Published by Pearson IT Certification (April 22, 2022) © 2022
Donald BachaCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram is the perfect study guide to help you pass the updated ENCOR 350-401 exam, a core requirement for your CCNP Enterprise, CCIE Enterprise Infrastructure, or CCIE Enterprise Wireless certification. It delivers expert coverage and practice questions for every exam topic, including implementation of core enterprise network technologies involving dual stack (IPv4 and IPv6) architecture, virtualization, infrastructure, network assurance, security and automation. Its comprehensive, proven preparation tools include:
- Exam objective mapping to help you focus your study
- A self-assessment section for evaluating your motivations and readiness
- Concise, easy-to-read exam topic overviews
- Exam Alerts highlighting key concepts
- Bullet lists and summaries for easy review
- CramSavers, CramQuizzes, and chapter-ending practice questions to help you assess your understanding
- Notes indicating areas of concern or specialty training
- Tips to help you build a better foundation of knowledge
- An extensive Glossary of terms and acronyms
- The popular CramSheet tear-out, collecting the most difficult-to-remember facts and numbers you should memorize before taking the test
CCNP and CCIE Enterprise Core ENCOR 350-401 helps you master all key ENCOR Exam 350-401 topics:
- Understand Cisco infrastructure, including Layer 2, Layer 3 (IGPs and BGP), IP services, and enterprise wireless
- Secure enterprise networks by safeguarding device access, network access, infrastructure, REST APIs, wireless systems, and designing network security
- Automate networks with Python, JSON, YANG data models, DNA Center, vManage, REST APIs, EEM applets, configuration management, and orchestration
- Master enterprise network design/architecture, deploy WLANs, compare on-prem and cloud infrastructure; implement SD-WAN, SD-Access, QoS, and switching
- Use basic virtualization, virtual pathing, and virtual network extensions
- Perform network assurance tasks: troubleshoot and monitor networks; work with IP SLA, DNA Center, NETCONF, and RESTCONF
(This eBook edition of CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram does not include access to the companion website with practice exam(s) included with the print or Premium edition.)
Introduction. . . . . . . . . . . . . . . . . . . . . . . xxiii
Part I: Infrastructure
CHAPTER 1
Understanding Layer 2.. . . . . . . . . . . . . . . . . . . . 1
VLANs Overview.. . . . . . . . . . . . . . . . . . . . 3
Spanning Tree Protocol Overview. . . . . . . . . . . . . . 19
EtherChannels.. . . . . . . . . . . . . . . . . . . . 47
Review Questions.. . . . . . . . . . . . . . . . . . . 57
Further Reading.. . . . . . . . . . . . . . . . . . . . 58
What's Next?.. . . . . . . . . . . . . . . . . . . . . 58
CHAPTER 2
Understanding Layer 3: IGPs.. . . . . . . . . . . . . . . . . 59
IP Routing Essentials. . . . . . . . . . . . . . . . . . 60
Enhanced Interior Gateway Routing Protocol (EIGRP). . . . . . 68
Open Shortest Path First (OSPF).. . . . . . . . . . . . . . 80
Review Questions.. . . . . . . . . . . . . . . . . . . 100
Further Reading.. . . . . . . . . . . . . . . . . . . . 101
What's Next?.. . . . . . . . . . . . . . . . . . . . . 101
CHAPTER 3
Understanding Layer 3: BGP. . . . . . . . . . . . . . . . . 103
BGP Fundamentals.. . . . . . . . . . . . . . . . . . . 104
BGP Configuration and Verification.. . . . . . . . . . . . . 112
Review Questions.. . . . . . . . . . . . . . . . . . . 120
Further Reading.. . . . . . . . . . . . . . . . . . . . 121
What's Next?.. . . . . . . . . . . . . . . . . . . . . 121
CHAPTER 4
IP Services.. . . . . . . . . . . . . . . . . . . . . . . 123
Network Time Protocol (NTP).. . . . . . . . . . . . . . 124
Network Address Translation (NAT).. . . . . . . . . . . . . 134
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 143
Multicast.. . . . . . . . . . . . . . . . . . . . . . 156
Review Questions.. . . . . . . . . . . . . . . . . . . 165
Further Reading.. . . . . . . . . . . . . . . . . . . . 166
What's Next?.. . . . . . . . . . . . . . . . . . . . . 166
CHAPTER 5
Enterprise Wireless.. . . . . . . . . . . . . . . . . . . . 167
Wireless Basics.. . . . . . . . . . . . . . . . . . . . 168
WLC and AP Operation and Pairing. . . . . . . . . . . . . 176
Wireless Roaming. . . . . . . . . . . . . . . . . . . 185
Review Questions.. . . . . . . . . . . . . . . . . . . 191
Further Reading.. . . . . . . . . . . . . . . . . . . . 192
What's Next?.. . . . . . . . . . . . . . . . . . . . . 192
Part II: Security
CHAPTER 6
Device Access Control.. . . . . . . . . . . . . . . . . . . 193
Cisco IOS CLI Session Overview.. . . . . . . . . . . . . . 194
Authentication, Authorization, and Accounting (AAA) Overview.. . . 210
Review Questions.. . . . . . . . . . . . . . . . . . . 217
Further Reading.. . . . . . . . . . . . . . . . . . . . 218
What's Next?.. . . . . . . . . . . . . . . . . . . . . 218
CHAPTER 7
Infrastructure Security.. . . . . . . . . . . . . . . . . . . 219
Access Control Lists (ACLs) Overview. . . . . . . . . . . . 220
Control Plane Policing (CoPP). . . . . . . . . . . . . . . 233
Review Questions.. . . . . . . . . . . . . . . . . . . 236
Further Reading.. . . . . . . . . . . . . . . . . . . . 237
What's Next?.. . . . . . . . . . . . . . . . . . . . . 237
CHAPTER 8
Securing REST APIs. . . . . . . . . . . . . . . . . . . . 239
REST API Security.. . . . . . . . . . . . . . . . . . . 240
Review Questions.. . . . . . . . . . . . . . . . . . . 245
Further Reading.. . . . . . . . . . . . . . . . . . . . 245
What's Next?.. . . . . . . . . . . . . . . . . . . . . 245
CHAPTER 9
Wireless Security.. . . . . . . . . . . . . . . . . . . . . 247
Wireless Authentication Overview. . . . . . . . . . . . . . 248
Review Questions.. . . . . . . . . . . . . . . . . . . 262
Further Reading.. . . . . . . . . . . . . . . . . . . . 262
What's Next?.. . . . . . . . . . . . . . . . . . . . . 263
CHAPTER 10
Network Security Design.. . . . . . . . . . . . . . . . . . 265
Threat Defense. . . . . . . . . . . . . . . . . . . . 266
TrustSec, MACsec. . . . . . . . . . . . . . . . . . . 279
Review Questions.. . . . . . . . . . . . . . . . . . . 284
Further Reading.. . . . . . . . . . . . . . . . . . . . 285
What's Next?.. . . . . . . . . . . . . . . . . . . . . 285
CHAPTER 11
Network Access Control. . . . . . . . . . . . . . . . . . . 287
Cisco Identity Services Engine (ISE).. . . . . . . . . . . . . 288
Review Questions.. . . . . . . . . . . . . . . . . . . 296
Further Reading.. . . . . . . . . . . . . . . . . . . . 296
What's Next?.. . . . . . . . . . . . . . . . . . . . . 297
Part III: Automation
CHAPTER 12
Anatomy of Python. . . . . . . . . . . . . . . . . . . . . 299
Interpreting Python Components and Scripts.. . . . . . . . . . 300
Review Questions.. . . . . . . . . . . . . . . . . . . 313
Further Reading.. . . . . . . . . . . . . . . . . . . . 314
What's Next?.. . . . . . . . . . . . . . . . . . . . . 314
CHAPTER 13
Building JSON Files.. . . . . . . . . . . . . . . . . . . . 315
Data Formats (XML and JSON).. . . . . . . . . . . . . . 316
Review Questions.. . . . . . . . . . . . . . . . . . . 323
Further Reading.. . . . . . . . . . . . . . . . . . . . 324
What's Next?.. . . . . . . . . . . . . . . . . . . . . 324
CHAPTER 14
YANG Data Modeling.. . . . . . . . . . . . . . . . . . . . 325
YANG Data Modeling. . . . . . . . . . . . . . . . . . 326
Review Questions.. . . . . . . . . . . . . . . . . . . 332
Further Reading.. . . . . . . . . . . . . . . . . . . . 332
What's Next?.. . . . . . . . . . . . . . . . . . . . . 332
CHAPTER 15
DNA Center and vManage APIs. . . . . . . . . . . . . . . . 333
APIs for Cisco DNA Center and vManage.. . . . . . . . . . . 334
Review Questions.. . . . . . . . . . . . . . . . . . . 344
Further Reading.. . . . . . . . . . . . . . . . . . . . 344
What's Next?.. . . . . . . . . . . . . . . . . . . . . 344
CHAPTER 16
Interpreting REST API Codes.. . . . . . . . . . . . . . . . . 345
Interpreting REST API Response Codes.. . . . . . . . . . . 346
Review Questions.. . . . . . . . . . . . . . . . . . . 349
Further Reading.. . . . . . . . . . . . . . . . . . . . 349
What's Next?.. . . . . . . . . . . . . . . . . . . . . 349
CHAPTER 17
EEM Applets.. . . . . . . . . . . . . . . . . . . . . . . 351
Embedded Event Manager (EEM).. . . . . . . . . . . . . 352
Review Questions.. . . . . . . . . . . . . . . . . . . 362
Further Reading.. . . . . . . . . . . . . . . . . . . . 362
What's Next?.. . . . . . . . . . . . . . . . . . . . . 362
CHAPTER 18
Configuration Management and Orchestration.. . . . . . . . . . 363
Agent-Based Orchestration Tools.. . . . . . . . . . . . . . 365
Agentless Orchestration Tools. . . . . . . . . . . . . . . 372
Review Questions.. . . . . . . . . . . . . . . . . . . 378
Further Reading.. . . . . . . . . . . . . . . . . . . . 378
What's Next?.. . . . . . . . . . . . . . . . . . . . . 378
Part IV: Architecture
CHAPTER 19
Enterprise Network Design Principles.. . . . . . . . . . . . . . 379
Hierarchical LAN Design Model.. . . . . . . . . . . . . . 380
First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . 392
Hardware Redundancy Mechanisms.. . . . . . . . . . . . . 400
Review Questions.. . . . . . . . . . . . . . . . . . . 407
Further Reading.. . . . . . . . . . . . . . . . . . . . 408
What's Next?.. . . . . . . . . . . . . . . . . . . . . 408
CHAPTER 20
Wireless LAN Deployments. . . . . . . . . . . . . . . . . . 409
Wireless Deployment Models. . . . . . . . . . . . . . . 410
Wireless Location Services. . . . . . . . . . . . . . . . 427
Review Questions.. . . . . . . . . . . . . . . . . . . 430
Further Reading.. . . . . . . . . . . . . . . . . . . . 431
What's Next?.. . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 21
On-Premises vs. Cloud Infrastructure.. . . . . . . . . . . . . . 433
Cloud Infrastructure Basics.. . . . . . . . . . . . . . . . 434
Cloud Services Models. . . . . . . . . . . . . . . . . . 438
Cloud Deployment Models.. . . . . . . . . . . . . . . . 444
On-Premises or Cloud Infrastructure. . . . . . . . . . . . . 447
Review Questions.. . . . . . . . . . . . . . . . . . . 449
Further Reading.. . . . . . . . . . . . . . . . . . . . 450
What's Next?.. . . . . . . . . . . . . . . . . . . . . 450
CHAPTER 22
SD-WAN.. . . . . . . . . . . . . . . . . . . . . . . . 451
SD-WAN Overview.. . . . . . . . . . . . . . . . . . 452
SD-WAN Architecture Components.. . . . . . . . . . . . . 459
Review Questions.. . . . . . . . . . . . . . . . . . . 465
Further Reading.. . . . . . . . . . . . . . . . . . . . 466
What's Next?.. . . . . . . . . . . . . . . . . . . . . 466
CHAPTER 23
SD-Access. . . . . . . . . . . . . . . . . . . . . . . . 467
SD-Access Overview.. . . . . . . . . . . . . . . . . . 468
SD-Access Architecture.. . . . . . . . . . . . . . . . . 471
SD-Access Operational Planes.. . . . . . . . . . . . . . . 474
SD-Access Fabric Roles and Components.. . . . . . . . . . . 477
Review Questions.. . . . . . . . . . . . . . . . . . . 484
Further Reading.. . . . . . . . . . . . . . . . . . . . 484
What's Next?.. . . . . . . . . . . . . . . . . . . . . 485
CHAPTER 24
QoS. . . . . . . . . . . . . . . . . . . . . . . . . . 487
The Need for QoS.. . . . . . . . . . . . . . . . . . . 488
QoS Models and Components.. . . . . . . . . . . . . . . 493
Congestion Management and Congestion Avoidance.. . . . . . . 499
Review Questions.. . . . . . . . . . . . . . . . . . . 503
Further Reading.. . . . . . . . . . . . . . . . . . . . 503
What's Next?.. . . . . . . . . . . . . . . . . . . . . 504
CHAPTER 25
Switching.. . . . . . . . . . . . . . . . . . . . . . . . 505
Traffic Forwarding Basics. . . . . . . . . . . . . . . . . 506
Forwarding Architectures. . . . . . . . . . . . . . . . . 511
Review Questions.. . . . . . . . . . . . . . . . . . . 522
Further Reading.. . . . . . . . . . . . . . . . . . . . 523
What's Next?.. . . . . . . . . . . . . . . . . . . . . 523
Part V: Virtualization
CHAPTER 26
Basic Virtualization.. . . . . . . . . . . . . . . . . . . . 525
Virtualization Overview.. . . . . . . . . . . . . . . . . 526
Virtual Machines (VMs). . . . . . . . . . . . . . . . . 532
Virtual Switching.. . . . . . . . . . . . . . . . . . . 535
Review Questions.. . . . . . . . . . . . . . . . . . . 542
Further Reading.. . . . . . . . . . . . . . . . . . . . 543
What's Next?.. . . . . . . . . . . . . . . . . . . . . 543
CHAPTER 27
VRF Instances, GRE, and IPsec. . . . . . . . . . . . . . . . 545
Virtual Routing and Forwarding (VRF).. . . . . . . . . . . . 546
Generic Routing Encapsulation (GRE).. . . . . . . . . . . . 552
IPsec VPNs.. . . . . . . . . . . . . . . . . . . . . 558
Review Questions.. . . . . . . . . . . . . . . . . . . 570
Further Reading.. . . . . . . . . . . . . . . . . . . . 571
What's Next?.. . . . . . . . . . . . . . . . . . . . . 571
CHAPTER 28
Extending the Network Virtually.. . . . . . . . . . . . . . . . 573
Locator ID/Separation Protocol (LISP).. . . . . . . . . . . . 574
Virtual Extensible LAN (VXLAN).. . . . . . . . . . . . . 580
Review Questions.. . . . . . . . . . . . . . . . . . . 585
Further Reading.. . . . . . . . . . . . . . . . . . . . 586
What's Next?.. . . . . . . . . . . . . . . . . . . . . 586
Part VI: Network Assurance
CHAPTER 29
Troubleshooting.. . . . . . . . . . . . . . . . . . . . . . 587
Troubleshooting Overview.. . . . . . . . . . . . . . . . 588
Simple Network Management Protocol (SNMP).. . . . . . . . 604
Review Questions.. . . . . . . . . . . . . . . . . . . 610
Further Reading.. . . . . . . . . . . . . . . . . . . . 611
What's Next?.. . . . . . . . . . . . . . . . . . . . . 611
CHAPTER 30
Monitoring. . . . . . . . . . . . . . . . . . . . . . . . 613
Syslog.. . . . . . . . . . . . . . . . . . . . . . . 614
NetFlow and Flexible NetFlow. . . . . . . . . . . . . . . 620
Switch Port Analyzer (SPAN), Remote SPAN (RSPAN), and Encapsulated Remote SPAN (ERSPAN)... 632
Review Questions.. . . . . . . . . . . . . . . . . . . 639
Further Reading.. . . . . . . . . . . . . . . . . . . . 640
What's Next?.. . . . . . . . . . . . . . . . . . . . . 640
CHAPTER 31
IP SLA and DNA Center.. . . . . . . . . . . . . . . . . . . 641
IP SLA Overview.. . . . . . . . . . . . . . . . . . . 642
Cisco DNA Center Assurance. . . . . . . . . . . . . . . 652
Review Questions.. . . . . . . . . . . . . . . . . . . 660
Further Reading.. . . . . . . . . . . . . . . . . . . . 660
What's Next?.. . . . . . . . . . . . . . . . . . . . . 660
CHAPTER 32
NETCONF and RESTCONF.. . . . . . . . . . . . . . . . . . 661
NETCONF. . . . . . . . . . . . . . . . . . . . . 662
RESTCONF.. . . . . . . . . . . . . . . . . . . . . 668
Review Questions.. . . . . . . . . . . . . . . . . . . 671
Further Reading.. . . . . . . . . . . . . . . . . . . . 671
What's Next?.. . . . . . . . . . . . . . . . . . . . . 671
Glossary.. . . . . . . . . . . . . . . . . . . . . . . . 673
9780136891932, TOC, 2/15/2022