
Explore an eve-ng home lab for ccie enterprise infrastructure 1.0, with 16+ switches, 20 routers, exam-aligned sections, and sd-wan with vedge and vmanage 18.4 for ospf, bgp, and mpls practice.
Explore the new CCNP Enterprise certification changes, including core and concentration exams, streamlined tracks, and lab options such as enterprise infrastructure and SD-WAN.
Navigate the CCNA to CCIE journey, embrace key-shaped skills across CCNP-level routing, switching, data center, and security, and leverage SD-WAN, DNA, and automation for career growth.
Explore how network job roles evolve from CCNA to CCNP within a shifting landscape of network programming, cyber security, cloud, and management automation, highlighting security-driven design and project management.
Cybersecurity leads market demand (51%) for CCNA/CCNP, alongside cloud, virtualization, wireless, data center, and SD-WAN. Build automation and programming foundations to learn, adapt, and deliver in evolving enterprise networks.
Discover the new CCIE EN format with diagnose, troubleshoot, and configuration tasks, plus module design, deploy, operate, and optimize, highlighting CLI, GUI, and automation.
Explore the 1.0 network infrastructure focus, covering Cisco switches basics, switching technology, spanning tree, VLANs, and routing concepts such as OSPF v2, v3, BGP, and multicast in core videos.
Learn how VLANs create logical boundaries to reduce broadcast domains, and how access and trunk ports carry single or multiple VLANs using 802.1Q tagging, including manual and dynamic trunking.
Learn to configure and troubleshoot trunks with dynamic trunking protocol (DTP), including manual and negotiated encapsulation using 802.1Q, allowing VLANs, pruning, and verification via show interface trunk.
Explore how the VTP VLAN trunking protocol copies VLAN databases across switches, comparing version 2 and version 3 features, revision numbers, and server, client, and transparent modes with pruning.
Configure a three-switch VTP lab with vlan 10–20. Set the domain to my domain and enable http version two, observing vlan replication.
Configure and verify VTP across switches by creating VLANs, inspecting status and revision, and enforcing trunking with dot1q encapsulation. Observe server, client, and transparent modes, dynamic trunking, and pruning.
Learn how etherchannel bundles interfaces across core, distribution, and access to increase throughput, using manual and dynamic configurations with lacp and pagp, including tiebreakers and show commands.
Form and verify a port channel on paired switches using manual method or LCP, optionally with PCP, and review the ether channel summary and protocol details.
Explain MST theory, mapping VLAN groups to MST instances to optimize topology, reduce switch resource usage, and configure regions with instance zero as internal spanning tree.
Perform an MST lab to map VLANs 10–100 to MST instances, configure MST mode, define instance ranges, and verify with show pending and show spanning tree commands.
Explore vlan hopping and spanning tree manipulation techniques, and implement storm control to protect networks with BPDU guard, trunk configuration, access ports, and threshold-based traffic policing.
Apply portfast and stp guard features to prevent loops and protect the root bridge. Learn to configure bpdu guard, bpdu filter, loop guard, and root guard globally or per interface.
Trace the evolution from 2960/2950 to modular 4k/6k and Nexus, examine decoupled control planes, virtual switch system, VPC, and east-to-west data center scaling, including layer two and layer three features.
Explore Cisco Catalyst 4500/4900 troubleshooting fundamentals, including interface issues, high CPU, iOS X bugs and licenses, through supervisor engine architecture, line cards, and TCAM forwarding.
Explore administrative distance and how routers choose the best route across protocols, tune distances with caution, and use static or failover strategies for reliable routing.
Learn the basics of route redistribution between OSPF and RIP, including border router requirements and metric considerations, and how two-way redistribution can cause routing loops in a lab.
Demonstrates routing loop during OSPF and RIP redistribution and shows fixes using inbound distribute-list or distance adjustments to block or prefer routes, with practical lab steps.
Explore route maps, prefix lists, and distribute lists, and learn how access control lists and prefixes match and set next hops, metrics, and bgp attributes for policy based routing.
Use route maps with tagging to break suboptimal routing between OSPF and RIP, tagging OSPF with 44 and RIP with 33, then adjust redistribution with explicit deny/permit and metrics.
VRF enables layer 3 virtualization by creating separate routing tables for each instance and associating them with an L3 interface, enabling segmentation and use cases like VPNs and data center access.
Learn VRF lite configuration across a four-router topology, using a global routing table and VRF instances to advertise loopback networks, then verify connectivity with ping and traceroute.
Explore the basics of EIGRP, including metric values and the topology table, then learn load balancing and advanced options in the width lab by working through a 15-video playlist.
Learn eigrp basics and routing fundamentals: establish reliable transport and exchange routes, compute best paths with the dual algorithm, and understand distance vector limits within an autonomous system.
Learn how eigrp transitions from classical to named mode, configuring address families (ipv4, ipv6, vrf) under a unified hierarchy with summary and interface commands.
Learn how eigrp neighbors form through a three-way handshake using hello and ack packets, verify neighbor status with show ip neighbors, and adjust hello and hold timers while logging changes.
Learn how EGP establishes neighbor relationships using hello and init/ack handshakes, distinguish unreliable messages (hello, ack) from reliable exchanges (update, query, reply) with conditional receive and end-of-table flags guiding reliability.
Explore the Eigrp metric, its classical and named metric formulas, and how bandwidth, delay, load, reliability, M2, and internal tags shape the final metric through practical lab calculations.
Configure and verify EIGRP on routers, assign interfaces and a loopback, set the autonomous system with no auto summary, advertise networks using wildcards, and inspect neighbor, topology, and routing tables.
Explore how the topology table consolidates neighbor-learned and external routes, using reported, compute, and feasible distances to determine the successor and feasible successor in the dual algorithm.
Explore how the EIGRP dual diffusion update algorithm uses the topology table to select loop-free best paths, with successors and feasible successors ensuring fast convergence and clear failure handling.
Explore the EIGRP convergence process, including primary and backup paths with successor and feasible successor, feasible distance, and the stuck-in-active scenario, plus the query-reply mechanism driving rapid failover.
Explore the theory of load balancing in stub areas and prepare for the authentication lab. Learn unequal and equal load balancing with feasible successors and the variance option.
Configure eigrp authentication with a keychain and md5 on interfaces, verify neighbor adjacency, and explore unequal cost equal load balancing using variance, ending with stub configuration.
Enable EIGRP in an autonomous system, manage neighbor relationships with hello packets, use passive interfaces, and perform no auto summary with manual summarization and authentication.
Explore practical EIGRP troubleshooting tips with a hands-on ARP lab, covering topology, redistribution issues, best path selection, and primary backup failover, using show, log, debug, and packet capture tools.
Troubleshoot Eigrp and redistribution issues to ensure router four selects the optimal path. Adjust administrative distance below 110 to prefer the intended route over the suboptimal external path.
Begin working with OSPF by exploring v2 and v3 basics, network types, and summary virtual links through a structured video playlist with hands-on labs.
Understand ospf, a link-state routing protocol, and how it builds neighbor, topology, and routing tables using dijkstra's algorithm across a backbone. Learn about abr, sbr, e1/e2 routes, and virtual links.
Understand the top five OSPF LSA types and how ABR and ASBR traffic enable inter-area routing, while mastering DR/BDR selection and neighbor formation via hello packets.
Explore how OSPF forms neighbor relationships through down, init, two-way, and full states, select DR/BDR in broadcast networks, and exchange databases to build topology and routing tables in area zero.
Explore OSPF network types—point-to-point, point-to-multipoint, broadcast, and non-broadcast—and how passive interfaces affect neighbor formation, cost, and basic configuration.
Configure ospf with area zero and area 20, set interface network types (broadcast to point-to-point), apply passive interfaces, advertise networks with network commands, and verify neighbors with show ip ospf.
Configure OSPF across multiple areas, implement md5 authentication, and establish a transit virtual link between area one to verify neighbor relationships and route propagation.
Explore inter-area OSPF summarization and backbone area types, including stub, totally stubby, and NSSA, with area range, summary address, and default route concepts, plus type seven and type five LSAs.
Compare stub, not so stub, and totally not so stub areas in OSPF; learn how ABR handles default information originate to inject a default route and types three to five.
Explore IPv6 addressing and OSPFv3 fundamentals by configuring a multi-area IPv6 network, enabling IPv6 unicast routing, and verifying OSPF neighbors and router IDs.
Perform an OSPFv3 lab across five virtual routers, verify IPv6 interfaces, enable IPv6 unicast routing, and explore OSPFv3 databases, router IDs, and LSAs in area zero.
Explore troubleshooting OSPF path computation by analyzing topology, comparing cost and metric across multiple paths, using trace routes, debug commands, and cost adjustments to achieve the desired R1–R4 path.
Troubleshoot and fix OSPF adjacency between two routers by resolving authentication mismatches, TTL security issues, and IP subnet misconfigurations, validate with debug and neighbor commands until adjacency forms.
Explore the basics of BGP, its relationship, and labs on configuration and base path selection in a nine-video playlist, building a solid understanding for future MPLS topics.
Explore BGP, the exterior gateway protocol over TCP, interconnecting autonomous systems with tunable routing policies. Identify IBGP and EBGP peers and understand open, keepalive, update, and notification messages.
Configure BGP basics across iBGP and eBGP, establish neighbors, use update-source loopback, and verify with show ip bgp summary and debug ip bgp.
Examine BGP neighbors and synchronization, showing how the neighbor table builds the BGP and routing tables, and apply full mesh or configurations like confederation to prevent black holes.
Learn to establish BGP neighbors in a multi-device lab, including indirect neighbors via an underlay, configure update source loopback, adjust keepalive and hold time, and apply password authentication for convergence.
Learn how to implement BGP route reflectors and confederations with peer groups, advertise loopbacks, manage next-hop and best routes, and validate by show commands.
Explore BGP best path selection in a hands-on lab: configure loopback networks, route maps with weight and local preference, and apply next-hop-self to steer paths across multiple ASes.
Configure a BGP best path lab to route via router three for primary and router four as backup using prefix lists, route maps, and local-preference adjustments; verify convergence.
Gain a basic understanding of multicast and its minimal configuration lines. Learn how multicast concepts mirror unicast routing and prepare for the enterprise lab exam through four instructional videos.
Examine multicast fundamentals, including one-to-group delivery, source-based routing, and how hosts join feeds via a reverse routing tree; also learn IPv4 multicast to MAC address mapping and the 32-address issue.
Explore multicast routing essentials, including IGMP versions, PIM modes, and group management, with emphasis on upstream and downstream roles, multicast membership reports, and source-based filtering.
Explore Pim: protocol independent multicast, compare dense and sparse modes with a rendezvous point, and review versions 1 and 2 for efficient multicast trees in enterprise networks.
Master software defined networking through Cisco DNA and SD-Access, covering basics, VXLAN, SD-Access deployment, policy, fabric bring-up, ISE integration, then explore Cisco SD-VAN and DNA assurance.
Explore how DNA fabric integrates automation, assurance, provisioning, planning, and analytics within the DNA center, detailing the management, control, data, and policy planes and edge nodes.
Compare automated underlay provisioning using Cisco DNA Center seed devices with plug-and-play devices against manual underlay setup, highlighting seed devices, DHCP detection, BNP, and temporary configurations erased after automation ends.
Explore DNA fabric architecture with control plane, edge, and border nodes, including host tracking, VXLAN tunnels, anycast gateways, and internal versus external border routing.
Explain how fabric-enabled wireless unifies wired and wireless networks using VXLAN and CAPWAP tunnels, host pools, and control plane integration to onboard and manage devices.
Explore fabric constructs and roles, from underlay to overlay, with virtual networks, OMP, Lisp, and vxlan encapsulation. Learn about host pools, scalable groups, anycast gateways, and security group tagging.
Configure a discovery in DNA Center to locate devices using an IP range or CDP, connect via SSH, SNMP, Netconf, or CLI, then assign devices to sites.
Learn the DNA discovery workflow: discover devices, assign sites via provisioning, view inventory and topology, and manage global configurations with inheritance across site labels.
Explore the Cisco DNA Center design workflow, mastering the network hierarchy, site and floor structuring, network settings, image repositories, and authentication templates to design enterprise infrastructure.
Navigate policy workflow, create group-based ACLs and IP-based access control, define virtual networks, and implement dynamic or static host onboarding for IoT devices.
Configure policy-based host onboarding using an address pool, authentication policy, and traffic type, with layer two flooding, and practice static and dynamic provisioning through port assignments.
Discover and onboard devices via DNA Center, verify SSH reachability, assign devices to a site, and provision a fabric with edge node, border, and control plane roles over VXLAN tunnels.
Provision and deploy devices in the fabric, assign control plane and border roles, monitor provisioning status, configuration pushes, and telemetry in DNA Center.
Explore the ISE smart dashboard, navigate the policy administration node and PSN, and review authentication, authorization, profiling, posture, and client provisioning in single or distributed deployments.
Demonstrate day zero deployment of ISE 3.0 by running setup, configuring IP, subnet, gateway, DNS, and SSH, then enable pixie grid setting and URLs for later DNS integration.
Learn to integrate Cisco ISE with DNAC, establish trust, enable pxGrid, exchange certificates, and create a secure SSL tunnel for contextual data via external RESTful services.
Learn to integrate DNA Center with ISE by configuring deployments, enabling pixie grid and urs services, creating identities and groups, establishing trust, and using rest api to enable policy-driven access.
Migrate policy data from ISE to Cisco DNA Center and set DNA Center as the policy administration point, migrating scalable groups and enforcing ISE read-only policies.
Vxlan creates a virtual extensible local area network that supports millions of layer-2 segments with non-blocking, equal-cost multipathing, enabling underlay-overlay separation and multitenancy.
Explore vxlan encapsulation, detailing the 50-byte overhead and headers: vxlan, udp, ip, and mac, with a 24-bit vni mapping to vlan and vtep-based outer addressing for unicast or multicast traffic.
Explore the Lisp concepts of locator ID separation, where endpoint identity and location form a map-driven control plane with map server and map resolver for optimal routing.
Explore the Lisp packet walk, detailing data plane movement, log mapping, multihoming, virtualization, and proxy scenarios, plus control plane queries and dns resolution.
Demonstrate end-to-end LISP verification by running trace routes, end-to-end ping, and registration checks across R2, R3, and R4, while inspecting map servers, resolvers, and router IDs.
Explore how DNA Center assurance enables proactive troubleshooting, visibility, and remediation via a single dashboard that ties design, policy provisioning, telemetry, and ISE integration to network, client, and application health.
Explore sd-wan concepts from basics to migration, including architecture, controller deployment, and central policies, with labs using vsmart to push central policies, guiding migration planning.
Explore Cisco's sd-wan architecture, fabric overview, and centralized vs localized policies, plus security and cloud multi-cloud integration for end-to-end visibility and intent-based automation.
Explore sd-wan features enabling end-to-end, label-based traffic with transport-independent WAN, unified analytics, and inbuilt security, integrated with ISE, DNA Center, and cloud gateways like Zscaler and Umbrella.
Explore Cisco's end-to-end sd-wan architecture across campus, branch, and data center, with a single tag-based policy, global routing, analytics, and integrated security, QoE optimization, and cloud and on-prem integrations.
Learn how the data plane forms IPsec tunnels and establishes the sd-wan control connection with Vmanage, Vbond, and Vsmart, including onboarding and certificates.
Understand how the sd-wan fabric operates, from edge devices and vSmart via OMP to IPsec data planes with BFD, and how multi-topology VPNs underpin transport, management, and service networks.
Understand the overlay management protocol (omp) in sd-wan, where vsmart exchanges keys and pushes policies while advertising service VPN, tloc, and service routes to edge devices, plus best-path criteria.
Explore the sd-wan policy framework, comparing centralized and localized policies for control and data planes, and how vmanage and vsmart push policies to edge devices using netconf, yang, and omp.
Learn the building blocks of centralized sd-wan policies: define group of interest, choose control or data policy, apply per site with tloc and VPN lists, and support application aware routing.
Apply multi topology sd-wan policies to enforce hub-and-spoke for vpn ten and full mesh for vpn twenty, using vmanage to build control and data policies.
Explore service insertion and policy routing to redirect VPN traffic to a firewall and hub-and-spoke vs full mesh topologies, with practical steps to create, edit, apply, and test policies.
Configure a data center priority control policy in sd-wan to prefer DC1 as primary and balance across data centers for site groups, then apply and activate the centralized policy.
Explore extranet or route-leak policies that control sharing of routes between VPNs, using a loopback 100 and site IDs to export routes from VPN 100 to VPNs 20 and 40.
Enable application aware routing policies in data policy to route traffic by app id recognized by dpi engines (Cosmos and Nbar), enabling SLA-based path selection and failover with bfd metrics.
Learn the sd-wan migration strategy from data centers to branches, covering OMP and vpn zero, service and transport vpn, feature templates, and lab deployment steps.
Plan a data center first sd-wan migration, using dual core paths and added edge routers to balance sd-wan and non sd-wan traffic as you migrate branches.
Bring up other data center devices by installing certificates, validating bootstrap configuration, serial numbers, and tokens, activating chassis numbers, and deploying a Vmanage template across edge devices.
Configure and verify BGP between core and cEdge devices, establish neighbors, advertise default routes and data centers prefixes, and redistribute between underlay OMP and BGP via templates.
Learn to advertise BGP inside OMP to vSmart and redistribute OMP routes into BGP, with templates for data center and branches, and apply tags to avoid route loops.
Redistribute OMP into BGP and verify route propagation from vSmart to core routers across data centers, while exploring tagging and local policy to steer sd-wan traffic toward core one.
Upgrade and migrate branch devices by validating sd-wan compatibility, upgrading images, and setting boot variables, then verify bootstrap configuration, certificates, and push sd-wan templates from Vmanage.
Continue the branch 3 migration by configuring bootstrap, authenticating, installing the permanent certificate, joining the fabric, attaching the single outer MPLS template, and uploading branch 3 variables via vmanage.
execute the branch five migration to sd-wan, using an internet link for cutover and mpls for non-sd-wan prefixes; onboard devices with bootstrap configs and templates while verifying ipsec and bgp.
Post branch migration checks validate BGP peering with the sd-wan and MPLS networks, update a BGP template to redistribute OMP, and verify routes and traceroutes.
Master the basics of MPLS and DMVPN, with labs and playlist videos covering MPLS and DMVPN concepts in section 3.0.
Explore how MPLS replaces routing table lookups with label switching to improve efficiency, enabled by Cisco Express Forwarding, and learn how labels are imposed to route traffic in large networks.
Activate mpls on routers, inspect 20-bit labels, bottom of the stack, and ttl, and verify bindings, ldp, and forwarding using show mpls commands for unicast 0x8847 and multicast 0x8848.
Learn MPLS basics from customer edge to provider edge and core routers, including edge label imposition and removal, with LDP and label tables in the control and data planes.
Explore how ldp builds lsp in an mpls network, examine the rib table and label information base, and see how nexthop changes affect the forwarding and bindings.
Explore how MPLS uses RIB, LIB, and FIB across control and data planes, and how label operations—push, swap, pop, untagged, aggregate, and penultimate hop popping—drive forwarding decisions.
Explore MPLS layer 3 VPN concepts, VRF separation, and BGP-based routing between customer and provider edges, with a lab walkthrough of C to P and P to P communications.
Enable the vpnv4 address family between provider edges with BGP and iBGP, implement MPLS labels, and understand route distinguisher, route target, and import/export with extended communities.
Configure the mpls backbone with ospf as the igp, form bgp neighbors between provider routers, and enable vpnv4 address family with route distinguisher and route target for vpn connectivity.
Configure PE-CE routing for customer one, enabling OSPF on one side and RIP on the other, with two-way redistribution between OSPF and BGP using route tagging, import/export, and VRF.
Configure customer two with VRF and VCF, set up BGP inside AS 15, perform redistribution between P and C, and verify connectivity while troubleshooting one-way route advertisement.
Master troubleshooting steps for one-way traffic and vpnv4 redistribution between BGP and IGP, verify configurations, redistribution, and MPLS labels using commands like show ip route and show bgp vpnv4 unicast.
Explore DMVPN concepts and related terminologies, then demonstrate Cisco DMVPN configuration in the lab, highlighting its multi-site, high-scalability IPsec VPN solution before SD-WAN.
Dmvpn enables dynamic hub-and-spoke and spoke-to-spoke tunnels with scalable, transport-agnostic IPsec security, using next-hop resolution protocol caching and multi-point tunnel configurations for flexible underlay routing.
Explore how DMVPN creates hub-and-spoke tunnels, maps tunnel IPs to loopback and public addresses, performs registration with cache binding, and exchanges routing databases through encapsulated tunnels in phase two.
Delve into dmvpn three phases: phase one hub-and-spoke, phase two where spokes know each other’s routing, and phase three dynamic spoke-to-spoke tunnels with hub route summarization and redirect behavior.
Learn automation and programmability for enterprise networking, covering basics of automation programming, sd-wan vmanage automation programming, related automation programming, and Netconf client, with a curated 26-video playlist.
Trace the evolution of network management from snmp to rest-based APIs, highlighting snmp limitations and the rise of programmable, real-time, machine-to-machine management with netconf and restconf.
Leverage model driven network programmability to manage multi-vendor infrastructure with open APIs, data models, and encodings like XML and JSON via Netconf, Restconf, and gRPC.
Learn json as a data encoding format, its similarity to Python dictionaries, name-value pairs, and how dumps converts dicts to json strings for use in network automation with Nexus OS.
XML describes data, unlike HTML which displays it, and this lecture shows integrating XML with Python using SAX to parse movies.xml into a human-readable output, highlighting XML vs JSON.
Learn rest, the representational state transfer, and how http verbs like get, post, put, patch, and delete enable create, read, update, and delete operations with json or xml payloads.
Explore how Python's interpreter language powers fast, easy networking automation and artificial intelligence workloads, with inline coding or script files (.py) across operating systems.
Enables the guest shell on the switch, accesses the Linux kernel, and runs Python 3 scripts to execute CLI commands like show ip route and show ip brief.
Learn to trigger Python scripts from Cisco real-time event manager applets to automatically reconfigure routes when a line protocol goes down, using logs, VLANs, and lab testing.
Explore sd-wan vmanage api and postman through restful api concepts, token-based authentication, and python automation to manage devices, templates, and monitoring tasks.
Explore the SD-WAN vManage monitoring API by converting raw JSON data to a table and CSV, then extracting device ID, hostname, and reachability for reporting.
Navigate the DNA Center dashboard to verify REST APIs, review API references, and enable access, then practice retrieval of VLAN topology data via Swagger using get, post, put, and delete.
Obtain a token by posting to the dnac api in a Cisco sandbox lab, then reuse the token for subsequent api calls; structure includes config, library, and main programs.
Explore network discovery device APIs in DNA Center and view discovery counts. Learn to convert API responses to Python and export results to CSV, including get discovery by range.
Use a script and template API to create a project, build a basics.txt template, and push it to one or many devices, then verify deployment status and show run configurations.
Explore ncclient, a Python netconf client that maps XML to Python constructs for configuring IOX-XE devices, with pip installation and labs for iOS configurations.
This lab demonstrates using ncclient with netconf on ios-xe, to verify device capabilities, retrieve interface details and statistics, and apply configuration changes via XML payloads.
Explore model driven telemetry to replace snmp polling with fast, structured, push-based data collection. Learn how yang models, netconf, and elastic/grafana enable scalable, real-time analytics.
Explore network subscription concepts, including the contract between service and subscriber, publication, and xpath-filtered push telemetry with periodic or on change timing, plus young model with xml and json encoding.
Explore a model driven telemetry lab in DevNet, configuring IETF subscriptions with XPath filters on a CSR 1000 V, then visualize metrics in InfluxDB, Grafana, Kibana, and Kafka.
Explore gRPC as a high-performance, simple client development protocol, a functional subset of Netconf over https, with json encoding and http transport, supporting get, put, post, delete, and config operations.
Examine authentication, authorization, and accounting using Cisco Identity Services, including policy and rule sets, MAB and S0 2.1, and auditing for network access.
Explore how access and authentication work in ISE, from supplicant, authenticator, and radius to identity stores like Active Directory, with policy, monitoring, and pxgrid integration.
Configure the switch for Tripoli by setting voice and data VLANs on gig0/1, connecting the access point on gig0/2, and enabling aaa with radius for authentication, authorization, and accounting.
Configure router R1 and the ac with radius aaa, creating a radius server CCI at 198.19.10.27, ports 1645/1646, key Cisco, and authorize ssh exec via aaa and firewall radius settings.
Protect the control plane by creating and applying a policy that limits control plane traffic using class maps and policy maps, with burst and drop actions.
This lab shows configuring control plane policy with class maps (icmp, dhcp, ip redirect), building a policy map, applying a service policy, and verifying with show commands and counters.
Explore switch and router security features, plus IPv6 security features, as you begin section 4.2. Follow an 11-video playlist to master 802.1X port-based authentication and complete subsection 4.2.
Learn basic Cisco router security by configuring line security, Telnet transport, privilege levels, and md5-hashed enable secret plus service password encryption.
Configure line and enable passwords, enforce encryption, and use login local with admin users and privilege levels; enable SSH with domain name, RSA keys, and version 2, aligning to ISE.
Explore standard and extended ACLs, including named ACLs, learn how to match source and destination addresses, protocol types, and ports, and apply permit or deny decisions on ingress or egress.
Demonstrates configuring standard ACLs to block loopback addresses using an even-allow and odd-block rule, then converts to named ACLs with remarks and checks reachability.
Build named extended acl to permit specific source and destination IPs, including loopback addresses, apply inbound on fast ethernet, with implicit deny and tcp/udp options.
Learn to implement time based ACLs by creating absolute and periodic time ranges, naming them, and applying them to deny http during defined windows.
Enable switch port security to limit mac addresses and define violation actions. Use dhcp snooping and dynamic arp inspection to prevent rogue servers and arp spoofing.
Learn how private VLANs divide a single VLAN into a primary and secondary VLANs (community or isolated) with host and promiscuous ports, and map them for gateway layer 3 forwarding.
Explore the SNMP architecture with managers, agents, and a management information base, using get and set methods across v1, v2c, and v3, plus traps and informs for asynchronous notifications.
Understand Cisco MIB structures and SNMP versions 1, 2c, and 3, contrasting community-based authentication with the secure v3 model, and learn how SNMP managers query agents using the get method.
Configure SNMP in the lab by setting community strings, views, and ACLs for v1/v2 and v3, enable traps or informs, and verify with show commands.
Perform an SNMP lab setup with a manager and agent, configure SNMP on switch and host, define read/write access, and verify with an SNMP walk while noting port 161.
Perform a quick revision of SNMP configurations across v1, v2c, and v3, including community strings, acl-based access, traps, dns or url hosts, and auth/priv options.
Configure and verify syslog by selecting log levels from emergencies to debugging. Send messages to a remote syslog server over UDP port 514 with buffering and configurable history size.
Explore using debugs and conditional debugs on Cisco routers to monitor traffic without overloading cpu, enable and refine debugging for IP and ICMP, and interpret show debug outputs.
Enable conditional debug for IP packets on a router, apply ACL-based conditions (standard, extended, number-based), and match fast ethernet interfaces to reduce verbose output.
Learn how to use debugs and conditional debugs on Cisco routers to troubleshoot ping, monitor icmp and ip traffic, and minimize cpu impact.
Demonstrates conditional debug on routers using acls (standard and extended, named- and number-based) to filter and reduce debug output for specific interfaces and hosts.
Learn how quality of service manages congestion and packet loss with traffic classification, policing, and end-to-end policy mapping across Cisco hardware, including trust boundaries and nbar-based application recognition.
Design and implement quality of service on enterprise hardware by classifying and marking traffic, mapping to queues, configuring trust, and applying service policies on multilayer switches.
Explore ingress trust models, policy maps, and nbar-based classification to implement qos on Cisco platforms, including marking and policing across per-port VLAN policies.
Explore qos design across 4500, 6500/6800, and nexus platforms, mapping 12 class models to priority queues with bandwidth thresholds and AF classes, using weighted random early detection or tail drop.
Explore Cisco express forwarding fundamentals, including control plane versus data plane, and how the supervisor engine programs the FIB, ARP, and adjacency tables for fast longest-prefix matching.
Verify CIF on VLAN interfaces with show interface and show IP interface, then explore TCAM resources for MAC host routes, IGMP, LPM, and multicast routes using the switch CLI.
Explore hot standby router protocol (hsrp) to provide first hop redundancy with a virtual gateway and virtual mac, using active and standby roles, priority, preemption, and fast convergence.
Configure hsrp on r2 and r3, assign a virtual ip, set priority and preempt, and verify active and standby roles with show standby brief while testing failover.
Explore virtual router redundancy protocol as the industry standard gateway protocol, compare it with hsrp, examine timers, preempt, mac address, and implement manual load balancing with grouped virtual ip addresses.
Configure VRRP in a lab to run a virtual router redundancy protocol across routers. Set priorities, enable preemption, and create multiple groups for load balancing.
Run the NAT lab with router R1 and switch, configure master, set the server IP, verify with show entropy association and status, then configure MD5 authentication with trusted keys.
Demonstrate the NAT lab 02 topology by configuring R2 as master router with R4 and R5 on a LAN, verify synchronization via show run, show http status, and show clock.
Explore NAT concepts, including static, dynamic, overload (PAT), and the transfer of private addresses to public addresses. Learn inside local/global and outside local/global terms, packet flow, and basic lab commands.
Learn to configure nat and pat on a small network by defining inside and outside interfaces, creating a host acl and nat pool, enabling nat overload, and verifying translations.
Continue nat and pat lab in GNS3, configuring inside local to inside global and outside local to outside global, verify with show ip nat translations and show ip nat statistics.
Cover network optimization, network operations, the span feature, and packet capture, with NetFlow and span videos guiding you through sections 4.6 and 4.7.
Explore net flow and flexible net flow, comparing versions 1, 5, and 9 to analyze fields, traffic metadata, and application data with NBAR for security and network analysis.
Master traditional and flexible net flow by configuring key and non-key items, flow records, exporters, and templates, and leveraging nbar to reveal application-level traffic.
Configure flexible netflow by defining an exporter, creating a flow record with matched fields (source and destination addresses, application, routing, transport), and applying a monitor to an interface.
Learn how to capture data plane traffic using span, rspan, and erspan, configuring source and destination ports, using Wireshark for analysis, and distinguishing local versus remote encapsulated capture.
This lecture explains Cisco IP SLA as a mechanism using ICMP echo to monitor loss, latency, and jitter and switch to a backup path when the primary fails.
Learn to perform packet captures on Cisco devices using netflow and embedded packet capture tools across iOS, Catalyst, Nexus, and firewalls, and configure flow records, exporters, and monitors.
Explore packet capture across Cisco devices using embedded, iOS based, and Acer captures; export to a TFTP server and analyze with Wireshark, using span and monitor session techniques.
Update your sd-wan training with ten new videos aligned to the CCI 1.1 update. Complete your sd-wan learning to master the sd-wan curriculum.
Explore SD-WAN architecture with Estevan, detailing decoupled data and control planes and the management and orchestration layers, and how Vmanage, Vbond, and VSmart coordinate IPsec data-plane tunnels.
Learn to bring up a Cisco SD-WAN home lab end-to-end, manually configuring vmanage, vbond, vsmart, edge devices, and certificates through baseline setup, zero-touch provisioning, PnP, and certification.
Master plug and play onboarding with the BNP portal, smart accounts, vbond profiles, and vManage and vSmart integration, including templates, variables, and bootstrap configurations.
Build device templates and feature templates with system wide configurations, VPNs, and interfaces, then push via netconf using we manage to edge devices, enabling OMP and OSPF redistribution.
Create and push device feature templates via netconf from vmanage, assemble generic template from small feature templates for vpn ten, and understand omp routing with tloc and vsmart route reflector.
Explore OMB theory, best-path selection, and graceful restart, then learn SD-WAN policy construction—centralized vs localized and data vs control—built with match-action rules and directional policy application.
Learn to design and apply multi topology SD-WAN control policies and route leaks between VPNs using Vmanage, Vsmart, and OMP, with data and control policy blocks and hub-and-spoke traffic flows.
Learn to configure sd-wan control policy to prefer dc one or dc two for branches and to implement data policy with cflowd, using site identifiers and routing preferences.
Explore application aware routing policy in sd-wan, covering data policies, SLA-driven path selection between MPLS and internet, and BFD monitoring. Apply practical policy deployment with Vmanage and Vsmart.
Learn how vpn membership policy controls ipsec tunnel formation for specific vpns and how local route policy shapes traffic across branches.
What Knowledge you will gain in this Course:-
Expertise in Networking: CCIE EI provides in-depth knowledge of networking technologies, protocols, and best practices.
Career Advancement: It opens doors to higher-level networking positions and better job opportunities.
Industry Recognition: CCIE certification is globally recognized and respected in the IT industry.
Hands-On Experience: The CCIE EI lab exam tests real-world skills through hands-on tasks.
Deep Understanding: It covers a wide range of networking topics, from routing and switching to automation and security.
Problem-Solving Skills: CCIE EI training enhances troubleshooting and problem-solving abilities.
Technology Mastery: You gain mastery in Cisco technologies like IOS XE, SD-WAN, and network automation.
Networking Design: CCIE EI includes designing scalable and secure network infrastructures.
Scalability: Learning about scalable network architectures is crucial for enterprise networks.
High Availability: CCIE EI covers techniques for building highly available network designs.
Quality of Service (QoS): Understanding QoS is essential for optimizing network performance.
Security Integration: It teaches how to integrate security features into network designs.
Cloud Integration: CCIE EI covers integrating on-premises networks with cloud services.
SD-WAN Expertise: With the growing trend of SD-WAN, CCIE EI provides expertise in this area.
Network Automation: Learning automation tools like Python and Ansible is part of CCIE EI.
Career Flexibility: CCIE EI skills are transferable across industries and geographic locations.
Salary Potential: CCIE-certified professionals often command higher salaries.
Continuous Learning: It encourages ongoing learning and staying updated with industry trends.
Problem Resolution: CCIE EI equips you to quickly resolve complex network issues.
Business Impact: Well-designed networks contribute directly to business productivity and efficiency.
Project Management: It includes aspects of project management for network deployments.
Vendor Neutrality: CCIE EI focuses on fundamental networking principles applicable to various vendors.
Network Optimization: You learn techniques for optimizing network performance and resource utilization.
Global Networking Community: CCIE certification connects you with a global network of professionals.
Learning Resources: There are abundant resources available, from official Cisco materials to online courses and labs.
Practical Labs: Hands-on labs provide practical experience in network configuration and troubleshooting.
Exam Preparation: CCIE EI training prepares you thoroughly for the challenging exam.
Time Management: Managing time effectively is crucial for completing the lab exam within the allotted time.
Test-Taking Strategies: You learn strategies for approaching complex exam scenarios.
Documentation Skills: Proper documentation is emphasized for network designs and configurations.
Best Practices: CCIE EI incorporates industry best practices for network design and implementation.
Efficient Network Operations: It covers strategies for efficient network monitoring and management.
Collaboration Skills: Networking often involves collaboration with teams across IT departments.
Vendor Relationships: Understanding vendor products and relationships is part of the certification.
Risk Management: Learning to assess and mitigate network risks is essential.
Network Resilience: Building resilient networks capable of handling failures and disruptions.
Adaptability: Networking professionals must adapt to evolving technologies and business needs.
Customer Satisfaction: Well-designed networks contribute to positive user experiences and customer satisfaction.
Data Center Integration: CCIE EI includes integrating data center networks with enterprise infrastructures.
Network Virtualization: Understanding virtualization technologies like VRF and VXLAN.
Performance Monitoring: Tools and techniques for monitoring network performance and health.
Disaster Recovery: Planning and implementing network disaster recovery strategies.
Regulatory Compliance: Understanding and adhering to industry regulations related to network security and privacy.
Legacy System Integration: Skills for integrating legacy systems with modern network infrastructures.
Continuous Improvement: CCIE EI fosters a mindset of continuous improvement and learning.
Leadership Skills: Networking professionals often take on leadership roles in IT projects.
Global Connectivity: Building networks that facilitate global connectivity and collaboration.
Network Segmentation: Strategies for segmenting networks for security and performance reasons.
Real-Time Applications: Optimizing networks for real-time applications like VoIP and video conferencing.
Remote Access Solutions: Implementing secure remote access solutions for employees and partners.
IPv6 Implementation: Knowledge and skills for deploying IPv6 in enterprise networks.
Multicast Routing: Understanding and configuring multicast routing protocols.
Wireless Networking: Integration of wireless technologies into enterprise networks.
Network Monitoring Tools: Familiarity with network monitoring and diagnostic tools.
Vendor Certifications: CCIE EI complements other vendor certifications and skills.
Collaborative Technologies: Integration of collaborative technologies like unified communications.
Data Security: Implementing data encryption and access control measures.
Compliance Audits: Skills for conducting and preparing for network compliance audits.
Cloud Security: Understanding security challenges and solutions in cloud environments.
Network Virtualization: Implementing network virtualization techniques for efficiency and scalability.
Software-Defined Networking (SDN): Knowledge of SDN principles and implementations.