Designing Cisco Enterprise Networks (300-420 ENSLD)

This page breaks 300-420 ENSLD (Implementing and Administering Cisco Solutions) into 10 focused sections aligned to the official exam topics. Work through the sections in order, then switch to mixed practice to simulate real test conditions.

Vendor: Cisco Credential: Cisco Certified Specialist – Enterprise Design (CCNP Enterprise concentration exam) Exam: 300-420 ENSLD Practice: domain then mixed
Start practicing Back to hub ↗

300-420 ENSLD coverage (10 sections)

Use the practice button on each card to open the quiz set for that domain in a new tab.

Structured IPv4 and IPv6 Addressing Plan Design

S01

What you will practice:

  • IPv4 addressing plan structure
  • Hierarchical addressing models (core/distribution/access, site/region-based summarization intent)
  • VLSM p…
  • IPv4 addressing plan structure
  • Hierarchical addressing models (core/distribution/access, site/region-based summarization intent)
  • VLSM planning for variable site sizes
  • Address block allocation for growth (spare capacity strategy)
  • Summarization boundaries and where summaries should exist (distribution/core/edge)
  • IPv6 addressing plan structure
  • Prefix allocation strategy (site prefixes, per-VLAN/per-segment planning)
  • Aggregation goals (route summarization and stability)
  • Addressing for services and infrastructure (loopbacks, P2P links, management networks)
  • Operational design constraints
  • Multitenancy/segmentation needs (how addressing aligns with VRFs and segmentation)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

IGP Design: IS-IS, EIGRP, OSPF (Stability, Security, Scale)

S02

What you will practice:

  • IGP selection criteria
  • Convergence expectations, operational complexity, and scaling approach
  • Scalability and stability design
  • IGP selection criteria
  • Convergence expectations, operational complexity, and scaling approach
  • Scalability and stability design
  • Failure domain control and topology choices
  • Summarization design (where and why)
  • Route filtering rationale (preventing churn and limiting propagation)
  • Security design considerations
  • Securing routing adjacencies (design intent: prevent spoofed neighbors/updates)
  • Resiliency features
  • Fast convergence philosophy and its tradeoffs (CPU/traffic stability)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

BGP Design for Enterprise: Address Families, Policy, Scale

S03

What you will practice:

  • BGP address families
  • IPv4/IPv6 address families and the design implication of multi-AF deployments
  • Basic route filtering
  • BGP address families
  • IPv4/IPv6 address families and the design implication of multi-AF deployments
  • Basic route filtering
  • Inbound/outbound filtering intent (control what you accept and what you advertise)
  • Attributes for path preference
  • Designing deterministic path selection using attributes (enterprise policy routing at scale)
  • Route reflectors
  • iBGP scaling patterns and where route reflectors fit in a large enterprise
  • Load sharing
  • Multi-path design intent (utilization and resiliency) and where it is appropriate
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

IPv6 Migration Strategy Design: Overlay, Dual-Stack, Translation Boundaries

S04

What you will practice:

  • Overlay (tunneling) strategies
  • When tunneling is used (constraints, islands, incremental rollout)
  • Native dual-stack strategies
  • Overlay (tunneling) strategies
  • When tunneling is used (constraints, islands, incremental rollout)
  • Native dual-stack strategies
  • Running IPv4 and IPv6 in parallel (design drivers: app readiness, operational simplicity)
  • Boundaries: IPv4/IPv6 translations
  • Where translation functions typically live (edge/border) and why boundaries matter
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Campus High Availability Design: FHRP and Platform/Control-Plane Resiliency

S05

What you will practice:

  • First Hop Redundancy Protocols (FHRP)
  • Default gateway resiliency design (active/standby concepts, failure detection implications)
  • Platf…
  • First Hop Redundancy Protocols (FHRP)
  • Default gateway resiliency design (active/standby concepts, failure detection implications)
  • Platform abstraction techniques
  • Designing to reduce dependency on specific hardware behaviors (operational consistency goal)
  • Graceful restart
  • Maintaining forwarding during control-plane restarts (impact on uptime)
  • BFD
  • Fast failure detection as a design component (ties directly to convergence objectives)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Campus Layer 2 Infrastructure Design: STP Scale, Convergence, Security, Power

S06

What you will practice:

  • STP scalability
  • Design choices that limit STP complexity and reduce instability
  • Fast convergence
  • STP scalability
  • Design choices that limit STP complexity and reduce instability
  • Fast convergence
  • L2 design that minimizes reconvergence time during failures/changes
  • Loop-free technologies
  • Designing to prevent bridging loops (and the symptoms loops create)
  • PoE and Wake-on-LAN
  • Power delivery as part of campus design (phones/APs/IoT endpoints)
  • Layer 2 security techniques (STP security, port security, VACL)
  • Preventing rogue switches/loops
  • Preventing unauthorized endpoint access
  • Using VLAN ACLs for segmentation enforcement at Layer 2
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Multi-Campus Layer 3 Design: Summarization, Filtering, VRFs, Topology, Redistribution

S07

What you will practice:

  • Convergence design
  • Failure domain shaping; convergence vs stability trade-offs
  • Load sharing
  • Convergence design
  • Failure domain shaping; convergence vs stability trade-offs
  • Load sharing
  • Designing for ECMP/traffic distribution where appropriate
  • Route summarization
  • Summaries as a stability tool (reducing table size and churn)
  • Route filtering
  • Controlling propagation between domains/regions/sites
  • VRFs
  • Segmentation via multiple routing tables (multi-tenant and separation requirements)
  • Optimal topologies
  • Campus/core interconnect design choices that minimize bottlenecks and reduce blast radius
  • Redistribution
  • Designing redistribution safely (avoiding loops, controlling route leakage, policy intent)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

SD-Access Architecture and Fabric Design Considerations (Wired and Wireless)

S08

What you will practice:

  • SD-Access architecture
  • Underlay vs overlay
  • Control plane vs data plane
  • SD-Access architecture
  • Underlay vs overlay
  • Control plane vs data plane
  • Automation principles
  • Wireless integration concepts
  • Security components at a design level
  • Fabric design considerations for wired and wireless access
  • Overlay and fabric design choices
  • Control-plane design considerations
  • Border design considerations
  • Segmentation and virtual networks
  • Scalability considerations
  • Wireless over-the-top vs fabric for wireless
  • Multicast considerations inside the fabric
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Enterprise WAN Design: Connectivity Options, VPN Designs, HA, SD-WAN Architecture and Design

S09

What you will practice:

  • WAN connectivity options for on-prem, hybrid, and cloud
  • Layer 2 VPN
  • MPLS Layer 3 VPN
  • WAN connectivity options for on-prem, hybrid, and cloud
  • Layer 2 VPN
  • MPLS Layer 3 VPN
  • Metro Ethernet
  • DWDM
  • 4G/5G
  • SD-WAN customer edge
  • Site-to-site VPN design
  • DMVPN
  • IPsec
  • GRE
  • GET VPN
  • WAN high availability design
  • Single-homed vs multihomed
  • Backup connectivity
  • Failover design
  • Cisco SD-WAN architecture (orchestration, management, control, data planes)
  • Onboarding and provisioning
  • Security components
  • Cisco SD-WAN design considerations (overlay/control design, LAN integration, HA, scalability, QoS, multicast)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

Network Services Design and Automation (Telemetry and Model-Driven Operations)

S10

What you will practice:

  • Network Services: QoS strategy selection (DiffServ vs IntServ)
  • End-to-end QoS policy design (classification/marking, shaping, policing, q…
  • Network Services: QoS strategy selection (DiffServ vs IntServ)
  • End-to-end QoS policy design (classification/marking, shaping, policing, queuing)
  • Network management technique design (in-band vs out-of-band, segmented management networks, prioritizing management traffic)
  • Multicast concepts and services design (RPF, rendezvous points, SSM, PIM bidirectional, MSDP)
  • Automation: YANG model ecosystems (IETF vs OpenConfig vs Cisco)
  • NETCONF vs RESTCONF
  • Model-driven telemetry (periodic vs on-change publication)
  • gRPC and gNMI
  • Cloud connectivity options (direct connect, cloud on ramp, MPLS direct connect, WAN integration)
  • Cloud service models (SaaS, PaaS, IaaS)
Practice this section ↗

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

FAQ

How should I use the 10 sections on this page for 300-420 ENSLD?

Treat this as a design checklist. Start with addressing and routing design (sections 1–4), then campus resiliency and infrastructure design (sections 5–7), then SD-Access and WAN design (sections 8–9), and finish with services plus automation (section 10). For each section, practice until you can justify design decisions, explain tradeoffs, and identify risks and failure domains.

Is this outline aligned to the real 300-420 ENSLD exam topics?

Yes. The sections map to the ENSLD blueprint themes: structured addressing, IGP/BGP design, IPv6 transition strategy, campus HA and L2/L3 design, SD-Access fabric design, enterprise WAN/SD-WAN, and services plus automation/telemetry.

What is the relationship between 300-420 ENSLD and CCNP Enterprise?

ENSLD (300-420) is a CCNP Enterprise concentration exam. To earn CCNP Enterprise, you pass the core exam (350-401 ENCOR) and one concentration exam such as ENSLD. Passing ENSLD also earns the Cisco Certified Specialist – Enterprise Design credential.

Is ENSLD a configuration-heavy exam like CCNA?

ENSLD is primarily design-focused. You are expected to reason about scalability, stability, security, convergence, and operational constraints. You should still understand underlying technologies, but the emphasis is on choosing and defending the right design approach for a given scenario.

What score do I need to pass 300-420 ENSLD?

Cisco does not publish a fixed passing score. The safest strategy is to practice scenario-based questions and focus on design rationale, tradeoffs, and how design decisions affect availability, operations, and security.