Welcome
Network Infrastructure
- CEF Table(FIB) and Routing Table
- Switched campus
  - Switch administration (MAC, MTU, Errdisable)
  - Layer 2 protocols (CDP, LLDP, UDLD)
  - VLAN technologies
  - EtherChannel
  - Spanning Tree Protocol
- Routing Concepts
  - Administrative distance
  - VRF-lite
  - Static routing
  - Policy Based Routing
  - Route filtering
  - Manual summarization
  - Redistribution
  - Routing protocol authentication
  - Bidirectional Forwarding Detection
- EIGRP
  - Concept
  - Legacy conf mode
  - Named conf mode
- OSPF
  - Concept
  - Version 2
  - Version 3
- BGP
  - Concept
  - Path selection
  - Configuration
- Multicast
  - Layer 2 multicast
  - Reverse path forwarding check
  - PIM
Transport Technologies and Solutions
- MPLS
  - MPLS Concept
  - MPLS Layer 3 VPN
- DMVPN Concept and conf
Infrastructure Security and Services
- Device Security
  - Control plane policing and protection
  - AAA
- Network Security
  - Switch security features
    - VACL, PACL
    - Storm control
    - DHCP Snooping, DHCP option 82
    - IP Source Guard
    - Dynamic ARP Inspection
    - Port Security
    - Private VLAN
  - Router security features
    - IPv4 Access Control Lists
    - IPv6 Traffic Filters
    - Unicast Reverse Path Forwarding
    - Unicast reverse path forwardin uRPF
  - IPv6 First Hop security features
  - IEEE 802.1X Port-Based Authentication
- System Management
  - Device management
    - Console and VTY
    - SSH, SCP
    - RESTCONF, NETCONF
  - SNMP
  - Logging
- Quality of Service
  - DiffServ
  - CoS and DSCP Mapping
  - Classification
  - Network Based Application Recognition (NBAR)
  - Policing, shaping
  - Congestion management and avoidance
- Network Services
  - First Hop Redundancy Protocols
    - HSRP
    - GLBP, VRRP
    - Redundancy using IPv6 RS/RA
  - Network Time Protocol
  - DHCP on Cisco IOS
    - Client, server, relay
    - Options
    - SLAAC/DHCPv6 interaction
    - Stateful, stateless DHCPv6
    - DHCPv6 Prefix Delegation
  - IPv4 Network Address Translation
    - Static NAT, PAT
    - Dynamic NAT, PAT
    - Policy-based NAT, PAT
    - VRF-aware NAT, PAT
    - DHCPv6 Prefix Delegation
- Network optimization
  - IP SLA
  - Tracking object
  - Flexible NetFlow
- Network operations
  - Traffic capture
    - SPAN
    - RSPAN
    - ERSPAN
    - Embedded Packet Capture
Cisco Firepower
- FTD Notes

IPv6 First Hop security features

Published

December 12, 2023

IPv6 Address feature:

ICMPv6 Neighbor Discovery (ND)
NS Neighbor soliciation
NA Neighbor adevertisement
RS Router solicitation
RA Router Advertisement
Duplicate address detction (DAD)
Stateless address autoconfiguration SLAAC(EUI-64)
DHCPv6

ND for new hosts on the network

1.Asign a link-local address
2.Check if link-local address is unique (DAD)
3.Announce it self as a live host,link-local. (NA)
4.Find a router/gateway (RS or received RA)
5.Receive RA information (Router ip and mac + gateway + prefixss/subnetss info)
6.Host chooses a global prefix for SLAAC
7.Check if global address is unique (DAD)
8.Announce it self as a live host,global. (NA)

IPv6 First Hop security features

IPv6 snooping: Build a database of layer 2 and layer 3 addressing correlation through IPv6 neighbor discovery or DHCPv6(if used). (similar to DAI)

1.RA Guard (Router Advertisement): Prevent spoofing of router and/or prefix and/or flags on the segment. Limiting RA to trusted port.

2.DHCPv6 Guard: Prevent DHCPv6 server spoofing. Limiting DHCPv6 packet to trusted port.(Similar to ipv6 dhcp snooping)

3.IPv6 Source-guard: Data plane filter. Relies on IPv6 snooping/static binding to create the binding table. Creates automatic IPv6 PACL to filter sources base on binding table.Prevent spoof IPv6 address.