Enterprise Networking, Security, and Automation Labs and Study Guide (CCNAv7)
Lab Companion Series

The only authorized Labs & Study Guide for the Cisco Networking Academy Enterprise Networking, Security, and Automation course in the CCNA curriculum

Each chapter of this book is divided into a Study Guide section followed by a Lab section.

The Study Guide section offers exercises that help you learn the concepts, configurations, and troubleshooting skills crucial to your success as a CCNA exam candidate. Each chapter is slightly different and includes some or all the following types of exercises:

• Vocabulary Matching Exercises
• Concept Questions Exercises
• Skill-Building Activities and Scenarios
• Configuration Scenarios
• Packet Tracer Exercises
• Troubleshooting Scenarios

The Labs & Activities include all the online course Labs and Packet Tracer activity instructions. If applicable, this section begins with a Command Reference that you will complete to highlight all the commands introduced in the chapter.

This book is offered exclusively for students enrolled in Cisco Networking Academy courses. It is not designed for independent study or professional certification preparation. Visit netacad.com to learn more about program options and requirements.Related titles: CCNA 200-301 Portable Command Guide Book: 9780135937822 eBook: 9780135937709 Enterprise Networking, Security, and Automation Companion Guide CCNAv7 Book: 9780136634324 eBook: 9780136634249 Enterprise Networking, Security, and Automation Course Booklet CCNAv7 Book: 9780136634737

Introduction xxvi

Chapter 1 Single-Area OSPFv2 Concepts 1

Study Guide 2

OSPF Features and Characteristics 2

OSPF Packets 5

OSPF Operation 8

Labs and Activities 13

Chapter 2 Single-Area OSPFv2 Configuration 15

Study Guide 16

OSPF Router ID 16

Point-to-Point OSPF Networks 19

Multiaccess OSPF Networks 21

Modify Single-Area OSPFv2 24

Default Route Propagation 28

Verify Single-Area OSPFv2 29

Labs and Activities 33

Command Reference 33

2.2.13 Packet Tracer—Point-to-Point Single-Area OSPFv2 Configuration 34

2.3.11 Packet Tracer—Determine the DR and BDR 37

2.4.11 Packet Tracer—Modify Single-Area OSPFv2 41

2.5.3 Packet Tracer—Propagate a Default Route in OSPFv2 44

2.6.6 Packet Tracer—Verify Single-Area OSPFv2 46

2.7.1 Packet Tracer—Single-Area OSPFv2 Configuration 50

2.7.2 Lab—Configure Single-Area OSPFv2 52

Chapter 3 Network Security Concepts 57

Study Guide 58

Current State of Cybersecurity 58

Threat Actors 60

Threat Actor Tools 62

Malware 65

Common Network Attacks 68

IP Vulnerabilities and Threats 71

TCP and UDP Vulnerabilities 75

IP Services 78

Network Security Best Practices 81

Cryptography 85

Labs and Activities 91

3.5.7 Lab—Social Engineering 91

3.8.8 Lab—Explore DNS Traffic 93

Chapter 4 ACL Concepts 101

Study Guide 102

Purpose of ACLs 102

Wildcard Masks in ACLs 103

Guidelines for ACL Creation 106

Types of IPv4 ACLs 107

Labs and Activities 110

4.1.4 Packet Tracer—Access Control List Demonstration 110

Chapter 5 ACLs for IPv4 Configuration 113

Study Guide 114

Configure Standard IPv4 ACLs 114

Modify IPv4 ACLs 117

Secure VTY Ports with a Standard IPv4 ACL 118

Configure Extended IPv4 ACLs 118

Labs and Activities 124

Command Reference 124

5.1.8 Packet Tracer—Configure Numbered Standard IPv4 ACLs 125

5.1.9 Packet Tracer—Configure Named Standard IPv4 ACLs 128

5.2.7 Packet Tracer—Configure and Modify Standard IPv4 ACLs 130

5.4.12 Packet Tracer—Configure Extended ACLs—Scenario 1 137

5.4.13 Packet Tracer—Configure Extended IPv4 ACLs—Scenario 2 142

5.5.1 Packet Tracer—IPv4 ACL Implementation Challenge 146

5.5.2 Lab—Configure and Verify Extended IPv4 ACLs 149

Chapter 6 NAT for IPv4 155

Study Guide 156

NAT Characteristics 156

Types of NAT 157

NAT Advantages and Disadvantages 158

Static NAT 159

Dynamic NAT 161

PAT 162

NAT64 165

Labs and Activities 166

Command Reference 166

6.2.7 Packet Tracer—Investigate NAT Operations 166

6.4.5 Packet Tracer—Configure Static NAT 170

6.5.6 Packet Tracer—Configure Dynamic NAT 172

6.6.7 Packet Tracer—Configure PAT 173

6.8.1 Packet Tracer—Configure NAT for IPv4 175

6.8.2 Lab—Configure NAT for IPv4 176

Chapter 7 WAN Concepts 185

Study Guide 186

Purpose of WANs 186

WAN Operations 188

Traditional WAN Connectivity 191

Modern WAN Connectivity 193

Internet-Based Connectivity 194

Labs and Activities 196

7.5.11 Lab—Research Broadband Internet Access Technologies 196

7.6.1 Packet Tracer—WAN Concepts 199

Chapter 8 VPN and IPsec Concepts 203

Study Guide 204

VPN Technology 204

Types of VPNs 207

IPsec 211

Labs and Activities 219

Chapter 9 QoS Concepts 221

Study Guide 222

Network Transmission Quality 222

Traffic Characteristics 224

Queuing Algorithms 225

QoS Models 229

QoS Implementation Techniques 231

Labs and Activities 236

Chapter 10 Network Management 237

Study Guide 238

Device Discovery with CDP and LLDP 238

NTP 241

SNMP 243

Syslog 245

Router and Switch File Maintenance 247

IOS Image Management 251

Labs and Activities 254

Command Reference 254

10.1.5 Packet Tracer—Use CDP to Map a Network 255

10.2.6 Packet Tracer—Use LLDP to Map a Network 259

10.3.4 Packet Tracer—Configure and Verify NTP 264

10.4.10 Lab—Research Network Monitoring Software 266

10.6.10 Packet Tracer—Back Up Configuration Files 269

10.6.11 Lab—Use Tera Term to Manage Router Configuration Files 271

10.6.12 Lab—Use TFTP, Flash, and USB to Manage Configuration Files 277

10.6.13 Lab—Research Password Recovery Procedures 290

10.7.6 Packet Tracer—Use a TFTP Server to Upgrade a Cisco IOS Image 293

10.8.1 Packet Tracer—Configure CDP, LLDP, and NTP 296

10.8.2 Lab—Configure CDP, LLDP, and NTP 298

Chapter 11 Network Design 305

Study Guide 306

Hierarchical Networks 306

Scalable Networks 309

Switch Hardware 310

Router Hardware 312

Labs and Activities 315

11.5.1 Packet Tracer—Compare Layer 2 and Layer 3 Devices 315

Chapter 12 Network Troubleshooting 319

Study Guide 320

Network Documentation 320

Troubleshooting Process 325

Troubleshooting Tools 330

Symptoms and Causes of Network Problems 333

Troubleshooting IP Connectivity 335

Labs and Activities 336

12.5.13 Packet Tracer—Troubleshoot Enterprise Network 336

12.6.1 Packet Tracer—Troubleshooting Challenge—Document the Network 343

12.6.2 Packet Tracer—Troubleshooting Challenge—Use Documentation to Solve Issues 346

Chapter 13 Network Virtualization 349

Study Guide 350

Cloud Computing 350

Virtualization and Virtual Network Infrastructure 351

Software-Defined Networking 353

Controllers 355

Labs and Activities 358

13.6.1 Lab—Install Linux in a Virtual Machine and Explore the GUI 358

Chapter 14 Network Automation 363

Study Guide 364

Automation Overview 364

Data Formats 365

APIs 367

REST 369

Configuration Management 371

IBN and Cisco DNA Center 372

Labs and Activities 378

TOC, 9780136634690, 8/6/2020

Cisco Networking Academy is an innovative Cisco education initiative that delivers information and communication technology skills to improve career and economic opportunities around the world. The Academy provides online courses, interactive tools, and lab activities to prepare individuals for information technology and networking careers in virtually every industry.

Author:

Allan Johnson entered the academic world in 1999, after 10 years as a business owner/operator, to dedicate his efforts to his passion for teaching. He holds both an M.B.A. and an M.Ed. in training and development. He taught CCNA courses at the high school level for 7 years and has taught both CCNA and CCNP courses at Del Mar College in Corpus Christi, Texas. In 2003, Allan began to commit much of his time and energy to the CCNA Instructional Support Team, providing services to Networking Academy instructors worldwide and creating training materials. He now works full time for Cisco Networking Academy as Curriculum Lead.

Technical Reviewer:

Dave Holzinger has been a curriculum developer, project manager, author, and technical editor for Cisco Networking Academy in Phoenix since 2001. Dave works on the team that develops Cisco Networking Academy’s online curricula, including CCNA, CCNP, and IT Essentials. He has been working with computer hardware and software since 1981. Dave has certifications from Cisco, BICSI, and CompTIA.