CCNA Switching Questions

17 of 392 questions · Page 6/6 · Switching topic · Answers revealed

376
Multi-Selectmedium

Which three of the following are valid considerations when configuring EtherChannel? (Choose three.)

Select 3 answers
.All physical interfaces in an EtherChannel must have the same speed and duplex settings.
.EtherChannel can be configured using either PAgP (Cisco proprietary) or LACP (IEEE 802.3ad) protocols.
.When using LACP, the system priority is used to determine which switch controls the active ports in the bundle.
.EtherChannel load balancing is always based on source and destination MAC addresses only.
.On a Cisco switch, you can bundle up to 16 interfaces into a single EtherChannel, all of which can be active simultaneously.
.EtherChannel provides loop prevention by using Spanning Tree Protocol on each individual link within the bundle.

Why this answer

All three correct statements (A, B, C) are valid considerations when configuring EtherChannel. Option D is incorrect because load balancing can be based on source/destination IP, MAC, or Layer 4 port, not just MAC addresses. Option E is false because although up to 16 interfaces can be in a port channel, only 8 can be active simultaneously (the remaining are in standby).

Option F is false because STP operates on the port-channel interface as a whole, not on individual links within the bundle.

Exam trap

Cisco often tests the requirement that all physical interfaces in an EtherChannel must have the same speed and duplex settings, as candidates may mistakenly think that different speeds can be used if the switch supports auto-negotiation.

Why the other options are wrong

D

EtherChannel load balancing is configurable and can use source/destination IP, MAC, or Layer 4 port, not just MAC addresses.

E

Only 8 interfaces can be active in a single EtherChannel; the other 8 are in standby mode.

F

Spanning Tree Protocol runs on the logical port-channel interface, not on each individual physical link within the bundle.

377
MCQhard

A Layer 2 switch port connected to an end host should move to forwarding quickly but also shut down if a BPDU is received. Which pair of features best supports that design?

AnswerA

This is correct because PortFast speeds edge-port forwarding and BPDU Guard disables the port if a BPDU is received.

Why this answer

PortFast and BPDU Guard are the right pair. In plain language, PortFast makes an edge port usable quickly for a real end device, while BPDU Guard protects that same port by shutting it down if spanning-tree control traffic appears unexpectedly.

This is a classic access-layer design. PortFast improves usability, and BPDU Guard improves safety. The best answer combines both functions.

Exam trap

Be careful not to confuse BPDU Guard with Root Guard or Loop Guard, as they serve different purposes in spanning tree protection.

Why the other options are wrong

B

Root Guard and UDLD do not directly address the requirement for a port to quickly transition to forwarding while shutting down upon receiving a BPDU. Root Guard is used to prevent a port from becoming a root port, while UDLD is for detecting unidirectional links.

C

Loop Guard and native VLAN do not directly address the requirement for a port to quickly transition to forwarding while shutting down upon receiving a BPDU. Loop Guard is designed to prevent loops by keeping a port in a loop-inconsistent state, and native VLAN is related to VLAN tagging, not port state management.

D

Port security and EtherChannel do not directly address the need for a switch port to quickly transition to forwarding mode while also shutting down upon receiving a BPDU. Port security focuses on limiting MAC addresses and EtherChannel is used for link aggregation, neither of which fulfill the specific requirements of this question.

378
MCQhard

A network administrator has configured a switch port to support a VoIP phone and a desktop PC. Users report that the desktop PC cannot obtain an IP address via DHCP, while the VoIP phone registers successfully. The switch port is up/up, and the desktop is connected to the phone's PC port. What is the most likely cause of the issue?

A.The switchport mode access should be changed to switchport mode trunk to allow both vlans.
B.The switchport access vlan should be changed to the data VLAN to match the subnet expected by the desktop.
C.The switchport voice vlan should be removed because the desktop cannot use it.
D.The spanning-tree portfast should be disabled to prevent DHCP delays.
AnswerB

With the phone's PC port forwarding the switch's access VLAN, correcting the access VLAN to the data VLAN ensures the desktop receives a DHCP offer from the data subnet.

Why this answer

The desktop PC obtains its IP address from the data VLAN, but the switch port's access VLAN is likely misconfigured to the voice VLAN. Changing the access VLAN to the correct data VLAN places the PC in the proper subnet and allows DHCP to function. Option A is unnecessary because a voice-access port does not need to be a trunk.

Option C would break the VoIP phone without fixing the PC's VLAN assignment. Option D is irrelevant; PortFast speeds up STP convergence and does not block DHCP.

Exam trap

Cisco often tests the misconception that the PC uses the voice VLAN or that the port must be a trunk, when in reality the phone handles the VLAN separation internally and the switch port remains an access port with a separate voice VLAN.

Why the other options are wrong

A

The current configuration uses access mode with voice vlan, which is correct for a phone+PC setup. Trunk mode is unnecessary and could break the phone's untagged traffic expectations.

C

The voice vlan is correctly configured for the phone; the problem is with the data vlan assignment for the desktop.

D

Portfast is beneficial for host ports; disabling it would worsen the issue by introducing STP convergence delays.

379
MCQhard

Based on the exhibit, which action is most likely required to allow AP-22 to join the controller successfully?

A.Correct the AP's default gateway so it matches the AP's actual subnet and reachability needs.
B.Change the AP from Ethernet to PPP encapsulation.
C.Remove the AP IP address so it can obtain an IP address automatically via DHCP.
D.Disable DHCP on the controller for all APs.
AnswerA

This is correct because the current gateway does not align with the AP's subnet, which breaks proper forwarding behavior.

Why this answer

The correct action is to fix the AP's default gateway so it can reach the controller's subnet. Option B is wrong because APs use Ethernet, not PPP encapsulation, which is used for serial WAN links. Option C is wrong because CAPWAP does not assign IP addresses; DHCP does, but the AP already has a static IP, and removing it would cause it to fall back to DHCP, which may not fix the gateway issue.

Option D is wrong because disabling DHCP on the controller would affect all APs and prevent new APs from obtaining addresses, which is not a targeted fix.

Exam trap

Avoid assuming resets or updates fix network configuration issues; focus on Layer 3 settings like gateways.

Why the other options are wrong

B

APs use Ethernet frames, not PPP encapsulation; PPP is used for serial links.

C

CAPWAP does not assign IP addresses; DHCP handles that, but removing the AP's IP does not correct the gateway mismatch.

D

Disabling DHCP on the controller would break all APs, not just AP-22, and does not address the gateway issue.

380
MCQhard

Exhibit: An access switch shows Gi1/0/10 as err-disabled shortly after an IP phone and a workstation are connected through the same wall jack. What is the most likely cause?

A.The native VLAN is missing
B.The port security maximum is too low for the connected devices
C.BPDU Guard blocked the port because a workstation was attached
AnswerB

A phone plus a PC commonly requires more than one secure MAC address.

Why this answer

With a phone and a PC on the same access port, the switch may legitimately see two MAC addresses. Port security set to a maximum of 1 causes a violation and can place the interface into err-disabled state.

Exam trap

Be cautious of assuming all err-disabled states are due to STP or VLAN issues; port security is a frequent cause.

Why the other options are wrong

A

The native VLAN being missing would not directly cause a port to go err-disabled when connecting an IP phone and workstation; it typically results in VLAN mismatches or communication issues rather than disabling the port.

C

BPDU Guard is designed to protect against loops by disabling ports that receive Bridge Protocol Data Units (BPDUs). In this scenario, the port is err-disabled due to port security violations, not because of BPDU Guard activation.

D

DHCP snooping denying the voice VLAN would typically result in the IP phone failing to receive an IP address, rather than causing the port to go err-disabled. The err-disabled state is more likely due to port security violations when multiple devices are connected.

381
Drag & Dropmedium

Drag and drop the configuration steps into the correct order to configure an LACP EtherChannel on two Cisco switches using active mode negotiation.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct order begins with configuring the interface range because the channel-group command must be issued under interface configuration mode. Then, set the channel-group mode to active to enable LACP active negotiation on both switches. Finally, verify the EtherChannel status using 'show etherchannel summary' to confirm the channel is up and using LACP.

Option C uses passive mode, which would not initiate negotiation as required; option D uses 'show interfaces status', which does not display EtherChannel-specific information.

Exam trap

Students often confuse the order of configuration steps, thinking the channel-group mode can be set before entering interface configuration. They also mix up active and passive modes, and may use incorrect verification commands. Remember: interface range first, then channel-group, and verify with 'show etherchannel summary'.

382
Matchingmedium

Match each switchport or STP feature to its most accurate purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Speeds an edge port into forwarding state

Disables an edge port if a BPDU is received

Prevents a port from becoming the root path under superior BPDUs

Limits and controls MAC address use on a switch port

Why these pairings

PortFast allows an edge port to immediately transition to forwarding state, skipping listening and learning. BPDU Guard disables a port if a BPDU is received, enhancing security. Root Guard prevents a port from becoming the root port by error-disabling it upon receiving superior BPDUs.

Port Security limits MAC addresses allowed on a switch port.

Exam trap

Cisco exams often test the specific purpose of each STP enhancement feature. Do not confuse PortFast with other fast-convergence features like UplinkFast or BackboneFast, and remember that BPDU Guard is a security feature, not a convergence feature.

383
MCQmedium

Exhibit: A user reports intermittent connectivity after a new switch was connected to an access port. Which feature would have prevented this by immediately disabling the port when a BPDU was received?

AnswerC

BPDU Guard is the standard protection for PortFast access ports.

Why this answer

BPDU Guard is the correct answer because it protects PortFast-enabled edge ports by immediately disabling the port upon receiving a BPDU, preventing accidental loops. Root Guard prevents the port from becoming a root port, not from BPDU reception. Loop Guard prevents alternate or root ports from becoming designated due to BPDU loss, unrelated to BPDU reception disabling.

UDLD detects unidirectional links but does not disable ports upon BPDU reception.

Exam trap

Be cautious not to confuse BPDU Guard with other guard features like Root Guard or Loop Guard, which serve different purposes.

Why the other options are wrong

A

Root Guard prevents a port from being elected as root port, not from receiving BPDUs on an access port.

B

Loop Guard prevents loops caused by BPDU loss on blocked ports, not from BPDU reception on access ports.

D

UDLD detects unidirectional links but does not disable a port when a BPDU is received.

384
MCQhard

Refer to the exhibit. A network engineer configured an EtherChannel between SW1 and SW2 using LACP. After the configuration is applied, the Port-channel 1 interface remains in a down state and does not pass traffic. The engineer runs the show etherchannel detail command on SW1. Based on the output, what is the most likely cause of the problem?

A.The native VLAN is mismatched on member interface Gi0/2.
B.The load-balancing method on the port-channel is set incorrectly to src-dst-ip.
C.The interface Gi0/1 is administratively down.
D.Spanning Tree Protocol has placed the port-channel in a blocking state due to a loop.
AnswerA

The output explicitly states 'Native vlan mismatch: local 20, partner 1' for Gi0/2, confirming that the native VLAN settings do not match, causing the port to be suspended.

Why this answer

The show etherchannel detail output includes 'Native vlan mismatch: local 20, partner 1' for interface Gi0/2. This indicates that the native VLAN configured on Gi0/2 (local VLAN 20) does not match the native VLAN advertised by the partner switch (VLAN 1). This mismatch causes Gi0/2 to be suspended ('susp') and prevents it from joining the port-channel bundle, thereby keeping the EtherChannel down.

Exam trap

Candidates often suspect STP blocking (option D) when a port-channel is down. However, the exhibit explicitly shows the native VLAN mismatch reason, not an STP state. STP information is not present in this output; the 'susp' state directly points to a configuration inconsistency.

Why the other options are wrong

B

Load-balancing configuration does not influence the bundle state of a port-channel; it only affects frame distribution. The output shows a physical/logical inconsistency, not a hashing algorithm problem.

C

Candidates may mistakenly think the whole bundle fails if one port is down, but the output clearly states Gi0/1 is operational. The failure is due to Gi0/2's native VLAN mismatch.

D

A common misconception is that any down or suspended link indicates an STP loop. However, 'show etherchannel detail' presents the explicit reason, and the native VLAN mismatch line directly contradicts this option.

385
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure PortFast and BPDU Guard on a switch interface, then verify and recover after a BPDU guard error-disable event.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The order is global config, interface, PortFast, BPDU Guard, then verification; recovery after a BPDU guard event requires clearing the error-disable state by cycling the interface.

Exam trap

Candidates often confuse the order of PortFast and BPDU Guard, or use incorrect verification commands like 'show running-config'. Remember: PortFast first, then BPDU Guard. Verification is 'show spanning-tree interface <int> detail'.

Recovery is interface cycle, not global commands or reload.

386
PBQhard

You are connected to a single switch, SW1, which is a Cisco Catalyst 2960 running Cisco IOS. Configure port GigabitEthernet0/1 as an access port for a Cisco IP phone and a PC on the same VLAN (Voice VLAN 20, Data VLAN 10). The switch must provide PoE to the phone. Additionally, configure GigabitEthernet0/2 as an access port for a wireless access point (AP) that requires PoE. Verify both configurations using the appropriate show commands. The current running-config is incomplete; you must add the necessary commands.

Hints

  • Voice VLAN is configured with a separate command on the interface.
  • PoE may be disabled; use 'power inline auto' to enable it.
  • Use 'show interfaces switchport' to confirm voice VLAN assignment.
A.interface GigabitEthernet0/1 switchport mode access switchport access vlan 10 switchport voice vlan 20 power inline auto interface GigabitEthernet0/2 switchport mode access switchport access vlan 10 power inline auto
B.interface GigabitEthernet0/1 switchport mode trunk switchport trunk allowed vlan 10,20 power inline auto interface GigabitEthernet0/2 switchport mode access switchport access vlan 10 power inline auto
C.interface GigabitEthernet0/1 switchport mode access switchport access vlan 10 switchport voice vlan 20 power inline never interface GigabitEthernet0/2 switchport mode access switchport access vlan 10 power inline auto
D.interface GigabitEthernet0/1 switchport mode access switchport access vlan 20 switchport voice vlan 10 power inline auto interface GigabitEthernet0/2 switchport mode access switchport access vlan 10 power inline auto
AnswerA
solution
! SW1
configure terminal
interface gigabitEthernet 0/1
switchport voice vlan 20
power inline auto
exit
interface gigabitEthernet 0/2
power inline auto
end
write memory

Why this answer

The configuration was missing the voice VLAN assignment on Gi0/1 and PoE settings on both ports. For Gi0/1, the command 'switchport voice vlan 20' is required to separate voice traffic from data traffic. For both Gi0/1 and Gi0/2, PoE must be enabled; by default 'power inline auto' is set, but since the ports show 'off', they may have been disabled.

The solution ensures PoE is enabled with 'power inline auto' and sets the voice VLAN correctly. Verification with 'show interfaces switchport' should show 'Voice VLAN: 20' and 'show power inline' should show 'auto' for both ports.

Exam trap

Candidates often confuse the need for a trunk port when multiple VLANs are involved, but the voice VLAN feature allows an access port to carry both data and voice traffic. Also, remember that 'power inline auto' is the default but may need to be explicitly configured if disabled. Always verify with 'show interfaces switchport' to see the voice VLAN and 'show power inline' to see PoE status.

Why the other options are wrong

B

The specific factual error is that trunk ports are used to carry multiple VLANs between switches, not for connecting end devices like phones and PCs. The correct method is to use an access port with a voice VLAN.

C

The specific factual error is that 'power inline never' explicitly disables PoE, which would prevent the phone from powering on. The correct command is 'power inline auto' to enable PoE detection and delivery.

D

The specific factual error is that the VLAN numbers are reversed. The access VLAN should be the data VLAN (10), and the voice VLAN should be 20. Swapping them would place data traffic in VLAN 20 and voice in VLAN 10, which is not the intended configuration.

387
MCQmedium

A switchport connected to an IP phone and a PC must carry user traffic and voice traffic separately. Which feature is designed for that purpose on a Cisco access port?

AnswerA

This is correct because a voice VLAN is designed to separate voice traffic from user data on the same access port.

Why this answer

The correct feature is a voice VLAN. In plain language, a voice VLAN lets the switch treat the IP phone’s traffic differently from the user PC’s traffic even though both devices may be connected through the same physical access port. The phone can tag voice traffic for the voice VLAN while the PC remains in the normal data access VLAN. This is a practical design because it keeps voice traffic logically separate, which helps with policy, QoS, and management.

This is a classic CCNA switching concept because it shows that one physical edge port can still support more than one logical traffic type in a controlled way. A standard access VLAN by itself would not provide the same voice/data separation. EtherChannel, SPAN, and native VLAN concepts solve different problems. The best answer is the feature specifically built to support phones and workstations together on one access connection while keeping their traffic logically distinct.

Exam trap

Be cautious not to confuse VLAN-related terms. Understand that voice VLAN is specifically designed for separating voice and data traffic on access ports.

Why the other options are wrong

B

EtherChannel is a technology used to combine multiple physical links into a single logical link for increased bandwidth and redundancy, but it does not separate user and voice traffic on a switchport. Therefore, it does not fulfill the requirement of carrying voice and user traffic separately.

C

SPAN (Switched Port Analyzer) is used for monitoring and capturing traffic on a switch port, not for separating user and voice traffic. It does not provide the necessary functionality to handle VLANs for voice and data traffic on a single port.

D

The Native VLAN is used for untagged traffic on a trunk port and does not separate voice and user traffic on an access port. It is not designed to handle the specific requirements of carrying both voice and data traffic separately.

388
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure a Cisco switch access port with a data VLAN and a voice VLAN.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, enter global configuration mode with 'configure terminal'. Next, select the interface using 'interface GigabitEthernet0/1'. Then, set the port to access mode with 'switchport mode access' to prevent trunk negotiation.

After that, assign the data VLAN with 'switchport access vlan 10'. Finally, assign the voice VLAN with 'switchport voice vlan 20'. This order ensures the interface is properly configured before VLAN assignment and prevents DTP from creating a trunk.

389
Multi-Selectmedium

A switch should learn one MAC address on an access port and shut the port down if a second unauthorized device appears. Which two port-security settings support that requirement?

Select 2 answers
A.switchport port-security maximum 1
B.switchport port-security violation shutdown
C.switchport protected
D.switchport nonegotiate
AnswersA, B

This limits the number of learned secure MAC addresses to one.

Why this answer

Port security enforces how many MAC addresses may be learned on a port and what happens when a violation occurs. 'switchport port-security maximum 1' limits the port to one MAC address, and 'switchport port-security violation shutdown' disables the port if a violation occurs, matching the requirement. 'switchport protected' isolates ports within a switch but does not limit MAC addresses or cause a shutdown. 'switchport nonegotiate' disables DTP negotiation, which is unrelated to port security.

Exam trap

Be careful not to confuse the different port security violation modes. Only the shutdown mode will disable the port.

390
MCQhard

A user reports that a laptop can connect to the correct SSID but repeatedly fails authentication when joining the WLAN. Which category of issue is most strongly indicated?

A.A security or authentication mismatch related to WLAN access
B.A missing OSPF router ID on the access point
C.A routed-port mismatch on the switch uplink
D.A DHCP relay problem on the client
AnswerA

This is correct because the client can discover the SSID but fails when authentication should succeed.

Why this answer

The strongest indication is a wireless security or authentication mismatch rather than a pure RF coverage problem. In practical terms, the laptop can already see and attempt to join the correct SSID, which means discovery is working. Repeated authentication failure points more directly to credentials, security settings, or authentication-policy alignment than to channel or signal absence.

This question is about recognizing the stage of failure. The client is finding the WLAN, but it is not being accepted onto it.

Exam trap

A common exam trap is selecting options related to routing protocols or DHCP relay issues when a client fails to authenticate on a WLAN. Candidates may incorrectly assume that IP configuration problems or routing mismatches cause authentication failures. However, authentication occurs before IP assignment, so DHCP or OSPF issues cannot cause repeated authentication failures.

This trap distracts from the correct focus on wireless security settings and credentials, which are the root cause when a client sees the SSID but cannot authenticate.

Why the other options are wrong

B

Incorrect. OSPF router IDs are relevant to routing protocols and do not affect wireless client authentication or SSID association processes.

C

Incorrect. Routed-port mismatches on switch uplinks affect wired network traffic forwarding but do not cause wireless authentication failures at the client level.

D

Incorrect. DHCP relay problems affect IP address assignment after authentication; since the client fails authentication repeatedly, DHCP issues are not the cause.

391
PBQmedium

You are connected to SW1 via the console. SW1 is a Layer 2 switch with two VLANs (10 - Sales, 20 - Engineering). Port G0/1 is connected to a PC in VLAN 10, and port G0/2 is connected to a PC in VLAN 20. The switch needs to be configured to allow inter-VLAN communication using an external router connected to port G0/3. Currently, the PCs cannot communicate across VLANs. Configure the switch to support Router-on-a-Stick with VLAN 10 as the native VLAN on the trunk.

Network Topology
G0/1G0/1G0/3G0/3G0/0G0/0PC1SW1R1PC2

Hints

  • Remember to set the trunk port encapsulation if needed (though modern switches default to dot1q).
  • The native VLAN on the trunk must match what the router expects.
  • Use switchport mode access for ports connecting to end devices.
A.Configure G0/1 as access VLAN 10, G0/2 as access VLAN 20, G0/3 as trunk with native VLAN 10, and allow VLANs 10 and 20 on the trunk.
B.Configure G0/1 as access VLAN 10, G0/2 as access VLAN 20, G0/3 as trunk with native VLAN 1, and allow VLANs 10 and 20 on the trunk.
C.Configure G0/1 as access VLAN 10, G0/2 as access VLAN 20, G0/3 as trunk with native VLAN 10, but do not allow VLAN 10 on the trunk.
D.Configure G0/1 as trunk with native VLAN 10, G0/2 as trunk with native VLAN 20, G0/3 as trunk with native VLAN 10, and allow VLANs 10 and 20 on all trunks.
AnswerA
solution
! SW1
vlan 10
name Sales
vlan 20
name Engineering
interface GigabitEthernet0/1
switchport mode access
switchport access vlan 10
interface GigabitEthernet0/2
switchport mode access
switchport access vlan 20
interface GigabitEthernet0/3
switchport mode trunk
switchport trunk native vlan 10

Why this answer

Access ports assign PCs to their respective VLANs. The trunk port carries multiple VLANs to the router, and setting the native VLAN to 10 ensures untagged frames on the trunk belong to VLAN 10, which the router's subinterface for VLAN 10 will handle as untagged.

Exam trap

A common trap is to leave the native VLAN as the default VLAN 1 or to forget that the native VLAN must be explicitly allowed on the trunk. Also, candidates may incorrectly configure PC-facing ports as trunks instead of access ports. Always verify the native VLAN matches the router's untagged subinterface and that the allowed VLAN list includes all necessary VLANs.

Why the other options are wrong

B

The native VLAN must match the VLAN that the router's subinterface handles as untagged. Setting it to VLAN 1 violates the requirement.

C

The trunk must carry all VLANs that need inter-VLAN communication. Excluding VLAN 10 prevents its traffic from reaching the router.

D

PCs are end devices that expect untagged frames; they should be connected to access ports, not trunk ports.

392
MCQhard

Refer to the exhibit. A network engineer is troubleshooting an EtherChannel on R1 that is not passing traffic. The output of the show etherchannel summary command is displayed. What is the most likely cause?

A.The local switch is configured with LACP passive while the remote switch is set to LACP active.
B.One side is configured with LACP active and the other side is configured with mode 'on' (static).
C.The remote switch is configured with PAgP desirable while the local switch uses LACP.
D.The port-channel member interfaces are configured as access ports, preventing LACP from negotiating.
AnswerB

The remote static mode sends no LACP PDUs, so the local LACP active ports will remain down (D) because they cannot negotiate, resulting in the port-channel being in use (SU) but no active members.

Why this answer

The exhibit shows Po1(SU) with protocol LACP, but member interfaces Gi0/1 and Gi0/2 are in state (D) – down. This indicates LACP negotiation is failing. The most likely cause is that the remote side is using static mode 'on', which does not participate in LACP and sends no PDUs, so the local LACP active side cannot form a bundle, leaving the physical ports down while the port-channel logical interface remains up.

This is confirmed by the combination of (D) flags and the LACP protocol designation without any bundled ports.

Exam trap

Candidates may see the (SU) status and assume the EtherChannel is operational, overlooking the member interface (D) flags, and then incorrectly choose LACP passive mode (A) or PAgP mismatch (C) as easier-to-identify misconfigurations.

Why the other options are wrong

A

LACP passive is not incompatible with LACP active.

C

PAgP/LACP mismatch leads to suspended state, not down; the exhibit's (D) indicates the link is not up, which points to LACP negotiation failure rather than protocol mismatch.

D

LACP negotiation is independent of the access/trunk configuration.

← PreviousPage 6 of 6 · 392 questions total

Ready to test yourself?

Try a timed practice session using only Switching questions.