CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)

Name: CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)
Brand: Academic Documents Platform
Price: 16.99 USD
Availability: InStock
Author: Sebastian Lopez

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) helps you master complex topics with simplified explanations.

Sebastian Lopez

Contributor

4.5

130

7 months ago

Preview (31 of 798)

Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CCNP®
and CCIE®
Enterprise Core
ENCOR 350-401
Special Offers
ENHANCE YOUR EXAM PREPARATION
Save 70% on Complete Video Course
The CCNP and CCIE Enterprise Core ENCOR 350-401 Complete Video Course,
Complete Video Course, available for both streaming and download, provides
you with hours of expert-level instruction mapped directly to exam objectives.
Put your knowledge to the test with full practice exams powered by the Pearson
Test Prep practice test software, module quizzes, and more.
Save 80% on Premium Edition eBook and
Practice Test
The CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram Premium
Edition eBook and Practice Test provides three eBook files (PDF, EPUB, and
MOBI/Kindle) to read on your preferred device and an enhanced edition of the
Pearson Test Prep practice test software. You will also receive two additional
practice exams with links for every question mapped to the PDF eBook.
Pearson Test Prep online system requirements:
Browsers: Browsers: Chrome version 73 and above, Safari version 12 and above, Microsoft
Edge 44 and above.
Devices: Desktop and laptop computers, tablets running Android v8.0 and above or iPadOS
v13 and above, smartphones running Android v8.0 and above or iOS v13 and above with a
minimum screen size of 4.7". Internet access required.
Pearson Test Prep offline system requirements:
Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor
(or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam;
access to the Internet to register and download exam databases
See card insert in the back of the book
for your Pearson Test Prep activation code and special offers. >>Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
Copyright © 2022 by Pearson Education, Inc.
All rights reserved. This publication is protected by copyright, and permis-
sion must be obtained from the publisher prior to any prohibited reproduc-
tion, storage in a retrieval system, or transmission in any form or by any
means, electronic, mechanical, photocopying, recording, or likewise. For
information regarding permissions, request forms, and the appropriate
contacts within the Pearson Education Global Rights & Permissions
Department, please visit www.pearson.com/permissions.
No patent liability is assumed with respect to the use of the information con-
tained herein. Although every precaution has been taken in the preparation
of this book, the publisher and author assume no responsibility for errors or
omissions. Nor is any liability assumed for damages resulting from the use of
the information contained herein.
ISBN-13: 978-0-13-689193-2
ISBN-10: 0-13-689193-4
Library of Congress Control Number: 2021924388
ScoutAutomatedPrintCode
Trademarks
All terms mentioned in this book that are known to be trademarks or service
marks have been appropriately capitalized. Pearson IT Certification cannot
attest to the accuracy of this information. Use of a term in this book should
not be regarded as affecting the validity of any trademark or service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied. The information provided
is on an “as is” basis. The author and the publisher shall have neither liability
nor responsibility to any person or entity with respect to any loss or dam-
ages arising from the information contained in this book.
Special Sales
For information about buying this title in bulk quantities, or for special sales
opportunities (which may include electronic versions; custom cover designs;
and content particular to your business, training goals, marketing focus,
or branding interests), please contact our corporate sales department at
corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.
Editor-in-Chief
Mark Taub
Director,
ITP Product
Management
Brett Bartow
Executive
Acquisitions
Editor
James Manly
Development
Editor
Ellie Bru
Managing Editor
Sandra Schroeder
Project Editor
Mandie Frank
Copy Editor
Kitty Wilson
Indexer
Erika Millen
Proofreader
Gill Editorial
Services
Technical Editor
Raymond Lacoste
Publishing
Coordinator
Cindy Teeters
Designer
Chuti Prasertsith
Compositor
codeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Pearson’s Commitment to Diversity, Equity,
and Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity of
all learners. We embrace the many dimensions of diversity, including but not
limited to race, ethnicity, gender, socioeconomic status, ability, age, sexual ori-
entation, and religious or political beliefs.
Education is a powerful force for equity and change in our world. It has the
potential to deliver opportunities that improve lives and enable economic
mobility. As we work with authors to create content for every product and ser-
vice, we acknowledge our responsibility to demonstrate inclusivity and incor-
porate diverse scholarship so that everyone can achieve their potential through
learning. As the world’s leading learning company, we have a duty to help drive
change and live up to our purpose to help more people create a better life for
themselves and to create a better world.
Our ambition is to purposefully contribute to a world where
▶ Everyone has an equitable and lifelong opportunity to succeed through
learning
▶ Our educational products and services are inclusive and represent the rich
diversity of learners
▶ Our educational content accurately reflects the histories and experiences
of the learners we serve
▶ Our educational content prompts deeper discussions with learners and
motivates them to expand their own learning (and worldview)
While we work hard to present unbiased content, we want to hear from you
about any concerns or needs with this Pearson product so that we can
investigate and address them.
Please contact us with concerns about any potential bias at
https://www.pearson.com/report-bias.html.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 6...

Figure Credit
Figure 5-1; Figure 5-2 Courtesy of Cisco Systems, Inc.
Figure 5-3; Figure 5-4
Figure 5-5
Figure 5-6 Screenshot of Monitor Section for a Cisco
WLC © Cisco Systems, Inc
Figure 5-7 Courtesy of Cisco Systems, Inc.
Figure 9-1; Figure 9-2; Courtesy of Cisco Systems, Inc.
Figure 9-3; Figure 9-4;
Figure 9-5; Figure 9-6;
Figure 9-7; Figure 9-8;
Figure 9-9; Figure 9-10;
Figure 9-11; Figure 9-12;
Figure 9-13
Figure 15-2; Figure 15-3; Courtesy of Cisco Systems, Inc.
Figure 15-4
Figure 20-6 Courtesy of Cisco Systems, Inc.
Figure 22-3 Screenshot of The Cisco vManage Main
Dashboard © Cisco Systems, Inc
Figure 23-1 Screenshot of Cisco DNA Center © Cisco
Systems, Inc
Figure 24-2 Screenshot of Cisco WLC QoS profiles
© Cisco Systems, Inc
Figure 26-2; Figure 26-3 © 2022 VMware, Inc
Figure 26-5a; Figure 26-5b Courtesy of Cisco Systems, Inc.
Figure 26-5c
Figure 31-2; Figure 31-3; Courtesy of Cisco Systems, Inc.
Figure 31-4Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 7...

Contents at a Glance
Introduction xxiii
Part I: Infrastructure
CHAPTER 1 Understanding Layer 2 1
CHAPTER 2 Understanding Layer 3: IGPs 59
CHAPTER 3 Understanding Layer 3: BGP 103
CHAPTER 4 IP Services 123
CHAPTER 5 Enterprise Wireless 167
Part II: Security
CHAPTER 6 Device Access Control 193
CHAPTER 7 Infrastructure Security 219
CHAPTER 8 Securing REST APIs 239
CHAPTER 9 Wireless Security 247
CHAPTER 10 Network Security Design 265
CHAPTER 11 Network Access Control 287
Part III: Automation
CHAPTER 12 Anatomy of Python 299
CHAPTER 13 Building JSON Files 315
CHAPTER 14 YANG Data Modeling 325
CHAPTER 15 DNA Center and vManage APIs 333
CHAPTER 16 Interpreting REST API Codes 345
CHAPTER 17 EEM Applets 351
CHAPTER 18 Configuration Management and Orchestration 363
Part IV: Architecture
CHAPTER 19 Enterprise Network Design Principles 379
CHAPTER 20 Wireless LAN Deployments 409
CHAPTER 21 On-Premises vs. Cloud Infrastructure 433
CHAPTER 22 SD-WAN 451Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 8...

viCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
CHAPTER 23 SD-Access 467
CHAPTER 24 QoS 487
CHAPTER 25 Switching 505
Part V: Virtualization
CHAPTER 26 Basic Virtualization 525
CHAPTER 27 VRF Instances, GRE, and IPsec 545
CHAPTER 28 Extending the Network Virtually 573
Part VI: Network Assurance
CHAPTER 29 Troubleshooting 587
CHAPTER 30 Monitoring 613
CHAPTER 31 IP SLA and DNA Center 641
CHAPTER 32 NETCONF and RESTCONF 661
Glossary 673
Index 695Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 9...

Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Part I: Infrastructure
CHAPTER 1
Understanding Layer 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
VLANs Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
VLAN Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
802.1Q Trunking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Dynamic Trunking Protocol (DTP) . . . . . . . . . . . . . . . . . . . . . . 9
VLAN Trunking Protocol (VTP) . . . . . . . . . . . . . . . . . . . . . . . 11
Inter-VLAN Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Spanning Tree Protocol Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Root Bridge, Root Port, and Designated Port Elections. . . . . . . . 20
Rapid Spanning Tree Protocol (RSTP) . . . . . . . . . . . . . . . . . . . 25
Spanning Tree Protocol Tuning and Protection Mechanisms . . . . 28
Switch Priorities Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Multiple Spanning Tree Protocol (MST) . . . . . . . . . . . . . . . . . . 40
EtherChannels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 58
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
CHAPTER 2
Understanding Layer 3: IGPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
IP Routing Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Routing Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Path Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Enhanced Interior Gateway Routing Protocol (EIGRP) . . . . . . . . . . . 68
Neighbor Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Topology Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
EIGRP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
EIGRP Named Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Route Summarization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 10...

viiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
Open Shortest Path First (OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
OSPF Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
OSPF Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
OSPF Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Neighbors and Adjacencies . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
OSPF Packet Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Basic OSPF Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Router ID (RID) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Passive Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Default Route Advertisements . . . . . . . . . . . . . . . . . . . . . . . . . 91
OSPF Optimizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Link-State Advertisements (LSAs) . . . . . . . . . . . . . . . . . . . . . . 92
OSPF Path Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Route Summarization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 101
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
CHAPTER 3
Understanding Layer 3: BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
BGP Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
BGP Configuration and Verification . . . . . . . . . . . . . . . . . . . . . . . . . 112
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 120
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
CHAPTER 4
IP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Network Time Protocol (NTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . 134
Static NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Dynamic NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Port Address Translation (PAT) . . . . . . . . . . . . . . . . . . . . . . . . 138
First-Hop Redundancy Protocols (FHRPs) . . . . . . . . . . . . . . . . . . . . 143
Virtual Router Redundancy Protocol (VRRP) . . . . . . . . . . . . . . 147
Gateway Load Balancing Protocol (GLBP) . . . . . . . . . . . . . . . . 150
Object Tracking with FHRPs . . . . . . . . . . . . . . . . . . . . . . . . . . 154Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 11...

Contentsix
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Multicast Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Multicast Group Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Internet Group Management Protocol (IGMP) . . . . . . . . . . . . . 157
Protocol Independent Multicast (PIM) . . . . . . . . . . . . . . . . . . . 161
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 165
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
CHAPTER 5
Enterprise Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Wireless Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Radio Frequency (RF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Free Space Path Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Received Signal Strength Indicator (RSSI) . . . . . . . . . . . . . . . . . 171
Signal-to-Noise Ratio (SNR) . . . . . . . . . . . . . . . . . . . . . . . . . . 171
IEEE Wireless Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Multiple Radios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
WLC and AP Operation and Pairing . . . . . . . . . . . . . . . . . . . . . . . . 176
AP and WLC Interaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Wireless Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Troubleshooting WLAN Configuration and Client
Connectivity Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 192
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Part II: Security
CHAPTER 6
Device Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Cisco IOS CLI Session Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Protection of Access to Cisco IOS EXEC Modes . . . . . . . . . . . . 197
Secured Access with SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Privilege Levels and Role-Based Access Control (RBAC) . . . . . . . 206
Authentication, Authorization, and Accounting (AAA) Overview . . . . . . 210
TACACS+ Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
RADIUS Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
AAA Configuration for Network Devices . . . . . . . . . . . . . . . . . 212Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 12...

xCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 217
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
CHAPTER 7
Infrastructure Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Access Control Lists (ACLs) Overview . . . . . . . . . . . . . . . . . . . . . . . 220
Types of ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Port ACLs (PACLs) and VLAN ACLs (VACLs) . . . . . . . . . . . . . 229
Control Plane Policing (CoPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 236
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
CHAPTER 8
Securing REST APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
REST API Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 245
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
CHAPTER 9
Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Wireless Authentication Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Open Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Pre-Shared Key (PSK) Authentication. . . . . . . . . . . . . . . . . . . . 251
Extensible Authentication Protocol (EAP) Authentication . . . . . . 254
WebAuth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 262
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
CHAPTER 10
Network Security Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Threat Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Network Security Components . . . . . . . . . . . . . . . . . . . . . . . . 270Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 13...

Contentsxi
TrustSec, MACsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
TrustSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
MACsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 284
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
CHAPTER 11
Network Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Cisco Identity Services Engine (ISE) . . . . . . . . . . . . . . . . . . . . . . . . . 288
Network Access Control (NAC) . . . . . . . . . . . . . . . . . . . . . . . . 290
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 296
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Part III: Automation
CHAPTER 12
Anatomy of Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Interpreting Python Components and Scripts . . . . . . . . . . . . . . . . . . . 300
Python Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Python Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Setting Up Guest Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Using Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Python Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Parsing Python Output to JSON . . . . . . . . . . . . . . . . . . . . . . . 310
Exception Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 313
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
CHAPTER 13
Building JSON Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Data Formats (XML and JSON). . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Extensible Markup Language (XML) . . . . . . . . . . . . . . . . . . . . 317
JavaScript Object Notation (JSON) . . . . . . . . . . . . . . . . . . . . . 319
XML and JSON Comparison . . . . . . . . . . . . . . . . . . . . . . . . . 321Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 14...

xiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 323
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
CHAPTER 14
YANG Data Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
YANG Data Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Different YANG Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 332
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
CHAPTER 15
DNA Center and vManage APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
APIs for Cisco DNA Center and vManage . . . . . . . . . . . . . . . . . . . . . 334
DNA Center API Integrations . . . . . . . . . . . . . . . . . . . . . . . . . 334
vManage API Integrations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 344
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344
CHAPTER 16
Interpreting REST API Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Interpreting REST API Response Codes . . . . . . . . . . . . . . . . . . . . . . 346
HTTP Status Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 349
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
CHAPTER 17
EEM Applets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Embedded Event Manager (EEM) . . . . . . . . . . . . . . . . . . . . . . . . . . 352
EEM Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
EEM Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 362Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 15...

Contentsxiii
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
CHAPTER 18
Configuration Management and Orchestration . . . . . . . . . . . . . . . . . . . . 363
Agent-Based Orchestration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Puppet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Chef . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
SaltStack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
Agentless Orchestration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Ansible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Bolt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Configuration Management and Orchestration
Tools Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 378
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Part IV: Architecture
CHAPTER 19
Enterprise Network Design Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Hierarchical LAN Design Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Access Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Distribution Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Core Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Enterprise Network Architecture Options . . . . . . . . . . . . . . . . . 383
First-Hop Redundancy Protocols (FHRPs) . . . . . . . . . . . . . . . . . . . . 392
Host Standby Router Protocol (HSRP) . . . . . . . . . . . . . . . . . . . 392
Virtual Router Redundancy Protocol (VRRP) . . . . . . . . . . . . . . 396
Gateway Load Balancing Protocol (GLBP) . . . . . . . . . . . . . . . . 397
Hardware Redundancy Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . 400
Stateful Switchover (SSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
Nonstop Forwarding (NSF) . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 408
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 16...

xivCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
CHAPTER 20
Wireless LAN Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Wireless Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
Autonomous Wireless Deployments . . . . . . . . . . . . . . . . . . . . . 411
Centralized Wireless Deployments . . . . . . . . . . . . . . . . . . . . . . 412
Cisco FlexConnect Wireless Deployments . . . . . . . . . . . . . . . . . 415
Cloud-Based Wireless Deployments . . . . . . . . . . . . . . . . . . . . . 418
Embedded Wireless Deployments . . . . . . . . . . . . . . . . . . . . . . 422
Wireless Location Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 431
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 21
On-Premises vs. Cloud Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Cloud Infrastructure Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Cloud Services Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Infrastructure as a Service (IaaS) . . . . . . . . . . . . . . . . . . . . . . . . 438
Platform as a Service (PaaS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
Software as a Service (SaaS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Anything as a Service (XaaS) . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Cloud Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
On-Premises or Cloud Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . 447
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 449
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
CHAPTER 22
SD-WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
SD-WAN Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
The Need for SD-WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Secure Automated WAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Application Performance Optimization . . . . . . . . . . . . . . . . . . . 455
Secure Direct Internet Access (DIA) . . . . . . . . . . . . . . . . . . . . . 456
Multicloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
SD-WAN Architecture Components . . . . . . . . . . . . . . . . . . . . . . . . . 459
vSmart Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
WAN Edge Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 17...

Contentsxv
vBond Orchestrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
vManage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
SD-WAN Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 465
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
CHAPTER 23
SD-Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
SD-Access Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
SD-Access Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
SD-Access Operational Planes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
SD-Access Fabric Roles and Components . . . . . . . . . . . . . . . . . . . . . 477
Control Plane Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Edge Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Intermediate Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Border Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Fabric Wireless LAN Controllers (WLCs) . . . . . . . . . . . . . . . . 481
Fabric-Mode Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
SD-Access Embedded Wireless . . . . . . . . . . . . . . . . . . . . . . . . 481
Fabric in a Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Shared Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 484
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
CHAPTER 24
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
The Need for QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Packet Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490
Jitter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
Lack of Bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
QoS Models and Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Classification and Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
DSCPs and Per-Hop Behaviors (PHBs) . . . . . . . . . . . . . . . . . . 497
Policing and Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 18...

xviCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
Congestion Management and Congestion Avoidance . . . . . . . . . . . . . . 499
Congestion Management (Queuing) . . . . . . . . . . . . . . . . . . . . . 499
Congestion Avoidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Wireless QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 503
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
CHAPTER 25
Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
Traffic Forwarding Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Forwarding Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Process Switching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Fast Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Cisco Express Forwarding (CEF) . . . . . . . . . . . . . . . . . . . . . . . 512
Tables Used in Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 522
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
Part V: Virtualization
CHAPTER 26
Basic Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Virtualization Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Hypervisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Virtual Machines (VMs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Virtual Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
Network Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Cisco Enterprise Network Function Virtualization (NFV) . . . . . . 537
Cisco Enterprise NFV Architecture . . . . . . . . . . . . . . . . . . . . . 538
VNFs Supported in Cisco Enterprise NFV . . . . . . . . . . . . . . . . 539
Cisco NFV Hardware Options . . . . . . . . . . . . . . . . . . . . . . . . . 539
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 543
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 19...

Contentsxvii
CHAPTER 27
VRF Instances, GRE, and IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Virtual Routing and Forwarding (VRF) . . . . . . . . . . . . . . . . . . . . . . . 546
VRF-Lite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
Generic Routing Encapsulation (GRE) . . . . . . . . . . . . . . . . . . . . . . . 552
IPsec VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
Site-to-Site VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
Dynamic Multipoint VPN (DMVPN). . . . . . . . . . . . . . . . . . . . 559
Cisco IOS Virtual Tunnel Interfaces (VTIs) . . . . . . . . . . . . . . . . 560
Cisco IOS FlexVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
IP Security (IPsec) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
GRE Tunneling over IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 570
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
CHAPTER 28
Extending the Network Virtually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573
Locator ID/Separation Protocol (LISP) . . . . . . . . . . . . . . . . . . . . . . . 574
LISP Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Virtual Extensible LAN (VXLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . 580
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 585
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Part VI: Network Assurance
CHAPTER 29
Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587
Troubleshooting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588
Using debug to Analyze Traffic . . . . . . . . . . . . . . . . . . . . . . . . 589
Troubleshooting with traceroute . . . . . . . . . . . . . . . . . . . . . . . 593
Troubleshooting with ping . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
Simple Network Management Protocol (SNMP) . . . . . . . . . . . . . . . . 604
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 610
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 20...

xviiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
CHAPTER 30
Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
NetFlow and Flexible NetFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620
Switch Port Analyzer (SPAN), Remote SPAN (RSPAN),
and Encapsulated Remote SPAN (ERSPAN) . . . . . . . . . . . . . . . . . . 632
Remote SPAN (RSPAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 634
Encapsulated Remote SPAN (ERSPAN) . . . . . . . . . . . . . . . . . . 635
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 640
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
CHAPTER 31
IP SLA and DNA Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
IP SLA Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
Cisco DNA Center Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 660
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
CHAPTER 32
NETCONF and RESTCONF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
NETCONF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 662
RESTCONF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668
Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
Answers to Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . 671
Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
What’s Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 695Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 21...

About the Author
Donald Bacha is a systems engineer with a health research organization.
He’s the technical lead responsible for the design and implementation of
networking, compute, virtualization, storage, and disaster recovery systems.
Over the past 18 years, Donald has supported cloud services provider, enter-
prise, and data center environments by contributing to complex routing and
switching, data center, storage, and virtualization projects in both greenfield
and brownfield deployments. His certifications include CCNP Enterprise,
CCNP Data Center, and VCAP-DCV. He holds a master’s of business
administration. Donald can be found at www.allthingsvirtual.net and on
Twitter at @donald_bacha.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 22...

Dedication
First, I dedicate this book to our Lord and Savior Jesus Christ (I can do all things
through Christ which strengthens me.—Philippians 4:13). He has blessed me with the
opportunity to learn, write, and share my knowledge. To my father and mother,
thank you for always supporting and encouraging me.
Acknowledgments
A debt of gratitude goes out to executive acquisitions editor James Manly for
giving me the opportunity to author this book and for his guidance. A special
thank you to my development editor, Ellie Bru, who did well working to get
this title out and for making it as strong as it can be. Many thanks go out to
Mandie Frank and Kitty Wilson for ensuring that this book looks good and
reads easily. I would like to thank the entire Pearson team and those who
contributed in one way or another to this project.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 23...

About the Technical Reviewer
Raymond Lacoste has dedicated his career to developing the skills of those
interested in IT. In 2001, he began to mentor hundreds of IT profession-
als pursuing their Cisco certification dreams. This role led to teaching Cisco
courses full time. Raymond is currently master instructor for Cisco Enterprise
Routing and Switching, AWS, and ITIL at StormWind Studios. Raymond
treats all technologies as an escape room, working to uncover every mystery
in the protocols he works with. Along this journey, Raymond has passed more
than 110 exams, and his office wall includes certificates from Microsoft, Cisco,
ISC2, ITIL, AWS, and CompTIA. If you were visualizing Raymond’s office,
you’d probably expect the usual network equipment, certifications, and awards.
Those certainly take up space, but they aren’t his pride and joy. Most impres-
sive, at least to Raymond, is his gemstone and mineral collection; once he
starts talking about it, he just can’t stop. Who doesn’t get excited by a won-
drous barite specimen in a pyrite matrix? Raymond presently resides with his
wife and two children in eastern Canada, where they experience many adven-
tures together.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 24...

We Want to Hear from You!
As the reader of this book, you are our most important critic and commenta-
tor. We value your opinion and want to know what we’re doing right, what we
could do better, what areas you’d like to see us publish in, and any other words
of wisdom you're willing to pass our way.
We welcome your comments. You can email or write to let us know what you
did or didn’t like about this book—as well as what we can do to make our books
better.
Please note that we cannot help you with technical problems related to the topic of
this book.
When you write, please be sure to include this book’s title and author as well
as your name and email address. We will carefully review your comments and
share them with the author and editors who worked on the book.
Email: community@informit.com
Reader Services
Register your copy of CCNP and CCIE Enterprise Core ENCOR 350-401 Exam
Cram at www.pearsonitcertification.com for convenient access to downloads,
updates, and corrections as they become available. To start the registration
process, go to www.pearsonitcertification.com/register and log in or create
an account*. Enter the product ISBN 9780136891932 and click Submit.
When the process is complete, you will find any available bonus content under
Registered Products.
*Be sure to check the box that you would like to hear from us to receive exclu-
sive discounts on future editions of this product.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 25...

Introduction
Welcome to CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram.
This book is a late-stage preparation tool that covers the CCNP/CCIE
ENCOR 350-401 certification exam. It provides the information you need
to quickly and efficiently go over all the topics covered on the CCNP/CCIE
ENCOR 350-401 exam. This Exam Cram provides concise and exam-focused
coverage of all of the CCNP/CCIE ENCOR 350-401 exam domains and
objectives. It allows you to assess your preparedness and helps you to practice
through questions and examples of the exam topics. The information you find
in this Exam Cram will aid you in your success as you build knowledge, gain
experience, and review for the CCNP/CCIE ENCOR 350-401 exam.
About CCNP ENCOR 350-401
Exam Cram
This Exam Cram follows a predefined structure that makes the book easy to
study as it provides the material in a concise manner. It also allows for the
testing of knowledge as you go through each chapter, covering the various
ENCOR domains and objectives. This book includes the following helpful
elements:
▶ Cram Sheet: This foldout tear card that appears inside the front cover
of the book presents important information that you should go over just
before taking the exam. It is the most important “cram” element of the
book and, as such, is presented as concisely as possible.
▶ Chapter Topics: Each chapter begins with a list of the exam objectives
that are covered in the chapter as well as a list of the main topics in the
chapters. The chapter's topics are then covered in a concise manner, with
brief examples and figures where needed.
▶ CramSavers: Each chapter contains a short-answer quiz that allows you
to assess how knowledgeable you are about the topics covered in the
chapter. It helps you figure out if you should skip the entire chapter or
skim the material and skip ahead to the Exam Alerts and CramQuizzes
for particular sections.
▶ Exam Alerts: These notes provide exam-specific information that is
important for you to know before you take the exam. Pay attention
to Exam Alerts because the material they cover is likely to appear on
the exam.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 26...

xxivCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
▶ Cram Quizzes: Each section of a chapter ends with a handful of
multiple-choice questions that test your knowledge of the topics covered
in that section. You will find the answers and explanations following each
quiz.
▶ Review Questions: End-of-chapter review questions help you solidify
what you have learned related to the topics for a particular chapter.
Chances are you have picked up this book in the early stage of your studies.
The Exam Cram series was designed for late-stage study. So, unless you are very
familiar with the technologies covered in the CCNP/CCIE ENCOR 350-401
exam and have considerable experience configuring and troubleshooting Cisco
networks, it is highly recommended that you not use this book as your sole
study resource. This Exam Cram is recommended for use after core knowledge
has been built.
Both Cisco Press and Pearson IT Certification offer a number of CCNP/CCIE
study materials to help you learn the core networking technologies covered
on the CCNP/CCIE ENCOR 350-401 exam. The following highly recom-
mended resources will help you gain core knowledge of the topics covered on
the CCNP/CCIE ENCOR 350-401 exam:
▶ CCNP and CCIE Enterprise Core 350-401 Official Cert Guide by Jason
Gooley, Ramiro Garza Rios, Bradley Edgeworth, and David Hucaby
(ISBN 978-1-58714-523-0): This official cert guide provides in-depth
coverage of the domains and objectives of the CCNP/CCIE ENCOR
350-401 exam.
▶ CCNP and CCIE Enterprise Core & CCNP Advanced Routing
Portable Command Guide by Patrick Gargano and Scott Empson
(ISBN: 978-0-13-576816-7): This book includes lots of configuration
and verification examples to aid you in understanding the IOS commands
you will encounter on the ENCOR and ENARSI exams.
▶ CCNP Enterprise Advanced Routing ENARSI 300-410 Official
Cert Guide by Raymond Lacoste and Brad Edgeworth
(ISBN 978-1587145254): I recommend that you read the routing-
related chapters of this book (the first set of chapters, which covers
EIGRP, OSPF, and BGP) to supplement your Layer 3 core knowledge.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 27...

Introduction
xxv
The coauthor, Raymond Lacoste, is also the technical reviewer of this
Exam Cram.
▶ Cisco Modeling Labs (CML) Personal: CML Personal (formerly Cisco
VIRL) is a powerful network virtualization and orchestration platform
you can use to study for Cisco certifications. CML Personal uses real
Cisco IOS images and gives you the ability to simulate networks reliably.
Both IOSv and IOSvL2 images are included. The majority of the top-
ics that are coved in the CCNP/CCIE ENCOR 350-401 exam can be
practiced using CML Personal. CML Personal allows up to 20 concur-
rent simulated nodes, and CML Personal Plus supports up to 40 concur-
rent simulated nodes. The majority of the examples in this Exam Cram
were created using CML Personal. For more information on CML Per-
sonal, see https://developer.cisco.com/docs/modeling-labs. Cisco CML
Personal can be purchased from the Cisco Learning Network Store at
https://learningnetworkstore.cisco.com/cisco-modeling-labs-personal/
cisco-cml-personal.
About the ENCOR 350-401 Exam
The material in this Exam Cram closely follows the official exam domains
and objectives to ensure your success on the CCNP/CCIE ENCOR 350-401
exam. To earn the CCNP Enterprise certification, there is no formal prereq-
uisite, although Cisco recommends that you have a good understanding of
the exam topics before taking the exams. In addition, Cisco recommends that
CCNP candidates have three to five years of experience implementing enter-
prise networking solutions.
To earn the CCNP Enterprise certification, you have to pass two exams: one
required exam that covers core enterprise technologies and one enterprise con-
centration exam of your choice, based on your technical area of focus. Passing
any of these concentration exams also allows you to earn an individual Special-
ist certification that helps recognize your accomplishments along the way to
earning your CCNP Enterprise certification. These are the requirements for
earning the CCNP Enterprise certification:
▶ Required exam: 350-401: Implementing and Operating Cisco Enterprise
Network Core Technologies (ENCOR)
▶ One concentration exam:Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 28...

xxviCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
▶ 300-410: Implementing Cisco Enterprise Advanced Routing and
Services (ENARSI)
▶ 300-415: Implementing Cisco SD-WAN Solutions (ENSDWI)
▶ 300-420: Designing Cisco Enterprise Networks (ENSLD)
▶ 300-425: Designing Cisco Enterprise Wireless Networks (ENWLSD)
▶ 300-430: Implementing Cisco Enterprise Wireless Networks
(ENWLSI)
▶ 300-435: Implementing Automation for Cisco Enterprise Solutions
(ENAUI)
This book focuses on the required 350-401 (ENCOR) exam. It is a 120-minute
exam that tests your knowledge of enterprise infrastructure, including dual-
stack architecture, virtualization, infrastructure, network assurance, security,
and automation. The CCNP/CCIE ENCOR 350-401 exam is also the qualify-
ing exam for the CCIE Enterprise Infrastructure and CCIE Enterprise Wire-
less certifications. Once you pass the CCNP/CCIE ENCOR 350-401 exam,
you are automatically qualified to schedule and take the CCIE lab exam in
those tracks.
Cisco ENCOR 350-401 Exam Topics
Table I-1 lists general exam topics (that is, objectives) and specific top-
ics under each general topic (that is, subobjectives) for the CCNP/CCIE
ENCOR 350-401 exam. This table also lists the chapter in which each
exam topic is covered.
This Exam Cram covers every domain and objective of the CCNP/CCIE
ENCOR 350-401 exam. It follows the official exam objectives closely to
ensure your success on the CCNP/CCIE ENCOR 350-401 exam. As such,
all of the contents, including CramSaver, Cram Quizzes, and Review
Questions, map to specific objectives of the CCNP/CCIE ENCOR
350-401 exam. The latest CCNP/CCIE ENCOR 350-401 exam objectives
can be found on the Cisco Learning Network at https://learningnetwork.
cisco.com/s/encor-exam-topics.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 29...

xxvii
Introduction
TABLE I-1 ENCOR 350-401 Exam Topics
Chapter ENCOR Exam Objectives
1.0 Architecture
1.1 Explain the different design principles used in an enter-
prise network
19: Enterprise Network
Design Principles
1.1.a Enterprise network design such as Tier 2, Tier 3, and
Fabric Capacity planning
19: Enterprise Network
Design Principles
1.1.b High availability techniques such as redundancy,
FHRP, and SSO
1.2 Analyze design principles of a WLAN deployment
20: Wireless LAN
Deployments
1.2.1 Wireless deployment models (centralized, distributed,
controller-less, controller based, cloud, remote branch)
20: Wireless LAN
Deployments
1.2.b Location services in a WLAN design
21: On-Premises vs.
Cloud Infrastructure
1.3 Differentiate between on-premises and cloud infrastruc-
ture deployments
1.4 Explain the working principles of the Cisco SD-WAN
solution
22: SD-WAN 1.4.a SD-WAN control and data planes elements
22: SD-WAN 1.4.b Traditional WAN and SD-WAN solutions
1.5 Explain the working principles of the Cisco SD-Access
solution
23: SD-Access 1.5.a SD-Access control and data planes elements
23: SD-Access 1.5.b Traditional campus interoperating with SD-Access
1.6 Describe concepts of wired and wireless QoS
24: QoS 1.6.a QoS components
24: QoS 1.6.b QoS policy
1.7 Differentiate hardware and software switching
mechanisms
25: Switching 1.7.a Process and CEF
25: Switching 1.7.b MAC address table and TCAM
25: Switching 1.7.c FIB vs. RIB
2.0 Virtualization
2.1 Describe device virtualization technologies
26: Basic Virtualization 2.1.a Hypervisor type 1 and 2
26: Basic Virtualization 2.1.b Virtual machine
26: Basic Virtualization 2.1.c Virtual switchingHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 30...

xxviiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram
Chapter ENCOR Exam Objectives
2.2 Configure and verify data path virtualization
technologies
27: VRF Instances, GRE,
and IPsec
2.2.a VRF
27: VRF Instances, GRE,
and IPsec
2.2.b GRE and IPsec tunneling
2.3 Describe network virtualization concepts
28: Extending the
Network Virtually
2.3.a LISP
28: Extending the
Network Virtually
2.3.b VXLAN
3.0 Infrastructure
3.1 Layer 2
1: Understanding Layer 2 3.1.a Troubleshoot static and dynamic 802.1q trunking
protocols
1: Understanding Layer 2 3.1.b Troubleshoot static and dynamic EtherChannels
1: Understanding Layer 2 3.1.c Configure and verify common Spanning Tree
Protocols (RSTP and MST)
3.2 Layer 3
2: Understanding Layer
3: IGPs
3.2.a Compare routing concepts of EIGRP and OSPF
(advanced distance vector vs. link state, load balancing,
path selection, path operations, metrics)
2: Understanding Layer
3: IGPs
3.2.b Configure and verify simple OSPF environments,
including multiple normal areas, summarization, and filter-
ing (neighbor adjacency, point-to-point and broadcast net-
work types, and passive interface)
3: Understanding Layer
3: BGP
3.2.c Configure and verify eBGP between directly con-
nected neighbors (best path selection algorithm and neigh-
bor relationships)
3.3 Wireless
5: Enterprise Wireless 3.3.a Describe Layer 1 concepts, such as RF power, RSSI,
SNR, interference noise, band and channels, wireless client
devices capabilities
5: Enterprise Wireless 3.3.b Describe AP modes and antenna types
5: Enterprise Wireless 3.3.c Describe access point discovery and join process
(discovery algorithms, WLC selection process)
5: Enterprise Wireless 3.3.d Describe the main principles and use cases for Layer
2 and Layer 3 roamingHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 31...

28 more pages available. Scroll down to load them.

Preview Mode

100%

Study Now!

XY-Copilot AI

Unlimited Access

Secure Payment

Instant Access

24/7 Support

Document Chat

Document Details

Subject

Cisco Certified Network Professional

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)

Study Now!

Document Details

Related Documents

CCNP Enterprise Certification Study Guide (2020)

CCNP and CCIE Enterprise Core and CCNP Advanced Routing Portable Command Guide: All ENCOR (350-401) and ENARSI (300-410) (2020)

CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide (2020)

CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide (2020)

CCNP Enterprise Design ENSLD 300-420 Official Cert Guide: Designing Cisco Enterprise Networks (2020)

CCNP Security Cisco Secure Firewall and Intrusion Prevention System (2022)

CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide (2024)

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)

CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide (2023)

CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide (2023)

Company

Explore

Study Tools