Here is the official Expanded Blueprint for ENCOR that I promised my students. Please note there is a change log following the expanded blueprint as there will be tweaks and improvements to this work.
If you love this document – please feel free to share it. If you don’t like it, then just go away. ๐
- 1.0 Architecture
- 1.1 Design Principles in an Enterprise
- 3 Tier “Classic”
- Function of each layer
- 2 Tier “Collapsed Core”
- 2 Tier “Spine-Leaf”
- Function of each layer
- Connectivity between layers
- Fabric Capacity Planning
- Overlay vs Underlay
- High Availability
- Redundancy
- First Hop Redundancy Protocol (FHRP)
- HSRP
- VRRP
- GLBP
- Stateful Switchover
- 3 Tier “Classic”
- 1.2 Design Principles in WLAN
- Wireless deployment models
- CAPWAP
- Centralized
- Distributed
- Controller-less
- Controller-based
- Cloud
- Remote branch (FlexConnect)
- Location services
- Clients
- RFID tracking
- Wireless deployment models
- 1.3 On-prem versus cloud infrastructure deployments
- CapEx versus OpEx
- Reduced procurement delays
- Pay as you go
- Security
- Flexibility
- Global
- API-centric
- 1.4 SD-WAN
- Traditional WAN issues
- SD-WAN components
- Control plane
- Data plane
- 1.5 SD-Access
- Control plane
- Data plane
- Policy plane
- Traditional campus and SD-Access integration
- 1.6 Wired and wireless QoS
- QoS approaches
- QoS DiffServ components
- Wireless QoS policies
- 1.7 Hardware versus switching mechanisms
- Process switching
- CEF switching
- RIB
- FIB
- MAC address table
- TCAM
- 1.1 Design Principles in an Enterprise
- 2.0 Virtualization
- 2.1 Device virtualization technologies
- Type 1 hypervisor
- Type 2 hypervisor
- Virtual machine
- Virtual switching
- 2.2 Data path virtualization
- Virtual Routing and Forwarding (VRF)
- Generic Routing Encapsulation (GRE)
- IPsec
- 2.3 Network virtualization concepts
- LISP
- VXLAN
- 2.1 Device virtualization technologies
- 3.0 Infrastructure
- 3.1 Layer 2
- Static 802.1Q trunks
- Dynamic 802.1Q trunks
- switchport nonegotiate
- Allowed VLANs on trunks
- VTP
- VTP pruning
- Static Layer 2 EtherChannel
- Dynamic Layer 2 EtherChannel
- Static Layer 3 EtherChannel
- Dynamic Layer 3 EtherChannel
- RSTP
- MSTP
- 3.2 Layer 3
- Compare EIGRP and OSPF
- Algorithm
- Load balancing
- Path selection
- Path operations
- Metric
- Configure and verify OSPF
- Normal areas
- Filtering
- Summarization
- Passive interface
- Network types
- Neighbor states
- Configure and verify eBGP
- eBGP Multihop
- BGP neighbor states
- BGP best path selection algorithm
- Compare EIGRP and OSPF
- 3.3 Wireless
- Layer 1 concepts
- RF power
- EIRP
- RSSI
- SNR
- Sources of interference
- Microwaves
- Radar
- Baby monitors
- Cordless phones
- Neighbors
- CCX
- 802.11
- AP modes
- Local
- Monitor
- FlexConnect
- Sniffer
- Rogue Detector
- Bridge
- Flex + Bridge
- SE-Connect
- AP boot process
- AP discovery of WLC
- Internal preset
- DHCP and DNS
- DHCP option 43
- CISCO-CAPWAP-CONTROLLER.local-domain
- Broadcast
- Antenna types
- Omnidirectional
- Dipole
- Integrated
- Directional
- Yagi
- Dish
- Omnidirectional
- Roaming
- Intracontroller
- Intercontroller
- Layer 2
- Layer 3
- Enhancements
- CCKM
- Key Caching
- 802.11r
- Anchor versus Foreign
- Mobility Groups
- Troubleshooting the WLC, APs, Clients
- Autonomous AP to switch
- Lightweight AP to WLC
- Client to AP
- Layer 1 concepts
- 3.4 IP Services
- Network Time Protocol theory
- Configure and verify dynamic inside source NAT/PAT
- Configure and verify HSRP
- Configure and verify VRRP
- Configure and verify GLBP
- PIM theory
- Multicast tree
- RPF check
- PIM-SM
- PIM-DM
- PIM-S/D Mode
- Auto-RP
- BSR
- Static RP
- Bidirectional PIM
- SSM
- IGMP theory
- Version 2
- Version 3
- 3.1 Layer 2
- 4.0 Network Assurance
- 4.1 Tools
- Debugs
- Conditional debugs
- Trace
- PING
- SNMP
- 4.2 syslog
- 4.3 NetFlow and Flexible NetFlow
- 4.4 SPAN/RSPAN/ERSPAN
- 4.5 IP SLA
- IP SLA Responder
- 4.6 Cisco DNA Center
- Workflows
- 4.7 NETCONF and RESTCONF
- 4.1 Tools
- 5.0 Security
- 5.1 Device access control
- Device lines protections
- Privilege levels
- Password protections
- service password-encryption
- secret passwords
- AAA
- Device lines protections
- 5.2 Infrastructure security features
- ACLs
- Operation
- Standard
- Extended
- CoPP theory and operation
- ACLs
- 5.3 REST API Security
- Classic HTTP
- Token
- OAuth
- 5.4 Wireless security
- EAP variations
- WebAuth
- PSK
- WEP, WPA, WPA2, WPA3
- Components (theory only)
- Unified Threat Defense
- Cisco AMP
- Firepower NGFW
- Firepower NGIPS
- Firepower Management Center
- TrustSec
- MACSec
- 802.1X
- MAB
- WebAuth
- 5.1 Device access control
- 6.0 Automation
- 6.1 Basic Python theory
- 6.2 Create JSON file
- Basic syntax
- Use all data types
- Compare to XML
- 6.3 YANG theory (relate to NETCONF and RESTCONF)
- 6.4 APIs for DNA Center and vManage
- 6.5 REST API Response Codes
- Informational responses (
100โ199) - Successful responses (
200โ299) - Redirects (
300โ399) - Client errors (
400โ499) - Server errors (
500โ599)
- Informational responses (
- 6.6 EEM
- Applet
- Script
- 6.7 Automation tools
- Chef
- Puppet
- Ansible
- SaltStack
Change Log
- 3/26/2020 completed the initial draft