CompTIA Network+ (N10-009)
Vendor-neutral networking fundamentals. Aligned to the current CompTIA N10-009 blueprint (released June 2024). Great as your first cert, as a friendly ramp before CCNA, or to satisfy the DoD 8570 IAT Level II compliance requirement for US federal / DoD IT roles.
Each topic page: TL;DR · mental model · topology · commands · verification · common mistakes · lab · cheat strip. Vendor-neutral concepts, with Cisco IOS examples where the vocabulary happens to overlap.
Mapped to the official CompTIA N10-009 blueprint.
CompTIA's N10-009 blueprint (current since June 2024) defines five weighted domains. Our library covers each one — the same buckets CompTIA grades you on.
| Official N10-009 domain | Topics |
|---|---|
| 1.0 Networking Concepts | 22 |
| 2.0 Network Implementation | 17 |
| 3.0 Network Operations | 16 |
| 4.0 Network Security | 15 |
| 5.0 Network Troubleshooting | 7 |
CompTIA®, Network+®, and N10-009 are trademarks of CompTIA. PacketMentor is independent and not affiliated with CompTIA. Weights are from the official N10-009 exam objectives.
1.0Networking Concepts
Network Topologies — Bus, Ring, Star, Mesh, Hybrid, Hub-and-Spoke
Every physical and logical topology CompTIA Network+ (N10-009) tests: bus, ring, star, mesh, hybrid, point-to-point, hub-and-spoke, three-tier, spine-leaf. Diagrams, trade-offs, real-world use.
Common Ports and Protocols — N10-009 Reference Table
Every port and protocol CompTIA Network+ (N10-009) expects you to memorize. Grouped by category with TCP/UDP, the encrypted alternative where one exists, and the one thing most students forget.
Cable Connector Types — Copper, Fiber, Coax
Every connector CompTIA Network+ (N10-009) shows in exam images: RJ45, RJ11, F-type, BNC, SC, LC, ST, MTRJ, MPO, LC-APC vs LC-UPC. What each pairs with and the one-line 'how to tell them apart' rule.
Twisted-Pair Cable Categories — Cat 5, 5e, 6, 6a, 7, 8
Every twisted-pair category CompTIA Network+ (N10-009) tests: max speed, max distance, PoE class, when to pick each. Plus the shielding letters (U/UTP, F/UTP, S/FTP) that trip up half the room.
OSI Model & TCP/IP
Two networking reference models compared side-by-side. The seven OSI layers, the four TCP/IP layers, and which one the real internet actually runs on (spoiler: not OSI).
TCP vs UDP
Two flavors of Layer 4 transport. TCP gives reliability and order at the cost of latency; UDP gives speed with no safety net. Covers the 3-way handshake, ports, when to use each, and the protocols that pick the wrong one.
IPv4 Addressing
32-bit addresses, dotted decimal, classful vs classless, private ranges, and the special addresses (loopback, broadcast, APIPA) you should never accidentally use for production hosts.
Subnetting
Definitive CCNA-level subnetting guide — magic-number method, VLSM, wildcard masks, enterprise IP plans, 8 worked practice problems, and the subnetting-at-the-speed-of-conversation drill.
Route Summarization
Why aggregating many specific routes into one shorter prefix shrinks route tables, speeds convergence, and limits the blast radius of a flapping link. Covers manual, OSPF, and EIGRP summarization.
IPv6 Basics
128-bit addresses, hex notation, the :: shortcut, address types (global, link-local, multicast), SLAAC, and why IPv6 is finally happening 25 years after it was supposed to.
IPv6 SLAAC & DHCPv6
Two ways an IPv6 host gets an address. SLAAC has hosts auto-generate from a router-advertised prefix. DHCPv6 mirrors IPv4 DHCP. Covers RA/RS messages, EUI-64, privacy addresses, and stateful vs stateless DHCPv6.
ARP — Address Resolution Protocol
How a host turns an IP address into the MAC address it needs to actually deliver a frame. Broadcast question, unicast answer, cached for hours. Also covers Gratuitous ARP, Proxy ARP, and the ARP spoofing attack.
DNS — Domain Name System
How www.example.com becomes an IP address. Covers the recursive query path (root → TLD → authoritative), record types (A, AAAA, CNAME, MX, PTR), TTL caching, and the most common DNS failure modes.
DHCP — Dynamic Host Configuration Protocol
Definitive CCNA-level DHCP guide — the DORA exchange step-by-step, packet anatomy, DHCP options table, lease renewal timing (T1/T2), Cisco IOS server + relay config, DHCPv6 brief, DHCP Snooping security, 8 worked scenarios, and the DHCP debug workflow.
DHCP Relay & IP Helper
How `ip helper-address` forwards DHCP DISCOVER broadcasts across Layer 3 boundaries so one DHCP server can serve many VLANs. Includes Option 82, the GIADDR field, and the relay troubleshooting flow.
TCP 3-Way Handshake
The three packets every TCP connection starts with — SYN, SYN-ACK, ACK. Covers sequence numbers, the half-open state, SYN floods, and why HTTPS connections feel slower than they should over high-latency links.
TCP Connection States
What every TCP socket goes through from CLOSED to ESTABLISHED to TIME_WAIT. Covers each state, why TIME_WAIT exists (and frustrates web servers), and how `netstat`/`ss` shows you what's really happening.
NAT & PAT
Definitive CCNA-level NAT guide — static NAT, dynamic NAT, PAT/overload, the four inside/outside terms, port forwarding, CGNAT, NAT64 brief, hairpin NAT, translation table limits, 8 worked scenarios, and the NAT debug workflow.
MTU & Fragmentation
Why packets get fragmented or dropped on links with smaller MTU than expected. Covers MTU vs MSS, the Don't-Fragment bit, ICMP 'Fragmentation Needed,' Path MTU Discovery, and why blocking ICMP breaks the internet.
Cabling & Media Standards
What's actually inside the cables and fiber you're plugging in — Cat5e/6/6A/8, single-mode vs multi-mode fiber, transceivers (SFP/SFP+/QSFP), distance and bandwidth limits, when to use what.
Power over Ethernet (PoE)
How a switch port also powers a phone, AP, or camera over the same Ethernet cable. PoE standards (802.3af / at / bt), power classes, detection sequence, budgets, and the troubleshooting questions you'll actually ask.
WAN Connection Types
The connection types you'll actually meet at branch sites — leased lines, Metro Ethernet, MPLS L3VPN, broadband (cable / DSL / FTTH), wireless (LTE/5G), and how SD-WAN ties them together.
2.0Network Implementation
Static Routing
Definitive CCNA-level static routing guide — next-hop vs exit-interface vs fully-specified, default routes, floating statics, summary routes, recursive lookup, IPv6 statics, AD reference, 8 worked scenarios, and the static-routing debug workflow.
Default Routing
The catch-all route every edge router needs. Covers static defaults, dynamic defaults (originated by OSPF/EIGRP/BGP), gateway of last resort, and the difference between a default and a summary route.
Routing Decision Process
How a router actually decides where to forward a packet. Longest prefix match, administrative distance, and metric — in that order. Covers why a /30 static beats a /16 OSPF even though OSPF is the better protocol.
OSPF Single-Area
Definitive CCNA-level OSPF guide — link-state mental model, seven neighbor states, LSA types, DR/BDR election, cost tuning, authentication, route summarization, common debug patterns, and 8 worked scenarios.
VLANs
Definitive CCNA-level VLAN guide — broadcast domains, access vs trunk ports, 802.1Q tagging, native VLAN, voice VLANs, VTP, VLAN design, the 6-step trunk debug, security pitfalls, and 7 worked exam scenarios.
Trunks & 802.1Q Tagging
How switches carry multiple VLANs over a single link using 802.1Q tags. Includes DTP behavior, native VLAN gotchas, and the allowed-VLAN list.
Inter-VLAN Routing
How devices in different VLANs talk to each other. Covers router-on-a-stick (with sub-interfaces), Layer-3 switch SVIs, and when to pick each.
Spanning Tree Protocol (STP)
Definitive CCNA-level STP guide — why loops are catastrophic, bridge ID + priority election, three port roles, five port states, BPDU anatomy, PortFast + BPDU Guard + Root Guard + Loop Guard, RSTP convergence, MSTP overview, and 8 worked scenarios.
Rapid STP & MSTP
Why classic 802.1D STP's 50-second convergence is unacceptable in 2026, and how RSTP and MSTP fix it — port roles, port states, sync mechanism, MST regions and instances.
EtherChannel (Link Aggregation)
Bundle multiple physical links between two switches into one logical Port-Channel — more bandwidth, instant failover, and STP sees it as a single link. Covers LACP, PAgP, static, and load-balancing methods.
Switching Operation
How a switch actually decides where to forward each frame. Covers source-MAC learning, destination-MAC lookup, the three outcomes (forward / flood / drop), and store-and-forward vs cut-through.
Wireless LAN Basics
Definitive CCNA-level Wi-Fi fundamentals — SSID / BSS / ESS / BSSID terminology, autonomous vs lightweight APs, CAPWAP tunnel anatomy, WLC discovery (DHCP option 43 + DNS), Wi-Fi standards generations, security (WPA / WPA2 / WPA3), roaming, and 7 worked scenarios.
Wireless RF Fundamentals
How Wi-Fi actually moves bits through the air — channels, bands, SNR, RSSI, free-space path loss, antenna patterns, and why your laptop disconnects in the conference room corner.
Wi-Fi 6, 6E, and 7 Features
What changed in 802.11ax (Wi-Fi 6), 6 GHz extension (6E), and 802.11be (Wi-Fi 7) — OFDMA, MU-MIMO, target wake time, 6 GHz spectrum, MLO, and what each one actually means for users.
WLAN Architectures — Autonomous, Centralized (WLC), Cloud, Embedded
Definitive CCNA-level WLAN architecture guide — autonomous vs centralized vs cloud-managed vs embedded WLC, split-MAC duty division, CAPWAP tunnel, AP modes (Local / FlexConnect / Bridge), WLC discovery, redundancy / N+1 / SSO, when each architecture fits.
Access Point Operating Modes
Cisco AP modes explained — Local, FlexConnect, Bridge / Mesh, Monitor, Sniffer, SE-Connect, Rogue Detector. When each is the right choice in real enterprise Wi-Fi deployments.
Wi-Fi Security — WEP, WPA, WPA2, WPA3
Twenty-five years of wireless security in one page. Why WEP is broken, why WPA is a stop-gap, why WPA2 ruled for two decades, and what WPA3 actually fixes.
3.0Network Operations
Business Continuity Metrics — RPO, RTO, MTBF, MTTR + Site Types
The four continuity metrics on CompTIA Network+ (N10-009) — RPO, RTO, MTBF, MTTR — plus cold/warm/hot site types and how a real change/incident/DR runbook uses them.
SNMP — Simple Network Management Protocol
How monitoring systems pull metrics and receive alerts from network devices. Covers SNMPv1/v2c/v3, community strings, traps vs informs, MIB / OID navigation, and why SNMPv3 is the only one acceptable in 2026.
Syslog
Send every device's log messages to a central server. Covers severity levels (0-7), facilities, message format, where to send logs (local buffer / console / monitor / server), and the eternal question of how much logging is too much.
NTP — Network Time Protocol
How every device on the network ends up with the same clock. Covers stratum hierarchy, client and server config, authentication, and why broken NTP makes log correlation a nightmare.
NTP Authentication & Security
How to harden NTP — authentication keys, peer/client/server roles done right, ACL restrictions, and why a bad clock breaks Kerberos, TLS, logs, and forensics.
NetFlow & Flow-Based Monitoring
How NetFlow / IPFIX / sFlow turn raw traffic into queryable records — flow definition, exports, collectors, and the operational use cases (capacity, security, billing) that SNMP can't answer.
SPAN, RSPAN & ERSPAN — Port Mirroring
How to copy traffic from one switch port to another for analysis. Covers local SPAN, RSPAN across switches via VLAN, ERSPAN over GRE for remote sites, and when each one is the right call.
Cisco DNA Center / Catalyst Center
Cisco's centralized network controller for enterprise campus + branch. What it does (assurance, automation, SD-Access), how it sits relative to traditional CLI, and what a CCNA candidate needs to recognize.
SDN & Controller-Based Networking
Software-Defined Networking explained. Why control plane and data plane were separated, what a network controller actually does, and where Cisco DNA Center, ACI, and Meraki fit in the landscape.
Network Virtualization & Containers
Hypervisors, virtual machines, virtual switches, containers, container networking — how server virtualization changed networking and what a CCNA candidate must understand.
Ansible for Network Engineers
Push configuration to dozens of Cisco devices from one YAML playbook. Covers inventory, modules, idempotency, and why Ansible became the default automation tool for network teams who don't want to write a custom Python script for every change.
Python for Network Engineers
Why Python is the de-facto language for network automation, plus the four libraries you'll actually use — Netmiko (SSH), NAPALM (vendor-agnostic), Nornir (parallel runner), and requests (REST APIs).
REST APIs for Network Engineers
Modern Cisco devices expose REST APIs so you can configure them with HTTP requests and JSON instead of SSH and screen-scraping. Covers verbs (GET/POST/PUT/DELETE), authentication, data formats, and where REST fits in network automation.
JSON, YAML & XML for Network Engineers
The three data formats you'll meet doing network automation. JSON for APIs, YAML for configs/playbooks, XML for legacy and NETCONF. Same data, three syntaxes, different ergonomics.
NETCONF & YANG
The structured-data alternative to SSH-and-screen-scrape. Covers how NETCONF moves XML configs over SSH, what YANG models are, and where they fit alongside REST APIs in modern network automation.
gRPC & gNMI — Streaming Telemetry
The modern alternative to SNMP polling. Devices stream structured data continuously to a collector over gRPC. Covers gNMI for config and monitoring, why streaming beats polling, and what's replacing SNMP in real networks.
4.0Network Security
Common Network Attacks — On-Path, DNS Poisoning, DDoS, Deauth
Every attack CompTIA Network+ (N10-009) tests by name: on-path (MITM), DNS poisoning, ARP spoofing, DHCP starvation, MAC flooding, DDoS (volumetric, protocol, application), deauth, evil twin, rogue AP, VLAN hopping.
Cybersecurity Threats & Mitigation
The threat landscape every network engineer must recognize — phishing, ransomware, MITM, DDoS, supply-chain attacks, insider threats — and the mitigation controls that actually move the needle.
Encryption Fundamentals
The cryptography networking engineers must understand — symmetric vs asymmetric, hashing, digital signatures, certificates, and where each is used in IPsec, TLS, SSH, and 802.1X.
AAA · RADIUS & TACACS+
Authentication, Authorization, Accounting — centralize who can log in, what they can do, and what they did. Covers RADIUS vs TACACS+, method lists, and why every network with more than 5 devices uses centralized auth.
Access Control Lists (ACLs)
Definitive CCNA-level ACL guide — first-match-wins, implicit deny, wildcard masks, standard vs extended vs named, direction (in vs out), the established keyword, time-based ACLs, named-ACL editing, 9 worked scenarios, and the ACL debug workflow.
Port Security
Lock a switch port to a specific MAC address (or addresses). Covers static, dynamic, and sticky learning, violation modes (protect / restrict / shutdown), and the err-disable recovery dance.
DHCP Snooping
Switch security feature that blocks rogue DHCP servers. Trusts one port (where the real server lives) and drops DHCP server messages from any other port. Foundation for Dynamic ARP Inspection too.
Dynamic ARP Inspection (DAI)
The Layer-2 security feature that kills ARP spoofing dead. Validates every ARP packet against the DHCP Snooping binding table — bogus replies get dropped, trust your gateway again.
IP Source Guard (IPSG)
The fourth Layer-2 security feature. Validates the source IP of every IP packet against the DHCP Snooping binding table — blocking IP spoofing attacks at the access port.
802.1X — Port-Based Network Access Control
Lock every switch port until the connected device proves identity. Covers the supplicant / authenticator / auth server roles, EAPOL on the wire, and how 802.1X plugs into RADIUS for enterprise Wi-Fi and wired auth.
BPDU Guard & Root Guard
Two Spanning Tree security features that protect your STP topology from misconfiguration and rogue switches. BPDU Guard locks user-facing ports; Root Guard pins the root bridge so a misplaced switch can't hijack it.
VPN Basics — IPsec & SSL
How two separated networks (or one user and a network) can talk privately over the public internet. Covers site-to-site IPsec, remote-access SSL/TLS VPNs, IKE phases, and what 'tunnel' actually means.
GRE Tunnels
How to make two distant routers feel directly connected by wrapping IP inside IP. Covers tunnel interface config, MTU caveats, why GRE itself isn't encrypted, and the standard 'GRE over IPsec' combination.
Cisco AnyConnect / Remote Access VPN
How a remote user's laptop gets put 'on the corporate LAN' over the internet. Covers AnyConnect client, SSL/TLS vs IKEv2, split tunneling, authentication options, and where it fits alongside ZTNA in 2026.
Cisco ISE Basics
Cisco Identity Services Engine — the RADIUS/TACACS+ + posture + profiling brain behind enterprise wired/wireless network access. What ISE does, where it sits, and the deployment model behind 802.1X-everywhere.
5.0Network Troubleshooting
Network Troubleshooting Methodology
How seasoned engineers actually approach unknown problems — OSI bottom-up vs top-down vs divide-and-conquer, the questions that come before commands, and the seven-step Cisco methodology.
Catalyst Boot Process
What happens between powering on a Cisco device and the prompt appearing. Covers POST, ROMMON, IOS image selection, config register, boot variables, and password recovery.
Password Recovery & Configuration Register
How to recover access to a Cisco router or switch when you've lost the enable password. Covers the configuration register, ROMMON, the standard CCNA recovery procedure, and the security implications of physical access.
CDP & LLDP — Neighbor Discovery
How devices learn about their directly-connected neighbors. CDP is Cisco-proprietary; LLDP is the vendor-neutral standard. Both shout the same info: who I am, what model, what IOS, what port — invaluable for troubleshooting.
FHRP — HSRP, VRRP & GLBP
First-hop redundancy protocols. How two routers share one virtual IP so hosts don't notice when their default gateway fails. Covers HSRP states, election, preemption, and the GLBP load-balancing twist.
HSRP vs VRRP vs GLBP — FHRP Compared
Side-by-side of the three First Hop Redundancy Protocols on Cisco gear. When HSRP wins, why VRRP is the open standard, how GLBP load-balances across multiple actives, and which to pick in 2026.
QoS Basics
How routers and switches handle congestion — classifying packets, marking them with DSCP, queueing by priority, and shaping/policing traffic. Why VoIP and video deserve special treatment over file downloads.
CCNA — the Cisco vendor cert US private-sector employers actually filter for.
Network+ opens DoD 8570 gates. CCNA opens Cisco partner + private-sector networking roles. Most learners who go both ways start with Network+ and add CCNA within a year.
Open CCNA library →Read the honest comparison.
Employers that specifically want Network+ (DoD, federal, universities) vs employers that specifically want CCNA (Cisco partners, banks, ISPs). Salary bands. Suggested order.
CCNA vs Network+ blog →