Home/ networking/ Cisco Certified Network Associate/ Cheat Sheet
Cisco Certified Network Associate· Exam reference card · 2026 · Edureify AI
Cisco Certified Network Associate

Cisco Certified Network Associate Cheat Sheet

CCNA Tests Applied Networking — Configuration and Troubleshooting, Not Theory

The CCNA expects you to configure, verify, and troubleshoot real network scenarios. Knowing the OSI model is table stakes — applying it under time pressure is the test.

Check Your Readiness →
Among the harder certs
Avg: Approximately 63–68%
Pass: 750 / 1000
Most candidates understand Cisco Certified Network Associate concepts — and still fail. This exam tests how you apply knowledge under pressure.
Core Framework

CCNA Exam Domain Framework

CCNA 200-301 has six exam topics. Routing and switching configuration questions dominate. Know show commands for verification, common error symptoms, and how to read routing tables, VLAN configurations, and access control lists.

  1. 01
    Network Fundamentals — OSI model, TCP/IP, protocols, cabling
  2. 02
    Network Access — VLANs, trunking (802.1Q), Spanning Tree, wireless
  3. 03
    IP Connectivity — IPv4/IPv6 routing, OSPF, static routes, route redistribution
  4. 04
    IP Services — DHCP, DNS, NAT, NTP, SNMP, Syslog
  5. 05
    Security Fundamentals — AAA, ACLs, port security, VPNs
  6. 06
    Automation & Programmability — REST APIs, Cisco DNA Center, network automation basics
Scenario Traps

Wrong instinct vs correct approach

Devices in the same VLAN cannot communicate across switches
✕ Wrong instinct

Check the routing configuration between the switches

✓ Correct approach

Same-VLAN communication is a Layer 2 issue — verify the VLAN is configured on both switches, the inter-switch link is a trunk port, and the VLAN is allowed on the trunk

A router is not receiving OSPF routes from a neighbor
✕ Wrong instinct

Check if OSPF is enabled on the interface

✓ Correct approach

Verify OSPF neighbor parameters match: subnet, area number, hello/dead intervals, MTU size, stub area flags, and authentication — any mismatch prevents adjacency formation

NAT is configured but internal hosts cannot reach the internet
✕ Wrong instinct

Check the NAT pool addresses

✓ Correct approach

Verify the NAT statements match the ACL defining internal traffic, the inside/outside interface designations are correct, and the default route or routing allows traffic to the outside interface

Quick Rules

Know these cold

  • Access ports — ingle VLAN, untagged; Trunk ports: multiple VLANs, 802.1Q tagged
  • OSPF adjacency requirements — atching subnet, area, hello/dead intervals, MTU, stub flags
  • Standard ACL close to destination; Extended ACL close to source
  • PAT (NAT overload) maps many internal IPs to one public IP via port translation
  • Verify with show commands — how ip route, show vlan brief, show interfaces trunk, show ip ospf neighbor
  • STP root bridge — owest bridge ID (priority + MAC); default priority is 32768
  • CDP/LLDP discovery — se show cdp neighbors to map physical topology
Self Check

Can you answer these without checking your notes?

In this scenario: "Devices in the same VLAN cannot communicate across switches" — what should you do first?
Same-VLAN communication is a Layer 2 issue — verify the VLAN is configured on both switches, the inter-switch link is a trunk port, and the VLAN is allowed on the trunk
In this scenario: "A router is not receiving OSPF routes from a neighbor" — what should you do first?
Verify OSPF neighbor parameters match: subnet, area number, hello/dead intervals, MTU size, stub area flags, and authentication — any mismatch prevents adjacency formation
In this scenario: "NAT is configured but internal hosts cannot reach the internet" — what should you do first?
Verify the NAT statements match the ACL defining internal traffic, the inside/outside interface designations are correct, and the default route or routing allows traffic to the outside interface
Failure Patterns

Common Exam Mistakes — What candidates get wrong

Confusing trunk and access port configuration

Access ports carry untagged traffic for a single VLAN. Trunk ports carry tagged traffic for multiple VLANs using 802.1Q encapsulation. Misconfiguring native VLAN on trunk ports or assigning a trunk port as access causes connectivity failures.

Misidentifying OSPF neighbor state issues

OSPF neighbors must agree on: subnet mask, area number, hello/dead intervals, stub area flags, and authentication. If neighbors are stuck in EXSTART or EXCHANGE state, MTU mismatch is a common culprit. Candidates diagnose OSPF failures without checking these parameters.

Applying standard ACLs where extended ACLs are needed

Standard ACLs filter only by source IP and should be placed close to the destination. Extended ACLs filter by source, destination, protocol, and port and should be placed close to the source. Placing standard ACLs at the source is inefficient and often blocks unintended traffic.

Confusing STP port states and roles

STP port roles: Root Port, Designated Port, Non-Designated (blocking). Port states: Blocking → Listening → Learning → Forwarding. Candidates confuse roles with states and misdiagnose why a port is not forwarding.

Misidentifying NAT types

Static NAT: one-to-one mapping (permanent). Dynamic NAT: pool of public IPs mapped to private IPs (temporary). PAT/NAT overload: many private IPs mapped to one public IP using port numbers. PAT is the most common in practice and the most tested.

CCNA requires applied networking knowledge. Test whether you can configure and troubleshoot, not just recall.

Start Diagnostic Test → View all exams