Tag Archives: Blueprint

CCNA Blueprint

1.0 Operation of IP Data Networks

1.1 Recognize the purpose and functions of various network devices such as routers, switches, bridges and hubs

1.2 Select the components required to meet a given network specification

1.3 Identify common applications and their impact on the network

1.4 Describe the purpose and basic operation of the protocols in the OSI and TCP/IP models

1.5 Predict the data flow between two hosts across a network

1.6 Identify the appropriate media, cables, ports, and connectors to connect Cisco network devices to other network devices and hosts in a LAN

2.0 LAN Switching  Technologies

2.1 Determine the technology and media access control method for Ethernet networks2.2 Identify basic switching concepts and the operation of Cisco switches

  • 2.2.a Collision Domains
  • 2.2.b Broadcast Domains
  • 2.2.c Ways to switch
    • 2.2.c [i] Store
    • 2.2.c [ii] Forward
    • 2.2.c [iii] Cut through
  • 2.2.d CAM Table

2.3 Configure and verify initial switch configuration including remote access management

  • 2.3.a hostname
  • 2.3.b mgmt IP address
  • 2.3.c IP default-gateway
  • 2.3.d local user and password
  • 2.3.e enable secret password
  • 2.3.f console and VTY logins
  • 2.3.g exec-timeout
  • 2.3.h service password encryption
  • 2.3.i copy run start

2.4 Verify network status and switch operation using basic utilities such as

  • 2.4.a ping
  • 2.4.b telnet
  • 2.4.c SSH

2.5 Describe how VLANs create logically separate networks and the need for routing between them

  • 2.5.a Explain network segmentation and basic traffic management concepts

2.6 Configure and verify VLANs

2.7 Configure and verify trunking on Cisco switches

  • 2.7.a dtp (topic)
  • 2.7.b auto-negotiation

2.8 Identify enhanced switching technologies

  • 2.8.a RSTP
  • 2.8.b PVSTP
  • 2.8.c Etherchannels

2.9 Configure and verify PVSTP operation

  • 2.9.a Describe root bridge election
  • 2.9.b Spanning tree mode

3.0 IP Addressing  (IPv4/IPv6)

3.1 Describe the operation and necessity of using private and public IP addresses for IPv4 addressing3.2 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment3.3 Identify the appropriate IPv4 addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment.3.4 Describe the technological requirements for running IPv6 in conjunction with IPv4

  • 3.4.a dual stack

3.5 Describe IPv6 addresses

  • 3.5.a global unicast
  • 3.5.b multicast
  • 3.5.c link local
  • 3.5.d unique local
  • 3.5.e eui 64
  • 3.5.f auto-configuration

4.0 IP Routing  Technologies

4.1 Describe basic routing concepts

  • 4.1.a packet forwarding
  • 4.1.b router lookup process
  • 4.1.c Process Switching/Fast Switching/CEF

4.2 Configure and verify utilizing the CLI to set basic Router configuration

  • 4.2.a hostname
  • 4.2.b local user and password
  • 4.2.c enable secret password
  • 4.2.d console and VTY logins
  • 4.2.e exec-timeout
  • 4.2.f service password encryption
  • 4.2.g Interface IP Address
    • 4.2.g [i] loopback
  • 4.2.h banner
  • 4.2.i motd
  • 4.2.j copy run start

4.3 Configure and verify operation status of a device interface

  • 4.3.a Serial
  • 4.3.b Ethernet

4.4 Verify router configuration and network connectivity using

  • 4.4.a ping
    • 4.4.a [i] extended
  • 4.4.b traceroute
  • 4.4.c telnet
  • 4.4.d SSH
  • 4.4.e sh cdp neighbors

4.5 Configure and verify routing configuration for a static or default route given specific routing requirements

4.6 Differentiate methods of routing and routing protocols

  • 4.6.a Static versus Dynamic
  • 4.6.b Link state versus Distance Vector
  • 4.6.c next hop
  • 4.6.d ip routing table
  • 4.6.e Passive Interfaces (how they work)
  • 4.6.f Admin Distance
  • 4.6.g split horizon
  • 4.6.h metric

4.7 Configure and verify OSPF

  • 4.7.a Benefit of single area
  • 4.7.b Configure OSPv2
  • 4.7.c Configure OSPv3
  • 4.7.d Router ID
  • 4.7.e Passive Interface
  • 4.7.f Discuss multi-area OSPF
  • 4.7.g Understand LSA types and purpose

4.8 Configure and verify interVLAN routing (Router on a stick)

  • 4.8.a sub interfaces
  • 4.8.b upstream routing
  • 4.8.c encapsulation

4.9 Configure SVI interfaces

4.10 Manage Cisco IOS Files

  • 4.10.a Boot Preferences
  • 4.10.b Cisco IOS Images (15)
  • 4.10.c Licensing
    • 4.10.c [i] Show license
    • 4.10.c [ii] Change license

4.11 Configure and verify EIGRP (single AS)

  • 4.11.a Feasible Distance/Feasible Successors/Administrative distance
  • 4.11.b Feasibility condition
  • 4.11.c Metric composition
  • 4.11.d Router ID
  • 4.11.e auto summary
  • 4.11.f Path Selection
  • 4.11.g Load Balancing
    • 4.11.g [i] Unequal
    • 4.11.g [ii] Equal

5.0 IP Services

5.1 Configure and verify DHCP (IOS Router)

  • 5.1.a Configuring router interfaces to use DHCP
  • 5.1.b DHCP options (basic overview and functionality)
  • 5.1.c Excluded addresses
  • 5.1.d Lease time

5.2 Describe the types, features, and applications of ACLs

  • 5.2.a standard (editing and sequence numbers)
  • 5.2.b extended
  • 5.2.c named
  • 5.2.d numbered
  • 5.2.e Log option

5.3 Configure and verify ACLs in a network environment

  • 5.3.a named
  • 5.3.b numbered
  • 5.3.c Log option

5.4 Identify the basic operation of NAT

  • 5.4.a purpose
  • 5.4.b pool
  • 5.4.c static
  • 5.4.d 1 to 1
  • 5.4.e overloading
  • 5.4.f source addressing
  • 5.4.g one way NAT

5.5 Configure and verify NAT for given network requirements

5.6 Configure and verify NTP as a client.

5.7 Recognize High availability (FHRP)

  • 5.7.a VRRP
  • 5.7.b HSRP
  • 5.7.c GLBP

5.8 Configure and verify syslog

  • 5.8.a Utilize Syslog Output

5.9 Describe SNMP v2 and v3

6.0 Network Device  Security

6.1 Configure and verify network device security features

  • 6.1.a Device password security
  • 6.1.b enable secret versus enable
  • 6.1.c Transport
  • 6.1.c.1 disable telnet
  • 6.1.c.2 SSH
  • 6.1.d VTYs
  • 6.1.e physical security
  • 6.1.f service password
  • 6.1.g Describe external authentication methods

6.2 Configure and verify Switch Port Security

  • 6.2.a Sticky mac
  • 6.2.b MAC address limitation
  • 6.2.c static/dynamic
  • 6.2.d violation modes
    • 6.2.d [i] err disable
    • 6.2.d [ii] shutdown
    • 6.2.d [iii] protect restrict
  • 6.2.e shutdown unused ports
  • 6.2.f err disable recovery
  • 6.2.g assign unused ports in unused VLANs
  • 6.2.h putting Native VLAN to other than VLAN 1

6.3 Configure and verify ACLs to filter network traffic

6.4 Configure and verify ACLs to limit telnet and SSH access to the router

7.0 Troubleshooting

7.1 Troubleshoot and correct common problems associated with IP addressing and host configurations7.2 Troubleshoot and resolve VLAN problems

  • 7.2.a Identify that VLANs are configured
  • 7.2.b Verify port membership correct
  • 7.2.c Correct IP address configured

7.3 Troubleshoot and resolve trunking problems on Cisco switches

  • 7.3.a Verify correct trunk states
  • 7.3.b Verify correct encapsulation configured
  • 7.3.c Correct VLANs allowed

7.4 Troubleshoot and resolve ACL issues

  • 7.4.a Verify statistics
  • 7.4.b Verify permitted networks
  • 7.4.c Verify direction
    • 7.4.c [i] Interface

7.5 Troubleshoot and resolve Layer 1 problems

  • 7.5.a Framing
  • 7.5.b CRC
  • 7.5.c Runts
  • 7.5.d Giants
  • 7.5.e Dropped packets
  • 7.5.f Late collisions
  • 7.5.g Input/output errors

7.6 Identify and correct common network problems

7.7 Troubleshoot and resolve spanning tree operation issues

  • 7.7.a Verify root switch
  • 7.7.b Verify priority
  • 7.7.c Verify mode is correct
  • 7.7.d Verify port states

7.8 Troubleshoot and resolve routing issues

  • 7.8.a Verify routing is enabled (sh IP protocols)
  • 7.8.b Verify routing table is correct
  • 7.8.c Verify correct path selection

7.9 Troubleshoot and resolve OSPF problems

  • 7.9.a Verify neighbor adjacencies
  • 7.9.b Verify Hello and Dead timers
  • 7.9.c Verify OSPF area
  • 7.9.d Verify interface MTU
  • 7.9.e Verify network types
  • 7.9.f Verify neighbor states
  • 7.9.g Review OSPF topology table

7.10 Troubleshoot and resolve EIGRP problems

  • 7.10.a Verify neighbor adjacencies
  • 7.10.b Verify AS number
  • 7.10.c Verify load balancing
  • 7.10.d Split horizon

7.11 Troubleshoot and resolve interVLAN routing problems

  • 7.11.a Verify connectivity
  • 7.11.b Verify encapsulation
  • 7.11.c Verify subnet
  • 7.11.d Verify native VLAN
  • 7.11.e Port mode trunk status

7.12 Troubleshoot and resolve WAN implementation issues

  • 7.12.a Serial interfaces
  • 7.12.b Frame relay
  • 7.12.c PPP

7.13 Monitor NetFlow statistics

7.14 TS EtherChannel problems

8.0 WAN Technologies

8.1 Identify different WAN technologies

  • 8.1.a Metro ethernet
  • 8.1.b VSAT
  • 8.1.c Cellular 3g/4g
  • 8.1.d MPLS
  • 8.1.e T1/E1
  • 8.1.f ISDN
  • 8.1.g DSL
  • 8.1.h Frame relay
  • 8.1.i Cable
  • 8.1.j VPN

8.2 Configure and verify a basic WAN serial connection

8.3 Configure and verify a PPP connection between Cisco routers

8.4 Configure and verify Frame Relay on Cisco routers

8.5 Implement and troubleshoot PPPoE

Upcoming changes to CCIE V5 written blueprint

it just got bigger…


coming to a testing center near you july 2016

Evolving Technologies Domain

1. Cloud

1.1: Compare and contrast Cloud deployment models

•  Infrastructure, platform, and software services (XaaS)

•  Performance and reliability

•  Security and privacy

•  Scalability and interoperability

1.2: Describe Cloud implementations and operations

• Automation and orchestration

• Workload mobility

• Troubleshooting and management

•  OpenStack components

2. Network Programmability

2.1: Describe functional elements of network programmability (SDN) and how

they interact

•  Controllers

•  APIs

•  Scripting

•  Agents

•  Northbound vs. Southbound protocols

2.2: Describe aspects of virtualization and automation in network environments

•  DevOps methodologies, tools and workflows

•  Network/application function virtualization (NFV, AFV)

•  Service function chaining

•  Performance, availability, and scaling considerations

3. Internet of Things

3.1: Describe architectural framework and deployment considerations for Internet of Things (IoT)

•  Performance, reliability and scalability

•  Mobility

•  Security and privacy

•  Standards and compliance

•  Migration

•  Environmental impacts on the network



Reference Material for Evolving Technology section

Created by Madhukar: Cisco Team on Nov 3, 2015 4:01 PM. Last modified by Madhukar: Cisco Team on Nov 18, 2015 1:49 PM.

Cisco Press books

Reference URLs

Cisco Live presentations

CCIE Community Events

Cisco DevNet

Recommended Courses


SWITCH 300-115: Blueprint

1.0 Layer 2 Technologies

1.1 Configure and verify switch administration

  • 1.1.a SDM templates
  • 1.1.b Managing MAC address table
  • 1.1.c Troubleshoot Err-disable recovery

1.2 Configure and verify Layer 2 protocols

  • 1.2.a CDP, LLDP
  • 1.2.b UDLD

1.3 Configure and verify VLANs

  • 1.3.a Access ports
  • 1.3.b VLAN database
  • 1.3.c Normal, extended VLAN, voice VLAN

1.4 Configure and verify trunking

  • 1.4.a VTPv1, VTPv2, VTPv3, VTP pruning
  • 1.4.b dot1Q
  • 1.4.c Native VLAN
  • 1.4.d Manual pruning

1.5 Configure and verify EtherChannels

  • 1.5.a LACP, PAgP, manual
  • 1.5.b Layer 2, Layer 3
  • 1.5.c Load balancing
  • 1.5.d EtherChannel misconfiguration guard

1.6 Configure and verify spanning tree

  • 1.6.a PVST+, RPVST+, MST
  • 1.6.b Switch priority, port priority, path cost, STP timers
  • 1.6.c PortFast, BPDUguard, BPDUfilter
  • 1.6.d Loopguard and Rootguard

1.7 Configure and verify other LAN switching technologies

  • 1.7.a SPAN, RSPAN

1.8 Describe chassis virtualization and aggregation technologies

  • 1.8.a Stackwise

2.0 Infrastructure Security

2.1 Configure and verify switch security features

  • 2.1.a DHCP snooping
  • 2.1.b IP Source Guard
  • 2.1.c Dynamic ARP inspection
  • 2.1.d Port security
  • 2.1.e Private VLAN
  • 2.1.f Storm control

2.2 Describe device security using Cisco IOS AAA with TACACS+ and RADIUS

  • 2.2.a AAA with TACACS+ and RADIUS
  • 2.2.b Local privilege authorization fallback

3.0 Infrastructure Services

3.1 Configure and verify first-hop redundancy protocols

  • 3.1.a HSRP
  • 3.1.b VRRP
  • 3.1.c GLBP

CCIE V5 Blueprint

CCIE Routing and Switching Written Exam v5.0 (400-101) Exam Topics

Exam Description


The CCIE written exam is a two-hour qualification exam.  The exam uses a combination of multiple choice questions and simulations to assess skills.  Exams are closed book and no reference materials are allowed.


The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Download Complete List of Topics in PDF format


1.0 Network Principles


Hide Details

1.1 Network theory

  • 1.1.a Describe basic software architecture differences between IOS and IOS XE
    • 1.1.a [i] Control plane and Forwarding plane
    • 1.1.a [ii] Impact to troubleshooting and performances
    • 1.1.a [iii] Excluding specific platform’s architecture
  • 1.1.b Identify Cisco express forwarding concepts
    • 1.1.b [i] RIB, FIB, LFIB, Adjacency table
    • 1.1.b [ii] Load balancing Hash
    • 1.1.b [iii] Polarization concept and avoidance
  • 1.1.c Explain general network challenges
    • 1.1.c [i] Unicast flooding
    • 1.1.c [ii] Out of order packets
    • 1.1.c [iii] Asymmetric routing
    • 1.1.c [iv] Impact of micro burst
  • 1.1.d Explain IP operations
    • 1.1.d [i] ICMP unreachable, redirect
    • 1.1.d [ii] IPv4 options, IPv6 extension headers
    • 1.1.d [iii] IPv4 and IPv6 fragmentation
    • 1.1.d [iv] TTL
    • 1.1.d [v] IP MTU
  • 1.1.e Explain TCP operations
    • 1.1.e [i] IPv4 and IPv6 PMTU
    • 1.1.e [ii] MSS
    • 1.1.e [iii] Latency
    • 1.1.e [iv] Windowing
    • 1.1.e [v] Bandwidth delay product
    • 1.1.e [vi] Global synchronization
    • 1.1.e [vii] Options
  • 1.1.f Explain UDP operations
    • 1.1.f [i] Starvation
    • 1.1.f [ii] Latency
    • 1.1.f [iii] RTP/RTCP concepts

1.2 Network implementation and operation

  • 1.2.a Evaluate proposed changes to a network
    • 1.2.a [i] Changes to routing protocol parameters
    • 1.2.a [ii] Migrate parts of a network to IPv6
    • 1.2.a [iii] Routing protocol migration
    • 1.2.a [iv] Adding multicast support
    • 1.2.a [v] Migrate spanning tree protocol
    • 1.2.a [vi] Evaluate impact of new traffic on existing QoS design

1.3 Network troubleshooting

  • 1.3.a Use IOS troubleshooting tools
    • 1.3.a [i] debug, conditional debug
    • 1.3.a [ii] ping, traceroute with extended options
    • 1.3.a [iii] Embedded packet capture
    • 1.3.a [iv] Performance monitor
  • 1.3.b Apply troubleshooting methodologies
    • 1.3.b [i] Diagnose the root cause of networking issue [analyze symptoms, identify and describe root cause]
    • 1.3.b [ii] Design and implement valid solutions according to constraints
    • 1.3.b [iii] Verify and monitor resolution
  • 1.3.c Interpret packet capture
    • 1.3.c [i] Using Wireshark trace analyzer
    • 1.3.c [ii] Using IOS embedded packet capture

2.0 Layer 2 Technologies


Hide Details

2.1 LAN switching technologies

  • 2.1.a Implement and troubleshoot switch administration
    • 2.1.a [i] Managing MAC address table
    • 2.1.a [ii] errdisable recovery
    • 2.1.a [iii] L2 MTU
  • 2.1.b Implement and troubleshoot layer 2 protocols
    • 2.1.b [i] CDP, LLDP
    • 2.1.b [ii] UDLD
  • 2.1.c Implement and troubleshoot VLAN
    • 2.1.c [i] Access ports
    • 2.1.c [ii] VLAN database
    • 2.1.c [iii] Normal, extended VLAN, voice VLAN
  • 2.1.d Implement and troubleshoot trunking
    • 2.1.d [i] VTPv1, VTPv2, VTPv3, VTP pruning
    • 2.1.d [ii] dot1Q
    • 2.1.d [iii] Native VLAN
    • 2.1.d [iv] Manual pruning
  • 2.1.e Implement and troubleshoot EtherChannel
    • 2.1.e [i] LACP, PAgP, manual
    • 2.1.e [ii] Layer 2, layer 3
    • 2.1.e [iii] Load-balancing
    • 2.1.e [iv] Etherchannel misconfiguration guard
  • 2.1.f Implement and troubleshoot spanning-tree
    • 2.1.f [i] PVST+/RPVST+/MST
    • 2.1.f [ii] Switch priority, port priority, path cost, STP timers
    • 2.1.f [iii] port fast, BPDUguard, BPDUfilter
    • 2.1.f [iv] loopguard, rootguard
  • 2.1.g Implement and troubleshoot other LAN switching technologies
    • 2.1.g [i] SPAN, RSPAN, ERSPAN
  • 2.1.h Describe chassis virtualization and aggregation technologies
    • 2.1.h [i] Multichassis
    • 2.1.h [ii] VSS concepts
    • 2.1.h [iii] Alternative to STP
    • 2.1.h [iv] Stackwise
    • 2.1.h [v] Excluding specific platform implementation
  • 2.1.i Describe spanning-tree concepts
    • 2.1.i [i] Compatibility between MST and RSTP
    • 2.1.i [ii] STP dispute, STP bridge assurance

2.2 Layer 2 multicast

  • 2.2.a Implement and troubleshoot IGMP
    • 2.2.a [i] IGMPv1, IGMPv2, IGMPv3
    • 2.2.a [ii] IGMP snooping
    • 2.2.a [iii] IGMP querier
    • 2.2.a [iv] IGMP filter
    • 2.2.a [v] IGMP proxy
  • 2.2.b Explain MLD
  • 2.2.c Explain PIM snooping

2.3 Layer 2 WAN circuit technologies

  • 2.3.a Implement and troubleshoot HDLC
  • 2.3.b Implement and troubleshoot PPP
    • 2.3.b [i] Authentication [PAP, CHAP]
    • 2.3.b [ii] PPPoE
    • 2.3.b [iii] MLPPP
  • 2.3.c Describe WAN rate-based ethernet circuits
    • 2.3.c [i] Metro and WAN Ethernet topologies
    • 2.3.c [ii] Use of rate-limited WAN ethernet services

3.0 Layer 3 Technologies


Hide Details

3.1 Addressing technologies

  • 3.1.a Identify, implement and troubleshoot IPv4 addressing and subnetting
    • 3.1.a [i] Address types, VLSM
    • 3.1.a [ii] ARP
  • 3.1.b Identify, implement and troubleshoot IPv6 addressing and subnetting
    • 3.1.b [i] Unicast, multicast
    • 3.1.b [ii] EUI-64
    • 3.1.b [iii] ND, RS/RA
    • 3.1.b [iv] Autoconfig/SLAAC, temporary addresses [RFC4941]
    • 3.1.b [v] Global prefix configuration feature
    • 3.1.b [vi] DHCP protocol operations
    • 3.1.b [vii] SLAAC/DHCPv6 interaction
    • 3.1.b [viii] Stateful, stateless DHCPv6
    • 3.1.b [ix] DHCPv6 prefix delegation

3.2 Layer 3 multicast

  • 3.2.a Troubleshoot reverse path forwarding
    • 3.2.a [i] RPF failure
    • 3.2.a [ii] RPF failure with tunnel interface
  • 3.2.b Implement and troubleshoot IPv4 protocol independent multicast
    • 3.2.b [i] PIM dense mode, sparse mode, sparse-dense mode
    • 3.2.b [ii] Static RP, auto-RP, BSR
    • 3.2.b [iii] BiDirectional PIM
    • 3.2.b [iv] Source-specific multicast
    • 3.2.b [v] Group to RP mapping
    • 3.2.b [vi] Multicast boundary
  • 3.2.c Implement and troubleshoot multicast source discovery protocol
    • 3.2.c [i] Intra-domain MSDP [anycast RP]
    • 3.2.c [ii] SA filter
  • 3.2.d Describe IPv6 multicast
    • 3.2.d [i] IPv6 multicast addresses
    • 3.2.d [ii] PIMv6

3.3 Fundamental routing concepts

  • 3.3.a Implement and troubleshoot static routing
  • 3.3.b Implement and troubleshoot default routing
  • 3.3.c Compare routing protocol types
    • 3.3.c [i] Distance vector
    • 3.3.c [ii] Link state
    • 3.3.c [iii] Path vector
  • 3.3.d Implement, optimize and troubleshoot administrative distance
  • 3.3.e Implement and troubleshoot passive interface
  • 3.3.f Implement and troubleshoot VRF lite
  • 3.3.g Implement, optimize and troubleshoot filtering with any routing protocol
  • 3.3.h Implement, optimize and troubleshoot redistribution between any routing protocol
  • 3.3.i Implement, optimize and troubleshoot manual and auto summarization with any routing protocol
  • 3.3.j Implement, optimize and troubleshoot policy-based routing
  • 3.3.k Identify and troubleshoot sub-optimal routing
  • 3.3.l Implement and troubleshoot bidirectional forwarding detection
  • 3.3.m Implement and troubleshoot loop prevention mechanisms
    • 3.3.m [i] Route tagging, filtering
    • 3.3.m [ii] Split horizon
    • 3.3.m [iii] Route poisoning
  • 3.3.n Implement and troubleshoot routing protocol authentication
    • 3.3.n [i] MD5
    • 3.3.n [ii] Key-chain
    • 3.3.n [iii] EIGRP HMAC SHA2-256bit
    • 3.3.n [iv] OSPFv2 SHA1-196bit
    • 3.3.n [v] OSPFv3 IPsec authentication

3.4 RIP [v2 and v6]

  • 3.4.a Implement and troubleshoot RIPv2
  • 3.4.b Describe RIPv6 [RIPng]

3.5 EIGRP [for IPv4 and IPv6]

  • 3.5.a Describe packet types
    • 3.5.a [i] Packet types [hello, query, update, and such]
    • 3.5.a [ii] Route types [internal, external]
  • 3.5.b Implement and troubleshoot neighbor relationship
    • 3.5.b [i] Multicast, unicast EIGRP peering
    • 3.5.b [ii] OTP point-to-point peering
    • 3.5.b [iii] OTP route-reflector peering
    • 3.5.b [iv] OTP multiple service providers scenario
  • 3.5.c Implement and troubleshoot loop free path selection
    • 3.5.c [i] RD, FD, FC, successor, feasible successor
    • 3.5.c [ii] Classic metric
    • 3.5.c [iii] Wide metric
  • 3.5.d Implement and troubleshoot operations
    • 3.5.d [i] General operations
    • 3.5.d [ii] Topology table, update, query, active, passive
    • 3.5.d [iii] Stuck in active
    • 3.5.d [iv] Graceful shutdown
  • 3.5.e Implement and troubleshoot EIGRP stub
    • 3.5.e [i] Stub
    • 3.5.e [ii] Leak-map
  • 3.5.f Implement and troubleshoot load-balancing
    • 3.5.f [i] equal-cost
    • 3.5.f [ii] unequal-cost
    • 3.5.f [iii] add-path
  • 3.5.g Implement EIGRP [multi-address] named mode
    • 3.5.g [i] Types of families
    • 3.5.g [ii] IPv4 address-family
    • 3.5.g [iii] IPv6 address-family
  • 3.5.h Implement, troubleshoot and optimize EIGRP convergence and scalability
    • 3.5.h [i] Describe fast convergence requirements
    • 3.5.h [ii] Control query boundaries
    • 3.5.h [iii] IP FRR/fast reroute [single hop]
    • 3.5.8 [iv] Summary leak-map
    • 3.5.h [v] Summary metric

3.6 OSPF [v2 and v3]

  • 3.6.a Describe packet types
    • 3.6.a [i] LSA yypes [1, 2, 3, 4, 5, 7, 9]
    • 3.6.a [ii] Route types [N1, N2, E1, E2]
  • 3.6.b Implement and troubleshoot neighbor relationship
  • 3.6.c Implement and troubleshoot OSPFv3 address-family support
    • 3.6.c [i] IPv4 address-family
    • 3.6.c [ii] IPv6 address-family
  • 3.6.d Implement and troubleshoot network types, area types and router types
    • 3.6.d [i] Point-to-point, multipoint, broadcast, non-broadcast
    • 3.6.d [ii] LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
    • 3.6.d [iii] Internal router, ABR, ASBR
    • 3.6.d [iv] Virtual link
  • 3.6.e Implement and troubleshoot path preference
  • 3.6.f Implement and troubleshoot operations
    • 3.6.f [i] General operations
    • 3.6.f [ii] Graceful shutdown
    • 3.6.f [iii] GTSM [Generic TTL Security Mechanism]
  • 3.6.g Implement, troubleshoot and optimize OSPF convergence and scalability
    • 3.6.g [i] Metrics
    • 3.6.g [ii] LSA throttling, SPF tuning, fast hello
    • 3.6.g [iii] LSA propagation control [area types, ISPF]
    • 3.6.g [iv] IP FRR/fast reroute [single hop]
    • 3.6.g [v] LFA/loop-free alternative [multi hop]
    • 3.6.g [vi] OSPFv3 prefix suppression

3.7 BGP

  • 3.7.a Describe, implement and troubleshoot peer relationships
    • 3.7.a [i] Peer-group, template
    • 3.7.a [ii] Active, passive
    • 3.7.a [iii] States, timers
    • 3.7.a [iv] Dynamic neighbors
  • 3.7.b Implement and troubleshoot IBGP and EBGP
    • 3.7.b [i] EBGP, IBGP
    • 3.7.b [ii] 4 bytes AS number
    • 3.7.b [iii] Private AS
  • 3.7.c Explain attributes and best-path selection
  • 3.7.d Implement, optimize and troubleshoot routing policies
    • 3.7.d [i] Attribute manipulation
    • 3.7.d [ii] Conditional advertisement
    • 3.7.d [iii] Outbound route filtering
    • 3.7.d [iv] Communities, extended communities
    • 3.7.d [v] Multi-homing
  • 3.7.e Implement and troubleshoot scalability
    • 3.7.e [i] Route-reflector, cluster
    • 3.7.e [ii] Confederations
    • 3.7.e [iii] Aggregation, AS set
  • 3.7.f Implement and troubleshoot multiproctocol BGP
    • 3.7.f [i] IPv4, IPv6, VPN address-family
  • 3.7.g Implement and troubleshoot AS path manipulations
    • 3.7.g [i] Local AS, allow AS in, remove private AS
    • 3.7.g [ii] Prepend
    • 3.7.g [iii] Regexp
  • 3.7.h Implement and troubleshoot other features
    • 3.7.h [i] Multipath
    • 3.7.h [ii] BGP synchronization
    • 3.7.h [iii] Soft reconfiguration, route refresh
  • 3.7.i Describe BGP fast convergence features
    • 3.7.i [i] Prefix independent convergence
    • 3.7.i [ii] Add-path
    • 3.7.i [iii] Next-hop address tracking

3.8 ISIS [for IPv4 and IPv6]

  • 3.8.a Describe basic ISIS network
    • 3.8.a [i] Single area, single topology
  • 3.8.b Describe neighbor relationship
  • 3.8.c Describe network types, levels and router types
    • 3.8.c [i] NSAP addressing
    • 3.8.c [ii] Point-to-point, broadcast
  • 3.8.d Describe operations
  • 3.8.e Describe optimization features
    • 3.8.e [i] Metrics, wide metric

4.0 VPN Technologies


Hide Details

4.1 Tunneling

  • 4.1.a Implement and troubleshoot MPLS operations
    • 4.1.a [i] Label stack, LSR, LSP
    • 4.1.a [ii] LDP
    • 4.1.a [iii] MPLS ping, MPLS traceroute
  • 4.1.b Implement and troubleshoot basic MPLS L3VPN
    • 4.1.b [i] L3VPN, CE, PE, P
    • 4.1.b [ii] Extranet [route leaking]
  • 4.1.c Implement and troubleshoot encapsulation
    • 4.1.c [i] GRE
    • 4.1.c [ii] Dynamic GRE
    • 4.1.c [iii] LISP encapsulation principles supporting EIGRP OTP
  • 4.1.d Implement and troubleshoot DMVPN [single hub]
    • 4.1.d [i] NHRP
    • 4.1.d [ii] DMVPN with IPsec using preshared key
    • 4.1.d [iii] QoS profile
    • 4.1.d [iv] Pre-classify
  • 4.1.e Describe IPv6 tunneling techniques
    • 4.1.e [i] 6in4, 6to4
    • 4.1.e [ii] ISATAP
    • 4.1.e [iii] 6RD
    • 4.1.e [iv] 6PE/6VPE
  • 4.1.g Describe basic layer 2 VPN —wireline
    • 4.1.g [i] L2TPv3 general principals
    • 4.1.g [ii] ATOM general principals
  • 4.1.h Describe basic L2VPN — LAN services
    • 4.1.h [i] MPLS-VPLS general principals
    • 4.1.h [ii] OTV general principals

4.2 Encryption

  • 4.2.a Implement and troubleshoot IPsec with preshared key
    • 4.2.a [i] IPv4 site to IPv4 site
    • 4.2.a [ii] IPv6 in IPv4 tunnels
    • 4.2.a [iii] Virtual tunneling Interface [VTI]
  • 4.2.b Describe GET VPN

5.0 Infrastructure Security


Hide Details

5.1 Device security

  • 5.1.a Implement and troubleshoot IOS AAA using local database
  • 5.1.b Implement and troubleshoot device access control
    • 5.1.b [i] Lines [VTY, AUX, console]
    • 5.1.b [ii] SNMP
    • 5.1.b [iii] Management plane protection
    • 5.1.b [iv] Password encryption
  • 5.1.c Implement and troubleshoot control plane policing
  • 5.1.d Describe device security using IOS AAA with TACACS+ and RADIUS
    • 5.1.d [i] AAA with TACACS+ and RADIUS
    • 5.1.d [ii] Local privilege authorization fallback

5.2 Network security

  • 5.2.a Implement and troubleshoot switch security features
    • 5.2.a [i] VACL, PACL
    • 5.2.a [ii] Stormcontrol
    • 5.2.a [iii] DHCP snooping
    • 5.2.a [iv] IP source-guard
    • 5.2.a [v] Dynamic ARP inspection
    • 5.2.a [vi] port-security
    • 5.2.a [vii] Private VLAN
  • 5.2.b Implement and troubleshoot router security features
    • 5.2.b [i] IPv4 access control lists [standard, extended, time-based]
    • 5.2.b [ii] IPv6 traffic filter
    • 5.2.b [iii] Unicast reverse path forwarding
  • 5.2.c Implement and troubleshoot IPv6 first hop security
    • 5.2.c [i] RA guard
    • 5.2.c [ii] DHCP guard
    • 5.2.c [iii] Binding table
    • 5.2.c [iv] Device tracking
    • 5.2.c [v] ND inspection/snooping
    • 5.2.c [vii] Source guard
    • 5.2.c [viii] PACL
  • 5.2.d Describe 802.1x
    • 5.2.d [i] 802.1x, EAP, RADIUS
    • 5.2.d [ii] MAC authentication bypass

6.0 Infrastructure Services


Hide Details

6.1 System management

  • 6.1.a Implement and troubleshoot device management
    • 6.1.a [i] Console and VTY
    • 6.1.a [ii] telnet, HTTP, HTTPS, SSH, SCP
    • 6.1.a [iii] [T]FTP
  • 6.1.b Implement and troubleshoot SNMP
    • 6.1.b [i] v2c, v3
  • 6.1.c Implement and troubleshoot logging
    • 6.1.c [i] Local logging, syslog, debug, conditional debug
    • 6.1.c [ii] Timestamp

6.2 Quality of service

  • 6.2.a Implement and troubleshoot end-to-end QoS
    • 6.2.a [i] CoS and DSCP mapping
  • 6.2.b Implement, optimize and troubleshoot QoS using MQC
    • 6.2.b [i] Classification
    • 6.2.b [ii] Network based application recognition [NBAR]
    • 6.2.b [iii] Marking using IP precedence, DSCP, CoS, ECN
    • 6.2.b [iv] Policing, shaping
    • 6.2.b [v] Congestion management [queuing]
    • 6.2.b [vi] HQoS, sub-rate ethernet link
    • 6.2.b [vii] Congestion avoidance [WRED]
  • 6.2.c Describe layer 2 QoS
    • 6.2.c [i] Queuing, scheduling
    • 6.2.c [ii] Classification, marking

6.3 Network services

  • 6.3.a Implement and troubleshoot first-hop redundancy protocols
    • 6.3.a [i] HSRP, GLBP, VRRP
    • 6.3.a [ii] Redundancy using IPv6 RS/RA
  • 6.3.b Implement and troubleshoot network time protocol
    • 6.3.b [i] NTP master, client, version 3, version 4
    • 6.3.b [ii] NTP Authentication
  • 6.3.c Implement and troubleshoot IPv4 and IPv6 DHCP
    • 6.3.c [i] DHCP client, IOS DHCP server, DHCP relay
    • 6.3.c [ii] DHCP options
    • 6.3.c [iii] DHCP protocol operations
    • 6.3.c [iv] SLAAC/DHCPv6 interaction
    • 6.3.c [v] Stateful, stateless DHCPv6
    • 6.3.c [vi] DHCPv6 prefix delegation
  • 6.3.d Implement and troubleshoot IPv4 network address translation
    • 6.3.d [i] Static NAT, dynamic NAT, policy-based NAT, PAT
    • 6.3.d [ii] NAT ALG
  • 6.3.e Describe IPv6 network address translation
    • 6.3.e [i] NAT64
    • 6.3.e [ii] NPTv6

6.4 Network optimization

  • 6.4.a Implement and troubleshoot IP SLA
    • 6.4.a [i] ICMP, UDP, Jitter, VoIP
  • 6.4.b Implement and troubleshoot tracking object
    • 6.4.b [i] Tracking object, tracking list
    • 6.4.b [ii] Tracking different entities [e.g. interfaces, routes, IPSLA, and such]
  • 6.4.c Implement and troubleshoot netflow
    • 6.4.c [i] Netflow v5, v9
    • 6.4.c [ii] Local retrieval
    • 6.4.c [iii] Export [configuration only]
  • 6.4.d Implement and troubleshoot embedded event manager
    • 6.4.d [i] EEM policy using applet
  • 6.4.e Identify performance routing [PfR]
    • 6.4.e [i] Basic load balancing
    • 6.4.e [ii] Voice optimization