Unit I
General Network Design: Network Design Methodology, Architectures for the
Enterprise, Borderless Networks Architecture, Collaboration and Video
Architecture, Data Center and Virtualization Architecture, Design Lifecycle:
Plan, Build, Manage Plan Phase Build Phase Manage Phase Prepare, Plan,
Design, Implement, Operate, and Optimize Phases Prepare Phase Plan Phase
Design Phase Implement Phase Operate Phase Optimize Phase Summary of
PPDIOO Phases Project Deliverables Design Methodology Identifying
Customer Design Requirements Characterizing the Existing Network Steps in
Gathering Information Network Audit Tools Network Checklist Designing the
Network Topology and Solutions Top-Down Approach Pilot and Prototype
Tests Design Document
Network Design Models: Hierarchical Network Models Benefits of the
Hierarchical Model, Hierarchical Network Design, Core Layer, Distribution
Layer, Access Layer, Hierarchical Model Examples, Hub-and-Spoke, Design
Collapsed Core, Design Enterprise Architecture Model, Enterprise Campus
Module, Enterprise Edge Area, E-Commerce Module, Internet Connectivity
Module, VPN/Remote Access, Enterprise WAN, Service Provider Edge
Module, Remote Modules, Enterprise Branch Module, Enterprise Data Center
Module, Enterprise Teleworker Module, High Availability Network Services,
Workstation-to-Router Redundancy and LAN, High Availability Protocols,
ARP Explicit Configuration, RDP, RIP, HSRP, VRRP, GLBP, Server
Redundancy, Route Redundancy, Load Balancing, Increasing Availability, Link
Media Redundancy
Unit II
Enterprise LAN Design: LAN Media, Ethernet Design Rules, 100Mbps Fast
Ethernet Design Rules, Gigabit Ethernet Design Rules, 1000BASE-LX Long-12
Wavelength Gigabit Ethernet, 1000BASE-SX Short-Wavelength Gigabit
Ethernet, 1000BASE-CX Gigabit Ethernet over Coaxial Cable, 1000BASE-T
Gigabit Ethernet over UTP 86, 10 Gigabit Ethernet Design Rules, 10GE Media
Types, EtherChannel, Comparison of Campus Media LAN Hardware,
Repeaters, Hubs, Bridges, Switches, Routers, Layer 3 Switches, Campus LAN
Design and Best Practices Best Practices for Hierarchical Layers, Access Layer
Best Practices, Distribution Layer Best Practices, Core Layer Best Practices,
STP Design Considerations, STP Toolkit, PortFast
UplinkFast, BackboneFast, Loop Guard, Root Guard, BPDU Guard, BPDU
Filter, VLAN and Trunk Considerations, Unidirectional Link Detection
(UDLD) Protocol, Large-Building LANs, Enterprise Campus LANs, Edge
Distribution, Medium-Size LANs, Small and Remote Site LANs, Server Farm
Module, Server Connectivity Options, Enterprise Data Center Infrastructure,
Campus LAN QoS Considerations, Multicast Traffic Considerations, CGMP,
IGMP Snooping.
Data Center Design: Enterprise DC Architecture, Data Center Foundation
Components, Data Center Topology Components, Data Center Network
Programmability, SDN, Controllers, APIs, ACI, Challenges in the DC, Data
Center Facility Aspects, Data Center Space, Data Center Power, Data Center
Cooling, Data Center Heat, Data Center Cabling, Enterprise DC Infrastructure,
Data Center Storage, Data Center Reference Architecture, Defining the DC
Access Layer, Defining the DC Aggregation Layer, Defining the DC Core
Layer, Security in the DC, Fabric Extenders, Virtualization Overview,
Challenges, Defining Virtualization and Benefits, Virtualization Risks, Types
of Virtualization, Virtualization Technologies, VSS, VRF, vPC, Device
Contexts, Server Virtualization, Server Scaling, Virtual Switching, Network
Virtualization Design Considerations, Access Control, Path Isolation, Services
Edge, Data Center Interconnect, DCI Use Cases, DCI Transport Options, DCI
L2 Considerations, Load Balancing in the DC, Application Load Balancing,
Network Load Balancing.
Unit III
Wireless LAN Design: Wireless LAN Technologies, WLAN Standards, ISM
and UNII Frequencies, Summary of WLAN Standards, Service Set Identifier,
WLAN Layer 2 Access Method, WLAN Security, Unauthorized Access,
WLAN Security Design Approach, IEEE 802.1X-2001 Port-Based
Authentication, Dynamic WEP Keys and LEAP, Controlling WLAN Access to
Servers, WLAN Authentication, Authentication Options, WLAN Controller
Components, WLC Interface Types, AP Controller Equipment Scaling,
Roaming and Mobility Groups, Intracontroller Roaming, Layer 2 Intercontroller
Roaming, Layer 3 Intercontroller Roaming, Mobility Groups, WLAN Design,
Controller Redundancy Design: Deterministic vs. Dynamic, N+1 WLC
Redundancy, N+N WLC Redundancy, N+N+1 WLC Redundancy, Radio
Management and Radio Groups, RF Groups, RF Site Survey, Using EoIP
Tunnels for Guest Services, Wireless Mesh for Outdoor Wireless, Mesh Design
Recommendations, Campus Design Considerations, Power over Ethernet (PoE),
Wireless and Quality of Service (QoS), Branch Design Considerations, Local
MAC, REAP, Hybrid REAP, Branch Office Controller Options
WAN Technologies and the Enterprise Edge: WAN and Enterprise Edge
Overview, Definition of WAN, WAN Edge Module, Enterprise
Edge Modules, WAN Transport Technologies, ISDN, ISDN BRI Service, ISDN
PRI Service, Digital Subscriber Line, Cable, Wireless, Frame Relay, Time
Division Multiplexing, Metro Ethernet, SONET/SDH, Multiprotocol Label
Switching (MPLS), Dark Fiber, Dense Wavelength-Division Multiplexing,
Ordering WAN Technology and Contracts, WAN and Edge Design
Methodologies, Response Time, Throughput, Reliability, Bandwidth
Considerations, WAN Link Categories, Optimizing Bandwidth Using QoS,
Queuing, Traffic Shaping and Policing, Classification, Congestion
Management, Priority Queuing, Custom Queuing, Weighted Fair Queuing,
Class-Based Weighted Fair Queuing, Low-Latency Queuing, Traffic Shaping
and Policing, Link Efficiency, Window Size, DMZ Connectivity, Segmenting
DMZs, DMZ Services, Internet Connectivity, Centralized Internet (Branch) vs.
Direct Internet (Branch), High Availability for the Internet Edge, VPN Network
Design.
WAN Design
Traditional WAN Technologies Hub-and-Spoke Topology
Full-Mesh Topology Partial-Mesh Topology Point-to-Point Topology Remote
Site Connectivity
Enterprise VPN vs. Service Provider VPN Enterprise Managed VPN: IPsec
IPsec Direct Encapsulation Generic Routing Encapsulation IPsec DMVPN
IPsec Virtual Tunnel Interface Design GETVPN Service Provider–Managed
Offerings ,Metro Ethernet Service Provider VPNs: L2 vs. L3 ,Virtual Private
Wire Services VPWS L2 VPN Considerations ,Virtual Private LAN Services
VPLS L2 VPN Considerations ,MPLS, MPLS Layer 3 Design Overview MPLS
L3 VPN Considerations ,VPN Benefits WAN Backup Design WAN Backup
over the Internet Enterprise WAN Architecture Cisco Enterprise MAN/WAN
Enterprise WAN/MAN Architecture Comparison ,Enterprise WAN
Components Comparing Hardware and Software Enterprise Branch
Architecture Branch Design Branch Connectivity Redundancy for Branches
Single WAN Carrier vs. Dual WAN Carriers Single MPLS Carrier Site ,Dual
MPLS Carriers Hybrid WAN: L3 VPN with IPsec VPN ,Internet for Branches
Flat Layer 2 vs. Collapsed Core ,Enterprise Branch Profiles Small Branch
Design Medium Branch Design Large Branch Design Enterprise Teleworker
Design ,ISRs for Teleworkers
Unit IV
Internet Protocol Version 4 Design,IPv4 Header ToS IPv4 Fragmentation IPv4
Addressing ,IPv4 Address Classes Class A Addresses Class B Addresses ,Class
C Addresses Class D Addresses Class E Addresses ,IPv4 Address Types IPv4
Private Addresses NAT ,IPv4 Address Subnets Mask Nomenclature IP Address
Subnet Design Example Determining the Network Portion of an IP Address
Variable-Length Subnet Masks, Loopback Addresses IP Telephony Networks
,IPv4 Addressing Design Goal of IPv4 Address Design , Plan for Future Use of
IPv4 Addresses , Performing Route Summarization , Plan for a
Hierarchical IP Address Network , Private and Public IP Address and NAT
Guidelines , Steps for Creating an IPv4 Address Plan
Case Study: IP Address Subnet Allocation , Address Assignment and Name
Resolution , Recommended Practices of IP Address Assignment , BOOTP
DHCP DNS , Internet Protocol Version 6 Design, IPv6 Header IPv6 Address
12
Representation IPv4-Compatible IPv6 Addresses IPv6 Prefix Representation
IPv6 Address Scope Types and Address Allocations IPv6 Address Allocations
IPv6 Unicast Address Global Unicast Addresses Link-Local Addresses , Unique
Local IPv6 Address Global Aggregatable IPv6 Address , IPv4-Compatible IPv6
Address IPv6 Anycast Addresses , IPv6 Multicast Addresses IPv6 Mechanisms
ICMPv6 , IPv6 Neighbor Discovery Protocol IPv6 Name Resolution , Path
MTU Discovery IPv6 Address-Assignment Strategies , Manual Configuration
SLAAC of Link-Local Address , SLAAC of Globally Unique IPv6 Address
DHCPv6 , DHCPv6 Lite IPv6 Security IPv6 Routing Protocols
RIPng OSPFv3 , BGP4 Multiprotocol Extensions (MP-BGP) for IPv6 , IPv6
Addressing Design , Planning for Addressing with IPv6 , Route Summarization
with IPv6 IPv6 Private Addressing
IPv6 for the Enterprise IPv6 Address Allocation , Partly Linked IPv4
Address into IPv6, Whole IPv4 Address Linked into IPv6
IPv6 Addresses Allocated Per Location and/or Type , IPv4-to-IPv6 Transition
Mechanisms and Deployment Models , Dual-Stack Mechanism IPv6 over IPv4
Tunnels , Protocol Translation Mechanisms IPv6 Deployment Models , Dual
Stack Model Hybrid Model Service Block Model ,IPv6 Deployment Model
Comparison IPv6 Comparison with IPv4 ,OSPF, BGP, Route Manipulation, and
IP Multicast,OSPFv2 OSPFv2 Metric OSPFv2 Adjacencies and Hello Timers ,
OSPFv2 Areas OSPF Area Design Considerations OSPF Router Types OSPF
DRs LSA Types Autonomous System External Path Types OSPF Stub Area
Types Stub Areas Totally Stubby Areas , NSSAs Virtual Links OSPFv2 Router
Authentication , OSPFv2 Summary OSPFv3 OSPFv3 Changes from OSPFv2,
OSPFv3 Areas and Router Types OSPFv3 LSAs OSPFv3 Summary
BGP BGP Neighbors eBGP iBGP Route Reflectors Confederations BGP
Administrative Distance, BGP Attributes, Weight, and the BGP Decision
Process
BGP Path Attributes Next-Hop Attribute Local Preference Attribute Origin
Attribute Autonomous System Path Attribute
MED Attribute Community Attribute Atomic Aggregate and Aggregator
Attributes Weight BGP Decision Process, BGP Summary, Route Manipulation
PBR Route Summarization
Route Redistribution Default Metric OSPF Redistribution Route Filtering
Transit Traffic Routing Protocols on the Hierarchical Network Infrastructure IP
Multicast Review, Multicast Addresses Layer 3 to Layer 2 Mapping IGMP,
IGMPv1 IGMPv2 IGMPv3 CGMP IGMP Snooping, Sparse Versus Dense
Multicast Multicast Source and Shared
Trees PIM PIM-SM PIM DR Auto-RP PIMv2 Bootstrap Router, DVMRP IPv6
Multicast Addresses
Unit V
Managing Security : Network Security Overview Security Legislation Security
Threats Reconnaissance and Port Scanning Vulnerability Scanners
Unauthorized Access Security Risks Targets Loss of Availability
Integrity Violations and Confidentiality Breaches , Security Policy and Process
Security Policy Defined , Basic Approach of a Security Policy Purpose of
12
Security Policies, Security Policy Components Risk Assessment , Risk Index
Continuous Security Integrating Security Mechanisms into Network Design
Trust and Identity Management , Trust Domains of Trust Identity Passwords
Tokens Certificates , Network Access Control Secure Services Encryption
Fundamentals Encryption Keys VPN Protocols , Transmission Confidentiality
Data Integrity Threat Defense , Physical Security Infrastructure Protection
Security Management Solutions Security Solution Network Security Platforms
, Trust and Identity Technologies Firewall Fundamentals , Types of Firewalls
Next-Gen Firewalls NAT Placement , Firewall Guidelines Firewall ACLs ,
Identity and Access Control Deployments Detecting and Mitigating Threats
IPS/IDS Fundamentals IPS/IDS Guidelines , Threat Detection and Mitigation
Technologies , Threat-Detection and Threat-Mitigation Solutions , FirePOWER
IPS Security Management Applications , Security Platform Solutions Security
Management Network Integrating Security into Network Devices IOS Security,
ISR G2 Security Hardware Options Securing the Enterprise, Implementing
Security in the Campus Implementing Security in the Data Center Implementing
Security in the Enterprise Edge Network Management Protocols, Simple
Network Management Protocol SNMP Components, MIB SNMP Message
Versions SNMPv1 SNMPv2 SNMPv3, Other Network Management
Technologies RMON, RMON2 NetFlow Compared to RMON and SNMP, CDP
LLDP Syslog
