Monday Follow Up Quiz

Question 1

Q: A PC connected to a switch cannot communicate with others in the same department. You check the port and find it assigned to VLAN 20, but VLAN 20 does not appear in show vlan brief. What’s the most likely issue?
- The trunk port is misconfigured
- The VLAN was never created
- The switch is using VTP
- The native VLAN is mismatched

Answer 1

Correct Answer: The VLAN was never created
Explanation: If a port is assigned to a VLAN that doesn’t exist in the switch’s VLAN table, communication fails.
Practical Use: Always confirm VLANs are created before assigning ports to them.
Why Others Are Incorrect:
- Trunk port issues affect inter-switch links, not single-port VLAN assignment.
- VTP may sync VLANs, but that doesn’t fix a missing local VLAN.
- Native VLAN mismatch affects trunk ports, not access ports.
Objective: CompTIA N10-009 – Troubleshoot common switch configuration issues
Follow-up: What command would you use to add VLAN 20 to the switch?

Question 2

Q: Two switches are connected, but devices on VLAN 10 from each switch can’t talk to each other. What’s the most likely cause?
- The ports are set to access mode
- Spanning Tree Protocol (STP) is disabled
- The trunk is not allowing VLAN 10
- VLAN 10 does not exist on the router

Answer 2

Correct Answer: The trunk is not allowing VLAN 10
Explanation: If VLAN 10 is not in the allowed VLAN list on the trunk port, traffic won’t pass between switches.
Practical Use: Use show interfaces trunk to verify allowed VLANs.
Why Others Are Incorrect:
- Access mode disables trunking entirely, but we’re troubleshooting trunk VLANs.
- STP issues would show err-disabled or blocked ports, not just VLAN isolation.
- Router config isn’t involved unless we’re doing inter-VLAN routing.
Objective: N10-009 – Troubleshoot inter-switch communication issues
Follow-up: What command modifies the allowed VLANs on a trunk?

Question 3

Q: A switch port is set to trunk, but devices connected to it can’t get network access. You verify the endpoint is a PC. What’s wrong?
- The switch port should be access, not trunk
- The native VLAN is set incorrectly
- The trunk is missing a VLAN tag
- The switch uses 802.1p tagging

Answer 3

Correct Answer: The switch port should be access, not trunk
Explanation: PCs should be connected to access ports, not trunks. Trunk ports are for switch-to-switch or switch-to-router links.
Practical Use: switchport mode access is best for end-user devices.
Why Others Are Incorrect:
- Native VLAN issues affect tagged vs untagged behavior but not trunk-to-PC logic.
- VLAN tags are only relevant in trunk links between switches.
- 802.1p tagging refers to QoS, not VLAN compatibility.
Objective: N10-009 – Configure switch ports for appropriate use
Follow-up: What is a quick way to verify port mode on a Cisco switch?

Question 4

Q: An administrator is troubleshooting a VLAN issue where devices on VLAN 30 intermittently lose connectivity. The trunk port shows VLAN 30 as active, and port configurations look correct. Which hidden issue is most likely?
- VLAN 30 has no IP address
- Native VLAN mismatch is causing packet drops
- A loop is occurring due to duplicate MAC addresses
- Trunk port is error-disabled due to BPDU Guard

Answer 4

Correct Answer: Native VLAN mismatch is causing packet drops
Explanation: If the native VLANs differ on either end of a trunk, untagged frames may be misinterpreted or dropped.
Practical Use: Use show interfaces trunk and verify native VLAN alignment on both switches.
Why Others Are Incorrect:
- VLANs don’t require IPs unless using SVI for Layer 3 routing.
- Duplicate MACs could cause issues but wouldn’t isolate to a single VLAN.
- BPDU Guard disables ports entirely, not just causes intermittent loss.
Objective: N10-009 – Diagnose VLAN and trunk port issues
Follow-up: What command shows the native VLAN on a trunk port?

Question 5

Q: A trunk link between two switches is configured, but devices in VLAN 40 on each switch cannot communicate. You check and see VLAN 40 is missing from switchport trunk allowed vlan. What’s the fix?
- Set the port to access mode
- Add VLAN 40 to the allowed list
- Reboot the switch
- Enable portfast on the trunk

Answer 5

Correct Answer: Add VLAN 40 to the allowed list
Explanation: If a VLAN is not in the trunk’s allowed list, its traffic is dropped.
Practical Use: Use switchport trunk allowed vlan add 40 to add it.
Why Others Are Incorrect:
- Access mode disables trunking.
- Rebooting won’t change VLAN trunk settings.
- Portfast is for access ports, not trunks.
Objective: CompTIA N10-009 – VLAN trunking and configuration
Follow-up: What command verifies VLANs allowed on a trunk?

Question 6

Q: A user reports no network access. You run show vlan brief and see the port is in VLAN 100, which is inactive. What’s the root cause?
- Trunk port error
- VLAN is shutdown
- Port security issue
- Duplex mismatch

Answer 6

Correct Answer: VLAN is shutdown
Explanation: If a VLAN is administratively down, all ports in it lose connectivity.
Practical Use: Use no shutdown under VLAN config mode.
Why Others Are Incorrect:
- Trunk issues don’t affect a local port’s VLAN state.
- Port security shuts down individual ports, not VLANs.
- Duplex mismatch causes slow/unreliable connections, not complete isolation.
Objective: VLAN activation and status troubleshooting
Follow-up: How do you activate a VLAN from config mode?

Question 7

Q: A VLAN is configured on two switches, but traffic isn’t passing. One switch is using dynamic auto mode, the other dynamic desirable. What’s the issue?
- Trunk negotiation failed
- VLAN not created on one switch
- Native VLAN mismatch
- Incorrect VTP domain

Answer 7

Correct Answer: Trunk negotiation failed
Explanation: Dynamic auto on both ends won’t form a trunk. One must be desirable or manually set to trunk.
Practical Use: Use switchport mode trunk to force trunking.
Why Others Are Incorrect:
- VLAN mismatch wouldn’t stop trunk negotiation.
- Native VLAN mismatch allows communication but may cause tagging errors.
- VTP domain mismatches prevent VLAN propagation but not trunk formation.
Objective: Understand trunk negotiation modes
Follow-up: What are the modes that actively initiate trunk formation?

Question 8

Q: You notice err-disabled ports after connecting unauthorized switches. What security feature likely caused this?
- BPDU Guard
- Root Guard
- PortFast
- UDLD

Answer 8

Correct Answer: BPDU Guard
Explanation: BPDU Guard shuts down ports receiving BPDUs unexpectedly, preventing rogue switches.
Practical Use: Enables safe use of PortFast on user-facing ports.
Why Others Are Incorrect:
- Root Guard changes port state, not disables it.
- PortFast alone doesn’t shut down ports.
- UDLD is used for fiber link monitoring.
Objective: CompTIA N10-009 – Layer 2 security and switch protection
Follow-up: What command enables BPDU Guard globally?

Question 9

Q: A switch can’t reach a new VLAN even after it’s added. What should you check first?
- Trunk allowed VLAN list
- STP cost
- Routing table
- Port security settings

Answer 9

Correct Answer: Trunk allowed VLAN list
Explanation: If the trunk doesn’t allow the new VLAN, traffic won’t pass.
Practical Use: Use show interfaces trunk to inspect VLAN allowance.
Why Others Are Incorrect:
- STP affects topology but wouldn’t fully block a new VLAN.
- Routing table is Layer 3, this is Layer 2.
- Port security wouldn’t isolate a whole VLAN.
Objective: VLAN propagation and trunk troubleshooting
Follow-up: What command adds a VLAN to all trunks?

Question 10

Q: What does switchport trunk native vlan 999 do?
- Blocks VLAN 999
- Sets VLAN 999 as untagged
- Disables VLAN 999
- Deletes native VLAN tags

Answer 10

Correct Answer: Sets VLAN 999 as untagged
Explanation: Native VLANs are sent untagged. This command sets VLAN 999 as the default for untagged frames.
Practical Use: Helps prevent VLAN hopping attacks by setting unused VLANs as native.
Why Others Are Incorrect:
- It doesn’t block or disable VLANs.
- VLAN tag deletion isn’t a configuration term.
Objective: Native VLAN configuration
Follow-up: What’s a best practice for native VLANs in a secure environment?

Question 11

Q: Which command verifies if a port is in access or trunk mode?
- show ip interface brief
- show interfaces status
- show vlan brief
- show interfaces switchport

Answer 11

Correct Answer: show interfaces switchport
Explanation: This shows whether a port is in access or trunk mode and other VLAN settings.
Practical Use: Use when diagnosing VLAN mismatch or misconfigured ports.
Why Others Are Incorrect:
- show ip interface brief shows IP info.
- show interfaces status shows link/duplex but not trunk/access mode.
- show vlan brief shows port membership but not mode.
Objective: Port mode diagnostics
Follow-up: What section in the output lists trunk status?

Question 12

Q: What happens if two switches have different native VLANs on a trunk link?
- Communication still works
- Loop occurs
- Untagged traffic is dropped or misdirected
- Switches reboot

Answer 12

Correct Answer: Untagged traffic is dropped or misdirected
Explanation: Native VLAN mismatch causes confusion about untagged frames, leading to drops or misrouting.
Practical Use: Set matching native VLANs on both ends.
Why Others Are Incorrect:
- Communication may break partially.
- Loops depend on STP, not VLANs.
- Rebooting doesn’t occur from this mismatch.
Objective: Native VLAN troubleshooting
Follow-up: How do you check the native VLAN on both ends?

Question 13

Q: You configure a trunk with allowed VLANs 1, 10, and 20, but hosts on VLAN 30 can’t talk. Why?
- VLAN 30 is tagged incorrectly
- VLAN 30 is blocked by STP
- VLAN 30 isn’t allowed on the trunk
- VLAN 30 isn’t on the router

Answer 13

Correct Answer: VLAN 30 isn’t allowed on the trunk
Explanation: VLAN traffic not listed in the trunk’s allowed list will be blocked.
Practical Use: Always verify allowed VLANs.
Why Others Are Incorrect:
- Tagging wouldn’t help if VLAN isn’t allowed.
- STP blocks entire ports, not specific VLANs.
- Router is only needed for inter-VLAN routing.
Objective: Trunk configuration troubleshooting
Follow-up: What is the command to modify allowed VLANs on a trunk?

Question 14

Q: What does the switchport mode dynamic auto command do?
- Forces port to access mode
- Sets trunk mode if neighbor initiates
- Enables VLAN tagging
- Disables port security

Answer 14

Correct Answer: Sets trunk mode if neighbor initiates
Explanation: Dynamic auto waits for the other side to initiate trunking.
Practical Use: Helps simplify trunk setup but not recommended for security-sensitive environments.
Why Others Are Incorrect:
- Doesn’t force access mode.
- VLAN tagging occurs during trunking but not triggered by this.
- Port security is unrelated.
Objective: Trunk negotiation behavior
Follow-up: What trunking mode initiates trunk formation actively?

Question 15

Q: What is a typical symptom of a port set to the wrong VLAN?
- Slow performance
- No network connectivity
- Frequent disconnects
- High CPU usage

Answer 15

Correct Answer: No network connectivity
Explanation: Devices on different VLANs without routing can’t communicate, causing total loss of access.
Practical Use: Verify port VLAN assignment using show vlan brief.
Why Others Are Incorrect:
- Wrong VLAN doesn’t cause slowness or CPU issues.
- Disconnects imply intermittent connection, not VLAN isolation.
Objective: Troubleshoot VLAN membership
Follow-up: What command assigns a port to VLAN 10?