Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
25 views75 pages

Ccna2020 Nogjghhchh

Uploaded by

20501a05b9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views75 pages

Ccna2020 Nogjghhchh

Uploaded by

20501a05b9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 75

3/2/2020

Notes

Itexampractice.net

On February 24, 2020, Cisco released a new, consolidated CCNA exam.

1
3/2/2020

Cisco certificates
In 2019 Cisco redesigned all their certification paths.
New exam available
02.2020

06.2019
Changes announced

Cisco certificates
In 2019 Cisco redesigned all their certification paths.
Here are the key points:
✓ No ICND1 / CCENT anymore
✓ No CCNA Security, Wireless, Data Center….
✓ Specialist and Professional certifications
✓ No prerequisites for CCNP certs
✓ New recertification policies

2
3/2/2020

Cisco certificates
✓ CCNA
✓ Specialist
✓ CCNP
✓ CCIE
✓ DevNet

Implementing and Administering Cisco Solutions (CCNA)


Exam: 200-301
✓ 50-70 questions
✓ 120 minutes
✓ Multiple-choice questions, drag&drop, and simulations
Exam topics
https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna.html

Certification Exam Tutorial


http://www.cisco.com/web/learning/wwtraining/certprog/training/cert_exam_tutorial.html

Schedule an exam
http://www.pearsonvue.com/cisco

3
3/2/2020

How to study
✓ Go through all lectures
✓ Focus on basic concepts, subnetting, and labs
✓ Questions are important!
✓ Your own lab:
▪ Simulators, Emulators
▪ Your own lab (Cisco 890/880/860)
▪ Rack rentals

What is a network?
A network can be defined as two or more devices
(e.g. computers, printers, laptops, servers, routers)
that are linked together.

4
3/2/2020

What is a network?
Icons:

What is a network?
Connecting two PCs
We use a Network Interface Card (NIC) and a network cable.

10

5
3/2/2020

✓ Network types

11

Network types
LAN (Local Area Network) – covers a limited area, e.g. one building or one
office. The main network device is a switch.

12

6
3/2/2020

Network types
WAN (Wide Area Network) – covers a large area, connects at least two LANs.
The main network device is a router.

13

✓ Network devices

14

7
3/2/2020

Network devices
Router – connects two or more Local Area Networks (LANs). It is your
gateway and gives you access to the Internet.
A router decides how to route a message.

15

Network devices
Switch – connects devices in a
Local Area Network. It knows very
well where your device is.
It uses a special type of address
called a MAC address.

Hubs are L1 devices, they do not


know where a device is.

16

8
3/2/2020

Network devices

17

Network devices
Firewall – a device dedicated to network security, in most cases it is
a router as well and works as an edge device. Might include
additional features like AV, Spam filtering, IPS.

18

9
3/2/2020

Network devices
Access Point – works as a bridge between wireless and wired networks.
Allows you to connect to the network using a wireless card.

19

Network devices
Controller – simplifies admin tasks by centralizing all operations.
We have one device that controls and configures other devices.
Examples: Wireless LAN Controller (WLAN), Cisco DNA

20

10
3/2/2020

Network devices
Other devices
✓ Endpoints
✓ Servers
✓ Printers
✓ Console / Terminal servers
✓ Mobile devices: the BYOD concept

21

✓ IP addresses

22

11
3/2/2020

IP Address – identifies a network device. It is a unique


address that allows you to connect to the network. There are
two main versions: IPv4 (we use it now) and IPv6 (the next
generation IP address).

Default Gateway
– your router

23

DHCP (Dynamic Host Configuration Protocol)

24

12
3/2/2020

DNS (Domain Name System)– translates names into IP


addresses.

Commands:
ping
nslookup

25

✓ Communication types

26

13
3/2/2020

27

✓ Topologies

28

14
3/2/2020

29

Spine-leaf – let’s reduce the number of ’hops’


Spine switches represent the core layer.
Leaf switches represent the access layer.
A leaf switch connects to every spine switch. Spine switches

Leaf switches

Servers

Advantages:
improved redundancy, performance, and scalability.

30

15
3/2/2020

✓ Small office/home office (SOHO)


✓ The Cloud

31

✓ Let’s connect to a Cisco router

32

16
3/2/2020

Cisco IOS – software that runs on Cisco devices. When you


buy a new device, you get a copy of it, however you might
need a license to get some additional features.
We manage Cisco devices using the CLI (command line
interface).

Console

33

If you want to manage a Cisco device, you can:


✓ connect to it directly using a console cable
✓ connect to it remotely using telnet or ssh

34

17
3/2/2020

✓ Overview of the OSI model

35

The Open System


Interconnection
(OSI) model was
created in 1984 to
create one standard
for networking
hardware and
software.
There are 7 layers in
the OSI Model.

36

18
3/2/2020

Why do we need a model?


✓ Interoperability between multiple vendors
✓ Helps you break up complex issues (the layer approach)
✓ Much easier to fix a network, teach and learn concepts

37

✓ Layer 7
✓ Layer 6
✓ Layer 5

38

19
3/2/2020

The Application Layer (L7)


An interface and set of protocols used for communication.
NOTE: applications like Firefox, Outlook or IE do not work on
this layer, they use protocols that work at L7!

Examples of protocols:
DHCP, DNS, HTTP, SNMP, FTP, TFTP, SMTP

39

The Presentation Layer (L6)


Responsible for translation, conversion, compression and
encryption.
It helps the Application Layer process and shows a message.

Examples: JPEG, GIF, MIDI, ASCII

40

20
3/2/2020

The Session Layer (L5)


Keeps an eye on all sessions and downloads and makes sure
that a message arrives at the correct place.
This layer manages connections (opens and closes sessions).
Works very close with the Transport Layer.

41

The Transport layer (L4)


Responsible for communication
and message delivery.
The main protocols here are:
TCP and UDP

42

21
3/2/2020

The Transport layer (L4)


TCP
✓ Connection-oriented
✓ Reliable (acknowledgments and sequence numbers)
✓ Flow Control, windowing
✓ Stream oriented
✓ Slow, a bigger header (20 bytes)
✓ Used for reliable services: HTTP, SSH, TELNET, SMTP etc.

UDP
✓ Connectionless
✓ Unreliable, no acknowledgments
✓ No retransmissions. Best-effort only
✓ Message oriented
✓ Smaller header (8 bytes), faster than TCP
✓ Examples: streaming music and video, VOIP, TFTP, SNMP, DNS

43

The Transport layer (L4)

44

22
3/2/2020

The Three-Way Handshake

45

Windowing - window Size


The amount of data before getting an acknowledgement

46

23
3/2/2020

Port numbers
Allows a device to identify a service or process.
80 - HTTP
20/21 - FTP
23 – Telnet
25 - SMTP
110 - POP3
443 - HTTPS
3389 - RDP
53 - DNS

47

Port numbers

48

24
3/2/2020

The Network Layer (L3)


It is all about routers and routing.
There are two main functions here:
✓ Addresses for devices (IP)
✓ Forwarding messages (routing)

49

IP Addresses
An IP address is used to identify a device on the network. It
has to be a unique address in every local area network.
IPv4 – 32 bits, 4 octets
IPv6 – 128 bits

50

25
3/2/2020

IP Addresses

51

The Data Link Layer (L2)


It is all about switches and Local Area Networks.
The address we use is called a MAC Address, sometimes
called a physical or hardware address. It is learnt by switches
to locate hosts on the network.
There are two sub-layers:
✓ Media Access Control (MAC)
✓ Logical Link Control (LLC)

52

26
3/2/2020

MAC Address
A MAC address is assigned to NICs by manufacturers.
48 bits, 12 hex numbers.
MAC addresses are stored in
the CAM table on a switch.

53

ARP
The Address Resolution Protocol (ARP)
Translates IP addresses into MAC addresses

On Cisco devices: show arp

54

27
3/2/2020

ARP
Capture an ARP message using Wireshark

55

Collision and Broadcast Domains

56

28
3/2/2020

Collision and Broadcast Domains

57

CSMA/CA and CSMA/CD


Carrier Sense Multiple Access with Collision Avoidance
(CSMA/CA)
Check if it is OK to transmit, used for wireless networks.

Carrier Sense Multiple Access with Collision Detection


(CSMA/CD)
Just send data, if a collision occurs, we can detect it.

Thanks to full duplex and switches we do not need CSMA/CD

58

29
3/2/2020

Physical Layer (L1)


It is all about cables and bits here!

59

Physical Layer (L1)


Speeds and standards
✓ Fast Ethernet
✓ Gigabit Ethernet
✓ 10-Gigabit Ethernet

In most cases an interface will autonegotiate all settings


(speed and duplex).

60

30
3/2/2020

Physical Layer (L1)

61

Physical Layer (L1)

62

31
3/2/2020

Physical Layer (L1)


Fiber Optic Cables

63

Physical Layer (L1)


Fiber Optic Cables

64

32
3/2/2020

Physical Layer (L1)

65

Physical Layer (L1)

66

33
3/2/2020

Physical Layer (L1)


Power Over Ethernet (PoE)
If you buy a PoE switch and a PoE device (e.g. an IP camera),
you will not need a power supply anymore.
PoE allows network cables to carry electrical power.
The main standards are: IEEE 802.3af and 802.3at (PoE+).
PoE+ offers a maximum of 30 Watts per switch port. (the old standard offered 16.8 Watts)

67

✓ TCP/IP vs OSI
✓ Encapsulation

68

34
3/2/2020

TCP/IP vs OSI

69

Encapsulation

70

35
3/2/2020

✓ Challenge!

71

Communication

72

36
3/2/2020

✓ Our first lab

73

Modes:
✓ User Exec Mode
✓ Privileged Mode
✓ Global Configuration Mode
✓ Interface Configuration Mode

74

37
3/2/2020

Hardware

75

Passwords
✓ Enable password
✓ VTY, Console, Aux (Lines)

You can use a password, local database or a dedicated


server.

To connect to a router remotely, we use telnet (clear text)


or ssh (more secure).

76

38
3/2/2020

Our Lab:
✓Hostname and Domain Name
✓ IP addresses
✓ Passwords
✓ Telnet and SSH access
✓ Backup G0
10.10.10.111
255.255.255.0

77

Basic Show Commands


✓show running-config - show the running configuration file (stored in RAM)
✓show startup-config – show the startup configuration file (stored in NVRAM)
✓show cdp neighbor - show directly connected Cisco devices /use the detail command to view IPs/
✓show ip interface brief – verify interface information, status, and IP addresses
✓show interfaces – detailed information about interfaces
✓show version – verify the IOS and ROM version, memory, boot-up options, uptime etc.
✓show inventory – show detailed information about hardware
✓show protocols - show protocols
✓show ip protocols – show routing protocols
✓show clock - show date and time on a router
✓show flash – show files saved in flash (IOS)
✓show ip route - show the routing table
✓show arp - show the arp cache

78

39
3/2/2020

79

Routers choose the best path to get to a destination. There


are two main types of routing:
✓ Static
✓ Dynamic
(RIP, EIGRP, OSPF, BGP)

Routers keep all information in the routing table, they check


it to decide how to route a packet.

80

40
3/2/2020

Routers use the metric to decide how good a path is. Lower
is better.
If a router is presented with two or more paths to a
destination from two different routing protocols, it uses the
administrative distance to decide which path to use.

81

ip route 1.1.1.0 255.255.255.0 192.168.1.5


destination address subnet mask next hop / exit interface

82

41
3/2/2020

G1 G1 G0 G0

10.10.10.151 10.10.10.152

83

Default route
If a router does not have a more specific route, it will use the
default route to forward a packet.

ip route 0.0.0.0 0.0.0.0 x.x.x.x

84

42
3/2/2020

Process switching
Every single packet is analyzed by the router using the CPU.

Fast switching
A router checks the first packet in a flow using the CPU.

Cisco Express Forwarding (CEF)


Works like a pre-built cache. There are two tables: Adjacency
Table and Forwarding Information Base (FIB).
Use the ip cef command to enable it.

85

Dynamic Routing Protocols allow routers to exchange


information and build/update the routing table
automatically for you. Great if there is a failure on a link!

86

43
3/2/2020

✓ Interior Gateway Protocol (IGP) – one Autonomous System


✓ Exterior Gateway Protocol (EGP) – between Autonomous
Systems

87

✓ Distance Vector Routing Protocols (RIP, EIGRP)


✓ Link-state Routing Protocols (OSPF)

88

44
3/2/2020

OSPF
✓ Open standard
✓ Uses Areas to separate the network
✓ The Backbone is Area 0
✓ Triggered updates
✓ Forms neighbors
✓ Supports VLSM and authentication
✓ Uses the SPF algorithm to find paths
✓ Uses multicast 224.0.0.5 (hello packets) and 224.0.0.6 (DR)
✓ CPU intensive
✓Not easy to implement and manage

89

OSPF

90

45
3/2/2020

OSPF
Hello: every 10 seconds, the dead timer: 40 seconds
(for some networks it is 30/120 seconds).
The Link-State Advertisement (LSA) is a special message used by
OSPF routers to build the database table.

Show commands:
show ip ospf neighbor
show ip route
show ip ospf database
show ip ospf
debug ip ospf xxx

91

Passive Interface
ip ospf passive-interface

Use it to prevent an interface from forming a neighbor and


exchanging routing information. Please note that it does not
remove the network from OSPF updates on other interfaces.

92

46
3/2/2020

OSPF cost
Metric for OSPF is called the cost.

Reference bandwidth (Mbps)


Cost= ---------------------------------------
Interface bandwidth (Mbps)

For example,
a link of 10Mbps is: 100/10 = cost of 10
a link of 100Mbps is 100/100 = cost of 1

93

Reference bandwidth (100Mbps)


--------------------------------------------
Interface bandwidth
OSPF cost
COST 1
100Mbps

COST 1
COST 1
100Mbps 100Mbps

COST 10 COST 10
100Mbps 10Mbps 10Mbps 100Mbps
COST 1
The red path= 1+1+1+1 = 4
The green path= 10+10+1 = 22

94

47
3/2/2020

OSPF cost
Wildcard mask
255.255.255.0
10.10.10.151 /24
255.255.255.255
- 255.255.255.0 255.255.255.0 = subnet mask
----------------------------- 0.0.0.255 = Wildcard bits
0.0.0.255
0.0.0.0 = wildcard bits (a single IP)

95

Switching Modes
Store and Forward
A switch has to wait for the whole frame to arrive, perform a CRC and then
forward a frame.
Cut-through
A switch needs the destination MAC address of a frame only (first 6 bytes). Much
faster than Store and Forward.
Fragment-Free
A switch will wait for the first 64 bytes of a frame to make sure the frame is OK.

96

48
3/2/2020

If you know how to configure a Router, you know how to


configure a switch!

✓ Hostname and Domain Name


✓ IP addresses
✓ Passwords
✓ Telnet and SSH access
✓ Default gateway

97

A Virtual Local Area Network (VLAN)


Allows you to group users and end devices in a logical way.
Remember:
VLAN = broadcast domain

98

49
3/2/2020

A Virtual Local Area Network (VLAN)


The standard we use today for VLANs is dot1q (802.1q).
There is an old standard ISL (Cisco proprietary) as well.
A switch tags a frame with VLAN information and
recalculates the original Frame Check Sequence (FCS) value.
All ports on a new Switch belong to VLAN 1 (default VLAN).

99

A Virtual Local Area Network (VLAN)


If you want to send a frame with VLAN information between
two switches, you need a trunk to be formed.

100

50
3/2/2020

Dynamic Trunking Protocol (DTP)


A trunk can be negotiated between two switches using DTP.
Modes:
✓ Dynamic Desirable
✓ Dynamic Auto
✓ Trunk
✓ Nonegotiate
✓ Access

101

Management PC Management VLAN = VLAN 1 – 1.1.1.0/29


.5 Use Cisco 3560, dot1q for trunking
F0/9 SW1 = first usable IP address
SW2 = last usable IP address
F0/2 F0/2
.1 F0/1 F0/1 .2
The yellow VLAN = 5 The green VLAN = 6
SW1 SW2 6.6.6.0 /25
5.5.5.0 /25
.1 F0/7 F0/7 .2

102

51
3/2/2020

Native VLAN
If your switch receives a frame with no VLAN information, it
assumes this frame belongs to the Native VLAN.
Switches do not tag frames that belong to the native VLAN.

103

VLAN Trunk Protocol (VTP)


Allows switches to exchange VLAN information.
Modes:
✓ Server
✓ Client
✓ Transparent

104

52
3/2/2020

Inter-VLAN Routing

105

First hop redundancy protocols (FHRP)

R1: 10.10.10.151
R1 R2: 10.10.10.152
What about the default Gateway for our PC?

R2

FHRP protocols use a virtual IP (VIP) address.


FHRP protocols: HSRP, VRRP, GLBP

106

53
3/2/2020

Spanning Tree Protocol


Designed to prevent loops in the network. Enabled on all
switches by default.

107

Spanning Tree Protocol


Designed to prevent loops in the network. Enabled on all
switches by default.

108

54
3/2/2020

Spanning Tree Protocol

109

Spanning Tree Protocol


Port roles:
Root port, Designated port, Alternate port, Backup port

Port states:

110

55
3/2/2020

Spanning Tree Protocol

111

Spanning Tree Protocol


MAC
G0/1 G0/1 00bb.6038.6dfd

F0/11 G0/2
MAC
00eb.9038.edfd

F0/11 G0/2

MAC
001b.9038.edfd

112

56
3/2/2020

EtherChannels – Link aggregation

113

EtherChannels – Link aggregation

Protocols:
PAgP (Cisco proprietary)
LACP (IEEE standard)
PAgP Modes: ON, DESIRABLE, AUTO
LACP Modes: ON, ACTIVE, PASSIVE

114

57
3/2/2020

Port Security
Lock down your switch and make sure that nobody can
connect a hub, SOHO router or another PC!

switchport port-security
show port-security interface xxx

✓ MAC address sticky


✓ Max number of MAC addresses

115

Port Security
Violation modes:
✓ Shutdown (the default option)
✓ Protect
✓ Restrict

switchport port-security violation

116

58
3/2/2020

An ACL can be used to filter information for security reasons


or to match traffic that you need (e.g. for NAT or QoS).

Types:
✓ Standard (1-99)
(based on a source address only)
✓ Extended (100-199)
(based on source and destination addresses and protocol)

117

✓One ACL per interface, per protocol, and direction


✓ More specific rules at the top
✓ The implicit deny at the end of every ACL
✓ Apply a Standard ACL as close to the destination as possible
✓ Apply an Extended ACL as close to the source as possible
✓ Take advantage of named ACLs and sequence numbers

118

59
3/2/2020

✓ Do not use VLAN 1


✓ Change the Native VLAN
✓ Move all unused ports to a special VLAN, shut them down
✓ Encrypt all passwords
✓ Create a good banner
✓ Use Radius or Tacacs+
✓ Enable monitoring (SNMP, Netflow, Syslog)

119

Network Address Translation (NAT)


Allows a router to “hide” private IP addresses. We cannot
use private IP addresses on the Internet and need NAT to be
enabled.

120

60
3/2/2020

Network Address Translation (NAT)

121

Types of NAT
Static NAT (1-to-1)
Maps a single private IP address to a single
public IP address.
Dynamic NAT
Maps private IP addresses to a pool of public IP
addresses.
Port Address Translation (PAT, NAT overload)
Maps private IP addresses using a single public
IP.

122

61
3/2/2020

L0 G0
Internet
192.168.1.0/24 R1 10.10.10.111

123

RDP to PC1
G0
PC1 Internet
R1 10.10.10.111 PC2
VLAN1
.111 192.168.9.0/24

124

62
3/2/2020

IP Services
Network Time Protocol (NTP)
Allows your router to sync time and date. Your router can be
an NTP client or server. You can also sync with some public
NTP servers.
Router(config)# ip nameserver x.x.x.x
Router(config)# ntp server x.x.x.x

Verify: show ntp associations

125

Dynamic Host Configuration Protocol (DHCP)


Your router, L3 switch or firewall can be a DHCP Server.

ip dhcp excluded-address 172.16.1.1 172.16.1.20

ip dhcp pool POOLNAME


network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 172.16.1.5
lease 3 23 59

IP Helper Address = DHCP relay agent

126

63
3/2/2020

Syslog
Level Name Description Syslog
0 emergencies Unstable operations LOG_EMERG
1 alerts Immediate action needed LOG_ALERT
2 critical Critical conditions LOG_CRIT
3 errors Error conditions LOG_ERR
4 warnings Warning conditions LOG_WARNING
5 notifications Normal but significant problem LOG_NOTICE
6 informational Informational messages LOG_INFO
7 debugging Debugging messages LOG_DEBUG

127

SNMP
The Simple Network Management Protocol is used to
monitor remote devices and receive alerts.

Management Information Base (MIB) keeps information


about a device or application. Each MIB variable is
identified by an object identifier (OID).

128

64
3/2/2020

SNMP
Versions:
✓ SNMP version 1
✓ SNMP version 2c
✓ SNMP version 3
SNMPv3
noAuthNoPriv – Username, no encryption
authNoPriv – MD5 or SHA1 authentication, no encryption
authPriv – MD5 or SHA1 authentication, encryption

129

QoS (Quality of Service)


✓Bandwidth
✓Delay
✓Jitter
✓Loss
We use Modular Quality of Service Command-Line Interface (MQC):
✓ Create a class-map, which categorizes traffic types
✓ Create a policy-map and apply it (what to do with this class-map)

✓Take advantage of the Network Based Application Recognition (NBAR) protocol


✓CoS (L2) and DSCP (L3) marking
Read more:
✓Police or shape? http://www.ciscopress.com/articles/article.asp?p=352991&seqNum=5

130

65
3/2/2020

✓ 128 bits (a huge address space)


✓ Smaller and simpler header
✓ No broadcast, all about multicast (FF00::/8)
✓ Improved security
✓ Link-local addresses (FE80::/10)
✓ New address type – Anycast (one to the nearest)
✓ Private IPs are called unique local addresses (FC00::/7)
✓ Public, routable IPs are called Global Unicast addresses (2000::/3)
Example of an IPv6 address
2001:AAAA:0000:0000:0000:0000:1234:0001

131

EUI-64 Bit Address


Hosts can generate their own IPv6 address using this method.

2001:AAAA:0000:0000:0000:0000:1234:0001

132

66
3/2/2020

To enable IPv6 globally:


ipv6 unicast-routing

IP address:
ipv6 address 2001:::1/64

OSPFv3:
ipv6 router ospf 1
router-id 1.1.1.1
ipv6 enable
ipv6 ospf 1 area 0

133

Overview
IEEE 802.11 – describes wireless standards

IEEE 802.11i = security standards

802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, 802.11ax

134

67
3/2/2020

Overview

135

Overview
Channels
Clear Channel Assessment (CCA)
2.4Ghz – 1,6,11 are non-overlapping channels.
Use 5Ghz if possible (more non-overlapping channels).

APs offer a cool feature called Dynamic Frequency Selection (DFS)

136

68
3/2/2020

Security
WEP
TKIP (WPA)
AES (WPA2)

The latest standard – WPA3

137

Security
WPA3
✓Larger Session Key Sizes
✓Simultaneous Authentication of Equals (SAE) replacing the Pre-Shared Key (PSK)
✓ Brute-force prevention
✓ Individual Data Encryption for open networks
✓ Dragonfly Handshake (improved handshake)
✓Uses the forward secrecy concepts (known as PFS)

138

69
3/2/2020

APs
Standalone (autonomous) vs controller-based (Wireless LAN Controller - WLC)

Control and Provisioning of Wireless Access Points Protocol (CAPWAP)


Lightweight Access Point Protocol (LWAPP)

Advantages of WLCs:
- Centralized configuration
- Security
- Roaming
- Optional features

139

Security concepts
✓AAA (authentication, authorization, and accounting)
✓Threats and vulnerabilities
✓ Kali Linux as an excellent platform to learn ethical hacking

140

70
3/2/2020

VPNs

141

Vectors
An attack vector describes a path someone can use to gain access to
a computer system.

Examples of attack vectors:


✓Online viruses
✓Social engineering
✓Key loggers
✓Spoofing
✓Software and hardware vulnerabilities (e.g. Meltdown/Spectre)

142

71
3/2/2020

DHCP Snooping
We do not want to allow arogue DHCP server start offering IP
addresses to DHCP clients

Rogue DHCP

DHCP Server
Switch(config)#ip dhcp snooping
Switch(config)# interface f0/1
Switch(config-if)#ip dhcp snooping trust

143

Man in the Middle (MitM) – ARP poisoning

192.168.1.4
CCC
192.168.1.1
AAAA

192.168.1.3
BBB

Arp –a Arp –a
192.168.1.1 AAA 192.168.1.1 CCC

144

72
3/2/2020

ARP inspection
Dynamic ARP Inspection (DAI) validates all ARP packets and
protects you against a man-in-the-middle attack.

DAI relies on DHCP Snooping.

ip arp inspection trust


ip arp inspection vlan 1-2

145

Automation / Programming / Monitoring


The cloud and SAAS solutions
Virtual Machines
Configuration management mechanisms: Puppet, Chef, and Ansible
Controller-based networking
Device management with Cisco DNA Center

146

73
3/2/2020

API and JSON


REST – Representational State Transfer
API – Application Programming Interface
JSON - JavaScript Object Notation
XML - Extensible Markup Language

CRUD/HTTP
Action HTTP
Create PUT / POST
Read (Retrieve) GET
Update POST / PUT / PATCH
Delete DELETE

147

Virtual Machines and the Cloud


A virtual machine (VM) is an emulation of a computer system;
A VM runs an operating system on shared hardware resources.

Examples:
VMware
Hyper-V
Oracle VirtualBox

148

74
3/2/2020

Terms you need to know - SDN


✓Data plane (forwarding plane) – 802.1q, ACL, NAT, port security
✓Control plane (decides how and what to do) – OSPF, ARP, STP
✓Management Plane (telnet, ssh)
✓SDN Controllers (centralize the control of the networking devices)
✓Southbound Interface (an interface between the controller and devices)
Protocols: OpenFlow, OpFlex
✓Northbound Interface (allows other programs to use the data)
✓Application Program Interfaces (APIs)

149

75

You might also like