The complete CCNA certification guide

By Sean Wilkins

Preparing for your CCNA certification? We’ve put together this CCENT and CCNA certification guide to help you succeed.

 

When looking over the Cisco certifications options it’s easy to feel overwhelmed. After all, there are many different tracks at various levels with specific focus areas. This is especially true if you’re just getting into networking and attempting to map out the best learning path based on your personal goals and interests.

The two main entry-level Routing and Switching Cisco certifications you can obtain include the Cisco Certified Technician (CCT) and the Cisco Certified Entry Networking (CCENT). This guide looks at the CCENT certification and the more advanced Cisco Certified Networking Associated (CCNA) certification. The material covered on the CCENT is equal to roughly half of the material covered on the CCNA and we’ll discuss it in detail. This information will provide you with a complete CCENT and CCNA study guide. We’ll also take a look at the target audience for CCENT and CCNA certifications and how achieving certification can help you reach your goals.  

CCENT: the basics

If you’re unfamiliar with the Cisco certification universe, some clarification is first required to understand the differences between each. For anyone getting into networking with no or very little networking background there are two entry-level certification options: the CCT and CCENT. The CCT focuses primarily on folks who want to become field support technicians. These positions require that you have some technical background (but you don’t need to know much  yet about networking). These are also typically supported with an experienced engineer (often directly by a central networking operations center engineer). For example, the CCT is required for field engineers who will work with Cisco’s Technical Assistance Center (TAC) engineers for authorized support work.

The CCENT focuses on the same experience level but with a career path that would put you into a position of supporting, configuring and troubleshooting equipment. The CCENT and the next level CCNA certification are part of Cisco’s main routing and switching certification career path, which includes the CCENT, CCNA, CCNP and the CCIE. The CCENT certification includes most of the same objectives as the CCT certification and adds more focus to networking fundamentals, configuration and troubleshooting; mainly without the support of a direct senior-level engineer.

The CCNA certification is yet another step on the same ladder as CCENT. The CCNA certification builds on the core knowledge covered in the CCENT and adds to it by covering the CCENT material in more detail, adding several advanced topics. 

How do I get my CCENT certification?

As with the previous guide in this series, this article focuses on Cisco’s Routing and Switching track of certifications. It’s important to note that Cisco has many different certification tracks depending on your technical focus (and some of Cisco’s other certification tracks have the CCENT or CCNA as a prerequisite).

CCENT certification path

To achieve the CCENT certification, you must study for and pass the Interconnecting Cisco Networking Devices Part 1 (ICND1) (100-105) exam. 

As listed in the objectives below, the CCENT (ICND1) has a considerable amount of coverage in networking fundamentals both for routing and switching (compared with the CCT). It also looks at how different devices can be configured, and how they should work once configured correctly. This knowledge extends even further into troubleshooting these devices when problems arise.

The skills required to pass this exam are broken down into five domains: Network Fundamentals; LAN Switching Fundamentals; Routing Fundamentals; Infrastructure Services; Infrastructure Maintenance. These domains and their objectives are shown below.    

  • 1.0 Network Principles (20 percent):
    • 1.1 Compare and contrast OSI and TCP/IP models
    • 1.2 Compare and contrast TCP and UDP protocols
    • 1.3 Describe the impact of infrastructure components in an enterprise network
      • 1.3.a Firewalls
      • 1.3.b Access points
      • 1.3.c Wireless controllers
    • 1.4 Compare and contrast collapsed core and three-tier architectures
    • 1.5 Compare and contrast network topologies
      • 1.5.a Star
      • 1.5.b Mesh
      • 1.5.c Hybrid
    • 1.6 Select the appropriate cabling type based on implementation requirements
    • 1.7 Apply troubleshooting methodologies to resolve problems
      • 1.7.a Perform fault isolation and document
      • 1.7.b Resolve or escalate
      • 1.7.c Verify and monitor resolution
    • 1.8 Configure, verify, and troubleshoot IPv4 addressing and subnetting
    • 1.9 Compare and contrast IPv4 address types
      • 1.9.a Unicast
      • 1.9.b Broadcast
      • 1.9.c Multicast
    • 1.10 Describe the need for private IPv4 addressing
    • 1.11 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment
    • 1.12 Configure, verify, and troubleshoot IPv6 addressing
    • 1.13 Configure and verify IPv6 Stateless Address Auto Configuration
    • 1.14 Compare and contrast IPv6 address types
      • 1.14.a Global unicast
      • 1.14.b Unique local
      • 1.14.c Link local
      • 1.14.d Multicast
      • 1.14.e Modified EUI 64
      • 1.14.f Autoconfiguration
      • 1.14.g Anycast
  • 2.0 LAN Switching Fundamentals (26 percent)::
    • 2.1 Describe and verify switching concepts
      • 2.1.a MAC learning and aging
      • 2.1.b Frame switching
      • 2.1.c Frame flooding
      • 2.1.d MAC address table
    • 2.2 Interpret Ethernet frame format
    • 2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)
    • 2.4 Configure, verify, and troubleshoot VLANs (normal range) spanning multiple switches
      • 2.4.a Access ports (data and voice)
      • 2.4.b Default VLAN
    • 2.5 Configure, verify, and troubleshoot interswitch connectivity
      • 2.5.a Trunk ports
      • 2.5.b 802.1Q
      • 2.5.c Native VLAN
    • 2.6 Configure and verify Layer 2 protocols
      • 2.6.a Cisco Discovery Protocol
      • 2.6.b LLDP
    • 2.7 Configure, verify, and troubleshoot port security
      • 2.7.a Static
      • 2.7.b Dynamic
      • 2.7.c Sticky
      • 2.7.d Max MAC addresses
      • 2.7.e Violation actions
      • 2.7.f Err-disable recovery
  • 3.0 Routing Fundamentals (25 percent)::
    • 3.1 Describe the routing concepts
      • 3.1.a Packet handling along the path through a network
      • 3.1.b Forwarding decision based on route lookup
      • 3.1.c Frame rewrite
    • 3.2 Interpret the components of routing table
      • 3.2.a Prefix
      • 3.2.b Network mask
      • 3.2.c Next hop
      • 3.2.d Routing protocol code
      • 3.2.e Administrative distance
      • 3.2.f Metric
      • 3.2.g Gateway of last resort
    • 3.3 Describe how a routing table is populated by different routing information sources
      • 3.3.a Admin distance
    • 3.4 Configure, verify, and troubleshoot inter-VLAN routing
      • 3.4.a Router on a stick
    • 3.5 Compare and contrast static routing and dynamic routing
    • 3.6 Configure, verify, and troubleshoot IPv4 and IPv6 static routing
      • 3.6.a Default route
      • 3.6.b Network route
      • 3.6.c Host route
      • 3.6.d Floating static
    • 3.7 Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution)
  • 4.0 Infrastructure Services (15 percent):
    • 4.1 Describe DNS lookup operation
    • 4.2 Troubleshoot client connectivity issues involving DNS
    • 4.3 Configure and verify DHCP on a router (excluding static reservations)
      • 4.3.a Server
      • 4.3.b Relay
      • 4.3.c Client
      • 4.3.d TFTP, DNS, and gateway options
    • 4.4 Troubleshoot client- and router-based DHCP connectivity issues
    • 4.5 Configure and verify NTP operating in client/server mode
    • 4.6 Configure, verify, and troubleshoot IPv4 standard numbered and named access list for routed interfaces
    • 4.7 Configure, verify, and troubleshoot inside source NAT
      • 4.7.a Static
      • 4.7.b Pool
      • 4.7.c PAT
  • 5.0 Infrastructure Maintenance (14 percent):
    • 5.1 Configure and verify device-monitoring using syslog
    • 5.2 Configure and verify device management
      • 5.2.a Backup and restore device configuration
      • 5.2.b Using Cisco Discovery Protocol and LLDP for device discovery
      • 5.2.c Licensing
      • 5.2.d Logging
      • 5.2.e Timezone
      • 5.2.f Loopback
    • 5.3 Configure and verify initial device configuration
    • 5.4 Configure, verify, and troubleshoot basic device hardening
      • 5.4.a Local authentication
      • 5.4.b Secure password
      • 5.4.c Access to device
        • 5.4.c. (i) Source address
        • 5.4.c. (ii) Telnet/SSH
      • 5.4.d Login banner
    • 5.5 Perform device maintenance
      • 5.5.a Cisco IOS upgrades and recovery (SCP, FTP, TFTP, and MD5 verify)
      • 5.5.b Password recovery and configuration register
      • 5.5.c File system management
    • 5.6 Use Cisco IOS tools to troubleshoot and resolve problems
      • 5.6.a Ping and traceroute with extended option
      • 5.6.b Terminal monitor
      • 5.6.c Log events

CCNA certification

Candidates for the CCNA certification are typically split into two different groups: those with no initial network experience, and those with a solid base of networking experience but with no previous Cisco certifications. With this in mind, Cisco offers two different paths to achieving the CCNA. The first includes two different tests: ICND1 and Interconnecting Cisco Networking Devices Part 2 (ICND2). (The first test should sound familiar because it’s the same test required to obtain the CCENT.) The second path includes a single exam covering the material of both the ICND1 and ICND2.

CCNA certification path


To achieve the CCNA (R&S) certification you must study for and pass either both the ICND1 (100-105) and ICND2 (200-105) exams or the single Cisco Certified Networking Associate (CCNA) (200-125) exam.   

The objectives required to pass the ICND1 exam are shown above as part of the CCENT section and will not be repeated here. The skills required to pass ICND2 exam are broken into five domains: LAN Switching Technologies; Routing Technologies; WAN technologies; Infrastructure Services; Infrastructure Maintenance. These domains and their objectives are shown below.

  • 1.0 LAN Switching Technologies (26 percent):
    • 1.1 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches
      • 1.1a Access ports (data and voice)
      • Default VLAN
    • Configure, verify, and troubleshoot interswitch connectivity
      • Add and remove VLANs on a trunk
      • DTP and VTP (v1&v2)
    • Configure, verify, and troubleshoot STP protocols
      • STP mode (PVST+ and RPVST+)
      • STP root bridge selection
    • Configure, verify, and troubleshoot STP-related optional features
      • PortFast
      • BPDU guard
    • Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel
      • Static
      • PAGP
      • LACP
    • Describe the benefits of switch stacking and chassis aggregation
    • Describe common access layer threat mitigation techniques
      • 802.1x
      • DHCP snooping
      • Nondefault native VLAN
  • 2.0 Routing Technologies (29 percent):
    • 2.1 Configure, verify, and troubleshoot Inter-VLAN routing
      • 2.1.a Router on a stick
      • 2.1.b SVI
    • 2.2 Compare and contrast distance vector and link-state routing protocols
    • 2.3 Compare and contrast interior and exterior routing protocols
    • 2.4 Configure, verify, and troubleshoot single area and multiarea OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)
    • 2.5 Configure, verify, and troubleshoot single area and multiarea OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)
    • 2.6 Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)
    • 2.7 Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)
  • 3.0 WAN Technologies (16 percent):
    • 3.1 Configure and verify PPP and MLPPP on WAN interfaces using local authentication
    • 3.2 Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication
    • 3.3 Configure, verify, and troubleshoot GRE tunnel connectivity
    • 3.4 Describe WAN topology options
      • 3.4.a Point-to-point
      • 3.4.b Hub and spoke
      • 3.4.c Full mesh
      • 3.4.d Single vs dual-homed
    • 3.5 Describe WAN access connectivity options
      • 3.5.a MPLS
      • 3.5.b Metro Ethernet
      • 3.5.c Broadband PPPoE
      • 3.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)
    • 3.6 Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only)
  • 4.0 Infrastructure Services (14 percent):
    • 4.1 Configure, verify, and troubleshoot basic HSRP
      • 4.1.a Priority
      • 4.1.b Preemption
      • 4.1.c Version
    • 4.2 Describe the effects of cloud resources on enterprise network architecture
      • 4.2.a Traffic path to internal and external cloud services
      • 4.2.b Virtual services
      • 4.2.c Basic virtual network infrastructure
    • 4.3 Describe basic QoS concepts
      • 4.3.a Marking
      • 4.3.b Device trust
      • 4.3.c Prioritization
        • 4.3.c. (i) Voice
        • 4.3.c. (ii) Video
        • 4.3.c. (iii) Data
      • 4.3.d Shaping
      • 4.3.e Policing
      • 4.3.f Congestion management
    • 4.4 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering
      • 4.4.a Standard
      • 4.4.b Extended
      • 4.4.c Named
    • 4.5 Verify ACLs using the APIC-EM Path Trace ACL analysis tool
  • 5.0 Infrastructure Maintenance (15 percent):
    • 5.1 Configure and verify device-monitoring protocols
      • 5.1.a SNMPv2
      • 5.1.b SNMPv3
    • 5.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA
    • 5.3 Use local SPAN to troubleshoot and resolve problems
    • 5.4 Describe device management using AAA with TACACS+ and RADIUS
    • 5.5 Describe network programmability in enterprise network architecture
      • 5.5.a Function of a controller
      • 5.5.b Separation of control plane and data plane
      • 5.5.c Northbound and southbound APIs
    • 5.6 Troubleshoot basic Layer 3 end-to-end connectivity issues

The skills required to pass the CCNA exam are broken down into seven domains: Network Fundamentals; LAN Switching Technologies; Routing Technologies; WAN Technologies; Infrastructure Services; Infrastructure Security; Infrastructure Management. These domains and their objectives are shown below.

  • 1.0 Network Fundamentals (15 percent):
    • 1.1 Compare and contrast OSI and TCP/IP models
    • 1.2 Compare and contrast TCP and UDP protocols
    • 1.3 Describe the impact of infrastructure components in an enterprise network
      • 1.3.a Firewalls
      • 1.3.b Access points
      • 1.3.c Wireless controllers
    • 1.4 Describe the effects of cloud resources on enterprise network architecture
      • 1.4.a Traffic path to internal and external cloud services
      • 1.4.b Virtual services
      • 1.4.c Basic virtual network infrastructure
    • 1.5 Compare and contrast collapsed core and three-tier architectures
    • 1.6 Compare and contrast network topologies
      • 1.6.a Star
      • 1.6.b Mesh
      • 1.6.c Hybrid
    • 1.7 Select the appropriate cabling type based on implementation requirements
    • 1.8 Apply troubleshooting methodologies to resolve problems
      • 1.8.a Perform and document fault isolation
      • 1.8.b Resolve or escalate
      • 1.8.c Verify and monitor resolution
    • 1.9 Configure, verify, and troubleshoot IPv4 addressing and subneting
    • 1.10 Compare and contrast IPv4 address types
      • 1.10.a Unicast
      • 1.10.b Broadcast
      • 1.10.c Multicast
    • 1.11 Describe the need for private IPv4 addressing
    • 1.12 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment
    • 1.13 Configure, verify, and troubleshoot IPv6 addressing
    • 1.14 Configure and verify IPv6 Stateless Address Auto Configuration
    • 1.15 Compare and contrast IPv6 address types
      • 1.15.a Global unicast
      • 1.15.b Unique local
      • 1.15.c Link local
      • 1.15.d Multicast
      • 1.15.e Modified EUI 64
      • 1.15.f Autoconfiguration
      • 1.15.g Anycast
  • 2.0 LAN Switching Technologies (21 percent):
    • 2.1 Describe and verify switching concepts
      • 2.1.a MAC learning and aging
      • 2.1.b Frame switching
      • 2.1.c Frame flooding
      • 2.1.d MAC address table
    • 2.2 Interpret Ethernet frame format
    • 2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)
    • 2.4 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches
      • 2.4.a Access ports (data and voice)
      • 2.4.b Default VLAN
    • 2.5 Configure, verify, and troubleshoot interswitch connectivity
      • 2.5.a Trunk ports
      • 2.5.b Add and remove VLANs on a trunk
      • 2.5.c DTP, VTP (v1&v2), and 802.1Q
      • 2.5.d Native VLAN
    • 2.6 Configure, verify, and troubleshoot STP protocols
      • 2.6.a STP mode (PVST+ and RPVST+)
      • 2.6.b STP root bridge selection
    • 2.7 Configure, verify and troubleshoot STP related optional features
      • 2.7.a PortFast
      • 2.7.b BPDU guard
    • 2.8 Configure and verify Layer 2 protocols
      • 2.8.a Cisco Discovery Protocol
      • 2.8.b LLDP
    • 2.9 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel
      • 2.9.a Static
      • 2.9.b PAGP
      • 2.9.c LACP
    • 2.10 Describe the benefits of switch stacking and chassis aggregation
  • 3.0 Routing Technologies (23 percent):
    • 3.1 Describe the routing concepts
      • 3.1.a Packet handling along the path through a network
      • 3.1.b Forwarding decision based on route lookup
      • 3.1.c Frame rewrite
    • 3.2 Interpret the components of a routing table
      • 3.2.a Prefix
      • 3.2.b Network mask
      • 3.2.c Next hop
      • 3.2.d Routing protocol code
      • 3.2.e Administrative distance
      • 3.2.f Metric
      • 3.2.g Gateway of last resort
    • 3.3 Describe how a routing table is populated by different routing information sources
      • 3.3.a Admin distance
    • 3.4 Configure, verify, and troubleshoot inter-VLAN routing
      • 3.4.a Router on a stick
      • 3.4.b SVI
    • 3.5 Compare and contrast static routing and dynamic routing
    • 3.6 Compare and contrast distance vector and link state routing protocols
    • 3.7 Compare and contrast interior and exterior routing protocols
    • 3.8 Configure, verify, and troubleshoot IPv4 and IPv6 static routing
      • 3.8.a Default route
      • 3.8.b Network route
      • 3.8.c Host route
      • 3.8.d Floating static
    • 3.9 Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)
    • 3.10 Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)
    • 3.11 Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)
    • 3.12 Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)
    • 3.13 Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution)
    • 3.14 Troubleshoot basic Layer 3 end-to-end connectivity issues
  • 4.0 WAN Technologies (10 percent):
    • 4.1 Configure and verify PPP and MLPPP on WAN interfaces using local authentication
    • 4.2 Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication
    • 4.3 Configure, verify, and troubleshoot GRE tunnel connectivity
    • 4.4 Describe WAN topology options
      • 4.4.a Point-to-point
      • 4.4.b Hub and spoke
      • 4.4.c Full mesh
      • 4.4.d Single vs dual-homed
    • 4.5 Describe WAN access connectivity options
      • 4.5.a MPLS
      • 4.5.b Metro Ethernet
      • 4.5.c Broadband PPPoE
      • 4.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)
    • 4.6 Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only)
    • 4.7 Describe basic QoS concepts
      • 4.7.a Marking
      • 4.7.b Device trust
      • 4.7.c Prioritization
      • 4.7.c. (i) Voice
      • 4.7.c. (ii) Video
      • 4.7.c. (iii) Data
      • 4.7.d Shaping
      • 4.7.e Policing
      • 4.7.f Congestion management
  • 5.0 Infrastructure Services (10 percent):
    • 5.1 Describe DNS lookup operation
    • 5.2 Troubleshoot client connectivity issues involving DNS
    • 5.3 Configure and verify DHCP on a router (excluding static reservations)
      • 5.3.a Server
      • 5.3.b Relay
      • 5.3.c Client
      • 5.3.d TFTP, DNS, and gateway options
    • 5.4 Troubleshoot client- and router-based DHCP connectivity issues
    • 5.5 Configure, verify, and troubleshoot basic HSRP
      • 5.5.a Priority
      • 5.5.b Preemption
      • 5.5.c Version
    • 5.6 Configure, verify, and troubleshoot inside source NAT
      • 5.6.a Static
      • 5.6.b Pool
      • 5.6.c PAT
    • 5.7 Configure and verify NTP operating in a client/server mode
  • 6.0 Infrastructure Security (11 percent):
  • 6.1 Configure, verify, and troubleshoot port security
    • 6.1.a Static
    • 6.1.b Dynamic
    • 6.1.c Sticky
    • 6.1.d Max MAC addresses
    • 6.1.e Violation actions
    • 6.1.f Err-disable recovery
  • 6.2 Describe common access layer threat mitigation techniques
    • 6.2.a 802.1x
    • 6.2.b DHCP snooping
    • 6.2.c Nondefault native VLAN
  • 6.3 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering
    • 6.3.a Standard
    • 6.3.b Extended
    • 6.3.c Named
  • 6.4 Verify ACLs using the APIC-EM Path Trace ACL Analysis tool
  • 6.5 Configure, verify, and troubleshoot basic device hardening
    • 6.5.a Local authentication
    • 6.5.b Secure password
    • 6.5.c Access to device
      • 6.5.c. (i) Source address
      • 6.5.c. (ii) Telnet/SSH
    • 6.5.d Login banner
  • 6.6 Describe device security using AAA with TACACS+ and RADIUS
  • 7.0 Infrastructure Management (10 percent):
    • 7.1 Configure and verify device-monitoring protocols
      • 7.1.a SNMPv2
      • 7.1.b SNMPv3
      • 7.1.c Syslog
    • 7.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA
    • 7.3 Configure and verify device management
      • 7.3.a Backup and restore device configuration
      • 7.3.b Using Cisco Discovery Protocol or LLDP for device discovery
      • 7.3.c Licensing
      • 7.3.d Logging
      • 7.3.e Timezone
      • 7.3.f Loopback
    • 7.4 Configure and verify initial device

Summary

The CCENT and CCNA are the more popular entry-level Cisco certifications and, because of this, the training options are much more diverse. The CCT certification focuses on people in positions with direct support (typically with Cisco TAC), while the CCENT and CCNA certifications focus on covering technologies in greater depth. Cisco has also come out with a number of different intermediary steps along its certification paths, allowing you to research and find the best path for your needs.

For most entry-level engineers the selection of the CCT or CCENT comes down to their job requirements. While the CCT was created primarily for field engineers (specifically for field engineers working with Cisco TAC), the CCENT and CCNA certifications are used as a benchmark certification for many different companies to determine a minimum level of Cisco networking knowledge.

Regardless of your selected path, the amount of time and money required to take and pass these certifications should pay for itself in a short amount of time.