Architecture (15%)

1. Explain the different design principles used in an enterprise network

• Enterprise network design such as Tier 2, Tier 3, and Fabric Capacity planning
• High availability techniques such as redundancy, FHRP, and SSO

2. Analyze design principles of a WLAN deployment

• Wireless deployment models (centralized, distributed, controller-less, controller based, cloud, remote branch)
• Location services in a WLAN design

3. Differentiate between on-premises and cloud infrastructure deployments
4. Explain the working principles of the Cisco SD-WAN solution

• SD-WAN control and data planes elements
• Traditional WAN and SD-WAN solutions

5. Explain the working principles of the Cisco SD-Access solution

• SD-Access control and data planes elements
• Traditional campus interoperating with SD-Access

6. Describe concepts of wired and wireless QoS

• QoS components
• QoS policy

7. Differentiate hardware and software switching mechanisms

• Process and CEF
• MAC address table and TCAM
• FIB vs. RIB

Virtualization (20%)

1. Describe device virtualization technologies

• Hypervisor type 1 and 2
• Virtual machine
• Virtual switching

2. Configure and verify data path virtualization technologies

• VRF
• GRE and IPsec tunneling

3. Describe network virtualization concepts

• LISP
• VXLAN

Infrastructure (30%)

1. Layer 2

• Troubleshoot static and dynamic 802.1q trunking protocols
• Troubleshoot static and dynamic EtherChannels
• Configure and verify common Spanning Tree Protocols (RSTP and MST)

2. Layer 3

• Compare routing concepts of EIGRP and OSPF (advanced distance vector vs. linked state, load balancing, path selection, path operations, metrics)
• Configure and verify simple OSPF environments, including multiple normal areas, summarization, and filtering (neighbor adjacency, point-to-point and broadcast network types, and passive interface)
• Configure and verify eBGP between directly connected neighbors (best path selection algorithm and neighbor relationships)

3. Wireless

• Describe Layer 1 concepts, such as RF power, RSSI, SNR, interference noise, band and channels, and wireless client devices capabilities
• Describe AP modes and antenna types
• Describe access point discovery and join process (discovery algorithms, WLC selection process)
• Describe the main principles and use cases for Layer 2 and Layer 3 roaming
• Troubleshoot WLAN configuration and wireless client connectivity issues

4. IP Services

• Describe Network Time Protocol (NTP)
• Configure and verify NAT/PAT
• Configure first hop redundancy protocols, such as HSRP and VRRP
• Describe multicast protocols, such as PIM and IGMP v2/v3

Network Assurance (10%)

1. Diagnose network problems using tools such as debugs, conditional debugs,

trace route, ping, SNMP, and syslog

2. Configure and verify device monitoring using syslog for remote logging
3. Configure and verify NetFlow and Flexible NetFlow
4. Configure and verify SPAN/RSPAN/ERSPAN
5. Configure and verify IPSLA
6. Describe Cisco DNA Center workflows to apply network configuration, monitoring,

and management

7. Configure and verify NETCONF and RESTCONF

Security (20%)

1. Configure and verify device access control

• Lines and password protection
• Authentication and authorization using AAA

2. Configure and verify infrastructure security features

• ACLs
• CoPP

3. Describe REST API security
4. Configure and verify wireless security features

• EAP
• WebAuth
• PSK

5. Describe the components of network security design

• Threat defense
• Endpoint security
• Next-generation firewall
• TrustSec, MACsec
• Network access control with 802.1X, MAB, and WebAuth

Automation (15%)

1. Interpret basic Python components and scripts
2. Construct valid JSON encoded file
3. Describe the high-level principles and benefits of a data modeling language,

such as YANG

4. Describe APIs for Cisco DNA Center and vManage
5. Interpret REST API response codes and results in payload using Cisco DNA Center

and RESTCONF

6. Construct EEM applet to automate configuration, troubleshooting, or data

collection

7. Compare agent vs. agentless orchestration tools, such as Chef, Puppet, Ansible, and

SaltStack

Layer 3 Technologies (35%)

1. Troubleshoot administrative distance (all routing protocols)
2. Troubleshoot route map for any routing protocol (attributes, tagging, filtering)
3. Troubleshoot loop prevention mechanisms (filtering, tagging, split horizon, route poisoning)

4. Troubleshoot redistribution between any routing protocols or routing sources
5. Troubleshoot manual and auto-summarization with any routing protocol
6. Configure and verify policy-based routing
7. Configure and verify VRF-Lite
8. Describe Bidirectional Forwarding Detection
9. Troubleshoot EIGRP (classic and named mode)

• Address families (IPv4, IPv6)
• Neighbor relationship and authentication
• Loop-free path selections (RD, FD, FC, successor, feasible successor, stuck in active)

• Stubs
• Load balancing (equal and unequal cost)
• Metrics

10. Troubleshoot OSPF (v2/v3)

• Address families (IPv4, IPv6)
• Neighbor relationship and authentication
• Network types, area types, and router types
• Point-to-point, multipoint, broadcast, nonbroadcast
• Area type: backbone, normal, transit, stub, NSSA, totally stub
• Internal router, backbone router, ABR, ASBR
• Virtual link
• Path preference

11. Troubleshoot BGP (Internal and External)

• Address families (IPv4, IPv6)
• Neighbor relationship and authentication (next-hop, mulithop, 4-byte AS, private AS, route refresh, synchronization, operation, peer group, states and timers)
• Path preference (attributes and best-path)
• Route reflector (excluding multiple route reflectors, confederations, dynamic peer)

• Policies (inbound/outbound filtering, path manipulation)

VPN Technologies (20%)

1. Describe MPLS operations (LSR, LDP, label switching, LSP)
2. Describe MPLS Layer 3 VPN
3. Configure and verify DMVPN (single hub)

• GRE/mGRE
• NHRP
• IPsec
• Dynamic neighbor
• Spoke-to-spoke

Infrastructure Security (20%)

1. Troubleshoot device security using IOS AAA (TACACS+, RADIUS, local database)
2. Troubleshoot router security features

• IPv4 access control lists (standard, extended, time-based)
• IPv6 traffic filter
• Unicast reverse path forwarding (uRPF)

3. Troubleshoot control plane policing (CoPP) (Telnet, SSH, HTTP(S), SNMP, EIGRP, OSPF, BGP)

4. Describe IPv6 First Hop security features (RA guard, DHCP guard, binding table, ND inspection/snooping, source guard)

Infrastructure Services (25%)

1. Troubleshoot device management

• Console and VTY
• Telnet, HTTP, HTTPS, SSH, SCP
• (T)FTP

2. Troubleshoot SNMP (v2c, v3)
3. Troubleshoot network problems using logging (local, syslog, debugs, conditional debugs, timestamps)

4. Troubleshoot IPv4 and IPv6 DHCP (DHCP client, IOS DHCP server, DHCP relay, DHCP options)

5. Troubleshoot network performance issues using IP SLA (jitter, tracking objects, delay, connectivity)

6. Troubleshoot NetFlow (v5, v9, flexible NetFlow)
7. Troubleshoot network problems using Cisco DNA Center assurance (connectivity, monitoring, device health, network health)

Architecture (20%)

2. Describe Cisco SD-WAN Architecture and Components
   • Orchestration plane (vBond, NAT)
   • Management plane (vManage)
   • Control plane (vSmart, OMP)
   • Data plane (vEdge)
   • TLOC
   • IPsec
   • vRoute
   • BFD
3. Describe WAN Edge platform types, capabilities (vEdges, cEdges)

Controller Deployment (15%)

1. Describe controller cloud deployment
2. Describe Controller on-Prem Deployment

• Hosting platform (KVM/Hypervisor)
• Installing controllers
• Scalability and redundancy

3. Configure and verify certificates and whitelisting

4.Troubleshoot control-plane connectivity between controllers

Router Deployment (20%)

1. Describe WAN Edge deployment
   • On-boarding
   • Orchestration with zero-touch provisioning/plug-and-play
   • Single/multi data center/regional hub deployments

2. Configure and verify SD-WAN data plane

• Circuit termination/TLOC-extension
• Underlay-overlay connectivity

3. Configure and verify OMP
4. Configure and verify TLOCs
5. Configure and verify CLI and vManage feature configuration templates

• VRRP
• OSPF
• BGP

Policies (20%)

1. Configure and verify control policies
2. Configure and verify data policies
3. Configure and verify end-to-end segmentation

• VPN segmentation
• Topologies

4. Configure and verify SD-WAN application-aware routing
5. Configure and verify direct Internet access

Security and Quality of Service (15%)

1. Configure and verify service insertion
2. Describe application-aware firewall
3. Configure and verify QoS treatment on WAN edge routers

• Scheduling
• Queuing
• Shaping
• Policing

Management and Operations (10%)

1. Describe monitoring and reporting from vManage
2. Configure and verify monitoring and reporting
3. Describe REST API monitoring
4. Describe software upgrade from vManage

Advanced Addressing and Routing Solutions (25%)

1. Create structured addressing plans for IPv4 and IPv6
2. Create stable, secure, and scalable routing designs for IS-IS

3. Create stable, secure, and scalable routing designs for EIGRP
4. Create stable, secure, and scalable routing designs for OSPF
5. Create stable, secure, and scalable routing designs for BGP
   • Address families
   • Basic route filtering
   • Attributes for path preference
   • Route reflectors
   • Load sharing

6. Determine IPv6 migration strategies

• Overlay (tunneling)
• Native (dual-stacking)
• Boundaries (IPv4/IPv6 translations)

Advanced Enterprise Campus Networks (25%)

1. Design campus networks for high availability

• First Hop Redundancy Protocols
• Platform abstraction techniques
• Graceful restart
• BFD

2. Design campus Layer 2 infrastructures

• STP scalability
• Fast convergence
• Loop-free technologies
• PoE and WoL

3. Design multicampus Layer 3 infrastructures

• Convergence
• Load sharing
• Route summarization
• Route filtering
• VRFs
• Optimal topologies
• Redistribution

4. Describe SD-Access Architecture (underlay, overlay, control and data plane, automation, wireless, and security)
5. Describe SD-Access fabric design considerations for wired and wireless access (overlay, fabric design, control plan design, border design, segmentation, virtual networks, scalability, over the top and fabric for wireless, multicast)

WAN for Enterprise Networks (20%)

1. Compare WAN connectivity options

• Layer 2 VPN
• MPLS Layer 3 VPN
• Metro Ethernet
• DWDM
• 4G/5G
• SD-WAN customer edge

2. Design site-to-site VPN

• Dynamic Multipoint VPN (DMVPN)
• Layer 2 VPN
• MPLS Layer 3 VPN
• IPsec
• Generic Routing Encapsulation (GRE)
• Group Encrypted Transport VPN (GET VPN)

3. Design high availability for enterprise WAN

• Single-homed
• Multihomed
• Backup connectivity
• Failover

4. Describe Cisco SD-WAN Architecture (orchestration plane, management plane, control plane, data plane, on-boarding and provisioning, security)
5. Describe Cisco SD-WAN design considerations (control plane design, overlay design, LAN design, high availability, redundancy, scalability, security design, QoS and multicast over SD-WAN fabric)

Network Services (20%)

1. Select appropriate QoS strategies to meet customer requirements (DiffServ, IntServ)

2. Design end-to-end QoS policies
   • Classification and marking
   • Shaping
   • Policing
   • Queuing

3. Design network management techniques

• In-band vs. out-of-band
• Segmented management networks
• Prioritizing network management traffic

4. Describe multicast routing concepts (source trees, shared trees, RPF,

rendezvous points)

5. Design multicast services (SSM, PIM bidirectional, MSDP)

Automation (10%)

1. Choose the correct YANG data model set based on requirements
2. Differentiate between IETF, Openconfig, and Cisco native YANG models
3. Differentiate between NETCONF and RESTCONF
4. Describe the impact of model-driven telemetry on the network

• Periodic publication
• On-change publication

5. Compare dial-in and dial-out approaches to model-driven telemetry

Wireless Site Survey (25%)

2. Collect design requirements and evaluate constraints
   • Client density
   • Real time applications
   • AP type
   • Deployment type (data, location, voice, video)
   • Security
3. 2. Describe material attenuation and its effect on wireless design
4. Perform and analyze a Layer 1 site survey
5. Perform a pre-deployment site survey
6. Perform a post deployment site survey
7. Perform a predictive site survey
8. Utilize planning tools and evaluate key network metrics (Ekahau, AirMagnet, PI, Chanalyzer, Spectrum Analyzer)

Wired and WirelessInfrastructure (30%)

1. Determine physical infrastructure requirements such as AP power, cabling, switch port capacity, mounting, and grounding
2. Determine logical infrastructure requirements such as WLC/AP licensing requirements based on the type of wireless architecture

3. Design radio management

• RRM
• RF profiles
• RxSOP

4. Apply design requirements for these types of wireless networks

• Data
• Voice and video
• Location
• Hyperlocation

5. Design high-density wireless networks and their associated components (campus, lecture halls, conference rooms)

6. Design wireless bridging (mesh)

• Modes of operation
• Ethernet bridging
• WGB and roaming

Mobility (25%)

1. Design mobility groups based on mobility roles
2. Optimize client roaming
3. Validate mobility tunneling for data and control path

WLAN High Availability (20%)

1. Design high availability for controllers

• Network availability through LAG
• Stateful Switchover (SSO)
• Anchor controller priority and redundancy

2. Design high availability for Aps

• AP prioritization
• Fall-back (assigning primary, secondary, and tertiary)

FlexConnect (15%)

1. Deploy FlexConnect components such as switching and operating modes
2. Deploy FlexConnect capabilities
   • FlexConnect groups and roaming
   • Split tunneling and fault tolerance
   • VLAN-based central switching and Flex ACL
   • Smart AP image upgrade1.3Implement Office Extend

QoS on a Wireless Network (10%)

1. Implement QoS schemes based on requirements including wired to wireless mapping

2. Implement QoS for wireless clients
3. Implement AVC including Fastlane (only on WLC)

Multicast (10%)

1. Implement multicast components
2. Describe how multicast can affect wireless networks
3. Implement multicast on a WLAN
4. Implement mDNS
5. Implement Multicast Direct

Location Services (10%)

1. Deploy MSE and CMX on a wireless network
2. Implement location services
   • client tracking
   • RFID tags (tracking only)
   • Interferers
   • Rogue Aps
   • Clients

Advanced Location Services (10%)

1. Implement CMX components

• Detect and locate
• Analytics
• Presence services

2. Implement location-aware guest services using custom portal and Facebook Wi-Fi

3. Troubleshoot location accuracy using Cisco Hyperlocation
4. Troubleshoot CMX high availability
5. Implement wIPS using MSE

Security for Wireless Client Connectivity (20%)

1. Configure client profiling on WLC and ISE
2. Implement BYOD and guest
   • CWA using ISE (including self-registration portal)
   • LWA using ISE or WLC
   • Native supplicant provisioning using ISE
   • Certificate provisioning on the controller

Implement 802.1X and AAA on different wireless architectures and ISE6.4Implement Identity-Based Networking on different wireless architectures (VLANs, QoS, ACLs)

Monitoring (15%)

1. Utilize reports on PI and Cisco DNA center
2. Manage alarms and rogues (APs and clients)

• WLC
• PI
• Cisco DNA center

3. Manage RF interferers

• WLC
• PI
• Cisco DNA center

4. Troubleshoot client connectivity

• WLC
• ISE
• PI
• Cisco DNA center

Device Hardening (10%)

1. Implement device access controls (including RADIUS and TACACS+)
2. Implement access point authentication (including 802.1X) 8.3Implement CPU ACLs on the controller

Network Programmability Foundation (10%)

1. Utilize common version control operations with git (add, clone, push, commit, diff, branching, merging conflict)

2. Describe characteristics of API styles (REST and RPC)
3. Describe the challenges encountered and patterns used when consuming APIs Synchronously and Asynchronously

1. Interpret Python scripts containing data types, functions, classes, conditions, and looping

5. Describe the benefits of Python virtual environments
6. Explain the benefits of using network configuration tools such as Ansible and Puppet for automating IOS XE platforms

Automate APIs and Protocols (10%)

1. Identify the JSON instance based on a YANG model
2. Identify the XML instance based on a YANG model
3. Interpret a YANG module tree generated per RFC8340
4. Compare functionality, benefits, and uses of OpenConfig, IETF, and native YANG models

5. Compare functionality, benefits, and uses of NETCONF and RESTCONF

Network Device Programmability (20%)

1. Implement device management and monitoring using NetMiko
2. Construct a Python script using ncclient that uses NETCONF to manage and monitor an IOS XE device

3. Configure device using RESTCONF API utilizing Python requests library
4. Utilize Ansible to configure an IOS XE device
5. Configure a subscription for model driven telemetry on an IOS XE device (CLI, NETCONF, and RESTCONF)

6. Compare publication and subscription telemetry models
   • Periodic / cadence
   • On-c hange

7. Describe the benefits and usage of telemetry data in troubleshooting the network

8. Describe Day 0 provisioning methods

• iPXE
• PnP
• ZTP

Cisco DNA Center (20%)

1. Compare traditional versus software-defined networks
2. Describe the features and capabilities of Cisco DNA Center

• Network assurance APIs
• Intent APIs
• Multivendor support (3rd party SDKs)
• Events and notifications

3. Implement Cisco DNA Center event outbound webhooks
4. Implement API requests for Cisco DNA Center to accomplish network management tasks

• Intent APIs
• Command Runner APIs
• Site APIs

2. Implement API requests for Cisco DNA Center to accomplish network management tasks using these APIs

• Network discovery and device APIs
• Template APIs (Apply a template)

6. Troubleshoot Cisco DNA Center automation process using Intent APIs

Cisco SD-WAN (20%)

1. Describe features and capabilities of Cisco SD-WAN vManage Certificate Management APIs
2. Implement a Python script to perform API requests for Cisco SD-WAN vManage Device Inventory APIs to retrieve and display data
3. Construct API requests for Cisco SD-WAN vManage Administration APIs
4. Implement a Python script to perform API requests for Cisco SD-WAN vManage Configuration APIs to modify Cisco SD-WAN fabric configuration

3. Construct API requests for Cisco SD-WAN vManage Monitoring APIs (Including real-time)

6. Troubleshoot a Cisco SD-WAN deployment using vManage APIs

Cisco Meraki (20%)

1. Describe features and capabilities of Cisco Meraki
   • Location Scanning APIs
   • MV Sense APIs
   • External Captive Portal APIs
   • WebHook Alert APIs

2. Create a network using Cisco Meraki APIs
3. Configure a network using Cisco Meraki APIs
4. Implement a Python script for Cisco Meraki Alert WebHooks