مبانی شبکه، سیسکو، مایکروسافت، میکروتیک
رحلت امام خمینی رحمت الله علیه
ماتم درعزای والا مردی که در سایه مردانگی و تدبیرش هویت پنهان خویش را باز یافتیم. خرداد، ماه اندوه است. اندوه فراق مرزبان حماسه و ایثار. مردی که ستایش تمام عصرها و نسل ها را در پیشگاه خویش برانگیخته است. خرداد، ماه اشک و آه است. در وداع مردی که با آمدنش شب های تاریک و بی ترانه ما را به صبح دل انگیز و سپید رهایی مبدّل ساخت. آری او، مرد تنهای صحنه های آتش و خون، پاک مردی از بیشه عدالت و ایمان، و آزاد مردی بی مانند در جهان معاصر بود که آزاد مردان عالم از شمیم نفس های گرمش، به زندگی سلام گفتند.
رحلت رهبر کبیر انقلاب اسلامی ایران حضرت امام خمینی رحمت الله علیه بر عموم مستضعفان جهان تسلیت باد.
امــــامـا حـــــرمت ایـــــــــــران تو بـودی تــمام روح ایـن ســــــامـان تو بودی
ز چشمم سیل اشک سرخ جاری است دلـم سـرشار از ابر بــــــهاری است
ای خـــمینــی ای مــــسیحــای زمـــان ای تـــسلای دل و آرام جــــــــــــان
یــاد تو مـــا را چـراغ روشـــــــــن است عشق تو همواره در جان و تن است
معرفی کتاب Windows 8 Microsoft Press-Exam 70 - 687
Introduction xvii
Microsoft certifications xviii
Who should read this book xviii
Who should not read this book xix
Organization of this book xix
Conventions and features in this book xix
System requirements xx
Errata & book support xx
We want to hear from you xxi
Stay in touch xxi
Preparing for the exam xxiii
Chapter 1 Install and upgrade Windows 8 1
Objective 1.1: Evaluate hardware readiness and compatibility 2
Identifying the correct version of Windows 8 2
Hardware support: differences between 32-bit and 64-
bit Windows 8 4
Software compatibility and Windows 8 5
Hardware compatibility in Windows 8 6
Common application compatibility problems 6
Managing application compatibility in Windows 8 8
Objective summary 12
Objective review 13
Objective 1.2: Install Windows 8 14
What are the installation methods? 14
Following a pre-installation checklist 15
Choosing between an upgrade or a clean installation 15
Creating a custom Windows 8 installation 18
Installing Windows 8 into a Virtual Hard Disk (VHD) 27
Deploying via Windows To Go 29
Understanding common Windows 8 installation errors 31
Activating Windows 8 31
Upgrading to Windows 8 32
Objective summary 33
Objective review 33
Objective 1.3: Migrate and configure user data 35
Choosing to migrate 35
Objective summary 46
Objective review 46
Chapter summary 47
Answers 48
Objective 1.1: Thought experiment 48
Objective 1.1: Review 48
Objective 1.2: Thought experiment 50
Objective 1.2: Review 51
Objective 1.3: Thought experiment 53
Objective 1.3: Review 53
Chapter 2 Configure hardware and applications 55
Objective 2.1: Configure devices and device drivers 56
32-bit versus 64-bit and unsigned drivers 56
Maintaining hardware device drivers 58
Managing device drivers with Device Manager 60
Installing hardware in Windows 8 using Device Manager 64
Installing legacy hardware in Windows 8 65
Configuring device drivers 66
Troubleshooting and repairing device drivers 67
Using Devices and Printers and Device Stage 71
Objective summary 74
Objective review 74
Objective 2.2: Install and configure desktop applications 75
Automating software installs from a server 76
Setting default program options in Windows 8 76
Managing program compatibility 80
Objective summary 82
Objective review 82
Objective 2.3: Install and configure Windows Store applications 83
Disabling access to the Windows Store 84
Sideloading apps in Windows 8 84
Synching app licenses 86
Objective summary 90
Objective review 90
Objective 2.4: Control access to local hardware and applications 91
Blocking external media access using Group Policy 91
Blocking program and app access using AppLocker 92
Objective summary 95
Objective review 95
Objective 2.5: Configure Internet Explorer 96
Configuring compatibility view in IE10 96
Setting browser security options in IE10 98
Allowing websites through SmartScreen security 100
Objective summary 100
Objective review 101
Objective 2.6: Configure Hyper-V 101
Using Hyper-V in Windows 8 Pro 102
Using the Virtual Machine Connection utility in Windows 8 104
Configuring virtual machines in Hyper-V 104
Importing and exporting virtual machines 106
Understanding Hyper-V limitations 106
Objective summary 107
Objective review 108
Chapter summary 109
Answers 110
Objective 2.1: Thought experiment 110
Objective 2.1: Review 110
Objective 2.2: Thought experiment 112
Objective 2.2: Review 112
Objective 2.3: Thought experiment 113
Objective 2.3: Review 114
Objective 2.4: Thought experiment 115
Objective 2.4: Review 115
Objective 2.5: Thought experiment 116
Objective 2.5: Review 116
Objective 2.6: Thought experiment 117
Objective 2.6: Review 118
Chapter 3 Configure network connectivity 121
Objective 3.1: Configure IP settings 122
Comparing IPv4 to IPv6 122
Configuring IPv6 addresses 124
Understanding different types of IP addresses 125
Configuring IPv4 and IPv6 in Windows 8 126
Using IPConfig 127
Additional network troubleshooting tools in Windows 8 127
Objective summary 128
Objective review 128
Objective 3.2: Configure networking settings 130
Setting up VPN connections in Windows 8 133
Resolving computer name, domain, and workgroup conflicts 137
Using the Windows 8 automatic network troubleshooter 138
Objective summary 139
Objective review 139
Objective 3.3: Configure and maintain network security 140
Understanding defense in depth 142
Mitigating security threats 144
Configuring the Windows 8 Firewall 146
Comparing communications ports in Windows 8 149
Using IPsec to secure Windows 8 150
Configuring Windows Defender 152
Objective summary 154
Objective review 154
Objective 3.4: Configure remote management 155
Permitting remote sessions on the computer 156
Configuring Remote Desktop 156
Configuring Remote Assistance 158
Objective summary 160
Objective review 161
Chapter summary 161
Answers 163
Objective 3.1: Thought experiment 163
Objective 3.1: Review 163
Objective 3.2: Thought experiment 165
Objective 3.2: Review 165
Objective 3.3: Thought experiment 167
Objective 3.3: Review 167
Objective 3.4: Thought experiment 168
Objective 3.4: Review 169
Chapter 4 Configure access to resources 171
Objective 4.1: Configure shared resources 172
Configuring HomeGroup settings 172
Configuring file libraries 175
Configuring shared printers 177
Setting up and configuring SkyDrive 180
Configuring Near Field Communication (NFC) 182
Configuring shared folder permissions 182
Objective summary 190
Objective review 190
Objective 4.2: Configure file and folder access 191
Configuring NTFS permissions 192
Using EFS to encrypt files and folders 200
Configuring disk quotas 203
Configuring object access auditing 205
Objective summary 210
Objective review 211
Objective 4.3: Configure local security settings 212
Configuring Secure Boot 213
Configuring SmartScreen filter 216
Configuring User Account Control (UAC) behavior 217
Configuring Local Security Policy 224
Objective summary 230
Objective review 231
Objective 4.4: Configure authentication and authorization 232
Configuring rights 233
Managing credentials 234
Managing certificates 235
Configuring smart cards 238
Configuring biometrics 241
Configuring picture password 242
Configuring PIN 244
Setting up and configuring a Microsoft account 246
Objective summary 248
Objective review 249
Chapter summary 250
Answers 251
Objective 4.1: Thought experiment 251
Objective 4.1: Review 251
Objective 4.2: Thought experiment 252
Objective 4.2: Review 253
Objective 4.3: Thought experiment 254
Objective 4.3: Review 254
Objective 4.4: Thought experiment 255
Objective 4.4: Review 255
Chapter 5 Configure remote access and mobility 257
Objective 5.1: Configure remote connections 257
Configuring remote authentication 258
Configuring Remote Desktop Connection 259
Establishing VPN connections and authentication 263
Managing broadband connections 271
Working with Windows 8 Remote Assistance 272
Objective summary 276
Objective review 277
Objective 5.2: Configure mobility options 278
Using the Windows Mobility Center 278
Configuring power policies 279
Working with offline files 284
Configuring Windows To Go 286
Configuring sync options 293
Configuring Wi-Fi Direct 296
Objective summary 298
Objective review 299
Objective 5.3: Configure security for mobile devices 300
Understanding how BitLocker works 301
Configuring BitLocker 307
Using BitLocker To Go 310
Configuring startup key storage 310
Configuring location settings (GPS) 311
Objective summary 313
Objective review 313
Answers 315
Objective 5.1: Thought experiment 315
Objective 5.1: Review 315
Objective 5.2: Thought experiment 316
Objective 5.2: Review 317
Objective 5.3: Thought experiment 318
Objective 5.3: Review 318
Chapter 6 Monitor and maintain Windows clients 321
Objective 6.1: Configure and manage Windows updates 322
Configuring update settings 323
Updating Windows Store applications 327
Managing Installed Updates 333
Testing updates 333
Objective summary 334
Objective review 335
Objective 6.2: Manage local storage 336
Managing disk volumes 337
Managing file system fragmentation 346
Managing Storage Spaces 350
Objective summary 356
Objective review 356
Objective 6.3: Monitor system performance 357
Configuring Task Manager 359
Optimizing networking performance 373
Troubleshooting your network 374
Configuring event subscriptions 376
Optimizing the desktop environment 379
Configuring Indexing Options 380
Objective summary 384
Objective review 384
Answers 386
Objective 6.1: Thought experiment 386
Objective 6.1: Review 386
Objective 6.2: Thought experiment 387
Objective 6.2: Review 387
Objective 6.3: Thought experiment 388
Objective 6.3: Review 389
Chapter 7 Configure backup and recovery options 391
Objective 7.1: Configure backup 391
Using Microsoft SkyDrive 392
Using Windows 7 File Recovery 394
Objective summary 401
Objective review 401
Objective 7.2: Configure system recovery options 402
Configure System Restore 402
Refreshing your PC 409
Resetting your PC 410
Using System Repair Disc and Recovery Drive 410
Performing a system image backup 413
Objective summary 416
Objective review 417
Objective 7.3: Configure file recovery options 417
Working with File History 418
Objective summary 423
Objective review 423
Chapter summary 424
Answers 424
Objective 7.1: Thought experiment 424
Objective 7.1: Review 424
Objective 7.2: Thought experiment 426
Objective 7.2: Review 426
Objective 7.3: Thought experiment 427
Objective 7.3: Review 427
Index 429
ارائه خلاصه کتاب (CCNA ICND2 (640-816 به پارسی
Virtual LANs
Spanning Tree Protocol
Troubleshooting LAN Switching
IP Routing
Variable Length Subnet Masks
Route Summarization
Basic IP Access Control Lists
Advanced IP Access Control Lists
Troubleshooting IP Routing
Routing Protocol Theory
OSPF
EIGRP
Troubleshooting
Point-to-point WANs
Frame-relay Concepts
Frame-relay Configuration
Virtual Private Networks
Network Address Translation
IP Version 6
معرفی کتاب Optimizing and Troubleshooting Hyper-V Networking
Contents
Introduction 9
About the contributors 10
About the companion content 11
Acknowledgments 11
Errata & book support 12
We want to hear from you 12
Stay in touch 12
Hyper-V storage fundamentals 13
Virtual storage controllers 13
Virtual disk file formats 13
Storage improvements in Windows Server 2012 14
Additional resources 16
Storage sizing 17
Using MAP 17
Additional resources 20
Pass-through disks 21
Storage options for Hyper-V 21
Pass-through disk quick review 22
Scenario 1: Adding a pass-through disk to an already
highly available virtual machine 26
Scenario 2: Adding a pass-through disk to a
virtual machine before making it highly available 28
Scenario 3: Adding a pass-through disk to a
virtual machine that is already running 29
Additional resources 31
Virtual machine snapshots 32
Understanding snapshots 32
Example: Broken snapshot tree 33
Additional resources 34
File system alignment 35
Identifying file system misalignment 35
Additional resources 37
Virtual disk fragmentation 38
Large file size records, dynamic disks, differencing disks,
and problems managing highly fragmented files 38
What is a sparse file? 38
What is the MFT? 38
Why should I care? 38
Migrating VHD to VHDX 41
I migrated my virtual machines. Now what? 41
Comparing VHDX and VHD performance. 42
Migrating from VHD to VHDX 42
Optimizing block and cluster sector sizes 43
Additional resources 44
Monitoring storage performance 45
Using Performance Monitor 45
Storage performance counters 49
Hard disk counters 49
SMB Client counters 50
SMB Server counters 50
Example: Troubleshooting a storage problem using Performance Monitor 50
Additional resources 54
Cluster Shared Volumes 55
CSV Redirected Access mode 55
Example: Network for redirected I/O 56
Example: Lost direct storage link 58
Example: Failed backup 59
Example: Incompatible filter driver 61
Using CSV performance counters 62
Exploring Cluster Shared Volume data flow 63
Metadata operations 63
Direct I/O operations 64
File System level redirection 65
Block level redirection 66
Cluster Shared Volume Cache performance tuning. 67
Additional resources 68
Live Migration 69
Why Constrained Delegation? 69
Some background info 70
The Hyper-V connection 70
Setting up Constrained Delegation 70
Additional resources 71
Virtual Fibre Channel 72
Fibre Channel on the guest 72
Prerequisites 72
Virtual machine not starting 73
Additional configuration steps 74
Additional resources 74
Event logs 75
Hyper-V storage event logs 75
Example: Missing virtual hard disk 76
Example: Unsupported Fibre Channel adapter 78
Additional resources 79
SMB storage 80
SMB share permissions 80
Example: Wrong share permissions 81
Additional resources 84
SMB Multichannel 85
Troubleshooting SMB Multichannel 85
Verifying Receive-Side-Scaling 85
Verifying SMB Multichannel 87
Excluding a network card 88
Example: Link down 89
Additional resources 90
Online backup 91
Hyper-V backups and VSS 91
Example: Online backup issue 92
Additional resources 94
Antivirus exclusions 95
Configuring antivirus exclusions 95
Additional resources 96
Windows PowerShell tips 97
Storage-related tasks and Windows PowerShell 97
Additional resources 98
Best Practices Analyzer 99
Troubleshooting with Hyper-V Best Practices Analyzer 99
Hyper-V BPA 99
PowerShell and automation 104
Failover clustering 106
Summary 107
Additional resources 107
Storage Spaces 108
What is Storage Spaces? 108
Concepts and terms 109
Deployment modes 110
Benefits of Storage Spaces to enterprises 111
Cost effective platform for business critical storage 111
Flexibility and elasticity 111
Resiliency and data integrity 112
Multi-tenancy 113
Ease of management 113
Before we start 114
Deploying your first storage space 115
A little bit of theory 121
Planning your storage space 123
Resiliency and performance tuning 123
Thin provisioning 125
Maintaining storage spaces 125
Extending a virtual disk 125
Removing a disk from a pool 126
Rebuilding a server that hosts storage spaces 126
Troubleshooting storage spaces 127
Creating a storage space fails 128
Deleting a storage space fails 129
Expanding a storage space fails 130
Additional resources 131
Building a demo environment 132
Hyper-V over SMB: Step-by-step installation using Windows PowerShell 132
Overview 133
Environment details 134
Script #1: Configuring FST2-DC1 (DNS, Domain Controller, iSCSI Target) 137
Script #2: Configuring FST2-FS1 (File Server 1) 139
Script #3: Configuring FST2-FS2 (File Server 2) 141
Script #4: Configuring FST2-HV1 (Hyper-V host 1) 143
Script #5: Configuring FST2-HV2 (Hyper-V host 2) 144
Script #6: Configuring the Cluster FST2-FSC (run from FST2-FS1) 145
Script #7: Configuring the Classic File Server Cluster FST2-FS
(run from FST2-FS1) 146
Script #8: Configuring the Scale-Out File Server Cluster FST2-SO
(run from FST2-FS1) 147
Script #9: Configuring the virtual machines in FST2-HV1 147
Script #10: Configuring the virtual machines in FST2-HV2 148
Script #11: Creating a Hyper-V Cluster using file share storage 148
Script #12: Optional steps to create a nonclustered file share
on FST2-FS1 149
Conclusion 150
Additional resources 151
دانلود کتاب Optimizing and Troubleshooting Hyper-V Networking
Internet Protocol Version 4
Internet Protocol version 4 یا به اختصار IPv4، چهارمین بازبینی پروتکل اینترنت (IP) و اولین نسخه ایست که به گستردگی به کار گرفته شد. IPv4 به همراه IPv6 در هسته روشهای شبکه بندی بر پایه استانداردها در اینترنت هستند.IPv4 هنوز با تفاوت بسیاری پر استفادهترین پروتکل لایه اینترنت است. از تاریخ ۲۰۱۰، به کار گیری نسخه ششم پروتکل اینترنت (IPv6) در مراحل آغازین است. IPv4 در "RFC 791" از انتشارات گروه ویژه مهندسی اینترنت (IETF) در سپتامبر ۱۹۸۱ - که جایگزین تعریف قدیمی تر آن در سال ۱۹۸۰ در "RFC 760" شد- تشریح شده است. IPv4 پروتکلی بدون اتصال برای استفاده در شبکههای راه گزینی بسته لایه پیوند (مانند اترنت) است. این پروتکل بر مبنای مدل بیشترین تلاش برای تحویل کار میکند بدین معنی که هیچ تضمینی برای رساندن بستهها به مقصد، پشت سر هم رسیدن و حفظ توالی بسته ها و یا عدم تکراری بودن بستهها ارائه نمیدهد. این جنبههای مربوط به جامعیت دادهها در لایه بالایی یعنی لایه انتقال در نظر گرفته شدهاند مانند پروتکل کنترل انتقال (TCP)
هر آدرس IPv4 شامل 32 بیت می شودکه از چهار بخش هشت بیتی تشکیل شده است. در نتیجه فضای نشانی را به ۴٬۲۹۴٬۹۶۷٬۲۹۶ نشانی یکتای ممکن محدود میسازد. اما قسمتی از این نشانیها برای مقاصد خاصی مانند شبکههای خصوصی (تقریباً ۱۸ میلیون نشانی) و چند پخشی (تقریباً ۲۷۰ میلیون نشانی) رزرو شده است و شمار نشانیهای قابل استفاده برای مسیریابی روی شبکه عمومی اینترنت کمتر میشود. همچنان که نشانیهای بیشتری به کاربران تخصیص مییابد به اتمام آدرسهای IP نزدیک تر میشویم، هر چند که طراحیهای مجدد ساختار نشانی دهی شبکه از راه شبکههای با کلاس (Classful network)، مسیریابی میان دامنه بدون کلاس (CIDR) و ترجمه نشانی شبکه (NAT) از عواملی هستند که این امر را به تعویق انداختند. محدودیت IPv4 در شمار نشانیها انگیزهای برای ایجاد IPv6 شد که هنوز در مراحل اولیه به کارگیری قرار دارد و تنها راه حل بلند مدت برای کمبود نشانیهاست.
معرفی کتاب Certified Wireless Security Professional Official Study Guide(Exam PW0-204)
Introduction
Assessment Test
Chapter 1 WLAN Security Overview
Standards Organizations
International Organization for Standardization (ISO)
Institute of Electrical and Electronics Engineers (IEEE)
Internet Engineering Task Force (IETF)
Wi-Fi Alliance
802.11 Networking Basics
802.11 Security Basics
Data Privacy
Authentication, Authorization, Accounting (AAA)
Segmentation
Monitoring
Policy
802.11 Security History
802.11i Security amendment and WPA Certifications
Robust Security Network (RSN)
The Future of 802.11 Security
Summary
Exam Essentials
Key Terms
Review Questions
Answers to Review Questions
Chapter 2 Legacy 802.11 Security
Authentication
Open System Authentication
Shared Key Authentication
Wired Equivalent Privacy (WEP) Encryption
Virtual Private Networks (VPNs)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Internet Protocol Security (IPsec)
Configuration Complexity
Scalability
MAC Filters
SID Segmentation
SSID Cloaking
Summary 55
Exam Essentials 55
Key Terms 56
Review Questions 57
Answers to Review Questions 62
Chapter 3 Encryption Ciphers and Methods 65
Encryption Basics 66
Symmetric and Asymmetric Algorithms 67
Stream and Block Ciphers 68
RC4 69
RC5 70
DES 70
3DES 71
AES 71
WLAN Encryption Methods 72
WEP 73
WEP MPDU 74
TKIP 75
TKIP MPDU 80
CCMP 83
CCMP MPDU 85
WPA / WPA2 88
Proprietary Layer 2 Implementations 89
Summary 90
Exam Essentials 90
Key Terms 91
Review Questions 93
Answers to Review Questions 98
Chapter 4 Enterprise 802.11 Layer 2 Authentication Methods 101
WLAN Authentication Overview 103
AAA 104
Authentication 105
Authorization 106
Accounting 108
802.1X 109
Supplicant 110
Authenticator 115
Authentication Server 119
Supplicant Credentials 122
Usernames and Passwords 123
Digital Certificates and PACs 124
One-time Passwords 126
Smart Cards and USB Tokens 128
Machine Authentication 129
Preshared Keys 130
Proximity Badges and RFID Tags 130
Biometrics 131
Authentication Server Credentials 131
Shared Secret 136
Legacy Authentication Protocols 137
PAP 137
CHAP 137
S-CHAP 137
MS-CHAPv2 138
EAP 138
Weak EAP Protocols 141
EAP-MD5 142
EAP-LEAP 142
Strong EAP Protocols 145
EAP-PEAP 146
EAP-TTLS 150
EAP-TLS 151
EAP-FAST 153
PACs 154
Miscellaneous EAP Protocols 158
EAP-SIM 158
EAP-AKA 158
Summary 161
Exam Essentials 161
Key Terms 162
Review Questions 164
Answers to Review Questions 169
Chapter 5 802.11 Layer 2 Dynamic Encryption 173
Key Generation 173
Advantages of Dynamic Encryption 174
Robust Security Network (RSN) 179
RSN Information Element 184
Authentication and Key Management (AKM) 189
RSNA Key Hierarchy 194
4-Way Handshake 198
Group Key Handshake 201
PeerKey Handshake 203
RSNA Security Associations 204
Passphrase-to-PSK Mapping 205
Roaming and Dynamic Keys 207
Summary 207
Exam Essentials 208
Key Terms 209
Review Questions 210
Answers to Review Questions 216
Chapter 6 SOHO 802.11 Security 221
WPA / WPA2-Personal 222
Preshared Keys (PSK) and Passphrases 223
WPA / WPA2-Personal Risks 228
Entropy 228
Proprietary PSK 231
Wi-Fi Protected Setup (WPS) 232
WPS Architecture 233
SOHO Security Best Practices 238
Summary 238
Exam Essentials 239
Key Terms 240
Review Questions 241
Answers to Review Questions 246
Chapter 7 802.11 Fast Secure Roaming 249
History of 802.11 Roaming 250
Client Roaming Thresholds 251
AP-to-AP Handoff 252
RSNA 254
PMKSA 254
PMK Caching 257
Preauthentication 259
Opportunistic Key Caching (OKC) 260
Proprietary FSR 264
Fast BSS Transition (FT) 264
Information Elements 268
FT Initial Mobility Domain Association 268
Over-the-Air Fast BSS Transition 270
Over-the-DS Fast BSS Transition 271
802.11k 273
Voice Personal and Voice Enterprise 273
Layer 3 Roaming 274
Troubleshooting 276
SCA Roaming 277
Exam Essentials 280
Key Terms 281
Review Questions 283
Answers to Review Questions 287
Chapter 8 Wireless Security Risks 291
Unauthorized Rogue Access 292
Rogue Devices 292
Rogue Prevention 296
Eavesdropping 298
Casual Eavesdropping 298
Malicious Eavesdropping 300
Eavesdropping Risks 301
Eavesdropping Prevention 302
Authentication Attacks 303
Denial-of-Service Attacks 305
Layer 1 DoS Attacks 306
Layer 2 DoS Attacks 310
MAC Spoofing 314
Wireless Hijacking 317
Management Interface Exploits 321
Vendor Proprietary Attacks 322
Physical Damage and Theft 323
Social Engineering 324
Public Access and WLAN Hotspots 326
Summary 327
Exam Essentials 327
Key Terms 328
Review Questions 330
Answers to Review Questions 334
Chapter 9 Wireless LAN Security Auditing 337
WLAN Security Audit 338
OSI Layer 1 Audit 340
OSI Layer 2 Audit 344
Penetration Testing 347
Wired Infrastructure Audit 349
Social Engineering Audit 349
WIPS Audit 350
Documenting the Audit 350
Audit Recommendations 352
WLAN Security Auditing Tools 353
Linux-Based Tools 356
Windows-Based Tools 359
Summary 359
Exam Essentials 360
Key Terms 360
Review Questions 361
Answers to Review Questions 366
Chapter 10 Wireless Security Monitoring 369
Wireless Intrusion Detection and Prevention Systems 369
(WIDS and WIPS) 371
WIDS/ WIPS Infrastructure Components 372
WIDS/ WIPS Architecture Models 375
Multiple Radio Sensors 382
Sensor Placement 383
Device Classification 384
Rogue Detection 386
Rogue Mitigation 389
Device Tracking 392
WIDS/ WIPS Analysis 397
Signature Analysis 397
Behavioral Analysis 398
Protocol Analysis 398
Spectrum Analysis 400
Forensic Analysis 402
Performance Analysis 403
Monitoring 404
Policy Enforcement 404
Alarms and Notification 406
False Positives 409
Reports 410
802.11n 410
Proprietary WIPS 413
Cloaking 414
Management Frame Protection 414
802.11w 415
Summary 416
Exam Essentials 417
Key Terms 418
Review Questions 419
Answers to Review Questions 424
Chapter 11 VPNs, Remote Access, and Guest Access Services 429
VPN Technology in 802.11 WLAN Architecture 430
VPN 101 431
VPN Client 433
WLAN Controllers: VPN Server for Client Access 433
VPN Client Security at Public Hotspots 434
Controller-to-Controller VPNs and Site-to-Site VPNs 435
VPNs Used to Protect Bridge Links 436
Remote Access 437
Remote AP 437
Virtual Branch Office Networking 441
Hotspots/Public Access Networks 441
Captive Portal 442
Summary 445
Exam Essentials 445
Key Terms 446
Review Questions 447
Answers to Review Questions 452
Chapter 12 WLAN Security Infrastructure 455
WLAN Architecture Capabilities Overview 457
Distribution System (DS) 458
Autonomous APs 458
WLAN Controllers 460
Split MAC 465
Mesh 465
WLAN Bridging 467
Cooperative Control 467
Location-Based Access Control 469
Hot Standby/Failover 469
Device Management 470
Protocols for Management 471
CAPWAP and LWAPP 475
Wireless Network Management System 476
RADIUS/LDAP Servers 477
Proxy Services 477
Features and Components 478
Integration 480
EAP Type Selection 481
Deployment Architectures and Scaling 482
RADIUS Failover 487
Timer Values 488
WAN Traversal 490
Multifactor Authentication Servers 491
Public Key Infrastructure (PKI) 491
Role-Based Access Control 494
Enterprise Encryption Gateways 497
Summary 498
Exam Essentials 499
Key Terms 500
Review Questions 501
Answers to Review Questions 505
2.4 GHz ISM Point-to-Multipoint (PtMP)
5 GHz UNII Point-to-Multipoint (PtMP)
Windows Registry Values that Control
Preauthentication and PMK Caching 572
Appendix B WLAN Vendors 575
WLAN Infrastructure 576
WLAN Mesh Infrastructure 576
WLAN Auditing, Diagnostic, and Design Solutions 577
WLAN Management 577
WLAN Security Solutions 577
VoWiFi Solutions 578
WLAN Fixed Mobile Convergence 578
WLAN RTLS Solutions 578
WLAN SOHO Vendors 578
Appendix C
About the Companion CD 579
What You’ll Find on the CD 580
Sybex Test Engine 580
Electronic Flashcards 580
System Requirements 581
Using the CD 581
Troubleshooting 581
Customer Care 582
Glossary 583
Index 623
Table of Exercises
Exercise 2.1 Viewing Open System and Shared Key Authentication Frames
Exercise 2.2 Viewing Encrypted MSDU Payload of 802.11 Data Frames
Exercise 2.3 Viewing Hidden SSIDs
Exercise 3.1 TKIP Encrypted Frames
Exercise 3.2 CCMP Encrypted Frames
Exercise 4.1 802.1X / EAP Frame Exchanges
Exercise 5.1 Dynamic WEP
Exercise 5.2 Authentication and Key Management
Exercise 5.3 The 4-Way Handshake
Exercise 6.1 Passphrase-PSK Mapping
Exercise 10.1 Spectrum Analysis
دانلود کتاب Certified Wireless Security Professional Official Study Guide(Exam PW0-204)
معرفی کتاب Data Center Virtualization Fundamentals
Foreword
Introduction
?Part I What Is Virtualization
Chapter 1 Virtualization History and Definitions
Data Center Essential Definitions
Data Center Evolution
Operational Areas and Data Center Architecture
The Origins of Data Center Virtualization
Virtual Memory
Mainframe Virtualization
Hot Standby Router Protocol
Defining Virtualization
Data Center Virtualization Timeline
Classifying Virtualization Technologies A Virtualization Taxonomy Virtualization Scalability Technology Areas
Classification Examples
Summary
Further Reading
Part II Virtualization in Network Technologies
Chapter 2 Data Center Network Evolution
Ethernet Protocol: Then and Now
Ethernet Media Coaxial Cable Twisted-Pair Optical Fiber
Direct-Attach Twinaxial Cables
Ethernet Data Rate Timeline
Data Center Network Topologies
Data Center Network Layers
Design Factors for Data Center Networks Physical Network Layout Considerations The ANSI/TIA-942 Standard
Network Virtualization Benefits
Network Logical Partitioning
Network Simplification and Traffic Load Balancing Management Consolidation and Cabling Optimization Network Extension
Summary
Further Reading
Chapter 3 The Humble Beginnings of Network Virtualization
Network Partitioning
Concepts from the Bridging World
Defining VLANs
VLAN Trunks
Two Common Misconceptions About VLANs
Misconception Number 1: A VLAN Must Be Associated to an IP Subnet
Misconception Number 2: Layer 3 VLANs
Spanning Tree Protocol and VLANs Spanning Tree Protocol at Work Port States
Spanning Tree Protocol Enhancements
Spanning Tree Instances
Private VLANs
VLAN Specifics Native VLAN Reserved VLANs IDs Resource Sharing
Control and Management Plane Concepts from the Routing World Overlapping Addresses in a Data Center Defining and Configuring VRFs
VRFs and Routing Protocols
VRFs and the Management Plane
VRF-Awareness
VRF Resource Allocation Control
Use Case: Data Center Network Segmentation
Summary
Further Reading
Chapter 4 An Army of One: ACE Virtual Contexts
Application Networking Services
The Use of Load Balancers
Load-Balancing Concepts
Layer 4 Switching Versus Layer 7 Switching
Connection Management
Address Translation and Load Balancing
Server NAT Dual NAT
Port Redirection
Transparent Mode
Other Load-Balancing Applications
Firewall Load Balancing Reverse Proxy Load Balancing Offloading Servers
SSL Offload
TCP Offload
HTTP Compression
Load Balancer Proliferation in the Data Center
Load Balancer Performance Security Policies Suboptimal Traffic
Application Environment Independency
ACE Virtual Contexts
Application Control Engine Physical Connections
Connecting an ACE Appliance
Connecting an ACE Module
Creating and Allocating Resources to Virtual Contexts Integrating ACE Virtual Contexts to the Data Center Network Routed Design
Bridged Design
One-Armed Design
Managing and Configuring ACE Virtual Contexts
Allowing Management Traffic to a Virtual Context
Allowing Load Balancing Traffic Through a Virtual Context
Controlling Management Access to Virtual Contexts ACE Virtual Context Additional Characteristics Sharing VLANs Among Contexts
Virtual Context Fault Tolerance Use Case: Multitenant Data Center Summary
Further Reading
Chapter 5 Instant Switches: Virtual Device Contexts
Extending Device Virtualization
Why Use VDCs? VDCs in Detail
Creating and Configuring VDCs VDC Names and CLI Prompts Virtualization Nesting
Allocating Resources to VDCs Using Resource Templates Managing VDCs
VDC Operations
Processes Failures and VDCs
VDC Out-of-Band Management
Role-Based Access Control and VDCs
Global Resources
Use Case: Data Center Security Zones
Summary
Further Reading
Chapter 6 Fooling Spanning Tree
Spanning Tree Protocol and Link Utilization
Link Aggregation
Server Connectivity and NIC Teaming
Cross-Switch PortChannels
Virtual PortChannels
Virtual PortChannel Definitions Configuring Virtual PortChannels Step 1: Defining the Domain
Step 2: Establishing Peer Keepalive Connectivity
Step 3: Creating the Peer Link
Step 4: Creating the Virtual PortChannel Spanning Tree Protocol and Virtual PortChannels Peer Link Failure and Orphan Ports
First-Hop Routing Protocols and Virtual PortChannels
Layer 2 Multipathing and vPC+ FabricPath Data Plane FabricPath Control Plane
FabricPath and Spanning Tree Protocol
Virtual PortChannel Plus
Use Case: Evolution of Network PODs
Summary
Further Reading
Chapter 7 Virtualized Chassis with Fabric Extenders
Server Access Models
Understanding Fabric Extenders
Fabric Extender Options
Connecting a Fabric Extender to a Parent Switch
Fabric Extended Interfaces and Spanning Tree Protocol
Fabric Interfaces Redundancy
Fabric Extender Topologies Straight-Through Topologies Dual-Homed Topologies
Use Case: Mixed Access Data Center
Summary
Further Reading
Chapter 8 A Tale of Two Data Centers
A Brief History of Distributed Data Centers
The Cold Age (Mid-1970s to 1980s) The Hot Age (1990s to Mid-2000s)
The Active-Active Age (Mid-2000s to Today)
The Case for Layer 2 Extensions
Challenges of Layer 2 Extensions
Ethernet Extensions over Optical Connections
Virtual PortChannels
FabricPath
Ethernet Extensions over MPLS MPLS Basic Concepts Ethernet over MPLS
Virtual Private LAN Service
Ethernet Extensions over IP MPLS over GRE
Overlay Transport Virtualization
OTV Terminology
OTV Basic Configuration
OTV Loop Avoidance and Multihoming
Migration to OTV OTV Site Designs
VLAN Identifiers and Layer 2 Extensions
Internal Routing in Connected Data Centers
Use Case: Active-Active Greenfield Data Centers
Summary
Further Reading
Part III Virtualization in Storage Technologies
Chapter 9 Storage Evolution
Data Center Storage Devices
Hard Disk Drives
Disk Arrays
Tape Drives and Libraries
Accessing Data in Rest
Block-Based Access
Small Computer Systems Interface Mainframe Storage Access Advanced Technology Attachment File Access
Network File System
Common Internet File System
Record Access
Storage Virtualization Virtualizing Storage Devices Virtualizing LUNs Virtualizing File Systems Virtualizing SANs
Summary
Further Reading
Chapter 10 Islands in the SAN
Some Fibre Channel Definitions
Fibre Channel Layers
Fibre Channel Topologies and Port Types
Fibre Channel Addressing
Frames, Sequences, and Exchanges
Flow Control
Classes of Service
Fabric Processes Fabric Initialization Fabric Shortest Path First
Register State Change Notification
Fibre Channel Logins
Zoning
Defining and Exploring VSANs
SAN Islands VSAN Creation VSAN Trunking Zoning and VSANs FSPF and VSANs VSAN Scoping
Use Case: SAN Consolidation
Summary
Further Reading
Chapter 11 Secret Identities
Fibre Channel over IP
FCIP High Availability
Use Case: SAN Extension with Traffic Engineering
Inter-VSAN Routing IVR Infrastructure IVR Zoning
Use Case: Transit VSAN N_Port Virtualization
Configuring N_Port Virtualization
NPV Traffic Management
Deploying Port WWN Virtualization on NPV Use Case: Blade Server Hosting Data Center
Summary
Further Reading
Chapter 12 One Cable to Unite Us All
The Case for Data Center Networking Convergence
Data Center Bridging
Priority-Based Flow Control
Enhanced Transmission Selection
Data Center Bridging eXchange Protocol
Congestion Notification
Introducing Fibre Channel over Ethernet
FCoE Elements
FCoE Initialization Protocol
Deploying Unified Server Access
Configuring Unified Server Access on Single-Context Switches
Configuring Unified Server Access with Storage VDCs
Configuring Multihop FCoE
Configuring Virtual Fibre Channel PortChannels
FCoE N_Port Virtualization
Unified Fabric Designs
Server Access Layer Unified Designs FCoE and Virtual PortChannels FCoE and Blade Servers
Beyond the Access Layer
Converged Access Model
Converged Aggregation Model
FCoE and SAN Extension
Use Case: LAN and SAN Management Separation
Summary
Further Reading
Part IV Virtualization in Server Technologies
Chapter 13 Server Evolution
Server Architectures
Mainframes RISC Servers x86 Servers
x86 Hardware Evolution CPU Evolution Memory Evolution
Expansion Bus Evolution
Physical Format Evolution
Introducing x86 Server Virtualization
Virtualization Unleashed
Unified Computing
Summary
Further Reading
Chapter 14 Changing Personalities
Server Provisioning Challenges Server Domain Operations Infrastructure Domain Operations
Unified Computing and Service Profiles
Building Service Profiles Identifying a Service Profile Storage Definitions
Network Definitions
Virtual Interface Placement Server Boot Order Maintenance Policy
Server Assignment
Operational Policies
Configuration
External IPMI Management Configuration
Management IP Address
Additional Policies
Associating a Service Profile to a Server
Installing an Operating System Verifying Stateless Computing Using Policies
BIOS Setting Policies
Firmware Policies
Industrializing Server Provisioning
Cloning
Pools
Service Profile Templates
Server Pools
Use Case: Seasonal Workloads
Summary
Further Reading
Chapter 15 Transcending the Rack
Introduction to Virtual Networking
Virtual Switch Challenges Cisco Nexus 1000V Architecture Nexus 1000V Communication Modes
Port Profiles and Dynamic Interface Provisioning
Deploying Nexus 1000V
External Connectivity and Link Aggregation
NX-OS Features in the Virtual World
MAC Address Table
Access Lists
Online Migrations and Nexus 1000V Virtual Extensible Local Area Networks Introducing Virtual Machine Fabric Extender Deploying VM-FEX
Enabling Dynamic vNICs on a UCS Service Profile
Preparing VMware vSphere Host to Deploy VM-FEX Using the UCS Manager VMware Integration Wizard Migrating Virtual Machines to VM-FEX
Online Migrations and VM-FEX VM-FEX High-Performance Mode Use Case: Data Center Merging Summary
Further Reading
Chapter 16 Moving Targets
Virtual Network Services Definitions Virtual Network Services Data Path vPath-Enabled Virtual Network Services
Cisco Virtual Security Gateway: Compute Virtual Firewall
Installing Virtual Security Gateway
Creating Security Policies
Sending Data Traffic to VSG
Virtual Machine Attributes and Virtual Zones Cisco ASA 1000V: Edge Virtual Firewall Installing ASA 1000V
Sending Data Traffic to ASA 1000V Configuring Security Policies on ASA 1000V Application Acceleration
WAN Acceleration and Online Migration
Routing in the Virtual World
Site Selection and Server Virtualization
Route Health Injection
Global Server Load Balancing
Location/ID Separation Protocol Use Case: Virtual Data Center Summary
Further Reading
Part V End-to-End Virtualization
Chapter 17 The Virtual Data Center and Cloud Computing
The Virtual Data Center
Automation and Standardization What Is Cloud Computing? Cloud Implementation Example Journey to the Cloud
Networking in the Clouds Software-Defined Networks OpenStack
Network Overlays
Cisco Open Network Environment
Before We Go... Summary
Further Reading
Part VI Appendixes
Appendix A Cisco Data Center Portfolio
Cisco Application Control Engine
Cisco Adaptive Security Appliances 5585-X Cisco ASA 1000V Cloud Firewall
Cisco Catalyst 6500 Series Switches
Cisco Cloud Portal
Cisco Intelligent Automation Solutions
Automation Software Components
Cisco Intelligent Automation for Cloud Solution
Cisco Intelligent Automation for SAP
Cisco MDS 9000 Series Multilayer Switches
Cisco Prime Network Analysis Module Cisco Nexus Data Center Switches Cisco Nexus 1000V Series Switches
Nexus 1010 and 1100 Virtual Services Appliances
Cisco Nexus 2000 Series Fabric Extenders
Cisco Nexus 3000 Series Switches
Cisco Nexus 4000 Series Switches
Cisco Nexus 5000 and 5500 Series Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Unified Computing System
Cisco 6100 and 6200 Series Fabric Interconnects Cisco UCS 5100 Series Blade Server Chassis Cisco UCS 2100 and 2200 Series Fabric Extenders Cisco UCS B-Series Blade Servers
Cisco UCS C-Series Rack Servers Cisco UCS Virtual Interface Cards Unified Management Solutions
Cisco Application Network Manager
Cisco Prime Data Center Network Manager Cisco UCS Manager and UCS Central Virtual Network Management Center
Virtual Security Gateway Virtualization Techniques Mapping Further Reading
Appendix B IOS, NX-OS, and Application Control Software Command-Line
Interface Basics
IOS Command-Line Interface Basics
Command Modes
Getting Context-Sensitive Help
Abbreviating Commands and Using Shortcuts
Managing Configuration Files
Using Debug Commands
NX-OS Command-Line Interface
NX-OS Access
NX-OS Modularity
NX-OS and Running Configuration Files
NX-OS Command-Line Interface Optimizations Configuration Version Management, Batches, and Scripts Application Control Software Command-Line Interface
Index
معرفی کتاب Designing Cisco Network Service
Foreword xxx
Introduction xxxi
Chapter 1 The Cisco Enterprise Architecture 1
Reviewing Cisco Enterprise Architecture 1
The Hierarchical Model 2
Example Hierarchical Network 3
Enterprise Network Design for Cisco Architectures 4
Service and Application Integration 7
Network Services 7
Network Applications 9
Modularity in Cisco Network Architectures for the Enterprise 9
Reviewing the Cisco PPDIOO Approach 12
PPDIOO Network Lifecycle Approach 13
Benefits of the Lifecycle Approach 14
Using the Design Methodology Under PPDIOO 16
Identifying Customer Requirements 16
Characterizing the Existing Network and Sites 17
Designing the Topology and Network Solutions 18
Dividing the Network into Areas 18
Summary 20
References 21
Review Questions 21
Chapter 2 Enterprise Campus Network Design 23
Designing High Availability in the Enterprise Campus 24
Enterprise Campus Infrastructure Review 24
Access Layer 24
Distribution Layer 26
Core Layer 27
Collapsed-Core Model 29
High-Availability Considerations 30
Implement Optimal Redundancy 30
Provide Alternate Paths 32
Avoid Single Points of Failure 33
Cisco NSF with SSO 33
Routing Protocol Requirements for Cisco NSF 34
Cisco IOS Software Modularity Architecture 35
Example: Software Modularity Benefits 37
Designing an Optimum Design for Layer 2 38
Recommended Practices for Spanning-Tree Configuration 38
Cisco STP Toolkit 40
STP Standards and Features 40
Recommended Practices for STP Hardening 41
Recommended Practices for Trunk Configuration and Vlan Trunking
Protocol 43
Dynamic Trunking Protocol 45
Recommended Practices for UDLD Configuration 46
Recommended Practices for EtherChannel 47
Port Aggregation Protocol 49
Link Aggregation Control Protocol 49
Supporting Virtual Switching Systems Designs 50
Common Access-Distribution Block Designs 51
Multichassis EtherChannels and VSS 52
VSS Design Considerations 53
Dual Active Detection and Recovery 54
VSS Design Best Practices 55
Developing an Optimum Design for Layer 3 55
Managing Oversubscription and Bandwidth 56
Bandwidth Management with EtherChannel 56
Bandwidth Management with 10 Gigabit Interfaces 57
Link Load Balancing 57
Link Load Balancing with EtherChannel 58
EtherChannel Design Versus Equal-Cost Multipathing 59
Routing Protocol Design 60
Build Redundant Triangles 60
Peer Only on Transit Links 60
Summarize at the Distribution Layer 62
First-Hop Redundancy 64
Preempt Delay Tuning 65
Elimination of FHRP in VSS Designs 66
Overview of Gateway Load Balancing Protocol 67
Optimizing FHRP Convergence 69
Supporting a Layer 2 to Layer 3 Boundary Design 71
Layer 2 to Layer 3 Boundary Design Models 71
Layer 2 Distribution Switch Interconnection 71
Layer 3 Distribution Switch Interconnection (with HSRP) 72
Layer 3 Distribution Switch Interconnection (with GLBP) 72
Layer 3 Distribution Switch with VSS Interconnection 73
Layer 3 Access to Distribution Interconnection 74
EIGRP Access Design Recommendations 75
OSPF Access Design Recommendations 76
Potential Design Issues 77
Daisy Chaining Access Layer Switches 77
Cisco StackWise Technology in the Access Layer 78
Too Much Redundancy 79
Too Little Redundancy 80
Example: Impact of an Uplink Failure 80
Example: Impact on Return-Path Traffic 82
Asymmetric Routing (Unicast Flooding) 82
Unicast Flooding Prevention 83
Supporting Infrastructure Services 84
IP Telephony Considerations 84
IP Telephony Extends the Network Edge 84
PoE Requirements 85
Power Budget and Management 87
Multi-VLAN Access Port 89
Soft Phones and Voice VLANs 90
QoS Considerations 90
Recommended Practices for QoS 91
Transmit Queue Congestion 91
QoS Role in the Campus 92
Campus QoS Design Considerations 92
Cisco Catalyst Integrated Security Features 93
Port Security Prevents MAC-Based Attacks 93
DHCP Snooping Protects Against Rogue and Malicious
DHCP Servers 94
Dynamic ARP Inspection Protects Against ARP Poisoning 94
IP Source Guard Protects Against Spoofed IP Addresses 95
Example Catalyst Integrated Security Feature Configuration 95
Summary 95
References 96
Review Questions 97
Chapter 3 Developing an Optimum Design for Layer 3 101
Designing Advanced IP Addressing 101
IP Address Planning as a Foundation 102
Summary Address Blocks 102
Summarization for IPv6 103
Changing IP Addressing Needs 104
Planning Addresses 104
Applications of Summary Address Blocks 105
Implementing Role-Based Addressing 105
Bit Splitting for Route Summarization 106
Example: Bit Splitting for Area 1 107
IPv6 Address Planning 107
Bit Splitting for IPv6 108
Addressing for VPN Clients 109
NAT in the Enterprise 109
NAT with External Partners 110
Design Considerations for IPv6 in Campus Networks 111
IPv6 Campus Design Considerations 111
Dual-Stack Model 112
Hybrid Model 112
Service Block Model 114
Designing Advanced Routing 115
Route Summarization and Default Routing 115
Originating Default Routes 116
Stub Areas and Default Route 117
Route Filtering in the Network Design 118
Inappropriate Transit Traffic 118
Defensive Filtering 120
Designing Redistribution 121
Filtered Redistribution 122
Migrating Between Routing Protocols 123
Designing Scalable EIGRP Designs 123
Scaling EIGRP Designs 124
EIGRP Fast Convergence 124
EIGRP Fast-Convergence Metrics 125
Scaling EIGRP with Multiple Autonomous Systems 126
Example: External Route Redistribution Issue 126
Filtering EIGRP Redistribution with Route Tags 127
Filtering EIGRP Routing Updates with Inbound Route Tags 128
Example: Queries with Multiple EIGRP Autonomous Systems 130
Reasons for Multiple EIGRP Autonomous Systems 130
Designing Scalable OSPF Design 131
Factors Influencing OSPF Scalability 131
Number of Adjacent Neighbors and DRs 132
Routing Information in the Area and Domain 132
Designing OSPF Areas 133
Area Size: How Many Routers in an Area? 134
OSPF Hierarchy 134
Area and Domain Summarization 136
Number of Areas in an OSPF Hub-and-Spoke Design 137
OSPF Hub-and-Spoke Design 137
Issues with Hub-and-Spoke Design 138
OSPF Hub-and-Spoke Network Types 140
OSPF Area Border Connection Behavior 141
Fast Convergence in OSPF 142
OSPF Exponential Backoff 143
Tuning OSPF Parameters 143
OSPF LSA Pacing 145
OSPF Event Processing 145
Bidirectional Forwarding Detection 145
Designing Scalable BGP Designs 146
Scaling BGP Designs 146
Full-Mesh IBGP Scalability 147
Scaling IBGP with Route Reflectors 148
BGP Route Reflector Definitions 148
Route Reflector Basics 150
Scaling IBGP with Confederations 151
BGP Confederation Definitions 151
Confederation Basics 151
Confederations Reduce Meshing 152
Deploying Confederations 154
Summary 155
References 157
Review Questions 158
Chapter 4 Advanced WAN Services Design Considerations
Advanced WAN Service Layers 161
Enterprise Optical Interconnections 162
Overview of SONET and SDH 163
Enterprise View of SONET WDM Overview 165
CWDM Technical Overview 164
DWDM Technical Overview 166
DWDM Systems 167
RPR Overview 168
RPR in the Enterprise 168
Metro Ethernet Overview 170
Metro Ethernet Service Model 170
Metro Ethernet Architecture 170
Metro Ethernet LAN Services 172
Ethernet Private Line Service 173
Ethernet Relay Service 174
Ethernet Wire Service 175
Ethernet Multipoint Service 175
Ethernet Relay Multipoint Service 176
Any Transport over MPLS 176
Ethernet over MPLS 177
End-to-End QoS 179
Shaping and Policing on Subrate Ethernet WAN 180
Choosing the Right Service 181
VPLS Overview 181
VPLS Architecture Model 182
VPLS in the Enterprise 183
Hierarchical VPLS Overview 184
Scaling VPLS 184
QoS Issues with EMS or VPLS 186
EMS or VPLS and Routing Implications 186
VPLS and IP Multicast 187
VPLS Availability 187
MPLS VPN Overview 187
Customer Considerations with MPLS VPNs 188
Routing Considerations: Backdoor Routes 189
Routing Considerations: Managed Router Combined with Internal Routing 189
Routing Considerations: Managed Router from
Two Service Providers 190
Implementing Advanced WAN Services 191
Advanced WAN Service Selection 192
Business Risk Assessment 192
WAN Features and Requirements 194
SLA Overview 195
SLA Monitoring 196
Application Performance Across the WAN 197
WAN CPE Selection Considerations 198
Cisco PfR Overview 200
Cisco PfR Operations 200
Cisco PfR Design and Deployment Considerations 203
Summary 204
References 205
Review Questions 206
Chapter 5 Enterprise Data Center Design 211
Designing the Core and Aggregation Layers 212
Data Center Architecture Overview 213
Benefits of the Three-Layer Model 213
The Services Layer 214
Using Dedicated Service Appliances 215
Data Center Core Layer Design 217
Layer 3 Characteristics for the Data Center Core 218
OSPF Routing Protocol Design Recommendations 220
EIGRP Routing Protocol Design Recommendations 221
Aggregation Layer Design 221
Scaling the Aggregation Layer 223
STP Design 224
Understanding Bridge Assurance 226
Integrated Service Modules 227
Service Module Placement Consideration 227
Service Modules and the Services Layer 228
Active STP, HSRP, and Service Context Alignment 230
Active/Standby Service Module Design 232
Active/Active Service Module Design 232
Establishing Inbound Path Preference 233
Using VRFs in the Data Center 235
Using the Cisco Nexus 7000 Series in the Core and Aggregation Layer 236
VDCs 238
Designs Enabled by VDCs 239 vPCs 241
vPC Best Practices 242
Designs Enabled by vPC 243
Layer 2 Multipathing 244
Designing the Access Layer 245
Overview of the Data Center Access Layer 245
Layer 2 Looped Designs 246
Layer 2 Looped Topologies 247
Layer 2 Looped Design Issues 249
Layer 2 Loop-Free Designs 250
Loop-Free Topologies 251
Example: Loop-Free U Design and Layer 2 Service Modules 253
Example: Loop-Free U Design and Cisco ACE Service Module 254
Layer 2 FlexLink Designs 255
FlexLink Issues and Considerations 256
Comparison of Layer 2 Access Designs 259
Layer 3 Access Layer Designs 260
Multicast Source Support 261
Benefits of Layer 3 Access 262
Drawbacks of Layer 3 Access 262
Blade Server Overview 262
Blade Server Connectivity Options 264
Blade Server Trunk Failover Feature 265
Virtual Blade Switching 266
Cisco Nexus Switch Family in the Access Layer 267
TOR and EOR Designs 267
Static and Dynamic Pinning 267
Cisco Nexus 2000 FEX Dynamic Pinning 268
Virtual Port Channel in the Data Center Access Layer 269
Straight-Through FEX Design 270
Active/Active FEX Design 270
Cisco Nexus 1000V in the Data Center Access Layer 272
Virtual Port Channel Host Mode 273
Design Considerations for the Cisco Nexus 1000V 274
Cisco Nexus 1010 275
Layer 2 or Layer 3 Access Design? 276
Scaling the Data Center Architecture 277
TOR Versus EOR Designs 277
Cabinet Design with TOR Switching 279
Example: Network Topology with TOR Switching Model 280
Cabinet Design with Modular Access Switches 281
Example: Network Topology with Modular Access Switches 281
Cabinet Design with Fabric Extenders 282
Server NIC Density 284
Hybrid Example with a Separate OOB Switch 284
Oversubscription and Uplinks 285
Scaling Bandwidth and Uplink Density 286
Optimizing EtherChannel Utilization with Load Balancing 286
Optimizing EtherChannel Utilization with Min-Links 287
Scaling with Service Layer Switches 288
Scaling Service on Cisco ACE Modules 289
Scaling Spanning Tree and High Availability 290
Scalability 290
STPs in the Data Center 290
STP Scaling 291
STP Logical Interfaces 292
STP Scaling with 120 Systemwide VLANs 293
STP in 1RU Designs 295
STP Scaling Design Guidelines 295
Scaling the Data Center Using Zones 296
High Availability in the Data Center 296
Common NIC Teaming Configurations 296
Server Attachment Methods 298
High Availability and Failover Times 299
High Availability and Cisco NSF with SSO 300
Describing Network Virtualization in More Detail 302
Definition of Virtualization 302
Virtualization Categories 303
Network Virtualization 304
Virtual Routing and Forwarding 305
Layer 3 VPNs and Network Virtualization 306
Summary 308
References 308
Review Questions 309
Chapter 6 SAN Design Considerations 313
Identifying SAN Components and Technologies 314
SAN Components 315
RAID Overview 317
Storage Topologies 318
DAS 318
NAS 319
SAN Technologies 320
SCSI Overview 320
Fibre Channel Overview 321
Fibre Channel Communications Model 322
VSAN 323
IVR 324
FSPF 325
Zoning 325
FICON 326
SANTap 327
Designing SAN and SAN Extension 328
Port Density and Topology Requirements 329
Device Oversubscription 330
Traffic Management 331
Fault Isolation 331
Convergence and Stability 331
SAN Designs with the Cisco MDS 9000 Family 331
SAN Consolidation with VSANs 332
Comprehensive SAN Security 332
Simplified SAN Management 332
Single-Switch Collapsed-Core Design 333
Small-Scale, Dual-Fabric Collapsed-Core Design 334
Medium-Scale, Dual-Fabric Collapsed-Core Design 335
Large-Scale, Dual-Fabric Core-Edge Design 336
SAN Extension 337
SAN Extension Protocols 339
Fibre Channel over IP 339 iSCSI 340
SAN Extension Developments 342
High-Availability SAN Extension 343
Integrated Fabric Designs Using Cisco Nexus Technology Overview 343
Unified Fabric Technologies 344
I/O Consideration in the Data Center 345
Challenges When Building a Unified Fabric Based on 10 Gigabit Ethernet 346
SAN Protocol Stack Extensions 348
FCoE Components: Converged Network Adapter 349
FCoE Components: Fibre Channel Forwarder 350
Data Center Bridging Standards 351
Unified Fabric Design Considerations 352
Deploying Nexus in the Access Layer 353
Nexus 5000/2000 Deployment Options in the Data Center 355
FCoE VLAN to VSAN Mapping, VLAN Trunking, and the CNA 355
Switch Mode Versus NPV Mode 357
Unified Fabric Best Practices 358
Summary 359
References 359
Review Questions 360
Chapter 7 E-Commerce Module Design 363
Designing High Availability for E-Commerce 363
E-Commerce High-Availability Requirements 364
Components of High Availability 364
Redundancy 365
Technology 365
People 366
Processes 366
Tools 367
Common E-Commerce Module Designs 368
Common E-Commerce Firewall Designs 368
Typical E-Commerce Module Topology 368
Using a Server as an Application Gateway 370
Virtualization with Firewall Contexts 371
Virtual Firewall Layers 372
Firewall Modes 373
Common E-Commerce Server Load Balancer Designs 375
Functions of a Server Load Balancer 375
SLB Design Models 376
SLB Router Mode 377
Application Control Engine 378
SLB Inline Bridge Mode 378
SLB One-Armed Mode 379
Common E-Commerce Design Topologies for Connecting to Multiple ISPs 382
One Firewall per ISP 382
Stateful Failover with Common External Prefix 384
Distributed Data Centers 384
Design Option: Distributed Data Centers 385
Additional Data Center Services 386
Integrated E-Commerce Designs 388
Base E-Commerce Module Design 388
Base Design Routing Logic 390
Base Design Server Traffic Flows 391
Two Firewall Layers in the E-Commerce Module Design 393
Traffic Flows in a Two-Firewall Layer Design 394
One-Armed SLB Two-Firewall E-Commerce Module Design 395
Traffic Flows in a One-Armed SLB Two-Firewall Layer
Design 396
Direct Server Traffic Flows in a One-Armed SLB Two-Firewall
Layer Design 398
One-Armed SLB E-Commerce Module Design with Firewall
Contexts 398
Traffic Flows in a One-Armed SLB Design with Firewall Contexts 400
One-Armed SLB E-Commerce Module Design with ACE 401
Testing E-Commerce Module Designs 403
Summary 404
References 405
Review Questions 405
Chapter 8 Security Services Design 407
Designing Firewalls 407
Firewall Modes 408
Zone-Based Policy Firewall 410
Virtual Firewall Overview 411
Firewall Context Design Considerations 413
MSFC Placement 414
Active/Active Firewall Topology 415
Active/Active Topology Features 416
Asymmetric Routing with Firewalls 416
Asymmetric Routing with ASR Group on a Single FWSM 417
Asymmetric Routing with Active/Active Topology 418
Performance Scaling with Multiple FWSMs 419
Example: Load Balancing FWSMs Using PBR 419
Load Balancing FWSMs Using ECMP Routing 420
PVLAN Security 420
FWSM in a PVLAN Environment: Isolated Ports 422
FWSM in a PVLAN Environment: Community VLANs 423
Designing NAC Services 423
Network Security with Access Control 424
NAC Comparison 425
Cisco NAC Appliance Fundamentals 426
Cisco NAC Appliance Components 426
Cisco NAC Appliance Policy Updates 427
Process Flow with the Cisco NAC Appliance 428
Cisco NAS Scaling 429
Cisco NAS Deployment Options 429
Cisco NAS Gateway Modes 430
Cisco NAS Client Access Modes 431
Cisco NAS Operating Modes 431
Physical Deployment Models 432
Cisco NAC Appliance Designs 432
Layer 2 In-Band Designs 434
Example: Layer 2 In-Band Virtual Gateway 434
Example: Layer 2 In-Band Real IP Gateway 435
Layer 2 Out-of-Band Designs 435
Example: Layer 2 Out-of-Band Virtual Gateway 436
Layer 3 In-Band Designs 437
Example: Layer 3 In-Band Virtual Gateway 437
Example: Layer 3 In-Band with Multiple Remotes 438
Layer 3 Out-of-Band Designs 439
Example: Layer 3 OOB with Addressing 440
NAC Framework Overview 441
Router Platform Support for the NAC Framework 442
Switch Platform Support for the NAC Framework 443
IPS and IDS Overview 444
Threat Detection and Mitigation 444
IDSs 444
Intrusion-Prevention Systems 445
IDS and IPS Overview 446
Host Intrusion-Prevention Systems 447
IDS and IPS Design Considerations 447
IDS or IPS Deployment Considerations 448
IPS Appliance Deployment Options 448
Feature: Inline VLAN Pairing 450
IPS Deployment Challenges 450
IDS or IPS Management Interface Deployment Options 450
In-Band Management Through Tunnels 451
IDS and IPS Monitoring and Management 451
Scaling Cisco Security MARS with Global Controller
Deployment 453
Summary 453
References 454
Review Questions 455
Chapter 9 IPsec and SSL VPN Design 459
Designing Remote-Access VPNs 459
Remote-Access VPN Overview 460
Example: Cisco Easy VPN Client IPsec Implementation461
SSL VPN Overview 461
Clientless Access 462
Thin Client 463
Thick Client 464
Remote-Access VPN Design Considerations 464
VPN Termination Device and Firewall Placement 465
Address Assignment Considerations 465
Routing Design Considerations 465
Other Design Considerations 466
Designing Site-to-Site VPNs 467
Site-to-Site VPN Applications 468
WAN Replacement Using Site-to-Site IPsec VPNs 468
WAN Backup Using Site-to-Site IPsec VPNs 469
Regulatory Encryption Using Site-to-Site IPsec VPNs 470
Site-to-Site VPN Design Considerations 470
IP Addressing and Routing 470
Scaling, Sizing, and Performance 471
Cisco Router Performance with IPsec VPNs 471
Typical VPN Device Deployments 475
Design Topologies 476
VPN Device Placement Designs 476
VPN Device Parallel to Firewall 476
VPN Device on a Firewall DMZ 477
Integrated VPN and Firewall 478
Using IPsec VPN Technologies 478
IPsec VPN Overview 478
Extensions to Basic IPsec VPNs 480
Cisco Easy VPN 480
Overview of Cisco Easy VPN Server Wizard on Cisco SDM 480
Overview of Easy VPN Remote Wizard on Cisco SDM 482
GRE over IPsec Design Recommendations 483
GRE over IPsec Design Recommendations 483
DMVPN 485
DMVPN Overview 485
DMVPN Design Recommendations 487
Virtual Tunnel Interfaces Overview 487
Group Encrypted Transport VPN 489
GET VPN Topology 489
Managing and Scaling VPNs 491
Recommendations for Managing VPNs 491
Considerations for Scaling VPNs 491
Determining PPS 493
Routing Protocol Considerations for IPsec VPNs 497
EIGRP Metric Component Consideration 498
Summary 498
References 499
Review Questions 500
Chapter 10 IP Multicast Design 505
IP Multicast Technologies 506
Introduction to Multicast 506
Multicast Versus Unicast 506
IP Multicast Group Membership 507
Multicast Applications and Multicast
Adoption Trends 508
Learning About Multicast Sessions 509
Advantages of Multicast 510
Disadvantages of Multicast 510
Multicast IP Addresses 511
Layer 2 Multicast Addresses 512
Multicast Address Assignment 514
Cisco Multicast Architecture 515
IGMP and CGMP 516
IGMP Version 1 516
IGMP Version 2 517
IGMP Version 3 518
Multicast with Layer 2 Switches 518
IGMP Snooping 519
CGMP 520
PIM Routing Protocol 520
PIM Terminology 521
Multicast Distribution Tree Creation 522
Reverse Path Forwarding 522
Source Distribution Trees 524
Shared Distribution Trees 525
Multicast Distribution Tree Notation 527
Deploying PIM and RPs 527
PIM Deployment Models 527
ASM or PIM-SM 528
PIM-SM Shared Tree Join 528
PIM-SM Sender Registration 529
PIM-SM SPT Switchover 530
Bidirectional PIM 532
Source-Specific Multicast 533
SSM Join Process 534
SSM Source Tree Creation 535
PIM Dense Mode 535
RP Considerations 536
Static RP Addressing 537
Anycast RP 537
Auto-RP 538
DM Fallback and DM Flooding 540
Boot Strap Router 541
Securing IP Multicast 543
Security Considerations for IP Multicast 543
Security Goals for Multicast Environments 543
Unicast and Multicast State Requirements 544
Unicast and Multicast Replication Requirements 546
Attack Traffic from Rogue Sources to Receivers 547
Attack Traffic from Sources to Networks Without Receivers 547
Attack Traffic from Rogue Receivers 548
Scoped Addresses 548
Multicast Access Control 549
Packet Filter-Based Access Control 549
Host Receiver-Side Access Control 551
PIM-SM Source Control 552
Disabling Multicast Groups for IPv6 553
Multicast over IPsec VPNs 553
Traditional Direct Encapsulation IPsec VPNs 554
Multicast over IPsec GRE 555
Multicast over DMVPN 555
Multicast Using GET VPN 557
Summary 558
References 560
Review Questions 561
Chapter 11 Network Management Capabilities Within Cisco IOS Software 565
Cisco IOS Embedded Management Tools 565
Embedded Management Rationale 566
Network Management Functional Areas 566
Designing Network Management Solutions 567
Cisco IOS Software Support of Network Management 567
Application Optimization and Cisco IOS Technologies 568
Syslog Considerations 571
Cisco IOS Syslog Message Standard 571
Issues with Syslog 572
NetFlow 573
NetFlow Overview 573
Principal NetFlow Uses 574
Definition of a Flow 574
Traditional IP Flows 575
Flow Record Creation 576
NetFlow Cache Management 578
NetFlow Export Versions 579
NetFlow Version 9 Export Packet 580
Flexible NetFlow Advantages 581
NetFlow Deployment 582
Where to Apply NetFlow Monitoring 582
NBAR 583
NBAR Overview 583
NBAR Packet Inspection 584
NBAR Protocol Discovery 586
NetFlow and NBAR Differentiation 586
Reporting NBAR Protocol Discovery Statistics from the Command Line 587
NBAR and Cisco AutoQoS 588
Cisco AutoQoS for the Enterprise 589
Example: Cisco AutoQoS Discovery Progress 590
Cisco AutoQoS Suggested Policy 591
IP SLA Considerations 592
IP SLA Overview 592
SLAs 592
Cisco IOS IP SLA Measurements 593
IP SLA SNMP Features 594
Deploying IP SLA Measurements 595
Impact of QoS Deployment on IP SLA Statistics 596
Scaling IP SLA Deployments 597
Hierarchical Monitoring with IP SLA Measurements 598
Network Management Applications Using IP SLA Measurements 599
CiscoWorks IPM Application Example 599
IP SLA Network Management Application Consideration 600
Summary 600
References 602
Review Questions 603
Appendix A Answers to Review Questions 605
Appendix B Acronyms and Abbreviations 611
Appendix C VoWLAN Design 625
Index 675
معرفی کتاب The Book of GNS3
Foreword By Jeremy Grossmann
Acknowledgments
Introduction
Chapter 1: Introducing GNS3
Chapter 2: Installing A Basic GNS3 System
Chapter 3: Configuration
Chapter 4: Creating And Managing Projects
Chapter 5: Integrating Hosts And Using Wireshark
Chapter 6: Juniper Olive And Vsrx Firefly
Chapter 7: Device Nodes, Live Switches, And The Internet
Chapter 8: Cisco ASA, IDS/IPS, And IOS-Xrv
Chapter 9: Cisco IOS On Unix And NX-Osv
Chapter 10: Cool Things To Do On A Rainy Day
Appendix A: Help! I’ve Fallen And I Can’t Get Up
Appendix B: Cisco Hardware Compatible With GNS3
Appendix C: NM-16ESW And IOU L2 Limitations
Glossary
Index
معرفی کتاب آموزش کاربردی ویندوز سرور 2003
کتاب آموزش ویندوز سرور ۲۰۰۳ تمامی مباحث مربوط به windows server 2003 را پوشش می دهد. این کتاب توسط رضا بهرامی راد مطابق با سرفصل های شبکه های کامپیوتری با نظارت کامل مهندس وحید بایرامی راد در ۳۸۵ صفحه و حجم 19 مگابایت نگاشته شده است. در این کتاب مفید می آموزید که چگونه یک سرور که توسط سیستم عامل ویندوز سرور ۲۰۰۳ راه اندازی شده را مدیریت کنید. همچنین کلیه مباحث Domain , login , IP شبکه و … را خواهید آموخت.
تبریک سال جدید شمسی
به نام خداوند جهان آفرین
برآمـد باد صبح و بوی نوروز به کام دوستـان و بخت پیروز
با آمدن بهار، سال نو میشود و این دگرگونی فصلها سرشار از آیهها و نشانههای خداوند متعال است در این پهنه هستی، حیات دوباره زمین فرصتی را فراهم میآورد تا هم نوا و هم صدا با تحویل سال پیام تحول در حالمان را به سوی بهترین احوال دریابیم. سال پیش رو را با نوید میلاد کوثر قرآن آغاز میکنیم، میلادش تولد بهاراست؛ تولد آب است و تولد هر چه پاکی و زلالی، سالی سرشار از برکت که آغاز و پایانش طلوع خورشید است، میلاد حضرت فاطمه (س) پر از رحمت و برکت است و راهش ادامه راه نورانی انبیاء. همکاران عزیز، بی تردید سالی که گذشت با تمام فراز و نشیبها، سالی سرشار از موفقیت را برای مجموعه بزرگ مان به همراه داشت، به لطف الهی و عنایت ائمه هدی (ع) شرکت ایساتیس نت امروز با کارنامه ای درخشان توانسته صاحب موقعیتی ممتاز بشود.
بدون شک مهمترین و ارزشمندترین سرمایه ای که در مجموعه بزرگ ایساتیس نت داریم، خلاقیت و ابتکاری است که از نیروی انسانی شاداب، باهوش، با علقه سازمانی قوی و هم دل که تارو پود در هم تنیده شرکت را تشکیل میدهد، نشأت میگیرد و نباید فراموش کنیم که رمز موفقیت ما در همدلی است تا در کنار یکدیگر و خلق افکار و راهکارهای بدیع و نوین در عرصههای مختلف نمایش آهنگین و روح بخشی را به منصه ظهور برسانیم.
امیدواریم با تلاش همه دوستان با یک جهش بزرگ بتوانیم مرحله نهایی را نیز پشت سر بگذاریم و به همین منظور ما همه گروههای کاری خود را به حول و قوه الهی برای صعود به قله نهایی آماده کردهایم. برخود لازم می دانم درفصل شکوفایی طبیعت، حلول سال 1395 و نوروز باستانی را به یکایک شما همکاران عزیز تبریک گفته و در سایه توجهات باری تعالی ایامی سرشار از موفقیت، سعادت، معنویت و بهروزی را برایتان آرزو نمایم.
روتر سیسکو چگونه بوت می شود؟
we will learn about the main components of a Cisco router and how the boot process takes place.
Generally Cisco routers (and switches) contain four types of memory:
- Read-Only Memory (ROM): ROM stores the router’s bootstrap startup program, operating system software, and power-on diagnostic test programs (POST).
- Flash Memory: Generally referred to simply as “flash”, the IOS images are held here. Flash is erasable and reprogrammable ROM. Flash memory content is retained by the router on reload.
- Random-Access Memory (RAM): Stores operational information such as routing tables and the running configuration file. RAM contents are lost when the router is powered down or reloaded.
- Non-volatile RAM (NVRAM): NVRAM holds the router’s startup configuration file. NVRAM contents are not lost when the router is powered down or reloaded.
Some comparisons to help you remember easier:
- RAM is a volatile memory so contents are lost on reload, where NVRAM and Flash contents are not.
- NVRAM holds the startup configuration file, where RAM holds the running configuration file.
- ROM contains a bootstrap program called ROM Monitor (or ROMmon). When a router is powered on, the bootstrap runs a hardware diagnostic called POST (Power-On Self Test).
The following details the router boot process:
- The router is powered on.
- The router first runs Power-On Self Test (POST)
- The bootstrap checks the Configuration Register value to specify where to load the IOS. By default (the default value of Configuration Register is 2102, in hexadecimal), the router first looks for “boot system” commands in startup-config file. If it finds these commands, it will run boot system commands in order they appear in startup-config to locate the IOS. If not, the IOS image is loaded from Flash. If the IOS is not found in Flash, the bootstrap can try to load the IOS from TFTP server or from ROM (mini-IOS).
- After the IOS is found, it is loaded into RAM.
- The IOS attempts to load the configuration file (startup-config) from NVRAM to RAM. If the startup-config is not found in NVRAM, the IOS attempts to load a configuration file from TFTP. If no TFTP server responds, the router enters Setup Mode (Initial Configuration Mode).
And this is the process we can see on our screen when the router is turned on:
In short, when powered on the router needs to do:
- Run POST to check hardware
- Search for a valid IOS (the Operating System of the router)
- Search for a configuration file (all the configurations applied to this router)
Specify how much RAM, NVRAM and Flash of a router Also, from the information shown above, we can learn some information about router’s model, RAM, Flash, NVRAM memories as shown below:
Note: The “show version” command also gives us this information.
All the above information is straight-forwarding except the information of RAM. In some series of routers, the RAM information is displayed by 2 parameters (in this case 60416K/5120K). The first parameter indicates how much RAM is in the router while the second parameter (5120K) indicates how much DRAM is being used for Packet memory. Packet memory is used for buffering packets.So, from the output above we can learn:
- Amount of RAM: 60416 + 5120 = 65536KB / 1024 = 64MB
- Amount of NVRAM: 239KB
- Amount of Flash: 62720KB
معرفی کتاب CCNA Security Official Exam Certification Guide
Foreword xxvi
Introduction xxvii
Part I Network Security Concepts 3
Chapter 1 Understanding Network Security Principles 5
“Do I Know This Already?” Quiz 5
Foundation Topics 9
Exploring Security Fundamentals 9
Why Network Security Is a Necessity 9
Types of Threats 9
Scope of the Challenge 10
Nonsecured Custom Applications 11
The Three Primary Goals of Network Security 12
Confidentiality 12
Integrity 12
Availability 13
Categorizing Data 13
Classification Models 13
Classification Roles 15
Controls in a Security Solution 16
Responding to a Security Incident 17
Legal and Ethical Ramifications 18
Legal Issues to Consider 19
Understanding the Methods of Network Attacks 20
Vulnerabilities 20
Potential Attackers 21
The Mind-set of a Hacker 23
Defense in Depth 24
Understanding IP Spoofing 27
Launching a Remote IP Spoofing Attack with IP Source Routing 28
Launching a Local IP Spoofing Attack Using a Man-in-the-Middle Attack 29
Protecting Against an IP Spoofing Attack 30
Understanding Confidentiality Attacks 31
Understanding Integrity Attacks 33
Understanding Availability Attacks 36
Best-Practice Recommendations 40
Exam Preparation Tasks 41
Review All the Key Topics 41
Complete the Tables and Lists from Memory 42
Definition of Key Terms 42
Chapter 2 Developing a Secure Network 45
“Do I Know This Already?” Quiz 45
Foundation Topics 49
Increasing Operations Security 49
System Development Life Cycle 49
Initiation 49
Acquisition and Development 49
Implementation 50
Operations and Maintenance 50
Disposition 51
Operations Security Overview 51
Evaluating Network Security 52
Nmap 54
Disaster Recovery Considerations 55
Types of Disruptions 56
Types of Backup Sites 56
Constructing a Comprehensive Network Security Policy 57
Security Policy Fundamentals 57
Security Policy Components 58
Governing Policy 58
Technical Policies 58
End-User Policies 59
More-Detailed Documents 59
Security Policy Responsibilities 59
Risk Analysis, Management, and Avoidance 60
Quantitative Analysis 60
Qualitative Analysis 61
Risk Analysis Benefits 61
Risk Analysis Example: Threat Identification 61
Managing and Avoiding Risk 62
Factors Contributing to a Secure Network Design 62
Design Assumptions 63
Minimizing Privileges 63
Simplicity Versus Complexity 64
User Awareness and Training 64
Creating a Cisco Self-Defending Network 66
Evolving Security Threats 66
Constructing a Cisco Self-Defending Network 67
Cisco Security Management Suite 69
Cisco Integrated Security Products 70
Exam Preparation Tasks 74
Review All the Key Topics 74
Complete the Tables and Lists from Memory 75
Definition of Key Terms 75
Chapter 3 Defending the Perimeter 77
“Do I Know This Already?” Quiz 77
Foundation Topics 81
ISR Overview and Providing Secure Administrative Access 81
IOS Security Features 81
Cisco Integrated Services Routers 81
Cisco 800 Series 82
Cisco 1800 Series 83
Cisco 2800 Series 84
Cisco 3800 Series 84
ISR Enhanced Features 85
Password-Protecting a Router 86
Limiting the Number of Failed Login Attempts 92
Setting a Login Inactivity Timer 92
Configuring Privilege Levels 93
Creating Command-Line Interface Views 93
Protecting Router Files 95
Enabling Cisco IOS Login Enhancements for Virtual Connections 96
Creating a Banner Message 98
Cisco Security Device Manager Overview 99
Introducing SDM 99
Preparing to Launch Cisco SDM 101
Exploring the Cisco SDM Interface 102
Exam Preparation Tasks 106
Review All the Key Topics 106
Complete the Tables and Lists from Memory 106
Definition of Key Terms 106
Command Reference to Check Your Memory 107
Chapter 4 Configuring AAA 111
“Do I Know This Already?” Quiz 111
Foundation Topics 115
Configuring AAA Using the Local User Database 115
Authentication, Authorization, and Accounting 115
AAA for Cisco Routers 115
Router Access Authentication 116
Using AAA to Configure Local User Database Authentication 117
Implementing the aaa authorization Command 122
Working with the aaa accounting Command 124
Using the CLI to Troubleshoot AAA for Cisco Routers 126
Using Cisco SDM to Configure AAA 127
Configuring AAA Using Cisco Secure ACS 128
Overview of Cisco Secure ACS for Windows 129
Additional Features of Cisco Secure ACS 4.0 for Windows 130
Cisco Secure ACS 4.0 for Windows Installation 132
Overview of TACACS+ and RADIUS 137
TACACS+ Authentication 138
Command Authorization with TACACS+ 140
TACACS+ Attributes 140
Authentication and Authorization with RADIUS 141
RADIUS Message Types 142
RADIUS Attributes 142
Features of RADIUS 143
Configuring TACACS+ 144
Using the CLI to Configure AAA Login Authentication on Cisco Routers 144
Configuring Cisco Routers to Use TACACS+ Using the Cisco SDM 146
Defining the AAA Servers 147
Exam Preparation Tasks 149
Review All the Key Topics 149
Complete the Tables and Lists from Memory 150
Definition of Key Terms 150
Command Reference to Check Your Memory 150
Chapter 5 Securing the Router 155
“Do I Know This Already?” Quiz 155
Foundation Topics 158
Locking Down the Router 158
Identifying Potentially Vulnerable Router Interfaces and Services 158
Locking Down a Cisco IOS Router 160
AutoSecure 161
Cisco SDM One-Step Lockdown 166
Using Secure Management and Reporting 171
Planning for Secure Management and Reporting 172
Secure Management and Reporting Architecture 172
Configuring Syslog Support 175
Securing Management Traffic with SNMPv3 179
Enabling Secure Shell on a Router 183
Using Cisco SDM to Configure Management Features 185
Configuring Syslog Logging with Cisco SDM 186
Configuring SNMP with Cisco SDM 190
Configuring NTP with Cisco SDM 194
Configuring SSH with Cisco SDM 196
Exam Preparation Tasks 201
Review All the Key Topics 201
Complete the Tables and Lists from Memory 201
Definition of Key Terms 202
Command Reference to Check Your Memory 202
Part II Constructing a Secure Infrastructure 205
Chapter 6 Securing Layer 2 Devices 207
“Do I Know This Already?” Quiz 207
Foundation Topics 211
Defending Against Layer 2 Attacks 211
Review of Layer 2 Switch Operation 211
Basic Approaches to Protecting Layer 2 Switches 212
Preventing VLAN Hopping 213
Switch Spoofing 213
Double Tagging 214
Protecting Against an STP Attack 215
Combating DHCP Server Spoofing 218
Using Dynamic ARP Inspection 220
Mitigating CAM Table Overflow Attacks 222
Spoofing MAC Addresses 223
Additional Cisco Catalyst Switch Security Features 225
Using the SPAN Feature with IDS 226
Enforcing Security Policies with VACLs 226
Isolating Traffic Within a VLAN Using Private VLANs 227
Traffic Policing 228
Notifying Network Managers of CAM Table Updates 228
Port Security Configuration 228
Configuration Recommendations 231
Cisco Identity-Based Networking Services 232
Introduction to Cisco IBNS 232
Overview of IEEE 802.1x 234
Extensible Authentication Protocols 236
EAP-MD5 236
EAP-TLS 236
PEAP (MS-CHAPv2) 238
EAP-FAST 239
Combining IEEE 802.1x with Port Security Features 239
Chapter 7 Implementing Endpoint Security 251
“Do I Know This Already?” Quiz 251
Foundation Topics 254
Examining Endpoint Security 254
Defining Endpoint Security 254
Examining Operating System Vulnerabilities 255
Examining Application Vulnerabilities 257
Understanding the Threat of Buffer Overflows 258
Buffer Overflow Defined 259
The Anatomy of a Buffer Overflow Exploit 259
Understanding the Types of Buffer Overflows 260
Additional Forms of Attack 261
Securing Endpoints with Cisco Technologies 265
Understanding IronPort 265
The Architecture Behind IronPort 266
Examining the Cisco NAC Appliance 266
Working with the Cisco Security Agent 268
Understanding Cisco Security Agent Interceptors 269
Examining Attack Response with the Cisco Security Agent 272
Best Practices for Securing Endpoints 273
Application Guidelines 274
Apply Application Protection Methods 274
Exam Preparation Tasks 276
Review All the Key Topics 276
Complete the Tables and Lists from Memory 277
Definition of Key Terms 277
Chapter 8 Providing SAN Security 279
“Do I Know This Already?” Quiz 279
Foundation Topics 282
Overview of SAN Operations 282
Fundamentals of SANs 282
Organizational Benefits of SAN Usage 283
Understanding SAN Basics 284
Fundamentals of SAN Security 285
Classes of SAN Attacks 286
Implementing SAN Security Techniques 287
Using LUN Masking to Defend Against Attacks 287
Examining SAN Zoning Strategies 288
Examining Soft and Hard Zoning 288
Understanding World Wide Names 289
Defining Virtual SANs 290
Combining VSANs and Zones 291
Identifying Port Authentication Protocols 292
Understanding DHCHAP 292
CHAP in Securing SAN Devices 292
Working with Fibre Channel Authentication Protocol 292
Understanding Fibre Channel Password Authentication Protocol 293
Assuring Data Confidentiality in SANs 293
Incorporating Encapsulating Security Payload (ESP) 294
Providing Security with Fibre Channel Security Protocol 294
Exam Preparation Tasks 295
Review All the Key Topics 295
Complete the Tables and Lists from Memory 295
Definition of Key Terms 295
Chapter 9 Exploring Secure Voice Solutions 297
“Do I Know This Already?” Quiz 297
Foundation Topics 301
Defining Voice Fundamentals 301
Defining VoIP 301
The Need for VoIP 302
VoIP Network Components 303
VoIP Protocols 305
Identifying Common Voice Vulnerabilities 307
Attacks Targeting Endpoints 307
VoIP Spam 308
Vishing and Toll Fraud 308
SIP Attack Targets 309
Securing a VoIP Network 310
Protecting a VoIP Network with Auxiliary VLANs 310
Protecting a VoIP Network with Security Appliances 311
Hardening Voice Endpoints and Application Servers 313
Summary of Voice Attack Mitigation Techniques 316
Exam Preparation Tasks 317
Review All the Key Topics 317
Complete the Tables and Lists from Memory 317
Definition of Key Terms 317
Chapter 10 Using Cisco IOS Firewalls to Defend the Network 319
“Do I Know This Already?” Quiz 319
Foundation Topics 323
Exploring Firewall Technology 323
The Role of Firewalls in Defending Networks 323
The Advance of Firewall Technology 325
Transparent Firewalls 326
Application Layer Firewalls 327
Benefits of Using Application Layer Firewalls 329
Working with Application Layer Firewalls 330
Application Firewall Limitations 332
Static Packet-Filtering Firewalls 333
Stateful Packet-Filtering Firewalls 335
Stateful Packet Filtering and the State Table 335
Disadvantages of Stateful Filtering 336
Uses of Stateful Packet-Filtering Firewalls 337
Application Inspection Firewalls 338
Application Inspection Firewall Operation 340
Effective Use of an Application Inspection Firewall 341
Overview of the Cisco ASA Adaptive Security Appliance 342
The Role of Firewalls in a Layered Defense Strategy 343
Creating an Effective Firewall Policy 345
Using ACLs to Construct Static Packet Filters 347
The Basics of ACLs 348
Cisco ACL Configuration 349
Working with Turbo ACLs 350
Developing ACLs 351
Using the CLI to Apply ACLs to the Router Interface 352
Considerations When Creating ACLs 353
Filtering Traffic with ACLs 354
Preventing IP Spoofing with ACLs 357
Restricting ICMP Traffic with ACLs 358
Configuring ACLs to Filter Router Service Traffic 360 vty Filtering 360
SNMP Service Filtering 361
RIPv2 Route Filtering 361
Grouping ACL Functions 362
Implementing a Cisco IOS Zone-Based Firewall 364
Understanding Cisco IOS Firewalls 364
Traffic Filtering 365
Traffic Inspection 366
The Role of Alerts and Audit Trails 366
Classic Firewall Process 367
SPI and CBAC 368
Examining the Principles Behind Zone-Based Firewalls 369
Changes to Firewall Configuration 370
Zone Membership Rules 371
Understanding Security Zones 373
Zones and Inspection 373
Security Zone Restrictions 373
Working with Zone Pairs 375
Security Zone Firewall Policies 376
Class Maps 378
Verifying Zone-Based Firewall Configuration 379
Exam Preparation Tasks 380
Review All the Key Topics 380
Complete the Tables and Lists from Memory 381
Definition of Key Terms 381
Command Reference to Check Your Memory 382
Chapter 11 Using Cisco IOS IPS to Secure the Network 385
“Do I Know This Already?” Quiz 385
Foundation Topics 388
Examining IPS Technologies 388
IDS Versus IPS 388
IDS and IPS Device Categories 389
Detection Methods 389
Network-Based Versus Host-Based IPS 391
Deploying Network-Based and Host-Based Solutions 394
IDS and IPS Appliances 395
Cisco IDS 4215 Sensor 396
Cisco IPS 4240 Sensor 397
Cisco IPS 4255 Sensor 397
Cisco IPS 4260 Sensor 397
Signatures 398
Exploit Signatures 398
Connection Signatures 399
String Signatures 399
Denial-of-Service Signatures 399
Signature Definition Files 399
Alarms 400
Using SDM to Configure Cisco IOS IPS 401
Launching the Intrusion Prevention Wizard 401
IPS Policies Wizard 404
Creating IPS Rules 410
Manipulating Global IPS Settings 417
Signature Configuration 419
Exam Preparation Tasks 425
Review All the Key Topics 425
Complete the Tables and Lists from Memory 425
Definition of Key Terms 425
Part III Extending Security and Availability with Cryptography and VPNs 427
Chapter 12 Designing a Cryptographic Solution 429
“Do I Know This Already?” Quiz 429
Foundation Topics 433
Introducing Cryptographic Services 433
Understanding Cryptology 433
Cryptography Through the Ages 434
The Substitution Cipher 434
The Vigenère Cipher 435
Transposition Ciphers 436
Working with the One-Time Pad 436
The Encryption Process 437
Cryptanalysis 438
Understanding the Features of Encryption Algorithms 440
Symmetric and Asymmetric Encryption Algorithms 441
Encryption Algorithms and Keys 441
Symmetric Encryption Algorithms 441
Asymmetric Encryption Algorithms 443
The Difference Between Block and Stream Ciphers 444
Block Ciphers 444
Stream Ciphers 445
Exploring Symmetric Encryption 445
Functionality of Symmetric Encryption Algorithms 446
Key Lengths 446
Features and Functions of DES 447
Working with the DES Key 447
Modes of Operation for DES 447
Working with DES Stream Cipher Modes 449
Usage Guidelines for Working with DES 449
Understanding How 3DES Works 450
Encrypting with 3DES 450
AES 451
The Rijndael Cipher 451
Comparing AES and 3DES 451
Availability of AES in the Cisco Product Line 452
SEAL 452
SEAL Restrictions 452
The Rivest Ciphers 452
Understanding Security Algorithms 453
Selecting an Encryption Algorithm 453
Understanding Cryptographic Hashes 455
Working with Hashing 455
Designing Key Management 456
Components of Key Management 456
Understanding Keyspaces 456
Issues Related to Key Length 457
SSL VPNs 458
Establishing an SSL Tunnel 459
Exam Preparation Tasks 460
Review All the Key Topics 460
Complete the Tables and Lists from Memory 461
Definition of Key Terms 461
Chapter 13 Implementing Digital Signatures 463
“Do I Know This Already?” Quiz 463
Foundation Topics 466
Examining Hash Algorithms 466
Exploring Hash Algorithms and HMACs 466
Anatomy of a Hash Function 467
Application of Hash Functions 467
Cryptographic Hash Functions 468
Application of Cryptographic Hashes 469
HMAC Explained 470
MD5 Features and Functionality 471
Origins of MD5 472
Vulnerabilities of MD5 473
Usage of MD5 475
SHA-1 Features and Functionality 475
Overview of SHA-1 476
Vulnerabilities of SHA-1 477
Usage of SHA-1 478
Using Digital Signatures 478
Understanding Digital Signatures 480
Digital Signature Scheme 483
Authentication and Integrity 483
Examining RSA Signatures 483
Exploring the History of RSA 484
Understanding How RSA Works 484
Encrypting and Decrypting Messages with RSA 485
Signing Messages with RSA 485
Vulnerabilities of RSA 486
Exploring the Digital Signature Standard 487
Using the DSA Algorithm 487
Exam Preparation Tasks 488
Review All the Key Topics 488
Complete the Tables and Lists from Memory 489
Definition of Key Terms 489
Chapter 14 Exploring PKI and Asymmetric Encryption 491
“Do I Know This Already?” Quiz 491
Foundation Topics 494
Understanding Asymmetric Algorithms 494
Exploring Asymmetric Encryption Algorithms 494
Using Public-Key Encryption to Achieve Confidentiality 495
Providing Authentication with a Public Key 496
Understanding the Features of the RSA Algorithm 497
Working with RSA Digital Signatures 498
Guidelines for Working with RSA 499
Examining the Features of the Diffie-Hellman Key Exchange Algorithm 499
Steps of the Diffie-Hellman Key Exchange Algorithm 500
Working with a PKI 500
Examining the Principles Behind a PKI 501
Understanding PKI Terminology 501
Components of a PKI 501
Classes of Certificates 502
Examining the PKI Topology of a Single Root CA 502
Examining the PKI Topology of Hierarchical CAs 503
Examining the PKI Topology of Cross-Certified CAs 505
Understanding PKI Usage and Keys 506
Working with PKI Server Offload 506
Understanding PKI Standards 507
Understanding X.509v3 507
Understanding Public Key Cryptography Standards (PKCS) 508
Understanding Simple Certificate Enrollment Protocol (SCEP) 510
Exploring the Role of Certificate Authorities and Registration Authorities in a PKI 511
Examining Identity Management 512
Retrieving the CA Certificate 513
Understanding the Certificate Enrollment Process 513
Examining Authentication Using Certificates 514
Examining Features of Digital Certificates and CAs 515
Understanding the Caveats of Using a PKI 516
Understanding How Certificates Are Employed 517
Exam Preparation Tasks 519
Review All the Key Topics 519
Complete the Tables and Lists from Memory 519
Definition of Key Terms 520
Chapter 15 Building a Site-to-Site IPsec VPN Solution 523
“Do I Know This Already?” Quiz 523
Foundation Topics 527
Exploring the Basics of IPsec 527
Introducing Site-to-Site VPNs 527
Overview of IPsec 529
IKE Modes and Phases 529
Authentication Header and Encapsulating Security Payload 531
Cisco VPN Product Offerings 533
Cisco VPN-Enabled Routers and Switches 533
Cisco VPN 3000 Series Concentrators 535
Cisco ASA 5500 Series Appliances 536
Cisco 500 Series PIX Security Appliances 538
Hardware Acceleration Modules 538
VPN Design Considerations and Recommendations 539
Best-Practice Recommendations for Identity and IPsec Access Control 540
Best-Practice Recommendations for IPsec 540
Best-Practice Recommendations for Network Address Translation 541
Best-Practice Recommendations for Selecting a Single-Purpose Versus
Multipurpose Device 541
Constructing an IPsec Site-to-Site VPN 542
The Five Steps in the Life of an IPsec Site-to-Site VPN 542
The Five Steps of Configuring an IPsec Site-to-Site VPN 543
Configuring an IKE Phase 1 Tunnel 543
Configuring an IKE Phase 2 Tunnel 545
Applying Crypto Maps 546
Using Cisco SDM to Configure IPsec on a Site-to-Site VPN 548
Introduction to the Cisco SDM VPN Wizard 548
Quick Setup 549
Step-by-Step Setup 559
Configuring Connection Settings 559
Selecting an IKE Proposal 561
Selecting a Transform Set 562
Selecting Traffic to Protect in the IPsec Tunnel 563
Part IV Final Preparation 589
Chapter 16 Final Preparation 577
Exam Engine and Questions on the CD 577
Install the Software from the CD 578
Activate and Download the Practice Exam 578
Activating Other Exams 579
Study Plan 579
Recall the Facts 580
Use the Exam Engine 580
Choosing Study or Simulation Mode 580
Passing Scores for the IINS Exam 581
Part V Appendixes 583
Appendix A Answers to “Do I Know This Already?” Questions 585
Appendix B Glossary 595
Appendix C CCNA Security Exam Updates: Version 1.0 617
Appendix D Memory Tables (CD only)
Appendix E Memory Tables Answer Key (CD only) Index 620
حجم: 13.8 مگابایت
زبان : انگلیسی
تعداد صفحات: 776
معرفی کتاب CCNA Voice 640-461 Official Cert Guide
Introduction
Part I Voice Perspectives
Chapter 1 Traditional Voice Versus Unified Voice 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Where It All Began: Analog Connections 6
The Evolution: Digital Connections 9
Moving from Analog to Digital 9
Channel Associated Signaling 11
Common Channel Signaling 12
Understanding the PSTN 13
Pieces of the PSTN 13
Understanding PBX and Key Systems 14
Connections to and Between the PSTN 14
PSTN Numbering Plans 16
The New Yet Not-So-New Frontier: VoIP 17
VoIP: Why It Is a Big Deal for Businesses 17
The Process of Converting Voice to Packets 18
Role of Digital Signal Processors 22
Understanding RTP and RTCP 23
Exam Preparation Tasks 25
Chapter 2 Understanding the Pieces of Cisco Unified Communications 27
“Do I Know This Already?” Quiz 27
Foundation Topics 30
Did Someone Say Unified? 30
Understanding Cisco Unified Communications Manager Express 31
CME Key Features 32
CME Interaction with Cisco IP Phones 32
A Match Made in Heaven: CME and CUE 35
Understanding Cisco Unified Communications Manager 37
CUCM Key Features 37
CUCM Database Replication and Interacting with Cisco IP Phones 38
Understanding Cisco Unity Connection 41
Cisco Unity Connection Key Features 42
Cisco Unity Connection and CUCM Interaction 43
Understanding Cisco Unified Presence 44
Cisco Unified Personal Communicator 45
Exam Preparation Tasks 46
Chapter 3 Understanding the Cisco IP Phone Concepts and Registration 49
“Do I Know This Already?” Quiz 49
Foundation Topics 52
Connecting and Powering Cisco IP Phones 52
Cisco Catalyst Switch PoE 54
Powering the IP Phone Using a Power Patch Panel or Coupler 54
Powering the IP Phone with a Power Brick 55
VLAN Concepts and Configuration 55
VLAN Review 55
VLAN Trunking/Tagging 56
Understanding Voice VLANs 58
VLAN Configuration 59
Understanding the Cisco IP Phone Boot Process 61
Configuring a Router-Based DHCP Server 61
Setting the Clock of a Cisco Device with NTP 63
IP Phone Registration 65
Exam Preparation Tasks 67
Part II Cisco Unified Communications Manager Express
Chapter 4 Getting Familiar with CME Administration 69
“Do I Know This Already?” Quiz 69
Foundation Topics 71
Managing CME Using the Command Line 71
Managing CME Using a Graphic User Interface 73
Exam Preparation Tasks 79
Chapter 5 Managing Endpoint and End Users with CME 81
“Do I Know This Already?” Quiz 81
Foundation Topics 84
Ensuring the Foundation 84
Voice VLAN 85
DHCP Services 85
TFTP Services 86
Base CME Configuration 87
Ephone and Ephone-DN—The Keys to Ringing Phones 88
Understanding and Configuring Ephone-DNs 89
Understanding and Configuring Ephones 90
Associating Ephones and Ephone-DNs 92
Adding Directory Numbers, Phones, and Users with CCP 95
Exam Preparation Tasks 102
Chapter 6 Understanding the CME Dial-Plan 105
“Do I Know This Already?” Quiz 105
Foundation Topics 108
Configuring Physical Voice Port Characteristics 108
Configuring Analog Voice Ports 108
Configuring Digital Voice Ports 112
Understanding and Configuring Dial Peers 117
Voice Call Legs 119
Configuring POTS Dial Peers 120
Configuring VoIP Dial Peers 124
Using Dial Peer Wildcards 126
Private Line Automatic Ringdown 128
Understanding Router Call Processing and Digit Manipulation 130
Matching Inbound and Outbound Dial Peers 132
Using Digit Manipulation 135
Using CCP to Configure a CME Dial-Plan 145
Understanding and Implementing CME Class of Restriction 146
Quality of Service 152
Understanding the Enemy 153
Requirements for Voice, Video, and Data Traffic 154
QoS Mechanisms 155
Link Efficiency Mechanisms 156
Queuing Algorithms 157
Applying QoS 158
Using Cisco AutoQoS 158
Exam Preparation Tasks 167
Chapter 7 Configuring Cisco Unified CME Voice Productivity Features 171
“Do I Know This Already?” Quiz 171
Foundation Topics 175
Configuring a Voice Network Directory 175
Configuring Call Forwarding 179
Forwarding Calls from the IP Phone 179
Forwarding Calls from the CLI 181
Using the call-forward pattern Command to Support H.450.3 181
Configuring Call Transfer 184
Configuring Call Park 185
Configuring Call Pickup 190
Configuring Intercom 193
Configuring Paging 196
Configuring After-Hours Call Blocking 199
Configuring CDRs and Call Accounting 203
Configuring Music on Hold 207
Configuring Single Number Reach 208
Enabling the Flash-Based CME GUI 210
Exam Preparation Tasks 214
Part III Cisco Unified Communications Manager
Chapter 8 Administrator and End-User Interfaces 217
“Do I Know This Already?” Quiz 217
Foundation Topics 220
Describe the CUCM GUI and CLI 220
Cisco Unified Communications Manager
Administration Interface 220
Cisco Unified Serviceability Administration Interface 221
Cisco Unified Operating System Administration Interface 223
Disaster Recovery System Interface 224
Cisco Unified Reporting Interface 224
CLI 224
User Management in CUCM: Roles and Groups 225
Describe the CUC GUI and CLI 227
Describe the Cisco Unified Presence Server GUI and CLI 230
Exam Preparation Tasks 232
Chapter 9 Managing Endpoints and End Users in CUCM 235
“Do I Know This Already?” Quiz 235
Foundation Topics 238
Implementing IP Phones in CUCM 238
Special Functions and Services Used by IP Phones 238
IP Phone Registration Process 240
SIP Phone Registration Process 240
Preparing CUCM to Support Phones 240
IP Phone Configuration Requirements in CUCM 244
Adding Phones in CUCM 247
Describe End Users in CUCM 254
End Users Versus Application Users 254
Credential Policy 255
Features Interacting with User Accounts 255
User Locale 256
Device Association 256
Implementing End Users in CUCM 257
Manual Entry 257
Bulk Import Using BAT 258
LDAP Integration 258
Configure LDAP Sync 262
Verify LDAP Sync 265
Configuring LDAP Authentication 265
Verify LDAP Authentication 266
Create LDAP Custom Filters 266
Exam Preparation Tasks 267
Chapter 10 Understanding CUCM Dial-Plan Elements and Interactions 269
“Do I Know This Already?” Quiz 269
Foundation Topics 273
CUCM Call Flows 273
Call Flow in CUCM if DNS Is Used 273
Call Flow in CUCM if DNS Is Not Used 273
Centralized Remote Branch Call Flow 275
Centralized Deployment PSTN Backup Call Flow 277
Distributed Deployment Call Flow 278
Call-Routing Sources in CUCM 280
Call-Routing Destinations in CUCM 280
Call-Routing Configuration Elements 281
Call-Routing Behavior 283
Class of Control 284
Exam Preparation Tasks 287
Chapter 11 Enabling Telephony Features with CUCM 289
“Do I Know This Already?” Quiz 289
Foundation Topics 292
Describe Extension Mobility in CUCM 292
Enable EM in CUCM 293
Step 1: Activate the EM Service 293
Step 2: Configure EM Service Parameters 293
Step 3: Add the EM Service 294
Step 4: Create Default Device Profiles 295
Step 5a: Create Device Profiles 295
Step 5b: Subscribe Device Profiles to the EM Service 296
Step 6: Associate Users with Device Profiles 297
Step 7a: Enable EM for Phones 298
Step 7b: Subscribe Phones to EM Service 299
Describe Telephony Features in CUCM 300
Call Coverage 300
Intercom 303
CUCM Native Presence 303
Enable Telephony Features in CUCM 304
Enabling Call Coverage 305
Configuring Intercom Features 314
Configure CUCM Native Presence 315
Exam Preparation Tasks 321
Chapter 12 Enabling Mobility Features in CUCM 323
“Do I Know This Already?” Quiz 323
Foundation Topics 326
Understanding CUCM Mobility Features 326
Describe Mobile Connect 326
Unified Mobility Architecture 327
Implementing Mobility Features in CUCM 329
Configuring Mobile Connect 329
Configuring MVA 336
Exam Preparation Tasks 341
Part IV Voicemail and Presence Solutions
Chapter 13 Voicemail Integration with Cisco Unity Connection 343
“Do I Know This Already?” Quiz 343
Foundation Topics 346
Describe Cisco Unity Connection 346
Overview of Cisco Unity Connection 346
Single-Site and Multisite Deployment Considerations 346
CUC Integration Overview 347
CUC Features 349
Describe Cisco Unity Connection Users and Mailboxes 353
User Templates 353
CUC End Users 355
User Creation Options 356
CUC Voicemail Boxes 357
Implement Cisco Unity Connection Users and Mailboxes 357
Configure End User Templates 357
Configure CUC End Users 365
Importing End Users in to CUC 367
Managing the CUC Message Store 372
Exam Preparation Tasks 375
Chapter 14 Enabling Cisco Unified Presence Support 377
“Do I Know This Already?” Quiz 377
Foundation Topics 380
Describe Cisco Unified Presence Features 380
Cisco Unified Personal Communicator 380
Cisco Unified Communications Manager IP Phone Service 383
Cisco IP Phone Messenger 383
Describe Cisco Unified Presence Architecture 384
Integration with Microsoft Office Communications Server 384
Integration with LDAP 384
Integration with Cisco Unity Connection 385
Integration with Conferencing Resources 385
Integration with Calendar Resources 385
Architecture and Call Flow: Softphone Mode 386
Architecture and Call Flow: Deskphone Control Mode 386
Compliance and Persistent Chat 386
CUPS and QoS Considerations 387
Enabling Cisco Unified Presence 389
Enabling End Users for Cisco Unified Personal Communicator in
CUCM 389
Enabling End Users for CUPC in Cisco Unified Presence 391
Troubleshooting CUPC 392
Exam Preparation Tasks 394
Part V Voice Network Management and Troubleshooting
Chapter 15 Common CME Management and Troubleshooting Issues 397
“Do I Know This Already?” Quiz 397
Foundation Topics 400
Troubleshooting 400
Troubleshooting Common CME Registration Issues 401
Troubleshooting Dial-Plan and QoS Issues 405
Dial-Plan Issues 405
QoS Issues 408
Exam Preparation Tasks 412
Chapter 16 Management and Troubleshooting of Cisco Unified
Communications Manager 415
“Do I Know This Already?” Quiz 415
Foundation Topics 418
Describe How to Provide End-User Support for Connectivity and Voice
Quality Issues 418
Troubleshooting 418
Troubleshooting IP Phone Registration Problems 419
Deleting Unassigned Directory Numbers Using the Route
Plan Report 421
Describe CUCM Reports and How They Are Generated 422
Understanding CUCM CDR Analysis and Reporting Tool Reports 424
CDR and CMR Architecture 426
Generating CDR Reports 427
Describe Cisco Unified RTMT 432
RTMT Interface 432
Monitoring CUCM with RTMT 433
Describe the Disaster Recovery System 434
Using the DRS 435
Exam Preparation Tasks 437
Chapter 17 Monitoring Cisco Unity Connection 439
“Do I Know This Already?” Quiz 439
Foundation Topics 442
Generating and Accessing Cisco Unity Connection Reports 442
Cisco Unity Connection Serviceability Reports 442
Cisco Unified Serviceability: Serviceability Reports Archive 445
Analyzing Cisco Unity Connection Reports 446
Troubleshooting and Maintenance Operations Using Cisco Unity
Connection Reports 449
Reports to Support Routine Maintenance 451
Chapter 18 Exam Preparation Tasks 454
Final Preparation 457
Tools for Final Preparation 457
Pearson Cert Practice Test Engine and Questions on the CD 457
Cisco Learning Network 459
Chapter-Ending Review Tools 459
Suggested Plan for Final Review/Study 459
Using the Exam Engine 460
Summary 461
Appendix A Answers Appendix 463
Appendix B 640-461 CCNA Voice Exam Updates, Version 1.0 467
Appendix C Glossary 469
Index 480
حجم: 31.6 مگابایت
زبان : انگلیسی
تعداد صفحات: 529
معرفی کتاب CCNA Wireless 640-722 Official Cert Guide
Introduction xix
Chapter 1 RF Signals and Modulation 3
“Do I Know This Already?” Quiz 3
Foundation Topics 7
Comparing Wired and Wireless Networks 7
Understanding Basic Wireless Theory 8
Understanding Frequency 10
Understanding Phase 14
Measuring Wavelength 14
Understanding RF Power and dB 15
Important dB Facts to Remember 17
Comparing Power Against a Reference: dBm 19
Measuring Power Changes Along the Signal Path 20
Understanding Power Levels at the Receiver 23
Carrying Data Over an RF Signal 24
FHSS 26
DSSS 27
1-Mbps Data Rate 28
2-Mbps Data Rate 29
5.5-Mbps Data Rate 30
11-Mbps Data Rate 30
OFDM 31
Modulation Summary 32
Exam Preparation Tasks 34
Review All Key Topics 34
Key Terms 34
Chapter 2 RF Standards 37
“Do I Know This Already?” Quiz 37
Foundation Topics 41
Regulatory Bodies 41
ITU-R 41
FCC 42
ETSI 44
Other Regulatory Bodies 45
IEEE Standards Body 45
802.11 Channel Use 47
Channels in the 2.4-GHz ISM Band 47
Channels in the 5-GHz U-NII Bands 49
IEEE 802.11 Standards 51
802.11-1997 52
802.11b 52
802.11g 52
802.11a 54
802.11n 55
Channel Aggregation 57
Spatial Multiplexing 58
MAC Layer Efficiency 59
Transmit Beam Forming (T×BF) 60
Maximal-Ratio Combining 61
802.11n Modulation and Coding Schemes 61
Beyond 802.11n 62
Wi-Fi Alliance 63
Exam Preparation Tasks 64
Review All Key Topics 64
Define Key Terms 64
Chapter 3 RF Signals in the Real World 67
“Do I Know This Already?” Quiz 67
Foundation Topics 70
Interference 70
Co-Channel Interference 70
Neighboring Channel Interference 71
Non-802.11 Interference 72
Free Space Path Loss 72
Mitigating the Effects of Free Space Path Loss 74
Effects of Physical Objects 76
Reflection 76
Absorption 78
Scattering 78
Refraction 79
Diffraction 80
Fresnel Zones 80
Exam Preparation Tasks 83
Review All Key Topics 83
Define Key Terms 83
Chapter 4 Understanding Antennas 85
“Do I Know This Already?” Quiz 85
Foundation Topics 88
Antenna Characteristics 88
Radiation Patterns 88
Gain 91
Beamwidth 92
Polarization 92
Antenna Types 93
Omnidirectional Antennas 94
Directional Antennas 97
Antenna Summary 101
Adding Antenna Accessories 101
Exam Preparation Tasks 103
Review All Key Topics 103
Define Key Terms 103
Chapter 5 Wireless LAN Topologies 105
“Do I Know This Already?” Quiz 105
Foundation Topics 108
Types of Wireless Networks 108
Wireless LAN Topologies 109
Basic Service Set 110
Distribution System 112
Extended Service Set 114
Independent Basic Service Set 115
Other Wireless Topologies 116
Repeater 116
Workgroup Bridge 117
Outdoor Bridge 118
Mesh Network 119
Exam Preparation Tasks 120
Review All Key Topics 120
Define Key Terms 120
Chapter 6 Understanding 802.11 Frame Types 123
“Do I Know This Already?” Quiz 123
802.11 Frame Format 126
802.11 Frame Addressing 128
Accessing the Wireless Medium 130
Carrier Sense 131
Collision Avoidance 132
802.11 Frame Types 134
Management Frames 134
Control Frames 135
Data Frames 136
Client Housekeeping 136
A Client Scans for APs 137
A Client Joins a BSS 138
A Client Leaves a BSS 139
A Client Moves Between BSSs 140
A Client Saves Power 142
Exam Preparation Tasks 145
Review All Key Topics 145
Define Key Terms 145
Chapter 7 Planning Coverage with Wireless APs 147
“Do I Know This Already?” Quiz 147
AP Cell Size 150
Tuning Cell Size with Transmit Power 150
Tuning Cell Size with Data Rates 152
Adding APs to an ESS 153
The Roaming Process 155
WLAN Channel Layout 157
Exam Preparation Tasks 161
Review All Key Topics 161
Define Key Terms 161
Chapter 8 Using Autonomous APs 163
“Do I Know This Already?” Quiz 163
Foundation Topics 166
Autonomous Architecture 166
Configuring an Autonomous AP 167
Connecting the AP 167
Configuring the AP 170
Converting an Autonomous AP 174
Using the Autonomous to Lightweight Mode Upgrade Tool 174
Converting an Autonomous AP Manually 176
Exam Preparation Tasks 178
Review All Key Topics 178
Define Key Terms 178
Chapter 9 Understanding the CUWN Architecture 181
“Do I Know This Already?” Quiz 181
Foundation Topics 184
A Distributed Architecture 184
A Centralized Architecture 186
Split-MAC Architecture 188
Traffic Patterns in a CUWN 190
CUWN Building Blocks 192
Cisco Wireless LAN Controllers 192
Cisco Lightweight APs 194
CUWN Management 197
Exam Preparation Tasks 198
Review All Key Topics 198
Chapter 10 Initial Controller Configuration 201
“Do I Know This Already?” Quiz 201
Foundation Topics 204
Connecting the Controller 204
Using Controller Ports 204
Using Controller Interfaces 206
Running the Initial Setup Wizard 208
Initial Setup with the Web Interface 208
Initial Setup with the CLI 216
Exam Preparation Tasks 218
Review All Key Topics 218
Define Key Terms 218
Chapter 11 Understanding Controller Discovery 221
“Do I Know This Already?” Quiz 221
Foundation Topics 224
Discovering a Controller 224
AP States 224
Discovering a WLC 226
Selecting a WLC 227
Designing High Availability 228
Detecting a Controller Failure 230
Building Redundancy 231
N+1 Redundancy 231
N+N Redundancy 232
N+N+1 Redundancy 232
AP SSO Redundancy 233
Exam Preparation Tasks 235
Review All Key Topics 235
Define Key Terms 236
Chapter 12 Understanding Roaming 239
“Do I Know This Already?” Quiz 239
Foundation Topics 242
Roaming with Autonomous APs 242
Intracontroller Roaming 244
Intercontroller Roaming 246
Layer 2 Roaming 247
Layer 3 Roaming 248
Using Mobility Groups 252
Exam Preparation Tasks 256
Review All Key Topics 256
Define Key Terms 256
Chapter 13 Understanding RRM 259
“Do I Know This Already?” Quiz 259
Foundation Topics 262
Configuring 802.11 Support 262
Configuring Data Rates 263
Configuring 802.11n Support 264
Understanding RRM 265
RF Groups 267
TPC 269
DCA 272
Coverage Hole Detection 274
Manual RF Configuration 276
Verifying RRM Results 278
Exam Preparation Tasks 279
Review All Key Topics 279
Define Key Terms 279
Chapter 14 Wireless Security Fundamentals 281
“Do I Know This Already?” Quiz 282
Foundation Topics 285
Anatomy of a Secure Connection 285
Authentication 286
Message Privacy 287
Message Integrity 288
Intrusion Protection 289
Wireless Client Authentication Methods 290
Open Authentication 290
WEP 291
802.1x/EAP 292
LEAP 294
EAP-FAST 294
PEAP 294
EAP-TLS 295
Wireless Privacy and Integrity Methods 295
TKIP 295
CCMP 296
WPA and WPA2 297
Securing Management Frames with MFP 298
Configuring Wireless Security 298
Configuring WPA or WPA2 Personal 299
Configuring WPA2 Enterprise Mode 300
Configuring WPA2 Enterprise with Local EAP 302
Exam Preparation Tasks 305
Review All Key Topics 305
Define Key Terms 305
Chapter 15 Configuring a WLAN 307
“Do I Know This Already?” Quiz 307
Foundation Topics 309
WLAN Overview 309
Configuring a WLAN 310
Configuring a RADIUS Server 310
Creating a Dynamic Interface 312
Creating a New WLAN 313
Configuring WLAN Security 315
Configuring WLAN QoS 317
Configuring Advanced WLAN Settings 318
Finalizing WLAN Configuration 319
Exam Preparation Tasks 320
Review All Key Topics 320
Chapter 16 Implementing a Wireless Guest Network 323
“Do I Know This Already?” Quiz 323
Foundation Topics 325
Guest Network Overview 325
Configuring a Guest Network 326
Scaling the Guest Network 329
Exam Preparation Tasks 332
Review All Key Topics 332
Define Key Terms 332
Configuring Common Wireless Clients 338
Windows 7 and 8 338
Intel PROSet 341
Android 345
Apple OS X 346
Cisco AnyConnect 348
Cisco Compatible Extensions 352
Exam Preparation Tasks 356
Review All Key Topics 356
Define Key Terms 356
Chapter 18 Managing Wireless Networks with WCS 359
“Do I Know This Already?” Quiz 359
Foundation Topics 362
WCS Overview 362
Alarm Summary Dashboard 364
Main Navigation Area 366
WCS Home Area 366
Using WCS to Configure Devices 368
Using WCS Maps 370
Displaying Maps 370
Manipulating APs on Maps 373
Viewing Information on Maps 375
Generating Reports 377
Exam Preparation Tasks 381
Review All Key Topics 381
Chapter 19 Dealing with Wireless Interference 383
“Do I Know This Already?” Quiz 383
Understanding Types of Interference 386
Bluetooth 386
ZigBee 387
Cordless Phones 388
Microwave Ovens 388
WiMAX 388
Other Devices 389
Using Cisco CleanAir to Manage Interference 390
Enabling CleanAir 392
Air-Quality Index 394
Using Event-Driven RRM 396
Exam Preparation Tasks 397
Review All Key Topics 397
Define Key Terms 398
Chapter 20 Troubleshooting WLAN Connectivity 401
“Do I Know This Already?” Quiz 401
Foundation Topics 405
Troubleshooting Client Connectivity 405
Troubleshooting Clients from the Controller 406
Performing a Link Test 411
Debugging a Client 412
Troubleshooting Clients from WCS/NCS 415
Troubleshooting AP Connectivity 420
Verifying AP-to-WLC Connectivity 420
Verifying AP-to-Network Connectivity 422
Exam Preparation Tasks 425
Review All Key Topics 425
Chapter 21 Maintaining Controllers 427
“Do I Know This Already?” Quiz 427
Accessing WLC and AP Management Interfaces 430
Accessing APs 432
Maintaining WLC Code Images 434
Maintaining WLC Configurations 437
Working with WLC Logs 439
Exam Preparation Tasks 444
Review All Key Topics 444
Chapter 22 Final Review 447
Advice About the Exam Event 447
Learn the Question Types Using the Cisco Certification Exam
Tutorial 447
Think About Your Time Budget 452
Other Pre-Exam Suggestions 453
Final Thoughts 45