CCNA

What is the purpose of VLANs?

To logically separate networks at Layer 2, reducing broadcast domains and improving security and performance.

What happens if a VLAN is not allowed on a trunk?

Traffic for that VLAN will not pass between switches.

Do devices in the same VLAN need a router to communicate?

No, Layer 2 switching is sufficient.

What command controls which VLANs pass over a trunk?

switchport \ trunk \ allowed \ vlan

Why is an SVI (Switch Virtual Interface) needed?

To give a VLAN a Layer 3 gateway for communication outside the VLAN.

Can a switch have an IP address?

Yes — via an SVI, usually for management or routing.

What happens if a VLAN has no SVI or router interface?

It cannot communicate with other VLANs.

What triggers a port-security violation?

A MAC address not allowed on the port sends traffic.

What is the default port-security violation action?

Shutdown (err-disabled).

How do you recover an err-disabled port?

shutdown then no \ shutdown (or errdisable recovery).

Why is port security used?

To prevent unauthorized devices from accessing the network.

What is the purpose of Spanning Tree Protocol (STP)?

To prevent Layer 2 loops.

Which switch becomes the root bridge in STP?

The switch with the lowest bridge ID (priority + MAC).

Why might you manually choose a root bridge?

To control traffic flow and optimize paths.

Can different VLANs have different root bridges?

Yes (PVST - Per-VLAN Spanning Tree).

What does PortFast do?

Immediately places an access port into the forwarding state.

Why should PortFast NOT be used on trunk ports?

Because trunks may connect to switches, risking loops.

What does BPDU Guard do?

Shuts down a PortFast port if a Bridge Protocol Data Unit (BPDU) is received.

Why might BPDU Guard not “show” in STP output?

It only triggers when a BPDU is received.

If a PC can ping the same VLAN but not other VLANs, what layer is the issue?

Layer 3 (routing / gateway).

What are two causes for a PC not getting DHCP when the VLAN exists?

Missing DHCP scope, missing helper address, or trunk VLAN missing.

In what order should you troubleshoot network issues?

Physical → VLAN → Trunk → IP → Routing → Services

What protocol is used for VLAN tagging on Ethernet trunks?

IEEE 802.1Q

What happens if the native VLANs do not match on a trunk?

Traffic may leak between VLANs and STP issues may occur.

Does the native VLAN carry tagged or untagged traffic?

Untagged traffic.

Can an access port carry more than one VLAN?

No.

Which command shows whether a port is access or trunk?

show \ interfaces \ switchport

What is Router-on-a-Stick (ROAS)?

Inter-VLAN routing using a single trunk link between a router and a switch.

What must be configured on router subinterfaces for ROAS?

1. Encapsulation (encapsulation \ dot1q \ [vlan-id])

2. IP address (gateway)

If PCs can ping their gateway but not other VLANs, what is likely missing?

Routing between VLANs or router subinterface misconfiguration.

What is the purpose of DHCP?

To automatically assign IP configuration to hosts.

What is the default DHCP lease behavior?

Temporary IP assignment that must be renewed.

Why is ip \ helper-address used?

To forward DHCP broadcasts to a remote DHCP server across subnets.

On which interface is ip \ helper-address configured?

The gateway interface (SVI or subinterface) for the client VLAN.

What happens if a DHCP pool overlaps another network?

DHCP may fail or assign incorrect addresses.

Which switch becomes root bridge by default in STP?

The switch with the lowest MAC address (if priorities reach a tie).

What is the default STP priority?

32768

What are the STP port states?

Blocking, Listening, Learning, Forwarding, and Disabled.

What port role forwards traffic toward the root bridge?

Root port.

What port role blocks redundant paths in STP?

Alternate port.

Why does PortFast exist?

To allow end devices to connect quickly without encountering STP transition delays.

What happens if a BPDU is received on a BPDU Guard–enabled port?

The port is put into an err-disabled state.

Why is BPDU Guard used with PortFast?

To protect the network from accidental loops occurring on edge ports.

Where should PortFast be enabled?

On access ports connected to end devices only.

What is EtherChannel?

Multiple physical links bundled into one logical link to increase bandwidth and redundancy.

What happens if EtherChannel is misconfigured?

STP may block redundant ports or a loop may occur.

Must all EtherChannel member ports match configuration?

Yes (speed, duplex, VLANs, and trunking mode).

What type of NAT allows many private devices to share one public IP?

PAT (Port Address Translation).

Why is NAT commonly used?

To conserve public IPv4 addresses.

What is an ACL used for?

To permit or deny traffic based on defined rules.

Where are extended ACLs ideally placed?

As close to the source as possible.

What is the implicit rule at the end of every ACL?

deny \ ip \ any \ any

How many bits is an IPv6 address?

128 bits.

What does :: represent in IPv6?

A compressed series of zeros (used once per address).

Which wireless security protocol is currently most secure?

WPA2 or WPA3

What is an SSID?

The wireless network name (Service Set Identifier).

What device connects wired and wireless networks?

Wireless Access Point (AP).

If a PC cannot ping its gateway, what should you check first?

IP address, subnet mask, and VLAN assignment.

If a PC can ping the gateway but not the internet, what is the likely issue?

A routing issue or NAT configuration error.

If a switch is reachable via console but not SSH, what should you check?

Management IP, VTY line config, transport input, domain name, and RSA keys.