Cisco CCNA 200-301: Network Security Fundamentals (Part 4/6)

Name: Cisco CCNA 200-301: Network Security Fundamentals (Part 4/6)
Rating: 4.6 (15 reviews)

Master ACLs, Port Security, AAA, 802.1X, VPN, Firewall Basics & Threat Mitigation for CCNA Exam by Triple CCIE Trainer

Created bySikandar Shaik, Shaik Gouse Moinuddin

Last updated 2/2026

English

What you'll learn

Access Control Lists on Cisco Routers
Standard ACL
Extended ACL
Named ACL
Network Address Translation
Network Security Concepts
Threat Defense Technologies AAA, Firewall, VPN,NGFW, IPS
AAA Concepts
Switch Security - L2 Security

Course content

9 sections • 73 lectures • 9h 23m total length

Access Control LIst - Foundations12:02
ACL Types2:38
Standard- Extended ACL9:34
ACL Logic - Rules How ACL match8:38

Standard ACL - Lab Pre-requisite6:03
Standard ACL - Lab4:42
ACL - Wild Card Mask11:21
ACL Statements - Things to Know8:45
Standard ACL - Configuration10:54
Apply ACL - Select Right INterface10:17
Understand IN - OUT Directions to Apply10:45
Standard ACL - Verification6:22
Learn how to verify standard ACLs by generating test traffic, interpreting deny and permit rules, and reviewing show ip access-list counters to confirm intended access.
ACL on Wrong Interface5:33
Standard ACL - Examples8:03
Standard ACL - Find IP Ranges10:32

Extended ACL3:59
Extended ACL - Lab Pre-requisite8:23
Ensure connectivity and proper IP/routing before applying extended ACLs; verify reachability across the topology, then test by blocking ICMP, ping, and FTP traffic to validate ACL rules.
Extended ACL - Configuration Example1:50
Standard ACL - Extended ACL - Similarities3:27
Explore the similarities between standard and extended ACLs, including first-match logic, rule order, host and range matching with wildcard masks, and applying ACLs on interfaces in inbound or outbound directions.
Extended ACL - things to Know8:31
Syntax - Extended ACL11:00
Explain the syntax of extended ACLs, using 100–199 numbers to permit or deny traffic by protocol (tcp/udp/icmp) and port or service name, with source and destination addresses.
Extended ACL - Configuration10:30
Extended ACL - Apply and Verify13:13
Apply extended ACL rules on the correct interface in the desired direction (inbound or outbound) using the source and destination, then verify with packet counters.
Extended ACL - More Examples13:23

NAT - What we Cover0:51
Explore how network address translation maps private IPs to public addresses, cover NAT variations (including static NAT), review Cisco IOS configuration, and learn troubleshooting steps.
Why do we do NAT6:33
What is NAT ?7:55
Learn how NAT translates private IP addresses to a public IP to allow internal networks to access the internet, while hiding internal addresses and conserving public addresses.
NAT Types11:39
NAT Lab Setup15:19
Practice nat lab setup by configuring static nat and default routes in a gateway-based topology, translating private subnets to a public ip through a border device and isp.
Static NAT - LAB11:48
Dynamic NAT - LAB10:11
Port Address Translation PAT - LAB11:01
Port Address Translation PAT - using Exit Interface7:42
Use pat with the exit interface to map private addresses to one public ip. Compare static versus dynamic ips, define private ranges with acls, and verify translations for multiple hosts.

Network Security - Terminology6:07
Explore why network security matters by defining assets, threats, and risks, and explain countermeasures to protect against protocol weaknesses, clear-text traffic, and phishing.
Goals of Network Security9:30
Threat Types - Mitigation8:55
Assets - Classification of Assets6:15
Classify Counter Measures3:56
Classify Counter Vulnerabilities2:27
Network Security - Design Principles10:24

AAA - Network Security10:37
AAA - Components3:50
AAA- External Servers3:19
AAA Protocols - TACACS - RADIUS7:35
Cisco AUthentication Servers3:51
Explore authentication servers like ACS and ICE for device and network access via portal services, authentication, and recording. Learn how ICE and RADIUS enable health checks, profiling, and access control.
Authentication - Device Access2:55
Authentication Local database9:55
Authentication - External server (TACACS)11:34
Configure authentication using an external TACACS+ server by setting up the client, shared key, and server IP, with a local fallback for login.

Switch Security - Overview2:09
Disable Unused Ports1:27
MAC Flooding Attack - Port Security11:57
Explore how mac flooding attacks flood the switch’s mac table and how port security limits per-port mac addresses to prevent floods, with violation modes such as shutdown, protect, and restrict.
MAC Spoofing Attack - Port Security7:26
Port Security - Configuration11:03
What is Native VLAN8:10
Cisco Discovery Protocol - CDP17:42
Link Layer Discovery Protocol - LLDP2:34
CDP- LLDP Vulnerabilities - Mitigation2:12
DHCP Spoofing Attack - DHCP Spoofing8:13
Explore how a DHCP spoofing attack uses wrong IP configuration from an attacker and how DHCP snooping on Cisco switches prevents this by marking ports as trusted or untrusted.
DCHP Spoofing - Configuration16:06
The lecture demonstrates configuring DHCP snooping on a switch, designating a trusted port for the DHCP server, and verifying clients receive IPs from the correct server.
DHCP Starvation Attack - Mitigation1:50
ARP Spoofing Attack - DAI12:18
Dynamic ARP Inspection - Configuration11:35

Requirements

Should have covered CCNA 200-301 Part 1- Network Basics IP Addressing Subnetting
Should have covered CCNA 200-301 Part 2 - SWITCHING
Should have covered CCNA 200-301 Part 3 - ROUTING

Description

Course Description

This course is the Fourth Part of the CCNA 200-301 Video Series, taught by Triple CCIE Certified Trainer Sikandar Shaik (CCIE ×3 – RS/SP/SEC).

This training helps you prepare for the Cisco Certified Network Associate (CCNA®) 200-301 exam. By clearing this single exam, you earn the CCNA certification, which is globally recognized as the foundational credential for IT networking careers. The updated 200-301 blueprint reflects modern enterprise requirements, including security, wireless, and basic automation concepts.

The new CCNA program is designed to prepare learners for real-world associate-level IT roles. The certification now includes a broader scope—covering network access technologies, IP routing basics, common IP services, and security essentials. It also introduces core concepts of automation and programmability, ensuring students are aligned with the direction of today’s evolving network environments.

This course provides structured, easy-to-understand explanations, lab-focused learning, and practical insights that help you confidently configure, troubleshoot, and verify small to medium-sized networks.

Topics Covered in CCNA Certification

Network fundamentals
Network access
IP connectivity
IP services
Security fundamentals
Automation and programmability

This course is ideal for beginners entering networking for the first time, IT support professionals, and students preparing for advanced paths such as CCNP Enterprise, Cybersecurity, or cloud and automation tracks.

Who this course is for:

people who want to go into job roles such as network support engineer and network administrator.
if you want a career in networking, especially enterprise networking,
CCNA certified may be a good move for you because Cisco is still the dominant leader in that industry.
system administrators who are CCNA-certified because they wanted to understand more about the networks that their servers will be running on.

Cisco CCNA 200-301: Network Security Fundamentals (Part 4/6)

What you'll learn

Explore related topics

Course content

Access Control LIsts4 lectures • 33min

Standard ACL11 lectures • 1hr 33min

Extended ACL9 lectures • 1hr 14min

Named ACL5 lectures • 29min

Network Address Translation9 lectures • 1hr 23min

Network Security Concepts7 lectures • 48min

Threat Defense Technologies6 lectures • 36min

AAA Concepts8 lectures • 54min

Switch - L2 Security14 lectures • 1hr 55min

Requirements

Description

Who this course is for: