JT
JT Exams
Log inStart Free Trial
NetworkingCCNA

Network Automation and Programmability Explained for CCNA

Configuring a hundred switches one SSH session at a time does not scale. One typo in a change window can take down half the network. Network automation replaces manual CLI management with programmable, repeatable, version-controlled configuration. The CCNA automation domain is conceptual, not a coding exam: you need to understand the difference between traditional and software-defined networking, how REST APIs work and which HTTP method does what, what JSON looks like and how to read it, and what Ansible does without writing a playbook. This domain has a 10 percent weight and is entirely about understanding the concepts.

8 min
3 sections · 5 exam key points

Traditional networking vs software-defined networking

Traditional network devices each run their own control plane and data plane on the same hardware. The control plane makes decisions (routing tables, forwarding decisions) and the data plane executes them (actually moving packets). Each device operates independently, configured individually through a CLI. Consistency across hundreds of devices requires discipline, documentation, and luck.

Software-Defined Networking (SDN) separates the control plane from the data plane. A centralized controller holds the control plane logic and pushes forwarding rules down to devices through southbound APIs like OpenFlow or NETCONF. Devices become simpler forwarding elements. The result is centralized policy, consistent configuration, and the ability to change the entire network's behavior by modifying the controller rather than logging into every device.

Cisco DNA Center (now Catalyst Center) is Cisco's enterprise SDN platform. It provides intent-based networking: you describe what you want the network to do in business terms and the platform translates that into device configuration. It also provides network assurance, continuously verifying that the network is behaving as intended.

REST APIs and JSON

A REST API (Representational State Transfer) allows programs to interact with network devices and management platforms using standard HTTP methods. GET retrieves information without modifying anything. POST creates a new resource. PUT replaces an existing resource entirely. PATCH modifies specific fields of an existing resource. DELETE removes a resource. These five methods cover all operations a configuration management tool needs.

REST APIs typically exchange data in JSON format. JSON uses key-value pairs inside curly braces for objects and square brackets for ordered lists. String values use quotation marks. Numbers and booleans do not. Understanding JSON means being able to read a JSON object and identify what data it contains, even if you cannot write code to process it.

Ansible is the most commonly used agentless automation tool for network devices. It connects via SSH or REST APIs without installing any software on the managed devices. Playbooks define the desired configuration in YAML format. The inventory file lists the devices to configure. Ansible applies the playbook and reports whether each task succeeded, failed, or was unchanged.

How to choose the correct answer

SDN vs traditional: centralized control plane = SDN. Each device manages its own control plane = traditional.

REST method selection: retrieve data = GET. Create new object = POST. Replace entire config = PUT. Modify one field = PATCH. Remove = DELETE.

Southbound vs northbound APIs: southbound = controller to network devices (OpenFlow, NETCONF). Northbound = controller to applications and orchestration tools.

Ansible characteristics: agentless (no software on devices), SSH-based, YAML playbooks, idempotent (running the same playbook twice produces the same result).

YANG is the data modeling language used with NETCONF and RESTCONF. It defines the structure of configuration and state data in a machine-readable format.

REST API HTTP methods

MethodActionUse case
GETRetrieveRead device config or operational state
POSTCreateAdd a new interface, policy, or device
PUTReplaceFull configuration replacement
PATCHPartial updateModify a single field or attribute
DELETERemoveDelete a policy, device, or config object

Key exam facts — CCNA

  • SDN: centralized controller manages control plane. Devices handle data plane only.
  • Southbound APIs (OpenFlow, NETCONF): controller to device. Northbound: controller to applications.
  • REST: GET = read. POST = create. PUT = replace. PATCH = partial update. DELETE = remove.
  • JSON: key-value pairs in {}, arrays in [], strings in quotes, numbers unquoted.
  • Ansible: agentless, SSH-based, YAML playbooks, no software installed on network devices.

Common exam traps

REST APIs only support GET because they are read-only interfaces.

REST APIs support full CRUD operations: GET (read), POST (create), PUT/PATCH (update), and DELETE (remove). Read-only access would severely limit their usefulness for configuration management.

Ansible requires a client agent installed on each managed network device.

Ansible is agentless. It connects to devices using existing interfaces like SSH or REST APIs. No additional software is installed on managed devices. This is one of Ansible's key advantages for network automation.

In SDN, each switch still makes its own independent routing and forwarding decisions.

In SDN, the control plane is centralized in the controller. Switches (data plane elements) forward packets according to rules pushed by the controller. Without the controller's direction, SDN-only switches would not know how to make forwarding decisions.

Practice this topic

CCNApractice questions

Test yourself on Network Automation

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime

Related certification topics

OSPF

CCNA

VLANs & Trunking

CCNANetwork+

NTP, SNMP & Syslog

CCNA

OSI & TCP/IP Models

CCNANetwork+