Free and Updated CCNA Cheat Sheet in 2024

CCNA or Cisco Certified Network Associate is Cisco’s certification exam in the field of information technology. It is an assistant-level Cisco career certification that allows entry into a network technician job.

If you are about to take the CCNA exam, this guide can help point you in the right direction. You should pass the 200-301 exam, which is great for those who have little time to launch or advance their careers. This blog lists some essential CCNA cheat sheets and tips to help you pass the CCNA exam on the first attempt.

(*Last Day for Prime Day Sale! Up to 40% OFF for your dream IT product!* Click here for offer.)

Categories	Exam Code	100% Pass Dumps
CCNA	200-301
	200-901 DevNet
	200-201 Cyber Ops

Table of Contents

1. Configuring the Network

The following includes basic configuration network commands and their descriptions.

Enter interface configuration mode. (config)# interface g1/0

Human-readable link description. (config-if)# description Link to some host

Adds an IPv4 address to the interface. (config-if)# ip address 10.23.42.5 255.255.0.0

Adds an IPv6 address to the interface. (config-if)# ipv6 address 2001:41d0:8:e115::ccc/64

Override the MAC address. (config-if)# mac address 1234.5678.90AB

Remove MAC rewrite. (config-if)# no mac address

Adds a MAC-based IPv6 address to the interface. (config-if)# ipv6 address 2001:41d0:8:e115::/64 eui-64

2. Port Security

Enables/disables port security. (config-if)# [no] switchport port-security

Number of MACs allowed. (config-if)# switchport port-security maximum 1

Manually allow MACs on this port. (config-if)# switchport port-security mac-address 1234.5678.9abc

Allows the MAC of the learning connection until the MAC is reached. (config-if)# switchport port-security mac-address sticky

3. Configuring VLANs

Note: Even if a switch’s port is changed from access to the trunk, its access VLAN remains in the configuration. When auto-trunk negotiation fails (for example, because I unplugged the link between the switches and put it on my laptop), the configured access VLAN becomes active again and I may be able to reach parts of the network that I should not be able to reach. Always disable DTP/trunk auto-negotiation.

Layer 2 Switch Vlan Configuration

[delete vlan or] create vlan and enter config-vlan mode: (config)# [no] vlan 23

Name this VLAN TelephoneSanitizer. (config-VLAN)# name TelephoneSanitizer

Make frames on this port untagged. (config-if)# switchport mode access

By default, causes frames to be tagged when they exit this port. (config-if)# switchport mode trunk

At some times, the default is ciscos old isl: (config-if)# switchport trunk encapsulation dot1q

It remains untagged except for VLAN 256. (config-if)# switchport trunk native vlan 256

Layer 3 Switch Vlan Configuration

Enter interface configuration mode. (config)# interface VLAN 23

Set the device IP in VLAN 23: (config-if)# ip address 1.2.3.4 255.255.255.0

The virtual interface is disabled by default. (config-if)# no shutdown

Delete VLAN 23: (config)# no VLAN 23

Router (on a stick) Vlan configuration

Create subinterface g1/1.10 on g1/1: (config)# interface g1/1.10

Enable IEEE 802.1Q VLAN tagging on the subinterface with vlan 10. (config-subif)# encapsulation dot1q 10

Display vlans and their trunk interfaces. # show vlans

Troubleshooting Vlans on the Switch

Display the vlan settings for all switch ports. # show vlan [{id 23, name TelephoneSanitizer}] [brief)

Verify the mode and vlan of g1/1: # show interfaces g1/1 switchport

Display the trunk settings and status. # show interfaces g1/1 trunk

A quick way to search for a running configuration. # show run interface vlan 1

Show trunk mode/access vlan. # show interface status

Show current DTP mode for g1/1: # show dtp interface g1/1

4. STP

Spanning Tree Protocol (STP) (802.1D) blocks ports with duplicate links to prevent Layer 2 loops and broadcast storms.

Make the device the primary/secondary root bridge. (config)# spanning-tree vlan 1 root {primary, secondary}.

Enable bpdu guard for all interfaces that support portfast.(config)# spanning-tree portfast bpduguard default

Enable portfast for all non-primary interfaces.(config)# spanning-tree portfast default

Enables gpduguard on this interface.(config-if)# spanning-tree bpduguard enable

Enable portfast on this interface.(config-if)# spanning-tree portfast

Enables root protection on this interface. (config-if)# spanning-tree guard root

Troubleshooting STP

Who is the root and how do I get there? # show spanning-tree [vlan 1].

Is a global port snapshot/bpduguard configured? # show spanning-tree summary

Is portfast/bpduguard configured on this interface? # show running-config interface g1/1

Is portfast active on this interface? # show spanning-tree interface g1/1 portfast

5. EtherChannel (link aggregation)

Configure both g1/1 and g1/2.(config)# interface range g1/1 – 2

Add these two interfaces to etherchannel 1 (PAgP). (config-if-range)# channel-group 1 mode {auto, desirable}

Adds both interfaces to etherchannel 1 (LACP). (config-if-range)# channel-group 1 mode {active, passive} adds both interfaces to etherchannel 1 (LACP): (config-if-range)# channel-group 1 mode { active, passive

Add both interfaces to etherchannel 1 (Static). (config-if-range)# channel-group 1 mode on

Configure a virtual interface for etherchannel 1: (config)# interface port-channel 1

Put etherchannel 1 in trunk mode. (config-if)# switchport mode trunk

Add tagged vlans 10,20,30 to etherchannel 1: (config-if)# switchport trunk allowed vlan 10,20,30

Troubleshooting Etherchannel (link aggregation)

Include merging bandwidth and membership as additional information. # show interface port-channel 1

Displays the protocol and members of the Ethernet channel as a list. # show EtherChannel summary

Displays status and statistics for each member. # show EtherChannel port-channel 1

6. Configuring a Serial Port

In labs without an external CSU/DSU, using a DTE (Data Terminal Equipment) cable and a DCE (Data Communications Equipment) cable, the Layer 1 link speed is commanded by the CSU/DSU.

Configure the serial 1/0 interface: (config)# interface serial 1/0

Set the clock rate on the DCE router side to 128kbps.(config-if)# clock rate 128000

Verify the clock rate of serial interface 1/0: (config)# show controllers serial 1/0

If interested in more CCNA cheat sheet 2022, you can also sign up for our CCNA certification training here at SPOTO.

Free tips and tricks for using CCNA command cheat sheets

Above, we have presented some important CCNA command cheat sheets related to network engineering that are important to keep the CCNA exam.

One must gain comprehensive practical knowledge and experience to pass the exam. Just reading a book is useless. One must know the basics of troubleshooting and Internet protocols.
Proper study materials must be obtained. There are various study guides, books, and blogs on the internet. Therefore, choosing the right source can reduce the wastage of time and effort. SPOTO’s CCNA exam dumps are just the best material to help you pass CCNA 100% in 7 days.
It is good practice to schedule practice tests and write some before the actual test. This is great for time management and stress management during the exam. Try free CCNA practice tests here.
Refresh the material you have studied before the exam. the CCNA syllabus is quite comprehensive and it may take a few weeks to complete and understand all the content; proper time to review is necessary and there is a great benefit in reviewing before the exam.

Launch or advance your career at SPOTO

We hope this short guide will be beneficial for your CCNA exam preparation. CCNA is the most respected associate-level certification in the IT field. If you want to earn your CCNA certification easily and quickly, you can start your certification journey by taking SPOTO CCNA training today. Also, join our CCNA study group to get the latest CCNA exam news, tips, and exam feedback!