Browse Cisco Certification Guides

Cisco CCNA Cheat Sheet: Subnetting, Routing, and Switching

April 24, 2026

Cisco CCNA cheat sheet for subnetting, routing, switching, traps, and final review.

On this page

Use this cheat sheet for Cisco Certified Network Associate (CCNA) after you know the basics and need faster packet-path decisions. CCNA questions reward layer-by-layer troubleshooting: address, VLAN, MAC table, route, ACL, service, and evidence.

Read every CCNA question in this order

  1. Identify the failing path: same VLAN, inter-VLAN, routed path, internet edge, wireless, management, or application.
  2. Check addressing first: IP, mask, gateway, subnet, and duplicate or wrong interface.
  3. Check Layer 2: link state, VLAN, trunk, native VLAN, MAC table, and STP.
  4. Check Layer 3: routing table, next hop, OSPF/static/default route, and return path.
  5. Check controls: ACL direction/order, NAT, security, wireless policy, and management access.

CCNA answer sequence

Use this when the stem mixes address, VLAN, route, ACL, NAT, or path evidence.

    flowchart TD
	  S["Scenario"] --> P["Identify the failing path"]
	  P --> A["Check addressing first"]
	  A --> L["Check Layer 2"]
	  L --> R["Check Layer 3"]
	  R --> C["Check controls and return path"]

Subnetting quick map

Need Exam instinct
identify network apply mask to IP address
usable host range exclude network and broadcast in traditional IPv4 subnet questions
required host count choose prefix with enough usable addresses
required subnet count borrow enough bits and verify host capacity
wrong gateway host must point to router interface in its subnet
overlap overlapping subnets create routing and assignment ambiguity

Switching and VLANs

Symptom First checks
same-VLAN hosts cannot talk IP/mask, switchport VLAN, link state, MAC table, host firewall
trunk not carrying VLAN trunk mode, allowed VLAN list, native VLAN, encapsulation where relevant
inter-VLAN routing fails SVI or router subinterface, gateway, VLAN, trunk, routing
loop or instability STP root, blocked port, redundant link, portfast misuse
device on wrong network access VLAN assignment and endpoint IP
MAC not learned cabling, port status, VLAN, security feature, and endpoint traffic

Routing and IP connectivity

Requirement Start with
local subnet communication ARP, MAC table, VLAN, IP/mask
remote subnet communication gateway, routing table, next hop, return route
default internet path default route and NAT/firewall edge context
dynamic routing issue neighbors, advertised networks, metrics, passive interfaces, area
route choice longest prefix match first, then administrative distance/metric concepts
intermittent path interface counters, errors, duplex/speed, routing changes, congestion

ACL and security fundamentals

ACL clue Better instinct
standard ACL source IP focus
extended ACL source, destination, protocol, and port
wrong traffic blocked order, direction, interface, and implicit deny
management access SSH, AAA/local users, privilege, VTY lines, ACL, and secure transport
device hardening passwords/secrets, SSH, disable unused services, logging, and banners where required
segmentation VLANs, ACLs, firewall policy, and least privilege

Wireless and automation basics

Topic Fast recall
SSID wireless network name, not security by itself
authentication identity or pre-shared access depending on design
encryption protects wireless traffic confidentiality
controller-based wireless centralized management and policy model
API structured interface for automation
JSON common structured data format
controller central platform for intent, policy, or device management

Troubleshooting evidence

Need Helpful evidence
interface health status, counters, errors, speed/duplex
VLAN state VLAN table, trunk state, MAC table
IP path ping, traceroute, routing table, ARP
OSPF/basic dynamic routing neighbor state and learned routes
ACL effect interface direction, hit counts/logs where available, rule order
device management SSH status, users, AAA, line config, reachability

Common traps

Trap Better instinct
subnet shortcut error calculate network, range, and broadcast carefully
ACL direction mistake traffic is evaluated inbound or outbound on a specific interface
route before interface check link and addressing before routing protocol changes
VLAN mismatch access/trunk/native/allowed VLAN issues are common
default gateway confusion host gateway and router default route are different problems
automation as coding-only understand APIs, controllers, JSON, and intent-based operations conceptually

Final 15-minute review

If the stem says… Start here
cannot ping same subnet IP/mask, VLAN, link, MAC, host firewall
cannot reach remote subnet gateway, route, next hop, return path, ACL
trunk issue trunk mode, allowed VLAN, native VLAN, STP
route selection longest match, route source, metric/admin distance
access blocked ACL order, direction, interface, implicit deny
management failure SSH, user/AAA, VTY, ACL, reachability

Practice fit

Use IT Mastery for the exact product route, practice status, spaced review when available, and close-answer explanation practice as coverage expands.

Open the exact IT Mastery route here: CCNA on MasteryExamPrep.

One-line decision rule

CCNA answers should follow the packet path and prove each layer before changing the next one.

Revised on Sunday, May 10, 2026
Study Plan