Cisco CCNA

CCNA certification prep: IP services

Paris Arau
September 11, 2020 by
Paris Arau

What percentage of the exam focuses on IP services?

In the blueprint of the CCNA exam, the “IP services” section covers only 10% of the exam topics. Together with the “Automation and Programmability” section, they represent the smallest sections of the exam.

Earn your CCNA, guaranteed!

Earn your CCNA, guaranteed!

Get live, expert CCNA training from anywhere. Enroll now to claim your Exam Pass Guarantee!

What topics are covered in this section of the exam?

At a very high level, the topics covered in this section are related to some non-critical features that can be enabled on networking devices, such as Network Address Translation (NAT), Network Time Protocol (NTP), Dynamic Host Control Protocol (DHCP), Simple Network Management Protocol (SNMP), syslog and Quality of Service (QoS). While these features are not critical (the network can work without them), they do enhance network operation by allowing network monitoring and traffic prioritization.

High-level overview of IP services topics

The upcoming paragraphs of this guide will go a little deeper on what one is expected to know for the IP connectivity section.

How to configure and verify NAT

One good chunk of the IP services section is about NAT. NAT, in conjunction with private addressing (covered by RFC1918) and Classless Interdomain Routing (CIDR), delayed the public IPv4 space depletion.

RFC1918 describes these private IPv4 address spaces:

  • Class A: -
  • Class B: -
  • Class C: -

NAT works by using a valid public IP address to represent the private IP address to the internet.

Although there are multiple types of NAT, the CCNA exam covers only the static NAT, which allows the usage of private IP addresses inside the company and still be able to communicate with hosts from the internet.

Key NAT terms:

  • Inside local: Easiest to remember, it is the private address of the host. Inside means it is inside the enterprise/company. Local is the address used by the host when the packet is in the local enterprise
  • Inside global: This is the public address. Inside means it is inside the enterprise/company. Global is the address used by the host when the packet is on the internet
  • Outside global: This represents the address of the host that is outside the enterprise. Most of the times, this is a public IP address
  • Outside local: Not used by source NAT, but rather by the destination NAT. This is the IP address of an outside host as it is seen by the inside hosts

A specific case of NAT is Port Address Translation (NAT Overload), which allows you to use a single inside global IP address for all the private IP addresses by translating also the port numbers.

Increased attention is required on which of the interfaces are designed as inside (using “ip nat inside”) or outside (using “ip nat outside”).

As for verifications, “show ip nat translations” and “show ip nat statistics” are your best friends.

How to configure and verify NTP

Not a complex feature at all, you just need to know how to configure and verify the NTP operation. You have two or three commands for configuration and two for verification. You must be familiar with reference clocks and stratum. The configuration of the NTP server falls outside of the CCNA exam.

Roles of DHCP, DNS and SNMP in network operations


Make sure you understand the messages DHCP client and server are exchanging during IP address allocation. It’s called DORA and stands for these DHCP messages:

  • Discover
  • Offer
  • Request
  • Acknowledgement

While they look abnormal, and IP addresses are valid and have a meaning during IP address allocation through DHCP.

When the DHCP client and the DHCP server are not in the same subnet, DHCP Relay is used and it has to be clear what needs to be configured and how the process is different from the situation where the client and server are in the same subnet.

It should also be clear what the mandatory attributes are that a DHCP server must send.


Domain Name System (DNS) is a feature that is taken as granted. It translates a name to an IP address. While the DNS server configuration is outside of the CCNA scope, you should know how to configure a DNS server on a networking device.


The device where SNMP is configured has a SNMP agent that has its own Management Information Base (MIB) that has variables, which are defined as object ID (OID).

You will need to know the protocol and ports used by SNMP and how SNMP is reading and writing variables on the device. You can do this by using SNMP Get and SNMP Set. Also, make sure you understand the difference between SNMP Traps and SNMP Informs and that you know the mechanisms that can help secure the SNMP traffic and what the benefits are of using SNMPv3 compared to SNMPv2c.

Overview of syslog features

The exam does not require you to know how to configure syslog, but you will need to know what the log message format is and what the log message severity levels are.

QoS concepts and implementation

This section introduces per-hop behaviors (PHBs) which are the QoS actions that a device can apply to a packet from the moment it enters the device until it exits the device.

Four characteristics of the network traffic are important:

  • Bandwidth: Speed of the link
  • Delay: One-way (until a packet reaches the destination) or round-trip (until the destination sends back a packet to the source) delay
  • Jitter: Variation in one-way delay between consecutive packets
  • Loss: Number of lost packets

Classification and marking

You should have clear understanding of what is:

  • Classification: The process of matching fields in a packet to take some QoS actions
  • Marking: Change to one or more packet header fields by setting a value in the header

For CCNA exam, you should know what tools are available to classify the traffic:

  • ACL
  • NBAR

With regards to the marking process, you should be aware that it can happen at:

  • IP header level by setting up the IP Precedence(IPP) or Differentiated Services Code Point (DSCP) fields
  • Ethernet 802.1Q header

Considering that DSCP values are something standard, you should be aware of several DSCP values: EF, AF and CS.


Queuing is just a mechanism that manages the device queue that holds the packets until it is their turn to exit the interface.

You should be familiar with the queuing systems: single queue or multiple queues.

While a single queue system is simple and is referred to as First-In-First-Out (FIFO), the system with multiple queues has prioritization that allows round-robin scheduling. For the CCNA exam, these two mechanisms are enough:

  • Class-Based Weighted Fair Queuing (CBWFQ): Guarantees a minimum amount of bandwidth to each queue
  • Low Latency Queuing (LLQ): One or more queues are treated as priority queues and the packets are served first from these queues — which, to avoid starvation of the other queues, are limited to a specific amount of traffic that can be placed in these priority queues

Shaping and policing

You should know that:

  • The policing measures the traffic rate over time and compares it with the configured policed rate
  • Policing allows short traffic burst
  • It most often is enabled on ingress
  • The shaping measures the traffic rate over time and compares it with the configured shaping rate
  • Shaping allows short traffic burst
  • Shapers are enabled on egress

Congestion avoidance

This section would make sense once you review the TCP windowing mechanisms and how dropped TCP packets affect the throughput. You should know what a tail drop is and how it influences the TCP window.

Remote access and file transfer (SSH, FTP/TFTP)

Understand the two TCP connections used by FTP:

  • Control connection: Used to exchange FTP commands
  • Data connection: Used to send/receive traffic

As well as how it differs from FTP over TLS and from TFTP.

In Cisco world, FTP and TFTP are used to upload IOS images to the devices and perform upgrades or to retrieve logs from the devices. It’s critical to know how an upgrade from FTP or TFTP can be done. This is not only for the CCNA exam, but most likely as an engineer, you will almost certainly be required to upgrade a network device.

When a device is managed remotely, multiple protocols can be used to access it, including Telnet or SSH. As Telnet is not considered secure, you will need to know how remote access using SSH is configured and how you can protect the device against password attacks.

Where should I focus my time studying?

While the topics from the IP services section can get very advanced, for the CCNA exam, you will only need a handful of the features. You will need to know common sense things like ports and some of the messages that are exchanged by a few of the protocols covered.


The IP services section is about non-critical features and during the exam, the questions are relatively easy. The expectancy is that you will identify the services based on the scenario given.

Earn your CCNA, guaranteed!

Earn your CCNA, guaranteed!

Get live, expert CCNA training from anywhere. Enroll now to claim your Exam Pass Guarantee!


Paris Arau
Paris Arau

Paris Arau is a network engineer with extensive knowledge of Cisco and Juniper routing and switching platforms. He is CCIE R&S and dual JNCIE(SP and ENT). With a strong service provider and enterprise background, he is working on a daily basis with cutting-edge technologies. He also writes about routing and switching technologies, cloud computing, virtualization at his personal blog,