Download and set up eve-ng for emulated lab work. Choose between community edition and professional edition, and prepare router and switch images and essential tools like PuTTY and Wireshark.

Install and verify the EVE-NG simulator, download and unzip switch and router images, create labs in the shared folder, and import IOL images for lab use.

Explore Cisco’s routers, switches, and security products and CCNA 200-301 core network concepts, fundamental network access, IP connectivity, IP services, security, automation, and programming.

Cisco routers act as gateways that connect different networks and subnets, forwarding traffic by the routing table. Learn CLI-based configuration and the role of operating systems like IOS XE.

Explore how Cisco switches connect devices on a network, cover layer two and multilayer switching, discuss Catalyst and Nexus, and contrast modular, fixed, stackable, and managed versus unmanaged switches.

Explore firewall technologies across generations—from packet-filter and stateless to stateful and next-generation firewalls—and their use in hardware, software, cloud, and virtual deployments to protect services and data centers.

Explain the function of IPS and IDS, highlighting how IDS generates alarms while IPS blocks or prevents malicious traffic; discuss host-based versus network-based deployments and inline options.

Explore how access points create wireless networks, connect devices, and route traffic to a wireless LAN controller in enterprise setups, contrasting autonomous standalone APs with centralized, controller-based lightweight APs.

A wireless LAN controller centralizes management of access points from a location, enabling GUI and CLI configuration, mobility with RF group clustering, and a virtual gateway IP for mobility management.

Explore Cisco DNA Center as a centralized, design-driven platform that provisions, manages, and monitors network devices from a single dashboard, enabling policy enforcement, upgrades, and health assurance.

Identify that a server is a software, hardware, or combination that provides resources and services to other computers over a network, including web, FTP, database, DNS, and certificate authority servers.

Explore two-tier and three-tier network architectures by understanding core, distribution, and access layers, and learn how tiered designs enable redundancy, load balancing, high performance, and easier management.

Spine-leaf architecture is a two-tier data center topology with leaf switches connecting to spine switches in a full mesh, replacing traditional core and distribution layers.

Explore soho networks serving under ten devices, with no local DNS or mail server, using external services and a router/switch that provides IP addresses over wired and wireless connectivity.

Explore wide area networks, which connect multiple local area networks across large regions to provide global connectivity via internet service providers, broadband, or MPLS.

Explore transmission media, including twisted pair, coaxial, and fiber optic cables, with shielded vs unshielded categories, connectors, and Ethernet speeds from 10 Mbps to 40 Gbps.

Explore optical fiber cables, including core and cladding structures, coatings and buffers, and distinguish single-mode (9 micrometers) from multimode (50 micrometers) fibers for long-distance data transmission.

Explore ethernet shared media with hubs and collision domains, and contrast it with point-to-point full-duplex links using switches that create separate collision domains.

Explore the need for private IP addressing, detailing private ranges 10.x, 172.16–31.x, and 192.168.x, and explain how private networks share a single public IP via translation for internet access.

Learn to assign static IPv4 addresses on Windows and Linux, setting IP, subnet mask, gateway, and DNS, and verify configurations with ipconfig, ifconfig, and route print.

Identify interface and cable issues by examining duplex and speed, collisions, and CRC or frame errors using show interfaces for per-interface checks in hub versus switch environments.

Compare tcp and udp: tcp provides reliable, connection-oriented end-to-end delivery with three-way handshake, acknowledgments, and retransmission; udp offers faster, connectionless, best-effort delivery for streaming and dns.

Learn IPv4 subnetting fundamentals by partitioning large networks into smaller subnets with fixed and variable length subnet masks, reducing broadcast domains, and using network and host addresses, CIDR.

Explore IPv4 subnetting concepts for class C networks, including subnet masks, network and broadcast IDs, and how borrowing bits creates subnets such as /25, /26, and /27 with host ranges.

Explore virtualization fundamentals by comparing physical servers with virtual machines, explain hypervisors type one and type two, host and guest operating systems, and benefits like migration and snapshots.

Understand how Cisco switches connect devices on the same network and explore switch types and operating systems, including access, distributed, Nexus, and Catalyst.

Explore media access control addresses, their 48-bit hexadecimal format, and how switches learn and age MAC addresses to forward traffic at layer two.

Learn how switches build the mac address table through dynamic learning, control aging time, and apply static entries and per-interface rules to reduce broadcasts and secure the network.

Configure and verify virtual local area networks to partition a switch into multiple logical VLANs, covering standard and extended VLAN ranges (1–4094) and interface assignment for data and management.

Learn how to configure export ports to belong to a single vlan using switchboard commands, assign interfaces, and enable data and voice traffic on the same port, with verification.

Discover how Cisco switches ship with a default VLAN 1, with all ports in VLAN 1 for immediate use. Verify this default with show vlan brief.

Configure interswitch connectivity by turning on trunk ports between switches and using 802.1Q or ISL tagging to separate VLAN traffic. Verify trunk operation and explore pruning options to optimize bandwidth.

Configure and verify interswitch connectivity by setting and aligning the native VLAN on trunk links, ensuring both switches share the same native VLAN to handle untagged traffic and improve security.

Explore how ether channel bundles up to eight physical interfaces into a single logical link to increase bandwidth and availability, enabling load sharing, fast convergence, and fault tolerance.

Learn to configure and verify LACP etherchannel between a Cisco switch and Windows server, using NIC teaming with two interfaces, and extend to Linux servers such as Ubuntu.

Configure and verify Cisco's port aggregation protocol (PAgP) for EtherChannel, ensuring matching speed, duplex, and mode (desirable vs auto), and observe channel group status across Cisco switches.

Configure a layer 3 etherchannel between two switches by converting interfaces from layer 2, creating channel groups 11 and 22, assigning IPs, and verifying connectivity with show commands and ping.

Configure and verify ether channel load balancing using hashing based on MAC and IP addresses. Learn how interface count and method choice affect load distribution.

Identify and fix common EtherChannel misconfigurations by examining layer 2 versus layer 3, native VLAN, allowed VLAN, channel group mode, and interface status to keep bundles up.

Explore how the spanning tree protocol prevents layer-2 loops on Cisco switches by electing a root bridge, blocking redundant links, and using bpdu exchanges to stabilize the mac address table.

Analyze spanning tree protocols, from PVST+ to BSD Plus, compare default spanning tree operation, and explain pavilion spanning tree concepts, root bridge election, and convergence times of 30–50 seconds.

Explore rapid spanning tree protocols such as RPVST+ and compare blocking, listening, learning, and forwarding states, with convergence times under 10 seconds versus 30-50 seconds.

Explore how switch priority and MAC address tiebreakers determine the STP root bridge, root port, and port states, with forwarding and blocking decisions across a network.

Unpacks the show spanning-tree VLAN command output, detailing root bridge selection, port roles, and path costs, with bpdu exchange, priorities, and timers like aging time and forwarding delay.

Explore Spanning Tree Protocol port states, from blocking to forwarding, including listening and learning, and how interfaces transition through these states with timers and debugging.

Learn to configure and verify spanning tree protocols (stp, rstp), elect the root bridge, adjust priorities and costs, and manage designated, blocking, learning, and forwarding states for fast convergence.

Explore routing protocols by type: static, default, and dynamic; examine distance-vector, link-state, and hybrid methods, plus interior and exterior gateway protocols such as BGP and ISIS and administrative distance.

Configure an IPv4 default route using a gateway or next-hop, via static routing and an exit interface, and verify connectivity with the routing table and reachability tests.

Introduce and configure ipv4 host routes to permit a single ip with a /32 mask, and verify how this restricts reachability compared with broader subnet routes.

Configure and verify IPv4 floating static routing, using backup static routes with higher administrative distance, and compare with dynamic RIP for load balancing and route selection.

Explore components of a routing table, including destination network and subnet mask, next hop and interface, routing protocol codes, administrative distance, metric, and the gateway of last resort.

Understand how the longest match rule guides routing decisions by selecting the most specific subnet entry in the routing table to determine the correct egress interface.

Administrative distance is the trust metric used to select routes when multiple routing protocols reach the same destination, with lower values indicating higher trust within a 0–255 range.

Explore how routing protocol metrics determine the best path by comparing administrative distance and metric values, using bandwidth, cost, delay, and hop count to populate the routing table.

Explore the open shortest path first (OSPF) routing protocol and its SPF algorithm. Understand hierarchical area design with area zero, cost metrics based on bandwidth, hello multicast, and DR/BDR roles.

Explore OSPF terminologies in depth, including area concepts, area zero backbone, area border routers, router IDs, link state and LSA, DR/BDR roles, and ASBR connections.

Configure OSPF basics, including wildcard masks, areas, router IDs, and authentication; establish neighbors through matching subnets and active interfaces, and verify with show commands.

Explore how OSPF maintains routing decisions with three tables—the routing table, neighbor table, and topology table—using SPF to compute best paths, and understand area, router ID, and neighbor relationships.

Explore how OSPF neighbors form through hello exchanges, elect a master and DR/BDR, and progress through down, init, two-way, exchange, loading, and full states while exchanging routing databases.

Learn how OSPF uses the cost metric to select routes. Compute cost as reference bandwidth divided by interface bandwidth (Cisco uses 10^8), with ethernet and serial links producing costs.

Explore how OSPF selects router IDs, and how manual configuration, loopback, and interface IPs influence the 32-bit router ID.

Explore OSPF routing concepts by identifying router types—internal, backbone, area border, area border, and autonomous system border routers—across area zero and other areas.

Explore how OSPF route types appear in the routing table, including intra-area, inter-area, and external routes (E1/E2), how area zero integrates, and how SPF helps identify them.

Explore how the OSPF designated router and backup designated router manage topology updates on broadcast networks, via priority-based elections using multicast 224.0.0.5 and 224.0.0.6.

Explore equal-cost load balancing in OSPF, using five subinterfaces to create identical paths, while unequal load balancing remains unsupported.

Explore how OSPF path preference selects the best route by area type and metric, prioritizing intra-area routes, then inter-area, and finally external type 1 and type 2 routes.

Explore Open Shortest Path First (OSPF) hello and dead intervals, how timer adjustments affect neighbor convergence, and how lowering timers or deploying bidirectional forwarding detection (BFD) speeds failover.

Learn how to filter OSPF routes with a distributed list, using ACL-based excess lists and inbound or outbound filters, plus compare four methods like prefix lists and route maps.

Understand how OSPF adapts to broadcast, non broadcast, point-to-point, and point-to-multipoint networks, and how hello timers, dead timers, and DR/BDR roles change with topology.

Explore how first hop redundancy protocol enables gateway redundancy by using active and standby routers (HSRP, VRRP, and GLBP) with virtual IPs, preemption, hello timers, and authentication for quick failover.

Explore network address translation on Cisco routers, including static, dynamic, and port address translation, translating inside local to inside global and conserving public IPs.

Configure and verify static NAT one-to-one mappings and dynamic NAT with a pool, and implement PAT on Cisco routers, validating translations with show ip nat translation.

Explore the network time protocol and its role in centralized, synchronized timestamps across devices. Understand stratum levels, port 123, and master–client–peer modes for secure, accurate time and authentication.

Configure and verify network time protocol on Cisco devices, set external and local time sources, enable dns domain lookup, and implement ntp authentication and access restrictions for secure time synchronization.

Explore how DHCP uses UDP to automatically assign IP addresses and network details like subnet mask and DNS settings, through a centralized server and the discover-offer-request-ack sequence.

Configure and verify a DHCP server on a router, exclude addresses, define a pool with network, gateway, DNS, and domain name, and validate bindings on clients.

Configure a three-device DHCP setup with a server, a relay, and a client, where the middle router acts as a DHCP relay to forward requests across broadcast domains.

Explore the domain name system, how it translates names to ip addresses, and how local and global dns servers map domains like google.com to their ip.

Explain how snmp enables network monitoring with a manager and agents, using mib and community strings, plus authentication and privacy options, with get, get-next, and get-bulk messages on ports 161/162.

Explore syslog features, including facilities and levels, timestamps, and buffer versus console logs; learn to configure a centralized syslog server and terminal monitor for troubleshooting, monitoring, and security auditing.

Configure secure remote access to Cisco devices with ssh by generating RSA keys, setting a domain name and hostname, and enabling vty access with access-lists.

Describe tftp and ftp capabilities for transferring files to Cisco devices, including port usage and authentication. Highlight secure alternatives like sftp and scp for encrypted transfers.

Define assets and vulnerabilities, recognize threats and risks, and apply countermeasures to protect networks and data from exploits and attacks.

Learn to harden routers by configuring enable passwords and secrets, using algorithm types (MD5, SHA) for local passwords, securing line access (console and vty) with SSH and local login.

Explore multifactor authentication as a security policy, using something you know and something you are, with codes sent via text or apps to protect devices, services, and networks.

Explore how virtual private networks secure data over public networks, detailing site-to-site and remote access VPNs, encryption, authentication, and protocols like IPsec and SSL.

Explore how access control lists filter traffic with standard and extended ACLs. Learn how permit and deny actions, rule order, and inbound or outbound control traffic, time-based and infrastructure ACLs.

Configure and verify named access control lists (ACLs) on Cisco devices, comparing standard and extended named ACLs. Implement ip access list with sequence numbers, apply to interfaces, and log activity.

Configure a time-based acl by creating a named time range (absolute or periodic), apply it to an access list and interface, and verify traffic with tests like ping or telnet.

Configure and verify dhcp snooping to secure layer 2 networks, preventing rogue dhcp servers and dhcp starvation on access layer switches. Use trusted and untrusted interfaces for effective mitigation.

Explore how arp spoofing enables arp poisoning and man-in-the-middle attacks, and learn to configure and verify layer 2 security features with arp inspection and dcp snooping.

Explore how border security and port security on Cisco switches protect against flooding and starvation by controlling MAC address learning with static, dynamic, and sticky configurations, and violation modes.

Explain authentication, authorization, and accounting (AAA) and how Cisco Ice uses them to control access. Authentication proves identity, authorization defines permissions, and accounting records usage in a centralized system.

Describe how wireless networks secure traffic with WPA, WPA2, and WPA3, and compare open and password-protected (PSK) and enterprise (radius) configurations, including web authentication and protection of management frames.

Configure a wireless LAN on the Cisco WLC GUI by creating a profile, set WPA and WPA2 security, and assign authentication and accounting ports 1812 and 1813 with AD integration.

Explore how network automation speeds configuration, testing, and deployment across physical and virtual devices with Python scripts and other languages, reducing human error.

Learn how northbound and southbound APIs enable the sdn controller to configure routing protocols and push settings from applications to routers and switches.

Explore how an application programming interface, or API, acts as a middleman connecting apps and devices—from Google Maps to social media and home automation—enabling data exchange through JSON and XML.

Identify configuration management and orchestration tools such as Puppet, Ansible, Chef, and solid state; distinguish agent-based and agentless models and how they automate networks, servers, and storage.

Learn how json enables human and machine readable data exchange for network devices, and how to structure json with objects and arrays, converting cli outputs and querying devices like Nexus.

Compare the Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP); learn how they identify directly connected neighbors and share device ID, IP address, and operating system.

Enable lldp globally and on all interfaces, then verify neighbors and interface details; adjust timers and hold times, and capture lldp mac addresses with Wireshark.