OneSource Professional Training Solutions
OneSource Professional Training Solutions, Inc. presents

SECURE - Securing Networks with Cisco Routers and Switches On-Site Training

This on-site training class is also available as Public Schedule Seminar.

SECURE - Securing Networks with Cisco Routers and Switches

Course Description/Agenda

In this class, you will learn the industry best practices for securing your Cisco routers and switches. You will learn to secure switches, including advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on IEEE 802.1x. You will cover network platform security, VPN, Firewall, and IPS, and you will learn to secure a router's control, plane, and management planes.

You will spend a large portion of the class on advanced VPN topics, including:

  • Using digital certificates for VPN authentication
  • GRE over IPsec
  • Virtual Tunnel Interfaces
  • Dynamic Multipoint VPN (DMVPN)
  • Group Encryption Transport VPN (GET VPN)
  • Remote access IPsec VPN with the Easy VPN Server
  • Cisco VPN Client and Easy VPN Remote (hardware client)

A Global Knowledge Exclusive: Bonus Lab Credits

You'll receive five extra SECURE e-Lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.

What You'll Learn

  • Advanced IOS security technologies for locking down routers and switches: 802.1x, COPP/COPr, and user-based authentication
  • Various VPN technologies and their use in production environments: DMVPN, GRE, GRE w/ IPSEC, IPSEC, GET, Ez-VPN, and SSL
  • IOS IPS exploration with IME and Cisco configuration professional
  • Launch live attacks against the network using BackTrack4 and learn mitigation techniques
  • Use Cisco IME software to monitor alerts from the IOS IPS process
  • Use the new Cisco Configuration Professional tool to configure IPS
  • Advanced IPS topics: event action overrides, event action filters, signature tuning, and custom signature creation

Who Should Attend

  • Internetwork professionals who want to ensure security of their network using IOS devices
  • Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for their production environments
  • Internetwork professionals who seek CCNP Security certification

Course Outline

1. Network Foundation Controls

  • Control, Data, and Management Planes

2. Advanced Switched Data Plane Security Controls

  • Common Layer 2 Attacks
  • PVLANs
  • DHCP Attacks
  • ARP Poisoning
  • IP Source Guard

3. Cisco Identity-Based Network Services

  • 802.1 Overview
  • ACS Integration with 802.1x
  • Cisco Secure Services Client
  • EAP Overview

4. Basic 802.1x Features

  • 802.1x Switch Configuration
  • ACS and EAP-FAST Configuration
  • CSSC as an 802.1x Supplicant

5. Advanced Routed Data Plane Security Controls

  • Unicast Reverse Path Forwarding
  • Flexible Packet Matching Configuration
  • Flexible Netflow

6. Advanced Control Plane Security Controls

  • Deploy Infrastructure ACLs
  • Control Plane Policing
  • Control Plane Protection
  • Routing Protocol Authentication
  • Routing Protocol Filtering

7. Advanced Management Plane Security Controls

  • Configure IOS Software Management Access Controls
  • Configure Role-Based Access Controls
  • Configure SNMP in IOS
  • Digitally Signed IOS Images
  • CPU and Memory Thresholding

8. Cisco IOS Software Network Address Translation

  • IOS Static NAT and PAT Configurations
  • IOS Dynamic NAT and PAT Configurations

9. Basic Zone-Based Policy Firewalls

  • Zone-Based Policy Firewalls Zone Pairs
  • Configure Layer 3/4 Inter-Zone Access Policies
  • Configure Layer 3/4 Intra-Zone Access Policies
  • ZBPFW Inspection of Control Plane and Management Plane Traffic
  • Tune ZBPFW Stateful Engine and Connection Settings
  • Configure ZBPFW Transparent Mode and VRF Support

10. Advanced Zone-Based Policy Firewalls

  • Configure Layer 7 Zone-Based Policy Firewalls
  • Configure Zone-Based Policy Firewalls with User Policies
  • Configure Zone-Based Policy Firewall URL Filtering

11. Cisco IOS Software IPS

  • IOS IPS Signature Policies
  • Tune Cisco IOS Software IPS Signature Policies
  • IPS Signature Auto Update
  • Select an IPS Monitoring Solution

12. Site-to-Site VPN Architectures and Technologies

  • Cryptographic Controls

13. VTI-Based Site-to-Site IPsec VPNs

  • Virtual Tunnel Interfaces
  • Pre-Shared Keys
  • Static VTIs
  • Dynamic VTIs

14. Scalable Authentication in Site-to-Site IPsec VPNs

  • PKI Overview
  • Configure the IOS Certificate Server
  • IOS CA and PKI enrollment

15. DMVPNs

  • Generic Routing Encapsulation (GRE)
  • NHRP Client and Server
  • DMVPN Hub and Spoke Configurations
  • Verify Dynamic Routing in a DMVPN Environment

16. High Availability in Tunnel-Based IPsec VPNs

  • IPsec High Availability Features
  • Routing Protocols for HA
  • Mitigating Failures in VTI Environments
  • Mitigating Failures in a DMVPN Environment

17. Group Encrypted Transport (GET) VPN

  • Configuring Key Servers
  • Configuring Group Members
  • High Availability

18. Remote Access VPN Architectures and Technologies

  • Cryptographic Controls

19. Remote Access Solutions Using SSL VPN

  • SSL VPN Overview
  • Configure SSL VPN Parameters
  • Configure Client Authentication Policies
  • Full VPN tunnels
  • AnyConnect Client
  • Clientless VPN Configuration

20. Remote Access Solutions Using EZVPN

  • EzVPN with Dynamic VTIs
  • Cisco IPsec VPN Client
  • Configure Advanced EzVPN Functionality
  • Configure PKI for EzVPN


Lab 0: Exclusive - Introduction to the Remote Lab System

  • Remote Labs Familiarity

Lab 1: Enhanced - Advanced L2 Security

  • Port ACLs
  • VACLs
  • PVLAN Edge
  • Proxy Router Attacks
  • DHCP Snooping
  • DAI
  • IP Source Guard

Lab 2: Enhanced - Network Foundation Protection

  • Routing Protocol Authentication (EIGRP & OSPF)
  • SNMPv3
  • Flexible Netflow
  • uRPF
  • Management Plane Protection
  • Data Plane Protection

Lab 3: Enhanced - IOS Zone Based Firewalls

  • Basic Zone Configuration
  • Attack Mitigation
  • URL Filtering
  • HTTP Deep Packet Inspection
  • Stateful Inspections

Lab 4: Enhanced - IOS IPS

  • Loading Signature Definition Files
  • Basic Configuration
  • De-Obfuscation
  • IPS Manager Express
  • Signature Actions

Lab 5: Enhanced


More Seminar Information

OneSource Professional Training Solutions, Inc.
OneSource Professional Training Solutions

Delivery Method

On-Site Training On-Site Training

Also Available As

Seminar Seminar


Add to favorites Add to favorites
Email Email this page

On-Site Training
Information Request Form

Please complete the form for more information and/or a quote for this on-site class.




City and State


Number of students:
(at least 10 for consideration)

When do you want to hold the

How long would you like for the

Additional comments to trainer:

We value your privacy!