CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio (Cisco Networking Academy) - David Kotfila - 9781587132155 - Zertifizierung - Cisco Certification CCNP - Pearson Education Schweiz AG - Der Fachverlag fuer Bildungsmedien - 978-1-5871-3215-5
Home > Informatik > Zertifizierung > Cisco Certification CCNP > CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio (Cisco Networking Academy)

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio (Cisco Networking Academy)
Seite senden! 

Grosses Bild
Titel:   CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio (Cisco Networking Academy)
Reihe:   Cisco Press
Autor:   David Kotfila / Joshua Moorhouse / Ross Wolfson
Verlag:   Cisco Press
Einband:   Softcover
Auflage:   1
Sprache:   Englisch
Seiten:   408
Erschienen:   April 2008
ISBN13:   9781587132155
ISBN10:   1-58713-215-X
 
 Bestellen 
ISBN
Artikel
Verlag
S
 
Preis SFr
Verfügbar
 
9781587132155 CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio (Cisco Networking Academy)Cisco PressE 60.40
Produkt auf meiner Shopping-Liste notieren.

CCNP Implementing Secured Converged Wide-Area Networks (ISCW 642-825) Lab Portfolio (Cisco Networking Academy)

Description

Curriculum, Challenge, and Troubleshooting labs for the CCNP ISCW course from the Cisco Networking Academy Program

 

  • Review all the labs from the online CCNP ISCW curriculum from the Cisco Networking Academy Program
  • Master advanced networking topics with additional Challenge Labs written by industry and education experts
  • Gain insight into network maintenance with the bonus Troubleshooting labs

     

    The CCNP Implementing Secured Converged WANs (ISCW 642-825) Lab Portfolio provides Cisco Networking Academy Program students enrolled in the CCNP curriculum a powerful resource to help learn advanced networking topics. The lab book offers a convenient way to work on the labs that are in the online curriculum from the Networking Academy when they are not online, as well as additional Challenge and Troubleshooting labs written by the authors that give them more opportunities to practice, learn, and experience the advanced networking topics that they are studying.

     

    The course and Lab Portfolio align with the Implementing Secure Converged WANs (ISCW) 642-825 exam, teaching the advanced skills required to secure and enhance services in enterprise networks for teleworkers and remote sites. ISCW is one of four required exams for CCNP certification.

    		•

    Features

    Curriculum, Challenge, and Troubleshooting labs for the CCNP ISCW course from the Cisco Networking Academy Program

    • Review all the labs from the online CCNP ISCW curriculum from the Cisco Networking Academy Program
    • Master advanced networking topics with additional Challenge Labs written by industry and education experts
    • Gain insight into network maintenance with the bonus Troubleshooting labs
    Zum Seitenanfang

    Table of Contents

    Introduction

    Chapter 1 Remote Network Connectivity Requirements

    Lab 1-1: Lab Configuration Guide

    Chapter 2 Teleworker Connectivity

    Scenario: Configuring the CPE as the PPPoE Client

    Scenario: Configuring the CPE as the PPPoE Client over the ATM Interface

    Chapter 3 IPsec VPNs

    Lab 3-1: Configuring SDM on a Router (3.10.1)

        Scenario 7

        Step 1: Lab Preparation 7

        Step 2: Prepare the Router for SDM 7

        Step 3: Configure Addressing 8

        Step 4: Extract SDM on the Host 10

        Step 5: Install SDM on the PC 13

        Step 6: Run SDM from the PC 16

        Step 7: Install SDM to the Router 19

        Step 8: Run SDM from the Router 23

        Step 9: Monitor an Interface in SDM 24

    Lab 3-2: Configuring a Basic GRE Tunnel (3.10.2) 26

        Scenario 26

        Step 1: Configure Loopbacks and Physical Interfaces 26

        Step 2: Configure EIGRP AS 1 27

        Step 3: Configure a GRE Tunnel 28

        Step 4: Routing EIGRP AS 2 over the Tunnel 30

    Lab 3-3: Configuring Wireshark and SPAN (3.10.3) 33

        Scenario 33

        Step 1: Configure the Router 33

        Step 2: Install Wireshark and WinPcap 33

        Step 3: Configure SPAN on a Switch 39

        Step 4: Sniff Packets Using Wireshark 40

    Lab 3-4: Configuring Site-to-Site IPsec VPNs with SDM (3.10.4) 43

        Scenario 43

        Step 1: Configure Addressing 43

        Step 2: Configure EIGRP 44

        Step 3: Connect to the Routers via SDM 45

        Step 4: Configure Site-to-Site IPsec VPN via SDM 45

        Step 5: Generate a Mirror Configuration for R3 53

        Step 6: Verify the VPN Configuration Using SDM 56

        Step 7: Verify the VPN Configuration Using the IOS CLI 59

        Challenge: Use Wireshark to Monitor Encryption of Traffic 65

        TCL Script Output 70

    Lab 3-5: Configuring Site-to-Site IPsec VPNs with the IOS CLI (3.10.5) 74

        Scenario 74

        Step 1: Configure Addressing 74

        Step 2: Configure EIGRP 75

        Step 3: Create IKE Policies 76

        Step 4: Configure Preshared Keys 78

        Step 5: Configure the IPsec Transform Set and Lifetimes 78

        Step 6: Define Interesting Traffic 80

        Step 7: Create and Apply Crypto Maps 81

        Step 8: Verify IPsec Configuration 82

        Step 9: Verify IPsec Operation 83

        Step 10: Interpret IPsec Event Debugging 85

        Challenge: Use Wireshark to Monitor Encryption of Traffic 97

        TCL Script Output 103

    Lab 3-6: Configuring a Secure GRE Tunnel with SDM (3.10.6) 106

        Scenario 106

        Step 1: Configure Addressing 106

        Step 2: Configure EIGRP AS 1 107

        Step 3: Connect to the Router Using SDM 108

        Step 4: Configure an IPsec VTI Using SDM 108

        Step 5: Generate a Mirror Configuration for R3 117

        Step 6: Verify Tunnel Configuration Through SDM 120

        Challenge: Use Wireshark to Monitor Encryption of Traffic 124

        TCL Script Output 128

    Lab 3-7: Configuring a Secure GRE Tunnel with the IOS CLI (3.10.7) 133

        Scenario 133

        Step 1: Configure Addressing 133

        Step 2: Configure EIGRP AS 1 134

        Step 3: Configure the GRE Tunnel 134

        Step 4: Configure EIGRP AS 2 over the Tunnel 135

        Step 5: Create IKE Policies and Peers 136

        Step 6: Create IPsec Transform Sets 136

        Step 7: Define the Traffic to Be Encrypted 137

        Step 8: Create and Apply Crypto Maps 137

        Step 9: Verify Crypto Operation 138

        Challenge: Use Wireshark to Monitor Encryption of Traffic 139

    Lab 3-8: Configuring IPsec VTIs (3.10.8) 144

        Scenario 144

        Step 1: Configure Addressing 144

        Step 2: Configure EIGRP AS 1 145

        Step 3: Configure Static Routing 145

        Step 4: Create IKE Policies and Peers 147

        Step 5: Create IPsec Transform Sets 148

        Step 6: Create an IPsec Profile 148

        Step 7: Create the IPsec VTI 149

        Step 8: Verify Proper EIGRP Behavior 151

    Lab 3-9: Configuring Easy VPN with SDM (3.10.9) 154

        Scenario 154

        Step 1: Configure Addressing 154

        Step 2: Configure EIGRP AS 1 155

        Step 3: Configure a Static Default Route 156

        Step 4: Connect to HQ Through SDM 156

        Step 5: Configure Easy VPN Server Through SDM 156

        Step 6: Install the Cisco VPN Client 166

        Step 7: Test Access from Client Without VPN Connection 169

        Step 8: Connect to the VPN 169

        Step 9: Test Network Access with VPN Connectivity 175

        Step 10: Verify Easy VPN Functionality with SDM 176

        Step 11: Disconnect the VPN Client 178

    Lab 3-10: Configuring Easy VPN with the IOS CLI 180

        Scenario 180

        Step 1: Configure Addressing 180

        Step 2: Configure EIGRP AS 1 181

        Step 3: Configure a Static Default Route 181

        Step 4: Enable AAA on HQ 182

        Step 5: Create the IP Pool 182

        Step 6: Configure the Group Authorization 182

        Step 7: Create an IKE Policy and Group 182

        Step 8: Configure the IPsec Transform Set 184

        Step 9: Create a Dynamic Crypto Map 184

        Step 10: Enable IKE DPD and User Authentication 184

        Step 11: Install the Cisco VPN Client 185

        Step 12: Test Access from Client Without VPN Connection 187

        Step 13: Connect to the VPN 188

        Step 14: Test Inside VPN Connectivity 193

        Step 15: Verify VPN Operation Using the CLI 194

        Step 16: Disconnect the VPN Client 195

    Lab 3-11: IPsec Challenge Lab 196

    Lab 3-12: IPsec Troubleshooting Lab 198

        Initial Configurations 199

    Chapter 4 Frame Mode MPLS Implementation 205

    Lab 4-1: Configuring Frame Mode MPLS (4.5.1) 205

        Scenario 205

        Step 1: Configure Addressing 206

        Step 2: Configure EIGRP AS 1 206

        Step 3: Observe CEF Operation 207

        Step 4: Enable MPLS on All Physical Interfaces 209

        Step 5: Verify MPLS Configuration 210

        Step 6: Change MPLS MTU 215

    Lab 4-2: Challenge Lab: Implementing MPLS VPNs (4.5.2) 217

        Scenario 218

        Step 1: Configure Addressing 219

        Step 2: Configure Routing in the Service-Provider Domain 219

        Step 3: Configure MPLS in the SP Domain 220

        Step 4: Configure a VRF 221

        Step 5: Configure EIGRP AS 1 225

        Step 6: Configure BGP 227

        Step 7: Investigate Control Plane Operation 229

        Step 8: Investigate Forwarding Plane Operation 235

        Conclusion 238

    Chapter 5 Cisco Device Hardening 241

    Lab 5-1: Using SDM One-Step Lockdown (5.12.1) 241

        Scenario 241

        Step 1: Configure Addressing 241

        Step 2: Install Nmap on the Host 242

        Step 3: Run a Port Scan with Nmap 245

        Step 4: Prepare a Router for SDM 245

        Step 5: Use SDM One-Step Lockdown 246

        Step 6: Use Nmap to See Changes 249

        Conclusion 250

    Lab 5-2: Securing a Router with Cisco AutoSecure (5.12.2) 251

        Scenario 251

        Step 1: Configure the Physical Interface 251

        Step 2: Configure AutoSecure 251

    Lab 5-3: Disabling Unneeded Services (5.12.3) 259

        Scenario 259

        Step 1: Configure the Physical Interface 259

        Step 2: Ensure Services Are Disabled 259

        Step 3: Manage Router Access 260

        Step 4: Disable CDP 261

        Step 5: Disable Other Unused Services 261

        Step 6: Disabling Unneeded Interface Services 262

    Lab 5-4: Enhancing Router Security (5.12.4) 263

        Scenario 263

        Step 1: Configure the Physical Interfaces 263

        Step 2: Telnet to R1 264

        Step 3: Configure Cisco IOS Login Enhancements 265

        Step 4: Enforce a Minimum Password Length 269

        Step 5: Modify Command Privilege Levels 270

        Step 6: Create a Banner 273

        Step 7: Enable SSH 273

        Step 8: Encrypt Passwords 275

    Lab 5-5: Configuring Logging (5.12.5) 276

        Scenario 276

        Step 1: Configure the Interface 276

        Step 2: Install the Kiwi Syslog Daemon 276

        Step 3: Run the Kiwi Syslog Service Manager 277

        Step 4: Configure the Router for Logging 277

        Step 5: Verify Logging 279

        Step 6: Configure Buffered Logging 280

    Lab 5-6a: Configuring AAA and TACACS+ (5.12.6a) 283

        Scenario 283

        Step 1: Configure the Interface 283

        Step 2: Install CiscoSecure ACS 283

        Step 3: Configure Users in CiscoSecure ACS 288

        Step 4: Configure AAA Services on R1 292

    Lab 5-6b: Configuring AAA and RADIUS (5.12.6b) 294

        Scenario 294

        Step 1: Configure the Interface 294

        Step 2: Install CiscoSecure ACS 294

        Step 3: Configure Users in CiscoSecure ACS 299

        Step 4: Configure AAA Services on R1 303

    Lab 5-6c: Configuring AAA Using Local Authentication (5.12.6c) 305

        Step 1: Configure the Interface 305

        Step 2: Configure the Local User Database 305

        Step 3: Implement AAA Services 305

    Lab 5-7: Configuring Role-Based CLI Views (5.12.7) 307

        Scenario 307

        Step 1: Configure an Enable Secret Password 307

        Step 2: Enable AAA 307

        Step 3: Change to the Root View 308

        Step 4: Create Views 309

        Step 5: Create a Superview 312

    Lab 5-8: Configuring NTP (5.12.8) 313

        Scenario 313

        Step 1: Configure the Physical Interfaces 313

        Step 2: Set Up the NTP Master 314

        Step 3: Configure an NTP Client 314

        Step 4: Configure NTP Peers with MD5 Authentication 315

    Chapter 6 Cisco IOS Threat Defense Features 319

    Lab 6-1: Configuring a Cisco IOS Firewall Using SDM (6.6.1) 319

        Scenario 319

        Step 1: Configure Loopbacks and Physical Interfaces 320

        Step 2: Configure Routing Protocols 320

        Step 3: Configure Static Routes to Reach the Internet 321

        Step 4: Connect to FW Using SDM 322

        Step 5: Use the SDM Advanced Firewall Wizard 323

        Step 6: Modify the Firewall Configuration 331

        Step 7: Monitor Firewall Activity 334

        Conclusion 337

    Lab 6-2: Configuring CBAC (6.6.2) 338

        Scenario 338

        Step 1: Configure the Physical Interfaces 338

        Step 2: Configure Static Default Routes 339

        Step 3: Enable Telnet Access 339

        Step 4: Create IP Inspect Rules 339

        Step 5: Block Unwanted Outside Traffic 341

        Step 6: Verify CBAC Operation 341

    Lab 6-3: Configuring IPS with SDM (6.6.3) 344

        Scenario 344

        Step 1: Configure the Physical Interfaces 344

        Step 2: Configure Static Default Routes 345

        Step 3: Enable Telnet Access 345

        Step 4: Connect to FW Using SDM 345

        Step 5: Use the SDM IPS Rule Wizard 346

        Step 6: Verify and Modify IPS Behavior 353

        Challenge: Add a Signature 358

    Lab 6-4: Configuring IPS with CLI (6.6.4) 364

        Scenario 364

        Step 1: Configure Addressing 364

        Step 2: Configure Static Default Routes 365

        Step 3: Create and Apply an IPS Rule 365

        Step 4: Modify Default IPS Behavior 366

    Chapter 7 Case Studies 371

    Case Study 1: CLI IPsec and Frame-Mode MPLS 371

        Questions 372

    Case Study 2: Device Hardening and VPNs 373

     

    158713215x    TOC    2/28/2008
    Zum Seitenanfang

    Author

    David Kotfila, CCNP, CCAI, is the director of the Cisco Academy at Rensselaer Polytechnic Institute (RPI) in Troy, New York. Under his direction, 350 students have received their CCNA, 150 students have received their CCNP, and 8 students have obtained their CCIE. David is a consultant for Cisco, working as a member of the CCNP assessment group. His team at RPI has authored the four new CCNP lab books for the Academy program. David has served on the National Advisory Council for the Academy program for four years. Previously, he was the senior training manager at PSINet, a Tier 1 global ISP. When David is not staring at his beautiful wife, Kate, or talking with his two wonderful children, Chris and Charis, he likes to kayak, hike in the mountains, and lift weights.

     

    Joshua Moorhouse, CCNP, recently graduated from Rensselaer Polytechnic Institute (RPI) with a B.S. in computer science, where he also worked as a teaching assistant in the Cisco Academy. He currently works as a network engineer at Factset Research Systems in Norwalk, Connecticut. Josh enjoys spending time with his wife Laura, his family, and friends.

     

    Ross Wolfson, CCIE No. 16696, recently graduated from Rensselaer Polytechnic Institute (RPI) with a B.S. in computer science. He currently works as a network engineer at Factset Research Systems. Ross enjoys spending time with his friends, running, and biking.

     
    Zum Seitenanfang