Professional Documents
Culture Documents
866-716-6688
Chat Now
Search
Shopping Cart | MyGK Login | United States United States [change region]
Courses
Certifications
Training Solutions
Training Locations
Knowledge Center
About Us
SENSS Implementing Cisco Edge Network Security Solutions
Home > Course Catalog > Cisco Training > SENSS - Implementing Cisco Edge Networ
k Security Solutions
SENSS - Implementing Cisco Edge Network Security Solutions
Learn to implement and manage security on Cisco ASA firewalls.
Training Accelerated: Cisco Training Exclusives for Certification Success
Accelerate your Cisco skills and expertise with our Cisco Training Exclusives fo
r Certification Success. This course includes six months free access to:
Practice Labs to continue your learning beyond the classroom
Class Recordings so you can review your course any time
Unlimited Retakes of your course in case you missed a topic or you need a re
fresher
A Free Exam Voucher so you have everything you need to pass the exam
This course is part of the curriculum path leading to the Cisco Certified Networ
k Professional Security (CCNP Security) certification. Additionally, it is desig
ned to prepare security engineers with the knowledge and hands-on experience to
prepare them to configure Cisco perimeter edge security solutions utilizing Cisc
o switches, Cisco routers, and Cisco Adaptive Security Appliance (ASA) firewalls
. You will acquire the foundational knowledge and capabilities to implement and
manage security on Cisco ASA firewalls, Cisco routers with the firewall feature
set, and Cisco switches. You will gain hands-on experience with configuring vari
ous perimeter security solutions for mitigating outside threats and securing net
work zones. At the end of the course, you will be able to reduce the risk to you
r IT infrastructures and applications using Cisco switches, Cisco ASA, and route
r security appliance feature, as well as provide detailed operations support for
these products.
A Global Knowledge Exclusive: You Get...
An enhanced lab topology based on our Flexible Security Architecture that re
presents a real-world network
10 extra e-Lab credits, good for 30 days, so you can practice and refine you
r skills
Enhanced content that exceeds standard authorized Cisco content
World-class Certified Cisco Systems Instructors
What You'll Learn
Network switch
From Wikipedia, the free encyclopedia
Avaya ERS 2550T-PWR, a 50-port Ethernet switch
A network switch (also called switching hub, bridging hub, officially MAC bridge
time. In full duplex mode, each line can simultaneously transmit and receive, r
egardless of the partner.
In the case of using a repeater hub, only a single transmission could take place
at a time for all ports combined, so they would all share the bandwidth and run
in half duplex. Necessary arbitration would also result in collisions requiring
retransmissions.
Applications
The network switch plays an integral part in most modern Ethernet local area net
works (LANs). Mid-to-large sized LANs contain a number of linked managed switche
s. Small office/home office (SOHO) applications typically use a single switch, o
r an all-purpose converged device such as a residential gateway to access small
office/home broadband services such as DSL or cable Internet. In most of these c
ases, the end-user device contains a router and components that interface to the
particular physical broadband technology. User devices may also include a telep
hone interface for Voice over IP (VoIP) protocol.
Microsegmentation
Segmentation is the use of a bridge or a switch (or a router) to split a larger
collision domain into smaller ones in order to reduce collision probability and
improve overall throughput. In the extreme, i. e. microsegmentation, each device
is located on a dedicated switch port. In contrast to an Ethernet hub, there is
a separate collision domain on each of the switch ports. This allows computers
to have dedicated bandwidth on point-to-point connections to the network and als
o to run in full-duplex without collisions. Full-duplex mode has only one transm
itter and one receiver per 'collision domain', making collisions impossible.
Role of switches in a network
Switches may operate at one or more layers of the OSI model, including the data
link and network layers. A device that operates simultaneously at more than one
of these layers is known as a multilayer switch.
In switches intended for commercial use, built-in or modular interfaces make it
possible to connect different types of networks, including Ethernet, Fibre Chann
el, RapidIO, ATM, ITU-T G.hn and 802.11. This connectivity can be at any of the
layers mentioned. While layer-2 functionality is adequate for bandwidth-shifting
within one technology, interconnecting technologies such as Ethernet and token
ring is easier at layer 3.
Devices that interconnect at layer 3 are traditionally called routers, so layer3 switches can also be regarded as (relatively primitive) routers.
Where there is a need for a great deal of analysis of network performance and se
curity, switches may be connected between WAN routers as places for analytic mod
ules. Some vendors provide firewall,[5][6] network intrusion detection,[7] and p
erformance analysis modules that can plug into switch ports. Some of these funct
ions may be on combined modules.[8]
In other cases, the switch is used to create a mirror image of data that can go
to an external device. Since most switch port mirroring provides only one mirror
ed stream, network hubs can be useful for fanning out data to several read-only
analyzers, such as intrusion detection systems and packet sniffers.
Layer-specific functionality
Main article: Multilayer switch
A modular network switch with three network modules (a total of 24 Ethernet and
14 Fast Ethernet ports) and one power supply.
While switches may learn about topologies at many layers, and forward at one or
more layers, they do tend to have common features. Other than for high-performan
Once a bridge learns the addresses of its connected nodes, it forwards data link
layer frames using a layer 2 forwarding method. There are four forwarding metho
ds a bridge can use, of which the second through fourth method were performanceincreasing methods when used on "switch" products with the same input and output
port bandwidths:
Store and forward: The switch buffers and verifies each frame before forward
ing it.
Cut through: The switch reads only up to the frame's hardware address before
starting to forward it. Cut-through switches have to fall back to store and for
ward if the outgoing port is busy at the time the packet arrives. There is no er
ror checking with this method.
Fragment free: A method that attempts to retain the benefits of both store a
nd forward and cut through. Fragment free checks the first 64 bytes of the frame
, where addressing information is stored. According to Ethernet specifications,
collisions should be detected during the first 64 bytes of the frame, so frames
that are in error because of a collision will not be forwarded. This way the fra
me will always reach its intended destination. Error checking of the actual data
in the packet is left for the end device.
Adaptive switching: A method of automatically selecting between the other th
ree modes.
While there are specialized applications, such as storage area networks, where t
he input and output interfaces are the same bandwidth, this is not always the ca
se in general LAN applications. In LANs, a switch used for end user access typic
ally concentrates lower bandwidth and uplinks into a higher bandwidth.
Layer 3
Within the confines of the Ethernet physical layer, a layer-3 switch can perform
some or all of the functions normally performed by a router. The most common la
yer-3 capability is awareness of IP multicast through IGMP snooping. With this a
wareness, a layer-3 switch can increase efficiency by delivering the traffic of
a multicast group only to ports where the attached device has signaled that it w
ants to listen to that group.
Layer 4
While the exact meaning of the term layer-4 switch is vendor-dependent, it almos
t always starts with a capability for network address translation, but then adds
some type of load distribution based on TCP sessions.[15]
The device may include a stateful firewall, a VPN concentrator, or be an IPSec s
ecurity gateway.
Layer 7
Layer-7 switches may distribute the load based on uniform resource locators (URL
s), or by using some installation-specific technique to recognize application-le
vel transactions. A layer-7 switch may include a web cache and participate in a
content delivery network (CDN).[16]
Types of switches
This section is in a list format that may be better presented using pros
e. You can help by converting this section to prose, if appropriate. Editing hel
p is available. (November 2014)
Rack-mounted 24-port 3Com switch
Form factors
Desktop, not mounted in an enclosure, typically intended to be used in a hom
e or office environment outside a wiring closet.
Rack-mounted, a switch that mounts in an equipment rack.
Chassis, with swappable module cards.
Bridging (networking)
Console server
Energy-Efficient Ethernet
Fibre Channel switch
Fully switched network
LAN switching
Local area network
Packet switch
Router (computing)
Stackable switch
Telephone exchange
Turing switch
Wide area network
References
IEEE 802.1D
"Hubs Versus Switches
Understand the Tradeoffs" (PDF). ccontrols.com. 2002. Retr
ieved 2013-12-10.
Thayumanavan Sridhar (September 1998). "Layer 2 and Layer 3 Switch Evolution". c
isco.com. The Internet Protocol Journal 1 (2). Cisco Systems. Retrieved 2014-0805.
Robert J. Kohlhepp (2000-10-02). "The 10 Most Important Products of the Decade".
Network Computing. Retrieved 2008-02-25.
Cisco Catalyst 6500 Series Firewall Services Module, Cisco Systems,2007
Switch 8800 Firewall Module, 3Com Corporation, 2006
Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Module, Cisco Sys
tems,2007
Getting Started with Check Point Fire Wall-1, Checkpoint Software Technologies L
td., n.d.
Matthew Glidden (October 2001). "Switches and Hubs". About This Particular Macin
tosh blog. Retrieved June 9, 2011.
Shuang Yu. "IEEE APPROVES NEW IEEE 802.1aq SHORTEST PATH BRIDGING STANDARD". IEEE
Standards Association. Retrieved 19 June 2012. "Using the IEEE s next-generation
VLAN, called a Service Interface Identifier (I-SID), it is capable of supporting
16 million unique services compared to the VLAN limit of four thousand."
Peter Ashwood-Smith (24 Feb 2011). "Shortest Path Bridging IEEE 802.1aq Overview
" (PDF). Huawei. Retrieved 11 May 2012.
Jim Duffy (11 May 2012). "Largest Illinois healthcare system uproots Cisco to bu
ild $40M private cloud". PC Advisor. Retrieved 11 May 2012. "Shortest Path Bridg
ing will replace Spanning Tree in the Ethernet fabric."
"IEEE Approves New IEEE 802.1aq Shortest Path Bridging Standard". Tech Power Up.
Permanent link
Page information
Wikidata item
Cite this page
Print/export
Create a book
Download as PDF
Printable version
Languages
???????
Asturianu
?????
?????????
Bosanski
Catal
Ce tina
Dansk
Deutsch
Eesti
????????
Espaol
Euskara
?????
Franais
Galego
???
Hrvatski
Bahasa Indonesia
Interlingua
Italiano
?????
Latvie u
Lietuviu
Magyar
??????????
??????
Bahasa Melayu
Nederlands
???
Norsk bokml
Polski
Portugus
Romna
???????
Simple English
Slovencina
Sloven cina
?????? / srpski
Srpskohrvatski / ??????????????
Suomi
Svenska
?????
???
Trke
??????????
Ti?ng Vi?t
??
Edit links
This page was last modified on 13 July 2015, at 04:44.
Text is available under the Creative Commons Attribution-ShareAlike License;
additional terms may apply. By using this site, you agree to the Terms of Use a
nd Privacy Policy. Wikipedia is a registered trademark of the Wikimedia Foundatio
n, Inc., a non-profit organization.
Privacy policy
About Wikipedia
Disclaimers
Contact Wikipedia
Developers
Mobile view
Wikimedia Foundation
Powered by MediaWiki
Security threat landscape
Implement Cisco modular network security architectures such as SecureX and T
rustSec
Deploy Cisco infrastructure management and control plane security controls
Configure Cisco Layer 2 and Layer 3 data plane security controls
Implement and maintain Cisco ASA Network Address Translations (NAT)
Implement and maintain Cisco IOS Software NAT
Designing and deploying Cisco Cyber Threat Defense solutions on a Cisco ASA
utilizing access policy and application and identity based inspection
Implement Botnet Traffic Filters
Deploy Cisco IOS Zone-Based Policy Firewalls (ZBFW)
Configure and verify Cisco IOS ZBFW Application Inspection Policy
Who Needs to Attend
Network security engineers
Prerequisites
Cisco Certified Network Associate (CCNA) certification
Cisco Certified Network Associate (CCNA) Security certification
Knowledge of Microsoft Windows operating system
Follow-On Courses
SITCS - Implementing Cisco Threat Control Solutions
SISAS - Implementing Cisco Secure Access Solutions
SIMOS - Implementing Cisco Secure Mobility Solutions
Certification Programs and Certificate Tracks
This course is part of the following programs or tracks:
CCNP Security
Course Outline
1. Secure Design Principles
Course Overview
Network Security Zoning