6.7 Automation and Programmability — Comprehensive Review

Review Strategy

Automation is 10% of the CCNA 200-301 v1.1 exam — about 8 to 12 of roughly 100 questions in 120 minutes. It is the newest and most under-prepared domain, so a tight grasp here is easy marks. The questions are conceptual: compare, identify, and read, never code. This section consolidates the whole chapter.

Traditional vs. Controller-Based (SDN)

The controller talks UP to apps through northbound REST APIs and DOWN to devices through southbound protocols. Cisco's enterprise controller is DNA Center, now Catalyst Center, delivering intent-based networking — you declare intent, it configures the boxes.

Config Management Tools at a Glance

REST and JSON Quick Facts

• Verbs → CRUD: GET=Read, POST=Create, PUT/PATCH=Update, DELETE=Delete.
• Status classes: 2xx success, 3xx redirect, 4xx client error, 5xx server error. Know 200, 201, 401, 403, 404, 500.
• REST is stateless and returns JSON over HTTPS; tokens ride in every request.
• JSON: {} = object, [] = array, keys are quoted strings, arrays are zero-indexed, no comments allowed.

NETCONF vs. RESTCONF

Both are southbound management protocols built on YANG data models (YANG defines the structure of config and operational data), and both are favorites for tricky exam questions.

Mnemonic: NETCONF → Native XML over SSH (830); RESTCONF → REST/JSON over HTTPS (443).

AAA Protocols (appears alongside automation/security)

AI/ML One-Liners

• Predictive AI — forecasts a future event (failure, saturation) from historical data.
• Generative AI — creates new content (configs, docs) from a natural-language prompt.
• Machine learning — baselines normal behavior and flags anomalies; powers Cisco Catalyst Center Assurance.

High-Yield Traps to Avoid

1. Direction mix-up — northbound is apps↔controller (REST); southbound is controller↔devices (NETCONF/RESTCONF/OpenFlow).
2. NETCONF port — it is 830 over SSH, not 443; 443 is RESTCONF.
3. Agent question — Ansible and Terraform are agentless; Puppet and Chef need agents.
4. POST vs PUT — POST creates, PUT replaces; do not swap them.
5. 401 vs 403 — 401 = not authenticated, 403 = authenticated but forbidden.
6. JSON comments — JSON allows none; that distractor is always wrong.
7. DNA Center = Catalyst Center — same product, either name may appear.

On the Exam: Memorize the SDN layer/API map, the REST verb→CRUD table, the NETCONF (XML/SSH/830) vs RESTCONF (JSON-or-XML/HTTPS/443) split, the three AI/ML definitions, and the Ansible-vs-Terraform comparison. These five tables cover the vast majority of the 10% automation domain.

How the Pieces Fit Into One Workflow

It is worth stitching the chapter into a single mental picture, because the exam sometimes describes an end-to-end flow and asks you to name a component. Picture an engineer who wants to push a new security policy. They write the intent in a tool such as Ansible using a YAML playbook stored in Git. That playbook calls the controller's northbound REST API, sending an HTTP POST with a JSON body and a bearer token.

Catalyst Center — the intent-based controller — receives the request, translates the intent into device configuration, and pushes it down to the switches over a southbound protocol such as NETCONF (XML over SSH on 830) or RESTCONF (JSON over HTTPS on 443). Meanwhile the controller's AI/ML assurance engine watches the result against its learned baseline and flags any anomaly. Every term in this chapter has a slot in that one sentence.

Final Pre-Exam Checklist

Before test day, be able to answer these from memory without notes: Which API direction is REST and connects apps to the controller? (Northbound.) Which protocols are southbound? (NETCONF, RESTCONF, OpenFlow.) Which tool is agentless and YAML-based for device config? (Ansible.) Which is declarative with a state file for provisioning? (Terraform.) What do POST, GET, PUT, and DELETE map to? (Create, Read, Update, Delete.) What do 401 and 403 mean? (Not authenticated; authenticated but forbidden.) What encloses a JSON object versus an array?

(Curly braces versus square brackets.) Which AI type forecasts, which creates, and which detects anomalies? (Predictive, generative, machine learning.)

Time Strategy

Because automation is only about 10% of the blueprint and the questions are conceptual rather than calculation-heavy, treat them as quick points: read the verb in the stem, map it to the correct table, and move on. Do not over-think — there are no subnetting calculations or multi-step configurations hiding here, just recognition of definitions and directions. Banking these fast, confident answers leaves you more of your 120 minutes for the heavier IP connectivity and security domains that carry larger weight on the exam.