ENCOR Curriculum - Bosonboson.com/files/support/sample_encor_courseware.pdfiii © 2020 Boson...
Transcript of ENCOR Curriculum - Bosonboson.com/files/support/sample_encor_courseware.pdfiii © 2020 Boson...
-
Curriculum 350-401
ENCOR
Labs powered by
-
iii
© 2020 Boson Software, LLC®
Implementing Cisco Enterprise Network Core Technologies (ENCOR)
350-401 Curriculum
LM20201031/BV1.0
-
iv © 2020 Boson Software, LLC
Copyright © 2020 Boson Software, LLC. All rights reserved. Boson, Boson NetSim, Boson Network Simulator, and Boson Software are trademarks or registered trademarks of Boson Software, LLC. Catalyst, Cisco, and Cisco IOS are trademarks or registered trademarks of Cisco Systems, Inc. Puppet is a trademark or registered trademark of Puppet, Inc. and is used with permission. No endorsement by Puppet, Inc. is implied by the use of these marks. Ansible is a registered trademark of Red Hat, Inc. in the United States and other countries. Chef is a registered trademark of Chef, Inc. Media elements, including images and clip art, are available in the public domain. All other trademarks and/or registered trademarks are the property of their respective owners. The Python Software Foundation is the organization behind Python. Any use of a third-party trademark does not constitute a challenge to said mark. Any use of a product name or company name herein does not imply any sponsorship of, recommendation of, endorsement of, or affiliation with Boson, its licensors, licensees, partners, affiliates, and/or publishers. Please note that the Internet is a volatile environment in which resources are not guaranteed to be always available or to remain in the same place.
2 5 C e n t u r y B l v d . , S t e . 5 0 0 , N a s h v i l l e , T N 3 7 2 14 | B o s o n . c o m
The labs referenced in this book have been printed in the Boson Lab Guide, which is included with the purchase of the curriculum. These labs can be performed with real Cisco hardware or in the Boson NetSim Network Simulator version 11 or later. To learn more about the benefits of using NetSim or to purchase the software, please visit www.boson.com/netsim.
http://www.boson.com/netsim
-
v© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Module 1: Architecture .................................................................................................................21
Overview .................................................................................................................................................. 22Objectives ................................................................................................................................................ 22Flat Design vs. Hierarchical Design ......................................................................................................... 23Cisco Three-Tier Enterprise Campus Architecture .................................................................................. 24
Access Layer ..................................................................................................................................... 25Distribution Layer .............................................................................................................................. 26Core Layer ......................................................................................................................................... 27
Cisco Two-Tier Enterprise Campus Architecture ..................................................................................... 28Cisco Enterprise Architecture Model ....................................................................................................... 29Understanding FHRPs ............................................................................................................................. 30
HSRP ................................................................................................................................................ 31VRRP ................................................................................................................................................ 32GLBP ................................................................................................................................................. 33
High-Availability Features ........................................................................................................................ 34On-Premises and Cloud Deployments .................................................................................................... 36SD-Access ............................................................................................................................................... 37
Management Layer ............................................................................................................................ 39Controller Layer ................................................................................................................................. 40Network Layer ....................................................................................................................................41
Underlay Network ..................................................................................................................... 42Overlay Network ....................................................................................................................... 43Fabric ........................................................................................................................................ 44
Physical Layer ................................................................................................................................... 50SD-WAN .................................................................................................................................................. 52
Cisco SD-WAN Components ............................................................................................................ 53vManage ................................................................................................................................... 54vEdge and cEdge ..................................................................................................................... 55vBond ........................................................................................................................................ 56vSmart ...................................................................................................................................... 57
Summary ................................................................................................................................................. 58Review Question 1 ................................................................................................................................... 59Review Question 2 ................................................................................................................................... 61Review Question 3 ................................................................................................................................... 63
Module 2: Packet Switching .........................................................................................................67
Overview .................................................................................................................................................. 68Objectives ................................................................................................................................................ 68Layer 2 vs. Multilayer Switches ................................................................................................................ 69Layer 2 Frame Forwarding ....................................................................................................................... 71
The CAM Table .................................................................................................................................. 72Using the CAM Table......................................................................................................................... 73Configuring the CAM Table ................................................................................................................74
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
vi © 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
The TCAM Table ............................................................................................................................... 76Multilayer Switch Forwarding ................................................................................................................... 77
How Multilayer Switches Process Frames ........................................................................................ 78Packet Switching ...................................................................................................................................... 79
Process Switching ............................................................................................................................. 80Fast Switching ................................................................................................................................... 81CEF Switching ................................................................................................................................... 82
The FIB and Adjacency Tables ................................................................................................. 83Displaying Tables .............................................................................................................................. 84
Displaying the Fast-Switching Cache ....................................................................................... 84Displaying the RIB .................................................................................................................... 84Displaying the FIB ..................................................................................................................... 85Displaying the ARP Table ......................................................................................................... 85Displaying the CEF Adjacency Table ........................................................................................ 85
CEF Load Balancing ......................................................................................................................... 87CEF Load Balancing Algorithms ............................................................................................... 88
QoS .......................................................................................................................................................... 90Normal Traffic Flow ............................................................................................................................ 92Buffers and Memory Pools ................................................................................................................ 93Congested Traffic Flow ...................................................................................................................... 94Traffic Classification and Marking ..................................................................................................... 95
Classification............................................................................................................................. 96Marking ..................................................................................................................................... 98Wireless QoS ............................................................................................................................ 99
Congestion Management ................................................................................................................ 100Queuing Mechanisms ............................................................................................................. 101Scheduling Mechanisms ......................................................................................................... 102
Congestion Avoidance .................................................................................................................... 103Policing and Shaping ....................................................................................................................... 105QoS Policies .................................................................................................................................... 106
Summary ............................................................................................................................................... 108Review Question 1 ................................................................................................................................. 109Review Question 2 ..................................................................................................................................111
Module 3: Virtualization ..............................................................................................................113
Overview .................................................................................................................................................114Objectives ...............................................................................................................................................114Understanding Virtualization ...................................................................................................................115Device Virtualization ...............................................................................................................................116
The Hypervisor .................................................................................................................................117Type 1 Hypervisor ....................................................................................................................118Type 2 Hypervisor ....................................................................................................................119
Network Virtualization ............................................................................................................................ 120
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
vii© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
vSwitches .........................................................................................................................................121Virtual Network Interfaces vs. Physical Network Interfaces ........................................................... 122NFV ................................................................................................................................................. 123
Data Path Virtualization ......................................................................................................................... 124VLANs ............................................................................................................................................. 125VRFs ................................................................................................................................................ 126
VRF-Lite ................................................................................................................................. 126VPNs ............................................................................................................................................... 128IPSec ............................................................................................................................................... 129
IPSec Encryption Methods ..................................................................................................... 130IPSec Data Integrity Methods ..................................................................................................131IPSec Authentication Methods ............................................................................................... 132
Understanding GRE Tunnels ........................................................................................................... 133Differences Between Secure VPNs and GRE Tunnels .......................................................... 134Configuring GRE Tunnels ....................................................................................................... 135Verifying GRE Tunnels ........................................................................................................... 139Causes of GRE Tunnel Problems ............................................................................................141
DMVPN ............................................................................................................................................142DMVPN Hub-and-Spoke Topology (Phase 1) ........................................................................ 143DMVPN Spoke-to-Spoke Topology (Phase 2 and Phase 3) .................................................. 144
Summary ............................................................................................................................................... 145Review Question 1 ..................................................................................................................................147Review Question 2 ................................................................................................................................. 149
Module 4: Wired Infrastructure ..................................................................................................151
Overview ................................................................................................................................................ 152Objectives .............................................................................................................................................. 152Understanding VLANs ........................................................................................................................... 153
Local VLANs ................................................................................................................................... 155End-to-End VLANs .......................................................................................................................... 156Creating and Configuring VLANs .................................................................................................... 157
Verifying VLANs ..................................................................................................................... 158Configuring Access Ports ................................................................................................................ 159
Verifying VLAN Membership .................................................................................................. 160Understanding Trunk Ports ............................................................................................................. 161
Configuring Trunk Ports .......................................................................................................... 163Verifying Trunk Ports .............................................................................................................. 165
Understanding the Voice VLAN ...................................................................................................... 167Configuring the Voice VLAN ................................................................................................... 169
Understanding and Configuring DTP ...............................................................................................170Understanding and Configuring VTP ...............................................................................................172
VTP Domains...........................................................................................................................173VTP Version .............................................................................................................................174
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
viii © 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
VTP Modes ..............................................................................................................................175VTP Operation .........................................................................................................................176VTP Pruning ............................................................................................................................178Verifying VTP .......................................................................................................................... 179
Common VLAN and Trunk Problems .............................................................................................. 180Understanding EtherChannel .................................................................................................................181
Understanding EtherChannel Protocols .......................................................................................... 182Understanding PAgP and LACP Modes .......................................................................................... 183
The On Mode .......................................................................................................................... 183PAgP Modes ........................................................................................................................... 183LACP Modes........................................................................................................................... 184
Configuring EtherChannel ............................................................................................................... 185Configuring PAgP EtherChannel ............................................................................................ 187Configuring LACP EtherChannel ............................................................................................ 188
Verifying EtherChannel ................................................................................................................... 189Understanding EtherChannel’s Effects on STP ...................................................................... 192
EtherChannel Load Balancing ......................................................................................................... 194How Load Balancing Works .................................................................................................... 195Load Balancing Options on All EtherChannel Switches ......................................................... 196Load Balancing Options on 4500 and 6500 Switches ............................................................ 198
Troubleshooting EtherChannel ........................................................................................................ 199Aggregation Protocol Mismatches .......................................................................................... 199Bundle Configuration Mismatches .......................................................................................... 201
Understanding STP................................................................................................................................ 202Root Bridge Election........................................................................................................................ 203STP BIDs ......................................................................................................................................... 204STP Bridge Priority .......................................................................................................................... 205Verifying the Root Bridge ................................................................................................................ 206Path Costs ....................................................................................................................................... 209Determining Port Roles ................................................................................................................... 210
Root Port ................................................................................................................................ 210Designated Port ...................................................................................................................... 210
STP Port States ................................................................................................................................211STP Timers ......................................................................................................................................212IEEE STP Delay Parameters ............................................................................................................213Understanding RSTP .......................................................................................................................215
Differences Between STP and RSTP ..................................................................................... 216Understanding RSTP Port States ........................................................................................... 218RSTP Alternate and Backup Port Roles ................................................................................. 219
Understanding Cisco Implementations of STP ............................................................................... 220PVST+ ..................................................................................................................................... 221PVST+ BIDs ............................................................................................................................ 222RPVST+ .................................................................................................................................. 223
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
ix© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
MST ........................................................................................................................................ 224Cisco STP Toolkit ............................................................................................................................ 231
Understanding EIGRP for IPv4 .............................................................................................................. 240EIGRP Route Processing ................................................................................................................ 242Understanding EIGRP Path Selection ............................................................................................ 243Understanding AD and FD .............................................................................................................. 247
Using Variance to Load Balance EIGRP ................................................................................ 249Routing Messages ........................................................................................................................... 250
EIGRP Message Types .......................................................................................................... 251Understanding the EIGRP Router ID .............................................................................................. 252Understanding EIGRP Adjacency ................................................................................................... 253
EIGRP Adjacency Caveats ..................................................................................................... 254Forming an EIGRP Neighbor Relationship ............................................................................. 255
Understanding EIGRP Query Messages ........................................................................................ 260Understanding EIGRP Stub Routers ............................................................................................... 261Configuring EIGRP .......................................................................................................................... 262
Configuring the EIGRP Routing Process ............................................................................... 263Configuring Interface Parameters .......................................................................................... 267Configuring EIGRP Route Summarization ............................................................................. 268
Verifying EIGRP for IPv4 Operation ................................................................................................ 269Examining General EIGRP Protocol Information ................................................................... 270Examining EIGRP Interface Information ................................................................................ 272Examining EIGRP Neighbors ................................................................................................. 273Verifying Installed EIGRP Routes ........................................................................................... 275Examining the EIGRP Topology Table (Successors and FS Only) ........................................ 276Examining the EIGRP Topology Table (Entire Table) ............................................................. 277Verifying and Troubleshooting EIGRP .................................................................................... 278
Securing EIGRP .............................................................................................................................. 279Understanding EIGRP for IPv6 .............................................................................................................. 280
EIGRP for IPv6 Similarities to EIGRP for IPv4 ............................................................................... 281EIGRP for IPv6 Differences From EIGRP for IPv4 ......................................................................... 282Configuring EIGRP for IPv6 ............................................................................................................ 283
Enabling IPv6 Routing ............................................................................................................ 284Configuring an EIGRP for IPv6 Routing Process ................................................................... 285Configuring EIGRP for IPv6 on Each Interface ...................................................................... 286
Verifying EIGRP for IPv6 Operation ................................................................................................ 287Displaying General EIGRP for IPv6 Protocol Parameters ...................................................... 288Displaying EIGRP for IPv6 Interface Parameters................................................................... 289Displaying EIGRP for IPv6 Neighbor Addresses .................................................................... 290Displaying Installed EIGRP for IPv6 Routes .......................................................................... 291Displaying the EIGRP for IPv6 Topology Table ...................................................................... 292
Securing EIGRP for IPv6 ................................................................................................................ 293Named Mode for EIGRP ................................................................................................................. 294
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
x © 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Named Mode Configuration Modes ........................................................................................ 295Creating a Named Mode Configuration .................................................................................. 296Configuring Interface-Specific Parameters ............................................................................ 298Configuring Named Mode Authentication ............................................................................... 300Configuring Topology-Specific Parameters ............................................................................ 301
Understanding OSPF for IPv4 ............................................................................................................... 302OSPF Route Processing ................................................................................................................. 304OSPF Router Roles ......................................................................................................................... 305OSPF Interface Types ..................................................................................................................... 307Understanding the OSPF Router ID ................................................................................................ 309Understanding OSPF Adjacency......................................................................................................310
Understanding the OSPF Hello Packet ...................................................................................311DR/BDR Election .....................................................................................................................312OSPF Neighbor States ............................................................................................................313OSPF Adjacency Caveats .......................................................................................................315
Understanding the LSDB..................................................................................................................316OSPF Message Types .............................................................................................................317LSA Types ................................................................................................................................318
Basic OSPF Area Types .................................................................................................................. 320Advanced OSPF Area Types .......................................................................................................... 322OSPF Route Summarization ........................................................................................................... 323Configuring OSPF ........................................................................................................................... 324
Configuring the OSPF Routing Process ................................................................................. 325Configuring OSPF Areas ........................................................................................................ 326Configuring OSPF Routing Process Parameters ................................................................... 327Configuring Interface Parameters .......................................................................................... 329Configuring OSPF Route Summarization ............................................................................... 330
Verifying OSPF Operation ............................................................................................................... 331Examining General OSPF Protocol Information ..................................................................... 332Examining Detailed OSPF Protocol Information .................................................................... 333Examining OSPF Interface Information .................................................................................. 334Examining OSPF Costs .......................................................................................................... 335Examining OSPF Neighbors ................................................................................................... 336Verifying Installed OSPF Routes ............................................................................................ 338Examining the LSDB ............................................................................................................... 339
Securing OSPFv2 ............................................................................................................................ 346Understanding OSPF for IPv6 ............................................................................................................... 349
OSPFv3 Similarities to OSPFv2 ...................................................................................................... 350OSPFv3 Differences From OSPFv2 ................................................................................................ 351OSPFv3-Specific LSAs ................................................................................................................... 352Configuring OSPFv3 ....................................................................................................................... 353
Enabling IPv6 Routing ............................................................................................................ 354Configuring an OSPFv3 Routing Process: Traditional Commands ........................................ 355
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xi© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Configuring OSPFv3 on Each Interface: Traditional Commands ........................................... 357Configuring an OSPFv3 Routing Process: New Commands ................................................. 358Configuring OSPFv3 on Each Interface: New Commands ..................................................... 359
Verifying OSPFv3 Operation ........................................................................................................... 360Displaying General OSPFv3 Protocol Parameters ................................................................. 361Displaying Detailed OSPFv3 Protocol Parameters ................................................................ 362Displaying OSPFv3 Neighbor Addresses ............................................................................... 363Displaying Installed OSPFv3 Routes ...................................................................................... 364Displaying the OSPF LSDB .................................................................................................... 365
Securing OSPFv3 ............................................................................................................................ 366Redistribution ......................................................................................................................................... 367
Seed Metrics ................................................................................................................................... 368Assigning Seed Metrics ................................................................................................................... 370Changing the Default Seed Metric ...................................................................................................371Redistribution Examples.................................................................................................................. 372OSPF Type 1 and Type 2 External Routes ..................................................................................... 373
Controlling Route Information and Path Selection ..................................................................................374ACL Review ..................................................................................................................................... 375Distribute Lists ................................................................................................................................. 376Prefix Lists ....................................................................................................................................... 377Route Maps ..................................................................................................................................... 380Route Tags ...................................................................................................................................... 384
Understanding BGP for IPv4 ................................................................................................................. 387ASes ................................................................................................................................................ 388
ASNs ....................................................................................................................................... 389BGP Peering ................................................................................................................................... 390
How BGP Neighbors Peer ...................................................................................................... 390BGP Neighbor Messages ....................................................................................................... 392eBGP Peers vs. iBGP Peers .................................................................................................. 393iBGP Peers ............................................................................................................................. 394eBGP Peers ............................................................................................................................ 395
Path-Vector Algorithm ..................................................................................................................... 396BGP Path Selection ................................................................................................................ 397
Configuring BGP ............................................................................................................................. 399Creating a BGP Routing Process ........................................................................................... 400Specifying Local Networks to Advertise ................................................................................. 401Configuring Peer Information .................................................................................................. 402Configuring Peer Groups ........................................................................................................ 403
Verifying BGP Operation ................................................................................................................. 405Verifying General BGP Information ........................................................................................ 406Verifying BGP Status and Peer Information ........................................................................... 407Verifying BGP Peer Details ..................................................................................................... 408Verifying BGP Routing Information ......................................................................................... 409
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xii © 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Verifying BGP Routes ..............................................................................................................411Path Selection and Manipulation ......................................................................................................412
BGP Next Hop .........................................................................................................................413Changing the Default Next-Hop Behavior for an iBGP Peer ...................................................414Modifying the Weight Attribute ................................................................................................415Modifying the Weight Attribute by Using a Route Map ............................................................416Modifying the Local Preference Attribute ................................................................................418Modifying the Local Preference by Using a Route Map ..........................................................419Modifying the AS Path Attribute .............................................................................................. 420Modifying the MED Attribute ................................................................................................... 421Modifying the MED Attribute by Using a Route Map .............................................................. 422
Securing BGP .................................................................................................................................. 423Understanding BGP for IPv6 ................................................................................................................. 424
IPv4 BGP Sessions ......................................................................................................................... 425IPv6 BGP Sessions ......................................................................................................................... 426Verifying BGP for IPv6 .................................................................................................................... 427
Summary ............................................................................................................................................... 428Review Question 1 ................................................................................................................................. 429Review Question 2 ................................................................................................................................. 431Review Question 3 ................................................................................................................................. 433Lab Exercises ........................................................................................................................................ 435
Module 5: Wireless Infrastructure .............................................................................................437
Overview ................................................................................................................................................ 438Objectives .............................................................................................................................................. 438Understanding Wireless Signals ............................................................................................................ 439
RF Signal Characteristics ................................................................................................................ 440Frequency ............................................................................................................................... 441Amplitude ................................................................................................................................ 442
Signal vs. Noise ............................................................................................................................... 443Wireless Bands and Channels ........................................................................................................ 444Modulation Techniques ................................................................................................................... 447Wireless Standards ......................................................................................................................... 448Antenna Characteristics .................................................................................................................. 450
Dipole Antennas ..................................................................................................................... 452Integrated Omnidirectional Antennas ..................................................................................... 453Patch Antennas ....................................................................................................................... 454Yagi Antennas ......................................................................................................................... 455Parabolic Dish Antennas ........................................................................................................ 456
Wireless Service Sets ............................................................................................................................ 457IBSS ................................................................................................................................................ 458BSS ................................................................................................................................................. 459ESS ................................................................................................................................................. 460
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xiii© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Wireless Client Authentication ............................................................................................................... 461Open Authentication and WEP ....................................................................................................... 462WPA................................................................................................................................................. 463WPA2 .............................................................................................................................................. 464WPA3 .............................................................................................................................................. 465802.1X .............................................................................................................................................. 466
Cisco Wireless Topologies ..................................................................................................................... 467Autonomous AP Topology ............................................................................................................... 468Lightweight AP Topology ................................................................................................................. 469
Unified AP Topology ............................................................................................................... 470Embedded AP Topology ..........................................................................................................471Mobility Express AP Topology ................................................................................................ 472
Cisco LAP Modes of Operation ....................................................................................................... 473Associating Clients With an AP ..............................................................................................................474Associating LAPs With a WLC .............................................................................................................. 476
The LAP Startup Sequence ............................................................................................................ 477WLC Discovery Process ................................................................................................................. 478WLC Join Process ........................................................................................................................... 479
Wireless Client Roaming........................................................................................................................ 480Intra-Controller Roaming ................................................................................................................. 481Layer 2 Inter-Controller Roaming .................................................................................................... 482Layer 3 Inter-Controller Roaming .................................................................................................... 483Mobility Groups ............................................................................................................................... 484
Common Wireless Issues ...................................................................................................................... 485Summary ............................................................................................................................................... 486Review Question 1 ................................................................................................................................. 489Review Question 2 ................................................................................................................................. 491Review Question 3 ................................................................................................................................. 493
Module 6: IP Services .................................................................................................................495
Overview ................................................................................................................................................ 496Objectives .............................................................................................................................................. 496Understanding NTP ............................................................................................................................... 497
How NTP Stratum Works ................................................................................................................ 498NTP Modes ..................................................................................................................................... 499The Software Clock ......................................................................................................................... 500The Hardware Clock ........................................................................................................................ 501Configuring an NTP Client............................................................................................................... 502Configuring an NTP Server ............................................................................................................. 503Configuring NTP Peers ................................................................................................................... 504Verifying NTP .................................................................................................................................. 505NTP vs. SNTP ................................................................................................................................. 506Configuring an SNTP Client ............................................................................................................ 507
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xiv © 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
NTP Security ................................................................................................................................... 508Configuring a Specific Source Interface.......................................................................................... 509Authenticating an NTP Time Source ................................................................................................510Configuring SNTP Clients to Authenticate .......................................................................................511Configuring NTP Restrictions ...........................................................................................................512NTPv4 and IPv6 ...............................................................................................................................513
Understanding NAT/PAT .........................................................................................................................514NAT Methods ....................................................................................................................................514NAT/PAT Address Terminology ........................................................................................................515NAT Translation Methods .................................................................................................................516
Static NAT ................................................................................................................................517Dynamic NAT ...........................................................................................................................518PAT ..........................................................................................................................................519
Configuring Interfaces for NAT/PAT ................................................................................................ 520Configuring Static NAT ........................................................................................................... 521Configuring Dynamic NAT ...................................................................................................... 522Configuring PAT ...................................................................................................................... 524
Understanding FHRPs ........................................................................................................................... 526Understanding HSRP ...................................................................................................................... 527
HSRP Versions ....................................................................................................................... 528HSRP Virtual MAC Addresses .............................................................................................. 530HSRP Hello Packets ............................................................................................................... 531HSRP Hello and Hold Timers ................................................................................................. 532Configuring HSRP and Timers ............................................................................................... 533Configuring Preemption .......................................................................................................... 534Configuring Interface Tracking ............................................................................................... 535Enhanced Object Tracking ..................................................................................................... 536Configuring an IP SLA Object ................................................................................................ 537Configuring HSRP Object Tracking ........................................................................................ 539Understanding HSRP States .................................................................................................. 540Configuring Multigroup HSRP ................................................................................................ 541HSRP Authentication .............................................................................................................. 543Configuring HSRP Authentication .......................................................................................... 544Verifying HSRP ....................................................................................................................... 545
Understanding VRRP ...................................................................................................................... 547Differences from HSRP .......................................................................................................... 548Differences from VRRPv3 ...................................................................................................... 550VRRP Timers .......................................................................................................................... 551Configuring VRRP .................................................................................................................. 552Configuring VRRP Object Tracking ........................................................................................ 553VRRP Authentication .............................................................................................................. 554VRRP Authentication Methods ............................................................................................... 555Configuring VRRP Authentication .......................................................................................... 556
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xv© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Verifying VRRP ....................................................................................................................... 557Understanding GLBP ...................................................................................................................... 559
GLBP Hello Packets ............................................................................................................... 560The AVG ................................................................................................................................. 561Virtual Gateway States ........................................................................................................... 562GLBP Virtual MAC Addresses ................................................................................................ 564The AVF .................................................................................................................................. 565Virtual Forwarder States ......................................................................................................... 566How GLBP Load Balancing Works ......................................................................................... 568GLBP Load Balancing Methods ............................................................................................. 569How GLBP Gateway Failover Works ...................................................................................... 570How GLBP Forwarder Failover Works ................................................................................... 571Configuring GLBP ................................................................................................................... 572Configuring GLBP Timers .......................................................................................................574Configuring GLBP Object Tracking ........................................................................................ 575Configuring GLBP Authentication ........................................................................................... 577Verifying GLBP ....................................................................................................................... 578
Understanding IP Multicast .................................................................................................................... 580IP Multicast Address Structure ........................................................................................................ 581
Well-Known Multicast Addresses ........................................................................................... 582Layer 2 Multicast Addresses ................................................................................................... 583
IP Multicast Protocols ...................................................................................................................... 584IGMP ....................................................................................................................................... 585Multicast Routing Protocols .................................................................................................... 586
Summary ............................................................................................................................................... 590Review Question 1 ................................................................................................................................. 591Review Question 2 ................................................................................................................................. 593Review Question 3 ................................................................................................................................. 595Lab Exercises ........................................................................................................................................ 597
Module 7: Network Assurance ...................................................................................................599
Overview ................................................................................................................................................ 600Objectives .............................................................................................................................................. 600The Systematic Approach ...................................................................................................................... 602Troubleshooting Techniques .................................................................................................................. 604
OSI Techniques ............................................................................................................................... 605The Bottom Up Troubleshooting Technique ........................................................................... 605The Top Down Troubleshooting Technique ............................................................................ 605The Divide and Conquer Troubleshooting Technique ............................................................ 605
Non-OSI Techniques ....................................................................................................................... 607The Follow the Path Troubleshooting Technique ................................................................... 607The Move the Problem Troubleshooting Technique ............................................................... 607The Spot the Difference Troubleshooting Technique ............................................................. 608
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xvi © 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Using debug Commands ...................................................................................................................... 609Conditional Debugging .................................................................................................................... 610
Configuring Conditional Debugging by Using the condition Keyword ...................................611Removing Conditional Debugging ...........................................................................................612Configuring Conditional Debugging by Using ACLs ................................................................613
Synchronous Logging .......................................................................................................................614The ping Command .............................................................................................................................. 616The traceroute Command .....................................................................................................................618SNMP..................................................................................................................................................... 620
Configuring SNMP .......................................................................................................................... 621Configuring SNMP Views ................................................................................................................ 623Using SNMP Data ........................................................................................................................... 624
Syslog .................................................................................................................................................... 626Log Severity Levels ......................................................................................................................... 628
NetFlow .................................................................................................................................................. 629Using NetFlow Data ........................................................................................................................ 631Configuring NetFlow ........................................................................................................................ 632Verifying NetFlow ............................................................................................................................ 633Analyzing NetFlow Data .................................................................................................................. 636Flexible NetFlow .............................................................................................................................. 638
Configuring a Custom Flow Record ........................................................................................ 639Configuring a Custom Flow Exporter ..................................................................................... 640Configuring a Custom Flow Monitor ....................................................................................... 641
SPAN ..................................................................................................................................................... 645Local SPAN ..................................................................................................................................... 646VSPAN ............................................................................................................................................ 647RSPAN ............................................................................................................................................ 648
Configuring the Source Switch ............................................................................................... 649Configuring the Destination Switch ........................................................................................ 649Verifying the Configuration ..................................................................................................... 649
ERSPAN .......................................................................................................................................... 650Configuring the ERSPAN Source ........................................................................................... 650Configuring the ERSPAN Destination .................................................................................... 651
IP SLAs .................................................................................................................................................. 652Configuring IP SLA Echo ................................................................................................................ 653IP SLA Responders ......................................................................................................................... 655
Cisco DNA Center Workflows and Network Assurance ........................................................................ 656Network Time Travel........................................................................................................................ 658Client 360 and Device 360 .............................................................................................................. 659NETCONF ....................................................................................................................................... 660RESTCONF ..................................................................................................................................... 661
Summary ............................................................................................................................................... 662Review Question 1 ................................................................................................................................. 664
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xvii© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Review Question 2 ................................................................................................................................. 666Lab Exercises ........................................................................................................................................ 668
Module 8: Security ......................................................................................................................669
Overview ................................................................................................................................................ 670Objectives .............................................................................................................................................. 670Access Control ........................................................................................................................................671
Line Passwords ............................................................................................................................... 672User Names and Passwords ............................................................................................................674Enable Passwords ........................................................................................................................... 675Encrypting Passwords ..................................................................................................................... 677Privilege Levels ............................................................................................................................... 679PPP WAN Authentication ................................................................................................................ 681
Establishing PPP Links ........................................................................................................... 682AAA ................................................................................................................................................. 683
RADIUS vs. TACACS+ ........................................................................................................... 684Configuring AAA ..................................................................................................................... 685Configuring RADIUS .............................................................................................................. 686Configuring TACACS+ ............................................................................................................ 688
Infrastructure Security ........................................................................................................................... 690ACLs ................................................................................................................................................ 691
ACLs and Wildcard Marks ...................................................................................................... 692Configuring Standard ACLs .................................................................................................... 693Configuring Extended ACLs ................................................................................................... 697Configuring Time-Based ACLs ............................................................................................... 701Configuring IPv4 ACLs to Control Remote Access ................................................................ 702Configuring IPv4 ACLs to Control Interface Access ............................................................... 703Configuring IPv6 ACLs to Control Remote Access ................................................................ 705Configuring IPv6 ACLs to Control Interface Access............................................................... 706
CoPP ............................................................................................................................................... 707Traffic Class Configuration...................................................................................................... 708Traffic Policy Configuration ......................................................................................................710Applying a Traffic Policy to a Control Plane Interface ..............................................................711
Securing Data in Motion .........................................................................................................................712Securing Syslog by Using TLS .........................................................................................................714Securing APIs by Using TLS ............................................................................................................715
Wireless Security ....................................................................................................................................716WPA..................................................................................................................................................717WPA2 ...............................................................................................................................................718WPA3 ...............................................................................................................................................719Configuring Cisco WLAN Layer 2 Security ..................................................................................... 720
Using PSKs at Layer 2 ............................................................................................................ 720Using Open Authentication at Layer 2 .................................................................................... 721
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xviii © 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Configuring Cisco WLAN Layer 3 Security ..................................................................................... 722Using WebAuth at Layer 3 ...................................................................................................... 722
NAC ....................................................................................................................................................... 724EAP ................................................................................................................................................. 725802.1X .............................................................................................................................................. 727MAB ................................................................................................................................................. 729Enhanced FlexAuth ......................................................................................................................... 730Cisco IBNS ...................................................................................................................................... 731TrustSec .......................................................................................................................................... 732MACsec ........................................................................................................................................... 734
Endpoint Security ................................................................................................................................... 735Cisco AMP ....................................................................................................................................... 736Cisco Umbrella ................................................................................................................................ 737NGFW ............................................................................................................................................. 738
FTD Physical Interface Modes ............................................................................................... 738FTD Device Modes ................................................................................................................. 739
Firepower NGIPS .............................................................................................................................740Cisco ESA ........................................................................................................................................741Cisco WSA .......................................................................................................................................742Cisco Stealthwatch .......................................................................................................................... 744
Cisco Stealthwatch Cloud ....................................................................................................... 744Cisco Stealthwatch Enterprise ................................................................................................ 744
Cisco ISE ..........................................................................................................................................746Network Security Design With Cisco SAFE ...........................................................................................747Summary ................................................................................................................................................749Review Question 1 ................................................................................................................................. 750Review Question 2 ................................................................................................................................. 753Lab Exercises ........................................................................................................................................ 756
Module 9: Automation .................................................................................................................757
Overview ................................................................................................................................................ 758Objectives .............................................................................................................................................. 758Python Scripting .................................................................................................................................... 760
Python Variables and Output .......................................................................................................... 761Python String Formatting ................................................................................................................ 763Python Operators ............................................................................................................................ 764
Arithmetic Operators ............................................................................................................... 765Assignment Operators ............................................................................................................ 766Comparison Operators ........................................................................................................... 767Logical Operators ................................................................................................................... 768
Python Primitive Loops ................................................................................................................... 769Python Conditionals ........................................................................................................................ 770
Python if Blocks.................................................................................................................... 770
Content in these modules is available in the full version of the curriculum. Please visit www.boson.com for more information.
-
xix© 2020 Boson Software, LLC
ENCOR Curriculum Table of Contents
Python try-except Blocks .................................................................................................. 771Python and JSON ........................................................................................................................... 772
EEM ........................................................................................................................................................774EEM Applets .................................................................................................................................... 775EEM Variables and Built-In Environment Variables ........................................................................ 776Creating an EEM Applet .................................................................................................................. 777Event Configuration Commands ..................................................................................................... 778
Triggering Events Manually .................................................................................................... 779Synchronous and Asynchronous Processing.................................................................................. 780Action Configuration Commands .................................................................................................... 781Setting the _exit_status Variable ......