1.

0 Network Fundamentals

1.1 Compare and contrast OSI and TCP/IP models

1.2 Compare and contrast TCP and UDP protocols
1.3 Describe the impact of infrastructure components in an enterprise network
1.3.a Firewalls
1.3.b Access points
1.3.c Wireless controllers
1.4 Describe the effects of cloud resources on enterprise network architecture
1.4.a Traffic path to internal and external cloud services
1.4.b Virtual services
1.4.c Basic virtual network infrastructure
1.5 Compare and contrast collapsed core and three-tier architectures
1.6 Compare and contrast network topologies
1.6.a Star
1.6.b Mesh
1.6.c Hybrid
1.7 Select the appropriate cabling type based on implementation requirements
1.8 Apply troubleshooting methodologies to resolve problems
1.8.a Perform and document fault isolation
1.8.b Resolve or escalate
1.8.c Verify and monitor resolution
1.9 Configure, verify, and troubleshoot IPv4 addressing and subnetting
1.10 Compare and contrast IPv4 address types
1.10.a Unicast
1.10.b Broadcast
1.10.c Multicast
1.11 Describe the need for private IPv4 addressing
1.12 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environm
1.13 Configure, verify, and troubleshoot IPv6 addressing
1.14 Configure and verify IPv6 Stateless Address Auto Configuration
1.15 Compare and contrast IPv6 address types
1.15.a Global unicast
1.15.b Unique local
1.15.c Link local
1.15.d Multicast
1.15.e Modified EUI 64
1.15.f Autoconfiguration
1.15.g Anycast
2.0 LAN Switching Technologies

2.1 Describe and verify switching concepts

2.1.a MAC learning and aging
2.1.b Frame switching
2.1.c Frame flooding
2.1.d MAC address table
2.2 Interpret Ethernet frame format
2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)
2.4 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches
2.4.a Access ports (data and voice)
2.4.b Default VLAN
2.5 Configure, verify, and troubleshoot interswitch connectivity
2.5.a Trunk ports
2.5.b Add and remove VLANs on a trunk
2.5.c DTP, VTP (v1&v2), and 802.1Q
2.5.d Native VLAN
2.6 Configure, verify, and troubleshoot STP protocols
2.6.a STP mode (PVST+ and RPVST+)
2.6.b STP root bridge selection
2.7 Configure, verify and troubleshoot STP related optional features
2.7.a PortFast
2.7.b BPDU guard
2.8 Configure and verify Layer 2 protocols
2.8.a Cisco Discovery Protocol
2.8.b LLDP
2.9 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel
2.9.a Static
2.9.b PAGP
2.9.c LACP
2.10 Describe the benefits of switch stacking and chassis aggregation

3.0 Routing Technologies

1.0 Network Principles 10% Hide Details

 1.1 Identify Cisco Express Forwarding concepts
1.1.a FIB
1.1.b Adjacency table
1.2 Explain general network challenges
1.2.a Unicast
1.2.b Out-of-order packets
1.2.c Asymmetric routing
1.3 Describe IP operations
1.3.a ICMP Unreachable and Redirects
1.3.b IPv4 and IPv6 fragmentation
1.3.c TTL
1.4 Explain TCP operations
1.4.a IPv4 and IPv6 (P)MTU
1.4.b MSS
1.4.c Latency
1.4.d Windowing
1.4.e Bandwidth-delay product
1.4.f Global synchronization
1.5 Describe UDP operations
1.5.a Starvation
1.5.b Latency
1.6 Recognize proposed changes to the network
1.6.a Changes to routing protocol parameters
1.6.b Migrate parts of the network to IPv6
1.6.c Routing protocol migration

2.0 Layer 2 Technologies 10% Hide Details

2.1 Configure and verify PPP

2.1.a Authentication (PAP, CHAP)
2.1.b PPPoE (client side only)
2.2 Explain Frame Relay
2.2.a Operations
2.2.b Point-to-point
2.2.c Multipoint

3.0 Layer 3 Technologies 40% Hide Details

3.1 Identify, configure, and verify IPv4 addressing and subnetting
3.1.a Address types (Unicast, broadcast, multicast, and VLSM)
3.1.b ARP
3.1.c DHCP relay and server
3.1.d DHCP protocol operations
3.2 Identify IPv6 addressing and subnetting
3.2.a Unicast
3.2.b EUI-64
3.2.c ND, RS/RA
3.2.d Autoconfig (SLAAC)
3.2.e DHCP relay and server
3.2.f DHCP protocol operations
3.3 Configure and verify static routing
3.4 Configure and verify default routing
3.5 Evaluate routing protocol types
3.5.a Distance vector
3.5.b Link state
3.5.c Path vector
3.6 Describe administrative distance
3.7 Troubleshoot passive interfaces
3.8 Configure and verify VRF lite
3.9 Configure and verify filtering with any protocol
3.10 Configure and verify redistribution between any routing protocols or routing sources
3.11 Configure and verify manual and autosummarization with any routing protocol
3.12 Configure and verify policy-based routing
3.13 Identify suboptimal routing
3.14 Explain ROUTE maps
3.15 Configure and verify loop prevention mechanisms
3.15.a Route tagging and filtering
3.15.b Split-horizon
3.15.c Route poisoning
3.16 Configure and verify RIPv2
3.17 Describe RIPng
3.18 Describe EIGRP packet types
3.19 Configure and verify EIGRP neighbor relationship and authentication
3.20 Configure and verify EIGRP stubs
3.21 Configure and verify EIGRP load balancing
3.21.a Equal cost
3.21.b Unequal cost
3.22 Describe and optimize EIGRP metrics
 3.23 Configure and verify EIGRP for IPv6
3.24 Describe OSPF packet types
3.25 Configure and verify OSPF neighbor relationship and authentication
3.26 Configure and verify network types, area types, and router types
3.26.a Point-to-point, multipoint, broadcast, nonbroadcast
3.26.b LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.26.c Internal router, backbone router, ABR, ASBR
3.26.d Virtual link
3.27 Configure and verify OSPF path preference
3.28 Configure and verify OSPF operations
3.29 Configure and verify OSPF for IPv6
3.30 Describe, configure, and verify BGP peer relationships and authentication
3.30.a Peer group
3.30.b Active, passive
3.30.c States and timers
3.31 Configure and verify eBGP (IPv4 and IPv6 address families)
3.31.a eBGP
3.31.b 4-byte AS number
3.31.c Private AS
3.32 Explain BGP attributes and best-path selection

4.0 VPN Technologies 10% Hide Details

4.1 Configure and verify GRE

4.2 Describe DMVPN (single hub)
4.3 Describe Easy Virtual Networking (EVN)

5.0 Infrastructure Security 10% Hide Details

5.1 Describe IOS AAA using local database

5.2 Describe device security using IOS AAA with TACACS+ and RADIUS
5.2.a AAA with TACACS+ and RADIUS
5.2.b Local privilege authorization fallback
5.3 Configure and verify device access control
5.3.a Lines (VTY, AUX, console)
5.3.b Management plane protection
5.3.c Password encryption
5.4 Configure and verify router security features
 5.4.a IPv4 access control lists (standard, extended, time-based)
5.4.b IPv6 traffic filter
5.4.c Unicast reverse path forwarding

6.0 Infrastructure Services 20% Hide Details

6.1 Configure and verify device management

6.1.a Console and VTY
6.1.b Telnet, HTTP, HTTPS, SSH, SCP
6.1.c (T)FTP
6.2 Configure and verify SNMP
6.2.a v2
6.2.b v3
6.3 Configure and verify logging
6.3.a Local logging, syslog, debugs, conditional debugs
6.3.b Timestamps
6.4 Configure and verify Network Time Protocol (NTP)
6.4.a NTP master, client, version 3, version 4
6.4.b NTP authentication
6.5 Configure and verify IPv4 and IPv6 DHCP
6.5.a DHCP client, IOS DHCP server, DHCP relay
6.5.b DHCP options (describe)
6.6 Configure and verify IPv4 Network Address Translation (NAT)
6.6.a Static NAT, dynamic NAT, PAT
6.7 Describe IPv6 NAT
6.7.a NAT64
6.7.b NPTv6
6.8 Describe SLA architecture
6.9 Configure and verify IP SLA
6.9.a ICMP
6.10 Configure and verify tracking objects
6.10.a Tracking objects
6.10.b Tracking different entities (for example, interfaces, IPSLA results)
6.11 Configure and verify Cisco NetFlow
6.11.a NetFlow v5, v9
6.11.b Local retrieval
6.11.c Export (configuration only)
1.0 Layer 2 Technologies 65% Hide Details

1.1 Configure and verify switch administration

1.1.a SDM templates
1.1.b Managing MAC address table
1.1.c Troubleshoot Err-disable recovery
1.2 Configure and verify Layer 2 protocols
1.2.a CDP, LLDP
1.2.b UDLD
1.3 Configure and verify VLANs
1.3.a Access ports
1.3.b VLAN database
1.3.c Normal, extended VLAN, voice VLAN
1.4 Configure and verify trunking
1.4.a VTPv1, VTPv2, VTPv3, VTP pruning
1.4.b dot1Q
1.4.c Native VLAN
1.4.d Manual pruning
1.5 Configure and verify EtherChannels
1.5.a LACP, PAgP, manual
1.5.b Layer 2, Layer 3
1.5.c Load balancing
1.5.d EtherChannel misconfiguration guard
1.6 Configure and verify spanning tree
1.6.a PVST+, RPVST+, MST
1.6.b Switch priority, port priority, path cost, STP timers
1.6.c PortFast, BPDUguard, BPDUfilter
1.6.d Loopguard and Rootguard
1.7 Configure and verify other LAN switching technologies
1.7.a SPAN, RSPAN
1.8 Describe chassis virtualization and aggregation technologies
1.8.a Stackwise

2.0 Infrastructure Security 20% Hide Details

2.1 Configure and verify switch security features

2.1.a DHCP snooping
 2.1.b IP Source Guard
2.1.c Dynamic ARP inspection
2.1.d Port security
2.1.e Private VLAN
2.1.f Storm control
2.2 Describe device security using Cisco IOS AAA with TACACS+ and RADIUS
2.2.a AAA with TACACS+ and RADIUS
2.2.b Local privilege authorization fallback

3.0 Infrastructure Services 15% Hide Details

3.1 Configure and verify first-hop redundancy protocols

3.1.a HSRP
3.1.b VRRP
3.1.c GLBP

1.0 Network Principles 5% Hide Details

1.1 Use Cisco IOS troubleshooting tools

1.1.a Debug, conditional debug
1.1.b Ping and trace route with extended options
1.2 Apply troubleshooting methodologies
1.2.a Diagnose the root cause of networking issues (analyze symptoms, identify and describe root cause)
1.2.b Design and implement valid solutions
1.2.c Verify and monitor resolution

2.0 Layer 2 Technologies 40% Hide Details

2.1 Troubleshoot switch administration

2.1.a SDM templates
2.1.b Managing MAC address table
2.1.c Troubleshoot Err-disable recovery
2.2 Troubleshoot Layer 2 protocols
2.2.a CDP, LLDP
2.2.b UDLD
 2.3 Troubleshoot VLANs
2.3.a Access ports
2.3.b VLAN database
2.3.c Normal, extended VLAN, voice VLAN
2.4 Troubleshoot trunking
2.4.a VTPv1, VTPv2, VTPv3, VTP pruning
2.4.b dot1Q
2.4.c Native VLAN
2.4.d Manual pruning
2.5 Troubleshoot EtherChannels
2.5.a LACP, PAgP, manual
2.5.b Layer 2, Layer 3
2.5.c Load balancing
2.5.d EtherChannel misconfiguration guard
2.6 Troubleshoot spanning tree
2.6.a PVST+, RPVST +, MST
2.6.b Switch priority, port priority, path cost, STP timers
2.6.c PortFast, BPDUguard, BPDUfilter
2.6.d Loopguard, Rootguard
2.7 Troubleshoot other LAN switching technologies
2.7.a SPAN, RSPAN
2.8 Troubleshoot chassis virtualization and aggregation technologies
2.8.a Stackwise

3.0 Layer 3 Technologies 40% Hide Details

3.1 Troubleshoot IPv4 addressing and subnetting

3.1.a Address types (Unicast, broadcast, multicast, and VLSM)
3.1.b ARP
3.1.c DHCP relay and server
3.1.d DHCP protocol operations
3.2 Troubleshoot IPv6 addressing and subnetting
3.2.a Unicast
3.2.b EUI-64
3.2.c ND, RS/RA
3.2.d Autoconfig (SLAAC)
3.2.e DHCP relay and server
3.2.f DHCP protocol operations
3.3 Troubleshoot static routing
3.4 Troubleshoot default routing
3.5 Troubleshoot administrative distance
3.6 Troubleshoot passive interfaces
3.7 Troubleshoot VRF lite
3.8 Troubleshoot filtering with any protocol
3.9 Troubleshoot between any routing protocols or routing sources
3.10 Troubleshoot manual and autosummarization with any routing protocol
3.11 Troubleshoot policy-based routing
3.12 Troubleshoot suboptimal routing
3.13 Troubleshoot loop prevention mechanisms
3.13.a Route tagging, filtering
3.13.b Split-horizon
3.13.c Route poisoning
3.14 Troubleshoot RIPv2
3.15 Troubleshoot EIGRP neighbor relationship and authentication
3.16 Troubleshoot loop free path selection
3.16.a RD, FD, FC, successor, feasible successor
3.17 Troubleshoot EIGPR operations
3.17.a Stuck in active
3.18 Troubleshoot EIGRP stubs
3.19 Troubleshoot EIGRP load balancing
3.19.a Equal cost
3.19.b Unequal cost
3.20 Troubleshoot EIGRP metrics
3.21 Troubleshoot EIGRP for IPv6
3.22 Troubleshoot OSPF neighbor relationship and authentication
3.23 Troubleshoot network types, area types, and router types
3.23.a Point-to-point, multipoint, broadcast, nonbroadcast
3.23.b LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.23.c Internal router, backbone router, ABR, ASBR
3.23.d Virtual link
3.24 Troubleshoot OSPF path preference
3.25 Troubleshoot OSPF operations
3.26 Troubleshoot OSPF for IPv6
3.27 Troubleshoot BGP peer relationships and authentication
3.27.a Peer group
3.27.b Active, passive
3.27.c States and timers
3.28 Troubleshoot eBGP
 3.28.a eBGP
3.28.b 4-byte AS number
3.28.c Private AS

4.0 VPN Technologies 5% Hide Details

4.1 Troubleshoot GRE

5.0 Infrastructure Security 5% Hide Details

5.1 Troubleshoot IOS AAA using local database

5.2 Troubleshoot device access control
5.2.a Lines (VTY, AUX, console)
5.2.b Management plane protection
5.2.c Password encryption
5.3 Troubleshoot router security features
5.3.a IPv4 access control lists (standard, extended, time-based)
5.3.b IPv6 traffic filter
5.3.c Unicast reverse path forwarding

6.0 Infrastructure Services 5% Hide Details

6.1 Troubleshoot device management

6.1.a Console and VTY
6.1.b Telnet, HTTP, HTTPS, SSH, SCP
6.1.c (T) FTP
6.2 Troubleshoot SNMP
6.2.a v2
6.2.b v3
6.3 Troubleshoot logging
6.3.a Local logging, syslog, debugs, conditional debugs
6.3.b Timestamps
6.4 Troubleshoot Network Time Protocol(NTP)
6.4.a NTP master, client, version 3, version 4
6.4.b NTP authentication
6.5 Troubleshoot IPv4 and IPv6 DHCP
6.5.a DHCP client, IOS DHCP server, DHCP relay
 6.5.b DHCP options (describe)
6.6 Troubleshoot IPv4 Network Address Translation (NAT)
6.6.a Static NAT, Dynamic NAT, PAT
6.7 Troubleshoot SLA architecture
6.8 Troubleshoot tracking objects
6.8.a Tracking objects
o 6.8.b Tracking different entities (for example, interfaces, IPSLA results)

3.1 Describe the routing concepts

3.1.a Packet handling along the path through a network
3.1.b Forwarding decision based on route lookup
3.1.c Frame rewrite
3.2 Interpret the components of a routing table
3.2.a Prefix
3.2.b Network mask
3.2.c Next hop
3.2.d Routing protocol code
3.2.e Administrative distance
3.2.f Metric
3.2.g Gateway of last resort
3.3 Describe how a routing table is populated by different routing information sources
3.3.a Admin distance
3.4 Configure, verify, and troubleshoot inter-VLAN routing
3.4.a Router on a stick
3.4.b SVI
3.5 Compare and contrast static routing and dynamic routing
3.6 Compare and contrast distance vector and link state routing protocols
3.7 Compare and contrast interior and exterior routing protocols
3.8 Configure, verify, and troubleshoot IPv4 and IPv6 static routing
3.8.a Default route
3.8.b Network route
3.8.c Host route
3.8.d Floating static
3.9 Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filte
redistribution, stub, virtual-link, and LSAs)
3.10 Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filt
redistribution, stub, virtual-link, and LSAs)
3.11 Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization
 3.12 Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarizatio
3.13 Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization
3.14 Troubleshoot basic Layer 3 end-to-end connectivity issues

4.0 WAN Technologies

4.1 Configure and verify PPP and MLPPP on WAN interfaces using local authentication
4.2 Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication
4.3 Configure, verify, and troubleshoot GRE tunnel connectivity
4.4 Describe WAN topology options
4.4.a Point-to-point
4.4.b Hub and spoke
4.4.c Full mesh
4.4.d Single vs dual-homed
4.5 Describe WAN access connectivity options
4.5.a MPLS
4.5.b Metro Ethernet
4.5.c Broadband PPPoE
4.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)
4.6 Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertis
only)
4.7 Describe basic QoS concepts
4.7.a Marking
4.7.b Device trust
4.7.c Prioritization
o 4.7.c. [i] Voice
o 4.7.c. [ii] Video
o 4.7.c. [iii] Data
4.7.d Shaping
4.7.e Policing
4.7.f Congestion management

5.0 Infrastructure Services

5.1 Describe DNS lookup operation

5.2 Troubleshoot client connectivity issues involving DNS
5.3 Configure and verify DHCP on a router (excluding static reservations)
 5.3.a Server
5.3.b Relay
5.3.c Client
5.3.d TFTP, DNS, and gateway options
5.4 Troubleshoot client- and router-based DHCP connectivity issues
5.5 Configure, verify, and troubleshoot basic HSRP
5.5.a Priority
5.5.b Preemption
5.5.c Version
5.6 Configure, verify, and troubleshoot inside source NAT
5.6.a Static
5.6.b Pool
5.6.c PAT
5.7 Configure and verify NTP operating in a client/server mode

6.0 Infrastructure Security

6.1 Configure, verify, and troubleshoot port security

6.1.a Static
6.1.b Dynamic
6.1.c Sticky
6.1.d Max MAC addresses
6.1.e Violation actions
6.1.f Err-disable recovery
6.2 Describe common access layer threat mitigation techniques
6.2.a 802.1x
6.2.b DHCP snooping
6.2.c Nondefault native VLAN
6.3 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering
6.3.a Standard
6.3.b Extended
6.3.c Named
6.4 Verify ACLs using the APIC-EM Path Trace ACL analysis tool
6.5 Configure, verify, and troubleshoot basic device hardening
6.5.a Local authentication
6.5.b Secure password
6.5.c Access to device
o 6.5.c. [i] Source address
 o 6.5.c. [ii] Telnet/SSH
6.5.d Login banner
6.6 Describe device security using AAA with TACACS+ and RADIUS

7.0 Infrastructure Management

7.1 Configure and verify device-monitoring protocols

7.1.a SNMPv2
7.1.b SNMPv3
7.1.c Syslog
7.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA
7.3 Configure and verify device management
7.3.a Backup and restore device configuration
7.3.b Using Cisco Discovery Protocol or LLDP for device discovery
7.3.c Licensing
7.3.d Logging
7.3.e Timezone
7.3.f Loopback
7.4 Configure and verify initial device configuration
7.5 Perform device maintenance
7.5.a Cisco IOS upgrades and recovery (SCP, FTP, TFTP, and MD5 verify)
7.5.b Password recovery and configuration register
7.5.c File system management
7.6 Use Cisco IOS tools to troubleshoot and resolve problems
7.6.a Ping and traceroute with extended option
7.6.b Terminal monitor
7.6.c Log events
7.6.d Local SPAN
7.7 Describe network programmability in enterprise network architecture
7.7.a Function of a controller
7.7.b Separation of control plane and data plane
7.7.c Northbound and southbound APIs