CCNP Security SENSS 300-206 Deep Dive:

Explore layer 2 security with a protected port lab, configuring switch ports as protected to show that protected ports cannot communicate with each other on this switch, while unprotected can.

Explore layer 2 security with MAB verification by configuring DHCP snooping and a DHCP server on switches, then assign IP addresses to clients and verify access bypass scenarios.

Perform a dynamic vlan verification lab to reinforce layer two security by configuring a test personal computer on port 48, enabling authentication sessions, and verifying ip address and connectivity.

Examine rogue DHCP attacks, how DHCP discovers and assigns IPs via the DORA sequence, and implement DHCP snooping with trusted uplink ports to block rogue servers at layer 2.

Demonstrates a rogue DHCP attack lab and DHCP snooping, showing how clients receive IP addresses and gateways and how trusted ports prevent man-in-the-middle attacks.

Perform a lab on ip spoofing and learn layer 2 security with ip source guard and dhcp snooping, using binding to drop spoofed packets.

Explore dynamic ARP inspection to prevent ARP poisoning and man-in-the-middle attacks by validating ARP replies against a learned IP-to-MAC mapping, aided by DHCP snooping on the switch.

The lecture introduces the spanning tree protocol (STP) and how it prevents broadcast storms, MAC address instability, and multiple frame transmissions by placing interfaces in forwarding or blocking states.

this lecture introduces sen ss stp dp and rp, showing root bridge and port role election by cost and priority, and how forwarding and blocking ports prevent loops.

Explore stp timers introduction. Learn how hello time (2 seconds), forward delay (15 seconds), and max age (20 seconds) govern listening and learning states and bpdu handling on root port.

This lab demonstrates configuring spanning-tree basics on four switches, enabling portfast to move edge ports from blocking to forwarding as soon as they come up.

Explore how STP backbone fast speeds convergence after a root fail via rapid port state changes and inferior BPDU handling. Enable backbone fast across switches to prevent inferior BPDU issues.

Explore STP root guard to prevent unintended root changes by validating BPDUs and enforcing consistent root port state on switch ports.

Learn to configure and verify bpdu guard on switches, enabling it on interfaces or globally to place port 19 in disabled state when a bpdu is received.

Learn how to configure BPDU filter to block STP BPDUs, either globally or on specific interfaces, and verify the resulting spanning tree states in a lab environment.

This lecture introduces udld, the unidirectional link detection protocol, showing how switches exchange identical messages to verify bidirectional fiber links, and explains normal and aggressive modes.

Configure snmpv1 on switches, create an access list for the snmp server, and define a read-only community for the host at 192.168.1.100.

Configure snmpv2 on the switch by defining an access list to permit hosts, creating a read-only community string, and binding the host ip to the snmp server.

Create a monitor session to mirror traffic from source interface fast ethernet 1/0 to destination interface fast ethernet 0/48, capturing bidirectional traffic for Wireshark analysis.

Learn how the network time protocol enables clock synchronization across routers, switches, firewalls, and other devices using UDP port 123, with client-server interactions for accurate timekeeping.

Introduce zone-based firewall concepts on IOS, configure inside, outside, and DMZ zones, assign interfaces, and enable stateful packet inspection, DoS prevention, and deep packet inspection with class and policy maps.

Configure a three-zone iOS zone-based firewall with inside, outside, and dmz, set interfaces and IP addresses, create class-map and policy-map inspect rules, and validate with ping and Telnet tests.

Configure static pat to map internal private addresses to a public ip for ports 21, 23, 80, and 443, and verify translations with show ip nat translation from a pc.