What's new in CCNA v7 ?
Cisco refreshed it's certification program on February 2020 and rebalanced exam topics to better align with employer needs, include room for new topics and end-to end
networking awareness as digital transformation of businesses is driving new networking technologies :
- Software defined architectures
- Automation and virtualization accross all network domains
- Network device management moving from CLI to API
- Programming skills which are now essentials to network admins
- Wireless technologies now prevalent in access networks
- Expanding security threats requiring analytics skills
Cisco CCNA v7
The new Cisco CCNA has been designed by Cisco to testscandidate's knowledge and skills related to network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability. The CCNA 200-301 120-minute exam is required to achieve the associate certification level.
This certification level validates the ability to install, configure, operate, and troubleshoot medium-size switched and routed networks, including implementation and verification of connections to remote sites in a WAN environment. Upon completion, CCNA candidates should be able to successfully carry out any number of essential networking maintenance and troubleshooting duties such as operating LAN, WAN and dial access services for small networks, as well as having good working knowledge of protocols such as IP, IGRP, Serial, Frame Relay, IP RIP, VLAN’s, Ethernet and Access Lists.
The 200-301 CCNA exams include labs and simlets questions to test student's ability to configure and troubleshoot network devices. It is highly recommended to practice networking simulation using Cisco Packet Tracer 8.1 before taking any of the exams. Labs for CCNA traiing available in our labs sections.
CCNA Routing and Switching PTMO (Packet Tracer Media Objects) can be run inside Packet Tracer 8.1 without installing the JAVA runtime environment to practice drag and drop, fill in the blank, multiple choices exam questions.
CCNA 200-301 exam topics
Exam topics may change at any time without notice. Find complete information about CCNA exam topics on Cisco website : https://learningnetwork.cisco.com/s/ccna-exam-topics?ccid=ccna&dtid=website&oid=cdc-ccna-exam
1.0 Network fundamentals
- 1.1 Explain the role and function of network components
- 1.2 Describe characteristics of network topology architectures
- 1.3 Compare physical interface and cabling types
- 1.4 Identify interface and cable issues (collisions, errors, mismatch duplex, and/or speed)
- 1.5 Compare TCP to UDP
- 1.6 Configure and verify IPv4 addressing and subnetting
- 1.7 Describe the need for private IPv4 addressing
- 1.8 Configure and verify IPv6 addressing and prefix
- 1.9 Compare IPv6 address types
- 1.10 Verify IP parameters for Client OS (Windows, Mac OS, Linux)
- 1.11 Describe wireless principles1.12 Explain virtualization fundamentals (virtual machines)
- 1.13 Describe switching concepts
2.0 Network access
- 2.1 Configure and verify VLANs (normal range) spanning multiple switches
- 2.2 Configure and verify interswitch connectivity
- 2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)
- 2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
- 2.5 Describe the need for and basic operations of Rapid PVST+ Spanning Tree Protocol and identify basic operations
- 2.6 Compare Cisco Wireless Architectures and AP modes
- 2.7 Describe physical infrastructure connections of WLAN components (AP,WLC, access/trunk ports, and LAG)
- 2.8 Describe AP and WLC management access connections (Telnet, SSH, HTTP,HTTPS, console, and TACACS+/RADIUS)
- 2.9 Configure the components of a wireless LAN access for client connectivity using GUI only such as WLAN creation, security settings, QoS profiles, and advanced WLAN setting
3.0 IP connectivity
- 3.1 Interpret the components of routing table
- 3.2 Determine how a router makes a forwarding decision by default
- 3.3 Configure and verify IPv4 and IPv6 static routing
- 3.4 Configure and verify single area OSPFv2
- 3.5 Describe the purpose of first hop redundancy protocol
4.0 IP services
- 4.1 Configure and verify inside source NAT using static and pools4.2 Configure and verify NTP operating in a client and server mode
- 4.3 Explain the role of DHCP and DNS within the network
- 4.4 Explain the function of SNMP in network operations
- 4.5 Describe the use of syslog features including facilities and levels
- 4.6 Configure and verify DHCP client and relay
- 4.7 Explain the forwarding per-hop behavior (PHB) for QoS such as classification, marking, queuing, congestion, policing, shaping
- 4.8 Configure network devices for remote access using SSH
- 4.9 Describe the capabilities and function of TFTP/FTP in the network
5.0 Security fundamentals
- 5.1 Define key security concepts (threats, vulnerabilities, exploits, and mitigation techniques)
- 5.2 Describe security program elements (user awareness, training, and physical access control)
- 5.3 Configure device access control using local passwords
- 5.4 Describe security password policies elements, such as management, complexity, and password alternatives (multifactor authentication, certificates, and biometrics)
- 5.5. Describe remote access and site-to-site VPNs
- 5.6 Configure and verify access control lists
- 5.7 Configure Layer 2 security features (DHCP snooping, dynamic ARP inspection, and port security)
- 5.8 Differentiate authentication, authorization, and accounting concepts
- 5.9 Describe wireless security protocols (WPA, WPA2, and WPA3)
- 5.10 Configure WLAN using WPA2 PSK using the GUI
6.0 Automation and Programmability
- 6.1 Explain how automation impacts network management
- 6.2 Compare traditional networks with controller-based networking
- 6.3 Describe controller-based and software defined architectures (overlay, underlay, and fabric)
- 6.4 Compare traditional campus device management with Cisco DNA Center enabled device management
- 6.5 Describe characteristics of REST-based APIs (CRUD, HTTP verbs, and data encoding)
- 6.6 Recognize the capabilities of configuration management mechanisms Puppet, Chef, and Ansible
- 6.7 Interpret JSON encoded data
Recommended books for exam preparation (self-study)
CCNA certifications are valid for three years. To recertify, you have to pass either the ICND2 or the CCNA exam, or pass any professional or specialization certification exam (CCNP, ...).
Pearson VUE delivers tests for associate, professional, and expert level certifications for Cisco Systems. Select your test center and schedule your CCNA exam on Pearson VUE website.
Packet Tracer 8.1 features for CCNA v7 200-301 exam preparation
1.0 LAN Switching Technologies
1.1 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches
Normal and extended range vlans are fully supported on Packet Tracer 7.2 emulated catalyst switches :
- Normal VLAN ID : 1 to 1001 (1002 - 1005 reserved)
- Extended VLAN ID : 106 to 4094 (4095 reserved)
Switch(config)#vlan ? <1-4094> ISL VLAN IDs 1-1005
1.2 Configure, verify, and troubleshoot interswitch connectivity
- Trunk ports : Supported (switchport mode trunk)
- Add and remove VLANs on a trunk : Supported (switchport trunk allowed vlan add/remove/except/all/none)
- DTP - Dynamic Trunking Protocol : Supported (switchport nonegotiate to disable it)
- VTP (v1&v2) - VLAN Trunking Protocol : Both VTP v1&v2 are supported (vtp version <1-2>, vtp domain, vtp mode)
Switch(config)#vtp ? domain Set the name of the VTP administrative domain. mode Configure VTP device mode password Set the password for the VTP administrative domain version Set the adminstrative domain to VTP version Switch(config)#vtp version ? <1-2> Set the adminstrative domain VTP version number Switch(config)#vtp mode ? client Set the device to client mode. server Set the device to server mode. transparent Set the device to transparent mode.
- 802.1Q : Supported by default on emulated Catalyst switches.
- Native VLAN: Supported (switchport trunk native vlan)
Switch(config-if)#switchport trunk native ? vlan Set native VLAN when interface is in trunking mode
1.3 Configure, verify, and troubleshoot STP protocols
Packet Tracer emulates PVST+ and Rapid-PVST+ Cisco proprietary protocols. Multiple spanning-tree (MST) is not supported.
Switch(config)#spanning-tree mode ? pvst Per-Vlan spanning tree mode rapid-pvst Per-Vlan rapid spanning tree mode
Spanning-tree root bridge can be configured using either :
- Manually configured priority (lowest priority is root) using spanning-tree vlan 1 priority command
- Automatically using the spanning-tree vlan 1 root primary command which automatically sets the priority value as the lowest value in the network.
Switch(config)#spanning-tree vlan 1 priority % Bridge Priority must be in increments of 4096. % Allowed values are: 0 4096 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 61440 Switch(config)#spanning-tree vlan 100 root primary
1.4 Configure, verify, and troubleshoot STP-related optional features
Packet Tracer supports the spanning-trevPortFast configuration on catalyst switches which allows imediate network interface transition into the forwarding state upon linkup. he network interface still participates in the spanning-tree This feature is used on host ports an is usually required to make PXE boot or DHCP clients work smoothly.
The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the network topology predictable by dening devices behind the ports that have STP PortFast enabled to influence the STP topology. At the reception of BPDUs on a portfast enabled interface, the BPDU guard operation disables the port (errdisable state) that has PortFast configured.
Switch(config)#interface fastEthernet 0/1 Switch(config-if)#spanning-tree portfast ? disable Disable portfast for this interface trunk Enable portfast on the interface even in trunk mode <cr> Switch(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode. Switch(config-if)#spanning-tree bpduguard enable
Spanning-tree portfast can also be configured by default on all the switch network interfaces :
Switch(config)#spanning-tree portfast ? default Enable portfast by default on all access ports Switch(config)#spanning-tree portfast default
1.5 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel
Static, LACP, and PAGP etherchannel confguration are supported in Packet Tracer 7.2.2 on catalyst switches layer 2 and layer 3 interfaces
Switch(config-if)#channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected
Use the channel-protocol interface configuration command to restrict the etherchannel protocol used on a port to manage channeling.
Switch(config-if)#channel-protocol ? lacp Prepare interface for LACP protocol pagp Prepare interface for PAgP protocol
1.6 Describe the benefits of switch stacking and chassis aggregation
Switch stacking is not supported in Packet Tracer.
1.7 Describe common access layer threat mitigation techniques
1.7.b DHCP snooping
1.7.c Nondefault native VLAN
4.0 Infrastructure Services
4.1 Configure, verify, and troubleshoot basic HSRP
HSRP priority, preemption, and version (v1 vs v2) are covered in this section.
Cisco Packet Tracer 7.2.2 supports HSRP v1 and v2 on ISR routers and Layer 3 switches. The standby IOS command is available to configure HSRP groups and settings.
HSRP priorities and preemption are fully functionnal in Packet Tracer 7.2.2
Router(config-if)#standby ? <0-4095> group number ip Enable HSRP and set the virtual IP address ipv6 Enable HSRP IPv6 preempt Overthrow lower priority Active routers priority Priority level timers Hello and hold timers track Priority Tracking version HSRP version
4.2 Describe the effects of cloud resources on enterprise network architecture
Cloud resources are not available in Packet Tracer.
4.3 Describe basic QoS concepts
Prioritization (Voice, Video, Data)
4.4 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering
Packet Tracer 7.2 features standard, extended, and named access-lists on emulated ISR routers and layer 3 switches. Access-lists can be applied to physical network interfaces, vlan interfaces, or virtual terminal lines.
Access-lists configuration tutorial describes access-list configuration on a Cisco 2911 ISR router.
Switch(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list Switch(config)#access-list 100 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment Switch(config)#access-list 100 permit ? ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol
4.5 Verify ACLs using the APIC-EM Path Trace ACL analysis tool
APIC-EM is not supported in Cisco Packet Tracer 7.2 . However, APIC-EM can be tested on https://sandboxapicem.cisco.com/ (Username: devnetuser - Password: Cisco123!)
5.0 Infrastructure Maintenance
5.1 Configure and verify device-monitoring protocols
Read-only and read-write SNMPv2 communities are supported in Packet Tracer 7.2.2
Switch(config)#snmp-server community public ? ro Read-only access with this community string rw Read-write access with this community string <cr>
SNMP traps and SNMP v3 are not supported.