Question 792 of 2,015
VLANs and TrunkingmediumMultiple SelectObjective-mapped

Quick Answer

The answer is that the native VLAN must be the same on both ends of the 802.1Q trunk link. This is correct because the native VLAN is the only VLAN whose frames traverse the trunk without an 802.1Q tag, a design choice made to ensure backward compatibility with legacy devices that cannot interpret VLAN tags. If the native VLANs differ, the switch on one end will receive untagged frames and assign them to its own native VLAN, causing a mismatch that can break connectivity or, worse, create a VLAN hopping security vulnerability. On the ENCOR 350-401 exam, this concept tests your understanding of trunking fundamentals and often appears in a “choose two” format, with a common trap being the assumption that the native VLAN can be different on each side or that it must be VLAN 1 by default. A reliable memory tip: think of the native VLAN as the “untagged agreement”—both sides must speak the same untagged language, or the trunk will silently fail.

CCNP VLANs and Trunking Practice Question

This 350-401 practice question tests your understanding of vlans and trunking. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Which two statements about native VLANs on an 802.1Q trunk are true? (Choose two.)

Question 1mediummulti select
Open the full VLAN trunking answer →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Frames belonging to the native VLAN are transmitted untagged on the trunk link.

The native VLAN is a key concept in 802.1Q trunking. Frames on the native VLAN are sent untagged to maintain compatibility with legacy devices that do not understand VLAN tags. Both ends of the trunk must agree on the native VLAN; a mismatch can cause connectivity issues or VLAN hopping. The default native VLAN is VLAN 1.

Key principle: A trunk being up does not mean the VLAN is allowed across it. Always verify the allowed VLAN list and whether the VLAN exists on both switches.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Frames belonging to the native VLAN are transmitted untagged on the trunk link.

    Why this is correct

    802.1Q does not tag frames for the native VLAN, so they are sent as standard Ethernet frames.

    Related concept

    Access ports place end devices into a single VLAN.

  • The native VLAN must be the same on both ends of the trunk link.

    Why this is correct

    If the native VLANs differ, the switches will incorrectly place untagged frames into different VLANs, causing Layer 2 loops or connectivity issues.

    Related concept

    Access ports place end devices into a single VLAN.

  • The native VLAN can be any VLAN from 1 to 4094.

    Why it's wrong here

    While many switches allow configuring any VLAN as native, VLANs 1002-1005 are reserved for legacy Token Ring and FDDI and cannot be used as native VLANs.

  • The native VLAN is always VLAN 1 and cannot be changed.

    Why it's wrong here

    The native VLAN can be changed using the 'switchport trunk native vlan' command; it is not fixed to VLAN 1.

  • A native VLAN mismatch will cause all traffic on the trunk to be dropped.

    Why it's wrong here

    A native VLAN mismatch does not drop all traffic; it causes the switches to place untagged frames into different VLANs, which can lead to connectivity issues but not a complete drop.

Common exam traps

Common exam trap: an active trunk can still block the VLAN you need

A trunk being up does not prove every VLAN is crossing it. Check allowed VLAN lists, native VLAN mismatch, VLAN existence and access-port assignment.

Trap categories for this question

  • Command / output trap

    The native VLAN can be changed using the 'switchport trunk native vlan' command; it is not fixed to VLAN 1.

Detailed technical explanation

How to think about this question

VLAN questions usually combine access-port and trunking clues. The key is to identify whether the issue is local to one switchport, caused by the trunk, or caused by the VLAN not existing where it needs to exist.

KKey Concepts to Remember

  • Access ports place end devices into a single VLAN.
  • Trunk ports carry multiple VLANs between switches.
  • Allowed VLAN lists decide which VLANs can cross a trunk.
  • Native VLAN mismatch can create confusing symptoms.

TExam Day Tips

  • Use show vlan brief to verify access VLANs.
  • Use show interfaces trunk to verify trunk state and allowed VLANs.
  • Do not treat every same-VLAN issue as a routing problem.

Key takeaway

A trunk being up does not mean the VLAN is allowed across it. Always verify the allowed VLAN list and whether the VLAN exists on both switches.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review VLAN allowed lists, native VLAN mismatch detection, and how to verify VLAN membership with show vlan brief and show interfaces trunk. Then practise related 350-401 questions on switching, trunking, and access-port configuration.

Related practice questions

Related 350-401 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 350-401 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 350-401 question test?

VLANs and Trunking — This question tests VLANs and Trunking — Access ports place end devices into a single VLAN..

What is the correct answer to this question?

The correct answer is: Frames belonging to the native VLAN are transmitted untagged on the trunk link. — The native VLAN is a key concept in 802.1Q trunking. Frames on the native VLAN are sent untagged to maintain compatibility with legacy devices that do not understand VLAN tags. Both ends of the trunk must agree on the native VLAN; a mismatch can cause connectivity issues or VLAN hopping. The default native VLAN is VLAN 1.

What should I do if I get this 350-401 question wrong?

Review VLAN allowed lists, native VLAN mismatch detection, and how to verify VLAN membership with show vlan brief and show interfaces trunk. Then practise related 350-401 questions on switching, trunking, and access-port configuration.

What is the key concept behind this question?

Access ports place end devices into a single VLAN.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

1 more ways this is tested on 350-401

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. Which two statements about VLAN trunking using IEEE 802.1Q are true? (Choose two.)

medium
  • A.The 802.1Q tag includes a 12-bit VLAN ID field.
  • B.The native VLAN is not tagged on an 802.1Q trunk.
  • C.The native VLAN must always be VLAN 1.
  • D.The 802.1Q tag uses a TPID value of 0x88A8.
  • E.802.1Q supports a maximum of 4096 VLANs.

Why A: Correct: A is true because 802.1Q inserts a 4-byte tag after the source MAC address, which includes a 12-bit VLAN ID (0-4095). B is true because the native VLAN is not tagged; frames on the native VLAN are sent untagged to maintain backward compatibility with devices that do not understand trunking. C is incorrect because the native VLAN can be any VLAN, not just VLAN 1; it defaults to VLAN 1 but can be changed. D is incorrect because the 802.1Q tag uses a TPID of 0x8100, not 0x88A8 (which is used for Q-in-Q). E is incorrect because 802.1Q supports up to 4094 usable VLANs (1-1001 and 1006-4094), not 4096.

Last reviewed: Jun 18, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 350-401 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 350-401 exam.