CCNA 200-301 Exam Topics and Lab Blueprint (2026)

CCNA Topics Need a Lab Map, Not Just a Checklist

The official CCNA 200-301 topic list is useful, but it is not a study plan by itself. If you only read the objectives, you can recognize words without being able to configure, verify, or troubleshoot anything. If you only build random Packet Tracer labs, you can spend hours on tasks that do not map cleanly to the exam.

This blueprint turns the current Cisco domains into an action plan: what to know, what to lab, what to drill, and what to review last.

Use Cisco as the source of truth. Cisco's 200-301 CCNA exam page lists Implementing and Administering Cisco Solutions (200-301 CCNA) v1.1 as a 120-minute exam tied to the CCNA certification, priced at U.S. $300 or Cisco Learning Credits. Cisco also publishes the current CCNA v1.1 exam topics PDF, which defines the six domains and weights, and Cisco's v1.1 update article explains the added AI, machine learning, cloud management, and updated automation emphasis.

free CCNA practice questionsPractice questions with detailed explanations

---

The Six Official CCNA Domains

The immediate lesson is that IP Connectivity cannot be an afterthought. It is the largest domain and also the place where weak subnetting, routing-table reading, OSPF gaps, and IPv6 confusion compound.

The second lesson is that 10% domains still matter. IP Services and Automation are smaller, but they often contain compact topics where a little focused practice produces reliable points.

The third lesson is that the verbs matter. Cisco objectives that say configure and verify deserve hands-on labs. Objectives that say interpret deserve command-output drills. Objectives that say compare or describe deserve quick decision tables. This is where many syllabus pages stop too early: they list the nouns, but they do not tell you what action proves readiness.

---

Domain 1: Network Fundamentals

Network Fundamentals is not just "OSI model and cables." It is the vocabulary layer for everything else. Your goal is to explain how traffic moves across hosts, switches, routers, wireless infrastructure, cloud-connected networks, and small office networks.

Lab and drill targets:

• Identify routers, Layer 2 switches, Layer 3 switches, firewalls, access points, controllers, endpoints, servers, and PoE devices in diagrams.
• Compare two-tier, three-tier, spine-leaf, WAN, SOHO, on-premises, and cloud topologies.
• Explain TCP vs. UDP with ports, reliability, and use cases.
• Practice IPv4 addressing and subnetting until block sizes are automatic.
• Recognize interface and cable issues such as speed mismatch, duplex mismatch, errors, and collisions.
• Explain private IPv4 space and why NAT appears later in IP Services.

Best lab: build a small topology with two LANs, a router, one switch per LAN, and a server. Label every device role, IP subnet, gateway, and cable type. Then explain the packet path from host A to server B.

Common mistake: memorizing the OSI layers without connecting each layer to troubleshooting evidence. If a link light is down, that is physical. If MAC learning is wrong, that is Layer 2. If the default gateway is wrong, that is Layer 3.

---

Domain 2: Network Access

Network Access is where CCNA candidates move from "networks exist" to "I can build the switching edge." The concepts are practical: VLANs, trunks, inter-VLAN routing, EtherChannel, STP, and wireless architecture.

Lab and drill targets:

• Create VLANs and assign access ports.
• Configure 802.1Q trunks and verify allowed VLANs.
• Explain native VLAN risk and mismatch behavior.
• Configure router-on-a-stick or switched virtual interfaces for inter-VLAN routing.
• Build EtherChannel and verify the bundle state.
• Predict STP root bridge selection and port roles.
• Compare autonomous APs, lightweight APs, and controller-based wireless.

Best lab: three switches, three VLANs, two trunks, one EtherChannel, and one routed gateway. Break one trunk allowed VLAN list and use show commands to find the symptom.

Common mistake: treating VLANs as IP subnets. VLANs are Layer 2 broadcast domains. IP subnets are Layer 3 address boundaries. They often align, but they are not the same thing.

---

Domain 3: IP Connectivity

This is the CCNA make-or-break domain. It is the largest domain at 25%, and it is where theory and hands-on thinking meet.

Your non-negotiable skills:

• Subnet quickly and accurately.
• Read a routing table.
• Predict next hop and longest-prefix match.
• Configure and verify static routes.
• Explain OSPF neighbor relationships and basic behavior.
• Recognize IPv6 address types and routing basics.
• Understand first-hop redundancy at a conceptual level.

Subnetting should be a daily warm-up, not a weekend event. Use 10 minutes per day:

Best lab: three routers in a triangle, three LANs, one OSPF area, one static default route, and one intentionally wrong wildcard mask. Verify neighbors, routes, and end-to-end reachability.

Common mistake: using ping as the only verification tool. Ping tells you reachability; it does not tell you whether the path is correct, whether OSPF is healthy, or whether a route is learned the way you think.

---

Domain 4: IP Services

IP Services is only 10%, but it appears everywhere in real networks. It also produces scenario questions because services have clear symptoms.

Lab and drill targets:

• Configure DHCP pools and excluded addresses.
• Explain DHCP relay.
• Configure and verify NAT/PAT.
• Explain DNS lookup flow and common record types.
• Read basic syslog severity and purpose.
• Explain NTP and why time matters for logs and authentication.
• Describe SNMP managers, agents, traps, and versions.
• Recognize QoS concepts such as classification, marking, and queuing.

Best lab: create an inside LAN that uses DHCP, reaches an outside network through PAT, logs to a syslog server, and uses NTP. Then break NAT and identify whether the symptom is addressing, routing, or translation.

Common mistake: seeing NAT as security. NAT changes address representation; it is not a substitute for firewall policy.

---

Domain 5: Security Fundamentals

Security on CCNA is practical network security, not a full cybersecurity certification. You need to know how to restrict management access, filter traffic, protect switchports, understand wireless security, and recognize AAA concepts.

Lab and drill targets:

• Configure standard and extended ACLs.
• Place ACLs in the correct direction and interface.
• Secure device management with SSH.
• Disable unused ports and use port security.
• Explain DHCP snooping, Dynamic ARP Inspection, and common Layer 2 attacks.
• Compare RADIUS and TACACS+ at a basic level.
• Identify WPA2, WPA3, and 802.1X concepts.

Best lab: build two VLANs and write an ACL that permits one application while denying another. Verify with source and destination tests. Then explain why the ACL belongs close to the source or destination depending on standard vs. extended behavior.

Common mistake: forgetting implicit deny. If you write an ACL and do not permit required traffic, you blocked it.

---

Domain 6: Automation and Programmability

Cisco added Generative AI, Cloud Network Management, and Machine Learning topics to CCNA v1.1 beginning August 20, 2024. Cisco described those as small but relevant changes. Do not over-study automation, but do not ignore it.

You should be comfortable with:

• Northbound vs. southbound APIs at a conceptual level.
• REST methods such as GET, POST, PUT, and DELETE.
• Reading simple JSON.
• Controller-based networking and separation of planes.
• Configuration management concepts such as Ansible and Terraform.
• Cloud-managed networking and AI/ML awareness in operations.

Best drill: read a small JSON response and identify keys, values, arrays, and nested objects. Then match REST methods to actions: retrieve, create, replace/update, delete.

Common mistake: trying to become a developer for CCNA. You need network automation literacy, not deep software engineering.

---

The Weekly Lab Blueprint

Use this eight-week lab sequence after you have basic video or reading coverage:

Cisco lists Cisco Modeling Labs as a hands-on way to design, build, and troubleshoot real network environments, and Packet Tracer remains a practical starting point for many associate-level labs. Use whichever environment you can run consistently; the non-negotiable requirement is that each lab has a mapped objective and a verification step.

Every lab should end with three artifacts:

1. A topology diagram.
2. A table of IP addresses and VLANs.
3. A verification note listing the show commands or tests that prove it works.

That habit turns labs into exam evidence. You are not just clicking around; you are learning what correct state looks like.

---

Final Review Priorities

CCNA practice questionsPractice questions with detailed explanations

Your final readiness checklist:

• Subnetting is fast enough that it does not steal exam time.
• You can read a routing table and choose the best route.
• You can configure and verify VLANs, trunks, static routes, OSPF, DHCP, NAT, ACLs, and SSH.
• You can explain common failure symptoms by layer.
• You can read simple JSON and match API methods to actions.
• You know Cisco's official six-domain blueprint and your weakest two domains.

CCNA is not passed by reading the blueprint. It is passed by converting the blueprint into repeatable network decisions. Build, break, verify, review, and then test yourself under time pressure.

CCNA study guideFree exam prep with practice questions & AI tutor