CramX Logo
RegisterLog in

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) helps you master complex topics with simplified explanations.

Sebastian Lopez
Contributor
4.7
130
about 1 year ago
Preview (31 of 798 Pages)
100%
Log in to unlock

Page 1

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 1 preview image

Loading page ...

Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 2

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 2 preview image

Loading page ...

Page 3

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 3 preview image

Loading page ...

CCNP®andCCIE®Enterprise CoreENCOR 350-401Special OffersENHANCE YOUR EXAM PREPARATIONSave 70% on Complete Video CourseTheCCNP and CCIE Enterprise Core ENCOR 350-401 Complete Video Course,Complete Video Course, available for both streaming and download, providesyou with hours of expert-level instruction mapped directly to exam objectives.Put your knowledge to the test with full practice exams powered by the PearsonTest Prep practice test software, module quizzes, and more.Save 80% on Premium Edition eBook andPractice TestTheCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram PremiumEdition eBook and Practice Testprovides three eBook files (PDF, EPUB, andMOBI/Kindle) to read on your preferred device and an enhanced edition of thePearson Test Prep practice test software. You will also receive two additionalpractice exams with links for every question mapped to the PDF eBook.Pearson Test Prep online system requirements:Browsers:Browsers: Chrome version 73 and above, Safari version 12 and above, MicrosoftEdge 44 and above.Devices:Desktop and laptop computers, tablets running Android v8.0 and above or iPadOSv13 and above, smartphones running Android v8.0 and above or iOS v13 and above with aminimum screen size of 4.7". Internet access required.Pearson Test Prep offline system requirements:Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor(or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam;access to the Internet to register and download exam databasesSee card insert in the back of the bookfor your Pearson Test Prep activation code and special offers.>>Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 4

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 4 preview image

Loading page ...

CCNP and CCIEEnterprise CoreENCOR 350-401Exam CramDonald BachaHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 5

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 5 preview image

Loading page ...

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramCopyright © 2022 by Pearson Education, Inc.All rights reserved. This publication is protected by copyright, and permis-sion must be obtained from the publisher prior to any prohibited reproduc-tion, storage in a retrieval system, or transmission in any form or by anymeans, electronic, mechanical, photocopying, recording, or likewise. Forinformation regarding permissions, request forms, and the appropriatecontacts within the Pearson Education Global Rights & PermissionsDepartment, please visit www.pearson.com/permissions.No patent liability is assumed with respect to the use of the information con-tained herein. Although every precaution has been taken in the preparationof this book, the publisher and author assume no responsibility for errors oromissions. Nor is any liability assumed for damages resulting from the use ofthe information contained herein.ISBN-13: 978-0-13-689193-2ISBN-10: 0-13-689193-4Library of Congress Control Number: 2021924388ScoutAutomatedPrintCodeTrademarksAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Pearson IT Certification cannotattest to the accuracy of this information. Use of a term in this book shouldnot be regarded as affecting the validity of any trademark or service mark.Warning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The author and the publisher shall have neither liabilitynor responsibility to any person or entity with respect to any loss or dam-ages arising from the information contained in this book.Special SalesFor information about buying this title in bulk quantities, or for special salesopportunities (which may include electronic versions; custom cover designs;and content particular to your business, training goals, marketing focus,or branding interests), please contact our corporate sales department atcorpsales@pearsoned.com or (800) 382-3419.For government sales inquiries, please contactgovernmentsales@pearsoned.com.For questions about sales outside the U.S., please contactintlcs@pearson.com.Editor-in-ChiefMark TaubDirector,ITP ProductManagementBrett BartowExecutiveAcquisitionsEditorJames ManlyDevelopmentEditorEllie BruManaging EditorSandra SchroederProject EditorMandie FrankCopy EditorKitty WilsonIndexerErika MillenProofreaderGill EditorialServicesTechnical EditorRaymond LacostePublishingCoordinatorCindy TeetersDesignerChuti PrasertsithCompositorcodeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 6

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 6 preview image

Loading page ...

Pearson’s Commitment to Diversity, Equity,and InclusionPearson is dedicated to creating bias-free content that reflects the diversity ofall learners. We embrace the many dimensions of diversity, including but notlimited to race, ethnicity, gender, socioeconomic status, ability, age, sexual ori-entation, and religious or political beliefs.Education is a powerful force for equity and change in our world. It has thepotential to deliver opportunities that improve lives and enable economicmobility. As we work with authors to create content for every product and ser-vice, we acknowledge our responsibility to demonstrate inclusivity and incor-porate diverse scholarship so that everyone can achieve their potential throughlearning. As the world’s leading learning company, we have a duty to help drivechange and live up to our purpose to help more people create a better life forthemselves and to create a better world.Our ambition is to purposefully contribute to a world whereEveryone has an equitable and lifelong opportunity to succeed throughlearningOur educational products and services are inclusive and represent the richdiversity of learnersOur educational content accurately reflects the histories and experiencesof the learners we serveOur educational content prompts deeper discussions with learners andmotivates them to expand their own learning (and worldview)While we work hard to present unbiased content, we want to hear from youabout any concerns or needs with this Pearson product so that we caninvestigate and address them.Please contact us with concerns about any potential bias athttps://www.pearson.com/report-bias.html.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 7

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 7 preview image

Loading page ...

Figure CreditFigure 5-1; Figure 5-2Courtesy of Cisco Systems, Inc.Figure 5-3; Figure 5-4Figure 5-5Figure 5-6Screenshot of Monitor Section for a CiscoWLC © Cisco Systems, IncFigure 5-7Courtesy of Cisco Systems, Inc.Figure 9-1; Figure 9-2;Courtesy of Cisco Systems, Inc.Figure 9-3; Figure 9-4;Figure 9-5; Figure 9-6;Figure 9-7; Figure 9-8;Figure 9-9; Figure 9-10;Figure 9-11; Figure 9-12;Figure 9-13Figure 15-2; Figure 15-3;Courtesy of Cisco Systems, Inc.Figure 15-4Figure 20-6Courtesy of Cisco Systems, Inc.Figure 22-3Screenshot of The Cisco vManage MainDashboard © Cisco Systems, IncFigure 23-1Screenshot of Cisco DNA Center © CiscoSystems, IncFigure 24-2Screenshot of Cisco WLC QoS profiles© Cisco Systems, IncFigure 26-2; Figure 26-3© 2022 VMware, IncFigure 26-5a; Figure 26-5bCourtesy of Cisco Systems, Inc.Figure 26-5cFigure 31-2; Figure 31-3;Courtesy of Cisco Systems, Inc.Figure 31-4Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 8

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 8 preview image

Loading page ...

Contents at a GlanceIntroductionxxiiiPart I: InfrastructureCHAPTER 1Understanding Layer 21CHAPTER 2Understanding Layer 3: IGPs59CHAPTER 3Understanding Layer 3: BGP103CHAPTER 4IP Services123CHAPTER 5Enterprise Wireless167Part II: SecurityCHAPTER 6Device Access Control193CHAPTER 7Infrastructure Security219CHAPTER 8Securing REST APIs239CHAPTER 9Wireless Security247CHAPTER 10Network Security Design265CHAPTER 11Network Access Control287Part III: AutomationCHAPTER 12Anatomy of Python299CHAPTER 13Building JSON Files315CHAPTER 14YANG Data Modeling325CHAPTER 15DNA Center and vManage APIs333CHAPTER 16Interpreting REST API Codes345CHAPTER 17EEM Applets351CHAPTER 18Configuration Management and Orchestration363Part IV: ArchitectureCHAPTER 19Enterprise Network Design Principles379CHAPTER 20Wireless LAN Deployments409CHAPTER 21On-Premises vs. Cloud Infrastructure433CHAPTER 22SD-WAN451Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 9

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 9 preview image

Loading page ...

viCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramCHAPTER 23SD-Access467CHAPTER 24QoS487CHAPTER 25Switching505Part V: VirtualizationCHAPTER 26Basic Virtualization525CHAPTER 27VRF Instances, GRE, and IPsec545CHAPTER 28Extending the Network Virtually573Part VI: Network AssuranceCHAPTER 29Troubleshooting587CHAPTER 30Monitoring613CHAPTER 31IP SLA and DNA Center641CHAPTER 32NETCONF and RESTCONF661Glossary673Index695Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 10

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 10 preview image

Loading page ...

Table of ContentsIntroduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiiiPart I: InfrastructureCHAPTER 1Understanding Layer 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1VLANs Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3VLAN Assignment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4802.1Q Trunking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Dynamic Trunking Protocol (DTP). . . . . . . . . . . . . . . . . . . . . .9VLAN Trunking Protocol (VTP). . . . . . . . . . . . . . . . . . . . . . .11Inter-VLAN Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Spanning Tree Protocol Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .19Root Bridge, Root Port, and Designated Port Elections. . . . . . . .20Rapid Spanning Tree Protocol (RSTP). . . . . . . . . . . . . . . . . . .25Spanning Tree Protocol Tuning and Protection Mechanisms. . . .28Switch Priorities Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .28Multiple Spanning Tree Protocol (MST). . . . . . . . . . . . . . . . . .40EtherChannels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .58Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58CHAPTER 2Understanding Layer 3: IGPs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59IP Routing Essentials. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60Routing Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61Path Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62Static Routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65Enhanced Interior Gateway Routing Protocol (EIGRP). . . . . . . . . . .68Neighbor Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70Topology Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72Routing Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75EIGRP Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76EIGRP Named Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76Route Summarization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 11

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 11 preview image

Loading page ...

viiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramOpen Shortest Path First (OSPF). . . . . . . . . . . . . . . . . . . . . . . . . . .80OSPF Cost. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81OSPF Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82OSPF Areas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83Neighbors and Adjacencies. . . . . . . . . . . . . . . . . . . . . . . . . . .85OSPF Packet Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87Basic OSPF Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . .87Router ID (RID). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91Passive Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91Default Route Advertisements. . . . . . . . . . . . . . . . . . . . . . . . .91OSPF Optimizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92Link-State Advertisements (LSAs). . . . . . . . . . . . . . . . . . . . . .92OSPF Path Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93Route Summarization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .101Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101CHAPTER 3Understanding Layer 3: BGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103BGP Fundamentals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104BGP Configuration and Verification. . . . . . . . . . . . . . . . . . . . . . . . .112Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .120Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121CHAPTER 4IP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123Network Time Protocol (NTP). . . . . . . . . . . . . . . . . . . . . . . . . . . .124Network Address Translation (NAT). . . . . . . . . . . . . . . . . . . . . . . . .134Static NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136Dynamic NAT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137Port Address Translation (PAT). . . . . . . . . . . . . . . . . . . . . . . .138First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . . . . . . . . . .143Virtual Router Redundancy Protocol (VRRP). . . . . . . . . . . . . .147Gateway Load Balancing Protocol (GLBP). . . . . . . . . . . . . . . .150Object Tracking with FHRPs. . . . . . . . . . . . . . . . . . . . . . . . . .154Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 12

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 12 preview image

Loading page ...

ContentsixMulticast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156Multicast Fundamentals. . . . . . . . . . . . . . . . . . . . . . . . . . . . .156Multicast Group Addressing. . . . . . . . . . . . . . . . . . . . . . . . . .157Internet Group Management Protocol (IGMP). . . . . . . . . . . . .157Protocol Independent Multicast (PIM). . . . . . . . . . . . . . . . . . .161Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .165Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166CHAPTER 5Enterprise Wireless. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167Wireless Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168Radio Frequency (RF). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168Free Space Path Loss. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171Received Signal Strength Indicator (RSSI). . . . . . . . . . . . . . . . .171Signal-to-Noise Ratio (SNR). . . . . . . . . . . . . . . . . . . . . . . . . .171IEEE Wireless Standards. . . . . . . . . . . . . . . . . . . . . . . . . . . .172Multiple Radios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173WLC and AP Operation and Pairing. . . . . . . . . . . . . . . . . . . . . . . .176AP and WLC Interaction. . . . . . . . . . . . . . . . . . . . . . . . . . . .178Wireless Roaming. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185Troubleshooting WLAN Configuration and ClientConnectivity Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .192Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192Part II: SecurityCHAPTER 6Device Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193Cisco IOS CLI Session Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .194Protection of Access to Cisco IOS EXEC Modes. . . . . . . . . . . .197Secured Access with SSH. . . . . . . . . . . . . . . . . . . . . . . . . . . .203Privilege Levels and Role-Based Access Control (RBAC). . . . . . .206Authentication, Authorization, and Accounting (AAA) Overview. . . . . .210TACACS+ Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211RADIUS Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211AAA Configuration for Network Devices. . . . . . . . . . . . . . . . .212Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 13

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 13 preview image

Loading page ...

xCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramReview Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .217Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .217Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218CHAPTER 7Infrastructure Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219Access Control Lists (ACLs) Overview. . . . . . . . . . . . . . . . . . . . . . .220Types of ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224Port ACLs (PACLs) and VLAN ACLs (VACLs). . . . . . . . . . . . .229Control Plane Policing (CoPP). . . . . . . . . . . . . . . . . . . . . . . . . . . .233Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .236Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237CHAPTER 8Securing REST APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239REST API Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .245Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .245CHAPTER 9Wireless Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .247Wireless Authentication Overview. . . . . . . . . . . . . . . . . . . . . . . . . .248Open Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249Pre-Shared Key (PSK) Authentication. . . . . . . . . . . . . . . . . . . .251Extensible Authentication Protocol (EAP) Authentication. . . . . .254WebAuth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .257Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .262Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263CHAPTER 10Network Security Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265Threat Defense. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266Network Security Components. . . . . . . . . . . . . . . . . . . . . . . .270Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 14

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 14 preview image

Loading page ...

ContentsxiTrustSec, MACsec. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279TrustSec. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279MACsec. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .284Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285CHAPTER 11Network Access Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287Cisco Identity Services Engine (ISE). . . . . . . . . . . . . . . . . . . . . . . . .288Network Access Control (NAC). . . . . . . . . . . . . . . . . . . . . . . .290Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .296Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297Part III: AutomationCHAPTER 12Anatomy of Python. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299Interpreting Python Components and Scripts. . . . . . . . . . . . . . . . . . .300Python Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300Python Releases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301Setting Up Guest Shell. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301Using Python. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302Python Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309Parsing Python Output to JSON. . . . . . . . . . . . . . . . . . . . . . .310Exception Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .311Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .313Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314CHAPTER 13Building JSON Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315Data Formats (XML and JSON). . . . . . . . . . . . . . . . . . . . . . . . . . . .316Extensible Markup Language (XML). . . . . . . . . . . . . . . . . . . .317JavaScript Object Notation (JSON). . . . . . . . . . . . . . . . . . . . .319XML and JSON Comparison. . . . . . . . . . . . . . . . . . . . . . . . .321Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 15

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 15 preview image

Loading page ...

xiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramReview Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .323Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324CHAPTER 14YANG Data Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325YANG Data Modeling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326Different YANG Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . .327Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .332Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .332CHAPTER 15DNA Center and vManage APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333APIs for Cisco DNA Center and vManage. . . . . . . . . . . . . . . . . . . . .334DNA Center API Integrations. . . . . . . . . . . . . . . . . . . . . . . . .334vManage API Integrations. . . . . . . . . . . . . . . . . . . . . . . . . . . .338Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .344Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344CHAPTER 16Interpreting REST API Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345Interpreting REST API Response Codes. . . . . . . . . . . . . . . . . . . . . .346HTTP Status Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .349Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349CHAPTER 17EEM Applets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .351Embedded Event Manager (EEM). . . . . . . . . . . . . . . . . . . . . . . . . .352EEM Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .354EEM Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .362Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 16

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 16 preview image

Loading page ...

ContentsxiiiFurther Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .362CHAPTER 18Configuration Management and Orchestration. . . . . . . . . . . . . . . . . . . .363Agent-Based Orchestration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . .365Puppet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365Chef. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367SaltStack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .369Agentless Orchestration Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . .372Ansible. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372Bolt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375Configuration Management and OrchestrationTools Comparison. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .376Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .378Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .378Part IV: ArchitectureCHAPTER 19Enterprise Network Design Principles. . . . . . . . . . . . . . . . . . . . . . . . . . .379Hierarchical LAN Design Model. . . . . . . . . . . . . . . . . . . . . . . . . . .380Access Layer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .381Distribution Layer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382Core Layer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382Enterprise Network Architecture Options. . . . . . . . . . . . . . . . .383First-Hop Redundancy Protocols (FHRPs). . . . . . . . . . . . . . . . . . . .392Host Standby Router Protocol (HSRP). . . . . . . . . . . . . . . . . . .392Virtual Router Redundancy Protocol (VRRP). . . . . . . . . . . . . .396Gateway Load Balancing Protocol (GLBP). . . . . . . . . . . . . . . .397Hardware Redundancy Mechanisms. . . . . . . . . . . . . . . . . . . . . . . . .400Stateful Switchover (SSO). . . . . . . . . . . . . . . . . . . . . . . . . . . .400Nonstop Forwarding (NSF). . . . . . . . . . . . . . . . . . . . . . . . . . .405Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .408Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 17

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 17 preview image

Loading page ...

xivCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramCHAPTER 20Wireless LAN Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409Wireless Deployment Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . .410Autonomous Wireless Deployments. . . . . . . . . . . . . . . . . . . . .411Centralized Wireless Deployments. . . . . . . . . . . . . . . . . . . . . .412Cisco FlexConnect Wireless Deployments. . . . . . . . . . . . . . . . .415Cloud-Based Wireless Deployments. . . . . . . . . . . . . . . . . . . . .418Embedded Wireless Deployments. . . . . . . . . . . . . . . . . . . . . .422Wireless Location Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .431Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431CHAPTER 21On-Premises vs. Cloud Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . .433Cloud Infrastructure Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434Cloud Services Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .438Infrastructure as a Service (IaaS). . . . . . . . . . . . . . . . . . . . . . . .438Platform as a Service (PaaS). . . . . . . . . . . . . . . . . . . . . . . . . . .440Software as a Service (SaaS). . . . . . . . . . . . . . . . . . . . . . . . . . .441Anything as a Service (XaaS). . . . . . . . . . . . . . . . . . . . . . . . . .442Cloud Deployment Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444On-Premises or Cloud Infrastructure. . . . . . . . . . . . . . . . . . . . . . . .447Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .449Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .450What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .450CHAPTER 22SD-WAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .451SD-WAN Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .452The Need for SD-WAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . .453Secure Automated WAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . .454Application Performance Optimization. . . . . . . . . . . . . . . . . . .455Secure Direct Internet Access (DIA). . . . . . . . . . . . . . . . . . . . .456Multicloud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .456SD-WAN Architecture Components. . . . . . . . . . . . . . . . . . . . . . . . .459vSmart Controllers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459WAN Edge Routers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .460Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 18

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 18 preview image

Loading page ...

ContentsxvvBond Orchestrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461vManage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461SD-WAN Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . .463Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .465Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466CHAPTER 23SD-Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467SD-Access Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468SD-Access Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .471SD-Access Operational Planes. . . . . . . . . . . . . . . . . . . . . . . . . . . . .474SD-Access Fabric Roles and Components. . . . . . . . . . . . . . . . . . . . .477Control Plane Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .478Edge Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479Intermediate Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480Border Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .480Fabric Wireless LAN Controllers (WLCs). . . . . . . . . . . . . . . .481Fabric-Mode Access Points. . . . . . . . . . . . . . . . . . . . . . . . . . .481SD-Access Embedded Wireless. . . . . . . . . . . . . . . . . . . . . . . .481Fabric in a Box. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482Shared Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .482Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .484Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485CHAPTER 24QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487The Need for QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488Packet Loss. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489Delay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .490Jitter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .491Lack of Bandwidth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .491QoS Models and Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . .493Classification and Marking. . . . . . . . . . . . . . . . . . . . . . . . . . .495DSCPs and Per-Hop Behaviors (PHBs). . . . . . . . . . . . . . . . . .497Policing and Shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 19

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 19 preview image

Loading page ...

xviCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramCongestion Management and Congestion Avoidance. . . . . . . . . . . . . .499Congestion Management (Queuing). . . . . . . . . . . . . . . . . . . . .499Congestion Avoidance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500Wireless QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .503Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .503Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .503What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .504CHAPTER 25Switching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .505Traffic Forwarding Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506Forwarding Architectures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .511Process Switching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .511Fast Switching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512Cisco Express Forwarding (CEF). . . . . . . . . . . . . . . . . . . . . . .512Tables Used in Switching. . . . . . . . . . . . . . . . . . . . . . . . . . . .515Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .522Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .522Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523Part V: VirtualizationCHAPTER 26Basic Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525Virtualization Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526Hypervisors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527Virtual Machines (VMs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532Virtual Switching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .535Network Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .537Cisco Enterprise Network Function Virtualization (NFV). . . . . .537Cisco Enterprise NFV Architecture. . . . . . . . . . . . . . . . . . . . .538VNFs Supported in Cisco Enterprise NFV. . . . . . . . . . . . . . . .539Cisco NFV Hardware Options. . . . . . . . . . . . . . . . . . . . . . . . .539Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .542Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .543Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 20

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 20 preview image

Loading page ...

ContentsxviiCHAPTER 27VRF Instances, GRE, and IPsec. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .545Virtual Routing and Forwarding (VRF). . . . . . . . . . . . . . . . . . . . . . .546VRF-Lite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .547Generic Routing Encapsulation (GRE). . . . . . . . . . . . . . . . . . . . . . .552IPsec VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558Site-to-Site VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558Dynamic Multipoint VPN (DMVPN). . . . . . . . . . . . . . . . . . . .559Cisco IOS Virtual Tunnel Interfaces (VTIs). . . . . . . . . . . . . . . .560Cisco IOS FlexVPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .561IP Security (IPsec). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562GRE Tunneling over IPsec. . . . . . . . . . . . . . . . . . . . . . . . . . .567Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .570Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .571What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .571CHAPTER 28Extending the Network Virtually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573Locator ID/Separation Protocol (LISP). . . . . . . . . . . . . . . . . . . . . . .574LISP Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577Virtual Extensible LAN (VXLAN). . . . . . . . . . . . . . . . . . . . . . . . . .580Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .585Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .585Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .586What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .586Part VI: Network AssuranceCHAPTER 29Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .587Troubleshooting Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588Using debug to Analyze Traffic. . . . . . . . . . . . . . . . . . . . . . . .589Troubleshooting with traceroute. . . . . . . . . . . . . . . . . . . . . . .593Troubleshooting with ping. . . . . . . . . . . . . . . . . . . . . . . . . . .597Simple Network Management Protocol (SNMP). . . . . . . . . . . . . . . .604Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .610Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .610Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .611What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .611Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 21

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 21 preview image

Loading page ...

xviiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramCHAPTER 30Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613Syslog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614NetFlow and Flexible NetFlow. . . . . . . . . . . . . . . . . . . . . . . . . . . .620Switch Port Analyzer (SPAN), Remote SPAN (RSPAN),and Encapsulated Remote SPAN (ERSPAN). . . . . . . . . . . . . . . . . .632Remote SPAN (RSPAN). . . . . . . . . . . . . . . . . . . . . . . . . . . . .634Encapsulated Remote SPAN (ERSPAN). . . . . . . . . . . . . . . . . .635Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .640Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .640What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .640CHAPTER 31IP SLA and DNA Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .641IP SLA Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .642Cisco DNA Center Assurance. . . . . . . . . . . . . . . . . . . . . . . . . . . . .652Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .660Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .660CHAPTER 32NETCONF and RESTCONF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .661NETCONF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .662RESTCONF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .668Review Questions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671Answers to Review Questions. . . . . . . . . . . . . . . . . . . . . . . . .671Further Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671What’s Next?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .673Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .695Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 22

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 22 preview image

Loading page ...

About the AuthorDonald Bachais a systems engineer with a health research organization.He’s the technical lead responsible for the design and implementation ofnetworking, compute, virtualization, storage, and disaster recovery systems.Over the past 18 years, Donald has supported cloud services provider, enter-prise, and data center environments by contributing to complex routing andswitching, data center, storage, and virtualization projects in both greenfieldand brownfield deployments. His certifications include CCNP Enterprise,CCNP Data Center, and VCAP-DCV. He holds a master’s of businessadministration. Donald can be found at www.allthingsvirtual.net and onTwitter at @donald_bacha.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 23

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 23 preview image

Loading page ...

DedicationFirst, I dedicate this book to our Lord and Savior Jesus Christ (I can do all thingsthrough Christ which strengthens me.—Philippians 4:13). He has blessed me with theopportunity to learn, write, and share my knowledge. To my father and mother,thank you for always supporting and encouraging me.AcknowledgmentsA debt of gratitude goes out to executive acquisitions editor James Manly forgiving me the opportunity to author this book and for his guidance. A specialthank you to my development editor, Ellie Bru, who did well working to getthis title out and for making it as strong as it can be. Many thanks go out toMandie Frank and Kitty Wilson for ensuring that this book looks good andreads easily. I would like to thank the entire Pearson team and those whocontributed in one way or another to this project.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 24

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 24 preview image

Loading page ...

About the Technical ReviewerRaymond Lacostehas dedicated his career to developing the skills of thoseinterested in IT. In 2001, he began to mentor hundreds of IT profession-als pursuing their Cisco certification dreams. This role led to teaching Ciscocourses full time. Raymond is currently master instructor for Cisco EnterpriseRouting and Switching, AWS, and ITIL at StormWind Studios. Raymondtreats all technologies as an escape room, working to uncover every mysteryin the protocols he works with. Along this journey, Raymond has passed morethan 110 exams, and his office wall includes certificates from Microsoft, Cisco,ISC2, ITIL, AWS, and CompTIA. If you were visualizing Raymond’s office,you’d probably expect the usual network equipment, certifications, and awards.Those certainly take up space, but they aren’t his pride and joy. Most impres-sive, at least to Raymond, is his gemstone and mineral collection; once hestarts talking about it, he just can’t stop. Who doesn’t get excited by a won-drous barite specimen in a pyrite matrix? Raymond presently resides with hiswife and two children in eastern Canada, where they experience many adven-tures together.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 25

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 25 preview image

Loading page ...

We Want to Hear from You!As the reader of this book,youare our most important critic and commenta-tor. We value your opinion and want to know what we’re doing right, what wecould do better, what areas you’d like to see us publish in, and any other wordsof wisdom you're willing to pass our way.We welcome your comments. You can email or write to let us know what youdid or didn’t like about this book—as well as what we can do to make our booksbetter.Please note that we cannot help you with technical problems related to the topic ofthis book.When you write, please be sure to include this book’s title and author as wellas your name and email address. We will carefully review your comments andshare them with the author and editors who worked on the book.Email:community@informit.comReader ServicesRegister your copy ofCCNP and CCIE Enterprise Core ENCOR 350-401 ExamCramat www.pearsonitcertification.com for convenient access to downloads,updates, and corrections as they become available. To start the registrationprocess, go to www.pearsonitcertification.com/register and log in or createan account*. Enter the product ISBN 9780136891932 and click Submit.When the process is complete, you will find any available bonus content underRegistered Products.*Be sure to check the box that you would like to hear from us to receive exclu-sive discounts on future editions of this product.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 26

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 26 preview image

Loading page ...

IntroductionWelcome toCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram.This book is a late-stage preparation tool that covers the CCNP/CCIEENCOR 350-401 certification exam. It provides the information you needto quickly and efficiently go over all the topics covered on the CCNP/CCIEENCOR 350-401 exam. ThisExam Cramprovides concise and exam-focusedcoverage of all of the CCNP/CCIE ENCOR 350-401 exam domains andobjectives. It allows you to assess your preparedness and helps you to practicethrough questions and examples of the exam topics. The information you findin thisExam Cramwill aid you in your success as you build knowledge, gainexperience, and review for the CCNP/CCIE ENCOR 350-401 exam.About CCNP ENCOR 350-401Exam CramThisExam Cramfollows a predefined structure that makes the book easy tostudy as it provides the material in a concise manner. It also allows for thetesting of knowledge as you go through each chapter, covering the variousENCOR domains and objectives. This book includes the following helpfulelements:Cram Sheet:This foldout tear card that appears inside the front coverof the book presents important information that you should go over justbefore taking the exam. It is the most important “cram” element of thebook and, as such, is presented as concisely as possible.Chapter Topics:Each chapter begins with a list of the exam objectivesthat are covered in the chapter as well as a list of the main topics in thechapters. The chapter's topics are then covered in a concise manner, withbrief examples and figures where needed.CramSavers:Each chapter contains a short-answer quiz that allows youto assess how knowledgeable you are about the topics covered in thechapter. It helps you figure out if you should skip the entire chapter orskim the material and skip ahead to the Exam Alerts and CramQuizzesfor particular sections.Exam Alerts:These notes provide exam-specific information that isimportant for you to know before you take the exam. Pay attentionto Exam Alerts because the material they cover is likely to appear onthe exam.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 27

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 27 preview image

Loading page ...

xxivCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramCram Quizzes:Each section of a chapter ends with a handful ofmultiple-choice questions that test your knowledge of the topics coveredin that section. You will find the answers and explanations following eachquiz.Review Questions:End-of-chapter review questions help you solidifywhat you have learned related to the topics for a particular chapter.Chances are you have picked up this book in the early stage of your studies.TheExam Cramseries was designed for late-stage study. So, unless you are veryfamiliar with the technologies covered in the CCNP/CCIE ENCOR 350-401exam and have considerable experience configuring and troubleshooting Cisconetworks, it is highly recommended that you not use this book as your solestudy resource. ThisExam Cramis recommended for use after core knowledgehas been built.Both Cisco Press and Pearson IT Certification offer a number of CCNP/CCIEstudy materials to help you learn the core networking technologies coveredon the CCNP/CCIE ENCOR 350-401 exam. The following highly recom-mended resources will help you gain core knowledge of the topics covered onthe CCNP/CCIE ENCOR 350-401 exam:CCNP and CCIE Enterprise Core 350-401 Official Cert Guideby JasonGooley, Ramiro Garza Rios, Bradley Edgeworth, and David Hucaby(ISBN 978-1-58714-523-0):This official cert guide provides in-depthcoverage of the domains and objectives of the CCNP/CCIE ENCOR350-401 exam.CCNP and CCIE Enterprise Core & CCNP Advanced RoutingPortable Command Guideby Patrick Gargano and Scott Empson(ISBN: 978-0-13-576816-7):This book includes lots of configurationand verification examples to aid you in understanding the IOS commandsyou will encounter on the ENCOR and ENARSI exams.CCNP Enterprise Advanced Routing ENARSI 300-410 OfficialCert Guideby Raymond Lacoste and Brad Edgeworth(ISBN 978-1587145254):I recommend that you read the routing-related chapters of this book (the first set of chapters, which coversEIGRP, OSPF, and BGP) to supplement your Layer 3 core knowledge.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 28

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 28 preview image

Loading page ...

IntroductionxxvThe coauthor, Raymond Lacoste, is also the technical reviewer of thisExam Cram.Cisco Modeling Labs (CML) Personal:CML Personal (formerly CiscoVIRL) is a powerful network virtualization and orchestration platformyou can use to study for Cisco certifications. CML Personal uses realCisco IOS images and gives you the ability to simulate networks reliably.Both IOSv and IOSvL2 images are included. The majority of the top-ics that are coved in the CCNP/CCIE ENCOR 350-401 exam can bepracticed using CML Personal. CML Personal allows up to 20 concur-rent simulated nodes, and CML Personal Plus supports up to 40 concur-rent simulated nodes. The majority of the examples in thisExam Cramwere created using CML Personal. For more information on CML Per-sonal, see https://developer.cisco.com/docs/modeling-labs. Cisco CMLPersonal can be purchased from the Cisco Learning Network Store athttps://learningnetworkstore.cisco.com/cisco-modeling-labs-personal/cisco-cml-personal.About the ENCOR 350-401 ExamThe material in thisExam Cramcloselyfollows the official exam domainsand objectives to ensure your success on the CCNP/CCIE ENCOR 350-401exam. To earn the CCNP Enterprise certification, there is no formal prereq-uisite, although Cisco recommends that you have a good understanding ofthe exam topics before taking the exams. In addition, Cisco recommends thatCCNP candidates have three to five years of experience implementing enter-prise networking solutions.To earn the CCNP Enterprise certification, you have to pass two exams: onerequired exam that covers core enterprise technologies and one enterprise con-centration exam of your choice, based on your technical area of focus. Passingany of these concentration exams also allows you to earn an individual Special-ist certification that helps recognize your accomplishments along the way toearning your CCNP Enterprise certification. These are the requirements forearning the CCNP Enterprise certification:Required exam: 350-401: Implementing and Operating Cisco EnterpriseNetwork Core Technologies (ENCOR)One concentration exam:Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 29

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 29 preview image

Loading page ...

xxviCCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram300-410: Implementing Cisco Enterprise Advanced Routing andServices (ENARSI)300-415: Implementing Cisco SD-WAN Solutions (ENSDWI)300-420: Designing Cisco Enterprise Networks (ENSLD)300-425: Designing Cisco Enterprise Wireless Networks (ENWLSD)300-430: Implementing Cisco Enterprise Wireless Networks(ENWLSI)300-435: Implementing Automation for Cisco Enterprise Solutions(ENAUI)This book focuses on the required 350-401 (ENCOR) exam. It is a 120-minuteexam that tests your knowledge of enterprise infrastructure, including dual-stack architecture, virtualization, infrastructure, network assurance, security,and automation. The CCNP/CCIE ENCOR 350-401 exam is also the qualify-ing exam for the CCIE Enterprise Infrastructure and CCIE Enterprise Wire-less certifications. Once you pass the CCNP/CCIE ENCOR 350-401 exam,you are automatically qualified to schedule and take the CCIE lab exam inthose tracks.Cisco ENCOR 350-401 Exam TopicsTable I-1 lists general exam topics (that is, objectives) and specific top-ics under each general topic (that is, subobjectives) for the CCNP/CCIEENCOR 350-401 exam. This table also lists the chapter in which eachexam topic is covered.ThisExam Cramcovers every domain and objective of the CCNP/CCIEENCOR 350-401 exam. It follows the official exam objectives closely toensure your success on the CCNP/CCIE ENCOR 350-401 exam. As such,all of the contents, including CramSaver, Cram Quizzes, and ReviewQuestions, map to specific objectives of the CCNP/CCIE ENCOR350-401 exam. The latest CCNP/CCIE ENCOR 350-401 exam objectivescan be found on the Cisco Learning Network at https://learningnetwork.cisco.com/s/encor-exam-topics.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 30

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 30 preview image

Loading page ...

xxviiIntroductionTABLE I-1ENCOR 350-401 Exam TopicsChapterENCOR Exam Objectives1.0 Architecture1.1 Explain the different design principles used in an enter-prise network19: Enterprise NetworkDesign Principles1.1.a Enterprise network design such as Tier 2, Tier 3, andFabric Capacity planning19: Enterprise NetworkDesign Principles1.1.b High availability techniques such as redundancy,FHRP, and SSO1.2 Analyze design principles of a WLAN deployment20: Wireless LANDeployments1.2.1 Wireless deployment models (centralized, distributed,controller-less, controller based, cloud, remote branch)20: Wireless LANDeployments1.2.b Location services in a WLAN design21: On-Premises vs.Cloud Infrastructure1.3 Differentiate between on-premises and cloud infrastruc-ture deployments1.4 Explain the working principles of the Cisco SD-WANsolution22: SD-WAN1.4.a SD-WAN control and data planes elements22: SD-WAN1.4.b Traditional WAN and SD-WAN solutions1.5 Explain the working principles of the Cisco SD-Accesssolution23: SD-Access1.5.a SD-Access control and data planes elements23: SD-Access1.5.b Traditional campus interoperating with SD-Access1.6 Describe concepts of wired and wireless QoS24: QoS1.6.a QoS components24: QoS1.6.b QoS policy1.7 Differentiate hardware and software switchingmechanisms25: Switching1.7.a Process and CEF25: Switching1.7.b MAC address table and TCAM25: Switching1.7.c FIB vs. RIB2.0 Virtualization2.1 Describe device virtualization technologies26: Basic Virtualization2.1.a Hypervisor type 1 and 226: Basic Virtualization2.1.b Virtual machine26: Basic Virtualization2.1.c Virtual switchingHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Page 31

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022) - Page 31 preview image

Loading page ...

xxviiiCCNP and CCIE Enterprise Core ENCOR 350-401 Exam CramChapterENCOR Exam Objectives2.2 Configure and verify data path virtualizationtechnologies27: VRF Instances, GRE,and IPsec2.2.a VRF27: VRF Instances, GRE,and IPsec2.2.b GRE and IPsec tunneling2.3 Describe network virtualization concepts28: Extending theNetwork Virtually2.3.a LISP28: Extending theNetwork Virtually2.3.b VXLAN3.0 Infrastructure3.1 Layer 21: Understanding Layer 23.1.a Troubleshoot static and dynamic 802.1q trunkingprotocols1: Understanding Layer 23.1.b Troubleshoot static and dynamic EtherChannels1: Understanding Layer 23.1.c Configure and verify common Spanning TreeProtocols (RSTP and MST)3.2 Layer 32: Understanding Layer3: IGPs3.2.a Compare routing concepts of EIGRP and OSPF(advanced distance vector vs. link state, load balancing,path selection, path operations, metrics)2: Understanding Layer3: IGPs3.2.b Configure and verify simple OSPF environments,including multiple normal areas, summarization, and filter-ing (neighbor adjacency, point-to-point and broadcast net-work types, and passive interface)3: Understanding Layer3: BGP3.2.c Configure and verify eBGP between directly con-nected neighbors (best path selection algorithm and neigh-bor relationships)3.3 Wireless5: Enterprise Wireless3.3.a Describe Layer 1 concepts, such as RF power, RSSI,SNR, interference noise, band and channels, wireless clientdevices capabilities5: Enterprise Wireless3.3.b Describe AP modes and antenna types5: Enterprise Wireless3.3.c Describe access point discovery and join process(discovery algorithms, WLC selection process)5: Enterprise Wireless3.3.d Describe the main principles and use cases for Layer2 and Layer 3 roamingHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.
Preview Mode

This document has 798 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Cisco Certified Network Professional

Related Documents

View all
Certification Guides

CCNP Enterprise Certification Study Guide (2020)

Certification Guides

CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide (2020)

Certification Guides

CCNP Enterprise Wireless Design ENWLSD 300-425 and Implementation ENWLSI 300-430 Official Cert Guide (2024)

Certification Guides

CCNP and CCIE Data Center Core DCCOR 350-601 2nd Ed Official Cert Guide (2024)

Certification Guides

CCNP Enterprise Design ENSLD 300-420 Official Cert Guide (2024)

Certification Guides

CCNP and CCIE Enterprise Core and CCNP Advanced Routing Portable Command Guide: All ENCOR (350-401) and ENARSI (300-410) (2020)

Certification Guides

CCNP and CCIE Data Center Core DCCOR 350-601 Official Cert Guide (2023)

Certification Guides

CCNP and CCIE Enterprise Core ENCOR 350-401 Exam Cram (2022)

Certification Guides

CCNP Enterprise Design ENSLD 300-420 Official Cert Guide: Designing Cisco Enterprise Networks (2020)

Certification Guides

CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide (2023)