NFP: Control Plane is the third of 8 modules in this CCNA Security certification curriculum. Network Foundation Protection is a security framework that provides with strategies to protect three functional areas of a device: Management Plane, Control Plane, and Data Plane. In this course we will focus on the Control Plane functionality and we will look at topics such as MAC address table, CAM table overflow, VTP, CDP, routing protocol authentication (RIP, OSPF, EIGRP, BGP), BGP TTL-Security, FHRP, passive interface, control plane policing, and control plane protection.



What Pre-Requisites are There for This Course?

If this was a single course covering the entire CCNA Security blueprint, the pre-requisite would have been the CCENT certification or equivalent knowledge. Since this is just a subset of the CCNA Security blueprint, for this specific portion it is recommended that you start with the INE Security Concepts and NFP: Management Plane courses. Additionally, you should have basic routing and switching knowledge.


Why Should You Watch This Course?

This course covers topics for the CCNA Security certification and is the perfect first step towards becoming a security expert. Our CCNA Security content gives you the foundational network infrastructure security knowledge to not only become a hero at work, but eventually become a master in the security field. With the expertise obtained from this course, you will be able to implement valuable skills such as maximizing device uptime and implementing secure routing solutions.


Who Should Watch?

This course is for anyone interested in pursuing the CCNA Security certification, or simply interested in gaining knowledge about network security in the control plane functionality of infrastructure devices.


                                     About the Instructor

Gabe Rivas

Gabe started his network engineering career in 2010 as a Co-Op at Cisco Systems in Herndon, VA. He landed a full-time position as a network consulting engineer and moved to Raleigh, NC, where he worked at Cisco from 2011-2013. He later moved to a network support role at ePlus Technology, a Cisco Gold Partner, where he worked from 2013-2016. Gabe is currently working at Cisco as a test engineer and has been teaching CCNA R&S, CCNA Security, and CCDA classes at Wake Technical Community College. Certifications that Gabe holds are: CCNA R&S, CCNA Security, CCNA Wireless, CCDA, CCNP R&S, and CCDP. Gabe is currently busy developing the CCNA Security course for INE and studying for his CCNP Security certification.


Many people think that the network is static just like the roads they drive to work on, always physically there and never changing or improving. Like a road handles all types of vehicles, our network needs to be fast enough to handle high-speed traffic applications, such as video streaming and video conferencing, while also being robust enough to handle extra-large data files for everything from documents, to 3D printing, to CNC machine instructions. Our network needs to work with small IoT devices, a variety of mobile devices, desktop systems, and even remote access from everywhere, all while protecting both the data and our users.

Since network administrators know that the network is always changing and improving, we must make plans 30+ days in advance to keep up with what our users are demanding from their systems. So, let’s look at some of the exciting things that are starting to appear, or will appear in the future, that will impact our jobs as Network Professionals.


Internet of Things

It seems like every day in the network industry we are hearing about IoT, the Internet of Things. What does that really mean to those of us supporting the Network? It means that potentially every user may have 1 or more devices that all need access to the network.

There are now Wi-Fi enabled coffee makers that users can get for their offices. It allows users to remotely start coffee so it is ready at their desk when they get into their office. If your office has 50 – 100 people, can your network handle 20-30 coffee makers? How would you secure them and protect your network? How will you upgrade your Wi-Fi to handle the added devices?

What about your remote workers? What network devices do they have connected to your network when they remotely log in? If your remote users log in to do work and items on their home network get disconnected, do you have a policy on how your I.T. department will support them or are they on their own for the home network?


The “Green” Movement

One of the growth areas in the network industry is the “Green” movement, reducing power usage while being more environmentally friendly. Do you have plans to deploy energy monitors, smart thermostats, power plugs, door locks or the latest generation of smart “green” network switches or access points on the network backbone? Do you know how these items will impact your network, reliability and user access?


Server Room Technology

Let us look at the “back of the house” to see some of the exciting changes coming for our server rooms. When looking at server room technology, most of it will touch and impact our network in areas such as routing, data flow, and amount of data needed. Some of the biggest changes and challenges in this area are currently the expanded use of Server Virtualization, SDNs (software defined networks), SD-WANs (software defined – wide area networks), NFVs (network function virtualization), edge computing, network cloud services, server OS upgrades, cybersecurity and remote access for workers.

Each of these items will impact every network differently depending on the individual network setup. How can you minimize risks and maximize benefits to your network infrastructure? By continuing to study, update and expand your certifications and qualifications so you understand how each piece of the network interacts with the other pieces.

I am most excited about working with the new Windows Server 2019 as Microsoft is embracing features such as SDN, virtual peer networking, encryption as well as other features. As network professionals I believe we need to understand more than just network hardware such as routers, switches and firewalls. We need to understand and “play” with the server OS’s, the devices that our employees and customers will be using to access the network.

While you may not be the day to day support for those other areas, having a good understanding of what they do and how they do it can help you troubleshoot your network issues to quickly determine if you have a network hardware issue, a client system issue or server issue that is impacting the network.

Here is an example of how important this is. Let’s say you have an engineering firm with 100 CAD engineers on the network. The company bills customers $150 per hour for each engineer. That equates to $15,000 of billable income per hour to the company. You come in at 8 AM, the network is down, everyone is already frustrated and upset because no one can get billable work done. Do you know where to start? Without a good understanding of everything on the network, it could take you 10 hours to figure out. That amounts to $150,000 of lost billable income to the company. Now, as a Certified Network Professional with additional cross training and certifications, you are able to look at the logs and figure out that a user plugged in a device, such as a cell phone, to their systems USB port and it is generating a Denial of Service on the LAN. Instead of your company being down for 10 hours, you have it fixed in 15 minutes by removing the offending device and rebooting the system. Which Network Professional do you want to be?



I am also excited about the continued updates and features to the different Linux operating systems and its expanded uses in IoT and items such as Raspberry Pis and Arduino. Some of the coolest network hardware devices are the “idiot” proof Wi-Fi mesh systems that users are getting installed in their homes, such as Eero, and the New Linksys systems, currently owned by Belkin. These systems make it easier build a mesh network in the office or at home for remote users. They are easy to setup and maintain out of the box. If you want to expand even more, you can get Open Mesh which has even more features for a Corporate setup. With the knowledge you gain from your certifications, you will be able to setup, deploy and troubleshoot these solutions with confidence.


Attivo ThreatDefend

One of the coolest items that came out of the Black Hat 2018 conference was Attivo ThreatDefend. The system is designed to protect nontraditional items such as IoT streaming camera servers. It will be interesting to see how much traffic it adds to the network load it is trying to defend.

As you can see, this is a great time to be in the networking industry. We are the “backbone” of the modern world. We build, defend, upgrade, and improve the networks that allow others to do their jobs, play their games and of course watch their favorite YouTube cat videos on demand. The Information Technology field is one of the most rewarding and most challenging jobs you can have. In my experience, 99% of the people you know will not understand what you do, but that is okay because we can smile knowing that we, the Certified IT Professionals are what keeps the modern world working 24 hours a day, 7 days a week.

The role of the network will keep growing and so will the challenges. Be sure you are able to keep up with the changes by staying on top of the developing trends, keeping up your certifications, and expanding your education in the Information Technology field through additional training and certifications.


Mel Hallock  About The Author

With more than 15 years of industry experience, Melissa's background includes multiple CompTIA certifications, a MCTS, a Bachelor of Applied Science and a Master of Information Systems. Melissa's most loved challenge is bringing the "aha" moment to every learner.







We've just added a new Network Automation course, Network Automation with Ansible (v2), to our video library!

Instructor: Eric Chou

Course Duration: 4hrs 33min

Course Description

Ansible is quickly becoming the automation tool of choice for networking. This course aims to demystify Ansible and get you up and running with today's technologies. After covering the basics, we'll move on to the more advanced topics as they are applicable to network automation. This course will be cover the latest Ansible GA release 2.4 with some augments for upcoming development release 2.5.

Course Title: The Full Stack Engineer's Guide to Network Programmability with Python
Course Duration: 30 hrs 33 min

The Full Stack Engineer's Guide to Network Programmability with Python will provide learners with an inductive and comprehensive introduction to the Python programming language to include the various data types, control flow structures, functions, methods, classes, objects, reading and writing files, data storage using MySQL, and regular expressions. We will also cover on- and off-box Python automation and explore the guest shell in IOS-XE!


By adjusting the hello/dead timers you can make non-compatible OSPF network types appear as neighbors via the "show ip ospf neighbor" but they won't become "adjacent" with each other.  OSPF network types that use a DR (broadcast and non-broadcast) can neighbor with each other and function properly.  Likewise OSPF network types (point-to-point and point-to-multipoint) that do not use a DR can neighbor with each other and function properly.  But if you mix DR types with non-DR types they will not function properly (i.e. not fully adjacent).  You should see in the OSPF database "Adv Router is not-reachable" messages when you've mixed DR and non-DR types.

Here is what will work:

Broadcast to Broadcast
Non-Broadcast to Non-Broadcast
Point-to-Point to Point-to-Point
Point-to-Multipoint to Point-to-Multipoint
Broadcast to Non-Broadcast (adjust hello/dead timers)
Point-to-Point to Point-to-Multipoint (adjust hello/dead timers)

Subscribe to INE Blog Updates

New Blog Posts!