Question 1mediummultiple choice
Full question →mediummultiple choiceObjective-mapped
Which command places a switch port into access mode directly?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
switchport mode access
This is correct because it directly forces the interface into access mode.
B
Distractor review
switchport trunk allowed vlan 10
This is wrong because it modifies a trunk’s allowed VLAN list, not access mode.
C
Distractor review
switchport mode dynamic desirable
This is wrong because it is a negotiation-related setting, not a direct access-mode command.
D
Distractor review
no switchport
This is wrong because it converts the interface to Layer 3 routed-port behavior on supported devices.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A frequent exam trap is selecting 'switchport mode dynamic desirable' instead of 'switchport mode access'. While dynamic desirable enables the port to negotiate trunking with the connected device, it does not guarantee access mode and can result in the port becoming a trunk if the other side agrees. Another trap is confusing 'switchport trunk allowed vlan 10' as a way to set access mode; this command only filters VLANs on a trunk and does not change the port mode. Lastly, 'no switchport' disables Layer 2 switching on the interface, converting it to a Layer 3 routed port, which is unrelated to access mode configuration and will not carry VLAN traffic as an access port would.
Technical deep dive
How to think about this question
Switch ports on Cisco devices can operate in different modes to handle VLAN traffic appropriately. The core concept behind the 'switchport mode access' command is to configure the interface as an access port, which means it will carry traffic for only one VLAN and will not participate in trunking protocols. Access ports are designed for end devices that do not understand VLAN tagging, ensuring that frames are sent and received untagged except for the implicit VLAN membership assigned to the port. When configuring a switch port, the decision to use 'switchport mode access' explicitly sets the port to access mode, overriding any dynamic negotiation protocols such as DTP. This command is crucial because it prevents the port from becoming a trunk, which could carry multiple VLANs and cause unintended network behavior. The switchport mode access command is the definitive way to ensure the port behaves as a single-VLAN access point, which is the standard for most user-facing interfaces. A common exam trap involves confusing 'switchport mode access' with dynamic negotiation commands like 'switchport mode dynamic desirable' or commands that modify VLAN membership without setting the port mode, such as 'switchport trunk allowed vlan'. Additionally, the 'no switchport' command converts the interface to a routed port, which is unrelated to access mode configuration. Understanding these distinctions helps avoid misconfiguration that can lead to VLAN leakage, security risks, or loss of connectivity for endpoint devices.
KKey Concepts to Remember
- The command 'switchport mode access' explicitly configures a switch interface to operate as an access port, carrying traffic for a single VLAN only.
- Switch ports in access mode do not negotiate trunking and do not carry multiple VLANs, which prevents unintended VLAN tagging or trunk formation.
- The 'switchport mode dynamic desirable' command enables Dynamic Trunking Protocol (DTP) negotiation, which can result in the port becoming a trunk if the other side agrees.
- Using 'no switchport' converts a Layer 2 switch port into a Layer 3 routed port, disabling VLAN tagging and switching capabilities on that interface.
- The 'switchport trunk allowed vlan' command controls which VLANs are permitted on a trunk port but does not affect the port’s mode or access status.
- Access ports are typically used for endpoint devices like PCs, printers, or IP cameras that require membership in a single VLAN for network segmentation.
- Explicitly setting a port to access mode avoids accidental trunking, which can cause VLAN leakage and security or connectivity issues in a switched network.
- Cisco switches use the 'switchport mode' command family to define port behavior, and choosing the correct mode is essential for proper VLAN and traffic management.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
The command 'switchport mode access' explicitly configures a switch interface to operate as an access port, carrying traffic for a single VLAN only.
What is the correct answer to this question?
The correct answer is: switchport mode access — A switch port is placed into access mode with the `switchport mode access` command. In plain language, this tells the switch that the interface should behave as a single-VLAN user-facing access port rather than as a trunk or a negotiation-based port. This is the normal choice for an endpoint such as a PC, printer, or IP camera that should belong to one VLAN. This command matters because it makes the intended role of the interface explicit. That clarity is useful operationally and helps avoid accidental trunking behavior. The correct answer is the command that directly defines the switchport as access rather than assigning a VLAN without setting the role or relying on negotiation.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.