Course detail

Design and Security of Enterprise Networks

FIT-CCSAcad. year: 2024/2025

Designing network topology with security. BPG, MPLS, MPLS VPN and VxVLAN technologies. Multihoming, mobility, renumbering. IPv6 native implementation and transition techniques. Optical networks. Automated network configuration using IPAM, DevOps and NetOps.

Language of instruction

Czech

Number of ECTS credits

Mode of study

Not applicable.

Guarantor

doc. Ing. Petr Matoušek, Ph.D., M.A.

Department

Department of Information Systems (UIFS)

Entry knowledge

Student are expected to be familiar with configuration of active network devices and advanced configuration of Linux systems. Cisco courses CCNA Routing and Switching or CCNP Route are recommended as prerequisities.

Rules for evaluation and completion of the course

  • Home preparation and hands-on labs (max 26 points).
  • Skills exam (max 20 points).
  • Final configuration and theoretical test (max 54 points)

  • Home preparation and active participation in hands-on labs.
  • Missed classes will not be replaced.

Aims

The course is focused on advanced networking technologies employed in ISP and telcom networks. It includes interdomain routing, IPv6 transitions technologies, L2 virtual technologies and quality of services. Hands-on lab training will be provided on active network devices and Linux stations.
Students learn concepts of network design, security and management of enterprise networks. They will understand network technologies like BPG, MPLS, VxVLAN, VPN tunneling, QoS and others.

Study aids

Not applicable.

Prerequisites and corequisites

Not applicable.

Basic literature

Not applicable.

Recommended reading

Anthony Bruno, Steve Jordan. CCDA 200-310 Official Cert Guide, 5th Edition. Cisco Press, 2016.
Ivan Pepelnjak, Jim Guichard, MPLS and VPN Architectures, 2000 by Cisco Press.
Omar Santos, John Stuppi. CCNA Security 210-260 Official Cert Guide. Cisco Press, 2015.
Přednáškový text v angličtině.

Classification of course in study plans

  • Programme MITAI Master's

    specialization NGRI , 0 year of study, winter semester, elective
    specialization NADE , 0 year of study, winter semester, elective
    specialization NISD , 0 year of study, winter semester, elective
    specialization NMAT , 0 year of study, winter semester, elective
    specialization NSEC , 0 year of study, winter semester, elective
    specialization NISY up to 2020/21 , 0 year of study, winter semester, elective
    specialization NNET , 0 year of study, winter semester, elective
    specialization NMAL , 0 year of study, winter semester, elective
    specialization NCPS , 0 year of study, winter semester, elective
    specialization NHPC , 0 year of study, winter semester, elective
    specialization NVER , 0 year of study, winter semester, elective
    specialization NIDE , 0 year of study, winter semester, elective
    specialization NISY , 0 year of study, winter semester, elective
    specialization NEMB , 0 year of study, winter semester, elective
    specialization NSPE , 0 year of study, winter semester, elective
    specialization NEMB , 0 year of study, winter semester, elective
    specialization NBIO , 0 year of study, winter semester, elective
    specialization NSEN , 0 year of study, winter semester, elective
    specialization NVIZ , 0 year of study, winter semester, elective

Type of course unit

 

Laboratory exercise

52 hod., compulsory

Teacher / Lecturer

Ing. Matěj Grégr, Ph.D.
Ing. Vladimír Veselý, Ph.D.

Syllabus

  1. Introduction to TCP/IP networking.
  2. Stateful firewalls, IDS/IPS systems.
  3. Cisco ASA - Adaptive Security Appliance.
  4. BGP routing.
  5. BGP - filering, communities.
  6. LISP - Locator ID Separation Protocol
  7. IPv6 in enterprise networks. Transition mechanisms, autoconfiguration.
  8. MPLS a and packet switching in ISP networks.
  9. MPLS VPN, ATOM
  10. VxVLAN
  11. QoS.
  12. Optical connections and links.
  13. IPAM, automated management, devops