Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Switching and Network Access practice sets

CCNA Switching and Network Access • Complete Question Bank

CCNA Switching and Network Access — All Questions With Answers

Complete CCNA Switching and Network Access question bank — all 0 questions with answers and detailed explanations.

412
Questions
Free
No signup
Certifications/CCNA/Practice Test/Switching and Network Access/All Questions
Question 1easymultiple choice
Open the full VLAN trunking answer →

What is the main purpose of a VLAN on a switch?

Question 2mediummultiple choice
Read the full Switching and Network Access explanation →

Which statement best describes a lightweight access point in a controller-based WLAN?

Question 3easymultiple choice
Read the full Switching and Network Access explanation →

What is the purpose of Power over Ethernet (PoE)?

Question 4easymultiple choice
Read the full Switching and Network Access explanation →

What does an access port do on a switch?

Question 5mediummultiple choice
Read the full Switching and Network Access explanation →

What is the main purpose of BPDU Guard on a PortFast-enabled access port?

Question 6mediummultiple choice
Open the full VLAN trunking answer →

Which statement best explains why trunks are needed between switches in a multi-VLAN environment?

Question 7mediummultiple choice
Read the full wireless explanation →

Which statement best compares 2.4 GHz and 5 GHz Wi-Fi operation at a basic CCNA level?

Question 8mediummultiple choice
Read the full wireless explanation →

What is the primary role of a wireless LAN controller in a controller-based WLAN design?

Question 9mediummultiple choice
Read the full wireless explanation →

Which statement best describes an SSID in a wireless LAN?

Question 10mediummultiple choice
Read the full Switching and Network Access explanation →

Which statement best describes why PortFast is usually appropriate on a user-facing access port but not on a normal switch-to-switch uplink?

Question 11mediummultiple choice
Read the full Switching and Network Access explanation →

Which statement best describes CAPWAP in a controller-based WLAN environment?

Question 12mediummultiple choice
Read the full wireless explanation →

Which statement best describes the purpose of a wireless security standard such as WPA2 or WPA3?

Question 13mediummultiple choice
Read the full Switching and Network Access explanation →

Which statement best describes the difference between lightweight APs in a controller-based WLAN and autonomous APs?

Question 14mediummultiple choice
Read the full Switching and Network Access explanation →

What is the main reason a WLAN design might choose a controller-based architecture instead of managing each AP separately?

Question 15mediummultiple choice
Read the full Switching and Network Access explanation →

Which statement best describes why 5 GHz WLAN deployments are often discussed separately from 2.4 GHz deployments?

Question 16mediummultiple choice
Read the full wireless explanation →

Which statement best describes the role of WPA3 in a wireless LAN design?

Question 17mediummultiple choice
Read the full wireless explanation →

Which statement best explains why guest wireless networks are often isolated from corporate internal networks?

Question 18mediummultiple choice
Read the full wireless explanation →

Which statement best describes why wireless clients can have very different experiences on two floors even when they use the same SSID?

Question 19mediummultiple choice
Read the full Switching and Network Access explanation →

Which statement best describes why CAPWAP is relevant in controller-based WLAN troubleshooting?

Question 20easymultiple choice
Read the full wireless explanation →

Which statement best describes an SSID in wireless networking?

Question 21mediummultiple choice
Read the full NAT/PAT explanation →

Which spanning-tree port state listens for BPDUs and participates in STP, but does not learn MAC addresses yet?

Question 22hardmultiple choice
Open the full VLAN trunking answer →

Switch SW1 sends traffic for VLAN 30 across a trunk to SW2, but hosts in VLAN 30 on SW2 cannot communicate with hosts in VLAN 30 on SW1. Other VLANs work across the trunk. Which trunk issue is most likely?

Question 23mediummultiple choice
Read the full EtherChannel explanation →

What is a common requirement for interfaces to successfully bundle into an EtherChannel?

Question 24mediummultiple choice
Review the full routing breakdown →

In a router-on-a-stick design, what is configured on the physical router interface connected to the switch?

Question 25mediummulti select
Read the full wireless explanation →

Which two functions are commonly handled by a wireless LAN controller in a controller-based deployment? (Choose two.)

Question 26mediummultiple choice
Read the full NAT/PAT explanation →

A switch receives a unicast frame for a destination MAC address that is not yet in its MAC address table. What does the switch do?

Question 27mediummultiple choice
Open the full STP breakdown →

When spanning tree elects a root bridge, which value is considered first?

Question 28easymultiple choice
Open the full STP breakdown →

What problem does Spanning Tree Protocol solve in a switched network?

Question 29mediummultiple choice
Open the full VLAN trunking answer →

Hosts in VLAN 10 need to communicate with hosts in VLAN 20. What is required for that communication to work?

Question 30mediummultiple choice
Open the full VLAN trunking answer →

On an 802.1Q trunk, which VLAN is sent untagged by default on many Cisco switches unless changed?

Question 31hardmulti select
Read the full EtherChannel explanation →

Which two conditions must match on two switch ports before they can successfully form a Layer 2 EtherChannel? (Choose two.)

Question 32hardmultiple choice
Open the full STP breakdown →

A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?

Question 33mediummultiple choice
Open the full VLAN trunking answer →

A PC connected to switch port Gi0/10 should be in VLAN 20 but receives broadcasts only from VLAN 1. Which switchport setting is most likely wrong?

Question 34mediummultiple choice
Open the full VLAN trunking answer →

A switch shows this output from the "show interfaces trunk" command:

Gi0/1 on 802.1q trunking 1 Gi0/2 auto 802.1q not-trunking 1

Which statement is correct?

Question 35mediummultiple choice
Read the full EtherChannel explanation →

Two switches form an EtherChannel. One side is configured with LACP active. Which setting on the other side will successfully negotiate the bundle?

Question 36hardmultiple choice
Read the full NAT/PAT explanation →

An engineer lowers the spanning-tree path cost on one uplink of a nonroot switch. What is the expected result if all else stays equal?

Question 37hardmultiple choice
Open the full VLAN trunking answer →

A trunk link has a native VLAN mismatch between two switches. What is the most likely result?

Question 38mediummultiple choice
Read the full Switching and Network Access explanation →

Which spanning-tree port role receives the best BPDU toward the root bridge on a nonroot switch?

Question 39mediummultiple choice
Open the full VLAN trunking answer →

A switch displays this output:

Port Name Status Vlan Fa0/1 connected 10 Fa0/2 connected 10 Fa0/24 connected trunk

Which port should be checked first if a user in VLAN 20 cannot reach the distribution switch over the uplink?

Question 40hardmulti select
Read the full EtherChannel explanation →

Which two conditions must match for a Layer 2 EtherChannel bundle to form correctly? (Choose two.)

Question 41hardmultiple choice
Open the full VLAN trunking answer →

A switch displays the following output:

Switch# show interfaces trunk

Port Mode Encapsulation Status Native vlan Gi1/0/24 on 802.1q trunking 99

Port Vlans allowed on trunk Gi1/0/24 10,20,30

Port Vlans active in management domain Gi1/0/24 10,20,30,40

Users in VLAN 40 cannot reach resources across this trunk.

What is the most likely reason?

Question 42mediummultiple choice
Open the full VLAN trunking answer →

A switch administrator enters the following commands on interface GigabitEthernet1/0/10:

interface g1/0/10
 switchport mode access
 switchport access vlan 30
 spanning-tree portfast
 spanning-tree bpduguard enable

A user connects a small managed switch to this port, and the access port immediately changes to an err-disabled state.

Which feature caused the port to shut down?

Question 43mediummultiple choice
Read the full EtherChannel explanation →

A network engineer checks EtherChannel status on a switch and sees the following output:

Group Port-channel Protocol Ports ------+-------------+---------+----------------------------- 1 Po1(SD) LACP Gi1/0/1(s) Gi1/0/2(I)

What is the most likely reason the EtherChannel is not forwarding traffic?

Question 44hardmultiple choice
Read the full Switching and Network Access explanation →

A user connects a small unmanaged switch to an access port, and the port immediately transitions to err-disabled. Which feature most likely caused this behavior?

Exhibit

interface GigabitEthernet1/0/12
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
Question 45hardmultiple choice
Open the full VLAN trunking answer →

Clients in VLAN 30 are not receiving addresses from the DHCP server located in VLAN 99. Which configuration change should be made on the Layer 3 interface for VLAN 30?

Exhibit

interface Vlan30
 ip address 10.30.30.1 255.255.255.0
 no shutdown

interface Vlan99
 ip address 10.99.99.1 255.255.255.0
 no shutdown

DHCP server IP: 10.99.99.20
Question 46mediummultiple choice
Open the full VLAN trunking answer →

PCs in VLAN 30 on SwitchA cannot reach servers in VLAN 30 on SwitchB. All other VLANs work across the trunk. What is the most likely cause?

Exhibit

SwitchA# show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       10,20,40

SwitchB# show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       10,20,30,40
Question 47mediummatching
Read the full EtherChannel explanation →

Match each EtherChannel term or state to its most accurate meaning.

Question 48hardmultiple choice
Open the full VLAN trunking answer →

A multilayer switch must route traffic between VLAN 10 and VLAN 20. Which condition is required for that to happen?

Exhibit

Goal:
- VLAN 10 and VLAN 20 must communicate through a multilayer switch
Question 49mediummultiple choice
Read the full Switching and Network Access explanation →

Why is PortFast typically enabled on switch ports connected to end devices?

Question 50mediummultiple choice
Read the full Switching and Network Access explanation →

A switchport connected to an IP phone and a PC must carry user traffic and voice traffic separately. Which feature is designed for that purpose on a Cisco access port?

Exhibit

Switch port requirement:
- IP phone and PC share one physical access connection
- Voice and data must remain logically separate
Question 51hardmultiple choice
Open the full VLAN trunking answer →

A switch port should allow an IP phone and attached PC to operate correctly. The phone should place voice traffic in VLAN 200 while the PC remains in VLAN 20. Which configuration approach best supports that design?

Question 52mediummultiple choice
Open the full VLAN trunking answer →

A switch interface connected to another switch must carry VLANs 10, 20, and 30 only. Which command best enforces that requirement on the trunk?

Question 53mediummultiple choice
Open the full VLAN trunking answer →

A port connected to an end-user PC should not send or expect VLAN tags from the endpoint. Which interface type is appropriate on the switch?

Question 54hardmultiple choice
Open the full VLAN trunking answer →

A trunk between two switches is up, but users in VLAN 40 cannot communicate across it. The output shows both sides allow VLAN 40. What is another likely trunk-related cause to check next?

Question 55mediummatching
Open the full VLAN trunking answer →

Match each VLAN-related term to its most accurate meaning.

Question 56easymatching
Read the full Switching and Network Access explanation →

Match each STP-related feature or term to its most accurate description.

Question 57mediummultiple choice
Open the full VLAN trunking answer →

Which command places a switch interface into trunking mode directly instead of relying on negotiation?

Question 58hardmultiple choice
Open the full VLAN trunking answer →

A switch trunk is carrying several VLANs, but VLAN 99 traffic is failing. The trunk allowed list includes VLAN 99 on both sides. Which statement best explains why a VLAN can still fail even when it is allowed?

Question 59mediummultiple choice
Read the full Switching and Network Access explanation →

A switchport should automatically disable itself if too many MAC addresses are learned beyond the configured secure limit. Which port-security violation mode causes that behavior?

Question 60mediummatching
Open the full VLAN trunking answer →

Match each trunking or switchport term to its most accurate description.

Question 61hardmultiple choice
Open the full VLAN trunking answer →

A switchport connected to another switch is configured as an access port by mistake. Which symptom is most likely in a multi-VLAN design?

Question 62hardmultiple choice
Read the full Switching and Network Access explanation →

A Layer 2 switch port connected to an end host should move to forwarding quickly but also shut down if a BPDU is received. Which pair of features best supports that design?

Question 63hardmultiple choice
Open the full VLAN trunking answer →

A trunk link between two switches is operational, but one side shows a native VLAN mismatch warning. What is the main concern with that condition?

Question 64hardmultiple choice
Open the full VLAN trunking answer →

A multilayer switch has SVIs for VLAN 10 and VLAN 20, but hosts in those VLANs still cannot reach each other. The SVIs are up/up. Which additional condition is most likely required?

Question 65mediummultiple choice
Read the full Switching and Network Access explanation →

Which command places a switch port into access mode directly?

Question 66hardmultiple choice
Open the full VLAN trunking answer →

A switch port connected to a user PC is configured as a trunk. The PC cannot communicate normally. What is the best explanation?

Question 67mediummultiple choice
Open the full VLAN trunking answer →

A switch interface connects to a user PC and should belong only to VLAN 30. Which command assigns that VLAN after the interface is in access mode?

Question 68hardmultiple choice
Read the full EtherChannel explanation →

An EtherChannel should form using LACP between two switches. One side is configured for LACP active, and the other side is configured for LACP active. What is the expected result if the other link settings also match?

Question 69hardmultiple choice
Open the full VLAN trunking answer →

Two switches are connected by a trunk. VLAN 50 exists on both switches, but traffic still fails across the link. The allowed VLAN list is correct. Which additional item should be checked next?

Question 70hardmultiple choice
Open the full VLAN trunking answer →

A switchport connected to another switch is configured with `switchport mode dynamic auto` on both ends. What is the most likely outcome if neither side actively negotiates trunking?

Question 71hardmultiple choice
Read the full EtherChannel explanation →

Two switches should form an LACP EtherChannel. One side is configured passive, and the other side is also passive. What is the most likely result?

Question 72mediummultiple choice
Open the full VLAN trunking answer →

A switch port connected to an end host should forward traffic for one VLAN only and should not negotiate trunking. Which configuration approach best fits that requirement?

Question 73mediummatching
Read the full Switching and Network Access explanation →

Match each access-layer feature to its most accurate function.

Question 74mediummultiple choice
Read the full Switching and Network Access explanation →

An administrator wants a switchport connected to an end device to move to forwarding quickly but does not want that setting used on inter-switch links. Which feature is intended for that edge-port behavior?

Question 75hardmultiple choice
Open the full VLAN trunking answer →

A switch trunk must carry VLANs 10, 20, and 30, but traffic for VLAN 20 is failing. The trunk allowed list on one side is `10,30`. What is the most likely cause?

Question 76hardmultiple choice
Read the full Switching and Network Access explanation →

A switch port connected to an end host is configured with both PortFast and BPDU Guard. What is the most likely outcome if a small switch is connected there and starts sending BPDUs?

Question 77mediummatching
Open the full VLAN trunking answer →

Match each switchport or trunking concept to its most accurate role.

Question 78hardmultiple choice
Read the full EtherChannel explanation →

Two switches should form an EtherChannel using LACP. One side is configured active and the other passive. If the port settings otherwise match, what is the expected result?

Question 79easymatching
Read the full Switching and Network Access explanation →

Match each STP-related term or feature to its most accurate function.

Question 80mediummatching
Read the full Switching and Network Access explanation →

Match each switch security or protection feature to its most accurate purpose.

Question 81hardmultiple choice
Open the full VLAN trunking answer →

A switchport connected to another switch should carry VLANs 10, 20, and 30. The interface is operational, but only VLAN 10 works. VLANs 20 and 30 fail. Which explanation is most likely if the port was accidentally configured as an access port in VLAN 10?

Question 82mediummatching
Open the full VLAN trunking answer →

Match each trunk or VLAN term to its most accurate function.

Question 83hardmultiple choice
Open the full VLAN trunking answer →

A switchport is configured as a trunk on one side and access on the other side of the same physical link. What is the most likely result?

Question 84hardmultiple choice
Open the full VLAN trunking answer →

PCs in VLAN 30 on SwitchA cannot reach PCs in VLAN 30 on SwitchB. VLAN 30 exists on both switches and all other VLANs work across the same link. Based on the exhibit, what is the most likely cause?

Exhibit

SwitchA# show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       10,20,40

SwitchB# show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       10,20,30,40
Question 85hardmultiple choice
Read the full Switching and Network Access explanation →

A port connected to an end host is configured with PortFast and BPDU Guard. What is the most likely result if a small unmanaged switch is connected and starts sending BPDUs?

Question 86hardmultiple choice
Read the full Switching and Network Access explanation →

A switch interface is configured as `dynamic desirable`, and the peer interface is configured as `dynamic auto`. What is the most likely result?

Question 87mediummatching
Read the full Switching and Network Access explanation →

Match each switching feature to its most accurate purpose.

Question 88hardmultiple choice
Open the full VLAN trunking answer →

A switch port connected to a user PC should be placed in VLAN 20 and must not negotiate trunking. Which configuration is the most appropriate?

Question 89hardmultiple choice
Read the full Switching and Network Access explanation →

A switch port connected to an IP phone and a PC should separate voice traffic from data traffic while still using one physical edge connection. Which feature best supports that design?

Question 90hardmultiple choice
Open the full VLAN trunking answer →

Two switches are connected by a trunk. VLAN 50 exists on both switches, but hosts in VLAN 50 cannot communicate across the link. All other VLANs work. Based on the exhibit, what is the most likely cause?

Exhibit

SwitchA# show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi0/2       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/2       10,20,30

SwitchB# show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi0/2       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/2       10,20,30,50
Question 91hardmultiple choice
Open the full VLAN trunking answer →

A multilayer switch has SVIs for VLAN 10 and VLAN 20. Hosts in both VLANs can reach their local SVI, but they cannot reach each other. Which additional configuration is most likely required?

Question 92mediummatching
Read the full Switching and Network Access explanation →

Match each Layer 2 protection feature to its most accurate purpose.

Question 93hardmultiple choice
Read the full EtherChannel explanation →

Two switches should form an EtherChannel with LACP. One side is set to active and the other is set to passive. If the remaining interface settings match, what is the expected result?

Question 94mediummatching
Open the full VLAN trunking answer →

Match each trunking term to its most accurate meaning.

Question 95mediummatching
Read the full Switching and Network Access explanation →

Match each switch protection feature to its most accurate purpose.

Question 96hardmultiple choice
Read the full EtherChannel explanation →

Two switches are configured for LACP EtherChannel. One side is set to passive and the other side is also set to passive. What is the most likely outcome?

Question 97mediummatching
Open the full VLAN trunking answer →

Match each switchport or VLAN term to its most accurate meaning.

Question 98hardmultiple choice
Read the full Switching and Network Access explanation →

A switch port connected to a workstation is configured with sticky MAC learning and a maximum secure MAC count of 1. What is the main operational benefit of sticky learning in this case?

Question 99hardmultiple choice
Open the full VLAN trunking answer →

A switchport connected to a user workstation is placed in VLAN 30. The administrator also wants to prevent that port from learning more than one MAC address. Which feature should be configured?

Question 100hardmultiple choice
Open the full VLAN trunking answer →

A switchport on one side of a link is configured as a trunk, but the peer side is configured as an access port. What is the most likely result?

Question 101mediummatching
Open the full VLAN trunking answer →

Match each VLAN or trunk term to its most accurate purpose.

Question 102mediummatching
Open the full STP breakdown →

Match each switchport or STP feature to its most accurate purpose.

Question 103mediummatching
Read the full wireless explanation →

Match each wireless concept to its most accurate description.

Question 104hardmultiple choice
Open the full VLAN trunking answer →

A switchport on one side of a link is configured as a trunk, but the peer side is configured as an access port. The physical link is up, but VLAN traffic behaves unexpectedly. What is the most likely cause?

Question 105mediummulti select
Read the full wireless explanation →

Which two statements accurately describe WPA2 and WPA3 in wireless security?

Question 106hardmultiple choice
Read the full EtherChannel explanation →

An EtherChannel between two switches is configured for LACP. One switch shows the member interfaces as bundled, while the other shows them as individual interfaces. Which explanation is most likely if both sides are using LACP?

Question 107hardmultiple choice
Open the full VLAN trunking answer →

A switchport is configured as an access port in VLAN 10, but a user plugs in a small unmanaged switch and connects multiple devices behind it. Which security feature most directly limits that behavior at the switchport?

Question 108mediummultiple choice
Read the full Switching and Network Access explanation →

In a controller-based WLAN, what is the main job of the access point?

Question 109mediummatching
Read the full wireless explanation →

Match each wireless term to its most accurate meaning.

Question 110hardmultiple choice
Open the full VLAN trunking answer →

A trunk is up between two switches, but traffic for VLAN 40 fails while other VLANs work. Which output item should be checked first?

Question 111hardmultiple choice
Read the full NAT/PAT explanation →

A switch port connected to an edge host immediately transitions to forwarding and then later goes err-disabled after a BPDU is received. Which feature combination most likely produced this behavior?

Question 112hardmultiple choice
Open the full VLAN trunking answer →

A multilayer switch has working SVIs for VLAN 10 and VLAN 20, but traffic between the VLANs fails. Hosts can ping their own gateway interfaces. Which misconfiguration is most strongly suggested if the SVIs themselves are correct?

Question 113hardmultiple choice
Open the full VLAN trunking answer →

A switch has a root port and an alternate port for the same VLAN. Which statement best explains the operational role of the alternate port?

Question 114hardmultiple choice
Read the full Switching and Network Access explanation →

A user reports that a laptop can connect to the correct SSID but repeatedly fails authentication when joining the WLAN. Which category of issue is most strongly indicated?

Question 115mediummultiple choice
Read the full wireless explanation →

A wireless client can see two SSIDs from the same company: Corp and Guest. Which statement best explains what an SSID represents in this situation?

Question 116mediummulti select
Read the full Switching and Network Access explanation →

Which two statements accurately describe a controller-based WLAN compared with a set of independently managed APs?

Question 117hardmultiple choice
Read the full NAT/PAT explanation →

A switch receives superior BPDUs on a port where the design requires that no downstream device ever become the root path for that segment. Which feature is the best fit for that requirement?

Question 118mediummultiple choice
Read the full wireless explanation →

A controller-based WLAN is deployed across multiple floors. Users can associate to the SSID on both floors, but their experience improves when moving between APs compared with a poorly designed standalone deployment. Which wireless concept is most closely related to that client movement experience?

Question 119hardmultiple choice
Open the full VLAN trunking answer →

A switchport connected to another switch should carry multiple VLANs, but it was manually configured as an access port. What is the most likely operational result?

Question 120hardmultiple choice
Read the full wireless explanation →

A user on a wireless guest network can associate successfully, obtains an IP address, but cannot reach the Internet. Which troubleshooting area should be examined first if the WLAN itself is working?

Question 121easymultiple choice
Read the full Switching and Network Access explanation →

An AP broadcasts the correct SSID, but many clients on one floor experience poor performance while the same SSID works well on another floor. Which category of issue is most strongly suggested first?

Question 122mediummulti select
Read the full wireless explanation →

Which two statements accurately describe good design thinking for wireless guest access?

Question 123hardmultiple choice
Read the full Switching and Network Access explanation →

A switch port configured with PortFast and BPDU Guard receives a BPDU and transitions to an error-disabled state. Which statement best explains why this is considered useful protection?

Question 124mediummulti select
Read the full Switching and Network Access explanation →

Which two statements accurately describe CAPWAP in a controller-based WLAN context?

Question 125hardmultiple choice
Read the full EtherChannel explanation →

An EtherChannel uses LACP. One side is configured correctly, but the peer side has a different switchport mode on one of the member links. What is the most likely result?

Question 126mediummulti select
Read the full Switching and Network Access explanation →

Which two statements accurately describe why organizations use separate employee and guest WLANs?

Question 127hardmultiple choice
Open the full VLAN trunking answer →

A trunk link between two switches is up, but voice phones connected through one access switch no longer receive the correct voice VLAN treatment. Data users still pass traffic. Which area should be checked first?

Question 128hardmultiple choice
Read the full EtherChannel explanation →

A network engineer is configuring an EtherChannel between two switches. After applying the configuration, the port-channel fails to form. What is the most likely reason?

Exhibit

interface GigabitEthernet0/1
 switchport mode trunk
 channel-group 1 mode active

interface GigabitEthernet0/2
 switchport mode access
 channel-group 1 mode active
Question 129hardmultiple choice
Read the full Switching and Network Access explanation →

A client can join a corporate SSID and authenticate successfully, but it consistently loses connectivity when moving between floors. Which area is most strongly suggested for deeper investigation?

Question 130mediummatching
Read the full Switching and Network Access explanation →

Match each WLAN term to its correct description.

Question 131hardmultiple choice
Open the full VLAN trunking answer →

A switch port is configured with `switchport voice vlan 150` and `switchport access vlan 20`. Which statement best explains the design purpose?

Question 132hardmultiple choice
Read the full Switching and Network Access explanation →

A switch receives BPDUs on a user-facing port configured as an edge port, but instead of just blocking the port role it fully error-disables it. Which protection feature most likely explains that behavior?

Question 133hardmultiple choice
Open the full VLAN trunking answer →

A phone and PC share one switchport. The phone works, but the PC cannot reach its normal data resources. The switchport voice VLAN is configured, and the access VLAN is incorrect. Which explanation is strongest?

Question 134hardmultiple choice
Read the full wireless explanation →

A wireless client can associate to the correct corporate SSID and authenticate successfully, but receives an address from the guest network instead of the employee network. Which troubleshooting area is strongest?

Question 135hardmultiple choice
Read the full Switching and Network Access explanation →

A host on a guest WLAN can browse the Internet but cannot reach internal corporate resources, while employees on another SSID can. Which statement best explains why that can be a correct design outcome?

Question 136hardmultiple choice
Read the full NAT/PAT explanation →

A phone and PC share one switchport. The phone registers successfully, but the workstation receives an address from the wrong subnet. Which explanation is strongest?

Question 137hardmultiple choice
Open the full VLAN trunking answer →

Two switches, SW1 and SW2, are connected via a trunk link. Hosts in VLAN 50 on SW1 cannot communicate with hosts in VLAN 50 on SW2, while hosts in other VLANs communicate normally. What is the most likely cause?

Exhibit

SW1# show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       10,20,30,40

SW2# show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       10,20,30,40,50
Question 138hardmultiple choice
Read the full Switching and Network Access explanation →

Which command output would be the best next step to verify whether the port-channel is operational after configuration changes?

Exhibit

Corrective action applied:
- Both Gi0/1 and Gi0/2 on both switches now use trunk mode
- channel-group 1 mode active remains configured
Question 139hardmultiple choice
Read the full NAT/PAT explanation →

A client can join a secure employee SSID, but traffic is consistently placed into a guest-style restricted path. Which area should be investigated first?

Question 140hardmultiple choice
Read the full wireless explanation →

A wireless client joins the correct SSID and gets an address in the correct employee subnet, but cannot reach only one internal application while everything else works. Which troubleshooting area is the strongest first target?

Question 141hardmultiple choice
Read the full DHCP explanation →

A client connects to an employee WLAN using 802.1X authentication. The authentication process completes successfully, but the client fails to obtain an IP address via DHCP. What is the most likely cause?

Exhibit

Client observations:
- Joined SSID: Corp-Employee
- Authentication: success
- Assigned IP: 10.90.200.44/24
Expected employee subnet: 10.90.10.0/24
Observed guest subnet: 10.90.200.0/24
Question 142hardmultiple choice
Read the full wireless explanation →

A network administrator has several access points. All APs except one have successfully joined the wireless controller. The administrator verifies the failing AP’s IP address, subnet mask, and controller IP address are correctly configured. What is the most likely reason the AP cannot join the controller?

Exhibit

Controller status:
- 14 APs joined successfully

AP-15 status:
- Power on: yes
- Ethernet link: up
- IP address: 10.60.15.44/24
- Default gateway configured: 10.60.14.1
- Controller management IP: 10.60.15.10
Question 143hardmultiple choice
Read the full network assurance explanation →

After a hub was connected to interface Gi0/10, the interface immediately entered errdisable state. The following syslog message was generated: '%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred on interface Gi0/10.' What is the strongest explanation for why Gi0/10 shut down?

Exhibit

interface GigabitEthernet0/10
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security violation shutdown

Event:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC addresses ... on port Gi0/10.
Question 144hardmultiple choice
Review the full subnetting walkthrough →

A user can connect to the employee SSID and receive the correct employee IP subnet, but access to one internal application fails only for that WLAN while wired users succeed. Which troubleshooting area is the strongest first focus?

Question 145hardmultiple choice
Read the full wireless explanation →

A user joins the employee SSID successfully and can browse internal resources, but VoIP over Wi-Fi calls fail only while roaming between floors. Which troubleshooting area is the strongest first focus?

Question 146hardmultiple choice
Read the full Switching and Network Access explanation →

Based on the exhibit, which action is most likely required to allow AP-22 to join the controller successfully?

Exhibit

AP-22 status:
- Ethernet link: up
- IP address: 10.75.22.18/24
- Default gateway: 10.75.21.1
- Controller: 10.75.22.5
- Other APs joined: yes
Question 147hardmultiple choice
Read the full Switching and Network Access explanation →

A network administrator notices that a switchport in access mode with PortFast enabled has transitioned to an err-disabled state. What is the most likely cause?

Exhibit

interface GigabitEthernet1/0/9
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

Event:
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on PortFast enabled port. Disabling interface.
Question 148mediummatching
Open the full VLAN trunking answer →

Match each wireless or edge-switch concept on the left to the description on the right that best fits it. Not all descriptions will be used.

Concepts: • SSID • CAPWAP • Voice VLAN • PortFast

Descriptions: A. Name of the wireless LAN shown to clients B. Communication relationship between lightweight APs and controller C. Separates phone traffic from ordinary data on an edge port D. Allows an endpoint-facing switchport to move quickly toward forwarding E. Delivers power to devices over Ethernet (PoE) F. Authenticates users before granting network access (802.1X) G. Aggregates multiple physical links for increased bandwidth (LACP/EtherChannel)

Question 149hardmultiple choice
Open the full VLAN trunking answer →

Users in VLAN 60 on switch SW2 cannot reach the default gateway located on switch SW1. The trunk between SW1 and SW2 is operational and allows VLAN 60. What is the most likely reason for this issue?

Exhibit

SW1# show vlan brief
60  Users-60     active

SW2# show vlan brief
10  Users-10     active
20  Users-20     active

SW2# show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       10,20,60
Question 150hardmultiple choice
Read the full Switching and Network Access explanation →

A user reports that the corporate SSID is visible and accepts the correct password, but the client always lands in a quarantined remediation network. Which troubleshooting area is strongest?

Question 151hardmultiple choice
Read the full Switching and Network Access explanation →

Exhibit: After a new switch was connected, the access-layer port went into err-disabled state immediately. Which feature most likely caused this?

Exhibit

Interface Gi1/0/12:
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
Status after connection: err-disabled
Question 152mediummultiple choice
Open the full VLAN trunking answer →

A switchport is configured as an access port for VLAN 20, but users connected to it cannot reach the default gateway. The switch shows the interface as up/up. Which switch misconfiguration is the most likely cause?

Question 153mediummultiple choice
Read the full EtherChannel explanation →

A two-switch EtherChannel bundle is configured with LACP. One side uses active mode on both member links, while the other side uses passive mode on both member links. What is the result?

Question 154hardmultiple choice
Open the full VLAN trunking answer →

Exhibit: A switch interface connected to an IP phone and PC is configured as an access port in VLAN 10. The PC works, but the phone does not register. What additional configuration is most likely needed?

Exhibit

Interface config:
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
Question 155hardmultiple choice
Open the full VLAN trunking answer →

Exhibit: Users on SW2 in VLAN 30 can reach local devices but not hosts in VLAN 30 on SW1. What is the most likely reason?

Exhibit

SW1 Gi0/1 trunk allowed vlan 10,20
SW2 Gi0/1 trunk allowed vlan 10,20
Both switches have VLAN 30 configured and access ports assigned correctly.
Question 156mediummultiple choice
Read the full Switching and Network Access explanation →

Exhibit: A switch port connected to an end host is stuck in a blocking state much longer than expected after a reboot. Which configuration change most directly speeds host access while still keeping loop protection elsewhere?

Question 157mediummultiple choice
Read the full wireless explanation →

Exhibit: A wireless client can see the SSID and associates successfully, but it never gets network access. Other users on the same SSID work. Which issue is the best fit?

Exhibit

Laptop status: Associated to CorpWiFi, signal strong
AP dashboard: client joined successfully
Client shows APIPA address 169.254.22.14
Question 158mediummultiple choice
Read the full EtherChannel explanation →

Two switches are connected with EtherChannel using LACP. One side is configured with mode active and the other side with mode passive. What happens?

Question 159hardmultiple choice
Open the full VLAN trunking answer →

Two switches are connected via an IEEE 802.1Q trunk. Hosts in VLAN 30 on opposite sides cannot communicate, yet hosts in VLAN 10 communicate normally. Both switches have VLAN 30 in their VLAN database, and the trunk link is operational. What is the most likely cause?

Exhibit

SW1 show interfaces trunk
Port Vlans allowed on trunk: 10,30

SW2 show interfaces trunk
Port Vlans allowed on trunk: 10
Question 160hardmultiple choice
Read the full Switching and Network Access explanation →

Exhibit: An access switch shows Gi1/0/10 as err-disabled shortly after an IP phone and a workstation are connected through the same wall jack. What is the most likely cause?

Exhibit

show port-security interface gi1/0/10
Port Status : secure-shutdown
Violation Mode : shutdown
Maximum MAC Addresses : 1
Total MAC Addresses : 2
Question 161mediummultiple choice
Read the full Switching and Network Access explanation →

Exhibit: A user reports intermittent connectivity after a new switch was connected to an access port. Which feature would have prevented this by immediately disabling the port when a BPDU was received?

Question 162hardmultiple choice
Read the full NAT/PAT explanation →

Exhibit: Clients can see the corporate SSID but fail authentication after entering valid usernames and passwords. Which issue is the best explanation?

Exhibit

WLAN security: WPA2-Enterprise
AP log: RADIUS server timeout
SSID is visible and clients associate, but login fails
Question 163mediummultiple choice
Read the full Switching and Network Access explanation →

Why is BPDU Guard commonly enabled on PortFast-enabled access ports?

Question 164hardmultiple choice
Read the full NAT/PAT explanation →

Exhibit: SW2 receives superior BPDUs on both uplinks. One uplink becomes the root port and the other becomes alternate. Which factor is considered first when SW2 chooses the root port?

Exhibit

SW2 uplink A root path cost = 4
SW2 uplink B root path cost = 19
Both links receive superior BPDUs
Question 165hardmultiple choice
Read the full EtherChannel explanation →

Exhibit: SW1 is configured for EtherChannel with LACP, but the bundle does not form. What is the most likely cause?

Exhibit

SW1: interface range g1/0/1-2
 channel-group 1 mode active
SW2: interface range g1/0/1-2
 channel-group 1 mode on
Question 166easymultiple choice
Open the full VLAN trunking answer →

Which VLAN is used by default for most switch ports on a new Cisco switch?

Question 167easymultiple choice
Read the full wireless explanation →

Which wireless design objective is achieved by using nonoverlapping channels in adjacent cells?

Question 168mediummultiple choice
Open the full VLAN trunking answer →

Two switches are connected by an 802.1Q trunk. Hosts in VLAN 30 cannot communicate across the link, but VLAN 10 works. What is the most likely cause?

Exhibit

SW1: switchport trunk allowed vlan 10,20,30
SW2: switchport trunk allowed vlan 10,20
Question 169easymultiple choice
Read the full NAT/PAT explanation →

A switchport should allow only one learned MAC address and shut down if a different device is connected later. Which port security violation mode and limit combination best fits that goal?

Question 170mediummultiple choice
Open the full VLAN trunking answer →

SW1 is the root bridge for VLAN 10. A user switch receives a BPDU on an access port connected to a desk-side unmanaged switch. What should happen if BPDU Guard is enabled on that port?

Exhibit

interface g1/0/24
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
Question 171mediummultiple choice
Read the full wireless explanation →

Exhibit: Users report that they can see the corporate SSID but fail authentication immediately after entering credentials. Guest wireless works on the same access point. Which issue is most likely?

Exhibit

WLAN Corp uses WPA2-Enterprise
WLAN Guest uses WPA2-PSK
AP joined to WLC successfully
Recent event: AAA server unreachable
Question 172hardmultiple choice
Open the full VLAN trunking answer →

A PC connected to SW1 cannot reach the default gateway. The access port is assigned to VLAN 20, and the switch output shows that VLAN 20 is inactive. What is the most likely cause?

Exhibit

show interfaces status
Gi1/0/10 connected 20 a-full a-100 10/100/1000BaseTX

show vlan brief
10 Users active
30 Voice active
20 inactive
Question 173mediummultiple choice
Read the full wireless explanation →

Exhibit: Users complain of slow wireless performance in a dense office even though signal strength is strong. Multiple APs are using channels 1, 2, and 3 on 2.4 GHz. Which change is most appropriate?

Exhibit

Current 2.4 GHz plan:
AP1 channel 1
AP2 channel 2
AP3 channel 3
Question 174hardmultiple choice
Read the full Switching and Network Access explanation →

Two switches are bundled with LACP, but only one physical link is forwarding traffic in the port-channel. What is the most likely reason?

Exhibit

SW1# show etherchannel summary
Group  Port-channel  Protocol    Ports
1      Po1(SU)         LACP      Gi1/0/1(P) Gi1/0/2(s)
Question 175mediummultiple choice
Open the full VLAN trunking answer →

After a switch replacement, users in VLAN 30 cannot reach devices in other VLANs. The replacement switch has a trunk link to the distribution switch that shows as up/up. What is the most likely cause?

Exhibit

SW1# show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi1/0/24    on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/24    10,20,40

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/24    10,20,40
Question 176mediummultiple choice
Open the full VLAN trunking answer →

A phone and a PC are attached to the same switchport. The intended data VLAN is VLAN 10, and the phone uses voice VLAN 20. The switchport currently has `switchport voice vlan 20` configured. The phone works, but the PC cannot reach the data network. Which command is most likely missing?

Exhibit

interface Gi1/0/7
 switchport mode access
 switchport voice vlan 20
 spanning-tree portfast
Question 177mediummulti select
Open the full STP breakdown →

Which two STP facts are correct? Choose two.

Question 178mediummatching
Open the full STP breakdown →

Match each STP or switch protection feature to the problem it is mainly designed to prevent.

Question 179mediummultiple choice
Read the full Switching and Network Access explanation →

A user says the phone connected to a switch port works, but the attached PC does not get network access. What is the most likely switch-side issue?

Exhibit

interface gi1/0/10
 switchport mode access
 switchport access vlan 999
 switchport voice vlan 20
 spanning-tree portfast
Question 180mediummultiple choice
Read the full EtherChannel explanation →

An administrator configures an EtherChannel between SW1 and SW2. The port-channel interfaces are physically up, but the EtherChannel bundle fails to come up. On SW1, the channel-group is set to mode active; on SW2, it is set to mode on. What is the most likely cause?

Exhibit

SW1# show etherchannel summary
Group  Port-channel  Protocol    Ports
1      Po1(SD)         LACP      Gi1/0/1(I) Gi1/0/2(I)

SW1 interface range gi1/0/1-2
 channel-group 1 mode active

SW2 interface range gi1/0/1-2
 channel-group 1 mode on
Question 181easymultiple choice
Open the full STP breakdown →

Which STP port state on a classic 802.1D switch listens for BPDUs and prepares to participate in the topology, but does not yet learn MAC addresses?

Question 182mediummulti select
Read the full Switching and Network Access explanation →

An engineer wants rapid transition to forwarding on end-user switchports while still protecting the topology from accidental switch connections. Which two STP-related features fit that design?

Question 183hardmulti select
Open the full VLAN trunking answer →

A trunk link between two switches is up, but hosts in VLAN 30 on opposite switches cannot communicate. VLAN 10 works across the same trunk. Which two causes are the most likely?

Exhibit

Switch A trunk allowed VLANs: 10,20,30
Switch B trunk allowed VLANs: 10,20
Question 184hardmulti select
Read the full EtherChannel explanation →

Two switches are connected with an EtherChannel using LACP. The bundle stays down and the physical interfaces show individual links, not a port-channel member state. Which two conditions must match on both sides for the channel to form successfully?

Exhibit

Switch A: channel-group 5 mode active
Switch B: channel-group 5 mode passive
Question 185mediummulti select
Read the full Switching and Network Access explanation →

A switch should learn one MAC address on an access port and shut the port down if a second unauthorized device appears. Which two port-security settings support that requirement?

Exhibit

Desired behavior:
- one known endpoint per port
- violation causes interface shutdown
Question 186hardmultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting connectivity between two hosts in different VLANs on the same switch. Host A in VLAN 10 (10.10.10.5/24) cannot ping Host B in VLAN 20 (10.10.20.5/24). The switch is configured as a router-on-a-stick with a trunk port to an external router. The trunk port is up/up, but inter-VLAN routing fails. What is the most likely cause?

Exhibit

SW1# show interfaces trunk

Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-4094

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,10,20

SW1# show running-config interface gi0/1
Building configuration...

Current configuration : 150 bytes
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport trunk native vlan 1
end

SW1# show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3
10   VLAN0010                         active    Gi0/4
20   VLAN0020                         active    Gi0/5
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Question 187mediummulti select
Open the full VLAN trunking answer →

Which TWO statements correctly describe the configuration and behavior of a router-on-a-stick setup for inter-VLAN routing?

Question 188mediummulti select
Open the full VLAN trunking answer →

Which TWO statements are true about configuring and verifying VLANs, 802.1Q trunking, native VLAN, and inter-VLAN routing with router-on-a-stick?

Question 189mediummatching
Open the full VLAN trunking answer →

Drag and drop the VLAN and trunking commands/concepts on the left to their correct descriptions on the right.

Question 190mediummatching
Open the full VLAN trunking answer →

Drag and drop the VLAN/trunking commands and terms on the left to their correct descriptions or functions on the right.

Question 191hardmultiple choice
Read the full DHCP explanation →

A network administrator has configured a switch port to support a VoIP phone and a desktop PC. Users report that the desktop PC cannot obtain an IP address via DHCP, while the VoIP phone registers successfully. The switch port is up/up, and the desktop is connected to the phone's PC port. What is the most likely cause of the issue?

Exhibit

interface GigabitEthernet1/0/24
 description VoIP and Desktop
 switchport mode access
 switchport access vlan 10
 switchport voice vlan 20
 spanning-tree portfast
!
Question 192mediummulti select
Open the full VLAN trunking answer →

Which TWO commands are required to configure a switch port to support both a desktop PC and a VoIP phone using voice VLAN?

Question 193mediummulti select
Read the full Switching and Network Access explanation →

Which TWO switch port configurations are required when connecting a Cisco IP phone and a desktop PC to a single access port?

Question 194mediummatching
Read the full Switching and Network Access explanation →

Drag and drop the port configuration commands/technologies on the left to their corresponding descriptions on the right.

Question 195hardmultiple choice
Open the full VLAN trunking answer →

A network administrator is troubleshooting connectivity issues in a switched network. Users on VLAN 10 report intermittent connectivity to the server farm. The network uses Rapid PVST+ as the spanning-tree protocol. The administrator examines the switch that is the root bridge for VLAN 10 and notices that one of the uplink interfaces to an access switch is in a blocking state. What is the most likely cause of this issue?

Exhibit

SwitchA# show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     0011.2233.4455
             This bridge is the root
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0011.2233.4455
             Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p
Gi0/3               Altn BLK 4         128.3    P2p
Question 196hardmultiple choice
Open the full VLAN trunking answer →

A network administrator is troubleshooting connectivity issues in a switched network. Hosts on VLAN 10 connected to SwitchC cannot reach the VLAN 10 gateway, which is connected to SwitchA. The administrator checks the STP status on SwitchC and sees that the port connecting to the root bridge is in a blocking state. The administrator also notices that the VLAN 10 gateway is reachable from SwitchA, but not from SwitchC. What is the most likely cause of this issue?

Exhibit

SwitchC# show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     0011.2233.4455
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    40968  (priority 40960 sys-id-ext 10)
             Address     00a1.b2c3.d4e5
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg LRN 4         128.1    P2p
Gi0/2               Root BLK 4         128.2    P2p
Question 197hardmultiple choice
Read the full Switching and Network Access explanation →

A network administrator is troubleshooting connectivity loss in a switched network. All switches run Rapid PVST+. A host connected to an access port on SwitchC can no longer reach the default gateway. The access port is configured with PortFast and BPDU Guard. The administrator checks the interface status and finds it in an err-disabled state. What is the most likely cause of this issue?

Exhibit

SwitchC# show interfaces status
Port      Name   Status       Vlan       Duplex Speed Type
Gi0/1            err-disabled 10         auto   auto 10/100/1000BaseTX
Gi0/2            connected    10         a-full a-100 10/100/1000BaseTX
Gi0/3            connected    1          a-full a-100 10/100/1000BaseTX

SwitchC# show interfaces gigabitEthernet 0/1
GigabitEthernet0/1 is down, line protocol is down (err-disabled)
  Hardware is Gigabit Ethernet, address is aaaa.bbbb.cccc (bia aaaa.bbbb.cccc)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

SwitchC# show errdisable recovery
ErrDisable Reason    Timer Status
-----------------    --------------
arp-inspection       Disabled
bpduguard            Enabled
channel-misconfig    Disabled
...

SwitchC# show spanning-tree vlan 10
VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     aaaa.bbbb.cccc
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     aaaa.bbbb.cccc
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/2               Desg FWD 4         128.2    P2p
Gi0/3               Desg FWD 4         128.3    P2p

SwitchC# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable
Question 198mediummulti select
Read the full Switching and Network Access explanation →

Which TWO statements correctly describe the behavior of Rapid PVST+ in a Layer 2 network?

Question 199mediummulti select
Open the full STP breakdown →

Which TWO of the following statements about Spanning Tree Protocol (STP) and Rapid PVST+ are true?

Question 200mediummatching
Read the full Switching and Network Access explanation →

Drag and drop the STP-related terms on the left to their correct descriptions on the right.

Question 201mediummatching
Read the full Switching and Network Access explanation →

Drag and drop the STP/Rapid PVST+ terms on the left to the correct descriptions on the right.

Question 202hardmultiple choice
Open the full VLAN trunking answer →

A network administrator notices that hosts in VLAN 10 cannot ping the default gateway (192.168.10.1). The switch's SVI for VLAN 10 is configured and the output of the show ip interface brief command shows its status as up/up. An embedded packet capture is configured. The exhibit shows ARP requests from a host to 192.168.10.1 but no ARP reply. Based on the exhibit, what is the most likely cause of the connectivity issue?

Exhibit

R1# show monitor capture CAP1 buffer brief
   #   size   timestamp        source             destination        protocol   src port   dst port   flags
   1   64     00:01:23.456     192.168.10.10      192.168.10.1       ICMP       0x0800     0x0800     0x4000
   2   64     00:01:23.457     192.168.10.1       192.168.10.10      ICMP       0x0800     0x0800     0x4000
   3   64     00:01:24.456     192.168.10.10      192.168.10.1       ICMP       0x0800     0x0800     0x4000
   4   64     00:01:24.457     192.168.10.1       192.168.10.10      ICMP       0x0800     0x0800     0x4000
   5   64     00:01:25.456     192.168.10.10      192.168.10.1       ICMP       0x0800     0x0800     0x4000
   6   64     00:01:25.457     192.168.10.1       192.168.10.10      ICMP       0x0800     0x0800     0x4000

R1# show running-config | section interface Vlan10
interface Vlan10
 ip address 192.168.10.1 255.255.255.0
 no shutdown
!
Question 203hardmultiple choice
Open the full VLAN trunking answer →

A network administrator is troubleshooting an issue where hosts on VLAN 10 cannot ping the default gateway at 192.168.10.1. The router (R1) has an SVI for VLAN 10 with IP 192.168.10.1/24. The administrator captures traffic on the router's G0/0/0 interface (trunk to the switch) and reviews the embedded packet capture output. What is the root cause of the problem?

Exhibit

R1# show monitor capture CAP1 buffer brief
   #   size   timestamp        source             destination        protocol
   1   64    00:01:23.456      192.168.10.10      192.168.10.1       ICMP
   2   64    00:01:23.789      192.168.10.10      192.168.10.1       ICMP
   3   60    00:01:24.123      192.168.10.1       192.168.10.10      ARP
   4   60    00:01:24.456      192.168.10.10      192.168.10.1       ICMP
   5   60    00:01:24.789      192.168.10.1       192.168.10.10      ARP
   6   60    00:01:25.123      192.168.10.10      192.168.10.1       ICMP

R1# show ip interface vlan 10
Vlan10 is up, line protocol is up
  Internet address is 192.168.10.1/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP CEF switching is enabled
  IP Null turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: None
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
Question 204mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting a connectivity issue between two hosts on different VLANs. The engineer captures traffic on an IOS-XE router's GigabitEthernet0/1 interface using embedded packet capture (EPC). The output shows ARP requests from Host A (192.168.1.10) but no ARP replies from Host B (192.168.2.20). What is the most likely cause of this issue?

Question 205mediummulti select
Read the full Switching and Network Access explanation →

Which TWO statements correctly describe aspects of interpreting packet capture output for Layer 2/3 troubleshooting using Wireshark or embedded packet capture on IOS-XE?

Question 206hardmultiple choice
Read the full Switching and Network Access explanation →

A network administrator has configured Rapid PVST+ on all switches and globally enabled BPDU Guard. After connecting a new access switch to an existing distribution switch, the distribution switch interface goes into err-disabled state. The new switch is configured with PortFast on its uplink port. What is the most likely cause of the err-disabled state?

Exhibit

SwitchA# show interfaces GigabitEthernet0/1 status
Port      Name   Status       Vlan   Duplex  Speed  Type
Gi0/1            err-disabled 1      auto    auto   10/100/1000BaseTX

SwitchA# show running-config interface GigabitEthernet0/1
Building configuration...
Current configuration : 150 bytes
!
interface GigabitEthernet0/1
 switchport mode trunk
 spanning-tree guard root
 spanning-tree bpduguard enable
end

SwitchA# show spanning-tree interface GigabitEthernet0/1 detail
Port 1 (GigabitEthernet0/1) of VLAN0001 is root blocking
  Port path cost 4, Port priority 128, Port Identifier 128.1.
  Designated root has priority 8193, address 0001.0001.0001
  Designated bridge has priority 32769, address aaaa.aaaa.aaaa
  Designated port id is 128.1, designated path cost 4
  Timers: message age 2, forward delay 15, hold 0
  Number of transitions to forwarding state: 1
  BPDU: sent 3, received 102
  The port is not in the portfast mode
  Root guard is enabled on the port
  BPDU guard is enabled on the port
Question 207hardmultiple choice
Read the full Switching and Network Access explanation →

A network engineer notices that a new switch, SW3, was connected to port GigabitEthernet0/1 on SW1, but the port immediately went into an err-disabled state. The network uses Rapid PVST+ with BPDU Guard enabled globally on all access ports. The engineer checks the logs and sees 'bpduguard error detected' messages. What is the most likely cause of the err-disabled state?

Exhibit

SW1# show interfaces gigabitEthernet 0/1 status

Port      Name   Status       Vlan       Duplex  Speed Type
Gi0/1            err-disabled 1          auto    auto  10/100/1000BaseTX

SW1# show running-config interface gigabitEthernet 0/1
Building configuration...

Current configuration : 109 bytes
!
interface GigabitEthernet0/1
 switchport mode access
 spanning-tree bpduguard enable
end

SW1# show spanning-tree interface gigabitEthernet 0/1 detail
 Port 1 (GigabitEthernet0/1) of VLAN0001 is broken (BPDU Guard)
   Port path cost 4, Port priority 128, Port Identifier 128.1.
   Designated root has priority 32768, address aaaa.bbbb.cccc
   Designated bridge has priority 32768, address aaaa.bbbb.cccc
   Designated port id is 128.1, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   BPDU: sent 0, received 3
Question 208hardmultiple choice
Open the full VLAN trunking answer →

A network administrator recently configured BPDU Guard on all access ports of a switch to protect against rogue switches. After the change, users in VLAN 10 report intermittent connectivity issues and frequent link flaps. The administrator checks the switch and notices that several ports are in an err-disabled state. What is the most likely cause of the problem?

Exhibit

SW1# show interfaces status 
Port      Name   Status       Vlan       Duplex Speed Type
Gi0/1            err-disabled 10         auto   auto  10/100/1000BaseTX
Gi0/2            err-disabled 10         auto   auto  10/100/1000BaseTX
Gi0/3            err-disabled 10         auto   auto  10/100/1000BaseTX
Gi0/4            err-disabled 10         auto   auto  10/100/1000BaseTX
Gi0/5            connected    trunk      auto   auto  10/100/1000BaseTX
Gi0/6            connected    1          auto   auto  10/100/1000BaseTX
Gi0/7            connected    1          auto   auto  10/100/1000BaseTX

SW1# show running-config interface gi0/1
Building configuration...

Current configuration : 83 bytes
!
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree bpduguard enable
end

SW1# show running-config | include bpduguard
spanning-tree portfast bpduguard default
Question 209hardmultiple choice
Open the full VLAN trunking answer →

A network engineer receives a call that users in VLAN 10 on Switch B cannot ping the default gateway, which is a router on a stick connected to Switch A. The engineer checks the Spanning Tree Protocol state on the interface connecting Switch A to Switch B (GigabitEthernet0/1) and finds it is in a root-inconsistent state. Which command output best explains the cause of the issue?

Exhibit

SwitchA# show spanning-tree interface gigabitEthernet 0/1 detail
 Port 1 (GigabitEthernet0/1) of VLAN0010 is root INCONSISTENT
   Port path cost 4, Port priority 128, Port Identifier 128.1.
   Designated root has priority 32768, address aaaa.bbbb.cccc
   Designated bridge has priority 32768, address aaaa.bbbb.cccc
   Designated port id is 128.1, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 0
   The port is not in the portfast mode
   Root guard is enabled on the port
   BPDU guard is disabled
   Loop guard is disabled
   Link type is point-to-point (auto)
   BPDU: sent 3, received 2
Question 210mediummulti select
Read the full Switching and Network Access explanation →

Which TWO of the following statements accurately describe the configuration and behavior of Root Guard, Loop Guard, and BPDU Guard in Rapid PVST+ environments?

Question 211mediummulti select
Read the full Switching and Network Access explanation →

Which TWO statements correctly describe the behavior of Root Guard, Loop Guard, and BPDU Guard in a Rapid PVST+ environment?

Question 212mediummatching
Read the full Switching and Network Access explanation →

Drag and drop the PortFast and BPDU protection commands on the left to the correct descriptions on the right.

Question 213hardmultiple choice
Open the full VLAN trunking answer →

Two switches are connected using four Gigabit Ethernet interfaces configured as an EtherChannel with LACP. The network administrator notices that only two of the four interfaces are active in the port-channel, and the other two are in a suspended state. Upon further investigation, the administrator finds that the two inactive interfaces correspond to remote interfaces that are configured with the 'on' mode, while the active ones correspond to remote interfaces configured with LACP active/passive. The administrator also verifies that all local interfaces have the same speed, duplex, and VLAN. What is the most likely cause of the suspended interfaces?

Network Topology
+SwitchA# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports
Question 214hardmultiple choice
Open the full VLAN trunking answer →

A network engineer configures an EtherChannel between two Cisco switches SW1 and SW2 using LACP. After configuration, hosts connected to SW1 report intermittent connectivity to hosts on SW2. The engineer checks the EtherChannel status and sees that the trunk is up but only allows VLAN 1, while the hosts communicate across VLANs 10 and 20. Which command should the engineer apply to both switches to resolve the issue?

Network Topology
+SW1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports
Question 215hardmultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting a connectivity issue between two switches, SW1 and SW2, which are connected via four GigabitEthernet links configured as an LACP EtherChannel. Hosts on VLAN 10 connected to SW1 can ping the management IP of SW2, but cannot reach hosts on VLAN 10 connected to SW2. The engineer runs a show command on SW1. What is the most likely cause of the problem?

Network Topology
+SW1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports
Question 216mediummulti select
Read the full EtherChannel explanation →

Which TWO statements correctly describe the configuration and verification of EtherChannel with LACP?

Question 217mediummulti select
Read the full EtherChannel explanation →

Which TWO statements correctly describe EtherChannel configuration and verification with LACP?

Question 218mediummatching
Read the full EtherChannel explanation →

Drag and drop the EtherChannel commands and concepts on the left to the correct descriptions on the right.

Question 219mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the steps into the recommended configuration order for setting up VLANs, assigning access ports, configuring 802.1Q trunking with a non-default native VLAN, and verifying the setup on a Cisco IOS-XE switch.

Question 220mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to create VLANs, assign access ports, configure 802.1Q trunks, set the native VLAN, and verify with 'show vlan brief' and 'show interfaces trunk'.

Question 221mediumdrag order
Open the full VLAN trunking answer →

Arrange the following steps in a valid configuration order. Note: VLANs must be created first, verification last. The access-port assignment and trunk configuration (steps B and C) can be performed in any order after VLAN creation.

Question 222mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order (recommended best-practice workflow) to configure VLANs, assign access ports, enable 802.1Q trunking, set the native VLAN, and verify the configuration on a Cisco switch running IOS-XE.

Question 223mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to configure VLANs, assign access ports, set up 802.1Q trunks with a native VLAN, and verify the configuration using show commands.

Question 224mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to configure VLANs, assign access ports, set up 802.1Q trunking with a native VLAN, and verify the configuration on a Cisco IOS-XE switch.

Question 225mediumdrag order
Open the full VLAN trunking answer →

You need to configure a new switch. According to Cisco’s recommended workflow, you should assign access ports to their VLANs before configuring trunk links to ensure that end devices are functional before inter-switch connectivity is tested. Drag and drop the following steps into the correct order to configure VLANs, assign access ports, set up 802.1Q trunking with a native VLAN, and verify the configuration on a Cisco switch running IOS-XE.

Question 226mediumdrag order
Open the full VLAN trunking answer →

A network engineer is configuring a new access switch that will connect to a distribution switch. The engineer must ensure that local hosts are placed in the correct VLANs before enabling trunking to the distribution switch to prevent VLAN mismatches and broadcast issues. Drag and drop the steps into the correct order.

Question 227mediummulti select
Open the full VLAN trunking answer →

Which TWO statements are true regarding VLAN configuration, 802.1Q trunking, and the native VLAN?

Question 228mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the recommended order to configure a switch port for a VoIP phone (voice VLAN + data VLAN), an AP trunk, and a PoE-powered IoT device.

Question 229mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to configure a switch port for a VoIP phone (voice VLAN + data VLAN), an AP trunk, and a PoE-powered IoT device.

Question 230mediummulti select
Open the full VLAN trunking answer →

Which TWO statements correctly describe the configuration and use of a voice VLAN on a Cisco switch port?

Question 231mediumdrag order
Read the full Switching and Network Access explanation →

Which of the following sequences correctly configures and verifies PortFast and BPDU Guard on a Cisco IOS-XE switch interface, and then recovers after a BPDU guard violation?

Question 232mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure RSTP and enable PortFast with BPDU Guard on a switch port, then verify the state transitions.

Question 233mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure and recover from a BPDU guard violation on a PortFast-enabled access port in RSTP.

Question 234mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure PortFast and BPDU Guard on a switch interface, then verify and recover after a BPDU guard error-disable event.

Question 235mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure and recover from a BPDU guard violation on a PortFast-enabled access port.

Question 236mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure PortFast and BPDU Guard on a switch access port, and then recover after a BPDU Guard error-disable event.

Question 237mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure and recover from a BPDU Guard violation on a PortFast-enabled access port using Cisco IOS-XE CLI commands.

Question 238mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure PortFast and BPDU Guard on a Cisco switch interface, then recover after a BPDU violation.

Question 239mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure PortFast and BPDU Guard on a Cisco switch interface, then recover from a BPDU guard violation.

Question 240mediummulti select
Read the full Switching and Network Access explanation →

Which TWO statements correctly describe the behavior of PortFast and BPDU Guard on a Cisco switch?

Question 241mediummatching
Open the full STP breakdown →

Drag and drop the STP port roles on the left to their descriptions on the right.

Question 242mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to capture and analyze traffic on IOS-XE using the embedded packet capture feature, then export the capture for analysis in Wireshark to isolate a Layer 2 or Layer 3 fault.

Question 243mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to capture and analyze traffic on IOS-XE using the embedded packet capture feature, and in Wireshark to isolate a Layer 2 or Layer 3 fault.

Question 244mediumdrag order
Read the full Switching and Network Access explanation →

A network troubleshooter is using Cisco IOS-XE's embedded packet capture feature to capture traffic on an interface and then analyze it in Wireshark to isolate a Layer 2 or Layer 3 fault. Which of the following sequences represents the correct order of steps?

Question 245mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to capture and analyze traffic on IOS-XE using the embedded packet capture feature, and in Wireshark to isolate a Layer 2 or Layer 3 fault.

Question 246mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to capture and analyze traffic on IOS-XE using the embedded packet capture feature, and in Wireshark to isolate a Layer 2 or Layer 3 fault.

Question 247mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to capture and analyze traffic on IOS-XE using the embedded packet capture feature, and in Wireshark to isolate a Layer 2 or Layer 3 fault.

Question 248mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to capture and analyze traffic on IOS-XE using the embedded packet capture feature, then export to Wireshark to isolate a Layer 2 or Layer 3 fault.

Question 249mediumdrag order
Read the full Switching and Network Access explanation →

What is the correct order of steps to capture and analyze traffic on IOS-XE using the embedded packet capture feature, and in Wireshark to isolate a Layer 2 or Layer 3 fault?

Question 250mediummulti select
Read the full Switching and Network Access explanation →

Which TWO statements accurately describe the use of packet capture tools for troubleshooting Layer 2/3 issues?

Question 251mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure Root Guard on designated ports, Loop Guard on non-designated ports, and BPDU Guard on PortFast ports, including the recovery steps when a port enters err-disabled.

Question 252mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure Root Guard on designated ports, Loop Guard on non-designated ports, and BPDU Guard on PortFast ports, and to recover a port that enters err-disabled due to a BPDU guard violation.

Question 253mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure Root Guard on designated ports, Loop Guard on non-designated ports, and BPDU Guard on PortFast ports, and then recover a port that enters err-disabled state.

Question 254harddrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure Root Guard on designated ports, Loop Guard on non-designated ports, and BPDU Guard on PortFast ports, including recovery steps when a port enters err-disabled.

Question 255mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure Root Guard on a designated port, Loop Guard on a non-designated port, and BPDU Guard on a PortFast port, along with the recovery steps when a port enters err-disabled state.

Question 256mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure Root Guard on designated ports, Loop Guard on non-designated ports, and BPDU Guard on PortFast ports, and then recover a port that enters err-disabled due to BPDU Guard.

Question 257mediummulti select
Read the full Switching and Network Access explanation →

Which TWO statements correctly describe the configuration and effect of Root Guard and BPDU Guard on a Cisco switch?

Question 258mediumdrag order
Read the full EtherChannel explanation →

Drag and drop the following steps into the correct order to configure an LACP EtherChannel on Cisco IOS-XE switches.

Question 259mediumdrag order
Read the full EtherChannel explanation →

Drag and drop the following steps into the correct order to configure an LACP EtherChannel on two Cisco switches using active mode.

Question 260mediumdrag order
Read the full EtherChannel explanation →

Drag and drop the following steps into the correct order to configure an LACP EtherChannel on two Cisco switches using active mode.

Question 261mediumdrag order
Read the full EtherChannel explanation →

Drag and drop the following steps into the correct order to configure an LACP EtherChannel on two Cisco switches.

Question 262mediumdrag order
Read the full EtherChannel explanation →

Drag and drop the following steps into the correct order to configure an LACP EtherChannel on two Cisco switches.

Question 263mediumdrag order
Read the full EtherChannel explanation →

Drag and drop the configuration steps into the correct order to configure an LACP EtherChannel on two Cisco switches using active mode negotiation.

Question 264mediummulti select
Read the full EtherChannel explanation →

Which THREE statements correctly describe the behavior of LACP modes in an EtherChannel configuration?

Question 265hardScenario
Open the full VLAN trunking answer →

You are connected to R1. The network has three departments: Sales (VLAN 10, 192.168.1.0/24), Engineering (VLAN 20, 192.168.2.0/24), and Management (VLAN 99, 192.168.99.0/24). A single switch SW1 connects to R1 via trunk interface G0/0. Subinterfaces for VLANs 10, 20, and 99 are already configured on R1 with correct encapsulation and IP addresses. However, inter-VLAN communication is failing. Troubleshoot and fix the configuration issue on R1 to enable routing between all VLANs.

Exhibit

R1#show running-config | section interface
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet0/0.99
 encapsulation dot1Q 99
 ip address 192.168.99.1 255.255.255.0
!
R1#show running-config | include ip routing
no ip routing
R1#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/0       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/0       1-1005

Port        Vlans allowed and active in management domain
Gi0/0       1,10,20,99

Port        Native VLAN tagging enabled
Gi0/0       yes
Question 266hardScenario
Open the full VLAN trunking answer →

You are connected to R1. Configure inter-VLAN routing on R1 using router-on-a-stick so that hosts in VLAN 10 (192.168.10.0/24) and VLAN 20 (192.168.20.0/24) can communicate. The switch SW1 is already configured with VLANs and trunking, but R1's current configuration prevents traffic. Identify and fix the issues.

Exhibit

R1#show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
L       192.168.10.1/32 is directly connected, GigabitEthernet0/0.10
     192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
L       192.168.20.1/32 is directly connected, GigabitEthernet0/0.20
R1#show interfaces trunk
Port        Mode             Encapsulation  Status        Native vlan
Gig0/0      on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gig0/0      1-1005

Port        Vlans allowed and active in management domain
Gig0/0      1

Port        Vlans in spanning tree forwarding state and not pruned
Gig0/0      1
Question 267hardScenario
Open the full VLAN trunking answer →

You are connected to R1. The network consists of R1, a router, and SW1, a Layer 2 switch. VLANs 10 (192.168.10.0/24) and 20 (192.168.20.0/24) are configured on SW1 with hosts in each VLAN. R1 must perform inter-VLAN routing using a router-on-a-stick configuration on interface G0/0. Currently, hosts in VLAN 10 cannot ping hosts in VLAN 20. Configure R1 and identify and resolve the issue.

Exhibit

R1# show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
C    192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
R1# show interfaces trunk
No trunks exist
R1#
Question 268hardScenario
Open the full VLAN trunking answer →

You are connected to R1. The network uses a router-on-a-stick design with a single switch (SW1) and two VLANs: VLAN 10 (10.0.10.0/24) and VLAN 20 (10.0.20.0/24). The current configuration has connectivity issues: PCs in VLAN 20 cannot ping the router interface or each other, and there is a native VLAN mismatch on the trunk. Configure R1 to correct the native VLAN mismatch, ensure the trunk allows both VLANs, enable inter-VLAN routing, and fix any subinterface encapsulation errors so that all PCs can reach the router and each other across VLANs.

Exhibit

R1#show running-config
Building configuration...

Current configuration : 1024 bytes
!
hostname R1
!
interface GigabitEthernet0/0
 no shutdown
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.0.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.0.20.1 255.255.255.0
!
interface GigabitEthernet0/0.99
 encapsulation dot1Q 99 native
 ip address 192.168.99.1 255.255.255.0
!
end

R1#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gig0/0.10   on           802.1q         trunking      1
Gig0/0.20   on           802.1q         trunking      1
Gig0/0.99   on           802.1q         trunking      99

Port        Vlans allowed on trunk
Gig0/0.10   1-1005
Gig0/0.20   1-1005
Gig0/0.99   1-1005

R1#show ip route
Codes: C - connected, S - static, I - IGP, R - RIP, ...

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
C       10.0.10.0/24 is directly connected, GigabitEthernet0/0.10
C       10.0.20.0/24 is directly connected, GigabitEthernet0/0.20
     192.168.99.0/24 is subnetted, 1 subnets
C       192.168.99.0/24 is directly connected, GigabitEthernet0/0.99

R1#show vlan brief
<no output — switch not R1>
Question 269hardScenario
Open the full VLAN trunking answer →

You are connected to R1. The network consists of R1, SW1, and two VLANs (10 and 20). SW1 has hosts in VLAN 10 and VLAN 20 connected to its access ports. Configure R1 for router-on-a-stick inter-VLAN routing using subinterfaces on G0/0. The physical interface G0/0 is administratively up (no shutdown). The current configuration is incomplete and has errors preventing communication between the VLANs. Fix the configuration so that hosts in VLAN 10 (192.168.10.0/24) and VLAN 20 (192.168.20.0/24) can ping each other through R1.

Exhibit

R1# show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
C    192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
Question 270hardScenario
Open the full VLAN trunking answer →

You are connected to R1. Configure router-on-a-stick inter-VLAN routing so that hosts in VLAN 10 and VLAN 20 can communicate through R1. The switch (not shown) is already configured with the correct VLANs and trunk. Troubleshoot and fix any issues in the current R1 configuration.

Exhibit

R1#show running-config | section interface
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 203.0.113.1 255.255.255.252
 duplex auto
 speed auto
!
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    203.0.113.0/30 is directly connected, GigabitEthernet0/1
L    203.0.113.1/32 is directly connected, GigabitEthernet0/1
Question 271hardScenario
Open the full VLAN trunking answer →

You are connected to R1. The network uses a router-on-a-stick design with a single switch (SW1) and two VLANs (10 and 20). Currently, hosts in VLAN 10 cannot ping hosts in VLAN 20, and the trunk between R1 and SW1 shows a native VLAN mismatch. Examine the provided configuration and output, then apply the necessary corrections to R1 so that inter-VLAN routing works correctly.

Exhibit

R1#show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 10
 ip address 192.168.20.1 255.255.255.0
!
R1#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gig0/0      on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gig0/0      1-1005

Port        Vlans allowed and active in management domain
Gig0/0      1,10,20

Port        Vlans in spanning tree forwarding state and not pruned
Gig0/0      1,10,20

R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
     192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
Question 272hardScenario
Open the full VLAN trunking answer →

You are connected to R1. Configure R1 and SW1 so that hosts in VLAN 10 (192.168.10.0/24) and VLAN 20 (192.168.20.0/24) can communicate via the router-on-a-stick setup. The current configuration has errors: the trunk port between SW1 and R1 has a native VLAN mismatch, VLAN 30 is not allowed on the trunk, and the subinterface encapsulation is incorrect. Correct these issues and enable inter-VLAN routing.

Exhibit

SW1#show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk native vlan 99
 switchport trunk allowed vlan 10,20
!

R1#show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
!

R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
L       192.168.10.1/32 is directly connected, GigabitEthernet0/0.10
     192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
L       192.168.20.1/32 is directly connected, GigabitEthernet0/0.20
     192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.30.0/24 is directly connected, GigabitEthernet0/0.30
L       192.168.30.1/32 is directly connected, GigabitEthernet0/0.30
Question 273hardScenario
Open the full VLAN trunking answer →

You are troubleshooting inter-VLAN routing on a router-on-a-stick setup. R1 is connected to SW1 via trunk port G0/0. VLANs 10, 20, and 30 exist on SW1, and R1 should route between them. Currently, hosts in VLAN 10 can communicate with VLAN 20 but cannot reach VLAN 30. Review the provided configuration and fix the issue.

Exhibit

R1#show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 100
 ip address 192.168.30.1 255.255.255.0
!
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
L    192.168.10.1/32 is directly connected, GigabitEthernet0/0.10
C    192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
L    192.168.20.1/32 is directly connected, GigabitEthernet0/0.20
C    192.168.30.0/24 is directly connected, GigabitEthernet0/0.30
L    192.168.30.1/32 is directly connected, GigabitEthernet0/0.30
SW1#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gig0/1      on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gig0/1      1-1005

Port        Vlans allowed and active in management domain
Gig0/1      1,10,20,30

Port        Vlans in spanning tree forwarding state and not pruned
Gig0/1      10,20,30
Question 274hardScenario
Open the full VLAN trunking answer →

You are connected to R1. The network consists of R1, SW1, and two hosts (Host-A on VLAN 10, Host-B on VLAN 20). SW1 has two access ports (one per VLAN) and a trunk to R1. Configure R1 for router-on-a-stick inter-VLAN routing. The current configuration has a native VLAN mismatch and a missing subinterface for VLAN 20. Fix these issues so that Host-A and Host-B can ping each other.

Exhibit

R1#show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
R1#show running-config | include ip routing
no ip routing
R1#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/0       on           802.1q         trunking      99

Port        Vlans allowed on trunk
Gi0/0       10,20

Port        Vlans allowed and active in management domain
Gi0/0       10
Question 275hardScenario
Open the full VLAN trunking answer →

You are connected to R1 via console. R1 is a router-on-a-stick connecting VLAN 10 and VLAN 20 on a single link to switch SW1. Currently, hosts in VLAN 10 cannot ping hosts in VLAN 20, and some VLAN 10 hosts report intermittent connectivity. Examine the provided configuration and output, then fix all issues to restore full inter-VLAN routing and stable trunk operation.

Exhibit

R1# show running-config | section interface
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 203.0.113.2 255.255.255.252
 duplex auto
 speed auto
!
router ospf 1
 network 203.0.113.0 0.0.0.3 area 0
!

SW1# show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gig0/1     on           802.1q         trunking      99

Port        Vlans allowed on trunk
Gig0/1     1-1005

Port        Vlans allowed and active in management domain
Gig0/1     10,20

SW1# show running-config | include vlan
vlan 10
vlan 20
vlan 99
Question 276hardScenario
Open the full VLAN trunking answer →

You are connected to R1. The network has two VLANs (10 and 20) on SW1, connected to R1 via a trunk. Currently, hosts in VLAN 10 cannot reach the router or each other across VLANs. Configure R1 with the correct subinterface encapsulation and IP addressing, and ensure the trunk on SW1 allows both VLANs. Also, fix any native VLAN mismatch on the trunk link. Which configuration steps will resolve the issues?

Exhibit

SW1#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-1005

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,10,20

R1#show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.10.20.1 255.255.255.0
!

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R1#
Question 277hardScenario
Open the full VLAN trunking answer →

You are connected to a multilayer switch SW1 via console. SW1 has an IP phone and an access point connected to interfaces GigabitEthernet0/1 and GigabitEthernet0/2 respectively. Configure the access ports so that the IP phone receives a voice VLAN (VLAN 110) and PoE priority critical, and the access point receives PoE priority high. Verify your configuration using show interfaces switchport and show power inline.

Exhibit

SW1#show running-config | section interface
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
!
interface GigabitEthernet0/2
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
Question 278hardScenario
Open the full VLAN trunking answer →

You are connected to a multilayer switch MLS1. Configure it so that IP phones connected to FastEthernet 0/1 and FastEthernet 0/2 use voice VLAN 20 and receive power via PoE. Additionally, FastEthernet 0/3 must be configured as an access port for a wireless access point (AP) on VLAN 30, with PoE enabled. Verify your configuration using 'show interfaces switchport' and 'show power inline'.

Exhibit

MLS1#show running-config | section interface
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 10
 no shutdown
!
interface FastEthernet0/2
 switchport mode access
 switchport access vlan 10
 no shutdown
!
interface FastEthernet0/3
 switchport mode access
 switchport access vlan 30
 no shutdown
!
interface GigabitEthernet0/1
 no switchport
 ip address 192.0.2.1 255.255.255.252
 no shutdown
!
MLS1#show interfaces switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative Private VLAN Host Association: none
Administrative Private VLAN Mapping: none
...
Name: Fa0/2
... (similar to Fa0/1)
...
Name: Fa0/3
... (similar to Fa0/1 but Access Mode VLAN: 30)
...
MLS1#show power inline
Module Available Used Remaining
 (Watts) (Watts) (Watts)
1        370      0      370

Interface Admin  Oper       Power   Device        Class Max
                            (Watts)
--------- ------ ---------- ------- ------------- ----- ---
Fa0/1     auto   off        0.0     n/a           n/a  15.4
Fa0/2     auto   off        0.0     n/a           n/a  15.4
Fa0/3     auto   off        0.0     n/a           n/a  15.4
Question 279hardScenario
Open the full VLAN trunking answer →

You are connected to the console of a Catalyst 2960+ switch named SW2. Configure the switch so that the IP phone connected to interface FastEthernet0/5 receives power via PoE and uses VLAN 150 for voice traffic, while the PC connected through the phone uses VLAN 50 for data. Additionally, the access point connected to interface FastEthernet0/10 must receive PoE and be placed in VLAN 100. Assume the interfaces are already correctly configured as access ports in VLAN 50 and VLAN 100, respectively. Verify your configuration using the appropriate show commands.

Exhibit

SW2#show running-config | section interface FastEthernet0/[5,10]
interface FastEthernet0/5
 switchport mode access
 switchport access vlan 50
!
interface FastEthernet0/10
 switchport mode access
 switchport access vlan 100
!
Question 280hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. This is a Layer 2 switch that connects multiple IP phones and an AP. The AP is on Gi0/3 and must receive PoE and be placed in VLAN 100 (native VLAN). IP phones on Gi0/1 and Gi0/2 must use VLAN 20 for voice and VLAN 10 for data, and must receive PoE. Currently, the AP cannot get an IP address and the phones have no voice connectivity. Configure SW1 to fix these issues.

Exhibit

SW1#show running-config | section interface
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet0/2
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet0/3
 switchport mode access
 switchport access vlan 100
!
interface GigabitEthernet0/0
 switchport mode trunk
 switchport trunk native vlan 100
!
Question 281hardScenario
Open the full VLAN trunking answer →

You are connected to a single switch, SW1, which is a Cisco Catalyst 2960 running Cisco IOS. Configure port GigabitEthernet0/1 as an access port for a Cisco IP phone and a PC on the same VLAN (Voice VLAN 20, Data VLAN 10). The switch must provide PoE to the phone. Additionally, configure GigabitEthernet0/2 as an access port for a wireless access point (AP) that requires PoE. Verify both configurations using the appropriate show commands. The current running-config is incomplete; you must add the necessary commands.

Exhibit

SW1#show running-config | section interface
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
!
interface GigabitEthernet0/2
 switchport mode access
 switchport access vlan 30
 spanning-tree portfast
!
interface GigabitEthernet0/3
 switchport mode trunk
!
...

SW1#show interfaces switchport
Name: Gi0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
...

SW1#show power inline
Module Available Used Remaining
 (Watts) (Watts) (Watts)
--------- --------- --------- ---------
1          370       0         370

Interface Admin  Oper       Power   Device              Class Max
            (Watts)
--------- ------ ---------- ------- ------------------- ----- ---
Gi0/1      auto   off        0.0    n/a                 n/a   30.0
Gi0/2      auto   off        0.0    n/a                 n/a   30.0
Question 282hardScenario
Open the full VLAN trunking answer →

You are connected to a Multilayer Switch MLS1. Configure the switch so that interface GigabitEthernet1/0/1 is an access port for VLAN 10, with voice VLAN 110 for an IP phone, and enable PoE. Additionally, interface GigabitEthernet1/0/2 must be an access port for VLAN 20 to connect an AP. Verify the configuration using 'show interfaces switchport' and 'show power inline'.

Exhibit

Current running-config (partial):
!
hostname MLS1
!
vlan 10
 name DATA
!
vlan 20
 name AP
!
vlan 110
 name VOICE
!
interface GigabitEthernet1/0/1
 description IP Phone Port
!
interface GigabitEthernet1/0/2
 description AP Port
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 no shutdown
!
line con 0
 logging synchronous
 exit
Question 283hardScenario
Open the full VLAN trunking answer →

You are connected to a multilayer switch MLS1 via the console. Configure MLS1 so that IP phones connected to interface GigabitEthernet0/1 receive power via PoE, use VLAN 10 for data traffic, and use VLAN 20 for voice traffic, while the access port for an AP on GigabitEthernet0/2 should be placed in VLAN 30 and have PoE disabled. Verify your configuration using appropriate show commands.

Exhibit

Current running-config (partial):
!
hostname MLS1
!
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 no shutdown
!
interface GigabitEthernet0/2
 switchport mode access
 switchport access vlan 10
 no shutdown
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 no shutdown
!
end
Question 284hardScenario
Open the full VLAN trunking answer →

You are connected to a multilayer switch MLS1. Configure FastEthernet0/1 as an access port for an IP phone and a PC, with voice VLAN 20 and data VLAN 10. Also enable PoE on the port. Then verify the configuration using 'show interfaces switchport' and 'show power inline'.

Exhibit

MLS1#show running-config interface FastEthernet0/1
Building configuration...

Current configuration : 93 bytes
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.10.1 255.255.255.0
 duplex auto
 speed auto
!
Question 285hardScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. The network uses Rapid-PVST+ and you need to ensure that SW1 becomes the root bridge for VLAN 10 and VLAN 20. Additionally, configure PortFast and BPDU Guard on interface GigabitEthernet0/1, which connects to a workstation. After configuration, the workstation is moved and the port goes err-disabled. Diagnose the cause and recover the port without reloading the switch.

Exhibit

SW1#show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     0001.0001.0001
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0001.0001.0001
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Desg FWD 4         128.1    P2p
Gi0/2            Desg FWD 4         128.2    P2p

SW1#show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable

SW1#show interfaces status err-disabled
Port         Name               Status       Reason
Gi0/1                           err-disabled bpduguard

SW1#show spanning-tree vlan 20

VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    32788
             Address     0002.0002.0002
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0002.0002.0002
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Desg FWD 4         128.1    P2p
Gi0/2            Desg FWD 4         128.2    P2p
Question 286hardScenario
Open the full VLAN trunking answer →

You are connected to a multilayer switch MLSW1. PortFast and BPDU Guard have already been enabled on interface GigabitEthernet0/1, which connects to an end device, and a BPDU received on that interface placed it in the err-disabled state. Configure Rapid PVST+ so that MLSW1 becomes the root bridge for VLAN 10 with a priority of 4096. Recover the interface by re-enabling it. Finally, verify which port is blocking on VLAN 10 by connecting to MLSW2 and executing the appropriate show command.

Exhibit

MLSW1# show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32768
             Address     0c75.15b6.0001
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768  (priority 32768 sys-id-ext 10)
             Address     0c75.15b6.0001
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p

MLSW1# show interfaces gigabitEthernet 0/1 status
Port      Name   Status       Vlan   Duplex Speed Type
Gi0/1            err-disabled 10     full   1000 10/100/1000BaseTX

MLSW1# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable
Question 287hardScenario
Read the full Switching and Network Access explanation →

You are connected to SW1. The network has experienced a spanning-tree topology change, and the new root bridge is not the intended core switch. Configure SW1 with a root primary priority, enable PortFast and BPDU Guard on interface GigabitEthernet0/3 (an edge port connected to a server), and verify that a specific port in the topology is blocking. Then, after a BPDU violation occurs on G0/3, recover the interface from err-disable state without reloading the switch.

Exhibit

SW1# show spanning-tree
  VLAN0001
    Spanning tree enabled protocol rstp
    Root ID    Priority    32769
               Address     0001.1111.1111
               This bridge is the root
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

    Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
               Address     0001.2222.2222
               Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Desg FWD 4         128.1    P2p
Gi0/1               Desg FWD 4         128.2    P2p
Gi0/2               Desg FWD 4         128.3    P2p
Gi0/3               Desg FWD 4         128.4    P2p Edge


SW1# show running-config interface GigabitEthernet0/3
Building configuration...

Current configuration : 60 bytes
!
interface GigabitEthernet0/3
 switchport mode access
end


SW1# show interfaces status err-disabled
Port         Name               Status       Reason
Gi0/3                           err-disabled bpduguard
Question 288hardScenario
Open the full VLAN trunking answer →

You are connected to a multilayer switch MLS1. The network has two other switches: SW2 and SW3. The interface GigabitEthernet0/1 already has PortFast and BPDU Guard enabled. Configure MLS1 as the root bridge for VLAN 10 and VLAN 20 using the root primary command. After configuration, verify that the interface is not in err-disabled state and that the root bridge role is correctly assigned.

Exhibit

MLS1# show running-config | include hostname|spanning-tree|interface GigabitEthernet0/1
hostname MLS1
!
spanning-tree mode rapid-pvst
!
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
MLS1# show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32769
             Address     aabb.cc00.0100
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     aabb.cc00.0100
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p Edge

MLS1# show interfaces gigabitEthernet 0/1 status
Port      Name   Status       Vlan       Duplex Speed Type
Gi0/1            connected    10         a-full a-100 10/100/1000BaseTX
Question 289hardScenario
Open the full VLAN trunking answer →

You are connected to R1, a multilayer switch running Rapid PVST+. The current root bridge for VLAN 10 has priority 24586 and for VLAN 20 has priority 24676. Configure R1 so that it becomes the root bridge for VLAN 10 and VLAN 20. Then enable PortFast and BPDU Guard on interface FastEthernet0/1, which connects to an access switch. Finally, diagnose why interface FastEthernet0/2 has entered an err-disabled state and recover it.

Exhibit

R1# show spanning-tree

VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    32769
             Address     0011.2233.4401
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0011.2233.4401
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Desg FWD 19        128.1    P2p
Fa0/2               Desg FWD 19        128.2    P2p

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    24586
             Address     0011.2233.4402
             Cost        19
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0011.2233.4401
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root FWD 19        128.1    P2p
Fa0/2               Altn BLK 19        128.2    P2p

VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    24676
             Address     0011.2233.4402
             Cost        19
             Port        1 (FastEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0011.2233.4401
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa0/1               Root FWD 19        128.1    P2p
Fa0/2               Altn BLK 19        128.2    P2p

R1# show interfaces fastEthernet 0/2
FastEthernet0/2 is down, line protocol is down (err-disabled)
  Hardware is Fast Ethernet, address is 0011.2233.4402 (bia 0011.2233.4402)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, 100Mb/s
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:08, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

R1# show running-config | section interface FastEthernet0/2
interface FastEthernet0/2
 switchport mode access
 switchport access vlan 10
 spanning-tree bpduguard enable
Question 290hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. The network has three switches (SW1, SW2, SW3) running Rapid-PVST+. SW1 should be the root bridge for VLAN 10. PortFast and BPDU Guard must be enabled on all edge ports connected to end hosts. An err-disabled port (G0/1) has occurred due to a BPDU violation on an edge port. Recover the port and ensure it is configured correctly to prevent recurrence.

Exhibit

SW1#show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     aabb.cc00.0100
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     aabb.cc00.0100
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Desg FWD 4         128.1    P2p
Gi0/1               Desg BLK 4         128.2    P2p Edge
Gi0/2               Desg FWD 4         128.3    P2p

SW1#show interfaces gigabitEthernet 0/1 status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1                        err-disabled 10         auto    auto  10/100/1000BaseTX

SW1#show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable
Question 291hardScenario
Read the full Switching and Network Access explanation →

You are connected to SW1 via the console. The network has three switches connected in a triangle: SW1 (G0/1 to SW2 G0/1), SW1 (G0/2 to SW3 G0/1), and SW2 (G0/2 to SW3 G0/2). SW1 is the root bridge. A PC is connected to SW3's G0/3 port, which should be an edge port. However, the PC has been sending BPDUs, causing the port to go err-disabled. Configure SW3 to prevent this in the future: enable PortFast and BPDU Guard on G0/3. Then, verify that the port recovers from err-disabled state and that a specific blocked port on SW2 is identified. Use the provided show output to determine the current state and necessary commands.

Exhibit

SW3# show interfaces status
Port      Name               Status       Vlan    Duplex  Speed Type
Gi0/1                        connected    1       a-full  a-1000 10/100/1000BaseTX
Gi0/2                        connected    1       a-full  a-1000 10/100/1000BaseTX
Gi0/3                        err-disabled 1       auto    auto   10/100/1000BaseTX

SW3# show spanning-tree
  VLAN0001
    Spanning tree enabled protocol ieee
    Root ID    Priority    24577
               Address     0001.1111.1111
               This bridge is the root
               Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

    Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
               Address     0001.1111.1111
               Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Desg FWD 4         128.1    P2p
Gi0/2            Desg FWD 4         128.2    P2p
Gi0/3            Desg BKN*4         128.3    P2p *PVID_Inc

SW2# show spanning-tree
  VLAN0001
    Spanning tree enabled protocol ieee
    Root ID    Priority    24577
               Address     0001.1111.1111
               This bridge is the root
               Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec

    Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
               Address     0002.2222.2222
               Hello Time  2 sec  Max Age 20 sec  Forward Delay 15 sec
               Aging Time  300 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Root FWD 4         128.1    P2p
Gi0/2            Altn BLK 4         128.2    P2p
Question 292hardScenario
Open the full VLAN trunking answer →

You are connected to switch SW1. The network uses Rapid-PVST+ and SW1 has been accidentally configured with a low spanning-tree priority, causing it to become the root bridge for VLAN 10 even though it should not be. Additionally, an edge port connected to a server is repeatedly receiving BPDUs, causing it to go into err-disabled state. Configure SW1 so that it is never the root bridge for VLAN 10, and configure the edge port so that it automatically recovers from err-disabled state after 300 seconds. Finally, verify that SW1 is not the root bridge for VLAN 10.

Exhibit

SW1# show running-config | section interface
interface GigabitEthernet0/0
 description Link to SW2
 switchport mode trunk
 spanning-tree vlan 10 priority 4096
!
interface GigabitEthernet0/1
 description Server Port
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
!
SW1# show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    4096
             Address     aabb.cc00.0100
             This bridge is the root
  Bridge ID  Priority    4096   (priority 4096 sys-id-ext 10)
             Address     aabb.cc00.0100
  Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- ------------------------------
Gi0/0               Desg FWD 4         128.1    P2p
Gi0/1               Desg FWD 4         128.2    P2p Edge

SW1# show interfaces status | include Gi0/1
Gi0/1               err-disabled  auto   auto  10/100/1000
Question 293hardScenario
Read the full Switching and Network Access explanation →

You are connected to a multilayer switch MLS1. The network has two other switches SW1 and SW2 forming a triangle topology. Currently, SW1 is the root bridge but it should be SW2. Additionally, configure PortFast and BPDU Guard on interface GigabitEthernet0/2 of MLS1, which connects to a host. Simulate a BPDU violation on that port and then recover the port from err-disabled state.

Exhibit

MLS1# show spanning-tree
VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    32769
             Address     0001.1111.1111
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0002.2222.2222
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Desg FWD 4         128.1    P2p
Gi0/1               Desg FWD 4         128.2    P2p
Gi0/2               Desg FWD 4         128.3    P2p Edge

MLS1# show interfaces gigabitEthernet 0/2 status
Port      Name   Status       Vlan   Duplex  Speed Type
Gi0/2            err-disabled 1       auto    auto  10/100/1000BaseTX

MLS1# show running-config | include spanning-tree
spanning-tree mode rapid-pvst
spanning-tree vlan 1 root primary

MLS1# show running-config interface gigabitEthernet 0/2
interface GigabitEthernet0/2
 spanning-tree portfast
 spanning-tree bpduguard enable
 shutdown
Question 294hardScenario
Open the full VLAN trunking answer →

You are connected to switch SW1 via console. The network uses Rapid-PVST+ and you need to ensure that SW1 becomes the root bridge for VLANs 10 and 20. Additionally, configure PortFast and BPDU Guard on interface GigabitEthernet0/2, which connects to an end host. Finally, diagnose why interface GigabitEthernet0/3 is in err-disabled state and bring it back operational.

Exhibit

SW1#show running-config | section vlan|spanning-tree|interface
vlan 10,20
spanning-tree mode rapid-pvst
spanning-tree vlan 10 priority 4096
spanning-tree vlan 20 priority 4096
!
interface GigabitEthernet0/1
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet0/3
 switchport mode access
 switchport access vlan 20
!
interface GigabitEthernet0/4
 switchport mode access
 switchport access vlan 10

SW1#show interfaces status | include err
Gi0/3                        err-disabled         auto    auto 10/100/1000

SW1#show spanning-tree vlan 10
  VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    4096
             Address      aaaa.bbbb.cccc
             This bridge is the root
  Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4096   (priority 4096 sys-id-ext 10)
             Address      aaaa.bbbb.cccc
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------ ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p
Gi0/4               Desg FWD 4         128.4    P2p

SW1#show spanning-tree vlan 20
  VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    4096
             Address      aaaa.bbbb.cccc
             This bridge is the root
  Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4096   (priority 4096 sys-id-ext 20)
             Address      aaaa.bbbb.cccc
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------ ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/3               Desg BLK 4         128.3    P2p
Question 295hardScenario
Open the full VLAN trunking answer →

You are connected to R1, a multilayer switch acting as the root bridge for VLAN 10. The network has experienced a loop, and interface GigabitEthernet0/1 on R1 is currently in err-disabled state due to a BPDU guard violation. Configure the switch to recover automatically from err-disable state after 300 seconds, then verify that the interface comes back up.

Exhibit

R1# show interfaces status
Port      Name   Status       Vlan    Duplex  Speed Type
Gi0/0            connected    routed    full   1000  SFP
Gi0/1            err-disabled 10       auto   auto  10/100/1000BaseTX
Gi0/2            notconnect   10       auto   auto  10/100/1000BaseTX
Gi0/3            connected    routed    full   1000  SFP

R1# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree bpduguard enable
 spanning-tree portfast

R1# show running-config | include errdisable

R1# show spanning-tree vlan 10
  VLAN0010
    Spanning tree enabled protocol rstp
    Root ID    Priority    24586
               Address     aaaa.bbbb.cccc
               This bridge is the root
    Bridge ID  Priority    24586  (priority 24576 sys-id-ext 10)
               Address     aaaa.bbbb.cccc
    Interface        Role Sts Cost      Prio.Nbr Type
    Gi0/1            Desg BKN*4         128.2    P2p *BPDU_Guard
    Gi0/2            Desg BLK 4         128.3    P2p

*BPDU_Guard: err-disabled
Question 296hardScenario
Open the full VLAN trunking answer →

You are connected to switch SW1. Configure Rapid-PVST+ so that SW1 becomes the root bridge for VLAN 10 and VLAN 20. On interface GigabitEthernet0/2, enable PortFast and BPDUGuard. Then, a BPDU is received on that port, causing err-disable. Diagnose the issue and recover the interface without rebooting the switch.

Exhibit

SW1# show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    32768
             Address     0011.2233.4455
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768
             Address     0011.2233.4455
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p

SW1# show running-config | include bpduguard
spanning-tree portfast bpduguard default

SW1# show interfaces gigabitethernet 0/2
GigabitEthernet0/2 is down, line protocol is down (err-disabled)
  Hardware is Gigabit Ethernet, address is 0011.2233.4456
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex,  Auto-speed
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

SW1# show errdisable recovery
ErrDisable Reason    Timer Status
----------------    --------------
bpduguard           Enabled

SW1# show spanning-tree vlan 20
VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    32778
             Address     0055.6677.8899
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778
             Address     0055.6677.8899
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p
Gi0/2               Desg FWD 4         128.2    P2p
Question 297hardScenario
Read the full NAT/PAT explanation →

You are connected to R1, a Catalyst 3650 multilayer switch running IOS-XE. Configure Root Guard on all designated ports, Loop Guard on uplink interfaces, and BPDU Guard on all PortFast-enabled ports. Troubleshoot the current issue: one port is receiving a superior BPDU and is being blocked by Root Guard, and a different PortFast port has gone err-disabled after BPDU Guard triggered. Verify that Root Guard is active on port Gi1/0/1, Loop Guard is active on Gi1/0/2, and BPDU Guard is enabled on Gi1/0/3.

Exhibit

R1#show running-config | section interface
interface GigabitEthernet1/0/1
 description Link to R2
 switchport mode access
 spanning-tree guard root
!
interface GigabitEthernet1/0/2
 description Uplink to Core
 switchport mode trunk
 spanning-tree guard loop
!
interface GigabitEthernet1/0/3
 description Access Port
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
R1#show spanning-tree interface Gi1/0/1 detail
Port 1 (GigabitEthernet1/0/1) of VLAN0001 is root blocking
  Port path cost 4, Port priority 128, Port Identifier 128.1.
  Designated root has priority 0, address aaaa.bbbb.cccc
  Designated bridge has priority 4096, address aaaa.bbbb.cccc
  Designated port id is 128.1, designated path cost 0
  Timers: message age 2, forward delay 15, hold 0
  Number of transitions to forwarding state: 0
  BPDU: sent 0, received 10
  Root guard is enabled, but port is root inconsistent
R1#show spanning-tree interface Gi1/0/2 detail
Port 2 (GigabitEthernet1/0/2) of VLAN0001 is alternate blocking
  Port path cost 4, Port priority 128, Port Identifier 128.2.
  Designated root has priority 0, address aaaa.bbbb.cccc
  Designated bridge has priority 0, address aaaa.bbbb.cccc
  Designated port id is 128.2, designated path cost 0
  Timers: message age 2, forward delay 15, hold 0
  Number of transitions to forwarding state: 0
  BPDU: sent 0, received 10
  Loop guard is enabled, but port is loop-inconsistent
R1#show interfaces Gi1/0/3 status
Port      Name   Status       Vlan    Duplex  Speed Type
Gi1/0/3         err-disabled 1       auto    auto  10/100/1000BaseTX
Question 298hardScenario
Read the full NAT/PAT explanation →

You are connected to R1, a multilayer switch with three directly connected switches. Configure Root Guard on the designated port to prevent an unauthorized switch from becoming root. Configure Loop Guard on the uplink to protect against unidirectional links. Configure BPDU Guard on all PortFast-enabled ports. Troubleshoot the scenario where a port receives a superior BPDU and is blocked by Root Guard, and another port goes err-disabled after BPDU Guard triggers.

Exhibit

R1# show running-config | section interface
interface GigabitEthernet0/0
 description Uplink to R2
 no switchport
 ip address 10.0.0.1 255.255.255.252
!
interface GigabitEthernet0/1
 description Access port to SwitchA
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/2
 description Uplink to SwitchB
 switchport mode trunk
!
interface GigabitEthernet0/3
 description Access port to SwitchC
 switchport mode access
 spanning-tree portfast
!

R1# show spanning-tree
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     0000.0c12.3456
             This bridge is the root
  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     0000.0c12.3456
  Interface        Role Sts Cost      Prio.Nbr Type
  ---------------- ---- --- --------- -------- --------------------------------
  Gi0/1            Desg FWD 4         128.2    P2p Edge
  Gi0/2            Desg FWD 4         128.3    P2p
  Gi0/3            Desg FWD 4         128.4    P2p Edge
Question 299hardScenario
Open the full VLAN trunking answer →

You are connected to R1, a multilayer switch acting as the STP root for VLAN 10. Configure Root Guard on port GigabitEthernet0/1 (designated port) to protect against superior BPDUs from an unauthorized switch, Loop Guard on uplink GigabitEthernet0/2 to prevent loops, and BPDU Guard on PortFast-enabled GigabitEthernet0/3. After configuration, a superior BPDU arrives on G0/1, blocking the port; verify the Root Guard state and ensure BPDU Guard triggers err-disable on G0/3.

Exhibit

R1# show running-config | section interface
interface GigabitEthernet0/0
 description Management
 ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/1
 description Link to Access Switch
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
!
interface GigabitEthernet0/2
 description Uplink to Core
 switchport mode trunk
!
interface GigabitEthernet0/3
 description End-Device Port
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
!
interface Vlan10
 ip address 10.0.0.1 255.255.255.0
!
Question 300hardScenario
Open the full STP breakdown →

You are connected to R1, a multilayer switch acting as the STP root bridge. Configure Root Guard on the designated port toward R2 (G0/1), Loop Guard on the uplink port G0/2, and BPDU Guard on PortFast-enabled access port G0/3. After configuration, a superior BPDU is received on G0/1, causing it to be blocked by Root Guard; later, an unauthorized BPDU on G0/3 triggers err-disable. Troubleshoot and verify the expected port states.

Exhibit

R1# show running-config | section interface
interface GigabitEthernet0/0
 no switchport
 ip address 192.0.2.1 255.255.255.252
!
interface GigabitEthernet0/1
 switchport mode trunk
 spanning-tree guard root
!
interface GigabitEthernet0/2
 switchport mode trunk
 spanning-tree loopguard default
!
interface GigabitEthernet0/3
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
R1# show spanning-tree root
 VLAN0001
  Root ID    Priority    32769
             Address     0001.1111.1111
             This bridge is the root
R1# show interfaces status | include err-disabled
GigabitEthernet0/3    err-disabled
Question 301hardScenario
Open the full VLAN trunking answer →

You are connected to R1, a multilayer switch acting as the STP root for VLAN 10. Configure Root Guard on the designated port facing a downstream switch to prevent a rogue switch from becoming root. Also, enable Loop Guard on the uplink port to prevent STP loops, and configure BPDU Guard on a PortFast-enabled access port. Ensure that if a superior BPDU is received on the Root Guard port, it is blocked, and if a BPDU is received on the BPDU Guard port, it goes err-disabled.

Exhibit

R1#show running-config | section interface
interface GigabitEthernet0/0
 description Uplink to R2
 switchport mode trunk
 spanning-tree guard loop
!
interface GigabitEthernet0/1
 description Downstream to SW2
 switchport mode access
 switchport access vlan 10
 spanning-tree guard root
!
interface GigabitEthernet0/2
 description Access port for PC
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable
!
Question 302hardScenario
Read the full Switching and Network Access explanation →

You are connected to a multilayer switch MLS1. Configure Root Guard on switchport GigabitEthernet 0/1 (connected to an unauthorized switch) so that if a superior BPDU is received, the port is blocked instead of causing a topology change. Also enable Loop Guard on uplink GigabitEthernet 0/2 (connected to the root bridge) to prevent unidirectional link issues. Finally, enable BPDU Guard on PortFast-enabled access port GigabitEthernet 0/3 (connected to a host) so that if a BPDU is received, the port goes err-disabled. After configuration, a superior BPDU is received on G0/1 and the port is blocked; a BPDU is received on G0/3 and the port goes err-disabled. Verify these protections are active.

Exhibit

MLS1# show running-config | include interface|spanning-tree|portfast|rootguard|loopguard|bpduguard
interface GigabitEthernet0/1
 spanning-tree guard root
interface GigabitEthernet0/2
 spanning-tree guard loop
interface GigabitEthernet0/3
 spanning-tree portfast
 spanning-tree bpduguard enable
! Current state:
MLS1# show spanning-tree interface gigabitEthernet 0/1 detail
Port 1 (GigabitEthernet0/1) of VLAN0001 is root inconsistent (Root Guard)
  Designated bridge has priority 4096, address 0050.7966.6800
  Configured guard type: root
  Root guard active
MLS1# show spanning-tree interface gigabitEthernet 0/3 detail
Port 3 (GigabitEthernet0/3) of VLAN0001 is down (err-disabled)
  BPDU guard enabled
  BPDU received, moving to errdisable state
Question 303hardScenario
Open the full VLAN trunking answer →

You are connected to R1, a multilayer switch acting as the STP root for VLAN 10. Configure Root Guard on port GigabitEthernet0/1 (designated port) to protect against superior BPDUs from an unauthorized switch, Loop Guard on uplink GigabitEthernet0/2 to prevent forwarding loops on unidirectional links, and BPDU Guard on PortFast-enabled GigabitEthernet0/3 to shut down the port if a BPDU is received. After configuration, troubleshoot the scenario: a superior BPDU is received on G0/1, causing it to be blocked by Root Guard, and an unauthorized switch sends a BPDU to G0/3, placing it in err-disable state. Verify the final configuration and state.

Exhibit

R1#show running-config interface gigabitEthernet0/1
Building configuration...

Current configuration : 133 bytes
!
interface GigabitEthernet0/1
 description Link to Access Switch
 switchport mode access
 switchport access vlan 10
 spanning-tree guard root
end

R1#show running-config interface gigabitEthernet0/2
Building configuration...

Current configuration : 115 bytes
!
interface GigabitEthernet0/2
 description Uplink to Core
 switchport mode trunk
 spanning-tree guard loop
end

R1#show running-config interface gigabitEthernet0/3
Building configuration...

Current configuration : 127 bytes
!
interface GigabitEthernet0/3
 description Server Port
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
 spanning-tree bpduguard enable
end

R1#show spanning-tree interface gigabitEthernet0/1 detail
 Port 1 (GigabitEthernet0/1) of VLAN0010 is root guard blocked
   Port path cost 4, Port priority 128, Port Identifier 128.1.
   Designated root has priority 24576, address 0011.2233.4455
   Designated bridge has priority 24576, address 0011.2233.4455
   Designated port id is 128.1, designated path cost 0
   Timers: message age 2, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   BPDU: sent 1, received 5

R1#show interfaces gigabitEthernet0/3 status
Port      Name               Status       Vlan    Duplex Speed Type
Gi0/3     Server Port        err-disabled 10      auto   auto  10/100/1000BaseTX

R1#show spanning-tree vlan 10
  VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    24576
             Address     0011.2233.4455
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24576  (priority 24576 sys-id-ext 10)
             Address     0011.2233.4455
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desi BLK*4        128.1    P2p *ROOT_Guard
Gi0/2               Desi FWD 4        128.2    P2p *LOOP_Guard
Gi0/3               Desi BLK 4        128.3    P2p *BPDU_Guard
Question 304hardScenario
Read the full NAT/PAT explanation →

You are connected to the multilayer switch SW1. Configure Root Guard on the designated port towards the access switch SW2, Loop Guard on the uplink port towards the distribution switch SW3, and BPDU Guard on the PortFast-enabled port connected to a workstation. After configuration, a superior BPDU is received on the designated port, causing it to be blocked by Root Guard. Later, a BPDU is received on the PortFast port, triggering err-disable state. Identify and resolve these issues.

Exhibit

SW1# show spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address      aaaa.bbbb.cccc
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address      aaaa.bbbb.cccc
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time   20 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/0            Desg FWD 4         128.1    P2p
Gi0/1            Desg FWD 4         128.2    P2p
Gi0/2            Desg FWD 4         128.3    P2p Edge

SW1# show running-config | section interface
interface GigabitEthernet0/0
 description to SW2
 switchport mode access
 spanning-tree guard root
!
interface GigabitEthernet0/1
 description to SW3
 switchport mode trunk
 spanning-tree guard loop
!
interface GigabitEthernet0/2
 description to Workstation
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
Question 305hardScenario
Open the full VLAN trunking answer →

You are securing the spanning-tree topology on R1, the root bridge for VLAN 10. Intended configurations: Root Guard on GigabitEthernet1/0/3, Loop Guard on gigabit interfaces 1/0/1 and 1/0/2, and BPDU Guard on all PortFast-enabled interfaces. After initial configuration, a superior BPDU on G1/0/3 blocks the port (expected), and a host on G1/0/5 triggers BPDU Guard, causing err-disable (expected). However, you realize Loop Guard was not applied to the uplinks. Troubleshoot and apply the missing configuration.

Exhibit

R1#show running-config | section interface
interface GigabitEthernet1/0/1
 description Uplink to Core
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 description Uplink to Core
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 description Potential Root Port
 switchport access vlan 10
 switchport mode access
 spanning-tree guard root
!
interface GigabitEthernet1/0/4
 description Server
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 description Desktop
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface Vlan10
 ip address 192.168.10.1 255.255.255.0
!
R1#show spanning-tree vlan 10
VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    4097
             Address     0011.2233.4455
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)
             Address     0011.2233.4455
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1          Desg FWD 4         128.1    Shr
Gi1/0/2          Desg FWD 4         128.2    Shr
Gi1/0/3          Desg BKN*4         128.3    Shr  *ROOT_Guard
Gi1/0/4          Desg FWD 4         128.4    Shr  Edge
Gi1/0/5          Desg FWD 4         128.5    Shr  Edge

R1#show interfaces status | include err-disabled
Gi1/0/5           err-disabled   auto   auto  10/100/1000
Question 306hardScenario
Read the full NAT/PAT explanation →

You are connected to a multilayer switch MLS1. Configure Root Guard on the designated port facing another switch SW2 to prevent it from becoming root, configure Loop Guard on the uplink port to the core, and configure BPDU Guard on a PortFast-enabled access port. After configuration, a superior BPDU arrives on the designated port—confirm it is blocked by Root Guard. Then, simulate a BPDU on the access port to verify it goes err-disabled due to BPDU Guard.

Exhibit

MLS1# show spanning-tree

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address      aabb.cc00.0100
             This bridge is the root

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address      aabb.cc00.0100

  Interface        Role Sts Cost      Prio.Nbr Type
  ------------------- --- --- --------- -------- --------------------------------
  Gi0/0             Desg FWD 4         128.1    P2p
  Gi0/1             Desg FWD 4         128.2    P2p
  Gi0/2             Desg FWD 4         128.3    P2p

Gi0/2 is connected to SW2. Gi0/1 is uplink to core. Gi0/0 is access port with PortFast enabled.

MLS1# show running-config | section interface
interface GigabitEthernet0/0
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/1
 switchport mode trunk
!
interface GigabitEthernet0/2
 switchport mode trunk
!
Question 307hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. Two switches, SW1 and SW2, are connected via four GigabitEthernet links. Configure LACP EtherChannel between them using interfaces GigabitEthernet0/1 through GigabitEthernet0/4 on SW1. Set the channel-group mode to active on SW1. The port-channel interface must be configured as a trunk, allowing VLANs 10, 20, 30. However, the EtherChannel is not forming. The current configuration is shown below. Identify and fix the issue, then verify the EtherChannel is operational.

Network Topology
+interface GigabitEthernet0/1switchport mode trunkswitchport trunk allowed vlan 10,20,30channel-group 1 mode activeinterface GigabitEthernet0/2interface GigabitEthernet0/3interface GigabitEthernet0/4interface Port-channel1no switchportip address 192.168.1.1 255.255.255.0SW1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports
Question 308hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. Configure an LACP EtherChannel between SW1 and SW2 using ports GigabitEthernet0/1 and GigabitEthernet0/2. Set the channel-group mode to active on both sides. The port-channel interface should be configured as a trunk allowing VLANs 10, 20, and 30. Initially, the EtherChannel fails to form due to mismatched speed/duplex on one link. Identify and correct the issue, then verify the channel is up and operational.

Network Topology
+interface GigabitEthernet0/1switchport mode trunkswitchport trunk allowed vlan 10,20,30speed 1000duplex fullchannel-group 1 mode activeinterface GigabitEthernet0/2speed 100duplex halfinterface Port-channel1SW1#show etherchannel summaryH - Hot-standby (LACP only)Number of aggregators: 1Group Port-channel Protocol Ports1 Po1(SD) LACP Gi0/1(I) Gi0/2(I)
Question 309hardScenario
Open the full VLAN trunking answer →

You are connected to Switch1. Configure an LACP EtherChannel between Switch1 and Switch2 using interfaces GigabitEthernet0/1 and GigabitEthernet0/2. The channel must be in active mode on both sides, and the port-channel interface must have VLAN 10 as the access VLAN. The current configuration has a speed/duplex mismatch and inconsistent VLAN assignments preventing the channel from forming. Verify the channel is up using 'show etherchannel summary'.

Network Topology
+interface GigabitEthernet0/1switchport mode accessswitchport access vlan 10speed 100duplex halfchannel-group 1 mode passiveinterface GigabitEthernet0/2switchport access vlan 20speed 1000duplex fullinterface Port-channel1switchport access vlan 1Switch1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SD) LACP Gi0/1(I) Gi0/2(I)
Question 310hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. Configure an LACP EtherChannel between SW1 and SW2 using interfaces GigabitEthernet0/1 and GigabitEthernet0/2. The port-channel interface must be configured as a trunk allowing VLANs 10, 20, and 30. Currently, the channel is not forming due to a mismatch in speed/duplex and VLAN configuration on SW2. Troubleshoot and resolve the issue so that the EtherChannel comes up as a Layer 2 trunk.

Network Topology
+SW1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default configurationNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SU) LACP Gi0/1(D) Gi0/2(D)SW1# show running-config interface port-channel1Building configuration...Current configuration : 78 bytesinterface Port-channel1switchport mode trunkswitchport trunk allowed vlan 10,20,30endSW1# show running-config interface gigabitEthernet0/1Current configuration : 143 bytesinterface GigabitEthernet0/1channel-group 1 mode activespeed 1000duplex fullSW1# show running-config interface gigabitEthernet0/2interface GigabitEthernet0/2SW2# show running-config interface gigabitEthernet0/1Current configuration : 130 bytesswitchport trunk allowed vlan 10,20channel-group 1 mode passivespeed 100duplex halfSW2# show running-config interface gigabitEthernet0/2
Question 311hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. The current configurations of interfaces GigabitEthernet0/1 and GigabitEthernet0/2 are as follows:

Gi0/1: speed 100, duplex half, switchport access vlan 10 Gi0/2: speed 1000, duplex full, switchport access vlan 20

The port-channel interface 1 does not exist. Configure a LACP EtherChannel between SW1 and SW2 using these two interfaces, with port-channel 1 and mode active on both sides. Ensure the channel forms by resolving any speed/duplex or VLAN mismatches. After configuration, verify with 'show etherchannel summary'.

Exhibit

SW1# show running-config | section interface
!
interface GigabitEthernet0/1
 duplex half
 speed 100
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet0/2
 duplex full
 speed 1000
 switchport mode access
 switchport access vlan 20
!
interface Port-channel1
 no ip address
 switchport mode access
 switchport access vlan 10
!

SW2# show running-config | section interface
!
interface GigabitEthernet0/1
 duplex half
 speed 100
 switchport mode access
 switchport access vlan 10
!
interface GigabitEthernet0/2
 duplex full
 speed 1000
 switchport mode access
 switchport access vlan 20
!
interface Port-channel1
 no ip address
 switchport mode access
 switchport access vlan 10
!
Question 312hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. A LACP EtherChannel between SW1 and SW2 has already been configured using interfaces GigabitEthernet0/1 and GigabitEthernet0/2 with channel-group 1 mode active on both sides and assigned to VLAN 100. However, the channel is not forming because of a speed/duplex mismatch. The correct interface settings for this network are speed 1000 and duplex full. Interface GigabitEthernet0/1 is already configured with these settings. Only interface GigabitEthernet0/2 needs to be corrected. Identify the configuration change needed to resolve the mismatch and verify the EtherChannel is up with 'show etherchannel summary'.

Network Topology
+SW1#show running-config | section interfaceinterface GigabitEthernet0/1switchport mode accessswitchport access vlan 100speed 1000duplex fullchannel-group 1 mode activeinterface GigabitEthernet0/2speed 100duplex halfinterface Port-channel1SW1#show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SU) LACP Gi0/1(D) Gi0/2(D)
Question 313hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. Configure an LACP EtherChannel between SW1 and SW2 using interfaces GigabitEthernet0/1 and GigabitEthernet0/2. Set the channel-group mode to active on both switches. Verify that the port-channel interface is configured with VLAN 100 as an access port. Then, troubleshoot and fix the issue that prevents the EtherChannel from forming due to a mismatched speed on one of the member links. After correction, verify the EtherChannel is up with 'show etherchannel summary'.

Network Topology
+interface GigabitEthernet0/1switchport mode accessswitchport access vlan 100speed 1000duplex fullchannel-group 1 mode activeinterface GigabitEthernet0/2interface Port-channel1SW1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SD) LACP Gi0/1(P) Gi0/2(D)Full-duplex, 1000Mb/s
Question 314hardScenario
Read the full EtherChannel explanation →

You are connected to SW1. An EtherChannel between SW1 and SW2 using LACP must be established on interfaces GigabitEthernet0/1 and GigabitEthernet0/2. Currently, the channel is not forming. Inspect the provided configuration and output, then apply the necessary commands on SW1 to resolve the issue and bring up the Port-Channel interface.

Network Topology
+interface GigabitEthernet0/1switchport mode trunkchannel-group 1 mode activeinterface GigabitEthernet0/2interface Port-channel1SW1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SD) LACP Gi0/1(I) Gi0/2(I)channel-group 1 mode passive
Question 315hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. The current configuration on SW1 is: interfaces GigabitEthernet0/1 and GigabitEthernet0/2 are set to channel-group mode passive; Gi0/1 has speed 100, duplex half, and access VLAN 20; Gi0/2 has speed 1000, duplex full, and access VLAN 10. You need to form an LACP EtherChannel between SW1 and SW2. Ensure the channel forms by setting the channel-group mode to active on SW1's member ports. Also correct the speed/duplex mismatch and VLAN mismatch so that the port-channel interface is in the up/up state. Finally, verify the EtherChannel summary shows the channel as a Layer 2 bundle in use.

Network Topology
+interface GigabitEthernet0/1switchport mode accessswitchport access vlan 10speed 100duplex halfchannel-group 1 mode passiveinterface GigabitEthernet0/2switchport access vlan 20speed 1000duplex fullinterface Port-channel1no shutdownSW1# show etherchannel summaryH - Hot-standby (LACP only)Number of aggregators: 1Group Port-channel Protocol Ports1 Po1(SD) LACP Gi0/1(I) Gi0/2(I)
Question 316hardScenario
Open the full VLAN trunking answer →

You are connected to Multilayer Switch SW1. Configure LACP EtherChannel between SW1 and SW2 using ports GigabitEthernet0/1 and GigabitEthernet0/2. Ensure the channel is formed and active. The current configuration has mismatched VLAN assignments and speed/duplex settings preventing the channel from coming up. Verify the channel state using 'show etherchannel summary'.

Network Topology
+SW1#show running-config | section interfaceinterface GigabitEthernet0/1switchport mode trunkswitchport trunk allowed vlan 10,20speed 1000duplex fullchannel-group 1 mode activeinterface GigabitEthernet0/2switchport trunk allowed vlan 30speed 100duplex halfinterface Port-channel1switchport trunk allowed vlan 10,20,30SW2#show running-config | section interfaceSW1#show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SD) LACP Gi0/1(D) Gi0/2(D)
Question 317hardScenario
Open the full VLAN trunking answer →

You are connected to SW1. Configure LACP EtherChannel between SW1 and SW2 using interfaces GigabitEthernet0/1 and GigabitEthernet0/2. Ensure the channel forms and passes traffic for VLAN 10. Troubleshoot and fix any issues preventing the channel from coming up.

Network Topology
+interface GigabitEthernet0/1switchport mode trunkswitchport trunk allowed vlan 10duplex fullspeed 1000channel-group 1 mode passiveinterface GigabitEthernet0/2duplex halfspeed 100interface Port-channel1no switchportip address 192.0.2.1 255.255.255.252SW1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(RD) LACP Gi0/1(D) Gi0/2(D)
Question 318mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch connected to router R1 via trunk link G0/1. R1 performs inter-VLAN routing using subinterfaces. VLANs 10, 20, and 30 exist on SW1. Hosts in VLAN 10 (192.168.10.0/24) can ping R1's subinterface, but cannot communicate with hosts in VLAN 20. You suspect the trunk is not allowing VLAN 20 traffic.

Question 319mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1, a Layer 2 switch. Port G0/1 connects to a PC in VLAN 10. Management requires that only one MAC address is allowed on this port, and if a violation occurs, the port should shut down and a log message should be generated. Additionally, you need to ensure that the port enables rapidly and does not wait for STP convergence. Currently, the PC has MAC address aaaa.bbbb.cccc.

Question 320mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a multilayer switch with SVIs for VLANs 10 (192.168.10.1/24) and 20 (192.168.20.1/24). Hosts in VLAN 10 can ping their default gateway (192.168.10.1), but cannot ping hosts in VLAN 20. You suspect IP routing is not enabled or the SVIs are not up.

Question 321easyScenario
Open the full VLAN trunking answer →

You are connected to SW1, a Layer 2 switch. The network administrator wants to prevent unauthorized switches from being connected to access ports. Port G0/1 is an access port in VLAN 10. You need to configure BPDU Guard on this port to protect against STP loops caused by rogue switches. Additionally, enable PortFast for immediate transition to forwarding.

Question 322mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via console. SW1 is a Layer 2 switch connected to two other switches (SW2 and SW3) via trunk links. The network administrator wants to ensure that SW1 becomes the root bridge for VLAN 10 and VLAN 20. Currently, SW2 is the root for both VLANs. Configure SW1 to become the root bridge for these VLANs using the Cisco-recommended macro STP commands.

Question 323mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via console. SW1 is a Layer 2 switch with two ports (G0/1 and G0/2) connected to a host. The host should be able to send and receive traffic on VLAN 10 and VLAN 20. Configure the two ports as a trunk link to the host, but ensure that the trunk only carries VLANs 10 and 20, and set the native VLAN to VLAN 99.

Question 324mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via console. SW1 is a multilayer switch with SVIs for VLAN 10 (192.168.10.1/24) and VLAN 20 (192.168.20.1/24). Hosts in VLAN 10 and VLAN 20 need to communicate with each other. Currently, inter-VLAN routing is not working. You need to enable routing on SW1 and verify that the SVIs are operational.

Question 325hardScenario
Open the full VLAN trunking answer →

You are connected to SW1 via console. SW1 is a Layer 2 switch connected to SW2 via three links (G0/1, G0/2, G0/3) that should form an EtherChannel using LACP. Currently, the interfaces are configured as access ports in VLAN 1. Configure the three interfaces as a LACP EtherChannel trunk that carries VLANs 1-100, and ensure the port-channel interface is operational.

Question 326mediumScenario
Read the full Switching and Network Access explanation →

You are connected to SW1 via console. SW1 is a Layer 2 switch. Port G0/1 connects to a PC that should be allowed only one MAC address. Currently, the port is configured with default settings. You need to enable port security on G0/1, set the maximum MAC addresses to 1, configure the port to shut down if a violation occurs, and ensure that the first learned MAC address is sticky (i.e., saved to the running config).

Question 327mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch. Ports G0/1 and G0/2 are connected to two PCs that should be in VLAN 10 (Sales). Port G0/3 is a trunk link to another switch. The PCs are currently unable to communicate because the ports are in VLAN 1. Configure the switch to place the ports in the correct VLAN and ensure the trunk is properly configured with 802.1Q encapsulation and native VLAN 99.

Question 328mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with two VLANs: VLAN 10 (Sales) and VLAN 20 (Engineering). A router R1 is connected to port G0/1 on SW1 for inter-VLAN routing. Currently, the router is not routing between VLANs because the trunk is not configured correctly. Configure the switch port as a trunk and ensure the router can route between VLANs using subinterfaces (Router-on-a-Stick).

Question 329hardScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with two links to SW2 configured as an EtherChannel using LACP. The EtherChannel is not coming up. Interface G0/2 was accidentally configured as an access port in VLAN 10, while G0/1 is configured as a trunk. The administrator wants to use LACP to bundle the links. Troubleshoot and fix the configuration to bring up the EtherChannel.

Question 330mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with two VLANs: VLAN 10 (Sales) and VLAN 20 (Engineering). Port G0/1 is connected to a sales PC, and port G0/2 is connected to an engineering PC. You need to ensure that each PC is in the correct VLAN. However, the sales PC is currently unable to ping the engineering PC because they are in different VLANs. You have a router R1 connected to SW1 via port G0/3. Configure inter-VLAN routing using Router-on-a-Stick on R1, and ensure SW1's port G0/3 is properly configured as a trunk.

Question 331mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with two redundant links to SW2 (G0/1 and G0/2). The network administrator wants to use both links for load balancing and redundancy by configuring EtherChannel. You need to configure a Layer 2 EtherChannel using LACP on both switches. The port-channel should be in VLAN 1.

Question 332easyScenario
Read the full Switching and Network Access explanation →

You are connected to SW1 via the console. SW1 is a Layer 2 switch connected to multiple PCs. The network administrator wants to implement port security on port G0/1 to allow only one MAC address and to shut down the port if a violation occurs. Additionally, the administrator wants the MAC address to be learned dynamically and added to the running configuration as sticky. Configure port security on G0/1 accordingly.

Question 333easyScenario
Read the full Switching and Network Access explanation →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with an access port G0/1 connected to a server. The network administrator has noticed that the server is sending BPDUs, which could cause network instability. You need to configure PortFast and BPDU Guard on port G0/1 to prevent BPDU-related issues and ensure the port transitions to forwarding state immediately.

Question 334mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch. Port GigabitEthernet0/1 connects to a PC in VLAN 10, and port GigabitEthernet0/2 connects to a server in VLAN 20. Both ports are currently in VLAN 1. Configure SW1 to assign GigabitEthernet0/1 to VLAN 10 and GigabitEthernet0/2 to VLAN 20, and verify the configuration.

Question 335mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch connected to router R1 via trunk port G0/1. The trunk is currently using VLAN 1 as native VLAN, but the network administrator wants to change the native VLAN to VLAN 99 for security. Configure the trunk on G0/1 to use native VLAN 99 and verify.

Question 336mediumScenario
Read the full EtherChannel explanation →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with two links to SW2: G0/1 and G0/2. The administrator wants to combine these two links into an EtherChannel using LACP. Configure an EtherChannel on SW1 for these ports and verify.

Question 337hardScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with three redundant links to SW2: G0/1, G0/2, and G0/3. The network is experiencing loops, and STP is not configured. You need to enable STP and ensure that SW1 becomes the root bridge for VLAN 1. Configure STP on SW1 and set its priority to 4096 for VLAN 1.

Question 338hardScenario
Read the full Switching and Network Access explanation →

You are connected to SW1 via the console. SW1 is a Layer 2 switch connected to a PC on port G0/1. The network administrator wants to secure the port by allowing only two MAC addresses and enabling sticky MAC learning. Additionally, if a violation occurs, the port should be put into error-disabled state. Configure port security on G0/1 with maximum MAC addresses of 2, sticky learning, and shutdown violation mode.

Question 339mediumScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch with two VLANs (10 - Sales, 20 - Engineering). Port G0/1 is connected to a PC in VLAN 10, and port G0/2 is connected to a PC in VLAN 20. The switch needs to be configured to allow inter-VLAN communication using an external router connected to port G0/3. Currently, the PCs cannot communicate across VLANs. Configure the switch to support Router-on-a-Stick with VLAN 10 as the native VLAN on the trunk.

Question 340hardScenario
Open the full VLAN trunking answer →

You are connected to SW1 via the console. SW1 is a Layer 2 switch connected to two other switches (SW2 and SW3) via redundant links. All switches run IEEE 802.1D Spanning Tree Protocol. The network administrator wants SW1 to become the root bridge for VLAN 1. Currently, the root bridge is SW2. Configure SW1 to achieve this and ensure that port G0/1, which connects to an end device, immediately transitions to forwarding state upon link up and is protected from BPDU attacks.

Question 341mediummulti select
Open the full STP breakdown →

Which three of the following are unique characteristics of RSTP (802.1w) compared to traditional STP (802.1D)? (Choose three.)

Question 342mediummulti select
Open the full VLAN trunking answer →

Which three of the following statements about VLAN Trunking Protocol (VTP) are correct? (Choose three.)

Question 343mediummulti select
Read the full EtherChannel explanation →

Which three of the following are valid considerations when configuring EtherChannel? (Choose three.)

Question 344mediummulti select
Read the full Switching and Network Access explanation →

Which three of the following correctly describe how a Layer 2 switch handles frames? (Choose three.)

Question 345mediummulti select
Read the full Switching and Network Access explanation →

Which three of the following are true regarding the configuration and operation of a Cisco switch port in access mode? (Choose three.)

Question 346mediummulti select
Open the full STP breakdown →

Which three of the following are functions of the Spanning Tree Protocol (STP) in a switched network? (Choose three.)

Question 347mediummulti select
Open the full VLAN trunking answer →

Which four of the following are characteristics of Dynamic Trunking Protocol (DTP) and VLAN Trunking Protocol (VTP) used in Cisco switching? (Choose four.)

Question 348mediummulti select
Open the full STP breakdown →

Which three of the following are true regarding the operation of Rapid Spanning Tree Protocol (RSTP) compared to classic STP (802.1D)? (Choose three.)

Question 349mediummulti select
Open the full VLAN trunking answer →

Which four of the following are correct statements about VLAN configuration and verification on a Cisco switch? (Choose four.)

Question 350mediummulti select
Open the full VLAN trunking answer →

Which four of the following are characteristics of 802.1Q trunking? (Choose four.)

Question 351mediummulti select
Read the full EtherChannel explanation →

Which three options correctly describe the behavior or configuration of EtherChannel? (Choose three.)

Question 352mediummulti select
Read the full DHCP explanation →

Which three of the following are true about the operation of DHCP snooping? (Choose three.)

Question 353mediummulti select
Open the full STP breakdown →

Which three statements accurately describe the operation of the Spanning Tree Protocol (STP) root bridge election? (Choose three.)

Question 354mediummulti select
Open the full VLAN trunking answer →

Which of the following statements about VLAN configuration and trunking on a Cisco switch are correct? (Choose all that apply.)

Question 355mediummulti select
Read the full Switching and Network Access explanation →

Which four of the following are considered best practices for securing switch ports and preventing Layer 2 attacks? (Choose all that apply. There are four correct answers.)

Question 356mediummatching
Read the full Switching and Network Access explanation →

Drag and drop the switch port configuration commands on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Statically configures the port as an access port

Sets the data VLAN for an access port

Assigns the VLAN for IP phone voice traffic

Permanently sets the interface as a trunk port

Restricts which VLANs traverse the trunk

Question 357mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure a switch port for data and voice traffic.

Question 358mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to interpret packet capture output for L2/L3 troubleshooting.

Question 359mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the following steps into the correct order to configure Rapid PVST+ with a designated root bridge, PortFast, and BPDU Guard on access ports.

Question 360mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to configure inter‑VLAN routing between VLANs 10 and 20, using a router‑on‑a‑stick with VLAN 99 as the native VLAN on the trunk link.

Question 361mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure BPDU Guard, Loop Guard, and Root Guard on a Cisco switch.

Question 362mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to capture and analyze traffic for L2/L3 troubleshooting.

Question 363mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure Rapid PVST+ on SW1, make it the root bridge, and enable PortFast with BPDU Guard on all access ports.

Question 364mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to configure a router-on-a-stick topology for inter-VLAN routing between VLANs 10 and 20, using 802.1Q trunking with native VLAN 99 for management traffic.

Question 365mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to configure a Cisco switch access port with a data VLAN and a voice VLAN.

Question 366mediumdrag order
Read the full Switching and Network Access explanation →

Drag and drop the following steps into the correct order to configure spanning-tree protection features including BPDU Guard, Root Guard, and Loop Guard on a Cisco switch.

Question 367hardmultiple choice
Read the full Switching and Network Access explanation →

A network administrator connects an IP phone to interface Gi0/1 and a PC to the phone's PC port. Users report that the phone cannot register with the call manager and the PC does not obtain an IP address. The administrator verifies the configuration shown in the exhibit. What is the most likely cause of the problem?

Exhibit

SW1# show running-config interface GigabitEthernet0/1
Building configuration...

Current configuration : 128 bytes
!
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast
end

SW1#
Question 368hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network administrator connects an IP phone to interface GigabitEthernet1/0/1 on a Cisco Catalyst switch. The PC connected through the phone works normally on the data VLAN, but the phone cannot obtain an IP address and fails to register with the call server. Which action will resolve the problem?

Exhibit

SW1# show running-config interface gigabitEthernet 1/0/1
Building configuration...

Current configuration : 150 bytes
!
interface GigabitEthernet1/0/1
 switchport mode access
 switchport access vlan 10
 no shutdown
end

SW1# show interfaces gigabitEthernet 1/0/1 switchport
Name: Gi1/0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Question 369hardmultiple choice
Read the full EtherChannel explanation →

A network engineer has configured an LACP EtherChannel between Switch1 and Switch2 by assigning interfaces to channel-group 1 with the mode passive on both switches. The engineer issues the show etherchannel summary command on Switch1 and sees the output below. The Port-channel interface remains down. Which action resolves the issue?

Network Topology
+Switch1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SD) LACP Gi0/1(I) Gi0/2(I)
Question 370hardmultiple choice
Read the full Switching and Network Access explanation →

An administrator connects a new access-layer switch to a distribution switch. The link comes up but remains in a blocking state and does not forward frames. The administrator issues the show command shown in the exhibit. What is the most likely reason the link is blocked?

Exhibit

SW-DIST# show spanning-tree inconsistentports
Name                 Interface                Inconsistency
-------------------- ------------------------ ------------------
VLAN10               GigabitEthernet1/0/1     Root Inconsistent
Question 371hardmultiple choice
Read the full Switching and Network Access explanation →

A user connects a Cisco IP Phone with a PC attached to the phone's PC port to switch interface GigabitEthernet0/5. The PC obtains an IP address and can reach the network, but the phone displays "Configuring IP" and never registers. Based on the exhibit outputs, what is the most likely cause?

Exhibit

Switch# show running-config interface GigabitEthernet0/5
Building configuration...

Current configuration : 185 bytes
!
interface GigabitEthernet0/5
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 no ip address
 spanning-tree portfast
end

Switch# show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
10   Data                             active    Gi0/5, Gi0/6, Gi0/7
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Question 372mediummulti select
Open the full VLAN trunking answer →

Which TWO statements are true regarding switch port configuration for access, voice, and trunk ports?

Question 373mediummulti select
Open the full STP breakdown →

Which THREE statements about STP and Rapid PVST+ are correct?

Question 374mediummulti select
Open the full VLAN trunking answer →

Which TWO statements about 802.1Q trunking, native VLANs, and inter-VLAN routing are correct? (Choose two.)

Question 375mediummatching
Read the full Switching and Network Access explanation →

Drag and drop the items on the left to match the descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Enables a port as an 802.1Q trunk port

The VLAN that carries untagged frames on a trunk link

Open standard for VLAN tagging on Ethernet frames

Process of forwarding traffic between different VLANs

Displays a summary of VLANs and their assigned ports

Question 376mediummatching
Read the full Switching and Network Access explanation →

Drag and drop the items on the left to match the descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Sets the switch port to permanent access mode

Configures the port as an 802.1Q trunk

Assigns VLAN 10 to the access port for data traffic

Specifies VLAN 20 for voice traffic on the port

Restricts the trunk to carry only VLANs 10 and 20

Question 377mediumdrag order
Open the full VLAN trunking answer →

Drag and drop the following steps into the correct order to configure inter-VLAN routing using a router-on-a-stick topology.

Question 378hardmultiple choice
Open the full VLAN trunking answer →

An administrator notices that hosts in VLAN 30 on SW1 cannot communicate with hosts in VLAN 30 on SW2, even though both switches are connected via an 802.1Q trunk. Traffic for VLANs 10 and 20 passes without issues across the same trunk. The trunk is configured to allow all VLANs, and the allowed VLAN list explicitly includes VLAN 30. What is the most likely cause of the problem?

Question 379hardmultiple choice
Open the full VLAN trunking answer →

A network engineer connects a new switch to an existing Rapid PVST+ campus network. The new switch is intended to serve as an additional access-layer switch, but after connecting its uplinks, the engineer discovers that the root bridge for VLAN 10 has changed to this new switch, and several access ports on other switches with PortFast and BPDU Guard enabled are now in err-disabled state. Some users report intermittent connectivity loss.

Question 380hardmultiple choice
Read the full Switching and Network Access explanation →

A network administrator implements a set of spanning-tree enhancements to secure the switching infrastructure. Later, a help desk ticket reports that a user in a remote office cannot connect to any network resources. While investigating, the administrator notices that the switch port connecting the remote office switch to the distribution switch is in a 'root-inconsistent' state and is blocking traffic. Which protection feature, if misapplied, most likely caused this issue?

Question 381hardmultiple choice
Read the full EtherChannel explanation →

A network engineer configures an EtherChannel between two switches. Switch A's interface is set with channel-group 1 mode active, while Switch B's identical interface is set with channel-group 1 mode auto. When verifying with show etherchannel summary, the engineer observes that the port-channel interface is down and the physical interfaces are not bundled. What is the most likely cause of the problem?

Question 382mediummulti select
Open the full VLAN trunking answer →

Which TWO statements accurately describe 802.1Q trunking and inter-VLAN routing on Cisco switches?

Question 383hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network administrator is troubleshooting a connectivity issue on switch SW1. Users connected to port Gi0/3 are unable to reach resources in VLAN 30. The administrator issues the show vlan brief command and receives the output shown. What is the most likely cause of the problem?

Exhibit

SW1# show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/4, Gi0/5, Gi0/6
10   Management                       active    Gi0/7, Gi0/8
20   Sales                            active    Gi0/9, Gi0/10
30   Engineering                      act/lshut Gi0/3
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Question 384hardmultiple choice
Open the full VLAN trunking answer →

A network technician notices CDP native VLAN mismatch warnings between switches SW1 and SW2 on their trunk link. The technician runs 'show interfaces trunk' on SW1 and sees native VLAN 1, then on SW2 and sees native VLAN 99. Data traffic is currently passing, but the mismatch can cause broadcast loops. What should the technician do next?

Question 385hardmultiple choice
Open the full VLAN trunking answer →

A technician is troubleshooting a network issue where hosts in VLAN 20 on SW1 cannot communicate with hosts in VLAN 20 on SW2. Both switches are connected by an Ethernet trunk link that is up/up and configured as a trunk. The VLAN databases on both switches include VLAN 20, and the spanning tree for VLAN 20 is in a forwarding state on all ports. Hosts within VLAN 20 on each switch can communicate with each other locally. What is the most likely cause?

Question 386hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network administrator is troubleshooting connectivity issues for hosts on VLAN 50 on SW1. The hosts on VLAN 50 cannot reach any devices outside SW1, even though the trunk link between SW1 and SW2 is up. The administrator issues the 'show interfaces GigabitEthernet0/1 trunk' command on SW1. Based on the output, what is the most likely cause of the issue?

Exhibit

SW1# show interfaces GigabitEthernet0/1 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/1       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-49,60-4094

Port        Vlans allowed and active in management domain
Gi0/1       1-49,60-4094

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1-49,60-4094
Question 387hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network engineer is troubleshooting a connectivity issue on SW3. A host connected to the same segment as SW3's GigabitEthernet0/0 interface cannot reach any network resources. The engineer issues the show spanning-tree vlan 10 command and receives the output shown. Based on the output, what is the most likely cause?

Exhibit

SW3# show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    32778
             Address     00d0.97f1.8a00
             Cost        4
             Port        25 (GigabitEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     00d0.97f3.b200
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/0               Altn BLK 4         128.25   P2p
Gi0/1               Root FWD 4         128.26   P2p
Gi0/2               Desg FWD 19        128.27   P2p
Question 388hardmultiple choice
Read the full Switching and Network Access explanation →

A technician connects a PC to a switch port that has port security enabled with the default maximum of one MAC address and violation mode shutdown. Immediately after connecting, the port goes into the err-disabled state. The technician runs the show interfaces command and sees the port status as err-disabled. What should the technician do next?

Question 389hardmultiple choice
Read the full Switching and Network Access explanation →

After connecting a new switch to interface GigabitEthernet1/0/1 on a distribution switch, a network engineer notices that the interface is in err-disable state. The engineer checks the configuration and finds that spanning-tree portfast and spanning-tree bpduguard enable are applied to the interface. What is the most likely cause of the err-disable state?

Question 390hardmultiple choice
Open the full VLAN trunking answer →

A network engineer notices that Host A in VLAN 10 (10.10.10.50/24) can successfully ping its default gateway 10.10.10.1, but cannot ping the VLAN 20 SVI (10.20.20.1) or any hosts in VLAN 20. The SVIs for both VLAN 10 and VLAN 20 are in an up/up state, and the switch's trunk ports are correctly allowing both VLANs. What is the most likely cause?

Question 391hardmultiple choice
Read the full EtherChannel explanation →

An EtherChannel between SW1 and SW2 is not forming. The technician runs the show etherchannel summary command on both switches and sees that all configured interfaces are in the 'I' (stand-alone) state. Both switches have their interfaces configured with channel-group 1 mode active. What should the technician check next?

Question 392hardmultiple choice
Open the full VLAN trunking answer →

After configuring DHCP snooping on VLAN 10 to prevent rogue DHCP servers, all clients in the VLAN stop receiving DHCP offers from the legitimate DHCP server that is connected to port Gi0/1. The administrator verifies the DHCP server is operational and reachable. What should the technician do next?

Question 393hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network administrator is troubleshooting connectivity to devices in VLAN 10 on a Layer 3 switch. The administrator issues the show ip interface brief command on SW1 and sees the output displayed. What is the most likely reason that the VLAN 10 SVI is not functioning?

Exhibit

SW1# show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.1.1     YES NVRAM  up                    up
Vlan10                 172.16.10.1     YES NVRAM  down                  down
Vlan20                 172.16.20.1     YES NVRAM  up                    up
GigabitEthernet0/0     unassigned      YES unset  up                    up
GigabitEthernet0/1     unassigned      YES unset  up                    up
GigabitEthernet0/2     unassigned      YES unset  up                    up
GigabitEthernet0/3     unassigned      YES unset  up                    up
Question 394hardmultiple choice
Open the full VLAN trunking answer →

A network engineer notices that a newly connected switch-to-switch link is up, but traffic from multiple VLANs is not passing. When issuing the show interfaces trunk command, no trunk ports are listed. Both switch ports are configured with switchport mode dynamic auto. What is the most likely cause?

Question 395hardmultiple choice
Read the full Switching and Network Access explanation →

A host is physically connected to switch port Gi0/3. The technician runs 'show mac address-table' but does not find the host's MAC address for Gi0/3. The port status shows 'up/up', and the host was connected only a few minutes ago. What should the technician do next?

Question 396hardmultiple choice
Read the full Switching and Network Access explanation →

A network engineer notices that an uplink port on a distribution switch has moved to a root-inconsistent state and is blocking traffic. The port is configured with Root Guard and is connected to a new access switch. The new access switch has a lower bridge priority than the current root bridge. What is the most likely cause?

Question 397hardmultiple choice
Open the full VLAN trunking answer →

An IP phone connected to switch port Gi0/4 is working and receiving calls, but the PC connected to the phone's data port cannot obtain an IP address. The technician confirms that interface Gi0/4 has switchport mode access and shows switchport access vlan 10 and switchport voice vlan 100. What should the technician do next?

Question 398hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network administrator runs the show vlan brief command on SW2. Interface GigabitEthernet0/2 is intended to be an access port in VLAN 10, but it does not appear in the output. What is the most likely cause?

Exhibit

SW2# show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/3, Gi0/4, Gi0/5
                                                Gi0/6, Gi0/7, Gi0/8
10   Sales                           active    Gi0/9, Gi0/10, Gi0/11
20   Engineering                     active    Gi0/12, Gi0/13
30   Management                      active    Gi0/14
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup
Question 399hardmultiple choice
Open the full VLAN trunking answer →

After configuring a trunk port to allow VLAN 40, a technician finds that VLAN 40 is not listed among the VLANs in spanning tree forwarding state in the show interfaces trunk output. What is the most likely cause?

Question 400hardmultiple choice
Read the full Switching and Network Access explanation →

A technician is troubleshooting a network-wide broadcast storm that has caused severe performance issues. The technician notices that BPDU guard is globally enabled on the access layer switch, but no ports are in an err-disabled state. All access ports have PortFast enabled. What is the most likely cause?

Question 401hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network engineer notices that on a four-link EtherChannel bundle between two switches, all traffic from a particular VLAN is being forwarded over only one physical link, while the other three links remain idle. The engineer suspects a load-balancing issue and issues the show etherchannel load-balance command, the output of which is shown. What is the most likely cause of the uneven traffic distribution?

Exhibit

SW1# show etherchannel load-balance
EtherChannel Load-Balancing Configuration:
        src-mac

EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source MAC address
  IPv4: Source MAC address
  IPv6: Source MAC address

Load-Balancing Operational Parameters:
  Hash algorithm: CRC
  Asymmetric hashing: disabled
Question 402hardmultiple choice
Read the full Switching and Network Access explanation →

Users report that their PCs take over 30 seconds to obtain IP addresses and reach the network after being powered on. A network technician checks a switch port connected to a PC and observes that the port transitions through blocking, listening, learning, and then forwarding states, taking about 30 seconds to complete. The switch is running standard 802.1D STP. The technician confirms the port is an access port and only connects to a PC. What should the technician do next?

Question 403hardmultiple choice
Read the full Switching and Network Access explanation →

A network engineer notices that a root port on a switch has transitioned to a loop-inconsistent state. The port was previously receiving BPDUs normally, but after a suspected unidirectional fiber cut, it no longer receives BPDUs. What is the most likely cause?

Question 404hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network administrator is troubleshooting a trunk link between SW1 and SW2. The trunk on interface GigabitEthernet0/0 on SW1 is not passing traffic, and all VLANs are isolated. The administrator issues the command 'show interfaces GigabitEthernet0/0 trunk' on SW1. What is the most likely cause of the issue?

Exhibit

SW1# show interfaces GigabitEthernet0/0 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/0       on               isl            not-trunking  1

Port        Vlans allowed on trunk
Gi0/0       1-4094

Port        Vlans allowed and active in management domain
Gi0/0       1,10,20,30,99

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/0       none
Question 405hardmultiple choice
Open the full VLAN trunking answer →

A network technician is troubleshooting an inter-VLAN routing issue on a multilayer switch. Hosts on VLAN 10 can reach the SVI for VLAN 10 (10.0.10.1) but cannot reach hosts on VLAN 20. The technician has verified that 'ip routing' is enabled and that the 'show ip route' command displays directly connected routes for both VLANs. No static routes are configured. What should the technician do next?

Question 406hardmultiple choice
Read the full Switching and Network Access explanation →

Refer to the exhibit. A network engineer notices that a user connected to GigabitEthernet0/5 cannot access the network. The engineer issues the show port-security interface GigabitEthernet0/5 command. Based on the output, what is the most likely cause of the issue?

Exhibit

SW1# show port-security interface GigabitEthernet0/5
Port Security              : Enabled
Port Status                : Secure-shutdown
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1
Last Source Address:Vlan   : aaaa.bbbb.cccc:10
Security Violation Count   : 3
Question 407hardmultiple choice
Open the full VLAN trunking answer →

A network engineer notices that after adding a new switch to the network, a different switch unexpectedly becomes the STP root bridge, disrupting all VLANs. The new switch has the default priority (32768) but has a lower MAC address than all existing switches. What is the most likely cause?

Question 408hardmultiple choice
Read the full EtherChannel explanation →

Refer to the exhibit. A network engineer is troubleshooting an EtherChannel on R1 that is not passing traffic. The output of the show etherchannel summary command is displayed. What is the most likely cause?

Network Topology
+R1# show etherchannel summaryH - Hot-standby (LACP only)u - unsuitable for bundlingd - default portNumber of aggregators: 1Group Port-channel Protocol Ports1 Po1(SU) LACP Gi0/1(D) Gi0/2(D)
Question 409hardmultiple choice
Read the full EtherChannel explanation →

Refer to the exhibit. A network engineer configured an EtherChannel between SW1 and SW2 using LACP. After the configuration is applied, the Port-channel 1 interface remains in a down state and does not pass traffic. The engineer runs the show etherchannel detail command on SW1. Based on the output, what is the most likely cause of the problem?

Exhibit

SW1# show etherchannel detail
                Channel-group listing:
Group: 1
----------
Group state = L2
Ports: 2   Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:   LACP
Ports in the group:
Port: Gi0/1
Port state    = Up Cntrl-fwd/bndl In-bndl Mstr
Channel group: 1           Mode: Active
Port-channel = Po1
Age of the port in the current state: 0d:00h:12m:10s
Port: Gi0/2
Port state    = Down Cntrl-fwd/susp Not-in-bndl
Channel group: 1           Mode: Active
Native vlan mismatch: local 20, partner 1
Question 410hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A network engineer expects SW1 to be the root bridge for VLAN 1, but the show spanning-tree vlan 1 output on SW2 shows that SW2 is the root. What is the most likely cause of this issue?

Exhibit

SW2# show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol ieee
  Root ID    Priority    32769
             Address     000a.f3e5.1234
             This bridge is the root
  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     000a.f3e5.1234
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1               Desg FWD 4         128.1    P2p 
Gi0/2               Desg FWD 4         128.2    P2p
Question 411hardmultiple choice
Review the full routing breakdown →

Refer to the exhibit. A network engineer notices packet loss and sluggish application performance on a branch-office uplink. While troubleshooting, the engineer executes the show interfaces GigabitEthernet0/1 command on the router. Based on the output, what is the most likely cause of the performance issue?

Exhibit

R1#show interfaces GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 00aa.bbcc.1122
  Description: Uplink to Distribution Switch
  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  Last input never, output 00:00:01, output hang never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 12450
  Queueing strategy: fifo
  Output queue: 40/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 10000000 bits/sec, 2500 packets/sec
  12345 packets input, 1234567 bytes, 0 no buffer
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  9876 packets output, 1234567890 bytes, 0 underruns
  0 output errors, 0 collisions, 0 interface resets
  Total output drops: 12450
Question 412hardmultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. An engineer configured PortFast on interface GigabitEthernet0/1, which connects to a server that does not participate in spanning tree. However, the port remains in the listening state for the full forward delay period before transitioning to forwarding. The engineer issues the show spanning-tree vlan 10 detail command. Based on the output, what is the most likely cause?

Exhibit

SW1# show spanning-tree vlan 10 detail

VLAN0010 is executing the ieee compatible Spanning Tree protocol
  Bridge Identifier has priority 32768, address aabb.cc00.0200
  Configured hello time 2, max age 20, forward delay 15
  Current root has priority 32768, address aabb.cc00.0100
  Root port is GigabitEthernet0/2, cost of root path is 4
  Topology change flag not set, detected flag not set
  Number of topology changes 2 last change occurred 00:05:30 ago
  Times:  hold 1, topology change 35, notification 2
          hello 2, max age 20, forward delay 15
  Timers: hello 0, topology change 0, notification 0

Port 13 (GigabitEthernet0/1) of VLAN0010 is listening
   Port path cost 4, Port priority 128, Port Identifier 128.13
   Designated root has priority 32768, address aabb.cc00.0100
   Designated bridge has priority 32768, address aabb.cc00.0200
   Designated port id is 128.13, designated path cost 0
   Timers: message age 0, forward delay 12, hold 0
   Number of transitions to forwarding state: 0
   Link type is point-to-point by default
   BPDU: sent 2, received 0
   Edge port: no (default) portfast: no (default)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CCNA Practice Test 1 — 10 Questions→CCNA Practice Test 2 — 10 Questions→CCNA Practice Test 3 — 10 Questions→CCNA Practice Test 4 — 10 Questions→CCNA Practice Test 5 — 10 Questions→CCNA Practice Exam 1 — 20 Questions→CCNA Practice Exam 2 — 20 Questions→CCNA Practice Exam 3 — 20 Questions→CCNA Practice Exam 4 — 20 Questions→Free CCNA Practice Test 1 — 30 Questions→Free CCNA Practice Test 2 — 30 Questions→Free CCNA Practice Test 3 — 30 Questions→CCNA Practice Questions 1 — 50 Questions→CCNA Practice Questions 2 — 50 Questions→CCNA Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Network Infrastructure and ConnectivitySwitching and Network AccessIP RoutingNetwork Services and SecurityAI and Network Operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Switching and Network Access setsAll Switching and Network Access questionsCCNA Practice Hub