Try 10 focused Cisco CCNA 200-301 v2.0 questions on Switching and Network Access, with explanations, then continue with IT Mastery.
Open the matching IT Mastery practice page for timed mocks, topic drills, progress tracking, explanations, and full practice.
Try Cisco CCNA 200-301 v2.0 on Web View full Cisco CCNA 200-301 v2.0 practice page
| Field | Detail |
|---|---|
| Exam route | Cisco CCNA 200-301 v2.0 |
| Topic area | Switching and Network Access |
| Blueprint weight | 25% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Switching and Network Access for Cisco CCNA 200-301 v2.0. Work through the 10 questions first, then review the explanations and return to mixed practice in IT Mastery.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 25% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original IT Mastery practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Switching and Network Access
Users on ASW1 in VLAN 10 can reach the default gateway, but no VLAN 10 traffic is observed forwarding over trunk Gi1/0/2 toward DSW2. Both uplinks are physically up, and VLAN 10 is allowed on both trunks.
Exhibit:
ASW1# show spanning-tree vlan 10
Interface Role Sts Cost Type
Gi1/0/1 Root FWD 4 P2p
Gi1/0/2 Altn BLK 4 P2p
Gi1/0/10 Desg FWD 19 P2p Edge
Options:
A. Gi1/0/2 is an alternate port blocking to prevent a loop.
B. Gi1/0/10 is the root port and is causing host isolation.
C. VLAN 10 is missing from the trunk allowed list.
D. Gi1/0/1 is a designated port and should be blocking.
Best answer: A
Explanation: Rapid PVST+ assigns a role and state per VLAN. In the exhibit, Gi1/0/1 is the root port and is forwarding toward the root bridge for VLAN 10. Gi1/0/2 is an alternate port in a blocking state, which means it is a backup path that would forward only if the current root path fails. Gi1/0/10 is a designated forwarding edge port toward the host segment. Because VLAN 10 is allowed on both trunks and the users can reach the gateway, the lack of forwarding on Gi1/0/2 is explained by spanning-tree loop prevention, not by a trunk or VLAN failure.
Root FWD, not designated or blocking.Desg FWD, which is normal for an access-facing edge port.Topic: Switching and Network Access
A client in VLAN 20 cannot obtain an IPv4 address from a DHCP server at 10.50.0.10 on another subnet. The access switch is Layer 2 only. The distribution switch has the VLAN 20 SVI and routes to the server subnet.
Packet capture summary:
| Capture point | Evidence |
|---|---|
| Client access port | DHCP Discover in VLAN 20 |
| Distribution SVI VLAN 20 | Discover received |
| Link toward server subnet | No DHCP packet sent to 10.50.0.10 |
Which configuration decision best matches the evidence?
Options:
A. Configure ip helper-address 10.50.0.10 on SVI VLAN 20.
B. Configure a static ARP entry for 10.50.0.10 on the client.
C. Configure VLAN 20 as the native VLAN on the uplink trunk.
D. Configure ip dhcp snooping trust on the client access port.
Best answer: A
Explanation: The captures show the client’s DHCP Discover is forwarded at Layer 2 inside VLAN 20 and reaches the distribution switch SVI. The failure occurs when the broadcast would need to cross a Layer 3 boundary toward the DHCP server subnet. DHCP Discover messages are broadcasts, so a router does not forward them as normal routed traffic. The correct operational fix is DHCP relay on the gateway interface for the client VLAN, using ip helper-address to send the request as a unicast to the DHCP server. This is protocol behavior, not an access-port forwarding failure.
Topic: Switching and Network Access
A switchport on SW1 was originally configured as an edge port for a single PC. It is now connected to an approved downstream access switch that must participate in Rapid PVST+. Other PC-facing ports should remain protected.
Exhibit:
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on PortFast port Gi1/0/12.
%PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/12, putting Gi1/0/12 in err-disable state
SW1# show interfaces status err-disabled
Port Name Status Reason
Gi1/0/12 Closet err-disabled bpduguard
Which configuration decision best meets the goal?
Options:
A. Disable BPDU Guard globally on SW1.
B. Remove PortFast and BPDU Guard from Gi1/0/12, then recover the interface.
C. Enable BPDU Filter on Gi1/0/12 to suppress the received BPDUs.
D. Enable Root Guard on Gi1/0/12 and leave PortFast enabled.
Best answer: B
Explanation: BPDU Guard protects edge ports by placing the interface into err-disabled state when a BPDU is received. The exhibit shows that Gi1/0/12 received a BPDU while configured as a PortFast edge port, which is expected if the port is connected to another switch. Because the downstream device is approved and must participate in Rapid PVST+, Gi1/0/12 should be reclassified as a switch-facing port by removing the edge behavior and BPDU Guard from that interface, then recovering the port. Keep BPDU Guard enabled on true host-facing ports so accidental switch connections are still blocked.
Topic: Switching and Network Access
After SW1 uplinks were converted from a single trunk to an LACP EtherChannel, users in VLAN 30 on SW1 can no longer obtain DHCP addresses. VLAN 10 users still work. The default gateway for VLAN 30 is Vlan30 on DSW1 and is up/up.
Exhibit: SW1 verification
SW1# show etherchannel summary
Group Port-channel Protocol Ports
1 Po1(SU) LACP Gi1/0/1(P) Gi1/0/2(P)
SW1# show interfaces trunk
Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 1
Port Vlans allowed on trunk
Po1 1,10,20
Options:
A. Assign the VLAN 30 gateway IP address to Port-channel1.
B. Shut and no shut the Vlan30 SVI on DSW1.
C. Configure the VLAN 30 allowed list only on Gi1/0/1 and Gi1/0/2.
D. Add VLAN 30 to the allowed VLAN list on Port-channel1.
Best answer: D
Explanation: For an EtherChannel trunk, VLAN forwarding is controlled on the logical port-channel interface. The exhibit shows Po1(SU), so the LACP bundle is operational at Layer 2, and VLAN 10 works, confirming the trunk is carrying at least some VLANs. The decisive clue is that Po1 allows only VLANs 1, 10, and 20. Because VLAN 30 is missing, SW1 cannot send VLAN 30 DHCP broadcasts or client traffic toward the DSW1 SVI. The fix is to permit VLAN 30 on the port-channel trunk. Configure trunk parameters on the port-channel, not as a standalone fix on individual member links.
Vlan30 SVI, not on the Layer 2 EtherChannel.Vlan30 on DSW1 is already reported as up/up.Topic: Switching and Network Access
A technician is checking Rapid PVST+ behavior on switch SW2 for VLAN 20. Based only on the output, which interpretation is correct?
Exhibit:
SW2# show spanning-tree vlan 20
VLAN0020
Root ID Priority 24596
Address 001b.0caa.1000
Cost 19
Port 1 (GigabitEthernet0/1)
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- ----------------
Gi0/1 Root FWD 19 128.1 P2p
Gi0/2 Desg FWD 19 128.2 P2p
Gi0/3 Altn BLK 19 128.3 P2p
Gi0/4 Desg FWD 19 128.4 Edge P2p
Options:
A. Gi0/3 is forwarding as the segment’s designated port.
B. Gi0/1 is SW2’s best path toward the root bridge.
C. Gi0/4 is SW2’s root port because it is an edge port.
D. Gi0/2 is blocking as SW2’s alternate path.
Best answer: B
Explanation: In Rapid PVST+, each non-root switch has one root port per VLAN: the forwarding port with the best path to the root bridge. The output explicitly lists Gi0/1 as Root FWD, so it is SW2’s root port for VLAN 20. Designated ports forward for their attached segment, as shown by Desg FWD on Gi0/2 and Gi0/4. An alternate port is a backup path that is currently discarding/blocking, shown here as Altn BLK on Gi0/3.
The port role and state columns are the decisive evidence; the edge indication on Gi0/4 does not make it a root port.
Desg, not Altn.Altn BLK, meaning a backup path that is not forwarding.Edge P2p describes the port type, while the role column shows Desg.Topic: Switching and Network Access
Two multilayer switches must use two physical links as one routed LACP connection for an OSPF point-to-point adjacency. The links are up, but the OSPF neighbor over Port-channel10 never forms.
Exhibit: SW1 checks
SW1# show etherchannel summary
Group Port-channel Protocol Ports
10 Po10(SU) LACP Gi1/0/1(P) Gi1/0/2(P)
SW1# show interfaces port-channel10 switchport
Administrative Mode: trunk
Operational Mode: trunk
SW1# show ip interface brief | include Port-channel10
Port-channel10 unassigned YES unset up up
Which corrective action best addresses the root cause?
Options:
A. Change LACP mode from active to on.
B. Assign /30 addresses to both physical links.
C. Create an SVI for the transit VLAN.
D. Convert the port-channel and members to routed ports.
Best answer: D
Explanation: The EtherChannel is operational, but it is operating as a Layer 2 trunk, shown by Po10(SU) and the switchport output. A routed LACP port-channel must be a Layer 3 interface, so the physical member interfaces and the port-channel should be configured with no switchport. The routed IP address belongs on Port-channel10, not on the individual member interfaces. After the peer is configured the same way with the matching subnet, OSPF can form over the logical routed interface.
The key distinction is that LACP bundles the links, but no switchport determines whether the bundle is used as a routed interface.
on disables LACP negotiation and does not fix the Layer 2 trunk state.Topic: Switching and Network Access
A help desk ticket reports that a desktop connected to switch port Gi1/0/12 cannot reach the user network. The desktop should be an ordinary edge host in VLAN 20, not a phone, AP, switch, or virtualized host uplink. What is the best next action based on the exhibit?
Exhibit:
SW1# show interfaces gi1/0/12 switchport
Name: Gi1/0/12
Administrative Mode: trunk
Operational Mode: trunk
Access Mode VLAN: 20 (Users)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1,20,30
Options:
A. Change the trunk native VLAN to VLAN 20.
B. Configure the port as an access port in VLAN 20.
C. Move the desktop to VLAN 1.
D. Allow only VLAN 20 on the trunk.
Best answer: B
Explanation: The exhibit shows that Gi1/0/12 has Access Mode VLAN: 20, but the port is administratively and operationally a trunk. The access VLAN setting is used when the port operates as an access port; it does not make an active trunk behave like a normal untagged desktop edge port. For an ordinary edge host, the port should be configured as an access port and assigned to the intended VLAN, such as switchport mode access with switchport access vlan 20. Trunk settings are appropriate for links that carry multiple VLANs to another switch, AP, phone design, firewall, or virtualization host uplink. The key distinction is operational mode: access for one untagged edge-host VLAN, trunk for multiple VLANs with tagging.
Topic: Switching and Network Access
A user in VLAN 20 reports that local applications work, but servers in other subnets are unreachable. The access switch is also the default gateway for VLAN 20.
Exhibit:
Client IPv4 address: 192.168.20.45
Client mask: 255.255.255.0
Client gateway: 192.168.20.254
Client ping 192.168.20.1 -> success
Client ping 192.168.20.254 -> timeout
Client ping 10.10.10.25 -> timeout
SW1# show ip interface brief | include Vlan20
Vlan20 192.168.20.1 YES manual up up
SW1# show ip route 10.10.10.0
O 10.10.10.0/24 [110/20] via 192.168.99.2, Vlan99
What is the best next action?
Options:
A. Troubleshoot OSPF reachability from SW1 to Vlan99
B. Add a static route to 10.10.10.0/24 on SW1
C. Correct the client default gateway to 192.168.20.1
D. Change the client subnet mask to 255.255.0.0
Best answer: C
Explanation: The evidence points to a client default gateway problem, not a routing problem on SW1. The client has a valid VLAN 20 address and can ping 192.168.20.1, which is the up/up SVI on the switch. However, the configured gateway is 192.168.20.254, and the client cannot ping that address. For off-subnet traffic such as 10.10.10.25, the client must send frames to its default gateway. SW1 also already has a route to 10.10.10.0/24, so adding a route is not the first fix. The key takeaway is to verify the endpoint IP, mask, gateway, and local reachability before changing routing.
Topic: Switching and Network Access
Documentation says Cisco switch SW1 interface Gi1/0/24 connects to a non-Cisco firewall interface ge-0/0/1. CDP shows no neighbor on Gi1/0/24, and the firewall team confirms the firewall advertises LLDP. SW1 currently has no lldp run. Which IOS XE configuration decision best supports validating the documentation with standards-based neighbor evidence?
Options:
A. Configure an LLDP management address on the firewall VLAN
B. Enable LLDP globally on SW1 and verify Gi1/0/24 neighbors
C. Convert Gi1/0/24 to a routed Layer 3 interface
D. Enable CDP globally on SW1 and verify Gi1/0/24 neighbors
Best answer: B
Explanation: LLDP is the appropriate standards-based discovery protocol for validating physical neighbor documentation between Cisco and non-Cisco devices. Because SW1 has no lldp run, it will not learn or display LLDP neighbors even if the firewall is advertising them. Enabling LLDP on SW1 allows show lldp neighbors or show lldp neighbors detail to confirm whether Gi1/0/24 actually connects to the documented firewall port. This validates the documentation without changing VLAN, trunk, or Layer 3 forwarding behavior.
Topic: Switching and Network Access
SW1 must remain the Rapid PVST+ root bridge for VLAN 20. Interface Gi1/0/24 on SW1 connects to a downstream access switch and should not allow that switch to become the root. If superior BPDUs arrive on Gi1/0/24, the port should stop forwarding until the condition is cleared. Which configuration should be applied?
Options:
A. On the downstream switch uplink, configure spanning-tree guard root.
B. On SW1 Gi1/0/24, configure spanning-tree guard root.
C. On SW1 Gi1/0/24, configure spanning-tree guard loop.
D. On SW1 Gi1/0/24, configure spanning-tree bpduguard enable.
Best answer: B
Explanation: Root guard protects the intended spanning-tree topology by preventing a port from accepting a superior BPDU that would make another switch the root bridge. It is configured on the interface that should remain a designated port toward downstream switches. If that port receives a superior BPDU, IOS places it in a root-inconsistent state and stops forwarding until superior BPDUs are no longer received. This fits the requirement because SW1’s Gi1/0/24 faces the downstream access switch that must not become root. BPDU guard is for edge ports where BPDUs should not appear at all, while loop guard solves a different problem involving missing BPDUs.
Use the Cisco CCNA 200-301 v2.0 Practice Test page for the full IT Mastery practice bank, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Try Cisco CCNA 200-301 v2.0 on Web View Cisco CCNA 200-301 v2.0 Practice Test
Read the Cisco CCNA 200-301 v2.0 Cheat Sheet on Tech Exam Lexicon, then return to IT Mastery for timed practice.