Project Description
Infrastructure Security
4.1 Device security
4.1.a Implement and troubleshoot IOS AAA using local database
4.1.b Implement and troubleshoot device access control
- 4.1.b (i) Lines (VTY, AUX, console)
- 4.1.b (ii) SNMP
- 4.1.b (iii) Management plane protection
- 4.1.b (iv) Password encryption
4.1.c Implement and troubleshoot control plane policing
4.2 Network security
4.2.a Implement and troubleshoot switch security features
- 4.2.a (i) VACL, PACL
- 4.2.a (ii) Stormcontrol
- 4.2.a (iii) DHCP snooping
- 4.2.a (iv) IP source-guard
- 4.2.a (v) Dynamic ARP inspection
- 4.2.a (vi) Port-security
- 4.2.a (vii) Private VLAN
4.2.b Implement and troubleshoot router security features
- 4.2.b (i) IPv4 access control lists (standard, extended, time-based)
- 4.2.b (ii) IPv6 traffic filter
- 4.2.b (iii) Unicast reverse path forwarding
4.2.c Implement and troubleshoot IPv6 first hop security
- 4.2.c (i) RA guard
- 4.2.c (ii) DHCP guard
- 4.2.c (iii) Binding table
- 4.2.c (iv) Device tracking
- 4.2.c (v) ND inspection/snooping
- 4.2.c (vi) Source guard
- 4.2.c (vii) PACL
4.3 Troubleshooting infrastructure security
4.3.a Use IOS troubleshooting tools
- 4.3.a (i) debug, conditional debug
- 4.3.a (ii) ping, traceroute with extended options
- 4.3.a (iii) Embedded packet capture
4.3.b Apply troubleshooting methodologies
- 4.3.b (i) Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
- 4.3.b (ii) Design and implement valid solutions according to constraints
- 4.3.b (iii) Verify and monitor resolution
4.3.c Interpret packet capture
- 4.3.c (i) Using wireshark trace analyzer
- 4.3.c (ii) Using IOS embedded packet capture