Documentation
Securedy Labs — Network Design & Simulation
Build, simulate, and learn networking — powered by AI and a CCNA-quality CLI.
Getting Started
Securedy Labs is a browser-based network topology designer and simulator. Describe a network in plain English, the AI builds it on the canvas, then open a real CLI terminal on any device.
Quick start — 3 steps
- 1. Sign in and create a new project from the home screen.
- 2. Type a prompt like
Build a small office network with a firewall, router, switch, and 5 workstationsand press Enter. - 3. Click any device on the canvas → Open Terminal to launch the CLI.
What gets simulated
Router
Cisco IOS 15.7 — routing table, OSPF, BGP, ARP
Switch
Cisco IOS 15.2 — VLANs, STP, MAC table, CDP
Firewall
Cisco ASA 9.16 — interfaces, ACLs, NAT, connections
Server
Linux — ip addr, ss, netstat, nslookup
Workstation
Linux shell — basic networking commands
Cloud / ISP
BGP edge router with ISP hops in traceroute
Access Point
Cisco IOS AP — dot11 associations, BVI, WPA2 config
Load Balancer
HAProxy — backend health, active connections
WLC
Cisco WLC — CAPWAP tunnels, AP/client management, WLAN profiles
Canvas
The canvas is the main workspace. Devices are nodes, links are edges.
Adding devices
In Architect mode, a vertical palette sits on the left edge. Click any icon to drop a device at a default position, or drag to place precisely.
Connecting devices
Hover a device until the connection handles appear (small circles on the edges), then drag from one handle to another device. Duplicate links are rejected automatically.
Selecting and deleting
Click the Select icon in the bottom-left controls to enter rubber-band selection. Draw a box over multiple nodes, then press Delete or Backspace to remove them and their links. Click Pan to return to normal navigation.
Editing a device
Click any device to open the Device Inspector on the right. In Architect mode you can edit the label and IP address, delete the device, or open the CLI terminal via the Open Terminal button.
Modes
Architect
Default mode. The AI builds and modifies the topology from your prompts. Manual editing is fully enabled. Three sub-modes control how AI changes land:
CommandDescription
Auto
AI changes apply immediately to the canvas
Confirm
A diff preview appears — approve or discard before anything changes
Plan
AI explains what it would do in plain English before executing
Learn
The AI acts as a network instructor. Ask questions about any device or concept — it answers in the context of your specific topology. Each device shows a Learning Note with OSI-layer context. The device palette and edit controls are hidden in this mode.
AI Chat
Type any network design or learning request into the prompt bar and press Enter.
$ Build a small office network with a firewall, core switch, two access switches, and 10 workstations. Use 192.168.10.0/24 for the LAN. $ Add a DMZ with a web server behind the firewall. $ Replace the core switch with two redundant switches using LACP. $ Explain what OSPF is doing in this topology. $ What would happen if the firewall went down?
Terminal — General
Click any device → Open Terminal. The panel slides up from the bottom of the canvas. Switching to a different device opens a fresh session.
CommandDescription
ping <ip>
4 ICMP packets with animated output and RTT min/avg/max. Uses BFS path through topology.
traceroute <ip>
Hop-by-hop path derived from topology graph. Cloud nodes add synthetic ISP hops.
show clock
Current UTC time in Cisco IOS format.
show version
OS version, uptime, memory, and hardware for the device type.
help
List all commands for this device type.
clear
Clear all terminal output.
exit
Close the terminal panel.
↑ / ↓
Navigate command history (last 50 commands).
Escape
Close the terminal.
Configure Mode
Routers (and firewalls) support a full Cisco IOS configuration mode. Changes persist in the topology and immediately update show command output — just like a real device.
Entering and exiting
CommandDescription
configure terminal
Enter global configuration mode. Prompt changes to hostname(config)#
conf t
Short form of configure terminal
end
Exit from any configuration mode back to privileged (hostname#)
Ctrl+Z
Same as end — immediately returns to privileged mode
exit
In (config)#: return to privileged. In (config-if)#: return to (config)#
The prompt changes to reflect the current mode:
hostname# → privileged, hostname(config)# → global config, hostname(config-if)# → interface config, hostname(config-line)# → line config (console / VTY).Static routes — ip route
Add or remove static routes from global configuration mode. Routes appear immediately in show ip route as S entries and in show running-config.
CommandDescription
ip route <prefix> <mask> <next-hop>
Add a static route. Example: ip route 10.10.10.0 255.255.255.0 192.168.1.1
ip route <prefix> <mask> <next-hop> <ad>
Add with custom administrative distance.
no ip route <prefix> <mask>
Remove all static routes matching prefix and mask
no ip route <prefix> <mask> <next-hop>
Remove a specific route by prefix, mask, and next-hop
hostname <name>
Set the router hostname (updates canvas label)
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip route 10.10.10.0 255.255.255.0 192.168.1.1 Router(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.1 1 Router(config)# end Router# show ip route S 10.10.10.0/24 [1/0] via 192.168.1.1 S* 0.0.0.0/0 [1/0] via 10.0.0.1
Routing protocols
CommandDescription
router ospf <proc>
Enter OSPF process config. Use 'network' to advertise subnets, 'router-id' to set ID.
router eigrp <AS>
Enter EIGRP AS config. Acknowledges the command; used with 'show ip eigrp neighbors'.
router rip version 2
Enter RIPv2 config. Acknowledges the command; used with 'show ip rip database'.
router bgp <AS>
Enter BGP AS config.
High availability — HSRP / VRRP
CommandDescription
standby <grp> ip <vip>
Set HSRP group virtual IP on an interface. Example: standby 0 ip 10.0.0.254
standby priority <val>
Set HSRP priority (default 100). Higher value wins Active role.
standby preempt
Allow this router to reclaim Active when it recovers from failure.
IPv6
CommandDescription
ipv6 unicast-routing
Enable IPv6 routing globally.
ipv6 address <addr/prefix>
Assign an IPv6 address to the current interface. Example: ipv6 address 2001:db8::1/64
EtherChannel
CommandDescription
channel-group <id> mode active
Add interface to EtherChannel in LACP active mode.
channel-group <id> mode desirable
Add interface to EtherChannel in PAgP desirable mode.
Management services
CommandDescription
ntp server <ip>
Configure an NTP server. Reflected in 'show ntp status'.
logging <ip>
Send syslog to an external collector.
snmp-server community <str> RO
Add a read-only SNMP community string.
snmp-server community <str> RW
Add a read-write SNMP community string.
snmp-server host <ip> <community>
Configure an SNMP trap destination.
ip dhcp pool <name>
Create a DHCP address pool.
Interface configuration
Enter interface config mode to assign IP addresses, set descriptions, and control administrative state. Changes reflect in show ip interface brief.
CommandDescription
interface <name>
Enter interface config mode. Accepts full name or abbreviation — e.g. GigabitEthernet0/0 or Gi0/0
ip address <ip> <mask>
Assign an IP address to the interface
no ip address
Remove the configured IP address
no shutdown
Bring the interface up (administratively enabled)
shutdown
Bring the interface down (administratively disabled)
description <text>
Set a human-readable description for the interface
clock rate <bps>
Set clocking speed on a Serial DCE interface. Required on the DCE end for WAN links. Example: clock rate 64000
no clock rate
Remove the clock rate setting from the interface
Interface name abbreviations
GiGigabitEthernet
FaFastEthernet
TeTenGigabitEthernet
SeSerial
LoLoopback
TuTunnel
VlVlan
Router(config)# interface GigabitEthernet0/1 Router(config-if)# ip address 192.168.1.1 255.255.255.0 Router(config-if)# no shutdown %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up Router(config-if)# description WAN uplink to ISP Router(config-if)# end Router# show ip interface brief GigabitEthernet0/1 192.168.1.1 YES NVRAM up up
Device Hardening
IOS hardening commands are available in global configuration mode on routers. All settings persist in the topology and appear in show running-config.
Enable password & secret
enable secret uses an MD5 hash and takes precedence over enable passwordwhenever both are set. Always prefer enable secret on real devices.
CommandDescription
enable password <pw>
Set a plain-text enable password. Shown as cleartext in running-config unless service password-encryption is on.
enable secret <pw>
Set a type-5 (MD5) enable secret. Displayed as a hash in running-config. Takes precedence over enable password.
no enable password
Remove the enable password.
no enable secret
Remove the enable secret.
Password encryption
CommandDescription
service password-encryption
Encrypt all plaintext passwords in running-config using a weak reversible type-7 cipher. Applies to enable password and VTY/console passwords.
no service password-encryption
Disable type-7 encryption. Passwords already encrypted are NOT decrypted automatically.
Line passwords — console & VTY
Use line console 0 to secure direct console access and line vty 0 4 (or 0 15) to secure SSH/Telnet sessions. The prompt changes to hostname(config-line)#.
CommandDescription
line console 0
Enter line config mode for the physical console port.
line vty 0 4
Enter line config mode for virtual terminal lines 0–4 (5 simultaneous sessions).
line vty 0 15
Virtual terminal lines 0–15 (16 simultaneous sessions).
password <pw>
Set the login password for this line.
login
Require password authentication when connecting to this line.
no login
Allow connection without a password (not recommended).
transport input ssh telnet
Permit SSH and Telnet on VTY lines. Shown automatically in running-config.
IOS hardening precedence
If both
If both
enable password and enable secret are set, IOS ignores enable password entirely — enable secret always wins. Use service password-encryption to obfuscate type-7 passwords, but know it is reversible. For strong security only enable secret provides a one-way hash.Full hardening example
Router# configure terminal Router(config)# enable secret MySecret1 Router(config)# service password-encryption Router(config)# line console 0 Router(config-line)# password ConsolePw Router(config-line)# login Router(config-line)# exit Router(config)# line vty 0 4 Router(config-line)# password VtyPw Router(config-line)# login Router(config-line)# end Router# show running-config ... service password-encryption enable secret 5 $1$mERr$hashed... ... line console 0 password 7 04435B0A16 login line vty 0 4 password 7 05120D0B04 login transport input ssh telnet
Router — Cisco IOS 15.7
Simulates a CISCO2911/K9. Routing tables, neighbors, and ARP are derived from the topology graph. All show commands below are available on any router device.
Interfaces & routing
CommandDescription
show ip interface brief
Interface summary — name, IP, OK, method, status, protocol.
show ip route
Routing table — C, S, S* (default), O (OSPF), B (BGP), D (EIGRP), R (RIP). Routes added via conf t appear instantly.
show ip protocols
Active routing protocols — OSPF area, EIGRP AS, metric weights, and route sources.
show ip ospf neighbor
OSPF neighbor table — neighbor ID, priority, state (FULL/DR), dead timer, address, interface.
show ip bgp summary
BGP peer summary — local AS, router ID, per-peer message and prefix counts.
show ip eigrp neighbors
EIGRP neighbor table — address, interface, hold time, uptime, SRTT, RTO, sequence.
show ip eigrp topology
EIGRP topology table — passive/active prefixes, successors, FD per prefix.
show ip rip database
RIPv2 database — directly connected and learned routes with metric and next-hop.
show arp
ARP cache — IP-to-MAC for directly connected neighbors.
show ip dhcp binding
DHCP binding table — assigned IPs, client MACs, lease expiration, type.
show ip dhcp pool
DHCP pool config — network, default router, DNS server, lease time.
show running-config
Full IOS config — hostname, interfaces, OSPF, static routes, logging, line config.
High availability
CommandDescription
show standby
HSRP status — group, priority, state (Active/Standby), active/standby IP, virtual IP.
show vrrp
VRRP group — state (Master/Backup), virtual IP, virtual MAC, advertisement interval, priority.
show glbp
GLBP group — AVG/AVF roles, virtual IP, forwarder MAC, active/standby routers.
IPv6
CommandDescription
show ipv6 interface brief
IPv6 interface summary — link-local (EUI-64 from MAC), status/protocol per interface.
show ipv6 route
IPv6 routing table — L (local), C (connected), S (static default).
Security & tunnels
CommandDescription
show crypto isakmp sa
IPsec Phase 1 — IKE SAs between this router and connected router neighbors. State QM_IDLE when up.
show crypto ipsec sa
IPsec Phase 2 — ESP SAs, SPI, encap/decap packet counts per peer.
show interface Tunnel0
GRE tunnel to cloud neighbor — source, destination, encapsulation, MTU.
show ssh
Active SSH sessions — connection ID, version, mode, encryption, state, username.
WAN
CommandDescription
show interface Serial0/0
Serial interface — PPP/HDLC encapsulation, LCP state, NCP open protocols.
show pppoe session
PPPoE sessions — session ID, remote MAC, port, virtual interface, state.
show mpls forwarding-table
MPLS label forwarding table — local/outgoing labels, prefix, bytes switched, egress interface.
show mpls ldp neighbor
LDP neighbor — peer identity, TCP connection state, uptime, discovery source.
show sdwan control connections
SD-WAN control plane — vSmart/vBond peer state and uptime.
Management
CommandDescription
show ntp status
NTP sync state — stratum, reference server, clock offset, root delay, loop filter.
show clock
Current UTC clock. Displays NTP as time source when configured.
show ntp associations
NTP peer table — reference clock, stratum, poll interval, reach, delay, offset, jitter.
show snmp
SNMP system info — chassis, contact, location, packet counters, community strings.
show logging
Syslog buffer — enabled state, facility, last 3 log entries with timestamps.
show netconf-yang sessions
Active NETCONF sessions — session ID, transport, username, source host, login time.
show restconf
RESTCONF status — enabled state, HTTPS port, active connections.
configure terminal
Enter global configuration mode. See Configure Mode section.
Route codes
CConnected
SStatic
S*Default route
OOSPF
BBGP
DEIGRP
RRIP
Switch — Cisco IOS 15.2
Simulates a WS-C3750E. VLAN tables, MAC tables, STP state, CDP/LLDP neighbors, and security bindings are derived from the topology.
VLANs & interfaces
CommandDescription
show ip interface brief
Physical interfaces (unassigned) + SVI interfaces. First VLAN SVI gets device IP.
show vlan brief
VLAN table — ID, name, status, ports. Includes reserved VLANs 1002–1005 as act/unsup.
show interfaces status
Per-port table — status (connected/notconnect), VLAN, duplex, speed, type.
show interfaces trunk
Trunk ports — mode, 802.1Q encapsulation, status, native VLAN, allowed VLANs.
show mac address-table
MAC table — VLAN, MAC address, type (DYNAMIC), port for each topology neighbor.
Spanning tree
CommandDescription
show spanning-tree
PVST+/RSTP state per VLAN — root election, bridge ID, timers, per-port role/state/cost.
Discovery protocols
CommandDescription
show cdp neighbors
CDP table — device ID, local interface, holdtime, capability, platform, remote port.
show lldp neighbors
LLDP brief table — device ID, local interface, hold time, capability, port ID.
show lldp neighbors detail
LLDP full detail — chassis ID, system name, description, management address.
EtherChannel
CommandDescription
show etherchannel summary
Port-channel — group, protocol (LACP/PAgP), bundled ports with flags (P=bundled, D=down).
show pagp neighbor
PAgP neighbor table — partner name, device ID, port, age, flags, capabilities.
Security
CommandDescription
show port-security
Port security summary — max addresses, current count, violation count, action (Shutdown).
show ip dhcp snooping
DHCP snooping status — enabled VLANs, option 82 settings, trusted/untrusted interfaces.
show ip dhcp snooping binding
DHCP snooping binding table — MAC, IP, lease time, type, VLAN, interface.
show ip arp inspection
DAI per-VLAN stats — forwarded and dropped ARP packets.
show ip arp inspection statistics
DAI statistics — SMAC/TMAC failure counts per VLAN.
show ip verify source
IP Source Guard bindings — interface, filter type (ip-mac), mode, IP, MAC, VLAN.
Management & PoE
CommandDescription
show snmp
SNMP system info — chassis, contact, location, community strings.
show logging
Syslog buffer — enabled state and recent log entries including STP topology changes.
show power inline
PoE status — available/used/remaining watts, per-port admin/oper state, connected device class.
show running-config
Full switch config — VLANs, trunk/access ports, SVIs, spanning-tree mode, port security.
STP port roles
CommandDescription
Desg FWD
Designated Forwarding — active, forwarding frames
Root FWD
Root Forwarding — best path toward root bridge
Altn BLK
Alternate Blocking — loop prevention, discarding
Firewall — Cisco ASA 9.16
Interfaces mapped to outside / inside / DMZ zones. ACLs and NAT entries are derived from server neighbors in the topology.
Interfaces & traffic
CommandDescription
show interface
Per-interface block — nameif, security level, IP, MAC, BW, traffic stats.
show access-list
ACL entries with hit counts — OUTSIDE_IN permits HTTP/HTTPS to servers, denies all else.
show nat translations
NAT table — inside global, inside local, outside local, outside global.
show conn
Active TCP/UDP connection table — source, destination, state.
show route
ASA routing table — connected, static, and OSPF routes.
AAA & authentication
CommandDescription
show aaa servers
AAA server groups — RADIUS and TACACS+ servers with timeout and retry settings.
show aaa sessions
Active AAA sessions — username, source IP, auth type, server used, session duration.
show radius server-group all
RADIUS server statistics — requests, accepts, rejects, timeouts, server state.
show tacacs
TACACS+ statistics — opens, closes, aborts, errors, packets in/out, server state.
show ssh
Active SSH sessions — connection ID, source IP, username, session duration.
show logging
Syslog buffer — enabled state, facility, trap level, recent log entries.
show ip dhcp snooping
DHCP snooping status — trusted interfaces for DHCP reply forwarding.
show running-config
Full ASA config — interfaces, nameif, security-level, ACLs, NAT, logging.
Security levels
CommandDescription
inside — 100
Fully trusted. Outbound flows freely. Inbound must be explicitly permitted.
dmz — 50
Semi-trusted. Accessible from inside. Traffic to inside must be permitted.
outside — 0
Untrusted. All inbound denied unless explicitly permitted by ACL.
Server & Workstation — Linux
Prompt style: hostname:~$. Workstations have fewer open ports than servers.
Networking
CommandDescription
ip addr show
Interfaces — loopback, primary NIC with IP/CIDR/broadcast, MAC, IPv6 link-local.
ip route
Default route via gateway and connected subnet.
ifconfig
BSD-style interface summary — inet, netmask, broadcast, ether.
ss -tulpn
Listening sockets. Servers: 22, 80, 443, 3306, 53. Workstations: 22 only.
netstat -rn
Kernel routing table in numeric format.
nslookup <domain>
DNS lookup. Known domains resolve correctly. Unknown domains get a deterministic IP.
cat /etc/resolv.conf
DNS config — nameservers 8.8.8.8 and 1.1.1.1, search domain corp.local.
Application layer protocols
CommandDescription
ftp <host>
Connect via FTP — shows vsFTPd 3.0 banner, anonymous login, binary mode.
tftp <host>
Connect via TFTP on port 69.
telnet <host> 25
SMTP banner — Postfix 220, EHLO handshake, STARTTLS, AUTH methods.
telnet <host> 110
POP3 banner — Dovecot +OK ready response.
telnet <host> 143
IMAP banner — Dovecot IMAP4rev1 ready.
telnet <host> 80
HTTP — shows nginx 200 OK response with headers.
Management
CommandDescription
ntpdate <server>
Synchronize clock with NTP server — shows step time and offset.
ntpq
NTP peer table — reference clock, stratum, poll, reach, delay, offset, jitter.
snmpwalk <host>
Walk SNMP OIDs — sysDescr, sysUpTime, sysContact, sysLocation.
snmpget <host>
Get a specific SNMP OID value.
logger <message>
Send a message to syslog.
journalctl
View systemd journal — SSH logins, kernel events, service starts.
whoami
root (server) or user (workstation).
hostname
Device hostname derived from label.
uname -a
Linux kernel version string.
Cloud / Internet
Represents an ISP or internet uplink. Runs BGP. Traceroute injects 2 synthetic ISP hops (198.51.100.x) before internal devices.
CommandDescription
show ip bgp
Full BGP RIB — default route originated locally + prefixes from connected routers.
show ip bgp summary
BGP peer summary — router ID, local AS, per-peer message and prefix counts.
traceroute <ip>
Adds 2 synthetic ISP hops before topology path for realism.
Access Point
Cisco IOS lightweight AP. SSIDs: CORP_WIFI and CORP_WIFI_5G. Connected workstation neighbors appear as wireless clients.
CommandDescription
show dot11 associations
Client table — MAC, age, signal strength (dBm), IP, SSID for each connected workstation.
show interface BVI1
Bridge Virtual Interface — IP, MAC, MTU, BW, DHCP helper.
show running-config
Full AP config — dot11 SSIDs, WPA2 keys, radio interfaces, bridge groups.
Load Balancer
HAProxy-style interface. Backend health reflects topology — devices marked broken show as DOWN.
CommandDescription
show server-pool status
Backend health — per-server UP/DOWN with last check time. Broken = DOWN (timeout).
show connections
Active session count, total requests, bytes in/out, frontend status.
show running-config
Full HAProxy config — global, defaults, frontend, http_back, api_back, stats.
WLC — Cisco Wireless LAN Controller
Wireless LAN Controllers centrally manage Access Points over CAPWAP tunnels. Add a WLC from the canvas palette and connect it to Access Point devices — CAPWAP tunnels, AP registrations, and client tables are all derived from the topology.
CommandDescription
show wlan summary
WLAN profiles — ID, profile name, SSID, status, security type (WPA2-Enterprise / WPA2-Personal).
show ap summary
Registered APs — name, model, Ethernet MAC, IP, state (Registered), client count.
show client summary
All wireless clients — MAC, IP, associated AP, WLAN ID, state (Assoc), protocol (802.11ac).
show capwap tunnel
CAPWAP tunnel state — AP name, AP IP, WLC IP, control/data channel state (UP), uptime.
show interface summary
WLC interfaces — management and AP-manager with IP, type, VLAN, AP-manager flag.
show mobility summary
Mobility domain — protocol port, security mode, domain name, member list.
show license
License type (Base), AP count licensed vs. in use, authorization status.
CAPWAP vs. autonomous APs
In this simulation, Access Points connected to a WLC operate in Lightweight mode — the AP forwards all traffic to the WLC for processing. The WLC owns SSID profiles, security keys, and client authentication. APs not connected to a WLC operate in autonomous mode with their own local config.
In this simulation, Access Points connected to a WLC operate in Lightweight mode — the AP forwards all traffic to the WLC for processing. The WLC owns SSID profiles, security keys, and client authentication. APs not connected to a WLC operate in autonomous mode with their own local config.
Keyboard Shortcuts
CommandDescription
Delete / Backspace
Delete selected node(s) or edge(s) on the canvas
Shift + click
Add to current selection (multi-select)
Click empty area
Deselect all
↑ / ↓ in terminal
Cycle command history (last 50 commands)
Ctrl+Z in terminal
Exit from any configure mode back to privileged prompt
Escape in terminal
Close the terminal panel
Enter in edit field
Save label or IP address edit
Escape in edit field
Cancel the edit
Challenges
Challenges present a broken network topology and ask you to diagnose the fault. Open the terminal on affected devices, run show commands to investigate, and submit your answer.
Challenges are available from the Challenges page. Each challenge has a difficulty rating (Easy / Medium / Hard) and a symptom description. Use the terminal to find which device is misconfigured and why.
Available challenges
CommandDescription
Silent VLAN (Easy)
Inter-VLAN routing fails. Missing SVI or ip routing command on Layer 3 switch.
Routing Loop (Medium)
traceroute cycles between two branch routers. Conflicting static routes.
Firewall Blackhole (Hard)
DMZ web server unreachable. Missing HTTP/HTTPS permit rules in firewall ACL.
OSPF Area Mismatch (Medium)
OSPF stuck in EXSTART. One router configured with wrong area number.
HSRP Split Brain (Hard)
Both routers claiming HSRP Active. Missing standby preempt on higher-priority router.
VLAN Hopping (Hard)
Layer 2 bypass attack. Native VLAN set to a data VLAN enabling double-tagging.
DHCP Snooping Block (Medium)
DHCP fails after enabling snooping. Uplink port not marked as trusted.
Wireless Auth Fail (Medium)
WPA2 4-way handshake MIC error. PSK mismatch between WLC profile and client.
Diagnostic approach
CommandDescription
ping <target-ip>
Start here — confirm reachability from the affected device
traceroute <target-ip>
Find where packets stop — the hop before the * is the problem
show ip route
Check routing table — missing or incorrect routes cause drops
show ip interface brief
Check for interfaces that are admin-down or line-protocol down
show spanning-tree
Look for ports stuck in BLK state that should be forwarding
show access-list
Check hit counts — unexpectedly high deny hitcnt reveals blocked traffic
show standby
Check HSRP state — both routers Active = split brain
show ip dhcp snooping
Check trusted interfaces when DHCP stops working after enabling snooping
show capwap tunnel
Verify AP-to-WLC CAPWAP is UP when wireless clients fail to associate
CCNA Protocol Reference
All CCNA exam protocols and technologies, grouped by category. Each shows whether it is fully simulated via interactive CLI commands in this lab.
CLI Simulated
Documented
Layer 3 — Routing
OSPFEIGRPBGPRIPv2Static RoutesDefault RoutesFloating StaticRoute Redistribution
Layer 2 — Switching
STPRSTPPVST+VLANs802.1Q TrunkingEtherChannelLACPPAgPCDPLLDP
IP Addressing
IPv4IPv6CIDRVLSMNATPATDHCPDNS
Security
Standard ACLsExtended ACLsPort SecurityAAARADIUSTACACS+DHCP SnoopingDAIIP Source GuardIPsecGRESSH
WAN & Connectivity
PPPPPPoEMPLSHDLCSD-WANDSLCableFiber
Wireless
802.11a/b/g/n/ac/axWPA2WPA3CAPWAPWLC
High Availability
HSRPVRRPGLBP
Network Fundamentals
ARPICMPHSRPQoSDSCPPoEOSI ModelTCP/IP Model
Automation & Programmability
REST APIJSONYANGNETCONFRESTCONFAnsiblePuppetChefSDN
Transport & Application
TCPUDPHTTPHTTPSSMTPPOP3IMAPFTPTFTPSNMPNTPSyslog