VLAN troubleshooting diagnoses connectivity failures caused by misconfigured VLANs, trunk ports, and native VLAN mismatches. CompTIA Network+ N10-009 tests VLAN troubleshooting in scenarios where devices cannot communicate despite being on the same physical switch. Understanding the cause of VLAN problems — incorrect port assignments, missing VLANs, or trunk misconfiguration — is tested directly.
Practice this topic
Wrong VLAN assignment: a device is assigned to the wrong VLAN (e.g., placed in VLAN 10 instead of VLAN 20). The device cannot communicate with others in VLAN 20 even though physically nearby. The device may reach different resources than expected. Check the switch port's access VLAN assignment.
VLAN not in allowed list on trunk: traffic for a specific VLAN is not crossing a trunk link because the VLAN is not in the trunk's allowed VLAN list. Devices in that VLAN on one switch cannot communicate with devices on other switches. Check trunk port configuration — verify the VLAN is included.
VLAN not created on switch: a port is assigned to a VLAN that doesn't exist on the switch. The port may go into an inactive state. VLANs must be created on all switches that carry that VLAN (or VTP must propagate it).
Native VLAN mismatch: the two ends of a trunk port have different native VLANs configured. Untagged traffic is placed into different VLANs on each side — devices in the native VLAN on one switch appear in a different VLAN on the other switch. Causes connectivity issues and security concerns.
Verify device VLAN: confirm which VLAN a switch port is in. Check the switch port configuration. If a device has APIPA or wrong IP, it may be in the wrong VLAN (assigned to a VLAN with no DHCP server or a different DHCP scope).
Verify trunk configuration: confirm trunk ports between switches carry the correct VLANs. Check that the VLAN exists on both switches. Verify the native VLAN matches on both ends. CDP/LLDP neighbor commands show connected device information; native VLAN mismatches generate switch log warnings.
Inter-VLAN routing not working: devices in different VLANs cannot communicate. Verify Layer 3 configuration — router-on-a-stick subinterfaces or SVI (Switch Virtual Interface) configuration on Layer 3 switch. Verify the routing protocol or static routes between VLANs.
If a switch port is configured for a VLAN, the VLAN automatically exists on the switch
VLANs must be explicitly created on a switch's VLAN database. Assigning a port to a non-existent VLAN may leave the port inactive or in an error state. Create the VLAN first, then assign ports to it (unless VTP propagates it automatically)
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A network administrator adds a new workstation to a switch and configures the port as VLAN 30, but the workstation receives an APIPA address. Other workstations on VLAN 30 on the same switch work fine. What is the most likely cause?
Explanation: If other VLAN 30 devices on the same switch work (they likely have static IPs or already had DHCP leases), but the new device gets APIPA, the DHCP server may be on a different switch and VLAN 30 traffic may not be crossing the trunk — either the VLAN is not in the trunk's allowed list or the trunk itself is misconfigured. The DHCP server is reachable for local devices but not for this switch.
VTP (VLAN Trunking Protocol, Cisco) propagates VLAN database changes from a VTP server switch to VTP client switches. This can cause problems: a new switch added to the network as a VTP server with a higher revision number can overwrite the VLAN database on all switches — deleting all VLANs. Best practice: use VTP transparent mode (don't participate in VTP) or VTP version 3. Always verify VTP configuration when adding new switches to a production network.
Try free VLAN Troubleshooting practice questions with explanations, topic links and progress tracking.