Breaking Down the Cisco ENCOR Exam: Network Assurance

by Bill Heller
This is the fourth in a series of articles on the six sections of Cisco’s ENCOR certification exam 350-401, which leads to the CCNP Enterprise, CCIE Enterprise Infrastructure, CCIE Enterprise Wireless, and Cisco Certified Specialist – Enterprise Core certifications.

The fourth section of the Cisco ENCOR Enterprise certification exam 350-401 blueprint is Network Assurance. Network Assurance is just as it sounds. You are assuring that the network is performing as designed and intended. You do that through monitoring the network and that is done through several ways, and all of those ways are outlined within this topic. The Network Assurance section is weighted at 10% of the overall exam. Here we go with Section 4: Network Assurance.

4.1 Diagnose network problems using tools such as debugs, conditional debugs, trace route, ping, SNMP, and syslog

4.2 Configure and verify device monitoring using syslog for remote logging

4.3 Configure and verify NetFlow and Flexible NetFlow

4.4 Configure and verify SPAN/RSPAN/ERSPAN

4.5 Configure and verify IPSLA

4.6 Describe Cisco DNA Center workflows to apply network configuration, monitoring, and management

4.7 Configure and verify NETCONF and RESTCONF


Knowing how to troubleshoot something is absolutely key as a network engineer and to do that there are many tools at your disposal. Understanding ping, traceroute and the extended versions of those commands will go a long way for you. Debug is also very critical, however using the wrong debug command or debugging too much can easily overwhelm and crash a router or switch, particularly older ones. So, knowing about and configuring conditional debugs is huge on the ENCOR exam.

SNMP and SYSLOG are also vital. You should know the differences, at a high level, between the different SNMP versions, how to configure a network device to send SYSLOG messages to a SYSLOG server and the various notification levels. I would add to this, and although it’s covered on other exam topics as well, NTP (Network Time Protocol). Making sure that all of your devices are configured for accurate and synchronized time will go a long way for troubleshooting. Why, you ask? Well, if all of your network devices are reporting different times local to the router then trying to deduce what actually happened will be very difficult. So, configuring NTP and then configuring how you want time to appear in logs is key. If you want Universal coordinated time because you operate across time zones, great! However, maybe you want local time zone info in the event log. Know how to customize and verify that.

SPAN (Switched Port Analyzer)

SPAN is huge for monitoring and there are many different flavors of SPAN depending upon what you’re monitoring and where your collector is. Know the differences between SPAN, RSPAN, and ERSPAN for the ENCOR exam. SPAN is also a critical tool to Software-Defined-Access (SD-Access) as network devices are configured to send analytics back to DNA Center using SPAN, among other things.


Another tool to have in your Network Engineer Toolbox, and on the 350-401 ENCOR exam, is the IP SLA. IP SLA (Internet protocol service level agreement) is a very versatile tool. I personally have used it in combination with policy based routing. The policy identifies interesting traffic and sends it across a link, and it uses IP SLA to monitor the remote end of the link. If the remote end appears to be unreachable for any reason the traffic uses a different route. This ensures that the interesting traffic identified in the ACL only utilizes that link, but still works if that link is down for some reason. Another very popular use for IP SLA is HSRP (Hot Standby Router Protocol), in fact, in my personal opinion, HSRP and IP SLA go hand-in-hand. I wouldn’t use HSRP without also using IP SLA. So, know IP SLA, how to configure it, and its various options. Also, depending on what you’re monitoring, know when to enable IP SLA Responder on a remote device.

I know this section includes DNA Center workflows. Do not get overwhelmed here. The Official Cert Guide covers DNA Center and you have to check out the Cisco Live On-Demand library for their DNA Center related presentations. Watching those videos on setting up and operating DNA Center was more than enough to cover DNA Center for the ENCOR exam. Do not feel like you need to get hands on with DNA Center, but if you have the opportunity to so, do not pass it up.


Last but not least is configure and verify RESTCONF and NETCONF. So, first off, I cannot stress enough how awesome a resource Cisco DevNet is for any and all of the automation related topics. It’s also 100% free! There are modules for both RESTCONF and NETCONF (and so much more) so spend enough time there that you’re comfortable with these and other automation topics. At a high level know that RESTCONF works over HTTP/HTTPS and that NETCONF works over SSH. Depending on the device you’re working on (Catalyst vs Nexus) the ways to enable RESTCONF and NETCONF may vary.

These topics are also covered in the ENCOR Implementing and Operating Cisco Enterprise Network Core Technologies class. So that’s Network Assurance in a nutshell! Join me for the next section: Security!

Training Resources:
ENCOR Implementing and Operating Cisco Enterprise Network Core Technologies
Cisco Training

Read the other articles from this series:
Section 1: Architecture
Section 2: Virtualization
Section 3: Infrastructure
Section 4: Network Assurance




Related Posts

Close Bitnami banner