Tag Archives: written

The CCDE Written Exam Core Technologies List

Here it is – the list of technologies we should know against the scope of the previously posted exam topics.

1.0 Transport Technologies
1.1 Ethernet
1.3 Frame relay (migration only)
1.4 Cellular and broadband (as transport methods)
1.5 Wireless
1.6 Physical mediums, such as fiber and copper

2.0 Layer 2 Control Plane
2.1 Physical media considerations
2.1.a Down detection
2.1.b Interface convergence characteristics
2.2 Loop detection protocols and loop-free topology mechanisms
2.2.a Spanning tree types
2.2.b Spanning tree tuning techniques
2.2.c Multipath
2.2.d Switch clustering
2.3 Loop detection and mitigation
2.4 Multicast switching
2.4.a IGMPv2, IGMPv3, MLDv1, MLDv2 2.4.b IGMP/MLD Snooping
2.4.c IGMP/MLD Querier
2.5 Fault isolation and resiliency
2.5.a Fate sharing
2.5.b Redundancy
2.5.c Virtualization
2.5.d Segmentation

3.0 Layer 3 Control Plane
3.1 Network hierarchy and topologies
3.1.a Layers and their purposes in various environments
3.1.b Network topology hiding
3.2 Unicast routing protocol operation (OSPF, EIGRP, ISIS, BGP, and RIP)
3.2.a Neighbor relationships
3.2.b Loop-free paths
3.2.c Flooding domains
3.2.d Scalability
3.2.e Routing policy
3.2.f Redistribution methods
3.3 Fast convergence techniques and mechanism
3.3.a Protocols
3.3.b Timers
3.3.c Topologies
3.3.d Loop-free alternates
3.4 Factors affecting convergence
3.4.a Recursion
3.4.b Micro-loops
3.5 Route aggregation
3.5.a When to leak routes / avoid suboptimal routing
3.5.b When to include more specific routes (up to and including host routes)
3.5.c Aggregation location and techniques
3.6 Fault isolation and resiliency
3.6.a Fate sharing
3.6.b Redundancy
3.7 Metric-based traffic flow and modification
3.7.a Metrics to modify traffic flow
3.7.b Third-party next hop
3.8 Generic routing and addressing concepts
3.8.a Policy-based routing
3.8.b NAT 3.8.c Subnetting
3.8.d RIB-FIB relationships
3.9 Multicast routing concepts
3.9.a General multicast concepts
3.9.b MSDP/anycast
3.9.c PIM

4.0 Network Virtualization
4.1 Multiprotocol Label Switching
4.1.a MPLS forwarding and control plane mechanisms
4.1.b MP-BGP and related address families
4.1.c LDP 4.2 Layer 2 and 3 VPN and tunneling technologies
4.2.a Tunneling technology selection (such as DMVPN, GETVPN, IPsec, MPLS, GRE)
4.2.b Tunneling endpoint selection
4.2.c Tunneling parameter optimization of end-user applications
4.2.d Effects of tunneling on routing
4.2.e Routing protocol selection and tuning for tunnels
4.2.f Route path selection
4.2.g MACsec (802.1ae)
4.2.h Infrastructure segmentation methods
4.2.h.i VLAN
4.2.h.ii PVLAN
4.2.h.iii VRF-Lite
4.3 SD-WAN
4.3.a Orchestration plane
4.3.b Management plane
4.3.c Control plane
4.3.d Data plane
4.3.e Segmentation
4.3.f Policy
4.3.f.i Security
4.3.f.ii Topologies
4.3.f.iii Application-based routing
4.4 Migration techniques
4.5 Design considerations
4.6 QOS techniques and strategies
4.6.a Application requirements
4.6.b Infrastructure requirements
4.7 Network management techniques
4.7.a Traditional (such as SNMP, SYSLOG)
4.7.b Model-driven (such as NETCONF, RESTCONF, gNMI, streaming telemetry)
4.8 Reference models and paradigms that are used in network management (such as FCAPS, ITIL®, TOGAF, and DevOps)

5.0 Security
5.1 Infrastructure security
5.1.a Device hardening techniques and control plane protection methods
5.1.b Management plane protection techniques
5.1.b.i CPU
5.1.b.ii Memory thresholding
5.1.b.iii Securing device access
5.1.c Data plane protection techniques
5.1.c.i QoS 5.1.d Layer 2 security techniques
5.1.d.i Dynamic ARP inspection
5.1.d.ii IPDT 5.1.d.iii STP security
5.1.d.iv Port security
5.1.d.v DHCP snooping
5.1.d.vi IPv6-specific security mechanisms
5.1.d.vii VACL
5.1.e Wireless security technologies
5.1.e.i WPA
5.1.e.ii WPA2
5.1.e.iii WPA3
5.1.e.iv TKIP
5.1.e.v AES
5.2 Protecting network services
5.2.a Deep packet inspection
5.2.b Data plane protection
5.3 Perimeter security and intrusion prevention
5.3.a Firewall deployment modes
5.3.a.i Routed
5.3.a.ii Transparent
5.3.a.iii Virtualization
5.3.a.iv Clustering and high availability
5.3.b Firewall features
5.3.b.i NAT
5.3.b.ii Application inspection
5.3.b.iii Traffic zones
5.3.b.iv Policy-based routing
5.3.b.v TLS inspection
5.3.b.vi User identity
5.3.b.vii Geolocation
5.3.c IPS/IDS deployment modes
5.3.c.i In-line
5.3.c.ii Passive
5.3.c.iii TAP
5.3.d Detect and mitigate common types of attacks
5.3.d.i DoS/DDoS
5.3.d.ii Evasion techniques
5.3.d.iii Spoofing
5.3.d.iv Man-in-the-middle
5.3.d.v Botnet
5.4 Network control and identity Management
5.4.a Wired and wireless network access control
5.4.b AAA for network access with 802.1X and MAB
5.4.c Guest and BYOD considerations
5.4.d Internal and external identity sources
5.4.e Certificate-based authentication
5.4.f EAP Chaining authentication method
5.4.g Integration with multifactor authentication

6.0 Wireless
6.1 IEEE 802.11 Standards and Protocols
6.1.a Indoor and outdoor RF deployments
6.1.a.i Coverage
6.1.a.ii Throughput
6.1.a.iii Voice
6.1.a.iv Location
6.1.a.v High density / very high density
6.2 Enterprise wireless network
6.2.a High availability, redundancy, and resiliency
6.2.b Controller-based mobility and controller placement
6.2.c L2/L3 roaming
6.2.d Tunnel traffic optimization
6.2.e AP groups
6.2.f AP modes

7.0 Automation
7.1 Zero-touch provisioning
7.2 Infrastructure as Code (tools, awareness, and when to use)
7.2.a Automation tools (i.e. Ansible)
7.2.b Orchestration platforms
7.2.c Programming Language (e.g. Python)
7.3 CI/CD Pipeline

Cisco – Migrating from STP to RSTP


A frequent CCIE-level written exam topic is STP (PVST+) to RSTP (Rapid-PVST) migrations. This post covers the high points you should be aware of.

Some Quick Notes

  • BackboneFast and UplinkFast are no longer necessary in RSTP environments as the equivalent advantages are built-in to RSTP
  • BPDUs are version 2 in RSTP which is compatible with version 0
  • All ports now send BPDUs and they act as a keepalive mechanism
  • The new port roles are designated, root, alternate, and backup
  • The new port states are forwarding, discarding, and learning
  • The new port types are shared, edge (PortFast), and P2P
  • When an RSTP port receives a legacy BPDU, it reverts back to compatible behavior and performance enhancement benefits are lost
  • BackboneFast is configured on all switches in order to function in STP and UplinkFast is configured on access layer devices


  • You are not forced into removing the BackboneFast and UplinkFast commands – if they are left in place, they do not impact the operation of RSTP
  • Removing the Uplinkfast command impacts the bridge priority and port cost values, so be sure you consider this
  • CatOS (FLASHBACK!) does not permit the BackboneFast command within RSTP so you must remove it in that legacy case
  • Plan a phased migration and use a maintenance window as traffic flows can be impacted
  • The configuration of the features such as PortFast, BPDUguard, BPDUfilter, root guard, and loopguard are applicable in rapid-PVST+ mode also