CCNA 200-301 v1.1 Comprehensive Study Notes

1.0 Network Fundamentals

• 20 % of the CCNA exam focuses on foundational Layer-1–Layer-3 knowledge.

1.1 Role and Function of Common Network Components

• Routers
• Interconnect multiple logical networks, make Layer-3 forwarding decisions based on the destination IP network.
• Perform packet switching, path selection, traffic segmentation, QoS marking, NAT, policy‐based routing, and security filtering (ACLs, ZBF, VPN termination).
• Router interfaces can be physical (copper/fiber) or logical (sub-interfaces, SVIs, Loopbacks).
• Control planes (RIB, routing protocols) are separated from forwarding planes (CEF FIB) in modern platforms.

• Layer-2 & Layer-3 Switches
• L2 switch: Builds MAC address table, forwards frames within a VLAN; does not change IP headers.
• L3 switch (multilayer): Adds routing capability in hardware (CEF/ASICs) for inter-VLAN routing (SVIs) at wire-speed.
• Advantage: \text{latency}\approx \text{switching}\;<\;\text{router} because no external hop is needed.

• Next-Generation Firewalls (NGFW) & Intrusion Prevention Systems (IPS)
• Combine stateful firewall, application visibility, TLS decryption, URL-filtering, malware sandboxing.
• IPS engine performs deep-packet inspection, signature & behavior-based detection; can operate inline or tap (IDS).

• Wireless Access Points (APs)
• Provide 802.11 PHY/MAC service set, bridge Wi-Fi to wired infrastructure (Ethernet trunk/access).
• Support multiple SSIDs, VLAN mapping, PoE, MIMO, WPA{2,3}, 2.4/5/6 GHz bands.

• Controllers (WLC, SDN, DNA-C, vManage)
• Centralize configuration, policy, automation, telemetry (northbound REST, southbound CAPWAP/NETCONF).

• Endpoints & Servers
• Endpoints = hosts (PCs, smartphones, IoT). Servers deliver centralized services (DNS, DHCP, AAA, containers VMs).

• Power over Ethernet (PoE)
• IEEE 802.3af (15.4 W), 802.3at (30 W), 802.3bt (≤90 W). Eliminates need for external power bricks.

1.2 Network Topology Architectures

• Two-tier (Collapsed Core)
• Access + Distribution collapsed into one layer; used for smaller campuses/SOHO.

• Three-tier (Core / Distribution / Access)
• Scalability, deterministic Layer-2 domains, policy in Distribution. Core = high-speed switching backbone.

• Spine-Leaf (Clos) DC Fabric
• Every Leaf links to every Spine → predictable h = 2 hop latency.
• East-West traffic optimized; uses ECMP and VXLAN overlays.

• WAN Edge
• MPLS, DIA, LTE/5G, VPNs. SD-WAN introduces overlay tunnels, centralized policies, path-selection (SLAs).

• Small Office / Home Office (SOHO)
• Single integrated device: switch, AP, router, firewall, VoIP, often cloud-managed.

• On-Premises vs Cloud Infra
• On-prem: full administrative control, CapEx. Cloud: IaaS/PaaS/SaaS, OpEx, elasticity, API automation.

1.3 Physical Interfaces & Cabling

• Media Types
• Single-mode Fiber (SMF): 1310/1550 nm lasers, up to ~80 km.
• Multimode Fiber (MMF): 850 nm LEDs/VCSELs, OM3 up to 300 m @10 Gbps.
• Copper: UTP/STP Cat 5e (1 Gb), Cat 6/6A (10 Gb), Cat 8 (25/40 Gb ≤30 m).

• Connections
• Shared-media Ethernet (legacy hubs) ↔ collision domain.
• Point-to-point full-duplex links (modern switches); no collisions.

• PoE cabling considerations: 4-pair power, I=\frac{P}{V} ≈ 0.6 A @ 90 W over 48 V.

1.4 Interface & Cable Issues (Troubleshooting)

• Collisions & Late Collisions (half-duplex mismatch).
• CRC/Runts/Giants → faulty NIC, damaged cable, EMI.
• Duplex or Speed mismatch → autonegotiation failure.
• Dead/illuminated fiber (Tx/Rx reversed, dirty connectors).

1.5 TCP vs UDP

• TCP = connection-oriented, 3-way handshake, reliability, sequencing, congestion control (AIMD, slow-start).
• UDP = stateless, low-overhead 8\text{-byte} header, no re-transmission; ideal for voice/video (delay sensitive).

1.6 IPv4 Addressing & Subnetting (Configure/Verify)

• Decimal dotted-quad, 32 bits. 2^{32}=4{,}294{,}967{,}296 possible addresses.
• CIDR notation: /n bits network, 2^{32-n} hosts.
• Subnet Mask Examples
• /24 → 255.255.255.0 → 2^{8}-2=254 hosts.
• /30 → 255.255.255.252 → P2P, 2 usable hosts.
• Verification: show ip interface, ping default-gateway, ARP table.

1.7 Private IPv4 Ranges (RFC 1918)

• 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 → non-routable on public Internet; require NAT.

1.8 IPv6 Addressing / Prefix (Configure/Verify)

• 128-bit hexadecimal; written as eight 16-bit hextets.
• SLAAC, DHCPv6, static.
• Prefix length commonly /64 on LAN segments.

1.9 IPv6 Address Types

• Unicast
• Global Unicast 2000::/3, Unique Local fc00::/7, Link-Local fe80::/10.
• Anycast → same address on multiple interfaces; routed to nearest.
• Multicast ff00::/8 (e.g., all-nodes ff02::1).
• Modified EUI-64 → derives interface ID from MAC: insert fffe & flip U/L bit.

1.10 Verify IP Parameters on Client OS

• Windows: ipconfig /all, netsh interface ipv6 show address.
• macOS/Linux: ifconfig, ip addr, nmcli, resolvectl.
• Confirm DNS, default gw, DHCP lease, IPv6 RA.

1.11 Wireless Principles

• Non-overlapping 2.4 GHz channels: 1, 6, 11 (20 MHz).
• SSID = service set identifier (network name) broadcast in beacons.
• RF Basics: P{rx}=P{tx}+G{tx}+G{rx}-L_{path} (Friis path-loss).
• Encryption suites: WEP (deprecated), WPA/WPA2-AES, WPA3-SAE.

1.12 Virtualization Fundamentals

• Server virtualization (ESXi, KVM, Hyper-V) abstracts hardware; VMs.
• Containers (Docker) share host kernel, lightweight, orchestrated via Kubernetes.
• VRF (Virtual Routing & Forwarding) separates routing tables on the same device → overlapping IP spaces.

1.13 Switching Concepts

• MAC Learning/Aging → CAM table entry timer (default 300 s).
• Frame Switching → store-and-forward vs cut-through.
• Frame Flooding → unknown-unicast, broadcast, multicast.
• MAC Address Table → \langle\text{MAC},\text{VLAN},\text{Interface},\text{Age}\rangle.

2.0 Network Access

• 20 % of the exam.

2.1 VLAN Configuration (Normal Range 1-1005)

• Access Ports
• Data VLAN & optional Voice VLAN (LLDP-MED/CDP advertises \text{VLAN}_{voice}).
• Default VLAN 1: all ports within same broadcast domain until reconfigured.
• Inter-VLAN Routing
• Router-on-a-Stick (ROAS) vs SVI on multilayer switch.

2.2 Interswitch Connectivity

• Trunk Ports
• Carry multiple VLANs; tagged frames.
• 802.1Q Encapsulation
• 4-byte header, 12-bit VLAN ID (0-4095), Tag Protocol ID 0x8100.
• Native VLAN (untagged) → must match on both ends; mismatch = CDP/LLDP warning.

2.3 Layer-2 Discovery Protocols

• CDP (Cisco proprietary) & LLDP (IEEE 802.1AB).
• Advertise device ID, port ID, capabilities, power, VLAN, IP.
• Troubleshooting neighbor topology: show cdp neighbors detail.

2.4 EtherChannel (LACP – 802.1AX)

• Bundles up to 16 physical links; appears as one logical port-channel → load-balancing (hash of L2/L3/L4).
• Modes: passive/active (LACP) or desirable/auto (PAgP).
• Layer 2 or Layer 3 port-channels (SVI or routed port).

2.5 Rapid PVST+ (802.1w per-VLAN Spanning Tree)

• Roles: Root, Designated, Alternate, Backup, Disabled.
• States: Discarding, Learning, Forwarding.
• PortFast = edge port; skips listening-learning to cut convergence < 1 s.
• Root Guard & Loop Guard protect root integrity and unidirectional links.
• BPDU Guard/Filter shuts edge ports on BPDU receipt or suppresses BPDU.

2.6 Cisco Wireless Architectures & AP Modes

• Centralized (WLC) vs Mobility Express vs Embedded Wireless Controller (EWC) vs Meraki (cloud).
• AP Modes: Local, FlexConnect, Bridge/Mesh, Monitor, Sniffer.

2.7 Physical WLAN Infrastructure Connections

• AP ↔ WLC via CAPWAP (UDP 5246/5247) over Access/Trunk.
• LAG (Link Aggregation Group) for WLC redundancy.

2.8 Device Management Access

• Telnet (TCP 23), unencrypted; SSH v2 (TCP 22) is best practice.
• HTTP/HTTPS (80/443) → GUI, RESTCONF, swagger.
• Console/aux ports for out-of-band.
• AAA servers: TACACS+ (TCP 49, command accounting) & RADIUS (UDP 1812-13).
• Cloud managed (Meraki/DNAC) uses outbound TLS to controller.

2.9 WLAN GUI Operations

• Steps: create SSID, map to VLAN, select security (WPA2-PSK/802.1X), QoS profile (Voice), advanced (DTIM, RF profile).

3.0 IP Connectivity

• Largest weight at 25 %.

3.1 Routing Table Components

• Codes: C (connected), S (static), O (OSPF), D (EIGRP), B (BGP), etc.
• Prefix & Mask (network portion).
• Next-Hop IP (recursive lookup to exit interface).
• Administrative Distance (trustworthiness) – e.g., Connected 0, Static 1, O 110.
• Metric – cost, hop, bandwidth (protocol-specific).
• Gateway of Last Resort → default route (0.0.0.0/0).

3.2 Forwarding Decision Order

  1. Longest-prefix match (highest # bits).
  2. If equal → lowest Administrative Distance.
  3. If equal → lowest cumulative metric.

3.3 Static Routing (IPv4 & IPv6)

• Forms
• Default → ip route 0.0.0.0 0.0.0.0 Gig0/0.
• Network → ip route 10.1.0.0 255.255.0.0 192.0.2.1.
• Host → /32.
• Floating Static → higher AD (e.g., 200) for backup.
• IPv6 uses ipv6 route .

3.4 Single-Area OSPFv2

• Neighbor Adjacency: Hello (10 s) / Dead (40 s) on broadcast.
• Point-to-Point – no DR/BDR election.
• Broadcast – DR/BDR selected by \text{priority}\;\&\;\text{RID}.
• Router ID – highest IPv4 loopback; else highest active interface.
• LSA types 1 & 2 in area 0 (single area scenario).

3.5 First-Hop Redundancy Protocols (FHRP)

• HSRP (Cisco), VRRP (open), GLBP (load-balancing).
• Provide virtual default-gateway IP & MAC; avoid single-point failure on Layer-3 gateway in VLANs.

4.0 IP Services (10 %)

4.1 NAT (Inside Source Static & Pools)

• Static → one-to-one mapping; ip nat inside source static 10.0.0.10 203.0.113.10.
• Pool (PAT) → ip nat pool ISP-POOL 203.0.113.100 203.0.113.110 netmask 255.255.255.240.

4.2 NTP (Client/Server)

• Hierarchy: Stratum 0 (atomic), 1 (primary), 2+ (secondary).
• Command: ntp server 192.168.1.1 prefer; verify → show ntp status.

4.3 DHCP & DNS Roles

• DHCP automates IP addressing, option 3 default gw, option 150 TFTP.
• DNS resolves FQDN ↔ IP; uses UDP (& TCP) 53.

4.4 SNMP

• Versions: v1/v2c (community string), v3 (auth & privacy AES). Uses UDP 161/162.
• MIB = Management Information Base; OIDs identify objects.

4.5 Syslog Facilities & Severities

• Facilities (0-23) categorize (kern=0, local7=23).
• Severity 0 = Emergency … 7 = Debug.

4.6 DHCP Relay

• ip helper-address forwards UDP 67/68, 69, 53, 37, 49, 137-138 to centralized server.

4.7 QoS Per-Hop Behaviors

• Classification → NBAR, ACL.
• Marking → DSCP \in [0,63], CoS 0-7.
• Queuing/Scheduling → CBWFQ, LLQ.
• Policing vs Shaping (token bucket). EIR = CIR + Burst.

4.8 Remote Access via SSH

• crypto key generate rsa modulus 2048; ip ssh version 2.

4.9 TFTP / FTP Capabilities

• TFTP (UDP 69) lightweight file transfer (IOS images). No auth.
• FTP (TCP 20/21) supports auth, interactive.

5.0 Security Fundamentals (15 %)

5.1 Key Security Concepts

• Threat = potential danger; Vulnerability = weakness; Exploit = act of using weakness; Mitigation = control.

5.2 Security Program Elements

• User awareness training (phishing simulations), physical access (badges, locks, CCTV).

5.3 Device Access Control (Local Passwords)

• line con 0 → password cisco, login; enable secret sha512.

5.4 Password Policy Elements

• Complexity, expiry, history. Alternatives: MFA (TOTP), x.509 certificates, biometrics.

5.5 IPsec VPNs

• Remote-access (SSL/AnyConnect) vs Site-to-Site (crypto map, IKEv2). ESP protocol 50.

5.6 Access Control Lists

• Standard (#1–99) – source IP; Extended (#100–199) – L3/L4. Named ACLs for IPv6.
• Placement rule: standard close to destination, extended close to source.

5.7 Layer-2 Security Features

• DHCP Snooping → builds binding table; only trusted ports forward server replies.
• Dynamic ARP Inspection → validates ARP against snooping table.
• Port Security → restrict MAC count; violation: protect, restrict, shutdown.

5.8 AAA Concepts

• Authentication (who), Authorization (what commands), Accounting (logging).

5.9 Wireless Security Protocols

• WPA (TKIP) → superseded by WPA2 (AES-CCMP); WPA3 introduces SAE & 192-bit.

5.10 WLAN Config – WPA2 PSK via GUI

• Set security to WPA2 personal, define 8–63 char passphrase, enable AES, save & apply.

6.0 Automation & Programmability (10 %)

6.1 Automation Impact on Network Management

• Reduces manual CLI, increases consistency, enables CI/CD (Infrastructure as Code).

6.2 Traditional vs Controller-Based Networks

• Traditional: distributed control plane; configuration per-device.
• Controller-based: centralized policy, APIs; devices act as simple data-plane fabric nodes.

6.3 SDN Architecture

• Overlay (VXLAN/IPsec/GRE) atop underlay (IP routed core).
• Fabric: Edge, Control, Data roles (LISP, VXLAN-EVPN).
• Separation of Control/Data plane; Northbound (REST/GraphQL) → app integration; Southbound (NETCONF, gRPC, OpenFlow) → device config.

6.4 AI & ML in NetOps

• Predictive analytics: capacity, anomaly detection.
• Generative AI: chatbot‐style CLI, config suggestions.

6.5 REST-Based API Characteristics

• Auth types: Basic, Token, OAuth2, API keys.
• CRUD mapped to HTTP Verbs: POST = Create, GET = Read, PUT/PATCH = Update, DELETE = Delete.
• Data Encoding: JSON, XML, YAML; Content-Type: application/json.

6.6 Configuration Management Tools

• Ansible (agentless SSH/NETCONF), Terraform (declarative state, multi-provider, IaC).

6.7 JSON Components Recognition

• Objects {"key": value}, Arrays [1,2,3], data types (string, number, bool, null).
• Example: { "interface": "Gig0/1", "description": "Uplink" }.

These bullet-style notes include every blueprint topic, detailed explanations, examples, mathematical expressions, and contextual relevance needed to prepare comprehensively for Cisco’s CCNA 200-301 v1.1 exam.