Breaking Down the New CCNA Exam: Network Access

by Jim Goughenour

This is the second in a series of articles on the six sections of Cisco’s CCNA certification exam 200-301, which earns the CCNA (Cisco Certified Network Associate) certification.

In this series, we’re taking a look at all the many things you need to know for the Cisco’s 200-301 CCNA certification exam. Remember that just like in previous exams, once you select an answer or answers to a question and select next, you cannot go back for review or revision of your answer.

The 200-301 Exam blueprint is divided into 6 components, each component having a different weight associated with it.  Here are the categories, weights, and possibly the number of questions for each:

  • 1.0 Network Fundamentals – 20% – 20 questions
  • 2.0 Network Access – 20% – 20 questions
  • 3.0 IP Connectivity – 25% – 25 questions
  • 4.0 IP Services – 10% – 10 questions
  • 5.0 Security Fundamentals – 15% – 15 questions
  • 6.0 Automation and Programmability – 10% – 10 questions

The second area of focus for the new CCNA exam is Network Access. Here is a breakdown from Cisco of the components of the Network Access section which makes up 20% of the total exam.

2.0 Network Access
2.1 Configure and Verify VLANs (normal range) spanning multiple switches

  • 2.1.a Access ports (data and voice)
  • 2.1.b Default VLAN
  • 2.1.c Connectivity

2.2 Configure and Verify Interswitch connectivity

  • 2.2.a Trunk ports
  • 2.2.b 802.1Q
  • 2.2.c Native VLAN

2.3 Configure and verify Layer 2 discovery protocols (CDP and LLDP)
2.4 Configure and verify (Layer 2/Layer 3) EtherChannel (LACP)
2.5 Describe the need for and basic operation of Rapid PVST+ and Spanning Tree Protocol and identify basic operation

  • 2.5.a Root port, root bridge (primary/secondary), and other port names
  • 2.5.b Port states (forwarding/blocking)
  • 2.5.c PortFast benefits

2.6 Compare Cisco Wireless Architectures and AP modes
2.7 Describe physical infrastructure connections of WLAN components (AP, WLC, access/trunk ports, and LAG)
2.8 Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console, and TACACS+/RADIUS)
2.9 Configure the components of a wireless LAN access for client connectivity using GUI only such as WLAN creation, security settings, QoS profiles, and advanced WLAN settings

All these topics are covered in the Implementing and Administering Cisco Solutions (CCNA v1.0) training class.

Network access is all about how devices connect to the network. The ways and means of how an endpoint joins, participates and is managed at the access layer. As a reminder to those of you who have studied Network Design, the three layers of Enterprise Network design is the bottom layer (Access), the Aggregation Layer (Distribution) and if there are multiple Distribution Layers, the Core Layer to tie them all together. I often think about those layers like this from the bottom to the top: switch, route/control, high-speed switch. So, lets break it down.

Configure and Verify VLANs (Normal Range) Spanning Multiple Switches

Being able to clearly describe what a VLAN is and why we use them is an area of knowledge that will serve for this exam. As a reminder, VLANs give us the ability to effectively create multiple switching segments at the logical layer all on a single physical appliance. I would offer that one of the byproducts of this is being able to have a 24-port switch with two VLANs and have 12 ports in each VLAN. This will segment user traffic and control functions within the switch for those two user groups. Also, because there is such a thing as a multi-VLAN access port, all 24 switchports can belong to a second VLAN (as long as it is called Voice) in the event that VoIP is used by the organization.

Now when it comes to facilitating communication between the users on a particular VLAN  in one switch and another set of users in the same VLAN on a different switch, this is where trunk ports and the 802.1Q protocol come into play. Also remember that by default, when you power up a switch, all the ports belong to the default VLAN and all are configured to dynamically negotiate things like port speed, port duplex, and operational modality (access or trunk). Also recall that when looking at the interfaces, up/up means that Layer 1 and Layer 2 (OSI Model) connectivity has been established and that from a Layer 1 (TCP/IP) perspective, there is the ability to communicate between the switchport and the endpoint.

Configure and Verify Interswitch Connectivity

The above topic about access ports and VLANs naturally brings us to how we facilitate Interswitch connection so that users on a VLAN on one switch to speak to a group of users on a different switch in the same VLAN. Picture a VoIP call between floors of the same office building. The answer to this question is trunk ports, or the physical connectivity between switches and the ability of that interconnection to carry multiple VLANs from switch to switch. Now be careful here, and notice I said carry multiple VLANs between switches, not allow multiple VLANs to communicate with each other – because there is a difference. Recall also that 802.1Q tagging (4 bytes/32 bits) is used not only to identify different VLANs between switches, but is also used by PVST+ and Rapid PVST+ to allow us control when it comes to Spanning Tree – but more about that later.  Remember when you fire up a switch, all the ports belong to the native VLAN (VLAN 1 for Cisco), and that also by default, all the management and control traffic to manage the switches organically uses that VLAN. Be aware that natively, or by default, the native VLAN is untagged, unless you tell the switches to tag it.

Configure and Verify Layer 2 Discovery Protocols

Another part of this Network Access section of the exam is the two major discovery protocols that facilitate the discovery of network elements – you know, so you can draw topology maps and hang them on a long wall. Knowledge of how to turn CDP off on a Cisco device or how to simply disable it on an interface will serve you well and remember that services run and interfaces are enabled or disabled. What might not be so familiar is the Link Layer Discovery Protocol, which is a similar discovery protocol that can be used in “mixed-vendor” environments. I know it may seem hard to believe, but some organization use other network manufacturers equipment in their networks. Juniper and HP come to mind from my own experience. Now what seems important to mention is that unlike CDP which uses singular commands to either be turned on or off, LLDP uses a set of commands – first the service gets turned on and then on the interfaces you want to have as LLDP interfaces you have to tell them (the interfaces) whether you want them to send or receive, and remember there is no such command as <lldp both> on the interface. In either case, Layer 2 discovery protocols allow you to see what is attached to other network elements and gather real time intelligence about the platforms and management IP addresses those platforms are using.

Configure and Verify (Layer 2/Layer 3) EtherChannel (LACP)

To negotiate or not negotiate, that is the question. Link Aggregation Control Protocol (LACP for short) is a negotiation protocol that allows you to aggregate similar physical ports into logical bundles for load sharing traffic between switches or between switches and routers or between pairs or groups of routers. Also remember that PAgP (the Cisco Proprietary version) does pretty much the same thing, but only works on Cisco devices. Having a good handle on the show commands to see what interfaces are bundled, how long they have been bundled, the load sharing information related to the bundle, and knowing that EtherChannel groups can have no more than 8 active ports at a time will also be good to know. Critical to the function of EtherChannel (regardless of whether it is at Layer 2 or Layer 3) is remembering that Layer 2 Etherchannel has a logical number and that Layer 3 EtherChannel has an IP address. Also critical to remember is that even though the ports do not have to be next to one another on the switch, they do have to be the same type (speed, duplex, port type: access or trunk). So said another way, I cannot mix GigabitEthernet interfaces with FastEthernet interfaces into the same port channel group. It will also serve you well to know the difference between the command arguments active and passive.  Recall that active at the end of the command triggers the negotiation for EtherChannel and passive awaits triggering.

Rapid PVST+ and Spanning Tree Protocol

If you have not already recalled, there is no mechanism at Layer 2 (Ethernet as an example) to prevent the perpetual forwarding of frames on a switched network. This is the function of Spanning Tree – to manage that for us. Now instead of just writing about all this as a whole, let me break it down a little for you all. Spanning Tree and Rapid Spanning Tree are the open IEEE standards and PVST+ and Rapid PVST+ are the Cisco versions of those standards. So as a starting point for this part of the blog, remember that Cisco versions of things usually only work on Cisco gear – gee thanks Captain Obvious!

Now to the nitty gritty. Make sure you know that in a group of redundantly connected switches, there becomes a leader of the pack (root bridge/root switch). Then, all the other switches figure out the shortest path to that leader of the pack (root port), and that for each ethernet segment between the switches, there is a designated port for forwarding traffic and a blocked port for blocking traffic. That, in a nutshell, is STP and Rapid STP.  Cisco improved on this concept by having the ability to manipulate the Bridge Protocol Data Unit (the communication packet in Spanning Tree) and allow for the presence of a primary and secondary root bridge/root switch for different VLANs.

So, said more simply, it is possible to have one switch act as the leader of the pack for one or more VLANs and have another switch act as a leader of the pack for a different set of VLANs. Essentially that is PVST+ and Rapid PVST+. As far as the differences between PVST+ and Rapid PVST+, it is the timers and the way all that BPDU traffic is managed and calculated.  I think of it like this – PVST+ is election of the leader and then the leader telling everyone else what to do (autocratic) and Rapid PVST+ being more of a collaboration between all the switches involved. At the end of the day though, switchports that are connected to other switches will either be forwarding traffic or blocking traffic, and switchports connected to endpoints will most likely be forwarding traffic for the VLAN to which that switchport belongs. Be aware that portfast is an attribute of PVST+ and Rapid PVST+ that immediately transitions a port into a forwarding state, before all the timers have had a chance to do their thing.

Compare Cisco Wireless Architectures and AP Modes

If you are like me, you have multiple access points in your house that are all daisy chained together wirelessly. Or you have a pair of access points in your office that are married to a controller, and without it, cannot function. Or you may be like my friend Jeff who has a cloud-based controller with access points that are managed over the Internet. In any case, the reality is that most of you have wireless services at your house and it frees you up from having to have everything connected to a port of some kind. Cisco does effectively the same thing in two broad stroke categories: controller-based wireless, autonomous wireless, and cloud-based wireless. The only difference between the three is that controller-based wireless marries all the access points to a controller, autonomous wireless is where the access points manage themselves, and cloud-based wireless is where the controller lives in the cloud. Now also like me, you probably have some kind of security service running over wireless so that your packets are not sniffed, copied, tweeted, republished, penetrated, or anything else that can happen should someone get to your traffic. This is a good thing. But there’s more!

Describe physical infrastructure connections of WLAN components (AP, WLC, access/trunk ports, and LAG)

Recall from your review of the material related to wireless that there are some differences between connecting an AP to a switch when the AP is autonomous versus when it is LAP-based (Lightweight Access Point needs a controller). Also recall that in some Wireless LAN controllers, there is no such thing as Link Aggregation Protocols that negotiate (PAgP and LACP to be exact).  But there is still more…

Describe AP and WLC management access connections (Telnet, SSH, HTTP, HTTPS, console, and TACACS+/RADIUS)

We need to manage all this stuff and we need to be secure with it. This is where various AP and WLC management tools will come into play. You can always console to a WLC, but is that really the best way? You can always have a backend AAA server validate that the administrator is who they say they are, and you can even differentiate what commands or processes they are allowed to engage on a keystroke by keystroke method (TACACS+), or you can simply have them authenticate and trust that they know what they are doing (RADIUS). Of course, if you are like me, I am a bigger fan of GUI-based control of an appliance as opposed to CLI (it’s what I was raised on), but to each their own. This will be a focus area of questions on the exam as wireless has become a way of life for most computing organizations.

Configure the components of a wireless LAN access for client connectivity using GUI only such as WLAN creation, security settings, QoS profiles, and advanced WLAN settings

It only works if you turn it on so expect some questions about the process of creating a wireless LAN, which I think about in terms of a box. In that box, I will put the name of the wireless network (SSID), the attributes of the wireless network (AAA, Security Protocols, encryption, etc.), I will put Quality of Service attributes in that box (so that the voice traffic gets preferential treatment over me checking my social media status (you know you do that too) and I will probably tie that wireless LAN to a particular VLAN, just so I can keep everything logically separated (you gotta keep em separated) and I think that pretty much covers the basics of wireless.

In conclusion, I hope that the series of posts (4 more to go) will be helpful for you as you prepare. Know that I believe in you and have confidence that you will succeed.  Happy examing everyone!

Training Resources:
Implementing and Administering Cisco Solutions (CCNA v1.0)
Athena Continuous Training Program
Enterprise Networking Training 

Read the other articles from this series:
Section 1: Network Fundamentals


Related Posts

Close Bitnami banner