This is an old revision of the document!

CCNA 200-301 v1.1 – Exam at a Glance

Exam: CCNA 200-301
Time: 120 minutes
Focus: Modern enterprise networking – routing/switching, wireless, security, and automation.

The exam is built around six domains:

  • Network Fundamentals (20%)
  • Network Access (20%)
  • IP Connectivity (25%)
  • IP Services (10%)
  • Security Fundamentals (15%)
  • Automation and Programmability (10%)

1. Network Fundamentals (20%)

Goal: Understand what a network is, what the parts do, and how IP addressing works.

  • Devices & roles
    • Routers, Layer 2/3 switches
    • Next-gen firewalls and IPS
    • Access points and wireless controllers
    • Endpoints and servers
    • PoE (Power over Ethernet)
  • Topologies & designs
    • 2-tier vs 3-tier
    • Spine-leaf
    • WAN
    • SOHO (small office / home office)
    • On-prem vs cloud
  • Cabling & interfaces
    • Single-mode fiber, multimode fiber, copper
    • Shared media vs point-to-point
    • Common issues: collisions, errors, speed/duplex mismatch
  • IP basics
    • IPv4 addressing and subnetting
    • Private IPv4 ranges
    • IPv6 addressing and prefixes
    • IPv6 types: unicast (global, ULA, link-local), anycast, multicast, EUI-64
  • Clients & wireless
    • Verify IP parameters on Windows, macOS, Linux
    • SSID, non-overlapping Wi-Fi channels, RF basics
    • Wireless encryption basics
  • Virtualization & switching
    • Server virtualization, containers, VRFs
    • MAC learning and aging
    • Frame switching and flooding
    • MAC address table concepts

2. Network Access (20%)

Goal: Get devices onto the LAN and WLAN safely and correctly.

  • VLANs
    • Data and voice VLANs
    • Default VLAN
    • VLANs spanning multiple switches
    • Inter-VLAN connectivity
  • Trunks
    • 802.1Q tagging
    • Native VLAN
    • Access vs trunk ports
  • Neighbor discovery
    • Cisco Discovery Protocol (CDP)
    • Link Layer Discovery Protocol (LLDP)
  • Link aggregation
    • EtherChannel (LACP) at Layer 2 / Layer 3
  • Spanning Tree (Rapid PVST+)
    • Root bridge, root ports, other port roles
    • Port states and roles
    • PortFast
    • Root guard, loop guard, BPDU guard, BPDU filter
  • Wireless access
    • Cisco wireless architectures and AP modes
    • Physical connections: AP, WLC, access/trunk ports, LAG
    • WLAN GUI basics: SSID creation, security, QoS profiles, advanced options
  • Device management access
    • Telnet, SSH, HTTP, HTTPS, console
    • TACACS+ / RADIUS
    • Cloud-managed devices

3. IP Connectivity (25%)

Goal: Understand how routers make forwarding decisions.

  • Routing table components
    • Routing protocol code
    • Prefix and network mask
    • Next hop
    • Administrative distance
    • Metric
    • Gateway of last resort
  • Forwarding decisions
    • Longest prefix match
    • Administrative distance
    • Routing protocol metric
  • Static routing (IPv4 and IPv6)
    • Default route
    • Network route
    • Host route
    • Floating static routes
  • OSPFv2 (single area)
    • Neighbor adjacencies
    • Point-to-point networks
    • Broadcast networks and DR/BDR
    • Router ID
  • First Hop Redundancy
    • Purpose: keep default gateway available using redundancy concepts

4. IP Services (10%)

Goal: Know the common network services that support connectivity.

  • NAT
    • Inside source NAT (static and pools)
  • Time and naming
    • NTP client and server roles
    • Role of DHCP and DNS
  • Monitoring and logging
    • SNMP in network operations
    • Syslog facilities and severity levels
  • DHCP operations
    • DHCP client
    • DHCP relay
  • QoS basics
    • Classification and marking
    • Queuing and congestion management
    • Policing and shaping
  • Remote access and file services
    • Configure network devices for SSH access
    • TFTP / FTP capabilities and functions

5. Security Fundamentals (15%)

Goal: Protect devices, data, and users.

  • Security concepts
    • Threats, vulnerabilities, exploits
    • Mitigation techniques
  • Security program elements
    • User awareness and training
    • Physical access control
  • Device access security
    • Local passwords for device access
    • Password policy (management, complexity)
    • Alternatives: MFA, certificates, biometrics
  • VPNs
    • IPsec remote-access VPNs
    • IPsec site-to-site VPNs
  • Access control
    • Configure and verify ACLs
  • Layer 2 security
    • DHCP snooping
    • Dynamic ARP inspection (DAI)
    • Port security
  • AAA concepts
    • Authentication
    • Authorization
    • Accounting
  • Wireless security
    • WPA, WPA2, WPA3
    • Configure WLAN (GUI) with WPA2-PSK

6. Automation and Programmability (10%)

Goal: Understand how automation and APIs change network management.

  • Automation impact
    • Why automation matters for consistency, speed, and error reduction
  • Traditional vs controller-based networking
    • Comparison of management and control methods
  • SDN and controller-based architecture
    • Overlay vs underlay vs fabric
    • Separation of control plane and data plane
    • Northbound and southbound APIs
  • AI / ML in network operations
    • Generative and predictive uses for monitoring and troubleshooting
  • REST-based APIs
    • Authentication types
    • CRUD operations
    • HTTP verbs
    • Data encoding formats
  • Configuration management tools
    • Capabilities of Ansible
    • Capabilities of Terraform
  • JSON
    • Recognize JSON-encoded structures and fields

Overview of official CCNA exam topics