50 CCNA Questions and Answers: Complete Beginner-Friendly Study Guide for CCNA 200-301

The main purpose of a computer network is to allow devices to communicate and share resources. Those resources can include files, printers, internet access, applications, databases, cloud services, and voice or video systems.

In real life, a network is what allows a staff member in one office to access a shared system hosted somewhere else. It is also what allows your phone to browse the internet through Wi-Fi, or a branch office to connect to headquarters.

A LAN, or Local Area Network, connects devices within a limited area such as a home, office, school, or building. It is usually owned and managed by the organization using it.

A WAN, or Wide Area Network, connects networks across larger geographical areas. The internet is the largest example of a WAN, while company branch connections over service-provider links are common business examples.

The OSI model has seven layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application. It helps us understand how data moves from one device to another through a network.

I like teaching it from the bottom to the top because it mirrors troubleshooting. If a user cannot connect, first check the cable or Wi-Fi signal, then the switch, then IP addressing, then transport ports, and finally the application.

TCP is connection-oriented, reliable, and uses acknowledgements to confirm delivery. UDP is connectionless, faster, and does not guarantee delivery.

TCP is used where accuracy matters, such as web browsing, file transfer, and email. UDP is used where speed and low delay matter more, such as voice, video streaming, DNS queries, and online gaming.

A MAC address is a Layer 2 hardware address used to identify a network interface on a local network. It is usually written as 48 bits in hexadecimal, for example 00:1A:2B:3C:4D:5E.

Switches use MAC addresses to forward frames within a LAN. When a switch receives a frame, it learns the source MAC address and records the port where that address was seen.

A hub is an older Layer 1 device that repeats traffic to all ports. It does not learn MAC addresses, so it is inefficient and rarely used in modern networks.

A switch is a Layer 2 device that forwards frames based on MAC addresses. A router is a Layer 3 device that forwards packets between different IP networks.

An IP address is a logical address used to identify a device on an IP network. Unlike a MAC address, which is tied to the network interface, an IP address can change depending on the network the device joins.

IPv4 addresses use 32 bits, commonly written in dotted decimal format, such as 192.168.1.10. IPv6 addresses use 128 bits and are written in hexadecimal.

A subnet mask separates the network portion of an IP address from the host portion. For example, the mask 255.255.255.0, also written as /24This means the first 24 bits represent the network.

If a device has 192.168.10.25/24Its network is 192.168.10.0, and usable host addresses normally range from 192.168.10.1 to 192.168.10.254.

A /24 network leaves 8 bits for hosts because IPv4 has 32 bits total. The formula is 2^host_bits - 2.

So for /24: 2^8 - 2 = 256 - 2 = 254 Usable hosts. The two reserved addresses are the network address and the broadcast address.

A /26 mask equals 255.255.255.192. The block size is 64, so the subnets in the last octet are 0, 64, 128, and 192.

The address 192.168.1.70 falls inside the 192.168.1.64/26 subnet.

A public IP address is globally routable on the Internet. A private IP address is used inside local networks and is not directly routable on the public internet.

The common private IPv4 ranges are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Home routers and office LANs commonly use these ranges.

A VLAN, or Virtual Local Area Network, is a logical separation of a switch network. It allows one physical switch to behave like multiple smaller networks.

For example, you can place staff computers in VLAN 10, finance systems in VLAN 20, and guest Wi-Fi in VLAN 30. Even if the devices connect to the same physical switch, VLANs keep their broadcast domains separate.

An access port carries traffic for one VLAN only. It is normally used for end devices such as PCs, printers, IP phones, and CCTV endpoints.

A trunk port carries traffic for multiple VLANs between network devices such as switches, routers, firewalls, and wireless controllers. Trunks use VLAN tagging, commonly with IEEE 802.1Q.

interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10

interface GigabitEthernet0/24
 switchport mode trunk
 switchport trunk allowed vlan 10,20,30

The native VLAN is the VLAN on an 802.1Q trunk that carries untagged traffic. By default, many Cisco switches use VLAN 1 as the native VLAN, although best practice is often to change it to an unused VLAN for better security and cleaner design.

A native VLAN mismatch can cause unexpected connectivity issues and security concerns. That is why you should verify trunk configuration on both sides of a link.

Inter-VLAN routing allows devices in different VLANs to communicate. Since VLANs are separate broadcast domains, a Layer 3 device is needed to route traffic between them.

Common methods include router-on-a-stick, where one router interface uses subinterfaces, and multilayer switching, where a Layer 3 switch uses Switch Virtual Interfaces.

interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0

interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

STP, or Spanning Tree Protocol, prevents Layer 2 loops in switched networks. Without STP, redundant switch links can create broadcast storms, MAC table instability, and duplicate frames.

STP solves this by placing some ports in a blocking state while keeping backup paths available. If the active path fails, STP can recalculate and bring another path into use.

EtherChannel combines multiple physical switch links into one logical link. This increases bandwidth and provides redundancy while making the bundled links appear as one connection to STP.

Cisco switches can form EtherChannel using PAgP, LACP, or static configuration. LACP is standards-based and commonly preferred in mixed-vendor environments.

interface range GigabitEthernet0/1 - 2
 channel-group 1 mode active

interface Port-channel1
 switchport mode trunk

A routing table is a list of known networks and the best paths to reach them. Routers use the routing table to decide where to forward packets.

A route can be directly connected, static, or learned through a dynamic routing protocol such as OSPF. The router checks the destination IP address and chooses the most specific matching route.

A default route is used when no more specific route exists in the routing table. In IPv4, it is written as 0.0.0.0/0.

In small networks, a default route commonly points toward the internet router or ISP. It tells the router, “send unknown destinations this way.”

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Static routing is manually configured by an administrator. It is simple and predictable, but it does not automatically adapt when the network changes.

Dynamic routing uses routing protocols to learn and update routes automatically. It is better for larger or changing networks, but it requires more understanding and careful configuration.

OSPF, or Open Shortest Path First, is a link-state dynamic routing protocol. It builds a map of the network and uses cost to choose the best path.

In CCNA, you should understand OSPF neighbors, areas, router ID, network statements, passive interfaces, and why matching parameters are required for adjacency.

router ospf 1
 router-id 1.1.1.1
 network 192.168.10.0 0.0.0.255 area 0

DHCP, or Dynamic Host Configuration Protocol, automatically gives IP configuration to network devices. This can include IP address, subnet mask, default gateway, DNS server, and lease time.

Without DHCP, administrators would need to manually configure IP settings on every device. In a busy office, school, or cyber café, that would be slow and error-prone.

ip dhcp pool STAFF
 network 192.168.10.0 255.255.255.0
 default-router 192.168.10.1
 dns-server 8.8.8.8

DNS, or Domain Name System, translates human-readable names into IP addresses. For example, when a user types a website name, DNS helps the device find the IP address of the server hosting that website.

In troubleshooting, DNS is important because the internet may be working while websites still fail to open by name. A user may ping 8.8.8.8 Successfully, but failed to open a domain because DNS resolution is broken.

NAT, or Network Address Translation, changes IP address information as packets pass through a router or firewall. It is commonly used to allow many private IP devices to share one public IP address when accessing the internet.

The most common form in small networks is PAT, or Port Address Translation, sometimes called NAT overload. It tracks sessions using port numbers so multiple internal devices can communicate externally through one public address.

access-list 1 permit 192.168.10.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload

An ACL, or Access Control List, is a set of rules used to permit or deny traffic. ACLs can filter traffic based on source IP, destination IP, protocol, and port numbers, depending on whether the ACL is standard or extended.

Standard ACLs mainly filter based on the source IP address. Extended ACLs can match more details, such as destination address and TCP or UDP ports.

access-list 10 permit 192.168.10.0 0.0.0.255

access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 100 deny ip any any