Network Fundamentals
The bedrock of every CCNA topic — OSI model, TCP/IP, addressing, devices, topologies, and modern cloud/virtualization concepts. This domain is 20% of the exam.
OSI Model — 7 Layers
Click any layer to expand details · Mnemonic: "All People Seem To Need Data Processing" (top→bottom) or "Please Do Not Throw Sausage Pizza Away" (bottom→top)
#
Layer
PDU
Key Protocols
7
Application
Data
HTTP, HTTPS, DNS, SMTP, FTP, SSH, Telnet
User-facing layer. Provides network services to applications. Key exam fact: HTTP=80, HTTPS=443, DNS=53, FTP=21, SSH=22, Telnet=23, SMTP=25. Firewalls operating here are "Application-layer firewalls" or Next-Generation Firewalls (NGFW).
6
Presentation
Data
SSL/TLS, JPEG, MPEG, ASCII, Encryption
Data translation, encryption, and compression. Ensures data is in a usable format. Key exam fact: SSL/TLS encryption happens here. Often forgotten — think: "translate, encrypt, compress."
5
Session
Data
NetBIOS, RPC, SQL sessions
Establishes, manages, and terminates sessions between applications. Key exam fact: Rarely tested in depth. Remember it manages the dialog between two devices (start/stop/synchronize).
4
Transport
Segment
TCP (reliable), UDP (fast), port numbers
Heavily tested. TCP: connection-oriented, reliable, ordered delivery, flow/error control. UDP: connectionless, faster, no guarantee. Port numbers live here (source + destination). TCP uses 3-way handshake: SYN → SYN-ACK → ACK.
3
Network
Packet
IP (v4/v6), ICMP, OSPF, EIGRP, BGP
Heavily tested. Logical addressing (IP addresses) and routing. Routers operate at Layer 3. IP packets contain source/destination IP. OSPF, EIGRP, and BGP are Layer 3 routing protocols. ICMP (ping/traceroute) is also Layer 3.
2
Data Link
Frame
Ethernet, 802.1Q, ARP, STP, PPP, HDLC
Heavily tested. Physical addressing (MAC addresses) and local delivery. Switches operate here. Ethernet frames contain source/destination MAC. ARP resolves IP→MAC. STP prevents loops at Layer 2. 802.1Q VLAN tagging is a Layer 2 operation.
1
Physical
Bit
Ethernet cables, fiber, Wi-Fi, hubs, repeaters
Raw bit transmission over physical medium. Cables, connectors, voltages, frequencies. Hubs are Layer 1 (repeat to all ports). Key exam fact: Cables: UTP Cat5e (1Gbps/100m), Cat6 (10Gbps/55m). Fiber: SMF (long distance, blue connector), MMF (shorter, orange connector). PoE operates at Layer 1.
TCP/IP Model Comparison
OSI (7 layers)
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
TCP/IP (4 layers)
Application (= OSI 5+6+7)
HTTP, DNS, SMTP, FTP, SSH
HTTP, DNS, SMTP, FTP, SSH
Transport (= OSI 4)
TCP, UDP
TCP, UDP
Internet (= OSI 3)
IP, ICMP, routing protocols
IP, ICMP, routing protocols
Network Access (= OSI 1+2)
Ethernet, Wi-Fi, ARP
Ethernet, Wi-Fi, ARP
TCP vs UDP — Transport Layer
Watch the TCP 3-way handshake live — hit Play
TCP — Reliable
TypeConnection-oriented
Handshake3-way (SYN→SYN-ACK→ACK)
ReliabilityACKs, retransmit, ordering
Flow controlWindowing
Use whenData must arrive correctly
ExamplesHTTP, SSH, FTP, SMTP
UDP — Fast
TypeConnectionless
HandshakeNone — just send
ReliabilityNone — fire and forget
Flow controlNone (app handles it)
Use whenSpeed > reliability
ExamplesDNS, DHCP, TFTP, VoIP, video
CLIENT
192.168.1.10
192.168.1.10
SYN
SYN-ACK
ACK
SERVER
10.0.0.1:80
10.0.0.1:80
Press Play to animate the 3-way handshake
SYNClient: "I want to connect, my seq=1000"
SYN-ACKServer: "OK, my seq=2000, ack=1001"
ACKClient: "Confirmed, ack=2001" — connection open!
4-way closeFIN → FIN-ACK → FIN → FIN-ACK
IPv4 Addressing
Address classes, private ranges, and special addresses
| Class | First Octet | Default Mask | Private Range | Use |
|---|---|---|---|---|
| A | 1–126 | /8 | 10.0.0.0/8 | Large enterprises |
| B | 128–191 | /16 | 172.16.0.0–172.31.255.255 | Medium networks |
| C | 192–223 | /24 | 192.168.0.0/16 | Small networks/homes |
| D | 224–239 | N/A | — | Multicast |
| E | 240–255 | N/A | — | Reserved/experimental |
Special Addresses
127.0.0.1Loopback (never leaves OS)
169.254.x.xAPIPA (no DHCP found)
255.255.255.255Limited broadcast
0.0.0.0This host / default route
Traffic Types
UnicastOne sender → one receiver
BroadcastOne sender → all in subnet
MulticastOne sender → group members
AnycastNearest of a group (IPv6 common)
Ethernet & ARP
Layer 2 addressing and the protocol that bridges L2↔L3
MAC Address
Length48 bits (6 bytes)
FormatAA:BB:CC:DD:EE:FF (hex)
OUIFirst 3 bytes = vendor ID
BroadcastFF:FF:FF:FF:FF:FF
ScopeLocal segment only
ARP — Address Resolution Protocol
PurposeIP → MAC resolution
RequestBroadcast: "Who has 10.0.0.1?"
ReplyUnicast: "10.0.0.1 is at AA:BB:CC…"
Cacheshow arp (router/PC)
SpoofingPrevented by DAI (DHCP snooping)
Ethernet II Frame Structure
PREAMBLE
8B
DST MAC
6B
SRC MAC
6B
ETHERTYPE
2B
PAYLOAD
46–1500B
FCS
4B
EtherType 0x0800 = IPv4 · 0x86DD = IPv6 · 0x0806 = ARP. Max frame = 1518B (1522B with 802.1Q tag).
Physical Layer — Cables & PoE
What carries the bits
Copper (UTP)
Cat5e1 Gbps / 100m
Cat610 Gbps / 55m (full 10G to 100m)
Cat6a10 Gbps / 100m (augmented)
ConnectorRJ-45 (8P8C)
StraightPC↔Switch, Router↔Switch
CrossoverSwitch↔Switch (old — MDIX auto)
Fiber Optic
SMFSingle-mode · OS2 · yellow · km range
MMFMulti-mode · OM1-4 · orange/aqua · <550m
ConnectorsLC (small), SC, ST, MPO
SFP1G transceiver module (hot-swappable)
SFP+10G transceiver module
QSFP40/100G quad transceiver
| Standard | Max Power (per port) | Common Device |
|---|---|---|
| 802.3af (PoE) | 15.4 W | VoIP phones, basic APs |
| 802.3at (PoE+) | 30 W | PTZ cameras, dual-band APs |
| 802.3bt (PoE++) | 60–100 W | Laptops, video conferencing |
Network Devices — What Operates Where
Each device has a home in the OSI model
Hub
Layer 1
Repeats all bits to all ports. One collision domain. Obsolete.
Switch
Layer 2
Forwards frames by MAC table. Each port = collision domain. All ports = 1 broadcast domain.
Router
Layer 3
Routes packets by IP. Each interface = separate broadcast domain. Default gateway for hosts.
L3 Switch
Layer 2+3
Switches + routes. SVIs enable inter-VLAN routing. Needs "ip routing" enabled.
Access Point
Layer 2
Bridges wireless↔wired at Layer 2. Autonomous (standalone) or lightweight (WLC-managed).
WLC
Layer 3
Wireless LAN Controller. Manages lightweight APs centrally via CAPWAP tunnels.
Firewall
Layer 3–7
Filters traffic by ACLs, state, or deep inspection. NGFW inspects to Layer 7.
IDS / IPS
Layer 3–7
IDS: detects + alerts. IPS: detects + blocks inline. Both inspect packet content.
Collision domain = segment where a collision can occur (split by switches/routers).
Broadcast domain = all devices that receive a broadcast (split by routers or VLANs). A switch with 4 ports = 4 collision domains, 1 broadcast domain.
Network Topology Architectures
Click a topology to see the diagram
2-Tier (Collapsed Core)
Access + Distribution/Core combined. Small-medium campus. Fewer devices, simpler.
3-Tier (Enterprise)
Access → Distribution → Core. Large campus. High availability, modular scaling.
Spine-Leaf (Data Center)
Every leaf connects to every spine. Equal-cost paths. No STP needed. SDN-friendly.
SOHO / WAN
Small office/home. Router + switch + Wi-Fi AP. Single device often does all roles.
Virtualization
VMs, containers, hypervisors, virtual switches — the new data center
Type 1 Hypervisor (Bare-metal)
VM1 VM2 VM3
Hypervisor (VMware ESXi, Hyper-V)
Physical Hardware (CPU, RAM, NIC)
Runs directly on hardware. Better performance. Used in enterprise data centers.
Type 2 Hypervisor (Hosted)
VM1 VM2
Hypervisor App (VirtualBox, VMware Workstation)
Host OS (Windows / Linux)
Physical Hardware
Runs on top of a host OS. Easier to use. For dev/test, not production.
Virtual Switch (vSwitch)
Software switch inside the hypervisor. Connects VMs to each other and to physical NICs. Supports VLANs, port groups, uplinks. VMware calls it vDS or vSS.
Containers vs VMs
VMsFull OS per VM, slower boot, isolated
ContainersShare host OS kernel, fast, lightweight
DockerMost popular container platform
K8sKubernetes — container orchestration
Cloud Computing Models
IaaS, PaaS, SaaS — know which layer YOU manage
IaaS
Infrastructure as a Service
You manageOS, apps, data
ProviderVMs, storage, network
AWS EC2, Azure VMs, GCP Compute
PaaS
Platform as a Service
You manageApps and data only
ProviderRuntime, OS, hardware
Heroku, AWS Elastic Beanstalk, Azure App Service
SaaS
Software as a Service
You manageJust use the app
ProviderEverything
Gmail, Salesforce, Microsoft 365, Webex
Deployment Models
PublicAWS/Azure/GCP — shared resources
PrivateOn-premises cloud (your hardware)
HybridMix of public + private
CommunityShared by specific org group
On-Prem vs Cloud
CapExOn-prem: buy hardware upfront
OpExCloud: pay-as-you-go
ElasticityCloud scales instantly on demand
ControlOn-prem = full control of data
Common Ports — Exam Must-Know
These appear constantly in ACL and protocol questions
| Port | Protocol | Service | Notes |
|---|---|---|---|
| 20 | TCP | FTP Data | Active: server→client data |
| 21 | TCP | FTP Control | Commands/control channel |
| 22 | TCP | SSH | Secure remote access — use this, not Telnet |
| 23 | TCP | Telnet | Plaintext — avoid in production |
| 25 | TCP | SMTP | Email sending |
| 53 | UDP/TCP | DNS | UDP for queries, TCP for zone transfers |
| 67 | UDP | DHCP Server | Server listens here |
| 68 | UDP | DHCP Client | Client listens here |
| 69 | UDP | TFTP | Trivial FTP — no auth, Cisco IOS transfers |
| 80 | TCP | HTTP | Web (unencrypted) |
| 110 | TCP | POP3 | Email retrieval (deletes from server) |
| 143 | TCP | IMAP | Email retrieval (keeps on server) |
| 161 | UDP | SNMP | Network management GET/SET |
| 162 | UDP | SNMP Trap | Device → manager alerts |
| 443 | TCP | HTTPS | HTTP over TLS — secure web |
| 514 | UDP | Syslog | Log messages to syslog server |
| 830 | TCP | NETCONF | Network management over SSH |
Practice Drills
18 questions covering the full Network Fundamentals domain.
30s
Question 1 of 18
✓ 0 ✗ 0 🔥 0
Flashcards
10 cards — click to flip, arrow keys to navigate, space to flip.
1 / 10
Click card to flip · ← → arrows · Space to flip
Packet Tracer Labs
Hands-on device hardening, SSH, and troubleshooting scenarios.
Network Topologies
Reference diagrams for the architectures tested in CCNA.
3-Tier Enterprise Architecture
Spine-Leaf (Data Center)
Quick Reference
OSI Layers — Fast Reference
Layer 7 Application — Data — HTTP/HTTPS, DNS, FTP, SSH, Telnet, SMTP
Layer 6 Presentation — Data — SSL/TLS, JPEG, ASCII, encryption
Layer 5 Session — Data — NetBIOS, RPC
Layer 4 Transport — Segment — TCP (reliable), UDP (fast), port numbers
Layer 3 Network — Packet — IP, ICMP, OSPF, routing
Layer 2 Data Link — Frame — Ethernet, 802.1Q, ARP, STP, MAC addresses
Layer 1 Physical — Bit — Cables, fiber, hubs, voltage, PoE
TCP/IP: Application | Transport | Internet | Network Access
IPv4 Private Ranges (RFC 1918)
10.0.0.0/8 Class A 10.0.0.0 – 10.255.255.255
172.16.0.0/12 Class B 172.16.0.0 – 172.31.255.255
192.168.0.0/16 Class C 192.168.0.0 – 192.168.255.255
Special:
127.0.0.1 Loopback (localhost)
169.254.0.0/16 APIPA (no DHCP server found)
0.0.0.0 This host / default route
255.255.255.255 Limited broadcast
Port Numbers Quick Reference
20/21 FTP (data/control) 22 SSH 23 Telnet 25 SMTP
53 DNS (UDP/TCP) 67/68 DHCP 69 TFTP 80 HTTP
110 POP3 143 IMAP 161 SNMP 162 SNMP Trap
443 HTTPS 514 Syslog 830 NETCONF
Cloud Service Models
SaaS — You use the app only (Gmail, Salesforce, Webex)
PaaS — You manage app + data (Heroku, Azure App Service)
IaaS — You manage OS + app + data (AWS EC2, Azure VMs)
On-Prem = CapEx (buy hardware) Cloud = OpEx (pay monthly)
Elasticity = cloud scales on demand instantly
Topic Checklist
Mark each topic as you master it.