CCNA 200-301 Study Guide
Free, comprehensive guide to passing Cisco CCNA certification
Network Fundamentals - The Basics
Learning Objectives
- ●Understand the role of routers and switches in a network
- ●Know the OSI model and TCP/IP model layers
- ●Understand Layer 2 vs Layer 3 switching
- ●Know basic network topologies
- ●Understand network addressing basics
Video Resources
Key Concepts
OSI MODEL (7 Layers):
7. Application (HTTP, FTP, DNS, SSH)
6. Presentation (Encryption, Compression)
5. Session (Establish/maintain connections)
4. Transport (TCP, UDP - reliability vs speed)
3. Network (IP routing, routers)
2. Data Link (MAC addresses, switches)
1. Physical (Cables, electrical signals)
TCP/IP MODEL (4 Layers):
4. Application (same as OSI 7-5)
3. Transport (TCP, UDP)
2. Internet (IP, ICMP)
1. Link (Ethernet, MAC)
KEY DEVICES:
- Router: Layer 3 (forwards based on IP)
- Switch: Layer 2 (forwards based on MAC)
- Hub: Layer 1 (dumb repeater - don't use)Lab Exercise
GNS3 Setup — Download GNS3, create a simple 2-router topology with 2 switches, draw the topology on paper, and take a screenshot.
Practice Questions
- 01.Name all 7 OSI layers from bottom to top.
- 02.At what layer do routers operate?
- 03.What is the difference between a MAC address and an IP address?
- 04.Why are both Layer 2 and Layer 3 needed in a network?
- 05.Trace a packet from PC-A to PC-B on different networks through each OSI layer.
Real-World Connection
At URI, routers connect buildings and separate networks while switches connect computers within a single building. The data center requires both — switches for intra-rack communication and routers for inter-network routing.
IP Addressing & Subnetting Fundamentals
Learning Objectives
- ●Understand IPv4 addressing structure
- ●Master decimal-to-binary conversion
- ●Understand subnet masks and CIDR notation
- ●Calculate network and broadcast addresses
- ●Determine the number of usable host addresses
Video Resources
Key Concepts
IPv4 ADDRESSING:
- 4 octets: 192.168.1.5
- Range per octet: 0-255 (8 bits each)
- Total: 32 bits
SUBNET MASKS:
- /24 = 255.255.255.0 (hosts: 254 usable)
- /25 = 255.255.255.128 (hosts: 126 usable)
- /26 = 255.255.255.192 (hosts: 62 usable)
- /30 = 255.255.255.252 (hosts: 2 usable) - router-to-router
- /32 = single host
SUBNETTING FORMULA:
- Network address: first address
- Broadcast address: last address
- Usable hosts: 2^(32-prefix) - 2
- Example: /24 = 2^(32-24) - 2 = 2^8 - 2 = 254 hosts
BINARY CONVERSION:
128 | 64 | 32 | 16 | 8 | 4 | 2 | 1
(Memorize this row — it's everything)Lab Exercise
Assign IP addresses to the Week 1 topology. PC-A: 192.168.1.10/24, PC-B: 192.168.2.10/24, Router interface A: 192.168.1.1/24, Router interface B: 192.168.2.1/24.
Practice Questions
- 01.Convert 192.168.5.0/25 to binary — what is the broadcast address?
- 02.How many usable hosts are in a /28 subnet?
- 03.Create 4 equal subnets from 10.0.0.0/16.
- 04.What CIDR notation represents the subnet mask 255.255.240.0?
- 05.Subnet 172.16.0.0/12 into /24 networks — how many subnets do you get?
Real-World Connection
URI departments have different subnets for isolation and security. /24 is the most common subnet in enterprise networks. /30 subnets are used between routers to conserve addresses.
Network Access - VLANs & Switching
Learning Objectives
- ●Understand VLAN concepts and their benefits
- ●Configure VLANs on Cisco switches
- ●Understand trunk ports vs access ports
- ●Configure access ports for VLAN assignment
- ●Understand VLAN routing basics
- ●Understand Spanning Tree Protocol basics
Video Resources
Key Concepts
VLAN BASICS:
- Separates devices into logical groups
- VLAN 1: Default (don't use for production)
- VLANs 2-1005: Standard range
- VLANs 1006-4094: Extended range
VLAN CONFIGURATION (CLI):
conf t
vlan 10
name Engineering
vlan 20
name Sales
exit
int range fa0/1-5
switchport access vlan 10
switchport mode access
exit
TRUNK CONFIGURATION:
int fa0/24
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10,20,30
exit
SPANNING TREE:
- Prevents loops in redundant topologies
- Blocks ports to create a loop-free tree
- Reconverges automatically if a link fails
- Types: STP (802.1D), RSTP (802.1w), MSTP (802.1s)
PORT SECURITY:
- Limits MAC addresses per port
- sticky: learns MACs dynamically
- violation action: shutdown, restrict, protectLab Exercise
Create 3 switches connected via trunk links. Configure VLAN 10 (Engineering) and VLAN 20 (Sales). Assign PCs to VLANs. Test connectivity within the same VLAN and verify no cross-VLAN traffic. Configure port security on access ports.
Practice Questions
- 01.What is the default VLAN and why should you not use it for production?
- 02.What is the difference between an access port and a trunk port?
- 03.Why is Spanning Tree Protocol necessary?
- 04.Write the commands to allow only VLANs 10, 20, and 30 on a trunk port.
- 05.What happens if two switches are connected but the link is not configured as a trunk?
Real-World Connection
URI uses VLANs to logically separate faculty, student, and administrative networks — even on the same physical switch infrastructure. This provides security isolation and broadcast domain control.
Network Access - Wireless & Ethernet
Learning Objectives
- ●Understand wireless LAN standards (802.11 a/b/g/n/ac/ax)
- ●Know wireless security types (WEP, WPA, WPA2, WPA3)
- ●Understand SSIDs, channels, and frequency bands
- ●Know Ethernet cabling standards (Cat5e, Cat6, Cat6a)
- ●Understand Power over Ethernet (PoE)
- ●Know wireless access point concepts
Video Resources
Key Concepts
WIRELESS STANDARDS:
802.11a: 5GHz, 54 Mbps
802.11b: 2.4GHz, 11 Mbps
802.11g: 2.4GHz, 54 Mbps
802.11n: 2.4GHz & 5GHz, 600 Mbps (MIMO)
802.11ac: 5GHz only, 1.3 Gbps (WiFi 5)
802.11ax: 2.4GHz & 5GHz, 10+ Gbps (WiFi 6)
WIRELESS SECURITY:
WEP: BROKEN - do not use
WPA: Better, but outdated
WPA2: Current standard, strong security
WPA3: Newest, strongest
BANDS:
2.4GHz: Better range, more interference, 11 channels (1-11 US)
5GHz: Less range, less interference, 36+ channels
ETHERNET CABLING:
Cat5e: 100 Mbps
Cat6: 1 Gbps (most common)
Cat6a: 10 Gbps
PoE STANDARDS:
802.3at (PoE+): 30W
802.3bt: 60W+
Used for: APs, IP cameras, VoIP phonesLab Exercise
Document the wireless standards in use at URI. Identify access points (802.11ac or 802.11ax?). Document PoE-powered devices on the network. Inspect switch ports and identify which are PoE-enabled.
Practice Questions
- 01.What is the difference between 802.11ac and 802.11n?
- 02.Which 5GHz channels are non-overlapping?
- 03.Why is the 2.4GHz band more congested than 5GHz?
- 04.What is the maximum power delivery of 802.3at PoE+?
- 05.Why is WPA3 more secure than WPA2?
Real-World Connection
URI has both wired and wireless infrastructure. Network technicians regularly support WiFi connectivity issues, configure PoE-powered devices like IP phones and APs, and run structured cabling.
IP Connectivity - Routing Fundamentals
Learning Objectives
- ●Understand static vs dynamic routing
- ●Know routing protocol types (IGP vs EGP)
- ●Configure and understand default routes
- ●Understand how routers make forwarding decisions
- ●Read and interpret a routing table
- ●Configure basic OSPF
- ●Configure static routes via CLI
Video Resources
Key Concepts
ROUTING BASICS:
- Static: Manually configured routes
- Dynamic: Routes learned automatically via protocols
ROUTING PROTOCOLS:
IGP (Interior Gateway Protocol):
- RIP: Distance-vector (slow, max 15 hops)
- OSPF: Link-state (fast, scalable)
- EIGRP: Cisco proprietary (hybrid)
EGP (Exterior Gateway Protocol):
- BGP: Used between ISPs / autonomous systems
OSPF CONCEPTS:
- Link-state routing (knows full topology)
- Administrative distance: 110
- Uses Dijkstra's shortest path algorithm
- Metric: Cost (inversely proportional to bandwidth)
- Area 0 is the backbone area
ROUTING TABLE EXAMPLE:
O 10.0.0.0/24 [110/100] via 192.168.1.1, FastEthernet0/0
^ Protocol ^ AD/Cost ^ Next-hop ^ Interface
Static Route CLI:
ip route 10.0.0.0 255.255.255.0 192.168.1.1
OSPF Configuration:
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 10.0.0.0 0.0.0.255 area 0Lab Exercise
Create a 3-router topology. Configure static routes between all routers and test with ping. Then reconfigure using OSPF. Verify neighbor relationships with 'show ip ospf neighbor' and confirm routes with 'show ip route'.
Practice Questions
- 01.What is the difference between static and dynamic routing?
- 02.When would you prefer static routes over OSPF?
- 03.What is administrative distance and why does it matter?
- 04.Write the command to configure a default route pointing to 192.168.1.1.
- 05.What is OSPF Area 0 and why is it required?
Real-World Connection
Inter-building routing at URI uses OSPF for dynamic convergence. Default routes point to the Internet gateway. When troubleshooting connectivity at work, routing table analysis is often the first step.
IP Connectivity - Advanced Routing & EIGRP
Learning Objectives
- ●Understand EIGRP and how it differs from OSPF
- ●Know administrative distance values for all protocols
- ●Understand default vs static routes
- ●Understand routing convergence
- ●Configure EIGRP on Cisco routers
- ●Configure basic NAT and PAT
Video Resources
Key Concepts
EIGRP CONCEPTS:
- Cisco proprietary hybrid protocol
- Fast convergence (DUAL algorithm)
- Administrative distance: 90
ADMINISTRATIVE DISTANCE (AD):
Connected: 0
Static: 1
EIGRP: 90
OSPF: 110
RIP: 120
(Lower AD = more trusted route)
EIGRP CONFIGURATION:
router eigrp 100
network 192.168.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
no auto-summary
NAT TYPES:
- Inside local: private IP on inside network
- Inside global: public IP representing inside host
STATIC NAT:
ip nat inside source static 10.0.0.5 203.0.113.1
PAT (Port Address Translation):
ip nat inside source list 1 interface Fa0/0 overload
access-list 1 permit 10.0.0.0 0.0.0.255Lab Exercise
Build on Week 5 lab. Add a 4th router and configure EIGRP. Create a mixed OSPF/EIGRP topology. Configure default routes. Test routing. Check AD values with 'show ip protocols'. Perform a failover test by shutting a link.
Practice Questions
- 01.Which has lower administrative distance — OSPF or EIGRP?
- 02.When would you choose EIGRP over OSPF?
- 03.What is the key difference between distance-vector and link-state protocols?
- 04.Write the commands to configure NAT for a 10.0.0.0/24 inside network.
- 05.What is PAT and how does it differ from static NAT?
Real-World Connection
Large enterprise networks often run multiple routing protocols. NAT is standard for connecting private networks to the Internet. Convergence time matters for failover — a slow protocol means longer outages.
IP Connectivity - BGP Basics & Route Summarization
Learning Objectives
- ●Understand BGP concepts and when it is used
- ●Know what an Autonomous System (AS) is
- ●Understand route summarization and its benefits
- ●Know classful vs classless routing
- ●Configure route summarization in OSPF
Video Resources
Key Concepts
BGP BASICS:
- Exterior Gateway Protocol (runs between ASes)
- AS (Autonomous System): networks under single admin
- Uses AS path attribute to prevent routing loops
- Administrative Distance: 20 (external), 200 (internal)
ROUTE SUMMARIZATION:
- Combines multiple routes into a single summary route
- Reduces routing table size and CPU overhead
- Example: 10.0.0.0/24 through 10.0.3.0/24
Summarizes to: 10.0.0.0/22
CLASSFUL vs CLASSLESS:
Classful (OLD):
- Class A: 1-126 (255.0.0.0)
- Class B: 128-191 (255.255.0.0)
- Class C: 192-223 (255.255.255.0)
Classless CIDR (Current):
- Any prefix /1 to /32
- Efficient address utilization
OSPF ROUTE SUMMARIZATION:
router ospf 1
area 0 range 10.0.0.0 255.255.0.0Lab Exercise
Create a network with multiple subnets. Calculate the summary address manually. Configure OSPF with summarization enabled. Verify with 'show ip ospf database' and compare routing table size before and after summarization.
Practice Questions
- 01.What is an Autonomous System (AS)?
- 02.When would an organization use BGP?
- 03.What summary address covers 192.168.0.0/24 through 192.168.3.0/24?
- 04.What are the benefits of route summarization?
- 05.Explain the difference between CIDR and classful addressing.
Real-World Connection
ISPs use BGP to exchange routes globally. A company receives routes from its ISP via BGP. Large organizations use summarization to keep routing tables manageable and reduce convergence time.
IP Services - DHCP, DNS, NAT, SNMP, Syslog, NTP
Learning Objectives
- ●Understand DHCP and the DORA process
- ●Know DNS concepts and resolution
- ●Understand DHCP relay agents (ip helper-address)
- ●Know NTP purpose and stratum levels
- ●Understand SNMP basics and versions
- ●Know Syslog severity levels
- ●Configure DHCP on a Cisco router
- ●Understand IPv6 addressing basics
Video Resources
Key Concepts
DHCP PROCESS (DORA):
D - Discover: Client broadcasts to find DHCP server
O - Offer: Server responds with IP address offer
R - Request: Client requests the offered address
A - Acknowledge: Server confirms the assignment
DHCP CONFIGURATION:
ip dhcp pool EMPLOYEES
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 8.8.8.8
lease 7
exit
ip dhcp excluded-address 10.0.0.1 10.0.0.10
DHCP RELAY:
ip helper-address 10.0.1.5
NTP:
- Synchronizes clocks across the network
- Stratum 1: Directly connected reference clock
- Command: ntp server 132.163.96.1
SNMP:
- Monitors network device health and metrics
- Community string: password for SNMP access
- v3: Most secure (authentication + encryption)
IPv6 ADDRESSING:
- 128-bit address (vs IPv4 32-bit)
- Example: 2001:0db8::ff00:42:8329
- Link-local: fe80:: (automatic, not routable)
- Global unicast: 2000::/3Lab Exercise
Configure a DHCP server on a router. Exclude admin addresses. Set default router and DNS. Connect a client and verify with 'ipconfig /all'. Configure NTP synchronization. Configure Syslog to an external server. Configure SNMPv2 with community string.
Practice Questions
- 01.Explain the DORA process step by step.
- 02.What is a DHCP relay agent and when is it needed?
- 03.How does DNS resolution work from client to authoritative server?
- 04.Why is NTP important in a network environment?
- 05.What is the difference between SNMP v2 and v3?
- 06.What is the format of an IPv6 address?
- 07.What is the purpose of Syslog?
Real-World Connection
At URI, DHCP automatically assigns IPs to student and staff devices. DNS resolves portal hostnames to IPs. NTP ensures log timestamps across devices match — critical for incident analysis. SNMP monitors device health in the NOC.
Security - Access Control Lists & Device Security
Learning Objectives
- ●Understand ACL concepts and processing order
- ●Know the difference between numbered and named ACLs
- ●Configure standard ACLs (source IP only)
- ●Configure extended ACLs (IP, protocol, port)
- ●Understand ACL placement and direction (in/out)
- ●Configure SSH for secure device management
- ●Configure device password security
Video Resources
Key Concepts
ACL BASICS:
- Filters traffic based on defined criteria
- Processed top-to-bottom (first match wins)
- Implicit deny all at the end of every ACL
- Applied to interfaces in inbound or outbound direction
STANDARD ACL (source IP only):
access-list 10 permit 10.0.0.0 0.0.0.255
interface fa0/0
ip access-group 10 in
WILDCARD MASK:
Subnet: 255.255.255.0 -> Wildcard: 0.0.0.255
Subnet: 255.255.240.0 -> Wildcard: 0.0.15.255
EXTENDED ACL (IP, protocol, port):
access-list 101 permit tcp 10.0.0.0 0.0.0.255 any eq 80
COMMON PORTS:
SSH: 22
HTTP: 80
HTTPS: 443
DNS: 53
SNMP: 161
SSH CONFIGURATION:
hostname Router1
ip domain-name example.com
crypto key generate rsa 1024
username admin privilege 15 password cisco123
line vty 0 4
transport input ssh
login local
DEVICE PASSWORDS:
enable secret cisco456
service password-encryptionLab Exercise
Create a standard ACL to permit only the HR subnet. Apply it to an interface. Test with ping. Create an extended ACL to permit HTTP only from the admin subnet. Configure SSH access on vty lines. Remove Telnet access. Configure local user accounts.
Practice Questions
- 01.Explain the implicit deny at the end of every ACL.
- 02.Write a standard ACL to deny the 192.168.5.0/24 network.
- 03.Write an extended ACL to permit SSH from the 10.0.0.0/8 network.
- 04.What is the difference between a standard and an extended ACL?
- 05.Write all commands required to configure SSH on a Cisco router.
- 06.Why should Telnet never be used on production devices?
Real-World Connection
ACLs are the first line of defense on network devices. All production Cisco devices at URI ITS use SSH-only management — Telnet transmits credentials in plaintext. Port-based access control is standard practice.
Security - Switch Security & Port Security
Learning Objectives
- ●Configure port security on Cisco switches
- ●Understand MAC address limiting
- ●Know port security violation modes (shutdown, restrict, protect)
- ●Configure DHCP snooping
- ●Understand Dynamic ARP Inspection (DAI)
- ●Understand VTP modes and security implications
Video Resources
Key Concepts
PORT SECURITY CONFIGURATION:
int fa0/1
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address sticky
switchport port-security violation shutdown
VERIFICATION:
show port-security int fa0/1
show port-security address
DHCP SNOOPING:
ip dhcp snooping
int fa0/1
ip dhcp snooping trust
exit
int range fa0/2-24
no ip dhcp snooping trust
DYNAMIC ARP INSPECTION:
ip arp inspection vlan 10
int fa0/1
ip arp inspection trust
VTP MODES:
- Server: Creates and modifies VLANs
- Client: Receives VLAN info from server
- Transparent: Doesn't participate in VTP
- Off: No VTP at all (best practice)
ENCRYPTION vs HASHING:
MD5: 128-bit hash (weak, avoid)
SHA: Stronger hashing (160+ bits)
AES: Symmetric encryption (fast, strong)
RSA: Asymmetric encryption (used in SSH)Lab Exercise
Configure port security on an access port. Connect an authorized device and verify the MAC address is learned. Connect an unauthorized device and observe the port shutdown. Enable DHCP snooping. Test with a rogue DHCP server. Configure the uplink as a trusted port.
Practice Questions
- 01.Write the commands to configure port security for a maximum of 2 MACs with restrict violation.
- 02.What is the difference between sticky and statically configured MAC addresses?
- 03.What attack does DHCP snooping prevent?
- 04.Explain Dynamic ARP Inspection and what it protects against.
- 05.Why is VTP mode 'off' recommended as a best practice?
- 06.What is the difference between encryption and hashing?
Real-World Connection
Port security prevents unauthorized devices from connecting to the network. DHCP snooping is standard in enterprise environments to block rogue DHCP servers. ARP inspection prevents man-in-the-middle attacks on Layer 2.
Wireless & Network Management
Learning Objectives
- ●Understand wireless AP configuration
- ●Know SSID concepts and best practices
- ●Understand wireless channel planning and interference
- ●Know wireless security best practices
- ●Understand network management tools
- ●Know remote management security considerations
Video Resources
Key Concepts
WIRELESS CONFIGURATION:
- SSID: Network name (broadcast or hidden)
- Channel: 2.4GHz (1-11 US), 5GHz (36+)
- Security: WPA2/WPA3 recommended
- Authentication: PSK (personal) or 802.1X (enterprise)
WIRELESS BEST PRACTICES:
1. Use WPA2 or WPA3
2. Strong PSK (25+ characters)
3. Disable SSID broadcast (minor deterrent)
4. Change default admin credentials
5. Update firmware regularly
6. Disable WPS (known vulnerabilities)
7. Prefer 5GHz when possible
NON-OVERLAPPING CHANNELS:
2.4GHz: Channels 1, 6, 11 (US)
5GHz: 36, 40, 44, 48... (many options)
AP CONFIGURATION EXAMPLE:
SSID: CompanyNetwork
Channel: 6 (2.4GHz)
Security: WPA2 Personal
PSK: [Strong_Password_25+_Chars]Lab Exercise
Configure an AP SSID. Set WPA2 security. Select a non-overlapping channel. Adjust transmit power. Connect a wireless client and verify connectivity.
Practice Questions
- 01.Which 2.4GHz channels are non-overlapping in the US?
- 02.Write a wireless configuration using WPA2 with a strong passphrase.
- 03.Why does disabling SSID broadcast provide only minor security?
- 04.What management tools does Cisco offer for wireless infrastructure?
- 05.Explain how a VPN is used for secure remote access.
Real-World Connection
University WiFi requires careful channel planning to prevent co-channel interference between adjacent APs. Multiple APs must be coordinated. Guest networks need security isolation from internal resources.
Network Automation & Programmability
Learning Objectives
- ●Understand REST APIs and HTTP verbs (CRUD)
- ●Know JSON and XML data formats
- ●Understand network programmability concepts
- ●Know Cisco APIs (Meraki, DNA Center)
- ●Understand configuration management tools
- ●Understand YAML basics
- ●Understand Infrastructure-as-Code concepts
Video Resources
Key Concepts
REST API HTTP VERBS (CRUD):
GET: Retrieve data (Read)
POST: Create new resource
PUT: Update entire resource
DELETE: Remove resource
PATCH: Partial update
HTTP STATUS CODES:
200: OK - Success
201: Created
400: Bad Request
401: Unauthorized
404: Not Found
500: Internal Server Error
JSON FORMAT:
{
"device": {
"hostname": "router1",
"ip": "192.168.1.1",
"interfaces": [
{"name": "fa0/0", "status": "up"}
]
}
}
ANSIBLE PLAYBOOK (YAML):
---
- hosts: routers
tasks:
- name: Configure hostname
ios_command:
commands:
- "configure terminal"
- "hostname router1"
CISCO APIS:
- Meraki API: Cloud-based management
- DNA Center API: On-prem analytics/config
- NETCONF/YANG: Model-driven networkingLab Exercise
Explore the Cisco Meraki API documentation. Make a REST API call to retrieve device info using curl or Postman. Parse the JSON response. Review an Ansible playbook example for Cisco IOS. Review a DNA Center sandbox demo.
Practice Questions
- 01.What is the difference between GET and POST in a REST API?
- 02.Explain JSON structure with a practical network example.
- 03.What is a REST API and why do network engineers need to understand it?
- 04.Describe how Ansible could be used to configure 100 Cisco switches.
- 05.What does Infrastructure as Code mean in a network context?
- 06.Explain YAML syntax with a simple example.
Real-World Connection
Modern networks increasingly use APIs for automation. Python scripting and API knowledge are becoming expected skills. Infrastructure as Code reduces manual errors and enables version-controlled network configurations. Datacenters rely on IaC for reproducibility.
Network Troubleshooting & Diagnostics
Learning Objectives
- ●Apply a systematic network troubleshooting methodology
- ●Use diagnostic commands (ping, traceroute, show commands)
- ●Understand packet capture with Wireshark
- ●Work through common troubleshooting scenarios
- ●Understand performance monitoring tools
- ●Know QoS basics
Video Resources
Key Concepts
TROUBLESHOOTING BY OSI LAYER:
Layer 1 (Physical):
- Check cables and physical connections
- show int status
- show ip int brief
Layer 2 (Data Link):
- show mac-address-table
- show vlan
- show spanning-tree
Layer 3 (Network):
- show ip int brief
- show ip route
- ping / traceroute
- show access-lists
ESSENTIAL SHOW COMMANDS:
show ip interface brief # IP addresses + status
show interfaces # Detailed stats + errors
show ip route # Full routing table
show ip ospf neighbor # OSPF adjacencies
show ip protocols # Routing protocols running
show access-lists # Current ACL entries
show mac-address-table # Learned MAC addresses
show vlan # VLAN assignments
show spanning-tree # STP topology
PING OUTPUT INTERPRETATION:
Destination host unreachable: No route to host
Request timed out: ACL/firewall blocking, or host down
Reply from X.X.X.X: Successful
TRACEROUTE:
- Shows each hop on the path to destination
- ! = successful response from hop
- * = no response (timeout or filtered)
QoS CONCEPTS:
- Classification: Mark traffic (DSCP, CoS)
- Queuing: Priority ordering of traffic
- Policing: Drop traffic exceeding rate limit
- Shaping: Buffer and delay excess trafficLab Exercise
Create an intentional network problem by removing a route. Use ping to identify the failure. Use traceroute to find exactly where it fails. Fix the problem. Verify with show commands. Capture the fix in Wireshark to see the traffic flow restore.
Practice Questions
- 01.Describe the OSI-layer approach to troubleshooting a connectivity problem.
- 02.What does 'Request timed out' mean in a ping output?
- 03.How do you use traceroute to locate a network problem?
- 04.What are the key show commands for troubleshooting a routing issue?
- 05.What is a packet capture used for and when would you use it?
- 06.Explain QoS and why it matters for voice and video traffic.
Real-World Connection
Troubleshooting is a daily activity at URI ITS. Users call with connectivity issues and a systematic OSI-layer approach saves time. 'show ip route' and 'ping' resolve the majority of routing issues quickly.
Advanced Topics & Emerging Concepts
Learning Objectives
- ●Understand server and network virtualization
- ●Understand containerization and Docker basics
- ●Understand SDN (Software-Defined Networking)
- ●Know cloud networking concepts (VPC, subnets, security groups)
- ●Understand hybrid cloud architecture
- ●Know edge computing basics
Video Resources
Key Concepts
VIRTUALIZATION:
- Hypervisor: Software creating VMs (vSphere, Hyper-V)
- vSwitch: Virtual switch in software
- VLAN tagging works the same in virtual environments
- Live migration: Moving running VMs between hosts
CONTAINERS vs VMs:
- VMs: Full OS per instance (more isolated)
- Containers: Share OS kernel (lighter, faster)
- Docker: Container platform
- Kubernetes: Container orchestration at scale
SDN (Software-Defined Networking):
- Control plane: Separated from the data plane
- Controller: Central intelligence (Cisco APIC, OpenDaylight)
- OpenFlow: Protocol between controller and switches
- Benefits: Programmability, automation, flexibility
CLOUD NETWORKING:
- VPC: Virtual Private Cloud (isolated network)
- Subnets: Public (Internet-facing) / Private
- Security Groups: Stateful firewall rules
- NAT Gateway: Outbound Internet for private subnets
- VPN/Direct Connect: On-premises to cloud connectivity
ZERO TRUST:
- Never trust, always verify
- Micro-segmentation of networks
- Continuous authentication
- Assume breach mentality
EDGE COMPUTING:
- Processing closer to data source
- Reduces latency vs centralized cloud
- Examples: IoT devices, 5G edge, CDNsLab Exercise
Research your organization's virtualization setup. Understand how VLANs map to virtual switches. Review a cloud network diagram (AWS VPC or Azure VNet). Study an SDN controller architecture conceptually.
Practice Questions
- 01.Explain virtualization and why it is important for modern networks.
- 02.What is the difference between virtual machines and containers?
- 03.How does SDN differ from traditional networking?
- 04.Explain the Zero Trust security model.
- 05.How does cloud networking differ from on-premises networking?
Real-World Connection
URI likely uses server virtualization for infrastructure consolidation. Cloud connectivity handles SaaS applications. Security is increasingly moving to a Zero Trust model. Modern networks blend on-premises and cloud resources.
Practice Exams & Weak Area Review
Learning Objectives
- ●Assess overall exam readiness with a full-length practice exam
- ●Identify remaining knowledge gaps by topic
- ●Perform focused review of weak areas
- ●Verify hands-on CLI skills from memory
Video Resources
Key Concepts
SCORING GUIDE:
90%+: Ready to schedule the exam
80-89%: Ready, but review weak areas first
70-79%: More study needed (1-2 more weeks)
Below 70%: Return to fundamentals
EXAM FORMAT:
- Multiple choice (single and multiple answer)
- Drag-and-drop
- Simulations (hands-on IOS scenarios)
- Simlets (multi-step simulations)
- Fill-in-the-blank
- Total time: ~120 minutes
HIGHEST-VALUE TOPICS:
1. Subnetting (appears throughout the exam)
2. OSPF configuration and concepts
3. ACLs (standard and extended)
4. VLANs and trunking
5. Routing protocols and AD values
6. DHCP/DNS/NTP services
7. Switch security (port security)
8. Wireless standards and securityLab Exercise
Take a full-length timed practice exam (120 minutes). Score yourself honestly. Review every wrong answer and return to the relevant week's content. Take a second practice exam and compare scores. Target 80%+ before scheduling the real exam.
Practice Questions
- 01.Comprehensive review — target all weak areas from your practice exam results.
- 02.Subnetting speed drills — calculate /24, /25, /26, /27, /28, /30 from memory.
- 03.CLI command review — write all OSPF, ACL, VLAN, SSH, and DHCP commands from memory.
- 04.OSI model explanation — explain each layer with a real-world example.
- 05.Protocol comparison — OSPF vs EIGRP vs RIP: AD, type, metric, use case.
Real-World Connection
The exam is 120 minutes. Time management is critical — do not spend too long on any single question. Aim for 80%+ on practice exams consistently before scheduling the real exam.
Final Review & Exam Preparation
Learning Objectives
- ●Final knowledge verification across all topics
- ●Manage test anxiety with preparation strategies
- ●Confirm exam logistics (ID, location, time)
- ●Apply last-minute review tips
Video Resources
Key Concepts
LAST-MINUTE REVIEW CHECKLIST:
[ ] Subnetting: Can calculate any /prefix in under 2 minutes
[ ] OSI Model: Know all 7 layers and example protocols
[ ] OSPF config: Can write complete config from memory
[ ] ACL syntax: Standard (1-99) and extended (100-199)
[ ] VLAN/Trunk config: Complete commands from memory
[ ] EIGRP/OSPF AD: 90 vs 110 — EIGRP wins
[ ] DHCP DORA: All 4 steps named correctly
[ ] SSH config: All 6+ required commands
[ ] Routing table: Can read and interpret output
EXAM DAY:
- Sleep well the night before
- Eat a good breakfast
- Arrive 15 minutes early
- Bring valid government-issued ID
- Flag difficult questions and return later
- ~60 seconds per question on average
- Do not second-guess your first correct answer
QUICK REFERENCE:
AD: Connected=0, Static=1, EIGRP=90, OSPF=110, RIP=120
ACL Numbers: Standard=1-99, Extended=100-199
Ports: SSH=22, HTTP=80, HTTPS=443, DNS=53
Subnetting: usable hosts = 2^(32-prefix) - 2Lab Exercise
Take a final timed practice exam targeting 85%+. Create your personal one-page quick reference sheet. Review weak areas from Week 15 results. Confirm exam registration, testing center location, and required identification.
Practice Questions
- 01.Walk through every topic from Weeks 1-14 systematically.
- 02.Final subnetting speed drills — /24 through /30 in under 2 minutes each.
- 03.Write CLI commands from memory: OSPF, ACL, VLAN, DHCP, SSH configuration.
- 04.Interpret a routing table output — identify protocol, AD, metric, next-hop.
- 05.Calculate ACL wildcard masks for /24, /25, /28, /30 subnets.
Real-World Connection
You have prepared for 16 weeks. The CCNA certifies that you understand enterprise networking fundamentals — the same skills used daily at URI ITS. Trust your preparation, apply your methodology, and you will pass.