CCNA Certification Study Guide Volume 2 E-Book

Table of Contents

Cover

Table of Contents

Title Page

Copyright

Acknowledgments

About the Authors

Introduction

Cisco’s Network Certifications

What Does This Book Cover?

Interactive Online Learning Environment and Test Bank

CCNA Exam Overview

How to Use This Book

Where Do You Take the Exam?

CCNA Certification Exam 200-301 v1.1 Objectives

How to Contact the Publisher

Assessment Test

Answers to Assessment Test

Chapter 1: Enhanced Switched Technologies

Spanning Tree Protocol (STP)

Types of Spanning-Tree Protocols

Modifying and Verifying the Bridge ID

Spanning-Tree Failure Consequences

PortFast and BPDU Guard

EtherChannel

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 2: Security with ACLs

Perimeter, Firewall, and Internal Routers

Introduction to Access Lists

Standard Access Lists

Extended Access Lists

Monitoring Access Lists

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 3: Internet Protocol Version 6 (IPv6)

Why Do We Need IPv6?

The Benefits and Uses of IPv6

IPv6 Addressing and Expressions

How IPv6 Works in an Internetwork

IPv6 Routing Protocols

Configuring IPv6 on Our Internetwork

Configuring Routing on Our Internetwork

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 4: Troubleshooting IP, IPv6, and VLANs

Troubleshooting IP Network Connectivity

Troubleshooting IPv6 Network Connectivity

Troubleshooting VLAN Connectivity

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 5: Network Address Translation (NAT)

When Do We Use NAT?

Types of Network Address Translation

NAT Names

How NAT Works

Testing and Troubleshooting NAT

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 6: IP Services

Exploring Connected Devices Using CDP and LLDP

Network Time Protocol (NTP)

Secure Shell (SSH)

Syslog

SNMP

NetFlow

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 7: Security Fundamentals

Network Security Threats

Three Primary Network Attacks

Network Attacks

Security Program Elements

Layer 2 Security Features

Authentication Methods

Managing User Accounts

Security Password Policy Elements

User-Authentication Methods

Setting Passwords

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 8: First-Hop Redundancy Protocol (FHRP)

Client Redundancy Issues

Introducing First-Hop Redundancy Protocol (FHRP)

Hot Standby Router Protocol (HSRP)

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 9: Quality of Service (QoS)

Quality of Service

Trust Boundary

QoS Mechanisms

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 10: Wireless Technologies

Wireless Networks

Basic Wireless Devices

Wireless Principles

Nonoverlapping Wi-Fi Channels

Radio Frequency

Wireless Security

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 11: Configuring Legacy Wireless Controllers

WLAN Deployment Models

Configuring the Network

Configuring Legacy WLCs

WLC Interface Types

AP Modes

AP and WLC Management Access Connections

Configuring WLANs

FlexConnect

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 12: Configuring Modern Wireless Controllers

Network Setup

9800 Controller Setup

Creating a WLAN

Verification

Cloud Management

Configuring a Meraki Stack

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 13: Virtualization, Containers, and VRFs

Virtualization Fundamentals

Virtualization Types

Virtualization Features

Container Fundamentals

Virtual Routing and Forwarding

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 14: Software-Defined Networking

Traditional Networking

Introduction to SDN

Controller-Based Architectures

SDN Network Components

Catalyst Center Overview

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 15: Automation, Data Formats, and REST APIs

Automation Overview

Data Formats

REST API

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 16: Configuration Management

Team Silos

DevOps

Infrastructure as Code (IaC)

YAML

Ansible

Ansible Tower/AWX

Terraform

Summary

Exam Essentials

Written Lab

Review Questions

Appendix A: Answers to the Written Labs

Chapter 1: Enhanced Switched Technologies

Chapter 2: Security with ACLs

Chapter 3: Internet Protocol Version 6 (IPv6)

Chapter 4: Troubleshooting IP, IPv6, and VLANs

Chapter 5: Network Address Translation (NAT)

Chapter 6: IP Services

Chapter 7: Security Fundamentals

Chapter 8: First-Hop Redundancy Protocol (FHRP)

Chapter 9: Quality of Service (QoS)

Chapter 10: Wireless Technologies

Chapter 11: Configuring Legacy Wireless Controllers

Chapter 12: Configuring Modern Wireless Controllers

Chapter 13: Virtualization, Containers, and VRFs

Chapter 14: Software-Defined Networking

Chapter 15: Automation, Data Formats, and REST APIs

Chapter 16: Configuration Management

Appendix B: Answers to the Review Questions

Chapter 1: Enhanced Switched Technologies

Chapter 2: Security with ACLs

Chapter 3: Internet Protocol Version 6 (IPv6)

Chapter 4: Troubleshooting IP, IPv6, and VLANs

Chapter 5: Network Address Translation (NAT)

Chapter 6: IP Services

Chapter 7: Security Fundamentals

Chapter 8: First-Hop Redundancy Protocol (FHRP)

Chapter 9: Quality of Service (QoS)

Chapter 10: Wireless Technologies

Chapter 11: Configuring Legacy Wireless Controllers

Chapter 12: Configuring Modern Wireless Controllers

Chapter 13: Virtualization, Containers, and VRFs

Chapter 14: Software-Defined Networking

Chapter 15: Automation, Data Formats, and REST APIs

Chapter 16: Configuration Management

Index

Online Test Bank

End User License Agreement

List of Tables

Chapter 1

TABLE 1.1 IEEE STP link costs

Chapter 2

TABLE 2.1 Commands used to verify access-list configuration

Chapter 3

TABLE 3.1 Special IPv6 addresses

TABLE 3.2 ICMPv6 types

Chapter 5

TABLE 5.1 Advantages and disadvantages of implementing NAT

TABLE 5.2 NAT terms

Chapter 6

TABLE 6.1 Output of the

show cdp neighbors

command

TABLE 6.2 Severity levels

Chapter 8

TABLE 8.1 HSRP states

Chapter 10

TABLE 10.1 WPA, WPA2, and WPA3 Compared

Chapter 15

TABLE 15.1 REST actions

TABLE 15.2 HTTP status codes

List of Illustrations

Introduction

FIGURE I.1 The Cisco certification path

Chapter 1

FIGURE 1.1 A switched network with switching loops

FIGURE 1.2 A switched network with STP

FIGURE 1.3 STP operations

FIGURE 1.4 STP operations

FIGURE 1.5 STP operations

FIGURE 1.6 STP operations

FIGURE 1.7 Common STP example

FIGURE 1.8 PVST+ provides efficient root bridge selection.

FIGURE 1.9 PVST+ unique bridge ID

FIGURE 1.10 RSTP example 1

FIGURE 1.11 RSTP example 1 answer

FIGURE 1.12 RSTP example 2

FIGURE 1.13 RSTP example 2, answer 1

FIGURE 1.14 RSTP example 2, answer 2

FIGURE 1.15 Our simple three-switch network

FIGURE 1.16 STP stopping loops

FIGURE 1.17 STP failure

FIGURE 1.18 PortFast

FIGURE 1.19 Before and after port channels

FIGURE 1.20 EtherChannel example

Chapter 2

FIGURE 2.1 A typical secured network

FIGURE 2.2 IP access list example with three LANs and a WAN connection

FIGURE 2.3 IP standard access list example 2

FIGURE 2.4 IP standard access list example 3

FIGURE 2.5 Extended ACL example 1

FIGURE 2.6 Extended ACL example 3

Chapter 3

FIGURE 3.1 IPv6 address example

FIGURE 3.2 IPv6 global unicast addresses

FIGURE 3.3 IPv6 link local FE80::/10: The first 10 bits define the address t...

FIGURE 3.4 EUI-64 interface ID assignment

FIGURE 3.5 Two steps to IPv6 autoconfiguration

FIGURE 3.6 IPv6 autoconfiguration example

FIGURE 3.7 IPv6 header

FIGURE 3.8 ICMPv6

FIGURE 3.9 Router solicitation (RS) and router advertisement (RA)

FIGURE 3.10 Neighbor solicitation (NS) and neighbor advertisement (NA)

FIGURE 3.11 Duplicate address detection (DAD)

FIGURE 3.12 IPv6 static and default routing

FIGURE 3.13 Our internetwork

Chapter 4

FIGURE 4.1 Troubleshooting scenario

FIGURE 4.2 IPv6 troubleshooting scenario

FIGURE 4.3 Router solicitation (RS) and router advertisement (RA)

FIGURE 4.4 Neighbor solicitation (NS) and neighbor advertisement (NA)

FIGURE 4.5 VLAN connectivity

Chapter 5

FIGURE 5.1 Where to configure NAT

FIGURE 5.2 Basic NAT translation

FIGURE 5.3 NAT overloading example (PAT)

FIGURE 5.4 NAT example

FIGURE 5.5 Another NAT example

FIGURE 5.6 Last NAT example

Chapter 6

FIGURE 6.1 Cisco Discovery Protocol

FIGURE 6.2 Documenting a network topology using CDP

FIGURE 6.3 Network topology documented

FIGURE 6.4 Synchronizing time information

FIGURE 6.5 Messages sent to a syslog server

FIGURE 6.6 SNMP GET and TRAP messages

FIGURE 6.7 Cisco’s MIB OIDs

FIGURE 6.8 Flexible NetFlow output

Chapter 7

FIGURE 7.1 Aerial view of a mantrap

FIGURE 7.2 Mitigating threats at the Access layer

FIGURE 7.3 DHCP snooping

FIGURE 7.4 Identity-based networking

FIGURE 7.5 RSA token card

FIGURE 7.6 External authentication options

FIGURE 7.7 The certificate authority process

FIGURE 7.8 PKI encryption process in action

FIGURE 7.9 The Kerberos authentication process

Chapter 8

FIGURE 8.1 Default gateway

FIGURE 8.2 Proxy ARP

FIGURE 8.3 FHRPs use a virtual router with a virtual IP address and virtual ...

FIGURE 8.4 HSRP active and standby routers

FIGURE 8.5 Example of HSRP active and standby routers swapping interfaces

FIGURE 8.6 HSRP Hellos

FIGURE 8.7 Interface tracking setup

FIGURE 8.8 HSRP configuration and verification

FIGURE 8.9 HSRP load balancing per VLAN

Chapter 9

FIGURE 9.1 Traffic characteristics

FIGURE 9.2 Trust boundary

FIGURE 9.3 Policing and Shaping rate limiters

FIGURE 9.4 Congestion management

FIGURE 9.5 Modern queuing mechanisms

FIGURE 9.6 Queuing mechanisms

FIGURE 9.7 Congestion avoidance

Chapter 10

FIGURE 10.1 Wireless LANs are an extension of our existing LANs.

FIGURE 10.2 Today’s wireless networks

FIGURE 10.3 A wireless access point

FIGURE 10.4 Wireless NIC

FIGURE 10.5 A wireless network in ad hoc mode

FIGURE 10.6 Basic service set/basic service area

FIGURE 10.7 A network with MBSSIDs configured on an AP

FIGURE 10.8 Extended service set (ESS)

FIGURE 10.9 An AP repeater network

FIGURE 10.10 Typical bridge scenarios

FIGURE 10.11 A repeater AP bridge configured as a nonroot bridge

FIGURE 10.12 Typical large mesh outdoor environment

FIGURE 10.13 2.4 GHz band 22 MHz wide channels

FIGURE 10.14 5 GHz band 20 MHz wide channels

FIGURE 10.15 Channel overlap in the 2.4 GHz range

FIGURE 10.16 Channel overlap in the 5 GHz band

FIGURE 10.17 RF spectrum

FIGURE 10.18 Frequency

FIGURE 10.19 Amplitude

FIGURE 10.20 Free space path loss

FIGURE 10.21 Absorption

FIGURE 10.22 Reflection

FIGURE 10.23 Multipath

FIGURE 10.24 Refraction

FIGURE 10.25 Diffraction

FIGURE 10.26 Scattering

FIGURE 10.27 Line of sight

FIGURE 10.28 Fresnel zone

FIGURE 10.29 SNR

FIGURE 10.30 Open access process

FIGURE 10.31 Open access process

Chapter 11

FIGURE 11.1 A standalone access point

FIGURE 11.2 A lightweight AP

FIGURE 11.3 Meraki Cloud model

FIGURE 11.4 Meraki SSIDs

FIGURE 11.5 WLC topology

FIGURE 11.6 Cisco WLC

FIGURE 11.7 DNS record

FIGURE 11.8 Serial port settings

FIGURE 11.9 WLC Add Route

FIGURE 11.10 Distribution system ports

FIGURE 11.11 WLC interfaces

FIGURE 11.12 WLC management interface

FIGURE 11.13 WLC service port interface

FIGURE 11.14 WLC redundancy management interface

FIGURE 11.15 WLC virtual interface

FIGURE 11.16 WLC dynamic interface

FIGURE 11.17 WLC dynamic interface configuration

FIGURE 11.18 WLC interface groups

FIGURE 11.19 WLC interface group configuration

FIGURE 11.20 WLC LAN aggregation group

FIGURE 11.21 WLC reboot

FIGURE 11.22 WLC AP configuration screen

FIGURE 11.23 WLC AP IP addressing

FIGURE 11.24 WLC AP DNS configuration

FIGURE 11.25 WLC high availability

FIGURE 11.26 WLC finished AP configuration

FIGURE 11.27 WLC radio sniffer

FIGURE 11.28 Cisco Spectrum Expert

FIGURE 11.29 Metageek’s Chanalyzer

FIGURE 11.30 Bridge mode

FIGURE 11.31 FlexConnect layout

FIGURE 11.32 WLC CDP configuration

FIGURE 11.33 WLC CDP verification

FIGURE 11.34 Show CDP neighbors

FIGURE 11.35 WLC Telnet configuration

FIGURE 11.36 WLC SSH configuration

FIGURE 11.37 WLC HTTP configuration

FIGURE 11.38 WLC HTTPS configuration

FIGURE 11.39 WLC RADIUS configuration

FIGURE 11.40 WLC second RADIUS configuration

FIGURE 11.41 RADIUS configuration summary

FIGURE 11.42 WLC RADIUS accounting configuration

FIGURE 11.43 WLC RADIUS accounting summary

FIGURE 11.44 WLC TACACS+ configuration

FIGURE 11.45 WLC TACACS+ summary

FIGURE 11.46 WLC TACACS+ accounting configuration

FIGURE 11.47 WLC TACACS+ Accounting Summary

FIGURE 11.48 WLC authentication order

FIGURE 11.49 WLC WLAN creation

FIGURE 11.50 WLC WLAN configuration

FIGURE 11.51 WLC WLAN General tab

FIGURE 11.52 WLC WLAN Security tab

FIGURE 11.53 WLC WLAN PSK configuration

FIGURE 11.54 WLC WLAN AAA Servers tab

FIGURE 11.55 WLC WLAN QoS tab

FIGURE 11.56 WLC WLAN Advanced tab

FIGURE 11.57 Connect a client to the WLAN

FIGURE 11.58 WLAN client configuration

FIGURE 11.59 WLAN client verification

FIGURE 11.60 FlexConnect topology

FIGURE 11.61 FlexConnect AP configuration

FIGURE 11.62 WLAN creation

FIGURE 11.63 WLAN advanced settings

FIGURE 11.64 FlexConnect group configuration

FIGURE 11.65 FlexConnect group—General

FIGURE 11.66 FlexConnect group—APs

FIGURE 11.67 FlexConnect group—VLAN Support

FIGURE 11.68 FlexConnect group—VLAN Mapping

FIGURE 11.69 Connecting to the WLAN

FIGURE 11.70 Client dashboard

Chapter 12

FIGURE 12.1 Lab topology

FIGURE 12.2 Cisco 9800 setup wizard

FIGURE 12.3 Cisco 9800 setup wizard—WLAN

FIGURE 12.4 Cisco 9800 setup wizard—Advanced Settings

FIGURE 12.5 Cisco 9800 setup wizard—Summary

FIGURE 12.6 Port channel

FIGURE 12.7 Port channel—options

FIGURE 12.8 WLAN advanced workflow

FIGURE 12.9 WLAN basic workflow

FIGURE 12.10 Add WLAN shortcut

FIGURE 12.11 Add WLAN profile—General

FIGURE 12.12 Add WLAN profile—Security

FIGURE 12.13 Add WLAN profile—Security—PSK

FIGURE 12.14 Add WLAN profile—Advanced

FIGURE 12.15 Add WLAN—policy

FIGURE 12.16 Add WLAN—AP Provisioning

FIGURE 12.17 AP configuration

FIGURE 12.18 Test PC Connection

FIGURE 12.19 Client details

FIGURE 12.20 Claiming Meraki devices

FIGURE 12.21 Meraki Topology

FIGURE 12.22 Meraki upgrade

FIGURE 12.23 Meraki lab topology

FIGURE 12.24 Meraki firewall subnet configuration

FIGURE 12.25 Meraki firewall interface configuration

FIGURE 12.26 Meraki switch interface summary

FIGURE 12.27 Meraki switch interface configuration

FIGURE 12.28 Meraki switch multiple interface configuration

FIGURE 12.29 Meraki wireless VLAN ID

FIGURE 12.30 Meraki AP status

FIGURE 12.31 Meraki wireless configuration—SSID

FIGURE 12.32 Meraki wireless configuration—Security

FIGURE 12.33 Meraki wireless configuration—WPA

FIGURE 12.34 Meraki wireless configuration—VLAN tag

FIGURE 12.35 Desktop connection

FIGURE 12.36 Meraki client details

Chapter 13

FIGURE 13.1 Five servers and counting

FIGURE 13.2 Physical to virtual comparison

FIGURE 13.3 Virtualized solution

FIGURE 13.4 Wasted OS resources

FIGURE 13.5 VM versus container

FIGURE 13.6 Docker Hub

FIGURE 13.7 Without VRF example

FIGURE 13.8 With VRF example

Chapter 14

FIGURE 14.1 IOS-XE web interface

FIGURE 14.2 Forwarding traffic flow

FIGURE 14.3 Forwarding table

FIGURE 14.4 Full topology

FIGURE 14.5 SDN architecture

FIGURE 14.6 OpenDaylight topology

FIGURE 14.7 Switch control plane

FIGURE 14.8 SDN control plane

FIGURE 14.9 Campus fabric

FIGURE 14.10 CLOS topology

FIGURE 14.11 Underlay topology

FIGURE 14.12 DMVPN topology

FIGURE 14.13 Discovery app

FIGURE 14.14 Network Hierarchy app

FIGURE 14.15 Network settings

FIGURE 14.16 Wireless settings

FIGURE 14.17 Apache Velocity template

FIGURE 14.18 Topology map

FIGURE 14.19 Command Runner

FIGURE 14.20 Catalyst network health

FIGURE 14.21 Catalyst wireless clients

FIGURE 14.22 Catalyst Path Trace

FIGURE 14.23 Catalyst QoS policy

FIGURE 14.24 Catalyst Service provider profiles

FIGURE 14.25 Catalyst LAN Automation

FIGURE 14.26 DNA Center Restful API

Chapter 15

FIGURE 15.1 If/Then logic

FIGURE 15.2 Offbox automation

FIGURE 15.3 Meraki API reference

FIGURE 15.4 Catalyst Center URI

FIGURE 15.5 Catalyst Center Authentication API

FIGURE 15.6 Postman example

FIGURE 15.7 DNA Center Network Device API

FIGURE 15.8 Postman network devices

FIGURE 15.9 Postman filtering network devices

Chapter 16

FIGURE 16.1 IT generalist

FIGURE 16.2 Silo network team

FIGURE 16.3 Silo systems team

FIGURE 16.4 Silo security team

FIGURE 16.5 Network services

FIGURE 16.6 Silo development team

FIGURE 16.7 DevOps team

FIGURE 16.8 Ansible components

FIGURE 16.9 Ansible topology

FIGURE 16.10 Terraform providers

Guide

Cover

Table of Contents

Title Page

Copyright

Acknowledgments

About the Author

Introduction

Begin Reading

Appendix A Answers to the Written Labs

Appendix B Answers to the Review Questions

Index

Online Test Bank

End User License Agreement

Pages

iii

iv

v

vii

viii

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

xl

xli

xlii

xliii

xliv

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

644

645

CCNA®CertificationStudy GuideVolume 2Exam 200-301v1.1

Second Edition

Copyright © 2025 by John Wiley & Sons, Inc. All rights, including for text and data mining, AI training, and similar technologies, are reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.Published simultaneously in Canada and the United Kingdom.

ISBNs: 9781394302154 (paperback), 9781394302178 (ePDF), 9781394302161 (ePub)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: WILEY, the Wiley logo, and Sybex are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CCNA is a registered trademark of Cisco Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and authors have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572- 3993. For product technical support, you can find answers to frequently asked questions or reach us via live chat at https://sybexsupport.wiley.com.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2024948041

Cover image: © Jeremy Woodhouse/Getty ImagesCover design: Wiley

Acknowledgments

There were many people who helped us build the new CCNA books in 2024 and 2025. First, Kenyon Brown helped me put together the book direction and managed the internal editing at Wiley, so thank you, Ken, for working diligently for many months to keep these books moving along.

Thanks also to Kim Wimpsett, my most excellent and highly dependable developmental editor at Wiley for well over a decade. She always does an excellent job, and I refuse to work on a book without her now!

We’d also like to thank John Sleeva and Tiffany Tayler for their hard work and edits in books one and two, respectively. They really helped us create fine-tuned books.

In this book, I enjoyed collaborating with Donald Robb from Canada. He played a crucial role in crafting the new table of contents and was instrumental in writing, editing, and thoroughly addressing the latest exam topics across various chapters. His expertise is unparalleled, and he worked tirelessly alongside me daily to bring this book to life. I’m confident you’ll appreciate his contributions as much as I do. You can connect with Donald through his well-known blog at https://the-packet-thrower.com. He also serves as a leading moderator and contributor on Reddit: https://www.reddit.com/r/ccna.

About the Authors

Todd Lammle is widely regarded as one of the foremost authorities on Cisco certification and internetworking, holding certifications across nearly every Cisco certification category. With a career spanning over three decades, Todd has established himself as a globally recognized author, speaker, trainer, and consultant. His expertise extends across a broad range of technologies, including LANs, WANs, and large-scale enterprise wireless networks, both licensed and unlicensed. In recent years, he has specialized in implementing extensive Cisco security networks, particularly utilizing Firepower/FTD and ISE.

What sets Todd apart is his deep, hands-on experience, which is evident in his writing and training materials. He’s not just an author; he’s a seasoned networking engineer with practical knowledge gained from working on some of the largest and most complex networks in the world. His experience includes significant contributions to companies such as Xerox, Hughes Aircraft, Texaco, AAA, Cisco, and Toshiba, among many others. This real-world experience allows Todd to bring a unique, practical perspective to his work, making his books and training sessions invaluable resources for IT professionals at all levels.

Todd has authored more than 120 books, solidifying his reputation as a leading voice in the industry. Some of his most popular titles include the CCNA: Cisco Certified Network Associate Study Guide, CCNA Wireless Study Guide, CCNA Data Center Study Guide, CCNP SNCF (Firepower), and CCNP Security. All of these works are published by Sybex, a respected name in technical publishing.

In addition to his writing and speaking engagements, Todd runs an international consulting and training company based in Idaho. His company provides expert guidance and training to organizations around the world, helping them to navigate the complexities of modern networking technologies. Despite his busy professional life, Todd still finds time to enjoy the natural beauty of Idaho, often spending his free time at the lake in the mountains, where he enjoys the outdoors with his beloved golden retrievers.

For those looking to dive deeper into Todd Lammle’s work, you can find his extensive range of books at https://www.lammle.com/order-our-books. Additionally, Todd is accessible to his readers and clients through his website at www.lammle.com, where you can find more resources, updates, and ways to connect with him directly.

Donald Robb, widely recognized online as the-packet-thrower, brings over two decades of experience in the IT industry. His career has spanned a diverse array of roles, beginning with help desk support and evolving into a position as one of the most respected consultants in the field. Donald has honed expert-level skills across various IT domains, including networking, security, collaboration, data center management, wireless technologies, and service providers. His depth of knowledge and technical expertise have made him a sought-after professional in the industry.

Currently, Donald is a principal network architect for Walt Disney Studios. In this role, he serves as a subject matter expert on various technologies, playing a critical role in shaping the company’s network architecture and ensuring its reliability and performance. His work involves leading the design and implementation of complex networks and guiding teams and stakeholders through the technical intricacies of modern IT infrastructures.

Over the years, Donald has collaborated with major industry vendors and smaller, specialized companies, earning many advanced certifications along the way. His achievements include becoming a double JNCIE and obtaining most of Cisco’s professional-level certifications, demonstrating his deep technical proficiency and commitment to continuous learning. His expertise has also been recognized through his selection as a Cisco Champion for four consecutive years, an honor awarded to top influencers in the networking community.

In addition to his hands-on work in the field, Donald has made significant contributions to IT education. He has had the privilege of working alongside Todd Lammle, a legendary figure in the IT world, co-authoring several books and developing courses that have helped countless professionals advance their careers. Through his extensive experience, certifications, and educational efforts, Donald Robb has solidified his reputation as a leading authority in the IT industry.

Introduction

Welcome to the exciting world of Cisco certification! If you’ve picked up this book because you want to improve yourself and your life with a better, more satisfying, and secure job, you’ve done the right thing. Whether your plan is to enter the thriving, dynamic IT sector or to enhance your skill set and advance your position within it, being Cisco certified can seriously stack the odds in your favor to help you attain your goals.

Cisco certifications are powerful instruments of success that also just happen to improve your grasp of all things internetworking. As you progress through this book, you’ll gain a complete understanding of networking that reaches far beyond Cisco devices. By the end of this book, you’ll comprehensively know how disparate network topologies and technologies work together to form the fully operational networks that are vital to today’s very way of life in the developed world. The knowledge and expertise you’ll gain here are essential for and relevant to every networking job. It’s why Cisco certifications are in such high demand—even at companies with few Cisco devices!

For up-to-the-minute updates covering additions or modifications to the Cisco certification exams, as well as additional study tools, review questions, videos, and bonus materials, be sure to visit the Todd Lammle website and forum at www.lammle.com/ccna.

Cisco’s Network Certifications

Way back in 1998, obtaining the Cisco Certified Network Associate (CCNA) certification was the first pitch in the Cisco certification climb. It was also the official prerequisite to each of the more advanced levels. But that changed in 2007, when Cisco announced the Cisco Certified Entry Network Technician (CCENT) certification. Then again, in May 2016, Cisco announced new updates to the CCENT and CCNA Routing and Switching (R/S) tests. Today, things have changed dramatically again.

In July 2019, Cisco switched up the certification process more than it has in the last 20 years! Cisco announced all new certifications that started in February 2020, and then again, an update and revision in the summer of 2024, which is probably why you’re reading this book!

So what’s changed? For starters, the CCENT course and exam (ICND1 and ICND2) no longer exist, nor do the terms Routing & Switching (rebranded to Enterprise). On top of that, the CCNA is no longer a prerequisite for any of the higher certifications at all, meaning that you’ll be able to jump straight to CCNP without having to take the new CCNA exam if you have already achieved the CCNA or have enough background to skip the CCNA.

The new Cisco certification process will look like Figure I.1.

FIGURE I.1 The Cisco certification path

First, the CCST entry-level certification was added, and you can find the Wiley study guide for the CCST Network book authored by Todd Lammle and Donald Robb as well as this study guide at https://www.lammle.com/order-our-books.

If you have an entry-level network background, you will want to head directly to CCNA, using this book and the abundant resources on www.lammle.com/ccna, of course!

The Todd Lammle CCNA program, starting with this book, is a powerful tool to get you started in your CCNA studies, and it’s vital to understand that material found in this book and at www.lammle.com/ccna before you go on to conquer any other certifications!

What Does This Book Cover?

This second book in the CCNA series covers everything you need to know to pass the new CCNA 200-301 v1.1 exam and starts right where the first book in the series left off.

But regardless of which Cisco Certification path you choose, as I’ve said, taking plenty of time to study and practice with routers or a router simulator is the real key to success.

You will learn the following information in this book:

Chapter 1

: Enhanced Switched Technologies

 This chapter will start off with STP protocols and dive into the fundamentals, covering the modes as well as the various flavors of STP. VLANs, trunks, and troubleshooting are covered as well. Finally, PortFast will also be discussed.

Chapter 2

: Security with ACLs

 This chapter covers security and access lists, which are created on routers to filter the network. IP standard, extended, and named access lists are covered in detail. Written and hands-on labs, along with review questions, will help you study for the security and access-list portion of the Cisco exams.

Chapter 3

: Internet Protocol Version 6 (IPv6)

 This is a fun chapter chock-full of some great information. IPv6 is not the big, bad scary creature that most people think it is, and it’s a really important objective on the latest exam, so study this chapter carefully—don’t just skim it.

Chapter 4

: Troubleshooting IP, IPv6, and VLANs

 This chapter will cover detailed troubleshooting, and because this is such a major focus of the Cisco CCNA objectives I’d be letting you down if I didn’t make sure you’ve got this important topic down. So to ensure that your skills are solid, we’re going to begin by diving deep into troubleshooting with IP, IPv6, and now. You absolutely must also have the fundamentals of IP and IPv6 routing and knowledge of VLANs and trunking nailed down tight if you’re going to win at this.

Chapter 5

: Network Address Translation (NAT)

 In this chapter, we’re going to dig into Network Address Translation (NAT), Dynamic NAT, and Port Address Translation (PAT), also known as NAT Overload. Of course, I’ll demonstrate all the NAT commands.

Chapter 6

: IP Services

 This chapter covers how to find neighbor device information using the proprietary Cisco Discovery Protocol (CDP) and the industry-standard Link Layer Discovery Protocol (LLDP). I’ll also discuss how to make sure our times are synchronized with our devices using Network Time Protocol (NTP). After that, I’ll show you the Simple Network Management Protocol (SNMP) and the type of alerts sent to the network management station (NMS). You’ll learn about the oh-so-important syslog logging and configuration, and then, finally, I’ll cover how to configure Secure Shell (SSH).

Chapter 7

: Security Fundamentals

 This chapter will help you to define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques) as well as describe security program elements (user awareness, training, and physical access control). We’ll also cover authentication, authorization and accounting, and password policies.

Chapter 8

: First Hop Redundancy Protocol (HSRP)

 This chapter will start off by telling you the reasons why we need a layer 3 redundancy protocol and then move into how to build redundancy and load-balancing features into your network elegantly with routers that you might even have already. You really don’t need to buy some overpriced load-balancing device when you know how to configure and use Hot Standby Router Protocol (HSRP).

Chapter 9

: Quality of Service (QoS)

Quality of service (QoS)

refers to the way resources are controlled so that the quality of services is maintained. In this chapter I’m going to cover how QoS solves problems by using classification and marking tools, policing, shaping and re-marking, providing congestion management and scheduling tools, and finally, link-specific tools.

Chapter 10

: Wireless Technologies

 Because I know you’ve crushed all of the previous chapters, you’re ready to dive into this one! If that’s not exactly you, just know that the two chapters on switching provide a really nice review on switching and VLANs. So, let’s start this chapter by defining a basic wireless network as well as basic wireless principles. We’ll talk about different types of wireless networks, the minimum devices required to create a simple wireless network, and some basic wireless topologies as well. After that, I’ll get into basic security by covering WPA, WPA2, and WPA3.

Chapter 11

: Configuring Legacy Wireless Controllers

 After

Chapter 10

you now know how wireless works, so now we’re going to guide you through configuring a wireless network from beginning to end. We’ll start by telling you all about how to get a Cisco Wireless LAN Controller up and running before showing you how to join access points to our new WLC. We’ll also dig deep into how to configure the WLC to support wireless networks. By the end of this chapter, you’ll triumph by having an actual endpoint join your wireless LAN!

Chapter 12

: Configuring Modern Wireless Controllers

 This chapter walks you through setting up a virtual Cisco 9800 controller and using port channels. Then, we will create a simple WPA2 WLAN using PSK, just as we did with the WLC. Then, we will join our new wireless network with my test PC to confirm everything works as advertised! Finally, we will finish up the chapter by exploring how to work with cloud-managed access points.

Chapter 13

: Virtualization, Containers, and VRFs

 In this chapter, we’ll begin to address modern challenges by introducing you to virtualization basics. We’ll then walk you through its common components and features to close the topic by comparing some of the virtualization products on the market as of this writing. After that, we’ll explore important automation concepts and components to provide you with sure footing to jump into the SDN and configuration management chapters following this one.

Chapter 14

: Software-Defined Networking (SDN)

 Automation has gotten popular enough to be included on the CCNA exam—it even has its own DevNet certification track! Even so, most companies still aren’t keen on fully managing their network with a bunch of Python scripts on a shared drive. So a better solution is to go with something called a software-defined networking (SDN) controller to centrally manage and monitor the network instead of doing everything manually, and that is what this chapter is all about!

Chapter 15

: Automation and REST APIs

 When preparing for the CCNA, manually configuring everything while practicing the topics in this book is a great way to gain hands-on experience and become proficient with IOS commands. However, by the time you’re nearing the exam, you might find that repeating basic configurations, like adding VLANs over and over, becomes tedious. This is why automation is gaining traction in the workplace—it helps prevent these errors and saves time by reducing the need for repetitive tasks. In this chapter, we’ll introduce the concept of automation and explore REST APIs, which are the preferred method for automating network devices today.

Chapter 16

: Configuration Management

 In this chapter we’re going to take things to a whole new level, diving deeper into configuration management tools like Ansible, Puppet, and Terraform. These great features make it possible to automate almost everything in your infrastructure!

Appendix A: Answers to the Written Labs

 This appendix provides the answers to the end-of-chapter written lab.

Appendix B: Answers to the Review Questions

 This appendix provides the answers to the end-of-chapter review questions.

Interactive Online Learning Environment and Test Bank

The interactive online learning environment that accompanies the CCNA Certification Study Guide: Exam 200-301 v1.1 provides a test bank with study tools to help you prepare for the certification exams and increase your chances of passing them the first time! The test bank includes the following elements:

Sample tests

 All of the questions in this book are provided, including the assessment test, which you’ll find at the end of this introduction, and the review questions at the end of each chapter. In addition, you’ll find a practice exam for each book in the series. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.

Electronic flashcards

 The flashcards are included for quick reference and are great tools for learning quick facts. You can even consider these additional simple practice questions, which is essentially what they are.

PDF of glossary of terms

 There is a glossary included that covers the key terms used in this book.

The Sybex Interactive Online Test Bank, flashcards, and glossary can be accessed at http://www.wiley.com/go/Sybextestprep.

Todd Lammle Bonus Material and Labs

 Be sure to check

www.lammle.com/ccna

for directions on how to download all the latest bonus materials created specifically to help you study for your CCNA exam.

Todd Lammle Videos

 I have created a full CCNA series of videos that can be purchased at

www.lammle.com/ccna

.

Like all exams, the CCNA certification from Cisco is updated periodically and may eventually be retired or replaced. At some point after Cisco is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam’s online Sybex tools will be available once the exam is no longer available.

CCNA Exam Overview

Cisco has designed the new CCNA program to prepare you for today’s associate-level job roles in IT technologies. The CCNA 200-301 v1.1 exam now includes security and automation and programmability, and there is even a new CCNA DevNet certification. The new CCNA program has one certification that covers a broad range of fundamentals for IT careers.

The new CCNA certification covers a huge amount of topics, including

Network fundamentals

Network access

IP connectivity

IP services

Security fundamentals

Wireless

Automation and programmability

Are There Any Prerequisites for Taking the CCNA Exam?

Not really, but having experience is really helpful. Cisco has no formal prerequisites for CCNA certification, but you should have an understanding of the exam topics before taking the exam.

CCNA candidates often also have

One or more years of experience implementing and administering Cisco solutions

Knowledge of basic IP addressing

A good understanding of network fundamentals

How to Use This Book

If you want a solid foundation for the serious effort of preparing for the new CCNA exam, then look no further. I’ve spent hundreds of hours putting together this book with the sole intention of helping you to pass the Cisco exams as well as really learning how to correctly configure Cisco routers and switches!

This book is loaded with valuable information, and you will get the most out of your study time if you understand the way in which this book is organized.

So to maximize your benefit from this book, I recommend the following study method:

Take the assessment test that’s provided at the end of this introduction. (The answers are at the end of the test.) It’s okay if you don’t know any of the answers; that’s why you bought this book! Carefully read over the explanations for any questions you get wrong and note the chapters in which the relevant material is covered. This information should help you plan your study strategy.

Study each chapter carefully, making sure you fully understand the information and the test objectives listed at the beginning of each one. Pay extra-close attention to any chapter that includes material covered in questions you missed.

Answer all of the questions related to each chapter. (The answers appear in

Appendix A

and

Appendix B

.) Note the questions that confuse you and study the topics they cover again until the concepts are crystal clear. And again—do not just skim these questions! Make sure you fully comprehend the reason for each correct answer. Remember, these will not be the exact questions you will find on the exam, but they’re written to help you understand the chapter material and ultimately pass the exam!

Try your hand at the practice questions that are exclusive to this book. The questions can be found only at

http://www.wiley.com/go/sybextestprep

. Don’t forget to check out

www.lammle.com/ccna

for the most up-to-date Cisco exam prep questions, videos, hands-on labs, and Todd Lammle boot camps.

Test yourself using all the flashcards, which are also found on the download link listed in the Sybex downloads. These are brand-new and updated flashcards to help you prepare for the CCNA exam and a wonderful study tool!

To learn every bit of the material covered in this book, you’ll have to apply yourself regularly and with discipline. Try to set aside the same time period every day to study, and select a comfortable and quiet place to do so. I’m confident that if you work hard, you’ll be surprised at how quickly you learn this material!

If you follow these steps and really study—doing hands-on labs every single day in addition to using the review questions, the practice exams, the Todd Lammle video sections, and the electronic flashcards, as well as all the written labs—it would actually be hard to fail the Cisco exams. But understand that studying for the Cisco exams is a lot like getting in shape—if you do not go to the gym every day, it’s not going to happen!

Where Do You Take the Exam?

You may take the CCNA Composite or any Cisco exam at any of the Pearson VUE authorized testing centers. For information, check www.vue.com or call 877-404-EXAM (3926).

To register for a Cisco exam, follow these steps:

Determine the number of the exam you want to take. (The CCNA exam number is 200-301.)

Register with the nearest Pearson VUE testing center. At this point, you will be asked to pay for the exam in advance. You can schedule exams up to six weeks in advance or as late as the day you want to take them—but if you fail a Cisco exam, you must wait five days before you will be allowed to retake it. If something comes up and you need to cancel or reschedule your exam appointment, contact Pearson VUE at least 24 hours in advance.

When you schedule the exam, you’ll get instructions regarding all appointment and cancellation procedures, the ID requirements, and information about the testing center location.

Tips for Taking Your Cisco Exams

The Cisco exams contain about 50 or more questions and must be completed in about 90 minutes or so. It’s hard to write this information down today because it changes so often. You must get a score of about 85 percent to pass this exam, but again, each exam can be different.

Many questions on the exam have answer choices that at first glance look identical—especially the syntax questions! So remember to read through the choices carefully because close just doesn’t cut it. If you get commands in the wrong order or forget one measly character, you’ll get the question wrong. So, to practice, do the hands-on exercises at the end of this book’s chapters over and over again until they feel natural to you.

Also, never forget that the right answer is the Cisco answer. In many cases, more than one appropriate answer is presented, but the correct answer is the one that Cisco recommends. On the exam, you will always be told to pick one, two, or three options, never “choose all that apply.” The Cisco exam may include the following test formats:

Multiple-choice single answer

Multiple-choice multiple answer

Drag-and-drop

Router simulations

Cisco proctored exams will not show the steps to follow in completing a router interface configuration, but they do allow partial command responses. For example, show run, sho running, or sh running-config would be acceptable.

Here are some general tips for exam success:

Arrive early at the exam center so you can relax and review your study materials.

Read the questions

carefully

. Don’t jump to conclusions. Make sure you’re clear about

exactly

what each question asks. “Read twice, answer once,” is what I always tell my students.

When answering multiple-choice questions that you’re not sure about, use the process of elimination to get rid of the obviously incorrect answers first. Doing this greatly improves your odds if you need to make an educated guess.

You can no longer move forward and backward through the Cisco exams, so double-check your answer before clicking Next because you can’t change your mind.

After you complete an exam, you’ll get an immediate, online notification of your pass or fail status, a printed examination score report that indicates your pass or fail status, and your exam results by section. (The test administrator will give you the printed score report.)

Test scores are automatically forwarded to Cisco within five working days after you take the test, so you don’t need to send your score to the company. If you pass the exam, you’ll receive confirmation from Cisco, typically within two to four weeks, sometimes a bit longer.

CCNA Certification Exam 200-301 v1.1 Objectives

The following table shows where each objective is covered in this book series:

Objective

Book, Chapter

1.0 Network Fundamentals

Volume 1, Chapters 1/3/4/12/14

Volume 2, Chapters 3/4/10/13/14

1.1 Explain the role and function of network components

Volume 1,

Chapter 1

1.1.a Routers

Volume 1,

Chapter 1

1.1.b Layer 2 and Layer 3 switches

Volume 1,

Chapter 1

1.1.c Next-generation firewalls and IPS

Volume 1,

Chapter 1

1.1.d Access points

Volume 2,

Chapter 10

1.1.e Controllers

Volume 2,

Chapter 10

1.1.f Endpoints

Volume 1,

Chapter 5

1.1.g Servers

Volume 1,

Chapter 5

1.1.h PoE

Volume 1,

Chapter 2

1.2 Describe characteristics of network topology architectures

Volume 1,

Chapter 1

1.2.a Two-tier

Volume 1,

Chapter 1

1.2.b Three-tier

Volume 1,

Chapter 1

Volume 2,

Chapter 14

1.2.c Spine-leaf

Volume 1,

Chapter 1

1.2.d WAN

Volume 1,

Chapter 1

1.2.e Small office/home office (SOHO)

Volume 1,

Chapter 1

1.2.f On-premises and cloud

Volume 1,

Chapter 14

1.3 Compare physical interface and cabling types

Volume 1,

Chapter 2

1.3.a Single-mode fiber, multimode fiber, copper

Volume 1,

Chapter 2

1.3.b Connections (Ethernet shared media and point-to-point)

Volume 1,

Chapter 2

1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)

Volume 1,

Chapter 2

1.5 Compare TCP to UDP

Volume 1,

Chapter 3

1.6 Configure and verify IPv4 addressing and subnetting

Volume 1,

Chapter 3

/4/5 Volume 2,

Chapter 4

1.7 Describe private IPv4 addressing

Volume 1,

Chapter 3

1.8 Configure and verify IPv6 addressing and prefix

Volume 2,

Chapter 3

Volume 2,

Chapter 4

1.9 Describe IPv6 address types

Volume 2,

Chapter 3

1.9.a Unicast (global, unique local, and link local)

Volume 2,

Chapter 3

1.9.b Anycast

Volume 2,

Chapter 3

1.9.c Multicast

Volume 2,

Chapter 3

1.9.d Modified EUI 64

Volume 2,

Chapter 3

1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)

Volume 1,

Chapter 5

Volume 2,

Chapter 4

1.11 Describe wireless principles

Volume 2,

Chapter 10

1.11.a Nonoverlapping Wi-Fi channels

Volume 2,

Chapter 10

1.11.b SSID

Volume 2,

Chapter 10

1.11.c RF

Volume 2,

Chapter 10

1.11.d Encryption

Volume 2,

Chapter 10

1.12 Explain virtualization fundamentals (server virtualization, containers, and VRFs)

Volume 2,

Chapter 13

1.13 Describe switching concepts

Volume 1,

Chapter 12

1.13.a MAC learning and aging

Volume 1,

Chapter 12

1.13.b Frame switching

Volume 1,

Chapter 12

1.13.c Frame flooding

Volume 1,

Chapter 12

1.13.d MAC address table

Volume 1,

Chapter 12

2.0 Network Access

Volume 1,

Chapter 1

/8

Volume 2, Chapters 1/6/12

2.1 Configure and verify VLANs (normal range) spanning multiple switches

Volume 1,

Chapter 13

2.1.a Access ports (data and voice)

Volume 1,

Chapter 13

2.1.b Default VLAN

Volume 1,

Chapter 13

2.1.c InterVLAN connectivity

Volume 1,

Chapter 13

2.2 Configure and verify interswitch connectivity

Volume 1,

Chapter 13

2.2.a Trunk ports

Volume 1,

Chapter 13

2.2.b 802.1Q

Volume 1,

Chapter 13

2.2.c Native VLAN

Volume 1,

Chapter 13

2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)

Volume 1,

Chapter 8

Volume 2,

Chapter 6

2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)

Volume 2,

Chapter 1

2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol

Volume 2,

Chapter 1

2.5.a Root port, root bridge (primary/secondary), and other port names

Volume 2,

Chapter 1

2.5.b Port states and roles

Volume 2,

Chapter 1

2.5.c PortFast

Volume 2,

Chapter 1

2.5.d Root guard, loop guard, BPDU filter, and BPDU guard

Volume 2,

Chapter 1

2.6 Describe Cisco Wireless Architectures and AP modes

Volume 2,

Chapter 11

/

12

2.7 Describe physical infrastructure connections of WLAN components (AP, WLC, access/trunk ports, and LAG)

Volume 2,

Chapter 11

/

12

2.8 Describe network device management access (Telnet, SSH, HTTP, HTTPS, console, TACACS+/RADIUS, and cloud managed)

Volume 1,

Chapter 8

2.9 Interpret the wireless LAN GUI configuration for client connectivity, such as WLAN creation, security settings, QoS profiles, and advanced settings

Volume 2,

Chapter 11

/

12

3.0 IP Connectivity

Volume 1,

Chapter 9

Volume 2, Chapters 4/8

3.1 Interpret the components of routing table

Volume 1,

Chapter 9

Volume 2,

Chapter 4

3.1.a Routing protocol code

Volume 1,

Chapter 9

3.1.b Prefix

Volume 1,

Chapter 9

3.1.c Network mask

Volume 1,

Chapter 9

3.1.d Next hop

Volume 1,

Chapter 9

3.1.e Administrative distance

Volume 1,

Chapter 9

3.1.f Metric

Volume 1,

Chapter 9

3.1.g Gateway of last resort

Volume 1,

Chapter 9

3.2 Determine how a router makes a forwarding decision by default

Volume 1,

Chapter 9

3.2.a Longest prefix match

Volume 1,

Chapter 9

3.2.b Administrative distance

Volume 1,

Chapter 9

3.2.c Routing protocol metric

Volume 1,

Chapter 9

3.3 Configure and verify IPv4 and IPv6 static routing

Volume 1,

Chapter 9

Volume 2,

Chapter 3

/

4

3.3.a Default route

Volume 1,

Chapter 9

3.3.b Network route

Volume 1,

Chapter 9

3.3.c Host route

Volume 1,

Chapter 9

3.3.d Floating static

Volume 1,

Chapter 9

3.4 Configure and verify single area OSPFv2

Volume 1,

Chapter 10

3.4.a Neighbor adjacencies

Volume 1,

Chapter 10

3.4.b Point-to-point

Volume 1,

Chapter 10

3.4.c Broadcast (DR/BDR selection)

Volume 1,

Chapter 10

3.4.d Router ID

Volume 1,

Chapter 10

3.5 Describe the purpose, functions, and concepts of first hop redundancy protocols

Volume 2,

Chapter 8

4.0 IP Services

Volume 1,

Chapter 3

/9

Volume 2,

Chapter 5

/

6

/

9

4.1 Configure and verify inside source NAT using static and pools

Volume 2,

Chapter 5

4.2 Configure and verify NTP operating in a client and server mode

Volume 2,

Chapter 6

4.3 Explain the role of DHCP and DNS within the network

Volume 1,

Chapter 3

/9

4.4 Explain the function of SNMP in network operations

Volume 1,

Chapter 3

Volume 2,

Chapter 6

4.5 Describe the use of syslog features, including facilities and severity levels

Volume 2,

Chapter 6

4.6 Configure and verify DHCP client and relay

Volume 1,

Chapter 9

4.7 Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing, congestion, policing, and shaping

Volume 2,

Chapter 9

4.8 Configure network devices for remote access using SSH

Volume 2,

Chapter 6

4.9 Describe the capabilities and functions of TFTP/FTP in the network

Volume 1,

Chapter 3

5.0 Security Fundamentals

Volume 1,

Chapter 15

Volume 2,

Chapter 2

/

7

/

10

/

11

/

12

/

14

5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)

Volume 2,

Chapter 7

Volume 2,

Chapter 7

5.2 Describe security program elements (user awareness, training, and physical access control)

Volume 2,

Chapter 7

5.3 Configure and verify device access control using local passwords

Volume 2,

Chapter 7

5.4 Describe security password policy elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)

Volume 2,

Chapter 7

5.5 Describe IPsec remote access and site-to-site VPNs

Volume 1,

Chapter 14

5.6 Configure and verify access control lists

Volume 2,

Chapter 2

5.7 Configure and verify Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security)

Volume 2,

Chapter 7

Volume 2,

Chapter 7

5.8 Compare authentication, authorization, and accounting concepts

Volume 2,

Chapter 7

5.9 Describe wireless security protocols (WPA, WPA2, and WPA3)

Volume 2,

Chapter 10