REST APIs · JSON/YANG · Python · Ansible · SD-WAN · DNA Center · Configuration Management
Study with Practice Tests →The final CCNA domain covers modern network automation. Though weighted at ~10% of the exam, this area is rapidly growing in real-world importance as networks shift toward programmable, controller-driven architectures.
| # | Domain | Weight |
|---|---|---|
| 1 | Network Fundamentals | 20% |
| 2 | Network Access | 20% |
| 3 | IP Connectivity | 25% |
| 4 | IP Services | 10% |
| 5 | Security Fundamentals | 15% |
| 6 | Automation & Programmability | 10% |
Representational State Transfer over HTTP(S). Uses HTTP methods (GET, POST, PUT, PATCH, DELETE) to interact with network devices and controllers. Returns data in JSON or XML. Stateless: each request is self-contained.
JSON is the dominant data format for REST APIs — human-readable key-value pairs. YANG (RFC 6020) is a data modeling language that defines the schema for network config data. Used with NETCONF (SSH+XML) and RESTCONF (HTTP+JSON/XML).
Python is the go-to language for network automation scripts. netmiko provides SSH connectivity to Cisco/Juniper/Arista devices. NAPALM abstracts vendor differences. The requests library handles REST API calls.
Agentless configuration management tool. Uses YAML playbooks pushed over SSH or API. Idempotent: safe to run multiple times. Key advantage over Puppet/Chef for networking: no agent software needed on devices.
Software-Defined WAN separates the control plane from the data plane. Cisco SD-WAN (formerly Viptela) uses vManage (GUI), vSmart (control), vBond (orchestration), and vEdge/cEdge (data plane). Enables application-aware routing.
Cisco's Intent-Based Networking (IBN) platform. Defines WHAT the network should do; DNA Center figures out HOW. Provides automation, AI/ML assurance, and SD-Access fabric management. Uses northbound REST APIs for integrations.
Understanding programmability concepts, REST API fundamentals, and modern data formats is essential for the automation domain.
REST (Representational State Transfer) is an architectural style for APIs that uses HTTP(S). It is stateless — each request contains all information needed; no session state is stored on the server. Data is typically exchanged in JSON or XML format.
| HTTP Method | CRUD Operation | Description | Example Use |
|---|---|---|---|
GET | Read | Retrieve resource data, no modification | Get interface status |
POST | Create | Create a new resource | Add a new VLAN |
PUT | Update/Replace | Replace entire resource | Replace full interface config |
PATCH | Partial Update | Update specific fields only | Change IP address only |
DELETE | Delete | Remove a resource | Delete a static route |
| Code | Meaning | Category |
|---|---|---|
| 200 | OK — Request succeeded | 2xx Success |
| 201 | Created — Resource created successfully | 2xx Success |
| 204 | No Content — Success, no body returned | 2xx Success |
| 400 | Bad Request — Malformed request syntax | 4xx Client Error |
| 401 | Unauthorized — Authentication required | 4xx Client Error |
| 403 | Forbidden — Authenticated but not authorized | 4xx Client Error |
| 404 | Not Found — Resource doesn't exist | 4xx Client Error |
| 500 | Internal Server Error — Server-side failure | 5xx Server Error |
Authorization: Bearer TOKENContent-Type: application/json — body format you're sendingAccept: application/json — format you want to receiveAuthorization: Bearer TOKEN — auth credentialKey-value pairs, arrays, and nested objects. Human-readable. Most common format in REST APIs. Default for DNA Center and most modern network APIs.
{"hostname": "R1", "interfaces": ["Gi0/0", "Gi0/1"]}
Tag-based, more verbose than JSON. Used in NETCONF. Supports attributes and namespaces. More complex to read but widely supported.
<hostname>R1</hostname>
Data modeling language (RFC 6020). Defines the structure, data types, and constraints for network config data — like a schema or blueprint. Works with NETCONF and RESTCONF. YANG = schema; NETCONF/RESTCONF = transport carrying actual data.
| Feature | REST API | NETCONF | RESTCONF |
|---|---|---|---|
| Transport | HTTP/HTTPS | SSH (port 830) | HTTP/HTTPS |
| Data Format | JSON / XML | XML only | JSON or XML |
| Data Model | Varies | YANG | YANG |
| Operations | GET/POST/PUT/DELETE | get-config, edit-config, commit | GET/POST/PUT/DELETE |
| Transactions | No | Yes (candidate config + commit) | Partial (no commit) |
| Cisco Support | DNA Center NBI | IOS-XE, IOS-XR, NX-OS | IOS-XE 16.6+ |
edit-config and get-config operations over SSH. It supports a candidate configuration that is only applied to running config after a commit operation — making it transactional and safer than direct running-config changes.Python libraries and tools like Ansible provide the building blocks for scalable, consistent network automation across multivendor environments.
ConnectHandler() — establish SSH connectionsend_command() — run show commands, capture outputsend_config_set() — push config linesNetwork Automation and Programmability Abstraction Layer with Multivendor support
get_facts() — hostname, OS version, uptimeget_interfaces() — interface detailsload_merge_candidate() — stage config changesrequests.get(url, headers=h, auth=(u,p))requests.post(url, json=data, headers=h)response.json() — parse JSON responseresponse.status_code — check HTTP statusios_config, ios_command)ios_command — run show commands on IOS devicesios_config — push config lines to IOS devicesnxos_config — config management for NX-OScli_command — vendor-agnostic CLI commandscli_config — vendor-agnostic config pushhosts: — target devices from inventorygather_facts: — collect device info (often no for network)tasks: — list of steps to execute- name: — human-readable task descriptionios_config: / lines: — config to applyansible-playbook playbook.yml -i inventory| Feature | Ansible | Puppet | Chef |
|---|---|---|---|
| Agent Required | No (agentless) | Yes (Puppet agent) | Yes (Chef agent) |
| Model | Push (control node → devices) | Pull (agent pulls from master) | Pull (agent pulls from server) |
| Language | YAML | Ruby DSL (Puppet DSL) | Ruby (recipes/cookbooks) |
| Master Required | No (control node only) | Yes (Puppet Master) | Yes (Chef Server) |
| Network Device Support | Excellent (purpose-built modules) | Limited (designed for servers) | Limited (designed for servers) |
| Complexity | Low — easy to start | Medium-High | Medium-High |
| CCNA Key Fact | Agentless + YAML + Push | Agent + Ruby + Pull | Agent + Ruby + Pull |
Every config change is tracked, reviewable, and reversible. Full audit trail of who changed what and when. Rollback to any previous state instantly.
Identical config deployed to 500 switches in minutes instead of days. Eliminates typos and variance from manual CLI input across devices.
Network configs treated like application code — tested, reviewed, stored in Git repos, and deployed through CI/CD pipelines. Enables automated compliance checking.
Software-Defined WAN and Cisco's DNA Center represent the practical application of SDN principles to enterprise WAN and campus networks.
SD-WAN's control plane protocol. Runs between vSmart and vEdge/cEdge over DTLS/TLS tunnels. Distributes routes, policies, and crypto keys. Similar in function to BGP within the SD-WAN fabric.
Routes traffic based on application type and real-time path quality metrics (loss, latency, jitter). Business-critical apps (VoIP, video) can be routed over best-performing path automatically.
New vEdge devices connect to vBond automatically on boot. No manual configuration needed at branch sites. Dramatically simplifies large-scale deployments.
Works across MPLS, internet broadband, 4G/LTE, satellite. SD-WAN abstracts transport type — policies apply uniformly regardless of underlying WAN technology.
Cisco's network management and automation platform for campus and branch networks. Available as SaaS or on-premises appliance. Provides Intent-Based Networking (IBN), network automation, AI/ML assurance, and SD-Access fabric management.
Administrator defines INTENT (business policy: "Finance VLAN should never reach HR VLAN"). DNA Center translates intent into actual device configurations automatically across the entire network.
AI/ML analytics engine that monitors network health in real time. Predicts issues before users are impacted. Provides guided remediation and root cause analysis. Tracks KPIs for applications, clients, and infrastructure.
Campus fabric architecture using VXLAN + LISP. Replaces traditional VLANs with scalable Virtual Networks (VNs) and policy-based segmentation. Users get access based on identity, not port location.
| Layer | Components | APIs Used | Function |
|---|---|---|---|
| Application Layer | Business apps, automation scripts, REST clients | Northbound API (NBI) | Define what the network should do |
| Control Layer | SDN Controller (DNA Center, OpenDaylight) | NBI (up) + SBI (down) | Translate intent into device instructions |
| Infrastructure Layer | Physical/virtual switches and routers | Southbound API (SBI) | Forward data plane traffic |
Between the SDN controller and applications/scripts. Uses REST APIs with JSON. Allows automation scripts, monitoring apps, and business applications to consume network data and trigger changes.
Between the SDN controller and network devices. Protocols: NETCONF, RESTCONF, OpenFlow, SNMP, SSH. The controller uses SBI to push configurations and collect telemetry from physical/virtual devices.
10 exam-style questions covering REST APIs, data formats, Ansible, SD-WAN, and DNA Center. Select your answers and check your score.
Six visual memory anchors to lock in the key automation and programmability concepts for the CCNA exam.
send_command(), send_config_set(). NAPALM: abstracts vendor differences, get_facts(). requests: HTTP calls to REST APIs, requests.get(url, headers=h).Click any flashcard to reveal the answer. Use the Study Advisor below to explore specific topic areas.
Click a card to flip it · Click again to flip back
hosts: (which devices), gather_facts:, tasks: (list of steps). Each task: - name: (description), module name (e.g., ios_config:), module args (lines:, parents:). Run with: ansible-playbook playbook.yml -i inventory.<get-config>: retrieve config from candidate/running/startup.<edit-config>: modify config (merge, replace, create, delete).<commit>: apply candidate config to running.<lock>/<unlock>: prevent concurrent changes.Select a topic area to get focused study guidance.