CCNA 200-301
Last update:
Tags:
Today I passed Cisco's CCNA 200-301 certification exam. In short, they fixed a lot of old problems but added a few new ones. However, it's still much closer to an exam that a working network administrator can walk into from the street and pass, compared to the last time I've seen it. In this post I'll try to offer some preparation tips.
First, I should note that the first time I took a CCNA exam was in 2014. That was CCNA Routing and Switching 200-120, and I was one of the last people to take the “classic” exam with all legacy protocol questions. The good thing is that I’ve always been obsessed with computing history, so I knew quite a bit of those protocols like FrameRelay, ATM, or RIPv2 (hell, I even still remember what improvements RIPv2 made compared to RIPv1). Still, that exam felt like a networking history test: it had questions about things no one younger than forty (at the time) could have seen in a real-life network, but it didn’t have anything about already widespread things like FHRP or QoS.
That certificate expired in 2017, and I didn’t re-take it because I didn’t really have a reason to. This year I set out to see how CCNA changed and contacted the nearest Pearson VUE testing site. There I quickly found how out of touch with the Cisco certification world I was: I didn’t even know that there’s no “CCNA R&S” (or CCNA Security, or CCNA Wireless…) anymore, it’s now a single CCNA exam with everything lumped together. Apparently, I missed a whole era of an updated CCNA that had simulation questions in it, which is unfortunate, but what do you do.
First of all, Cisco has an official list of exam topics. Even from that topic list it’s obvious that it’s much closer to the networking reality of today. There are questions about NAT, WiFi, IPv6, and automation; and there are no questions about RIP, VTP, and other stuff no one touched in decades.
However, there’s a catch. First, the topic list doesn’t mention EIGRP, but to my surprise, the exam did have questions that required its knowledge. The first question was specifically about EIGRP route selection, the second de facto required knowing its route letter code and default administrative distance to answer correctly.
This brings us to the really big problem of that exam: it tests your memory much more than it should. That second question had an exhibit similar to the following, but without the “Codes” header. This is from a VyOS installation that uses FreeRangeRouting, but the format is similar.
# run show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
S>* 0.0.0.0/0 [1/0] via 192.0.2.1, eth0
B>* 10.3.34.0/24 [20/0] via 10.217.34.101, tun0
O>* 10.3.34.0/25 [110/0] via 10.217.34.102, tun1
S>* 10.3.34.0/26 [1/0] via 10.217.34.10, tun2
The question was along the lines: which route will be used to reach 10.3.34.5? It’s a simple and perfectly sensible longest match rule question. The catch was that the options were like: 1) static route 2) OSPF route 3) EIGRP route 4) BGP route.
Remember, what you’d actually see would be like this:
S>* 0.0.0.0/0 [1/0] via 192.0.2.1, eth0
B>* 10.3.34.0/24 [20/0] via 10.217.34.101, tun0
O>* 10.3.34.0/25 [110/0] via 10.217.34.102, tun1
S>* 10.3.34.0/26 [1/0] via 10.217.34.10, tun2
In this case, you could easily guess that “S” means “static”, “O” means “OSPF”, and “B” means “BGP”, even without the header. Well, in FreeRangeRouting, you could also guess that “E” means EIGRP. However, Cisco’s letter code for EIGRP routes is… “D”! I could see that coming so I brushed it up, but if I didn’t and if I also assumed there will not be EIGRP questions, I’d fail that question.
In effect, memorizing the table of routing protocol letter codes and default administrative distance values is still a hard requirement for passing, even though you’d never need it in real life.
The other long-standing issue is that Cisco IOS still has a “puzzle CLI” that naturally creates to puzzle questions,
even if exam authors aren’t writing puzzle questions intentionally. A notable example is the LAG protocol option syntax.
The basic command is channel-group <num> mode <on|auto|desirable|active|passive>
. If you don’t know already, you can entertain yourself with trying to guess
what those options mean before reading further. Or just read on: on
means “enable LAG unconditionally”, auto
means
“accept PAgP” (Cisco’s proprietary LAG protocol), desirable
means “offer PAgP”,
active
means “offer LACP”, and passive
means “accept LACP”.
It seems reasonable to ask about that on the exam because mismatched options can and do lead to broken LAGs. There are multiple questions about that, some add a further level of trickiness by offering two choices with correct commands, but only one of them matches the question wording (e.g. which side should be the initiator).
However, the real solution would be to fix that insane syntax in the IOS! Even just adding a bunch of aliases for existing options
woult be a huge improvement: channel-group <num> mode <force|accept-pagp|offer-pagp|offer-lacp|accept-lacp>
. A well-designed CLI
shouldn’t take a mnemonist to operate.
There’s also a category of questions that effectively require you to memorize marketing blurb. When it comes to the Cisco DNA Center, I didn’t get any questions about actually using it, only about its benefits as envisioned by Cisco’s marketing team.
Of course, there are still lots of questions that require subnet calculations. I think it’s something any qualified network admin should be able to do even if normally they’d use an IP calculator. However, inverse masks is just a CLI wart that is already half-gone: there’s no such thing in IPv6 ACLs, but they live on in the IPv4 ACL syntax, and you need to know them.
I use a mental shortcut: for a prefix >24, the inverse mask is the number of hosts in it minus one. For example, a /25 network has 128 hosts, so its inverse mask is 0.0.0.127; a /27 has 32 hosts so its inverse mask is 0.0.0.31 and so on. Technically it’s 2(32 - length) - 1, but since network sizes are already in memory, the shortcut is simpler to use. For prefix lengths shorter than 24 you need to carry of course, that’s much more annoying, but I didn’t get any questions with large networks (which, frankly, is consistent with today’s real-world subnetting).
All in all, if it wasn’t for trick questions and memory sport elements, it would be an excellent networking exam. Now it’s better than it used to be, but still far from excellent.