ENCOR Curriculum - Bosonboson.com/files/support/sample_encor_courseware.pdfiii © 2020 Boson...

Curriculum 350-401

ENCOR

Labs powered by

iii

© 2020 Boson Software, LLC®

Implementing Cisco Enterprise Network Core Technologies (ENCOR)

350-401 Curriculum

LM20201031/BV1.0

iv © 2020 Boson Software, LLC

Copyright © 2020 Boson Software, LLC. All rights reserved. Boson, Boson NetSim, Boson Network Simulator, and Boson Software are trademarks or registered trademarks of Boson Software, LLC. Catalyst, Cisco, and Cisco IOS are trademarks or registered trademarks of Cisco Systems, Inc. Puppet is a trademark or registered trademark of Puppet, Inc. and is used with permission. No endorsement by Puppet, Inc. is implied by the use of these marks. Ansible is a registered trademark of Red Hat, Inc. in the United States and other countries. Chef is a registered trademark of Chef, Inc. Media elements, including images and clip art, are available in the public domain. All other trademarks and/or registered trademarks are the property of their respective owners. The Python Software Foundation is the organization behind Python. Any use of a third-party trademark does not constitute a challenge to said mark. Any use of a product name or company name herein does not imply any sponsorship of, recommendation of, endorsement of, or affiliation with Boson, its licensors, licensees, partners, affiliates, and/or publishers. Please note that the Internet is a volatile environment in which resources are not guaranteed to be always available or to remain in the same place.

2 5 C e n t u r y B l v d . , S t e . 5 0 0 , N a s h v i l l e , T N 3 7 2 14 | B o s o n . c o m

The labs referenced in this book have been printed in the Boson Lab Guide, which is included with the purchase of the curriculum. These labs can be performed with real Cisco hardware or in the Boson NetSim Network Simulator version 11 or later. To learn more about the benefits of using NetSim or to purchase the software, please visit www.boson.com/netsim.

http://www.boson.com/netsim

v© 2020 Boson Software, LLC

ENCOR Curriculum Table of Contents

Module 1: Architecture .................................................................................................................21

Overview .................................................................................................................................................. 22Objectives ................................................................................................................................................ 22Flat Design vs. Hierarchical Design ......................................................................................................... 23Cisco Three-Tier Enterprise Campus Architecture .................................................................................. 24

Access Layer ..................................................................................................................................... 25Distribution Layer .............................................................................................................................. 26Core Layer ......................................................................................................................................... 27

Cisco Two-Tier Enterprise Campus Architecture ..................................................................................... 28Cisco Enterprise Architecture Model ....................................................................................................... 29Understanding FHRPs ............................................................................................................................. 30

HSRP ................................................................................................................................................ 31VRRP ................................................................................................................................................ 32GLBP ................................................................................................................................................. 33

High-Availability Features ........................................................................................................................ 34On-Premises and Cloud Deployments .................................................................................................... 36SD-Access ............................................................................................................................................... 37

Management Layer ............................................................................................................................ 39Controller Layer ................................................................................................................................. 40Network Layer ....................................................................................................................................41

Underlay Network ..................................................................................................................... 42Overlay Network ....................................................................................................................... 43Fabric ........................................................................................................................................ 44

Physical Layer ................................................................................................................................... 50SD-WAN .................................................................................................................................................. 52

Cisco SD-WAN Components ............................................................................................................ 53vManage ................................................................................................................................... 54vEdge and cEdge ..................................................................................................................... 55vBond ........................................................................................................................................ 56vSmart ...................................................................................................................................... 57

Summary ................................................................................................................................................. 58Review Question 1 ................................................................................................................................... 59Review Question 2 ................................................................................................................................... 61Review Question 3 ................................................................................................................................... 63

Module 2: Packet Switching .........................................................................................................67

Overview .................................................................................................................................................. 68Objectives ................................................................................................................................................ 68Layer 2 vs. Multilayer Switches ................................................................................................................ 69Layer 2 Frame Forwarding ....................................................................................................................... 71

The CAM Table .................................................................................................................................. 72Using the CAM Table......................................................................................................................... 73Configuring the CAM Table ................................................................................................................74

Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.

vi © 2020 Boson Software, LLC


The TCAM Table ............................................................................................................................... 76Multilayer Switch Forwarding ................................................................................................................... 77

How Multilayer Switches Process Frames ........................................................................................ 78Packet Switching ...................................................................................................................................... 79

Process Switching ............................................................................................................................. 80Fast Switching ................................................................................................................................... 81CEF Switching ................................................................................................................................... 82

The FIB and Adjacency Tables ................................................................................................. 83Displaying Tables .............................................................................................................................. 84

Displaying the Fast-Switching Cache ....................................................................................... 84Displaying the RIB .................................................................................................................... 84Displaying the FIB ..................................................................................................................... 85Displaying the ARP Table ......................................................................................................... 85Displaying the CEF Adjacency Table ........................................................................................ 85

CEF Load Balancing ......................................................................................................................... 87CEF Load Balancing Algorithms ............................................................................................... 88

QoS .......................................................................................................................................................... 90Normal Traffic Flow ............................................................................................................................ 92Buffers and Memory Pools ................................................................................................................ 93Congested Traffic Flow ...................................................................................................................... 94Traffic Classification and Marking ..................................................................................................... 95

Classification............................................................................................................................. 96Marking ..................................................................................................................................... 98Wireless QoS ............................................................................................................................ 99

Congestion Management ................................................................................................................ 100Queuing Mechanisms ............................................................................................................. 101Scheduling Mechanisms ......................................................................................................... 102

Congestion Avoidance .................................................................................................................... 103Policing and Shaping ....................................................................................................................... 105QoS Policies .................................................................................................................................... 106

Summary ............................................................................................................................................... 108Review Question 1 ................................................................................................................................. 109Review Question 2 ..................................................................................................................................111

Module 3: Virtualization ..............................................................................................................113

Overview .................................................................................................................................................114Objectives ...............................................................................................................................................114Understanding Virtualization ...................................................................................................................115Device Virtualization ...............................................................................................................................116

The Hypervisor .................................................................................................................................117Type 1 Hypervisor ....................................................................................................................118Type 2 Hypervisor ....................................................................................................................119

Network Virtualization ............................................................................................................................ 120


vii© 2020 Boson Software, LLC


vSwitches .........................................................................................................................................121Virtual Network Interfaces vs. Physical Network Interfaces ........................................................... 122NFV ................................................................................................................................................. 123

Data Path Virtualization ......................................................................................................................... 124VLANs ............................................................................................................................................. 125VRFs ................................................................................................................................................ 126

VRF-Lite ................................................................................................................................. 126VPNs ............................................................................................................................................... 128IPSec ............................................................................................................................................... 129

IPSec Encryption Methods ..................................................................................................... 130IPSec Data Integrity Methods ..................................................................................................131IPSec Authentication Methods ............................................................................................... 132

Understanding GRE Tunnels ........................................................................................................... 133Differences Between Secure VPNs and GRE Tunnels .......................................................... 134Configuring GRE Tunnels ....................................................................................................... 135Verifying GRE Tunnels ........................................................................................................... 139Causes of GRE Tunnel Problems ............................................................................................141

DMVPN ............................................................................................................................................142DMVPN Hub-and-Spoke Topology (Phase 1) ........................................................................ 143DMVPN Spoke-to-Spoke Topology (Phase 2 and Phase 3) .................................................. 144

Summary ............................................................................................................................................... 145Review Question 1 ..................................................................................................................................147Review Question 2 ................................................................................................................................. 149

Module 4: Wired Infrastructure ..................................................................................................151

Overview ................................................................................................................................................ 152Objectives .............................................................................................................................................. 152Understanding VLANs ........................................................................................................................... 153

Local VLANs ................................................................................................................................... 155End-to-End VLANs .......................................................................................................................... 156Creating and Configuring VLANs .................................................................................................... 157

Verifying VLANs ..................................................................................................................... 158Configuring Access Ports ................................................................................................................ 159

Verifying VLAN Membership .................................................................................................. 160Understanding Trunk Ports ............................................................................................................. 161

Configuring Trunk Ports .......................................................................................................... 163Verifying Trunk Ports .............................................................................................................. 165

Understanding the Voice VLAN ...................................................................................................... 167Configuring the Voice VLAN ................................................................................................... 169

Understanding and Configuring DTP ...............................................................................................170Understanding and Configuring VTP ...............................................................................................172

VTP Domains...........................................................................................................................173VTP Version .............................................................................................................................174


viii © 2020 Boson Software, LLC


VTP Modes ..............................................................................................................................175VTP Operation .........................................................................................................................176VTP Pruning ............................................................................................................................178Verifying VTP .......................................................................................................................... 179

Common VLAN and Trunk Problems .............................................................................................. 180Understanding EtherChannel .................................................................................................................181

Understanding EtherChannel Protocols .......................................................................................... 182Understanding PAgP and LACP Modes .......................................................................................... 183

The On Mode .......................................................................................................................... 183PAgP Modes ........................................................................................................................... 183LACP Modes........................................................................................................................... 184

Configuring EtherChannel ............................................................................................................... 185Configuring PAgP EtherChannel ............................................................................................ 187Configuring LACP EtherChannel ............................................................................................ 188

Verifying EtherChannel ................................................................................................................... 189Understanding EtherChannel’s Effects on STP ...................................................................... 192

EtherChannel Load Balancing ......................................................................................................... 194How Load Balancing Works .................................................................................................... 195Load Balancing Options on All EtherChannel Switches ......................................................... 196Load Balancing Options on 4500 and 6500 Switches ............................................................ 198

Troubleshooting EtherChannel ........................................................................................................ 199Aggregation Protocol Mismatches .......................................................................................... 199Bundle Configuration Mismatches .......................................................................................... 201

Understanding STP................................................................................................................................ 202Root Bridge Election........................................................................................................................ 203STP BIDs ......................................................................................................................................... 204STP Bridge Priority .......................................................................................................................... 205Verifying the Root Bridge ................................................................................................................ 206Path Costs ....................................................................................................................................... 209Determining Port Roles ................................................................................................................... 210

Root Port ................................................................................................................................ 210Designated Port ...................................................................................................................... 210

STP Port States ................................................................................................................................211STP Timers ......................................................................................................................................212IEEE STP Delay Parameters ............................................................................................................213Understanding RSTP .......................................................................................................................215

Differences Between STP and RSTP ..................................................................................... 216Understanding RSTP Port States ........................................................................................... 218RSTP Alternate and Backup Port Roles ................................................................................. 219

Understanding Cisco Implementations of STP ............................................................................... 220PVST+ ..................................................................................................................................... 221PVST+ BIDs ............................................................................................................................ 222RPVST+ .................................................................................................................................. 223


ix© 2020 Boson Software, LLC


MST ........................................................................................................................................ 224Cisco STP Toolkit ............................................................................................................................ 231

Understanding EIGRP for IPv4 .............................................................................................................. 240EIGRP Route Processing ................................................................................................................ 242Understanding EIGRP Path Selection ............................................................................................ 243Understanding AD and FD .............................................................................................................. 247

Using Variance to Load Balance EIGRP ................................................................................ 249Routing Messages ........................................................................................................................... 250

EIGRP Message Types .......................................................................................................... 251Understanding the EIGRP Router ID .............................................................................................. 252Understanding EIGRP Adjacency ................................................................................................... 253

EIGRP Adjacency Caveats ..................................................................................................... 254Forming an EIGRP Neighbor Relationship ............................................................................. 255

Understanding EIGRP Query Messages ........................................................................................ 260Understanding EIGRP Stub Routers ............................................................................................... 261Configuring EIGRP .......................................................................................................................... 262

Configuring the EIGRP Routing Process ............................................................................... 263Configuring Interface Parameters .......................................................................................... 267Configuring EIGRP Route Summarization ............................................................................. 268

Verifying EIGRP for IPv4 Operation ................................................................................................ 269Examining General EIGRP Protocol Information ................................................................... 270Examining EIGRP Interface Information ................................................................................ 272Examining EIGRP Neighbors ................................................................................................. 273Verifying Installed EIGRP Routes ........................................................................................... 275Examining the EIGRP Topology Table (Successors and FS Only) ........................................ 276Examining the EIGRP Topology Table (Entire Table) ............................................................. 277Verifying and Troubleshooting EIGRP .................................................................................... 278

Securing EIGRP .............................................................................................................................. 279Understanding EIGRP for IPv6 .............................................................................................................. 280

EIGRP for IPv6 Similarities to EIGRP for IPv4 ............................................................................... 281EIGRP for IPv6 Differences From EIGRP for IPv4 ......................................................................... 282Configuring EIGRP for IPv6 ............................................................................................................ 283

Enabling IPv6 Routing ............................................................................................................ 284Configuring an EIGRP for IPv6 Routing Process ................................................................... 285Configuring EIGRP for IPv6 on Each Interface ...................................................................... 286

Verifying EIGRP for IPv6 Operation ................................................................................................ 287Displaying General EIGRP for IPv6 Protocol Parameters ...................................................... 288Displaying EIGRP for IPv6 Interface Parameters................................................................... 289Displaying EIGRP for IPv6 Neighbor Addresses .................................................................... 290Displaying Installed EIGRP for IPv6 Routes .......................................................................... 291Displaying the EIGRP for IPv6 Topology Table ...................................................................... 292

Securing EIGRP for IPv6 ................................................................................................................ 293Named Mode for EIGRP ................................................................................................................. 294


x © 2020 Boson Software, LLC


Named Mode Configuration Modes ........................................................................................ 295Creating a Named Mode Configuration .................................................................................. 296Configuring Interface-Specific Parameters ............................................................................ 298Configuring Named Mode Authentication ............................................................................... 300Configuring Topology-Specific Parameters ............................................................................ 301

Understanding OSPF for IPv4 ............................................................................................................... 302OSPF Route Processing ................................................................................................................. 304OSPF Router Roles ......................................................................................................................... 305OSPF Interface Types ..................................................................................................................... 307Understanding the OSPF Router ID ................................................................................................ 309Understanding OSPF Adjacency......................................................................................................310

Understanding the OSPF Hello Packet ...................................................................................311DR/BDR Election .....................................................................................................................312OSPF Neighbor States ............................................................................................................313OSPF Adjacency Caveats .......................................................................................................315

Understanding the LSDB..................................................................................................................316OSPF Message Types .............................................................................................................317LSA Types ................................................................................................................................318

Basic OSPF Area Types .................................................................................................................. 320Advanced OSPF Area Types .......................................................................................................... 322OSPF Route Summarization ........................................................................................................... 323Configuring OSPF ........................................................................................................................... 324

Configuring the OSPF Routing Process ................................................................................. 325Configuring OSPF Areas ........................................................................................................ 326Configuring OSPF Routing Process Parameters ................................................................... 327Configuring Interface Parameters .......................................................................................... 329Configuring OSPF Route Summarization ............................................................................... 330

Verifying OSPF Operation ............................................................................................................... 331Examining General OSPF Protocol Information ..................................................................... 332Examining Detailed OSPF Protocol Information .................................................................... 333Examining OSPF Interface Information .................................................................................. 334Examining OSPF Costs .......................................................................................................... 335Examining OSPF Neighbors ................................................................................................... 336Verifying Installed OSPF Routes ............................................................................................ 338Examining the LSDB ............................................................................................................... 339

Securing OSPFv2 ............................................................................................................................ 346Understanding OSPF for IPv6 ............................................................................................................... 349

OSPFv3 Similarities to OSPFv2 ...................................................................................................... 350OSPFv3 Differences From OSPFv2 ................................................................................................ 351OSPFv3-Specific LSAs ................................................................................................................... 352Configuring OSPFv3 ....................................................................................................................... 353

Enabling IPv6 Routing ............................................................................................................ 354Configuring an OSPFv3 Routing Process: Traditional Commands ........................................ 355


xi© 2020 Boson Software, LLC


Configuring OSPFv3 on Each Interface: Traditional Commands ........................................... 357Configuring an OSPFv3 Routing Process: New Commands ................................................. 358Configuring OSPFv3 on Each Interface: New Commands ..................................................... 359

Verifying OSPFv3 Operation ........................................................................................................... 360Displaying General OSPFv3 Protocol Parameters ................................................................. 361Displaying Detailed OSPFv3 Protocol Parameters ................................................................ 362Displaying OSPFv3 Neighbor Addresses ............................................................................... 363Displaying Installed OSPFv3 Routes ...................................................................................... 364Displaying the OSPF LSDB .................................................................................................... 365

Securing OSPFv3 ............................................................................................................................ 366Redistribution ......................................................................................................................................... 367

Seed Metrics ................................................................................................................................... 368Assigning Seed Metrics ................................................................................................................... 370Changing the Default Seed Metric ...................................................................................................371Redistribution Examples.................................................................................................................. 372OSPF Type 1 and Type 2 External Routes ..................................................................................... 373

Controlling Route Information and Path Selection ..................................................................................374ACL Review ..................................................................................................................................... 375Distribute Lists ................................................................................................................................. 376Prefix Lists ....................................................................................................................................... 377Route Maps ..................................................................................................................................... 380Route Tags ...................................................................................................................................... 384

Understanding BGP for IPv4 ................................................................................................................. 387ASes ................................................................................................................................................ 388

ASNs ....................................................................................................................................... 389BGP Peering ................................................................................................................................... 390

How BGP Neighbors Peer ...................................................................................................... 390BGP Neighbor Messages ....................................................................................................... 392eBGP Peers vs. iBGP Peers .................................................................................................. 393iBGP Peers ............................................................................................................................. 394eBGP Peers ............................................................................................................................ 395

Path-Vector Algorithm ..................................................................................................................... 396BGP Path Selection ................................................................................................................ 397

Configuring BGP ............................................................................................................................. 399Creating a BGP Routing Process ........................................................................................... 400Specifying Local Networks to Advertise ................................................................................. 401Configuring Peer Information .................................................................................................. 402Configuring Peer Groups ........................................................................................................ 403

Verifying BGP Operation ................................................................................................................. 405Verifying General BGP Information ........................................................................................ 406Verifying BGP Status and Peer Information ........................................................................... 407Verifying BGP Peer Details ..................................................................................................... 408Verifying BGP Routing Information ......................................................................................... 409


xii © 2020 Boson Software, LLC


Verifying BGP Routes ..............................................................................................................411Path Selection and Manipulation ......................................................................................................412

BGP Next Hop .........................................................................................................................413Changing the Default Next-Hop Behavior for an iBGP Peer ...................................................414Modifying the Weight Attribute ................................................................................................415Modifying the Weight Attribute by Using a Route Map ............................................................416Modifying the Local Preference Attribute ................................................................................418Modifying the Local Preference by Using a Route Map ..........................................................419Modifying the AS Path Attribute .............................................................................................. 420Modifying the MED Attribute ................................................................................................... 421Modifying the MED Attribute by Using a Route Map .............................................................. 422

Securing BGP .................................................................................................................................. 423Understanding BGP for IPv6 ................................................................................................................. 424

IPv4 BGP Sessions ......................................................................................................................... 425IPv6 BGP Sessions ......................................................................................................................... 426Verifying BGP for IPv6 .................................................................................................................... 427

Summary ............................................................................................................................................... 428Review Question 1 ................................................................................................................................. 429Review Question 2 ................................................................................................................................. 431Review Question 3 ................................................................................................................................. 433Lab Exercises ........................................................................................................................................ 435

Module 5: Wireless Infrastructure .............................................................................................437

Overview ................................................................................................................................................ 438Objectives .............................................................................................................................................. 438Understanding Wireless Signals ............................................................................................................ 439

RF Signal Characteristics ................................................................................................................ 440Frequency ............................................................................................................................... 441Amplitude ................................................................................................................................ 442

Signal vs. Noise ............................................................................................................................... 443Wireless Bands and Channels ........................................................................................................ 444Modulation Techniques ................................................................................................................... 447Wireless Standards ......................................................................................................................... 448Antenna Characteristics .................................................................................................................. 450

Dipole Antennas ..................................................................................................................... 452Integrated Omnidirectional Antennas ..................................................................................... 453Patch Antennas ....................................................................................................................... 454Yagi Antennas ......................................................................................................................... 455Parabolic Dish Antennas ........................................................................................................ 456

Wireless Service Sets ............................................................................................................................ 457IBSS ................................................................................................................................................ 458BSS ................................................................................................................................................. 459ESS ................................................................................................................................................. 460


xiii© 2020 Boson Software, LLC


Wireless Client Authentication ............................................................................................................... 461Open Authentication and WEP ....................................................................................................... 462WPA................................................................................................................................................. 463WPA2 .............................................................................................................................................. 464WPA3 .............................................................................................................................................. 465802.1X .............................................................................................................................................. 466

Cisco Wireless Topologies ..................................................................................................................... 467Autonomous AP Topology ............................................................................................................... 468Lightweight AP Topology ................................................................................................................. 469

Unified AP Topology ............................................................................................................... 470Embedded AP Topology ..........................................................................................................471Mobility Express AP Topology ................................................................................................ 472

Cisco LAP Modes of Operation ....................................................................................................... 473Associating Clients With an AP ..............................................................................................................474Associating LAPs With a WLC .............................................................................................................. 476

The LAP Startup Sequence ............................................................................................................ 477WLC Discovery Process ................................................................................................................. 478WLC Join Process ........................................................................................................................... 479

Wireless Client Roaming........................................................................................................................ 480Intra-Controller Roaming ................................................................................................................. 481Layer 2 Inter-Controller Roaming .................................................................................................... 482Layer 3 Inter-Controller Roaming .................................................................................................... 483Mobility Groups ............................................................................................................................... 484

Common Wireless Issues ...................................................................................................................... 485Summary ............................................................................................................................................... 486Review Question 1 ................................................................................................................................. 489Review Question 2 ................................................................................................................................. 491Review Question 3 ................................................................................................................................. 493

Module 6: IP Services .................................................................................................................495

Overview ................................................................................................................................................ 496Objectives .............................................................................................................................................. 496Understanding NTP ............................................................................................................................... 497

How NTP Stratum Works ................................................................................................................ 498NTP Modes ..................................................................................................................................... 499The Software Clock ......................................................................................................................... 500The Hardware Clock ........................................................................................................................ 501Configuring an NTP Client............................................................................................................... 502Configuring an NTP Server ............................................................................................................. 503Configuring NTP Peers ................................................................................................................... 504Verifying NTP .................................................................................................................................. 505NTP vs. SNTP ................................................................................................................................. 506Configuring an SNTP Client ............................................................................................................ 507


xiv © 2020 Boson Software, LLC


NTP Security ................................................................................................................................... 508Configuring a Specific Source Interface.......................................................................................... 509Authenticating an NTP Time Source ................................................................................................510Configuring SNTP Clients to Authenticate .......................................................................................511Configuring NTP Restrictions ...........................................................................................................512NTPv4 and IPv6 ...............................................................................................................................513

Understanding NAT/PAT .........................................................................................................................514NAT Methods ....................................................................................................................................514NAT/PAT Address Terminology ........................................................................................................515NAT Translation Methods .................................................................................................................516

Static NAT ................................................................................................................................517Dynamic NAT ...........................................................................................................................518PAT ..........................................................................................................................................519

Configuring Interfaces for NAT/PAT ................................................................................................ 520Configuring Static NAT ........................................................................................................... 521Configuring Dynamic NAT ...................................................................................................... 522Configuring PAT ...................................................................................................................... 524

Understanding FHRPs ........................................................................................................................... 526Understanding HSRP ...................................................................................................................... 527

HSRP Versions ....................................................................................................................... 528HSRP Virtual MAC Addresses .............................................................................................. 530HSRP Hello Packets ............................................................................................................... 531HSRP Hello and Hold Timers ................................................................................................. 532Configuring HSRP and Timers ............................................................................................... 533Configuring Preemption .......................................................................................................... 534Configuring Interface Tracking ............................................................................................... 535Enhanced Object Tracking ..................................................................................................... 536Configuring an IP SLA Object ................................................................................................ 537Configuring HSRP Object Tracking ........................................................................................ 539Understanding HSRP States .................................................................................................. 540Configuring Multigroup HSRP ................................................................................................ 541HSRP Authentication .............................................................................................................. 543Configuring HSRP Authentication .......................................................................................... 544Verifying HSRP ....................................................................................................................... 545

Understanding VRRP ...................................................................................................................... 547Differences from HSRP .......................................................................................................... 548Differences from VRRPv3 ...................................................................................................... 550VRRP Timers .......................................................................................................................... 551Configuring VRRP .................................................................................................................. 552Configuring VRRP Object Tracking ........................................................................................ 553VRRP Authentication .............................................................................................................. 554VRRP Authentication Methods ............................................................................................... 555Configuring VRRP Authentication .......................................................................................... 556


xv© 2020 Boson Software, LLC


Verifying VRRP ....................................................................................................................... 557Understanding GLBP ...................................................................................................................... 559

GLBP Hello Packets ............................................................................................................... 560The AVG ................................................................................................................................. 561Virtual Gateway States ........................................................................................................... 562GLBP Virtual MAC Addresses ................................................................................................ 564The AVF .................................................................................................................................. 565Virtual Forwarder States ......................................................................................................... 566How GLBP Load Balancing Works ......................................................................................... 568GLBP Load Balancing Methods ............................................................................................. 569How GLBP Gateway Failover Works ...................................................................................... 570How GLBP Forwarder Failover Works ................................................................................... 571Configuring GLBP ................................................................................................................... 572Configuring GLBP Timers .......................................................................................................574Configuring GLBP Object Tracking ........................................................................................ 575Configuring GLBP Authentication ........................................................................................... 577Verifying GLBP ....................................................................................................................... 578

Understanding IP Multicast .................................................................................................................... 580IP Multicast Address Structure ........................................................................................................ 581

Well-Known Multicast Addresses ........................................................................................... 582Layer 2 Multicast Addresses ................................................................................................... 583

IP Multicast Protocols ...................................................................................................................... 584IGMP ....................................................................................................................................... 585Multicast Routing Protocols .................................................................................................... 586

Summary ............................................................................................................................................... 590Review Question 1 ................................................................................................................................. 591Review Question 2 ................................................................................................................................. 593Review Question 3 ................................................................................................................................. 595Lab Exercises ........................................................................................................................................ 597

Module 7: Network Assurance ...................................................................................................599

Overview ................................................................................................................................................ 600Objectives .............................................................................................................................................. 600The Systematic Approach ...................................................................................................................... 602Troubleshooting Techniques .................................................................................................................. 604

OSI Techniques ............................................................................................................................... 605The Bottom Up Troubleshooting Technique ........................................................................... 605The Top Down Troubleshooting Technique ............................................................................ 605The Divide and Conquer Troubleshooting Technique ............................................................ 605

Non-OSI Techniques ....................................................................................................................... 607The Follow the Path Troubleshooting Technique ................................................................... 607The Move the Problem Troubleshooting Technique ............................................................... 607The Spot the Difference Troubleshooting Technique ............................................................. 608


xvi © 2020 Boson Software, LLC


Using debug Commands ...................................................................................................................... 609Conditional Debugging .................................................................................................................... 610

Configuring Conditional Debugging by Using the condition Keyword ...................................611Removing Conditional Debugging ...........................................................................................612Configuring Conditional Debugging by Using ACLs ................................................................613

Synchronous Logging .......................................................................................................................614The ping Command .............................................................................................................................. 616The traceroute Command .....................................................................................................................618SNMP..................................................................................................................................................... 620

Configuring SNMP .......................................................................................................................... 621Configuring SNMP Views ................................................................................................................ 623Using SNMP Data ........................................................................................................................... 624

Syslog .................................................................................................................................................... 626Log Severity Levels ......................................................................................................................... 628

NetFlow .................................................................................................................................................. 629Using NetFlow Data ........................................................................................................................ 631Configuring NetFlow ........................................................................................................................ 632Verifying NetFlow ............................................................................................................................ 633Analyzing NetFlow Data .................................................................................................................. 636Flexible NetFlow .............................................................................................................................. 638

Configuring a Custom Flow Record ........................................................................................ 639Configuring a Custom Flow Exporter ..................................................................................... 640Configuring a Custom Flow Monitor ....................................................................................... 641

SPAN ..................................................................................................................................................... 645Local SPAN ..................................................................................................................................... 646VSPAN ............................................................................................................................................ 647RSPAN ............................................................................................................................................ 648

Configuring the Source Switch ............................................................................................... 649Configuring the Destination Switch ........................................................................................ 649Verifying the Configuration ..................................................................................................... 649

ERSPAN .......................................................................................................................................... 650Configuring the ERSPAN Source ........................................................................................... 650Configuring the ERSPAN Destination .................................................................................... 651

IP SLAs .................................................................................................................................................. 652Configuring IP SLA Echo ................................................................................................................ 653IP SLA Responders ......................................................................................................................... 655

Cisco DNA Center Workflows and Network Assurance ........................................................................ 656Network Time Travel........................................................................................................................ 658Client 360 and Device 360 .............................................................................................................. 659NETCONF ....................................................................................................................................... 660RESTCONF ..................................................................................................................................... 661

Summary ............................................................................................................................................... 662Review Question 1 ................................................................................................................................. 664


xvii© 2020 Boson Software, LLC


Review Question 2 ................................................................................................................................. 666Lab Exercises ........................................................................................................................................ 668

Module 8: Security ......................................................................................................................669

Overview ................................................................................................................................................ 670Objectives .............................................................................................................................................. 670Access Control ........................................................................................................................................671

Line Passwords ............................................................................................................................... 672User Names and Passwords ............................................................................................................674Enable Passwords ........................................................................................................................... 675Encrypting Passwords ..................................................................................................................... 677Privilege Levels ............................................................................................................................... 679PPP WAN Authentication ................................................................................................................ 681

Establishing PPP Links ........................................................................................................... 682AAA ................................................................................................................................................. 683

RADIUS vs. TACACS+ ........................................................................................................... 684Configuring AAA ..................................................................................................................... 685Configuring RADIUS .............................................................................................................. 686Configuring TACACS+ ............................................................................................................ 688

Infrastructure Security ........................................................................................................................... 690ACLs ................................................................................................................................................ 691

ACLs and Wildcard Marks ...................................................................................................... 692Configuring Standard ACLs .................................................................................................... 693Configuring Extended ACLs ................................................................................................... 697Configuring Time-Based ACLs ............................................................................................... 701Configuring IPv4 ACLs to Control Remote Access ................................................................ 702Configuring IPv4 ACLs to Control Interface Access ............................................................... 703Configuring IPv6 ACLs to Control Remote Access ................................................................ 705Configuring IPv6 ACLs to Control Interface Access............................................................... 706

CoPP ............................................................................................................................................... 707Traffic Class Configuration...................................................................................................... 708Traffic Policy Configuration ......................................................................................................710Applying a Traffic Policy to a Control Plane Interface ..............................................................711

Securing Data in Motion .........................................................................................................................712Securing Syslog by Using TLS .........................................................................................................714Securing APIs by Using TLS ............................................................................................................715

Wireless Security ....................................................................................................................................716WPA..................................................................................................................................................717WPA2 ...............................................................................................................................................718WPA3 ...............................................................................................................................................719Configuring Cisco WLAN Layer 2 Security ..................................................................................... 720

Using PSKs at Layer 2 ............................................................................................................ 720Using Open Authentication at Layer 2 .................................................................................... 721


xviii © 2020 Boson Software, LLC


Configuring Cisco WLAN Layer 3 Security ..................................................................................... 722Using WebAuth at Layer 3 ...................................................................................................... 722

NAC ....................................................................................................................................................... 724EAP ................................................................................................................................................. 725802.1X .............................................................................................................................................. 727MAB ................................................................................................................................................. 729Enhanced FlexAuth ......................................................................................................................... 730Cisco IBNS ...................................................................................................................................... 731TrustSec .......................................................................................................................................... 732MACsec ........................................................................................................................................... 734

Endpoint Security ................................................................................................................................... 735Cisco AMP ....................................................................................................................................... 736Cisco Umbrella ................................................................................................................................ 737NGFW ............................................................................................................................................. 738

FTD Physical Interface Modes ............................................................................................... 738FTD Device Modes ................................................................................................................. 739

Firepower NGIPS .............................................................................................................................740Cisco ESA ........................................................................................................................................741Cisco WSA .......................................................................................................................................742Cisco Stealthwatch .......................................................................................................................... 744

Cisco Stealthwatch Cloud ....................................................................................................... 744Cisco Stealthwatch Enterprise ................................................................................................ 744

Cisco ISE ..........................................................................................................................................746Network Security Design With Cisco SAFE ...........................................................................................747Summary ................................................................................................................................................749Review Question 1 ................................................................................................................................. 750Review Question 2 ................................................................................................................................. 753Lab Exercises ........................................................................................................................................ 756

Module 9: Automation .................................................................................................................757

Overview ................................................................................................................................................ 758Objectives .............................................................................................................................................. 758Python Scripting .................................................................................................................................... 760

Python Variables and Output .......................................................................................................... 761Python String Formatting ................................................................................................................ 763Python Operators ............................................................................................................................ 764

Arithmetic Operators ............................................................................................................... 765Assignment Operators ............................................................................................................ 766Comparison Operators ........................................................................................................... 767Logical Operators ................................................................................................................... 768

Python Primitive Loops ................................................................................................................... 769Python Conditionals ........................................................................................................................ 770

Python if Blocks.................................................................................................................... 770


xix© 2020 Boson Software, LLC


Python try-except Blocks .................................................................................................. 771Python and JSON ........................................................................................................................... 772

EEM ........................................................................................................................................................774EEM Applets .................................................................................................................................... 775EEM Variables and Built-In Environment Variables ........................................................................ 776Creating an EEM Applet .................................................................................................................. 777Event Configuration Commands ..................................................................................................... 778

Triggering Events Manually .................................................................................................... 779Synchronous and Asynchronous Processing.................................................................................. 780Action Configuration Commands .................................................................................................... 781Setting the _exit_status Variable ......

ENCOR Curriculum - Bosonboson.com/files/support/sample_encor_courseware.pdfiii © 2020 Boson...

Documents

Transcript of ENCOR Curriculum - Bosonboson.com/files/support/sample_encor_courseware.pdfiii © 2020 Boson...