A comprehensive approach to wireless security focuses on the following areas: Identifying the endpoints of a wireless connection Identifying the end user (authentication) Protecting the wireless data from eavesdroppers (encryption)

the operation of a BSS hinges on the AP, the BSS is bounded by usable. This is known as thebasic service area (BSA)or cell. the area where the AP’s signal is

multiple VLANs must be brought to it over a trunk link. The wireless side of an AP inherently trunks 802.11 frames by marking them with the BSSID of the WLAN where they belong.

The data path from the wireless network to the wired network is very short; the autonomous AP links the two networks. Data to and from wireless clients does not have to travel up into the cloud and back; the cloud is used to bring management functions into the data plane. the network in Figure 27-3 consists of two distinct paths—one for data traffic and another for management traffic, corresponding to the following two functions:

Leased-Line WANs Physical Details of Leased Lines predetermined speed Full DuplexUses two pairs of wires one for each direction Conceptually crossover Leased Circuit Electrical circuit (line) between 2 endpoints Serial Link (line) Bits flow seriallyRouters use serial interfaces Point to point link (line) two points only T 1.544 Mbps WAN link General term Private Line Data is private Leased line specifies layer 1HDLC and PPP are the most popular Layer 2 protocols used on leased lines HDLC HDLC Data-Link Details of Leased Lines

1.0 Network Fundamentals 1.2 Describe the characteristics of network topology architecture 1.2.d WAN 5.0 Security Fundamentals 5.5 Describe remote access and site-to-site VPNs Metro Ethernet Customers connect to a Metro Ethernet service with either routers or Layer 3 switches.

Virtual LAN Concepts # reasons for choosing to create smaller broadcast domains (VLANs): -reduce CPU overhead on each devicereduce security risks different security policies per VLAN more flexible designs that -group users by department, or by groups that work together, instead of by physical location solve problems more quickly-failure domain for many problems is the same set of devices as those in the same broadcast domain reduce the workload for the Spanning Tree Protocol (STP) -by limiting a VLAN to a single access switch 802.1q and ISL 802.1Q -inserts a 4-byte 802.1Q VLAN header into the Ethernet header 12 - bit VLAN ID field inside the 802.1Q header –supports a theoretical maximum of 212 (4096) VLANs, but in practice it supports a maximum of 4094. Both 802.1Q and ISL use 12 bits to tag the VLAN ID, withtwo reserved values [0 and 4095]. 802.1q header includes Type, priority, Flag, Vlan ID normal–1 to 1005. all switches can use-range Only some switches can use 1006 to 4094 depends on the configuration of the VLAN Trunking Protocol (VTP) Extended range Cisco switches break the range of VLAN IDs (1–4094) into the normal range and the extended range. 231852+ 802.1Q simply does not add an 802.1Q header to frames in the native VLAN #show vlan brief VLAN Trunking Protocol (VTP) vtp mode transparent vtp mode off -The server switches can configure VLANs in the standard range only (1The client switches cannot configure VLANs. –1005). Both servers and clients may be learning new VLANs from other switches and seeing their VLANs deleted by other switches because of VTP. If your switch usesVTP server or client mode show running - does not list any vlan commands - confi g show vtp status If possible to learn more about VTP for other purposes.in the lab, switch to disable VTP and ignore VTP for your switch configuration practice until you decide negotiate ISL or 802.1q If both switches support both protocols, they use ISL; -otherwise, they use the protocol that both support. Dynamic Trunking Protocol (DTP). switchport trunk encapsulation {dot1q | isl | negotiate} - configure the type or allow DTP to negotiate the type. Access-always access trunk-always trunk dynamic desirable--initiates negotiation messages and responds to negotiation messagesAccess if other side is access, otherwise trunk dynamic auto-passively waits to receive trunk negotiation messages VLAN Trunking Configuration

Problem Isolation Using the ping Command functions as part of Layer 3, as a control protocol to assist IP by helping manage the IP network functions. Ping options The name or IP address of the destination,

Configure set poe interface ge-0/0/0 disable commit rollback 1 commit

ApplicationTransport NetworkData Link Physical Application Layer services for applications http provides interface between software and the network ○ HTTP Header GET home.html ○ HTTP Header OK/ Data Same layer interaction on different computers

Tuesday, September 28, 2021 2:44 PM switchport port - predefine any allowed source MAC addresses for this interface. - security mac-address mac-address (Optional) tell the switch to “sticky learn” dynamically learned MAC addresses. (Optional)- switchport port-security mac-address sticky switchport port - enables port security, with all defaults - security defines a specific source MAC address. With the default maximum source address setting of 1 switchport port - - security mac-address 0200.1111.1111 default violation action disable the interface. Port security does not save the configuration of the sticky addresses - use the copy running-config startup-config command if desired. make sure to configure the maximum MAC address to at least two (one for the phone, or for a PC connected to the phone) voice ports- the port security configuration should be placed on the portthan the individual physical interfaces in the channel. -channel interface, rather EtherChannels voice ports and EtherChannels Verifying Port Security

1.0 Network Fundamentals1.1 Explain the role and function of network components 1.1.b L2 and L3 Switches1.13 Describe switching concepts 1.13.a MAC learning and aging1.13.b Frame switching 1.13.c Frame flooding1.13.d MAC address table 2.0 Network Access2.5 Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations Overview of Switching Logic

1.0 Network Fundamentals1.1 Explain the role and function of network components 1.1.b L2 and L3 switches1.4 Describe switching concepts Configuring Speed, Duplex, and Description - autonegotiate○○What speed to useenabled by default **duplex {auto | full | half} and speed {auto | 10 | 100 | 1000}** ○configure the speed and duplex settings **(config** - add a text description to the interface **- int) # description** _text_ **show interfaces status** - lists port #, Name, status, vlan, duplex, speed, and type a-full and aa-means that the listed speed and duplex values were autonegotiated.- 100 IEEE autonegotiation (IEEE standard 802.3u)

Routers first learn connected routes, which are routes for subnets attached to a router interface. Routers can also use static routes, which are routes created through a configuration command (ip route) that tells the router what route to put in the IPv4 routing table. And routers can use a routing protocol, in which routers tell each other about all their known routes, so that all routers can learn and build routes to all networks and subnets.

2.0 Network Access 2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)2.5 Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations 2.5.a Root port, root bridge (primary/secondary), and other port names2.5.b Port states (forwarding/blocking) 2.5.c PortFast benefits RSTP is most common nowCisco defaults to RSTP MAC table instability The switches arrive on different ports.MAC address tables keep changing because frames with the same source MAC Broadcast storms forwarding of a frame repeatedly on the same links Multiple frame transmission side effect of looping framesMultiple copies are delivered to a host, confusing the host. What Spanning Tree Does interfaces does not process any frames except STP/RSTP messages and some other overhead messages blocking state STP Convergence switches collectively realize that something has changed in the LAN topology determine whether they need to change which ports block and which port forward How Spanning Tree works three criteria to choose whether to put and interface in forwarding state: STP puts all working interfaces on the root switch in forwarding state elect a root switch. select the port with the least administrative cost (root port)– cost between itself and the root switch (root cost) (root cost path)root port (RP) gets put in a forwarding state That switch is the designated switch, and that switch’s interface, attached to that The switch with the lowest root cost, as compared with the other switches attached to the same link, is placed in forwarding state. nonroot switches Spanning Tree Protocol Concepts

1.0 Network Fundamentals 1.1 Explain the role and function of network components 1.1.e Controllers (Cisco DNA Center and WLC) 6.0 Automation and Programmability 6.1 Explain how automation impacts network management 6.2 Compare traditional networks with controller-based networking 6.3 Describe controller-based and software defined architectures (overlay, underlay, and fabric) 6.3.a Separation of control plane and data plane 6.3.b Northbound and southbound APIs 6.4 Compare traditional campus device management with Cisco DNA Center enabled device management

This chapter covers the following exam topics: 5.0 Security Fundamentals 5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques) 5.2 Describe security program elements (user awareness, training, and physical access control) 5.4 Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics) 5.8 Differentiate authentication, authorization, and accounting concepts

Thursday, September 23, 2021 10:32 AM - MD5 # Type 8 SHA- 256 enable algorithm-type sha256 secret password Type 9 SHA- 256 enable algorithm-type scrypt secret password New enable secret commands with different algorithm types replace any existing enable secret command. - # Encoding the Passwords for Local Usernames Username secret command Encoding username name [algorithm-type md5] secret password username username namename algorithmalgorithm–type shatype scrypt secret -256 secret passwordpassword

2.0 Network Access2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP) 2.5 Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations2.5.a Root port, root bridge (primary/secondary), and other port names 2.5.b Port states (forwarding/blocking)2.5.c PortFast benefits Most network engineers make the distribution layer switches be the root. STP Modes and Standards Three options to configure on the spanninguse -tree mode command, which tells the switch which type of STP to and STPtheswitches do not support STP or RSTP with the single tree (CST)-based PVST+, Cisco-proprietary and RSTP-based RPVST+, or the IEEE standard MSTP.. They can use either the Cisco-proprietary

A. Use the sdm prefer lanbase-routing command (or similar) in global configuration mode to change the switch forwarding ASIC settings to make space for IPv4 routes at the next reload of the switch.

The configuration of IP addresses differs in some ways, with switches using a VLAN interface and routers using an IP address configured on each working interface. switches do not have auxiliary ports. Layer 2 switches support the show mac address-table command, while Cisco routers do not. routers support the show ip route command, while Cisco Layer 2 switches do not. Layer 2 switches use the show interfaces status command to list one line of output per interface (and routers do not) show protocols 15 - 6 and the IP address and mask configured on those same interfaces.command. This command confirms the state of each of the three R1 interfaces in Figure

The configuration of IP addresses differs in some ways, with switches using a VLAN interface and routers using an IP address configured on each working interface. switches do not have auxiliary ports.

6.0 Automation and Programmability 6.5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding) 6.7 Interpret JSON encoded data The configuration of network devices or report facts about the state of the network.software analyzes data in the form of variables,makes decisions based on that analysis, and then may take action to change the

There are a lot of great CCNA resources out there. This list does not include all of them. Only the ones that I personally used to pass the CCNA 200-301 exam.

Friday, August 27, 2021 9:44 AM To see the setting, use the show ip ospf interface command,as shown in Example 21-4. The first highlighted item identifies the network type ip ospf network broadcast interface subcommand would configure the setting. Configuring to Influence the DR/BDR Election If the DR fails, the BDR becomes the DR, and a new BDR is elected. Preemption:If a new router is configured to be the DR, it will not become the DR until the OSPF process is reset.

Thursday, August 26, 2021 2:45 PM The information to match each of these three steps, respectively. show ip ospf neighbor, show ip ospf database, and show ip route commands display FULL/ use a DR/BDR.-: The neighbor state is full, with the “-“ instead of letters meaning that the link does not FULL/DR: The neighbor state is full, and the neighbor is the DR. FULL/BDR: The neighbor state is full, and the neighbor is the backup DR (BDR). FULL/DROTHER: implies that the local router is a DR or BDR because the state is FULL.)The neighbor state is full, and the neighbor is neither the DR nor BDR. (It also 2WAY/DROTHER: The neighbor state is 2-way, and the neighbor is neither the DR nor BDR—that is, a DROther router. (It also implies that the local router is also a DROther router because otherwise the state would reach a full state.) Verifying OSPF Configuration If you have configuration.enable mode access, use the show running-config command to examine the If you have only configuration. user mode access,use the show ip protocols command to re-create the OSPF Use the show ip ospf interface [brief] command to determine whether the router enabled OSPF on the correct interfaces or not based on the configuration. show ip ospf interface brief showing all the interfaces on which OSPF has been enabledcommand shown here. It lists one line per interface, with the list

Thursday, August 26, 2021 1:37 PM metric. If the network topology changeshave failed and pick a new currently best route. (This process is called convergence.)—for example, a link fails—react by advertising that some routes IP routing protocols fall into one of two major categories: interior gateway protocols (IGP) or exterior gateway protocols (EGP). IGP: A routing protocol that was designed and intended for use inside a single autonomous system (AS) EGP:A routing protocol that was designed and intended for use between different autonomous systems AnAS is a network under the administrative control of a single organization. routing protocols designed to exchange routes between routers in different autonomous systems are called EGPs. Today, Border Gateway Protocol (BGP) is the only EGP used. Interior and Exterior Routing Protocols