Introduction
Congratulations! If you are reading this Introduction, then you have probably decided to obtain a Cisco certification. Obtaining a Cisco certification will ensure that you have a solid understanding of common industry protocols along with Cisco’s device architecture and configuration. Cisco has a high market share of routers and switches, with a global footprint.
Professional certifications have been an important part of the computing industry for many years and will continue to become more important. Many reasons exist for these certifications, but the most popularly cited reason is credibility. All other factors being equal, a certified employee/consultant/job candidate is considered more valuable than one who is not certified.
Cisco provides three primary certifications: Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), and Cisco Certified Internetwork Expert (CCIE). Cisco is making changes to all three certifications, effective February 2020. The following are the most notable of the many changes:
The exams will include additional topics, such as programming.
The CCNA certification is not a prerequisite for obtaining the CCNP certification. CCNA specializations will not be offered anymore.
The exams will test a candidate’s ability to configure and troubleshoot network devices in addition to answering multiple-choice questions.
The CCNP is obtained by taking and passing a Core exam and a Concentration exam.
The CCIE certification requires candidates to pass the Core written exam before the CCIE lab can be scheduled.
CCNP Enterprise candidates need to take and pass the CCNP and CCIE Enterprise Core ENCOR 350-401 examination. Then they need to take and pass one of the following Concentration exams to obtain their CCNP Enterprise:
300-410 ENARSI: Implementing Cisco Enterprise Advanced Routing and Services (ENARSI)
300-415 ENSDWI: Implementing Cisco SD-WAN Solutions (SDWAN300)
300-420 ENSLD: Designing Cisco Enterprise Networks (ENSLD)
300-425 ENWLSD: Designing Cisco Enterprise Wireless Networks (ENWLSD)
300-430 ENWLSI: Implementing Cisco Enterprise Wireless Networks (ENWLSI)
300-435 ENAUTO: Implementing Automation for Cisco Enterprise Solutions (ENAUI)
Be sure to visit www.cisco.com to find the latest information on CCNP Concentration requirements and to keep up to date on any new Concentration exams that are announced.
CCIE Enterprise candidates need to take and pass the CCNP and CCIE Enterprise Core ENCOR 350-401 examination. Then they need to take and pass the CCIE Enterprise Infrastructure or Enterprise Wireless lab exam.
Goals and Methods
The most important and somewhat obvious goal of this book is to help you pass the CCNP and CCIE Enterprise Core ENCOR 350-401 exam. In fact, if the primary objective of this book were different, then the book’s title would be misleading; however, the methods used in this book to help you pass the exam are designed to also make you much more knowledgeable about how to do your job.
One key methodology used in this book is to help you discover the exam topics that you need to review in more depth, to help you fully understand and remember those details, and to help you prove to yourself that you have retained your knowledge of those topics. This book does not try to help you simply memorize; rather, it helps you truly learn and understand the topics. The CCNP and CCIE Enterprise Core exam is just one of the foundation topics in the CCNP certification, and the knowledge contained within is vitally important to being a truly skilled routing/switching engineer or specialist. This book would do you a disservice if it didn’t attempt to help you learn the material. To that end, the book will help you pass the CCNP and CCIE Enterprise Core exam by using the following methods:
Helping you discover which test topics you have not mastered
Providing explanations and information to fill in your knowledge gaps
Supplying exercises and scenarios that enhance your ability to recall and deduce the answers to test questions
Who Should Read This Book?
This book is not designed to be a general networking topics book, although it can be used for that purpose. This book is intended to tremendously increase your chances of passing the CCNP and CCIE Enterprise Core exam. Although other objectives can be achieved from using this book, the book is written with one goal in mind: to help you pass the exam.
So why should you want to pass the CCNP and CCIE Enterprise Core ENCOR 350-401 exam? Because it’s one of the milestones toward getting the CCNP certification or to being able to schedule the CCIE lab—which is no small feat. What would getting the CCNP or CCIE mean to you? It might translate to a raise, a promotion, and recognition. I would certainly enhance your resume. It would demonstrate that you are serious about continuing the learning process and that you’re not content to rest on your laurels. It might please your reseller-employer, who needs more certified employees for a higher discount from Cisco. Or you might have one of many other reasons.
Strategies for Exam Preparation
The strategy you use to prepare for the CCNP and CCIE Enterprise Core ENCOR 350-401 exam might be slightly different from strategies used by other readers, depending on the skills, knowledge, and experience you already have obtained. For instance, if you have attended the CCNP and CCIE Enterprise Core ENCOR 350-401 course, then you might take a different approach than someone who learned switching via on-the-job training.
Regardless of the strategy you use or the background you have, the book is designed to help you get to the point where you can pass the exam with the least amount of time required. For instance, there is no need for you to practice or read about IP addressing and subnetting if you fully understand it already. However, many people like to make sure that they truly know a topic and thus read over material that they already know. Several features of this book will help you gain the confidence that you need to be convinced that you know some material already and to also help you know what topics you need to study more.
The Companion Website for Online Content Review
All the electronic review elements, as well as other electronic components of the book, exist on this book’s companion website.
How to Access the Companion Website
To access the companion website, which gives you access to the electronic content with this book, start by establishing a login at www.ciscopress.com and registering your book. To do so, simply go to www.ciscopress.com/register and enter the ISBN of the print book: 9781587145230. After you have registered your book, go to your account page and click the Registered Products tab. From there, click the Access Bonus Content link to get access to the book’s companion website.
Note that if you buy the Premium Edition eBook and Practice Test version of this book from Cisco Press, your book will automatically be registered on your account page. Simply go to your account page, click the Registered Products tab, and select Access Bonus Content to access the book’s companion website.
How to Access the Pearson Test Prep (PTP) App
You have two options for installing and using the Pearson Test Prep application: a web app and a desktop app. To use the Pearson Test Prep application, start by finding the registration code that comes with the book. You can find the code in these ways:
Print book: Look in the cardboard sleeve in the back of the book for a piece of paper with your book’s unique PTP code.
Premium Edition: If you purchase the Premium Edition eBook and Practice Test directly from the Cisco Press website, the code will be populated on your account page after purchase. Just log in at www.ciscopress.com, click Account to see details of your account, and click the digital purchases tab.
Amazon Kindle: For those who purchase a Kindle edition from Amazon, the access code will be supplied directly from Amazon.
Other Bookseller E-books: Note that if you purchase an e-book version from any other source, the practice test is not included because other vendors to date have not chosen to vend the required unique access code.
Once you have the access code, to find instructions about both the PTP web app and the desktop app, follow these steps:
Step 1. Open this book’s companion website, as shown earlier in this Introduction under the heading “How to Access the Companion Website.”
Step 2. Click the Practice Exams button.
Step 3. Follow the instructions listed there both for installing the desktop app and for using the web app.
Note that if you want to use the web app only at this point, just navigate to www.pearsontestprep.com, establish a free login if you do not already have one, and register this book’s practice tests using the registration code you just found. The process should take only a couple of minutes.
How This Book Is Organized
Although this book could be read cover to cover, it is designed to be flexible and allow you to easily move between chapters and sections of chapters to cover just the material that you need more work with. If you do intend to read them all, the order in the book is an excellent sequence to use.
The book includes the following chapters:
Chapter 1, “Packet Forwarding”: This chapter provides a review of basic network fundamentals and then dives deeper into technical concepts related to how network traffic is forwarded through a router or switch architecture.
Chapter 2, “Spanning Tree Protocol”: This chapter explains how switches prevent forwarding loops while allowing for redundant links with the use of Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP).
Chapter 3, “Advanced STP Tuning”: This chapter reviews common techniques that are in Cisco Validated Design guides. Topics include root bridge placement and protection.
Chapter 4, “Multiple Spanning Tree Protocol”: This chapter completes the section of spanning tree by explaining Multiple Spanning Tree (MST) protocol.
Chapter 5, “VLAN Trunks and EtherChannel Bundles”: This chapter covers features such as VTP, DTP, and EtherChannel for switch-to-switch connectivity.
Chapter 6, “IP Routing Essentials”: This chapter revisits the fundamentals from Chapter 1 and examines some of the components of the operations of a router. It reinforces the logic of the programming of the Routing Information Base (RIB), reviews differences between common routing protocols, and explains common concepts related to static routes.
Chapter 7, “EIGRP”: This chapter explains the underlying mechanics of the EIGRP routing protocol, the path metric calculations, and the failure detection mechanisms and techniques for optimizing the operations of the routing protocol.
Chapter 8, “OSPF”: This chapter explains the core concepts of OSPF and the basics in establishing neighborships and exchanging routes with other OSPF routers.
Chapter 9, “Advanced OSPF”: This chapter expands on Chapter 8 and explains the functions and features found in larger enterprise networks. By the end of this chapter, you should have a solid understanding of the route advertisement within a multi-area OSPF domain, path selection, and techniques to optimize an OSPF environment.
Chapter 10, “OSPFv3”: This chapter explains how the OSPF protocol has changed to accommodate support of IPv6.
Chapter 11, “BGP”: This chapter explains the core concepts of BGP and its path attributes. This chapter explains configuration of BGP and advertisement and summarization of IPv4 and IPv6 network prefixes.
Chapter 12, “Advanced BGP”: This chapter expands on Chapter 11 and explains BGP’s advanced features and concepts, such as BGP multihoming, route filtering, BGP communities, and the logic for identifying the best path for a specific network prefix.
Chapter 13, “Multicast”: This chapter describes the fundamental concepts related to multicast and how it operates. It also describes the protocols that are required to understand its operation in more detail, such as Internet Group Messaging Protocol (IGMP), IGMP snooping, Protocol Independent Multicast (PIM) Dense Mode/Sparse Mode, and rendezvous points (RPs).
Chapter 14, “QoS”: This chapter describes the different QoS models available: best effort, Integrated Services (IntServ), and Differentiated Services (DiffServ). It also describes tools and mechanisms used to implement QoS such as classification and marking, policing and shaping, and congestion management and avoidance.
Chapter 15, “IP Services”: In addition to routing and switching network packets, a router can perform additional functions to enhance the network. This chapter covers time synchronization, virtual gateway technologies, and network address translation.
Chapter 16, “Overlay Tunnels”: This chapter explains Generic Routing Encapsulation (GRE) and IP Security (IPsec) fundamentals and how to configure them. It also explains Locator ID/Separation Protocol (LISP) and Virtual Extensible Local Area Network (VXLAN).
Chapter 17, “Wireless Signals and Modulation”: This chapter covers the basic theory behind radio frequency (RF) signals, measuring and comparing the power of RF signals, and basic methods and standards involved in carrying data wirelessly.
Chapter 18, “Wireless Infrastructure”: This chapter describes autonomous, cloud-based, centralized, embedded, and Mobility Express wireless architectures. It also explains the process that lightweight APs must go through to discover and bind to a wireless LAN controller. Various AP modes and antennas are also described.
Chapter 19, “Understanding Wireless Roaming and Location Services”: This chapter discusses client mobility from the AP and controller perspectives so that you can design and configure a wireless network properly as it grows over time. It also explains how components of a wireless network can be used to compute the physical locations of wireless devices.
Chapter 20, “Authenticating Wireless Clients”: This chapter covers several methods you can use to authenticate users and devices in order to secure a wireless network.
Chapter 21, “Troubleshooting Wireless Connectivity”: This chapter helps you get some perspective about problems wireless clients may have with their connections, develop a troubleshooting strategy, and become comfortable using a wireless LAN controller as a troubleshooting tool.
Chapter 22, “Enterprise Network Architecture”: This chapter provides a high-level overview of the enterprise campus architectures that can be used to scale from a small environment to a large campus-size network.
Chapter 23, “Fabric Technologies”: This chapter defines the benefits of Software-Defined Access (SD-Access) over traditional campus networks as well as the components and features of the Cisco SD-Access solution, including the nodes, fabric control plane, and data plane. It also defines the benefits of Software-Defined WAN (SD-WAN) over traditional WANs, as well as the components and features of the Cisco SD-WAN solution, including the orchestration plane, management plane, control plane, and data plane.
Chapter 24, “Network Assurance”: This chapter covers some of the tools most commonly used for operations and troubleshooting in the network environment. Cisco DNA Center with Assurance is also covered, to showcase how the tool can improve mean time to innocence (MTTI) and root cause analysis of issues.
Chapter 25, “Secure Network Access Control”: This chapter describes a Cisco security framework to protect networks from evolving cybersecurity threats as well as the security components that are part of the framework, such as next-generation firewalls, web security, email security, and much more. It also describes network access control (NAC) technologies such as 802.1x, Web Authentication (WebAuth), MAC Authentication Bypass (MAB), TrustSec, and MACsec.
Chapter 26, “Network Device Access Control and Infrastructure Security”: This chapter focuses on how to configure and verify network device access control through local authentication and authorization as well through AAA. It also explains how to configure and verify router security features, such as access control lists (ACLs), control plane policing (CoPP) and zone-based firewalls (ZBFWs), that are used to provide device and infrastructure security.
Chapter 27, “Virtualization”: This chapter describes server virtualization technologies such as virtual machines, containers, and virtual switching. It also describes the network functions virtualization (NFV) architecture and Cisco’s enterprise NFV solution.
Chapter 28, “Foundational Network Programmability Concepts”: This chapter covers current network management methods and tools as well as key network programmability methods. It also covers how to use software application programming interfaces (APIs) and common data formats.
Chapter 29, “Introduction to Automation Tools”: This chapter discusses some of the most common automation tools that are available. It covers on-box, agent-based, and agentless tools and examples.
Chapter 30, “Final Preparation”: This chapter details a set of tools and a study plan to help you complete your preparation for the CCNP and CCIE Enterprise Core ENCOR 350-401 exam.
Certification Exam Topics and This Book
The questions for each certification exam are a closely guarded secret. However, we do know which topics you must know to successfully complete the CCNP and CCIE Enterprise Core ENCOR 350-401 exam. Cisco publishes them as an exam blueprint. Table I-1 lists each exam topic listed in the blueprint along with a reference to the book chapter that covers the topic. These are the same topics you should be proficient in when working with enterprise technologies in the real world.
Table I-1 CCNP and CCIE Enterprise Core ENCOR 350-401 Topics and Chapter References
CCNP and CCIE Enterprise Core ENCOR (350-401) Exam Topic |
Chapter(s) in Which Topic Is Covered |
||
1.0 Architecture |
|
||
|
1.1 Explain the different design principles used in an enterprise network |
|
|
|
|
1.1.a Enterprise network design such as Tier 2, Tier 3, and Fabric Capacity planning |
22 |
|
|
1.1.b High availability techniques such as redundancy, FHRP, and SSO |
15, 22 |
|
1.2 Analyze design principles of a WLAN deployment |
|
|
|
|
1.2.a Wireless deployment, models (centralized, distributed, controller-less, controller based, cloud, remote branch) |
18 |
|
1.2.b Location services in a WLAN design |
19 |
|
|
1.3 Differentiate between on-premises and cloud infrastructure deployments |
23 |
|
|
1.4 Explain the working principles of the Cisco SD-WAN solution |
|
|
|
|
1.4.a SD-WAN control and data planes elements |
23 |
|
|
1.4.b Traditional WAN and SD-WAN solutions |
23 |
|
1.5 Explain the working principles of the Cisco SD-Access solution |
|
|
|
|
1.5.a SD-Access control and data planes elements |
23 |
|
|
1.5.b Traditional campus interoperating with SD-Access |
23 |
|
1.6 Describe concepts of QoS |
|
|
|
|
1.6.a QoS components |
14 |
|
|
1.6.b QoS policy |
14 |
|
1.7 Differentiate hardware and software switching mechanisms |
|
|
|
|
1.7.a Process and CEF |
1 |
|
|
1.7.b MAC address table and TCAM |
1 |
|
|
1.7.c FIB vs. RIB |
1 |
2.0 Virtualization |
|
||
|
2.1 Describe device virtualization technologies |
|
|
|
|
2.1.a Hypervisor type 1 and |
27 |
|
|
2.1.b Virtual machine |
27 |
|
|
2.1.c Virtual switching |
27 |
|
2.2 Configure and verify data path virtualization technologies |
|
|
|
|
2.2.a VRF |
6 |
|
|
2.2.b GRE and IPsec tunneling |
16 |
|
2.3 Describe network virtualization concepts |
|
|
|
|
2.3.a LISP |
16 |
|
|
2.3.b VXLAN |
16 |
3.0 Infrastructure |
|
||
|
3.1 Layer 2 |
|
|
|
|
3.1.a Troubleshoot static and dynamic 802.1q trunking protocols |
5 |
|
|
3.1.b Troubleshoot static and dynamic EtherChannels |
5 |
|
|
3.1.c Configure and verify common Spanning Tree Protocols (RSTP and MST) |
2, 3, 4 |
|
3.2 Layer 3 |
|
|
|
|
3.2.a Compare routing concepts of EIGRP and OSPF (advanced distance vector vs. linked state, load balancing, path selection, path operations, metrics) |
6, 7, 8, 9 |
|
|
3.2.b Configure and verify simple OSPF environments, including multiple normal areas, summarization, and filtering (neighbor adjacency, point-to-point and broadcast network types, and passive interface) |
8, 9, 10 |
|
|
3.2.c Configure and verify eBGP between directly connected neighbors (best path selection algorithm and neighbor relationships) |
11, 12 |
|
3.3 Wireless |
|
|
|
|
3.3.a Describe the main RF signal concepts, such as RSSI, SNR, Tx-power, and wireless client devices capabilities |
17 |
|
|
3.3.b Describe AP modes and antenna types |
18 |
|
|
3.3.c Describe access point discovery and join process |
18 |
|
|
3.3.d Describe the main principles and use cases for Layer 2 and Layer 3 roaming |
19 |
|
|
3.3.e Troubleshoot WLAN configuration and wireless client connectivity issues |
21 |
|
3.4 IP Services |
|
|
|
|
3.4.a Describe Network Time Protocol (NTP) |
15 |
|
|
3.4.b Configure and verify NAT/PAT |
15 |
|
|
3.4.c Configure first hop redundancy protocols, such as HSRP and VRRP |
15 |
|
|
3.4.d Describe multicast protocols, such as PIM and IGMP v2/v3 |
13 |
4.0 Network Assurance |
24 |
||
|
4.1 Diagnose network problems using tools such as debugs, conditional debugs, trace route, ping, SNMP, and syslog |
24 |
|
|
4.2 Configure and verify device monitoring using syslog for remote logging |
24 |
|
|
4.3 Configure and verify NetFlow and Flexible NetFlow |
24 |
|
|
4.4 Configure and verify SPAN/RSPAN/ERSPAN |
24 |
|
|
4.5 Configure and verify IPSLA |
24 |
|
|
4.6 Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management |
24 |
|
|
4.7 Configure and verify NETCONF and RESTCONF |
28 |
|
5.0 Security |
|
||
|
5.1 Configure and verify device access control |
26 |
|
|
|
5.1.a Lines and password protection |
26 |
|
|
5.1.b Authentication and authorization using AAA |
26 |
|
5.2 Configure and verify infrastructure security features |
26 |
|
|
|
5.2.a ACLs |
26 |
|
|
5.2.b CoPP |
26 |
|
5.3 Describe REST API security |
28 |
|
|
5.4 Configure and verify wireless security features |
|
|
|
|
5.4.a EAP |
20 |
|
|
5.4.b WebAuth |
20 |
|
|
5.4.c PSK |
20 |
|
5.5 Describe the components of network security design |
25 |
|
|
|
5.5.a Threat defense |
25 |
|
|
5.5.b Endpoint security |
25 |
|
|
5.5.c Next-generation firewall |
25 |
|
|
5.5.d TrustSec, MACsec |
25 |
|
|
5.5.e Network access control with 802.1x, MAB, and WebAuth |
20, 25 |
6.0 Automation |
|
||
|
6.1 Interpret basic Python components and scripts |
29 |
|
|
6.2 Construct valid JSON encoded file |
28 |
|
|
6.3 Describe the high-level principles and benefits of a data modeling language, such as YANG |
28 |
|
|
6.4 Describe APIs for Cisco DNA Center and vManage |
28 |
|
|
6.5 Interpret REST API response codes and results in payload using Cisco DNA Center and RESTCONF |
28 |
|
|
6.6 Construct EEM applet to automate configuration, troubleshooting, or data collection |
29 |
|
|
6.7 Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible, and SaltStack |
29 |
|
Each version of the exam may emphasize different functions or features, and some topics are rather broad and generalized. The goal of this book is to provide the most comprehensive coverage to ensure that you are well prepared for the exam. Although some chapters might not address specific exam topics, they provide a foundation that is necessary for a clear understanding of important topics.
It is also important to understand that this book is a static reference, whereas the exam topics are dynamic. Cisco can and does change the topics covered on certification exams often.
This exam guide should not be your only reference when preparing for the certification exam. You can find a wealth of information available at Cisco.com that covers each topic in great detail. If you think that you need more detailed information on a specific topic, read the Cisco documentation that focuses on your chosen topic.
Note that as technologies continue to evolve, Cisco reserves the right to change the exam topics without notice. Although you can refer to the list of exam topics in Table I-1, always check Cisco.com to verify the actual list of topics to ensure that you are prepared before taking the exam. You can view the current exam topics on any current Cisco certification exam by visiting the Cisco.com website, hovering over Training & Events, and selecting from the Certifications list. Note also that, if needed, Cisco Press might post additional preparatory content on the web page associated with this book: http://www.ciscopress.com/title/9781587145230. It’s a good idea to check the website a couple weeks before taking the exam to be sure that you have up-to-date content.