Featured

Certification Training Center

Certification training that will get you certified in less time and more cost effectively. There is an effective approach to training that goes well beyond a single book or video course. Here you will find everything you need to become CCNA and AWS cloud certified.

Certification Alert: Cisco Announces New CCNA Exam!

CCNA Study Guide

How do you know what is more relevant from less relevant? There is a crazy amount of information to learn for CCNA certification based on seven knowledge domains and 100+ topics. Your time is valuable and there is already enough to learn.

CCNA Routing and Switching 200-125 is a top-rated certification guide with seven instructional modules. There is coverage of ICND1 100-105, ICND2 200-105 and CCNA 200-125. Prepare for CCNA certification in less time than with standard books or videos.

  • Top-Rated CCNA Study Guide
  • Prepare for Exams in Less Time
  • ICND1, ICND2, CCNA 200-125
  • Seven Instructional Modules
  • Network Protocol Operation
  • Troubleshooting Questions
  • CCNA Test Recommendations

New and updated topics include IPv6 addressing, MPLS, MLPPP, PPPoE, GRE, QoS and eBGP. In addition there is coverage of switch stacking, cloud services, SDN, 802.1x, APIC-EM and DHCP snooping. It is all designed to prepare you for passing the CCNA certification exam.

CCNA Lab Training

CCNA lab questions are worth approximately 40% of all exam points. Start your lab training with a configuration workbook based on all CCNA topics. The top-notch lab guide steps you through all CCNA configuration topics from global commands to more complex routing and switching topologies.

Configuration Labs
Troubleshooting Labs
Simulation Labs

Last Mile Review

Consolidate all of your training with study notes for your last mile review. There is a lot to remember and not everything is as relevant. You want to hit the ground running and not waste time during the exam. CCNA whiteboard notes are available here for quick review days before going into the exam and can improve your performance significantly.

The study tool is designed for quick summary of protocol operation, concepts, features, addressing, design rules and configuration. There is a systems troubleshooting section as well with root cause analysis for common network problems. It is difficult to adequately summarize key information from months of course training and books. The exam review is made easier to refresh your knowledge and hit the ground running.

Exam Day Whiteboard

CCNA Practice Tests

Prepare to pass the CCNA exam on first attempt with test simulation questions designed to verify your knowledge and estimate your score on the exam. There are timed lab simulations included as well to test your practical skills. All questions are typical of what is on the CCNA exam with all topics included for best results. Know what to expect and prepare yourself for the CCNA exam.

CCNA 200-125 Practice Tests (Coupon)

CCNA SIM Topology

Each practice test is based on the same pattern as the real exam with all topics, percentages, pass score, duration and number of questions. In fact, experienced candidates can pass the CCNA exam easily with well designed practice tests.

FACEBOOK
TWITTER
YouTube
LINKEDIN

Access Control Lists (ACL)

Standard ACL

The number range is from 1-99 and 1300-1999. It is comprised of permit or deny statement/s from a source address with a wildcard mask only. The single deny statement requires that you add permit any as a last statement for any standard ACL or all packet are denied from all sources.

            access-list 99 deny host 172.33.1.1

            access-list 99 permit any

Standard Named ACL

They are defined with a name instead of number and have the same rules as a standard ACL. The following ACL is named internet and will deny all traffic from all hosts connected to 192.168.1.0/24 subnet. It will log any packets that are denied.

            ip access-list internet log

            deny 192.168.1.0 0.0.0.255

            permit any

Extended Named ACL

They are defined with a name and supports all syntax commands available with extended ACLs. You can dynamically add or delete statements to any named ACL without having to delete and rewrite all lines. They are easier to manage and troubleshoot based on naming conventions. The following named ACL permits http traffic from hosts assigned to 192.168.0.0 subnets access to server 192.168.3.1

            ip access-list extended http-filter

            remark permit http to web server  

            permit tcp 192.168.0.0 0.0.255.255 host 192.168.3.1 eq 80

            permit ip any any

Extended ACL

The number range is from 100-199 and 2000-2699. It supports multiple permit/deny statements with source / destination IP address or subnet. In addition you can filter on IP, TCP or UDP protocols and destination port. Extended ACL must have a permit all source and destination traffic with permit ip any any as a last statement.

Cisco best practices for creating and applying ACLs

  • apply extended ACL near source
  • apply standard ACL near destination
  • order ACL with multiple statements from most specific to least specific
  • one ACL can be applied inbound or outbound per interface per Layer 3 protocol
  • ACL is applied to an interface with ip access-group in | out command

The following are primary differences between IPv4 and IPv6 for ACLs

  • IPv6 supports only named ACLs
  • IPv6 permits ICMP neighbor discovery (ARP) as implicit default
  • IPv6 denies all traffic as an implicit default for the last line of the ACL

Extended ACL Example 1

The following command permits http traffic from host 10.1.1.1/24 to host 10.1.2.1/24

            access-list 100 permit tcp host 10.1.1.1 host 10.1.2.1 eq 80

The access control list (ACL) statement reads from left to right as – permit all tcp traffic from source host only to destination host that is http (80). The tcp keyword refers to an application (http) that is TCP-based. The udp keyword is used for applications that are UDP-based such as SNMP for example.


Extended ACL Example 2

What is the purpose or effect of applying the following ACL?

            access-list 100 deny ip host 192.168.1.1 host 192.168.3.1

            access-list 100 permit ip any any

The first statement denies all application traffic from host-1 (192.168.1.1) to web server (host 192.168.3.1). The ip keyword refers to Layer 3 and affects all protocols and applications at layer 3 and higher. The last statement is required to permit all other traffic.


Extended ACL Example 3

What is the purpose or effect of applying the following ACL?

            access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq telnet

            access-list 100 permit ip any any

The first statement permits Telnet traffic from all hosts assigned to subnet 192.168.1.0/24 subnet. The tcp keyword is Layer 4 and affects all protocols and applications at Layer 4 and higher. The permit tcp configuration allows the specified TCP application (Telnet). The any keyword allows Telnet sessions to any destination host. The last statement is mandatory and required to permit all other traffic.


Extended ACL Example 4

What is the purpose or effect of applying the following ACL?

            access-list 100 permit ip 172.16.1.0 0.0.0.255 host 192.168.3.1

            access-list 100 deny ip 172.16.2.0 0.0.0.255 any

            access-list 100 permit ip any any

  • The first ACL permits only hosts assigned to subnet 172.16.1.0/24 access to all applications on server-1 (192.168.3.1)
  • The second statement denies hosts assigned to subnet 172.16.2.0/24 access to any server. That would include any additional hosts added to that subnet and any new servers added.
  • The last ACL statement is required to permit all other traffic not matching previous filtering statements.
  • ACL is applied to an interface with ip access-group command. Most routers often have multiple interfaces (subnets) with hosts assigned. Any ACL applied outbound to a WAN interface shared by multiple subnets for example, will filter traffic from all hosts for each subnet.