Cisco SWITCH 2.0: Campus Network Security II

This course is included in our On-demand training solution.


While much attention focuses on security attacks from outside the walls of an organization and at the upper OSI layers, campus access devices and Layer 2 communication are largely unconsidered in most security discussions. Only authorized devices and users should be able to access ports on your access layer switches. In this course you will learn about a more centralized security solution that is the AAA framework.
Equipment malfunction and malicious attacks can bring down your network. You will also learn how storm control mechanisms, DHCP snooping, IP source guard, dynamic ARP inspection can aid in your efforts of having a secure and stable network.
This course offers the official training for the Implementing Cisco IP Switched Networks 2.0 certification exam which is a component exam for the CCNP and CCDP certifications. Passing this exam will also refresh CCNA certification, which expires after three years.

Target Audience

This course is intended for students who are looking for real-world switching knowledge, and those that are considering CCNP and CCDP certification. This course’s discussion of switching could also benefit early CCIE Routing and Switching candidates



Expected Duration

90 min.

Course Objectives

Course Introduction

AAA Overview

  • define AAA options and its components
  • AAA Authentication Options

  • describe the purpose of authentication and list authentication options
  • RADIUS and TACACS+ Overview

  • describe RADIUM and TACAS+ and highlight their differences
  • Configuring the Local User Database

  • enable AAA and create a local backup user account
  • Configuring a RADIUS Group

  • configure a RADIUS for console
  • Configuring a TACACS+ Group

  • configure a TACACS+ for console
  • Configuring Authorization and Accounting

  • configure authorization and accounting
  • IBNS and 802.1x Overview

  • describe IEEE 802.1x port-based authentication
  • 802.1x Configuration Checklist

  • identify the IEEE 802.1x configuration checklist
  • DHCP Spoofing Attacks

  • describe DHCP spoofing attacks
  • DHCP Snooping Operation

  • describe DHCP snooping
  • DHCP Snooping Configuration

  • configure DHCP snooping
  • DHCP Snooping Observed

  • verify DHCP snooping
  • IP Source Guard Overview

  • describe IP source guard and why you need it
  • IP Source Guard Configuration

  • configure DHCP source guard
  • ARP Spoofing

  • explain ARP spoofing
  • Dynamic ARP Inspection

  • describe how DAI works