Back to CCNA 200-301

CCNA 200-301 · Cheat Sheet

Network Access (20%)

Tip: Use your browser's print function (Ctrl+P / Cmd+P) to save as PDF for offline study.

CCNA 200-301: Network Access (20%) — CHEAT SHEET

QUICK CUES → ANSWERS

What is my port doing?

Access port → untagged traffic only, single VLAN Trunk port → tagged traffic (802.1Q), all VLANs (or allowed list) Native VLAN → untagged on trunk; must match both sides or VLAN hopping risk

How do I make two switches talk?

DTP negotiation → auto/desirable (trunking), access/nonegotiate (not trunking) Manual trunk: switchport mode trunk + switchport trunk allowed vlan [list] Manual access: switchport mode access + switchport access vlan [N]

Spanning Tree won't converge or root is wrong?

  • Check BID = bridge priority (default 32768) + VLAN MAC
  • Lowest BID = root bridge
  • Port roles: Root > Designated > Blocked
  • Port states: Disabled → Listening (15s) → Learning (15s) → Forwarding (or Blocking)
  • Enable PortFast on access ports (skip Listening/Learning)
  • BPDU Guard disables port if BPDU received (prevent rogue bridge)
  • EtherChannel won't form?

    All member ports must match:
    • Speed (Mbps)
    • Duplex (full/half)
    • Allowed VLAN list (trunks)
    • VLAN (access ports)
    • Protocol mode (LACP/PAgP)

    Load balancing = per flow (src/dst MAC, IP, port — not per packet)

    Inter-VLAN traffic stuck?

    Router-on-a-stick: subinterfaces (e.g., Gi0/0.10, .20) with encapsulation dot1q Layer 3 SVI: interface vlan 10 + ip address; requires routing enabled Check: both sides of trunk have matching native VLAN

    Discovery protocol talking too much or leaking info?

    |---|---|---|

    ---

    VLAN CONFIGURATION

    `` ! Access port → single VLAN, no tags interface Gi0/1 switchport mode access switchport access vlan 10

    ! Trunk port → tagged, multi-VLAN interface Gi0/1 switchport mode trunk switchport trunk native vlan 1 switchport trunk allowed vlan 1,10,20,30

    ! Create VLAN & assign SVI IP vlan 10 name Sales exit interface vlan 10 ip address 192.168.10.1 255.255.255.0 no shutdown `

    DTP modes:

    • switchport mode access → never trunk
    • switchport mode trunk → always trunk
    • switchport mode dynamic desirable → actively seeks trunk (avoid for prod)
    • switchport mode dynamic auto → trunks if other side initiates
    • switchport mode nonegotiate → stops DTP negotiation

    ---

    SPANNING TREE PROTOCOL (STP)

    BID Election:

    • BID = Priority (32k chunks: 0–61440) + MAC
    • Lowest BID wins; tie-break by MAC
    • Default priority = 32768 → spanning-tree vlan 10 priority 4096

    Port States & Timeline:

    |-------|----------|---|---|

    Port Roles:

    • Root Port = best path to root (lowest cost); forwards on all BPDUs
    • Designated = sends BPDUs on segment; designated per port per link
    • Blocked = non-designated; only receives BPDUs

    Fast Convergence: ` ! PortFast: skip Listening/Learning on access ports interface Gi0/1 spanning-tree portfast

    ! BPDU Guard: err-disable if BPDU seen (prevent loop from rogue bridge) spanning-tree portfast bpduguard default

    ! Root Guard: block port if superior BPDU received interface Gi0/1 spanning-tree guard root `

    Cost defaults: 10Gbps=2, 1Gbps=4, 100Mbps=19, 10Mbps=100

    ---

    ETHERCHANNEL

    Protocol choice:

    |---|---|---|

    CDPLLDP
    ScopeCisco-onlyVendor-neutral
    Frequency60s default30s default
    Port info leaked?Yes (devices see each other)Yes (same)
    Fixno cdp run or no cdp enable [intf]no lldp run or no lldp transmit/receive
    StateDurationFrame Forward?MAC Learn?
    Disabled
    Listening15s
    Learning15s
    Forwarding
    Blocking
    LACP (802.3ad)PAgP (Cisco)
    Modeactive/passivedesirable/auto
    Active + Passive✓ forms✗ no
    Desirable + Auto✓ forms
    Configuration (LACP): ` interface range Gi0/1-4 channel-protocol lacp channel-group 1 mode active

    interface Port-channel 1 switchport mode trunk switchport trunk allowed vlan 1,10,20 `

    Verification: ` show etherchannel summary show etherchannel load-balance ``

    Load

    Aligned to the Cisco CCNA 200-301 exam topics.

    Make this cheat sheet yours

    Personalize this sheet — focus it however you study, or build one from the exact questions you keep getting wrong.

    Sign up free to create a personalized cheat sheet.