Welcome
Network Infrastructure
- CEF Table(FIB) and Routing Table
- Switched campus
  - Switch administration (MAC, MTU, Errdisable)
  - Layer 2 protocols (CDP, LLDP, UDLD)
  - VLAN technologies
  - EtherChannel
  - Spanning Tree Protocol
- Routing Concepts
  - Administrative distance
  - VRF-lite
  - Static routing
  - Policy Based Routing
  - Route filtering
  - Manual summarization
  - Redistribution
  - Routing protocol authentication
  - Bidirectional Forwarding Detection
- EIGRP
  - Concept
  - Legacy conf mode
  - Named conf mode
- OSPF
  - Concept
  - Version 2
  - Version 3
- BGP
  - Concept
  - Path selection
  - Configuration
- Multicast
  - Layer 2 multicast
  - Reverse path forwarding check
  - PIM
Transport Technologies and Solutions
- MPLS
  - MPLS Concept
  - MPLS Layer 3 VPN
- DMVPN Concept and conf
Infrastructure Security and Services
- Device Security
  - Control plane policing and protection
  - AAA
- Network Security
  - Switch security features
    - VACL, PACL
    - Storm control
    - DHCP Snooping, DHCP option 82
    - IP Source Guard
    - Dynamic ARP Inspection
    - Port Security
    - Private VLAN
  - Router security features
    - IPv4 Access Control Lists
    - IPv6 Traffic Filters
    - Unicast Reverse Path Forwarding
    - Unicast reverse path forwardin uRPF
  - IPv6 First Hop security features
  - IEEE 802.1X Port-Based Authentication
- System Management
  - Device management
    - Console and VTY
    - SSH, SCP
    - RESTCONF, NETCONF
  - SNMP
  - Logging
- Quality of Service
  - DiffServ
  - CoS and DSCP Mapping
  - Classification
  - Network Based Application Recognition (NBAR)
  - Policing, shaping
  - Congestion management and avoidance
- Network Services
  - First Hop Redundancy Protocols
    - HSRP
    - GLBP, VRRP
    - Redundancy using IPv6 RS/RA
  - Network Time Protocol
  - DHCP on Cisco IOS
    - Client, server, relay
    - Options
    - SLAAC/DHCPv6 interaction
    - Stateful, stateless DHCPv6
    - DHCPv6 Prefix Delegation
  - IPv4 Network Address Translation
    - Static NAT, PAT
    - Dynamic NAT, PAT
    - Policy-based NAT, PAT
    - VRF-aware NAT, PAT
    - DHCPv6 Prefix Delegation
- Network optimization
  - IP SLA
  - Tracking object
  - Flexible NetFlow
- Network operations
  - Traffic capture
    - SPAN
    - RSPAN
    - ERSPAN
    - Embedded Packet Capture
Cisco Firepower
- FTD Notes

Firepower_Notes

Published

October 18, 2023

firepower Notes

Connections Between FTD and FMC

Configure manager
configure manager add [hostname | ip address ] [registration key ]
configure manager add MC.example.com 123456
show managers
show network
ping system fmc_ip (from the Management interface)

Interface type

Type of interface

Routed mode interface Inline set Inline set with tap mode Passive Passive ERSPAN

Management Interface
- Set up and register the FTD to FMC
- Use static routing
- configure network
Diagnostic Interface
- interface is optional
- does not allow through traffic
- useful for SNMP or syslog monitoring.
Routed mode interface
Inline set
Inline set with tap
mode Passive
Passive ERSPAN

Active Standby Failover

The FTD s - same model; same software; same number of interfaces
You must have a failover link
You can optionally add a separate state link - or you can use a shared link for both failover and state
Various actions can trigger failover

Clustering

Clustering is only available on certain models (9300 and 4100)
Enable active/active FTD
Use Cluster Control Link PO48
The routing process only runs on the control unit, routes are replicated to secondaries.

Link Redundancy

Feature on ASA only, with mean deprecated.
A pair of physical interfaces: an active and a standby interface, similar to HA, but with interface
Use in rare case, new standard is port-channel + LCAP.