CCIE Enterprise Infrastructure (EI) v1.1: Blueprint Breakdown and Study Plan

CCIE Enterprise Infrastructure (EI) v1.1 Blueprint: A Comprehensive Guide

CCIE Enterprise Infrastructure (EI) v1.1 Blueprint: A Comprehensive Guide

I am often asked by my students to provide a breakdown of the entire CCIE Enterprise Infrastructure (EI) v1.1 Blueprint from my point of view and the importance of various sections and topics contained within. In this blog, I have shared my thoughts on the Blueprint with a focus on highlighting the most important topics as well as the time one should devote to each section.

Section 1 - Network Infrastructure

This section serves as a core foundation for the exam, encompassing traditional Networking Technologies previously covered in the CCIE R/S exam. It establishes the fundamental network structure crucial for the remaining 70% of the test.

Engineers should devote a minimum of 100 hours to lab work in this section.

Key topics that one should pay attention to are:

    Switched Campus

  • Trunking
  • Port-Channels (EtherChannel)
  • STP (Rapid-PVST & MST)
  • Routing Protocols

  • EIGRP (Classic & Named Mode)
  • OSPFv2 (Network / Area Types)
  • OSPFv3 (Network / Area Types)
  • BGP (iBGP/eBGP, Attributes, Routing Policies)
  • Multicast Routing (PIM Sparse Mode)

Section 2 - Software-Defined Infrastructure

This is the most important section of the CCIE EI exam, both from a learning point of view as well as its importance for current and future workplace usage. This section covers contemporary technologies utilized in present-day deployments. With an ever-increasing emphasis on this section, Cisco is clearly signaling that technologies covered in this section will form the base of its near-mid term network architectures. I strongly recommend engineers should make a concentrated effort to thoroughly grasp these technologies as they also enhance your career prospects.

Allocate a minimum of 120 hours to comprehend the technologies covered in this section including their practical applications.

Focus intently on these pivotal topics:

    Cisco Software Defined Access (SDA)

  • Underlay Configuration (Manual/LAN Automation)
  • Fabric Configuration (Standard Campus / Fabric in a Box)
  • Fabric Deployment (Host Onboarding/Adding devices to a Fabric)
  • Fabric Border Handoff (IP Transits/SDA Transit/L2 Handoff)
  • Segmentation (Macro & Micro Segmentation)
  • Cisco Software Defined WAN (SD-WAN)

  • Controller Functionality (vManage, vBond, vSmart)
  • WAN Edge Deployment
  • Transport Configuration (Underlay/Tunnel Interfaces/TLOC Extension)
  • OMP (Attributes/Redistribution)
  • Configuration Templates (CLI/Feature Templates)
  • Centralized Policies (DIA/AAR/Control Policies)
  • Localized Policies (Access-Lists/Route Policies)

Section 3 - Transport Technologies & Solutions

This is a relatively straight-forward section encompassing two key technologies: MPLS VPNs & DMVPN. One should concentrate on configuring MPLS VPNs using BGP as the PE-CE routing protocol. For DMVPN, engineers should focus on configuring DMVPN Phase III, while also understanding the distinctions among the three phases.

40 hours for in-depth understanding and practical exercises should suffice.

Essential topics for this section are:


  • Unicast Routing using LDP
  • MP-BGP - VPNv4 / VPNv6 [6PE]
  • PE-CE Routing using BGP

  • Configuring DMVPN [Single Hub/Multi-Hub]
  • NHRP Redirection
  • Encrypting DMVPN using IPSec using IKEv1 & IKEv2

Section 4 - Infrastructure Security & Services

This section provides coverage of several services applicable to IOS-based Routers. While the topics are numerous and it may come across as being overwhelming at first glance, the coverage and understanding needed to ace this section is not overly extensive.

Engineers should allocate 80 hours for a comprehensive grasp of the topics and practical exercises in this section.

The key topics requiring extra attention are:

    Network Services

  • DHCP Server on an IOS-Device
  • NTP
  • NAT on an IOS-Device (Dynamic NAT/PAT, Static NAT/PAT, VRF-aware NAT)
  • Tracking Objects & IP SLA
  • QoS (Bandwidth Reservation, Priority Queuing, Policing, Shaping)
  • System Management (Telnet, SSH, SNMP)
  • Logging
  • Network Security - Switches

  • Storm Control
  • DHCP Snooping
  • IP Source Guard
  • Dynamic ARP Inspection (DAI)
  • Port Security
  • Network Security - Routers

  • ACLs (IPv4/IPv6)
  • uRPF
  • IPv6 Security Features

  • RA Guard
  • DHCP Guard
  • Source Guard

Section 5 - Infrastructure Automation & Programmability

This section delves into Automation & Programmability concepts and configurations. Engineers should familiarize themselves with various Data Encoding Formats and their attributes as well as configuring EEM applets and devices using the Guest Shell. Focusing on Python, the primary scripting language, is key.

At least 40 hours will be needed to gain a solid grasp of the key concepts and practical experience in this area.

Focus on the following topics in this section:

    Data Encoding Methods - Characteristics (JSON, XML, YAML, Jinja)

    Automation & Scripting - EEM Applets, Guest Shell & Python


Preparing for the CCIE EI exam is a two-step process:

  1. Achieving proficiency in individual topics
  2. Practicing on Full-Scale labs to gain experience and know-how in how to integrate and co-deploy these technologies effectively.

Taking this two-step approach is going to drastically enhance your chances of passing the CCIE EI exam.

I would spend around 360 hours on individual technologies & at least 40-60 hours on the Full Scale Labs (what I call Super Labs on my platform).

Best of Luck and Happy Learning!