لطفا منتظر باشید ...
Foundation Summary
The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CCSP exam, a well-prepared CCSP candidate should at a minimum know all the details in each "Foundation Summary" section before taking the exam.The Cisco SAFE Implementation exam uses the SAFE SMR blueprint as the basis of the network design in the exam. The medium-sized network consists of three primary modules:
- The Corporate Internet module
- The Campus module
- The WAN module
Table 4-4 summarizes the various modules in both the medium-sized and small network blueprints.
| Module Name | Medium-Sized Network Blueprint | Small Network Blueprint |
|---|---|---|
| Campus module | X | X |
| Corporate Internet module | X | X |
| WAN module | X |
- The Corporate Internet module
- The Campus module
Table 4-5 shows the key devices that are used in the Campus module for both small and medium-sized networks.
| Key Devices | Functions | Medium-Sized Network | Small Network |
|---|---|---|---|
| Layer 2 switch | Includes private VLAN support and provides network access to the end devices | X | X |
| Corporate servers | Provide DNS, e-mail, file, and print services to end devices | X | X |
| User workstations | Provide data and network services to users | X | X |
| Management hosts | Provide management for network devices; typically use SNMP | X | X |
| Layer 3 switch | Provides distribution services to the Layer 2 switches and routes production and management traffic within the Campus module | X | |
| NIDS management host | Provides alarm aggregation and analysis for all NIDS appliances throughout the Campus and Corporate Internet modules | X | |
| Syslog host | Aggregates firewall, router, and NIDS logs | X | |
| Access control server | Provides authentication services to network devices such as NASs | X | |
| OTP server | Provides for authorization of OTP authentication relayed from the access control server | X | |
| Sysadmin host | Provides for configuration, software, and content changes on network devices | X | |
| NIDS appliance | Provides for deep packet inspection of traffic traversing various segments of the network | X |
| Key Devices | Functions | Medium-Sized Network | Small Network |
|---|---|---|---|
| Hosts for small and medium-sized networks | DNS Server: Provides authoritative external DNS resolution; relays internal requests to the Internet.FTP Server: Provides public interface for file exchange between Internet users and the corporate network; can be combined with the HTTP server to reduce cost.HTTP Server: Provides public information about the enterprise or the organization; can be combined with the FTP server to reduce cost.SMTP Server: Provides e-mail service for the enterprise by relaying internal e-mail bound for external addresses; can inspect content as well. | X | X |
| Firewall | Provides network-level protection of resources through stateful filtering of traffic. Can provide remote IPSec tunnel termination for users and remote sites. Also provides differentiated access for remote-access users. | X | X |
| ISP router | Provides connectivity from the ISP to the network. | X | |
| Dial-in server | Authenticates remote dial-in users and terminates their dial-up connection. | X | |
| Layer 2 switches | Provides for Layer 2 connectivity within the Corporate Internet module. Can also provide support for private VLANs. | X | |
| Internal router | Provides routing within the module. | X | |
| NIDS appliance | Provides for deep packet inspection of traffic traversing various segments of the network. | X | |
| Edge router | Provides for connectivity to the Internet and rudimentary filtering through ACLs. | X | X |
| VPN concentrator | Authenticates remote users and terminates their IPSec tunnels. | X |
- In the public services segment
- In the internal segment between the firewall's private interface and the internal router
