Course Details

Previous Page

SENSS 1.0: Deploying Cisco IOS Layer 2 and Layer 3 Data Plane Security Controls

Target Audience
Expected Duration
Lesson Objectives
Course Number

Cisco IOS Software on Cisco switches provides data plane security controls that can mitigate the risks that are associated with OSI Layer 2 attacks inside a VLAN. This course enables you to configure and verify several of the Cisco IOS Software security features that you can use to reduce these risks in your switched network environment. In an OSI Layer 3 device, the data plane implements packet-forwarding functions and applies services to packets as they are forwarded through the device. The Layer 3 data plane provides various OSI Layer 3 traffic-filtering to protect both the network infrastructure and the endpoints that are connected to the network. This course introduces some effective tools that you can use to provide such protection.

Target Audience
Anyone wishing to obtain the Implementing Cisco Edge Network Security Solutions (SENSS) v1.0 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful. Note: Candidates who have a valid CCNA Routing and Switching certification AND have passed either Securing Cisco Network Devices exams 642-551 or 642-552 can act as a prerequisite valid only through December 31, 2014.


Expected Duration (hours)

Lesson Objectives

SENSS 1.0: Deploying Cisco IOS Layer 2 and Layer 3 Data Plane Security Controls

  • start the course
  • match the security threats that exploit vulnerabilities in the switching infrastructure to their description
  • describe features of PVLANs
  • match the PVLAN port type to its description
  • identify the characteristics of a protected port
  • sequence the tasks in configuring PVLANS on a switch
  • enable a switch port for a private VLAN
  • verify a private VLAN configuration
  • describe DHCP control mechanisms
  • sequence of configuration tasks to deploy DHCP snooping on a switch
  • verify a DCHP snooping configuration
  • describe how ARP vulnerabilities can be addressed in the switched infrastructure
  • designate a switchport as trusted for ARP inspection
  • verify a DAI configuration
  • describe how storm control configuration prevents LAN traffic from being disrupted by storms
  • identify the features of MACsec encryption
  • describe how to configure MACsec encryption
  • differentiate between ingress and egress antispoofing ACLs
  • describe how uRPF is used on Cisco IOS routers
  • configure uRPF in strict mode on a Cisco IOS router
  • identify the steps to configure uRPF on Cisco ASA security appliance interfaces
  • describe how IP spoofing is used
  • enable IP Source Guard on a DHCP snooping-enabled untrusted port
  • configure Cisco IOS Layer 2 and Layer 3 data plane controls in a given scenario
  • Course Number: