Cisco CCNP Topics - Cisco Certified Network Professional

This post lists current CCNP (Cisco Certified Network Professional) exam topics – predominantly, CCNP Enterprise exam topics in the core exam ENCOR 350-401 (Implementing Cisco Enterprise Network Core Technologies) and concentration exam ENARSI 300-410 (Implementing Cisco Enterprise Advanced Routing and Services). This post helps me keep track of my progress in learning new topics and technologies at the professional and expert levels within the noted Cisco networking specializations and certifications.

While the CCNA validates networking skills/knowledge that aligns with what a networking professional would have learned in their first year on the job, the CCNP validates a level of skills/knowledge that aligns with what a networking professional would have learned in three to five years of experience implementing enterprise network solutions.

The Cisco Certified Network Professional (CCNP) Enterprise certification prepares you to configure, troubleshoot, and manage the networks of the largest companies in the world.
Cisco.com

To earn the CCNP Enterprise credential, you must pass the 350-401 core exam (which is also the written exam for the CCIE Infrastructure and the CCIE Enterprise Wireless certifications) and an enterprise concentration exam. You must choose one enterprise concentration exam from among eight electives: 300-410 ENARSI (Implementing Cisco Enterprise Advanced Routing and Services), 300-415 ENSDWI (Implementing Cisco SD-WAN Solutions), 300-420 ENSLD (Designing Cisco Enterprise Networks), 300-425 ENWLSD (Designing Cisco Enterprise Wireless Networks), 300-430 ENWLSI (Implementing Cisco Enterprise Wireless Networks), 300-435 ENAUTO (Automating Cisco Enterprise Solutions), 300-440 ENCC (Designing and Implementing Cloud Connectivity), and 300-445 ENNA (Designing and Implementing Enterprise Network Assurance).

You can take the exams in any order (e.g., the concentration first and then the core). After passing the first exam, you have three years to pass the second exam to get the CCNP credential. Passing an exam at the professional level (e.g., ENCOR 350-401 or ENARSI 300-410) earns you a Specialist certification.

You may also be interested in CCNA 200-301 study notes.

CCNP Enterprise Network Core Technologies (ENCOR 350-401)

15% 1.0 Architecture
1.1 Explain the different design principles used in an enterprise network
1.1.a High-level enterprise network design such as 2-tier, 3-tier, fabric, and cloud
1.1.b High availability techniques such as redundancy, FHRP, and SSO

1.2 Describe wireless network design principles
1.2.a Wireless deployment models (centralized, distributed, controller-less, controller-based, cloud, remote branch)
1.2.b Location services in a WLAN design
1.2.c Client density

1.3 Explain the working principles of the Cisco SD-WAN solution
1.3.a SD-WAN control and data planes elements
1.3.b Benefits and limitations of SD-WAN solutions

1.4 Explain the working principles of the Cisco SD-Access solution
1.4.a SD-Access control and data planes elements
1.4.b Traditional campus interoperating with SD-Access

1.5 Interpret wired and wireless QoS configurations
1.5.a QoS components
1.5.b QoS policy

1.6 Describe hardware and software switching mechanisms such as CEF, CAM, TCAM, FIB, RIB, and adjacency tables

10% 2.0 Virtualization
2.1 Describe device virtualization technologies
2.1.a Hypervisor type 1 and 2
2.1.b Virtual machine
2.1.c Virtual switching

2.2 Configure and verify data path virtualization technologies
2.2.a VRF
2.2.b GRE and IPsec tunneling

2.3 Describe network virtualization concepts
2.3.a LISP
2.3.b VXLAN

30% 3.0 Infrastructure
3.1 Layer 2
3.1.a Troubleshoot static and dynamic 802.1q trunking protocols
3.1.b Troubleshoot static and dynamic EtherChannels
3.1.c Configure and verify common Spanning Tree Protocols (RSTP, MST) and Spanning Tree enhancements such as root guard and BPDU guard

3.2 Layer 3
3.2.a Compare routing concepts of EIGRP and OSPF (advanced distance vector vs. link state, load balancing, path selection, path operations, metrics, and area types)
3.2.b Configure simple OSPFv2/v3 environments, including multiple normal areas, summarization, and filtering (neighbor adjacency, point-to-point, and broadcast network types, and passive-interface)
3.2.c Configure and verify eBGP between directly connected neighbors (best path selection algorithm and neighbor relationships)
3.2.d Describe policy-based routing

3.3 Wireless
3.3.a Describe Layer 1 concepts, such as RF power, RSSI, SNR, interference, noise, bands, channels, and wireless client devices capabilities
3.3.b Describe AP modes and antenna types
3.3.c Describe access point discovery and join process (discovery algorithms, WLC selection process)
3.3.d Describe the main principles and use cases for Layer 2 and Layer 3 roaming
3.3.e Troubleshoot WLAN configuration and wireless client connectivity issues using GUI only
3.3.f Describe wireless segmentation with groups, profiles, and tags

3.4 IP Services
3.4.a Interpret network time protocol configurations such as NTP and PTP
3.4.b Configure NAT/PAT
3.4.c Configure first hop redundancy protocols, such as HSRP, VRRP
3.4.d Describe multicast protocols, such as RPF check, PIM and IGMP v2/v3

10% 4.0 Network Assurance
4.1 Diagnose network problems using tools such as debugs, conditional debugs, traceroute, ping, SNMP, and syslog
4.2 Configure and verify Flexible NetFlow
4.3 Configure SPAN/RSPAN/ERSPAN
4.4 Configure and verify IPSLA
4.5 Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management
4.6 Configure and verify NETCONF and RESTCONF

20% 5.0 Security
5.1 Configure and verify device access control
5.1.a Lines and local user authentication
5.1.b Authentication and authorization using AAA

5.2 Configure and verify infrastructure security features
5.2.a ACLs
5.2.b CoPP

5.3 Describe REST API security

5.4 Configure and verify wireless security features
5.4.a 802.1X
5.4.b WebAuth
5.4.c PSK
5.4.d EAPOL (4-way handshake)

5.5 Describe the components of network security design
5.5.a Threat defense
5.5.b Endpoint security
5.5.c Next-generation firewall
5.5.d TrustSec and MACsec
5.5.e Network access control with 802.1X, MAB, and WebAuth

15% 6.0 Automation
6.1 Interpret basic Python components and scripts
6.2 Construct valid JSON-encoded files
6.3 Describe the high-level principles and benefits of a data modeling language, such as YANG
6.4 Describe APIs for Cisco DNA Center and vManage
6.5 Interpret REST API response codes and results in payload using Cisco DNA Center and RESTCONF
6.6 Construct an EEM applet to automate configuration, troubleshooting, or data collection
6.7 Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible, and SaltStack

CCNP Enterprise Advanced Routing and Services (ENARSI 300-410)

35% 1.0 Layer 3 Technologies
1.1 Troubleshoot administrative distance (all routing protocols)
1.2 Troubleshoot route map for any routing protocol (attributes, tagging, filtering)
1.3 Troubleshoot loop prevention mechanisms (filtering, tagging, split horizon, route poisoning)
1.4 Troubleshoot redistribution between any routing protocols or routing sources
1.5 Troubleshoot manual and auto-summarization with any routing protocol
1.6 Configure and verify policy-based routing
1.7 Configure and verify VRF-Lite
1.8 Describe Bidirectional Forwarding Detection

1.9 Troubleshoot EIGRP (classic and named mode; VRF and global)
1.9.a Address families (IPv4, IPv6)
1.9.b Neighbor relationship and authentication
1.9.c Loop-free path selections (RD, FD, FC, successor, feasible successor, stuck in active)
1.9.d Stubs
1.9.e Load balancing (equal and unequal cost)
1.9.f Metrics

1.10 Troubleshoot OSPF (v2/v3)
1.10.a Address families (IPv4, IPv6)
1.10.b Neighbor relationship and authentication
1.10.c Network types, area types, and router types
1.10.c.i Point-to-point, multipoint, broadcast, nonbroadcast
1.10.c.ii Area type: backbone, normal, transit, stub, NSSA, totally stub
1.10.c.iii Internal router, backbone router, ABR, ASBR
1.10.c.iv Virtual link
1.10.d Path preference

1.11 Troubleshoot BGP (Internal and External, unicast, and VRF-Lite)
1.11.a Address families (IPv4, IPv6)
1.11.b Neighbor relationship and authentication (next-hop, mulithop, 4-byte AS, private AS, route refresh, synchronization, operation, peer group, states and timers)
1.11.c Path preference (attributes and best-path)
1.11.d Route reflector (excluding multiple route reflectors, confederations, dynamic peer)
1.11.e Policies (inbound/outbound filtering, path manipulation)

20% 2.0 VPN Technologies
2.1 Describe MPLS operations (LSR, LDP, label switching, LSP)
2.2 Describe MPLS Layer 3 VPN

2.3 Configure and verify DMVPN (single hub)
2.3.a GRE/mGRE
2.3.b NHRP
2.3.c IPsec
2.3.d Dynamic neighbor
2.3.e Spoke-to-spoke

20% 3.0 Infrastructure Security
3.1 Troubleshoot device security using IOS AAA (TACACS+, RADIUS, local database)
3.2 Troubleshoot router security features
3.2.a IPv4 access control lists (standard, extended, time-based)
3.2.b IPv6 traffic filter
3.2.c Unicast reverse path forwarding (uRPF)
3.3 Troubleshoot control plane policing (CoPP) (Telnet, SSH, HTTP(S), SNMP, EIGRP, OSPF, BGP)
3.4 Describe IPv6 First Hop security features (RA guard, DHCP guard, binding table, ND inspection/snooping, source guard)

25% 4.0 Infrastructure Services
4.1 Troubleshoot device management
4.1.a Console and VTY
4.1.b Telnet, HTTP, HTTPS, SSH, SCP
4.1.c (T)FTP
4.2 Troubleshoot SNMP (v2c, v3)
4.3 Troubleshoot network problems using logging (local, syslog, debugs, conditional debugs, timestamps)
4.4 Troubleshoot IPv4 and IPv6 DHCP (DHCP client, IOS DHCP server, DHCP relay, DHCP options)
4.5 Troubleshoot network performance issues using IP SLA (jitter, tracking objects, delay, connectivity)
4.6 Troubleshoot NetFlow (v5, v9, flexible NetFlow)
4.7 Troubleshoot network problems using Cisco DNA Center assurance (connectivity, monitoring, device health, network health)

CCNP Enterprise Network Core Technologies (ENCOR 350-401)

CCNP Enterprise Advanced Routing and Services (ENARSI 300-410)

Related content

Related Posts