Courseiva
Troubleshooting MethodologyCCNA 200-301

New Device Added — Cannot Reach Network Resources

Presenting Symptom

A newly connected PC cannot ping the default gateway or any other network resources, while existing devices work fine.

Network Context

Small branch office with a single Cisco Catalyst 2960 switch (IOS 15.0) connected to a Cisco 4321 ISR router. The switch has multiple VLANs: VLAN 10 (192.168.10.0/24) for data, VLAN 20 (192.168.20.0/24) for voice. The new PC is connected to an access port on the switch, configured for VLAN 10. Other PCs in VLAN 10 can reach the gateway and internet.

Diagnostic Steps

1

Check PC IP configuration

ipconfig (Windows) or ifconfig (Linux/Mac)
IPv4 Address: 192.168.10.50
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.10.1

Verify the PC has an IP address in the correct subnet and the gateway is set. If the PC has an APIPA address (169.254.x.x), DHCP is failing. If the IP is static, ensure it matches VLAN 10 subnet.

2

Check switch port status and configuration

show interfaces status | include GigabitEthernet0/1
Port        Name               Status       Vlan       Duplex  Speed Type
Gi0/1       PC-New             connected    10         a-full  a-100 10/100/1000BaseTX

Ensure the port is 'connected' and in the correct VLAN (10). If status is 'notconnect' or 'err-disabled', check cabling or port security. If VLAN is wrong, the port is in the wrong VLAN.

3

Verify VLAN exists and is active

show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/2, Gi0/3
10   Data                             active    Gi0/1, Gi0/4
20   Voice                            active    Gi0/5
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Confirm VLAN 10 is listed as 'active' and the port (Gi0/1) is in the Ports column. If VLAN 10 is missing, it hasn't been created. If the port is not listed, it may be in a different VLAN or trunking.

4

Check if the port is in access mode and not trunking

show running-config interface GigabitEthernet0/1
interface GigabitEthernet0/1
 switchport mode access
 switchport access vlan 10
 spanning-tree portfast

Ensure 'switchport mode access' and 'switchport access vlan 10' are present. If 'switchport mode trunk' or 'switchport mode dynamic desirable' appears, the port may be negotiating a trunk, causing the PC to not communicate. Also check for 'switchport nonegotiate' if needed.

5

Verify the default gateway is reachable from the switch

ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

If the switch can ping the gateway, the issue is likely on the PC side (e.g., firewall, incorrect gateway). If the switch cannot ping, the problem is upstream (router interface down, VLAN mismatch on trunk to router, or router not configured for VLAN 10).

Root Cause

The switch port connecting the new PC was configured as a trunk port (or dynamic desirable) instead of an access port, causing the PC to be unable to communicate because it does not understand 802.1Q tagging. Alternatively, the port was in the wrong VLAN or the VLAN was not created.

Resolution

Reconfigure the switch port to access mode and assign it to the correct VLAN: interface GigabitEthernet0/1 switchport mode access switchport access vlan 10 spanning-tree portfast end write memory

Verification

Run 'show interfaces status | include Gi0/1' to confirm the port is connected and in VLAN 10. Then from the PC, ping the default gateway (192.168.10.1) — should succeed. Also verify with 'show running-config interface Gi0/1' to confirm the configuration.

Prevention

1. Use a consistent port configuration template when adding new devices, ensuring ports are set to access mode and assigned to the correct VLAN. 2. Enable CDP or LLDP to detect mismatched configurations. 3. Implement port security and BPDU guard to prevent misconfigurations from causing issues.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario appears in troubleshooting questions where a host cannot reach network resources. The exam tests the ability to identify misconfigured switch ports (access vs trunk, VLAN assignment) using show commands. Candidates must know the difference between access and trunk ports and how to verify VLAN membership.

Exam Tips

1.

Remember that a trunk port expects tagged frames; a PC sends untagged frames, so a trunk port will drop them or cause communication failure.

2.

Use 'show vlan brief' to quickly see which ports are in which VLAN; if a port is missing from the VLAN list, it may be in trunk mode.

3.

The command 'show interfaces trunk' lists all trunking ports; if you see an unexpected trunk, that's likely the problem.

Commands Used in This Scenario

ping [ip]

The ping command sends ICMP echo requests to a destination IP address to test network connectivity and measure round-trip time.

show interfaces status

Displays a summary of all switch interfaces including their status, VLAN, duplex, speed, and type, used to quickly verify interface connectivity and configuration.

show vlan brief

Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports, used to quickly verify VLAN configuration and port assignments.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions