200-301 v2.0 — Cisco CCNA Quick Review

Independent Quick Review for Cisco CCNA (200-301 v2.0): subnetting, switching, routing, services, security, automation, common traps, and practice focus.

Cisco CCNA Quick Review for 200-301 v2.0

This independent Quick Review is for candidates preparing for the Cisco CCNA (200-301 v2.0) exam, code 200-301 v2.0. Use it to refresh high-yield concepts before moving into topic drills, mock exams, and detailed explanations.

The goal is not to replace hands-on lab work. The goal is to help you quickly reconnect facts, decision rules, and troubleshooting logic so your original practice questions expose gaps instead of becoming your first review pass.

How to Use This Quick Review

  1. Skim the decision rules first. CCNA questions often test what you would choose next, not just definitions.
  2. Do subnetting and route-selection practice daily. These are fast to lose and high-impact across multiple topics.
  3. Review command outputs, not only configuration syntax. Many questions ask you to interpret show output.
  4. Practice wrong-answer recognition. Cisco distractors often use correct terms in the wrong layer, wrong direction, or wrong order.
  5. After this review, use topic drills. Focus especially on subnetting, VLAN/trunking, STP, OSPF, ACLs, NAT, wireless, security fundamentals, and automation concepts.

High-Yield Exam Map

AreaYou should be able to doCommon traps
Network fundamentalsExplain OSI/TCP-IP models, cabling, interface states, IPv4/IPv6, subnetting, endpoint communicationConfusing MAC vs IP roles; forgetting ARP/NDP; treating default gateway as optional
SwitchingConfigure/interpret VLANs, trunks, access ports, STP, EtherChannel, CDP/LLDPNative VLAN mismatch; wrong trunk encapsulation assumptions; STP root confusion
RoutingSelect best route, configure static/default routes, understand OSPF basicsIgnoring longest-prefix match; mixing AD and metric; missing passive interfaces
IP servicesDHCP, DNS, NAT/PAT, NTP, syslog, SNMP, QoS conceptsApplying NAT ACL backward; forgetting DHCP relay; confusing SNMP traps and polling
SecurityACLs, device hardening, SSH, AAA concepts, Layer 2 protections, wireless securityACL direction errors; implicit deny; weak port-security assumptions
WirelessAP/WLC roles, SSIDs, channels, authentication, roaming conceptsConfusing autonomous APs with controller-based WLANs; mixing WPA modes
AutomationAPIs, JSON, controllers, SDN, NETCONF/RESTCONF, AI/ML concepts in operationsMemorizing buzzwords without knowing data flow or use case

Core Networking Models

OSI and TCP/IP Fast Mapping

OSI layerCommon examplesCCNA review focus
7 ApplicationHTTP, DNS, DHCP, SNMP, SSHService purpose, port numbers, client/server behavior
6 PresentationEncoding, encryption, compressionUsually conceptual
5 SessionSession establishment/managementUsually conceptual
4 TransportTCP, UDP, portsReliability, sequencing, retransmission, connectionless delivery
3 NetworkIPv4, IPv6, ICMP, routingAddressing, subnetting, routing decisions
2 Data LinkEthernet, MAC, VLANs, STPSwitching, frames, trunks, Layer 2 loop prevention
1 PhysicalCopper, fiber, RFCables, speeds, duplex, signal issues

TCP vs UDP

FeatureTCPUDP
Connection setupUses handshakeNo handshake
ReliabilityAcknowledgments, retransmission, sequencingBest-effort
OverheadHigherLower
Typical usesHTTP/HTTPS, SSH, FTP, SMTPDNS queries, DHCP, VoIP/RTP, streaming
Exam trap“Reliable” does not mean faster“Connectionless” does not mean unusable or insecure by itself

Common Ports to Know

ProtocolPort/transportPurpose
FTP data/controlTCP 20/21File transfer
SSHTCP 22Secure CLI access
TelnetTCP 23Insecure CLI access
SMTPTCP 25Mail transfer
DNSUDP/TCP 53Name resolution
DHCP server/clientUDP 67/68Address assignment
HTTPTCP 80Web
POP3TCP 110Mail retrieval
NTPUDP 123Time sync
SNMPUDP 161/162Monitoring/traps
HTTPSTCP 443Secure web
SyslogUDP 514Logging

Ethernet, Frames, and Switching

What a Switch Does

A Layer 2 switch:

  • Learns source MAC addresses and associates them with ingress ports.
  • Forwards known unicast frames out the matching port.
  • Floods unknown unicast, broadcast, and many multicast frames within the VLAN.
  • Maintains a separate MAC address table per VLAN.

Frame Forwarding Decision

Frame typeSwitch behavior
Known unicastForward only out the learned destination port
Unknown unicastFlood within the VLAN except ingress port
BroadcastFlood within the VLAN except ingress port
MulticastFlood or constrain depending on multicast features

MAC Address Table Traps

  • A switch learns from the source MAC address, not the destination.
  • MAC learning is per VLAN.
  • If a MAC moves ports, the table updates.
  • Clearing the MAC table may temporarily increase flooding.
  • A switch does not need an IP address to switch frames; management IP is for administration.

IPv4 Subnetting Review

Must-Know Private IPv4 Ranges

RangeDefault classful rangeCommon CIDR
10.0.0.0 to 10.255.255.255Class A private10.0.0.0/8
172.16.0.0 to 172.31.255.255Class B private172.16.0.0/12
192.168.0.0 to 192.168.255.255Class C private192.168.0.0/16

Subnetting Formulas

Usable IPv4 host count for most subnets:

\[ 2^{h} - 2 \]

Where \(h\) is the number of host bits.

Number of equal-size subnets created by borrowing bits:

\[ 2^{b} \]

Where \(b\) is the number of borrowed bits.

Remember: point-to-point /31 and host /32 routes have special uses, but many basic host-count questions still expect the traditional usable-host formula.

CIDR Quick Review

PrefixMaskBlock size in interesting octetUsable hosts
/24255.255.255.01254
/25255.255.255.128128126
/26255.255.255.1926462
/27255.255.255.2243230
/28255.255.255.2401614
/29255.255.255.24886
/30255.255.255.25242
/31255.255.255.2542Special point-to-point use
/32255.255.255.2551Single host route

Fast Subnetting Method

For an address such as 192.168.10.77/27:

  1. Convert /27 to mask: 255.255.255.224.
  2. Interesting octet is the fourth octet.
  3. Block size: 256 - 224 = 32.
  4. Subnets: .0, .32, .64, .96, …
  5. 77 falls in .64 to .95.
  6. Network: 192.168.10.64.
  7. Broadcast: 192.168.10.95.
  8. Usable range: 192.168.10.65 to 192.168.10.94.

Subnetting Mistakes to Eliminate

MistakeFix
Treating the first usable IP as the network addressNetwork address has all host bits set to 0
Treating broadcast as usableBroadcast has all host bits set to 1
Calculating block size from the wrong octetFind the octet where the mask is not 255 or 0
Forgetting longest-prefix matchA /28 route beats a /24 route for matching traffic
Confusing host bits and borrowed bitsHost bits determine host count; borrowed bits determine subnet count

IPv6 Review

IPv6 Essentials

ConceptReview point
Address size128 bits
NotationHexadecimal, colon-separated
CompressionOne contiguous run of zero groups can become ::
BroadcastNo IPv6 broadcast; multicast and anycast are used
Neighbor discoveryUses ICMPv6 Neighbor Discovery instead of ARP
Common LAN prefixOften /64 for host subnets
Link-localFE80::/10; required for many local functions
Global unicastPublicly routable IPv6 addressing
Unique localFC00::/7, commonly FD00::/8 style local addressing
MulticastFF00::/8

IPv6 Address Compression Rules

Full formValid compressed formNotes
2001:0DB8:0000:0000:0000:0000:0000:00012001:DB8::1Leading zeros removed; one zero run compressed
FE80:0000:0000:0000:0202:B3FF:FE1E:8329FE80::202:B3FF:FE1E:8329Link-local example
2001:DB8:0:1:0:0:0:102001:DB8:0:1::10Only one :: allowed

IPv6 Traps

  • :: can appear only once in an IPv6 address.
  • Leading zeros inside a hextet can be removed; internal zeros cannot be randomly removed.
  • Link-local addresses are not routed beyond the local link.
  • IPv6 does not use ARP.
  • SLAAC, DHCPv6, and static configuration are different address assignment methods.

VLANs and Trunking

VLAN Decision Rules

RequirementLikely configuration
One endpoint in one VLANAccess port
Carry multiple VLANs between switchesTrunk port
Carry VLANs between switch and router subinterfaceTrunk to router-on-a-stick
Isolate Layer 2 broadcast domainsSeparate VLANs
Allow inter-VLAN communicationLayer 3 routing is required

Access vs Trunk

FeatureAccess portTrunk port
CarriesOne data VLAN, optionally a voice VLANMultiple VLANs
TaggingUsually untagged for data VLAN802.1Q tagging
Endpoint usePCs, printers, many serversSwitches, routers, APs, firewalls
Native VLANNot normally relevant to endpointSent untagged by default on 802.1Q trunks

High-Yield Commands

TaskCommon Cisco IOS command
Create VLANvlan 10
Name VLANname SALES
Assign access VLANswitchport mode access and switchport access vlan 10
Configure trunkswitchport mode trunk
Limit trunk VLANsswitchport trunk allowed vlan 10,20,30
Configure native VLANswitchport trunk native vlan 99
Verify VLANsshow vlan brief
Verify trunksshow interfaces trunk

VLAN/Trunk Traps

  • VLANs must exist in the VLAN database for normal use.
  • A trunk can be up while a needed VLAN is missing from the allowed list.
  • Native VLAN mismatch can create confusing connectivity and security issues.
  • Inter-VLAN routing does not happen automatically on a Layer 2 switch.
  • A host’s default gateway should be in the same subnet/VLAN as the host.

Spanning Tree Protocol Review

Why STP Exists

STP prevents Layer 2 loops. Without loop prevention, redundant switch links can cause:

  • Broadcast storms
  • MAC address table instability
  • Duplicate frame delivery
  • Severe network outage

STP Roles and States

ItemMeaning
Root bridgeCentral reference point for STP topology
Root portBest path from a non-root switch toward the root bridge
Designated portForwarding port for a segment
Alternate/blocking portBackup path that does not forward user traffic
ForwardingSends and receives user traffic
Blocking/discardingPrevents loops

Root Bridge Election

STP chooses the lowest bridge ID. Bridge ID includes priority and MAC address.

Decision order:

  1. Lowest bridge priority.
  2. If tied, lowest MAC address.

Path Selection Toward Root

A switch chooses the best path using, in general:

  1. Lowest root path cost.
  2. Lowest sender bridge ID.
  3. Lowest sender port ID.
  4. Lowest local port ID.

STP Traps

  • The root bridge should usually be intentionally controlled, not left to the lowest MAC address.
  • Lower priority is better.
  • Blocking is normal in a redundant Layer 2 topology.
  • STP is per VLAN in common Cisco environments, so different VLANs may have different forwarding paths.
  • PortFast is for edge/access ports, not switch-to-switch links.

EtherChannel Review

EtherChannel Purpose

EtherChannel bundles multiple physical links into one logical link to provide:

  • Higher aggregate bandwidth
  • Redundancy
  • STP simplification, because STP sees one logical link

Modes

Protocol/modeBehavior
LACP activeActively negotiates
LACP passiveWaits for negotiation
PAgP desirableActively negotiates Cisco PAgP
PAgP autoWaits for negotiation
OnForces channel without negotiation

EtherChannel Compatibility

Member links should match important settings:

  • Speed
  • Duplex
  • Access/trunk mode
  • Native VLAN
  • Allowed VLANs
  • STP-related consistency
  • Layer 2 vs Layer 3 mode

Common Working Pairings

Side ASide BResult
LACP activeLACP activeForms
LACP activeLACP passiveForms
LACP passiveLACP passiveDoes not form
PAgP desirablePAgP desirableForms
PAgP desirablePAgP autoForms
PAgP autoPAgP autoDoes not form
OnOnForms, but no negotiation

Routing Fundamentals

How Routers Forward Packets

A router:

  1. Receives a frame on an interface.
  2. Removes the Layer 2 header/trailer.
  3. Examines the destination IP address.
  4. Finds the best matching route.
  5. Decrements TTL/hop limit.
  6. Rewrites Layer 2 encapsulation for the outgoing interface.
  7. Forwards the packet.

Route Selection Order

When multiple routes exist, remember:

  1. Longest prefix match wins first.
  2. If prefix length ties, use administrative distance.
  3. If administrative distance ties, use the routing protocol’s metric.
  4. If equal-cost routes exist, load balancing may occur.

Administrative Distance Quick Reference

Route sourceTypical AD
Connected0
Static1
EIGRP summary5
External BGP20
Internal EIGRP90
OSPF110
RIP120
External EIGRP170
Unknown/untrusted255, not installed

For the Cisco CCNA (200-301 v2.0), the most important practical comparison is usually connected vs static vs dynamic routes such as OSPF.

Static and Default Routes

Route typeExample intentCommon syntax pattern
Static network routeReach one remote subnetip route destination mask next-hop-or-exit-interface
Default routeSend unmatched traffic upstreamip route 0.0.0.0 0.0.0.0 next-hop
Floating static routeBackup route with higher ADip route ... administrative-distance

Static Route Traps

  • A default route is used only when no more specific route matches.
  • A floating static route must have a higher AD than the primary route.
  • Recursive next-hop lookup must still resolve to a reachable exit path.
  • A route may be configured but not installed if the next hop is unreachable.
  • On Ethernet, specifying only an exit interface can create ARP-related inefficiency in some designs.

OSPF Quick Review

OSPF Concepts

ConceptMeaning
Link-state protocolRouters exchange topology information and calculate best paths
AreaLogical grouping; single-area OSPF is common in CCNA practice
Router ID32-bit identifier, formatted like IPv4
Neighbor adjacencyRelationship formed with compatible OSPF routers
CostMetric based on interface bandwidth/reference bandwidth
DR/BDRDesignated routers used on multiaccess networks
Passive interfaceAdvertises network but does not form neighbor adjacencies

OSPF Neighbor Requirements

OSPF neighbors generally need compatible:

  • Area ID
  • Subnet
  • Hello/dead timers
  • Authentication settings, if used
  • Stub area settings, if used
  • MTU compatibility in many real troubleshooting cases

OSPF Router ID Selection

Typical selection order:

  1. Manually configured router ID.
  2. Highest IPv4 address on an up loopback interface.
  3. Highest IPv4 address on an up non-loopback interface.

Changing the router ID may require restarting the OSPF process or adjacency for the new value to take effect.

OSPF Verification

NeedCommand
See neighborsshow ip ospf neighbor
See OSPF interfacesshow ip ospf interface brief
See OSPF routesshow ip route ospf
See OSPF process detailsshow ip ospf
See route tableshow ip route

OSPF Traps

  • network statements enable OSPF on matching interfaces; they do not simply “advertise a network” in isolation.
  • Wildcard masks are inverse masks, not subnet masks.
  • Passive interfaces do not form neighbors.
  • OSPF cost is not the same as administrative distance.
  • If no neighbor forms, check Layer 1/2, addressing, area, timers, passive settings, and authentication.

Inter-VLAN Routing

Three Common Patterns

MethodDescriptionReview point
Router-on-a-stickRouter subinterfaces on a trunkEach subinterface maps to VLAN and gateway IP
Layer 3 switch SVIsSwitch virtual interfaces route between VLANsRequires Layer 3 capability and routing enabled
Physical router interfacesOne router interface per VLANSimple but inefficient at scale

Router-on-a-Stick Essentials

Each VLAN subinterface typically needs:

  • Encapsulation with VLAN ID
  • IP address in that VLAN subnet
  • Trunk link to switch
  • Host default gateway pointing to subinterface IP

Common trap: configuring host VLANs correctly but forgetting the switch-to-router trunk.

ACLs

ACL Logic

Access control lists evaluate traffic:

  1. Top to bottom.
  2. First match wins.
  3. If no statement matches, implicit deny applies.

Standard vs Extended ACLs

ACL typeMatches onPlacement rule of thumb
Standard IPv4 ACLSource IP onlyPlace near destination
Extended IPv4 ACLSource, destination, protocol, portsPlace near source

Wildcard Masks

Wildcard masks are inverse masks:

Subnet maskWildcard mask
255.255.255.2550.0.0.0
255.255.255.00.0.0.255
255.255.255.1280.0.0.127
255.255.255.1920.0.0.63
255.255.0.00.0.255.255

ACL Direction

DirectionMeaning
InboundChecked as packets enter the interface
OutboundChecked as packets leave the interface

ACL Traps

  • Forgetting the implicit deny any.
  • Applying the ACL in the wrong direction.
  • Applying the ACL to the wrong interface.
  • Blocking return traffic unintentionally.
  • Using a standard ACL when protocol/port matching is required.
  • Using subnet masks instead of wildcard masks.
  • Placing a broad deny before a specific permit.

NAT and PAT

NAT Types

TypeMeaningCommon use
Static NATOne inside local maps to one inside globalPublish a specific internal host
Dynamic NATPool of public addresses maps internal hostsLess common than PAT in small networks
PAT/overloadMany inside hosts share one/few public IPs using portsInternet access for many clients

NAT Terms

TermMeaning
Inside localPrivate/internal address before translation
Inside globalPublic/translated address representing internal host
Outside globalAddress of external host as globally routed
Outside localHow external host appears to inside network, if translated

NAT/PAT Troubleshooting Checklist

  1. Is the inside interface marked ip nat inside?
  2. Is the outside interface marked ip nat outside?
  3. Does the ACL match the internal source addresses to translate?
  4. Is the NAT rule correct?
  5. Is routing correct in both directions?
  6. Does the return path know how to reach the translated address?
  7. Are translations being created? Check show ip nat translations.

NAT Traps

  • NAT does not replace routing; both must work.
  • NAT ACLs usually match the inside local source addresses.
  • Direction matters: inside and outside interfaces must be correct.
  • PAT uses transport-layer port numbers to multiplex many sessions.
  • Static NAT is not the same as port forwarding, though related configurations can publish internal services.

DHCP, DNS, NTP, Syslog, and SNMP

IP Services Summary

ServicePurposeCommon exam angle
DHCPDynamically assigns IP settingsPools, exclusions, default gateway, DNS, relay
DNSResolves names to addressesClient/server lookup behavior
NTPSynchronizes timeAccurate logs, certificates, troubleshooting
SyslogSends/stores log messagesSeverity levels and central logging
SNMPNetwork monitoring/managementPolling, traps, community/credentials concepts
TFTP/FTP/SCPFile transferIOS images, configs, backups
SSHSecure managementPreferred over Telnet

DHCP Process

A basic IPv4 DHCP exchange is often remembered as DORA:

StepMessageDirection
1DiscoverClient broadcasts
2OfferServer offers settings
3RequestClient requests offered address
4AcknowledgeServer confirms lease

DHCP Relay

If the DHCP server is not in the client VLAN, the router or Layer 3 interface needs relay behavior, commonly configured with ip helper-address.

Common trap: DHCP broadcasts do not cross routers by default.

Syslog Severity

SeverityName
0Emergency
1Alert
2Critical
3Error
4Warning
5Notification
6Informational
7Debugging

Lower number means more severe.

Device Management and Hardening

Secure Management Basics

GoalBetter choice
Remote CLISSH instead of Telnet
Local accountUsername with secret
Privileged mode protectionenable secret
Password storageAvoid plain-text where possible
Unused portsShut down or restrict
Management accessLimit with ACLs and secure protocols
Time accuracyNTP
Audit trailSyslog and AAA where appropriate

Management Plane Traps

  • An SVI needs the VLAN to exist and have an active Layer 2 port in that VLAN to come up in many switch scenarios.
  • A default gateway is needed on a Layer 2 switch for management traffic outside the local subnet.
  • Telnet is insecure because it sends traffic in clear text.
  • SSH requires appropriate hostname/domain/key/user configuration depending on platform and configuration style.

Layer 2 Security

Port Security

Port security can restrict MAC addresses on an access port.

FeatureReview point
Static secure MACManually configured
Dynamic secure MACLearned until aging/reload depending on config
Sticky MACDynamically learned and added to running config
Violation modesProtect, restrict, shutdown

Violation Modes

ModeDrops violating trafficLogs/counts violationErr-disables port
ProtectYesNo or limitedNo
RestrictYesYesNo
ShutdownYesYesYes

DHCP Snooping and Dynamic ARP Inspection

FeatureProtects againstKey idea
DHCP snoopingRogue DHCP serversTrust uplinks/server-facing ports; untrust access ports
Dynamic ARP InspectionARP spoofing/poisoningUses trusted bindings, often from DHCP snooping
IP Source GuardIP/MAC spoofingUses binding information to filter

Layer 2 Security Traps

  • Do not trust user-facing access ports for DHCP snooping.
  • DAI depends on accurate binding information.
  • Port security is usually applied to access ports, not trunks.
  • Shutdown violation mode may require manual recovery or errdisable recovery.
  • Security features can break connectivity if trust boundaries are wrong.

Wireless Review

Wireless Architecture

ComponentRole
APProvides wireless client access
WLCCentrally manages lightweight APs and WLAN policy
SSIDWireless network name
BSSIDMAC address associated with a radio/AP for a WLAN
WLANLogical wireless network configuration
CAPWAPCommon AP-to-controller control/data tunneling concept

Wireless Bands and Channels

BandGeneral traits
2.4 GHzLonger range, fewer non-overlapping channels, more interference
5 GHzMore channels, less crowded, shorter range than 2.4 GHz in many environments
6 GHzMore spectrum in supported environments and devices

Wireless Security Concepts

TermReview point
WPA2/WPA3Wireless security standards
PSKShared passphrase model
Enterprise authenticationUses centralized authentication, commonly 802.1X/EAP concepts
Open networkNo encryption/authentication by default
Guest WLANUsually isolated and controlled

Wireless Traps

  • SSID is not the same as BSSID.
  • A WLC manages AP policy; it is not simply a wireless router.
  • Channel overlap and interference can cause poor performance even when signal is visible.
  • Strong authentication and encryption are different from simply hiding an SSID.
  • Roaming requires compatible WLAN configuration across AP coverage areas.

QoS Fundamentals

Why QoS Matters

QoS prioritizes or manages traffic when congestion occurs. It cannot create bandwidth that does not exist, but it can decide which traffic is delayed, dropped, shaped, or prioritized.

QoS Terms

TermMeaning
ClassificationIdentify traffic type
MarkingSet a QoS value such as DSCP or CoS
QueuingDecide order of transmission during congestion
PolicingEnforce rate by dropping or remarking excess traffic
ShapingBuffer and delay traffic to smooth rate
Trust boundaryPoint where markings are accepted or reset

QoS Traps

  • QoS is most visible during congestion.
  • Marking alone does not prioritize traffic unless devices act on the marking.
  • Policing can drop traffic; shaping delays traffic.
  • Voice and video are sensitive to delay, jitter, and loss.

Security Fundamentals

Authentication, Authorization, Accounting

AAA functionMeaning
AuthenticationWho are you?
AuthorizationWhat are you allowed to do?
AccountingWhat did you do?

Common Security Concepts

ConceptReview point
Least privilegeGive only required access
Defense in depthMultiple layers of protection
VPNEncrypted tunnel across untrusted networks
Site-to-site VPNConnects networks
Remote-access VPNConnects individual users
FirewallEnforces security policy between zones/networks
IPSDetects and may block malicious activity
Endpoint securityProtects hosts, not just the network

ACL vs Firewall

FeatureACLFirewall
State awarenessOften stateless in basic router ACLsOften stateful
Policy depthBasic matchingDeeper application/session controls
Typical CCNA focusPermit/deny logic, placement, directionConceptual role and traffic control

Automation, Controllers, APIs, and Data Formats

Traditional vs Controller-Based Networking

Traditional modelController-based model
Device-by-device configurationCentralized intent/policy/control
Manual CLI focusAPIs, templates, automation
Distributed managementController provides visibility and orchestration
Human-driven changesProgrammatic workflows possible

SDN Concepts

PlaneRole
Data planeForwards user traffic
Control planeMakes forwarding decisions
Management planeConfiguration, monitoring, administration

In software-defined or controller-based designs, control and management functions may be more centralized, while devices still forward traffic in the data plane.

APIs and Data Encoding

ConceptReview point
REST APIUses HTTP-style operations to interact with resources
GETRetrieve information
POSTCreate or submit data
PUT/PATCHReplace or modify data depending on API design
DELETERemove a resource
JSONCommon structured data format
Key-value pairBasic JSON structure
NETCONFNetwork configuration protocol often associated with YANG models
RESTCONFREST-like access to YANG-modeled data
YANGData modeling language

JSON Example Recognition

Key features:

  • Objects use braces.
  • Arrays use brackets.
  • Strings use quotes.
  • Data is commonly represented as key-value pairs.

Example shape:

{"interface":"GigabitEthernet0/1","status":"up","vlan":10}

AI/ML in Network Operations

For CCNA-level review, focus on practical concepts:

ConceptNetwork operations use
AnalyticsIdentify trends, anomalies, and capacity patterns
Machine learningDetect patterns from data rather than fixed manual rules only
AI-assisted operationsHelp with troubleshooting, recommendations, and event correlation
TelemetryContinuous structured data collection from devices
Intent-based networkingTranslate business/network intent into automated policy and validation

Automation Traps

  • Automation does not remove the need to understand routing, switching, and security fundamentals.
  • JSON is a data format, not a transport protocol.
  • An API is an interface for software interaction, not automatically a complete automation system.
  • Controllers centralize management and policy, but devices still forward traffic.
  • AI/ML outputs should be validated; they support operations rather than magically replacing design and troubleshooting.

Troubleshooting Workflow

Use a layered, evidence-driven approach instead of changing random settings.

    flowchart TD
	    A[Problem reported] --> B[Define scope]
	    B --> C{One user or many?}
	    C -->|One user| D[Check host IP, mask, gateway, DNS, cable/Wi-Fi]
	    C -->|Many users| E[Check VLAN, trunk, gateway, routing, services]
	    D --> F{Can ping gateway?}
	    E --> F
	    F -->|No| G[Focus on Layer 1/2, VLAN, local subnet]
	    F -->|Yes| H{Can reach remote IP?}
	    H -->|No| I[Check routing, ACLs, NAT, upstream path]
	    H -->|Yes| J{Can reach by name?}
	    J -->|No| K[Check DNS]
	    J -->|Yes| L[Check application/server policy]

Troubleshooting Commands to Recognize

NeedCommand
Interface summaryshow ip interface brief
Interface detailsshow interfaces
Switchport mode/VLANshow interfaces switchport
VLAN listshow vlan brief
Trunksshow interfaces trunk
MAC tableshow mac address-table
ARP tableshow ip arp
Routing tableshow ip route
CDP neighborsshow cdp neighbors
LLDP neighborsshow lldp neighbors
OSPF neighborsshow ip ospf neighbor
NAT translationsshow ip nat translations
ACLsshow access-lists
Running configshow running-config

Common Question Patterns and How to Answer Them

“Host Cannot Reach Remote Network”

Check in this order:

  1. Host IP address, subnet mask, default gateway.
  2. VLAN assignment and access port status.
  3. Trunk status and allowed VLANs.
  4. Default gateway interface/SVI/subinterface status.
  5. Routing table on Layer 3 devices.
  6. ACLs in both directions.
  7. NAT if crossing to outside networks.
  8. DNS only if IP connectivity works but names fail.

“Two Switches Connected but VLAN Traffic Fails”

Likely causes:

  • Link is access instead of trunk.
  • VLAN missing from allowed trunk list.
  • VLAN not created.
  • Native VLAN mismatch.
  • STP blocking expected forwarding path.
  • EtherChannel inconsistency.
  • Wrong access VLAN on endpoint-facing port.

“OSPF Neighbor Does Not Form”

Check:

  • Interfaces up/up.
  • Same subnet.
  • Same area.
  • Matching timers.
  • Not passive.
  • Correct wildcard/network command or interface OSPF activation.
  • Authentication compatibility if configured.
  • MTU or network type issues if symptoms suggest adjacency stuck.

“ACL Does Not Work as Expected”

Check:

  • Correct ACL type.
  • Correct source/destination addresses.
  • Correct wildcard masks.
  • Correct protocol and port.
  • Correct statement order.
  • Correct interface.
  • Correct direction.
  • Implicit deny.
  • Return traffic requirements.

“NAT Is Configured but Internet Access Fails”

Check:

  • Inside/outside interface markings.
  • NAT ACL matches inside local addresses.
  • Overload keyword for PAT when needed.
  • Default route toward ISP/upstream.
  • Return route from upstream.
  • ACL/firewall filtering.
  • Translation table.

Fast Decision Rules

If you see…Think…
Same VLAN, same subnet, no gateway neededSwitching/ARP problem likely
Different subnetDefault gateway and routing required
Can ping IP but not hostnameDNS problem likely
Can ping gateway but not remoteRouting, ACL, NAT, or upstream issue
Trunk up but one VLAN failsAllowed VLAN, VLAN existence, STP, or native mismatch
OSPF route missingNeighbor, network statement, passive interface, or route filtering/design issue
Static backup route active too earlyAdministrative distance too low
ACL permits still failEarlier deny or wrong direction/interface
DHCP fails across routerMissing relay/helper or server reachability
SSH fails but ping worksVTY, credentials, domain/key, ACL, or transport input issue

Candidate Mistakes That Cost Easy Points

  • Not reading whether the question asks for source or destination.
  • Ignoring whether traffic is entering or leaving an interface.
  • Choosing a route by AD before checking longest prefix.
  • Treating VLANs as if they route automatically.
  • Forgetting the default gateway on hosts or Layer 2 switch management.
  • Using subnet masks where wildcard masks are required.
  • Confusing show vlan brief with show interfaces trunk.
  • Assuming an interface is working without checking up/up.
  • Forgetting that STP blocking can be correct behavior.
  • Memorizing automation terms without knowing which are protocols, data models, formats, or controllers.

Last-Minute Review Checklist

Before you start full mock exams, make sure you can do these without notes:

Subnetting

  • Find network, broadcast, and usable range.
  • Calculate usable hosts.
  • Identify overlapping subnets.
  • Choose the smallest subnet that fits a host requirement.
  • Compare prefixes for longest-prefix match.

Switching

  • Identify access vs trunk port needs.
  • Interpret VLAN and trunk outputs.
  • Explain native VLAN behavior.
  • Predict basic STP root/port roles.
  • Recognize EtherChannel mode compatibility.

Routing

  • Read a routing table.
  • Choose best route using prefix, AD, and metric.
  • Configure/recognize static and default routes.
  • Explain OSPF neighbor basics.
  • Troubleshoot missing routes.

Services and Security

  • Apply ACL direction and placement logic.
  • Recognize NAT inside/outside and PAT overload behavior.
  • Explain DHCP relay.
  • Know why NTP, syslog, and SNMP matter.
  • Distinguish SSH from Telnet.
  • Recognize Layer 2 security features and trust boundaries.

Wireless and Automation

  • Distinguish AP, WLC, SSID, BSSID, and WLAN.
  • Know basic wireless security modes.
  • Explain controller-based networking.
  • Recognize JSON structure.
  • Match REST methods to basic CRUD-style operations.
  • Understand telemetry, analytics, and AI/ML at a network-operations level.

Practice Plan After This Review

Use this Quick Review as a launch point for IT Mastery practice:

  1. Start with topic drills for subnetting, VLANs/trunks, routing tables, OSPF, ACLs, and NAT.
  2. Review every missed item with detailed explanations, especially when your error was direction, order, or layer confusion.
  3. Move to mixed original practice questions once individual topics are stable.
  4. Use full mock exams to build timing, endurance, and question-reading discipline.
  5. Revisit this page after each mock exam and mark the sections where mistakes repeat.

Practical next step: begin with a focused question bank session on your weakest two topics, then review the detailed explanations until you can explain why each wrong answer is wrong.

Continue in IT Mastery

Use this Quick Review as a final concept map, then move into IT Mastery for focused topic drills, mixed practice sets, timed mock exams, and detailed explanations. The practice questions are original IT Mastery practice items; they are not official Cisco questions, copied live-exam content, or exam dumps.