🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
200-301
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
200-301 Cisco Systems Coming Soon

CCNA

The 200-301 CCNA course teaches network fundamentals, access, IP connectivity, services, and security, enabling learners to design, configure, verify, and troubleshoot enterprise Cisco IOS/IOS XE environments.

120
Minutes
102
Questions
$330
Exam Cost

Who Should Take This

Network engineers, system administrators, and IT professionals with at least one year of hands‑on networking experience who aim to validate their Cisco knowledge and advance toward higher‑level certifications. They seek practical, hands‑on preparation for implementing, verifying, and troubleshooting real‑world enterprise networks using Cisco IOS/IOS XE.

What's Covered

1 All domains in the Cisco Certified Network Associate (200-301 CCNA) exam: Network Fundamentals
2 , Network Access
3 , IP Connectivity
4 , IP Services
5 , Security Fundamentals
6 , and Automation and Programmability

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

63 learning goals
1 Domain 1: Network Fundamentals
7 topics

Explain the role and function of network components

  • Describe the roles of routers, Layer 2 and Layer 3 switches, next-generation firewalls, IPS, access points, controllers, and endpoints in enterprise network architectures.
  • Compare and contrast the characteristics of two-tier (collapsed core), three-tier (access, distribution, core), and spine-leaf network architecture designs for campus and data center deployments.
  • Compare and contrast physical interface types including copper (UTP Cat 5e/6/6a), single-mode fiber, multimode fiber, and SFP/SFP+ transceivers and select appropriate media for distance and bandwidth requirements.

Describe characteristics of network topology architectures

  • Describe WAN topologies and connectivity options including MPLS, Metro Ethernet, broadband (DSL, cable, fiber), VPN over internet, and point-to-point leased lines for enterprise remote site connectivity.
  • Describe the concepts of small office/home office (SOHO) network design including wireless connectivity, NAT, DHCP, and internet access sharing for remote worker and small business environments.

Compare TCP and UDP transport layer protocols

  • Compare TCP and UDP transport protocols including connection establishment (three-way handshake), reliability mechanisms (sequence numbers, acknowledgments, retransmission), flow control, and windowing.

Configure and verify IPv4 addressing and subnetting

  • Apply VLSM subnetting to design IPv4 addressing schemes that efficiently allocate address space across multiple subnets of varying sizes within an enterprise network.
  • Configure and verify IPv4 addresses and subnet masks on Cisco router and switch interfaces using IOS CLI commands and validate connectivity with show ip interface brief output.

Describe IPv6 addressing architecture

  • Identify IPv6 address types including global unicast (GUA), unique local (ULA), link-local (FE80::/10), and multicast and configure IPv6 addresses on Cisco router interfaces.
  • Describe IPv6 auto-configuration methods including SLAAC (Stateless Address Autoconfiguration) and DHCPv6 (stateful and stateless) and explain how EUI-64 generates interface identifiers from MAC addresses.

Verify IP parameters for client OS

  • Verify IP parameters for client operating systems including IP address, subnet mask, default gateway, and DNS server on Windows, macOS, and Linux using CLI commands and GUI tools.

Describe wireless LAN fundamentals

  • Describe the components of a Cisco wireless LAN architecture including lightweight access points, WLCs, CAPWAP tunnels, and the split-MAC architecture for centralized management.
2 Domain 2: Network Access
4 topics

Configure and verify VLANs spanning multiple switches

  • Configure and verify access ports, default VLAN, and data/voice VLANs on Cisco switches using IOS commands including vlan, switchport mode access, and switchport access vlan.
  • Configure and verify 802.1Q trunk links between switches including native VLAN configuration, allowed VLAN lists, and trunk negotiation using DTP and manual trunk mode settings.
  • Configure and verify inter-VLAN routing using router-on-a-stick with 802.1Q subinterfaces and Layer 3 switch SVIs to enable communication between VLAN segments.

Configure and verify Spanning Tree Protocol

  • Describe the purpose and operation of Spanning Tree Protocol (802.1D) including root bridge election, port roles (root, designated, blocked), port states, and BPDU processing for loop prevention.
  • Compare Rapid PVST+ and PVST+ by evaluating convergence time improvements, port states (discarding, learning, forwarding), proposal-agreement mechanism, and per-VLAN spanning tree instances.
  • Configure STP root bridge priority and describe PortFast and BPDU Guard features for access ports to prevent topology changes caused by end devices and protect against unauthorized switches.

Configure and verify EtherChannel (Link Aggregation)

  • Configure and verify EtherChannel using LACP (802.3ad) by bundling multiple physical links into a single logical channel for increased bandwidth and redundancy between switches.

Describe AP modes and wireless concepts

  • Describe wireless access point modes including autonomous, lightweight (CAPWAP), and FlexConnect and explain how each mode manages configuration, tunneling, and local switching.
  • Describe physical infrastructure requirements for wireless deployments including RF coverage, channel planning for 2.4 GHz and 5 GHz bands, power levels, and co-channel versus adjacent-channel interference.
  • Compare wireless security protocols including WPA, WPA2, and WPA3 with personal (PSK) and enterprise (802.1X) authentication modes and explain TKIP versus AES encryption differences.
3 Domain 3: IP Connectivity
4 topics

Interpret the components of a routing table

  • Interpret routing table entries including routing protocol codes, prefix/length, next-hop address, administrative distance, metric, and outgoing interface from show ip route output on Cisco routers.
  • Describe how routers perform longest prefix match to select the most specific route for packet forwarding and explain the role of the default route (0.0.0.0/0) as the gateway of last resort.

Configure and verify static routes

  • Configure and verify IPv4 and IPv6 static routes including next-hop routes, directly connected routes, and default static routes using IOS ip route and ipv6 route commands.
  • Configure and verify floating static routes by assigning higher administrative distance values to provide backup paths that activate when primary dynamic routes are withdrawn.

Configure and verify single-area OSPFv2

  • Describe OSPF concepts including link-state operation, neighbor adjacency formation, hello and dead intervals, LSDB synchronization, SPF algorithm, and OSPF areas for scalable routing.
  • Configure and verify single-area OSPFv2 on Cisco routers including router-id selection, network statements, passive interfaces, and default route advertisement using IOS router ospf commands.
  • Describe OSPF neighbor states (Down, Init, Two-Way, ExStart, Exchange, Loading, Full) and explain the DR/BDR election process on multiaccess networks based on priority and router-id.
  • Analyze OSPF metric calculation using interface cost (reference bandwidth / interface bandwidth) and verify OSPF route selection using show ip ospf interface and show ip route ospf commands.
  • Configure and verify OSPFv2 point-to-point and broadcast network types and explain how the network type affects adjacency formation and DR/BDR election behavior.

Describe the purpose of first-hop redundancy protocols

  • Describe the purpose and operation of first-hop redundancy protocols including HSRP, VRRP, and GLBP and explain how virtual IP addresses provide gateway failover for LAN endpoints.
4 Domain 4: IP Services
5 topics

Configure and verify DHCP and DNS

  • Configure and verify DHCP server on a Cisco router including address pool, excluded addresses, default gateway, DNS server options, and lease duration using IOS ip dhcp pool commands.
  • Configure and verify DHCP relay agent (ip helper-address) on router interfaces to forward DHCP broadcasts across subnet boundaries to a centralized DHCP server.
  • Describe the function of DNS in providing hostname-to-IP address resolution and configure DNS lookup on Cisco devices using ip name-server and ip domain-lookup commands.

Configure and verify NAT

  • Configure and verify static NAT, dynamic NAT, and PAT (NAT overload) on Cisco routers and describe inside/outside local/global address translation terminology.
  • Analyze NAT translation table entries using show ip nat translations and show ip nat statistics to verify address mappings, translation counts, and troubleshoot NAT configuration issues.

Describe network time and management protocols

  • Configure and verify NTP operating in client mode on Cisco devices and explain the importance of synchronized time for security logs, troubleshooting, and certificate validation.
  • Describe the role of SNMP in network monitoring including SNMP versions (v2c, v3), managers, agents, MIBs, traps, and polling for collecting device performance and status information.
  • Describe syslog message severity levels (0-7), syslog server configuration, and how centralized logging supports troubleshooting, security monitoring, and compliance requirements.

Describe QoS concepts

  • Describe QoS concepts including classification, marking (DSCP, CoS), queuing, congestion management, policing, and shaping and explain how they ensure predictable performance for voice and video traffic.
  • Describe the purpose of trust boundaries in QoS and explain how traffic is classified at network ingress points to enforce consistent QoS policies across the enterprise network.

Describe remote access and file transfer protocols

  • Compare SSH and Telnet for remote device management by evaluating encryption, authentication methods, security risks, and explain why SSH is required for secure network administration.
  • Describe FTP and TFTP protocols including active and passive FTP modes, authentication requirements, and common use cases for IOS image transfers and configuration backup on Cisco devices.
5 Domain 5: Security Fundamentals
6 topics

Define key security concepts and threats

  • Define security concepts including threats, vulnerabilities, exploits, and the CIA triad and describe how security programs address confidentiality, integrity, and availability requirements.
  • Describe common network attacks including ARP spoofing, DHCP starvation, VLAN hopping, MAC flooding, phishing, password attacks, and reconnaissance and identify mitigation techniques for each.

Describe security program elements

  • Describe AAA concepts including local database authentication, RADIUS, and TACACS+ server-based authentication and explain how each is applied to control access to network devices.
  • Compare RADIUS and TACACS+ by evaluating transport protocol, encryption scope, authorization granularity, and accounting capabilities for enterprise device access control.

Configure device access control

  • Configure device hardening features including secure passwords (enable secret, service password-encryption), login banners, SSH for remote management, and disabling unused services and interfaces.
  • Configure and verify IPv4 standard and extended ACLs to filter traffic based on source/destination addresses, protocols, and ports and apply ACLs to router interfaces using ip access-group commands.
  • Analyze ACL operation including implicit deny, top-down processing, wildcard mask calculation, and log keyword usage to evaluate whether traffic is permitted or denied in a given network scenario.

Describe Layer 2 security features

  • Describe Layer 2 security features including DHCP snooping, dynamic ARP inspection (DAI), and port security and explain how each mitigates specific Layer 2 attack vectors.

Describe VPN and IPsec concepts

  • Compare site-to-site VPN and remote-access VPN architectures and describe how IPsec provides confidentiality (ESP), integrity (AH), and authentication (IKE) for encrypted tunnel communication.

Describe wireless security and management

  • Configure wireless LAN security settings including WPA2/WPA3 authentication modes, RADIUS integration for 802.1X enterprise authentication, and guest WLAN isolation on Cisco WLCs.
  • Describe the purpose of management access security features including console port password, VTY line configuration, privilege levels, and local user authentication for Cisco device access control.
6 Domain 6: Automation and Programmability
4 topics

Explain how automation impacts network management

  • Describe the benefits of network automation including reduced human error, consistent configuration deployment, faster provisioning, scalable management, and integration with DevOps workflows.
  • Compare traditional network management (CLI-based, device-by-device) with controller-based architectures (SDN, intent-based networking) and explain how APIs replace manual configuration methods.

Describe characteristics of REST-based APIs

  • Describe REST API characteristics including CRUD operations mapped to HTTP methods (GET, POST, PUT, DELETE), URI structure, stateless communication, and HTTP response codes (2xx, 4xx, 5xx).
  • Compare JSON and XML data encoding formats by evaluating syntax, readability, parsing complexity, and usage in network automation APIs for structured data exchange.
  • Identify Cisco DNA Center and Meraki Dashboard APIs as examples of northbound REST APIs and describe how they enable programmatic network management, monitoring, and provisioning.

Describe configuration management tools

  • Compare configuration management tools including Ansible (agentless, YAML playbooks, SSH push), Puppet (agent-based, declarative manifests), and Chef (agent-based, Ruby recipes) for network device automation.

Recognize Cisco DNA Center capabilities

  • Describe Cisco DNA Center capabilities including network design, policy management, provisioning, assurance, and analytics for intent-based enterprise network management.
  • Describe how Cisco SD-Access uses DNA Center for automated fabric provisioning, identity-based segmentation, and policy enforcement across the wired and wireless campus network.

Scope

Included Topics

  • All domains in the Cisco Certified Network Associate (200-301 CCNA) exam: Network Fundamentals (20%), Network Access (20%), IP Connectivity (25%), IP Services (10%), Security Fundamentals (15%), and Automation and Programmability (10%).
  • Comprehensive networking knowledge including network architectures, Ethernet LAN switching, VLANs and trunking, STP, EtherChannel, IPv4 and IPv6 routing, OSPF, static routing, first-hop redundancy, and WAN concepts.
  • IP services including DHCP, DNS, NAT, NTP, SNMP, syslog, QoS mechanisms, and network management tools for monitoring and maintaining enterprise network infrastructure.
  • Security fundamentals including AAA, ACLs, Layer 2 security features, wireless security, VPN concepts, and Cisco device hardening best practices for protecting network infrastructure.
  • Automation and programmability concepts including REST APIs, configuration management tools (Ansible, Puppet, Chef), JSON and XML data formats, and Cisco DNA Center for intent-based networking.

Not Covered

  • Professional and specialty-level topics including advanced BGP configuration, multi-area OSPF design, MPLS, and SD-WAN deployment covered in CCNP and higher certifications.
  • Detailed data center networking including fabric architectures, ACI policy models, and nexus platform administration.
  • Advanced wireless controller deployment, RF engineering, site survey methodology, and enterprise WLAN design optimization.
  • Full-stack network programmability including Python SDK development, YANG model authoring, and NETCONF/RESTCONF protocol implementation beyond basic awareness.
  • Cisco ISE advanced policy configuration, TrustSec implementation, and enterprise PKI deployment beyond foundational security concepts.

Official Exam Page

Learn more at Cisco Systems

Visit

200-301 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

Cisco®, CCNA®, CCNP®, CCIE®, and related marks are registered trademarks of Cisco Technology, Inc. Cisco does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.