The answer is that VLAN 30 is missing from the trunk allowed list, which directly causes the inter-VLAN failure. When a trunk port is configured with an explicit allowed VLAN list—here permitting only VLANs 10 and 20—any traffic from a VLAN not on that list, such as VLAN 30, is dropped at the trunk interface. This explains why users in VLAN 30 can communicate locally on the same access switch (since that switching happens at Layer 2 within the switch) but cannot reach the default gateway on the distribution switch, which requires the VLAN 30 frames to traverse the trunk. On the CCNA 200-301 v2 exam, this scenario tests your understanding of trunk port behavior and the `switchport trunk allowed vlan` command; a common trap is assuming that a trunk automatically passes all VLANs by default, but once you manually restrict the list, any omitted VLAN is blocked. Remember the memory tip: "Allowed means only those—if it's not on the list, it doesn't exist on the trunk."
CCNA Network Services and Security Practice Question
This 200-301 practice question tests your understanding of network services and security. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. A key principle to apply: a trunk port forwards traffic for multiple VLANs by tagging frames with VLAN IDs using protocols like IEEE 802.1Q.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Exhibit
Access-SW uplink:
interface g0/24
switchport mode trunk
switchport trunk allowed vlan 10,20
User ports:
interface range g0/1-12
switchport mode access
switchport access vlan 30
Distribution switch SVI:
interface vlan 30
ip address 10.30.30.1 255.255.255.0
Users on a new access switch can reach devices in their own VLAN but cannot reach the default gateway on the distribution switch. Based on the exhibit, what is the most likely cause?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue: "most likely"
Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
VLAN 30 is missing from the allowed VLAN list on the trunk.
The trunk allows only VLANs 10 and 20, so VLAN 30 traffic never crosses the uplink. Local switching inside VLAN 30 on the access switch can still work, which is why same-VLAN communication succeeds. Adding VLAN 30 to the allowed list is the direct fix.
Key principle: A trunk port forwards traffic for multiple VLANs by tagging frames with VLANIDs using protocols like IEEE 802.1Q.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✓
VLAN 30 is missing from the allowed VLAN list on the trunk.
Why this is correct
That prevents VLAN 30 frames from reaching the distribution switch.
Clue confirmation
The clue word "most likely" in the question point toward this answer.
Related concept
A trunk port forwards traffic for multiple VLANs by tagging frames with VLANIDs using protocols like IEEE 802.1Q.
✗
The user ports should be configured as trunks.
Why it's wrong here
End-user ports should remain access ports.
When this WOULD be correct
In a different scenario where users need to connect multiple VLANs on a single port, such as in a network with multiple VLANs on a single access switch, configuring user ports as trunks would be necessary to allow traffic from multiple VLANs to traverse the same port.
✗
The SVI for VLAN 30 must be shutdown for inter-VLAN routing to work.
In a scenario where the question states that VLAN 30 is configured but the SVI for VLAN 30 is administratively down, the option would be correct. This would indicate that users in VLAN 30 cannot route traffic to the default gateway because the SVI is not active.
In a different scenario where the question states that users are unable to communicate with devices in other VLANs due to misconfigured native VLAN settings, changing the trunk native VLAN to VLAN 30 could resolve issues with untagged traffic being misrouted.
Option-by-option analysis
Why each answer is right or wrong
Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.
✓VLAN 30 is missing from the allowed VLAN list on the trunk.Correct answer▾
Why this is correct
That prevents VLAN 30 frames from reaching the distribution switch.
✗The user ports should be configured as trunks.Wrong answer — click to see why▾
Why this is wrong here
User ports should be configured as access ports, not trunks, to ensure they can communicate within their VLAN without unnecessary complexity. Configuring them as trunks would not resolve the issue of reaching the default gateway.
★ When this WOULD be the correct answer
In a different scenario where users need to connect multiple VLANs on a single port, such as in a network with multiple VLANs on a single access switch, configuring user ports as trunks would be necessary to allow traffic from multiple VLANs to traverse the same port.
Why candidates choose this
Candidates may confuse the need for VLAN communication with the concept of trunking, mistakenly believing that user ports should be set as trunks to facilitate access to the default gateway.
✗The SVI for VLAN 30 must be shutdown for inter-VLAN routing to work.Wrong answer — click to see why▾
Why this is wrong here
This option is wrong because the SVI (Switched Virtual Interface) for VLAN 30 being shut down would not prevent users in VLAN 30 from reaching their default gateway; rather, it would affect inter-VLAN routing. The issue in the original question is related to trunk configuration, not SVI status.
★ When this WOULD be the correct answer
In a scenario where the question states that VLAN 30 is configured but the SVI for VLAN 30 is administratively down, the option would be correct. This would indicate that users in VLAN 30 cannot route traffic to the default gateway because the SVI is not active.
Why candidates choose this
Candidates may choose this option because they understand the importance of SVIs in routing and might mistakenly believe that a shutdown SVI would directly impact connectivity to the default gateway for devices in the same VLAN.
✗The trunk native VLAN must be changed to VLAN 30.Wrong answer — click to see why▾
Why this is wrong here
This option is wrong because changing the trunk native VLAN to VLAN 30 does not address the issue of users not reaching the default gateway; it only affects untagged traffic on the trunk link.
★ When this WOULD be the correct answer
In a different scenario where the question states that users are unable to communicate with devices in other VLANs due to misconfigured native VLAN settings, changing the trunk native VLAN to VLAN 30 could resolve issues with untagged traffic being misrouted.
Why candidates choose this
Candidates may find this option tempting because they might confuse native VLAN settings with VLAN communication issues, thinking that adjusting the native VLAN could resolve routing problems between VLANs.
Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”
Common exam traps
Common exam trap: answer the scenario, not the keyword
A common exam trap is assuming that user ports must be trunks to enable VLAN communication beyond the local switch. In reality, user ports should remain access ports assigned to a single VLAN. Another trap is thinking that the SVI for VLAN 30 must be shut down to fix routing issues, but an active SVI is necessary for inter-VLAN routing. Additionally, candidates may incorrectly focus on native VLAN mismatches, which do not block VLAN 30 traffic if the VLAN is not allowed on the trunk. The real issue is the missing VLAN 30 in the trunk's allowed VLAN list, which prevents VLAN 30 frames from reaching the distribution switch and the default gateway.
Trap categories for this question
Command / output trap
Native VLAN mismatch is not the issue shown.
Detailed technical explanation
How to think about this question
VLAN trunks are essential for carrying multiple VLAN traffic between switches, enabling devices in different VLANs to communicate through inter-VLAN routing. A trunk link uses tagging protocols like IEEE 802.1Q to identify VLAN frames as they traverse the link. If a VLAN is not allowed on the trunk, frames tagged with that VLAN ID are dropped and never reach the next switch or router, preventing communication beyond the local switch.
In this scenario, the access switch hosts users in VLAN 30, but the trunk link to the distribution switch only allows VLANs 10 and 20. This restriction means VLAN 30 frames cannot cross the trunk, so users can communicate locally within VLAN 30 but cannot reach the default gatewaySVI on the distribution switch. The correct resolution is to add VLAN 30 to the allowed VLAN list on the trunk interface, enabling inter-VLAN routing and gateway access.
A common exam trap is confusing user access ports with trunk ports or misconfiguring the native VLAN. User ports should remain access ports assigned to a single VLAN, not trunks. Also, the native VLAN mismatch or SVI shutdown issues do not explain why VLAN 30 traffic is blocked on the trunk. Practically, understanding how VLAN tagging and allowed VLAN lists control traffic flow on trunks is critical for troubleshooting VLAN connectivity problems in Cisco networks.
KKey Concepts to Remember
A trunk port forwards traffic for multiple VLANs by tagging frames with VLAN IDs using protocols like IEEE 802.1Q.
The allowed VLAN list on a trunk interface determines which VLAN traffic is permitted to cross the trunk link.
If a VLAN is not included in the trunk's allowed VLAN list, frames from that VLAN are dropped and do not reach other switches.
Access ports connect end devices to a single VLAN and should not be configured as trunks in typical user scenarios.
An active switched virtual interface (SVI) is required on a Layer 3 device to route traffic between VLANs and provide default gateway services.
Native VLAN mismatches on trunks can cause untagged traffic issues but do not block tagged VLAN traffic from passing if allowed.
Inter-VLAN routing depends on VLAN traffic successfully traversing trunks between access and distribution switches.
Troubleshooting VLAN connectivity requires verifying trunk configuration, allowed VLAN lists, and SVI status on Layer 3 devices.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
A trunk port forwards traffic for multiple VLANs by tagging frames with VLAN IDs using protocols like IEEE 802.1Q.
Real-world example
How this comes up in practice
A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.
Related glossary terms
Concepts from this question explained
These glossary pages explain the core terms tested in this 200-301 question in full detail.
Review a trunk port forwards traffic for multiple VLANs by tagging frames with VLAN IDs using protocols like IEEE 802.1Q., then practise related 200-301 questions on the same topic to reinforce the concept.
Network Services and Security — This question tests Network Services and Security — A trunk port forwards traffic for multiple VLANs by tagging frames with VLAN IDs using protocols like IEEE 802.1Q..
What is the correct answer to this question?
The correct answer is: VLAN 30 is missing from the allowed VLAN list on the trunk. — The trunk allows only VLANs 10 and 20, so VLAN 30 traffic never crosses the uplink. Local switching inside VLAN 30 on the access switch can still work, which is why same-VLAN communication succeeds. Adding VLAN 30 to the allowed list is the direct fix.
What should I do if I get this 200-301 question wrong?
Review a trunk port forwards traffic for multiple VLANs by tagging frames with VLAN IDs using protocols like IEEE 802.1Q., then practise related 200-301 questions on the same topic to reinforce the concept.
Are there clue words in this question I should notice?
Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
What is the key concept behind this question?
A trunk port forwards traffic for multiple VLANs by tagging frames with VLAN IDs using protocols like IEEE 802.1Q.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.