Cisco Network Security (CCNP) Practical Training Course

Course Duration: 48 Hours

Schedule: 4 hours per day × 2 days per week × 6 weeks

Target Audience:

• Senior undergraduate students (Computer Science, Information Technology, Cybersecurity majors)
• Prerequisite: Basic knowledge of networking (equivalent to CCNA level)

Training Format:

• Instructor-led workshops
• Hands-on labs with Cisco Packet Tracer, GNS3, or Cisco VIRL
• Group case studies, simulations, and final capstone project

Course Objectives:

By the end of this course, students will be able to:

• Design and implement advanced security for Cisco networks
• Configure and troubleshoot secure access to enterprise infrastructure
• Implement advanced threat defense mechanisms and VPN solutions
• Analyze network security issues using Cisco tools and techniques
• Prepare for core parts of the CCNP Security exam topics

Course Modules:

 Enterprise Network Security Architecture

Theory:

• CCNP Security Overview
• Enterprise Security Concepts
• Zero Trust Architecture
• Secure Access Architecture (AAA, ISE, 802.1X)
• Role of Cisco Secure X, Umbrella, and Firepower

Practical:

• Lab: Design secure enterprise architecture with VLANs and Layer 3 routing
• Lab: Configure AAA using local and RADIUS on Cisco routers/switches
• Lab: Use of Cisco ISE simulation for 802.1X demo (if available)

 Next-Gen Firewall & Intrusion Prevention

Theory:

• NGFW vs Traditional Firewalls
• Cisco ASA vs Firepower Threat Defense (FTD)
• Zone-Based Firewalls (ZBF)
• Intrusion Prevention Systems (IPS)

Practical:

• Lab: Configure ZBF on Cisco router
• Lab: Implement stateful firewall rules with ACLs and object groups
• Lab: Simulate IPS policies in Packet Tracer or GNS3
• Lab: Simulate FTD policies (with Firepower Manager or CLI demo)

Secure Network Access and Endpoint Control

Theory:

• Endpoint Posture Assessment and Control
• Secure Authentication and Authorization (802.1X)
• Network Access Control with Cisco ISE
• Trust Sec and Segmentation

Practical:

• Lab: Configure dot1x simulation using Packet Tracer
• Lab: Simulate secure access with MAC address filtering and VLAN assignments
• Lab: Endpoint control scenarios using ACLs and VLAN policies
• Group Activity: Plan a secure NAC policy for a medium-sized enterprise

 Secure Site-to-Site and Remote Access VPNs

Theory:

• VPN Technologies: IPsec, DMVPN, SSL VPN
• Crypto Concepts: IKEv1 vs IKEv2, ISAKMP, Transform Sets
• Site-to-Site vs Remote Access VPN Architecture

Practical:

• Lab: Configure IPsec VPN between two Cisco routers
• Lab: Implement DMVPN Phase 1 topology
• Lab: Simulate SSL VPN using Cisco ASA CLI (GNS3 or Packet Tracer)

 Threat Defense, Monitoring, and Automation

Theory:

• Cisco Secure X integration
• SIEM Concepts and Log Management (Syslog, NetFlow, SNMP)
• Network Automation and Security APIs (REST, Python scripting basics)
• Threat Intelligence and Incident Response

Practical:

• Lab: Configure Syslog, SNMP traps, and NetFlow on Cisco devices
• Lab: Write a basic Python script to push config changes via SSH
• Lab: Monitor security events using log tools or packet captures
• Challenge: Analyze and respond to a simulated incident scenario

 Capstone Project, Assessment, and Review

Capstone Project:

• Students form teams and build a secure network with:
  • VLANs and Layer 3 segmentation
  • AAA with RADIUS
  • ZBF or ASA-based firewall
  • Site-to-site VPN and simulated endpoint policies
  • Logging and incident detection

Assessment:

• Final Theoretical Quiz (25%)
• Capstone Evaluation (50%)
• Lab Participation & Teamwork (25%)

 Certification:

Upon successful completion, participants will receive from JELECOM:
“Advanced Cisco Network Security (CCNP Level) – Certificate of Completion

 

if you would like to get our course content please register . . .