100 Most Frequently Asked Cisco CCNA & Networking Questions
The ultimate study companion for CCNA candidates and networking professionals.
📑 Quick Navigation — Jump to Category
Networking Basics — Questions 1 to 15
What is the difference between a hub, switch, and router?
This is the single most asked question on r/ccna for beginners. Here is the clear breakdown:
What is a MAC address and how is it different from an IP address?
MAC Address (Media Access Control): A 48-bit hardware address burned into every NIC (network interface card) by the manufacturer. Written in hexadecimal format like AA:BB:CC:DD:EE:FF. It is a Layer 2 address used within a local network segment.
IP Address: A logical Layer 3 address assigned by a network administrator or DHCP. Can change. Used for routing across networks. Format: 192.168.1.10 (IPv4) or 2001:db8::1 (IPv6).
What is the difference between TCP and UDP?
| Feature | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented (3-way handshake) | Connectionless |
| Reliability | Reliable — guarantees delivery | Unreliable — best effort |
| Speed | Slower (overhead) | Faster (less overhead) |
| Use Cases | HTTP, HTTPS, FTP, SSH, SMTP | DNS, DHCP, VoIP, Video, TFTP |
| Error Checking | Yes — acknowledgment + retransmit | Basic checksum only |
What is DHCP and how does it work? (DORA process)
DHCP (Dynamic Host Configuration Protocol) automatically assigns IP addresses to devices on a network. It uses Port 67 (server) and Port 68 (client) over UDP.
What is DNS and how does it resolve domain names to IP addresses?
DNS (Domain Name System) is the internet's phone book. It translates human-readable domain names like www.google.com into IP addresses like 142.250.80.36. DNS uses UDP port 53 (TCP port 53 for zone transfers).
Resolution Process: Your device checks local cache → queries recursive resolver → resolver checks root server → TLD server (.com) → authoritative nameserver → returns IP address to client → connection is made.
What is NAT and why is it used in networking?
NAT (Network Address Translation) allows multiple private IP addresses to share a single public IP address. It is essential because IPv4 only supports ~4.3 billion addresses, which are nearly exhausted.
What is ARP and how does it work?
ARP (Address Resolution Protocol) maps known IP addresses to unknown MAC addresses on a local network segment. When Host A wants to communicate with 192.168.1.20 on the same subnet, it broadcasts an ARP Request: "Who has 192.168.1.20? Tell 192.168.1.10." The device with that IP replies with its MAC address (ARP Reply). The result is stored in the ARP cache for future use. ARP operates at Layer 2/3 boundary and only works within the same broadcast domain.
What is the difference between a collision domain and a broadcast domain?
What are private IP address ranges and why are they used?
Private IP ranges (defined in RFC 1918) are not routable on the public internet and are reserved for internal network use:
| Class | Range | CIDR | Usage |
|---|---|---|---|
| Class A | 10.0.0.0 – 10.255.255.255 | /8 | Large enterprises |
| Class B | 172.16.0.0 – 172.31.255.255 | /12 | Medium networks |
| Class C | 192.168.0.0 – 192.168.255.255 | /16 | Home & small office |
What is a default gateway and why does every device need one?
A default gateway is the IP address of the router interface on your local subnet. When a device wants to communicate with an IP address outside its own subnet, it sends the packet to the default gateway, which then routes it to the correct destination. Without a default gateway, devices can only communicate within their own local subnet and cannot reach the internet or other networks.
What is the difference between full-duplex and half-duplex?
Half-duplex: Data can only travel in one direction at a time. Think of a walkie-talkie — you can talk OR listen but not both simultaneously. Used by hubs. Causes collisions in CSMA/CD environments.
Full-duplex: Data can travel in both directions simultaneously. Like a telephone call. Modern switches support full-duplex, eliminating collisions and doubling effective bandwidth. Always use full-duplex on switch-to-switch and switch-to-host connections.
What are the differences between IPv4 and IPv6?
| Feature | IPv4 | IPv6 |
|---|---|---|
| Address Size | 32-bit | 128-bit |
| Total Addresses | ~4.3 billion | 340 undecillion |
| Format | 192.168.1.1 | 2001:db8::1 |
| NAT Required | Yes (address exhaustion) | No (enough addresses) |
| Header Size | Variable (20–60 bytes) | Fixed (40 bytes) |
What is bandwidth vs throughput vs latency?
Bandwidth: The maximum theoretical capacity of a link (e.g., 1 Gbps fiber). Like the number of lanes on a highway.
Throughput: The actual data successfully transferred per second. Always less than bandwidth due to overhead, errors, and congestion. Like cars actually flowing on that highway.
Latency: The delay between sending and receiving data, measured in milliseconds (ms). Critical for real-time applications like VoIP and gaming. Like the travel time from point A to B.
What is a loopback address and what is it used for?
The loopback address 127.0.0.1 (IPv4) or ::1 (IPv6) refers to the local machine itself. It is used to test the TCP/IP stack on a device without sending traffic to the actual network. If you can ping 127.0.0.1 successfully, the local networking stack is working. On Cisco routers, logical loopback interfaces are used for BGP peering, router IDs in OSPF, and management access.
What is the difference between unicast, multicast, and broadcast?
OSI Model & TCP/IP Stack — Questions 16 to 25
What are the 7 layers of the OSI model and what does each do?
Memory Aid: "Please Do Not Throw Sausage Pizza Away" (Physical, Data Link, Network, Transport, Session, Presentation, Application)
Subnetting — Questions 26 to 35
Formula: Usable Hosts = 2ⁿ − 2 (where n = number of host bits). Subtract 2 for network address and broadcast address.
| CIDR | Subnet Mask | Host Bits | Usable Hosts |
|---|---|---|---|
| /24 | 255.255.255.0 | 8 | 254 |
| /25 | 255.255.255.128 | 7 | 126 |
| /26 | 255.255.255.192 | 6 | 62 |
| /27 | 255.255.255.224 | 5 | 30 |
| /28 | 255.255.255.240 | 4 | 14 |
| /30 | 255.255.255.252 | 2 | 2 |
Subnet Mask: 255.255.255.192 (/26)
First Usable Host: 192.168.10.129
Last Usable Host: 192.168.10.190
Broadcast Address: 192.168.10.191
Usable Hosts: 62
Q31 — Binary: Each octet = 8 bits. Values: 128, 64, 32, 16, 8, 4, 2, 1. Practice converting quickly: 192 = 11000000, 168 = 10101000. Memorize the powers of 2: 1,2,4,8,16,32,64,128,256.
Q32 — Wildcard Mask: The inverse of a subnet mask. Used in ACLs and OSPF. /26 mask = 255.255.255.192 → Wildcard = 0.0.0.63. Formula: 255.255.255.255 − subnet mask.
Q33 — Supernetting/Route Summarization: Combining multiple subnets into one route advertisement. Example: 10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24 can be summarized as 10.0.0.0/22.
Q34 — /31 Subnet: Contains exactly 2 IP addresses with no network or broadcast addresses (RFC 3021). Used for point-to-point links between routers to conserve IP space.
Q35 — /32 Host Route: A route to a single specific host. Used in BGP, loopback interfaces, and static host routes. Example: 8.8.8.8/32 = Google DNS specific host route.
IP Routing — Questions 36 to 50
Q40 — Routing Table: A router always picks the most specific match (longest prefix = most specific = smallest subnet). Route: C=Connected, S=Static, O=OSPF, D=EIGRP, R=RIP, B=BGP. Show with: show ip route
Q41 — Longest Prefix Match: When multiple routes match a destination, the router picks the one with the most specific (longest) prefix. /28 beats /24 which beats /16 which beats default route /0.
Q42 — Floating Static Route: A backup static route with a higher AD than the primary dynamic route. Only installed if the primary route fails. Configure with: ip route 0.0.0.0 0.0.0.0 [next-hop] 200
Q43 — Router-on-a-Stick: A single physical router interface configured with sub-interfaces to route between multiple VLANs. One trunk link connects the router to the switch. Each sub-interface uses 802.1Q encapsulation for a specific VLAN.
Q44 — BGP: Border Gateway Protocol is the routing protocol of the internet (EGP). Uses TCP port 179. AD: eBGP=20, iBGP=200. Uses path attributes (AS-PATH, NEXT-HOP, LOCAL_PREF, MED) to make routing decisions. Required for ISP connections and multi-homed networks.
Q45 — RIP: Routing Information Protocol — old, slow Distance Vector protocol. RIPv1 classful (no VLSM), RIPv2 classless. Max 15 hops (16 = unreachable). AD=120. Updates every 30 seconds. Not used in modern production networks but appears on CCNA exams.
Q46 — Route Summarization: Advertising one summary route instead of multiple specific routes. Reduces routing table size and improves convergence. OSPF inter-area summarization on ABR: area 1 range 10.0.0.0 255.255.252.0
Q47 — Routing Loop Prevention: Mechanisms include: Split Horizon (don't advertise routes back the way they came), Route Poisoning (advertise failed routes with metric of infinity), Holddown Timers (ignore updates for failed routes for a period), Maximum Hop Count (RIP=15).
Q48 — SVI (Switched Virtual Interface): A Layer 3 virtual interface on a multilayer switch assigned to a VLAN for inter-VLAN routing. More efficient than Router-on-a-Stick as routing happens in hardware. Create with: interface vlan 10 then assign IP.
Q49 — OSPF Cost: Default reference bandwidth = 100 Mbps. Cost = 100,000,000 / Interface Bandwidth (bps). FastEthernet (100M) = Cost 1. GigabitEthernet (1G) = Cost 1 (same!). Change reference bandwidth: auto-cost reference-bandwidth 1000 for Gig accuracy.
Q50 — OSPF Neighbor Requirements: Routers must agree on: Hello/Dead intervals, Area ID, Authentication, Stub flags, and MTU (if ip ospf mtu-ignore not set). Must be on same subnet. Hello=10s on broadcast, 30s on NBMA. Dead=4x Hello interval.
Switching & VLANs — Questions 51 to 62
Q56 — DTP (Dynamic Trunking Protocol): Cisco auto-negotiates trunk/access mode. Disable on user-facing ports for security: switchport nonegotiate. DTP modes: Dynamic Auto, Dynamic Desirable.
Q57 — PortFast: Skips STP Listening/Learning states on access ports, immediately putting them in Forwarding. Use only on end-device ports, never on switch-to-switch links. Enable: spanning-tree portfast
Q58 — BPDU Guard: Shuts down a PortFast-enabled port if it receives a BPDU (indicating a rogue switch connected). Prevents accidental or malicious topology changes. Enable globally: spanning-tree portfast bpduguard default
Q59 — MAC Address Table: Switches learn MAC-to-port mappings dynamically. View with: show mac address-table. Default aging time = 300 seconds. Unknown unicast frames are flooded.
Q60 — Port Security: Limits the number of MAC addresses per port. Violation actions: Shutdown (default — err-disable), Restrict (drops + logs), Protect (drops silently). Configure: switchport port-security maximum 2
Q61 — CDP (Cisco Discovery Protocol): Layer 2 Cisco proprietary protocol that discovers directly connected Cisco devices. Shows device type, IP, platform, IOS version. View: show cdp neighbors detail. Disable on internet-facing ports for security.
Q62 — LLDP (Link Layer Discovery Protocol): Open standard equivalent of CDP (IEEE 802.1AB). Works on non-Cisco devices. Enable: lldp run. View neighbors: show lldp neighbors
Network Security — Questions 63 to 73
Q67 — DHCP Snooping: Prevents rogue DHCP servers by designating trusted ports (uplinks to legitimate DHCP servers) and untrusted ports (user ports). Drops DHCP offers from untrusted ports. Enable: ip dhcp snooping vlan [id]
Q68 — DAI (Dynamic ARP Inspection): Prevents ARP spoofing/poisoning attacks by validating ARP packets against the DHCP snooping binding table. Drops ARP packets with invalid IP-to-MAC mappings on untrusted ports.
Q69 — VLAN Hopping: An attack where a device sends frames tagged to reach a different VLAN. Prevention: disable DTP on access ports (switchport nonegotiate), change native VLAN from default VLAN 1, and manually configure all trunk ports.
Q70 — IDS vs IPS: IDS (Intrusion Detection System) = passive, monitors and alerts but does NOT block. IPS (Intrusion Prevention System) = active, sits inline in traffic path and can block malicious traffic in real-time. NGFW (Next-Gen Firewalls) include IPS functionality.
Q71 — Firewall Types: Packet Filter (L3/L4, stateless), Stateful Firewall (tracks connection state, most common), Application Layer / NGFW (inspects Layer 7 content, identifies applications), WAF (Web Application Firewall — HTTP/HTTPS specific).
Q72 — 802.1X Port-Based Authentication: Requires users/devices to authenticate before getting network access. Uses EAP (Extensible Authentication Protocol). Components: Supplicant (end device), Authenticator (switch/AP), Authentication Server (RADIUS). Until authenticated, port only allows EAP traffic.
Q73 — Cisco Password Security: Enable password (clear text, avoid), Enable Secret (MD5 hashed, use this), service password-encryption (Type 7 — weak Vigenère cipher), enable algorithm-type sha256 secret [pw] (Type 8/9 — strong hash, recommended for modern IOS).
Wireless Networking — Questions 74 to 82
| Standard | WiFi Name | Band | Max Speed | Year |
|---|---|---|---|---|
| 802.11a | — | 5 GHz | 54 Mbps | 1999 |
| 802.11b | — | 2.4 GHz | 11 Mbps | 1999 |
| 802.11g | — | 2.4 GHz | 54 Mbps | 2003 |
| 802.11n | WiFi 4 | 2.4 / 5 GHz | 600 Mbps | 2009 |
| 802.11ac | WiFi 5 | 5 GHz | 6.9 Gbps | 2014 |
| 802.11ax | WiFi 6/6E | 2.4/5/6 GHz | 9.6 Gbps | 2021 |
Q75 — WLC (Wireless LAN Controller): Centrally manages multiple lightweight APs (LAPs). APs connect to WLC via CAPWAP tunnel. WLC handles authentication, RF management, roaming, and policy enforcement. Autonomous APs = standalone, Lightweight APs = managed by WLC, Cloud-managed = Cisco Meraki.
Q76 — CAPWAP (Control and Provisioning of Wireless Access Points): Tunneling protocol (UDP 5246 control, UDP 5247 data) used between LAPs and WLC. CAPWAP carries management and data traffic. Enables centralized policy and firmware management.
Q77 — Non-overlapping Channels (2.4 GHz): Only 3 non-overlapping channels in 2.4 GHz: 1, 6, 11. Always use these in CCNA and real deployments to avoid co-channel interference. 5 GHz has 24+ non-overlapping channels (UNII-1, UNII-2, UNII-3 bands).
Q78 — SSID, BSS, ESS: SSID = network name. BSS (Basic Service Set) = single AP + associated clients. IBSS = ad-hoc (device-to-device, no AP). ESS (Extended Service Set) = multiple APs with same SSID enabling seamless roaming.
Q79 — WEP vs WPA vs WPA2 vs WPA3: WEP = broken, never use. WPA = deprecated. WPA2 (802.11i) = AES-CCMP encryption, current standard. WPA3 = SAE (replaces PSK), 192-bit security, protects against dictionary attacks, mandatory for WiFi 6.
Q80 — WPA2 Personal vs Enterprise: Personal = Pre-Shared Key (PSK) — same key for all users, used in homes. Enterprise = 802.1X/RADIUS authentication — unique credentials per user, used in corporate environments with AAA servers.
Q81 — Wireless Interference Sources: Microwave ovens, Bluetooth devices, baby monitors, neighboring APs on overlapping channels, and cordless phones all cause 2.4 GHz interference. 5 GHz is cleaner but shorter range.
Q82 — MIMO & MU-MIMO: MIMO (Multiple Input Multiple Output) uses multiple antennas to improve throughput. MU-MIMO (Multi-User MIMO) allows an AP to communicate with multiple clients simultaneously instead of sequentially, significantly improving real-world WiFi performance in dense environments (offices, stadiums).
CCNA Exam Tips & Career Questions — Questions 83 to 100
Exam format: ~100 questions, 120 minutes, passing score ~825/1000. Question types include MCQ, drag-and-drop, simulation (Cisco Packet Tracer-style labs), and fill-in-the-blank.
Q85 — How long does it take to pass CCNA? Average Reddit consensus: 3–6 months with 1–2 hours daily study if you are a beginner. IT professionals with networking experience can pass in 4–8 weeks with intense study. Don't rush — understand concepts, don't just memorize dumps.
Q86 — Is CCNA worth it in 2025? Yes. CCNA remains one of the most recognized entry-level certifications globally. Average salaries for CCNA-certified professionals: $65,000–$95,000 USD. It opens doors to Network Engineer, NOC Technician, Systems Admin, and cloud networking roles.
Q87 — What Cisco IOS commands must I know for CCNA? Essential commands: show ip route, show ip interface brief, show running-config, show vlan brief, show interfaces trunk, show spanning-tree, show cdp neighbors, show ip ospf neighbor, ping, traceroute, debug ip ospf events, no shutdown.
Q88 — What is SDN (Software Defined Networking)? SDN separates the control plane (routing decisions) from the data plane (packet forwarding) and centralizes it in a software controller. Enables programmable network infrastructure. Cisco DNA Center is Cisco's SDN controller. Key concept: northbound APIs (to applications) and southbound APIs (to network devices like OpenFlow, NETCONF).
Q89 — What is network automation and why does CCNA cover it? Network automation uses scripts and APIs to configure, manage, and monitor network devices programmatically instead of manually via CLI. Tools: Python, Ansible, Terraform, Cisco DNA Center. Formats: JSON, YAML, XML. CCNA covers REST APIs, NETCONF/RESTCONF, and Cisco DNA Center basics at a conceptual level.
Q90 — What is SNMP and how is it used for network management? SNMP (Simple Network Management Protocol) is used to monitor and manage network devices. Components: Manager (NMS), Agent (on device), MIB (Management Information Base — database of device info). Versions: SNMPv1/v2c (community string, clear text — insecure), SNMPv3 (authentication + encryption — use this). Traps = unsolicited alerts from agent to manager.
Q91 — What is syslog and how does it work on Cisco devices? Syslog sends log messages from network devices to a central syslog server. Severity levels 0–7: 0=Emergency, 1=Alert, 2=Critical, 3=Error, 4=Warning, 5=Notice, 6=Informational, 7=Debugging. Memory aid: "Every Awesome Cisco Engineer Will Need Ice Daily". Configure: logging host [syslog-server-IP]
Q92 — What is NTP (Network Time Protocol)? NTP synchronizes clocks across network devices using UDP port 123. Accurate time is critical for log correlation, certificates, and Kerberos authentication. Stratum 0 = reference clock (atomic clock), Stratum 1 = directly connected, Stratum 2 = syncs from Stratum 1, etc. Configure: ntp server [IP]
Q93 — What is HSRP (Hot Standby Router Protocol)? HSRP (Cisco proprietary) provides default gateway redundancy. Multiple routers share a virtual IP address. Active router handles traffic; Standby router takes over if Active fails. Priority = 100 default (higher wins). Preempt allows higher priority router to reclaim active role. VRRP (open standard) and GLBP (Cisco, load balancing) are alternatives.
Q94 — Should I use brain dumps to pass CCNA? Every experienced Redditor emphatically says NO. Brain dumps are: against Cisco's exam policies (you can lose your certification and be banned), do not prepare you for real-world networking, and the knowledge gaps will show up in job interviews. Understand concepts — it will serve your career far better.
Q95 — What home lab should I build for CCNA practice? Options by budget: Free: Cisco Packet Tracer (best for CCNA topics) or GNS3 with IOS images. Low budget: Buy 2-3 used Cisco 2960 switches + 2 ISR routers (1841/2811) on eBay for $50–$100 total. Cloud: EVE-NG with IOS images or Cisco DevNet Always-On Sandboxes (free).
Q96 — What certifications come after CCNA? Paths from CCNA: CCNP Enterprise (routing/switching), CCNP Security, CCNP Data Center, CCNP Service Provider. Also consider: AWS/Azure cloud certs, CompTIA Network+/Security+, Juniper JNCIA, Palo Alto PCNSA, or Fortinet NSE certifications depending on career goals.
Q97 — What is the difference between in-band and out-of-band management? In-band: Management traffic travels on the same network as production data traffic (SSH, HTTPS, SNMP over the production interface). Out-of-band: Dedicated separate management network or console cable. Preferred for critical infrastructure — if the network is down, you can still access devices via OOB console/management port.
Q98 — What is the Cisco IOS mode hierarchy? User EXEC Mode (>) → Privileged EXEC Mode (#, enable) → Global Configuration Mode ((config)#, configure terminal) → Interface/Line/Router Config sub-modes. Save config: copy running-config startup-config or write memory.
Q99 — What is the difference between running-config and startup-config? running-config: Current active configuration stored in RAM. Lost on reboot if not saved. startup-config: Configuration stored in NVRAM. Loaded on boot. Always save running to startup after making changes: copy run start. View: show running-config / show startup-config
Q100 — What are the top 5 tips from r/ccna to pass the exam on the first try? 1️⃣ Do labs every day — not just watching videos. Hands-on is irreplaceable. 2️⃣ Master subnetting until it's automatic — set a 30-second goal per calculation. 3️⃣ Use spaced repetition (Anki) for commands, port numbers, and protocol facts. 4️⃣ Take Boson ExSim practice exams — if you consistently score 80%+, you're ready. 5️⃣ Understand WHY things work, not just what commands to type. The exam tests conceptual understanding, and so will every job interview afterward.
Ready to Pass Your CCNA?
You've just covered the 100 most critical CCNA and networking concepts asked on Reddit. Bookmark this page, review it weekly, and combine it with hands-on labs in Packet Tracer. The CCNA is within your reach.
This article is for educational purposes and exam preparation. Cisco, CCNA, and related marks are trademarks of Cisco Systems Inc. Always study from official Cisco materials and authorized training partners for exam preparation.
