CCNP Enterprise
Architecture
-
1.1 Explain the different design principles used in an enterprise network.
-
1.1.a High-level enterprise network design such as 2-tier, 3-tier, fabric, and cloud
-
1.1.b High availability techniques such as redundancy, FHRP, and SSO
-
-
1.2 Describe wireless network design principles.
-
1.2.a Wireless deployment models (centralized, distributed, controller-less, controller-based, cloud, remote branch)
-
1.2.b Location services in a WLAN design
-
1.2.c Client density
-
-
1.3 Explain the working principles of the Cisco SD-WAN solution.
-
1.3.a SD-WAN control and data planes elements
-
1.3.b Benefits and limitations of SD-WAN solutions
-
-
1.4 Explain the working principles of the Cisco SD-Access solution.
-
1.4.a SD-Access control and data planes elements
-
1.4.b Traditional campus interoperating with SD-Access
-
-
1.5 Interpret wired and wireless QoS configurations.
-
1.5.a QoS components
-
1.5.b QoS policy
-
-
1.6 Describe hardware and software switching mechanisms such as CEF, CAM, TCAM, FIB, RIB, and adjacency tables.
Virtualization
-
2.1 Describe device virtualization technologies.
-
2.1.a Hypervisor type 1 and 2
-
2.1.b Virtual machine
-
2.1.c Virtual switching
-
-
2.2 Configure and verify data path virtualization technologies.
-
2.2.a VRF
-
2.2.b GRE and IPsec tunnelling
-
-
2.3 Describe network virtualization concepts.
-
2.3.a LISP
-
2.3.b VXLAN
-
Infrastructure
-
3.1 Layer 2
-
3.1.a Troubleshoot static and dynamic 802.1q trunking protocols.
-
3.1.b Troubleshoot static and dynamic EtherChannel’s.
-
3.1.c Configure and verify common Spanning Tree Protocols (RSTP, MST) and Spanning Tree enhancements such as root guard and BPDU guard.
-
-
3.2 Layer 3
-
3.2.a Compare routing concepts of EIGRP and OSPF (advanced distance vector vs. link state, load balancing, path selection, path operations, metrics, and area types)
-
3.2.b Configure simple OSPFv2/v3 environments, including multiple normal areas, summarization, and filtering (neighbour adjacency, point-to-point, and broadcast network types, and passive-interface)
-
3.2.c Configure and verify eBGP between directly connected neighbours (best path selection algorithm and neighbour relationships)
-
3.2.d Describe policy-based routing.
-
-
3.3 Wireless
-
3.3.a Describe Layer 1 concepts, such as RF power, RSSI, SNR, interference, noise, bands, channels, and wireless client devices capabilities.
-
3.3.b Describe AP modes and antenna types.
-
3.3.c Describe access point discovery and join process (discovery algorithms, WLC selection process)
-
3.3.d Describe the main principles and use cases for Layer 2 and Layer 3 roaming.
-
3.3.e Troubleshoot WLAN configuration and wireless client connectivity issues using GUI only.
-
3.3.f Describe wireless segmentation with groups, profiles, and tags.
-
-
3.4 IP Services
-
3.4.a Interpret network time protocol configurations such as NTP and PTP
-
3.4.b Configure NAT/PAT
-
3.4.c Configure first hop redundancy protocols, such as HSRP, VRRP
-
3.4.d Describe multicast protocols, such as RPF check, PIM and IGMP v2/v3
-
Network Assurance
-
4.1 Diagnose network problems using tools such as debugs, conditional debugs, traceroute, ping, SNMP, and syslog.
-
4.2 Configure and verify Flexible NetFlow
-
4.3 Configure SPAN/RSPAN/ERSPAN
-
4.4 Configure and verify IPSLA.
-
4.5 Describe Cisco DNA Centre workflows to apply network configuration, monitoring, and management.
-
4.6 Configure and verify NETCONF and RESTCONF​
Security
-
5.1 Configure and verify device access control.
-
5.1.a Lines and local user authentication
-
5.1.b Authentication and authorization using AAA.
-
-
5.2 Configure and verify infrastructure security features.
-
5.2.a ACLs
-
5.2.b CoPP
-
-
5.3 Describe REST API security.
-
5.4 Configure and verify wireless security features.
-
5.4.a 802.1X
-
5.4.b Web AUTH
-
5.4.c PSK
-
5.4.d EAPOL (4-way handshake)
-
-
5.5 Describe the components of network security design.
-
5.5.a Threat defence
-
5.5.b Endpoint security
-
5.5.c Next-generation firewall
-
5.5.d TrustSec and MACsec
-
5.5.e Network access control with 802.1X, MAB, and Web AUTH
-
Automation
-
6.1 Interpret basic Python components and scripts.
-
6.2 Construct valid JSON-encoded files
-
6.3 Describe the high-level principles and benefits of a data modelling language, such as YANG.
-
6.4 Describe APIs for Cisco DNA Centre and vManage.
-
6.5 Interpret REST API response codes and results in payload using Cisco DNA Centre and RESTCONF
-
6.6 Construct an EEM applet to automate configuration, troubleshooting, or data collection.
-
6.7 Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible, and Salt Stack