CCNA Security

Successsful Careeer

RSTForum has trained more than 100,000 students to date. Many students have gone on to successful careers in a variety of industries, while others have harnessed the entrepreneurial spirit and knowledge they acquired in RST Forum to start their own businesses and create new jobs.

Labs on cloud

RSTForum uses Cloud computing to efficiently provide “Platform As A Service” (PAAS) to its students enabling them to quickly access Technology Racks over the internet and practice lab exercise from home These Racks are populated with latest equipment's required for practical exercises'.

Web Forums

RST Forum’s web based forum allows its users to ask, hundreds of technical experts about their technology and certification problem. RST forum is a tight knit community of working professionals that provide timely help on technical, certification and design related queries.



For network engineers who need to increase their value to employers and stay current with advances in networking knowledge and skills, the cisco CCNA Security Security certification program provides the education and training required for installing, monitoring, and troubleshooting network infrastructure products designed by the industry leader in IP networking.

The CCNA Security Security certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks. CCNA Security certified professionals have the knowledge and skills to make connections to remote sites via a WAN, and mitigate basic security threats. CCNA Security Security training covers (but is not limited to) the use of these topics: Layer 2 Security, IPS/IDS, IP Security, Private VLANs, VACLs, Cisco Licensing for firewall features, AAA, Context Based Access Control (CBAC), Zone Based Firewall (ZBF),IPSEC VPNs – Site-to-Site, Remote access, SSL Clientless and Full client VPN on ASA. CCNA Security Routing and Switching certifications are valid for three years. The CCNA Security Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.

Course Highlights

This 12 day (Weekdays – 3hrs.) OR 12-week (Sunday/Saturday) instructor led CCNA Security Security course is designed to provide professionals with extensive networking knowledge to accomplish their day to day job and CCNA Security certifications (210-260 IINS). The key to a high success rate is based on the program’s objectives as follows:

  • Course contents are based on CISCO guidelines.
  • Dedicated Monitoring to evaluate candidates’ progress
  • Extensive hands-on lab exercises
  • Regular evaluation
  • Industry Experienced Certified instructors
  • The CCNA Security module is designed to meet the objective of the program.
  • The course is customized keeping in mind the ultimate aim of achieving technology expertise and CCNA Security certification.  
  • Assigned project manager will manage this program and drive the program from its registration stage to monitoring and tracking of the candidates’ performance.
  • Curriculum is based on CISCO course outlines
  • The Instructor-led certified course is designed for the CCNA Security candidates with an aim to build theoretical knowledge supplemented by ample hands-on lab exercises
  • 12 week or 12 days, of intensive training.
  • Courseware includes course kits and other reference material to enable students to prepare for CCNA Security certification exams.
  • Optimal balance of theory classes and practical labs every week to ensure maximum absorption of technology by participants
  • Stringent passing standards with progress report of each participant
  • Facility of Lab on cloud available.(based on booking)
  • Repeating of lectures allowed.
Course Objectives

After you complete this course you will be able to:

  • Mitigation methods for common network attacks
  • Describe Common threats to the physical installation
  • Secure router access using strong encrypted passwords, and using IOS login enhancements, IPV6 security.
  • Describe the major network access methods and outline the key features of each
  • Understanding Multiple privilege levels and Role Based CLI.
  • Describe securing the control, data and management plane.
  • AAA using CLI on routers and switches and ASA.
  • Describe standard, extended, and named IP IOS ACLs to filter packets
  • Describing and implementing secure network management In-band, Out of band, Management Plane, SSH,SNMP,SSL,NTP
  • Describe Layer 2 security using Cisco switches from likes of STP attacks, ARP spoofing, MAC spoofing,CAM overflows
  • Describe VLAN Security with PVLAN,VLAN hopping, Native VLAN.
  • Use the appropriate show  and debug commands to detect anomalies.
  • Describe operational strengths and weaknesses of the different firewall technologies
  • Describe the types of NAT used in firewall technologies – Static, Dynamic, PAT
  • Explain the purpose and operations of the Spanning-Tree Protocol security
  • Implement the Cisco Adaptive Security Appliance (ASA) like NAT, ACL, Default MPF, Cisco ASA security level.
  • Describe the features and operation of ASA
  • Describe the different methods used in cryptography
  • Implement an IOS IP Sec site-to-site VPN with pre-shared key authentication
  • Implement SSL VPN using ASA device manager.
Course Topics

Following Topics will be covered in  CCNA Security Course.

Common Security Threats:

  • Describe common security threats.
  • Common threats to the physical installation.
  • Mitigation methods for common network attacks
  • Email-based threats
  • Web-based attacks
  • Mitigation methods for Worm, Virus, and Trojan Horse attacks
  • Phases of a secure network lifecycle
  • Security needs of a typical enterprise with a comprehensive security policy

Security and Cisco Routers:

  • CCP Security Audit feature
  • CCP One-Step Lockdown feature
  • Secure router access using strong encrypted passwords, and using IOS login enhancements, IPV6 security
  • Multiple privilege levels
  • Role-based CLI
  • Cisco IOS image and configuration files

AAA on Cisco Devices:

  • Implement authentication, authorization, and accounting (AAA)
  • AAA using CCP on routers
  • AAA using CLI on routers and switches
  • Describe TACACS+, RADIUS
  • Describe AAA – Authentication, Authorization, Accounting, Verify AAA functionality.


  • Describe standard, extended, and named IP IOS ACLs to filter packets
  • IPv4
  • Object groups
  • ACL operations
  • Types of ACLs (dynamic, reflexive, time-based ACLs)
  • ACL wild card masking
  • Standard ACLs, Extended ACLs, Named ACLs, VLSM
  • Implement IP ACLs to mitigate threats in a network Filter IP traffic SNMP, DDoS attacks, IP ACLs to prevent IP spoofing, VACLs.

Secure Network Management and Reporting:

  • Describe secure network management
  • In-band
  • Out of band
  • Management protocols
  • Management plane
  • Implement secure network management via SSH, syslog, SNMP, NTP, CLI, CCP, SSL

Common Layer 2 Attacks:

  • Describe Layer 2 security using Cisco switches.
  • STP attacks, ARP spoofing, MAC spoofing, CAM overflows.
  • Describe VLAN Security – Voice VLAN,PVLAN,VLAN hopping, Native VLAN.
  • Implement VLANs and trunking- VLAN definition, Grouping functions into VLANs Trunking, Native VLAN, VLAN trunking protocols, Inter-VLAN routing.
  • Implement Spanning Tree
  • Potential issues with redundant switch topologies- STP operations, Resolving issues with STP.

Cisco Firewall Technologies:

  • Describe operational strengths and weaknesses of the different firewall technologies.
  • Proxy firewalls, Packet and stateful packet, Application firewall, Personal firewall.
  • Describe stateful firewalls – Operations, Function of the state table
  • Describe the types of NAT used in firewall technologies – Static, Dynamic, PAT .
  • Implement Zone Based Firewall using CCP – Zone to zone, Self zone.
  • Implement the Cisco Adaptive Security Appliance (ASA) – NAT, ACL, Default MPF, Cisco ASA sec level.
  • Implement NAT and PAT, Functions of NAT, PAT, and NAT Overload, Translating inside source addresses, Overloading Inside global addresses.

Cisco IPS:

  • Describe IPS deployment considerations
  • SPAN
  • IPS product portfolio
  • Placement and Caveats
  • Describe IPS technologies, Attack responses, Monitoring options – Signature engines.
  • Global correlation and SIO.

VPN Technologies:

  • Describe the different methods used in cryptography
  • Symmetric & Asymmetric, HMAC, Message digest, PKI
  • Describe VPN technologies – IPsec, SSL
  • Describe the building blocks of IPsec – IKE,ESP, AH, Tunnel mode, Transport mode.
  • Implement an IOS IPsec site-to-site VPN with pre-shared key authentication and Verify VPN operations.
  • Implement SSL VPN using ASA device manager – Clientless & AnyConnect.
Lab Topics

Following hands-on labs sessions will be provided to CCNA Security students.

Lab 1. Securing the Router for Administrative Access

  • Task 1: Basic Network Device Configuration.
  • Task 2: Configure basic IP addressing for routers and PCs.
  • Task 3: Configure static routing, including default routes.
  • Task 4: Configure and encrypt all passwords.
  • Task 5: Configure a login warning banner.
  • Task 6: Configure enhanced username password security.
  • Task 7: Configure enhanced virtual login
  • Task 8: Configure an SSH server on a router

Lab 2. Securing Administrative Access Using AAA and RADIUS

  • Task 1: Configure basic settings such as host name, and access passwords.
  • Task 2: Configure static routing.
  • Task 3: Configure Local Authentication
  • Task 4: Configure a local database user  for the console, vty, and aux lines.  
  • Task 5: Configure Local Authentication Using AAA
  • Task 6: Configure the local user database using Cisco IOS.
  • Task 7: Configure AAA local authentication using Cisco IOS.

Lab 3. Configuring CBAC and Zone-Based Firewalls

  • Task 1: Configuring a Context-Based Access Control (CBAC) Firewall
  • Task 2: Configure CBAC using AutoSecure.
  • Task 3: Examine the resulting CBAC configuration.  

Lab 4. Configuring CBAC and Zone-Based Firewalls

    • Task 1: Define zones
    • Task 2: Configure ACLs and call them in class maps.
    • Task 3:Describe traffic between zones.
    • Task 4: Create policy maps to apply actions to the traffic of the class maps.
    • Task 5: Define zone pairs and assign policy maps to the zone pairs.

Lab 5. Layer 2 attacks

    • Task 1: Configuring Native VLAN on a Trunk Links.
    • Task 2: Disabling Dynamic Trunking Protocol
    • Task 3: Preventing Layer 2 Loops with BPDU Guard
    • Task 4: Protecting the Root Bridge using STP Root Guard
    • Task 5: Protecting the CAM Table using Port Security
    • Task 6: Preventing DHCP Rogue Servers by using DHCP Snooping
    • Task 7: Preventing Spoofed ARP via Dynamic ARP Inspection
    • Task 8: Preventing IP Spoofs using IP Source Guard

Lab 6. Configuring a Site-to-Site VPN Using Cisco IOS

    • Task 1: Configure a Site-to-Site VPN Using Cisco IOS  
    • Task 2: Configure IPsec VPN settings on R1 and R3
    • Task 3: Verify site-to-site IPsec VPN configuration
    • Task 4: Test IPsec VPN operation

Lab 7. Miscellaneous

    • Task 1: Basics of ASA
    • Task 2: Implementing SSL Clientless VPN
    • Task 3: Implementing SSL Full client VPN (anyconnect)

Enroll for this course now and get ahead in your career.

Course Fees:


Enquire Now

Virtual Classroom

  • Instructor led online training is an ideal vehicle for delivering training to individuals anywhere in the world at any time.
  • This innovative approach presents live content with instructor delivering the training online.
  • Candidates will be performing labs remotely on our labs on cloud in presence of an online instructor.
  • Rstforum uses microsoft lync engine to deliver instructor led online training.
  • Advances in computer network technology, improvements in bandwidth, interactions, chat and conferencing, and realtime audio and video offers unparalleled training opportunities.
  • Instructor led online training can helps today’s busy professionals to perform their jobs and upgrade knowledge by integrating self-paced instructor led online training in their daily routines.


  • Minimum batch size required for batch is 10 participants in the this course.
  • The RST Forum reserves the right to cancel/postpone the class.
  • Course schedule will be provided before commencement of the course.
  • Certificate of participation will be awarded to participants with a minimum 90% attendance.
  • All attendees are to observe the Copyright Law on intellectual properties such as software.
  • and courseware from respective vendors.
  • The RST Forum reserves the right to include external participants in the program either for the entire course or individual courses.
  • The RST Forum reserves the right to change/alter the sequence of courses. RST FORUM published Book would be given at 50% discounted rate to the forum students.