CCNA 4 Module

Connecting networks and network security

CCNA 4 Module

Connecting networks and network security

CCNA4: Securing and connecting networks is the last out of four levels for network professionals to complete in preparation for the Cisco Certified Network Associate (CCNA) exam.

The main focus of the CCNA4 module is dedicated to network security. The student will learn to use standard and extended access lists to filter network traffic. The vulnerability of the second layer to various forms of attacks will be revealed, be it attacks on the MAC and ARP table, or on the DHCP service without adequate security. One of the most used today's technologies for secure access are VPN networks, in which theoretical and practical training focuses on the GRE protocol and the secure network suite - IPSec. It continues with IPv6, where, in addition to the operation, allocation and configuration of IPv6 addresses, the differences in static and dynamic routing compared to IPv4 are explained. Routing is completed with a theoretical and practical introduction to the world of the external routing protocol - BGP.

Course options

Module CCNA4 is momentarily available only as a part of ICND2 package or in Composite module.

Day form (online):

MON - FRI from 08:00 AM to 4:00 PM

(min. number of participants: 4)

Distant form (online):

MON - FRI from 04:00 PM to 8:00 PM

Saturday from 8:00 AM to 4:00 PM

(min. number of participants: 4)

Learn more

Prerequisites for training

For successful completion of this course, module CCNA1, CCNA2 and CCNA3 is required to be completed or at least have knowledge and skills at its level.

Course objectives

Describe the differences between standard and extended access lists
Configure and troubleshoot standard and extended access lists
Explain the basic security mechanisms used in networks: Dynamic ARP Inspection (DAI), DHCP snooping and port security
Configure and troubleshoot DAI, DHCP snooping and port security
Describe the features and benefits of virtual private networks (VPNs)
Configure and troubleshoot the GRE protocol
Explain the basic pillars of communication security: confidentiality, integrity, authentication
Describe the security of VPN networks with the network security suite - IPSec
Configure and troubleshoot IPSec
Describe the basic features of the IP protocol in the IPv6 version
Configure and troubleshoot basic IPv6 configuration
Configure and troubleshoot dynamic routing in an IPv6 environment
Describe and explain the differences between internal and external routing protocols
Characterize and describe the properties of the external routing protocol BGP
Master basic BGP configuration and troubleshooting

Benefits of the study

Access to study materials in electronic form 24/7
Study materials are available in slovak and english mutation
Access to electronic book (e-book)
Online access to the state of the art labs on real Cisco devices 24/7
Online access to many state of the art exercises in Cisco Packet Tracer network simulator
Option to graduate in Cisco Networking Academy Program free of charge
Option to obtain internationally recognized certificates from Cisco
Option to obtain reference letter from Cisco
Option to lend computer hardware for free during the study
Option of individual consultations with a lecturer beyond the scope of the study

Course overview

Chapter 1: Access Control Lists (ACL), security of LAN networks

An introduction to access lists as a tool for filtering network traffic.
Division of access lists into standard and extended.
Differences between standard and extended access list.
Configuring and troubleshooting access lists.
Explanation of various forms of protection against LAN attacks, such as Dynamic ARP Inspection (ARP), IP DHCP Snooping/Spoofing, DHCP starvation, STP attack, double VLAN tagging.
Protection of switched ports (port security) on the switch against unauthorized MAC addresses.
LAN security configuration and troubleshooting.

Chapter 2: VPN

Introduction to virtual networks.
VPN division: static and dynamic VPN.
GRE protocol – properties, working principle.
Configuration and troubleshooting of GRE protocol.
Security of virtual networks - confidentiality, integrity, authorization, authentication and packet replay protection.
IPSec protocol system - theoretical introduction, explanation of concepts, packet transfer methods.
Tunnel, transport mode.
ESP and AH headers.
Packet security algorithms.
Basic configuration of packet security with the IPSec framework.

Chapter 3: Internet Protocol in version 6 (IPv6)

Identification of the appropriate protocol addressing scheme in LAN and WAN networks.
Technological requirements for using the protocol, comparison with IPv4.
Address types, notation.
Methods of migration from IPv4 to IPv6 (dual-stack, tunneling, NAT64).
Dynamic allocation of IPv6 addresses: SLAAC, stateless DHCP, stateful DHCP.
Static routing in an IPv6 environment, changes compared to IPv4.
Description of dynamic routing changes in an IPv6 environment.
Configuring and troubleshooting static routes.
RIPNG configuration and troubleshooting.
EIGRPv6 configuration and troubleshooting.
OSPFv3 configuration and troubleshooting.

Chapter 4: Border Gateway Protocol (BGP)

Overview of the differences between IGP protocols and EGP.
Basic properties and operation of the BGP protocol.
Definition of autonomous system, administrative domain.
Assignment of a unique number by the IANA authority within the autonomous system.
Path-vector algorithm.
Network attributes and their influence on the decision-making process of choosing the best paths.
BGP packets.
Formation of iBGP/eBGP neighbor relations.
Basic configuration of neighbor relationships and network advertisements in BGP.
Troubleshooting BGP configuration.

Chapter 5: Module overview, preparation for the final exam

Preparation for theoretical exam.
Preparation for practice exam.

Module CCNA4 is the last out of four levels for network professionals to complete in preparation for the Cisco Certified Network Associate (CCNA) exam.

Our partners