Question 1,336 of 1,819
Switching and Network AccessmediumMatchingObjective-mapped

Quick Answer

The answer is 802.1Q, the IEEE standard for VLAN tagging. This is correct because 802.1Q inserts a 4-byte tag into the Ethernet frame header to identify which VLAN a frame belongs to as it traverses a trunk port, allowing multiple VLANs to share a single link between switches. On the CCNA 200-301 v2 exam, this concept tests your understanding of trunk port fundamentals, often appearing in matching or multiple-choice questions that distinguish 802.1Q from the now-obsolete ISL protocol. A common trap is confusing the native VLAN—which remains untagged on an 802.1Q trunk—with the access VLAN assigned to an end device port. Remember the mnemonic: “Tag the trunk, not the native” to keep the distinction clear.

CCNA Switching and Network Access Practice Question

This 200-301 practice question tests your understanding of switching and network access. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: a trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Match each trunking term to its most accurate meaning.

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Trunk: A single physical link carrying multiple VLANs

These pairings match common trunking terms with their accurate definitions in networking.

Key principle: A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Trunk: A single physical link carrying multiple VLANs

    Why this is correct

    This option correctly defines all trunking terms: a trunk carries multiple VLANs, dot1q is the tagging protocol, native VLAN frames are untagged, allowed VLAN list restricts which VLANs can traverse, trunk encapsulation defines the tagging method, and DTP negotiates trunking between switches.

    Related concept

    A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.

  • Access port: A port assigned to a single VLAN

    Why this is correct

    This is incorrect because a trunk carries multiple VLANs, not a single VLAN. Native VLAN frames are untagged, not tagged. DTP is used to negotiate trunking, not to disable it. Trunk encapsulation can be dot1q or ISL (though ISL is legacy).

    Related concept

    A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.

  • 802.1Q: The IEEE standard for VLAN tagging

    Why this is correct

    This is incorrect because dot1q adds tags to frames, not removes them. Native VLAN frames are untagged. Allowed VLAN list restricts which VLANs can traverse, not prioritize traffic. Trunk encapsulation defines the tagging method, not frame size. DTP is a trunking negotiation protocol, not a security protocol.

    Related concept

    A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.

  • Native VLAN: The untagged VLAN on a trunk port

    Why this is correct

    This is incorrect because dot1q is not the only trunking protocol (ISL exists, though legacy). Allowed VLAN list restricts which VLANs can traverse, not block all traffic. Trunk encapsulation defines the tagging method, not VLAN ID range. DTP negotiates trunking, not configures native VLAN.

    Related concept

    A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Be careful not to confuse the native VLAN with tagged VLANs: native VLAN frames are untagged on a trunk. Also, remember that DTP is used for negotiation, not for configuration of native VLAN or allowed VLANs.

Detailed technical explanation

How to think about this question

Trunking in Cisco networks refers to a physical or logical link between switches that carries traffic for multiple VLANs simultaneously. This is achieved by tagging Ethernet frames with VLAN identifiers using protocols like IEEE 802.1Q. The trunk link enables VLAN segmentation across switches, allowing devices in the same VLAN but on different switches to communicate as if they were on the same LAN segment. The allowed VLAN list on a trunk port controls which VLANs are permitted to traverse that trunk. By default, all VLANs are allowed, but network administrators can restrict this list to improve security and reduce unnecessary traffic. The native VLAN is a special VLAN on an 802.1Q trunk that carries untagged frames; it is typically VLAN 1 by default but can be changed for security reasons. Access VLANs are assigned to access ports that connect end devices; these ports carry traffic for a single VLAN and do not tag frames. A common exam trap is confusing the native VLAN with the access VLAN or misunderstanding the role of the allowed VLAN list. For example, untagged traffic on a trunk is always associated with the native VLAN, not the access VLAN. Misconfiguring the native VLAN or allowed VLAN list can cause VLAN hopping or traffic loss. Practically, ensuring consistent native VLAN configuration on both ends of a trunk and carefully managing allowed VLANs prevents VLAN mismatches and security vulnerabilities.

KKey Concepts to Remember

  • A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.
  • The allowed VLAN list on a trunk port determines which VLANs are permitted to send traffic across the trunk link, restricting unnecessary VLAN traffic.
  • The native VLAN on an 802.1Q trunk carries untagged frames and must be consistently configured on both ends to avoid VLAN mismatches.
  • An access VLAN is assigned to an access port connecting end devices and carries traffic for only one VLAN without tagging frames.
  • Cisco switches use VLAN tagging on trunks to maintain VLAN separation across multiple switches, enabling scalable network segmentation.
  • Misconfiguring the native VLAN or allowed VLAN list can cause traffic loss, VLAN hopping, or security vulnerabilities in a switched network.
  • Understanding the difference between trunk ports and access ports is critical for proper VLAN design and troubleshooting in Cisco networks.
  • The native VLAN is not the same as the access VLAN; the native VLAN applies only to trunks, while the access VLAN applies only to access ports.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review a trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Switching and Network Access — This question tests Switching and Network Access — A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation..

What is the correct answer to this question?

The correct answer is: Trunk: A single physical link carrying multiple VLANs — These pairings match common trunking terms with their accurate definitions in networking.

What should I do if I get this 200-301 question wrong?

Review a trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

A trunk port carries traffic for multiple VLANs simultaneously by tagging frames with VLAN identifiers using 802.1Q encapsulation.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

4 more ways this is tested on 200-301

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. Match each trunk or VLAN term to its most accurate function.

medium
  • A.Access port: carries traffic for a single VLAN only, with no tagging.
  • B.Trunk port: carries traffic for multiple VLANs using 802.1Q tagging.
  • C.Native VLAN: the VLAN that is tagged on a trunk link by default.
  • D.VLAN 1: the default voice VLAN on Cisco switches.

Why A: Access ports carry traffic for one VLAN only; trunk ports carry multiple VLANs using tagging. The native VLAN is untagged on a trunk; VLAN 1 is the default. 802.1Q is the standard for tagging, and voice VLAN separates voice traffic.

Variation 2. Match each VLAN-related term to its most accurate meaning.

medium
  • A.Access VLAN: A VLAN that carries traffic for a single end device, typically assigned to an access port.
  • B.Trunk VLAN: A VLAN that carries traffic for multiple VLANs over a single link, typically using 802.1Q tagging.
  • C.Native VLAN: A VLAN that carries all untagged traffic on a trunk link, typically VLAN 1 by default.
  • D.Voice VLAN: A VLAN dedicated to carrying voice traffic, typically with QoS markings and separate from data VLANs.

Why A: Each VLAN type serves a specific purpose: Access VLAN for end devices, Trunk VLAN for multiple VLANs over a link, Native VLAN for untagged frames, Voice VLAN for phones, Management VLAN for admin access, and Data VLAN for user traffic.

Variation 3. Match each switchport or VLAN term to its most accurate meaning.

medium
  • A.Access port: A switch port that belongs to a single VLAN and carries untagged traffic for that VLAN.
  • B.Trunk port: A switch port that carries traffic for multiple VLANs and uses 802.1Q tagging to identify each frame's VLAN.
  • C.VLAN: A logical grouping of devices that are on the same broadcast domain, regardless of physical location.
  • D.SVI: A virtual interface on a switch that provides Layer 3 routing for a VLAN.

Why A: Access ports are in one VLAN; trunk ports carry multiple VLANs with tags. Switchport mode commands set the port type. VLANs create separate broadcast domains; SVIs provide Layer 3 routing for VLANs.

Variation 4. Match each VLAN or trunk term to its most accurate purpose.

medium
  • A.Trunk: Carries traffic for multiple VLANs over a single link.
  • B.VLAN: Provides a method to tag frames for multiple VLANs on a trunk.
  • C.Native VLAN: Used to route traffic between different VLANs.
  • D.802.1Q: Distributes VLAN configuration information across switches.

Why A: Trunks enable multiple VLANs on one link; VLANs logically segment networks. 802.1Q is the tagging standard; native VLAN is untagged. VTP distributes VLAN database; inter-VLAN routing uses a router or Layer 3 switch to communicate between VLANs.

Last reviewed: Apr 12, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.