How to Use This Quick Reference
This independent Quick Reference is for candidates preparing for the real CompTIA Network+ V10 (N10-010) exam. Use it to quickly reinforce high-yield facts, troubleshooting logic, and decision points.
Focus your final review on:
- Layering: which device, protocol, address, or failure belongs at which layer.
- Subnetting: CIDR, masks, host counts, broadcast/network IDs, and default gateways.
- Ports and protocols: default ports, secure alternatives, and TCP/UDP distinctions.
- Infrastructure decisions: switching, routing, wireless, WAN, cloud, segmentation, and high availability.
- Security controls: AAA, 802.1X, firewalls, VPNs, certificates, ACLs, and common attacks.
- Troubleshooting: symptoms, tools, commands, packet flow, and likely root causes.
OSI, TCP/IP, Devices, and Encapsulation
OSI Layer Reference
| OSI layer | PDU / unit | Common examples | Devices / controls | Exam traps |
|---|
| 7 Application | Data | HTTP, DNS, SMTP, SMB, SNMP, DHCP | Proxies, WAF, application gateways | “Application layer” means network application protocol, not necessarily end-user software. |
| 6 Presentation | Data | TLS/SSL, encryption, compression, encoding | TLS inspection, certificate validation | TLS is often discussed with HTTPS but maps conceptually to presentation/session functions. |
| 5 Session | Data | Session setup/teardown, RPC, NetBIOS session | Session-aware firewalls | Do not confuse session layer with TCP sessions at Layer 4. |
| 4 Transport | Segment/datagram | TCP, UDP, ports, reliability, flow control | L4 firewall, load balancer, NAT/PAT | TCP is connection-oriented; UDP is connectionless but not automatically “bad.” |
| 3 Network | Packet | IPv4, IPv6, ICMP, routing, IPsec | Routers, L3 switches, ACLs | Routers forward by IP; switches forward by MAC unless operating at L3. |
| 2 Data link | Frame | Ethernet, Wi-Fi MAC, VLAN tags, ARP, STP | Switches, bridges, NICs, WAP bridging | VLANs are Layer 2 segmentation; they commonly pair with Layer 3 subnets. |
| 1 Physical | Bits/signals | Copper, fiber, RF, connectors, pinouts | Cables, transceivers, repeaters, hubs | Link light does not guarantee correct IP, VLAN, DNS, or routing. |
Addressing by Layer
| Address / identifier | Layer | Scope | Used for | Common command clue |
|---|
| MAC address | 2 | Local broadcast domain | Ethernet/Wi-Fi frame delivery | arp -a, switch MAC table |
| IPv4 / IPv6 address | 3 | Routed network | End-to-end packet delivery | ipconfig, ip addr, ping |
| TCP/UDP port | 4 | Host process | Application/service identification | netstat, ss, firewall logs |
| FQDN / hostname | 7 | Human-readable name | DNS resolution to address | nslookup, dig |
Encapsulation Path
| Step | Sender does | Receiver does |
|---|
| Application data | Creates protocol data, such as HTTP request | Interprets application protocol |
| Transport | Adds TCP/UDP source and destination ports | Delivers data to correct process |
| Network | Adds source/destination IP addresses | Validates destination IP, routes if needed |
| Data link | Adds source/destination MAC addresses | Checks local frame delivery |
| Physical | Sends bits as electrical, optical, or RF signals | Converts signal back to bits |
Common trap: a packet going to a remote subnet uses the destination IP of the remote host but the destination MAC of the local default gateway.
Essential Ports and Protocols
Common TCP/UDP Ports
| Service / protocol | Port(s) | Transport | Use | Exam cues and traps |
|---|
| FTP data/control | 20 / 21 | TCP | File transfer | Not encrypted; active/passive modes affect data connection behavior. |
| SSH | 22 | TCP | Secure remote shell | Also used by SFTP. |
| SFTP | 22 | TCP | Secure file transfer over SSH | Different from FTPS. |
| Telnet | 23 | TCP | Remote terminal | Insecure cleartext; avoid when SSH is available. |
| SMTP | 25 | TCP | Mail server transfer | Client submission often uses 587 with STARTTLS. |
| DNS | 53 | UDP/TCP | Name resolution | UDP common for queries; TCP for zone transfers and large responses. |
| DHCP server/client | 67 / 68 | UDP | Dynamic IPv4 configuration | Requires relay/IP helper across routed subnets. |
| TFTP | 69 | UDP | Simple file transfer | No authentication; used for lightweight boot/config tasks. |
| HTTP | 80 | TCP | Web traffic | Cleartext. |
| Kerberos | 88 | TCP/UDP | Authentication tickets | Time synchronization matters. |
| POP3 | 110 | TCP | Mail retrieval | POP3S commonly uses 995. |
| NTP | 123 | UDP | Time synchronization | Critical for Kerberos, certificates, logs, and forensics. |
| IMAP | 143 | TCP | Mail access | IMAPS commonly uses 993. |
| SNMP | 161 | UDP | Monitoring queries | Prefer SNMPv3 for authentication/encryption. |
| SNMP trap | 162 | UDP | Device-generated alerts | Trap/inform direction is device to manager. |
| LDAP | 389 | TCP/UDP | Directory access | LDAPS commonly uses 636. |
| HTTPS | 443 | TCP | Secure web traffic | Uses TLS certificates; check name, trust chain, and validity. |
| SMB/CIFS | 445 | TCP | File/printer sharing | Common in Windows environments. |
| Syslog | 514 | UDP/TCP | Log forwarding | TLS-secured syslog commonly uses 6514. |
| SMTP submission | 587 | TCP | Authenticated mail submission | Common secure client-to-server submission with STARTTLS. |
| LDAPS | 636 | TCP | LDAP over TLS | Encrypts directory queries. |
| IMAPS | 993 | TCP | IMAP over TLS | Secure mail access. |
| POP3S | 995 | TCP | POP3 over TLS | Secure mail retrieval. |
| SQL Server | 1433 | TCP | Microsoft SQL Server | Database access; restrict with firewall rules. |
| RADIUS auth/accounting | 1812 / 1813 | UDP | AAA for network access | Common with 802.1X and VPN authentication. |
| RDP | 3389 | TCP/UDP | Remote desktop | Exposing directly to the internet is high risk. |
| SIP | 5060 / 5061 | TCP/UDP | VoIP signaling | 5061 is SIP over TLS. |
| RTP | Dynamic UDP | UDP | VoIP media stream | Sensitive to latency, jitter, and packet loss. |
| BGP | 179 | TCP | Interdomain routing | Used between autonomous systems and providers. |
| TACACS+ | 49 | TCP | Device administration AAA | Separates authentication, authorization, and accounting. |
| IKE / IPsec NAT-T | 500 / 4500 | UDP | IPsec negotiation and NAT traversal | ESP is IP protocol 50, not TCP/UDP port 50. |
| AH / ESP | Protocol 51 / 50 | IP protocol | IPsec integrity/encryption | AH does not provide encryption; ESP can provide encryption and integrity. |
Secure vs Insecure Service Choices
| If you see… | Prefer… | Why |
|---|
| Telnet | SSH | Encrypted management plane. |
| FTP | SFTP or FTPS | Protects credentials and file contents. |
| HTTP login page | HTTPS | Protects authentication and session data. |
| SNMPv1/v2c | SNMPv3 | Adds authentication and encryption options. |
| LDAP over untrusted network | LDAPS or LDAP with StartTLS | Protects directory queries and credentials. |
| Open Wi-Fi | WPA3/WPA2 Enterprise or secure guest design | Reduces unauthorized access and sniffing. |
IPv4, IPv6, and Subnetting
\[
\text{Usable IPv4 hosts per subnet} = 2^{\text{host bits}} - 2
\]\[
\text{Number of created subnets} = 2^{\text{borrowed bits}}
\]\[
\text{Block size} = 256 - \text{interesting octet mask value}
\]
Exceptions:
- /31 IPv4 can be used for point-to-point links; both addresses are usable in that context.
- /32 IPv4 is a single host route.
- IPv6 subnetting usually focuses on prefix length and routing design, not broadcast addresses.
Fast IPv4 CIDR Table
| CIDR | Mask | Addresses per subnet | Typical usable IPv4 hosts | Block size cue |
|---|
| /16 | 255.255.0.0 | 65,536 | 65,534 | 1 in 2nd octet |
| /17 | 255.255.128.0 | 32,768 | 32,766 | 128 in 3rd octet |
| /18 | 255.255.192.0 | 16,384 | 16,382 | 64 in 3rd octet |
| /19 | 255.255.224.0 | 8,192 | 8,190 | 32 in 3rd octet |
| /20 | 255.255.240.0 | 4,096 | 4,094 | 16 in 3rd octet |
| /21 | 255.255.248.0 | 2,048 | 2,046 | 8 in 3rd octet |
| /22 | 255.255.252.0 | 1,024 | 1,022 | 4 in 3rd octet |
| /23 | 255.255.254.0 | 512 | 510 | 2 in 3rd octet |
| /24 | 255.255.255.0 | 256 | 254 | 1 in 3rd octet |
| /25 | 255.255.255.128 | 128 | 126 | 128 in 4th octet |
| /26 | 255.255.255.192 | 64 | 62 | 64 in 4th octet |
| /27 | 255.255.255.224 | 32 | 30 | 32 in 4th octet |
| /28 | 255.255.255.240 | 16 | 14 | 16 in 4th octet |
| /29 | 255.255.255.248 | 8 | 6 | 8 in 4th octet |
| /30 | 255.255.255.252 | 4 | 2 | 4 in 4th octet |
| /31 | 255.255.255.254 | 2 | 2 for point-to-point | 2 in 4th octet |
| /32 | 255.255.255.255 | 1 | 1 host route | 1 address |
Subnetting Workflow
- Identify the CIDR prefix and subnet mask.
- Find the interesting octet: the first octet that is not 255 or 0.
- Calculate the block size: 256 minus the mask value in that octet.
- List subnet boundaries in increments of the block size.
- The network ID is the boundary at or below the IP.
- The broadcast is one less than the next boundary.
- Usable host range is between network ID and broadcast, except for /31 and /32 cases.
Example: 192.168.10.77/26
| Step | Result |
|---|
| Mask | 255.255.255.192 |
| Block size | 64 |
| Subnet boundaries | .0, .64, .128, .192 |
| Network ID | 192.168.10.64 |
| Broadcast | 192.168.10.127 |
| Usable hosts | 192.168.10.65 through 192.168.10.126 |
IPv4 Special Ranges
| Range | Purpose | Exam cue |
|---|
| 10.0.0.0/8 | Private IPv4 | Not internet-routable without NAT. |
| 172.16.0.0/12 | Private IPv4 | Includes 172.16.0.0 through 172.31.255.255 only. |
| 192.168.0.0/16 | Private IPv4 | Common home/small office range. |
| 169.254.0.0/16 | APIPA/link-local IPv4 | Usually indicates DHCP failure on IPv4 clients. |
| 127.0.0.0/8 | Loopback | Tests local TCP/IP stack. |
| 0.0.0.0/0 | Default route | “Any IPv4 destination.” |
| 255.255.255.255 | Limited broadcast | Local broadcast only; not routed. |
| 224.0.0.0/4 | Multicast | One-to-many group traffic. |
| 100.64.0.0/10 | Carrier-grade NAT space | Used by providers; not typical enterprise private LAN space. |
IPv6 Address Types
| IPv6 type | Range / example | Purpose | Trap |
|---|
| Global unicast | 2000::/3 | Publicly routable IPv6 | No NAT is required by design, though firewalls still matter. |
| Link-local | fe80::/10 | Local-link communication | Normal on IPv6 hosts; not equivalent to IPv4 APIPA failure. |
| Unique local | fc00::/7, commonly fd00::/8 | Private internal IPv6 | Similar design role to private IPv4, but not the same mechanism. |
| Multicast | ff00::/8 | One-to-many | IPv6 uses multicast heavily; no IPv6 broadcast. |
| Loopback | ::1 | Local host | Like 127.0.0.1. |
| Unspecified | :: | No address / default source placeholder | Used before address assignment or in sockets. |
| Default route | ::/0 | Any IPv6 destination | IPv6 equivalent of 0.0.0.0/0. |
IPv4 vs IPv6 Exam Distinctions
| Topic | IPv4 | IPv6 |
|---|
| Address length | 32-bit | 128-bit |
| Broadcast | Yes | No broadcast; uses multicast/anycast |
| Neighbor mapping | ARP | Neighbor Discovery Protocol using ICMPv6 |
| Autoconfiguration | DHCP common | SLAAC, DHCPv6, or both |
| NAT | Common due to address conservation | Not required for address conservation |
| Header | Variable with options | Simplified base header with extension headers |
| Local-only address | 169.254.0.0/16 APIPA | fe80::/10 link-local |
Core Network Services
DHCP
| Concept | Detail |
|---|
| Purpose | Automatically assigns IP settings such as IP address, mask/prefix, gateway, DNS servers, lease time, and options. |
| DORA process | Discover, Offer, Request, Acknowledgment. |
| Ports | Server UDP 67, client UDP 68. |
| Relay/IP helper | Required when clients and DHCP server are separated by a router. |
| Reservation | Maps a known MAC/client identifier to a predictable IP lease. |
| Scope exhaustion symptom | Clients fail to get leases or receive APIPA addresses. |
| Common options | Default gateway, DNS server, domain name, NTP server, PXE/boot options. |
DNS Records
| Record | Purpose | Example use |
|---|
| A | Name to IPv4 | host.example.com to 192.0.2.10 |
| AAAA | Name to IPv6 | host.example.com to IPv6 address |
| CNAME | Alias to canonical name | www alias to another hostname |
| MX | Mail exchanger | Directs mail for a domain |
| NS | Authoritative name server | Delegates/identifies DNS authority |
| PTR | Reverse lookup | IP address to hostname |
| TXT | Text metadata | SPF, DKIM, DMARC, domain verification |
| SRV | Service locator | Locates services such as directory or voice services |
| SOA | Start of authority | Zone metadata and serial information |
| CAA | Certificate authority authorization | Limits which CAs may issue certificates |
DNS Troubleshooting Cues
| Symptom | Likely issue | Check |
|---|
| Can ping IP, not hostname | DNS resolution problem | Client DNS server, zone record, search suffix, firewall to port 53 |
| Wrong destination IP | Stale record or cache | DNS cache, TTL, split-horizon DNS |
| Internal name resolves externally | DNS suffix or resolver order issue | Client resolver configuration |
| Reverse lookup fails | Missing PTR | Reverse zone delegation/record |
| Intermittent resolution | Multiple DNS servers disagree | Zone replication, conditional forwarders, stale records |
Monitoring and Management Protocols
| Service | Use | Key distinction |
|---|
| SNMP polling | Manager queries device metrics | Uses UDP 161. |
| SNMP traps/informs | Device sends events to manager | Uses UDP 162. |
| Syslog | Centralized log forwarding | Facility/severity support; secure transport may use TLS. |
| NTP | Time synchronization | Required for reliable logs, Kerberos, certificates, and correlation. |
| NetFlow/IPFIX | Flow telemetry | Shows who talked to whom, how much, and when; not full packet capture. |
| LLDP | Neighbor discovery | Vendor-neutral Layer 2 discovery protocol. |
| IPAM | Address management | Tracks subnets, DHCP scopes, DNS, and assignments. |
Syslog Severity
| Severity | Name | Meaning |
|---|
| 0 | Emergency | System unusable |
| 1 | Alert | Immediate action needed |
| 2 | Critical | Critical condition |
| 3 | Error | Error condition |
| 4 | Warning | Warning condition |
| 5 | Notice | Normal but significant |
| 6 | Informational | Informational message |
| 7 | Debug | Debug-level detail |
Switching, VLANs, and Ethernet
Switching Concepts
| Concept | Meaning | Exam cue |
|---|
| MAC address table / CAM table | Maps MAC addresses to switch ports | Built by learning source MAC addresses. |
| Unknown unicast flooding | Switch floods when destination MAC is unknown | Not the same as broadcast. |
| Broadcast domain | Area reached by Layer 2 broadcast | VLANs separate broadcast domains. |
| Collision domain | Shared medium where collisions can occur | Mostly historical with full-duplex switching. |
| Access port | Carries one VLAN, usually untagged | Used for endpoints. |
| Trunk port | Carries multiple VLANs | Uses 802.1Q tagging. |
| Native VLAN | Untagged VLAN on an 802.1Q trunk | Mismatches can create connectivity/security issues. |
| Inter-VLAN routing | Routes between VLANs/subnets | Requires router, L3 switch, or firewall. |
| Port mirroring / SPAN | Copies traffic to analyzer port | Used for packet capture/IDS visibility. |
| LACP / link aggregation | Bundles multiple links | Adds redundancy and aggregate capacity; both sides must agree. |
| STP | Prevents Layer 2 loops | Blocking a port can be normal behavior. |
| PoE | Power over Ethernet | Powers APs, phones, cameras, sensors. |
VLAN and Trunk Troubleshooting
| Symptom | Likely cause | Check |
|---|
| Host cannot reach local VLAN peers | Wrong access VLAN, port disabled, bad cable, endpoint IP issue | Switchport VLAN, link light, MAC table |
| Same VLAN works, other VLANs fail | Missing gateway, inter-VLAN routing, ACL/firewall | Default gateway, SVI/router interface, ACL logs |
| VLAN works on one switch but not another | Trunk not allowing VLAN or native VLAN mismatch | Trunk allowed list, tagging, STP state |
| Intermittent outages or high broadcast traffic | Layer 2 loop or storm | STP topology changes, MAC flapping, storm control |
| Voice phone works but PC behind it fails | Voice/data VLAN configuration issue | Voice VLAN, access VLAN, LLDP-MED, DHCP options |
| New AP cannot serve SSIDs | Trunk/native VLAN or PoE issue | AP switchport mode, VLAN tags, PoE budget/status |
Spanning Tree and Loop Prevention
| Control | Use | Notes |
|---|
| STP/RSTP | Prevents bridging loops | RSTP converges faster than original STP. |
| Root bridge | Logical center of STP topology | Place intentionally in campus designs. |
| BPDU guard | Shuts port receiving unexpected BPDUs | Common on access/edge ports. |
| Root guard | Prevents unexpected root bridge takeover | Protects STP design. |
| PortFast / edge port | Speeds endpoint port forwarding | Do not use on switch-to-switch links unless design supports it. |
| Storm control | Limits broadcast/multicast/unknown unicast storms | Helps contain loops and misbehaving devices. |
| Medium / item | Use | Notes |
|---|
| UTP copper | Common Ethernet cabling | Uses RJ45; typical Ethernet channel limit is 100 meters. |
| STP/shielded copper | EMI-prone environments | Requires proper grounding to be effective. |
| Multimode fiber | Shorter fiber runs, data centers/campuses | Often uses LED/VCSEL sources; common with LC connectors. |
| Single-mode fiber | Longer-distance fiber | Uses laser optics; common for WAN/campus backbone links. |
| DAC / twinax | Short data center connections | Common between switches/servers in racks. |
| Coaxial | Cable broadband, legacy Ethernet, RF | Uses connectors such as F-type or BNC depending on system. |
| RJ45 | Twisted-pair Ethernet connector | Do not call the cable itself “RJ45”; RJ45 is the connector style. |
| LC | Small fiber connector | Common on SFP/SFP+ optics. |
| SC | Larger fiber connector | Older/common fiber patching. |
| SFP/SFP+/QSFP | Modular transceivers | Match speed, fiber type, wavelength, and connector. |
| Tool | Best for | Not for |
|---|
| Cable tester | Wire map, opens, shorts, split pairs | Full protocol analysis |
| Certifier | Validating cabling against standards | Quick casual link checks |
| Toner/probe | Finding cable paths | Measuring throughput |
| TDR | Locating copper cable faults/distance to break | Application-layer issues |
| OTDR | Fiber break/loss location | Copper testing |
| Light meter | Fiber optical power/loss | IP routing issues |
| Loopback plug | Testing port transmit/receive | End-to-end service validation |
| Crimper/punchdown | Terminating copper | Diagnosing DNS or routing |
Routing, NAT, WAN, and Traffic Flow
Routing Decision Logic
| Decision | Rule |
|---|
| Same subnet? | Host ARPs/uses neighbor discovery for destination host and sends directly. |
| Remote subnet? | Host sends frame to default gateway MAC, with destination IP still set to remote host. |
| Router lookup | Longest prefix match wins before general/default routes. |
| Default route | IPv4 0.0.0.0/0; IPv6 ::/0. |
| Metric/cost | Used to choose between comparable routes. |
| TTL/hop limit | Decremented by routers; prevents infinite loops. |
Routing Protocol and Route Type Selection
| Option | Best fit | Key distinction |
|---|
| Connected route | Directly attached network | Automatically known when interface is up/up. |
| Static route | Small/stable routes, default route, backup route | Simple but manual; does not adapt unless tracked. |
| Default route | Send unknown destinations upstream | Common toward ISP or core firewall. |
| OSPF | Dynamic internal routing | Link-state IGP; uses areas and cost. |
| BGP | Provider, internet edge, multi-homing, policy routing | Path-vector EGP; policy and AS path matter. |
| RIP | Legacy/simple dynamic routing | Hop-count based; rarely preferred in modern designs. |
| Route redistribution | Connecting routing domains | Can introduce loops or suboptimal paths if poorly controlled. |
NAT and PAT
| Type | Meaning | Use case |
|---|
| Static NAT | One private address to one public address | Publishing a specific internal host. |
| Dynamic NAT | Private addresses mapped to pool of public addresses | Outbound access with public pool. |
| PAT / NAT overload | Many private hosts share one/few public IPs using ports | Common internet access design. |
| SNAT | Changes source address | Outbound NAT. |
| DNAT / port forwarding | Changes destination address/port | Inbound publishing through firewall/load balancer. |
| NAT-T | Encapsulates IPsec through NAT | Uses UDP 4500. |
Trap: NAT is not a substitute for firewall policy. It can hide internal addresses, but access control still depends on filtering rules.
WAN and Remote Connectivity
| Technology | Use | Decision cue |
|---|
| Leased line / private circuit | Dedicated predictable connectivity | Higher control, provider-managed circuit. |
| MPLS | Provider WAN with traffic engineering/VPN services | Often used for enterprise site-to-site WANs. |
| Broadband internet | Cost-effective site/user connectivity | Pair with VPN/SD-WAN for security/control. |
| Cellular | Backup WAN, mobile, temporary sites | Useful for failover and rapid deployment. |
| Site-to-site VPN | Encrypted tunnel between networks | Connects offices/cloud networks over untrusted networks. |
| Client-to-site VPN | Remote user access | Endpoint identity, MFA, posture, and split/full tunnel matter. |
| SD-WAN | Policy-based WAN overlay | Chooses paths by app, performance, and policy. |
| Direct cloud connection | Private connectivity to cloud provider | Used for predictable hybrid cloud connectivity. |
| Term | Meaning | High-yield use |
|---|
| Bandwidth | Maximum data-carrying capacity | More bandwidth does not always fix latency. |
| Throughput | Actual achieved data rate | Affected by loss, congestion, protocol overhead. |
| Latency | One-way or round-trip delay | Voice/video/interactive apps are sensitive. |
| Jitter | Variation in delay | VoIP/video quality issue. |
| Packet loss | Dropped packets | Causes retransmissions, poor voice/video, slow apps. |
| DSCP | Layer 3 QoS marking | Used for classifying/queuing traffic. |
| CoS/802.1p | Layer 2 QoS marking | VLAN tag priority bits. |
| Shaping | Buffers and smooths traffic | Reduces drops by controlling rate. |
| Policing | Drops/remarks traffic above rate | Enforces limits more harshly. |
| MTU | Maximum transmission unit | Mismatches can cause fragmentation or black-hole behavior. |
Wireless Networking
Wi-Fi Standards and Bands
| Standard | Common name | Bands | Key cue |
|---|
| 802.11b | Wi-Fi legacy | 2.4 GHz | Old, slow, interference-prone. |
| 802.11a | Wi-Fi legacy | 5 GHz | Older 5 GHz standard. |
| 802.11g | Wi-Fi legacy | 2.4 GHz | Legacy 2.4 GHz. |
| 802.11n | Wi-Fi 4 | 2.4 / 5 GHz | MIMO; still encountered. |
| 802.11ac | Wi-Fi 5 | 5 GHz | Wider channels, higher throughput in 5 GHz. |
| 802.11ax | Wi-Fi 6 / 6E | 2.4 / 5 / 6 GHz | OFDMA, dense client support; 6E adds 6 GHz operation. |
| 802.11be | Wi-Fi 7 | 2.4 / 5 / 6 GHz | Newer high-throughput/low-latency features such as multi-link operation. |
Wireless Design Decisions
| Requirement | Prefer | Why |
|---|
| Longer range / wall penetration | 2.4 GHz | Better propagation, but more interference and fewer non-overlapping channels. |
| Higher capacity | 5 GHz or 6 GHz | More channels and less congestion. |
| Dense offices/classrooms | Wi-Fi 6/6E design with proper channel/power planning | Handles many clients more efficiently. |
| Guest access | Separate SSID/VLAN with captive portal or isolated policy | Limits guest access to internal resources. |
| Enterprise authentication | WPA2/WPA3 Enterprise with 802.1X/RADIUS | Per-user/device authentication and centralized control. |
| Small office/simple deployment | WPA3-Personal or WPA2-Personal if required | Uses shared passphrase; easier but less granular. |
| Voice over Wi-Fi | Surveyed coverage, roaming support, QoS | Sensitive to latency, jitter, and roaming delays. |
Wireless Security and Troubleshooting
| Symptom / risk | Likely cause | Fix / check |
|---|
| Users connect but cannot reach LAN | Wrong VLAN mapping, ACL, DHCP scope, captive portal state | SSID-to-VLAN mapping, gateway, DHCP lease |
| Poor throughput near AP | Channel congestion, low data rates, interference, client issue | Channel utilization, band steering, drivers |
| Frequent disconnects | Roaming thresholds, power levels, interference, authentication timeouts | AP placement, controller logs, RSSI/SNR |
| Clients cannot authenticate | RADIUS, certificate, EAP type, time mismatch | AAA logs, certificate chain, NTP |
| Rogue AP / evil twin | Unauthorized AP mimicking SSID | WIDS/WIPS, wired port control, user training |
| Deauthentication attacks | Wi-Fi management frame abuse | WPA3/PMF where supported, monitoring |
| Hidden SSID expected to secure network | Misconception | Hidden SSID is not strong security. Use encryption/authentication. |
Antenna and RF Terms
| Term | Meaning |
|---|
| Omnidirectional | Radiates broadly around antenna; common for general coverage. |
| Directional | Focuses signal in a direction; useful for point-to-point or targeted coverage. |
| dBm | Absolute power level measurement. |
| dBi | Antenna gain relative to isotropic radiator. |
| RSSI | Received signal strength indicator. |
| SNR | Signal-to-noise ratio; higher is generally better. |
| Channel overlap | Adjacent channels interfere, especially in 2.4 GHz. |
| DFS | 5 GHz channels that may change due to radar detection requirements. |
Security Controls and Network Hardening
Authentication, Authorization, and Accounting
| Control | Purpose | Exam distinction |
|---|
| Authentication | Proves identity | Password, certificate, token, biometric, MFA. |
| Authorization | Determines allowed actions | “What can this authenticated identity do?” |
| Accounting | Records activity | Logs commands, sessions, access times. |
| RADIUS | Network access AAA | Common for VPN, Wi-Fi, 802.1X; UDP-based. |
| TACACS+ | Device administration AAA | TCP-based; separates AAA functions. |
| 802.1X | Port-based network access control | Supplicant, authenticator, authentication server. |
| NAC | Enforces access/posture policy | May check device health, identity, compliance. |
| MFA | Multiple factors | Something you know, have, are, do, or somewhere you are. |
Firewalls, Segmentation, and Inspection
| Control | Layer / focus | Use |
|---|
| Stateless ACL | L3/L4 packet fields | Fast filtering; return traffic must be explicitly handled. |
| Stateful firewall | Connection state | Allows return traffic for established sessions. |
| NGFW | App/user/content-aware filtering | More context than simple port filtering. |
| WAF | Web application traffic | Protects HTTP/HTTPS apps from Layer 7 attacks. |
| IDS | Detects suspicious activity | Alerts; does not normally block inline. |
| IPS | Blocks suspicious traffic inline | Preventive but can disrupt if false positives occur. |
| Proxy | Intermediates client/server traffic | Can filter, cache, inspect, authenticate. |
| DMZ | Semi-trusted segment | Publishes services while limiting internal exposure. |
| Microsegmentation | Fine-grained east-west controls | Limits lateral movement. |
| Zero Trust | Never trust solely by network location | Verify identity, device, context, and least privilege. |
ACL and Firewall Rule Traps
| Rule behavior | What to remember |
|---|
| Top-down processing | First match usually wins. |
| Implicit deny | Unmatched traffic is often denied by default. |
| Direction matters | Inbound/outbound is relative to interface or zone. |
| Source/destination matter | Return traffic behavior depends on statefulness. |
| More specific before general | Place exceptions before broad deny/allow rules. |
| Logging is deliberate | Logging every allowed flow can overwhelm systems. |
VPN and Secure Tunneling
| VPN type | Best fit | Notes |
|---|
| IPsec tunnel mode | Site-to-site network encryption | Encrypts original IP packet inside new packet. |
| IPsec transport mode | Host-to-host or specific use cases | Protects payload, not entire original IP header. |
| SSL/TLS VPN | Remote user access through TLS | Often browser/client based. |
| Split tunnel | Only selected traffic uses VPN | Saves bandwidth but may increase risk. |
| Full tunnel | All client traffic goes through VPN | Stronger central control; more bandwidth/latency impact. |
| Clientless VPN | Browser-accessible apps | Limited to supported application types. |
Certificates and PKI
| Concept | Meaning | Common failure |
|---|
| CA | Issues/signs certificates | Untrusted root/intermediate CA. |
| Certificate chain | Trust path from leaf to root | Missing intermediate certificate. |
| CN/SAN | Names certificate is valid for | Hostname mismatch warning. |
| Validity period | Not before/not after dates | Expired or not-yet-valid certificate. |
| CRL/OCSP | Revocation checking | Revocation service unreachable. |
| Private key | Secret key corresponding to certificate | Key compromise invalidates trust. |
| CSR | Certificate signing request | Generated before certificate issuance. |
Common Attacks and Mitigations
| Attack / risk | What happens | Mitigations |
|---|
| ARP poisoning | Attacker manipulates IPv4 MAC mappings | Dynamic ARP inspection, DHCP snooping, segmentation. |
| DHCP starvation | Exhausts DHCP pool | DHCP snooping, port security, rate limits. |
| Rogue DHCP | Unauthorized server gives bad settings | DHCP snooping, NAC, switch controls. |
| DNS poisoning | Victims resolve to malicious address | DNSSEC where used, secure resolvers, cache protection. |
| VLAN hopping | Attacker abuses trunk/tagging behavior | Disable unused trunks, set native VLAN carefully, no dynamic trunking. |
| MAC flooding | Overloads switch MAC table | Port security, storm control. |
| Evil twin | Fake Wi-Fi AP mimics legitimate SSID | Enterprise auth, certificate validation, WIDS/WIPS. |
| DoS/DDoS | Resource exhaustion | Rate limiting, filtering, upstream protection, redundancy. |
| Brute force | Repeated login attempts | MFA, lockout, rate limits, strong credentials. |
| Lateral movement | Compromised host pivots internally | Segmentation, least privilege, EDR, monitoring. |
| Misconfiguration | Accidental exposure or outage | Change control, review, backups, baselines. |
Modern Network Architectures
Campus, Data Center, Cloud, and Edge
| Architecture | Description | Choose when |
|---|
| Three-tier campus | Access, distribution, core | Traditional enterprise LAN segmentation and scalability. |
| Collapsed core | Distribution and core combined | Smaller networks needing simplified design. |
| Spine-leaf | Every leaf connects to every spine | Low-latency east-west traffic in data centers. |
| SDN | Centralized control/programmatic network management | Need automation, policy abstraction, dynamic provisioning. |
| SD-WAN | Overlay WAN with policy-based path choice | Multiple WAN links, application-aware routing, branch optimization. |
| Cloud VPC/VNet | Isolated virtual network in cloud | Cloud workloads, hybrid connectivity, security groups/routes. |
| Hybrid cloud | Mix of on-premises and cloud resources | Gradual migration, regulatory/data locality, existing systems. |
| Edge computing | Compute close to users/devices | Low latency, local processing, IoT/industrial use cases. |
Virtualization and Cloud Networking
| Concept | Meaning | Exam cue |
|---|
| vSwitch | Software switch inside hypervisor | Connects VMs to virtual/physical networks. |
| Port group | Logical VM network settings | Often maps to VLAN/security policy. |
| Overlay network | Encapsulated virtual network | Supports tenant isolation and mobility. |
| Security group | Instance/workload-level filtering | Cloud-native stateful firewall concept. |
| Network ACL | Subnet-level stateless filtering in many clouds | Separate from security groups. |
| Load balancer | Distributes traffic | L4 uses IP/ports; L7 uses application context. |
| Autoscaling | Adds/removes workloads based on demand | Requires stateless design or shared state handling. |
| Bastion/jump host | Controlled admin entry point | Avoids exposing many management interfaces. |
| CASB | Cloud access security broker | Visibility/control for SaaS/cloud usage. |
| SASE/SSE | Security functions delivered as cloud services | Blends identity, secure access, and policy enforcement. |
High Availability and Resilience
| Requirement | Design option | Notes |
|---|
| Link redundancy | LACP, redundant paths, diverse circuits | Avoid single points of failure. |
| Gateway redundancy | FHRP such as VRRP-like designs | Virtual default gateway for hosts. |
| Device redundancy | Active/passive or active/active pairs | Check state synchronization and failover behavior. |
| Power resilience | UPS, generators, dual power supplies | UPS handles short outages and graceful shutdown. |
| Geographic resilience | Multiple sites/regions | Consider data replication and routing. |
| Traffic distribution | Load balancing, anycast, DNS steering | Match solution to L4/L7 and failover needs. |
| Recovery planning | Backups, configuration archives, rollback plans | Test restore, not just backup creation. |
Operations, Documentation, and Change Control
Documentation Types
| Document / artifact | Purpose |
|---|
| Physical diagram | Cabling, racks, patch panels, device locations. |
| Logical diagram | VLANs, subnets, routing, firewalls, WAN/cloud links. |
| IP address plan / IPAM | Tracks subnets, static assignments, DHCP scopes, DNS records. |
| Rack elevation | Shows device placement, power, cabling density. |
| Baseline | Normal performance/utilization for comparison. |
| Standard operating procedure | Repeatable operational steps. |
| Change plan | Scope, risk, implementation steps, test plan, rollback plan. |
| Incident report | Timeline, impact, root cause, remediation, lessons learned. |
Change Management Checklist
| Step | What to verify |
|---|
| Request | Business reason, owner, affected systems. |
| Risk assessment | Impact, dependencies, outage window, backout complexity. |
| Approval | Authorized stakeholders agree to timing and scope. |
| Backup | Configurations and data needed for rollback are captured. |
| Implementation | Steps are clear, ordered, and assigned. |
| Validation | Tests prove service is working after change. |
| Rollback | Predefined trigger and steps if validation fails. |
| Documentation | Diagrams, IPAM, CMDB, and runbooks are updated. |
Metrics to Recognize
| Metric | Use |
|---|
| Availability | Whether a service is reachable/usable. |
| Utilization | Percent of capacity consumed. |
| Error rate | Physical or logical errors indicating faults. |
| Latency | Time delay; important for voice, video, apps. |
| Jitter | Delay variation; especially important for voice/video. |
| Packet loss | Indicates congestion, errors, drops, or wireless issues. |
| CPU/memory | Device health and capacity. |
| Interface discards | Dropped frames/packets due to congestion or policy. |
| Interface errors | Cabling, duplex, optic, NIC, or physical-layer issue. |
Common Commands
Syntax varies by operating system and tool version, but these are high-yield patterns.
## Windows examples
ipconfig /all
ping 192.0.2.10
tracert example.com
nslookup example.com
netstat -ano
arp -a
route print
## Linux/macOS examples
ip addr
ip route
ping 192.0.2.10
traceroute example.com
dig example.com
ss -tulpen
arp -a
sudo tcpdump -i eth0 port 53
Command Selection Matrix
| Need to know… | Tool / command | What it tells you |
|---|
| Local IP, mask, gateway, DNS | ipconfig /all, ip addr, ip route | Client configuration and routing defaults. |
| Basic reachability | ping | ICMP reachability and latency, if ICMP is allowed. |
| Path to destination | tracert, traceroute | Router hops and where path may stop. |
| DNS answer | nslookup, dig | Resolver behavior and DNS records. |
| Listening ports | netstat, ss | Local services and connections. |
| MAC/IP mappings | arp -a, neighbor table | Layer 2 resolution for local subnet. |
| Packet details | Wireshark, tcpdump | Actual frames/packets, handshakes, retransmissions. |
| Open remote ports | Port scanner | Service exposure and filtering behavior. |
| Interface status/errors | Switch/router interface commands, monitoring | Link state, speed, duplex, errors, discards. |
Troubleshooting Method
| Step | Practical action |
|---|
| 1. Identify the problem | Gather symptoms, scope, users affected, recent changes. |
| 2. Establish a theory | Start with likely layer/domain based on evidence. |
| 3. Test the theory | Use targeted commands/tools; do not guess randomly. |
| 4. Plan and implement fix | Consider impact, approval, backup, and rollback. |
| 5. Verify functionality | Confirm user service and monitor for recurrence. |
| 6. Document | Record root cause, fix, and prevention. |
Symptom-to-Cause Troubleshooting Tables
Client Connectivity
| Symptom | Most likely areas | Fast checks |
|---|
| No link light | Cable, port disabled, bad NIC/SFP, power, patching | Swap cable, check switchport, verify transceiver. |
| Link light but no IP | DHCP, VLAN, NAC, scope exhaustion | Lease status, switch VLAN, DHCP logs, 802.1X state. |
| IPv4 address is 169.254.x.x | DHCP failure | DHCP server, relay, VLAN, client firewall, scope. |
| Can ping gateway only | Routing, firewall, upstream outage | Default route, ACL, next hop, ISP/WAN status. |
| Can ping IP but not name | DNS | Resolver address, records, suffix, port 53. |
| Some sites work, others fail | DNS, MTU, filtering, routing, proxy | Compare IP vs name, test HTTPS, check PMTUD/firewall. |
| Intermittent disconnects | Cabling, duplex, wireless roaming, power save, IP conflict | Interface errors, logs, duplicate IP detection. |
| Slow first connection | DNS delay, proxy, authentication, ARP/ND | Resolver timing, proxy logs, packet capture. |
Switching and VLANs
| Symptom | Likely cause | What to inspect |
|---|
| Host in wrong subnet | Wrong VLAN or DHCP scope | Access VLAN, DHCP scope, IPAM. |
| New VLAN not reachable across switches | Trunk allowed VLAN missing | Trunk config, VLAN database, STP state. |
| Broadcast storm | Layer 2 loop | STP logs, MAC flapping, recent cabling changes. |
| MAC address appears on multiple ports | Loop, virtualization movement, spoofing | Switch MAC table, topology, security logs. |
| Only one side of link works well | Duplex/speed mismatch or cable pair issue | Interface errors, negotiated speed/duplex, cable test. |
| PoE device reboots | Insufficient power, bad cable, device draw | PoE status, power budget, cable quality. |
Routing and WAN
| Symptom | Likely cause | Check |
|---|
| Remote subnet unreachable | Missing route, wrong gateway, ACL/firewall | Routing table, traceroute, firewall logs. |
| Route loops | Bad redistribution/static routes | TTL exceeded, repeated hops in traceroute. |
| Asymmetric traffic | Different forward/return paths | Stateful firewall drops, NAT state, routing policy. |
| VPN connects but no internal access | Missing routes, split tunnel policy, firewall, DNS | Route table, VPN pool, ACL, internal DNS. |
| Site-to-site VPN down | IKE/IPsec mismatch, NAT-T, credentials/cert, peer IP | Phase negotiation logs, UDP 500/4500, ESP. |
| High WAN latency | Congestion, path issue, provider problem | Interface utilization, QoS queues, provider circuit tests. |
Wireless
| Symptom | Likely cause | Check |
|---|
| Weak signal | Distance, obstacles, antenna placement | Survey, RSSI/SNR, AP location. |
| Good signal but slow | Interference, congestion, channel width, client capability | Channel utilization, band, drivers, AP load. |
| Authentication failures | RADIUS/cert/EAP/time issue | AAA logs, NTP, certificate trust. |
| Roaming problems | AP power too high/low, poor overlap, client behavior | Controller events, survey, roaming settings. |
| Only guest SSID works | Internal SSID VLAN/RADIUS issue | SSID mapping, RADIUS policy, DHCP scope. |
| 2.4 GHz unstable | Interference/overlap | Use channels 1/6/11 where appropriate; reduce overlap. |
Security and Access
| Symptom | Likely cause | Check |
|---|
| User denied after login | Authorization issue | Group membership, ACL, policy, RADIUS attributes. |
| Certificate warning | Expired, wrong name, untrusted CA, missing intermediate | Validity, SAN, chain, client trust store. |
| Logs show repeated failures | Brute force, bad stored password, service account issue | Source IP, lockout, credential rotation. |
| Unexpected outbound traffic | Malware, misconfigured app, data exfiltration | Firewall logs, NetFlow, EDR, DNS logs. |
| New firewall rule did not work | Rule order/direction/object mismatch | Hit counts, implicit deny, source/destination zones. |
| 802.1X endpoint stuck unauthenticated | Supplicant, RADIUS, certificate, VLAN assignment | Switch auth state, RADIUS logs, EAP method. |
High-Yield “Do Not Confuse” List
| Do not confuse | Correct distinction |
|---|
| Switch vs router | Switch forwards frames by MAC within a broadcast domain; router forwards packets by IP between networks. |
| VLAN vs subnet | VLAN is Layer 2 segmentation; subnet is Layer 3 addressing. They often map one-to-one but are not the same thing. |
| DNS vs DHCP | DNS resolves names; DHCP assigns configuration. |
| NAT vs firewall | NAT translates addresses; firewall enforces traffic policy. |
| TCP vs UDP | TCP provides connection-oriented reliability; UDP is lightweight and used by many real-time/query protocols. |
| SSH vs TLS | SSH secures remote shell/file transfer; TLS secures many application protocols such as HTTPS. |
| SFTP vs FTPS | SFTP runs over SSH; FTPS is FTP secured with TLS. |
| IDS vs IPS | IDS alerts; IPS blocks inline. |
| APIPA vs IPv6 link-local | IPv4 APIPA often signals DHCP failure; IPv6 link-local is normal and required. |
| Trunk vs access port | Trunk carries multiple VLANs with tags; access port usually carries one untagged VLAN. |
| Port security vs firewall port | Port security controls switch access by MAC/device; firewall ports are TCP/UDP service identifiers. |
| Latency vs bandwidth | Latency is delay; bandwidth is capacity. Increasing bandwidth may not reduce delay. |
| Authentication vs authorization | Authentication verifies identity; authorization grants permissions. |
Rapid Final Review Checklist
Before practice or exam day, confirm you can:
- Identify OSI layers from a symptom, protocol, device, address, or PDU.
- Calculate network ID, broadcast, host range, and usable hosts for common IPv4 CIDR masks.
- Recognize private IPv4, APIPA, loopback, multicast, default routes, and IPv6 address types.
- Match common protocols to ports and know secure alternatives.
- Explain DHCP DORA, DNS record types, SNMP polling/traps, syslog severity, and NTP importance.
- Troubleshoot “IP works but name fails,” “same VLAN works but remote fails,” and “VPN connects but no access.”
- Distinguish access ports, trunks, native VLANs, STP behavior, LACP, and inter-VLAN routing.
- Select wireless bands, security modes, and troubleshooting steps for interference/authentication/roaming.
- Choose between static routes, default routes, OSPF, BGP, NAT/PAT, site-to-site VPN, and SD-WAN.
- Apply least privilege, segmentation, 802.1X/NAC, firewall rule order, VPN security, and certificate checks.
- Select the right tool: cable tester, TDR, OTDR, Wireshark, ping, traceroute, dig/nslookup, netstat/ss, logs.
Practical Next Step
Use this Quick Reference as a checklist, then complete timed CompTIA Network+ V10 (N10-010) practice sets that force subnetting, port recognition, topology interpretation, and troubleshooting from realistic symptoms.