Student Feedback
350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) Certification Video Training Course Outline
Architecture
Virtualization
Infrastructure
Network Assurance
Security
6.0 Automation
Architecture
350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) Certification Video Training Course Info
Gain in-depth knowledge for passing your exam with Exam-Labs 350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) certification video training course. The most trusted and reliable name for studying and passing with VCE files which include Cisco ENCOR 350-401 practice test questions and answers, study guide and exam practice test questions. Unlike any other 350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) video training course for your certification exam.
Architecture
12. Controller-Based Architecture Overview
We have completed one, and now we are inside one and two. The topics are that what is the principlefor wireless land deployment, the wireless land deploymentand the services involved inside that. So let's first try to understand the design and deployment options for the WLAN or wireless LAN. We have controller-based architecture; we have mobility architecture; we know how it works. So here you can see what components we have: the wireless land controller, the access points, and actually, if you compare these technologies with the St Van, we know that we have the evolution of Stand technology, the St Van, or any type of Stand Sdlan or ACI in that. What are the things we have? We have something called a control plane, and we have the data plane. Now, if you think of a WLC wireless landcontroller as a control plane, you can think of access points as end-point devices. They are working as a data plane, meaning these access points are dependent upon their control plane or the controllers. Then you have the management plan. You can use prime Cisco infrastructure or you can use Epic EM or DNAC DNS centers. We have the mobility service engines as well, so here you can see that you have the access point and they have to join. First of all, they're forming some sort of cap tunnel, and that is the industry standard. Now it is the control plane. So you can think that the data plane will join with the control plane. The data plane is nothing but the AP, the control plane is nothing but the WLC, and then they are working accordingly. So, once they join them, they receive the configuration push kick from the controllers, and they are up and running and ready to go. Now, when we are talking about the centralized-wireless land architecture Here, you can see that you have your access points, and they may be spread across the geographical location. You have the controller. Now you have to think about or actually check the dataset to see how many access points that particular controller can hold, and according to that, you have to go and check the capabilities of the controllers and actually, when you design the network, how many access points and how many users you have. So those capacity planning exercises we have to do All right, so here you can see that in this design you have the cap panel and this cap tunnel that is industry standard and can be for a control plane. So here you can see that when they are forming the control plane, they have the DTL's panel even in the Steven. Also, when we have the Vs Smart as a control plane and the VHS or Edge devices as a data plane, they are forming some sort of DTL or TLS in between to send and receive their OMP traffic or the control plane traffic. They have an optional DTL for the data plane, but we know that in SDWAN, we have IP set up in between that. So there you have it, different, but most of the time the same. If you try to analyse it logically, you'll discover that WLC's old technology means wireless land control is much older in the market now that Steven is also older, but they introduced this control plane and dataplan feature a long time ago. Even if you go and check the catalyst switch where you have the supervisor engines, the line card, the superintendent, and then the line card, they also very much have the concept of control plane and data plane. So this control plane and data plane feature is not something that is 100% new in Sri Lanka but somewhere they got inspiration, and then we are working inside the stream. So now we have the capwap panel, and one notice is that caps are not supported in layer two mode. OK, so this is the thing, and let's continue here. You have one graph where you can understand that your AP access point will boot. They will discover the wireless land controller; they will form the control connection that TTLs will set up; they will join the WLC. If you want, you can reset as well. They can check WLC, they can check the image as well as WLC, they can push the configuration, and they are up and running. They're ready to run correctly again. very much similar to the SDN strips. They are using the plug and play feature as well. The SDWAN is also using either plug and play incase of ch that is the ISR devices and theycan use ZTP zero touch provisioning in case of VH. All these things are explained in the lab in the SDvan course. So you can refer to that. Now let's see and compare the plug-and-play option of the feature. Here's why we want plug and play: If you want plug-and-play, for example, in remote sites, you don't have the IT management staff. So what we can do is simply send someone to the remote location; they can connect the interface, and that's it. Once they connect the interface, each and every task can be done remotely. As a result, they can reduce the cost and complexity. You have a high level of security because you are forming the details with the controllers and managing time and productivity. So that's the reason we actually need this plug and play.All these GTP are very popular nowadays. So you have IT staff sitting somewhere in some location, and he can manage a number of sites with the feature of PNP. You can see how this PNP process works here because they obviously need to resolve the DNS and get the IP from DHCP. Then they try to initiate the traffic. They try to build a cap channel with the WLC. That's a discovery phase. They can then investigate cloud-related features. Actually, what is happening at this point of time is that while they are discovering the AP, they have to form the DTL's tunnel. And there's a chance you're using your in-house certificate or some other cloud-hosted certification features for that DTLs tunnel. So cloud redirection will happen for these APS, and then finally they can go and join. These steps are very similar in the CTP or PNP process in Square as well. So you can go and compare these two features. What you can do is check the PNP process for the AP, and then you can go and search on Google for the PNP process for SDWAN or the ZTP process for SDWAN. You'll find the steps to be similar. Obviously, the way that we are doing it is different, but overall the steps are very similar. So what will happen here? You can see the summary slide. We have that AP that will boot it, rediscover the WLC, form the DTLs channel, join the WLC, and then the WLC will push the configuration and then the EP will be up and running. Now, here, you can see that. Now if you have the three different tiers, you have the management plan, whether you are using prime infrastructure or DNAC, and that is solved or resolved inside the DNS center, then you have the control planet, which is nothing but WLC. And then you have the data plane, which is nothing but the access point. These access points can sit anywhere remotely, and you are using the feature called Plug and Play. So you're using WLC from the primary infrastructure, and the methodology is Plug and Play to install all remotely hosted access points, reducing complexity and increasing productivity. Okay, so let's.
13. WLC Best practices
Let us continue our discussion Now that mobility and rooming are both different, we have the controller-based architecture and the mobility-based architecture. Mobility implies that you are avoiding mobile features. Roaming means the user can roam from one place to another, and he can associate with a different type of access point I can show you the diagram here. This user is visible to you. This laptop that you are seeing here can associate and disassociate with different access points, and that's the feature The ability to room is provided by rooming mobility. The next critical step is to understand what type of WLC or LLLC is available and what its capabilities are. This is a code data set; there you will get much more information about the capabilities and features of the WLC. For example, we have the MobilityExpress, which can support up to 50 APS thousand clients. 100 AP 2000 clients in these series, and as you can see, they are supporting up to 100 A. Then we have the midsize enterprise label, WLC 3500. Cisco 5520 series then you can see that how manyAPS clients and what is the overall throughput how manyAPS client and what is the overall throughput for this5520 and for the large enterprise we have 8540 WLCthat can support 6000 AP Given the rate unit, you can see it's bigger, so this WLC that is 5520 is one rate unit, and this 8540 has the highest stability and scalability for stability. Calability is a different thing; higher ability and redundancy are again different things, so we can achieve all those targets, but this 8540 has the highest scalability, meaning it can support up to 6,000 accesses. 640 clients. We have centrally managed flex connectivity deployment models with 64k clients. There is more and more information about this WLC and its operations, and all you will get inside the WLC course is a separate CCNP course for wireless land controllers, or we can see that for wireless not only for land controllers but for complete wireless we have a separate course as well, but here you will also get the core knowledge, which is what is AP. What is WLC? So now, when you're grouping the mobility engines with the mobility devices, you can see that you can go and group this mobility device. The mobility group name is mobility group, and everywhere they have their own Mac address, one for this mobility device or the controller, then two for this controller, and then three for this controller, so that means his neighbour is too empty. Has never been a one three three has never now This client, if you check, is roaming from one place to another, and because all these controllers are part of one mobility group, they have their own details in between them. So for any user perspective, they don't have muchissue to room from one place to other place. Obviously, behind the scenes, they are doing this control plane and data plane message exchange. So we have the Cap App panel, we have the join, we have everything we talked about earlier, and then they can associate and disassociate the SSID or access point. Now then you can see that youcan go and group the mobility group. So if you want 24 WLC and 72 WLC inside the mobility group, you can go and group them. You should go and check with the mobility group. Say, for example, 8082 and eight. Three: Even if you go and check the latest datasheet, you'll find some new additions and some new revisions. According to that, we can go and design our mobility groups. Okay, so let's just stop here.
14. Best Practices Summary
Let us continue and discuss the best practices. We should do RF planning. We should do the RF optimization, which means we should categorise the data, voice, video traffic, and location and client density. We should have optimised Gigabit WiFi as a primary and Gigabit Ethernet as a fallback. We should have high redundancy. And we'll see in the upcoming slide what it means by "SSO" in terms of client AP and WLC. And then we have AVC application, visibility, and control. That is, how you categorise the application for missing critical traffic or applications. Correct. So you are giving priority to some traffic over others. And that's why we have, actually, ABC. They can recognise the application with the metadata, and then obviously we can put a rule for that. Now, here you can see that we have three SSOs. We have client SSO. That means that if, in the event of any type of failure, the client state remains active, there's no problem with the active client state. In other words, the APS means that if your failure from one active WLC to another is still your AP, they don't have destruction; they have stateful switchover. And finally you have the cluster of WLC. So one is primary, one is backup standby, et cetera. Like that, you have redundancy in terms of WLC as well. So, here's that box: one to one Eve means one to one Eve. One is in active estate, and the other is on hot standby. I will show you that. You can connect to this via a dedicated link in the upcoming slide. Let me quickly show you this. Here, you can see that you have a redundant port in between two WLCS. Here we can see the redundant port in between two WLCs, correct? So, like that, if client sessions are active, those are client SSO. AP SSO occurs when AP sessions are active in the event of a failure. There is timing in between that. So suppose AAP has joined the WLC, and then he is actively tracking the active WLC. If this active is no longer active, he will send some probes and wait. He will not get any response from the active That means he will go and work with the backup. Okay, it's a very normal situation. You have to say, for example, at your agency that downtime during failover is reduced to five to 1000 milliseconds, depending upon the failure. In the case of a power failure on an active WLC, it may take 350 to 500 milliseconds. It may take several seconds if the network fails. We also have SSO support for the following models: 3504-5500, 7500-8500. Two, these WLC can be grouped. how you can make primary, secondary, and tertiary parts of one group. For that, you can go to the High Availability section. You can see that you have the backup primary controller, the IP backup primary controller name, and that everything will be done through the GUI. So it's actually very easy to create or have the redundancy come from the main or the active configuration GUI dashboard. And here you can see that you havethe redundant port that you can go andconnect these redundant port for SSO. And again, we have 13504pairing device pair of devices. Here you can see you have two devices, and you can see the RP ports where you can go and pair them or make them part of redundancy. All right, so these are things related to the redundancy of WLC. I hope you understand up to this point, because we have some summary slides in the next section, two or three summary slides, and then we'll move on to other sections. So let's stop here.
15. On-Prem vs Cloud Deployment
In one three, we have to understand theonprem versus the over the cloud deployment. And actually, nowadays, it's a very popular term to say that you have something on-premises, something in the cloud, or a mix of both. So you are using on-premises, and then you are using multiple clouds. Now we have three main players at this point of time.When it comes to cloud service providers, Amazon is one of the most important players in the industry. We have Azure from Microsoft, and then we have Google as well. Google is also gaining popularity, and then they made huge investments in the cloud domain. Now, let's just start this section and try to understand how these terms fit together when we are talking about on-premise and cloud deployment. So when we are talking about hybrid cloud networking, as you can see, that means that you have an on-premises cloud and a single public cloud provider. When we are talking about multi cloud networking, then youhave on prem and you have multiple cloud ple cloud providerNow, what type of terms are we going to use overall? When you look at how the technology fits in, it is actually quite simple. And that's the reason that AWS and other cloud service providers have gained popularity. So it's simple to implement, it's very easy to use, and it's highly available. So these are the key pillars upon which these services depends upon.Now, for example, I'll skip this slide and come back to this slide. So for example, I'll show you an example here. So now I have my private network, and inside that private network I have one virtual router or maybe a physical router. With this router, I am creating a gateway with Google VPN. It could be an AWS gateway; it could be your gateway everywhere; you have some kind of feature and capability; and possibly the name and terminologies will change. So then you can see that I canreach to the cloud Google cloud router. And this can work as a gateway for the application that is hosted behind this is hosted behiSo you have multiple applications hosted here, and those applications have a gateway as a cloud router. Then I have the VPN connectivity in between the public and private clouds. And then maybe I have auser hosted behind this private network. So this way, the flow will work for all the cloud providers. So let's try to understand these terms. So obviously you want to create IPsec version 2, or IKE version 2, one and two. So I think "two and two" twice. But yeah, you have options. Some of the cloud providers are supporting version one, and some of them are supporting version two. You have SSL. You have PKI infrastructure. Then routing it is supporting a staticBGPOspfeiGRP as I GP. So you have to redistribute IGP to BGP. BGP is one of the standard protocols, and BGP is used everywhere. We have the tunnelling methodology as well, like IPsec, Tunnel Mode, GRE M, GRE, MLS, et cetera. So, whatever we've learned in Cisco, whatever technology we've learned in Cisco, these cloud providers also programme in the same way they've written their code. So they can connect either with Cisco or Juniper or any third party or any networking domain companies, correct? Because cloud-hosted applications can be used by any company, no one is correct. All right, so these are the terms that are going to be used. And when you create the channel in between your private and public clouds, obviously you have the VPN gateway in one place, you have the VPN gateway at the cloud site, and then you can form the channel for routing purposes. You have BGP, which can take all routes from one location to another. If you want to learn more aboutthis, Google, GCP, AWS and Azure. So these are the links that you can go to and verify now why we are using multi-cloud or multiple-cloud because, obviously, if you are using different vendors, they each have their own abilities. If one of the vendors is down and selling, the other vendor is up and running. So the reason is high availability. All these actually cloud providers, theyhave some unique features in them. So we can use one feature from one cloud provider and another main core feature from another cloud provider, and we can mix and match our requirements as a customer and then per project service requirement. Again, this depends upon the service. Now, when we are extending the private network to the public domain or private cloud, for example, at this point of time, Cisco has its cloud service router, and obviously they have the compute requirements. So they have the route process and, along with other services, it can be installed over ESXi. Here you can see the list of the minimum requirements. So for example, performance elasticity has level licenses. We have ten MEPs to ten Gbps, the CPU footprint, one virtual CPU to eight virtual CPUs, and the licenses. So you can install the CSR on any of these computers. Once you install this, you can form a tunnel from your private network to the public network. And here you have the list of all the dashboards for different types of cloud providers. Most of the cloud provider trainings arehaving very less cost or it's free. You can create your address, you can create an account with any of these cloud providers, and you can go and check the features. So for example, I can go and open AWS at Amazon.com, I'll get the dashboard, and from that dashboard I can go and check the number of features they are providing. So you want to do computation, data processing, security, and storage. There are a number of things all different cloud vendors are providing now. This is what this topology looks like: a private network extending to a public network I'm musing about VGP as an overlay protocol. For security reasons, I have a tunnel between my private network and the public network, and you can see that I can redistribute IGP over EBGP. BGP will carry those prefixes to the Google cloud, and then it will reach the gateway router, and then it will reach the applications correctly. Now, in the case of physical routers, that capability is also there. So I can create the IPsec tunnel from the physical router to the Google VPN, and then it will reach the Google router, and in the same way they can exchange the routes as well already.So let's stop here, and this section will continue from here.
16. Add more cloud
In one three, we have to understand theonprem versus the over the cloud deployment. And actually, nowadays, it's a very popular term to say that you have something on-premises, something in the cloud, or a mix of both. So you are using on-premises, and then you are using multiple clouds. Now we have three main players at this point of time.When it comes to cloud service providers, Amazon is one of the most important players in the industry. We have Azure from Microsoft, and then we have Google as well. Google is also gaining popularity, and then they made huge investments in the cloud domain. Now, let's just start this section and try to understand how these terms fit together when we are talking about on-premise and cloud deployment. So when we are talking about hybrid cloud networking, as you can see, that means that you have an on-premises cloud and a single public cloud provider. When we are talking about multi cloud networking, then youhave on prem and you have multiple cloud ple cloud providerNow, what type of terms are we going to use overall? When you look at how the technology fits in, it is actually quite simple. And that's the reason that AWS and other cloud service providers have gained popularity. So it's simple to implement, it's very easy to use, and it's highly available. So these are the key pillars upon which these services depends upon.Now, for example, I'll skip this slide and come back to this slide. So for example, I'll show you an example here. So now I have my private network, and inside that private network I have one virtual router or maybe a physical router. With this router, I am creating a gateway with Google VPN. It could be an AWS gateway; it could be your gateway everywhere; you have some kind of feature and capability; and possibly the name and terminologies will change. So then you can see that I can reach the Google cloud router. And this can work as a gateway for the application that is hosted behind this ed behind this So you have multiple applications hosted here, and those applications have a gateway as a cloud router. Then I have the VPN connectivity in between the public and private clouds. And then maybe I have a server hosted behind this private network. So this way, the flow will work for all the cloud providers. So let's try to understand these terms. So obviously you want to create IPsec version 2, or IKE version 2, one and two. So I think "two and two" twice. But yeah, you have options. Some of the cloud providers are supporting version one, and some of them are supporting version two. You have SSL. You have PKI infrastructure. Then routing it is supporting a staticBGPOspfeiGRP as I GP. So you have to redistribute IGP to BGP. BGP is one of the standard protocols, and BGP is used everywhere. We have the tunnelling methodology as well, like IPsec,tunnel mode, GRE M, GRE, MLS, et cetera. So, whatever we've learned in Cisco, whatever technology we've learned in Cisco, these cloud providers also programme in the same way they've written their code. So they can connect either with Cisco or Juniper or any third party or any networking domain companies, correct? Because cloud-hosted applications can be used by any company, no one is correct. All right, so these are the terms that are going to be used. And when you create the channel in between your private and public clouds, obviously you have the VPN gateway in one place, you have the VPN gateway at the cloud site, and then you can form the channel for routing purposes. You have BGP, which can take all routes from one location to another. If you want to learn more about this, see Google, GCP, AWS, and Azure. So these are the links that you can go to and verify now why we are using multi-cloud or multiple-cloud because, obviously, if you are using different vendors, they each have their own abilities. If one of the vendors is down and selling, the other vendor is up and running. So the reason is high availability. All these actually cloud providers, theyhave some unique features in them. So we can use one feature from one cloud provider and another main core feature from another cloud provider, and we can mix and match our requirements as a customer and then per project service requirement. Again, this depends upon the service. Now, when we are extending the private network to the public domain or private cloud, for example, at this point of time, Cisco has its cloud service router, and obviously they have the compute requirements. So they have the route process and, along with other services, it can be installed over ESXi. Here you can see the list of the minimum requirements. So for example, performance elasticity has level licenses. We have ten MEPs to ten Gbps, the CPU footprint, one virtual CPU to eight virtual CPUs, and the licenses. So you can install the CSR on any of these computers. Once you install this, you can form a tunnel from your private network to the public network. And here you have the list of all the dashboards for different types of cloud providers. Most of the cloud provider trainings arehaving very less cost or it's free. You can create your address, you can create an account with any of these cloud providers, and you can go and check the features. So for example, I can go and open AWS, Amazon.com,I'll get the dashboard and from that dashboard I cango and check in number of features they are providing. So you want to do computation, data processing, security, and storage. There are a number of things all different cloud vendors are providing now. This is what this topology looks like: a private network extending to a public network I'm musing about VGP as an overlay protocol. For security reasons, I have a tunnel between my private network and the public network, and you can see that I can redistribute IGP over EBGP. BGP will carry those prefixes to the Google cloud, and then it will reach the gateway router, and then it will reach the applications correctly. Now, in the case of physical routers, that capability is also there. So I can create the IPsec tunnel from the physical router to the Google VPN, and then it will reach the Google router, and in the same way they can exchange the routes as well already.So let's stop here, and this section will continue from here.
Pay a fraction of the cost to study with Exam-Labs 350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including 350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR) certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.