Failed CCNA

Unanswered Question
Mar 18th, 2008

Did good on all areas except Subnetting and NAT and ACL. Are there any tips or tricks for these topics?

Rant: If the point is to be able to do this stuff on the job in the real world subnetting should not even be on the exams since all you have to do is use a subnet calculator, but I guess Cisco doesn't know they exist. That sucks. Anyway, hope to pass the second time around.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pankaj_goyal Tue, 03/18/2008 - 02:24

Very sorry for your unsuccessful attempt at CCNA.

Using subnet calculators is one thing and knowing how to subnet is another. We have calculators for basic as well as complex math functions but still we are thought how to add, subtract, trigonometry, geometry, etc. Knowing the fundamentals help you get a better understanding of things and enable you to implement them in a better and innovative way.

Just a thought. I hope it helps to settle things for you.

Wish you best of luck for your next try.

brianjpisa Tue, 03/18/2008 - 05:50

You have to know subnetting like the back of your hand to be successful. If you study it and know if really well, you'll remember patterns and memorize certain things. It may be harder for some people than others...depends on how good you are in math and working with numbers. Some people are left brained and some are right. Either way, once you have it down perfectly you will not need a subnet calculator. The CCNA is not an easy exam so don't get discouraged. Go back and hit those topics hard you didn't do so well on and you'll be successful. Good luck.

celticfc2007 Wed, 03/19/2008 - 01:27


When I first started studying for the CCNA, I picked up the Sybex book (5th ed). When I got to the section on subnetting, I thought omg, how the hell am I going to learn this, all these charts etc.

I began searching the web, looking for a clearer understanding, I ended up finding Chris Bryant's web site and his guides on Binary Math/Subnetting.

Going through the workbook I quickly mastered the topic, and when I read through the Sybex or Cisco ICND 1 official book, it blows my mind how overly complicated the text is.

Once you get the hang of it, subnetting is pretty easy, you just gotta practice, and if you make a mistake, figure out where you went wrong.

Once I get through the remainder of this week, I plan on practicing about 1 hr per day up until the test, not so much because I need to remember the formulas, but just to be as fast as possible.

Good luck!

svermill Sat, 03/22/2008 - 20:36

Actually, being able to subnet in your head and on the fly is an everyday skill in the networking world. If you require a calculator for this task, you're in trouble.

As for NAT and ACLs, these are always difficult topics at any level.

I genuinely wish you better luck with your next trip to the testing center. But seriously reflect on your attitude towards binary thought before heading back in...

_us076368 Mon, 03/24/2008 - 22:15

I have changed my attitude and really am focusing on those three areas as I know I did well on the others.

My point with the subnet calc was not that I need it cause I don't, but the point is that on the job you have access to different resources than on the test.

The point is to know it for the job, but then again if you can "work smart not hard" Why not?

If the test is to prove knowledge that you can do this stuff in the real world you should be allowed real world tools.

svermill Wed, 03/26/2008 - 10:49

Hey Bradley,

Sounds like you're making the adjustments that you need in order to pass. That's a good thing!

I do believe you will find that subnetting and binary math is something you will encounter in everyday life if you remain in this industry. I can't say "never a day goes by," but not too many go by that I don't do binary math of some sort in my head. Needing a calculator for this very fundamental task is going to limit you're ability to grow in your chosen field of work (and just wait until IPv6, with all of its hex, becomes more prevalent!). And whether or not you retain all of the information you acquire as part of your certification endeavors, just accept that sometimes you need to demonstrate a fundamental understanding/mastery of certain concepts in order to move forward. I know that I was tested on many, many things in the lab that I'm fairly unlikely to encounter in the real world anytime soon. But I was able to demonstrate an ability to acquire knowledge and apply it. Not necessarily retain it all, but acquire and apply...

Best wishes for your next attempt!



dehlia1970 Mon, 03/24/2008 - 12:37

I have failed THREE times now yet seem to be answering all the pretest and test prep CORRECTLY. I am really bugged that there is no feedback after the exam of which questions you got wrong and what the answers are. STUPID and lame and in my opinion a money making scheme. So, $450 later will I pass this Thursday?

Hi Dehlia1970

If you have failed three times, each time you would have received a printout showing the areas covered in the exam and your percentage for each area.

What areas were you weak in? These are the areas you should brush up on while also keeping up your level of proficiency in the areas you are stronger in.

I do not agree with your comment that Cisco are operating a money making scheme by not providing you with a list of your failed questions and the correct answers to these questions.

It is up to each exam candidate to ensure that they have covered the relevant material to a sufficient level and have hopefully managed to get some hands on experience getting use to configuring and troubleshooting what they have learned.

Best Wishes & good luck with your exam on Thursday,


svermill Mon, 03/24/2008 - 13:49

Well I have no idea what you mean by "pretest and test prep?" Is this material offered by Cisco?

In answer to your question: only if you are prepared and know the material. Otherwise, no.

kevonini24 Sun, 03/30/2008 - 15:48

I think you should get Sybex's CCNA study guide. I used that along with a router simulator and passed the exam in two weeks.

schantze27 Wed, 03/26/2008 - 07:44

Subnetting really took me WEEKS of practice, review and trying different approaches and tricks. In the end, after a couple of weeks it just seemed to intuitively all come together. You will have to train your brain to convert decimal to binary and powers of two. When I first sat at my PC during my test I wrote down 128 64 32 16 8 4 2 1 and 128 192 224 240 248 252 255 256 and 2 4 8 16 32 64 128 256 (blocks, mask and # of subnets), but I had already done the conversion in my head many times. Practice, practice, practice. Best of luck.

Hi All

For me, the single best piece of material for getting me up to speed with subnetting was the sunetting chapter in the Sybex CCNA study guide by Todd Lammle.

I had read and tried some other methods but this just made perfect sense and sinse it clicked I have never had any problems with subnetting.

Best Regards,


hyperbole Thu, 03/27/2008 - 08:43

Hi, I have yet to attempt the exam so no doubt i'll be posting similar requests in the near future.

But, id have to agree that these are fundamental topics that should at least be understood if not mastered in your Cert endeavors. provides a great example of how to think in terms of network nodes with subnetting in mind. And you will be thinking in networks/network nodes when you're hands on in your career. NAT is another important area as it is prevalent in so many real-world network setups, specifically on a private-public gateway. In simple terms NAT provides access from the limited public IP to the many private IP (and or internal nodes running specific services). Therefore, in this instance you need to think in terms of how an IPnetwork device, encapsulates TCP/UDP protocols/services. So your mappings are.. IPpublic|UDP or TCP| <- NATrouter-> IPprivate|UDP or TCP|. You build on this basic understanding when you build your NAT translations or mappings. In Cisco terms, think of one side as your inside addresses (IPprivate) and the other, your outside addresses (IPpublic)or Inside local (physical addresses for IPprivate network), Inside global (assigned NATrouter IPpublic address), Outside global (IPpublic addresses) and Outside local (this is the special instance of a device that is seen as a IPprivate, but isnt physically connected on your IPprivate LAN).

The scenario where you have IPpublic(pool-address range)<->NATrouter<->IPprivate(pool-address range)requires you create a named access-list (ACL) of each pool-address for each side. SO when you config#ip nat... inside source/outside source.. you use the named access-list,instead of the single IPpublic/IPprivate address.

This method (ACL-pool addresses) typically uses NAT overloading as well, which generally permits one side eg. IPprivate(pool) to use the NATrouter-IPpublic(overloaded) address to access all IPpublic addresses through a single IP - in other words, port address translation.

If either side is using DHCP(ie unknown IPaddress), then you would use the interface name eg s0 or fa0/x, instead of a static IP address, or named-ACL.

The description above i hope is a reasonable start for using ACLs with NAT. You should think of ACLs when used within NAT as a named file with a list of IP network nodes. The format typically being: RULE IP-START_ADDRESS(subnetwork) IP-RANGE(wildcard address). You would generally use permit as your rule with NAT as with all ACLs you have an implicit deny at the end of your list. AND you will need to understand the network and host part of your IP address range. If you look at the website above it should be reasonably clear on what these parts refer to in this type of access list.

I hope that helps.. turned out to be a lot more writing than i expected.

Good luck with your future studies.


gordon.burns Fri, 03/28/2008 - 04:24

I done my CCNA about 2 years ago and had problems getting to grips with subnetting. What i found really made it easy for memorising a table i had of how many networks and hosts each had.

For example if you can remember how many a /24 & /23 have you can easily work right back for the whole class C. Everytime i would have a subnetting question i would right this table down and refer.

I did find subnetting class B's for my BSCI a bit more trickier though.


This Discussion