Design models, HA, SD-Access, SD-WAN, QoS, and wireless — 15%
Domain Weight
Architecture accounts for 15% of the 350-401 ENCOR exam.
ENCOR architecture questions test whether you can choose the right campus, WAN, and wireless design — and explain how Cisco SD-Access and SD-WAN components fit together. Know when to use three-tier vs spine-leaf, and how QoS and wireless architectures support voice, video, and branch resilience.
Design Model
Tiers / Roles
Best For
Trade-offs
Three-tier
Access → Distribution → Core
Large campus, full L2/L3 services at distribution
Higher complexity and cost; proven modularity
Collapsed core
Access → Core (no distribution)
Medium sites, routed access common
Fewer devices; distribution services move to access/core
Spine-leaf (Clos)
Spine = L3 fabric; Leaf = attachment
Data center ECMP, predictable latency
Requires L3 everywhere; no STP blocking paths
Modular WAN hub
Hub routers + branch spokes
Centralized policy and internet breakout
Hub becomes critical; consider regional hubs
High Availability at the Edge
Protocol
Mechanism
Exam Notes
HSRP
Cisco FHRP — active/standby virtual IP
Preempt, priority, tracking interfaces/objects
VRRP
Open standard FHRP
Master/backup; priority 1–254
GLBP
Cisco — load-balancing across gateways
AVG assigns MACs; hosts use different gateways
SSO / NSF
Stateful switchover on supervisors
Control plane redundancy in modular switches
Cisco SD-Access (DNA Center)
Underlay — physical IP connectivity between fabric nodes (IS-IS or OSPF; manual or automated)
Overlay — VXLAN data plane with LISP control plane for endpoint mapping
vEdge / cEdge — data plane devices; IPsec/GRE tunnels over any transport (MPLS, internet, LTE)
OMP — overlay management protocol; advertises routes, TLOCs, and services between edges
TLOC — tunnel endpoint identifier (system IP + color + encapsulation)
Centralized vs localized policy — hub breakout vs direct internet at branch
Application-aware routing — SLA classes steer traffic to best path
QoS (DiffServ) — Classification to Queuing
Step
Action
Common Tools
Classify
Identify traffic (ACL, NBAR, DSCP)
match access-group, match protocol
Mark
Set DSCP/CoS at trust boundary
set dscp ef, set cos 5
Police
Hard rate limit — drop or remark excess
police cir exceed-action drop
Shape
Smooth bursts to contracted rate
shape average — queues excess
Queue
Scheduler allocates bandwidth
priority queue (LLQ), CBWFQ, WRED
EF (DSCP 46) — expedited forwarding; voice typically in LLQ
AF classes (DSCP 10–14, 18–22, 26–30, 34–38) — assured forwarding with drop precedence
Trust boundary — access port (untrusted) vs uplink to carrier (trusted DSCP)
Queuing — LLQ services delay-sensitive traffic; CBWFQ guarantees minimum bandwidth per class
Wireless Architectures
Mode
Description
Use Case
Centralized
LWAPs tunnel to WLC — control + data
Campus, full RF visibility
FlexConnect (H-REAP)
Local switching at AP; central auth optional
Branch — survives WAN loss with local VLANs
FlexConnect local auth
AP authenticates locally when WAN down
Retail, remote offices
Autonomous AP
Standalone — no CAPWAP to WLC
Legacy/small deployments; not ENCOR focus
CAPWAP Reminder
LWAPs build two CAPWAP tunnels to WLC — control (UDP 5246) and data (UDP 5247). AP discovery: DHCP option 43, DNS, or broadcast.
Exam Focus Areas
SD-Access overlay = VXLAN + LISP; SD-WAN data plane on edges, control on vSmart
LLQ = priority queue for voice/video; never oversubscribe LLQ bandwidth
FlexConnect local switching reduces WAN hairpinning for branch client traffic
GLBP is the only FHRP that load-balances active forwarding across routers
Practice This Domain
Test your understanding with free practice questions at /certifications/cisco/cisco-ccnp-enterprise/practice — focus on: Enterprise network design principles (3-tier, collapsed core, spine-leaf), SD-Access: underlay, overlay, fabric, DNA Center, SD-WAN: control plane, data plane, vSmart, vBond, vManage.
Read 350-401 ENCOR notes without distractions
Open Foci to run a focused study block while you review domains, tables, and exam tips.
