1. Introduction
The Cisco Certified Network Professional (CCNP) certification is designed for IT professionals who want to advance their knowledge of networking. It covers advanced networking concepts, including routing, switching, security, automation and troubleshooting. The CCNP certification requires passing a core exam and a concentration exam in a chosen specialization.
1.1 Exam Structure
- Core Exam: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR 350-401).
- Concentration Exams (Choose one):
- ENARSI 300-410 (Advanced Routing & Services)
- ENSLD 300-420 (Enterprise Design)
- ENWLSI 300-430 (Wireless)
- ENAUTO 300-435 (Automation & Programmability)
- SD-WAN 300-415
- Security 300-735
2. Core Concepts (ENCOR 350-401)
2.1 Architecture
- Cisco Enterprise Architecture Model: Campus, WAN, Cloud, Data Center
- Traditional vs. SDN Architectures:
- Traditional: CLI-based, manual configuration
- SDN: Centralized control, automation, APIs
- Virtualization Technologies:
- Virtual Machines (VMs), Containers
- VRF, GRE, VXLAN
2.2 Virtualization & Infrastructure
- Hypervisors: Type 1 (bare-metal) vs. Type 2 (hosted)
- Cisco DNA Center & SD-Access
- Cloud Networking Concepts: SaaS, IaaS, PaaS
- QoS (Quality of Service):
- Classification, Marking, Congestion Management
2.3 Network Assurance
- Telemetry & NetFlow
- SPAN, RSPAN, ERSPAN (Traffic mirroring)
- Syslog & SNMP (Simple Network Management Protocol)
- DNA Center Assurance
2.4 Security
- AAA (Authentication, Authorization, Accounting)
- 802.1X, MACsec, TrustSec
- Cisco NGFW, IPS, ISE
- VPN Types: Site-to-Site, Remote Access, DMVPN
2.5 Automation & Programmability
- Python & Netmiko/Paramiko
- REST APIs, JSON, YANG
- Ansible, Terraform for Network Automation
- Cisco DNA API, SD-WAN API
3. Routing (ENARSI 300-410)
3.1 OSPF (Open Shortest Path First)
| Feature | Description |
| LSA Types | 1-Router, 2-Network, 3-Summary, 4-ASBR, 5-External, 7-NSSA |
| Area Types | Backbone (0), Stub, Totally Stubby, NSSA |
| DR/BDR | Elected on broadcast networks |
| Metric | Cost = Reference Bandwidth / Interface Bandwidth |
- Commands
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
show ip ospf neighbor
show ip ospf database
3.2 EIGRP (Enhanced Interior Gateway Routing Protocol)
- DUAL Algorithm (Diffusing Update Algorithm)
- Metric Calculation: Bandwidth & Delay
- K-Values: K1=Bandwidth, K3=Delay (default)
- Commands
router eigrp 100
network 192.168.1.0 0.0.0.255
show ip eigrp neighbors
show ip eigrp topology
3.3 BGP (Border Gateway Protocol)
- eBGP vs. iBGP: External vs. Internal BGP
- Attributes: Weight, Local Preference, AS Path, MED
- BGP Peering:
router bgp 65001
neighbor 192.168.2.1 remote-as 65002
show ip bgp summary
show ip bgp neighbors
4. Switching & Campus Networks
4.1 VLANs & Trunking
- VLAN Configuration
vlan 10
name Sales
exit
- Trunk Configuration
interface gig0/1
switchport mode trunk
switchport trunk allowed vlan 10,20
4.2 Spanning Tree Protocol (STP)
| Type | Feature |
| STP (802.1D) | Original spanning tree protocol |
| RSTP (802.1w) | Faster convergence |
| MSTP (802.1s) | Multiple VLAN instances |
- Commands
show spanning-tree
spanning-tree mode rapid-pvst
4.3 EtherChannel
- LACP (Link Aggregation Control Protocol)
- PAgP (Port Aggregation Protocol)
interface port-channel1
switchport mode trunk
show etherchannel summary
5. Security & VPNs
5.1 AAA Configuration
aaa new-model
aaa authentication login default local
username admin secret Cisco123
5.2 VPN Types
| VPN Type | Feature |
| Site-to-Site | Permanent tunnel between offices |
| Remote Access | VPN Client for remote users |
| DMVPN | Dynamic tunnel creation |
crypto isakmp policy 10
encryption aes
hash sha256
group 14
6. Network Automation (ENAUTO 300-435)
6.1 Python & APIs
- REST API Call Example (Using Python)
python
import requests
url = "https://api.cisco.com"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.json())
6.2 Ansible for Network Automation
- name: Configure VLAN
hosts: switches
tasks:
- name: Create VLAN 10
ios_config:
lines:
- name VLAN 10
- exit
Quick Commands & Shortcuts
| Command | Description |
| show run | Show running config |
| show ip route | Display routing table |
| show ip int brief | Show interfaces status |
| debug ip ospf events | Debug OSPF events |
| reload in 5 | Schedule router reboot |
7. Network Infrastructure
7.1 VLANs & Trunking
- VLAN Configuration
vlan 10
name SALES
exit
- Assigning VLAN to Interface
interface gig0/1
switchport mode access
switchport access vlan 10
- Trunking Configuration
interface gig0/2
switchport mode trunk
switchport trunk allowed vlan 10,20
- Verification Commands
show vlan brief
show interfaces trunk
7.2 Spanning Tree Protocol (STP)
| STP Type | Feature |
| STP (802.1D) | Standard Spanning Tree |
| RSTP (802.1w) | Rapid STP for faster convergence |
| MSTP (802.1s) | Multiple VLAN instances |
show spanning-tree
spanning-tree mode rapid-pvst
7.3 EtherChannel (Link Aggregation)
- LACP (Link Aggregation Control Protocol)
- PAgP (Port Aggregation Protocol)
interface port-channel 1
switchport mode trunk
show etherchannel summary
8. Routing Protocols
8.1 OSPF (Open Shortest Path First)
- Area Types: Backbone (0), Stub, Totally Stubby, NSSA
- OSPF Commands
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
show ip ospf neighbor
show ip ospf database
show ip route ospf
8.2 EIGRP (Enhanced Interior Gateway Routing Protocol)
- Uses DUAL Algorithm
- Metric Calculation: Bandwidth & Delay
- EIGRP Configuration
router eigrp 100
network 192.168.1.0 0.0.0.255
show ip eigrp neighbors
show ip eigrp topology
8.3 BGP (Border Gateway Protocol)
- Attributes: Weight, Local Preference, AS Path, MED
- BGP Peering
router bgp 65001
neighbor 192.168.2.1 remote-as 65002
show ip bgp summary
show ip bgp neighbors
9. Network Security
9.1 AAA (Authentication, Authorization, Accounting)
aaa new-model
aaa authentication login default local
username admin secret Cisco123
9.2 Access Control Lists (ACLs)
- Standard ACL
access-list 10 permit 192.168.1.0 0.0.0.255
interface gig0/1
ip access-group 10 in
- Extended ACL
access-list 100 permit tcp any any eq 80
interface gig0/1
ip access-group 100 in
9.3 VPN Configuration
- IPSec VPN
crypto isakmp policy 10
encryption aes
hash sha256
group 14
- DMVPN (Dynamic Multipoint VPN)
interface tunnel 0
ip address 10.1.1.1 255.255.255.0
tunnel source gig0/0
tunnel mode gre multipoint
10. SDN & Network Automation
10.1 Software-Defined Networking (SDN)
- Control Plane & Data Plane Separation
- Cisco SD-WAN Architecture
- DNA Center & Automation APIs
10.2 Python for Network Automation
import requests
url = "https://api.cisco.com"
headers = {"Authorization": "Bearer <token>"}
response = requests.get(url, headers=headers)
print(response.json())
10.3 Ansible for Configuration Management
- name: Configure VLAN
hosts: switches
tasks:
- name: Create VLAN 10
ios_config:
lines:
- name VLAN 10
- exit
11. Troubleshooting Commands
| Command | Purpose |
| show run | Show running config |
| show ip route | Display routing table |
| show ip int brief | Show interface status |
| show cdp neighbors | Check connected Cisco devices |
| show mac address-table | Check MAC addresses |
| show spanning-tree | View STP status |
| debug ip ospf events | Debug OSPF events |
| reload in 5 | Schedule router reboot |
12. Key Concepts
12.1 Routing Protocols Comparison
| Protocol | Type | Convergence | Metrics | Use Case |
| RIP | Distance Vector | Slow | Hop Count | Small networks |
| OSPF | Link-State | Fast | Cost | Enterprise networks |
| EIGRP | Hybrid | Faster | Bandwidth & Delay | Cisco networks |
| BGP | Path Vector | Slow | Path Attributes | Internet routing |
12.2 STP Port States
| State | Function |
| Blocking | No forwarding, listens for BPDUs |
| Listening | No forwarding, prepares for transition |
| Learning | Learns MAC addresses |
| Forwarding | Normal operation, forwards frames |
13. Quick Reference Commands
| Function | Command |
| Save config | copy running-config startup-config |
| Check IPs | show ip interface brief |
| Restart router | reload |
| Clear BGP neighbors | clear ip bgp * |
| Check STP | show spanning-tree |
| Configure SSH | ip domain-name cisco.com crypto key generate rsa username admin secret Cisco123 |
Conclusion
The CCNP certification is a valuable credential for network professionals, covering advanced topics like routing, switching, security, SDN and automation.
