Tip: Use your browser's print function (Ctrl+P / Cmd+P) to save as PDF for offline study.
CCNA 200-301: Network Access (20%) — CHEAT SHEET QUICK CUES → ANSWERS What is my port doing?
Access port → untagged traffic only, single VLAN
Trunk port → tagged traffic (802.1Q), all VLANs (or allowed list)
Native VLAN → untagged on trunk; must match both sides or VLAN hopping risk
How do I make two switches talk?
DTP negotiation → auto/desirable (trunking), access/nonegotiate (not trunking)
Manual trunk: switchport mode trunk +
switchport trunk allowed vlan [list]
Manual access: switchport mode access +
switchport access vlan [N]Spanning Tree won't converge or root is wrong?
Check BID = bridge priority (default 32768) + VLAN MAC
Lowest BID = root bridge
Port roles: Root > Designated > Blocked
Port states: Disabled → Listening (15s) → Learning (15s) → Forwarding (or Blocking)
Enable PortFast on access ports (skip Listening/Learning)
BPDU Guard disables port if BPDU received (prevent rogue bridge)EtherChannel won't form?
All member ports must match:
Allowed VLAN list (trunks)
Protocol mode (LACP/PAgP)Load balancing = per flow (src/dst MAC, IP, port — not per packet )
Inter-VLAN traffic stuck?
Router-on-a-stick: subinterfaces (e.g.,
Gi0/0.10,
.20) with
encapsulation dot1q
Layer 3 SVI: interface vlan 10 +
ip address; requires routing enabled
Check: both sides of trunk have matching native VLAN
Discovery protocol talking too much or leaking info?
CDP LLDP
|---|---|---|
Scope Cisco-only Vendor-neutral
Frequency 60s default 30s default
Port info leaked? Yes (devices see each other) Yes (same)
Fix no cdp run or no cdp enable [intf]no lldp run or no lldp transmit/receive---
VLAN CONFIGURATION ``
! Access port → single VLAN, no tags
interface Gi0/1
switchport mode access
switchport access vlan 10
! Trunk port → tagged, multi-VLAN
interface Gi0/1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk allowed vlan 1,10,20,30
! Create VLAN & assign SVI IP
vlan 10
name Sales
exit
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shutdown
`
DTP modes:
switchport mode access → never trunk
switchport mode trunk → always trunk
switchport mode dynamic desirable → actively seeks trunk (avoid for prod)
switchport mode dynamic auto → trunks if other side initiates
switchport mode nonegotiate → stops DTP negotiation ---
SPANNING TREE PROTOCOL (STP) BID Election:
BID = Priority (32k chunks: 0–61440) + MAC
Lowest BID wins; tie-break by MAC
Default priority = 32768 → spanning-tree vlan 10 priority 4096 Port States & Timeline:
State Duration Frame Forward? MAC Learn?
|-------|----------|---|---|
Disabled ∞ ✗ ✗
Listening 15s ✗ ✗
Learning 15s ✗ ✓
Forwarding ∞ ✓ ✓
Blocking ∞ ✗ ✗ Port Roles:
Root Port = best path to root (lowest cost); forwards on all BPDUs
Designated = sends BPDUs on segment; designated per port per link
Blocked = non-designated; only receives BPDUsFast Convergence:
`
! PortFast: skip Listening/Learning on access ports
interface Gi0/1
spanning-tree portfast
! BPDU Guard: err-disable if BPDU seen (prevent loop from rogue bridge)
spanning-tree portfast bpduguard default
! Root Guard: block port if superior BPDU received
interface Gi0/1
spanning-tree guard root
`
Cost defaults: 10Gbps=2, 1Gbps=4, 100Mbps=19, 10Mbps=100
---
ETHERCHANNEL Protocol choice:
LACP (802.3ad)PAgP (Cisco)
|---|---|---|
Mode active/passive desirable/auto
Active + Passive ✓ forms ✗ no
Desirable + Auto — ✓ forms
Configuration (LACP):
`
interface range Gi0/1-4
channel-protocol lacp
channel-group 1 mode activeinterface Port-channel 1
switchport mode trunk
switchport trunk allowed vlan 1,10,20
`
Verification:
`
show etherchannel summary
show etherchannel load-balance
``
Load