Here are my extremely verbose thoughts on preparing and studying for the Cisco Certified Network Professional (CCNP) Route and Switch certification. I'm certain only my parents will read the whole thing but that's okay.
I finished this cert back in 2018. WTF you ask, it's 2021... that was so long ago Cisco renamed and revamped the cert to CCNP Enterprise. Truth be told I drafted this write-up in 2018 when I was actually studying for it. I wanted to get my website running, which I did, but I didn't add any content. Better late than never, I suppose, so I'll just chalk this endeavor up to persistence.
I planned to do a three part series to document my work for each of the CCNP Route and Switch exams, but now I don't remember it all. I only documented my work through the SWITCH exam so that's what I'll post. With that being said, this probably covers 80-90% of my effort and experience working towards this cert.
Motivation
I'm not a network engineer and likely will never be. Why go for the CCNP cert? I have a couple reasons for this.
The first is I thought the Cisco Certified Network Associate (CCNA) Route and Switch training was great for learning network fundamentals. I was fortunate my work paid for one week courses for ICND1 and ICND2 (note: from what I gather these two classes have now been replaced by the Implementing and Administering Cisco Solutions (200-301) course). The instructors really knew their stuff too. Yes, they are Cisco specifics especially in the implementation, but many of the networking concepts are the same across manufacturers.
The second is that I've attended a few of those conference talks titled something like,
So you want to be a pentester/exploit dev/reverse engineer/etc?
More than one has said they've found the best security personnel often have an extensive background in either system or network administration. It isn't a big secret that you generally need to know the fundamentals to better secure you systems and networks. Of all the certs I've earned I think Cisco's have been the hardest. Outside of doing the actual job full time, I've also found them to be best in forcing you to get hands on experience. For me this was the best path forward for gaining that experience.
The last reason is incentive pay. My work offers a three year increase for my salary if I earn this cert. At the time I started studying, my current three years of incentive pay for the CISSP had one year left and I didn't want to take a pay cut. To make the best of this opportunity I'll take some extra cash and improve my skills. But first you must invest your time and some money.
Preparation
How to proceed with earning this thing? I'll tell you up front that I self-studied, and I think when it's all said and done I spent under $2800 total: books ($70), three Cisco exam fees ($900), Cisco virtual lab access for a year ($210), Cisco official practice tests ($240), and my home lab ($1355). Plus lots of time: hours of reading, note taking (135 pages), and labs.
This time around work isn't helping with paid boot camps, hence my self-study decision. I looked into the cost of paying it myself, and most seemed to be around $3-4k per course. Considering there are three tests to earn the CCNP: ROUTE (300-101), SWITCH (300-115), and TSHOOT (300-135) this would wouldn't be the cheapest option (note: I'm not sure why Cisco capitalizes these test names as they're not acronyms or initialisms but I'll stick to their convention). That's at least two classes as TSHOOT is a combination of route and switch troubleshooting. Regardless of the study method there are the three test fees, assuming I don't fail. It also doesn't account for any virtual lab time I may need to purchase for extra practice. If I went this route I think it's fair to estimate I'd easily spend $7-8k.
Update: Cisco has updated the CCNP Route and Switch cert to CCNP Enterprise and they now require two exams. One is on core enterprise network technologies appropriately named Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR). The second exam lets you choose from six concentration areas. From this transition my CCNP Route and Switch certification mapped to the Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) course.
Building the CCNP Cisco Lab
I'm not gonna lie, I really like shopping for and buying tech gear. Studying for my CCNA was all virtual. Remember, I'm not a network engineer so I've had little hands-on time with actual gear. Once you figure out the feature differences between Cisco access switches they're relatively straight forward. Plus, I'm more comfortable in the switch arena as I look at switch configs for work. I went with two Cisco 2960 and two 3560 switches.
Cisco 2960 switch.
Cisco 3560 switch.
Routers were a different beast. Similar to the switch process, you figure out the differences between the series. But then you have to consider the various serial card interfaces. Now it's not actually that bad (and although I didn't know this at first) the whole CCNA/CCNP home lab aftermarket is a lot more limited than Cisco's full line of gear. Most shops have a certain set of older, dirt-cheap stuff compared to their original cost. I went with two Cisco 1840 and two 2811 routers. I also picked up six WIC 1DSU-T1 V2 cards and five WIC 2T cards. This was ultimately overkill but I was interested in trying the different interface types.
Cisco 1841 router.
Cisco 2811 router.
Cisco WIC 1DSU-T1 V2 serial card.
Cisco WIC 2T serial card.
The last component is easily managing and working with these devices. For CCNP most lab designs have 4 switches and 4 routers. You can certainly plugin a console cable into each one and connect back and forth, but that gets old quick. Alternatively, you could configure SSH/Telnet to connect between devices. However, the best way to go in my opinion is an extra terminal server. You connect to this single device that will interface to each router/switch console port. Then can simply change between them using key commands. With this I can run a single 40' Ethernet cable across my apartment to my recliner chair and conveniently lab-away.
Cisco 2511 terminal server (front).
Cisco 2511 terminal server (back).
CentreCom 210TS 10BaseT Ethernet transceiver.
It was surprising to me that I stumbled a few times getting up and running. I guess in the virtual world you never have to think about things like creating a clean configuration baseline, deploying a TFTP server for backup, configuring a terminal server, performing password recovery, using a terminal program like Minicom for serial communications, troubleshooting unknown device reboots because of bad RAM, or uploading a new version of IOS.
As for purchasing this gear I spent about 1-2 months researching what was required, what cables I'd need, and looking at prices on Amazon, eBay, and the direct stores of those same sellers. I realized that at the end of the day everybody was selling the same used gear with a little variation.
Various console, patch, serial, and DCE/DTE Smart Serial cables used to connect and operate everything.
When I made the purchase I was also living in Germany so I had to spend a couple hundred bucks (USD) for shipping. That would have been free if I were State side. Unfortunately for me, it's just the cost of choosing to do business with elements back home.
Anticlimactic
I finally got everything, I built the rack, and then... nothing. I literally did nothing. I powered everything on to see if it at least worked. Maybe I consoled into the devices but I don't remember. I certainly didn't make any config changes. Then a few months later I moved from Germany (this was planned) so I had to take the rack apart. I went back to the States for about three months, and then I moved to China.
Do or Die Time
Fast forward about a year from the time I started researching everything and I decided to go for my CCNP. Besides buying stuff I hadn't actually done anything with it. For the record, and before you call me lazy, I was doing other developmental things in the meantime (e.g., I took two graduate computer science courses, earned two SANS GIAC certs, and I was starting to learn PowerShell). But still this had not gone far and to be honest, when you spend over $1k on something and don't do much with it, thoughts of wasted money and failure start to creep in.
Anyway, it was December. I just finished one of the above mentioned graduate courses. My CCNA was going to expire on the second Monday of February. I had just over two months to study and lab hard. I went for SWITCH first as that's what I was most comfortable with. My IOS skills were rusty but at least I read switch configs a couple times a month at work. These are not high speed, super complex switch configs as I'm mostly looking at access switches. However, I never see any production router configs.
I was about to meet my (ex-)girlfriend's parents for the first time over Christmas. They live in a very small town (or village as most Europeans call it) and they don't speak English, nor I their native tongue. In terms of studying for an exam this led to somewhat of a fortuitous situation. When you can't talk to them it's not really rude to sit on their familyroom couch for hours and stare at your laptop. It doesn't hurt either when your girlfriend tells them, "He's working to advance his career."
By this time I had actually gotten all my CCNP lab equipment to my apartment and setup. However, being in China, having The Great Firewall™ and the other internet related issues one might have in this country, I was not going to setup remote access capabilities. Instead, I purchased a Black Friday deal for Cisco's official CCNP labs. It included the ROUTE, SWITCH, and TSHOOT labs for $210 for 12 months. Usually they would cost $300 for six months. In hindsight this was a good decision on my part. Yes, I have my lab but sometimes it's much easier and faster to get running with the virtual environment. Plus, I'm on the road a lot so it really was an indispensable study supplement. On top of that, they were high quality and well done, resulting in them being my main lab resource. I did use my home lab as well and I wouldn't go back on my decision to build it.
The complete CCNP lab rack (configured for a SWITCH lab). I show this picture to people like its my kids.
SWITCH Exam
Two months later it's the day of my SWITCH exam. I'm taking it on a Friday. My CCNA expires the following Monday. If I failed I would lose my CCNA, and am no longer even eligible for the CCNP. Yikes!
I'm also taking it in China. This country is different from the States, especially for a non-Chinese speaker and reader. They have a lot of people. They have tons of cities here bigger than LA or Chicago that you've never heard of. I know some basic (bad) survival Chinese for taxis and restaurants. But one issue extremely difficult for other expats and me is finding places. You could literally be at the right location and not know it. Also most English language map programs are usually out-of-date. For whatever reason it's also a lot more common here for an establishment to go out of business seemingly overnight. Literally it will be open when you go one day and it's gone the next. No joke.
Pearson Vue testing exists in China, so I took copious notes on its location and contact info. I also went early to plan for inevitably getting lost. Fortunately after all the hype this particular experience wasn't too bad. Yes, I did go into the wrong building at first. I also had one unsuccessful phone call in Chinese but I made it on my second try.
There's nothing really great to mention here other than I passed. I was glad I did as I wanted to continue down the path towards this cert. Although my score was only in the mid-800s I felt this test went surprisingly better than my two other Cisco CCNA test experiences. I'd probably attribute that to the time I spent on labs. I finished this one with 5-10 minutes to spare which surprised me as I went down to the final minute for my CCNA exams.
Study Materials
I've already touched on this some, but I'll rewind a little and talk more about my study materials. There are tons of free resources on the CCNA and CCNP level routing and switch topics. However, I'm willing to pay a little for some organized content. I considered the official Cisco publications but ultimately decided to go with the Chris Bryant's CCNP ROUTE 300-101 Study Guide and CCNP SWITCH 300-115 Study Guide. I also picked up the ebook version of 101 Labs for the Cisco CCNP Exams by Tafa and Browning to use with my home lab.
I think Chris's book provided decent, consolidated foundational material. The books had more errors than are acceptable in a finished publication, but if you're following along they were usually easy to spot. His writing style wasn't really my favorite, but all things considered these weren't a huge issue for me, and it worked.
Please keep the above statement in perspective as I would not say all the topics covered in his books are sufficient to pass the exams alone. I had to supplement this with many google searches, reading of Cisco documentation online, and all of the great YouTube tutorials from the well known players like: CBT Nuggets, Keith Baker, and INE Training. And as anybody knows who's ever taken a Cisco exam, I had to supplement with lots of lab time.
I read each book cover to cover and highlighted important parts. I then went back through and typed notes on all that content. I divided my notes into separate Route and Switch topics. I further divided those into general concepts and commands. As a last step I added notes from the other resources as needed.
Hardware Issues
I glossed over this before but I mentioned after I moved to China I got my lab set up and running. If you recall I never had used this lab before that point. It was about this time that I realized I had an issue with one of my 1841 routers. The thing would work sometimes, but most of the time would reboot and then enter some recovery mode. I wasn't sure if this was related to the serial cards, the compact flash, RAM, or something else.
Simultaneously I was trying to build a basic baseline config for all the routers, switches, and terminal server. I had known good compact flash so I swapped that out between the devices, and the problem persisted on this one 1841 router. I read somewhere it could be RAM related. Keep in mind that as this was happening I was racing to pass SWITCH so I ordered replacement RAM on eBay. I also bought a third 1841 router for good measure. In hindsight I'm not sure why, as having another router for SWITCH practice wasn't necessary. I suppose I wanted to solve the problem and be done with it. Also shipping from the U.S. to Beijing usually takes 2-3 weeks and I wanted enough parts around to fix it one way or another.
Lucky me. When the RAM arrived it resolved the problem! You might be asking why I didn't buy the components locally as China is effectively the electronics-Mecca of the world. That is a great question. If only I spoke Mandarin. Otherwise you need some type of hookup to find a place and properly communicate, which I don't have.
Cisco 1841 router RAM replacement.
Tackling ROUTE and TSHOOT
This is the part where I was going to do another two blog posts and write about studying for ROUTE and TSHOOT. That never happened and as I mentioned in the beginning, too much time has passed for the specifics. Really, though, it was pretty much the same as for SWITCH. Lots of trying to remember all the various technologies and their workings plus lots of lab time.
Epilogue
Having earned the cert I'll soon be faced with the issue of renewal. So much work goes into earning the CCNA and then the CCNP that you don't want to "lose" the cert. However, professionally I'll have to consider the time required to renew and if it's worth it versus learning something else. It's been two years since I finished, and the skills/knowledge atrophy is a real thing: use it or lose. Since I review switch configs I'm still decent and can configure things after getting rid of some of that rust. I even wrote a PowerShell script to analyze Cisco access switch configs for poor security settings and bad practices. Routers are a different story and would likely take me a considerable amount of time to get back up to speed. Cisco previously had a policy where you could only renew by passing a CCNP level exam or higher. Now they allow renewal via continuing education credits (i.e., CPEs) from Cisco specific classes. That's smart on their part. That may be a more realistic option and I have a little more time to decide.