Question 1Refer to the exhibit.

SW-1#sh logging
%SPANTREE-SP-2-RECV_PVID_ERR: Received BPDU with inconsistent peer
Vlan id 1 on GigabitEthernet1/2 VLAN2013.
%SPANTREE-SP-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/2 on
VLAN0001. Inconsistent peer vlan.

A multilayer switch has been configured to send and receive encapsulated and tagged frames. VLAN 2013 on the multilayer switch is configured as the native VLAN. Which option is the cause of the spanning-tree error?

A. VLAN spanning-tree in SW-2 is configured.
B. spanning-tree bpdu-filter is enabled.
C. 802.1q trunks are on both sides, both with native VLAN mismatch.
D. VLAN ID 1 should not be used for management traffic because its unsafe.

Answer: C

Explanation

These errors are generated because the native VLAN is not matched on the two switches (the native VLAN on SW-1 is not the default native VLAN 1 while the native VLAN on the other side is VLAN 1). The errors indicate that spanning tree has detected mismatched native VLANs and has shut down VLAN 1 on the trunk.

We should verify that the configurations of the native VLAN ID is consistent on the interfaces on each end of the IEEE 802.1Q trunk connection. When the configurations are consistent, spanning tree automatically unblocks the interfaces.

Question 2Refer to the exhibit.

3512xl(config)#int fastEthernet 0/1
3512xl(config-if)#switchport mode trunk
3512xl(config-if)#switchport trunk encapsulation dot1q

How many bytes are added to each frame as a result of the configuration?

A. 4-bytes except the native VLAN
B. 8-bytes except the native VLAN
C. 4-bytes including native VLAN
D. 8-bytes including native VLAN

Answer: A

Explanation

In 802.1Q, the trunking device inserts a 4-byte tag into the original frame and recomputes the frame check sequence (FCS) before the device sends the frame over the trunk link. At the receiving end, the tag is removed and the frame is forwarded to the assigned VLAN. 802.1Q does not tag frames on the native VLAN. It tags all other frames that are transmitted and received on the trunk.

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/17056-741-4.html

Question 3A network engineer must implement Ethernet links that are capable of transporting frames and IP traffic for different broadcast domains that are mutually isolated. Consider that this is a multivendor environment. Which Cisco IOS switching feature can be used to achieve the task?

A. PPP encapsulation with a virtual template
B. Link Aggregation Protocol at the access layer
C. dot1q VLAN trunking
D. Inter-Switch Link

Answer: C

Explanation

802.1Q is a industry standards based implementation of carrying traffic for multiple VLANs on a single trunking interface between two Ethernet switches. 802.1Q is for Ethernet networks only.

Question 4Which technique allows specific VLANs to be strictly permitted by the administrator?

A. VTP pruning
B. transparent bridging
C. trunk allowed VLANs
D. VLAN access-list
E. L2P tunneling

Answer: C

Explanation

We can use the “switchport trunk allowed vlan ” to specify which VLANs are allowed to go through. Other VLANs will be dropped.

Question 5For security reasons, the IT manager has prohibited users from dynamically establishing trunks with their associated upstream switch. Which two actions can prevent interface trunking? (Choose two)

A. Configure trunk and access interfaces manually.
B. Disable DTP on a per interface basis.
C. Apply BPDU guard and BPDU filter.
D. Enable switchport block on access ports.

Answer: A B

Explanation

Manually configure trunking with the “switchport mode trunk” command and manually configure access interfaces with the “switchport mode access” prevent auto trunking on that interface.

Disable DTP with the “switchport nonegotiate” so that DTP messages are not advertised out of the interface is also a good way to prevent auto trunking.

Question 6Which two protocols can be automatically negotiated between switches for trunking? (Choose two)

A. PPP
B. DTP
C. ISL
D. HDLC
E. DLCI
F. DOT1Q

Answer: C F

Explanation

There are two protocols that can be used for trunking: Inter-Switch Link (ISL) and 802.1Q. We can choose which protocol to run by the “switchport trunk encapsulation “. After that we can configure trunking mode with the “switchport mode trunk” command.

In fact this question is not clear and may cause confusion because Dynamic Trunking Protocol (DTP) is the protocol that can automatically negotiate for trunking.

Note: The DTP options can be dynamic auto, dynamic desirable, and trunk.

Question 7The network manager has requested that several new VLANs (VLAN 10, 20, and 30) are allowed to traverse the switch trunk interface. After the command “switchport trunk allowed vlan 10,20,30” is issued, all other existing VLANs no longer pass traffic over the trunk. What is the root cause of the problem?

A. The command effectively removed all other working VLANs and replaced them with the new VLANs.
B. VTP pruning removed all unused VLANs.
C. ISL was unable to encapsulate more than the already permitted VLANs across the trunk.
D. Allowing additional VLANs across the trunk introduced a loop in the network.

Answer: A

Explanation

By default all VLANs are allowed to go through a trunk but if we apply the “switchport trunk allowed vlan ” then only these VLANs are allowed to go through, other VLANs are dropped so be careful when limiting VLANs on the trunks with this command.

Question 8A manager tells the network engineer to permit only certain VLANs across a specific trunk interface. Which option can be configured to accomplish this?

A. allowed VLAN list
B. VTP pruning
C. VACL
D. L2P tunneling

Answer: A

Explanation

We can use the “switchport trunk allowed vlan ” to specify which VLANs are allowed to go through. Other VLANs will be dropped.

Question 9Refer to the exhibit.

interface GigabitEthernet 1/0/1
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 11
spanning-tree portfast
!
access_trunk_show_vlan_1.jpg

Which option shows the expected result if a “show vlan” command is issued?
A.

access_trunk_show_vlan_2.jpg
access_trunk_show_vlan_3.jpg

B.

C.

access_trunk_show_vlan_4.jpg

D.

A. Exhibit A
B. Exhibit B
C. Exhibit C
D. Exhibit D

Answer: A

Explanation

First we will explain these two commands:

switchport access vlan 10
switchport mode trunk

The first command is used for an access port whist the second is used for a trunk so why are they here at the same time? In fact this interface was set as a trunk. The “switchport access vlan 10” is still there but it does not affect the operational mode of the port -> Gi1/0/1 is a trunk port so it will not appear in the “show vlan” command.

The “switchport voice vlan 11” command here only tries to confuse you. But it does have an effect on the port: Cisco uses CDP to specify a Cisco IP Phone and will automatically place that traffic into the voice VLAN. For example if we configure like this:

interface fa0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport voice vlan 11

Then the voice traffic from a Cisco IP Phone will be placed into VLAN 11.

Cisco_IP_Phone_data_voice_VLANs.jpg

Note: In the above configuration, the data and voice use the same interface fa0/0 so it should be configured as a trunk link.

(Reference: http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_example09186a0080722cdb.shtml)

Question 10
Refer to the exhibit.

Switch_native_VLAN.jpg

A network engineer changes the default native VLAN to VLAN 999. After applying the settings on the uplinks to the core switches, the switch control traffic, such as CDP and VTP, is no longer working. The standard configuration is used for each uplink. What is wrong with the configuration?

A. The interface is administratively down.
B. The encapsulation type is incorrect.
C. The switchport mode trunk command should be first in the output.
D. The native VLAN is not present on the trunk.
E. The control traffic must be manually enabled on the new native VLAN.

Answer: D

Explanation

VLAN 1 is always used for CDP, VTP, PAgP traffic (except DTP uses native VLAN) even if VLAN 1 is not the native VLAN. If VLAN 1 is not the native VLAN then CDP, VTP, PAgP traffic will be tagged on the trunk.

In this question, after changing the default native VLAN to 999 while keeping the standard configuration on the other end, we cause a “native VLAN mismatched” error. Besides, CDP, VTP traffic is tagged on the local switch (as VLAN 1 is no longer the native VLAN) so the other end cannot understand them -> CDP, VTP traffic is dropped.

Question 11
Which command is used to verify trunk native VLANs?

A. show access ports
B. show interfaces trunk
C. show ip interface brief

Answer: B