Prep v1 Aug 18 2024

CCNA / Interview prep list
Natthajak Kamkru August 2024
1. Network Fundamentals
• 1.1 Explain the role and function of network components
o Routers
Sending data in network using routing table
o Layer 2 and Layer 3 switches
Forwarding data to every device in the same LAN or VLAN
o Next-generation firewalls and Intrusion Prevention System (IPS)
Provide security by inspecting traffic
o Access points
Connecting wired and wireless devices
o Controllers (Cisco DNA Center and WLC)
Cisco DNA Center: management, automation, policy enforcement,
and analytics both wired and wireless networks.
Wireless LAN Controller (WLC): managing and controlling wireless

access points, ensuring optimal performance and security for
wireless networks.
o Endpoints
Devices that intend to be communicate to each other
(Note that even though routers/switches are communicate ot each
other, we didn’t build a network because we want to communicate
them)
o Servers
Provide services, data, and resources to clients on the network
o PoE
Supplies power to a device via Ethernet cable
• 1.2 Describe characteristics of network topology architectures

o Two-tier
Also called Two-Layerd Hierachical Model or Collapsed Core Model.
Used by small enterprises that can not use 3 Tier architecture.
Because, 3 Tier is good but expensive. Small enterprises using this
by combining core and distribution layer.
o Three-tier
Core Layer: Provides high-speed backbone connectivity and routing
between distribution layers
| main connection layer 3
Distribution Layer: Aggregates traffic from the access layer and
enforces policies
| main connection layer 2
Access Layer: Connects end devices and provides network access.
o Spine-leaf
Commonly used in data centers. Every switch is a leaf (L2) or a
spine (L3). A leaf connected to all spines and a spine connected to
all leaves. There is no connection between two spines or two
leaves.
o WAN
o Small office/home office (SOHO)
o On-premise and cloud
• 1.3 Compare physical interface and cabling types

o Single-mode fiber, multimode fiber, copper
o Connections (Ethernet shared media and point-to-point)
• 1.4 Identify interface and cable issues (collisions, errors, mismatch

duplex, and/or speed)
Check Collisions and Errors
Router# show interfaces GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is Gigabit Ethernet, address is 0050.56be.9f48 (bia

0050.56be.9f48)
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 microseconds
Reliability 255/255, Txload 1/255, Rxload 1/255
Encapsulation ARPA, loopback not set
...
5 minute input rate 1000 bits/sec, 5 packets/sec
5 minute output rate 2000 bits/sec, 10 packets/sec
254 packets input, 3124 bytes
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 errors, 0 collisions, 0 interface resets
Switch# show interfaces status
Port Name Status Vlan Duplex Speed Type
Gi0/1 Uplink1 connected 1 a-full a-1000 10/100/1000BaseTX
Gi0/2 Uplink2 connected 1 a-half a-100 10/100BaseTX
• 1.5 Compare TCP to UDP

TCP ( Transmission Control Protocol )
connection-oriented, reliable
Features : Error checking and correction - Data ordering - Flow control
Use Cases: HTTP/HTTPS, SMTP/IMAP, FTP
UDP ( User Datagram Protocol )
connectionless, less reliable but faster than TCP.
Use Cases: Streaming media (video/audio), online gaming, VoIP.
• 1.6 Configure and verify IPv4 addressing and subnetting

• 1.7 Describe the need for private IPv4 addressing
Conserve public IP addresses and provide security by isolating
internal networks from external networks (not routable).
• 1.8 Configure and verify IPv6 addressing and prefix
Enable IPv6 on the Device
Router(config)# ipv6 unicast-routing
Configure an IPv6 Address on an Interface

Router(config)# interface g0/1
Router(config-if)# ipv6 address 2001:db8::1/64
Configure a Link-Local Address

Router(config-if)# ipv6 address fe80::1 link-local
Enable IPv6 on an Interface (with EUI-64)

Router(config-if)# ipv6 address autoconfig
Show IPv6 Interface Configuration

Router# show ipv6 interface g0/1
Display the IPv6 Routing Table

Router# show ipv6 route
Ping an IPv6 Address

Router# ping ipv6 <IPv6 Address>
Configure an IPv6 Static Route

Router(config)# ipv6 route 2001:db8:1::/64 2001:db8::2
• 1.9 Describe IPv6 address types

o Unicast (global, unique local, and link local)
o Anycast
o Multicast
o Modified EUI 64
• 1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)
• 1.11 Describe wireless principles

o Nonoverlapping Wi-Fi channels
o SSID
o RF
o Encryption
• 1.12 Explain virtualization fundamentals (server virtualization,

containers, and VRFs)
• 1.13 Describe switching concepts

o MAC learning and aging
When a switch received an Ethernet frame, it adds the source MAC address
to its MAC address table. This will be removed after 5 mins (Cisco default) if
it recieve no other frame with the same source MAC address.
o Frame switching
o Frame flooding
o MAC address table
J1. What are modes on switches/routers
### 1. **User EXEC Mode (`>`):**
- **Exists by Default:** Yes.
- **How:** This is the default mode when you first connect to a Cisco device, no
creation is needed.
- **Functionality:**
- Limited to basic monitoring commands (e.g., `show`, `ping`).
- No configuration changes can be made.
### 2. **Privileged EXEC Mode (`#`):**
- **How:** You access this mode by typing ènable` from User EXEC Mode.
- Allows access to all commands, including those that manage and troubleshoot
the device.
- Essential for entering configuration modes.
- Commands include `show running-config`, `copy`, `reload`, etc.
### 3. **Global Configuration Mode (`(config)#`):**
- **How:** Enter this mode by typing `configure terminal` from Privileged EXEC
Mode.
- Allows changes to the device's global settings.
- Includes commands like `hostname`, `banner motd`, ènable secret`, etc.
### 4. **Interface Configuration Mode (`(config-if)#`):**
- **Exists by Default:** Yes, for physical interfaces.
- **How:** Interfaces like `GigabitEthernet0/0` exist by default on a router or
switch. You enter this mode by typing ìnterface [type] [number]` (e.g., ìnterface
GigabitEthernet0/0`).
- Used to configure individual interfaces on the switch or router.
- Includes commands like ìp address`, `switchport mode`, `duplex`, etc.
### 5. **Sub-interface Configuration Mode (`(config-subif)#`):**
- **Exists by Default:** No, needs to be created.
- **How:** Sub-interfaces are created manually by appending a dot and a sub-
interface number to an existing interface. For example:
```shell
Router(config)# interface GigabitEthernet0/0.10
```
- Used to configure sub-interfaces on a physical interface, often for VLAN
tagging with 802.1Q.
- Includes commands like èncapsulation dot1Q [vlan-id]`, ìp address`, etc.
### 6. **Line Configuration Mode (`(config-line)#`):**
- **Exists by Default:** Yes, for common lines like console, auxiliary, and vty.
- **How:** These lines exist by default, and you enter this mode by specifying
the line type and number, such as:
```shell
Switch(config)# line vty 0 4
```
- **Security:** Used to configure settings for the terminal lines of a Cisco
device, such as console, auxiliary (aux), and virtual terminal lines (vty).
- **Access Control:** Controls how users connect to the device, both locally
and remotely.
- **Timeouts:** Configures timeouts to ensure that inactive sessions are closed
after a specified period.
### 7. **Router Configuration Mode (`(config-router)#`):**
- **How:** This mode is accessed by enabling a routing protocol in Global
Configuration Mode. For example, to enable OSPF:
```shell
Router(config)# router ospf 1
```
- Used to configure routing protocols like OSPF, EIGRP, BGP, etc.
- Commands include `network`, `router-id`, `passive-interface`, etc.
### 8. **VLAN Configuration Mode (`(config-vlan)#`):**
- **How:** VLANs must be manually created using the `vlan` command:
```shell
Switch(config)# vlan 10
```
- Used to create and configure VLANs on a switch.
- Commands include `name`, `state`, èxit`, etc.
### 9. **SVI Configuration Mode (`(config-if)#` for VLAN):**
No default, create SVI (Switched Virtual Interface)
Switch(config)# interface vlan 10
- Used to configure Switched Virtual Interfaces (SVIs) for VLANs.
- Commands include ìp address`, `no shutdown`, etc.
### 10. **Access Control List (ACL) Configuration Mode (`(config-acl)#`):**
- **How:** ACLs are created manually by entering the ACL configuration
command:
```shell
Router(config)# ip access-list extended MY_ACL
```
- **Traffic Filtering:** ACLs control which packets are allowed or denied, either
on the inbound or outbound interfaces.
- **Security:** Helps prevent unauthorized access and can block malicious
traffic.
- **QoS:** Used to identify traffic for Quality of Service (QoS) purposes.
- **Route Filtering:** Used in conjunction with routing protocols to control
which routes are advertised or received.
### 11. **Control Plane Policing (CoPP) Configuration Mode (`(config-cp-
policer)#`):**
- **How:** You must define a policy map and apply it to the control plane:
Router(config)# policy-map MY_POLICY
Router(config-cp)# class-map MY_CLASS
Router(config)# control-plane
Router(config-cp)# service-policy input MY_POLICY
- Control Plane Protection: CoPP protects the control plane from excessive
traffic or attacks by limiting the rate of specific types of traffic.
- Traffic Classification: Allows you to classify and prioritize control plane traffic.
- Rate Limiting: Applies rate limiting to control plane traffic, preventing any
single type of traffic from overwhelming the control plane.
### 12. **VRF Configuration Mode (`(config-vrf)#`):**
Exists by Default : No
- Create VRF Router(config)# ip vrf CUSTOMER_A
- **Network Segmentation:** VRFs segment a network into different routing
domains.
- **Multi-Tenancy:** Enables different customers or departments to have their
own isolated routing tables.
- **Overlapping IP Addresses:** Allows different VRF instances to use
overlapping IP address spaces without conflict.
- **Route Import/Export:** Controls which routes are shared between
different VRFs using Route Targets.
J2. What are fields on frame/packet headers
2. Network Access
• 2.1 Configure and verify VLANs (normal range) spanning multiple
switches
o Access ports (data and voice)
o Default VLAN
o InterVLAN connectivity
Configuring and Verifying VLANs Spanning Multiple Switches
1. Create VLANs on Each Switch:
For each switch:
1. Enter global configuration mode.
2. Create the necessary VLAN(s).
3. Assign a name to each VLAN.
4. Exit VLAN configuration mode.
Switch(config)# vlan <VLAN_ID>
Switch(config-vlan)# name <VLAN_NAME>
2. **Assign VLANs to Access Ports:**

- **For each port requiring VLAN assignment:**
1. Enter the interface configuration mode.
2. Set the port to access mode.
3. Assign the port to the appropriate VLAN.
4. Exit interface configuration mode.
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan <VLAN_ID>
3. **Configure Trunk Links Between Switches:**

- **For each trunk link between switches:**
1. Enter the interface configuration mode for the trunk port.
2. Set the port to trunk mode.
3. Specify which VLANs are allowed on the trunk.
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan <VLAN_LIST>
4. **Configure Voice VLANs (Optional):**

- **For each port with IP phones:**
1. Enter the interface configuration mode.
2. Assign the port to the appropriate data VLAN.
3. Configure the voice VLAN for IP phone traffic.
Switch(config-if)# switchport access vlan <Data_VLAN_ID>
Switch(config-if)# switchport voice vlan <Voice_VLAN_ID>
5. Enable and Verify InterVLAN Routing (Using a Layer 3 Switch or Router)

If using a Layer 3 switch:
1. Enable routing on the switch.
2. Create VLAN interfaces (SVIs) for each VLAN.
3. Assign IP addresses to each VLAN interface.
4. Verify that the interfaces are up.
Switch(config)# ip routing
Switch(config)# interface vlan <VLAN_ID>
Switch(config-if)# ip address <IP_ADDRESS> <SUBNET_MASK>
If using a router:
1. Create subinterfaces for each VLAN on the physical interface connected to the
switch.
2. Configure 802.1Q encapsulation and assign IP addresses to each subinterface.
3. Verify that the subinterfaces are up.
Router(config)# interface <interface>.<VLAN_ID>
Router(config-if)# encapsulation dot1Q <VLAN_ID>
Router(config-if)# ip address <IP_ADDRESS> <SUBNET_MASK>
6. Verify Configuration:
- On each switch
1. Check VLAN configuration.
2. Verify the status of VLAN interfaces.
3. Confirm trunk and access port configurations.
Switch# show vlan brief
Switch# show interfaces trunk
Switch# show interfaces status
- On the Layer 3 switch or router

1. Verify IP routing.
2. Check the routing table for proper routes.
3. Test connectivity between VLANs.
Router# show ip route
Router# ping <destination_IP>
# Summary
1. Create VLANs** on all switches.
2. Assign VLANs to access ports** for data and voice traffic.
3. Configure trunk links** between switches.
4. Enable InterVLAN routing** on a Layer 3 switch or router.
5. Verify configuration** using show commands on both switches and routers.
• 2.2 Configure and verify interswitch connectivity
o Trunk ports
o 802.1Q
o Native VLAN
• 2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery

Protocol and LLDP)
• 2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
• 2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol

o Root port, root bridge (primary/secondary), and other port names
o Port states (forwarding/blocking)
o PortFast
• 2.6 Describe Cisco Wireless Architectures and AP modes
• 2.7 Describe physical infrastructure connections of WLAN

components (AP, WLC, access/trunk ports, and LAG)
• 2.8 Describe AP and WLC management access connections (Telnet,
SSH, HTTP, HTTPS, console, and TACACS+/RADIUS)
• 2.9 Interpret the wireless LAN GUI configuration for client

connectivity, such as WLAN creation, security settings, QoS profiles,
and advanced settings
3. IP Connectivity
• 3.1 Interpret the components of routing table
Example
D 10.1.1.0/24 [90/2170112] via 192.168.1.2, 00:00:20, Ethernet0
o Routing protocol code Identifies the protocol that learned the route
C : Connected (Directly connected networks)
S : Static (Manually configured routes)
D : EIGRP (Enhanced Interior Gateway Routing Protocol)
O : OSPF (Open Shortest Path First)
R : RIP (Routing Information Protocol)
B : BGP (Border Gateway Protocol)
o Prefix /24 = if the first three components of IP matches, then route

o Network mask Specifies the network portion of the IP address.
o [Administrative distance/ Metric]
The trustworthiness of a route. A lower AD value indicates a more preferred.
Connected interface 0 Static route 1
EIGRP summary route 5 External BGP 20
Internal EIGRP 90 IGRP 100 OSPF 110
IS-IS 115 RIP 120 EGP 140 ODR 160
External EIGRP 170 Internal BGP 200 Unknown 255
*Note that we can config AD like this
Router(config)# ip route <ip> <mask> <next hop ip> <AD>
/ A value used by its protocol to determine the best path
o Next hop The next device in the path to the destination.

o Time Since Last Update Indicates how long it has been since the routing
information was last updated or refreshed. (hr:min:sec)
o Outgoing interface This is the physical or logical interface on the router

through which packets should be forwarded to reach the next hop.
o Gateway of last resort The route to use if no specific route is found.

S* 0.0.0.0/0 [1/0] via 192.168.1.1
• J Note: Overall types of dynamic routing

Interior Gateway Protocol (IGP)
Alg: Distance Vector > RIP EIGRP
*use rumours = to <IP> via <interface> with <metric>
Alg: Link State > OSPF IS-IS
Exterior Gateway Protocol (EGP) Alg: Path Vector > BGP
• 3.2 Determine how a router makes a forwarding decision by default

o Longest prefix match
o Administrative distance
o Routing protocol metric
Example: Suppose a router receives a packet destined for 192.168.10.50. The
router has the following routes in its routing table:
1. Route 1: 192.168.10.0/24 via OSPF (AD 110, Metric 20)
2. Route 2: 192.168.10.0/25 via EIGRP (AD 90, Metric 256)
3. Route 3: 192.168.10.0/25 via Static Route (AD 1)
• Step 1 (Longest Prefix Match): The router will first choose Route 2 or Route
3 because /25 is more specific than /24.
• Step 2 (Administrative Distance): Between Route 2 and Route 3, the router
will choose Route 3 because it has a lower AD (1 vs. 90).
• Step 3 (Metric): The metric isn’t evaluated in this case because the AD
already determined the best route.
So, the router will forward the packet using Route 3, which is the most specific
and has the lowest AD.
• J Note: address that a routing protocol send message

o RIPv1 broadcast RIPv2 multicast 224.0.0.9
o EIGRP multicast 224.0.0.10
• J Note: Multiple routing protocols can be run on the same router at
the same time, but it is waste resource.
• 3.3 Configure and verify IPv4 and IPv6 static routing
o Default route
o Network route
o Host route
o Floating static
• J Note: Configure dynamic routing
RIP
Router(config)# router rip
Router(config-router)# version2
Router(config-router)# no auto-summary
Router(config-router)# network 10.0.0.0
EIGRP
Router(config)# router eigrp 1
Router(config-router)# no auto-summary
Router(config-router)# passive-interface g2/0
Router(config-router)# network 10.0.0.0
• 3.4 Configure and verify OSPF

- Use Shoetest Path First Algorithm = Dijkstra’s algorithm
- v1 not in use anymore // v2 for IPv4 // v3=IPv4,v6
- Store information in LSDB (Link State Database) which is the collection of
LSAs (Link State Advertisements). All routers eventually have the same LSDB.
- Router will flood LSAs until all routers in OSPF area develop the same map.
- Each LSA has an aging timer of 30 mins.
o J Note: OSPF Areas

For a large network, we should divide them to OSPF areas (Otherwise LSDB
becomes huge + any small change leads to re-run SPF alg again + require
exponentially more time and power)
Structure: Area 0 (backbone) and other areas.
Every other area has a router connected to the Area 0.
A router that has interfaces connected to multiple ares is called ABR=Area
Border Router. Routers with all interfaces in the same area are called
internal routers
* An ABR is connected to maximum 2 areas
A backbone router is a router connected to Area 0
Intra-area route = des and source in the same area, otherwise Interarea
* All interfaces in the same subnet must be in the same area.
o Configuration
Router(config)# router ospf 1
*Note that unlike EIGRP AS number, routers with diffrerent OSPF process IDs
(in this example = 1) can become OSPF neighbours.
Router(config-router)# network 10.0.12.0 0.0.0.3 area 0
The following is recommened for non neighbor interface (Otherwise, it will

continually send hello).
Router(config-router)# passive-interface g2/0
Change cost referecnce (100mbps by default)

Router(config)#interface g0/0
Router(config-if)# ip ospf cost 10000
o Single area OSPFv2

-Neighbor adjacencies
-Point-to-point
-Broadcast (DR/BDR selection)
-Router ID
• 3.5 Describe the purpose, functions, and concepts of first hop
redundancy protocols
First remark that FHRP is a type of protocols, not itself a protocol.
They do provide redundancy for routing by let multiple router
interfaces shares the same VIP (Virtual IP) and negotiate roles
between them. Any time an end device try to use default gateway, it
will use ARP to learn Active MAC address.
HSRP (Hot Standby Router Protocol) *Cisco
VRRP (Virtual Router Redundancy Protocol)
GLBP (Gateway Load Balancing Protocol) *Cisco
4. IP Services
• 4.1 Configure and verify inside source NAT using static and pools
Configuration Static NAT
Define inside/outside interface
Router(config-if)#ip nat inside
Router(config-if)#ip nat outside
Add source static NAT

Router(config)#ip nat inside source static 192.168.0.167 100.0.0.1
**Note that we have to own (e.g. registered by service) 100.0.0.1 to be able to use it.
Table
Router#show ip nat translation
Pro Inside global Inside local Outside local Outside global

udp 100.0.0.1:56310 192.168.0.167:56310 8.8.8.8:53 8.8.8.8:53
--- 100.0.0.1 192.168.0.167 --- ---

**56310 and 53 are port numbers
Statistics
Router#show ip nat statistics
Total active translation: 1 (1 static, 0 dynamic; 0 extended)

Peak translation: 4, occurred 02:29:00 ago
Outside interfaces: . . .
Delete all NAT

Router#clear ip nat translation *
Pools
• 4.2 Configure and verify NTP operating in a client and server mode
Network Time Protocol (NTP) is used to synchronize the clocks of network devices
with a reliable time.
• NTP Server: A device that provides time information to other devices.
• NTP Client: A device that receives time information from an NTP server
The stratum number indicates the distance from the reference clock. Lower
numbers are more accurate
Router(config)# ntp master [stratum number]
A client can be configured to synchronize time with an NTP server.

Router(config)# ntp server [server IP address]
Show command
Router# show ntp status
Router# show ntp association
From reddit: “Let me give you a clear example of why having time be synchronous
across all the devices in the network matters.
How do you write concurrent software that naturally scales to multiple cores
when they are available?
If you don’t have sufficiently synchronized clocks, you just can’t make stuff like this
work. And it’s really, really hard to synchronize much tighter than a few
milliseconds”
• 4.3 Explain the role of DHCP and DNS within the network
Dynamic Host Configuration Protocol (DHCP): Reduces the need for manual IP
configuration. Ensures devices receive correct network parameters
automatically.
• Purpose: DHCP automates the process of assigning IP addresses, subnet
masks, gateways, and other network parameters to devices on a network.
• DHCP Server: Assigns IP addresses to clients.
• DHCP Client: Receives IP configuration from a DHCP server.
Domain Name System (DNS):
• Purpose: DNS translates domain names (like www.example.com) into IP
addresses, allowing users to access websites using easy-to-remember
names instead of numerical IPs.
• 4.4 Explain the function of SNMP in network operations
• 4.5 Describe the use of syslog features including facilities and levels
Feature used to log events (e.g. interface up/down) It can be displayed in CLI or
saved in the device RAM or sent to an external Syslog server.
seq : time stamp : %facility-severity-MNEMONIC : description
Sequence and Time stamp: order and time of the message being generated.
Facility: The part of the system that generated the message.
Severity: The importance of the message.
Mnemonic: A code that provides more detail about the message.
Common Facilities
• AUTH Authentication messages.
• SYS System-related messages.
• IF Interface-related messages.
• ROUT Routing-related messages.
• SEC Security-related messages.
• SYSLOG Messages from the syslog process itself.
• LINEPROTO Line protocol changes.
• OSPF Open Shortest Path First (OSPF) protocol messages.
• SNMP Simple Network Management Protocol messages.
• BGP Border Gateway Protocol messages.
• IP IP protocol-related messages.
Severity Levels
• 0 – Emergency System is unusable.
• 1 – Alert Immediate action required.
• 2 – Critical Critical conditions.
• 3 – Error Error conditions.
• 4 – Warning Warning conditions.
• 5 – Notice Normal but significant condition.
• 6 – Informational Informational messages.
• 7 – Debug Debug-level messages.
Common Mnemonics
• UPDOWN Indicates an interface state change (e.g., up or down).
• LINK-3-UPDOWN Indicates a change in the status of an interface.
• SEC-6-IPACCESSLOGP Indicates a packet was logged by an IP access list.
• CONFIG_I Configuration commands were entered.
• COPY Configuration was copied to/from the device.
• OSPF-5-ADJCHG OSPF adjacency change.
• SNMP-3-AUTHFAIL SNMP authentication failure.
• 4.6 Configure and verify DHCP client and relay
• 4.7 Explain the forwarding per-hop behavior (PHB) for QoS, such as
classification, marking, queuing, congestion, policing, and shaping
• 4.8 Configure network devices for remote access using SSH
• 4.9 Describe the capabilities and functions of TFTP/FTP in the

network
TFTP is typically used for simple, fast, and unauthenticated file transfers, often
in scenarios like device configuration backups, firmware upgrades, and
network boot processes.
FTP is used for more secure, authenticated, and feature-rich file transfers,
suitable for centralized file storage, secure user file transfers, and automated
processes.
Here are example use cases for TFTP and FTP in network environments:
TFTP Use Cases:
1. Network Device Configuration Backup and Restore:
o Scenario: A network administrator wants to back up the running
configuration of a Cisco router.
o Action:
▪ The administrator uses TFTP to transfer the configuration file from the
router to a TFTP server.
▪ Command:
Router# copy running-config tftp
▪ This command prompts the administrator to specify the IP address of the
TFTP server and the filename.
2. IOS Image Upgrade on a Cisco Device:
o Scenario: A network administrator needs to upgrade the IOS (operating
system) on a Cisco switch.
o Action:
▪ The administrator downloads the new IOS image to a TFTP server.
▪ The switch is then configured to download the IOS image from the TFTP
server.
▪ Command:
Switch# copy tftp flash
▪ The switch downloads the image, which can then be used to upgrade the
device.
3. PXE Boot for Network Devices:
o Scenario: Deploying a large number of devices (like IP phones or network
routers) that need to boot from a network.
o Action:
▪ Devices are set to boot using PXE (Preboot Execution Environment),
which pulls the required boot files from a TFTP server.
▪ TFTP is used due to its simplicity and minimal overhead, which is suitable
for booting devices over a network.
FTP Use Cases:
1. Centralized Storage for Network Device Firmware:
o Scenario: An organization maintains various network devices, each
requiring periodic firmware updates.
o Action:
▪ An FTP server is set up to store all firmware files securely.
▪ Network administrators can connect to the FTP server to download the
latest firmware when needed.
▪ This is more secure and manageable than TFTP, especially when dealing
with sensitive files.
2. User File Transfer:
o Scenario: A company needs to allow employees to upload and download
large files securely from a centralized location.
o Action:
▪ An FTP server is configured with user authentication to allow employees
to log in, upload, and download files.
▪ Example:
▪ Employees might upload project files, access shared
resources, or download reports using an FTP client like
FileZilla.
3. Automated Backup of Network Logs:
o Scenario: A company’s network devices generate extensive log files that
need to be archived for audit and troubleshooting purposes.
o Action:
▪ Network devices are configured to automatically transfer log files to an
FTP server at regular intervals.
▪ This ensures that logs are centralized and easily accessible when needed
for analysis.
4. Remote Site File Distribution:
o Scenario: A company with multiple remote sites needs to distribute
software updates to all locations.
o Action:
▪ The central IT team uploads the update files to an FTP server.
▪ Remote site administrators then log in to the FTP server to download the
update files, ensuring all sites have consistent software versions.
5. Security
• 5.1 Define key security concepts (threats, vulnerabilities, exploits,
and mitigation techniques)
Threats: Potential events or actions that could cause harm to a
network.
Vulnerabilities: Weaknesses in a system that could be exploited.
Exploits: Techniques used to take advantage of vulnerabilities.
Mitigation Techniques: Methods to reduce or eliminate risks, such
as firewalls, encryption, and access controls
• 5.2 Describe security program elements (user awareness, training,

and physical access control)
User Awareness and Training: Educating users on security best
practices to prevent human errors that could lead to security
breaches.
Physical Access Control: Restricting physical access to network
devices and infrastructure to prevent unauthorized access.
• 5.3 Configure and verify device access control using local passwords
• 5.4 Describe security password policies elements, such as

management, complexity, and password alternatives (multifactor
authentication, certificates, and biometrics)
• 5.5. Describe IPsec remote access and site-to-site VPNs

• 5.6 Configure and verify access control lists
• 5.7 Configure and verify Layer 2 security features (DHCP snooping,

dynamic ARP inspection, and port security)
• 5.8 Compare authentication, authorization, and accounting concepts
• 5.9 Describe wireless security protocols (WPA, WPA2, and WPA3)
• 5.10 Configure and verify WLAN within the GUI using WPA2 PSK
6. Automation
• 6.1 Explain how automation impacts network management
• 6.2 Compare traditional networks with controller-based networking

• 6.3 Describe controller-based, software defined architecture (overlay,
underlay, and fabric)
o 6.3.a Separation of control plane and data plane
o 6.3.b Northbound and Southbound APIs
• 6.4 Compare traditional campus device management with Cisco DNA

Center enabled device management
• 6.5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs,

and data encoding)
• 6.6 Recognize the capabilities of configuration management

mechanisms Puppet, Chef, and Ansible
• 6.7 Recognize components of JSON-encoded data

Prep v1 Aug 18 2024

Uploaded by

Prep v1 Aug 18 2024

Uploaded by

CCNA / Interview prep list

Natthajak Kamkru August 2024

Wireless LAN Controller (WLC): managing and controlling wireless

• 1.2 Describe characteristics of network topology architectures

• 1.3 Compare physical interface and cabling types

• 1.4 Identify interface and cable issues (collisions, errors, mismatch

Check Collisions and Errors

Router# show interfaces GigabitEthernet0/1

GigabitEthernet0/1 is up, line protocol is up

Hardware is Gigabit Ethernet, address is 0050.56be.9f48 (bia

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 microseconds

Reliability 255/255, Txload 1/255, Rxload 1/255

Encapsulation ARPA, loopback not set

5 minute output rate 2000 bits/sec, 10 packets/sec

254 packets input, 3124 bytes

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 packets output, 0 errors, 0 collisions, 0 interface resets

Switch# show interfaces status

Port Name Status Vlan Duplex Speed Type

Gi0/1 Uplink1 connected 1 a-full a-1000 10/100/1000BaseTX

Gi0/2 Uplink2 connected 1 a-half a-100 10/100BaseTX

• 1.5 Compare TCP to UDP

• 1.6 Configure and verify IPv4 addressing and subnetting

Configure an IPv6 Address on an Interface

Configure a Link-Local Address

Enable IPv6 on an Interface (with EUI-64)

Show IPv6 Interface Configuration

Display the IPv6 Routing Table

Ping an IPv6 Address

Configure an IPv6 Static Route

• 1.9 Describe IPv6 address types

• 1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)

• 1.11 Describe wireless principles

• 1.12 Explain virtualization fundamentals (server virtualization,

• 1.13 Describe switching concepts

J2. What are fields on frame/packet headers

2. **Assign VLANs to Access Ports:**

3. **Configure Trunk Links Between Switches:**

4. **Configure Voice VLANs (Optional):**

5. Enable and Verify InterVLAN Routing (Using a Layer 3 Switch or Router)

- On the Layer 3 switch or router

• 2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery

• 2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)

• 2.5 Interpret basic operations of Rapid PVST+ Spanning Tree Protocol

• 2.6 Describe Cisco Wireless Architectures and AP modes

• 2.7 Describe physical infrastructure connections of WLAN

• 2.9 Interpret the wireless LAN GUI configuration for client

o Prefix /24 = if the first three components of IP matches, then route

/ A value used by its protocol to determine the best path

o Next hop The next device in the path to the destination.

o Outgoing interface This is the physical or logical interface on the router

o Gateway of last resort The route to use if no specific route is found.

• J Note: Overall types of dynamic routing

• 3.2 Determine how a router makes a forwarding decision by default

• J Note: address that a routing protocol send message

• 3.4 Configure and verify OSPF

o J Note: OSPF Areas

The following is recommened for non neighbor interface (Otherwise, it will

Change cost referecnce (100mbps by default)

o Single area OSPFv2

Add source static NAT

Pro Inside global Inside local Outside local Outside global

--- 100.0.0.1 192.168.0.167 --- ---

Total active translation: 1 (1 static, 0 dynamic; 0 extended)

Delete all NAT

A client can be configured to synchronize time with an NTP server.

• 4.4 Explain the function of SNMP in network operations

• 4.6 Configure and verify DHCP client and relay

• 4.8 Configure network devices for remote access using SSH

• 4.9 Describe the capabilities and functions of TFTP/FTP in the

• 5.2 Describe security program elements (user awareness, training,

• 5.4 Describe security password policies elements, such as

• 5.5. Describe IPsec remote access and site-to-site VPNs

• 5.7 Configure and verify Layer 2 security features (DHCP snooping,

• 5.8 Compare authentication, authorization, and accounting concepts

2. Assign VLANs to Access Ports:

3. Configure Trunk Links Between Switches:

4. Configure Voice VLANs (Optional):