CCNA 200-301 Official Cert Guide, Volume 2

(0) Erste Bewertung abgeben
CHF 61.90
Download steht sofort bereit
E-Book (pdf)
Informationen zu E-Books
E-Books eignen sich auch für mobile Geräte (sehen Sie dazu die Anleitungen).
E-Books von Ex Libris sind mit Adobe DRM kopiergeschützt: Erfahren Sie mehr.
Weitere Informationen finden Sie hier.


Trust the best-selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. It is built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam. This book, combined with the CCNA 200-301 Official Cert Guide Volume 1, cover all of exam topics on the CCNA 200-301 exam.

CCNA 200-301 Official Cert Guide, Volume 2 presents you with an organized test-preparation routine using proven series elements and techniques. "Do I Know This Already?" quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

· Master Cisco CCNA 200-301 exam topics

· Assess your knowledge with chapter-opening quizzes

· Review key concepts with exam preparation tasks

· Practice with realistic exam questions in the practice test software

CCNA 200-301 Official Cert Guide, Volume 2 from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Best-selling author Wendell Odom shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

· A test-preparation routine proven to help you pass the exams

· Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section

· Chapter-ending Key Topic tables, which help you drill on key concepts you must know thoroughly

· The powerful Pearson Test Prep Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports

· A free copy of the CCNA 200-301 Network Simulator, Volume 2 Lite software, complete with meaningful lab exercises that help you hone your hands-on skills with the command-line interface for routers and switches

· Links to a series of hands-on config labs developed by the author

· Online interactive practice exercises that help you enhance your knowledge

· More than 50 minutes of video mentoring from the author

· An online interactive Flash Cards application to help you drill on Key Terms by chapter

· A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies

· Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, study plans, assessment features, hands-on labs, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

The CCNA 200-301 Official Cert Guide, Volume 2, combined with CCNA 200-301 Official Cert Guide, Volume 1, walk you through all the exam topics found in the Cisco 200-301 exam. Topics covered in Volume 2 include:

· IP access control lists

· Security services

· IP services

· Network architecture

· Network automation

Companion Website:

The companion website contains more than 300 unique practice exam questions, CCNA Network Simulator Lite software, online practice exercises, and 50 minutes of video training.

Includes Exclusive Offers For Up to 70% Off Video Training, Practice Tests, and more

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above.

Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements: Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

In addition to the wealth of updated content, this new edition includes a series of free hands-on exercises to help you master several real-world configuration activities. These exercises can be performed on the CCNA 200-301 Network Simulator Lite, Volume 2 software included for free on the companion website that accompanies this book. This software, which simulates the experience of working on actual Cisco routers and switches, contains the following 13 free lab exercises, covering ACL topics in Part I:

1. ACL I




5. ACL V


7. ACL Analysis I

8. Named ACL I

9. Named ACL II

10. Named ACL III

11. Standard ACL Configuration Scenario

12. Extended ACL I Configuration Scenario

13. Extended ACL II Configuration Scenario

If you are interested in exploring more hands-on labs and practicing configuration and troubleshooting with more router and switch commands, see the special discount offer in the coupon code included in the sleeve in the back of this book.

Windows system requirements (minimum):

· Windows 10 (32/64-bit), Windows 8.1 (32/64-bit), or Windows 7 (32/64-bit)

· 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor

· 1 GB RAM (32-bit) or 2 GB RAM (64-bit)

· 16 GB available hard disk space (32-bit) or 20 GB (64-bit)

· DirectX 9 graphics device with WDDM 1.0 or higher driver

· Adobe Acrobat Reader version 8 and above

Mac system requirements (minimum)

· macOS 10.14, 10.13, 10.12, or 10.11

· Intel core Duo 1.83 GHz

· 512 MB RAM (1 GB recommended)

· 1.5 GB hard disk space

· 32-bit color depth at 1024x768 resolution

· Adobe Acrobat Reader version 8 and above

CCNA 200-301 Official Cert Guide, Volume 2 Companion Website

Access interactive study tools on this book's companion website, including practice test software, video training, CCNA Network Simulator Lite software, memory table and config checklist review exercises, a Key Term flash card application, a study planner, and more!

To access the companion website, simply follow these steps:

1. Go to

2. Enter the print book ISBN: 9781587147135.

3. Answer the security question to validate your purchase.

4. Go to your account page.

5. Click on the Registered Products tab.

6. Under the book listing, click on the Access Bonus Content link.

If you have any issues accessing the companion website, you can contact our support team by going to

Also available from Cisco Press for CCNA study is the CCNA 200-301 Official Cert Guide Volume 2 Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson Test Prep Practice Test.

This integrated learning package

· Enables you to focus on individual topic areas or take complete, timed exams

· Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

· Provides unique sets of exam-realistic practice questions

· Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most


Wendell Odom, CCIE No. 1624 Emeritus, has been in the networking industry since 1981. He has worked as a network engineer, consultant, systems engineer, instructor, and course developer; he currently works writing and creating certification study tools. This book is his 29th edition of some product for Pearson, and he is the author of all editions of the CCNA Cert Guides about Routing and Switching from Cisco Press. He has written books about topics from networking basics, certification guides throughout the years for CCENT, CCNA R&S, CCNA DC, CCNP ROUTE, CCNP QoS, and CCIE R&S. He maintains study tools, links to his blogs, and other resources at


Introduction xxvii

Part I IP Access Control Lists 3

Chapter 1 Introduction to TCP/IP Transport and Applications 4

"Do I Know This Already?" Quiz 4

Foundation Topics 6

TCP/IP Layer 4 Protocols: TCP and UDP 6

Transmission Control Protocol 7

Multiplexing Using TCP Port Numbers 7

Popular TCP/IP Applications 10

Connection Establishment and Termination 12

Error Recovery and Reliability 13

Flow Control Using Windowing 15

User Datagram Protocol 16

TCP/IP Applications 16

Uniform Resource Identifiers 17

Finding the Web Server Using DNS 18

Transferring Files with HTTP 20

How the Receiving Host Identifies the Correct Receiving Application 21

Chapter Review 22

Chapter 2 Basic IPv4 Access Control Lists 24

"Do I Know This Already?" Quiz 24

Foundation Topics 26

IPv4 Access Control List Basics 26

ACL Location and Direction 26

Matching Packets 27

Taking Action When a Match Occurs 28

Types of IP ACLs 28

Standard Numbered IPv4 ACLs 29

List Logic with IP ACLs 29

Matching Logic and Command Syntax 31

Matching the Exact IP Address 31

Matching a Subset of the Address with Wildcards 31

Binary Wildcard Masks 33

Finding the Right Wildcard Mask to Match a Subnet 33

Matching Any/All Addresses 34

Implementing Standard IP ACLs 34

Standard Numbered ACL Example 1 35

Standard Numbered ACL Example 2 36

Troubleshooting and Verification Tips 38

Practice Applying Standard IP ACLs 39

Practice Building access-list Commands 39

Reverse Engineering from ACL to Address Range 40

Chapter Review 41

Chapter 3 Advanced IPv4 Access Control Lists 44

"Do I Know This Already?" Quiz 44

Foundation Topics 46

Extended Numbered IP Access Control Lists 46

Matching the Protocol, Source IP, and Destination IP 46

Matching TCP and UDP Port Numbers 48

Extended IP ACL Configuration 51

Extended IP Access Lists: Example 1 51

Extended IP Access Lists: Example 2 53

Practice Building access-list Commands 54

Named ACLs and ACL Editing 54

Named IP Access Lists 54

Editing ACLs Using Sequence Numbers 56

Numbered ACL Configuration Versus Named ACL Configuration 58

ACL Implementation Considerations 59

Additional Reading on ACLs 60

Chapter Review 61

Part I Review 64

Part II Security Services 67

Chapter 4 Security Architectures 68

"Do I Know This Already?" Quiz 68

Foundation Topics 70

Security Terminology 70

Common Security Threats 72

Attacks That Spoof Addresses 72

Denial-of-Service Attacks 73

Reflection and Amplification Attacks 75

Man-in-the-Middle Attacks 76

Address Spoofing Attack Summary 77

Reconnaissance Attacks 77

Buffer Overflow Attacks 78

Malware 78

Human Vulnerabilities 79

Password Vulnerabilities 80

Password Alternatives 80

Controlling and Monitoring User Access 82

Developing a Security Program to Educate Users 83

Chapter Review 84

Chapter 5 Securing Network Devices 86

"Do I Know This Already?" Quiz 86

Foundation Topics 88

Securing IOS Passwords 88

Encrypting Older IOS Passwords with service password-encryption 89

Encoding the Enable Passwords with Hashes 90

Interactions Between Enable Password and Enable Secret 90

Making the Enable Secret Truly Secret with a Hash 91

Improved Hashes for Cisco's Enable Secret 92

Encoding the Passwords for Local Usernames 94

Controlling Password Attacks with ACLs 95

Firewalls and Intrusion Prevention Systems 95

Traditional Firewalls 96

Security Zones 97

Intrusion Prevention Systems (IPS) 99

Cisco Next-Generation Firewalls 100

Cisco Next-Generation IPS 102

Chapter Review 103

Chapter 6 Implementing Switch Port Security 106

"Do I Know This Already?" Quiz 106

Foundation Topics 108

Port Security Concepts and Configuration 108

Configuring Port Security 109

Verifying Port Security 112

Port Security MAC Addresses 113

Port Security Violation Modes 114

Port Security Shutdown Mode 115

Port Security Protect and Restrict Modes 117

Chapter Review 119

Chapter 7 Implementing DHCP 122

"Do I Know This Already?" Quiz 122

Foundation Topics 124

Dynamic Host Configuration Protocol 124

DHCP Concepts 125

Supporting DHCP for Remote Subnets with DHCP Relay 126

Information Stored at the DHCP Server 128

Configuring DHCP Features on Routers and Switches 129

Configuring DHCP Relay 130

Configuring a Switch as DHCP Client 130

Configuring a Router as DHCP Client 132

Identifying Host IPv4 Settings 133

Host Settings for IPv4 133

Host IP Settings on Windows 134

Host IP Settings on macOS 136

Host IP Settings on Linux 138

Chapter Review 140

Chapter 8 DHCP Snooping and ARP Inspection 144

"Do I Know This Already?" Quiz 144

Foundation Topics 146

DHCP Snooping 146

DHCP Snooping Concepts 146

A Sample Attack: A Spurious DHCP Server 147

DHCP Snooping Logic 148

Filtering DISCOVER Messages Based on MAC Address 150

Filtering Messages that Release IP Addresses 150

DHCP Snooping Configuration 152

Configuring DHCP Snooping on a Layer 2 Switch 152

Limiting DHCP Message Rates 154

DHCP Snooping Configuration Summary 155

Dynamic ARP Inspection 156

DAI Concepts 156

Review of Normal IP ARP 156

Gratuitous ARP as an Attack Vector 157

Dynamic ARP Inspection Logic 158

Dynamic ARP Inspection Configuration 160

Configuring ARP Inspection on a Layer 2 Switch 160

Limiting DAI Message Rates 163

Configuring Optional DAI Message Checks 164

IP ARP Inspection Configuration Summary 165

Chapter Review 166

Part II Review 168

Part III IP Services 171

Chapter 9 Device Management Protocols 172

"Do I Know This Already?" Quiz 172

Foundation Topics 174

System Message Logging (Syslog) 174

Sending Messages in Real Time to Current Users 174

Storing Log Messages for Later Review 175

Log Message Format 176

Log Message Severity Levels 177

Configuring and Verifying System Logging 178

The debug Command and Log Messages 180

Network Time Protocol (NTP) 181

Setting the Time and Timezone 182

Basic NTP Configuration 183

NTP Reference Clock and Stratum 185

Redundant NTP Configuration 186

NTP Using a Loopback Interface for Better Availability 188

Analyzing Topology Using CDP and LLDP 190

Examining Information Learned by CDP 190

Configuring and Verifying CDP 193

Examining Information Learned by LLDP 194

Configuring and Verifying LLDP 197

Chapter Review 199

Chapter 10 Network Address Translation 202

"Do I Know This Already?" Quiz 202

Foundation Topics 204

Perspectives on IPv4 Address Scalability 204

CIDR 205

Private Addressing 206

Network Address Translation Concepts 207

Static NAT 208

Dynamic NAT 210

Overloading NAT with Port Address Translation 211

NAT Configuration and Troubleshooting 213

Static NAT Configuration 213

Dynamic NAT Configuration 215

Dynamic NAT Verification 217

NAT Overload (PAT) Configuration 219

NAT Troubleshooting 222

Chapter Review 223

Chapter 11 Quality of Service (QoS) 226

"Do I Know This Already?" Quiz 226

Foundation Topics 228

Introduction to QoS 228

QoS: Managing Bandwidth, Delay, Jitter, and Loss 228

Types of Traffic 229

Data Applications 229

Voice and Video Applications 230

QoS as Mentioned in This Book 232

QoS on Switches and Routers 233

Classification and Marking 233

Classification Basics 233

Matching (Classification) Basics 234

Classification on Routers with ACLs and NBAR 235

Marking IP DSCP and Ethernet CoS 236

Marking the IP Header 237

Marking the Ethernet 802.1Q Header 237

Other Marking Fields 238

Defining Trust Boundaries 238

DiffServ Suggested Marking Values 239

Expedited Forwarding (EF) 240

Assured Forwarding (AF) 240

Class Selector (CS) 241

Guidelines for DSCP Marking Values 241

Queuing 242

Round-Robin Scheduling (Prioritization) 243

Low Latency Queuing 243

A Prioritization Strategy for Data, Voice, and Video 245

Shaping and Policing 245

Policing 246

Where to Use Policing 246

Shaping 248

Setting a Good Shaping Time Interval for Voice and Video 249

Congestion Avoidance 250

TCP Windowing Basics 250

Congestion Avoidance Tools 251

Chapter Review 252

Chapter 12 Miscellaneous IP Services 254

"Do I Know This Already?" Quiz 254

Foundation Topics 256

First Hop Redundancy Protocol 256

The Need for Redundancy in Networks 257

The Need for a First Hop Redundancy Protocol 259

The Three Solutions for First-Hop Redundancy 260

HSRP Concepts 261

HSRP Failover 261

HSRP Load Balancing 262

Simple Network Management Protocol 263

SNMP Variable Reading and Writing: SNMP Get and Set 264

SNMP Notifications: Traps and Informs 265

The Management Information Base 266

Securing SNMP 267

FTP and TFTP 268

Managing Cisco IOS Images with FTP/TFTP 268

The IOS File System 268

Upgrading IOS Images 270

Copying a New IOS Image to a Local IOS File System Using TFTP 271

Verifying IOS Code Integrity with MD5 273

Copying Images with FTP 273

The FTP and TFTP Protocols 275

FTP Protocol Basics 275

FTP Active and Passive Modes 276

FTP over TLS (FTP Secure) 278

TFTP Protocol Basics 279

Chapter Review 280

Part III Review 284

Part IV Network Architecture 287

Chapter 13 LAN Architecture 288

"Do I Know This Already?" Quiz 288

Foundation Topics 290

Analyzing Campus LAN Topologies 290

Two-Tier Campus Design (Collapsed Core) 290

The Two-Tier Campus Design 290

Topology Terminology Seen Within a Two-Tier Design 291

Three-Tier Campus Design (Core) 293

Topology Design Terminology 295

Small Office/Home Office 295

Power over Ethernet (PoE) 297

PoE Basics 297

PoE Operation 298

PoE and LAN Design 299

Chapter Review 300

Chapter 14 WAN Architecture 302

"Do I Know This Already?" Quiz 302

Foundation Topics 304

Metro Ethernet 304

Metro Ethernet Physical Design and Topology 305

Ethernet WAN Services and Topologies 306

Ethernet Line Service (Point-to-Point) 307

Ethernet LAN Service (Full Mesh) 308

Ethernet Tree Service (Hub and Spoke) 309

Layer 3 Design Using Metro Ethernet 309

Layer 3 Design with E-Line Service 309

Layer 3 Design with E-LAN Service 311

Multiprotocol Label Switching (MPLS) 311

MPLS VPN Physical Design and Topology 313

MPLS and Quality of Service 314

Layer 3 with MPLS VPN 315

Internet VPNs 317

Internet Access 317

Digital Subscriber Line 318

Cable Internet 319

Wireless WAN (3G, 4G, LTE, 5G) 320

Fiber (Ethernet) Internet Access 321

Internet VPN Fundamentals 321

Site-to-Site VPNs with IPsec 322

Remote Access VPNs with TLS 324

VPN Comparisons 326

Chapter Review 326

Chapter 15 Cloud Architecture 328

"Do I Know This Already?" Quiz 328

Foundation Topics 330

Server Virtualization 330

Cisco Server Hardware 330

Server Virtualization Basics 331

Networking with Virtual Switches on a Virtualized Host 333

The Physical Data Center Network 334

Workflow with a Virtualized Data Center 335

Cloud Computing Services 336

Private Cloud (On-Premise) 337

Public Cloud 338

Cloud and the "As a Service" Model 339

Infrastructure as a Service 339

Software as a Service 341

(Development) Platform as a Service 341

WAN Traffic Paths to Reach Cloud Services 342

Enterprise WAN Connections to Public Cloud 342

Accessing Public Cloud Services Using the Internet 342

Pros and Cons with Connecting to Public Cloud with Internet 343

Private WAN and Internet VPN Access to Public Cloud 344

Pros and Cons of Connecting to Cloud with Private WANs 345

Intercloud Exchanges 346

Summarizing the Pros and Cons of Public Cloud WAN Options 346

A Scenario: Branch Offices and the Public Cloud 347

Migrating Traffic Flows When Migrating to Email SaaS 347

Branch Offices with Internet and Private WAN 349

Chapter Review 350

Part IV Review 352

Part V Network Automation 355

Chapter 16 Introduction to Controller-Based Networking 356

"Do I Know This Already?" Quiz 357

Foundation Topics 358

SDN and Controller-Based Networks 358

The Data, Control, and Management Planes 358

The Data Plane 359

The Control Plane 360

The Management Plane 361

Cisco Switch Data Plane Internals 361

Controllers and Software-Defined Architecture 362

Controllers and Centralized Control 363

The Southbound Interface 364

The Northbound Interface 365

Software Defined Architecture Summary 367

Examples of Network Programmability and SDN 367

OpenDaylight and OpenFlow 367

The OpenDaylight Controller 368

The Cisco Open SDN Controller (OSC) 369

Cisco Application Centric Infrastructure (ACI) 369

ACI Physical Design: Spine and Leaf 370

ACI Operating Model with Intent-Based Networking 371

Cisco APIC Enterprise Module 373

APIC-EM Basics 373

APIC-EM Replacement 374

Summary of the SDN Examples 375

Comparing Traditional Versus Controller-Based Networks 375

How Automation Impacts Network Management 376

Comparing Traditional Networks with Controller-Based Networks 378

Chapter Review 379

Chapter 17 Cisco Software-Defined Access (SDA) 382

"Do I Know This Already?" Quiz 383

Foundation Topics 384

SDA Fabric, Underlay, and Overlay 384

The SDA Underlay 386

Using Existing Gear for the SDA Underlay 386

Using New Gear for the SDA Underlay 387

The SDA Overlay 390

VXLAN Tunnels in the Overlay (Data Plane) 390

LISP for Overlay Discovery and Location (Control Plane) 392

DNA Center and SDA Operation 395

Cisco DNA Center 395

Cisco DNA Center and Scalable Groups 396

Issues with Traditional IP-Based Security 397

SDA Security Based on User Groups 398

DNA Center as a Network Management Platform 400

DNA Center Similarities to Traditional Management 401

DNA Center Differences with Traditional Management 402

Chapter Review 403

Chapter 18 Understanding REST and JSON 406

"Do I Know This Already?" Quiz 406

Foundation Topics 408

REST-Based APIs 408

REST-Based (RESTful) APIs 408

Client/Server Architecture 409

Stateless Operation 410

Cacheable (or Not) 410

Background: Data and Variables 410

Simple Variables 410

List and Dictionary Variables 411

REST APIs and HTTP 413

Software CRUD Actions and HTTP Verbs 413

Using URIs with HTTP to Specify the Resource 414

Example of REST API Call to DNA Center 417

Data Serialization and JSON 418

The Need for a Data Model with APIs 419

Data Serialization Languages 421

JSON 421

XML 421

YAML 422

Summary of Data Serialization 423

Interpreting JSON 423

Interpreting JSON Key:Value Pairs 423

Interpreting JSON Objects and Arrays 424

Minified and Beautified JSON 426

Chapter Review 427

Chapter 19 Understanding Ansible, Puppet, and Chef 428

"Do I Know This Already?" Quiz 428

Foundation Topics 430

Device Configuration Challenges and Solutions 430

Configuration Drift 430

Centralized Configuration Files and Version Control 431

Configuration Monitoring and Enforcement 433

Configuration Provisioning 434

Configuration Templates and Variables 435

Files That Control Configuration Automation 437

Ansible, Puppet, and Chef Basics 438

Ansible 438

Puppet 440

Chef 441

Summary of Configuration Management Tools 442

Chapter Review 442

Part V Review 444

Part VI Final Review 447

Chapter 20 Final Review 448

Advice About the Exam Event 448

Exam Event: Learn About Question Types 448

Exam Event: Think About Your Time Budget 450

Exam Event: A Sample Time-Check Method 451

Exam Event: One Week Away 451

Exam Event: 24 Hours Before the Exam 452

Exam Event: The Last 30 Minutes 452

Exam Event: Reserve the Hour After the Exam 453

Exam Review 454

Exam Review: Take Practice Exams 454

Using the Practice CCNA Exams 455

Exam Review: Advice on How to Answer Exam Questions 456

Exam Review: Additional Exams with the Premium Edition 457

Exam Review: Find Knowledge Gaps 458

Exam Review: Practice Hands-On CLI Skills 460

CCNA Exam Topics with CLI Skill Requirements 460

Exam Review: Self-Assessment Pitfalls 462

Exam Review: Adjustments for Your Second Attempt 463

Exam Review: Other Study Tasks 464

Final Thoughts 464

Part VII Appendixes 467

Appendix A Numeric Reference Tables 469

Appendix B CCNA 200-301, Volume 2 Exam Updates 476

Appendix C Answers to the "Do I Know This Already?" Quizzes 478

Glossary 494

Online Appendixes

Appendix D Topics from Previous Editions

Appendix E Practice for Chapter 2: Basic IPv4 Access Control Lists

Appendix F Previous Edition ICND1 Chapter 35: Managing IOS Files

Appendix G Exam Topics Cross-Reference

Appendix H Study Planner

9781587147135 TOC 10/18/2019

Mehr anzeigen


CCNA 200-301 Official Cert Guide, Volume 2
E-Book (pdf)
Pearson ITP
Digitaler Kopierschutz
Anzahl Seiten
Mehr anzeigen
Andere Kunden kauften auch