Independent exam blueprint for Cisco CCNA (200-301 v2.0) candidates preparing for exam code 200-301 v2.0.
How to Use This Exam Blueprint
This independent Exam Blueprint translates the Cisco CCNA (200-301 v2.0) exam scope into practical readiness tasks. Use it to find weak areas, guide final review, and decide whether you can solve networking problems without relying on memorized answers.
For each topic area, ask:
Can I explain the concept clearly?
Can I choose the right technology in a scenario?
Can I recognize correct Cisco IOS-style configuration and verification output?
Can I troubleshoot from symptoms, not just from commands?
Can I eliminate plausible wrong answers under time pressure?
Do not treat this as an exact scoring guide. Exact exam weights, policies, and delivery details should be checked with Cisco. This page is a study blueprint and readiness checklist for exam code 200-301 v2.0.
High-level readiness map
Readiness area
What you should be able to do
Ready when you can…
Network fundamentals
Explain core networking models, devices, media, addresses, and traffic behavior
Trace packet flow across hosts, switches, routers, and WAN/cloud boundaries
IPv4 and IPv6 addressing
Subnet, summarize, identify valid hosts, and interpret masks/prefixes
Solve subnetting and route-selection questions quickly without a calculator
Switching and Layer 2
Configure and verify VLANs, trunks, STP behavior, EtherChannel, and MAC learning
Predict where frames go and identify common switching faults
Wireless
Understand AP, WLC, SSID, RF, authentication, and roaming concepts
Choose a WLAN design or security option from a scenario
Explain redundancy, first-hop resilience concepts, link aggregation, failure domains, and single points of failure
Can you do this?
Explain what changes at each hop as a packet moves from one subnet to another.
Distinguish a MAC address lookup problem from an IP routing problem.
Identify whether a symptom points to Layer 1, Layer 2, Layer 3, DNS, or application failure.
Explain why a switch forwards, floods, filters, or drops a frame.
Describe how ARP supports IPv4 communication on a local network.
Describe the equivalent neighbor discovery role in IPv6 at a high level.
Recognize the difference between broadcast, multicast, unicast, and anycast concepts.
Explain why default gateways matter for inter-subnet communication.
Interpret common interface states and error counters.
Identify likely causes of latency, jitter, packet loss, and asymmetric routing.
Addressing, subnetting, and route math
Subnetting is a major readiness divider. You should not merely recognize subnet terms; you should be able to calculate networks, hosts, broadcast addresses, wildcard masks, and summaries quickly.
IPv4 subnetting readiness
Skill
Ready when you can…
CIDR notation
Convert between dotted-decimal masks and prefix length
Network address
Identify the subnet for any host/prefix pair
Broadcast address
Find the last address in a subnet
Valid host range
Determine usable host addresses quickly
Subnet count
Calculate how many subnets are created by borrowing bits
Host count
Calculate approximate usable host capacity per subnet
VLSM
Allocate different subnet sizes without overlap
Summarization
Combine contiguous networks into an appropriate summary route
Wildcard mask
Convert subnet masks into ACL or routing wildcard masks
Private addressing
Recognize RFC1918-style private IPv4 ranges and common design uses
APIPA/link-local behavior
Recognize symptoms when a host self-assigns a non-routable local address
Place it close to the destination in many classic scenarios
Extended IPv4 ACL
Filters by source, destination, protocol, and ports
Place it closer to the source when appropriate
Named ACL
Uses names rather than only numbers
Read and edit logically
IPv6 ACL concept
Filters IPv6 traffic with IPv6 syntax and behavior
Recognize IPv6-specific application
Implicit deny
Unmatched traffic is denied
Add needed permit statements deliberately
ACL direction
Inbound or outbound relative to the interface
Predict whether traffic is filtered
Wildcard masks
Match address ranges correctly
Avoid subnet-mask/wildcard confusion
Sequence logic
Top-down first match
Find shadowed or unreachable rules
Layer 2 security readiness
Control
What it helps prevent
Readiness cue
Port security
Unauthorized MAC access or excessive MACs
Access port security violation symptoms
DHCP snooping concept
Rogue DHCP servers
Trust uplinks, not untrusted edge ports
Dynamic ARP Inspection concept
ARP spoofing
Depends on trusted bindings or validation
BPDU Guard
Accidental switch connection on edge port
Edge port shuts when BPDU received
Storm control concept
Broadcast/multicast/unknown unicast impact
Protects against excessive traffic
Unused port shutdown
Reduces attack surface
Disable and place unused ports appropriately
Native VLAN hygiene
Reduces trunk misuse risk
Avoid user traffic on native VLAN
Wireless security
Protects WLAN access and encryption
Prefer enterprise-grade authentication for business scenarios
Security threat recognition
Identify phishing, malware, credential theft, brute force, and social engineering at a basic level.
Match spoofing and man-in-the-middle risks to appropriate controls.
Recognize why segmentation limits blast radius.
Explain how ACLs differ from stateful firewall inspection.
Understand the purpose of VPNs at a conceptual level.
Recognize why least privilege matters for administrators and users.
Distinguish confidentiality, integrity, and availability impacts.
Explain why logging without time synchronization can weaken investigations.
Automation and programmability readiness
The Cisco CCNA (200-301 v2.0) candidate should be comfortable with the operational language of modern networks: controllers, APIs, structured data, and repeatable configuration.
Concepts to review
Topic
What to know
Ready when you can…
Traditional networking
Device-by-device CLI model
Explain operational limitations at scale
Controller-based networking
Centralized policy/control concepts
Distinguish control plane, data plane, and management plane
Northbound APIs
Applications talk to controller
Identify client-to-controller automation flow
Southbound APIs
Controller communicates with network devices
Recognize controller-to-device role
REST APIs
HTTP methods and resource-oriented interaction
Match GET, POST, PUT/PATCH, DELETE to intent
JSON
Common structured data format
Read key-value pairs, arrays, and nested objects
YAML/XML concepts
Other structured data formats
Recognize syntax and use cases at a high level
Idempotency concept
Same automation run should not create unintended repeated changes
Explain why repeatability matters
Configuration management
Templates, variables, desired state
Identify benefits over manual changes
Telemetry
Model-driven or streaming operational data concepts
Explain why telemetry improves monitoring
Infrastructure as code concept
Network state described in files/workflows
Recognize audit and repeatability benefits
Data format recognition
You should be able to read small structured examples like this and identify keys, values, lists, and nesting:
Identify whether data is JSON, YAML, or XML from syntax.
Explain why APIs are useful for repeatable network operations.
Match REST methods to common actions.
Interpret an HTTP status success or failure at a basic level.
Distinguish intent-based policy from manual per-device commands.
Explain why automation can reduce configuration drift.
Recognize that automation errors can scale quickly without validation.
Understand why source control, review, and rollback plans matter.
Cisco IOS-style command recognition
You do not need to memorize every possible command variant, but you should recognize common verification and troubleshooting commands and know what problem each command helps isolate.
Verification command checklist
Task
Useful command family
Interface status summary
show ip interface brief, show ipv6 interface brief
Physical/interface errors
show interfaces
Switchport mode and VLAN
show interfaces switchport, show vlan brief
Trunk status
show interfaces trunk
MAC learning
show mac address-table
ARP resolution
show arp or similar ARP table output
Routing table
show ip route, show ipv6 route
OSPF neighbors
show ip ospf neighbor
OSPF interface/process
show ip ospf interface, show ip protocols
STP status
show spanning-tree
EtherChannel
show etherchannel summary
NAT translations
show ip nat translations, show ip nat statistics
DHCP bindings
show ip dhcp binding
ACL entries and matches
show access-lists
Neighbor discovery
show cdp neighbors, show lldp neighbors
Logs
show logging
Running configuration
show running-config
Connectivity
ping, traceroute
Configuration recognition examples
Use snippets like these as recognition practice. Focus on purpose, required pieces, and likely verification steps.
Readiness cue: trunk carrying selected VLANs; verify with trunk and VLAN output.
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
Readiness cue: router-on-a-stick subinterface for VLAN 20.
ip route 0.0.0.0 0.0.0.0 203.0.113.1
ipv6 route ::/0 2001:db8:1::1
Readiness cue: IPv4 and IPv6 default routes.
router ospf 1
network 192.168.10.0 0.0.0.255 area 0
passive-interface GigabitEthernet0/2
Readiness cue: OSPF enabled for matching interfaces, with one interface not forming neighbors.
access-list 10 permit 192.168.10.0 0.0.0.255
Readiness cue: standard ACL matching a source subnet using a wildcard mask.
access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq 443
access-list 101 deny ip any any
Readiness cue: extended ACL allowing HTTPS from a subnet, then explicitly denying other IP traffic.
interface GigabitEthernet0/0
ip nat inside
interface GigabitEthernet0/1
ip nat outside
access-list 1 permit 192.168.10.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/1 overload
Readiness cue: PAT for inside subnet traffic using an outside interface.
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.100.10
Readiness cue: SVI provides default gateway for VLAN 20 and relays DHCP to a server.
Troubleshooting decision checks
Fast isolation workflow
flowchart TD
A[User reports network failure] --> B{Link lights / interface up?}
B -- No --> L1[Check cable, speed, duplex, admin state, errors]
B -- Yes --> C{Valid IP, mask, gateway, DNS?}
C -- No --> IP[Check DHCP, static config, VLAN, relay]
C -- Yes --> D{Can reach local gateway?}
D -- No --> L2[Check VLAN, trunk, ARP, MAC table, port security]
D -- Yes --> E{Can reach remote IP?}
E -- No --> L3[Check routes, ACLs, NAT, return path]
E -- Yes --> F{Can reach by hostname?}
F -- No --> DNS[Check DNS server and name resolution]
F -- Yes --> APP[Check application, firewall, policy, server]
Review device hardening and secure management steps.
Review wireless authentication, WLC/AP roles, SSID-to-VLAN mapping, and RF symptoms.
Review controller-based networking, APIs, JSON, and automation benefits/risks.
Command and output review
For each common show command, state what problem it helps confirm or eliminate.
Practice interpreting partial outputs rather than full lab walkthroughs.
Identify whether an issue is Layer 1, Layer 2, Layer 3, service, security, or application-related.
Review configuration snippets for VLANs, trunks, SVIs, subinterfaces, static routes, OSPF, ACLs, NAT, DHCP relay, and SSH.
Practice explaining the expected verification command after a configuration change.
Exam-readiness checks
You can solve subnetting questions quickly and accurately.
You can read a small topology and predict traffic flow.
You can choose between similar troubleshooting commands.
You can explain why a wrong answer is wrong.
You can handle mixed scenarios involving VLANs, routing, ACLs, and NAT together.
You are not relying only on memorized definitions.
You have reviewed your missed practice questions by topic, not just by score.
You have a short list of last-minute weak areas and a plan to revisit them.
Practical next step
Use this checklist as a gap analysis. Mark every item as confident, uncertain, or weak. Then focus practice on the weak and uncertain areas with hands-on labs, command-output interpretation, subnetting drills, and scenario-based questions for Cisco CCNA (200-301 v2.0), exam code 200-301 v2.0.