You are previewing CCNP ISCW Portable Command Guide.
O'Reilly logo
CCNP ISCW Portable Command Guide

Book Description

All the CCNP ISCW 642-825 commands in one compact and portable resource

  • All CCNP ISCW commands in an easily referenced resource, no need to be near the Internet for searching online resources

  • Compact size makes it easy to carry with you as a reference in the workplace. No need to carry around big thick books

  • ONLY book published with all CCNP ISCW commands from the only official Cisco certification self study publisher

  • With hundreds of Cisco IOSĀ® Software commands, options, and command arguments to remember, a CCNP ISCW candidate has a lot to commit to memory. Having an easy-to-use, portable reference filled with handy tips and examples on how to apply the commands to real-world scenarios will help increase your familiarity with Cisco IOS Software when working on routers and switches. The CCNP ISCW Portable Command Guide is a supplementary guide to assist network administrators in the proper use of the Cisco IOS and of the commands needed to pass the CCNP ISCW exam. The guide summarizes all ISCW commands, keywords, command arguments, and associated prompts. Configuration examples are provided throughout the book to give a better understanding of how these commands are used in network designs. This guide is not meant to replace any existing learning materials but rather serve as a supplementary guide to assist networkers in the proper use of the many different commands that are required to successfully pass the CCNP ISCW exam. The CCNP ISCW (Implementing Secure Converged WANs) is one of four exams required for the CCNP certification from Cisco, and it focuses on network security and integration technologies.

    Table of Contents

    1. Copyright
      1. Dedications
    2. About the Authors
      1. About the Technical Reviewer
    3. Acknowledgments
    4. Icons Used in This Book
      1. Command Syntax Conventions
    5. Introduction
      1. Networking Devices Used in the Preparation of This Book
      2. Who Should Read This Book
      3. Organization of This Book
      4. Did We Miss Anything?
    6. 1. Network Design Requirements
      1. Cisco Service-Oriented Network Architecture
      2. Cisco Enterprise Composite Network Model
    7. 2. Connecting Teleworkers
      1. Configuration Example: DSL Using PPPoE
        1. Step 1: Configure PPPoE (External Modem)
        2. Virtual Private Dial-Up Network (VPDN) Programming
        3. Step 2: Configure the Dialer Interface
        4. For Password Authentication Protocol (PAP)
        5. For Challenge Handshake Authentication Protocol (CHAP)
        6. Step 3: Define Interesting Traffic and Specify Default Routing
        7. Step 4a: Configure NAT Using an ACL
        8. Step 4b: Configure NAT Using a Route Map
        9. Step 5: Configure DHCP Service
        10. Step 6: Apply NAT Programming
        11. Step 7: Verify a PPPoE Connection
      2. Configuring PPPoA
        1. Step 1: Configure PPPoA on the WAN Interface (Using Subinterfaces)
        2. Step 2: Configure the Dialer Interface
        3. For Password Authentication Protocol (PAP)
        4. For Challenge Handshake Authentication Protocol (CHAP)
        5. Step 3: Verify a PPPoA Connection
      3. Configuring a Cable Modem Connection
        1. Step 1: Configure WAN Connectivity
        2. Step 2: Configure Local DHCP Service
        3. Step 3: Configure NAT Using a Route Map
        4. Step 4: Configure Default Routing
        5. Step 5: Apply NAT Programming
      4. Configuring L2 Bridging Using a Cisco Cable Modem HWIC
        1. Step 1: Configure Global Bridging Parameters
        2. Step 2: Configure WAN to LAN Bridging
      5. Configuring L3 Routing Using a Cisco Cable Modem HWIC
        1. Step 1: Remove Bridge Group Programming from All Interfaces
        2. Step 2: Configure LAN Connectivity
        3. Step 3: Configure WAN Connectivity
    8. 3. Implementing Frame Mode MPLS
      1. Configuring Cisco Express Forwarding
        1. Verifying CEF
        2. Troubleshooting CEF
      2. Configuring MPLS on a Frame Mode Interface
      3. Configuring MTU Size in Label Switching
      4. Configuration Example: Configuring Frame Mode MPLS
        1. R1 Router
        2. R2 Router
        3. R3 Router
    9. 4. IPsec VPNs
      1. Configuring a Teleworker to Branch Office VPN Using CLI
        1. Step 1: Configure the ISAKMP Policy (IKE Phase 1)
        2. Step 2: Configure Policies for the Client Group(s)
        3. Step 3: Configure the IPsec Transform Sets (IKE Phase 2, Tunnel Termination)
        4. Step 4: Configure Router AAA and Add VPN Client Users
        5. Step 5: Create VPN Client Policy for Security Association Negotiation
        6. Step 6: Configure the Crypto Map (IKE Phase 2)
        7. Step 7: Apply the Crypto Map to the Interface
        8. Step 8: Verify the VPN Service
      2. Configuring IPsec Site-to-Site VPNs Using CLI
        1. Step 1: Configure the ISAKMP Policy (IKE Phase 1)
        2. Step 2: Configure the IPsec Transform Sets (IKE Phase 2, Tunnel Termination)
        3. Step 3: Configure the Crypto ACL (Interesting Traffic, Secure Data Transfer)
        4. Step 4: Configure the Crypto Map (IKE Phase 2)
        5. Step 5: Apply the Crypto Map to the Interface (IKE Phase 2)
        6. Step 6: Configure the Firewall Interface ACL
        7. Step 7: Verify the VPN Service
      3. Configuring IPsec Site-to-Site VPNs Using SDM
      4. Configuring GRE Tunnels over IPsec
        1. Step 1: Create the GRE Tunnel
        2. Step 2: Specify the IPsec VPN Authentication Method
        3. Step 3: Specify the IPsec VPN IKE Proposals
        4. Step 4: Specify the IPsec VPN Transform Sets
        5. Step 5a: Specify Static Routing for the GRE over IPsec Tunnel
        6. Step 5b: Specify Routing with OSPF for the GRE over IPsec Tunnel
        7. Step 6: Enable the Crypto Programming at the Interfaces
      5. Configuring a Static IPsec Virtual Tunnel Interface
        1. Step 1: Configure EIGRP AS 1
        2. Step 2: Configure Static Routing
        3. Step 3: Create IKE Policies and Peers
        4. Step 4: Create IPsec Transform Sets
        5. Step 5: Create an IPsec Profile
        6. Step 6: Create the IPsec Virtual Tunnel Interface
      6. Configuring High Availability VPNs
        1. Step 1: Configure Hot Standby Routing Protocol Configuration on HSRP1
        2. Step 2: Configure Site-to-Site VPN on HSRP1
          1. HSRP1 Configuration
            1. Tunnel Traffic Filter
            2. Key Exchange Policy
            3. Addressing, Authentication Credentials, and Transform Set
            4. IPsec Tunnel
          2. HSRP2 Configuration
            1. Tunnel Traffic Filter
            2. Key Exchange Policy
            3. Addressing, Authentication Credentials, and Transform Set
            4. IPsec Tunnel
        3. Step 3: Add Programming for Crypto Redundancy Configuration
        4. Step 4: Define the Interdevice Communication Protocol (HSRP1 and HSRP)
        5. Step 5: Apply the Programming at the Interface
      7. Configuring Easy VPN Server Using Cisco SDM
      8. Implementing the Cisco VPN Client
    10. 5. Cisco Device Hardening
      1. Disabling Unneeded Services and Interfaces
      2. Disabling Commonly Configured Management Services
      3. Disabling Path Integrity Mechanisms
      4. Disabling Features Related to Probes and Scans
      5. Terminal Access Security
      6. Gratuitous and Proxy Address Resolution Protocol
      7. Disabling IP Directed Broadcasts
      8. Locking Down Routers with AutoSecure
      9. Optional AutoSecure Parameters
      10. Locking Down Routers with Cisco SDM
        1. SDM Security Audit Wizard
        2. One-Step Lockdown
      11. Setting Cisco Passwords and Password Security
      12. Securing ROMMON
      13. Setting a Login Failure Rate
      14. Setting Timeouts
      15. Setting Multiple Privilege Levels
      16. Configuring Banner Messages
      17. Role-Based CLI
      18. Secure Configuration Files
      19. Tips for Using Access Control Lists
      20. Using ACLs to Filter Network Traffic to Mitigate Threats
        1. IP Address Spoofing: Inbound
        2. IP Address Spoofing: Outbound
        3. DoS TCP SYN Attacks: Blocking External Attacks
        4. DoS TCP SYN Attacks: Using TCP Intercept
        5. DoS Smurf Attacks
        6. Filtering ICMP Messages: Inbound
        7. Filtering ICMP Messages: Outbound
        8. Filtering UDP Traceroute Messages
      21. Mitigating Dedicated DoS Attacks with ACLs
        1. Mitigating TRIN00
        2. Mitigating Stacheldraht
        3. Mitigating Trinity v3
        4. Mitigating SubSeven
      22. Configuring an SSH Server for Secure Management and Reporting
      23. Configuring Syslog Logging
      24. Configuring an SNMP Managed Node
      25. Configuring NTP Clients and Servers
      26. Configuration Example: NTP
        1. Winnipeg Router (NTP Source)
        2. Brandon Router (Intermediate Router)
        3. Dauphin Router (Client Router)
      27. Configuring AAA on Cisco Routers Using CLI
        1. TACACS+
        2. RADIUS
        3. Authentication
        4. Authorization
        5. Accounting
      28. Configuring AAA on Cisco Routers Using SDM
    11. 6. Cisco IOS Threat Defense Features
      1. Configuring an IOS Firewall from the CLI
        1. Step 1: Choose the Interface and Packet Direction to Inspect
        2. Step 2: Configure an IP ACL for the Interface
        3. Step 3: Set Audit Trails and Alerts
        4. Step 4: Define the Inspection Rules
        5. Step 5: Apply the Inspection Rules and the ACL to the Outside Interface
        6. Step 6: Verify the Configuration
        7. Troubleshooting the Configuration
      2. Configuring a Basic Firewall Using SDM
      3. Configuring an Advanced Firewall Using SDM
      4. Verifying Firewall Activity Using CLI
      5. Verifying Firewall Activity Using SDM
      6. Configuring Cisco IOS Intrusion Prevention System from the CLI
        1. Step 1: Specify the Location of the SDF
        2. Step 2: Configure the Failure Parameter
        3. Step 3: Create an IPS Rule, and Optionally Apply an ACL
        4. Step 4: Apply the IPS Rule to an Interface
        5. Step 5: Verify the IPS Configuration
        6. IPS Enhancements
          1. Merge SDFs
          2. Disable, Delete, and Filter Selected Signatures Within an SDF
          3. Change the Location of the SDF
      7. Configuring Cisco IOS IPS from the SDM
      8. Viewing Security Device Event Exchange Messages Through SDM
      9. Tuning Signatures Through SDM
    12. Create Your Own Journal Here