🔀 Ethernet Switching & VLANs - CCNA Practice Questions

Master Layer 2 switching concepts including MAC address tables, VLANs, trunking (802.1Q), EtherChannel, STP, RSTP, and inter-VLAN routing for the CCNA exam.

21Questions Available
2Exam Domains

Practice Switching Questions Now

Start a timed practice session focusing on Ethernet Switching & VLANs topics from the CCNA question bank.

Start CCNA Practice Quiz →

CCNA Switching Question Bank (21 Questions)

Browse all 21 practice questions covering Ethernet Switching & VLANs for the CCNA certification exam. Each question includes the full answer and a detailed explanation to help you understand the concepts.

  1. Question 1Network Access

    What happens to frames belonging to the native VLAN on an 802.1Q trunk?

    AThey are tagged with the native VLAN ID
    BThey are sent untagged
    CThey are dropped
    DThey are encapsulated in ISL
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    802.1Q sends native VLAN frames untagged across the trunk. This is a key difference from ISL, which tags all frames.

  2. Question 2Network Access

    Which command configures a switch port as a trunk?

    Aswitchport mode access
    Bswitchport mode trunk
    Cswitchport trunk allowed vlan all
    Dswitchport nonegotiate
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    'switchport mode trunk' forces the port into trunking mode. 'switchport mode access' sets it as an access port. 'switchport nonegotiate' disables DTP.

  3. Question 3Network Access

    What is the difference between LACP and PAgP for EtherChannel?

    AThey are identical
    BLACP is the IEEE 802.3ad standard (active/passive modes); PAgP is Cisco proprietary (desirable/auto modes)
    CPAgP is the industry standard
    DLACP only supports 2 links
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    LACP (802.3ad): industry standard, modes active (initiate) and passive (respond). PAgP: Cisco proprietary, modes desirable (initiate) and auto (respond). Both negotiate EtherChannel formation. LACP supports up to 16 links (8 active + 8 standby).

  4. Question 4Network Access

    What are the port states in Rapid Spanning Tree Protocol (RSTP)?

    ABlocking, Listening, Learning, Forwarding, Disabled
    BDiscarding, Learning, and Forwarding — RSTP consolidates STP's Blocking, Listening, and Disabled into Discarding
    CActive and Inactive
    DUp and Down
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    RSTP (802.1w) simplifies STP states: Discarding (combines blocking/listening/disabled — no data forwarding), Learning (building MAC table), Forwarding (active). RSTP converges in seconds vs. 30-50 seconds for legacy STP.

  5. Question 5Network Access

    An administrator configures a trunk port between two switches. Which protocol is the IEEE standard for VLAN trunking?

    AISL (Inter-Switch Link)
    B802.1Q
    CVTP (VLAN Trunking Protocol)
    DDTP (Dynamic Trunking Protocol)
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    IEEE 802.1Q is the industry-standard protocol for VLAN tagging on trunk links. ISL is a Cisco-proprietary encapsulation (deprecated). VTP is used for VLAN database propagation, not trunking itself. DTP negotiates trunk links but does not perform VLAN tagging.

  6. Question 6Network Access

    What is the default native VLAN on a Cisco switch trunk port?

    AVLAN 0
    BVLAN 1
    CVLAN 100
    DVLAN 1002
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    By default, VLAN 1 is the native VLAN on Cisco switch trunk ports. Traffic on the native VLAN is sent untagged across the trunk link. It is a security best practice to change the native VLAN to an unused VLAN to mitigate VLAN hopping attacks.

  7. Question 7Network Access

    What is the valid VLAN ID range for extended VLANs on Cisco switches?

    A1–1005
    B1006–4094
    C1–4094
    D4095–65535
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Extended VLANs range from 1006 to 4094. Standard VLANs are 1–1005. VLAN 4095 is reserved.

  8. Question 8Network Access

    What is the default STP bridge priority value on Cisco switches?

    A0
    B4096
    C32768
    D65535
    Show Answer & Explanation
    Correct Answer: C
    Explanation:

    The default bridge priority is 32768. It can be changed in increments of 4096. Lower priority is preferred for root bridge election.

  9. Question 9Network Access

    What is the purpose of a voice VLAN on a switch port?

    ATo encrypt voice traffic
    BTo separate voice traffic from data traffic on the same access port
    CTo provide QoS for all VLANs
    DTo create a trunk for IP phones
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    A voice VLAN allows an IP phone and a PC to share one switch port. Voice traffic goes to the voice VLAN (tagged), data traffic to the access VLAN (untagged).

  10. Question 10Network Access

    What is the difference between 802.1Q and ISL trunk encapsulation?

    AISL is the current standard
    B802.1Q is the IEEE standard that inserts a 4-byte tag into the frame; ISL is Cisco proprietary that encapsulates the entire frame (deprecated)
    C802.1Q is Cisco proprietary
    DThey both insert identical tags
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    802.1Q: IEEE standard, inserts a 4-byte tag (TPID + TCI with VLAN ID) into the Ethernet frame, supports native VLAN (untagged). ISL: Cisco proprietary, encapsulates the entire frame with 26-byte header + 4-byte trailer, no native VLAN concept. ISL is deprecated.

  11. Question 11Network Access

    What are the differences between access, trunk, and routed ports on a Layer 3 switch?

    AThey all function the same
    BAccess = one VLAN (untagged), trunk = multiple VLANs (802.1Q tagged), routed = L3 port with an IP address (no switchport)
    CRouted ports don't exist on switches
    DTrunk ports only carry management traffic
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Access port: one VLAN, untagged frames, connects end devices. Trunk port: carries multiple VLANs via 802.1Q tags, connects switches/routers. Routed port: 'no switchport' converts L2 port to L3 with its own IP, used for point-to-point routing between switches.

  12. Question 12Network Access

    What happens if native VLAN settings mismatch between two trunk ports?

    ANothing — it auto-corrects
    BFrames from the native VLAN are forwarded into the wrong VLAN on the receiving switch, causing connectivity issues and security risks
    CThe trunk goes down completely
    DBoth switches reboot
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Native VLAN mismatch: untagged frames from switch A's native VLAN 1 arrive at switch B and are placed into its different native VLAN 99. This causes traffic leakage between VLANs, connectivity problems, and potential VLAN hopping attacks. CDP/LLDP will report the mismatch.

  13. Question 13Security Fundamentals

    Which security feature should be enabled on switch access ports to limit the number of MAC addresses allowed and prevent unauthorized device connections?

    ADHCP snooping
    BPort security
    CDynamic ARP Inspection (DAI)
    DPrivate VLANs
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    Port security limits the number of MAC addresses allowed on a switch port and can take action (shutdown, restrict, protect) when a violation occurs. DHCP snooping prevents rogue DHCP servers. DAI validates ARP packets against the DHCP snooping binding table. Private VLANs restrict communication between hosts in the same VLAN.

  14. Question 14Security Fundamentals

    Which type of attack involves an attacker sending frames with a spoofed MAC address to overflow a switch's MAC address table, causing the switch to flood all traffic?

    AVLAN hopping
    BMAC flooding (CAM table overflow)
    CARP spoofing
    DDHCP starvation
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    MAC flooding (CAM table overflow) sends a large number of frames with different spoofed source MAC addresses to fill the switch's MAC address table. When the table is full, the switch behaves like a hub and floods all frames, allowing the attacker to sniff traffic. Port security mitigates this attack.

  15. Question 15Security Fundamentals

    Which attack overwhelms a switch's MAC address table to force it to broadcast all traffic?

    AARP spoofing
    BMAC flooding
    CVLAN hopping
    DDNS poisoning
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    MAC flooding sends frames with many different source MACs, filling the CAM table. When full, the switch floods all frames like a hub. Port security mitigates this.

  16. Question 16Network Access

    Which EtherChannel protocol is an IEEE standard that uses LACPDU messages to negotiate bundled links?

    APAgP (Port Aggregation Protocol)
    BLACP (Link Aggregation Control Protocol)
    CPAGP
    DStatic EtherChannel (mode on)
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    LACP (IEEE 802.3ad) is the industry-standard protocol for negotiating EtherChannel bundles using LACPDU messages. PAgP is Cisco-proprietary. Static EtherChannel (mode 'on') does not use any negotiation protocol. PAgP and PAGP refer to the same Cisco-proprietary protocol.

  17. Question 17Network Access

    Which command configures a switch interface as an access port assigned to VLAN 20?

    Aswitchport mode trunk switchport trunk allowed vlan 20
    Bswitchport mode access switchport access vlan 20
    Cswitchport vlan 20 switchport mode dynamic
    Dvlan 20 interface vlan 20
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    To configure a port as an access port in VLAN 20: 'switchport mode access' sets the port as an access port (carries traffic for a single VLAN), and 'switchport access vlan 20' assigns it to VLAN 20. Trunk ports carry multiple VLANs. 'interface vlan 20' creates an SVI, not a port assignment.

  18. Question 18Network Access

    Which VTP mode allows a switch to create, modify, and delete VLANs and propagate changes?

    AServer mode
    BClient mode
    CTransparent mode
    DOff mode
    Show Answer & Explanation
    Correct Answer: A
    Explanation:

    VTP Server mode creates, deletes, and modifies VLANs and sends updates. Client mode receives updates but can't modify. Transparent forwards but doesn't participate.

  19. Question 19Network Access

    In the Rapid Spanning Tree Protocol (RSTP, 802.1w), which port role replaces the blocking state from classic STP?

    AAlternate port
    BBackup port
    CDesignated port
    DRoot port
    Show Answer & Explanation
    Correct Answer: A
    Explanation:

    In RSTP, the alternate port provides a backup path to the root bridge and is functionally equivalent to the blocking state in classic STP (802.1D). A backup port provides a backup to a designated port on the same segment. Alternate ports can quickly transition to forwarding if the root port fails.

  20. Question 20Network Access

    An engineer needs to allow only VLANs 10, 20, and 30 on a trunk link. Which command accomplishes this?

    Aswitchport trunk allowed vlan 10,20,30
    Bswitchport access vlan 10,20,30
    Cswitchport trunk native vlan 10,20,30
    Dvlan 10,20,30
    Show Answer & Explanation
    Correct Answer: A
    Explanation:

    'switchport trunk allowed vlan 10,20,30' restricts the trunk to carry only VLANs 10, 20, and 30. By default, a trunk allows all VLANs (1-4094). 'switchport access vlan' is for access ports. 'switchport trunk native vlan' sets the native VLAN (only one). 'vlan 10,20,30' creates VLANs in the database.

  21. Question 21Network Access

    In RSTP (802.1w), which port role replaces the non-designated port role from classic STP?

    ABackup port
    BAlternate port
    CEdge port
    DDisabled port
    Show Answer & Explanation
    Correct Answer: B
    Explanation:

    RSTP introduces the alternate port role, which provides a backup path to the root bridge and replaces the non-designated blocking port from STP.

Key Switching Concepts for CCNA

switchvlantrunk802.1qstprstpetherchannelmac addressspanning-treelacppagp

CCNA Switching Exam Tips

Ethernet Switching & VLANs questions in CCNA are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: switch, vlan, trunk, 802.1q, stp, rstp.

What CCNA Expects

  • Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
  • Switching scenarios for CCNA are frequently mapped to Domain 1 (20%), Domain 2 (20%), so read the objective carefully before picking controls or architecture.
  • Expect multi-service scenarios where Switching interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated service question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Associate) and managed-service best practices.

High-Value Switching Concepts

  • Know the core Switching building blocks cold: switch, vlan, trunk, 802.1q.
  • Review the edge-case features and limits for stp, rstp; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how Switching pairs with Network Fundamentals, Inter-VLAN Routing, STP in real deployment patterns.
  • For CCNA, explain why the chosen Switching design meets reliability, security, and cost expectations better than the alternatives.

Common CCNA Traps

  • Watch for answers that partially solve the requirement but miss operational constraints.
  • Questions in Network Fundamentals often include distractors that look correct for Switching but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two Switching implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Network Fundamentals (20%) outcomes for CCNA?
  • Can you explain security and access boundaries for Switching without relying on default-open assumptions?
  • Can you describe how Switching integrates with Network Fundamentals and Inter-VLAN Routing during failure, scaling, and monitoring events?

Exam Domains Covering Switching

Domain 1Network Fundamentals20%Domain 2Network Access20%

Related Resources

🎯 Free CCNA Mock Exam📝 Network Fundamentals Questions📝 Inter-VLAN Routing Questions📝 STP Questions

More CCNA Study Resources

← CCNA Study Hub30-Day Study PlanFull Practice Exam