📋 Network Security Cheat Sheet

Quick reference for Layer 2 security, AAA, and VPN concepts tested on the CCNA exam.

Why This Cheat Sheet Matters for CCNA

This cheat sheet covers the most important CCNA Security Fundamentals concepts tested on the CCNA (CCNA) certification exam. It contains 3 sections with 14 key points that you should memorize before exam day. Use this as a quick-reference guide during your final review sessions.

3Sections
14Key Points

Port Security

  • Limits MAC addresses allowed on a switchport.
  • Violation modes: protect (silent drop), restrict (drop + log + increment counter), shutdown (err-disable, default).
  • switchport port-security maximum <n> — sets max allowed MAC addresses.
  • switchport port-security mac-address sticky — dynamically learns and saves MACs to running-config.
  • To recover from err-disabled: shutdown → no shutdown (or errdisable recovery cause psecure-violation).

Layer 2 Threat Mitigation

  • DHCP Snooping: untrusted ports drop DHCP server messages. Builds binding table (MAC, IP, VLAN, port).
  • Dynamic ARP Inspection (DAI): validates ARP packets against the DHCP snooping binding table.
  • Storm Control: limits broadcast/multicast/unicast traffic levels on a port.
  • 802.1X: port-based NAC — supplicant (client), authenticator (switch), authentication server (RADIUS).

AAA & VPN

  • AAA: Authentication (who), Authorization (what), Accounting (tracking).
  • RADIUS: UDP 1812/1813, encrypts password only, combines auth+authz. Open standard.
  • TACACS+: TCP 49, encrypts entire payload, separates AAA functions. Cisco proprietary.
  • Site-to-Site VPN: connects two networks over the internet (IPsec tunnel).
  • Remote Access VPN: connects individual users to the corporate network (SSL/TLS or IPsec).

Practice CCNA Security Fundamentals Questions

Put your knowledge to the test with practice questions.

Full CCNA Quiz

Cisco Command Quick Reference

Cisco IOS commands follow a hierarchical structure: User EXEC mode (>), Privileged EXEC mode (#), Global Configuration mode (config)#, and Interface Configuration mode (config-if)#. Master the transitions between these modes and the key "show" commands for each technology area — they are heavily tested on every Cisco exam.

More CCNA Cheat Sheets

📋Subnetting Cheat Sheet📋OSPF Cheat Sheet📋VLAN & Trunking Cheat Sheet📋ACL Cheat Sheet
← CCNA Study HubFree Mock Exam7-Day Study Plan