Question 1,698 of 1,819
Switching and Network AccesshardTroubleshootingObjective-mapped

Quick Answer

The correct answer is Option A, which resolves the router-on-a-stick native VLAN mismatch configuration by adding a subinterface with encapsulation dot1Q 1 native and enabling IP routing. This works because the switch trunk port Gi0/1 sends untagged frames for its native VLAN 1, so R1 must have a subinterface explicitly configured to accept that untagged traffic using the native keyword; without it, the router drops the untagged frames, breaking connectivity for any hosts relying on that VLAN. On the CCNA 200-301 v2 exam, this scenario tests your understanding of how 802.1Q trunking handles native VLAN traffic and the critical interplay between router subinterfaces and switch port settings—a common trap is forgetting the native keyword or mismatching the native VLAN on both sides. Remember the mnemonic "Native Needs the Keyword": if the switch sends untagged frames for VLAN X, the router’s subinterface must say "native" to match.

CCNA Switching and Network Access Practice Question

This 200-301 practice question tests your understanding of switching and network access. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Network Topology
Gi0/1Gi0/0trunkSW1R1

You are connected to R1. The network has two VLANs (10 and 20) on SW1, connected to R1 via a trunk. Currently, hosts in VLAN 10 cannot reach the router or each other across VLANs. Configure R1 with the correct subinterface encapsulation and IP addressing, and ensure the trunk on SW1 allows both VLANs. Also, fix any native VLAN mismatch on the trunk link. Which configuration steps will resolve the issues?

Question 1hardTroubleshooting
Open the full VLAN trunking answer →

Exhibit

SW1#show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-1005

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,10,20

R1#show running-config | section interface GigabitEthernet0/0
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.10.20.1 255.255.255.0
!

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R1#

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

On R1, configure subinterface Gi0/0.1 with encapsulation dot1Q 1 native and IP 192.168.1.1/24, and enable ip routing. On SW1, ensure trunk Gi0/1 allows VLANs 10,20 and set native VLAN 1.

The current issue is a native VLAN mismatch and missing IP routing. SW1's trunk port Gi0/1 uses native VLAN 1, sending untagged frames for VLAN 1. R1 has subinterfaces for VLANs 10 and 20 but no subinterface handling untagged native traffic, causing VLAN 10 traffic (if it were tagged) to reach R1 but native traffic to be dropped. Additionally, IP routing is not enabled, preventing inter‑VLAN forwarding even if subinterfaces are correctly addressed. Option A resolves both problems by adding a subinterface dot1Q 1 native with an IP address, enabling IP routing, and ensuring the trunk allows VLANs 10 and 20 with native VLAN 1. Option B creates subinterfaces for VLANs 10 and 20 but changes the switch native VLAN to 10 without a matching native subinterface on R1, so untagged VLAN 10 traffic still fails. Option C incorrectly uses 'encapsulation dot1Q 1' without the native keyword, so it expects tagged VLAN 1 frames, which do not match the switch's untagged native traffic. Option D changes the native VLAN to 10 on both sides, but this requires modifying the existing VLAN design; moreover, it does not guarantee that hosts in VLAN 10 will be able to reach the router if they are using IP 192.168.1.1 as their default gateway, and the trunk may still be missing allowed VLANs—making A the simplest, design‑coherent solution.

Key principle: A trunk being up does not mean the VLAN is allowed across it. Always verify the allowed VLAN list and whether the VLAN exists on both switches.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • On R1, configure subinterface Gi0/0.1 with encapsulation dot1Q 1 native and IP 192.168.1.1/24, and enable ip routing. On SW1, ensure trunk Gi0/1 allows VLANs 10,20 and set native VLAN 1.

    Why this is correct

    This resolves the native VLAN mismatch by explicitly configuring the native VLAN subinterface on R1 with the 'native' keyword, and enables IP routing for inter-VLAN forwarding. SW1's trunk already allows VLANs 10 and 20, and native VLAN 1 is the default, so no change needed.

    Related concept

    Access ports place end devices into a single VLAN.

  • On R1, configure subinterface Gi0/0.10 with encapsulation dot1Q 10 and IP 192.168.10.1/24, and subinterface Gi0/0.20 with encapsulation dot1Q 20 and IP 192.168.20.1/24. Enable ip routing. On SW1, change native VLAN to 10 on trunk Gi0/1.

    Why it's wrong here

    This is incorrect because changing the native VLAN on SW1 to 10 would cause a mismatch with R1's default native VLAN (1) unless R1 also configures native VLAN 10. The existing issue is a mismatch with native VLAN 1, not 10.

  • On R1, configure subinterface Gi0/0.1 with encapsulation dot1Q 1 (without native keyword) and IP 192.168.1.1/24. Enable ip routing. On SW1, ensure trunk Gi0/1 allows VLANs 10,20 and set native VLAN 1.

    Why it's wrong here

    This is incorrect because omitting the 'native' keyword on the subinterface means R1 will tag frames on VLAN 1 with a dot1Q header, but SW1 expects untagged frames on native VLAN 1. This causes a mismatch and frames may be dropped or misdirected.

  • On R1, configure subinterface Gi0/0.10 with encapsulation dot1Q 10 native and IP 192.168.10.1/24, and subinterface Gi0/0.20 with encapsulation dot1Q 20 and IP 192.168.20.1/24. Enable ip routing. On SW1, set native VLAN to 10 on trunk Gi0/1.

    Why it's wrong here

    This is incorrect because it makes VLAN 10 the native VLAN on both sides, but the original problem states that hosts in VLAN 10 cannot reach the router. Making VLAN 10 native does not address the connectivity issue; the native VLAN mismatch was with VLAN 1, and changing it to 10 may cause additional problems if not coordinated.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

On R1, configure subinterface Gi0/0.1 with encapsulation dot1Q 1 native and IP 192.168.1.1/24, and enable ip routing. On SW1, ensure trunk Gi0/1 allows VLANs 10,20 and set native VLAN 1.Correct answer

Why this is correct

This resolves the native VLAN mismatch by explicitly configuring the native VLAN subinterface on R1 with the 'native' keyword, and enables IP routing for inter-VLAN forwarding. SW1's trunk already allows VLANs 10 and 20, and native VLAN 1 is the default, so no change needed.

On R1, configure subinterface Gi0/0.10 with encapsulation dot1Q 10 and IP 192.168.10.1/24, and subinterface Gi0/0.20 with encapsulation dot1Q 20 and IP 192.168.20.1/24. Enable ip routing. On SW1, change native VLAN to 10 on trunk Gi0/1.Wrong answer — click to see why

Why this is wrong here

Changing the native VLAN on SW1 to 10 does not fix the mismatch; it creates a new mismatch unless R1 is also configured accordingly. The correct approach is to match the existing native VLAN (1) on both sides.

Why candidates choose this

Candidates might think that since VLANs 10 and 20 are used, the native VLAN should be one of them, but the native VLAN is a separate administrative VLAN for untagged traffic.

On R1, configure subinterface Gi0/0.1 with encapsulation dot1Q 1 (without native keyword) and IP 192.168.1.1/24. Enable ip routing. On SW1, ensure trunk Gi0/1 allows VLANs 10,20 and set native VLAN 1.Wrong answer — click to see why

Why this is wrong here

The 'native' keyword is required on the router subinterface to indicate that frames for that VLAN should be sent untagged, matching the switch's native VLAN behavior. Without it, the router tags native VLAN traffic, causing a mismatch.

Why candidates choose this

Candidates may think that simply creating a subinterface for VLAN 1 is enough, but the 'native' keyword is critical for proper handling of untagged frames.

On R1, configure subinterface Gi0/0.10 with encapsulation dot1Q 10 native and IP 192.168.10.1/24, and subinterface Gi0/0.20 with encapsulation dot1Q 20 and IP 192.168.20.1/24. Enable ip routing. On SW1, set native VLAN to 10 on trunk Gi0/1.Wrong answer — click to see why

Why this is wrong here

The native VLAN mismatch is between SW1's default native VLAN 1 and R1's lack of native VLAN configuration. Changing both to VLAN 10 is an unnecessary change and does not fix the original mismatch; it also disrupts any existing untagged traffic on VLAN 1.

Why candidates choose this

Candidates might assume that since VLAN 10 is having issues, making it the native VLAN will fix it, but the native VLAN is for untagged traffic, not for resolving general VLAN reachability.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: an active trunk can still block the VLAN you need

A trunk being up does not prove every VLAN is crossing it. Check allowed VLAN lists, native VLAN mismatch, VLAN existence and access-port assignment.

Trap categories for this question

  • Keyword trap

    This is incorrect because omitting the 'native' keyword on the subinterface means R1 will tag frames on VLAN 1 with a dot1Q header, but SW1 expects untagged frames on native VLAN 1. This causes a mismatch and frames may be dropped or misdirected.

Detailed technical explanation

How to think about this question

VLAN questions usually combine access-port and trunking clues. The key is to identify whether the issue is local to one switchport, caused by the trunk, or caused by the VLAN not existing where it needs to exist.

KKey Concepts to Remember

  • Access ports place end devices into a single VLAN.
  • Trunk ports carry multiple VLANs between switches.
  • Allowed VLAN lists decide which VLANs can cross a trunk.
  • Native VLAN mismatch can create confusing symptoms.

TExam Day Tips

  • Use show vlan brief to verify access VLANs.
  • Use show interfaces trunk to verify trunk state and allowed VLANs.
  • Do not treat every same-VLAN issue as a routing problem.

Key takeaway

A trunk being up does not mean the VLAN is allowed across it. Always verify the allowed VLAN list and whether the VLAN exists on both switches.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review VLAN allowed lists, native VLAN mismatch detection, and how to verify VLAN membership with show vlan brief and show interfaces trunk. Then practise related 200-301 questions on switching, trunking, and access-port configuration.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Switching and Network Access — This question tests Switching and Network Access — Access ports place end devices into a single VLAN..

What is the correct answer to this question?

The correct answer is: On R1, configure subinterface Gi0/0.1 with encapsulation dot1Q 1 native and IP 192.168.1.1/24, and enable ip routing. On SW1, ensure trunk Gi0/1 allows VLANs 10,20 and set native VLAN 1. — The current issue is a native VLAN mismatch and missing IP routing. SW1's trunk port Gi0/1 uses native VLAN 1, sending untagged frames for VLAN 1. R1 has subinterfaces for VLANs 10 and 20 but no subinterface handling untagged native traffic, causing VLAN 10 traffic (if it were tagged) to reach R1 but native traffic to be dropped. Additionally, IP routing is not enabled, preventing inter‑VLAN forwarding even if subinterfaces are correctly addressed. Option A resolves both problems by adding a subinterface dot1Q 1 native with an IP address, enabling IP routing, and ensuring the trunk allows VLANs 10 and 20 with native VLAN 1. Option B creates subinterfaces for VLANs 10 and 20 but changes the switch native VLAN to 10 without a matching native subinterface on R1, so untagged VLAN 10 traffic still fails. Option C incorrectly uses 'encapsulation dot1Q 1' without the native keyword, so it expects tagged VLAN 1 frames, which do not match the switch's untagged native traffic. Option D changes the native VLAN to 10 on both sides, but this requires modifying the existing VLAN design; moreover, it does not guarantee that hosts in VLAN 10 will be able to reach the router if they are using IP 192.168.1.1 as their default gateway, and the trunk may still be missing allowed VLANs—making A the simplest, design‑coherent solution.

What should I do if I get this 200-301 question wrong?

Review VLAN allowed lists, native VLAN mismatch detection, and how to verify VLAN membership with show vlan brief and show interfaces trunk. Then practise related 200-301 questions on switching, trunking, and access-port configuration.

What is the key concept behind this question?

Access ports place end devices into a single VLAN.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

4 more ways this is tested on 200-301

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. You are connected to R1 via console. R1 is a router-on-a-stick connecting VLAN 10 and VLAN 20 on a single link to switch SW1. Currently, hosts in VLAN 10 cannot ping hosts in VLAN 20, and some VLAN 10 hosts report intermittent connectivity. Examine the provided configuration and output, then fix all issues to restore full inter-VLAN routing and stable trunk operation.

hard
  • A.On R1, configure 'ip routing', add subinterface G0/0.99 with 'encapsulation dot1Q 99 native' and an IP address, and ensure G0/0 is not shutdown.
  • B.On R1, configure 'ip routing' and change the encapsulation on the VLAN 10 subinterface to 'encapsulation dot1Q 10 native'.
  • C.On R1, configure 'ip routing' and add an IP address to the physical interface GigabitEthernet0/0.
  • D.On R1, configure 'ip routing' and change the encapsulation on the VLAN 20 subinterface to 'encapsulation dot1Q 20 native'.

Why A: Three issues prevent inter-VLAN routing and cause intermittent connectivity. First, R1 lacks a subinterface configured for the native VLAN (VLAN 99) with the 'encapsulation dot1Q 99 native' command; this subinterface is needed because SW1 expects the native VLAN to be tagged on the router side for consistency. Second, the global command 'ip routing' is missing, which disables routing between VLANs. Third, the physical interface GigabitEthernet0/0 might be administratively down; ensure 'no shutdown' is applied. Option A correctly fixes all issues: it adds the native VLAN subinterface, enables routing, and ensures the interface is up. The other options fail because they either misconfigure the native VLAN encapsulation on the wrong subinterface or apply an IP address to the physical interface (which does not support routing on a router-on-a-stick).

Variation 2. You are connected to R1. The network consists of R1, SW1, and two hosts (Host-A on VLAN 10, Host-B on VLAN 20). SW1 has two access ports (one per VLAN) and a trunk to R1. Configure R1 for router-on-a-stick inter-VLAN routing. The current configuration has a native VLAN mismatch and a missing subinterface for VLAN 20. Fix these issues so that Host-A and Host-B can ping each other.

hard
  • A.Configure interface G0/0.20 with encapsulation dot1Q 20 and IP address 192.168.20.1 255.255.255.0, set native VLAN to 1 on the trunk, and enable ip routing.
  • B.Configure interface G0/0.20 with encapsulation dot1Q 20 and IP address 192.168.20.1 255.255.255.0, set native VLAN to 99 on the trunk, and enable ip routing.
  • C.Configure interface G0/0.20 with encapsulation dot1Q 20 and IP address 192.168.20.1 255.255.255.0, set native VLAN to 1 on the trunk, but do not enable ip routing.
  • D.Configure interface G0/0.20 with encapsulation dot1Q 20 and IP address 192.168.20.1 255.255.255.0, set native VLAN to 99 on the trunk, and do not enable ip routing.

Why A: The native VLAN mismatch exists: R1 expects native VLAN 99, but SW1 likely uses native VLAN 1 (default). This causes CDP/STP issues but not directly inter-VLAN routing; however, for proper operation, set native VLAN to 1 on R1. Additionally, the subinterface for VLAN 20 is missing, so traffic from VLAN 20 cannot be routed. Finally, 'ip routing' is disabled, preventing any inter-VLAN routing. Solution: change native VLAN on trunk to 1, create subinterface G0/0.20 with encapsulation dot1Q 20 and IP 192.168.20.1/24, and enable ip routing.

Variation 3. You are connected to SW1 via the console. SW1 is a Layer 2 switch with two VLANs (10 - Sales, 20 - Engineering). Port G0/1 is connected to a PC in VLAN 10, and port G0/2 is connected to a PC in VLAN 20. The switch needs to be configured to allow inter-VLAN communication using an external router connected to port G0/3. Currently, the PCs cannot communicate across VLANs. Configure the switch to support Router-on-a-Stick with VLAN 10 as the native VLAN on the trunk.

medium
  • A.Configure G0/1 as access VLAN 10, G0/2 as access VLAN 20, G0/3 as trunk with native VLAN 10, and allow VLANs 10 and 20 on the trunk.
  • B.Configure G0/1 as access VLAN 10, G0/2 as access VLAN 20, G0/3 as trunk with native VLAN 1, and allow VLANs 10 and 20 on the trunk.
  • C.Configure G0/1 as access VLAN 10, G0/2 as access VLAN 20, G0/3 as trunk with native VLAN 10, but do not allow VLAN 10 on the trunk.
  • D.Configure G0/1 as trunk with native VLAN 10, G0/2 as trunk with native VLAN 20, G0/3 as trunk with native VLAN 10, and allow VLANs 10 and 20 on all trunks.

Why A: Access ports assign PCs to their respective VLANs. The trunk port carries multiple VLANs to the router, and setting the native VLAN to 10 ensures untagged frames on the trunk belong to VLAN 10, which the router's subinterface for VLAN 10 will handle as untagged.

Variation 4. You are connected to SW1 via the console. SW1 is a Layer 2 switch with two VLANs: VLAN 10 (Sales) and VLAN 20 (Engineering). A router R1 is connected to port G0/1 on SW1 for inter-VLAN routing. Currently, the router is not routing between VLANs because the trunk is not configured correctly. Configure the switch port as a trunk and ensure the router can route between VLANs using subinterfaces (Router-on-a-Stick).

medium
  • A.Configure the switch port as a trunk with 802.1Q encapsulation and allow VLANs 10 and 20.
  • B.Configure the switch port as an access port in VLAN 10 and add VLAN 20 as a secondary VLAN.
  • C.Configure the switch port as a trunk with ISL encapsulation and allow all VLANs.
  • D.Configure the switch port as a trunk with 802.1Q encapsulation and allow VLANs 1, 10, and 20.

Why A: The switch port was in access mode, which only carries one VLAN. Changing it to trunk with 802.1Q encapsulation allows multiple VLANs to traverse to the router. The allowed VLAN list restricts to VLANs 10 and 20 for security.

Last reviewed: Jun 6, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.