CISCO Academy - CCNA
FEKT-XCASAcad. year: 2019/2020
The course which is part of the updated and official Cisco CCNA Curriculum (CCNA Security), addresses practically the security issues of network devices and network communications. Included topics are: Network security principles, creating a secure network, AAA configuration, use of Radius and TACACS + authentication. Securing of routers. Creating a secure infrastructure using L2 elements, 802.1x technology. Security of end devices. Using Cisco IOS Firewall and Cisco IOS IPS. Cryptography for VPN networks, creating IPSec VPN networks. Cisco ASA firewalls.
Learning outcomes of the course unit
The graduate is able to:
- list the various network threats and attacks and provide their basic characteristics,
- compare two basic AAA protocols,
- select and configure an appropriate security strategy for the network,
- Prepare configuration of secure routing, switching,
- Configure the IPsec VPN network including a description of the required cryptographic protocols,
- operate the Cisco ASA firewall and use it to secure the network.
Course covers the same skills that are validated in the CCNA Security certification exam 210-260.
Student, which is going to attend this course, should be able to:
- use several numeral systems and conversions between them,
- explain and use elementary units common in area of information and communication technologies (ICT), e.g. data size, transmission speed,
- use elementary terms from ICT area, e.g. operating system, memory, process,
- describe architecture of basic network models, i.e. TCP/IP and ISO/OSI,
- describe basic application protocols for user data transfer from TCP/IP suite,
- configure devices and protocols used on local-area level on Cisco CCNA knowledge level.
One of the three following conditions is required: Completed XCA2 course at FEEC BUT, or valid CCNA 200-125 certification or newer, or successfully finished CCNA4 (CCNA Routing and Switching: Connecting Networks 6.0) or newer, even at another Cisco Academy.
Recommended optional programme components
Recommended or required reading
Santos O., Stuppi J.: CCNA security 210-260: official cert guide, Cisco press, 570 stran, 2015. ISBN 978-1-58720-566-8. (EN)
Přednáškové prezentace v angličtině dostupné studentům předmětu zdarma. (EN)
Elektronické interaktivní materiály přístupné na portálu Cisco Academy Online, dostupné pro studenty předmětu zdarma. (EN)
Planned learning activities and teaching methods
Teaching methods include practical laboratories. Course is taking advantage of e-learning (Moodle) system.
Assesment methods and criteria linked to learning outcomes
Up to 11 points from partial tests.
Up to 19 points from final theoretical test.
Up to 70 points from final practical exam.
The exam from the course will take place in person and/or remotely.
Language of instruction
1. Principles of network security, network threats and attacks. Design of secure network.
2. Securing of administrative access to router.
3. Configuration of Authentication, Authorization and Accounting (AAA) on Cisco devices. Authentication with RADIUS and TACACS+ services.
4. Use of Cisco IOS Firewall technologies - packet filters, control of application protocols, advanced filtering with ACLs, zone-based firewall.
5. Intrusion Prevention System (IPS) on routers.
6. Securing of L2 devices (switches).
7. Cryptography for VPN network - symmetric and asymmetric ciphers.
8. Configuration of IPsec VPN networks.
9. Basics of configuration of Cisco ASA firewalls based on CLI.
10. Basics of configuration of Cisco ASA firewalls based on ASDM.
11. Comprehensive configuration of network with Cisco ASA firewall, case study 1.
12. Comprehensive configuration of network with Cisco ASA firewall, case study 2.
13. Final theoretical exam, final practical exam.
The aim of the course is to provide students with a comprehensive orientation in the field of security of network active devices. In addition to the theoretical concepts, they will be familiar with Authentication, Authorization and Accounting (AAA) technology, ways of setting security on routers and also second layer devices. They will learn how to configure Virtual Private Network (VPN) networks and use Intrusion Prevention Systems (IPS) that can be used as an extension of Cisco Operating Systems (IOS). Students will also be introduced to the Cisco Adaptive Security Appliance (ASA) firewalls.
Specification of controlled education, way of implementation and compensation for absences
Attendance on laboratories is compulsory, properly excused laboratories can be filled after talking to the lecturer.
Classification of course in study plans
- Programme IBEP-TZ Bachelor's
branch TZ-IBP , 1. year of study, summer semester, 3 credits, optional
branch TZ-IBP , 2. year of study, summer semester, 3 credits, optional
branch TZ-IBP , 3. year of study, summer semester, 3 credits, optional
- Programme EEKR-M1 Master's
branch M1-BEI , 1. year of study, summer semester, 3 credits, general knowledge
branch M1-TIT , 1. year of study, summer semester, 3 credits, general knowledge
branch M1-KAM , 1. year of study, summer semester, 3 credits, general knowledge
branch M1-EVM , 1. year of study, summer semester, 3 credits, general knowledge
branch M1-EST , 1. year of study, summer semester, 3 credits, general knowledge
branch M1-MEL , 1. year of study, summer semester, 3 credits, general knowledge
branch M1-SVE , 1. year of study, summer semester, 3 credits, general knowledge
branch M1-EEN , 1. year of study, summer semester, 3 credits, general knowledge
- Programme IBEP-V Master's
branch V-IBP , 1. year of study, summer semester, 3 credits, general knowledge
- Programme EEKR-M1 Master's
- Programme IBEP-V Master's
branch V-IBP , 2. year of study, summer semester, 3 credits, general knowledge