Download PDF
of this course

SECURE - Securing Networks with Cisco Routers and Switches v1.0 (SECURE)

  • Overview
  • Who Should Attend
  • Certifications
  • Prerequisites
  • Objectives
  • Content
  • Schedule
Course Overview

Course Duration: 5 days
SECURE - Securing Networks with Cisco Routers and Switches v1.0, Cisco Course 1.0 | Prepares you for Cisco Exam 642-637 SECURE. Part of Cisco's recent announcement for the CCNP Security certification program includes this new course, SECURE which replaces SNRS.
In this class, you will learn the industry best practices for securing your Cisco routers and switches. You will learn to secure switches, including advanced Layer 2 security and Identity-Based Networking Services (IBNS) based on IEEE 802.1x. You will cover network platform security, VPN, Firewall, and IPS, and you will learn to secure a router's control, plane, and management planes.
  • You will spend a large portion of the class on advanced VPN topics, including: 
    • Using digital certificates for VPN authentication
    • GRE over IPsec
    • Virtual Tunnel Interfaces
    • Dynamic Multipoint VPN (DMVPN)
    • Group Encryption Transport VPN (GET VPN)
    • Remote access IPsec VPN with the Easy VPN Server
    • Cisco VPN Client and Easy VPN Remote (hardware client)
    • SSL VPN

Who Should Attend

  •  Internetwork professionals who want to ensure security of their network using IOS devices
  •  Anyone seeking to learn the latest features in IOS 15.0 code to evaluate for their production environments
  •  Internetwork professionals who seek CCNP Security certification

Course Certifications

This course is part of the following Certifications:


  • IINS - Implementing Cisco IOS Network Security

Course Objectives

Candidates will learn:
  • Advanced IOS security technologies for locking down routers and switches: 802.1x, COPP/COPr, and user-based authentication
  • Various VPN technologies and their use in production environments: DMVPN, GRE, GRE w/ IPSEC, IPSEC, GET, Ez-VPN, and SSL
  • IOS IPS exploration with IME and Cisco configuration professional 
  • Launch live attacks against the network using BackTrack4 and learn mitigation techniques
  • Use Cisco IME software to monitor alerts from the IOS IPS process
  • Use the new Cisco Configuration Professional tool to configure IPS
  • Advanced IPS topics: event action overrides, event action filters, signature tuning, and custom signature creation

Course Content

Network Foundation Controls
  • Control, Data, and Management Planes
Advanced Switched Data Plane Security Controls
  • Common Layer 2 Attacks
  • PVLANs
  • DHCP Attacks
  • ARP Poisoning
  • IP Source Guard
Cisco Identity-Based Network Services
  • 802.1 Overview
  • ACS Integration with 802.1x
  • Cisco Secure Services Client
  • EAP Overview
Basic 802.1x Features
  • 802.1x Switch Configuration
  • ACS and EAP-FAST Configuration
  • CSSC as an 802.1x Supplicant
Advanced Routed Data Plane Security Controls
  • Unicast Reverse Path Forwarding
  • Flexible Packet Matching Configuration
  • Flexible Netflow
Advanced Control Plane Security Controls
  • Deploy Infrastructure ACLs
  • Control Plane Policing
  • Control Plane Protection
  • Routing Protocol Authentication
  • Routing Protocol Filtering
Advanced Management Plane Security Controls
  • Configure IOS Software Management Access Controls
  • Configure Role-Based Access Controls
  • Configure SNMP in IOS
  • Digitally Signed IOS Images
  • CPU and Memory Thresholding
Cisco IOS Software Network Address Translation
  • IOS Static NAT and PAT Configurations
  • IOS Dynamic NAT and PAT Configurations
Basic Zone-Based Policy Firewalls
  • Zone-Based Policy Firewalls Zone Pairs
  • Configure Layer 3/4 Inter-Zone Access Policies
  • Configure Layer 3/4 Intra-Zone Access Policies
  • ZBPFW Inspection of Control Plane and Management Plane Traffic
  • Tune ZBPFW Stateful Engine and Connection Settings
  • Configure ZBPFW Transparent Mode and VRF Support
Advanced Zone-Based Policy Firewalls
  • Configure Layer 7 Zone-Based Policy Firewalls
  • Configure Zone-Based Policy Firewalls with User Policies
  • Configure Zone-Based Policy Firewall URL Filtering
Cisco IOS Software IPS
  • IOS IPS Signature Policies
  • Tune Cisco IOS Software IPS Signature Policies
  • IPS Signature Auto Update
  • Select an IPS Monitoring Solution
Site-to-Site VPN Architectures and Technologies
  • Cryptographic Controls
VTI-Based Site-to-Site IPsec VPNs
  • Virtual Tunnel Interfaces
  • Pre-Shared Keys
  • Static VTIs
  • Dynamic VTIs
Scalable Authentication in Site-to-Site IPsec VPNs
  • PKI Overview
  • Configure the IOS Certificate Server
  • IOS CA and PKI enrollment
  • Generic Routing Encapsulation (GRE)
  • NHRP Client and Server
  • DMVPN Hub and Spoke Configurations
  • Verify Dynamic Routing in a DMVPN Environment
High Availability in Tunnel-Based IPsec VPNs
  • IPsec High Availability Features
  • Routing Protocols for HA
  • DMVPN Hub and Spoke Configurations
  • Mitigating Failures in VTI Environments
  • Mitigating Failures in a DMVPN Environment
Group Encrypted Transport (GET) VPN
  • Configuring Key Servers
  • Configuring Group Members
  • High Availability
Remote Access VPN Architectures and Technologies
  • Cryptographic Controls
Remote Access Solutions Using SSL VPN
  • SSL VPN Overview
  • Configure SSL VPN Parameters
  • Configure SSL VPN Parameters
  • Configure Client Authentication Policies
  • Full VPN tunnels
  • AnyConnect Client
  • Clientless VPN Configuration
Remote Access Solutions Using EZVPN
  • EzVPN with Dynamic VTIs
  • Cisco IPsec VPN Client
  • Configure Advanced EzVPN Functionality
  • Configure PKI for EzVPN


Show Schedule for 1 Month  3 Months  All 
Date Country Location Register