Cisco CCNA v7

The new Cisco CCNA has been designed by Cisco to testscandidate's knowledge and skills related to network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability. The CCNA 200-301 120-minute exam is required to achieve the associate certification level.

This certification level validates the ability to install, configure, operate, and troubleshoot medium-size switched and routed networks, including implementation and verification of connections to remote sites in a WAN environment. Upon completion, CCNA candidates should be able to successfully carry out any number of essential networking maintenance and troubleshooting duties such as operating LAN, WAN and dial access services for small networks, as well as having good working knowledge of protocols such as IP, IGRP, Serial, Frame Relay, IP RIP, VLAN’s, Ethernet and Access Lists.

The 200-301 CCNA exams include labs and simlets questions to test student's ability to configure and troubleshoot network devices. It is highly recommended to practice networking simulation using Cisco Packet Tracer 8.1 before taking any of the exams. Labs for CCNA traiing available in our labs sections.

CCNA Routing and Switching PTMO (Packet Tracer Media Objects) can be run inside Packet Tracer 8.1 without installing the JAVA runtime environment to practice drag and drop, fill in the blank, multiple choices exam questions.


CCNA 200-301 exam topics

Exam topics may change at any time without notice. Find complete information about CCNA exam topics on Cisco website :

1.0 Network fundamentals

  • 1.1 Explain the role and function of network components
  • 1.2 Describe characteristics of network topology architectures
  • 1.3 Compare physical interface and cabling types
  • 1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)
  • 1.5 Compare TCP to UDP
  • 1.6 Configure and verify IPv4 addressing and subnetting
  • 1.7 Describe the need for private IPv4 addressing
  • 1.8 Configure and verify IPv6 addressing and prefix
  • 1.9 Compare IPv6 address types
  • 1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)
  • 1.11 Describe wireless principles1.12 Explain virtualization fundamentals (virtual machines)
  • 1.13 Describe switching concepts

2.0 Network access

  • 2.1 Configure and verify VLANs (normal range) spanning multiple switches
  • 2.2 Configure and verify interswitch connectivity
  • 2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
  • 2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
  • 2.5 Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations
  • 2.6 Compare Cisco Wireless Architectures and AP modes
  • 2.7 Describe physical infrastructure connections of WLAN components (AP,WLC, access/trunk ports, and LAG)
  • 2.8 Describe AP and WLC management access connections (Telnet, SSH, HTTP,HTTPS, console, and TACACS+/RADIUS)
  • 2.9 Configure the components of a wireless LAN access for client  connectivity using GUI only such as WLAN creation, security settings, QoS profiles, and advanced WLAN setting

3.0 IP connectivity

  • 3.1 Interpret the components of routing table
  • 3.2 Determine how a router makes a forwarding decision by default
  • 3.3 Configure and verify IPv4 and IPv6 static routing
  • 3.4 Configure and verify single area OSPFv2
  • 3.5 Describe the purpose of first hop redundancy protocol

4.0 IP services

  • 4.1 Configure and verify inside source NAT using static and pools4.2 Configure and verify NTP operating in a client and server mode
  • 4.3 Explain the role of DHCP and DNS within the network
  • 4.4 Explain the function of SNMP in network operations
  • 4.5 Describe the use of syslog features including facilities and levels
  • 4.6 Configure and verify DHCP client and relay
  • 4.7 Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing, congestion, policing, shaping
  • 4.8 Configure network devices for remote access using SSH
  • 4.9 Describe the capabilities and function of TFTP/FTP in the network

5.0 Security fundamentals

  • 5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)
  • 5.2 Describe security program elements (user awareness, training, and physical access control)
  • 5.3 Configure device access control using local passwords
  • 5.4 Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
  • 5.5. Describe remote access and site-to-site VPNs
  • 5.6 Configure and verify access control lists
  • 5.7 Configure Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security)
  • 5.8 Differentiate authentication, authorization, and accounting concepts
  • 5.9 Describe wireless security protocols (WPA, WPA2, and WPA3)
  • 5.10 Configure WLAN using WPA2 PSK using the GUI

6.0 Automation and Programmability

  • 6.1 Explain how automation impacts network management
  • 6.2 Compare traditional networks with controller-based networking
  • 6.3 Describe controller-based and software defined architectures (overlay, underlay, and fabric)
  • 6.4 Compare traditional campus device management with Cisco DNA Center enabled device management
  • 6.5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)
  • 6.6 Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible
  • 6.7 Interpret JSON encoded data


Recommended books for exam preparation (self-study)

CCNA Official Exam Certification Library, Third Edition, is the newest edition of the all-time best-selling CCNA self-study preparation package. The two books contained in this package, CCENT/CCNA ICND1 Official Exam Certification Guide, Second Edition, and CCNA ICND2 Official Exam Certification Guide, Second Edition, present complete reviews and a more challenging and realistic preparation experience. The books are updated to cover all the new 640-802 exam objectives, such as security, wireless, IPv6, and troubleshooting.

The companion CD-ROMs contain a powerful testing engine with over 400 questions that allow you to focus on individual topic areas or take complete, timed exams. The test engine also includes simulation and testlet questions, and all questions are available in study mode and test mode.



CCNA certifications are valid for three years. To recertify, you have to pass either the ICND2 or the CCNA exam, or pass any professional or specialization certification exam (CCNP, ...).


Test Scheduling

Pearson VUE delivers tests for associate, professional, and expert level certifications for Cisco Systems. Select your test center and schedule your CCNA exam on Pearson VUE website.


Packet Tracer 8.1 features for CCNA v7 200-301 exam preparation

1.0 LAN Switching Technologies

1.1 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

Normal and extended range vlans are fully supported on Packet Tracer 7.2 emulated catalyst switches :

  • Normal VLAN ID : 1 to 1001 (1002 - 1005 reserved)
  • Extended VLAN ID : 106 to 4094 (4095 reserved)
Switch(config)#vlan ?
  <1-4094>  ISL VLAN IDs 1-1005


1.2 Configure, verify, and troubleshoot interswitch connectivity

  • Trunk ports : Supported (switchport mode trunk)
  • Add and remove VLANs on a trunk : Supported (switchport trunk allowed vlan add/remove/except/all/none)
  • DTP - Dynamic Trunking Protocol : Supported (switchport nonegotiate to disable it)
  • VTP (v1&v2) - VLAN Trunking Protocol : Both VTP v1&v2 are supported (vtp version <1-2>, vtp domain, vtp mode)
Switch(config)#vtp ?
  domain    Set the name of the VTP administrative domain.
  mode      Configure VTP device mode
  password  Set the password for the VTP administrative domain
  version   Set the adminstrative domain to VTP version

Switch(config)#vtp version ?
  <1-2>  Set the adminstrative domain VTP version number

Switch(config)#vtp mode ?
  client       Set the device to client mode.
  server       Set the device to server mode.
  transparent  Set the device to transparent mode.
  • 802.1Q : Supported by default on emulated Catalyst switches.
  • Native VLAN: Supported (switchport trunk native vlan)
Switch(config-if)#switchport trunk native ?
  vlan  Set native VLAN when interface is in trunking mode


1.3 Configure, verify, and troubleshoot STP protocols

Packet Tracer emulates PVST+ and Rapid-PVST+ Cisco proprietary protocols. Multiple spanning-tree (MST) is not supported.

Switch(config)#spanning-tree mode ?
  pvst        Per-Vlan spanning tree mode
  rapid-pvst  Per-Vlan rapid spanning tree mode

Spanning-tree root bridge can be configured using either :

  • Manually configured priority (lowest priority is root) using spanning-tree vlan 1 priority command
  • Automatically using the spanning-tree vlan 1 root primary command which automatically sets the priority value as the lowest value in the network.
Switch(config)#spanning-tree vlan 1 priority 
% Bridge Priority must be in increments of 4096.
% Allowed values are:
  0     4096  8192  12288 16384 20480 24576 28672
  32768 36864 40960 45056 49152 53248 57344 61440

Switch(config)#spanning-tree vlan 100 root primary 

1.4 Configure, verify, and troubleshoot STP-related optional features

Packet Tracer supports the spanning-trevPortFast configuration on catalyst switches which allows imediate network interface transition into the forwarding state upon linkup. he network interface still participates in the spanning-tree This feature is used on host ports an is usually required to make PXE boot or DHCP clients work smoothly.

The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the network topology predictable by dening devices behind the ports that have STP PortFast enabled to influence the STP topology. At the reception of BPDUs on a portfast enabled interface, the BPDU guard operation disables the port (errdisable state) that has PortFast configured.

Switch(config)#interface fastEthernet 0/1
Switch(config-if)#spanning-tree portfast ?
  disable  Disable portfast for this interface
  trunk    Enable portfast on the interface even in trunk mode

Switch(config-if)#spanning-tree portfast 
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface  when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on FastEthernet0/1 but will only
have effect when the interface is in a non-trunking mode.

Switch(config-if)#spanning-tree bpduguard enable 

Spanning-tree portfast can also be configured by default on all the switch network interfaces :

Switch(config)#spanning-tree portfast ?
  default  Enable portfast by default on all access ports

Switch(config)#spanning-tree portfast default 


1.5 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel

Static, LACP, and PAGP etherchannel confguration are supported in Packet Tracer 7.2.2 on catalyst switches layer 2 and layer 3 interfaces

Switch(config-if)#channel-group 1 mode ?
  active     Enable LACP unconditionally
  auto       Enable PAgP only if a PAgP device is detected
  desirable  Enable PAgP unconditionally
  on         Enable Etherchannel only
  passive    Enable LACP only if a LACP device is detected

Use the channel-protocol interface configuration command to restrict the etherchannel protocol used on a port to manage channeling.

Switch(config-if)#channel-protocol ?
  lacp  Prepare interface for LACP protocol
  pagp  Prepare interface for PAgP protocol


1.6 Describe the benefits of switch stacking and chassis aggregation

Switch stacking is not supported in Packet Tracer.


1.7 Describe common access layer threat mitigation techniques

1.7.a 802.1x
1.7.b DHCP snooping
1.7.c Nondefault native VLAN


4.0 Infrastructure Services

4.1 Configure, verify, and troubleshoot basic HSRP

HSRP priority, preemption, and version (v1 vs v2) are covered in this section.

Cisco Packet Tracer 7.2.2 supports HSRP v1 and v2 on ISR routers and Layer 3 switches. The standby IOS command is available to configure HSRP groups and settings.

HSRP priorities and preemption are fully functionnal in Packet Tracer 7.2.2

Router(config-if)#standby ?
  <0-4095>  group number
  ip        Enable HSRP and set the virtual IP address
  ipv6      Enable HSRP IPv6
  preempt   Overthrow lower priority Active routers
  priority  Priority level
  timers    Hello and hold timers
  track     Priority Tracking
  version   HSRP version


4.2 Describe the effects of cloud resources on enterprise network architecture

Cloud resources are not available in Packet Tracer.


4.3 Describe basic QoS concepts


Device trust

Prioritization (Voice, Video, Data)



Congestion management


4.4 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering

Packet Tracer 7.2 features standard, extended, and named access-lists on emulated ISR routers and layer 3 switches. Access-lists can be applied to physical network interfaces, vlan interfaces, or virtual terminal lines.

Access-lists configuration tutorial describes access-list configuration on a Cisco 2911 ISR router.

Switch(config)#access-list ?
  <1-99>     IP standard access list
  <100-199>  IP extended access list

Switch(config)#access-list 100 ?
  deny    Specify packets to reject
  permit  Specify packets to forward
  remark  Access list entry comment

Switch(config)#access-list 100 permit ?
  ahp    Authentication Header Protocol
  eigrp  Cisco's EIGRP routing protocol
  esp    Encapsulation Security Payload
  gre    Cisco's GRE tunneling
  icmp   Internet Control Message Protocol
  ip     Any Internet Protocol
  ospf   OSPF routing protocol
  tcp    Transmission Control Protocol
  udp    User Datagram Protocol


4.5 Verify ACLs using the APIC-EM Path Trace ACL analysis tool

APIC-EM is not supported in Cisco Packet Tracer 7.2 . However, APIC-EM can be tested on (Username: devnetuser - Password: Cisco123!)


5.0 Infrastructure Maintenance

5.1 Configure and verify device-monitoring protocols

Read-only and read-write SNMPv2 communities are supported in Packet Tracer 7.2.2

Switch(config)#snmp-server community public ?
  ro  Read-only access with this community string
  rw  Read-write access with this community string


SNMP traps and SNMP v3 are not supported.


5.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA

5.3 Use local SPAN to troubleshoot and resolve problems

5.4 Describe device management using AAA with TACACS+ and RADIUS

5.5 Describe network programmability in enterprise network architecture

5.6 Troubleshoot basic Layer 3 end-to-end connectivity issues