The CCNP Enterprise restructuring in 2020 changed something fundamental about the certification: you now choose which specialist direction to pursue rather than following a single fixed track. This flexibility is also the source of most preparation confusion — candidates don't know whether to study for ENCOR alone, how to select a concentration, or how to sequence preparation across two exams.
Here's how the credential actually works and how to prepare efficiently for both components.
How CCNP Enterprise Is Structured
CCNP Enterprise requires two exams:
- ENCOR (350-401): Enterprise Core — mandatory for all CCNP Enterprise candidates
- Concentration exam — one of six options, choose based on your specialization
| Concentration Exam | Code | Focus |
|---|---|---|
| ENARSI | 300-410 | Advanced Routing and Services |
| ENWLSD | 300-420 | Wireless Design |
| ENWLSI | 300-425 | Wireless Implementation |
| ENSDWI | 300-415 | SD-WAN Solutions |
| ENSLD | 300-420 | Enterprise Design |
| ENAUTO | 300-435 | Automating Enterprise Solutions |
The strategic decision: choose your concentration based on your current role or target role, not on which exam looks easiest. ENARSI (advanced routing) is the most commonly chosen concentration because routing expertise is broadly applicable. ENAUTO (automation) is growing in demand. ENWLSD/ENWLSI require genuine wireless networking experience.
ENCOR (350-401): What Makes It Different from CCNA
ENCOR is harder than CCNA in a specific way: it assumes you have CCNA-level knowledge and tests you on enterprise-scale implementations of those concepts.
| Domain | Weight |
|---|---|
| Architecture | 15% |
| Virtualization | 10% |
| Infrastructure | 30% |
| Network Assurance | 10% |
| Security | 20% |
| Automation | 15% |
Infrastructure at 30% is the largest domain. This covers routing (OSPF in detail, BGP introduction, redistribution), switching (advanced STP, RSTP, MSTP, VLANs at scale), wireless, and IP services. CCNA introduced these topics; ENCOR goes deeper.
BGP on ENCOR
BGP (Border Gateway Protocol) appears on ENCOR for the first time in the Cisco certification path. The exam tests external BGP (eBGP) fundamentals:
- eBGP neighbor formation requirements (direct connection or TTL configuration)
- BGP path selection attributes: Weight → Local Preference → AS path length → Origin → MED → eBGP over iBGP → Router ID
- Basic BGP configuration and neighbor verification
ENCOR doesn't test the full BGP depth that appears on CCIE or even ENARSI. The goal is demonstrating conceptual understanding and basic configuration capability.
SD-WAN and SD-Access Concepts
ENCOR tests Cisco's intent-based networking solutions at a conceptual level:
Cisco SD-WAN (Viptela architecture):
- vManage: centralized management plane
- vSmart: centralized control plane (routing policies)
- vBond: orchestration plane (authenticates devices)
- vEdge/cEdge: data plane devices
The exam tests the component roles, not full deployment configuration.
Cisco SD-Access (DNA Center + ISE):
- DNA Center: network management and intent-based automation
- ISE (Identity Services Engine): policy enforcement and AAA
- Fabric: underlay (physical network) + overlay (VXLAN-based)
"ENCOR's SD-WAN and SD-Access coverage rewards candidates who approach it architecturally. Don't try to memorize configuration parameters — understand why each component exists. The exam asks 'which component is responsible for policy enforcement' not 'what CLI command does vSmart use.'" — Kevin Wallace, CCIE and Cisco Press author
QoS on ENCOR
Quality of Service is tested significantly on ENCOR. Key concepts:
QoS models:
- Best effort: no QoS (default)
- IntServ (Integrated Services): resource reservation per flow using RSVP. Doesn't scale.
- DiffServ (Differentiated Services): classifies traffic into classes, applies policies per class. Scales. What enterprises use.
QoS mechanisms:
- Classification and marking: identify traffic, mark with DSCP or CoS values
- Queuing: prioritize delivery (LLQ — Low Latency Queuing — for voice traffic)
- Congestion management: tail drop vs WRED (Weighted Random Early Detection)
- Policing vs shaping: policing drops excess traffic immediately; shaping buffers excess traffic for later
ENARSI (300-410): Advanced Routing and Services
ENARSI is the most popular concentration and the most logical next step for network engineers with a routing background.
| Domain | Weight |
|---|---|
| Layer 3 Technologies | 35% |
| VPN Technologies | 20% |
| Infrastructure Security | 20% |
| Infrastructure Services | 25% |
Layer 3 Technologies at 35% tests routing in depth beyond ENCOR: OSPF advanced features (virtual links, stub areas, NSSA, LSA types), BGP deeper coverage (iBGP, route reflectors, communities, policy), EIGRP (including EIGRP for IPv6), and redistribution between routing protocols.
OSPF Areas and LSA Types
ENARSI tests OSPF area types and their implications — content that CCNA and ENCOR cover lightly:
| Area type | External routes | Type 5 LSAs | Type 7 LSAs |
|---|---|---|---|
| Backbone (Area 0) | Yes | Yes | No |
| Standard | Yes | Yes | No |
| Stub | No | No | No |
| Totally Stubby | No | No | No |
| NSSA | Redistributed as Type 7 | No | Yes |
| Totally NSSA | Redistributed as Type 7 | No | Yes |
The exam scenario: "A branch office connects to the OSPF network but only needs a default route and doesn't need to know about external routes. Which area type minimizes routing table size?" Totally Stubby — blocks both Type 3 and Type 5/7 LSAs, leaving only a default route.
VPN Technologies
ENARSI tests MPLS Layer 3 VPNs and DMVPN:
MPLS L3VPN: service provider technology where VPN routing tables (VRFs) separate customer traffic. The exam tests VRF-Lite (per-customer routing tables on enterprise gear) and the Provider Edge (PE) / Customer Edge (CE) architecture.
DMVPN (Dynamic Multipoint VPN): creates dynamic spoke-to-spoke tunnels on demand. Hub-and-spoke topology where spokes can communicate directly without traversing the hub. NHRP (Next Hop Resolution Protocol) maps overlay addresses to underlay addresses dynamically.
Study Sequencing for CCNP Enterprise
Prerequisite reality: Cisco doesn't require CCNA before CCNP, but the knowledge requirement is absolute. Attempting ENCOR without solid CCNA knowledge produces failed attempts.
Recommended study sequence:
Months 1-3: ENCOR preparation
- Infrastructure domain first (heaviest domain, builds on CCNA routing/switching)
- Security and automation second
- Architecture/virtualization last
Months 4-6: Concentration preparation (ENARSI example)
- Layer 3 technologies first (largest domain)
- Infrastructure services second
- VPN and security last
Practice exam strategy: INE and CBT Nuggets both have CCNP-level practice. Boson has ENCOR practice exams. Target 75-80% on practice before booking — ENCOR and concentration exams pass at approximately 825/1000.
Hands-on requirements: CCNP-level routing protocols (advanced OSPF, BGP, EIGRP redistribution) cannot be learned from text alone. GNS3 with Cisco IOS images or a physical lab with older Cisco equipment is strongly recommended for ENARSI preparation.
The ENCOR Domains in Depth
ENCOR (350-401) covers six domains that require different preparation approaches. Understanding which domains to prioritize changes preparation efficiency significantly.
Architecture (15%)
ENCOR architecture questions test design judgment, not implementation. You're expected to evaluate which architecture pattern best satisfies a set of requirements — when to use spine-leaf vs three-tier campus, when SD-Access addresses a requirement better than traditional segmentation, how to design a campus network that supports IoT devices at scale.
Cisco SD-Access specifically: Software-Defined Access is a major ENCOR topic that many candidates underestimate. SD-Access uses DNA Center as the controller, ISE for policy and authentication, and LISP for host mobility. Understanding how these components interact — specifically the overlay/underlay separation and how fabric borders connect to outside networks — is tested at depth.
The design document question type: ENCOR architecture questions often present a requirement and ask you to select the design that best addresses it. This isn't memorization — it requires understanding the tradeoffs between options. Candidates who study Cisco's CCNP Enterprise Design Guide (free at cisco.com) alongside course materials perform significantly better on architecture questions.
Virtualization (10%)
Network virtualization is one of the areas most dramatically expanded in the CCNP 2020 revision. VRF (Virtual Routing and Forwarding) allows multiple routing tables on a single router — critical for multi-tenant environments and path separation. ENCOR tests VRF-Lite and VRF-aware services at a depth not present in older CCNP materials.
GRE and IPsec in the virtualization context: ENCOR tests GRE tunnels (unencrypted overlay), IPsec (encryption framework), and GRE over IPsec (both). Understanding when to use each configuration — site-to-site VPN with encryption, unencrypted overlay for routing protocol carriage, DMVPN for hub-and-spoke with dynamic spokes — is specifically tested.
Infrastructure (30%)
Infrastructure is the largest ENCOR domain and the most directly built on CCNA knowledge.
OSPF at CCNP depth: ENCOR tests OSPF beyond basic area configuration. LSA types (Type 1-7), inter-area routing, route summarization at ABRs and ASBRs, stub and totally stubby areas, NSSA areas and Type 7 to Type 5 translation. Candidates who only know OSPF from CCNA (configure neighbors, verify adjacency) fail ENCOR infrastructure questions consistently.
BGP fundamentals: ENCOR introduces BGP as a new topic for most candidates. eBGP vs iBGP distinctions, BGP path selection attributes (weight, local preference, AS-PATH, MED), route filtering with prefix lists and route maps. BGP is not deeply tested on ENCOR compared to CCIE, but the fundamentals must be solid.
QoS: Quality of Service is heavily tested and often poorly prepared for. ENCOR tests the entire QoS pipeline: classification (DSCP, CoS, ACL-based), marking (changing DSCP values), queuing (CBWFQ, LLQ), policing vs shaping, and congestion avoidance (WRED). QoS questions require understanding both configuration and the conceptual model of why each mechanism exists.
Concentration Exam Choice: Strategic Considerations
The choice of concentration exam affects both preparation difficulty and career positioning.
ENARSI (300-410): The Classic Advanced Routing Choice
ENARSI remains the most commonly pursued concentration because advanced routing and infrastructure skills are foundational to most enterprise networking careers. Candidates who pursue CCIE Enterprise Infrastructure eventually need ENARSI-level knowledge anyway — ENARSI preparation is not wasted if the career target is CCIE.
ENARSI preparation resources: Jeremy's IT Labs has a dedicated ENARSI course (free on YouTube) that's widely credited as the best free resource. The depth and pace matches the exam level better than most paid resources for this specific exam.
The GNS3 requirement: ENARSI's advanced routing content (EIGRP advanced, OSPF advanced, BGP policy) cannot be adequately prepared for without lab configuration. GNS3 with Cisco IOS images or physical equipment is required. Candidates who rely only on Packet Tracer for ENARSI preparation consistently report finding lab tasks they can't complete because Packet Tracer doesn't support all EIGRP and BGP features tested.
ENSLD (300-420): Architecture for the Path to Solutions Architect
ENSLD (Designing Cisco Enterprise Networks) tests network design at a depth that directly applies to Solutions Architect roles and consulting work. Unlike ENARSI which tests implementation, ENSLD tests design decisions — why you'd choose one architecture over another.
Who ENSLD suits: network engineers moving toward architecture or consulting roles, candidates who want to differentiate from the majority who take ENARSI, and engineers who enjoy the design aspect of networking more than deep protocol implementation.
What CCNP Earns You Professionally
The job market signal: CCNP is the credential that differentiates senior network engineers from engineers who are mid-level. Most network engineer job postings list CCNA as a requirement and CCNP as preferred or required for senior roles.
Salary context: the CCNP premium in most US markets is $15,000-$25,000 annually over CCNA-only credentials. Senior network engineers (5+ years, CCNP) earn $90,000-$130,000 in most US markets, compared to $65,000-$85,000 for CCNA engineers.
Government contractor context: CCNP appears in job listings for network engineering roles at defense contractors and federal agencies. The DoD 8570/8140 framework doesn't specifically list CCNP (it's a Cisco vendor credential), but CCNP demonstrates the level of expertise those roles require alongside 8570-approved certifications.
CCNP and the CCIE pathway: every CCIE track requires passing the CCNP core exam (or a higher-level exam). Candidates pursuing CCIE Enterprise Infrastructure must pass ENCOR anyway — it serves as both CCNP completion and CCIE qualification. CCNP is therefore not a detour from CCIE but a required waypoint. Budget CCNP preparation as part of the CCIE journey, not as a separate credential before beginning that journey.
The independent specialty value: CCNP without CCIE in view is also a legitimate endpoint for many network engineers. The job market for CCNP network engineers is large and well-compensated. Not every networking career needs to target CCIE, and CCNP provides substantial professional recognition at significantly lower investment.
Maintaining CCNP After Passing
CCNP renewal: CCNP certifications expire 3 years after passing. Renewal options:
- Pass the CCNP core exam (ENCOR) again — resets the 3-year clock
- Pass a CCNP concentration exam in the same track
- Pass a CCIE written or lab exam in any track
- Earn Cisco Continuing Education credits through Cisco's CLP (Continuing Learning Program): 80 CE credits for CCNP renewal
The Cisco CLP approach: 80 CE credits over 3 years is achievable through Cisco training, webinars, and approved third-party content. Cisco's CLP portal tracks credit accumulation. This is often the most convenient renewal path for working network engineers who don't want to retake exams.
The strategic renewal: if you're planning to pursue CCIE anyway, timing your CCIE written exam (ENCOR is the qualifying exam) to coincide with your CCNP renewal means both certifications renew with one exam. Plan ahead — scheduling your CCIE qualifying exam as your CCNP renewal exam saves one exam fee and testing time.
Staying current with Cisco's platform evolution: Cisco updates exam content when the underlying technology changes significantly. The 2020 CCNP revision introduced SD-Access, SD-WAN, and network automation into the core curriculum. Future revisions will likely expand further into automation and cloud integration. Staying current with Cisco's technology roadmap between renewal cycles makes renewal exams less surprising.
"I studied for ENCOR for 14 weeks, passed it, and took a 3-month break before starting ENARSI. Don't do that. The routing protocol knowledge from ENCOR bleeds into ENARSI, and the break cost me several weeks of re-learning OSPF LSA types I'd already studied. Momentum matters with the CCNP stack — schedule your concentration exam within 2-3 months of passing ENCOR." — David Bombal, Cisco instructor and network engineering YouTuber with 1.7M subscribers
See also: CCNA study guide: what to know before you start, CCIE: understanding the world's hardest networking certification
References
- Cisco. CCNP Enterprise — Certification Overview and Exam Topics. Cisco, 2024. https://learningnetwork.cisco.com/s/ccnp-enterprise
- Wallace, Kevin. CCNP and CCIE Enterprise Core ENCOR 350-401 Official Cert Guide. Cisco Press, 2022. ISBN: 978-0138216764. (Primary official exam guide from Cisco Press)
- Teare, Diane, et al. CCNP Enterprise Advanced Routing ENARSI 300-410 Official Cert Guide. Cisco Press, 2022. ISBN: 978-0136775317.
- INE. CCNP Enterprise Training — ENCOR and Concentration Courses. INE, 2024. https://ine.com (Professional-level Cisco training with full lab topologies)
- Boson Software. ExSim-Max for Cisco ENCOR 350-401 Practice Exams. Boson, 2024. https://www.boson.com
- Cisco. Cisco Validated Design Guides — Enterprise Networking. Cisco, 2024. https://www.cisco.com/c/en/us/solutions/enterprise/validated-design-guides (Real-world design documentation that informs CCNP-level exam scenarios)
Frequently Asked Questions
Which CCNP Enterprise concentration should I choose?
Choose based on your current or target role. ENARSI (advanced routing) is most broadly applicable for network engineers. ENAUTO (automation) is fastest growing in demand. ENWLSD/ENWLSI require genuine wireless experience. Don't choose based on exam difficulty — choose based on where you work or want to work.
Do I need CCNA before attempting CCNP Enterprise?
Cisco doesn't enforce it, but CCNA knowledge is a practical prerequisite. ENCOR tests CCNA content at enterprise depth — OSPF in detail, routing protocols at scale, QoS, wireless — without re-teaching the fundamentals. Attempting ENCOR without solid CCNA consistently produces failure.
What is the most important domain on ENCOR?
Infrastructure at 30% is the largest domain. It covers OSPF advanced features, BGP introduction, advanced switching (MSTP, EtherChannel), wireless, and IP services. Candidates with strong CCNA routing/switching backgrounds have a significant advantage in this domain.
How long does CCNP Enterprise preparation take?
ENCOR alone typically requires 12-16 weeks for CCNA-certified candidates. Adding ENARSI requires another 10-14 weeks. Total: 22-30 weeks for the full CCNP Enterprise credential. Candidates with significant hands-on routing experience move faster through ENARSI content.
What practice exam resource is best for CCNP Enterprise?
Boson ExSim-Max has the most accurate CCNP-level practice questions. INE provides comprehensive lab environments for hands-on practice. For ENARSI specifically, hands-on GNS3 or real equipment practice is more important than practice exams — the routing protocol scenarios require configuration-level understanding.