Exam Number/Code : 640-802

Exam Name : Cisco Certified Network Associate(CCNA)

Questions and Answers : 292 Q&As

Cost: $89.00

1.Free 640-802 Demo Download

51-Pass offers free demo for CCNA 640-802 exam Cisco Certified Network Associate(CCNA). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

Download 640-802 Exam Pdf Demo

Download 640-802 Exam iEngine Demo

2. We offer free update service for one year.

After you purchase our product, we will offer free update in time for one year.

3.100% Guarantee to Pass Your 640-802 Exam

If you do not pass the CCNA 640-802 exam cisco Certified Network Associate(CCNA) on your first attempt using our 51-Pass testing engine, we will give you a FULL REFUND of your purchasing fee.

4.Cisco 640-802 Downloadable, Printable Exams (in PDF format)

Our Exam 640-802 Preparation Material provides you everything you will need to take your 640-802 Exam. The 640-802 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.

5.640-802 Downloadable, Interactive Testing engines

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our SUN 640-802 Exam will provide you with exam questions with verified answers that reflect the actual exam . These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 640-802 Exam:100% Guarantee to Pass Your CCNA exam and get your CCNA Certification.

51-Pass professional provides CCNA 640-802 the newest Q&A, completelycovers 640-802 test original topic. With our completed CCNA resources,you will minimize your CCNA cost and be ready to pass your 640-802 test on Your First Try, 100% Money Back Guarantee included!

Cisco certification is a complete technical pyramid certificate system which is set up by Cisco company for promoting Cisco

technology, cultivating the network management construction and designing troubleshooting personnel. Candidates can use the

obtained Cisco certificates as valid proof of salary change or company qualification. Since Cisco certification has been

established in 1992, there are total of 600,000 CCNA, over 100,000 CCNP and 20,000 CCIE in global, which has a growing influence on

this field.
  The exam time of Cisco certification is decided by candidates themselves. Only if the candidates would like to take the exam,

then they register in the test center and pay for the exam fee, then they can take the exam.
  The exam language of Cisco certification is English. The exam type of Cisco certification is mainly multiple-choice, single-

choice and drag and drop questions. Some of subjects has simulation questions.
  How to prepare your Cisco certification exams? I think you can choose some practice exams to read, then you can learn the exam

type, exam duration, then you will be more confident to take the exam. There are so many braindumps resources on the internet,

TestPassport is the best site which offers the latest dumps for Cisco certification exams.

Others 646-363考試題庫由 TestPassPort 資深IT認證講師和Others產品專家結合PROMETRIC或VUE的真實646-363考試環境最新原題傾心打造。題庫覆蓋了當前最新的真實考題，並且全部附有正確答案。
1. Cisco SMARTnet maintains the operational health of your network through Cisco expertise and
resources that promote greater uptime and extend the value of your IT investment. Which service is
provided by Cisco SMARTnet?
A. upgrade discounts
B. Free CCO account
C. Cisco Learning Credits
D. around-the-clock access to Cisco Technical Access Center
Answer: D
2. How can mobile devices and wireless networks be secured?
A. by securely deploying new applications with appropriate performance levels
B. by providing security that is based on a multilayer, system-level approach
C. by looking subjectively at network traffic for abnormal flows
D. by requiring a host-based hardware application
Answer: B

640-444 Cisco IP Telephony(CIPT)
640-460 IIUC Implementing Cisco IOS Unified Communications (IIUC)
640-552 Cisco Securing Cisco Network Devices Exam
640-553 IINS Implementing Cisco IOS Network Security
640-801 Cisco Certified Network Associate (CCNA)
640-802 Cisco Certified Network Associate(CCNA)
640-811 Interconnecting Cisco Networking Devices
640-816 Interconnecting Cisco Networking Devices Part 2
640-821 Introduction to Cisco Networking Technologies
640-822 Interconnecting Cisco Networking Devices Part 1
640-861 CCDA Cisco Certified Design Associate
640-863 Designing for Cisco Internetwork Solutions
642-052 Routing and Switching SE/FE
642-053  Access Routing and LAN Switching Routing and Switching SE/FE Exam
642-054 RSSSE Routing and Switching Solutions for Systems Engineers
642-055 ARSFE Advanced Routing and Switching for Field Engineers
642-061 Routing and Switching Solutions for System Engineers
642-066 Advanced Routing and Switching for Field Engineers
642-071 Cisco Unity and Design Networking(CUDN)
642-072 Cisco Unity Design and Networking(CUDN)
642-081 Business Ready Teleworker Solution Fundamentals
642-091 CRM Express lntegration
642-104 Unified Communication for System Engineers Exam
642-105 Implementing Cisco Unified Messaging
642-143 Communications IP Telephony Express Exam
642-144 IP Telephony Express(IPTX)
642-145 Implementing Cisco IOS Unified Communications Advanced
642-162 IP Contact Center Express Implementation Exam
642-164 Unified Communications Contact Center Express.(UCCX)
642-176 Small Medium Business for Engineers
642-241 Unified Contact Center Enterprise Design (UCCED)
642-242 Unified Contact Center Enterprise Implementation(UCCEI)
642-311 Cisco Optical SONET Exam (SONET)
642-321 Cisco Optical SDH Exam (SDH)
642-342 Content Networking Exam (CN)
642-353 Cisco Storage Networking Design Specialist
642-354 Cisco Storage Networking Support Specialist(CSNSS)
642-355 Cisco Storage Networking Solutions Design Specialist (CSSDS)
642-356 Cisco Storage Networking Solutions Support Specialist(CSSSS)
642-371 Foundation Express for Systems Engineers(FOUNDSE)
642-372 Cisco Express Foundation for Systems Engineers
642-373 Cisco Express Foundation for Systems Engineers
642-381 FoundFE Foundation Express for Field Engineers
642-382 ciso gold cert
642-383 Cisco Express Foundation for Field Engineers
642-414 Communications Telephony Design Exam
642-415 Unified Communications Architecture and Design
642-425 IP Telephony Troubleshooting
642-426 Troubleshooting Unified Communications (TUC)
642-432 Cisco Voice Over IP
642-436 Cisco Voice over IP (CVOICE)
642-444 IP Telephony Exam (CIPT)
642-445 Cisco IP Telephony for Release 5.x
642-446 Implementing Cisco Unified Communications IP Telephony Part 1
642-452 Gateway Gatekeeper Exam (GWGK)
642-453 Gateway Gatekeeper Exam (GWGK)
642-456 Implementing Cisco Unified Communications Manager Part 2 (CIPT2 v6.0)
642-481 Cisco Rich Media Communications(CRMC)
642-502 Securing Networks with Cisco Routers and Switches Exam(SNRS)
642-503 Securing Networks with Cisco Routers and Switches
642-504 Securing Networks with Cisco Routers and Switches
642-511 VPN and Security Cisco Secure Virtual Private Networks (CSVPN)
642-513 Securing Hosts Using Cisco Security Agent Exam (HIPS)
642-521 Cisco Secure PIX Firewall Advanced
642-522 Securing Networks with PIX and ASA Exam(SNPA)
642-523 Securing Networks with PIX and ASA
642-524 Securing Networks with ASA Foundation
642-531 Cisco Secure Intrusion Detection Systems Exam
642-532 Securing Networks Using Intrusion Prevention Systems Exam (IPS)
642-533 Implementing Cisco Intrusion Prevention System (IPS)
642-541 VPN and Security Cisco SAFE Implementation Exam (CSI)
642-542 Cisco SAFE Implementation Exam
642-544 Implementing Cisco Security Monitoring, Analysis and Response System
642-551 Securing Cisco Network Devices Exam(SND)
642-552 Securing Cisco Network Devices Exam
642-564 Security Solutions for Systems Engineers(SSSE)
642-565 Security Solutions for Systems Engineers(SSSE)
642-566 Security Solutions for Systems Engineers Exam
642-567 Advanced Security for Field Engineers
642-577 Wireless LAN Wireless LAN for System Engineers (WLANSE)
642-582 Wireless LAN Wireless LAN for Field Engineers Exam
642-586 Advanced Wireless LAN for System Engineers
642-587 Advanced Wireless LAN for Field Engineers
642-591 Implementing Cisco NAC Appliance
642-611 CCIP Implementing Cisco MPLS Exam (MPLS)
642-642 Quality of Service (QoS)
642-651 Cisco Wide Area Application Services for System Engineers exam
642-652 Wide Area Application Services for Field Engineers
642-661 CCIP Configuring BGP on Cisco Routers (BGP)
642-691 CCIP BGP + MPLS Exam (BGP + MPLS)
642-801 Building Scalable Cisco Internetworks(BSCI)
642-811 Building Cisco Multilayer Switched Networks (BCMSN)
642-812 Building Cisco Multilayer Switched Networks
642-821 Building Cisco Remote Access Networks (BCRAN)
642-825 Implementing Secure Converged Wide Area Networks
642-831 Cisco Internetwork Troubleshooting (CIT)
642-845 Optimizing Converged Cisco Networks
642-871 Designing Cisco network Service Architectures (ARCH)
642-873 Designing Cisco network Service Architectures (ARCH)
642-891 Composite Exam
642-892 Composite Exam
642-901 Building Scalable Cisco Internetworks
642-961 Cisco Data Center Networking Infrastructure Solutions design
642-964 Cisco Data Center Networking Infrastructure Solutions Support
642-971 Data Center Networking Infrastructure Design Specialist
642-972 Data Center Application Services Design
642-973 Cisco Data Center Networking Infrastructure
642-974 Data Center Networking Infrastructure Support Specialist
642-975 Cisco Data Center Application Services Implementation
646-002 Advanced Routing and Switching for Account Managers
646-003 Advanced Routing and Switching for Account Managers
646-011 Storage Networking Cisco Storage Sales Specialist (CSSS)
646-056 Advanced Routing and Switching Life Cycle Services (LCSARS)
646-057 Access Routing and LAN Switching Routing and Switching AM Exam
646-058 Lifecycle Services Advanced Routing and Switching (LSARS)
646-096 CRM Express for Account Managers
646-102 Wireless LAN Wireless LAN for Account Managers Exam (WLANAM)
646-151 Cisco Sales Associate Exam
646-171 Small Medium Business for Account Managers
646-202 Sales Expert Cisco Sales Expert Exam (CSE)
646-203 Cisco Sales Expert(CSE)
646-204 Cisco Sales Expert
646-222 IP Communications Express Account Manager (IPCXAM)
646-223 Unified Communications Express AM
646-227 Lifecycle Services Advanced IP Communications Exam
646-228 Lifecycle Services Advanced IP Communications(LSAIPC)
646-229 IP Communications Advanced Account Manager
646-230 Advanced Unified Communications AM
646-301 VPN and Security VPN/Security
646-361 Foundation Express for Account Managers(FOUNDAM)
646-362 Cisco Express Foundation for Account Managers
646-363 Cisco Express Foundation for Account Managers
646-391 Cisco Lifecycle Services Express(LCSE)
646-392 Lifecycle Services Exam(LCSE)
646-561 Advanced Security for Account Manager(ASAM)
646-562 Security for Account Managers (ASAM)
646-563 Advanced Security for Account Managers Exam
646-573 Cisco Lifecycle Services Advanced Security(LCSAS)
646-574 le Services Advanced Security (LCSAS)
646-588 Advanced Wireless LAN for Account Managers
646-589 Cisco Lifecycle Services Advanced Wireless(LCSAWLAN)
646-590 Lifecycle Services Advanced Wireless(LCSAWLAN)
646-653 Wide Area Application Services for Account Managers(WAASAM)
646-967 Cisco Data Center Networking Sales Specialist (CDCNSS) exam : 646-967 Exam
646-976 Data Center Networking Sales Specialist
650-059 LCSARS Cisco Lifecycle Services Advanced Routing and Switching
650-173 Communications System for Account Managers
650-178 Communications System for Engineers
650-251 LCSAUC Cisco Lifecycle Services Advanced IP Communications
650-393 LCSE Cisco Lifecycle Services Express
650-575 Cisco Lifecycle Services Advanced Security
650-621 Advanced Wireless LAN
640-721 Implementing Cisco Unified Wireless Networking Essentials (IUWNE)
350-050 CCIE Wireless Beta Written Exam
350-001 CCIE Cisco Certified InterNetworking Expert
350-018 CCIE Pre-Qualification Test for Security
350-020 CCIE SP Optical Qualification Exam
350-021 CCIE SP Cable Qualification Exam
350-022 CCIE Written, Service Provider: DSL
350-023 CCIE Written: WAN Switching
350-024 CCIE SP IP Telephony Qualification Exam
350-025 CCIE Service Provider Dial
350-026 CCIE SP Content Networking ENU
350-027 CCIE Written: Metro Ethernet
350-029 CCIE SP Written Exam
350-030 CCIE Voice Written
350-040 CCIE Storage Networking
如需購買Cisco考古題請到TestPassPort官方網站購買（www.testpassport.net），TestPassPort優惠活動購買上述考題可以享受特殊優惠，購買時輸入testpassport即可享受九五折優惠，購買壹科優惠5% 兩科優惠10% 三科優惠15% 四科優惠20% 五科優惠… 可以累積計算，無時間限制.免費提供Demo下載，可以預覽使用考題！

學會理解掌握Cisco錯誤消息

理解Cisco錯誤消息
　　錯誤消息格式

　　系統錯誤消息格式如下：
　　%Facility – subfacility – Severity – Mnemonic ： Message Text
　　Facility 它指出錯誤消息涉及的設備名。該值可以是協議、硬件設備或者系統軟件模塊。
　　Subfacility 它僅與通道接口處理器(CIP)卡有關。詳細的信息可以參見Cisco文檔的相關章節。
　　Severity 它是壹個範圍在0到7之間的數字。數字的值越小，嚴重程度越高。
　　Mnemonic 唯壹標識錯誤消息的單值代碼。該代碼通常可以暗示錯誤的類型。
　　Message Text 它是錯誤消息的簡短描述，其中包括涉及的路由器硬件和軟件信息。

　　下面是壹些錯誤消息的示例。用戶可以查閱CCO ISO文檔的系統錯誤消息壹節，以查找這些錯誤消息的說明。
      %DUAL-3-SIA：Route 171.155.148.192/26 stuck-in-active state in IP-EIGP 211. Cleaning up
　　%LANCE-3-OWNERR: Unit 0, buffer ownership error

　　需要注意的是，並不是所有的消息都涉及到故障或者問題的狀況。某些消息顯示的是狀態方面的信息。例如，以下消息僅表明ISDN BRI 0接口與

特定的遠端數據連接。
      %ISDN-6-CONNECT: Interface BRI0 is now connected to 95551212

　　Traceback Report
      某些與路由器內部錯誤相關的錯誤消息包含了traceback信息。在向Cisco TAC報告錯誤時，應在錯誤描述中加入這些信息。

錯誤消息和事件信息的日志

　　根據錯誤消息的重要性和有效性，Cisco錯誤消息可以被記錄到以下位置：

　　& #61550;  ;; 控制台
　　& #61550;  ;; 虛擬終端
　　& #61550;  ;; Syslog服務器
　　& #61550;  ;; 內部緩沖區

　　logging on命令使日志消息的輸出到上述位置。對于Syslog服務器，必須使用下述全局配置命令指明服務器的IP地址：
   　logging ip-address

　　通過反複使用這壹命令，可以建立壹個服務器的列表。在管理大型網絡時，通常需要設置冗余服務器。

　　logging buffered命令用于將日志信息發送到內部緩沖區。緩沖區的大小必須在4096字節以上。缺省值根據系統平台的不同而不同。用戶需要選

擇適合環境的緩沖區大小。如果緩沖區太小，新的消息將會覆蓋舊的消息。這有可能會導致問題。但是，如果緩沖區大小過大將會浪費系統緩存。no

logging buffered命令將禁止消息被寫入內部緩存。

　　用戶可以使用show logging命令顯示內部緩沖區的內容。如果用戶需要某壹時間段的信息，首先使用NTP或者手工設置時鍾，具體操作爲：
　　YH-Router#clock set 11:37:00 December 2000
　　YH-Router#sh clock
　　11:37:03.596 PST Fri Dec 11 2000

　　日志消息的時間戳和調試信息可以使用以下全局配置命令：
　　YH-Router (config)#service timestamps log datetime
　　YH-Router (config)#service timestamps debug datetime

　　terminal monitor命令將在當前終端上顯示調試時的日志信息。該命令不是壹個配置命令。相反，它可以通過telnet到路由器時在命令行方式下

使用。

　　在大多數情況下，用戶可能需要顯示某壹級別的日志信息。因此，日志信息被分爲八個不同的級別，按照重要程度由高到低排列如下：
　　& #61550;  ;; Emergencies
　　& #61550;  ;; Alerts
　　& #61550;  ;; Critical
　　& #61550;  ;; Errors
　　& #61550;  ;; Warnings
　　& #61550;  ;; Notifications
　　& #61550;  ;; Informational
　　& #61550;  ;; Debugging  

　　例如，需要在控制台上顯示嚴重程度等于或者大于警告(Warning)的所有日志信息，可以使用下述全局配置命令：
　　logging console warning

　　類似的，將某種類型的日志信息發送到當前的終端時，使用
　　logging monitor level

　　或者將信息發送到Syslog服務器時使用
　　logging trap level

　　與terminal monitor命令不同，logging monitor命令是路由器配置的壹部分。前壹種命令不允許在不同的安全級別下執行。

　　需要注意的是，將日志記錄到不同的位置時，系統開銷變化很大。將日志記錄到控制台的開銷比較大，然而將日志記錄到虛擬終端時開銷較小。

使用Syslog服務器時開銷更小。系統開銷最小的日志寫入方式是寫入內部緩沖區。

核心轉儲(Core Dump)

　　爲了查找路由器崩潰的原因，我們可以使用許多命令來獲取有效的信息。其中我們已經講解了show stacks命令的用法。核心轉儲是系統內存映象

的拷貝，它可以被寫入到TFTP服務器中。從這個二進制文件中，我們可以獲得與路由器崩潰或者嚴重誤操作相關的信息，通過這些信息可以排除可能

的故障。

　　下面的配置命令將核心轉儲寫入到命令中IP地址對應的TFTP服務器上：
　　exception dump ip-address

　　write core命令通常用于路由器發生嚴重的誤操作但是沒有完全崩潰時，保存核心映像。

　　只有運行IOS v 9.0或更高版本的服務器才可以使用核心轉儲。但是，需要注意的是，在使用核心轉儲時，最好獲取有經驗的工程師或者Cisco

TAC的支持。

結束語

　　要順利地診斷並排除網絡故障，網絡工程技術人員必須掌握兩種基本的技能。首先是對網絡技術和協議要有清楚的理解，它是診斷與排除網絡故

障的基礎。沒有適當的知識和經驗，故障診斷與排除工具比如路由器診斷命令和網絡分析儀都不能發揮其作用。

　　網絡工程技術人員必須掌握的第二種技能是將所掌握的知識以有條理的方式應用于診斷和排除網絡故障的過程中。本文雖然只闡述了壹些診斷的

命令，但需要強調的是：故障診斷與排除是壹種結構化的方法。許多工程技術人員認爲故障診斷與排除計劃不如研究和應用技術本身重要。事實上，

正確的計劃在故障診斷與排除過程中往往起決定性的作用。在故障排除過程中，壹個偶然的行爲可能使故障得以順利解決，但是它不能替代結構化的

故障診斷與排除方法。

　　網絡故障的排除是壹項系統工程，應該經過定義問題、搜集事實、基于事實考慮可能性、建立行動計劃、實施計劃、觀察結果和循環過程等步驟

，這壹過程就如同軟件開發過程的瀑布模型，其重要性是不言而喻的。

壹,路由器訪問控制的安全配置
1,嚴格控制可以訪問路由器的管理員。任何壹次維護都需要記錄備案。
2,建議不要遠程訪問路由器。即使需要遠程訪問路由器，建議使用訪問控制列表和高強度的密碼控制。
3,嚴格控制CON端口的訪問。具體的措施有：
A,如果可以開機箱的，則可以切斷與CON口互聯的物理線路。
B,可以改變默認的連接屬性，例如修改波特率(默認是96000，可以改爲其他的)。
C,配合使用訪問控制列表控制對CON口的訪問。
如：Router(Config)#Access-list 1 permit 192.168.0.1
    Router(Config)#line con 0
    Router(Config-line)#Transport input none
    Router(Config-line)#Login local
    Router(Config-line)#Exec-timeoute 5 0
    Router(Config-line)#access-class 1 in
    Router(Config-line)#end
D,給CON口設置高強度的密碼。
4,如果不使用AUX端口，則禁止這個端口。默認是未被啓用。禁止如：
  Router(Config)#line aux 0
  Router(Config-line)#transport input none
  Router(Config-line)#no exec
5,建議采用權限分級策略。如：
Router(Config)#username BluShin privilege 10 G00dPa55w0rd
Router(Config)#privilege EXEC level 10 telnet
Router(Config)#privilege EXEC level 10 show ip access-list
6,爲特權模式的進入設置強壯的密碼。不要采用enable password設置密碼。而要采用enable secret命令設置。並且要啓用Service password-encryption。
7,控制對VTY的訪問。如果不需要遠程訪問則禁止它。如果需要則壹定要設置強壯的密碼。由于VTY在網絡的傳輸過程中爲加密，所以需要對其進行嚴格的控制。如：設置強壯的密碼；控制連接的並發數目；采用訪問列表嚴格控制訪問的地址；可以采用AAA設置用戶的訪問控制等。
8,IOS的升級和備份，以及配置文件的備份建議使用FTP代替TFTP。如：
Router(Config)#ip ftp username BluShin
Router(Config)#ip ftp password 4tppa55w0rd
Router#copy startup-config ftp:
9,及時的升級和修補IOS軟件。
[page]

二,路由器網絡服務安全配置
1,禁止CDP(Cisco Discovery Protocol)。如：
  Router(Config)#no cdp run
  Router(Config-if)# no cdp enable
2,禁止其他的TCP、UDP Small服務。
  Router(Config)# no service tcp-small-servers
  Router(Config)# no service udp-samll-servers
3,禁止Finger服務。
  Router(Config)# no ip finger
  Router(Config)# no service finger
4,建議禁止HTTP服務。
  Router(Config)# no ip http server
如果啓用了HTTP服務則需要對其進行安全配置：設置用戶名和密碼；采用訪問列表進行控制。如：
Router(Config)# username BluShin privilege 10 G00dPa55w0rd
Router(Config)# ip http auth local
Router(Config)# no access-list 10
Router(Config)# access-list 10 permit 192.168.0.1
Router(Config)# access-list 10 deny any
Router(Config)# ip http access-class 10
Router(Config)# ip http server
Router(Config)# exit
5,禁止BOOTp服務。
  Router(Config)# no ip bootp server
禁止從網絡啓動和自動從網絡下載初始配置文件。
  Router(Config)# no boot network
  Router(Config)# no servic config
6,禁止IP Source Routing。
  Router(Config)# no ip source-route
7,建議如果不需要ARP-Proxy服務則禁止它，路由器默認識開啓的。
  Router(Config)# no ip proxy-arp
  Router(Config-if)# no ip proxy-arp
8,明確的禁止IP Directed Broadcast。
  Router(Config)# no ip directed-broadcast
9,禁止IP Classless。
  Router(Config)# no ip classless
10,禁止ICMP協議的IP Unreachables,Redirects,Mask Replies。
  Router(Config-if)# no ip unreacheables
  Router(Config-if)# no ip redirects
  Router(Config-if)# no ip mask-reply
11,建議禁止SNMP協議服務。在禁止時必須刪除壹些SNMP服務的默認配置。或者需要訪問列表來過濾。如：
  Router(Config)# no snmp-server community public Ro
  Router(Config)# no snmp-server community admin RW
  Router(Config)# no access-list 70
  Router(Config)# access-list 70 deny any
  Router(Config)# snmp-server community MoreHardPublic Ro 70
  Router(Config)# no snmp-server enable traps
  Router(Config)# no snmp-server system-shutdown
  Router(Config)# no snmp-server trap-anth
  Router(Config)# no snmp-server
  Router(Config)# end
12,如果沒必要則禁止WINS和DNS服務。
  Router(Config)# no ip domain-lookup
  如果需要則需要配置：
  Router(Config)# hostname Router
  Router(Config)# ip name-server 202.102.134.96
13,明確禁止不使用的端口。
  Router(Config)# interface eth0/3
  Router(Config)# shutdown
[page]

三,路由器路由協議安全配置
1,首先禁止默認啓用的ARP-Proxy，它容易引起路由表的混亂。
Router(Config)# no ip proxy-arp 或者
Router(Config-if)# no ip proxy-arp
2,啓用OSPF路由協議的認證。默認的OSPF認證密碼是明文傳輸的，建議啓用MD5認證。並設置壹定強度密鑰(key,相對的路由器必須有相同的Key)。
  Router(Config)# router ospf 100
Router(Config-router)# network 192.168.100.0 0.0.0.255 area 100
! 啓用MD5認證。
! area area-id authentication 啓用認證，是明文密碼認證。
！area area-id authentication message-digest
Router(Config-router)# area 100 authentication message-digest
Router(Config)# exit
Router(Config)# interface eth0/1
！啓用MD5密鑰Key爲routerospfkey。
！ip ospf authentication-key key 啓用認證密鑰，但會是明文傳輸。
！ip ospf message-digest-key key-id(1-255) md5 key
Router(Config-if)# ip ospf message-digest-key 1 md5 routerospfkey
3,RIP協議的認證。只有RIP-V2支持，RIP-1不支持。建議啓用RIP-V2。並且采用MD5認證。普通認證同樣是明文傳輸的。
Router(Config)# config terminal
! 啓用設置密鑰鏈
Router(Config)# key chain mykeychainname
Router(Config-keychain)# key 1
！設置密鑰字串
Router(Config-leychain-key)# key-string MyFirstKeyString
Router(Config-keyschain)# key 2
Router(Config-keychain-key)# key-string MySecondKeyString
！啓用RIP-V2
Router(Config)# router rip
Router(Config-router)# version 2
Router(Config-router)# network 192.168.100.0
Router(Config)# interface eth0/1
! 采用MD5模式認證，並選擇已配置的密鑰鏈
Router(Config-if)# ip rip authentication mode md5
Router(Config-if)# ip rip anthentication key-chain mykeychainname
4,啓用passive-interface命令可以禁用壹些不需要接收和轉發路由信息的端口。建議對于不需要路由的端口，啓用passive-interface。但是，在RIP協議是只是禁止轉發路由信息，並沒有禁止接收。在OSPF協議中是禁止轉發和接收路由信息。
! Rip中，禁止端口0/3轉發路由信息
Router(Config)# router Rip
Router(Config-router)# passive-interface eth0/3
！OSPF中，禁止端口0/3接收和轉發路由信息
Router(Config)# router ospf 100
Router(Config-router)# passive-interface eth0/3
5,啓用訪問列表過濾壹些垃圾和惡意路由信息,控制網絡的垃圾信息流。
Router(Config)# access-list 10 deny 192.168.1.0 0.0.0.255
Router(Config)# access-list 10 permit any
! 禁止路由器接收更新192.168.1.0網絡的路由信息
Router(Config)# router ospf 100
Router(Config-router)# distribute-list 10 in
！禁止路由器轉發傳播192.168.1.0網絡的路由信息
Router(Config)# router ospf 100
Router(Config-router)# distribute-list 10 out
6,建議啓用IP Unicast Reverse-Path Verification。它能夠檢查源IP地址的准確性，從而可以防止壹定的IP Spooling。但是它只能在啓用CEF(Cisco Express Forwarding)的路由器上使用。
Router# config t
! 啓用CEF
Router(Config)# ip cef
！啓用Unicast Reverse-Path Verification
Router(Config)# interface eth0/1
Router(Config)# ip verify unicast reverse-path

四,路由器其他安全配置
1,及時的升級IOS軟件，並且要迅速的爲IOS安裝補丁。
2,要嚴格認真的爲IOS作安全備份。
3,要爲路由器的配置文件作安全備份。
4,購買UPS設備，或者至少要有冗余電源。
5,要有完備的路由器的安全訪問和維護記錄日志。
6,要嚴格設置登錄Banner。必須包含非授權用戶禁止登錄的字樣。
7,IP欺騙得簡單防護。如過濾非公有地址訪問內部網絡。過濾自己內部網絡地址；回環地址(127.0.0.0/8)；RFC1918私有地址；DHCP自定義地址(169.254.0.0/16)；科學文檔作者測試用地址(192.0.2.0/24)；不用的組播地址(224.0.0.0/4)；SUN公司的古老的測試地址(20.20.20.0/24;204.152.64.0/23)；全網絡地址(0.0.0.0/8)。
Router(Config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 any log
Router(Config)# access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
Router(Config)# access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
Router(Config)# access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
Router(Config)# access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
Router(Config)# access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
Router(Config)# access-list 100 deny ip 192.0.2.0 0.0.0.255 any log
Router(Config)# access-list 100 deny ip 224.0.0.0 15.255.255.255 any
Router(Config)# access-list 100 deny ip 20.20.20.0 0.0.0.255 any log
Router(Config)# access-list 100 deny ip 204.152.64.0 0.0.2.255 any log
Router(Config)# access-list 100 deny ip 0.0.0.0 0.255.255.255 any log
8,建議采用訪問列表控制流出內部網絡的地址必須是屬于內部網絡的。如：
Router(Config)# no access-list 101
Router(Config)# access-list 101 permit ip 192.168.0.0 0.0.0.255 any
Router(Config)# access-list 101 deny ip any any log
Router(Config)# interface eth 0/1
Router(Config-if)# description “internet Ethernet”
Router(Config-if)# ip address 192.168.0.254 255.255.255.0
Router(Config-if)# ip access-group 101 in
9,TCP SYN的防範。如：
A: 通過訪問列表防範。
Router(Config)# no access-list 106
Router(Config)# access-list 106 permit tcp any 192.168.0.0 0.0.0.255 established
Router(Config)# access-list 106 deny ip any any log
Router(Config)# interface eth 0/2
Router(Config-if)# description “external Ethernet”
Router(Config-if)# ip address 192.168.1.254 255.255.255.0
Router(Config-if)# ip access-group 106 in
B：通過TCP截獲防範。(這會給路由器産生壹定負載)
Router(Config)# ip tcp intercept list 107
Router(Config)# access-list 107 permit tcp any 192.168.0.0 0.0.0.255
Router(Config)# access-list 107 deny ip any any log
Router(Config)# interface eth0
Router(Config)# ip access-group 107 in
10,LAND.C 進攻的防範。
Router(Config)# access-list 107 deny ip host 192.168.1.254 host 192.168.1.254 log
Router(Config)# access-list permit ip any any
Router(Config)# interface eth 0/2
Router(Config-if)# ip address 192.168.1.254 255.255.255.0
Router(Config-if)# ip access-group 107 in
11,Smurf進攻的防範。
Router(Config)# access-list 108 deny ip any host 192.168.1.255 log
Router(Config)# access-list 108 deny ip any host 192.168.1.0 log
12,ICMP協議的安全配置。對于進入ICMP流，我們要禁止ICMP協議的ECHO、Redirect、Mask request。也需要禁止TraceRoute命令的探測。對于流出的ICMP流，我們可以允許ECHO、Parameter Problem、Packet too big。還有TraceRoute命令的使用。
! outbound ICMP Control
Router(Config)# access-list 110 deny icmp any any echo log
Router(Config)# access-list 110 deny icmp any any redirect log
Router(Config)# access-list 110 deny icmp any any mask-request log
Router(Config)# access-list 110 permit icmp any any
! Inbound ICMP Control
Router(Config)# access-list 111 permit icmp any any echo
Router(Config)# access-list 111 permit icmp any any Parameter-problem
Router(Config)# access-list 111 permit icmp any any packet-too-big
Router(Config)# access-list 111 permit icmp any any source-quench
Router(Config)# access-list 111 deny icmp any any log
! Outbound TraceRoute Control
Router(Config)# access-list 112 deny udp any any range 33400 34400
! Inbound TraceRoute Control
Router(Config)# access-list 112 permit udp any any range 33400 34400
13,DDoS(Distributed Denial of Service)的防範。
! The TRINOO DDoS system
Router(Config)# access-list 113 deny tcp any any eq 27665 log
Router(Config)# access-list 113 deny udp any any eq 31335 log
Router(Config)# access-list 113 deny udp any any eq 27444 log
! The Stacheldtraht DDoS system
Router(Config)# access-list 113 deny tcp any any eq 16660 log
Router(Config)# access-list 113 deny tcp any any eq 65000 log
! The TrinityV3 System
Router(Config)# access-list 113 deny tcp any any eq 33270 log
Router(Config)# access-list 113 deny tcp any any eq 39168 log
! The SubSeven DDoS system and some Variants
Router(Config)# access-list 113 deny tcp any any range 6711 6712 log
Router(Config)# access-list 113 deny tcp any any eq 6776 log
Router(Config)# access-list 113 deny tcp any any eq 6669 log
Router(Config)# access-list 113 deny tcp any any eq 2222 log
Router(Config)# access-list 113 deny tcp any any eq 7000 log
13,建議啓用SSH，廢棄掉Telnet。但只有支持並帶有IPSec特征集的IOS才支持SSH。並且IOS12.0-IOS12.2僅支持SSH-V1。如下配置SSH服務的例子：
Router(Config)# config t
Router(Config)# no access-list 22
Router(Config)# access-list 22 permit 192.168.0.22
Router(Config)# access-list deny any
Router(Config)# username BluShin privilege 10 G00dPa55w0rd
! 設置SSH的超時間隔和嘗試登錄次數
Router(Config)# ip ssh timeout 90
Router(Config)# ip ssh anthentication-retries 2
Router(Config)# line vty 0 4
Router(Config-line)# access-class 22 in
Router(Config-line)# transport input ssh
Router(Config-line)# login local
Router(Config-line)# exit
！啓用SSH服務，生成RSA密鑰對。
Router(Config)# crypto key generate rsa
The name for the keys will be: router.blushin.org
Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys .Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus[512]: 2048
Generating RSA Keys…
[OK]
Router(Config)#

在網絡日常管理與維護的工作中，妳是否遇到過這種現象：由于忘記了口令，妳被原來親切的“朋友”——路由器或交換機強行拒于門外，無法進行參數的重新設置、信息統計。下面就針對幾種常見而重要的網絡設備的口令清除方法談談本人的壹點“小竅門”。
　　適用範圍：所有IOS在10.0及以上版本的Cisco 2000、2500、3000、4000、7000系列路由器。
　　
　　清除步驟如下：
　　
　　1．用路由器所帶的串口線連接到Console口，以下通過Win95的超級終端進行；
　　
　　2．路由器加電後60秒內，按下CTRL(如果不行按CTRL－BREAK)鍵，等待出現“〉”提示符；
　　
　　3．鍵入“〉e/s 2000002”命令，並記錄下返回值，用在後面“Router(config)＃config－register 0×2102”命令中；(通常返回值是2102)
　　
　　4．在“〉”符號後鍵入“o/r 0×42”；
　　
　　5．鍵入“i”, 路由器將重新初始化，對于出現的提示問題，回答No；
　　
　　6．鍵入“Enable”(沒有口令，按回車即可)；
　　
　　7．改變口令(無論是否加密)：
　　
　　a. 輸入“config mem”或“copy startup－config mem”；
　　
　　b. 輸入“write”；
　　
　　c. 輸入“config term”並輸入“enable secret〈password〉”和“enable password〈password〉”，改變口令；
　　
　　8．去掉用戶提示及口令：
　　
　　a．進入虛擬行配置模式，輸入“line vty 0 4”；
　　
　　b．輸入“password〈password〉”，改變口令；
　　
　　c．輸入“login”（可以去掉用戶提示，原來是login local）；
　　
　　9．完成後按Ctrl－z結束；
　　
　　10．輸入“write”保存所做的改變；
　　
　　11．進入特權配置模式，鍵入“config－register 0×2102”(注意，必須完成此步)；
　　
　　12．Write保存配置信息；
　　
　　13．退出配置模式，Reload完成重新啓動路由器即可。
　　
　　說明：o/r 0×42是從Flash中引導路由器，如果不成功，可采用o/r 0×41從ROM中引導路由器，其余操作與o/r 0×42相同，但是最好只在Flash引導不成功或Flash內容被刪除、沒有Flash情況下才用。使用0×41只能查看或刪除配置信息而不能更改口令。
　　
　　
　　Cisco Catalyst 3000配置信息的清除
　　
　　
　　1．在交換機加電啓動時，按住交換機後面板上的Sys Req按鈕5秒鍾，然後松開；
　　
　　2．進入配置選單，選擇“Clear Non－Volatile RAM”，即可清除交換機的所有配置信息（包括口令）。
　　
　　3．根據需要，重新配置參數、口令等。
　　
　　Intel Express交換機口令的清除
　　
　　適用範圍：Intel Express 10 Switch/10 Switch＋/100FX Switch交換機
　　
　　方法壹：
　　
　　1．進入交換機的維護模式（Maintenance Mode），輸入：run defparm，以重啓交換機，把原來的配置變成原始默認設置(原始默認沒有口令)。
　　
　　2．進入維護模式：
　　
　　a．關閉交換機後按下面板上的Maint按鈕，然後給交換機加電；
　　
　　b．按下按鈕保持3秒鍾至System LED 綠色燈快速閃爍；
　　
　　c．釋放Maint按鈕。
　　
　　3.通過交換機的串口，用直連式串口線以9600/N/8/1，兼容VT100的終端模式進入交換機；
　　
　　4.按Enter鍵，直到屏幕上出現命令行提示。
　　
　　方法二：利用Intel交換機的後門
　　
　　Telnet登錄到交換機上，提示輸入用戶名時，隨便輸入壹個，然後輸入通用的口令“debug”，即可進入交換機。
　　
　　3COM NetServer遠程訪問服務器
　　
　　口令的清除
　　
　　查看NetServer Configuration DIP開關，它控制NetServer的硬件配置信息。其中DIP4控制“Erase/Reinitialize Flash Configuration”。
　　
　　清除步驟如下：
　　
　　1．把DIP4撥到ON狀態，當NETServer啓動時，保于Flash的配置信息將會被刪除；
　　
　　2．關閉機器再把DIP4撥到OFF，加電啓動，然後就可以重新配置了。

Q: What are the required finished CCNA certification cost?

A: sit CCNA certification block funded mainly by the two major components: 1. Examination fees; 2. Information charges. CCNA candidates because there are many test programs to address the needs of different groups of people, so Mg list  the most common summary of the cost of two kinds of program list.

CCNA 640-802 Certification Program
CCNA 640-802 certification program for those just beginning their own career planning, the initial contact with the network of basic trainees choose!

CCNA + CCNP
only suitable depth CCNA and CCNP students choose the content!
Relevant information
VUE reservation website registration card Cisco certification exam the whole diagram

000

CCNA 640-822 Training Material Introduce
Cisco 640-822 Certification Exam, a component part of the 640-822, is the only way to a perfect professional life as an IT candidate.
Pass4sure 640-822 contains all the knowledge points required in the Cisco 640-822 Certification Exam. It will be updated in time according to the change of the real exam to make sure that our customers get the most valuable material for the exam. There is no need for our customers to buy other sources.
Before you make your decision to buy our Pass4sure 640-822, you can have a try on our free demo for the exam. You can try it online as well as download it. In this way, you can know the quality of our practice exam and make your best choice.
The Pass4sure 640-822 is built up by a team consisted of professional IT experts. It covers all points of the latest exam and the examination points in recent years. So we are sure that it covers all the knowledge points and at least 95% of the exam questions.
Because of its authoritative sources, Pass4sure 640-822 have been approved to be the key material to IT professional career. Only authoritative experts and famous authors have the access to its composition to make sure that its quality and value.
When you are browsing on our Pass4sure 640-822, if you have any questions, please feel free to ask us on the CONTACT US page or by our Live Chat service. A professional pre-sale and post-sale team is waiting for you in hoping that we can provide you with the convenience and help for the preparation of examination.
Pass4sure 640-822 offers free demo trial. You can check out its interface, question quality and usability before you decide to buy it. In this way, you are never worried about buying it with regret.
If you cannot pass the Cisco 640-822 Certification exam at your first try, we will give you 100% REFUND on our Pass4sure 640-822. If you give up the right to get 100% REFUND, you can enjoy two other coordinate exams completely freely provided by Pass4sure. It up to you! In any case, you will get most here.

000

640-822 ICND1 Exam Syllabus
Interconnecting Cisco Networking Devices Part 1

Exam Number:  640-822    ICND1
Associated Certifications:     CCENT and CCNA
Duration:     90 Minutes (50-60 questions)
Available Languages:     English, Japanese, Chinese, Spanish, Russian, Korean, French
Click Here to Register:     Pearson VUE
Exam Policies:     Read current policies and requirements
Exam Tutorial:     Review type of exam questions

Exam Description

The 640-822 Interconnecting Cisco Networking Devices Part 1 (ICND1) is the exam associated with the Cisco Certified Entry Network Technician certification and a tangible first step in achieving the Cisco Certified Network Associate certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 course. This exam tests a candidate’s knowledge and skills required to successfully install, operate, and troubleshoot a small branch office network. The exam includes topics on networking fundamentals; connecting to a WAN; basic security and wireless concepts; routing and switching fundamentals; the TCP/IP and OSI models; IP addressing; WAN technologies; operating and configuring IOS devices; configuring RIPv2, static and default routing; implementing NAT and DHCP; and configuring simple networks.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Interconnecting Cisco Networking Devices Part 1 exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Describe the operation of data networks.

* Describe the purpose and functions of various network devices
* Select the components required to meet a given network specification
* Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network
* Describe common networking applications including web applications
* Describe the purpose and basic operation of the protocols in the OSI and TCP models
* Describe the impact of applications (Voice Over IP and Video Over IP) on a network
* Interpret network diagrams
* Determine the path between two hosts across a network
* Describe the components required for network and Internet communications
* Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach
* Differentiate between LAN/WAN operation and features

Implement a small switched network

* Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
* Explain the technology and media access control method for Ethernet technologies
* Explain network segmentation and basic traffic management concepts
* Explain the operation of Cisco switches and basic switching concepts
* Perform, save and verify initial switch configuration tasks including remote access management
* Verify network status and switch operation using basic utilities (including: ping, traceroute,telnet,SSH,arp, ipconfig), SHOW & DEBUG commands
* Implement and verify basic security for a switch (port security, deactivate ports)
* Identify, prescribe, and resolve common switched network media issues, configuration issues, autonegotiation, and switch hardware failures

Implement an IP addressing scheme and IP services to meet network requirements for a small branch office

*
* Describe the need and role of addressing in a network
* ” Create and apply an addressing scheme to a network Assign and verify valid IP addresses to hosts, servers, and networking devices in a LAN environment
* Explain the basic uses and operation of NAT in a small network connecting to one ISP
* Describe and verify DNS operation
* Describe the operation and benefits of using private and public IP addressing
* Enable NAT for a small network with a single ISP and connection using SDM and verify operation using CLI and ping
* Configure, verify and troubleshoot DHCP and DNS operation on a router.(including: CLI/SDM)
* Implement static and dynamic addressing services for hosts in a LAN environment
* Identify and correct IP addressing issues

Implement a small routed network

* Describe basic routing concepts (including: packet forwarding, router lookup process)
* Describe the operation of Cisco routers (including: router bootup process, POST, router components)
* Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts
* Configure, verify, and troubleshoot RIPv2
* Access and utilize the router CLI to set basic parameters
* Connect, configure, and verify operation status of a device interface
* Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities
* Perform and verify routing configuration tasks for a static or default route given specific routing requirements
* Manage IOS configuration files (including: save, edit, upgrade, restore)
* Manage Cisco IOS
* Implement password and physical security
* Verify network status and router operation using basic utilities (including: ping, traceroute,telnet,SSH,arp, ipconfig), SHOW & DEBUG commands

Explain and select the appropriate administrative tasks required for a WLAN

* Describe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC)
* Identify and describe the purpose of the components in a small wireless network. (including: SSID, BSS, ESS)
* Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point
* Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP, WPA-1/2)
* Identify common issues with implementing wireless networks

Identify security threats to a network and describe general methods to mitigate those threats

* Explain today’s increasing network security threats and the need to implement a comprehensive security policy to mitigate the threats
* Explain general methods to mitigate common security threats to network devices, hosts, and applications
* Describe the functions of common security appliances and applications
* Describe security recommended practices including initial steps to secure network devices

Implement and verify WAN links

* Describe different methods for connecting to a WAN
* Configure and verify a basic WAN serial connection

Recommended Training

The following course is the recommended training for this exam.

* Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0

000

640-816 ICND2 Exam Syllabus
Interconnecting Cisco Networking Devices Part 2

Exam Number: 640-816     ICND2
Associated Certifications:     CCNA
Duration:     75 minutes (45-55 questions)
Available Languages:     English, Japanese, Chinese, Spanish, Russian, Korean, French
Click Here to Register:     Pearson VUE
Exam Policies:     Read current policies and requirements
Exam Tutorial:     Review type of exam questions

Exam Description

The 640-816 Interconnecting Cisco Networking Devices Part 2 (ICND2) is the exam associated with the Cisco Certified Network Associate certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 course. This exam tests a candidate’s knowledge and skills required to successfully install, operate, and troubleshoot a small to medium size enterprise branch network. The exam covers topics on VLSM and IPv6 addressing; extending switched networks with VLANs; configuring, verifying and troubleshooting VLANs; the VTP, RSTP, OSPF and EIGRP protocols; determining IP routes; managing IP traffic with access lists; NAT and DHCP; establishing point-to- point connections; and establishing Frame Relay connections.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Interconnecting Cisco Networking Devices Part 2 exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Configure, verify and troubleshoot a switch with VLANs and interswitch communications

* Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)
* Describe how VLANs create logically separate networks and the need for routing between them
* Configure, verify, and troubleshoot VLANs
* Configure, verify, and troubleshoot trunking on Cisco switches
* Configure, verify, and troubleshoot inter VLAN routing
* Configure, verify, and troubleshoot VTP
* Configure, verify, and troubleshoot RSTP operation
* Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network
* Implement basic switch security (including: port security, unassigned ports, trunk access, etc.)

Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network

* Calculate and apply a VLSM IP addressing design to a network
* Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment
* Describe the technological requirements for running IPv6 (including: protocols, dual stack, tunneling, etc)
* Describe IPv6 addresses
* Identify and correct common problems associated with IP addressing and host configurations

Configure and troubleshoot basic operation and routing on Cisco devices

* Compare and contrast methods of routing and routing protocols
* Configure, verify and troubleshoot OSPF
* Configure, verify and troubleshoot EIGRP
* Verify configuration and connectivity using ping, traceroute, and telnet or SSH
* Troubleshoot routing implementation issues
* Verify router hardware and software operation using SHOW & DEBUG commands
* Implement basic router security

Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network.

* Describe the purpose and types of access control lists
* Configure and apply access control lists based on network filtering requirements
* Configure and apply an access control list to limit telnet and SSH access to the router
* Verify and monitor ACL’s in a network environment
* Troubleshoot ACL implementation issues
* Explain the basic operation of NAT
* Configure Network Address Translation for given network requirements using CLI
* Troubleshoot NAT implementation issues

Implement and verify WAN links

* Configure and verify Frame Relay on Cisco routers
* Troubleshoot WAN implementation issues
* Describe VPN technology (including: importance, benefits, role, impact, components)
* Configure and vary PPP connection between Cisco routers

Recommended Training

The following courses are the recommended training for this exam.

* Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

000

640-553 IINS Exam Syllabus
Implementing Cisco IOS Network Security

Exam Number:             640-553
Associated Certifications:     CCNA Security
Duration:     90 minutes (55-65 questions)
Available Languages:     English
Click Here to Register:     Pearson VUE
Exam Policies:     Read current policies and requirements
Exam Tutorial:     Review type of exam questions

Exam Description

The 640-553 IINS Implementing Cisco IOS Network Security exam is associated with the CCNA Security certification. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.

Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS)course.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Secure Cisco routers

* Secure Cisco routers using the SDM Security Audit feature
* Use the One-Step Lockdown feature in SDM to secure a Cisco router
* Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
* Secure administrative access to Cisco routers by configuring multiple privilege levels
* Secure administrative access to Cisco routers by configuring role based CLI
* Secure the Cisco IOS image and configuration file

Implement AAA on Cisco routers using local router database and external ACS

* Explain the functions and importance of AAA
* Describe the features of TACACS+ and RADIUS AAA protocols
* Configure AAA authentication
* Configure AAA authorization
* Configure AAA accounting

Mitigate threats to Cisco routers and networks using ACLs

* Explain the functionality of standard, extended, and named IP  Access Control List used by routers to filter packets
* Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
* Configure IP ACLs to prevent IP address spoofing using CLI
* Discuss the caveats to be considered when building ACLs

Implement secure network management and reporting

* Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
* Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server

Mitigate common Layer 2 attacks

* Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

Implement the Cisco IOS firewall feature set using SDM

* Describe the operational strengths and weaknesses of the different firewall technologies
* Explain stateful firewall operations and the function of the state table
* Implement Zone Based Firewall using SDM

Implement the Cisco IOS IPS feature set using SDM

* Define network based vs. host based intrusion detection and prevention
* Explain IPS technologies, attack responses, and monitoring options
* Enable and verify Cisco IOS IPS operations using SDM

Implement site-to-site VPNs on Cisco Routers using SDM

* Explain the different methods used in cryptography
* Explain IKE protocol functionality and phases
* Describe the building blocks of IPSec and the security functions it provides
* Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM

Recommended Training

The following course is the recommended training for this exam:

* Implementing Cisco IOS Network Security (IINS)

000

640-460 IIUC Exam Syllabus
Implementing Cisco IOS Unified Communications
Exam Number:             640-460
Associated Certifications:     CCNA Voice
Duration:     90 minutes (60-70 questions)
Available Languages:     English
Click Here to Register:     Pearson VUE
Exam Policies:     Read current policies and requirements
Exam Tutorial:     Review type of exam questions

Exam Description

The 640-460 IIUC Implementing Cisco IOS Unified Communications exam is associated with the CCNA Voice certification. This exam confirms basic IP telephony installation, configuration, and maintenance skills by testing a candidate’s knowledge of implementing and configuring small- to medium sized IP Telephony solutions using Cisco Unified Communications Manager Express, Cisco Unity Express, and the UC500 Smart Business Communications System solutions.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Unified Communications exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Describe the components of the Cisco Unified Communications Architecture

* Describe the function of the infrastructure in a UC environment
* Describe the function of endpoints in a UC environment
* Describe the function of the call processing agent in a UC environment
* Describe the function of messaging in a UC environment
* Describe the function of auto attendants and IVRs in a UC environment
* Describe the function of contact center in a UC environment
* Describe the applications available in the UC environment, including Mobility, Presence, and Telepresence
* Describe how the Unified Communications components work together to create the Cisco Unified Communications Architecture

Describe PSTN components and technologies

* Describe the services provided by the PSTN
* Describe time division and statistical multiplexing
* Describe supervisory, informational, and address signalling
* Describe numbering plans
* Describe analog circuits
* Describe digital voice circuits
* Describe PBX, trunk lines, key-systems, and tie lines

Describe VoIP components and technologies

* Describe the process of voice packetization
* Describe RTP and RTCP
* Describe the function of and differences between codecs
* Describe H.323, MGCP, SIP, and SCCP signalling protocols

Describe and configure gateways, voice ports, and dial peers to connect to the PSTN and service provider networks

* Describe the function and application of a dial plan
* Describe the function and application of voice Gateways
* Describe the function and application of voice ports in a Gateway
* Describe the function and operation of call-legs
* Describe and configure voice dial peers
* Describe the differences between PSTN and Internet Telephony Service Provider circuits

Describe and configure a Cisco network to support VoIP

* Describe the purpose of VLANs in a VoIP environment
* Describe the environmental considerations to support VoIP
* Configure switched infrastructure to support voice and data VLANs
* Describe the purpose and operation of PoE
* Identify the factors that impact voice quality
* Describe how QoS addresses voice quality issues
* Identify where QoS is deployed in the UC infrastructure

Implement UC500 using Cisco Configuration Assistant

* Describe the function and operation of Cisco Configuration Assistant
* Configure UC500 device parameters
* Configure UC500 network parameters
* Configure UC500 dial plan and voicemail parameters
* Configure UC500 SIP trunk parameters
* Configure UC500 voice system features
* Configure UC500 user parameters

Implement Cisco Unified Communications Manager Express to support endpoints using CLI

* Describe the appropriate software components needed to support endpoints
* Describe the requirements and correct settings for DHCP, NTP, and TFTP
* Configure DHCP, NTP and TFTP
* Describe the differences between key system and PBX mode
* Describe the differences between the different types of ephones and ephone-dns
* Configure Cisco Unified Communications Manager Express endpoints
* Configure call-transfer per design specifications
* Configure voice productivity features, including hunt groups, call park, call pickup, paging groups, and paging/intercom
* Configure Music on Hold

Implement voicemail features using Cisco Unity Express

* Describe the Cisco Unity Express hardware platforms
* Configure the foundational elements required for Cisco Unified Communications Manager Express to support Cisco Unity Express
* Describe the features available in Cisco Unity Express
* Configure AutoAttendant services using Cisco Unity Express
* Configure basic voicemail features using Cisco Unity Express

Recommended Training

The following course is the recommended training for this exam:

* Implementing Cisco IOS Unified Communications (IIUC)

Courses listed are offered by Cisco Learning Partners—the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the Global Learning Partner Locator for a Cisco Learning Partner near you.
000

640-721 IUWNE Exam Syllabus
Implementing Cisco Unified Wireless Networking Essentials

Exam Number:             640-721
Associated Certifications:     CCNA Wireless
Duration:     90 minutes (65 questions)
Available Languages:     English
Click Here to Register:     Pearson VUE
Exam Policies:     Read current policies and requirements
Exam Tutorial:     Review type of exam questions

Exam Description

The 640-721 IUWNE Implementing Cisco Unified Wireless Network Essential exam is the exam associated with the CCNA Wireless certification. This exam tests a candidate’s knowledge of installing, configuring, operating, and troubleshooting small to medium-size WLANs. Candidates can prepare for this exam by taking the IUWNE Implementing Cisco Unified Wireless Network Essential course.

Exam Topics

The following information provides general guidelines for the content likely to be included on the Implementing Cisco Unified Wireless Networking Essentials exam. However, other related topics may also appear on any specific delivery of the exam.
Describe WLAN fundamentals

* Describe basics of spread spectrum technology (modulation, DSS, OFDM, MIMO, Channels reuse and overlap, Rate-shifting, CSMA/CA)
* Describe the impact of various wireless technologies (Bluetooth, WiMAX, ZigBee, cordless phone)
* Describe wireless regulatory bodies, standards and certifications (FCC, ETSI, 802.11a/b/g/n, WiFi Alliance)
* Describe WLAN RF principles (antenna types, RF gain/loss, EIRP, refraction, reflection, ETC)
* Describe networking technologies used in wireless (SSID –> WLAN_ID –> Interface — >VLAN, 802.1q trunking)
* Describe wireless topologies (IBSS, BSS, ESS, Point-to-Point, Point-to-Multipoint, basic Mesh, bridging)
* Describe 802.11 authentication and encryption methods (Open, Shared, 802.1X, EAP, TKIP, AES)
* Describe frame types (associated/unassociated, management, control, data)

Install a basic Cisco wireless LAN

* Describe the basics of the Cisco Unified Wireless Network architecture (Split MAC, LWAPP, stand-alone AP versus controller-based AP, specific hardware examples)
* Describe the Cisco Mobility Express Wireless architecture (Smart Business Communication System — SBCS, Cisco Config Agent — CCA, 526WLC, 521AP – stand-alone and controller-based)
* Describe the modes of controller-based AP deployment (local, monitor, HREAP, sniffer, rogue detector, bridge)
* Describe controller-based AP discovery and association (OTAP, DHCP, DNS, Master-Controller, Primary-Secondary-Tertiary, n+1 redundancy)
* Describe roaming (Layer 2 and Layer 3, intra-controller and inter-controller, mobility groups)
* Configure a WLAN controller and access points WLC: ports, interfaces, WLANs, NTP, CLI and Web UI, CLI wizard, LAG AP: Channel, Power
* Configure the basics of a stand-alone access point (no lab) (Express setup, basic security)
* Describe RRM

Install Wireless Clients

* Describe client OS WLAN configuration (Windows, Apple, and Linux.)
* Install Cisco ADU
* Describe basic CSSC
* Describe CCX versions 1 through 5

Implement basic WLAN Security

* Describe the general framework of wireless security and security components (authentication, encryption, MFP, IPS)
* Describe and configure authentication methods (Guest, PSK, 802.1X, WPA/WPA2 with EAP- TLS, EAP-FAST, PEAP, LEAP)
* Describe and configure encryption methods (WPA/WPA2 with TKIP, AES)
* Describe and configure the different sources of authentication (PSK, EAP-local or -external, Radius)

Operate basic WCS

* Describe key features of WCS and Navigator (versions and licensing)
* Install/upgrade WCS and configure basic administration parameters (ports, O/S version, strong passwords, service vs. application)
* Configure controllers and APs (using the Configuration tab not templates)
* Configure and use maps in the WCS (add campus, building, floor, maps, position AP)
* Use the WCS monitor tab and alarm summary to verify the WLAN operations

Conduct basic WLAN Maintenance and Troubleshooting

* Identify basic WLAN troubleshooting methods for controllers, access points, and clients methodologies
* Describe basic RF deployment considerations related to site survey design of data or VoWLAN applications,
* Common RF interference sources such as devices, building material, AP location Basic RF site survey design related to channel reuse, signal strength, cell overlap
* Describe the use of WLC show, debug and logging
* Describe the use of the WCS client troubleshooting tool
* Transfer WLC config and O/S using maintenance tools and commands
* Describe and differentiate WLC WLAN management access methods (console port, CLI, telnet, ssh, http, https, wired versus wireless management)

Recommended Training

The following course is the recommended training for this exam:

* Implementing Cisco Unified Wireless Networking Essentials (IUWNE)

Courses listed are offered by Cisco Learning Partners—the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the Global Learning Partner Locator for a Cisco Learning Partner near you.

000

640-802 CCNA Exam Syllabus
Recommended Training

* Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0
* Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0

Courses listed are offered by Cisco Learning Partners-the only authorized source for Cisco IT

training delivered exclusively by Certified Cisco Instructors. Check the List of Learning

Partners for a Cisco Learning Partner nearest you

Exam Description

The 640-802 Cisco Certified Network Associate (CCNA) is the composite exam associated

with the Cisco Certified Network Associate certification. Candidates can prepare for this

exam by taking the Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 and the

Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 courses. This exam tests a

candidate’s knowledge and skills required to install, operate, and troubleshoot a small to

medium size enterprise branch network. The topics include connecting to a WAN;

implementing network security; network types; network media; routing and switching

fundamentals; the TCP/IP and OSI models; IP addressing; WAN technologies; operating and

configuring IOS devices; extending switched networks with VLANs; determining IP routes;

managing IP traffic with access lists; establishing point-to-point connections; and establishing

Frame Relay connections.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Cisco

Certified Network Associate exam. However, other related topics may also appear on any

specific delivery of the exam. In order to better reflect the contents of the exam and for

clarity purposes, the guidelines below may change at any time without notice.
Describe how a network works

* Describe the purpose and functions of various network devices
* Select the components required to meet a network specification
* Use the OSI and TCP/IP models and their associated protocols to explain how data

flows in a network
* Describe common networked applications including web applications
* Describe the purpose and basic operation of the protocols in the OSI and TCP models
* Describe the impact of applications (Voice Over IP and Video Over IP) on a network
* Interpret network diagrams
* Determine the path between two hosts across a network
* Describe the components required for network and Internet communications
* Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered

model approach
* Differentiate between LAN/WAN operation and features

Configure, verify and troubleshoot a switch with VLANs and interswitch communications

* Select the appropriate media, cables, ports, and connectors to connect switches to

other network devices and hosts
* Explain the technology and media access control method for Ethernet networks
* Explain network segmentation and basic traffic management concepts
* Explain basic switching concepts and the operation of Cisco switches
* Perform and verify initial switch configuration tasks including remote access

management
* Verify network status and switch operation using basic utilities (including: ping,

traceroute, telnet, SSH, arp, ipconfig), SHOW & DEBUG commands
* Identify, prescribe, and resolve common switched network media issues, configuration

issues, auto negotiation, and switch hardware failures
* Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP,

802.1q)
* Describe how VLANs create logically separate networks and the need for routing

between them
* Configure, verify, and troubleshoot VLANs
* Configure, verify, and troubleshoot trunking on Cisco switches
* Configure, verify, and troubleshoot interVLAN routing
* Configure, verify, and troubleshoot VTP
* Configure, verify, and troubleshoot RSTP operation
* Interpret the output of various show and debug commands to verify the operational

status of a Cisco switched network.
* Implement basic switch security (including: port security, trunk access, management

vlan other than vlan1, etc.)

Implement an IP addressing scheme and IP Services to meet network requirements in a

medium-size Enterprise branch office network.

* Describe the operation and benefits of using private and public IP addressing
* Explain the operation and benefits of using DHCP and DNS
* Configure, verify and troubleshoot DHCP and DNS operation on a router.(including:

CLI/SDM)
* Implement static and dynamic addressing services for hosts in a LAN environment
* Calculate and apply an addressing scheme including VLSM IP addressing design to a

network
* Determine the appropriate classless addressing scheme using VLSM and summarization

to satisfy addressing requirements in a LAN/WAN environment
* Describe the technological requirements for running IPv6 in conjunction with IPv4

(including: protocols, dual stack, tunneling, etc).
* Describe IPv6 addresses
* Identify and correct common problems associated with IP addressing and host

configurations

Configure, verify, and troubleshoot basic router operation and routing on Cisco devices

* Describe basic routing concepts (including: packet forwarding, router lookup process)
* Describe the operation of Cisco routers (including: router bootup process, POST,

router components)
* Select the appropriate media, cables, ports, and connectors to connect routers to

other network devices and hosts
* Configure, verify, and troubleshoot RIPv2
* Access and utilize the router to set basic parameters.(including: CLI/SDM)
* Connect, configure, and verify operation status of a device interface
* Verify device configuration and network connectivity using ping, traceroute, telnet,

SSH or other utilities
* Perform and verify routing configuration tasks for a static or default route given specific

routing requirements
* Manage IOS configuration files. (including: save, edit, upgrade, restore)
* Manage Cisco IOS.
* Compare and contrast methods of routing and routing protocols
* Configure, verify, and troubleshoot OSPF
* Configure, verify, and troubleshoot EIGRP
* Verify network connectivity (including: using ping, traceroute, and telnet or SSH)
* Troubleshoot routing issues
* Verify router hardware and software operation using SHOW & DEBUG commands.
* Implement basic router security

Explain and select the appropriate administrative tasks required for a WLAN

* Describe standards associated with wireless media (including: IEEE WI-FI Alliance,

ITU/FCC)
* Identify and describe the purpose of the components in a small wireless network.

(Including: SSID, BSS, ESS)
* Identify the basic parameters to configure on a wireless network to ensure that

devices connect to the correct access point
* Compare and contrast wireless security features and capabilities of WPA security

(including: open, WEP, WPA-1/2)
* Identify common issues with implementing wireless networks. (Including: Interface,

missconfiguration)

Identify security threats to a network and describe general methods to mitigate those

threats

* Describe today’s increasing network security threats and explain the need to

implement a comprehensive security policy to mitigate the threats
* Explain general methods to mitigate common security threats to network devices,

hosts, and applications
* Describe the functions of common security appliances and applications
* Describe security recommended practices including initial steps to secure network

devices

Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office

network.

* Describe the purpose and types of ACLs
* Configure and apply ACLs based on network filtering requirements.(including: CLI/SDM)
* Configure and apply an ACLs to limit telnet and SSH access to the router using

(including: SDM/CLI)
* Verify and monitor ACLs in a network environment
* Troubleshoot ACL issues
* Explain the basic operation of NAT
* Configure NAT for given network requirements using (including: CLI/SDM)
* Troubleshoot NAT issues

Implement and verify WAN links

* Describe different methods for connecting to a WAN
* Configure and verify a basic WAN serial connection
* Configure and verify Frame Relay on Cisco routers
* Troubleshoot WAN implementation issues
* Describe VPN technology (including: importance, benefits, role, impact, components)
* Configure and verify a PPP connection between Cisco routers

000

CCNA 640-801 exam content
CCNA 640-801 exam content：

Network design and planning

* Application of Cisco networking technology to build a simple network
* Planning, IP addressing schemes, analysis and design needs
* Based on the user needs to choose the appropriate routing protocols
* Application of Cisco networking technology to build a simple access network
* Based on the user needs to configure the appropriate Access Control List
* Based on the user needs to choose the appropriate WAN services

Network operating structures

* Based on customer needs, configure the appropriate routing protocols
* In the router and configure the host IP address, subnet mask, gateway address
* Configure the router attached to management functions
* In the switch configuration and switch VLAN communication
* Operation LAN
* In the particular circumstances of the network configuration switches
* Management of operating system and device configuration files
* Initialize the implementation of router configuration
* Implementation of the exchange of initialization configuration
* To achieve access control list
* Simple WAN agreement

Network Troubleshooting

* OSI 7 layer model using the knowledge to know to solve the issue of network fault
* The completion of the local area network and virtual LAN Fault Handling
* To resolve the issue of routing protocols
* IP address and resolve the issue of Host Configuration
* Operation of the network to solve the problem of equipment failure
* Access Control List to resolve the fault caused the problem
* Implementation of a simple failure to deal with the wide area network

Network technology points

* Use an OSI layered model of network communication
* Description of the process spanning tree protocol
* Comparison of control of the main features of the LAN environment
* To assess the characteristics of routing protocols
* To assess the TCP / IP protocol communication process and the related protocol
* Describe the characteristics of network equipment
* To assess the TCP / IP protocol communication process and the related protocol
* To assess the characteristics of network equipment
* To assess packet processing rules
* To assess the key characteristics of WAN Gateway

 

Part of CCNA (640-822 ICND1)
640-822 exam description:

Interconnecting Cisco Networking Devices Part 1 : 640–822 Exam

The ICND1 (640-822) exam is the only requirement for achieving the latest entry-level CCENT certification from Cisco. It is also one of the two exams for achieving the CCNA certification. You now have to pass exams 640-822 and 640-816 if you opt for the two exams option for your CCNA certification. The exam tests your ability to install, operate, and troubleshoot a small branch office network.

642-822 Exam details:

Describe the operation of data networks.
Describe the purpose and functions of various
network devices
Select the components required to meet a given network specification
Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network
Describe common networking applications including web applications
Describe the purpose and basic operation of the protocols in the OSI and TCP models
Describe the impact of applications (Voice Over IP and Video Over IP) on a network
Interpret network diagrams
Determine the path between two hosts across a network
Describe the components required for network and Internet communications
Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach
Differentiate between LAN/WAN operation and features

640-822 Exam information:

Minutes (50-60 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

一、考試說明
1．考試要求：

（1）熟悉計算機系統的基礎知識；
（2）熟悉網絡操作系統的基礎知識；
（3）理解計算機應用系統的設計和開發方法；
（4）熟悉數據通信的基礎知識；
（5）熟悉系統安全和數據安全的基礎知識；
（6）掌握網絡安全的基本技術和主要的安全協議與安全系統；
（7）掌握計算機網絡體系結構和網絡協議的基本原理；
（8）掌握計算機網絡有關的標準化知識；
（9）掌握局域網組網技術，理解城域網和廣域網基本技術；
（10）掌握計算機網絡互聯技術；
（11）掌握TCP/IP協議網絡的聯網方法和網絡應用服務技術；
（12）理解接入網與接入技術；
（13）掌握網絡管理的基本原理和操?F7方法；
（14）熟悉網絡系統的性能測試和優化技術，以及可靠性設計技術；
（15）理解網絡應用的基本原理和技術；
（16）理解網絡新技術及其發展趨勢；
（17）了解有關知識產權和互聯網的法律法規；
（18）正確閱讀和理解本領域的英文資料。

2．通過本級考試的合格人員能根據應用部門的要求進行網絡系統的規劃、設計和網絡設備的軟硬件安裝調試工作，能進行網絡系統的運行、維護和管理，能高效、可靠、安全地管理網絡資源，作為網絡專業人員對系統開發進行
技術支持和指導，具有工程師的實際工作能力和業務水平，能指導助理工程師從事網絡系統的構建和管理工作。

3．本級考試設置的科目包括：
（1）計算機與網絡知識，考試時間為150分鐘，筆試；
（2）網絡系統設計與管理，考試時間為150分鐘，筆試。
二、考試範圍
考試科目1：計算機與網絡知識

1.計算機系統知識
1.1硬件知識
1.1.1計算機結構
•計算機組成（運算器、控制器、存儲器、I/O部件）
•指令系統（指令、尋址方式、CISC、RISC）
•多處理器（緊耦合系統、松耦合系統、陣列處理機、雙機系統、同步）
•處理器性能
1.1.2存儲器
•存儲介質（半導體存儲器、磁存儲器、光存儲器）
•存儲系統
•主存與輔存
•主存類型，主存容量和性能
•主存配置（主存奇偶校驗、交叉存取、多級主存、主存保護系統）
•高速緩存
•輔存設備的性能和容量計算
1.1.3輸入輸出結構和設備
•I/O接口（中斷、DMA、通道、SCSI、並行接口、通用接口總線、RS232、USB、IEEE1394、紅外線接口、輸入輸出控制系統、通道）
•輸入輸出設備類型和特徵
1.1.4嵌入式系統基本知識
1.2操作系統知識
1.2.1基本概念
•操作系統定義、特徵、功能及分類（批處理、分時、實時、網絡、分佈式）
•多道程序
•內核和中斷控制
•進程和線程
1.2.2處理機管理、存儲管理、設備管理、文件管理、作業管理
•進程的狀態及轉換
•進程調度算法（分時輪轉、優先級、搶占）
•死鎖
•存儲管理方案（分段與分頁、虛存、頁面置換算法）
•設備管理的有關技術(Spooling、緩衝、DMA、總線、即插即用技術)
•文件管理
•共享和安全（共享方式、可靠性與安全性、恢復處理、環保機制）
•作業的狀態及轉換
•作業調度算法（先來先服務、短作業優先、高響應比優先）
1.3系統配置方法
1.3.1系統配置技術
•系統構架模式（2層、3層及多層C/S和B/S系統）
•系統配置方法（雙機、雙工、熱備份、容錯、緊耦合多處理器、松耦合多處理器）
•處理模式（集中式、分佈式、批處理、實時系統、WEB計算、移動計算）
1.3.2系統性能
•性能設計（系統調整、響應特性）
•性能指標、性能評估（測試基準、系統監視器）
1.3.3系統可靠性
•可靠性計算（MTBF、MTTR、可用性、故障率）
•可靠性設計（失效安全、軟失效、部件可靠性及系統可靠性的分配及估計）
•可靠性指標和可靠性評估，RAS（可靠性、可用性和可維護性）
2.系統開發和運行基礎知識
2.1系統開發基礎知識
2.1.1需求分析和設計方案
•需求分析
•結構化分析設計
•面向對象設計
•模塊設計、I/O設計、人工界面設計
2.1.2開發環境
•開發工具（設計工具、編程工具、測試工具、CASE）
•集成開發環境
2.1.3測試評審方法
•測試方法
•評審方法
•測試設計和管理方法（注入故障、系統測試）
2.1.4項目管理基礎知識
•制定項目計劃
•質量計劃、管理和評估
•過程管理（PERT圖、甘特圖、工作分解結構、進度控制、關鍵路徑）
•配置管理
•人員計劃和管理
•文檔管理（文檔規範、變更手續）
•開發組織和作用（開發組成員、項目經理）
•成本組織和風險管理
2.1.5系統可審計性
•審計方法、審計跟踪
•在系統中納入可審計性
2.2系統運行和維護知識
2.2.1系統運行
•系統能夠運行管理（計算機系統、網絡）
•系統成本管理
•系統運行（作業調度、數據I/O管理、操作手冊）
•用戶管理（ID註冊和管理）
•設備和設施管理（電源、空調設備、設備管理、設施安全管理）
•系統故障管理（處理手續、監控、恢復過程、預防措施）
•安全管理
•性能管理
•系統運行工具（自動化操作工具、監控工具、診斷工具）
•系統轉換（轉入運行階段、運行測試、版本控制）
•系統運行服務標準
2.2.2系統維護
•維護的類型（完善性維護、糾錯性維護、適應性維護、預防性維護）
•維護的實施（日常檢查、定期維護、預防性維護、事後維護、遠程維護）
•硬件維護，軟件維護，維護合同
3.網絡技術
3.1網絡體系結構
•網絡拓撲結構
•OSI/RM
•應用層協議（FTP、TELNET、SNMP、DHCP、POP、SMTP、HTTP）
•傳輸層協議（TCP、UDP）
•網絡層協議IP（IP地址、子網掩碼）
•數據鏈路層協議（ARP、RARP、PPP、SLIP）
•物理地址
3.2編碼和傳輸
3.2.1調製和編碼
•AM、FM、PM、QAM
•PCM、抽樣
3.2.2傳輸技術
•通信方式（單工/半雙工/全雙工、串行/並行、2線/4線）
•差錯控制（CRC、海明碼、奇偶校驗、比特出錯率）
•同步控制（起停同步、SYN同步、標誌同步、幀同步）
•多路復用（FDM、TDM、WDM）
•壓縮和解壓縮方法（JEPG、MPEG、MH、MR、MMR、遊程長度）
3.2.3傳輸控制
•競爭系統
•輪詢/選擇系統
•基本規程、多鏈路規程、傳輸控製字符、線路控制
•HDLC
3.2.4交換技術（電路交換、儲存轉發、分組交換、ATM交換、幀中繼）
3.2.5公用網絡和租用線路
3.3網絡
3.3.1網絡分類
•按地域範圍分類（LAN、MAN、WAN）
•按服務分類（因特網、企業內部網）
•按傳輸媒體分類（電話、數據、視像）
•按電信網分類（駐地、接入、骨幹）
3.3.2 LAN
•LAN拓撲（總線型、星型、令牌總線）
•訪問控制系統（CSMA/CD、令牌環、令牌總線）
•LAN間的連接、LAN-WAN連接、對等連接、點對點連接
•高速LAN技術（千兆以太網）
•無線LAN
3.3.3 MAN常用結構
3.3.4 WAN與遠程傳輸服務
•租用線路服務、線路交換服務、分組交換服務
•ISDN、VPN、幀中繼、ATM、IP連接服務
•衛星通信服務、移動通信服務、國際通信服務
3.3.5因特網
•因特網概念（網際互連設備、TCP/IP、IP路由、DNS、代理服務器）
•電子郵件（協議、郵件列表）
•Web（HTTP、瀏覽器、URL、HTML、XML）
•文件傳輸（FTP）
•搜索引擎（全文搜索、目錄搜索、智能搜索）
•QoS、CGI、VoIP
3.3.6接入網與接入技術
3.3.7網絡性質
•有關線路性能的計算（傳輸速度、線路利用率、線路容量、通信量、流量設計）
•性能評估
•排隊論的應用
3.4網絡通信設備
3.4.1傳輸介質和通信電纜
•有線/無線介質（雙絞線、同軸電纜、光纖；無線電波、光、紅外線）
•分配線架（IDF）、主配線架（MDF）
3.4.2各類通信設備
•線路終端設備、多路設備、交換設備、轉接設備
•線路連接設備（調製解調器、DSU、NCU、TA、CCU、PBX）
3.5網絡連接設備
•網際連接設備（網卡、網橋、生成樹網橋、源路由網橋、路由器、中繼器、集線器、交換機）
3.6網絡軟件系統
3.6.1網絡操作系統
•網絡操作系統的功能、分類和特點
•網絡設備驅動程序（ODI、NDIS）
•網絡通信的系統功能調用（套接字API）
•RPC
•TP Monitor
•分佈式文件系統
•網絡設備共享
3.6.2網絡管
•網絡管理的功能域（安全管理、配置管理、故障管理、性能管理、計費管理）
•網絡管理協議（CMIS/CMIP、SNMP、RMON、MIB-II）
•網絡管理工具（ping、traceroute、NetXray、Analyzer、Sniffer）
•網絡管理平台（OpenView、NetView、SunNet、Manager）
•分佈式網絡管理
3.6.3網絡應用與服務
•WWW
•FTP文件傳輸
•電子郵件
•Telnet
•信息檢索
•視頻點播
•網絡會議
•遠程教育
•電子商務
•電子政務
•CSCW和群
4.網絡安全
4.1安全計算
4.1.1保密性和完整性
•私鑰和公鑰加密標準（DES、IDES、RSA）
•認證（數字簽名、身份認證）
•完整性（SHA、MDS）
•訪問控制（存取權限、口令）
4.1.2非法入侵和病毒的防護
•防火牆
•入侵檢測
•VPN、VLAN
•安全協議（IPSec、SSL、ETS、PGP、S-HTTP、TLS）
A1び布踩?BR>•計算機病毒保護
4.1.3可用性
•文件的備份和恢復
4.1.4安全保護
•個人信息控制
•匿名
| •不可跟踪性
4.1.5 LAN安全
•網絡設備可靠性
•應付自然災害
•環境安全性
•UPS
4.2風險管理
4.2.1風險分析和評估
4.2.2應付風險對策
•風險預防（風險轉移、風險基金、計算機保險）
•意外事故預案（意外事故類別、應付意外事故的行動預案）
4.2.3內部控制
•安全規章制度
•安全策略和安全管理
5.標準化知識
5.1標準的製定和獲取
5.1.1標準的製定和獲取過程
5.1.2環境和安全性評估標準化
5.2信息系統基礎設施標準化
5.2.1標準
•國際標準（ISO、IEC）與美國標準（ANSI）
•國家標準（GB）
•行業標準與企業標準
5.2.2開放系統（X/Open，OSF，POSIX）
5.2.3數據交換標準（EDIFACT、SETP、XML）
5.2.4安全性標準
•信息系統安全措施
•計算機防病毒標準
•計算機防非法訪問標準
•CC標準
•BS7799標準
5.3標準化組織
•國際標準化組織（ISO、IEC、IETF、IEEE、IAB、W3C）
•美國標準化組織
•歐洲標準化組織
•中國國家標準化委員會
6.信息化基礎知識

•信息化意識
•全球信息化趨勢、國家信息化戰略、企業信息化戰略和策略
•企業信息化資源管理基礎知識
•互聯網相關的法律、法規知識
•個人信息保護規則
7.計算機專業英語

•掌握計算機技術的基本詞彙
•能正確閱讀和理解計算機領域的英文資料
考試科目2：網絡系統設計與管理
1.網絡系統分析與設計

1.1網絡系統的需求分析
1.1.1應用需求分析
•應用需求的調研（應用系統性能、信息產業和接收點、數據量和頻度、數據類型和數據流向）
•網絡應用的分析
1.1.2現有網絡系統分
•現有網絡系統結構調研（服務器的數量和位置、客戶機的數量和位置、同時訪問的數量、每天的用戶數。每次使用的時間、每次數據傳輸的數據量、網絡擁塞的時間段、採用的協議、通信模式）
•現有網絡體系結構分析
1.1.3需求分析
•功能需求（待實現的功能）
•通信需求（期望的通信模式）
•性能需求（期望的性能）
•可靠性需求（希望的可靠性）
•安全需求（安全性標準）
•維護和運行需求（運行和維護費用）
•管理需求（管理策略）
1.2網絡系統的設計
1.2.1技術和產品的調研和評估
•收集信息
•採用的技術和產品的比較研究
•採用的技術和設備的比較要點
1.2.2網絡系統的設計
•確定協議
•確定拓撲結構
•確定連接（鏈路的通信性能）
•確定結點（結點的處理能力）
•確定網絡的性能(性能模擬)
•確定可靠性措施
•確定安全性措施（安全措施的調研，實現安全措施的技術和設備的評估）
•網絡設備的選擇，制定選擇標準（成本、性能、容量、處理量、延遲），性能指標的一致性，高級測試的必要性，互連性的確認。
1.2.3新網絡業務運營計劃
1.2.4設計評審
1.3網絡系統的構建和測試
1.3.1安裝工作
•事先準備
•過程監督
1.3.2測試和評估
•連接測試
•安全性測試
•性能測試
1.3.3轉換到新網絡的工作計劃
2．網絡系統的運行、維護管理、評價
2.1網絡系統的運行和維護
2.1.1用戶措施
•用戶管理、用戶培訓、用戶協商
2.1.2制定維護和升級的策略和計劃
•確定策略
•設備的編制
•審查的時間
•升級的時間
2.1.3維護和升級的實施
•外部合同要點
•內部執行要點
2.1.4備份與數據恢復
•數據的存儲於處置
•備份
•數據恢復
2.1.5網絡系統的配置管理
•設備管理
•軟件管理
•網絡配置圖
2.2網絡系統的管理
2.2.1網絡系統的監視
•網絡管理協議（SNMP、MIB-2、RMON）
•利用工具監視網絡性能（LAN控制器）
•利用工具監視網絡故障
•利用工具監視網絡安全（入侵檢測系統）
•性能監視的檢查點
•安全監視的家查點
2.2.2故障恢復分析
•故障分析要點（LAN監控程序）
•排除故障要點
•故障報告撰寫要點
2.2.3系統性能分析
•系統性能要點
2.2.4危害安全的對策
•危害安全情況分析（調查損失情況，收集安全信息，查找原因）
•入侵檢測要點
•對付計算機病毒的要點（查殺病毒措施）
2.3網絡系統的評價
2.3.1系統評價
•系統能力的限制
•潛在的問題分析
•系統評價要點
2.3.2改進系統的建議
•系統生命週期
•系統經濟效益
•系統的可擴充性
•建議改進系統的要點
3．網絡系統實現技術
3.1網絡協議
•商用網絡協議（SNA/APPN、IPX/SPX、AppleTalk、TCP/IP）
•商務協議（XML、CORBA、COM/DCOM、EJB）
•Web服務（WSDL、SOAP、UDDI）
3.2可靠性設計
•硬件高可靠性技術
•軟件高可靠性技術
•系統維護高可靠性技術
•容錯技術
•通信質量
3.3網絡設施

3.3.1 xDSL調製解調器

3.3.2 ISDN路由器
•接口
•功能（非通信控制功能、NAT功能）

3.3.3 FRAD（幀裝配/拆除）、CLAD（信元裝配/拆裝）
•接口
•功能

3.3.4遠程訪問服務器
•功能和機制

3.3.5辦公室個人手持系統（PHS）
•數字無繩電話的功能特性

3.3.6中繼式HUB
•倍速集線器（功能和機制）

3.3.7 L2、L3、L4及多層交換機功能和機制

3.3.8 IP路由器功能和控制

3.3.9虛擬網（功能與機制）

3.3.10與其他協議的共存（多協議路由器、IP隧道）

3.4網絡應用服務

3.41地址服務
•機制、DHCP、IPv6（機制和傳輸技術）

3.4.2 DNS（功能、機制）
•域名、FQDN

3.4.3電子郵件（功能、機制）
•SMPT、POP、MIME、IMAP4、LDAP
•郵件列表
•Web Mail

3.4.4電子新聞（功能和機制、NNTP）

3.4.5 Web服務（功能和機制、HTTP）

3.4.6負載分佈（Web交換）

3.4.7電子身份驗證（功能、機制、認證授權、電子證書）

3.4.8服務機制
•服務供應商、供應商漫遊服務、撥號IP連接、CATV連接、IPD電話、因特網廣播、電子商務、電子政務、移動通信、EZweb、主機服務提供者、EDI（規則、表單、Web EDI）、 B2B、B2C、ASP
、數據中心

4．網絡新技術

4.1光纖網
•ATM-PDS、STM-PDS
•無源光網PON（APON、EPON）

4.2無線網
•移動電話系統（WLL、WCDMA、CMDA2000、TD-SCDMA）
•高速固定無線接入（FWA）
•802.11a、802.11b、802.11g
•微波接入（MMDS LMDS）
•衛星接入
•藍牙接入

4.3主幹網
•IPoverSONET/SDH
•IPoverOptical
•IPoverDWDM

4.4通信服務
•全天候IP連接服務（租用線路IP）
•本地IP網（NAPT）
•IPv6

4.5網絡管理
•基於TMN的網絡管理
•基於CORBA的網絡管理

4.6網格計算

Every IT professional looking for CCNA cortication is interested to know about growth for ccna jobs and demand of ccna  640-802 Cisco Certified Network Associate(CCNA)) certification in IT industry. However when you are going to start your career as a cisco ccna professional you can start it with ccna temporary jobs to get some practical knowledge and professional experience to get job in USA, UK, Altlanta ga, tampa, Asia and Europe etc. The CCNA certified could get job in the following possible positions.

CCNA Job Titles and their Responsibilities:

Here are probable ccna job titles and their responsibilities, skills and duties needed worldwide. However, some companies may differ in demanded skills according to their requirements.

Network Supervisor

Requirements:

- Support Experience
- Excellent Customer Support
- Good communication skills
- CCNA certified