Back to Cisco CCNP ENARSI 300-410 questions

Scenario-based practice

VLAN and Inter-VLAN Routing Scenarios

Practise 300-410 VLAN and trunking questions covering access ports, trunk ports, allowed VLAN lists, native VLAN, inter-VLAN routing, and command-output troubleshooting.

14
scenario questions
300-410
exam code
Cisco
vendor

Scenario guide

How to approach vlan and inter-vlan routing scenarios

VLAN misconfiguration is one of the top sources of connectivity failures in real networks and one of the most tested areas on the CCNA. These questions cover VLAN access ports, 802.1Q trunks, native VLANs, and router-on-a-stick or layer-3 switch inter-VLAN routing.

Quick answer

Routing questions usually test route selection (administrative distance, metric), how static routes are configured and when they are preferred over dynamic routing.

Administrative distance comparing routing sources.

Static route configuration: next-hop vs exit interface.

Default route propagation and the gateway of last resort.

Recursive routing table lookups.

Related practice questions

Related 300-410 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Open the full VLAN trunking answer →

An engineer applies an IPv6 ACL to filter traffic between two VLANs on a switch using a router-on-a-stick configuration. The ACL is applied inbound on the subinterface. Traffic from VLAN 10 to VLAN 20 is permitted, but return traffic from VLAN 20 to VLAN 10 is dropped. Which is the most likely explanation?

Question 2hardmulti select
Open the full VLAN trunking answer →

Which TWO actions will prevent a Cisco IOS router from acting as a DHCPv4 server for a specific VLAN? (Choose TWO.)

Question 3hardmultiple choice
Open the full VLAN trunking answer →

A network engineer configures a DHCP snooping trusted port on a switch to allow a legitimate DHCP server. However, clients connected to untrusted ports on the same VLAN cannot obtain IP addresses. The DHCP server is reachable and the switch shows no DHCP snooping drops. Which is the most likely explanation?

Question 4hardmultiple choice
Open the full VLAN trunking answer →

A router configured as a DHCPv6 relay agent is not forwarding DHCPv6 requests from clients to the server. The relay interface has 'ipv6 dhcp relay destination' configured. Clients are on a different VLAN. Which is the most likely explanation?

Question 5hardmultiple choice
Open the full VLAN trunking answer →

An engineer configures DHCP snooping on a switch to prevent rogue DHCP servers. After enabling, legitimate DHCP clients on VLAN 10 cannot obtain addresses. The DHCP server is connected to a trusted port. The switch shows 'show ip dhcp snooping binding' with no entries. Which is the most likely explanation?

Question 6mediummultiple choice
Open the full VLAN trunking answer →

An engineer is troubleshooting a network where IPv6 hosts on VLAN 20 are unable to communicate with each other. The switch is configured with IPv6 First Hop Security features including Private VLAN (PVLAN) and IPv6 Source Guard. The hosts are in the same VLAN but cannot ping each other. What is the most likely cause?

Question 7mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting an IPv6 neighbor discovery issue on a switch running IOS-XE. Hosts on VLAN 100 are intermittently losing connectivity to the default gateway. The switch is configured with IPv6 First Hop Security features including RA Guard and DHCPv6 Guard. The engineer notices that the switch is dropping valid Router Advertisements from the legitimate router. What is the most likely cause of this issue?

Question 8hardmultiple choice
Open the full VLAN trunking answer →

An engineer is troubleshooting an IPv6 connectivity issue where hosts on VLAN 10 cannot reach the internet. The switch is configured with IPv6 First Hop Security features including RA Guard and DHCPv6 Guard. The legitimate router is connected to port Gi1/0/1. The engineer notices that the router is sending RAs, but hosts are not receiving them. The switch shows that RA Guard is dropping packets on port Gi1/0/1. What is the most likely misconfiguration?

Question 9mediummultiple choice
Open the full VLAN trunking answer →

A network engineer runs the following command on Router R1:

R1# show ipv6 snooping binding

IPv6 Address MAC Address VLAN Interface State 2001:DB8:1::100 aaaa.bbbb.cccc 10 Gi0/0/0 ACTIVE 2001:DB8:1::101 aaaa.bbbb.cccd 10 Gi0/0/0 ACTIVE 2001:DB8:1::102 aaaa.bbbb.ccce 10 Gi0/0/1 ACTIVE 2001:DB8:1::103 aaaa.bbbb.cccf 10 Gi0/0/1 ACTIVE

Based on this output, which statement is correct?

Question 10hardmultiple choice
Open the full VLAN trunking answer →

A large enterprise network is experiencing intermittent IPv6 connectivity loss for hosts on VLAN 100. Router R1 has the following relevant configuration:

interface GigabitEthernet0/0.100
 encapsulation dot1Q 100

ipv6 address 2001:DB8:1:100::1/64 ipv6 nd raguard ipv6 nd prefix default ipv6 dhcp relay destination 2001:DB8:1:200::1 !

Router R2 shows: debug ipv6 dhcp relay output indicates that DHCPv6 requests from VLAN 100 are being relayed, but the server never receives the SOLICIT messages. What is the root cause?
Question 11hardmultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting IPv6 neighbor discovery issues on a VLAN. Router R1 is configured with IPv6 First Hop Security features. Hosts are unable to communicate with each other, even though they have valid IPv6 addresses. Router R1 has the following relevant configuration:

interface Vlan100

ipv6 address 2001:DB8:1:100::1/64 ipv6 nd raguard ipv6 dhcp guard ipv6 source guard !

Router R2 shows: debug ipv6 nd output indicates that Neighbor Solicitations from hosts are being dropped. What is the root cause?
Question 12mediummultiple choice
Open the full VLAN trunking answer →

A network engineer runs the following command to verify IPv6 binding table:

R1# show ipv6 neighbors binding

IPv6 Address Age Link-layer Addr State Interface VLAN Policy 2001:db8::1 10 0011.2233.4455 REACH Fa0/1 10 TRUSTED 2001:db8::2 5 00aa.bbcc.ddee STALE Fa0/0 10 INSPECT 2001:db8::3 0 1111.2222.3333 INCOMP Fa0/0 10 -

What does this output indicate?

Question 13mediummultiple choice
Open the full VLAN trunking answer →

A network engineer runs the following command to verify IPv6 device tracking:

R1# show ipv6 device-tracking database

  Interface  MAC Address       VLAN  IPv6 Address                    State         Age  Policy

Fa0/0 0011.2233.4455 10 2001:db8::1 ACTIVE 10 TRUSTED Fa0/0 00aa.bbcc.ddee 10 2001:db8::2 ACTIVE 5 INSPECT Fa0/0 1111.2222.3333 10 2001:db8::3 VERIFY 0 -

What does this output indicate?

Question 14hardmultiple choice
Open the full VLAN trunking answer →

A network administrator configures 'ipv6 dhcp guard' on a switch and sets the policy to 'allow only' for a specific DHCPv6 server. However, clients are still receiving DHCPv6 replies from a rogue server on the same VLAN. The engineer verifies that the rogue server's port is not trusted. What is the most likely reason the rogue server's advertisements are not being blocked?

These 300-410 practice questions are part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style 300-410 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.