David Kotfila, CCNP, CCAI, is the director of the Cisco Academy at Rensselaer Polytechnic Institute (RPI) in Troy, New York. Under his direction, 350 students have received their CCNA, 150 students have received their CCNP, and 8 students have obtained their CCIE. David is a consultant for Cisco, working as a member of the CCNP assessment group. His team at RPI has authored the four new CCNP lab books for the Academy program. David has served on the National Advisory Council for the Academy program for four years. Previously, he was the senior training manager at PSINet, a Tier 1 global ISP. When David is not staring at his beautiful wife, Kate, or talking with his two wonderful children, Chris and Charis, he likes to kayak, hike in the mountains, and lift weights.
Joshua Moorhouse, CCNP, recently graduated from Rensselaer Polytechnic Institute (RPI) with a B.S. in computer science, where he also worked as a teaching assistant in the Cisco Academy. He currently works as a network engineer at Factset Research Systems in Norwalk, Connecticut. Josh enjoys spending time with his wife Laura, his family, and friends.
Ross Wolfson, CCIE No. 16696, recently graduated from Rensselaer Polytechnic Institute (RPI) with a B.S. in computer science. He currently works as a network engineer at Factset Research Systems. Ross enjoys spending time with his friends, running, and biking.
IntroductionIntroduction
My first motivation for writing this book was to serve the needs of CCNP instructors and students in the Cisco Networking Academy Program. For the past four years, I (David) have had the privilege of serving on the National Advisory Council for the Cisco Networking Academy, representing four-year colleges and universities. Also on the council are numerous two-year community colleges. Inevitably, at council meetings, we discussed both CCNP curriculum and labs. As I spoke with a number of my CCNP instructor peers, a common theme emerged. Instructors felt that the labs needed to be rewritten to be more comprehensive. In the past, labs have lacked complexity. When I realized that I was rewriting the Networking Academy CCNP labs, and that my peers were rewriting the same labs, the thought occurred to me that perhaps an engineering school, like RPI, was up to the task of writing these labs in a way that would better serve the needs of the community. It is not that the previous labs were inappropriate; rather, it's just that the Cisco Networking Academy has grown up. Having just celebrated its tenth birthday, folks in the Academy are ready for bigger challenges. I believe that these labs fill that role.
My second motivation for writing these labs was to help networking professionals who are trying to upgrade their skill set to the CCNP level. As a former hiring manager at a Tier 1 ISP, I have a strong sense of what an industry is looking for when it hires someone with CCNP credentials. Each year, numerous hiring managers from Fortune 500 companies contact me about hiring my students. I know the level of expertise they expect from a CCNP. These labs reflect the convictions those managers shared with me.
My third motivation for writing these labs was to see how much of a challenge university undergraduates could rise to if they were asked to do a big job. My coauthors, Josh Moorhouse and Ross Wolfson, were both undergraduates when they authored these labs. I gave them a huge task, and they responded with skill and grace. I firmly believe that we frequently do not ask enough of our students. If we ask for greatness, we will sometimes get it. If we settle for the normal, we are more assured of success, but we might miss the opportunity to see our students soar to new heights. With these labs, whether you are an instructor or student, I hope that your technical knowledge soars to new heights.
Goals and Methods
The most important goal of this book is to help you master the technologies necessary to configure secure WANs in a production environment. After all, what is the point of getting certified and getting that dream job or promotion if you cannot perform after you are there? Although it is impossible to simulate a network of 300 routers, we have added loopback interfaces to simulate additional networks and increase complexity.
This book's secondary goal is to help people pass the ISCW certification exam. For two years, I was on the CCNP Assessment authoring team. After all of those years of complaining, "What were they thinking when they put that question on the exam?," suddenly, the questions I was writing were the subject of someone else's complaint. I know how important it is, both to students and networking professionals, to pass certifications. Frequently, prestige, promotion, and money are all at stake. Although all the core configurations on the certification exam are covered in this book, no static document, like a book, can keep up with the dynamic way in which the certification exam is constantly upgraded.
Who Should Read This Book?
Cisco Networking Academy instructors and students who want a written copy of the electronic labs will find this book greatly useful. In addition to all the official labs that are part of the Networking Academy curriculum, additional Challenge and Troubleshooting labs have been added to test your mastery.
Networking professionals, either in formal classes or studying alone, will also find great value in this book. Knowing how expensive it can be to purchase your own lab equipment, as many labs as possible were written with only three routers. (To adequately cover some topics, four routers were necessary.) Final configurations were included with each lab so that even if you do not have all the equipment, you can walk through the configurations in your head.
What You Need to Configure the Labs
These labs were written on four Cisco 2811 routers using the IOS image c2800nm-advipservicesk9-mz.124-10.bin.
You should be able to configure the labs on any Cisco router that uses a 12.4 advanced IP services image of the IOS.
Classes and individuals using older Cisco devices (or less robust versions of the IOS) might find that some of the commands are different or not supported.
Example: It is not possible to run the 12.4 release of the advanced IP services IOS image on a Cisco 2600 Series router. It is possible to run this image on a Cisco 2600XM router if you upgrade the Flash and RAM and can obtain the new IOS image.
How This Book Is Organized
People preparing for the ISCW certification exam should work through this book cover-to-cover. Networking professionals needing help or a refresher on a particular topic can skip right to the area in which they need assistance.
The chapters cover the following topics:
Chapter 1, "Remote Network Connectivity Requirements"—This chapter covers design concepts associated with remote-network connectivity. No labs are associated with it. However, there is a walk-through of the lab setup that is used throughout this book.
Chapter 2, "Teleworker Connectivity"—The equipment necessary for configuring Point-to-Point Protocol over Ethernet (PPPoE) is physically different than the hardware necessary for the labs in the rest of this curriculum. Networking Academy students can simulate configuring this equipment using a Flash application, dsl_standalone. (Networking professionals can use a sample configuration if they do not have access to this application.)
Chapter 3, "IPsec VPNs"—Cisco, in recognition of how difficult it is to stay current in all the protocols that a network engineer needs to stay current in, advocates the use of their GUI configuration tool, Security Device Manager (SDM). Like any GUI tool that creates configurations for you, it's easy to use. Also, like any GUI tool, times arise when the GUI produces unexpected configurations and/or side effects. Therefore, it is necessary to know how to use the GUI (to save time) and how to edit the command-line interface (CLI) for the times when the GUI produces problematic results. This chapter's labs teach you both skills.
Chapter 4, "Frame Mode MPLS Implementation"—Multiprotocol Label Switching (MPLS) is a technology that is growing in its deployment. The basic lab for this chapter is possible using only three routers. MPLS virtual private networks (VPN) are also common. Although the certification requirement is only that you be able to describe (not configure) MPLS VPNs, we have included an optional lab on how MPLS VPNs are configured. Unfortunately, it is necessary to have five routers to really see what is occurring on the Internet servirce provider's (ISP) side of the configuration. If you do not have this much hardware, you can still get a reasonable understanding of how MPLS VPNs work by merely reading this lab.
Chapter 5, "Cisco Device Hardening"—When the first routers rolled off the production line, the burning issue wasn't security. It was how we could get these devices to easily talk to each other using a variety of different protocols. Therefore, by default, many protocols and services were automatically turned on. As the Internet has matured, security has become a primary concern. Therefore, it is now necessary to turn off these services unless they are being used. Two tools help you accomplish this: One-Step Lockdown and AutoSecure. However, if you have a network situation that is somewhat unique—and who doesn't?—you also need to know the CLI commands so that you can edit the generic configurations that these tools generate. These labs teach you both.
Chapter 6, "Cisco IOS Threat Defense Features"—The labs demonstrate how to configure Cisco IOS Firewall and Intrusion Prevention System (IPS). As with previous chapters, you see how to configure them using SDM and how to configure and edit them by using CLI.
Chapter 7, "Case Studies"—The first case study requires you to configure IPsec and Frame-Mode MPLS using CLI. The second case study requires you to configure Cisco IOS Firewall and IPS. As in previous chapters, you are asked to do some of this using SDM and do other tasks using CLI.
NETLAB+ Compatibility
NDG has worked closely with the Cisco Networking Academy CCNP lab team to develop ISCW labs that are compatible with the installed base of NETLAB AE router pods. For current information on labs compatible with NETLAB+ go to http://www.netdevgroup.com/ae/labs.htm.
© Copyright Pearson Education. All rights reserved.
