This is a list of resources for CCIE Enterprise Infrastructure candidates. It is not meant to be exhaustive, please add to it! Pull requests welcome.
- 0.0 General
- 1.0 Network Infrastructure
- 2.0 Software Defined Infrastructure
- 3.0 Transport Technologies and Solutions
- 4.0 Infrastructure Security and Services
- 5.0 Infrastructure Automation and Programmability
Legend:
- πΊ Video
- ποΈ Cisco Docs
- π Book
- π RFC/Standard
Β
- Official Exam Topics
- CCIE Enterprise Infrastructure Equipment and Software List
- Cisco CCIE EI Training Tracking Log/Matrix (XLSX)
- CCIE Practical Exam / LAB overview
- πΊ Cisco Live On-Demand Library
- Cisco DevNet
- Cisco Design Zone (CVD)
- Cisco Communities
- kbits.live
- Micronics CCIE EI v1.0
- Orhan Ergun CCIE EI v1.0
- Network Lessons
- INE CCIE EI v1.0
- Boson NetSim
- Lab Minutes
- Pluralsight
- Cisco dCloud
- Cisco Modeling Labs - Personal Edition (formally VIRL)
- Eve-NG
- GNS3
- Rack Rental - Cloud My Lab
- Coming soon - add your own blog via a pull request!
- ποΈ Cisco Docs - Cisco IOS XE Gibraltar 16.12.1
- ποΈ Cisco Docs - Software Configuration Guide, Cisco IOS Release 15.2(4)E
- ποΈ Cisco IOS-XE Docs - LAN Switching Configuration Guide
- 1.1.a Switch administration
- 1.1.a i Managing MAC address table
- 1.1.a ii Errdisable recovery
- 1.1.a iii L2 MTU
- 1.1.b Layer 2 protocols
- 1.1.b i CDP, LLDP
- 1.1.b ii UDLD
- 1.1.c VLAN technologies
- 1.1.c i Access ports
- 1.1.c ii Trunk ports (802.1Q)
- 1.1.c iii Native VLAN
- 1.1.c iv Manual VLAN pruning
- 1.1.c v VLAN database
- 1.1.c vi Normal range and extended range VLANs
- 1.1.c vii Voice VLAN
- 1.1.c viii VTP
- 1.1.d EtherChannel
- 1.1.d i LACP, static
- 1.1.d ii Layer 2, Layer 3
- 1.1.d iii Load balancing
- 1.1.d iv EtherChannel Misconfiguration Guard
- 1.1.e Spanning- Tree Protocol
- ποΈ Cisco Docs - Understanding Rapid Spanning Tree Protocol (802.1w)
- 1.1.e i PVST+, Rapid PVST+, MST
- 1.1.e ii Switch priority, port priority, path cost, STP timers
- 1.1.e iii PortFast, BPDU Guard, BPDU Filter
- 1.1.e iv Loop Guard, Root Guard
- ποΈ Cisco Docs - IP Routing
- ποΈ Cisco Docs - IP Routing: Protocol-Independent Configuration Guide
- 1.2.a Administrative distance
- 1.2.b VRF-lite
- 1.2.c Static routing
- 1.2.d Policy Based Routing
- 1.2.e VRF aware routing with any routing protocol
- 1.2.f Route filtering with any routing protocol
- 1.2.g Manual summarization with any routing protocol
- ποΈ IP Routing: EIGRP Configuration Guide, Cisco IOS XE Gibraltar 16.12.x - Route Summarization
- ποΈ IP Routing: EIGRP Configuration Guide, Cisco IOS XE Gibraltar 16.12.x - Configuring Summary Addresses
- ποΈ IP Routing: OSPF Configuration Guide, Cisco IOS XE Gibraltar 16.12.x- Configuring Route Summarization Between OSPF Areas
- ποΈ IP Routing: BGP Configuration Guide, Cisco IOS XE Gibraltar 16.12.x - BGP Route Aggregation
- ποΈ Understanding Route Aggregation in BGP
- 1.2.h Redistribution between any pair of routing protocols
- 1.2.i Routing protocol authentication
- Managing Authentication Keys
- IP EIGRP Route Authentication
- IPv6 EIGRP - Configuring EIGRP Route Authentication
- EIGRP/SAF HMAC-SHA-256 Authentication
- IP Routing: OSPF Configuration Guide, Cisco IOS XE Gibraltar 16.12.x - Configuring Interface Parameters
- OSPFv2 Cryptographic Authentication
- IPv6 Routing: OSPFv3 Authentication Support with IPsec
- OSPFv3 Authentication Trailer
- TCP Authentication Option
- BGP Support for TCP Authentication Option
- 1.2.j Bidirectional Forwarding Detection
- ποΈ Cisco Docs - IP Routing: EIGRP Configuration Guide
- πΊ Cisco Live - EIGRP
- πΊ Cisco Live - EIGRP Deployment in Modern Networks
- πΊ Cisco Live - Intro to EIGRP
- πΊ Cisco Live - Troubleshooting EIGRP Networks
- 1.3.a Adjacencies
- 1.3.b Best path selection
- 1.3.b i RD, FD, FC, successor, feasible successor
- 1.3.b ii Classic Metrics and Wide Metrics
- 1.3.c Operations
- 1.3.c i General operations
- 1.3.c ii Topology table
- 1.3.c iii Packet types
- 1.3.c iv Stuck In Active
- 1.3.c v Graceful shutdown
- 1.3.d EIGRP load-balancing
- 1.3.d i Equal-cost
- 1.3.d ii Unequal-cost
- 1.3.d iii Add-path
- 1.3.e EIGRP Named Mode
- 1.3.f Optimization, convergence and scalability
- 1.3.f i Fast convergence requirements
- 1.3.f ii Query propagation boundaries
- 1.3.f iii IP FRR (single hop)
- 1.3.f iv Leak-map with summary routes
- 1.3.f v EIGRP stub with leak map
- π RFC 2328 OSPF Version 2
- π RFC 5340 OSPF for IPv6
- π OSPF - anatomy of an Internet Routing Protocol
- π Cisco IP Routing - Packet Forwarding and Intra-domain Routing Protocols
- π Routing TCP/IP Vol. 1
- ποΈ Cisco IOS-XE Docs - OSPF Configuration Guide
- 1.4.a Adjacencies
- 1.4.b Network types, area types
- 1.4.c Path preference
- 1.4.d Operations
- 1.4.d i General operations
- 1.4.d ii Graceful shutdown
- 1.4.d iii GTSM (Generic TTL Security Mechanism)
- 1.4.e Optimization, convergence and scalability
- 1.4.e i Metrics
- 1.4.e ii LSA throttling, SPF tuning, fast hello
- 1.4.e iii LSA propagation control (area types)
- 1.4.e iv Stub router
- 1.4.e v Loop-free alternate
- 1.4.e vi Prefix suppression
- πΊ Google Talks - BGP at 18
- πΊ Cisco Live BRKRST-3321 Scaling BGP
- π Internet Routing Architectures
- π Routing TCP/IP, Vol II
- π Practical BGP
- π Optimal Routing Design
- ποΈ Cisco IOS-XE Docs - IP Routing: BGP Configuration Guide
- 1.5.a IBGP and EBGP peer relationships
- 1.5.a i Peer-group/update-group, template
- 1.5.a ii Active, passive
- 1.5.a iii Timers
- 1.5.a iv Dynamic neighbors
- 1.5.a v 4-bytes AS numbers
- 1.5.a vi Private AS
- 1.5.b Path selection
- 1.5.b i Attributes
- 1.5.b ii Best path selection algorithm
- 1.5.b iii Load-balancing
- 1.5.c Routing policies
- 1.5.c i Attribute manipulation
- 1.5.c ii Conditional advertisement
- 1.5.c iii Outbound Route Filtering
- 1.5.c iv Standard and extended communities
- 1.5.c v Multi-homing
- 1.5.d AS path manipulations
- 1.5.d i local-AS, allowas-in, remove-private-as
- 1.5.d ii Prepend
- 1.5.d iii Regexp
- 1.5.e Convergence and scalability
- 1.5.e i Route reflector
- 1.5.e ii Aggregation, as-set
- 1.5.f Other BGP features
- 1.5.f i Multipath, add-path
- 1.5.f ii Soft reconfiguration, Route Refresh
- ποΈ Cisco IOS-XE Docs - PIM Configuration Guide
- ποΈ Cisco IOS-XE Docs - IGMP configuration Guide
- π Routing TCP/IP, Vol II
- π Developing IP Multicast Networks
- π Interdomain Multicast Routing: Practical Juniper Networks and Cisco Systems Solutions
- πΊ Introduction to IP Multicast - DGTL-BRKIPM-1261
- πΊ Multicast Troubleshooting - BRKIPM-2264
- 1.6.a Layer 2 multicast
- 1.6.a i IGMPv2, IGMPv3
- 1.6.a ii IGMP Snooping, PIM Snooping
- π RFC 4541
- 1.6.a iii IGMP Querier
- 1.6.a iv IGMP Filter
- 1.6.a v MLD
- 1.6.b Reverse path forwarding check
- 1.6.c PIM
- 1.6.c i Sparse Mode
- 1.6.c ii Static RP, BSR, AutoRP
- 1.6.c iii Group to RP Mapping
- 1.6.c iv Bidirectional PIM
- 1.6.c v Source-Specific Multicast
- 1.6.c vi Multicast boundary, RP announcement filter
- 1.6.c vii PIMv6 Anycast RP
- 1.6.c viii IPv4 Anycast RP using MSDP
- 1.6.c ix Multicast multipath
- ποΈ Cisco Docs - DNA Assurance User Guide 1.3.1
- πΊ Cisco Live - Cisco DNA Center - Network operation and cross architecture integration with IT Service Management - DGTL-BRKNMS-2458
- πΊ Cisco Live - Cisco DNA Center: The evolution from traditional Management to Intent-Based Automation and Assurance - DGTL-BRKNMS-2031
- πΊ Cisco Live - DNA-C Design and Policy - DEMCOC-602
- πΊ Cisco Live - Policy and Segmentation with Cisco DNA Center - DEMCRS-601
- πΊ Cisco Live - SD-Access Fabric, Why is My Salsa So Tasty? How SD-Access Solves Enterprise Challenges - DLBTEC-51
- πΊ Cisco Live - SD Access : Troubleshooting the fabric - DGTL-BRKARC-2020
- ποΈ Cisco CVD - Software Defined Access Design Guide
- ποΈ Cisco CVD - SD Access Deployment Guide
- π Cisco Software-Defined Access (August 2020)
- π Cisco Digital Network Architecture: Intent-based Networking for the Enterprise
- 2.1.a Design a Cisco SD Access solution
- 2.1.a i Underlay network (IS-IS, manual/PnP)
- 2.1.a ii Overlay fabric design (LISP, VXLAN, Cisco TrustSec)
- 2.1.a iii Fabric domains (single-site and multi-site using SD-WAN transit)
- 2.1.b Cisco SD Access deployment
- 2.1.b i Cisco DNA Center device discovery and device management
- 2.1.b ii Add fabric node devices to an existing fabric
- 2.1.b iii Host onboarding (wired endpoints only)
- 2.1.b iv Fabric border handoff
- 2.1.c Segmentation
- 2.1.c i Macro-level segmentation using VNs
- 2.1.c ii Micro-level segmentation using SGTs (using Cisco ISE)
- 2.1.d Assurance
- 2.1.d i Network and client health (360)
- 2.1.d ii Monitoring and troubleshooting
- ποΈ Cisco Docs - vManage How Tos
- ποΈ Cisco Docs - Device Configuration Template
- ποΈ Cisco Design Zone for Branch, WAN, and Internet Edge
- ποΈ Cisco SD-WAN Design Guide
- πΊ Cisco Live - SD-WAN
- πΊ Cisco Live - Building and Using Policies with Cisco SD-WAN
- πΊ Cisco Live - Delivering Cisco Next Generation SD-WAN with Viptela - BRKCRS-2110
- πΊ Cisco Live - Designing for a Cloud-Ready Secure WAN Architecture - DLBTEC-50
- πΊ Cisco Live - SD-WAN and Network Functions Service Chaining - DGTL-BRKENS-1100
- πΊ Cisco Live - SD-WAN, deployment strategies, managing and monitoring - BRKRST-2519
- πΊ Cisco Live - SD-WAN Enterprise Routing Platform Overview - DGTL-BRKARC-2102
- π CCNP Enterprise Design ENSLD 300-420 Official Cert Guide Chapter 11
- π Software Defined Wide Area Networks (Aug 2020)
- 2.2.a Design a Cisco SD-WAN solution
- 2.2.a i Orchestration plane (vBond, NAT)
- 2.2.a ii Management plane (vManage)
- 2.2.a iii Control plane (vSmart, OMP)
- 2.2.a iv Data plane (vEdge/cEdge)
- 2.2.b WAN edge deployment
- 2.2.b i Onboarding new edge routers
- 2.2.b ii Orchestration with zero-touch provisioning/Plug-And-Play
- 2.2.b iii OMP
- 2.2.b iv TLOC
- 2.2.c Configuration templates
- 2.2.d Localized policies
- 2.2.e Centralized policies
- ποΈ Cisco Docs - MPLS Label Distribution Protocol Configuration Guide
- ποΈ Cisco Docs - MPLS: Layer 3 VPNs Configuration Guide
- πΊ Cisco Live - MPLS
- πΊ Cisco Live - Introduction to MPLS - DGTL-BRKMPL-1100
- 3.1.a Operations
- 3.1.a i Label stack, LSR, LSP
- 3.1.a ii LDP
- 3.1.a iii MPLS ping, MPLS traceroute
- 3.1.b L3VPN
- 3.1.b i PE-CE routing
- 3.1.b ii MP-BGP VPNv4/VPNv6
- 3.1.b iii Extranet (route leaking)
- ποΈ Cisco Docs - Dynamic Multipoint VPN Configuration Guide
- πΊ Cisco Live - Demystifying DMVPN BRKSEC-3052
- πΊ Cisco Live - DMVPN
- πΊ Cisco Live - Advanced Concepts of DMVPN BRKSEC-4054
- 3.2.a Troubleshoot DMVPN Phase 3 with dual-hub
- πΊ Cisco Live - Troubleshooting Dynamic Multipoint VPN (DMVPN) BRKSEC-3052
- Cisco Docs - Most Common DMVPN Troubleshooting Solutions
- 3.2.a i NHRP
- 3.2.a ii IPsec/IKEv2 using pre-shared key
- 3.2.a iii Per-Tunnel QoS
- 3.2.b Identify use-cases for FlexVPN
- ποΈ Cisco Docs - FlexVPN and Internet Key Exchange Version 2 Configuration Guide
- πΊ Cisco Live - FlexVPN
- πΊ Cisco Live - Advanced IPSec designs with FlexVPN BRKSEC-3036
- πΊ Cisco Live - Advanced IOS FlexVPN Lab LTRSEC-3004
- πΊ Cisco Live - FlexVPN Remote-Access, IoT & Site- to-Site Advanced Crypto Design BRKSEC-3054
- 3.2.b i Site-to-site, Server, Client, Spoke-to-Spoke
- 3.2.b ii IPsec/IKEv2 using pre-shared key
- 3.2.b iii MPLS over FlexVPN
- 4.1.a Control plane policing and protection
- 4.1.b AAA
- 4.2.a Switch security features
- Cisco Live - Attacks on Network Infrastructure
- 4.2.a i VACL, PACL
- 4.2.a ii Storm control
- 4.2.a iii DHCP Snooping, DHCP option 82
- 4.2.a iv IP Source
- 4.2.a v Dynamic ARP Inspection
- 4.2.a vi Port Security
- 4.2.a vii Private VLAN
- 4.2.b Router security features
- 4.2.b i IPv6 Traffic Filters
- 4.2.b ii IPv4 Access Control Lists
- 4.2.b iii Unicast Reverse Path Forwarding
- 4.2.c IPv6 infrastructure security features
- ποΈ Cisco Docs - C9300 16.12 - Chapter: Configuring IPv6 First Hop Security
- ποΈ Cisco Docs - C3750X - Configuring First Hop Security in IPv6
- 4.2.c i RA Guard
- 4.2.c ii DHCP Guard
- 4.2.c iii Binding table
- 4.2.c iv Device tracking
- 4.2.c v ND Inspection/Snooping
- 4.2.c vi Source Guard
- 4.2.d IEEE 802.1X Port-Based Authentication
- ποΈ Cisco Docs - 15M&T - Chapter: Configuring IEEE 802.1X Port-Based Authentication
- ποΈ Cisco Docs - 3750X - Chapter: Configuring IEEE 802.1x Port-Based Authentication
- ποΈ Cisco Docs - C9300 16.12 - Chapter: Configuring IEEE 802.1x Port-Based Authentication
- 4.2.d i Device roles, port states
- 4.2.d ii Authentication process
- 4.2.d iii Host modes
- ποΈ Cisco Docs - System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9300 Switches)
- 4.3.a Device management
- 4.3.a i Console and VTY
- 4.3.a ii SSH, SCP
- 4.3.a iii RESTCONF, NETCONF
- 4.3.b SNMP
- ποΈ Cisco Docs - C9300 16.12 - Chapter: Configuring Simple Network Management Protocol
- 4.3.b i v2c
- 4.3.b ii v3
- 4.3.c Logging
- 4.3.c i Local logging, syslog, debugs, conditional debugs
- 4.3.c ii Timestamps
- ποΈ Cisco Docs - QoS Modular QoS Command-Line Interface Configuration Guide, Cisco IOS XE Gibraltar 16.12.x
- πΊ Cisco Live - QoS
- 4.4.a End to end L3 QoS using MQC
- 4.4.a i DiffServ
- 4.4.a ii CoS and DSCP Mapping
- 4.4.a iii Classification
- 4.4.a iv Network Based Application Recognition (NBAR)
- 4.4.a v Marking using IP Precedence, DSCP, CoS
- 4.4.a vi Policing, shaping
- 4.4.a vii Congestion management and avoidance
- 4.4.a viii HQoS, Sub-rate Ethernet Link
- 4.5.a First-Hop Redundancy Protocols
- ποΈ Cisco Docs - First Hop Redundancy Protocols Configuration Guide
- 4.5.a i HSRP, GLBP, VRRP
- 4.5.a ii Redundancy using IPv6 RS/RA
- 4.5.b Network Time Protocol
- ποΈ Cisco Docs - Chapter: Network Time Protocol
- ποΈ Cisco Docs - C9300 16.12 - Chapter: Administering the Device
- Ivan Pepelnjak - Secure Time Management (PDF)
- Cisco Troubleshooting TechNotes - Troubleshoot Network Time Protocol (NTP)
- Cisco Technology White Paper - Network Time Protocol: Best Practices White Paper
- 4.5.b i Master, client
- 4.5.b ii Authentication
- 4.5.c DHCP on Cisco IOS
- ποΈ Cisco Docs - IP Addressing: DHCP Configuration Guide
- ποΈ Cisco Docs - C9300 16.12 - Chapter: Configuring DHCP
- ποΈ Cisco Docs - C9300 16.12 - Chapter: DHCP Gleaning
- ποΈ Cisco Docs - C9300 16.12 - Chapter: DHCP Options Support
- ποΈ Cisco Docs - C9300 16.12 - Chapter: DHCPv6 Options Support
- ποΈ Cisco Docs - C9300 16.12 - Chapter: DHCPv6 Relay Source Configuration
- 4.5.c i Client, server, relay
- 4.5.c ii Options
- 4.5.c iii SLAAC/DHCPv6 interaction
- 4.5.c iv Stateful, stateless DHCPv6
- 4.5.c v DHCPv6 Prefix Delegation
- 4.5.d IPv4 Network Address Translation
- ποΈ Cisco Docs - IP Addressing: NAT Configuration Guide
- ποΈ Cisco Docs - C9300 16.12 - Chapter: Configuring Network Address Translation
- 4.5.d i Static NAT, PAT
- 4.5.d ii Dynamic NAT, PAT
- 4.5.d iii Policy-based NAT, PAT
- 4.5.d iv VRF aware NAT, PAT
- 4.5.d v IOS-XE VRF-Aware Software Infrastructure (VASI) NAT
- 4.6.a IP SLA
- ποΈ Cisco IOS-XE Docs - IP SLA
- ποΈ Cisco Docs - C9300 16.12 - Chapter: Configuring Service Level Agreements
- 4.6.a i ICMP probes
- 4.6.a ii UDP probes
- 4.6.a iii TCP probes
- 4.6.b Tracking object
- 4.6.c Flexible Netflow
- 4.7.a Traffic capture
- 4.7.a i SPAN
- 4.7.a ii RSPAN
- 4.7.a iii ERSPAN
- 4.7.a iv Embedded Packet Capture
- 4.7.b Cisco IOS-XE troubleshooting tools
- 4.7.b i Packet Trace
- 4.7.b ii Conditional debugger (debug platform condition)
- π Network Programmability and Automation
- πΊ Cisco DevNet - Learn network programmability basics
- 5.1.a JSON
- 5.1.b XML
- 5.2.a EEM applets
- 5.2.b Guest shell
- ποΈ Cisco IOS-XE Docs - Programmability Configuration Guide, Cisco IOS XE Gibraltar 16.12.x Chapter: Guest Shell
- 5.2.b i Linux environment
- 5.2.b ii CLI Python module
- 5.2.b iii EEM Python module
- Python requests library
- Postman
- 5.3.a Interaction with vManage API
- ποΈ DevNet Learning Track - Cisco SD-WAN Programmability
- πΊ Pluralsight - Automating Cisco SD-WAN Operations Using APIs
- vManage API Docs
- 5.3.a i Python requests library and Postman
- 5.3.a ii Monitoring endpoints
- 5.3.a iii Configuration endpoints
- 5.3.b Interaction with Cisco DNA Center API
- πΊ Pluralsight - Automating Cisco DNA Center Operations Using APIs
- πΊ Pluralsight - Managing Cisco Products Using Advanced API-based Methods (Module 2)
- ποΈ DevNet Learning Track - Programming the Digital Network Architecture (Cisco DNA)
- ποΈ DevNet Learning Track - Cisco DNA Center Programmability
- 5.3.b i HTTP request (GET, PUT, POST) via Python requests library and Postman
- 5.3.c Interaction with Cisco IOS XE API
- ποΈ Cisco IOS XE REST API Management Reference Guide
- πΊ Pluralsight - Provisioning and Managing Networks Using Common Automation Tools
- ποΈ DevNet Learning Track - IOS XE Programmability
- ποΈ DevNet Learning Track - Network Programmability for Network Engineers
- 5.3.c i Via NETCONF/YANG using Python ncclient library
- 5.3.c ii Via RESTCONF/YANG using Python requests library and Postman
- 5.3.d Deploy and verify model-driven telemetry
- ποΈ Cisco Docs - Programmability Configuration Guide
- ποΈ DevNet Docs - Streaming Telemetry
- ποΈ DevNet Learning Labs - Introduction to Telemetry on IOS XE
- ποΈ DevNet Learning Labs - Enabling Telemetry On IOS XE
- PluralSight - Deploying Network Configuration Management and Telemetry Solutions
- 5.3.d i Configure on-change subscription using gRPC