LernIX Solutions

Course Overview

Learn how to design, deploy, configure and manage your Cisco® Software-Defined WAN (SD-WAN) solution in a large-scale live network, including how to migrate from legacy WAN to SD-WAN. You will learn best practices for configuring routing protocols in the data center and the branch, as well as how to implement advanced control, data, and application-aware policies.The course also covers SD-WAN deployment and migration options, placement of controllers, how to deploy WAN Edge devices, and how to configure Direct Internet Access (DIA) breakout, and how to deploy a Multi-Region Cisco SD-WAN fabric. You will also learn about the various Application Quality of Experience (AppQoE) traffic optimization capabilities. Finally, the training looks at the different Cisco SD-WAN security options available. The course looks at the different Cisco SD-WAN security options available, such as application-aware enterprise firewall, Intrusion Prevention System (IPS), URL filtering, Cisco Advanced Malware Protection (AMP), Secure Sockets Layer/Transport Layer Security (SSL/TLS) proxy, and Cisco Umbrella® Secure Internet Gateway (SIG) and Cisco TrustSec in Cisco SD-WAN.

Course Objectives

After completing this course you should be able to:

Describe the Cisco SD-WAN solution and how modes of operation differ in traditional WAN versus SD-WAN.
Describe options for Cisco SD-WAN cloud and on-premises deployment.
Explain how to deploy WAN Edge devices.
Compare the Zero-Touch Provisioning (ZTP) and traditional Plug-n-Play processes and examine technical specifics for on-premises deployment.
Describe configuration groups and feature profiles for configuration management.
Describe device and feature configuration templates.
Describe options for providing scalability, high availability, and redundancy.
Explain how dynamic routing protocols are deployed in an SD-WAN environment, on the service side and transport side.
Describe Cisco SD-WAN policy concepts, which includes how policies are defined, attached, distributed, and applied.
Define and implement advanced control policies, such as policies for custom topologies and service insertion.
Describe the Multi-Region SD-WAN fabric feature.
Define and implement advanced data policies, such as policies for traffic engineering and QoS.
Describe the Application Quality of Experience (AppQoE) capabilities available in Cisco SD-WAN.
Define and implement an Application-Aware Routing (AAR) policy.
Implement Direct Internet Access (DIA) and Cisco SD-WAN Cloud OnRamp options.
Describe Cisco SD-WAN security components and integration.
Describe how to design pure and hybrid Cisco SD-WAN solutions, as well as how to perform a migration to Cisco SD-WAN.
Describe the different tools and options available for managing a Cisco SD-WAN fabric.
Describe the different tools and options available for monitoring the Cisco SD-WAN fabric.
Describe Cisco SD-WAN support for multicast.

Course Content

Examine the Cisco SD WAN Architecture

Software-Defined Networking for the WAN
SD-WAN Components and Functions
Underlay and Overlay Network
SD-WAN Terminology
Secure Control Plane
Secure Data Plane
SD-WAN Platforms
IOS XE and IOS XE SD-WAN Software

Examine Cisco SD-WAN Deployment Options

Flexible Controller Deployment Options
SD-WAN Cloud Deployment
SD-WAN Managed Service Provider Deployment
SD-WAN On-Premises Deployment
Using an Enterprise CA
Controller Placement and Challenges

Deploying WAN Edge Devices

Onboard WAN Edge Devices
Deploy Cisco Catalyst 8000v IOS XE Devices
ZTP Process Overview – Pure Play Viptela operating system
Cisco Plug-and-Play Process Overview
Working with NAT

Manage Device Configuration

Configuration Groups Overview
Configuraion Group Feature Profile Overview
Device Configuration Template Overview
Device Configuration Template Features

Explore Redundancy, High Availability, and Scalability

Horizontal Solution Scale
Cisco vManage, vSmart and vBond Redundancy
Routed and Bridged Site Design

Enabling Service-Side and Transport-Side Routing

Implement OSPF
Implement BGP
Impement EIGRP
Implement TLOC Extensions
Loop Prevention Mechanism

Explore SD-WAN Policy Configuration Basics

Policy Configuraton Overview
Policy Attachment, Distribution and Operation

Define Advanced Control Policies

Control Policy Overview
Control Policy Application
Using Arbitrary VPN Topology
Using Hierarchical Topology
VPN Membership Policies
Multi-Region Fabric
Implementing Traffic Engineering
Implementing Service Insertion and Chaining
Implementing Shared Services
Dynamic On-Demand Tunnels

Define Advanced Data Policies

Data Policy Overview
Implementing Traffic Engineering
Data Forwarding and Qos
Implementing Qos in Cisco SD-WAN

Implement Application Quality of Experience

Application Quality of Experience Overview
TCP Optimization
Data Redundancy Elimination
Packet Duplication
Forward Error Correction
AppNav-XE

Implement Application-Aware Routing

AAR Overview
Implement AAR Policy

Examine Direct Internet Access and Cloud Deployment Options

Implement Direct Internet Access
Cisco SD-WAN Cloud OnRamp for SaaS
Cisco SD-WAN Cloud onRamp for IaaS
Cisco SD-WAN Cloud onRamp for Multicloud
Cisco SD-WAN Cloud OnRamp for Colocation
Cisco Enterprise NFV Infrastructure Software (NFVIS) SD-Branch

Explore Cisco SD-WAN Security

Cisco SD-WAN Intent Based Security Use Cases
Cisco SD-WAN Security Components
Cisco Umbrella DNS Security and SIG Integration
Cisco Legacy and Unified Policy
Describe Cisco SD-WAN TrustSec

Design and Migrate to Cisco SD-WAN

Design Considerations for Hybrid Scenarios
Enabling Cisco SD-WAN in the Data Center
Migrating the Branch to Pure SD-WAN
Migrating a Branch to a Hybrid Model

Perform Cisco SD-WAN Network Management and Troubleshooting

Managing Cisco SD-WAN
Monitoring Cisco SD-WAN
Troubleshooting Cisco SD-WAN
Upgrading Cisco SD-WAN Components

Examine Cisco SD-WAN Multicast Support

Multicast Overlay Routing
Multicast Protocol Support
Traffic Flow in Multicast Overlay Routing

Lab outline

Lab 1: Deploy Cisco SD-WAN Controllers
Lab 2: Manage Cisco SD-WAN Device Configuration
Lab 3: Configure Cisco SD-WAN Controller Affinity
Lab 4: Implement Service Side Routing Protocols
Lab 5: Implement Transport Location (TLOC) Extensions
Lab 6: Implement Control Policies
Lab 7: Implement Data Policies
Lab 8: Implement Application-Aware Routing
Lab 9: Implement Branch and Regional Internet Breakouts
Lab 10: Configure Application Firewall
Lab 11: Migrate Branch Sites
Lab 12: Perform Cisco SD-WAN Software Upgrade

Course Overview

The Implementing Cisco SD-WAN Security and Cloud Solutions (SDWSCS) course is an advanced training course focused on Cisco SD-WAN security and cloud services. Through a series of labs and lectures you will learn about on-box security services, including application aware enterprise firewall, intrusion prevention, URL filtering, malware protection, and TLS or SSL decryption. Cloud integration with multiple cloud services providers and multiple use-cases is also covered.

The labs will allow you to configure and deploy local security services and cloud security services with the Cisco Umbrella Secure Internet Gateway (SIG), as well as integrate the Cisco SD-WAN fabric with a cloud service provider using the Cisco vManage automated workflows.

Course Objectives

After completing this course, you should be able to:

Describe Cisco SD-WAN security functions and deployment options
Understand how to deploy on-premises threat prevention
Describe content filtering options
Implement secure Direct Internet Access (DIA)
Explain and implement service chaining
Explore Secure Access Service Edge (SASE) and identify use cases
Describe Umbrella Secure Internet Gateway (SIG) and deployment options
Implement Cisco Umbrella SIG and DNS policies
Explore and implement Cloud Access Security Broker (CASB) and identify use cases (including Microsoft 365)
Discover how to use Cisco ThousandEyes to monitor cloud services
Configure Cisco ThousandEyes to monitor Microsoft 365 applications
Examine how to protect and optimize access to the software as a service (SaaS) application with Cisco SD-WAN Cloud OnRamp
Discover and deploy Cloud OnRamp for multi-cloud, including interconnect and collocation use cases
Examine Cisco SD-WAN monitoring capabilities and features with vManage and vAnalytics.

Course Content

Introducing Cisco SD-WAN Security

Deploying On-Premises Threat Prevention

Examining Content Filtering

Exploring Cisco SD-WAN Dedicated Security Options

Examining SASE

Exploring Cisco Umbrella SIG

Securing Cloud Applications with Cisco Umbrella SIG

Exploring Cisco SD-Wan ThousandEyes

Optimizing SaaS Applications

Connecting Cisco SD-WAN to Public Cloud

Examining Cloud Interconnect Solutions

Exploring Cisco Cloud OnRamp for Colocation

Monitoring Cisco SD-WAN Cloud and Security Solutions

Course Overview

Implementing Cisco Multicast is a five-day instructor-led course designed to provide technical solutions for simple deployments of IP multicast within a provider or customer network. This course covers the fundamentals of IP multicasting including multicast applications, sources, receivers, group management, and IP multicast routing protocols (such as Protocol Independent Multicast [PIM]) used within a single administrative domain (intradomain). The issues of switched LAN environments and reliable IP multicasting have also been incorporated.

The labs incorporated in this course provide delegates with hands-on experience of the configuration and troubleshooting guidelines for implementing IP multicast on Cisco routers.

Course Objectives

After you complete this course you will be able to :

Introduce IP multicast services, to evaluate the functional model of IP multicasting and the technologies present in IP multicasting, acknowledge IP multicast benefits and associated caveats, and determine various types of multicast applications in order to understand the IP multicast conceptual model and its implementation prerequisites
Configure and deploy MSDP in the interdomain environment
Identify IP multicast issues on a data link layer, explain the methods of mapping network layer multicast addresses to data link layer addresses, and list the mechanisms for constraining multicast streams in a LAN environment
Answer to and design multicast-related application and network solutions in customer and service provider networks
Introduce Protocol Independent Multicast sparse mode (PIM-SM) as the most current scalable IP multicast routing protocol to learn the principles of protocol operation and details, become familiar with the determinism built into sparse mode multicast protocols, and configure and deploy PIM-SM in complex IP multicast network deployments
Review RP distribution solutions, recognize the drawbacks of manual RP configuration, become familiar with the Auto-Rendezvous Point (Auto-RP) and the bootstrap router (BSR) mechanisms, and introduce the concept of Anycast RP that works in combination with the Multicast Source Discovery Protocol (MSDP)
Recognize the drawbacks of the PIM-SM and introduce two extensions to provide possible solutions; learn about mechanics of the Source Specific Multicast (SSM) and bidirectional mode of PIM-SM in order to configure and deploy SSM and bidirectional mode of the PIM-SM in a large service provider network
Explain basic concepts of Multiprotocol BGP (MP-BGP) and its use in the IP multicast environment, apply steps that are associated with configuring MP-BGP with Address Family Identifier (AFI) syntax to support IP multicast in the interdomain environment
Introduce solutions to mitigate security issues in the IP multicast network. Examine and implement suitable virtual private network (VPN) technologies, such as Generic Routing Encapsulation (GRE) with IP Security (IPsec) and Group Encrypted Transport (GET) VPN
Describe the process of monitoring and maintaining multicast high-availability operations, introduce the PIM triggered join feature, and describe how load splitting IP multicast traffic over Equal-Cost Multipath (ECMP) works

Course Content

IP Multicast Concepts and Technologies

Introducing IP Multicast
Understanding the Multicast Service Model
Defining Multicast Distribution Trees and Forwarding
Reviewing Multicast Protocols

Multicast on the LAN

Mapping Layer 3 to Layer 2
Working with Cisco Group Management Protocol
Using IGMP Snooping

PIM Sparse Mode

Introducing Protocol Independent Multicast Sparse Mode
Understanding PIM-SM Protocol Mechanics
Using PIM-SM in a Sample Situation
Configuring and Monitoring PIM-SM

Rendezvous Point Engineering

Identifying RP Distribution Solutions
Implementing Auto-RP
Using PIMv2 BSR
Using Anycast RP and MSDP

PIM Sparse Mode Protocol Extensions

Introducing Source Specific Multicast
Configuring and Monitoring SSM
Reviewing Bidirectional PIM
Configuring and Monitoring Bidirectional PIM

Multiprotocol Extensions for BGP

Introducing MP-BGP
Configuring and Monitoring MP-BGP

Interdomain IP Multicast

Examining Dynamic Interdomain IP Multicast
Explaining Multicast Source Discovery Protocol
Using MSDP SA Caching
Configuring and Monitoring MSDP

IP Multicast Security

Introducing IP Multicast and Security
Securing a Multicast Network

Multicast Optimization and High-Availability Features

Using Multicast Optimization and High-Availability Features

Applications of Multicast

Exploring IP Multicast and Video Applications
Using IP Multicast in Mission-Critical Environments
Exploring How Enterprise IT Uses IP Multicasting Globally

Course Overview

Multiprotocol Label Switching (MPLS) is a high-performance method for forwarding packets through a network enabling routers at the edge of a network to apply simple labels to packets. This practice allows the edge devices to switch packets according to labels, with minimal lookup overhead. MPLS integrates the performance and traffic-management capabilities of data link Layer 2 with the scalability and flexibility of network Layer 3 routing.

This course covers both introductory and advanced MPLS and MPLS VPNs concepts. Configuration, implementation and troubleshooting skills are all included with a significnat focus on the use of labs to consolidate the learners knowledge. At the end of this course you should be able to design, implement and maintain core IP routing network infrastructures.

Each student will have their own virtual pod of equipment with access to the labs 24×7 for 90 days

Course Objectives

After you complete this course you should be able to:

Describe the features of MPLS
Describe how MPLS labels are assigned and distributed
Identify the Cisco IOS tasks and command syntax necessary to implement MPLS on frame-mode Cisco IOS platforms
Describe the MPLS peer-to-peer architecture and explain the routing and packet forwarding model in this architecture
Identify the Cisco IOS command syntax required to successfully configure, monitor, and troubleshoot VPN operations
Identify how the MPLS VPN model can be used to implement managed services and internet access
Describe the various internet access implementations that are available and the benefits and drawbacks of each model
Provide an overview of MPLS Traffic Engineering

Course Content

Introducing Basic MPLS Concepts

Foundations of Traditional IP Routing
Basic MPLS Features
Benefits of MPLS
MPLS Terminology: Label Switch Router
MPLS Terminology: Label Switched Path
MPLS Terminology: Upstream and Downstream
MPLS Architecture Components
Architecture of Ingress Edge LSRs
Architecture of Intermediate LSRs
Architecture of Egress Edge LSRs

Introducing MPLS Labels and Label Stack

MPLS Labels
FEC and MPLS Forwarding
MPLS Label Imposition
MPLS Label Stack

Identifying MPLS Applications

MPLS Services
MPLS Unicast IP Routing
MPLS Multicast IP Routing
MPLS VPNs
MPLS Traffic Engineering
MPLS Quality of Service
Any Transport over MPLS
Interactions Between MPLS Services

Discovering LDP Neighbours

Label Distributing Protocols
LDP Neighbour Session Establishment
LDP Link Hello Message
LDP Negotiating Label Space
Discovering LDP Neighbours
Negotiating LDP Sessions

Introducing Typcial Label Distribution in Frame-Mode MPLS

Propagating Labels Across a Network
Building Blocks for IP Forwarding
Using the FIB Table to Forward Packets
Using LDP to Forward Packets
Label-Switched Path
Propagating Labels by Using PHP
Impact of IP Aggregation on LSPs
Label Allocation in a Frame-Mode MPLS Network
Label Distribution and Advertisement
Receiving Label Advertisement
Liberal Label Retention
Further Label Allocation
Frame-Mode Loop Detection Using the MPLS TTL Field
Normal TTL Operation
Disabling TTL Popagation

Introducing Convergence in Frame-Mode MPLS

MPLS Steady-State Operation
Link Failure State
Routing Protocol Convergence After a Link Failure
MPLS Convergence After a Link Failure
Link Recovery Actions

Implementing Frame-Mode MPLS Implementation on Cisco IOS Platforms

Cisco IOS Platform-Switching Mechanisms
Using Standard IP Switching
Cisco Express Forwarding Switching Architecture
Configuring IP Cisco Express Forwarding
Monitoring IP Cisco Express Forwarding
MPLS Configuration Tasks
Configuring the MPLS ID on a Router
Configuring MPLS on a Frame-Mode Instance
Configuring IP TTL Propagation
Configuring Conditional Label Distribution

Monitoring and Troubleshooting Frame-Mode MPLS on Cisco IOS Platforms

Monitoring MPLS
Monitoring LDP
Monitoring Label Switching
Debugging MPLS and LDP
Common Frame-Mode MPLS Issues
Solving LDP Session Start-up Issues
Solving Label Allocation Issues
Solving Label Distribution Issues
Solving Packet-Labeling Issues
Solving Intermittent MPLS Failures
Solving Packet Propagation Issues

Introducing VPNs

Basic VPN Overview
VPN Implementation Models
Overlay VPN Technologies
Peer-to-Peer VPN Technologies
Benefits of VPNs
Drawbacks of VPNs

Introducing MPLS VPN Architecture

MPLS VPN Architecture
PE Router Architecture
VRF Overview
Methods of Popagating Routing Information across the P-Network
Route Distinguishers
RD Format
RD Operation in MPLS VPN
RD Process Flow
Route Targets
RT Operation
RT and RD Process Flow

Introducing the MPLS VPN Routing Model

MPLS VPN Routing
CE Router MPLS VPN Routing
IP Router MPLS VPN Routing
PE Router MPLS VPN Routing
Support for Internet Routing
Routing Tables on PE Routers
Identifying End-to-End Routing Update Flow

Forwarding MPLS VPN Packets

End-to-End VPN Mechanisms
VPN Penultimate Hop Popping
Propagating VPN Labels Between PE Routers
Effects of MPLS VPNs on Label Propagagtion
Effects of MPLS VPNs on Packet Forwarding

Implementing an MP-BGP Session Between PE Routers

VRF Table
Need for Routing Protocol Contexts
VPN-Aware Routing Protocols
Using VRF Tables
Propagating BGP Routes – Outbound Example
Propagating Non-BGP Routes – Outbound Example
Propagating BGP Routes -Inbound Example
Propagating Non-BGP Routes – Inbound Example
Configuring BGP Address Families
Enabling BGP Neighbours
Configuring MP-BGP
Configuring MP-IBGP
VFR Configuration Tasks
Creating VRF Tables and Assigning RDs
Specifying Export and Import RTs
Using MPLS VPN IDs

MPLS VPN Implementation

Using MPLS VPN Mechanisms of Cisco IOS platforms
Configuring an MP-BGP Session Between PE Routers
Configuring VRF Tables
Configuring Small-Scale Routing Protocols Between PE and CE routers
Monitoring MPLS VPN Operations
Configuring OSPF as the Routing Protocol Between PE and CE Routers
Configuring BGP as the Routing Protocol between PE and CE Routers
Troubleshooting MPLS VPNs

Configuring Small-Scale Routing Protocols Between PE and CE Routers

Configuring PE-CE Routing Protocols
Selecting the VRF Routing Context for BGP
Configuring Per-VRF Static Routes
Configuring RIP PE-CE Routing
Configuring EIGRP PE-CE Routing
Configuring SOO for EIGRP PE-CE Loop Prevention

Monitoring MPLS VPN Operations

Monitoring VRFs
Monitoring VRF Routing
Monitoring MP-BGP Sessions
Monitoring an MP-BGP VPNv4 Table
Monitoring Per-VRF Cisco Express Forwarding and LFIB Structures
Monitoring Labels Associated with VPNv4 Routes
Identifying MPLS VPN Diagnostic Commands

Configuring OSPF as the Routing Protocol Between PE and CE Routers

OSPF Hierarchical Model
OSPF in an MPLS VPN Routing Model
OSPF Superbackbone-OSPF-BGP Hierarchy Issue
OSPF in MPLS VPNs-Goals
OSPF Superbackbone- Route Propagation Example
OSPF Superbackbone- Rules
OSPF Superbackbone- Implementation
OSPF Superbackbone- External Routes
OSPF Superbackbone- Mixing Routing Protocols
Configuring PE-CE OSPF Routing
Routing Loops Between MP-BGP and OSPF
OSPF Down-Bit-Loop Prevention
Optimizing of Packet Forwarding Across the MPLS VPN Backbone
Routing Loops across OSPF Domains
OSPF Tag Field-Operation
OSPF Tag Field-Usage Guidelines
OSPF Tag Field-Routing Loop Prevention
Sham Link

Configuring BGP as the Routing Protocol Between PE and CE Routers

Configuring a Per-VRF BGP Routing Context
Reasons for Limiting the Number of Routes in a VRF
Limiting the Number of Prefixes Received from a BGP Neighbour
Limiting the Total Number of VRF Routes
Identifying AS-Override Issues
AS-Override Implementation
AS-Path Prepending
Idenifying the Allow-AS Issue
Allow-AS in Implementation
Implementing SOO for Loop Prevention

Troubleshooting MPLS VPNs

Identifying Preliminary Steps in MPLS VPN Troubleshooting
Verifying the Routing Information Flow
Validating CE-to-PE Routing Information Flow
Validating PE-to-PE Routing Information Flow
Validating PE-to-CE Routing Information Flow
Identifying the Issues when Verifying the Data Flow
Validating Cisco Express Forwarding Status
Validating the End-to-End LSP
Validating the LFIB Status
MPLS VPN Troubleshooting Command Summary

Complex MPLS VPNs

Particpants in Overlapping VPNs
Typical Overlapping VPNs
Overlapping VPN Routing
Overlapping VPN Data Flow
Configuring Overlaping VPNs
Central Services VPN
Central Services VPN Routing
Central Services VPN Data Flow Model
Central Services VPN and Overlapping VPN Requirements
Configuring RDs and RTs in a Central Services VPN and Overlapping VPN
Advanced BRF Features
Configuring Selective VRF Import
Configuring Selective VRF Export
Managed CE Routers
VRF Creation and RD Overview
Configuring Managed CE Routers

Internet Access and MPLS VPNs

Customer Internet Connectivity Scenarios Overview
Classical Internet Access
Multisite Internet Access
Wholesale Internet Access
Internet Design Models for Service Providers
Internet Access Through Global Routing
Internet Access Through a Seperate VPN Service
Internet Access Through Route Leaking
Classical Internet Access for a VPN Customer
Implementing Classical Internet Access for a VPN Customer
Using Seperate Subinterfaces
Implementing Internet Access from Every Customer Site
Internet Access as a Seperate VPN
Implementing Wholesale Internet Access
Seperate Internet Access Benefits and Limitations
Running an Internet Backbone in a VPN: Benefits and Limitations

Introducing MPLS TE Components

TE Concepts
TE Motivations
Business Drivers for TE
Congestion Avoidance and TE
TE with a Layer 2 Overlay Model
Example of TE with a Layer 2 Overlay Model
Drawbacks of the Layer 2 Overlay Solution
Layer 3 Routing Model Without TE
TE with a Layer 3 Routing Model
MPLS TE Model
MPLS TE Traffic Tunnels
Traffic Tunnel Attributes
Link Resource Attributes
Constraint-Based Path Computation
Example of Constraint-Based Path Computation (Bandwidth)
MPLS TE Processes
Role of RSVP in Path Setup Procedures
Path Setup and Admission Control with RSVP
Forwarding Traffic to a Tunnel
Autoroute
Autoroute Example

Understanding MPLS TE Operations

Attributes Used by Constraint-Based Path Computation
MPLS TE Link Resource Attributes
MPLS TE Link Resource Attributes: Maximum Bandwidth and Maximum Reservable Bandwidth
MPLS TE Link Resource Attributes: Link Resource Class
MPLS TE Link Resource Attributes: Constraint-Based Specific Link Metric (Administrative Weight)
MPLS TE Tunnel Attributes
MPLS TE Tunnel Attributes: Traffic Parameter and Generic Path Selection and Management
MPLS TE Tunnel Attributes: Tunnel Resource Class Affinity
MPLS TE Tunnel Attributes: Adaptability, Priority and Pre-emption
MPLS TE Tunnel Attributes: Resilience
Implementing TE Policies with Affinity Bits
Using Affinity Bits in TE Policies
Propagating MPLS TE Link Attributes with Link-State Routing Protocol
Constraint-Based Path Computation
Constraint–Based Path Computation: Path Selection
Example of Constraint-Based Path Computation (resource Affinity)
Path Setup
RSVP Usage in Path Setup
Hop-by-Hop Path Setup with RSVP
Tunnel and Link Admission Control
Path Rerouting
Path Reoptimization
Path Rerouting: Link Failure
Assigning Traffic to Traffic Tunnels
Using Static Routing to Assign Traffic to a Traffic Tunnel
Autoroute
Autoroute: Path Selection Rules
Autoroute: Default Metric
Autoroute: Relative and Absolute Metric
Forwarding Adjacency
Forwarding Adjacency Traffic Flows

Configuring MPLS TE on Cisco IOS Platforms

MPLS TE Configuration Flow Chart
Enabling Device-Level MPLS TE Support
Enabling MPLS TE Support in IS-IS
Enabling MPLS TE Support in OSPF
Enabling Basic MPLS TE On an Interface
Creating and Configuring a Traffic Tunnel
Mapping Traffic into Tunnels with Autoroute

Monitoring Basic MPLS TE on Cisco IOS Platforms

Monitoring MPLS TE Tunnels
show ip rsvpinterface Command
show mpls traffic-eng tunnels brief commands
Monitoring MPLS TE
show mpls traffic-eng autoroute Command
show ip cef Command

Labs

Discovery 1: Implement SP and Customer IP Addressing and IGP Routing
Discovery 2: Verify Cisco Express Forwarding
Discovery 3: Enable MPLS
Discovery 4: Change IP TTL Propagation
Discovery 5: Implement the Core MPLS Environment in the Service Provider Network
Discovery 6: Configure MP-IBGP
Discovery 7: Configure the VRF Instances
Discovery 8: Configure RIP as a PE-CE Routing Protocol
Discovery 9: Configure EIGRP as a PE-CE Routing Protocol
Discovery 10: Implement EIGRP-Based MPLS VPNs
Discovery 11: Configure OSPF as a PE-CE Routing Protocol
Discovery 12: Implement OSPF-Based MPLS VPNs
Discovery 13: Configure BGP as a PE-CE Routing Protocol
Discovery 14: Implement BGP-Based MPLS VPNs
Discovery 15: Configure a Central Services VPN
Discovery 16: Configure MPLS Traffic Engineering
Discovery 17: Implement MPLS Traffic Engineering

Course Overview

The Implementing Cisco Enterprise SD-Branch (ENSDBI) course is designed to provide an understanding of the Cisco® Software-Defined (SD)-Branch architecture and Cisco Enterprise Network Functions Virtualization (ENFV) solution. You will learn about the supported hardware platforms with a focus on the components, installation, and upgraded workflows of the Cisco Enterprise Network Compute System (ENCS) 5400 series. Building your knowledge of Cisco NFVIS and Cisco vManage by deploying and managing the VNFs.

Course Objectives

After completing this course you should be able to:

Describe the Cisco SD-Branch solution and its architecture
Explain the hardware components of the Cisco ENCS 5400 and Cisco Catalyst® 8200 Series Edge Universal Customer Premises Equipment (uCPE)
Install and access the Cisco Enterprise NFVIS on Cisco ENCS 5400
Understand the VNF Lifecycle management and its deployment
Identify Cisco Enterprise NFVIS Security considerations
Explain the Cisco SD-WAN solution and its components
Describe the Cisco ENCS orchestrations systems and Representational State Transfer (REST) APIs
Deploy the Cisco ENCS using orchestrators
Monitor and troubleshoot Cisco ENFV components using Cisco vManage

Course Content

Introducing Cisco SD-Branch Architecture and Cisco ENFV Solution

Need for Cisco SD-Branch
Cisco SD-Branch Solution Architecture and Benefits
Cisco ENFV Solution
Cisco Enterprise NFVIS and Its Benefits
Cisco Enterprise NFVIS Hardware Platforms and Cisco NFVIS Supported Virtual Machines
Cisco Enterprise NFVIS Key Tasks

Preparing Cisco ENCS Device for Deployment

Cisco ENCS 5400 Components
Cisco Catalyst 8200 Series Edge uCPE Components
Install and Access the Cisco Enterprise NFVIS on the Cisco ENCS 5400
Upgrade Cisco Enterprise NFVIS and Cisco ENCS 5400 Firmware versions

Deploying VNFs on Cisco ENCS

VNF and Its Requirements
VNF Lifecycle Management
Cisco Enterprise NFVIS Security Considerations
VNF Packaging
VNF Deployment
Networking via Cisco Enterprise NFVIS

Working with Cisco ENCS Orchestration

Cisco SD-WAN Solution and Components
Plug and Play for Cisco SD-Branch Solution
Cisco ENCS Supported Orchestration Systems and Rest APIs
Overview of Cisco SD-WAN Network Design

Monitoring and Managing Cisco ENFV Components

Monitor and Manage Cisco ENFV Components Using Cisco vManage
Troubleshoot Cisco ENFV Components Using Cisco vManage

Labs

Explore Cisco ENCS and Cisco Enterprise NFVIS Portal
Deploy Cisco Virtual Machines (VMs) and VNFs
Deploy Orchestration using Cisco vManage
Monitor and Troubleshoot Cisco ENCS device

Course Overview

The Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) course provides you with the knowledge you need to install, configure, operate, and troubleshoot a dual stack enterprise network. This course covers advanced routing and infrastructure technologies, expanding on the topics covered in the Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) course.

This course helps to prepare you for theImplementing Cisco Enterprise Advanced Routing and Services (300-410 ENARSI) exam, which leads to the CCNP® Enterprise and Cisco Certified Specialist – Enterprise Advanced Infrastructure Implementation certifications.

Course Objectives

After completing this course you should be able to:

Configure, optimize, and troubleshoot enhanced interior gateway routing protocol (EIGRP)
Configure, optimize, and troubleshoot open shortest path first (OSPF)v2 and OSPFv3
Implement and troubleshoot route redistribution using filtering mechanisms
Implement path control using policy-based routing (PBR) and IP service level agreement (SLA)
Configure, optimize, and troubleshoot border gateway protocol (BGP)
Implement multiprotocol BGP (MP-BGP)
Describe the features of multiprotocol label switching (MPLS)
Describe the major architectural components of an MPLS virtual private network (VPN)
Identify the routing and packet forwarding functionalities for MPLS VPNs
Explain how packets are forwarded in an MPLS VPN environment
Implement Cisco internetwork operating system (IOS®) dynamic multipoint VPNs (DMVPNs)
Implement and troubleshoot dynamic host configuration protocol (DHCP)
Describe the tools available to secure the IPV6 first hop
Troubleshoot Cisco router security features
Troubleshoot infrastructure security and services
Troubleshoot network issues with Cisco DNA Center Assurance

Course Content

Implementing EIGRP

EIGRP Features
EIGRP Reliable Transport
Explore EIGRP Operation
Compare EIGRP Classic and Named Mode
Exchange of Routing Knowledge in EIGRP
EIGRP Metrics
EIGRP Classic Mode Metric Calculation
Example of EIGRP Classic Mode Metric Calculation
EIGRP Feasibility Condition
Example of EIGRP Path Calculation

Optimizing EIGRP

EIGRP Queries
EIGRP Stub Routers
EIGRP Stuck in Active
EIGRP Summary Routes
EIGRP Load Balancing
EIGRP Authentication

Troubleshooting EIGRP ( Self-Study)

Troubleshoot EIGRP
Troubleshoot EIGRP Neighbor Issues
Troubleshoot EIGRP Routing Table Issues
Troubleshoot EIGRP Stub
Troubleshoot EIGRP Summarization
Troubleshoot EIGRP for IPv6
Troubleshoot EIGRP Authentication

Implementing OSPF

OSPF Features
OSPF Operations
Hierarchical Structure of OSPF
Design Limitations of OSPF
OSPF Message Types
Compare OSPFv2 and OSPFv3
OSPFv2 and OSPFv3 LSA Types
Periodic OSPF Database Changes
Exchange and Synchronize LSDBs
Synchronize LSDB on Multi-Access Networks
Execution of the SPF Algorithm

Optimizing OSPF

OSPF Route Summarization
Default Routing in OSPF
OSPF Special Areas
Default Route Cost in OSPF Special Areas
OSPF Authentication
OSPF Virtual Link

Troubleshooting OSPF (Self-Study)

Components of Troubleshooting OSPF
Troubleshoot OSPF Adjacency
Troubleshoot OSPF Routing Issues
Troubleshoot OSPF Path Selection
Troubleshoot OSPF Special Areas
Troubleshoot OSPF Summarization

Configuring Redistribution

Route Redistribution
Redistribution of Route Information
Determine Default Metrics for Redistributed Routes
Calculation of Costs for OSPF E1 and E2 Routes
Types of Redistribution
Mutual Redistribution
Need for Redistribution
Need for Redistribution Manipulation
Filtering Tools: Distribute Lists
Filtering Tools: Prefix Lists
Filtering Tools: Route Maps
Identity Caveats of Redistribution

Troubleshooting Redistribution (Self-Study)

Troubleshooting Redistribution
Troubleshoot Issues with Redistribution Route Feedback

Implementing Path Control

Need for Path Control
PBR Features and Benefits
Explain How to Configure PBR
Bidirectional Forwarding Detection
BFD Operational Modes

Implementing IBGP

BGP Fundamentals
BGP Neighbor Relationships
BGP Path Attributes
BGP Path Selection
BGP Transit AS Functionality
IBGRP Path Processing
IBGRP Split Horizon
IBGRP Full Mesh

Optimizing BGP

Configure the Weight Attribute
Configure the MED Attribute
Configure BGP Route Filtering
Implement BGP Peer Groups
IBGP Scalability Issues in a Transit AS
Route Reflector Split-Horizon Rules
Redundant Route Reflectors
BGP Authentication

Implementing MP-BGP

MP-BGP Support for IPv6
IPv6 BGP Filtering Mechanisms

Troubleshooting BGP (Self-Study)

Monitor BGP
Troubleshoot BGP Neighbor Relationships
Understand BGP Monitoring
Troubleshooting IBGP
Troubleshoot MP-BGP

Exploring MPLS (Self-Study)

Describe Traditional IP Routing
Describe MPLS Features and Benefits
Explain MPLS Terminology
Describe MPLS Architecture Components
Describe the Architecture of Ingress Edge LSRs
Describe the Architecture of Intermediate LSRs
Describe the Architecture of Egress Edge LSRs

Introducing MPLS L3 VPN Architecture (Self-Study)

Describe MPLS L3 VPN Architecture
Describe PE Router Architecture
Describe VRF
Describe Methods of Propagating Routing Information Across the P-Network
Describe Route Distinguishers
Describe RD Operation in MPLS VPN
Describe Route Targets
Describe RT and RD Process Flow

Introducing MPLS L3 VPN Routing (Self-Study)

Describe MPLS L3 VPN Routing Requirements
Describe Support for Internet Routing
Describe Routing Tables on PE Routers
Describe the End-toEnd Flow of Routing Updates
Describe End-toEnd VPN Packet Forwarding Mechanisims
Describe VPN Penultimate Hop Popping
Describe the Propagation of VPN Labels Between PE Routers

Configuring VRF-Lite

PE Router Routing Contexts
VPN-Aware Routing Protocols
VRF Table
VRF-Lite Functionality
Implement VRF-Lite
Migration from Old to New Style VRF CLI
Routing with VRF-Lite

Implementing DMVPN

Overview of Cisco IOS DMVPN
DMVPN Solution Components
Understanding GRE
NHRP
DMVPN Operations
DMVPN Authentication
DMVPN Hub Configuration
DMVPN Spoke configuration
DMVPN Routing Configuration
Verify DMVPN

Implementing DHCP

DHCP Overview
DHCP Relay
DHCP Manual Address Binding
Describe DHCP Options
IPv6 Stateless Address Autoconfiguration Overview
DHCPv6 Overview
DHCPv6 Operation
Stateless DHCPv6 Overview
DHCPv6 Relay Agent
Troubleshoot DHCP
Troubleshoot IPv6 Address Assignment on Clients

Introducing IPv6 First Hop Security ( Self-Study)

Describe IPv6 Snooping
Describe IPv6 ND Inspection
Describe IPv6 RA Guard
Describe DHCPv6 Guard
Describe IPv6 Source Guard
Describe IPv6 Destination Guard

Securing Cisco Routers

Interpret an IPv4 ACL
Implement an IPv4 ACL for Filtering
Implement a Time-Based IPv4 ACL
Interpret an IPv6 ACL
Implement an IPv6 ACL for Filtering
Troubleshoot Access Links
Describe Control Plane Security
Describe Control Plane Policing
CoPP Implementation Steps
Describe uRPF
uRPF Configuration Example

Troubleshooting Infrastructure Security and Services ( Self-Study)

AAA Overview
AAA Configuration Using Local Database
AAA Configuration Using a AAA Server
Troubleshoot AAA
SNMP
Troubleshoot SNMP
Syslog
Network Management Protocols
NetFlow
Cisco Flexible NetFlow

Troubleshooting with DNA Center Assurance (Self-Study)

Need for DNA Assurance
Cisco AI Network Analytics
DNA Assurance Health Scores
Using Path Trace for Troubleshooting
Troubleshooting using DNA Assurance- Use Cases

Labs

Discovery Lab 1: Configure EIGRP Using Classic Mode and Named Mode for IPv4 and IPv6
Discovery Lab 2: Verify the EIGRP Topology Table
Discovery Lab 3: Configure EIGRP Stub Routing, Summarization, and Default Routing
Discovery Lab 4: Configure EIGRP Load Balancing and Authentication
Discovery Lab 5: Troubleshoot EIGRP Issues
Discovery Lab 6 : Configure OSPFv3 for IPv4 and IPv6
Discovery Lab 7: Verify the Link-State Database
Discovery Lab 8: Configure OSPF Stub Areas and Summarization
Discovery Lab 9: Configure OSPF Authentication
Discovery Lab 10: Troubleshoot OSPF Issues
Discovery Lab 11: Implement Routing Protocol Redistribution
Discovery Lab 12: Manipulate Redistribution
Discovery Lab 13: Manipulate Redistribution Using Route Maps
Discovery Lab 14: Troubleshoot Redistribution Issues
Discovery Lab 15: Implement PBR
Discovery Lab 16: Configure IBGP and EBGP
Discovery Lab 17: Implement BGP Path Selection
Discovery Lab 18: Configure BGP Advanced Features
Discovery Lab 19: Configure BGP Route Reflectors
Discovery Lab 20: Configure MP-BGP for IPv4 and IPv6
Discovery Lab 21: Troubleshoot BGP Issues
Discovery Lab 22: Configure Routing with VRF-Lite
Discovery Lab 23: Implement Cisco IOS DMVPN
Discovery Lab 24: Obtain IPv6 Addresses Dynamically
Discovery Lab 25: Troubleshoot DHCPv4 and DHCPv6 Issues
Discovery Lab 26: Troubleshoot IPv4 and IPv6 ACL Issues
Discovery Lab 27: Configure and Verify uRPF
Discovery Lab 28: Troubleshoot Network Management Protocol Issues: Lab 1
Discovery Lab 29: Troubleshoot Network Management Protocol Issues: Lab 2

Course Overview

The Implementing Cisco Catalyst 9000 Series Switches (ENC9K) course provides you with insight into Cisco Catalyst 9000 Series Switches and their solution components, architecture, capabilities, positioning, and implementation. Learn how to manage the switches using CLI, Cisco DNA Center, and the IOS-XE GUI. Additionally, you will be introduced to security, cloud, automation, and other important features of Cisco Catalyst 9000 Series switches.

Course Objectives

After completing this course you should be able to:

Review the Cisco Catalyst 9000 Series Switches identify the switches’ features and examine the functionalities purpose-built for Cisco DNA and the SD-Access solution.
Position the different Cisco Catalyst 9000 Series Switch model types in the network, and map older Cisco Catalyst switches to the 9000 family for migration.
Identify the role and value of Cisco Silicon One in a campus environment.
Examine management capabilities of the Cisco Catalyst 9000 Series Switches.
Describe the scalability and performance features supported by the Cisco Catalyst 9000 Series Switches.
Describe the Cisco Catalyst 9000 Series Switch support for security, Quality of Service (QoS), and Internet of Things (IoT) convergence features.
Describe automation features, Application Programming Interface (API), Infrastructure as Code, and automation tools supported on Cisco Catalyst 9000 Series switches.
Describe the new QoS, IoT, and BGP EVPN Features on Cisco Catalyst 9000 Series Switches.
Describe the maintenance features on Cisco Catalyst 9000 Series switches.
Explore the SD-Access solution fundamentals, deployment models for the Cisco Catalyst 9000 Series Switch, and the use of Cisco DNA Center to manage infrastructure devices.
Automate Day 0 device onboarding with Cisco DNA Center LAN Automation and Network PnP.
Describe how to manage and host applications on Cisco Catalyst 9000 Series switches using Cisco DNA Center.
Explore a modern approach to cloud-managed networking for Cisco Catalyst 9000 Series switches and wireless access points that uses the Meraki Dashboard and analytics.
Describe the Cisco Catalyst 9200 Series Switch architecture, model types, port types, uplink modules, components including power supplies, and other switch features and capabilities.
Describe the Cisco Catalyst 9300 Series Switch architecture, model types, port types, uplink modules, and components, including power supplies and stacking cables.
Describe the Cisco Catalyst 9400 Series Switches, different modular chassis, supervisor and line card options, architectural components, uplink, and power redundancy, and Multigigabit ports
Describe the Cisco Catalyst 9500 Series Switches, model types, switch components, RFID support, architecture, and switch profiles.
Describe the Cisco Catalyst 9600 Series Switch architecture, supervisor and line card options, and high availability features.

Course Content

Introducing Cisco Catalyst 9000 Series Switches

Introducing Cisco Catalyst 9000 Platforms
Introducing Cisco UDAP ASIC 2.0 and 3.0
Cisco UDAP 2.0 and 3.0 Core Architecture
Packet Walk with ASIC
Cisco Open IOS XE
Role of Cisco Catalyst 9000 Series Switches in Cisco DNA Architecture
Meraki Management for Catalyst 9000 Series
Cisco Catalyst 9000 Series Licensing

Positioning Cisco Catalyst 9000 Switches

Positioning Cisco Catalyst 9200 Switches
Positioning Cisco Catalyst 9300 Switches
Positioning Cisco Catalyst 9400 Switches
Positioning Cisco Catalyst 9500 Switches
Positioning Cisco Catalyst 9600 Switches
Migrating from the Cisco Catalyst 2960-X/XR to Cisco Catalyst 9200
Migrating from the Cisco Catalyst 3850 to Cisco Catalyst 9300
Migrating from the Cisco Catalyst 4500E to the Cisco Catalyst 9400
Migrating from the Cisco Catalyst 4500X, 6840X and 6880 to Catalyst 9500
Migrating from the Cisco Catalyst 6500 and 6800 to Cisco Catalyst 9600

Cisco Catalyst Silicon One Architecture

Campus Network Architecture Principles
Cisco Catalyst 9000 Products
Cisco Silicon One Family Architecture
Campus Features on Silicon One Q200
Catalyst 9000 IPv4 and IPv6 Protocols

Exploring Cisco Catalyst 9000 Series Switches Management Capabilities

Cisco IOS XE Software CLI
Onboard Cisco IOS XE Software Web User Interface GUI
Simple Network Management Protocol
Network Programmability Features
ThousandEyes Enterprise Agent
Intent-Based Networking with Cisco DNA Center
Cisco Prime Infrastructure
Cisco Prime Infrastructure with Cisco DNA Center
Cisco DNA Center Platform Extensibility

Scale and Performance Features on Cisco Catalyst 9000 Series Switches

Cisco StackWise Virtual Topology in N-Tier Network Topology
Bandwidth Per Stack
Uplinks
Multigigabit Technology
Flexible NetFlow
Forwarding TCAM Resources, Flexible Lookup Tables Shared Across Cores, FlexTables
Cisco Catalyst 9500 Series Flexible ASIC Templates
Hierarchical VPLS with MPLS Access
Routed Pseudowire IRB for IPv4 Unicast
VRF Aware NAT
Loop Detection Guard
VLAN Load Balancing for FlexiLink+

Security Features on Cisco Catalyst 9000 Series Switches

Group-Based policy and Cisco TrustSec SGT for Wired and Wireless
Hardware Encryption
LAN MACsec
Encrypted Traffic Analytics
Switched Integrated Security Features
Cloud Security Integration
Extend Security to Infrastructure with Trustworthy Systems
Cisco Zero Trust

Automation Features on Cisco Catalyst 9000 Series Switches

Automation Features on Cisco Catalyst 9000 Series Switches Overview
API
Infrastructure as Code Overview
Automation Tools Supported on Cisco Catalyst 9000 Series Switches

QoS, IoT and BGP EVPN Features on Cisco Catalyst 9000 Series Switches

QoS Features and Packet Walk
IoT Convergance Features on Cisco Catalyst 9000 Series Switches
BGP EVPN Overview

Maintenance Features on Cisco Catayst 9000 Series Switches

Open IOS XE Patchability and Software Management
Software Upgrades, Backup and Restore
Graceful Insertion and Removal
New Licensing Packaging Structure

Cisco SD-Access Solution in Cisco Catalyst 9000 Series Switches

Cisco SD-Access Solutions Overview
Cisco SD-Access Components and Roles
Cisco SD-Access in Cisco DNA Center
Role of the Cisco Catalyst 9000 Series in the Cisco SD-Access Solution
Deploying Cisco Catalyst 9000 Series in SD-Access Fabric

Application Hosting on Cisco Catalyst 9000 Series Switches

Open IOS XE Containers and Hosted Applications
ThousandEyes for Cisco Catalyst 9000 Series Switches
SD-Access Extension Overview
Cisco AI Endpoint Analytics Overview

Cloud Management for Catalyst 9000 Series Using Meraki Dashboard

Introduction to Cloud Management
Meraki Management for Catalyst 9000 Series
Implementation Aspects of Monitoring and Conversion
Work with the Meraki API
Features, Integrations and Troubleshooting Details
Troubleshoot Activity: Cloud Management Troubleshooting

Automating Network Changes with Cisco DNA Center

Exploring Cisco DNA Center Design Workflow
Cisco DNA Center and Cisco ISE Integration
Automating Device Onboarding with Cisco Network Plug and Play

Introducing Cisco Catalyst 9200 Series Switches ( Self-Study)

Cisco Catalyst 9200 Product Overview
Cisco Catalyst 9200 Series Architecture
Fabric Edge Node for SD-Access
MACsec-128 Link Encryption
Cisco Catalyst 9200 Series Front Panel
Cisco Catalyst 9200 Series Rear Panel
Cisco Catalyst 9200 Series Switch Models
Cisco Catalyst 9200 Switch Uplink Modules
Cisco Catalyst 9200 Series Switches Power Supplies, Stacking and Stack Cables.
Cisco Catalyst 9200 Series Switches Features and Capabilities

Introducing Cisco Catalyst 9300 Series Switches ( Self-Study)

Cisco Catalyst 9300 Product Overview
Switch Models
Cisco Catalyst 9300 Switch Uplink Models
Cisco Catalyst 9300 Series Switches, Power Supplies, Stacking and Stack Cables
Enhanced Storage Options on Cisco Catalyst 9300
Cisco Catalyst 9300 Port Layouts
Multigigabit Ports

Introducing Cisco Catalyst 9400 Series Switches ( Self-Study)

Cisco Catalyst 9400 Product Overview
Cisco Catalyst 9400 4-slot Modular Switch Chassis
Cisco Catalyst 9400 7-Slot Modular Switch Chassis
Cisco Catalyst 9400 10-Slot Modular Switch Chassis
Cisco Catalyst 9400 Supervisor and Line Cards
Power Supplies
Cisco Catalyst 9400 High Availability Features
Cisco Catalyst 9400 Architecture
Cisco Catalyst 9400 Supervisor Uplinks and Uplink Redundancy
Cisco Catalyst 9400 Power Redundancy Modes
Cisco Catalyst 9400 Multigigabit Ports

Introducing Cisco Catalyst 9500 Series Switches ( Self-Study)

Cisco Catalyst 9500 Product Overview
Cisco Catalyst 9500-32C Series Switch
Cisco Catalyst 9500-32QC Series Switch
Cisco Catalyst 9500-48Y4C Series Switch
Cisco Catalyst 9500-24Y4C Series Switch
Cisco Catalyst 9500-24Q Series Switch
Cisco Catalyst 9500-12Q Series Switch
Cisco Catalyst 9500-40X Series Switch
Cisco Catalyst 9500-16X Series Switch
Cisco Catalyst 9500 Redundant Platinum Rated Power Supply
Cisco Catalyst 9500 Modular Fans
Cisco Catalyst 9500 Series Switch RFID
Cisco Catalyst 9500-32C Series Architecture
Cisco Catalyst 9500-32QC Series Architecture
Cisco Catalyst 9500-48Y4C Series Architecture
Cisco Catalyst 9500-24Y4C Series Architecture
Cisco Catalyst 9500-24Q Series 40G Architecture
Cisco Catalyst 9500-12Q Series 40G Architecture
Cisco Catalyst 9500-40X Series10G Architecture
Cisco Catalyst 9500-16X Series Architecture

Introducing Cisco Catalyst 9600 Series Switches ( Self-Study)

Cisco Catalyst 9600 Product Overview
Cisco Catalyst 9600 Series Switch Architecture
Cisco Catalyst 9600 Supervisor and Line Cards
Cisco Catalyst 9600 Power Supplies
Cisco Catalyst 9600 High Availability Features

Labs

Configure and Troubleshoot Network Issues using WebGUI
Application Hosting on Cisco Catalyst 9000 Series Switches Using the CLI
Configure a Switch Stack Using Cisco Catalyst 9300 Series Switches
Enable and Verify Switch-to-Switch MACSec
Enable and Verify Encrypted Traffic Analytics
Explore Switch Management Automation and Programmability
Network Automation using Ansible Playbooks and Terraform Scripts on the Cisco IOS XE
Configure Perpetual PoE and Fast PoE on a Cisco Catalyst 9000 Series Switch
Configure Packet Capture on a Cisco Catalyst 9300 Series Switch
Perform GIR on a Cisco Catalyst 9000 Series Switch
Application Hosting on Cisco Catalyst 9300 Using Cisco DNA Center
Integrate Cisco DNA Center and Cisco ISE
Provision Underlay Networks with Cisco DNA Center LAN Automation

Course Overview

The Implementing and Operating Cisco Enterprise Network Core Technologies course gives you the knowledge and skills needed to configure, troubleshoot, and manage enterprise wired and wireless networks. Learn how to implement security principles within an enterprise network and how to overlay network design by using solutions such as SD-Access and SD-WAN. The automation and programmability of Enterprise networks is also incorporated in this course.

This course will help you:

Please note that this course is a combination of Instructor-Led and Self-Paced Study – 5 days in the classroom and approx. 3 days of self study. The self-study content will be provided as part of the digital courseware that you receive at the beginning of the course and should be part of your preparation for the exam. Additional lab access will be provided at the end of the class, this will be valid for 60 hours or 90 days whichever is the shorter. It will be possible to complete all but 7 of the labs after the class.

Course Objectives

After completing this course you should be able to:

Illustrate the hierarchical network design model and architecture using the access, distribution, and core layers.
Compare and contrast the various hardware and software switching mechanisms and operation, while defining the TCAM and CAM, along with process switching, fast switching, and Cisco Express Forwarding concepts.
Troubleshoot layer 2 connectivity using VLANs, trunking.
Implementation of redundant switched networks using spanning tree protocol.
Troubleshooting link aggregation using Etherchannel.
Describe the features, metrics, and path selection concepts of EIGRP.
Implementation and optimization of OSPFv2 and OSPFv3, including adjacencies, packet types, and areas, summarization and route filtering for IPv4 and IPv6.
Implementing EBGP interdomain routing, path selection and single and dual-homed networking.
Implementing network redundancy using protocols like HSRP and VRRP.
Implementing internet connectivity within Enterprise using static and dynamic NAT.
Describe the virtualization technology of servers, switches, and the various network devices and components.
Implementing overlay technologies like VRF, GRE, VPN and LISP.
Describe the components and concepts of wireless networking including RF, antenna characteristics, and define the specific wireless standards.
Describe the various wireless deployment models available, include autonomous AP deployments and cloud-based designs within the centralized Cisco WLC architecture.
Describe wireless roaming and location services.
Describe how APs communicate with WLCs to obtain software, configurations, and centralized management.
Configure and verify EAP, WebAuth, and PSK wireless client authentication on a WLC.
Troubleshoot wireless client connectivity issues using various tools available.
Troubleshooting Enterprise networks using services like NTP, SNMP, Cisco IOS IP SLAs, NetFlow and Cisco IOS Embedded Event Manager.
Explain the use of available network analysis and troubleshooting tools, which include show and debug commands, as well as best practices in troubleshooting.
Configure secure administrative access for Cisco IOS devices using the CLI access, RBAC, ACL, and SSH, and explore device hardening concepts to secure devices from less secure applications, such as Telnet and HTTP.
Implement scalable administration using AAA and the local database, while exploring the features and benefits.
Describe the enterprise network security architecture, including the purpose and function of VPNs, content security, logging, endpoint security, personal firewalls, and other security features.
Explain the purpose, function, features, and workflow of Cisco DNA Center Assurance for Intent Based Networking, for network visibility, proactive monitoring, and application experience.
Describe the components and features of the Cisco SD-Access solution, including the nodes, fabric control plane, and data plane, while illustrating the purpose and function of the VXLAN gateways.
Define the components and features of Cisco SD-WAN solution, including the orchestration plane, management plane, control plane, and data plane.
Describe the concepts, purpose, and features of multicast protocols, including IGMP v2/v3, PIM dense mode/sparse mode, and rendezvous points.
Describe the concepts and features of QoS and describe the need within the enterprise network.
Explain basic Python components and conditionals with script writing and analysis.
Describe network programmability protocols like NETCONF, RESTCONF.
Describe APIs in Cisco DNA Center and vManage.

Course Content

Examining Cisco Enterprise Network Architecture

Cisco Enterprise Architecture Model
Campus LAN Design Fundamentals
Traditional Multilayer Campus Layer Design
Campus Distribution Layer Design

Understanding Cisco Switching Paths

Layer 2 Switch Operation
Control and Data Plane
Cisco Switching Mechanisms

Implementing Campus LAN Connectivity

Revisiting VLANs
Trunking with 802.1Q
Inter-VLAN Routing

Building Redundant Switched Topology

Spanning-Tree Protocol Overview
Spanning-Tree Protocol Operation
Spanning-Tree Protocols Types and Features
Multiple Spanning Tree Protocol
PortFast and BPDU

Understanding EIGRP

EIGRP Features
EIGRP Reliable Transport
Establishing EIGRP Neighbour Adjacency
EIGRP Metrics
EIGRP Path Selection
Explore EIGRP Path Selection
Explore EIGRP Load Balancing and Sharing
EIGRP for IPv6
Compare EIGRP and OSPF Routing Protocols

Implementing OSPF

Describe OSPF
The OSPF Process
OSPF Neighbour Adjacencies
Building a Link-State Database
OSPF LSA Types
Compare Single-Area and Multi-Area OSPF
OSPF Area Structure
OSPF Network Types

Optimizing OSPF

OSPF Cost
OSPF Route Summarization Benefits
OSPF Route Filtering Tools
Compare OSPFv2 and OSPFv3

Exploring EBGP

Interdomain Routing with BGP
BGP Operations
Types of BGP Neighbour Relationships
BGP Path Selection
BGP Path Attributes

Implementing Network Redundancy

Need for Default Gateway Redundancy
Define FHRP
HSRP Advanced Features
Cisco Switch High Availability Features

Implementing NAT

Define Network Address Translation
NAT Address Types
Explore NAT Implementations
NAT Virtual Interface

Introducing Virtualisation Protocols and Techniques

Server Virtualisation
Need for Network Virtualisation
Path Isolation Overview
Introducing VRF
Introducing Generic Routing Encapsulation

Understanding Virtual Private Networks and Interfaces

Site-to-Site VPN Technologies
IPSec VPN Overview
IPSec: Internet Key Exchange
IPsec Modes
IPsec VPN Types
Cisco IOS VTI

Understanding Wireless Principles

Explain RF Principles
Describe Watts and Decibels
Describe Antenna Characteristics
Describe IEEE Wireless Standards
Identify Wireless Component Roles

Examining Wireless Deployment Options

Wireless Deployment Overview
Describe Autonomous AP Deployment
Describe Centralized Cisco WLC Deployment
Describe FlexConnect Deployment
Cloud Deployment and Its Effect on Enterprise Networks
Describe the Cloud-Managed Meraki Solution
Cisco Catalyst 9800 Series Controller Deployment Options
Describe Cisco Mobility Express

Understanding Wireless Roaming and Location Services

Wireless Roaming Overview
Mobility Groups and Domains
Wireless Roaming Types
Describe Location Services

Examining Wireless AP Operation

Universal AP Priming
Explore the Controller Discovery Process
Describe AP Failover
Explain High Availability
Explore AP Modes

Understanding Wireless Client Authentication

Authentication Methods
Pre-Shared Key (PSK) Authentication
802.1X User Authentication Overview
PKI and 802.1X Certificate Based Authentication
Introduction to Extensible Authentication Protocol
EAP-Transport Layer Security (EAP-TLS)
Protected Extensible Authentication Protocol
EAP-Flexible Authentication via Secure Tunneling
Guest Access with Web Auth

Troubleshooting Wireless Client Connectivity

Wireless Troubleshooting Tools Overview
Spectrum Analysis
Wi-Fi Scanning
Packet Analysis
Cisco AireOS GUI and CLI Tools
Cisco Wireless Config Analyzer Express
Common Wireless Client Connectivity Issues Overview
Client to AP Connectivity
WLAN Configuration
Infrastructure Configuration

Implementing Network Services

Understanding Network Time Protocol
Logging Services
Simple Network Management Protocol
Introducing NetFlow
Flexible NetFlow
Understanding Cisco IOS Embedded Event Manager

Using Network Analysis Tools

Troubleshooting Concepts
Network Troubleshooting Procedures: Overview
Network Troubleshooting Procedures: Case Study
Basic Hardware Diagnostics
Filtered Show Commands
Cisco IOS IP SLAs
Switched Port Analyzer(SPAN) Overview
Remote SPAN (RSPAN)
Encapsulated Remote Switched Port Analyzer(ERSAPN)
Cisco Packet Capture Tools Overview

Implementing Infrastructure Security

ACL Overview
ACL Wildcard Masking
Types of ACLs
Configure Numbered Access Lists
Use ACLs to Filter Network Traffic
Apply ACLs to Interfaces
Configured Named Access Lists
Control Plane Overview
Control Plane Policing

Implementing Secure Access Control

Securing Device Access
AAA Framework Overview
Benefits of AAA Usage
Authentication Options
RADIUS and TACACS+
Enabling AAA and Configuring a Local User for Fallback
Configuring RADIUS for Console and VTY Access
Configuring TACACS+ for Console and VTY Access
Configure Authorization and Accounting

Understanding the Basics of Python Programming

Describe Python Concepts
String Data Types
Numbers Data Types
Boolean Data Types
Script Writing and Execution
Analyzing the Code

Introducing Network Programmability Protocols

Configuration Management
Evolution of Device Management and Programmability
Data Encoding Formats
Understanding JSON
Model Driven Programmability Stack
Introduction to YANG
Types of YANG Models
Understanding NETCONF
Explain NETCONF and YANG
Understanding REST
Understanding RESTCONF Protocol

Implementing Layer 2 Port Aggregation (Self-Study)

Need for EtherChannel
EtherChannel Mode Interactions
Layer 2 EtherChannel Configuration Guidelines
EtherChannel Load-Balancing Options
Troubleshoot EtherChannel Issues

Introducing Multicast Protocols (Self-study)

Multicast Overview
Internet Group Management Protocol
Multicast Distribution Trees
IP Multicasting Routing
Rendezvous Point

Introducing QoS (Self-study)

Understand the Impact of User Applications on the Network
Need for Quality of Service (QoS)
Describe QoS Mechanisms
Define and Interpret a QoS Policy

Understanding Enterprise Network Security Architecture (Self-study)

Explore Threatscape
Cisco Intrusion Prevention Systems
Virtual Private Networks
Content Security
Logging
Endpoint Security
Personal Firewalls
Antivirus and Antispyware
Centralized Endpoint Policy Enforcement
Cisco AMP for Endpoints
Firewall Concepts
TrustSec
MACsec
Identity Management
802.1X for Wired and Wireless Endpoint Authentication
MAC Authentication Bypass
Web Authentication

Exploring Automation and Assurance Using Cisco DNA Centre (Self-study)

Need for Digital Transformation
Cisco Digital Network Architecture
Cisco Intent-Based Networking
Cisco DNA Centre Automation Overview
Cisco DNA Centre Platform Overview
Cisco DNA Centre Design
Cisco DNA Centre Inventory Overview
Cisco DNA Centre Configuration and Management Overview
Onboarding of Network Devices Using Cisco DNA Centre
Cisco DNA Centre Software Image Management Overview
Cisco DNA Assurance Key Features and Use Cases
Cisco DNA Centre Assurance Implementation Workflow

Examining the Cisco SD-Access Solution (Self-study)

Need for Cisco SD-Access
Cisco SD Access Overview
Cisco SD-Access Fabric Components
Cisco SD-Access Fabric Control Plane Based on LISP
Cisco SD-Access Fabric Control Plane Based on VXLAN
Cisco SD-Access Fabric Control Plane Based on Cisco TrustSec
Role of Cisco ISE and Cisco DNA Centre in SD-Access
Cisco SD-Access Wireless Integration
Traditional Campus Interoperating with Cisco SD-Access

Understanding the Working Principles of the Cisco SD-WAN Solution (Self-study)

Need for Software Defined Networking for WAN
Cisco SD-WAN Components and Functions
Cisco SD-WAN Orchestration Plane
Cisco SD-WAN Management Plane- vManage
Cisco SD-WAN Control Plane – vSmart
Cisco SD-WAN Data Plane – WAN Edge
Cisco SD-WAN Programmatic APIs
Cisco SD-WAN Automation and Analytics
Cisco SD-WAN Terminology
Cisco IOS XE and IOS XE SD-WAN Software
Flexible Controller Deployment Options
Cisco SD-WAN Security

Introducing APIs in Cisco DNA Centre and vManage (Self-study)

Application Programming Interfaces
REST API Response Codes and Results
REST API Security
Cisco DNA Centre APIs
Cisco SD-WAN REST API Overview

Labs

Lab 1: Investigate the CAM
Lab 2: Analyse Cisco Express Forwarding
Lab 3: Troubleshoot VLAN and Trunk Issues
Lab 4: Tune STP and Configure RSTP
Lab 5: Configure Multiple Spanning Tree Protocol ( Self-Study)
Lab 6: Implementing Multiarea OSPF
Lab 7: Implement OSPF Tuning
Lab 8: Apply OSPF Optimization
Lab 9: Implement OSPFv3
Lab 10: Configure and Verify Single-Homed EBGP
Lab 11: Implement HSRP
Lab 12: Configure VRRP (Self-Study)
Lab 13: Implement NAT
Lab 14: Configure and Verify VRF
Lab 15: Configure and Verify a GRE Tunnel
Lab 16: Configure Static VTI Point-to-Point Tunnels
Lab 17: Configure Wireless Client Authentication in a Centralized Deployment (No Extended Access)
Lab 18: Troubleshoot Wireless Client Connectivity Issues (No Extended Access)
Lab 19: Configure Syslog (Self-Study)
Lab 20: Configure and Verify Flexible NetFlow
Lab 21: Configuring Cisco IOS Embedded Event Manager (EEM)
Lab 22: Troubleshoot Connectivity and Analyse Traffic with Ping, Traceroute and Debug
Lab 23: Configure and Verify Cisco IP SLA’s
Lab 24: Configure Standard and Extended ACLs
Lab 25: Configure Control Plane Policing
Lab 26: Implement Local and Server-Based AAA (No Extended Access)
Lab 27: Write and Troubleshoot Python Scripts (No Extended Access)
Lab 28: Explore JSON Objects and Scripts in Python (No Extended Access)
Lab 29: Use NETCONF via SSH (No Extended Access)
Lab 30: Use RESTCONF with Cisco IOS XE Software (No Extended Access)
Lab 31: Troubleshoot EtherChannel (Self-Study)

Course Overview

The Implementing and Administering Cisco Solutions course provides a broad range of fundamental knowledge for all IT careers. Through a combination of lecture and hands-on labs, you will learn how to install, operate, configure, and verify a basic IPv4 and IPv6 network. The course covers configuring network components such as switches, routers, and Wireless LAN Controllers; managing network devices; and identifying basic security threats. Network programmability, automation, and software-defined networking are also covered at a foundational level.

This course helps you prepare to take the 200-301 Cisco Certified Network Associate (CCNA) exam.

Please note that this course is a combination of Instructor-Led and Self-Paced Study – 5 days in the classroom and approx 3 days of self study. The self-study content will be provided as part of the digital courseware that you receive at the beginning of the course and should be part of your preparation for the exam. Lab access is provided for both the class and the self- study sections, lab access is valid for 60 hours or 90 days whichever is the shorter, so please ensure you exit the lab exercises when not in use.

Course Objectives

After completing this course you should be able to:

Identify the components of a computer network and describe their basic characteristics
Understand the model of host-to-host communication
Describe the features and functions of the Cisco Internetwork Operating System (IOS®) software
Describe LANs and the role of switches within LANs
Describe Ethernet as the network access layer of TCP/IP and describe the operation of switches
Install a switch and perform the initial configuration
Describe the TCP/IP Internet layer, IPv4, its addressing scheme, and subnetting
Describe the TCP/IP Transport layer and Application layer
Explore functions of routing
Implement basic configuration on a Cisco router
Explain host-to-host communications across switches and routers
Identify and resolve common switched network issues and common problems associated with IPv4 addressing
Describe IPv6 main features and addresses, and configure and verify basic IPv6 connectivity
Describe the operation, benefits, and limitations of static routing
Describe, implement, and verify virtual local area networks (VLANs) and trunks
Describe the application and configuration of inter-VLAN routing
Explain the basics of dynamic routing protocols and describe components and terms of Open Shortest Path First (OSPF)
Explain how Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) work
Configure link aggregation using EtherChannel
Describe the purpose of Layer 3 redundancy protocols
Describe basic WAN and VPN concepts
Describe the operation of access control lists (ACLs) and their applications in the network
Configure Internet access using Dynamic Host Configuration Protocol (DHCP) clients and explain and configure network address translation (NAT) on Cisco routers
Describe basic quality of service (QoS) concepts
Describe the concepts of wireless networks, which types of wireless networks can be built, and how to use Wireless LAN Controllers (WLCs)
Describe network and device architectures and introduce virtualization
Explain Software-Defined Networks
Configure basic IOS system monitoring tools
Describe the management of Cisco devices
Describe the current security threat landscape
Describe threat defense technologies
Implement a basic security configuration of the device management plane
Implement basic steps to harden network devices
Discuss the need of network programmability in Enterprise Networks, common programmability protocols, and configuration management tools.
Introducing AI and ML in Network Operations

Course Content

Exploring the Functions of Networking

What is a Computer Network?
Common Usage of a Computer Network
Components of a Network
Characteristics of a Network
Physical vs. Logical Topologies
Interpreting a Network Diagram
Impact of User Applications on the Network

Introducing the Host-To-Host Communications Model

Host-To-Host Communications Overview
ISO OSI Reference Model
TCP/IP Protocol Suite
Peer-To-Peer Communications
Encapsulation and De-Encapsulation
TCP/IP Stack vs OSI Reference Model

Operating Cisco IOS Software

Cisco IOS Software Features and Functions
Cisco IOS Software CLI Functions
Cisco IOS Software Modes

Introducing LANs

Local Area Networks
LAN Components
Need for Switches
Characteristics and Features of Switches

Exploring the TCP/IP Link Layer

Ethernet LAN Connection Media
Ethernet Frame Structure
LAN Communication Types
MAC Addresses
Frame Switching
Duplex Communication

Starting a Switch

Switch Installation
Connecting to a Console Port
Switch Components
Switch LED Indicators
Basic show Commands and Information
Implement the Initial Switch Configuration

Introducing the TCP/IP Internet Layer, IPv4 Addressing, and Subnets

Internet Protocol
Decimal and Binary Number Systems
Binary-to-Decimal Conversion
Decimal-to-Binary Conversion
IPv4 Address Representation
IPv4 Header Fields
IPv4 Address Classes
Subnet Masks
Subnets
Implementing Subnetting: Borrowing Bits
Implementing Subnetting: Determining the Addressing Scheme
Benefits of VLSM and Implementing VLSM
Private vs. Public IPv4 Addresses
Reserved IPv4 Addresses
Verifying IPv4 Address of a Host

Explaining the TCP/IP Transport Layer and Application Layer

TCP/IP Transport Layer Functions
Reliable vs.Best-Effort Transport
TCP Characteristics
UDP Characteristics
TCP/IP Application Layer
Introducing HTTP
Domain Name System
Explaining DHCP for IPv4

Exploring the Functions of Routing

Role of a Router
Router Components
Router Functions
Routing Table
Path Determination
Cisco Router Models
Routing Hierarchy on Internet

Configuring a Cisco Router

Initial Router Setup
Configuring Router Interfaces
Configuring IPv4 Addresses on Router Interfaces
Checking Interface Configuration and Status
Exploring Connected Devices
Using Cisco Discovery Protocol
Configure and Verify LLDP
Implement an Initial Router Configuration

Exploring the Packet Delivery Process

Layer 2 Addressing
Layer 3 Addressing
Default Gateways
Address Resolution Protocol
Host-To-Host Packet Delivery

Troubleshooting a Simple Network

Troubleshooting Methods
Troubleshooting Tools
Troubleshooting Common Switch Media Issues
Troubleshooting Common Switch Port Issues
Troubleshooting Common Problems Associated with IPv4 Addressing

Introducing Basic IPv6

IPv4 Address Exhaustion Workarounds
IPv6 Features
IPv6 Addresses and Address Types
Comparison of IPv4 and IPv6 Headers
Internet Contorl Message Protocol Version 6
Neighbor Discovery
IPv6 Address Allocation
Verification of End-To-End IPv6 Connectivity

Configuring Static Routing

Routing Operation
Static and Dynamic Routing Comparison
When to Use Static Routing
IPv4 Static Route Configuration
Default Routes
Verifying Static and Default Route Configuration
IPv6 Static Route Configuration
Implement IPv4 Static Routing
Implement IPv6 Static Routing

Implementing VLANs and Trunks

VLAN Introduction
Creating a VLAN
Assigning a Port to a VLAN
Trunking with 802.1Q
Configuring an 802.1Q Trunk
VLAN Design Considerations
Troubleshoot VLANS and Trunks

Routing Between VLANs

Purpose of Inter-VLAN Routing
Options for Inter-VLAN Routing
Implement Multiple VLANS and Basic Routing Between the VLANs

Introducing OSPF

Dynamic Routing Protocols
Path Selection
Link-State Routing Protocol Overview
Link-State Routing Protocol Data Structures
Introducing OSPF
Establishing OSPF Neighbor Adjacencies
OSPF Neighbor States
SPF Algorithm
Building a Link-State Database
Routing for IPv6

Building Redundant Switched Topologies

Physical Redundancy in a LAN
Issues in Redundant Toplogies
Spanning Tree Operation
Types of Spanning Tree Protocols
PortFast, BPDU Guard and BPDU Filter
Rapid Spanning Tree Protocol
STP Loop Guard
STP Root Guard

Improving Redundant Switched Topologies with EtherChannel

EtherChannel Overview
EtherChannel Configuration Options
Configuring and Verifying EtherChannel
Improve Redundant Switched Toplogies with EtherChannel

Explaining the Basics of ACL

ACL Overview
ACL Operation
ACL Wildcard Masking
Wildcard Mask Abbreviations
Types of Basic ACLs
Configuring Standard IPv4 ACLs
Configuring Extended IPv4 ACLs
Verifying and Modifying IPv4 ACLs
Applying IPv4 ACLs to Filter Network Traffic
Implement Numbered and Named IPv4 ACLs

Enabling Internet Connectivity

Introducing Network Address Translation
NAT Terminology and Translation Mechanisms
Benefits and Drawbacks of NAT
Static NAT and Port Forwarding
Dynamic NAT
Port Address Translation
Configuring and Verifying Inside IPv4 NAT
Implement PAT

Introducing AL and ML in Network Operations

Basics of AI and ML
Advanced AI Concepts
Retrieval-Augmented Generation
Role of AI and ML in Network Operations

Introducing System Monitoring

Introducing Syslog
Syslog Message Format
SNMP Overview
Enabling Network Time Protocol
Configure System Message Logging

Managing Cisco Devices

Cisco IOS Integrated File System and Devices
Stages of the Router Power-On Boot Sequence
Loading and Managing System Images Files
Loading Cisco IOS Configuration Files
Validating Cisco IOS Images Using MD5/SHA512
Managing Cisco IOS Images and Device Configuration Files
Cisco IOS WebUI

Securing Administrative Access

Network Device Security Overview
Securing Access to Priviliged EXEC Mode
Securing Console Access
Securing Remote Access
Configuring the Login Banner
Limiting Remote Access with ACLs
External Authentication Options
Secure Device Administrative Access

Implementing Device Hardening

Securing Unused Ports
Infrastructure ACL
Disabling Unused Services
Port Security
Mitigating VLAN Attacks
Dynamic ARP Inspection
Mitigating STP Attacks
Implement Device Hardening

Exploring Layer 3 Redundancy (Self-Study)

Need for Default Gateway Redundancy
Understanding FHRP
Understanding HSRP

Introducing WAN Technologies (Self-Study)

Introduction to WAN Technologies
WAN Devices and Demarcation Point
WAN Topology Options
WAN Connectivity Options
Virtual Private Networks
Enterprise-Managed VPNs

Introducing QoS (Self-Study)

Converged Networks
QoS Defined
QoS Policy
QoS Mechanisms
QoS Models
Deploying End-to-End QoS

Explaining Wireless Fundamentals (Self-Study)

Wireless Technologies
Wireless Radio Communication
WLAN Architectures
WI-FI Channels
AP and WLC Management

Introducing Architectures and Virtualization (Self-Study)

Introduction to Network Design
Enterprise Three-Tier Hierarchical Network Design
Spine – Leaf Network Design
Cisco Enterprise Architecture Model
Underlay and Overlay Network Concepts
Cloud Computing Overview
Network Device Architecture
Virtualization Fundamentals

Explaining Software-Defined Networking (Self-Study)

Software-Defined Networking
Traditional versus Software-Defined Networks
Software-Defined Network Layers
Introducing Cisco Catalyst Center
Cisco Catalyst Center Dashboard and Tools
Introducing Cisco SD-Access
Introducing Cisco Catayst SD-WAN
Introducing Cisco Meraki

Introducing Network Programmability (Self-Study)

Traditional Network Management
Network Automation and Programmability
Network Automation Use Cases
Model-Driven Programmability
Data Encoding Formats
JavaScript Object Notation
Extensible Markup Language
YAML Data Serialisation Standard
Network Management Protocols
Configuration Management Tools Overview
Ansible
Terraform

Examining the Security Threat Landscape (Self-Study)

Security Threat Landscape Overview
Malware
Hacking Tools
DoS and DDoS
Spoofing
Reflection and Amplification Attacks
Social Engineering
Evolution of Phishing
Password Attacks
Reconnaissance Attacks
Buffer Overflow Attacks
Man-in-the-Middle Attacks
Vectors of Data Loss and Exfiltration
Other Considerations

Implementing Threat Defense Technologies (Self-Study)

Information Security Overview
Firewalls
Intrusion Preventions Systems
Protection Against Data Loss and Phishing Attacks
Defending against DoS and DDoS Attacks
Introduction to Cryptographic Technologies
IPsec Security Services
Secure Sockets Layer and Transport Layer Security
Wireless Security Protocols

Labs:

Discovery 1: Get Started with Cisco Command-Line Interface (CLI)
Discovery 2: Observe How a Switch Operates
Discovery 3: Perform Basic Switch Configuration
FAST Lab 1: Implement the Initial Switch Configuration
Discovery 4: Inspect TCP/IP Applications
Discovery 5: Configure an Interface on a Cisco Router
Discovery 6: Configure and Verify Layer 2 Discovery Protocols
FAST Lab 2: Implement an Initial Router Configuration
Discovery 7: Configure Default Gateway
Discovery 8: Explore Packet Forwarding
Discovery 9: Troubleshoot Switch Media and Port Issues
Discovery 10: Troubleshoot Port Duplex Issues
Discovery 11: Configure Basic IPv6 Connectivity
Discovery 12: Configure and Verify IPv4 Static Routes
Discovery 13: Configure IPv6 Static Routes
FAST Lab 3: Implement IPv4 Static Routing
FAST Lab 4: Implement IPv6 Static Routing
Discovery 14: Configure VLANs and Trunk
FAST Lab 5: Troubleshoot VLANs and Trunk
Discovery 15: Configure Inter-VLAN Routing
FAST Lab 6: Implement Multiple VLANs and Basic Routing Between the VLANs
Discovery 16: Configure and Verify Single-Area OSPF
Discovery 17: Configure and Verify EtherChannel
FAST Lab 7: Improve Redundant Switched Topologies with EtherChannel
Discovery 18: Configure and Verify IPv4 ACLs
FAST Lab 8: Implement Numbered and Named IPv4 ACLs
Discovery 19: Configure a Provider-Assigned IPv4 Address
Discovery 20: Configure Static NAT
Discovery 21: Configure Dynamic NAT and Port Address Translation (PAT)
FAST Lab 9: Implement PAT
Discovery 22: Configure and Verify NTP
FAST Lab 10: Configure System Message Logging
Discovery 23: Create the Cisco IOS Image Backup
Discovery 24: Upgrade Cisco IOS Image
Discovery 25: Secure Console and Remote Access
Discovery 26: Enable and Limit Remote Access Connectivity
FAST Lab 11: Secure Device Administrative Access
Discovery 27: Configure and Verify Port Security
FAST Lab 12: Implement Device Hardening
Discovery 28: Log into and Monitor the WLC
Discovery 29: Configure an Open Wireless Network
Discovery 30: Define a RADIUS Server and Enable SNMP and Syslog
Discovery 31: Configure a WLAN to Use WPA2 PSK

Course Overview

The Designing and Implementing Cloud Connectivity training helps you develop the skills required to design and implement enterprise cloud connectivity solutions. Learn how to leverage both private and public internet-based connectivity to extend the enterprise network to cloud providers. Explore the basic concepts surrounding public cloud infrastructure and how services like Software as a Service (SaaS) can be integrated. You will practice how to analyze and recommend connectivity models that provide the best quality of experience for users. Implement both Internet Protocol Security (IPsec) and Software-Defined Wide-Area Network (SD-WAN) cloud connectivity, as well as build overlay routing with Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). Finally, practice troubleshooting cloud connectivity issues relating to IPsec, SD-WAN, routing, application performance, and policy application.

This training will help you:

This training prepares you for the 300-440 ENCC exam. If passed, you earn the Cisco Certified Specialist–Enterprise Cloud Connectivity certification and satisfy the concentration exam requirement for the Cisco Certified Network Professional (CCNP) Enterprise certification.

Course Objectives

After completing this course you should be able to:

Describe the fundamental components and concepts of cloud computing, including deployment models, cloud services, and cloud providers, to provide learners with a comprehensive overview of the subject
Describe the options available for establishing connectivity to public cloud services, including point-to-point IPsec VPN and various Cisco Catalyst SD-WAN Cloud OnRamp deployment options
Explain the public cloud connectivity architecture similarities and differences between different cloud service providers and explore the available connectivity options to the public cloud from a Cisco Catalyst SD-WAN environment
Describe private connectivity options to public cloud provider infrastructure
Describe direct connections to different public cloud providers for private peering
Describe connectivity solutions such as colocation, cloud exchange, and software-defined cloud interconnect providers for connecting to the public cloud infrastructure
Describe the available options for connectivity to SaaS applications from a geographically distributed organization’s premises
Explain the emergence of DIA to optimize cloud application performance and user experience
Describe the essential business and technical prerequisites for achieving high availability, resiliency, and scalability within an enterprise cloud connectivity network solution
Describe AWS, Azure, and GCP native security
Describe PCI DSS, FedRAMP, and HIPAA compliance requirements and their role in public cloud integration
Implement underlay (internet-based) connectivity to connect to the public cloud
Configure overlay tunnels over public transport to a cloud-native gateway in AWS, Azure, and GCP and to a cloud-hosted Cisco IOS XE router
Deploy a cloud-hosted Cisco IOS XE-based router instance and customize the cloud networking setup
Configure OSPF and BGP routing for typical enterprise network
Explore Cisco Umbrella SIG
Introduce Cisco vManage Policy Architecture and centralized data policies
Explain AAR policy components and implementation
Understand Microsoft 365 Traffic categories and service areas
Describe the AppQoE feature
Describe DRE deployment considerations
Describe how to diagnose and troubleshoot common issues for connectivity to public cloud environments using internet-based connectivity
Introduce the BGP routing protocol used for establishing connectivity between on-premises and public cloud devices over different connection options
Discuss BGP peering and connectivity issues with Microsoft Azure and explore various troubleshooting and test tools and techniques
Discuss some common configuration, networking, and routing issues encountered on customer edge devices when connecting to Microsoft Azure ExpressRoute

Course Content

Public Cloud Fundamentals

Cloud Computing
Cloud Deployment Models
Public Cloud Service Models
Public Cloud Providers

Internet-Based Connectivity to Public Cloud

Public Internet
VPN
Cisco SD-WAN
Cisco SD-WAN Cloud Connectivity

Private Connectivity to Public Cloud

Private Connectivity Overview
Direct Connect and Private Peering
Colocations, Cloud Exchange and Software-Defined Cloud Interconnect

SaaS Connectivity

Centralized Internet Gateway
Direct Internet Access
Cloud Security Providers (Umbrella)
Dedicated Connectivity (Webex)

Resilient and Scalable Public Cloud Connectivity

Business and Technical Requirements
High Availability and Resiliency
Performance and Scalability
Bandwidth (Dedicated and Shared)
SLA and QoS
Design Case Study Activity: Designing Enterprise Cloud Connectivity

Cloud-Native Security Policies

Public Cloud Security Overview
East-West Traffic Control
North-South Traffic Control
Inter-Region Connectivity
Amazon Web Servces (AWS) Native Security
Microsoft Azure Native Security
Google Cloud Platform (GCP) Native Security

Regulatory Compliance Requirements

Regulatory Compliance Requirements

Internet-Based Public Cloud Connectivity

Underlay Transport Network
Overlay VPN Tunnels to a Cloud Gateway in AWS
Overlay VPN Tunnels to a Cloud Gateway im Azure
Overlay VPN Tunnels to a Cloud Gateway in GCP
Overlay VPN Tunnels to a Cloud-Hosted Cisco IOS XE Router

Overlay Routing Deployment

Overlay Routing
Configure OSPF
Configure BGP
Configure BGP in AWS
Configure BGP in Azure Cloud
Configure BGP in GCP
Summary Configuration Example

Cisco SD-WAN Internet-Based Cloud Connectivity

Cloud OnRamp Functionality
Cloud OnRamp for Multicloud

Cisco SD-WAN Cloud Security

Cisco vManage Security Policies
Cisco Umbrella Cloud Security

Cloud OnRamp for Saas

SaaS Applications Challenges
Client-Side SaaS Path Performance Statistics
Cloud OnRamp for SaaS over SIG Tunnels
Cloud OnRamp for SaaS and Microsoft 365

Cisco SD-WAN Policies

Policy Configuration Overview
Data Policy Overview
Centralized Data Policy
Use case – Implementing Traffic Engineering
AAR Overview
AAR Components
Implement AAR Policy for Cloud OnRamp for SaaS
Configuring Traffic Category and Service Area for Specific Policies
Enable Cloud OnRamp for SaaS for Specific Applications at Specific Sites

Application Quality of Experience

Application Quality of Experience Overview
TCP Optimization
Data Redundancy Elimination
Packet Duplication
Forward Error Correction

Internet-Based Public Cloud Connectivity Diagnostics

Diagnose Underlay Transport Network
Diagnose Overlay VPN Tunnel Connectivity to a Cloud Gateway
Troubleshoot AWS VPN Gateways
Troubleshoot Azure VPN Gateways
Troubleshoot GCP VPN Gateways

Overlay Routing Diagnostics

Overlay Network Basics
Open Shortest Path First
Border Gateway Protocol (BGP)
Overlay Routing in Cloud Environments

Cisco SD-WAN Public Cloud Connectivity Diagnostics

Troubleshoot Underlay Connectivity
Troubleshoot Overlay Routing
Troubleshoot Cisco SD-WAN Cloud OnRamp

Labs

Discovery Lab 1: Initial Lab Network Exploration
Discovery Lab 2: Implement IPsec Connectivity to Public Cloud Gateways
Discovery Lab 3: Implement IPsec Connectivity to Cloud-Hosted Cisco IOS-XE Routers
Discovery Lab 4: Implement Overlay Routing
Discovery Lab 5: Deploy Cloud OnRamp for Multicloud
Discovery Lab 6: Deploy Umbrella Cloud Security
Discovery Lab 7: Implement Cloud OnRamp for SaaS
Discovery Lab 8: Troubleshoot Underlay Connectivity
Discovery Lab 9: Troubleshoot Overlay Routing
Discovery Lab 10: Diagnose Cloud OnRamp for Multicloud