CCNP Enterprise ENCOR 350-401 Exam Guide
Implementing Cisco Enterprise Network Core Technologies v1.1 (350-401)
The “Implementing Cisco Enterprise Network Core Technologies” (ENCOR 350-401) exam is an exhaustive 120-minute assessment associated with the CCNP and CCIE Enterprise Certifications. This exam evaluates a candidate’s proficiency in deploying key enterprise network technologies encompassing dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security, and automation. Designed to prepare candidates for this extensive examination, the course covering these core technologies delves into critical areas essential for mastering the complexities of modern enterprise networks.
1.0 Architecture (15%)
The Architecture domain is foundational, focusing on the design principles critical to constructing scalable and resilient enterprise networks. Candidates need to understand different network designs like 2-tier, 3-tier, and fabric architectures, along with cloud integration. High availability techniques such as redundancy, First Hop Redundancy Protocols (FHRP), and Single Sign-On (SSO) mechanisms are pivotal. Additionally, this section explores wireless network design, including various deployment models and considerations for location services and client density. Key concepts of Cisco’s SD-WAN and SD-Access solutions are discussed, emphasizing their control and data plane elements, benefits, and integration into traditional campus environments. Quality of Service (QoS) configurations, along with an understanding of hardware and software switching mechanisms, round out this domain.
1.1 Explain different design principles used in an enterprise network:
- 1.1.a High-level enterprise network design (2-tier, 3-tier, fabric, cloud): These designs outline different organizational structures, from traditional hierarchical models (2-tier and 3-tier) that separate networks into distinct layers for scalability and manageability, to fabric-based designs that utilize path optimization and redundancy for efficiency and resilience, and cloud architectures which integrate on-premises infrastructure with cloud resources for flexibility and scalability.
- 1.1.b High availability techniques (redundancy, FHRP, SSO): Focuses on ensuring continuous network service through methods like redundant paths or devices to prevent single points of failure, using protocols such as HSRP or VRRP to maintain connectivity if a primary router fails, and Single Sign-On to enhance user experience and security by reducing credential re-authentication needs across network services.
1.2 Describe wireless network design principles:
- 1.2.a Wireless deployment models: Includes centralized (where management is done at a single controller), distributed (management is spread across devices), and controller-less architectures, which adapt to various operational scales and requirements.
- 1.2.b Location services in WLAN design: Discusses how WLANs can use RF signaling to locate devices, enhancing functionalities in applications like inventory management, user tracking, or emergency services.
- 1.2.c Client density: Examines strategies to manage the number of devices effectively within a wireless network, which can affect performance and bandwidth allocation.
1.3 Explain the working principles of the Cisco SD-WAN solution:
- 1.3.a SD-WAN control and data planes elements: Differentiates between the control plane for management and the data plane for actual data transport, crucial for understanding how SD-WAN optimizes and secures data routing in dispersed networks.
- 1.3.b Benefits and limitations of SD-WAN solutions: Highlights benefits like cost reduction, improved resource usage, and faster service provisioning while discussing limitations such as dependency on underlying network infrastructure and initial deployment complexity.
1.4 Explain the working principles of the Cisco SD-Access solution:
- 1.4.a SD-Access control and data planes elements: Covers how SD-Access centralizes network policy management and streamlines network access for users and devices, enhancing security and simplicity.
- 1.4.b Traditional campus interoperating with SD-Access: Discusses integration challenges and strategies when merging traditional campus networks with newer SD-Access configurations.
1.5 Interpret wired and wireless QoS configurations:
- 1.5.a QoS components: Explores components like classification, marking, queuing, congestion management and avoidance, and link efficiency mechanisms.
- 1.5.b QoS policy: Discusses how policies are applied to prioritize traffic, essential for ensuring performance and availability of critical applications across both wired and wireless networks.
1.6 Describe hardware and software switching mechanisms:
- 1.6 Includes CEF (Cisco Express Forwarding), CAM (Content Addressable Memory), TCAM (Ternary CAM), FIB (Forwarding Information Base), RIB (Routing Information Base), and adjacency tables: Explains how each mechanism contributes to efficient forwarding and routing decisions within network devices, enhancing processing speed and accuracy.
- 1.6 Includes CEF (Cisco Express Forwarding), CAM (Content Addressable Memory), TCAM (Ternary CAM), FIB (Forwarding Information Base), RIB (Routing Information Base), and adjacency tables: Explains how each mechanism contributes to efficient forwarding and routing decisions within network devices, enhancing processing speed and accuracy.
2.0 Virtualization (10%)
Virtualization plays a critical role in modern networks by abstracting hardware and network functions into software for greater flexibility and efficiency. This domain covers device virtualization technologies like Hypervisors (Type 1 and 2), virtual machines, and virtual switching. Candidates will configure and verify data path virtualization technologies including VRFs and tunneling protocols like GRE and IPsec. Network virtualization concepts such as LISP and VXLAN are also detailed, highlighting their importance in creating efficient and scalable network environments.
2.1 Describe device virtualization technologies:
- 2.1.a Hypervisor type 1 and 2: Differentiates between type 1 hypervisors that run directly on hardware and type 2 hypervisors that run on a host operating system, impacting performance and use cases.
- 2.1.b Virtual machine: Discusses the creation and management of VMs, which simulate physical hardware and run separate operating systems.
- 2.1.c Virtual switching: Covers virtual switches within hypervisors that connect VMs to physical networks and each other.
2.2 Configure and verify data path virtualization technologies:
- 2.2.a VRF (Virtual Routing and Forwarding): Details on using VRFs to segment network paths without using multiple devices, increasing security and traffic management capabilities.
- 2.2.b GRE and IPsec tunneling: Explains how GRE tunnels encapsulate a variety of network layer protocols to pass through incompatible infrastructures, while IPsec provides secure encrypted tunnels over untrusted networks.
2.3 Describe network virtualization concepts:
- 2.3.a LISP (Locator/ID Separation Protocol): Outlines how LISP separates IP addresses into endpoint identifiers and routing locators to improve scalability and mobility.
- 2.3.b VXLAN (Virtual Extensible LAN): Discusses how VXLAN addresses VLAN scalability issues by providing a solution to extend Layer 2 segments over Layer 3 networks.
3.0 Infrastructure (30%)
Infrastructure is the largest component of the exam, emphasizing hands-on skills and theoretical knowledge across Layer 2 and Layer 3 technologies. This includes troubleshooting and configuring 802.1q trunking, EtherChannels, and Spanning Tree Protocols. Layer 3 competencies focus on comparing and configuring routing protocols such as EIGRP and OSPF, along with BGP for external routing. The wireless section assesses understanding of RF principles, AP modes, the AP discovery and join process, and WLAN configuration and troubleshooting. Also, candidates must handle IP services like NTP, NAT/PAT, multicast protocols, and first hop redundancy protocols.
3.1 Layer 2
- 3.1.a Troubleshoot static and dynamic 802.1q trunking protocols: Focuses on resolving issues related to VLAN tagging used in trunk links between switches.
- 3.1.b Troubleshoot static and dynamic EtherChannels: Deals with issues in link aggregation that increase throughput and provide redundancy.
- 3.1.c Configure and verify common Spanning Tree Protocols (RSTP, MST) and enhancements like root guard and BPDU guard: Ensures loop prevention and network stability in bridged environments.
3.2 Layer 3
- 3.2.a Compare routing concepts of EIGRP and OSPF: Discusses the differences between advanced distance vector (EIGRP) and link-state (OSPF) routing protocols, including their path selection logic, load balancing capabilities, and scalability.
- 3.2.b Configure simple OSPF environments: Covers the setup of OSPF including area types and path summarization techniques.
- 3.2.c Configure and verify eBGP: Involves setting up external BGP for inter-domain routing, focusing on path selection and neighbor relationships.
- 3.2.d Describe policy-based routing: Explains how to use routing policies to override the standard routing process based on the specifics of the traffic.
3.3 Wireless
- 3.3.a Layer 1 concepts: Includes RF power, signal-to-noise ratio, and interference management.
- 3.3.b AP modes and antenna types: Discusses different access point operational modes and the roles of various antenna designs in signal propagation and coverage.
- 3.3.c AP discovery and join process: Details the methods APs use to locate and associate with controllers.
- 3.3.d Layer 2 and Layer 3 roaming: Explores how wireless devices maintain connectivity when moving across different network segments.
- 3.3.e Troubleshoot WLAN configuration using GUI: Focuses on practical skills in resolving wireless network issues using graphical interfaces.
- 3.3.f Wireless segmentation with groups, profiles, and tags: Discusses the use of wireless network segmentation techniques to enhance security and manage traffic.
3.4 IP Services
- 3.4.a NTP and PTP configurations: Discusses the importance of time synchronization across network devices for logging and troubleshooting.
- 3.4.b Configure NAT/PAT: Details the translation of private IP addresses to public for internet connectivity and conservation of IP addresses.
- 3.4.c First hop redundancy protocols: Covers protocols like HSRP and VRRP that provide seamless network connectivity in the event of gateway failures.
- 3.4.d Multicast protocols: Explains multicast routing concepts and protocols like PIM and IGMP to efficiently manage group communications.
4.0 Network Assurance (10%)
Network assurance involves using tools and protocols to monitor, diagnose, and maintain the health of a network. This includes mastering diagnostic commands and configurations for tools like debugs, traceroute, ping, SNMP, and syslog. The use of NetFlow, SPAN/RSPAN/ERSPAN, and IPSLA are covered for monitoring traffic flows and network performance. This domain also explores network configuration and management workflows using Cisco DNA Center, along with the configuration of NETCONF and RESTCONF for network automation and programmability.
- 4.1 Diagnose network problems: Utilizes tools such as debugs, traceroute, ping, SNMP, and syslog to identify and solve network issues.
- 4.2 Configure and verify Flexible NetFlow: Sets up NetFlow to capture and analyze network traffic patterns to enhance operational awareness and troubleshooting.
- 4.3 Configure SPAN/RSPAN/ERSPAN: Discusses the configuration of port mirroring to facilitate traffic analysis.
- 4.4 Configure and verify IPSLA: Outlines how to use IP SLA to generate traffic for measuring network performance.
- 4.5 Cisco DNA Center workflows: Explains how to use Cisco DNA Center for network management, monitoring, and automation.
- 4.6 Configure and verify NETCONF and RESTCONF: Details the use of these protocols for network configuration and management.
5.0 Security (20%)
Security is critical in safeguarding network resources and data. This domain requires candidates to configure and verify network access controls, including device authentication, authorization, and accounting (AAA) setups. Infrastructure security features such as ACLs, Control Plane Policing (CoPP), and various wireless security protocols (802.1X, WebAuth, PSK, and EAPOL) are examined. Additionally, the design aspects of network security including threat defense, endpoint security, and advanced security technologies like next-generation firewalls, TrustSec, MACsec, and network access control are integral.
- 5.1 Device access control: Involves configuring device-level security features including user authentication methods.
- 5.2 Infrastructure security features: Configures and verifies ACLs and CoPP to protect against unauthorized access and DoS attacks.
- 5.3 REST API security: Discusses security considerations for using REST APIs in network configurations.
- 5.4 Wireless security features: Covers the setup of 802.1X, WebAuth, PSK, and EAPOL to secure wireless connections.
- 5.5 Network security design components: Examines comprehensive security strategies involving threat defense, endpoint security, and advanced technologies like next-generation firewalls and TrustSec.
6.0 Automation (15%)
As networks grow in complexity, automation becomes essential in managing network configurations, compliance, and operational efficiency. This domain explores basic Python scripting, JSON data structures, and the use of YANG data models for network modeling. It also covers APIs for network management platforms such as Cisco DNA Center and vManage, along with interpreting REST API response codes. Finally, understanding the differences between agent-based and agentless orchestration tools (Chef, Puppet, Ansible, SaltStack) is essential for implementing network automation at scale.
- 6.1 Basic Python: Introduces Python scripting for automating network tasks.
- 6.2 JSON-encoded files: Teaches how to construct JSON files for data interchange in automation scripts.
- 6.3 YANG data modeling: Discusses the benefits of using YANG for structured network data modeling.
- 6.4 APIs for Cisco DNA Center and vManage: Describes the use of APIs to integrate and automate network management solutions.
- 6.5 REST API responses: Teaches how to interpret API response codes and payloads for troubleshooting and configuration.
- 6.6 EEM applets: Outlines the creation of EEM applets for task automation and management.
- 6.7 Orchestration tools comparison (Chef, Puppet, Ansible, SaltStack): Evaluates different orchestration tools for their effectiveness in automating large-scale network environments.
Responses