
220 BGP�� 191

222 Exercises�� 192
223 Exercise Answers�� 195
224 Exercise 1�� 195
x
■
■Chapter 7: Introduction to Tools and Automation�� 211 230
Tools Overview�� 211 231
Introduction to Prime Infrastructure�� 211 232
Hands-On Experience and Limitations�� 213 233
Introduction to Identity Services Engine�� 214 234
Introduction to Software-Defined WAN and vManage�� 214 235
Introduction to Digital Network Architecture�� 215 236
Introduction to Application Centric Infrastructure�� 216 237
Vendor-Agnostic Automation Tools�� 217 238
■
■Chapter 8: Basic Switch and Router Troubleshooting�� 219 240
Troubleshooting�� 219 241
Documenting Your Network�� 219 242
First Things First: Identify the Problem�� 220 243
Physical Medium and Ethernet�� 222 244
VLANs and Trunks�� 225 245
EtherChannel�� 229 246
VTP�� 232 247
Spanning Tree�� 234 248
Routing�� 237 249
Static Routing�� 237 250
Dynamic Routing�� 240 251
xi

262 ■
■Chapter 9: Network Address Translation and Dynamic Host
263 Configuration Protocol�� 291
264 NAT�� 291
265 Static NAT�� 292
266 Dynamic NAT�� 293
267 Port Address Translation (PAT)�� 294
268 DHCP�� 296
269 DHCP Process�� 297
270 Setting Up a Router As a DHCP Client�� 297
271 Setting Up a Router to Send a Request to a DHCP Server�� 298
272 Setting Up a RouterAs a DHCP Server�� 299
280 ■
■Chapter 10: Management Plane�� 309
281 The Management Plane Defined�� 310
282 Authentication and Authorization Basics�� 310
283 User Accounts�� 313
284 Password Recovery�� 314
285 Banners�� 317
286 Management Sessions�� 318
287 Telnet�� 318
288 SSH�� 319
289 Console and Auxiliary Lines�� 321
xii
10.6Disabling Services�� 321 290
Disabled Services�� 321 291
Disabled Services on Interfaces�� 322 292
Authentication, Authorization, and Accounting (AAA)�� 322 293
RADIUS�� 323 294
TACACS+�� 330 295
Certificate-Based Authentication and Authorization�� 334 296
Monitoring/Logging�� 338 297
Simple Network Management Protocol�� 339 298
Syslog�� 342 299
Prime Infrastructure Overview�� 344 300
Introduction to Netconf�� 346 301
■
■Chapter 11: Data Plane�� 349 308
Traffic Protocols�� 349 309
Filters and Introduction to Data Plane Security�� 351 310
State Machines�� 354 311
Stateful Protocols�� 358 312
Stateless Protocols�� 362 313
NetFlow and sFlow�� 363 314
xiii
317 ■
■Chapter 12: Control Plane�� 373
318 Layer 2�� 373
319 Layer 2 and 3 Interaction�� 376
320 Routing Protocols�� 377

321 Interior Gateway Protocols�� 377
322 Exterior Gateway Protocols�� 394
323 Protocol-Independent Multicasting�� 401

324 Domain Name System�� 405
325 Network Time Protocol�� 408
326 Tools for Control Plane Management�� 412
328 Preliminary Work�� 416
329 OSPF�� 417
330 BGP�� 418
331 NTP�� 419

333 Preliminary Configurations�� 420
334 OSPF�� 424
335 BGP�� 427
336 NTP�� 432
337 Named Mode EIGRP with Authentication�� 434
338 Multicast�� 436

340 ■
■Chapter 13: Introduction to Availability�� 439
341 High Availability�� 439
342 Layer 3 Multipathing�� 440
343 First Hop Redundancy Protocol (FHRP)�� 441
344 HSRP�� 441
345 VRRP�� 445
346 GLBP�� 447
xiv
Multilinks�� 451 347
Availability Exercises�� 453 348
■
■Chapter 14: Advanced Routing�� 463 354
EIGRP�� 463 355
Unicast�� 464 356
Summarization�� 464 357
Load Balancing�� 465 358
EIGRP Stub�� 465 359
Traffic Engineering with EIGRP�� 465 360
Authentication�� 466 361
Multiarea and Advanced OSPF�� 467 362
Summarization�� 468 363
OSPF Stub�� 469 364
Cost Manipulation�� 469 365
OSPF Virtual Link�� 470 366
Authentication�� 472 367
Policy-Based Routing Using Route Maps�� 472 368
Redistribution�� 475 369
RIP Redistribution Overview�� 476 370
EIGRP Redistribution Overview�� 476 371
OSPF Redistribution Overview�� 478 372
BGP Redistribution Overview�� 479 373
Avoiding Loops and Suboptimal Routing�� 480 374
xv
375 BGP�� 481

376 Address Families�� 481
377 Peer Groups and Templates�� 481
378 Dynamic Neighbors�� 484
379 Next Hop Issues with iBGP�� 486
380 Anycast�� 486
381 Traffic Engineering with BGP�� 487
382 IPv6 Routing�� 489

383 EIGRPv6�� 491
384 OSPFv3�� 494
385 DHCPv6�� 496
386 NAT and IPV6�� 499
387 GRE Tunnels�� 504

388 BGP Issues�� 506
389 IPSec�� 506

390 Router8 Configuration�� 509
392 IKEv2�� 512

394 Advanced Routing Exercises�� 525
395 Exercise 1: EIGRP and OSFP Redistribution�� 525
396 Exercise 2: GRE and IPSEC�� 525
397 Exercise 3: IKEv2�� 526
398 Exercise 4: BGP�� 526
399 Exercise 5: IPv6 OSPF and EIGRP Redistribution�� 527

xvi
■
■Chapter 15: QoS�� 541 406
Intro to QoS�� 541 407
Classifications and Markings�� 543 408
Policing and Shaping�� 554 409
QoS on Tunnels and Subinterfaces�� 577 410
IPv6 QoS�� 577 411
QoS Design Strategies�� 579 412
Exercise�� 581 413
■
■Chapter 16: Advanced Security�� 583 414
Private VLANs�� 584 415
Use Case�� 584 416
Promiscuous vs. Community vs. Isolated�� 584 417
Configuration�� 585 418
Using Access Lists�� 586 419
Extended ACL�� 586 420
VACL�� 588 421
PACL�� 589 422
ARP and DHCP Snooping�� 590 423
Identity Services Engine�� 595 424
ISE and 802.1x�� 595 425
AAA�� 619 426
Advanced Security Exercises�� 627 427
Exercise 1: Extended ACL Exercises�� 627 428
Exercise 2: AAA Exercises�� 628 429
xvii
434 ■
■Chapter 17: Advanced Troubleshooting�� 631
435 Access Control List�� 631
436 VACL�� 634
437 PACL�� 635
438 Network Address Translation�� 635
439 Static NAT�� 636
440 Dynamic NAT�� 641
441 Overload�� 645
442 HSRP, VRRP, and GLBP�� 646

443 HSRP�� 647
444 VRRP�� 649
445 EIGRP�� 651

446 OSPF�� 655
447 BGP�� 658
448 Neighbor Relationships�� 658
449 Missing Prefixes�� 660
450 Route Redistribution�� 665

451 EIGRP�� 665
452 OSPF�� 668
453 GRE Tunnels�� 671

454 Recursive Routing�� 673
455 IPSec�� 674

456 Transform Mismatch�� 675
457 Key Mismatch�� 679
458 IPv6�� 680

460 Advanced Troubleshooting Exercises�� 689
xviii
■
■Chapter 18: Effective Network Management�� 705 467
Sample Network�� 705 468
Logs�� 706 469
Simple Network Management Protocol�� 708 470
Service-Level Agreements and Embedded Event Manager�� 715 471
sFlow and NetFlow Tools�� 718 472
Intrusion Detection and Prevention Systems�� 719 473
Management and Design of Management Data�� 722 474
Syslog�� 726 476
SNMP�� 727 477
Service Policy�� 727 478
Initial Configuration�� 727 480
Syslog�� 728 481
SNMP�� 729 482
Service Policy�� 729 483
■
■Chapter 19: Data Center and NX-OS�� 731 485
Fabric Design�� 731 486
NX-OS�� 732 487
NX-OSv�� 734 488
VLAN�� 735 489
Configuring a Non-routed VLAN�� 735 490
Configuring a VLAN As a Routed Switched Virtual Interface (SVI)�� 735 491
VLAN Trunking Protocol�� 736 492
xix
493 Nexus Routing�� 737

494 EIGRP�� 737
495 OSPF�� 741
496 BGP�� 745
497 Virtual Routing and Forwarding Contexts�� 747
498 Port Channels�� 751

499 Virtual Port Channels�� 757
500 Port Profiles�� 759

501 FEX�� 759
502 First Hop Redundancy Protocols�� 760
503 HSRP�� 760
504 VRRP�� 762
505 Nexus Security�� 763

506 Local User Accounts�� 764
507 TACACS+�� 765
508 Control Plane Policing�� 767
509 Network Virtualization�� 768

510 Virtual Device Context (VDC)�� 768
511 Overlay Transport Virtualization�� 768
512 Virtual Extensible LANs Overview�� 771
513 Application Centric Infrastructure Overview�� 772
514 NX-OS Exercise�� 772

515 Exercise Answer�� 773
517 ■
■Chapter 20: Wireless LAN (WLAN)�� 777
518 Wireless LANs (WLANs)�� 777
519 Wireless Standards�� 777
520 Wireless Components�� 778
521 Wireless Access Points�� 778
522 Wireless Controllers/Switches�� 778
xx
Installing a WLAN�� 778 523
Wireless Site Survey�� 779 524
Access Point Installation�� 779 525
Access Point Configuration�� 780 526
WLAN Controller Installation�� 780 527
WLAN Controller Configuration�� 780 528
Security�� 792 529
Encryption and Authentication�� 792 530
Cisco ISE�� 795 531
Cisco ISE and WLAN�� 795 532
Wireless Setup Wizard�� 797 533
Hotspot Wizard�� 802 534
BYOD Wizard�� 806 535
Cisco Prime�� 811 536
Administration: Prime Infrastructure server management.�� 813 537
Wireless Network Monitoring�� 814 538
Prime Infrastructure Maps�� 817 539
Prime Infrastructure Configuration�� 822 540
Threats and Vulnerabilities�� 825 541
Wireless Exercise�� 826 543
■
■Chapter 21: Firepower�� 835 546
Testing Policies in a Safe Environment�� 835 547
Management Access and Configuration�� 836 548
Initial Setup�� 836 549
Objects Overview�� 846 550
Device Configuration Overview�� 847 551
System Configuration and Platform Settings�� 879 552
External Authentication�� 882 553
xxi
554 Monitoring Overview�� 887

555 Management Console�� 887
556 Remote Syslog�� 889
557 eStreamer�� 891
558 Health Policies�� 893
559 Access Policies�� 895

560 Baselining and Discovery�� 895
561 Access Policy Basics�� 896
562 Application-Based Rules�� 901
563 Intrusion Policies Introduction�� 902
564 Intrusion Policy Tuning�� 904

565 Virtual Private Networks�� 909
566 Site to Site�� 909
567 Remote Access�� 919
568 Troubleshooting�� 928

570 ■
■Chapter 22: Introduction to Network Penetration Testing�� 933
571 Overview�� 933
572 Reconnaissance and Scanning�� 933
573 Vulnerability Assessment�� 938
574 Exploitation�� 942

575 The Human Factor�� 949

577 ■
■Chapter 23: Multiprotocol Label Switching�� 951
578 Multiprotocol Label Switching Basics�� 951
579 Label Protocols�� 962
580 LDP Security and Best Practices�� 964
581 LDP Verification�� 967
xxii
Layer 3 MPLS VPN�� 969 582
Site-to-Site VPN�� 972 583
Shared Extranet�� 984 584
Leaking Prefixes�� 988 585
Layer 2 MPLS VPN�� 990 586
IPv6 over MPLS�� 1000 587
MPLS Backbone�� 1003 589
Leak to CustomerB�� 1004 591
Tunneling IPv6�� 1005 592
MPLS Backbone�� 1006 594
Leak to CustomerB�� 1011 596
Tunneling IPv6�� 1013 597
Summary�� 1016 598
■
■Chapter 24: DMVPN�� 1017 599
DMVPN�� 1017 600
Phase 1�� 1018 601
Phase 2�� 1022 602
Phase 3�� 1025 603
Phase 3 with IPSec�� 1028 604
Phase 3 with OSPF�� 1029 605
FlexVPN�� 1031 606
Single-DMVPN Dual Hub�� 1034 607
Dual-DMVPN Dual Hub�� 1038 608
Summary�� 1043 609
xxiii
610 DMVPN Exercises�� 1043

611 Exercise 1: DMVPN Phase 3 with BGP�� 1043
612 Exercise 2: IPSec�� 1043
613 Exercise 3: FlexVPN�� 1044

615 Exercise 1: DMVPN Phase 3 with BGP�� 1044
616 Exercise 2: IPSec�� 1047
617 Exercise 3: FlexVPN�� 1048
618 ■
■Index�� 1053
xxiv
About the Authors 619
Chris Carthern is a senior network engineer with 15 years of experience

this figure will be printed in b/w
620
in the network engineering field. He is responsible for designing, 621
implementing, and maintaining wide area and campus area networks. 622
Carthern obtained his BS (honors) in computer science from Morehouse 623
College and his MS in systems engineering from the University 624
of Maryland, Baltimore County (UMBC). He holds the following 625
certifications: Cisco Certified Network Professional (CCNP), Certified 626
Information Systems Security Professional (CISSP), and Brocade Certified 627
Network Professional (BCNP). 628
AU2 Noel Rivera is a systems architect with CACI who specializes in communications networks, IT security, and 629
infrastructure automation. He has worked at NASA, DoD, Lockheed Martin, and CACI. Mr. Rivera holds a 630
bachelor’s degree in electrical engineering from the University of Puerto Rico at Mayaguez and two master’s 631
degrees, one in electrical engineering and another in computer science, from Johns Hopkins University. 632
Mr. Rivera holds the following certifications: Cisco Certified Internetwork Expert in Routing and Switching 633
(CCIE-RS), Cisco Certified Internetwork Expert in Security (CCIE-SEC), Certified Information Systems 634
Security Professional (CISSP), Certified Ethical Hacker (CEH), Juniper Networks Certified Service Provider 635
Professional (JNCIP-SP), Juniper Networks Certified Cloud Professional (JNCIP-Cloud), VMWare Certified 636
Data Center Virtualization Professional (VCP-DCV), VMWare Certified Network Virtualization Professional 637
(VCP-NV), and ITILv3. He is currently working on his Juniper Networks Certified Service Provider Expert 638
certification (JNCIE-SP) and Microsoft Azure Solutions Architect Expert certification. 639
Dr. William Wilson is a senior network consulting engineer. He

this figure will be printed in b/w
640
specializes in the optimization of routing and in security. He is responsible 641
for assisting customers with resolving complex architectural and 642
operation issues. He holds a bachelor’s degree in mathematics from 643
the University of Colorado. His doctorate is in computer science with a 644
focus on applications of artificial intelligence in information security. 645
He maintains the following certifications: CCIE Routing and Switching, 646
CCIE Security, all of the CCNP tracks, Cisco DevNet Professional, VCP-NV, 647
Certified Ethical Hacker, CISSP, MCSE, and PMP. 648
649
xxv
About the Technical Reviewer 650
Marc Julian has graduated from the University of Maryland, Baltimore County, with a Bachelor of Science 651
in information systems. He is currently working at Cisco Systems Inc. as a network consulting engineer. He 652
is CompTIA Network+ certified, CCNA R&S certified, and CCNP R&S certified. He will continue to work on 653
receiving IT certifications such as Cisco certifications, MCSE certifications, and CWNA certifications. 654
xxvii
Acknowledgments 655
Special thanks to my coauthors for your contributions to this book. I’m extremely grateful to my parents, 656
Taylor and Lisa, and sister, Breanna, for all the support you have given me and the importance you placed 657
on higher education. To my best friend, Tony Aaron II, I would like to express my deepest appreciation for 658
the endless support. Thanks should also go to our technical reviewer, Marc Julian, for all the feedback on 659
the content and exercises in the book; this book is better because of your diligent reviews. Lastly, I very 660
much appreciate my publisher, Apress, for valuing our first edition and trusting us to complete a second. For 661
anyone I missed, thank you all for your support and helping me become a better engineer. 662
—Chris Carthern 663
xxix
Introduction 664
Cisco Networks, Second Edition is a practical guide and desk reference for Cisco engineers. For beginning 665
and experienced network engineers tasked with building LAN (local area network), WAN (wide area 666
network), and data center connections, this book lays out clear directions for installing, configuring, 667
and troubleshooting networks with Cisco devices. What is new is this edition includes discussions about 668
AU1 software-defined (SD) networks and building Dynamic Multipoint VPNs (DMVPNs) using IPSec (Internet 669
Protocol Security) Virtual Private Networks (VPNs). A new chapter on Quality of Service (QoS) has been 670
added to teach managing network resources by prioritizing specific types of network traffic. The second 671
edition has an updated wireless section which focuses on an updated controller and integration with Cisco 672
Identity Services Engine (ISE) and Cisco Prime Infrastructure. The emphasis throughout is on solving the 673
real-world challenges engineers face in configuring network devices, rather than on exhaustive descriptions 674
of hardware features. 675
This practical desk companion doubles as a comprehensive overview of the basic knowledge and 676
skills needed by CCNA and CCNP exam takers. It distils a comprehensive library of cheat sheets, lab 677
configurations, and advanced commands that the authors assembled as senior network engineers. Prior 678
familiarity with Cisco routing and switching is desirable but not necessary, as the authors start their book 679
with a review of network basics and move on to configuring routers and switches from a beginner level. 680
The purpose of this book is to provide a practical guide for network engineers who work with Cisco devices 681
on a daily basis. This book is not a Cisco certification guide, but you will learn key concepts that will be on 682
exams to include the CCNA and CCNP. This book intends to be a day-to-day reference for the daily tasks you 683
perform as a network engineer. 684
This book will cover advanced topics such as configuring wireless networks, securing your networks, 685
and covering best practices. Learn how to strengthen your networks with VPNs and security devices and 686
deployment using Cisco Identity Services Engine (ISE). By the end of the book, you will have mastered 687
deploying Cisco networks. 688
xxxi
Author Queries
Chapter No.: 0005078445
Queries Details Required Author’s Response

AU1 Both forms “IPSec” and “IPsec” have been used in the text and retained as given. Please
check if okay.
AU2 Please check if the author bios should be placed in the order in which the author names
appear on the book cover.
Another random document with
no related content on Scribd:
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back

Cisco Networks Engineers Handbook of Routing Switching and Security With IOS NX OS and ASA 2nd Edition Chris Carthern William Wilson Noel Rivera

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Networks Engineers Handbook of Routing Switching and Security With IOS NX OS and ASA 2nd Edition Chris Carthern William Wilson Noel Rivera

Uploaded by

Copyright:

Available Formats

Cisco Networks Engineers Handbook of

Routing Switching and Security with

Building Data Centers with VXLAN BGP EVPN A Cisco NX OS

Cisco CCNA Simplified Your Complete Guide to Passing

LISP Network Deployment and Troubleshooting The

Getting Started with NSX-T: Logical Routing and

CCNA Routing and Switching ICND2 200 105 Official Cert

CCNA Routing and Switching ICND2 200 105 Official Cert

CCNA Routing and Switching Complete Study Guide Exam

iOS 10 SDK Development Creating iPhone and iPad Apps

10 ISBN-13 (pbk): 978-1-4842-6671-7 ISBN-13 (electronic): 978-1-4842-6672-4

About the Technical Reviewer�����������������������������������������������������������������������������xxvii 60

Open Systems Interconnection (OSI) Model��������������������������������������������������������������������� 3 65

The OSI Model: Bringing It All Together�������������������������������������������������������������������������� 12 74

81 Three-Way Handshake and Connection Termination���������������������������������������������������������������������������� 18

The Reverse Address Resolution Protocol (RARP)�������������������������������������������������������������������������������� 42 118

Link Layer Discovery Protocol (LLDP)����������������������������������������������������������������������������� 44 124

Cisco Discovery Protocol (CDP)�������������������������������������������������������������������������������������� 48 127

Address Resolution Mapping on IPv6 Networks������������������������������������������������������������� 52 128

IP Addressing (Public vs. Private)����������������������������������������������������������������������������������� 60 131

142 Classless Inter-Domain Routing������������������������������������������������������������������������������������� 65

146 Variable-Length Subnet Masking����������������������������������������������������������������������������������� 69

Virtual Logical Network (VLAN)�������������������������������������������������������������������������������������� 96 168

Multiple Spanning Tree Protocol����������������������������������������������������������������������������������� 113 179

Introduction to Prime Infrastructure����������������������������������������������������������������������������� 211 232

Introduction to Identity Services Engine���������������������������������������������������������������������� 214 234

Introduction to Software-Defined WAN and vManage�������������������������������������������������� 214 235

Introduction to Digital Network Architecture���������������������������������������������������������������� 215 236

Introduction to Application Centric Infrastructure�������������������������������������������������������� 216 237

Vendor-Agnostic Automation Tools������������������������������������������������������������������������������� 217 238

Physical Medium and Ethernet������������������������������������������������������������������������������������� 222 244

Authentication, Authorization, and Accounting (AAA)��������������������������������������������������� 322 293

Certificate-Based Authentication and Authorization��������������������������������������������������������������������������� 334 296

Prime Infrastructure Overview������������������������������������������������������������������������������������� 344 300

Filters and Introduction to Data Plane Security������������������������������������������������������������ 351 310

About the Technical Reviewer��xxvii 60

Open Systems Interconnection (OSI) Model�� 3 65

The OSI Model: Bringing It All Together�� 12 74

81 Three-Way Handshake and Connection Termination�� 18

The Reverse Address Resolution Protocol (RARP)�� 42 118

Link Layer Discovery Protocol (LLDP)�� 44 124

Cisco Discovery Protocol (CDP)�� 48 127

Address Resolution Mapping on IPv6 Networks�� 52 128

IP Addressing (Public vs. Private)�� 60 131

142 Classless Inter-Domain Routing�� 65

146 Variable-Length Subnet Masking�� 69

Virtual Logical Network (VLAN)�� 96 168

Multiple Spanning Tree Protocol�� 113 179

Introduction to Prime Infrastructure�� 211 232

Introduction to Identity Services Engine�� 214 234

Introduction to Software-Defined WAN and vManage�� 214 235

Introduction to Digital Network Architecture�� 215 236

Introduction to Application Centric Infrastructure�� 216 237

Vendor-Agnostic Automation Tools�� 217 238

Physical Medium and Ethernet�� 222 244

Authentication, Authorization, and Accounting (AAA)�� 322 293

Certificate-Based Authentication and Authorization�� 334 296

Prime Infrastructure Overview�� 344 300

Filters and Introduction to Data Plane Security�� 351 310