IT Security for Cisco CCNA: 640-554 IINS

Define the management plane and identify practices that can be used to make it more secure.
4.2 (9 ratings) Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
478 students enrolled
$80
Take This Course
  • Lectures 142
  • Contents Video: 4.5 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 3/2015 English

Course Description

Welcome to Cisco CCNA Security from LearnSmart.

Looking to become Cisco CCNA Security Certified? Preparing to take the Cisco Exam CCNA Security 640-554 IINS?

By the end of the course you'll demonstrate your proficiency in the principles, techniques, and tools involved in working with routers, networks, and switches. Be ready to prove to yourself, and others, that you are ready for Prove to yourself, and others, that you are ready for the Cisco Certified Network Associate in Security (640-554) certification exam.

If you're interested in becoming an accomplished Network Associate professional, this training will establish your understanding of all the fundamental concepts within CCNA routers, networks, and switches.

Course Overview:

These sections can be taken in any order, as a review of a particular concept or exam domain. However, if you are just becoming familiar with networking, it is recommended that you view the courses sequentially.

In this course become familiar with the fundamental topics and skills required to install, operate, and develop a small to medium size enterprise branch network in its security infrastructure.

Course Breakdown:

Section 1: In the pre-assessment quiz you'll face questions from all sections of this training. Test your current knowledge and know your strengths and weaknesses.

Section 2: Understand common security threats within a network and take a look at network and information security basics by learning some of the fundamental security principles. Learn how to secure the control, data and management planes on Cisco devices, including implementing security on Cisco routers.

Section 3: Take a look at the differences between TACACS and RADIUS by understanding what they offer as an authentication type, and how to configure each one. Review the examples of ways in which you can configure AAA, via the Command Line Interface and Cisco Configuration Professional, along with some verification commands.

Section 4: Access Control Lists (ACLs) help to mitigate threats against a network in a variety of ways. ACLs should be tested in a test environment prior to actually applying them and look at exactly what they are, what they do, and discuss the different types of ACLs and the role they play in security.

Section 5: Focus on securing the network management plane. Be able to define the management plane, and learn some best practices that can be used to make it more secure, such as strong passwords, AAA, Role Based Access Control, Syslog, and NTP. Then, you will learn to identify and study demonstrations of the different configurations that can be implemented on the management plane.

Section 6: Gain an in-depth understanding of these topics to determine how to best respond to layer 2 attacks.

Section 7: Cisco Firewall Technologies explains the different firewall technologies and the strengths and weaknesses that surround them.

Section 8: Cisco IPS discusses the differences between a Cisco IPS and Cisco IDS device, and some options that you have when deploying them in your network.

Section 9: Learn the basics of VPN technologies, and how IPSec works in a VPN tunnel setup. You will also look at the basics of cryptography in order to gain a better understanding of exactly what goes on behind the scenes of a VPN tunnel establishment. Finally, you will walk through different ways of implementing a site-to-site VPN and configured SSL VPN using the graphical device manager from an ASA.

Section 10: Demonstrate and prove to yourself, and others, that you are ready for Cisco's Implementing Cisco IOS Network Security certification exam. You'll demonstrate your proficiency in the principles, techniques, and tools involved in working with routers, networks, and switches.

*The content in this course aligns with from Cisco.

Recommendations:

Learn from others! Here are some reviews from the participants enrolled in this course (Click on reviews to see full list of reviews)

  • Smart method to learn - This course is helpful and using smart way to motivate thinking and understanding. The instructor has a professional delivery method, and the he materials are interesting and creative specially the flashcards and the exercises -- I.A.
  • Great intro to CCNA Security -- while this material can be pretty dry the instructor does a pretty good job of keeping the course interesting and informative. There is a lot of really good and easy to follow information. -- S.D
  • This course does an in depth coverage of the topics that you will need to know to pass the CCNA certification test -- I highly recommend that anyone who wants to learn the material to take and pass the exam, take this course. Those who master this course, will pass the exam on their first attempt. -- B.Z.
  • A Complete Jumpstart - What has impressed me the most is the depth of the content to this coarse. Each HD video is crystal clear in both the visual and audio, even including quality closed captioning (great for reading along with the lectures). I wasn't interested in the flashcards or the crossword puzzles when I started the program, but I've found them to be very useful in staying engaged in the class when away from home. This is everything you need to get started and have a classroom quality experience from home. Dive in and stay focused! -- P.C.

What are the requirements?

  • No prerequisites for this course -A computer with internet.

What am I going to get from this course?

  • This series is designed to prepare you for the CCNA Security exam.
  • You will learn about basic network and information security principles, and will be able to define what AAA is and going over some of its design considerations.
  • ACLs mitigate threats against a network in a variety of ways; we will be covering some of these ways in this course. You will be able to define the management plane and identify practices that can be used to make it more secure.
  • Communicate with the instructor and openly ask questions that will be addressed within 48 hours.
  • Apply your knowledge througout the course with quick quizzes and be fully prepared for the Cisco exam with our final exam!
  • Download extra printable and saveable PPT Slides, flash cards, games, and other supplemental materials within each section in our course.
  • Participate in active discussions with other students & participants becoming Cisco Certified.

What is the target audience?

  • Professional who would like to prepare themselves for the CCNA Security exam.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

01:13

This lecture contains a demonstration on how to access the supplemental materials.

Section 1: Pre-Assessment
Pre-Assessment
16 questions
Section 2: Security and Cisco Routers
01:12

Welcome to the course “Security and Cisco Routers”. In this course, we will discuss common security threats within a network and take a look at network and information security basics.

This lecture will introduce you to Security and Cisco Routers.

Topics Covered Include:
  • Topics Covered
02:21

Companies, government agencies, and home users should all have concern for security -- each one has important data, ranging from top-secret level clearance and patient health information, to credit card numbers and bank account login passwords. All of these must be secured on various types of networks.

This lecture will discuss the objectives of network safety.

Topics Covered Include:
  • Network Safety Objectives
04:26

A risk analysis audit should be completed in order to understand where security holes reside from outside and inside your network. From a risk analysis perspective, we can understand not only what to protect on our network, but from who.

This lecture will discuss the risk management analysis process.

Topics Covered Include:
  • Risk Management Analysis
01:24

Who exactly might potential threats be? First, and maybe the most obvious threats, are criminals and terrorists. There are always motives out there for criminals and terrorists to try and exploit as much information as they can, from a company's sensitive information to government classified secrets.

This lecture will discuss who may be a potential threat.

Topics Covered Include:
  • Potential Network Threats
03:36

There are many ways in which a threat can obtain information and an attack can take place. One way is through a reconnaissance attack on your network, which is a discovery process to find out everything possible about your network.

This lecture will discuss how an attack can take place.

Topics Covered Include:
  • How Attacks Happen
  • Reasons for an Attack
04:17

Attacks can be made in a variety of ways. The first type of attack is called a 'Man in the Middle' attack. This type of attack occurs when an attacker places themselves in between two devices that are communicating with each other.

This lecture will discuss the types of attacks that can accor.

Topics Covered Include:
  • Types of Attacks
02:12

Certain dangers will never fully disappear, but there are many methods in which IT groups and entities can protect against these dangers. One method includes the “Rule of Least Privilege”. This rule means that only a minimal amount of network resources and access is given to those that require it.

This lecture will discuss the ways to prevent an attack.

Topics Covered Include:
  • Attack Prevention
02:25

There are five phases of the lifecycle that never really end. They are: initiation, acquisition and development, implementation, operations and maintenance, and disposition. It's a circular cycle, and a new device can be added at any time.

This lecture will discuss the lifecycle of a network device.

Topics Covered Include:
  • Network Device Lifecycle
01:43

When performing a risk analysis, a determination should be made regarding the financial impact of an attack, and what the total risk altogether would be. You can calculate risk by way of looking at your assets, the vulnerabilities that exist for these assets, and then ascertain the countermeasures in place in which to prevent an attack.

This lecture will discuss the Risk Value and the Impact.

Topics Covered Include:
  • Calculating Risk
03:02

In determining the risk and vulnerabilities, assessments are needed. The first assessment is called a “General Security Posture” assessment, which ascertains the security level of your network devices. This can range from servers to desktops.

This lecture will discuss the uses of a Security State Assessment against an attack.

Topics Covered Include:
  • Determining Risk and Vulnerability
  • Security Policy
02:18

After the risk analysis has been completed, with a determination of assets and their vulnerabilities, and security safeguards have been put into play, it is important to continue to pay attention to security on the network.

This lecture will discuss the importance of a Security Policy against an attacker and what to do even after it has been put in place.

Topics Covered Include:
  • Maintaining Network Security
  • Security Breaches
01:06

This lecture will ask some sample questions.

00:27

This lecture will take you through some of the key points covered throughout the first portion of this section. Upon Completion of this section you will be prepared to move on to the second portion.

00:32

This lecture will discuss how to secure the control, data, and management planes on Cisco devices, including implementing some security on Cisco routers.

Topics Covered Include:
  • Introduction
01:19

The Network Foundation Protection framework breaks down the functions of Cisco devices into three logical parts -- the Management Plane, the Control Plane and the Data Plane.

This lecture will discuss the functions within Network Foundation Protection (NFP).

Topics Covered Include:
  • Network Foundation Protection (NFP)
02:36

There are many things that you can do to properly secure Management Plane traffic. This is important, because without proper authentication and passwords set up on the device, you could be susceptible to an attack.

This lecture will discuss the importance of a security management plan and how it assists to protect against an attack.

Topics Covered Include:
  • Securing Management Plane Traffic
01:04

One way to implement security on the Control Plane includes running “Control Plane Policing”, or CoPP. CoPP helps filter traffic heading towards an IP on the router. You can limit the size and the amount coming towards the router to instill a denial of service attack, which drains out all device resources.

This lecture will discuss how to use the CoPP to carry out a denial of service attack.

Topics Covered Include:
  • Securing the Control Plane
03:22

The data plane is the plane in which traffic is traversing your device to reach a particular destination. There are many ways in which to manipulate many devices in order to protect against attacks.

This lecture will discuss the Data Plane Security and how to use it to protect against an attack.

Topics Covered Include:
  • Data Plane Security
01:38

Cisco has a GUI tool called the Cisco Security Manager that connects to and can manage and monitor devices on your network. Security Manager helps configure countermeasures in a graphical user interface format.

This lecture will discuss the Cisco Security Manager and how it assists to protect against an attack.

Topics Covered Include:
  • Cisco Security Manager
01:02

This lecture will ask some sample questions.

00:30

This lecture will take you through some of the key points covered throughout the second portion of this section. Upon Completion of this section you will be prepared to move on to the third portion.

01:02

IPv6 is becoming more popular, simply because there aren't any new addresses available to give out. Many companies and entities are entrenched in their IPv4 network scheme that it would be very difficult for them to change.

This lecture will introduce the concept of IPv4 and IPv6.

Topics Covered Include:
  • Introduction
03:06

By default, there are many protocols that have been affected by IPv6. When IPv6 was first introduced, certain protocols had to be updated for compatibility. For example, OSPFv3 was released, as was ICMPv6. ARP was replaced by NDP, or Neighbor Discovery Protocol.

This lecture will discuss the components that go into IPv6.

Topics Covered Include:
  • IPv6 Overview
  • Protocols Impacted
03:11

Addressing for IPv6 uses hexadecimal, 8 sets of 4 hex digits to be exact. Each set is separated by a colon, instead of a period like in IPv4. IPv6 came out with the option of abbreviating the addresses to make it easier to read.

This lecture will discuss addressing for IPv6 and the protocols to do so.

Topics Covered Include:
  • IPv6 Addressing
01:27

IPv6 also has types of addresses, just like IPv4. They are referred to as Global Unicast and Unique Local. Global Unicast functions similarly to a public IPv4 address. An entity can request a registered IPv6 address block, but they can only use those specific addresses.

This lecture will discuss the Global Unicast Addresses for IPv6.

Topics Covered Include:
  • Global Unicast Addresses
01:05

Unique Local Unicast addresses act as private IPv6 addresses, just like IPv4 has a group of private addresses. They do have similarities to Global Unicast in how to subnet, but they are not registered with I-A-N-A, and they can be used internally.

This lecture will discuss the Unique Local Unicast Addresses within IPv6.

Topics Covered Include:
  • Unique Local Unicast Addresses
01:36

Link-local addresses are not used for normal traffic. They are used for protocols to communicate with each other and for routing purposes. Packets that are sent to a link-local address do not leave the subnet.

This lecture will discuss the Link-Local Addresses for IPv6.

Topics Covered Include:
  • Link-Local Addresses
  • Creating Link-Local Addresses
01:09

EUI64 stands for Extended Unique Identifier, which is an option to create and configure a stable and predictable IPv6 interface address. The MAC address is a part of this interface ID, and is easily recognizable because there is an FFFE hex group added to the address.

This lecture will discuss the uses of EUI-64 for IPv6.

Topics Covered Include:
  • EUI-64
  • EUI-64 Examples
00:56

Now, let's talk about IPv6 auto-configuration, in which NDP Route Solicitation and Route Advertisement messages are sent out in order to identify IPv6 neighbors. Route Solicitation messages ask routers to identify themselves.

This lecture will discuss the IPv6 Auto-Configuration and the role it plays for IPv6.

Topics Covered Include:
  • IPv6 Auto-Configuration
02:47

IPv6 multicast is used by protocols and applications in order to communicate. Multicasting is better than broadcasting due to the fact that we do not want to flood traffic out to hosts that need it.

This lecture will discuss the IPv6 Multicast and what role it plays for IPv6.

Topics Covered Include:
  • IPv6 Multicast
  • Important Multicast Addresses
00:49

This lecture will ask some sample questions.

01:07

This lecture will take you through some of the key points covered throughout the third portion of this section. Upon Completion of this section you will be prepared to move on to the next Section: AAA on Cisco Devices.

Section Quiz
5 questions
Section 3: AAA on Cisco Devices
00:51

Welcome to the course “AAA on Cisco Devices”. In this course, we will focus on describing TACACS (TACK-ACKS) and RADIUS. We'll take a look at the differences between them regarding what they offer as an authentication type, and how to configure each one.

This lecture will introduce you to AAA on Cisco Devices.

Topics Covered Include:
  • Topics Covered
01:44

Terminal Access Control Access Control Server, or TACACS, is a protocol used by a device in order to communicate to an authenticating server configured for TACACS. TACACS is a Cisco proprietary protocol that is a Layer 4 TCP protocol.

This lecture will discuss TACACS and how it play a role within AAA on Cisco Devices.

Topics Covered Include:
  • TACACS+
  • TACACS Best Practices
01:12

RADIUS, or Remote Authentication Dial-In User Service, is a protocol that is used to communicate between a device and an authenticating server. RADIUS is an open standard, and is currently used across multiple vendors.

This lecture will discuss the role RADIUS plays for AAA on Cisco Devices.

Topics Covered Include:
  • RADIUS
03:50

You should use a centralized authentication server -- either RADIUS or TACACS. Using a centralized authentication server can provide you with a centralized database of all accounts. From here, you can provide a Separation of Duties using groups.

This lecture will discuss how to Authenticate Cisco Devices.

Topics Covered Include:
  • Best Practices for Authenticating Devices
  • Cisco Access Control System (ACS)
00:56

This lecture will ask some sample questions.

00:29

This lecture will take you through some of the key points covered throughout the first portion of this section. Upon Completion of this section you will be prepared to move on to the second portion.

00:19

This lecture will take some time to discuss AAA -- what it is and how exactly we need to implement it, using both the command line and Cisco Configuration Professional.

Topics Covered Include:
  • Introduction
03:05

AAA stands for Authentication, Authorization, and Accounting. AAA helps secure the Management Plane of the devices in your network. It does this by referencing a database of users and processing what each of those users are authorized to do.

This lecture will give a brief overview of AAA.

Topics Covered Include:
  • AAA
  • Access Control System (ACS)
01:38

You can configure AAA via the command line or the Cisco Configuration Professional program. The AAA new-model command starts the AAA configuration on a device.

This lecture will discuss the configuration of AAA.

Topics Covered Include:
  • AAA Configuration
04:45

Some helpful verification commands include the debug TACACS or debug RADIUS command. Here, you can show logging information regarding a TACACS or RADIUS attempting to authenticate the client. Show running-config will provide you with the current configuration of AAA on the router.

This lecture will discuss verifying AAA.

Topics Covered Include:
  • AAA Configuration
01:07

This lecture will ask some sample questions.

00:46

This lecture will take you through some of the key points covered throughout the second portion of this section. Upon Completion of this section you will be prepared to move on to the next Section: IOS ACLs.

Section Quiz
3 questions
Section 4: IOS ACLs
00:29

Welcome to the course, “IOS ACLs”. This course will focus on providing you with an overview of Access Control Lists, or ACLs. We will take a look at exactly what they are, what they do, and discuss the different types of ACLs and the role they play in security.

This lecture will introduce you to IOS ACLs.

Topics Covered Include:
  • Introduction
02:12

ACLs are a very powerful aspect of networking. If they are not applied in the correct way, they can prevent a network component or a user from connecting to the network by way of a protocol, port number, or IP address.

This lecture will give a brief overview of IOS ACLs.

Topics Covered Include:
  • ACL Uses
  • ACL Functions
01:58

There are many types of access lists, including a standard, extended and named access list. A standard access list matches only source traffic, and the numbering scheme is 1 through 99 and 1300 through 1999.

This lecture will discuss the different types of ACLs.

Topics Covered Include:
  • Types of ACLs
  • Using ACLs
00:46

When deploying standard access lists, they should be placed near the destination, as it can only match a packet's source IP address. You do this so you do not unintentionally discard packets that shouldn't be discarded.

This lecture will discuss the the list of standard access for ACLs.

Topics Covered Include:
  • Deploying Standard Access Lists
02:04

With an extended access list, you can do more in-depth filtering at both layer 3 and layer 4. Extended ACLs have the same rules and deployment methods as standard ACLs, like matching all aspects in the line and the implicit deny at the end.

This lecture will discuss the lists of extended access for ACLs.

Topics Covered Include:
  • Extended Access Lists
  • Denying Both Source and Destination IP
  • Deploying Extended Access
02:07

Named access lists have just a few differences compared to standard access lists. Naming your access list ensures a cleaner and clearer configuration. When you have multiple access lists groups, naming them can keep the management side of things more clean and clear for everyone involved, and help you to avoid mistakes.

This lecture will discuss the lists of Names Access for ACLs.

Topics Covered Include:
  • Named Access Lists
  • Using ACLs
  • Configuring Named ACLs
00:42

This lecture will ask some sample questions.

01:23

When it comes to a more in-depth look at security with ACLs, there are many options in which to use them to safeguard against threats. Access lists can be used in IOS class maps and inspect class maps. In such policies, access lists are referenced by the class map to either filter or classify traffic.

This lecture will discuss the security within ACLs.

Topics Covered Include:
  • Access List Uses
06:18

There are many types of attacks that we are preventing when implementing access lists. First, is IP address spoofing. We can prevent packets coming into a device with a source IP address that is internal to the company.

This lecture will discuss the different types of attacks against ACLs.

Topics Covered Include:
  • Attack Demonstration
01:18

This lecture will ask some sample questions.

00:53

This lecture will take you through some of the key points covered throughout the second portion of this section. Upon Completion of this section you will be prepared to move on to the next Section: Secure Network Management.

Section Quiz
3 questions
Section 5: Secure Network Manangment
00:55

Welcome to the course “Secure Network Management.” In this course, we will focus on securing the management plane. We will start off by defining the management plane, and identify some best practices that can be used when making it more secure.

This lecture will introduce you to the importance of secure network management.

Topics Covered Include:
  • Introduction
01:48

The management plane is composed of maintenance traffic that hits an intended device so it can be configured for management purposes. In other words, this is the traffic that consists of not only your configurations, but also the messages to and from Cisco devices that maintain and report status.

This lecture will discuss the management plane traffic.

Topics Covered Include:
  • Management Plane Traffic
03:40

One of the first and easiest best practices is to use strong, complex passwords. Dictionary words should not be used in creating passwords for your management accounts, as they can be susceptible to dictionary attacks.

This lecture will discuss the wiseness of using strong passwords to protect against attacks.

Topics Covered Include:
  • Password Best Practices
  • Password Cracking Demonstration
02:21

Another best practice is being familiar with how to implement user authentication on a router or switch for management traffic. In addition to passwords, usernames should be required for all access to the device.

This lecture will discuss the importance of using AAA to protect with strong passwords.

Topics Covered Include:
  • User Authentication/AAA Best Practices
01:24

Another best practice includes instituting role based access control, which limits access to particular roles within administration. Every administrator may not need the same access; therefore, you can lower the access levels for particular users.

This lecture will discuss RBAC and the management protocols.

Topics Covered Include:
  • Role Based Access Control (RBAC)
  • Management Protocols
02:52

Cisco devices monitor and report on many events that occur throughout a time period. They range from very important to very irrelevant, depending on what you are trying to look for. You can see these messages come up on the output in real time.

This lecture will discuss the importance of logging and monitoring a system.

Topics Covered Include:
  • Logging
  • Logging Commands
01:40

Simple Network Management Protocol, or SNMP, is communications between a manager and agents, which is defined. A manager is a network management server that monitors and manages groups of hosts and devices.

This lecture will discuss the importance of the Simple Network Management Protocol (SNMP) to protect against an attack.

Topics Covered Include:
  • Simple Network Management Protocol (SNMP)
  • Management Information Base (MIB)
  • Cisco Prime
02:53

SNMP comes in three versions. Versions 2 and 3 are presently the most popular formats, but there are some stark differences between SNMP Version 2 and SNMP Version 3. Version 2 utilizes community strings that are used to authenticate to device agents. SNMP Version 3 added security to the protocols.

This lecture will discuss the difference between SNMPv2 and SNMPv3 and the components within each.

Topics Covered Include:
  • SNMP Versions
  • Demonstration
03:01

Using NTP version 3 ensures that timestamps are equal across all devices, which ensures accurate timekeeping. This can help in troubleshooting security breaches and certain issues that may arise on the network.

This lecture will discuss NTP and securing the system files.

Topics Covered Include:
  • NTPv3
  • Securing System Files
  • Demonstration
01:05

This lecture will ask some sample questions.

00:45

This lecture will take you through some of the key points covered throughout this section. Upon Completion of this section you will be prepared to move on to the next Section: Common Layer 2 Attacks.

Section Quiz
3 questions
Section 6: Common Layer 2 Attacks
01:02

Welcome to the course, 'Common Layer 2 Attacks'. In this course, we are going to begin by taking a look at VLANs, or Virtual Local Area Networks. After we take some time to define VLANs and describe their purpose, we will discuss VTP, which is the VLAN Trunking Protocol.

This lecture will introduce you the Common Layer 2 Attacks and the components that it entails.

Topics Covered Include:
  • Introduction
04:13

A Virtual Local Area Network, or VLAN, is a way to logically segment networks into separate broadcast domains. That's a very important fact to remember -- it's logical, not physical.

This lecture will discuss the ways to define and configure VLANs.

Topics Covered Include:
  • Defining and Configuring VLANs
  • Steps to Configure VLANs
  • Demonstration
05:35

VLAN Trunking Protocol, known as VTP, when configured on a switch, will advertise its VLAN configuration information to neighboring switches. This ability enables all switches in the network to learn the VLAN information dynamically, as opposed to statically configuring it on each switch.

This lecture will discuss the VTP and what it does for a system.

Topics Covered Include:
  • VLAN Trunking Protocol (VTP)
  • Important VTP Settings
  • VTP Update Process
05:40

VLAN trunking enables a switch or a router to send traffic for multiple VLANs across a link. The VLAN number is placed into the Ethernet frame in order to identify which VLAN it belongs to when it traverses the trunk link. This is often referred to as a VLAN tag.

This lecture will discuss the steps to VLAN Trunking.

Topics Covered Include:
  • VLAN Trunking
  • Trunk Types
  • Dynamic Trunking Protocol (DTP)
01:36

If all of your departments are on separate VLANs, there needs to be a way for them to share data if a user needs access to a particular file share that is not on their subnet. There are a few ways in which to accomplish this. The first option being to have multiple links to interfaces on a router.

This lecture will discuss how to communicate between VLANs and the InterVLAN Routing.

Topics Covered Include:
  • InterVLAN Routing
02:07

To configure an instance of InterVLAN routing, you need to create subinterfaces on the router to represent each VLAN that is configured on the switch. An SVI, or switch virtual interface, is also created on the switch to represent each VLAN with an IP address.

This lecture will discuss the InterVLAN Routing Configuration and Verification.

Topics Covered Include:
  • InterVLAN Routing Configuration
  • InterVLAN Routing Configuration and Verification
  • Demonstration
03:46

Port security can help protect against unauthorized access to switchports, either on access ports or trunk ports. When it's enabled on a switchport, and a voice VLAN is configured, it can fall under the switchport security settings.

This lecture will discuss the importance of Port Security.

Topics Covered Include:
  • Port Security
  • Port Security Modes
  • Switchport Security Configuration
01:20

In order to configure port security, you must first statically enable switchport mode access on the switchport. To enable switchport security, enter the command switchport port-security. You can configure the maximum number of MAC address allowed on the interface to be more than one.

This lecture will discuss the ways to configure port security.

Topics Covered Include:
  • Configuring Port Security
03:38

There are different verification checks that can be performed to be able to troubleshoot port security issues. Show running-config will provide you with your base configuration and show the switchports. The switchport configuration will show the MAC addresses that were retained if you are using sticky configuration.

This lecture will discuss the ways to verify port security.

Topics Covered Include:
  • InterVLAN Routing Configuration and Verification
  • Demonstration
00:54

This lecture will ask some sample questions.

01:29

When you receive a new Cisco device, you have a variety of options when it comes to securing it. One option is to provide enable password access, to restrict who can use privileged commands to configure the router.

This lecture will discuss the options that are available for Switch Security.

Topics Covered Include:
  • Switch Security Options
02:38

When it comes to authenticating users to the terminal lines, which are classified as vty 04 on your Cisco device, in order to allow Telnet and SSH access to your device, you have a few options.

This lecture will discuss the ways to provide device security.

Topics Covered Include:
  • Device Security
  • Device Security Best Practices
  • Configure Basic Terminal Access via SSH
01:55

On Cisco devices, there are services that are turned on by default that may not be the most secure or advantageous, especially if you are not using them. Most people don't even know these services are turned on. Hackers target these services as ways to gain access to the device.

This lecture will discuss the ways to disable the IOS Services that were implemented automatically when the device was turned on.

Topics Covered Include:
  • Securing Cisco Devices
  • Demonstration
00:35

Telnet should not be allowed on your device, but you can at least limit IP ranges to Telnet if you need to. When configuring line vty, the transport input command will help disable one or more input protocols. Telnet will not be permitted if you only specify SSH.

This lecture will discuss the limits and potential threat of Telnet as well as the uses of SSH Access.

Topics Covered Include:
  • Telnet/SSH Access
  • Demonstration
02:17

There is always going to be a certain amount of switchport maintenance performed on switches. First, it's recommended to shutdown unused switchports for security purposes. It is also recommended to disable trunking from occurring on ports you know will never trunk.

This lecture will discuss the ways to correctly maintain switchports.

Topics Covered Include:
  • Switchport Maintenance
  • Switchport Security Configuration
01:05

This lecture will ask some sample questions.

03:19

Spanning tree, IEEE standard 802.1d, is a loop prevention protocol used on Layer 2 LANs. This protocol communicates STP messages between switches in order to stabilize the network into a logical loop free topology.

This lecture will discuss the Spanning Tree Protocol - 802.1d and the components within it.

Topics Covered Include:
  • Spanning Tree Protocol 802.1d
  • Spanning Tree Topology Port States
  • Spanning Tree Convergence
01:00

A switch is a root bridge when all ports are in the forwarding state. This is determined based on an election in which BPDUs are sent out to determine the superior switch. A BPDU, or a bridge protocol data unit, are messages exchanged between switches with important information.

This lecture will discuss the root bridge.

Topics Covered Include:
  • Root Bridge
00:28

A Root port is a port on all remaining switches with the least cost path back to the root. The root port is determined once the remaining switches that were not elected as the root port determine the lowest cost path back to the root.

This lecture will discuss the difference between a root port and a designated port.

Topics Covered Include:
  • Root Port and Designated Port
01:13

There are different IEEE costs for a speed of an Ethernet link. These costs are valuable when you are designing your network or attempting to make your link more stable when determining the root bridge.

This lecture will discuss the importance of understanding STP Path Costs and how to best defend against an attack.

Topics Covered Include:
  • STP Timers
01:40

There are several ways to optimize spanning tree. Convergence takes up to 50 seconds on default settings. 50 seconds could be detrimental, especially on a network that needs constant uptime.

This lecture will discuss the ways of Optimizing Spanning Tree.

Topics Covered Include:
  • Optimizing Spanning Tree
00:45

This lecture will ask some sample questions.

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

LearnSmart LLC, Smarter Training. Never Open a Textbook Again.

LearnSmart has served the learning community with high-quality professional skills and IT certification training since 1997. In that time, the company has helped thousands earn career-related certifications from respected vendors, such as Project Management Institute (PMI)®, Cisco, Microsoft, CompTIA, Oracle, and EC-Council. LearnSmart offers over 1,000 courses covering IT, project management, administrative, HR, and workplace safety topics. With a rapidly growing clientele of individuals and corporations, LearnSmart serves a broad range of Fortune 500 companies to universities, as well as government institutions and the armed forces.

LearnSmart is able to meet diverse career and learning needs through its extensive selection of training. LearnSmart uses industry experts to give learners the most up-to-date content in a video format as well as training resources including; reference tools, pretests, study guides and labs. For more information about how we can help pinpoint and solve your individual or multi-user training challenges.

Ready to start learning?
Take This Course