Project Description

Infrastructure Security

4.1 Device security

4.1.a Implement and troubleshoot IOS AAA using local database

4.1.b    Implement and troubleshoot device access control

  • 4.1.b (i)    Lines (VTY, AUX, console)
  • 4.1.b (ii) SNMP
  • 4.1.b (iii) Management plane protection
  • 4.1.b (iv) Password encryption

4.1.c   Implement and troubleshoot control plane policing

4.2 Network security

4.2.a    Implement and troubleshoot switch security features

  • 4.2.a (i)    VACL, PACL
  • 4.2.a (ii) Stormcontrol
  • 4.2.a (iii) DHCP snooping
  • 4.2.a (iv) IP source-guard
  • 4.2.a (v) Dynamic ARP inspection
  • 4.2.a (vi) Port-security
  • 4.2.a (vii) Private VLAN

4.2.b    Implement and troubleshoot router security features

  • 4.2.b (i)       IPv4 access control lists (standard, extended, time-based)
  • 4.2.b (ii) IPv6 traffic filter
  • 4.2.b (iii) Unicast reverse path forwarding

4.2.c        Implement and troubleshoot IPv6 first hop security

  • 4.2.c (i)     RA guard
  • 4.2.c (ii) DHCP guard
  • 4.2.c (iii) Binding table
  • 4.2.c (iv) Device tracking
  • 4.2.c (v) ND inspection/snooping
  • 4.2.c (vi) Source guard
  • 4.2.c (vii) PACL

4.3 Troubleshooting infrastructure security

4.3.a     Use IOS troubleshooting tools

  • 4.3.a (i)    debug, conditional debug
  • 4.3.a (ii) ping, traceroute with extended options
  • 4.3.a (iii) Embedded packet capture

4.3.b Apply troubleshooting methodologies

  • 4.3.b (i)    Diagnose the root cause of networking issue (analyze symptoms, identify and describe root cause)
  • 4.3.b (ii) Design and implement valid solutions according to constraints
  • 4.3.b (iii) Verify and monitor resolution

4.3.c      Interpret packet capture

  • 4.3.c (i)           Using wireshark trace analyzer
  • 4.3.c (ii) Using IOS embedded packet capture