Home > ICND2 – VLAN & Trunking

ICND2 – VLAN & Trunking

May 7th, 2015 in ICND2 200-101 Go to comments

Question 1

Explanation

Native VLAN frames are carried over the trunk link untagged -> A is correct.

802.1Q trunking ports carry all the traffic of all VLANs so it cannot be the secure ports. A secure port should be only configured to connect with terminal devices (hosts, printers, servers…) -> B is not correct.

The Inter-Switch Link (ISL) encapsulation requires FastEthernet or greater to operate but 802.1q supports 10Mb/s Ethernet interfaces. -> C is correct.

802.1Q supports point-to-multipoint connectivity. Although in Cisco implementation, a “trunk” is considered a point-to-point link but 802.1q encapsulation can be used on an Ethernet segment shared by more than two devices. Such a configuration is seldom needed but is still possible with the disablement of DTP negotiation. -> D is not correct (Reference: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008012ecf3.shtml)

The native VLAN that is configured on each end of an 802.1Q trunk must be the same. This is because when a switch receives an untagged frame, it will assign that frame to the native VLAN. If one end is configured VLAN1 as the native VLAN while the other end is configured VLAN2 as the native VLAN, a frame sent in VLAN1 on one side will be received on VLAN2 on the other side -> E is correct.

Question 2

Explanation

Fa0/1 of Switch11 is configured as an access link of VLAN1 so only frames in VLAN1 can communicate through the two switches. But from the output above we see there is no interface belongs to VLAN1 on Switch12 -> no hosts can communicate between the two switches.

Question 3

Explanation

We can’t confirm answer B is totally correct but all other answers are wrong so B is the best choice.

+ We only have 1 LAN interface on Main_Campus router with 4 subinterfaces -> answer A is not correct (although it is a bit unclear).
+ The “protocol” column of interface Serial0/1 is up so its Layer 2 is operating correctly -> answer C is not correct.
+ This router has only 1 FastEthernet interface -> answer D is not correct.
+ The “status” column of Fa0/0 is currently “up” so it is operating -> answer E is not correct.

Comments (61) Comments
  1. Saivivek
    December 26th, 2013

    Q-1: There is no Fa0/1 port listed in any of the vlans.

  2. anonymous
    January 14th, 2014

    Saivivek as I understand it, the result shown from show vlan brief, only shows access links, which would mean the missing port (Fa0/1) is set to trunk (show interface trunk will show the missing interface). Since the switches have a mismatch (one is set as a trunk while the other is set an access link), they cannot communicate. You can test this in your lab.

  3. Mlachake
    January 23rd, 2014

    anonymous..I agree with you. That is not the only possible explanation why VLANs on sw11 can not communicate with sw12.

  4. prenicule
    January 24th, 2014

    I think Q3 answer is wrong, since a router doesn’t know about trunking. When we want to configure trunking between a router and a switch, we configure the switch ONLY to trunk (switchport mode trunk) and just configure LAN subinterfaces on the router each with its own ip address (interface fa0/0.1 for example). Am I right that A is the answer?

  5. Happy
    January 26th, 2014

    @prenicule, you’re wrong.
    There is only 1 LAN interface so A is not correct.
    This is router-on-a-stick with few subinterfaces configured so it’s obvious that int fe0/0 is a trunk.
    Besides, answers C, D, and E are incorrect so B is only correct answer.

  6. tito
    February 2nd, 2014

    @happy, it is a router in a stick, it means that is is connected to different subnets by using vlans. presence of a trunk further strenghtens this argument.

  7. tito
    February 2nd, 2014

    @happy, it is a router in a stick, it means that is is connected to different subnets by using vlans. presence of a trunk further strenghtens this argument. A and B are correct.

  8. bobby
    February 8th, 2014

    For the question 3, this answer is true but confuse because the port FastEthernet 0/0 mustn’t be in trunk port but in access port.

    In fact, only the port at the switch which is connected to the interface FastEthernet 0/0 on the router should be in trunking but not unlike.

  9. Vortonis
    February 28th, 2014

    Question 1 answer E.

    Your explanation is “Must” which I agree. If you do not have the exact same Vlan as Native. The switch is going to give you the “Native VLAN MisMatch”. The answer says “should”, should means that If you dont have the Native VlAN ID’s match than it is ok also. NOT TRUE.

    In terms of the ICDN2 Answer D is way out of scope.

  10. Maxmesr
    March 13th, 2014

    ok Guys about the Q3, in the Student Guide of ICND1, Said textually ‘The configuration between a router and switch is sometimes referred to as a router on a stick. the “Router interface is configured to operate as a trunk link” and is connected to a switch port that is configured in trunk mode’

    I think the answer is B for that

  11. Maxmesr
    March 13th, 2014

    other thing is Remenber that, you need configure each subinterface on a router with the encapsulation dot1q, the router have the trunk encapsulation for can work

  12. Danny
    March 18th, 2014

    Are you sure VLANS, trunking, inter VLAN Routing and switch security are on the new ICND2 exam?
    the cisco website lists them as topics under ICND1 and not ICND2:
    http://www.cisco.com/web/learning/exams/list/icnd1b.html#~Topics
    http://www.cisco.com/web/learning/exams/list/icnd2b.html#~Topics

  13. Nelson
    March 30th, 2014

    Q2: My opinion is that the answer is correct(D),but the real reason is that the interfaces Fa0/1 in both switches should be configured as a trunk and not as an access port between the endpoint a of the link .

  14. Nelson
    March 30th, 2014

    I just realized that bobby made the same comment earlier.Sorry.

  15. Richard
    April 8th, 2014
  16. mike
    April 10th, 2014

    on Q3..answer A states “The LAN **interfaces** are configured on different subnets”…surely we don’t see the LAN interfaces…just the LAN *sub*interfaces.

    i think B is the only correct answer there.

  17. mike
    April 14th, 2014

    Took ICND2 earlier today, 986 / 1000.

    Questions 2, 3, from this page were on there.

    Re my above note, answer B was the only answer you need for question3.

  18. mike
    April 23rd, 2014

    Hi Justin. see my note towards the bottom of the “share your ICND2 experiences” page.

    basically this site is hugely helpful, but you will definitely also need a book and i would recommend downloading some past exam questions using examcollection.com. You will need to pay £20 for the s/w to view those exams but it’s well worth it imho.

  19. fez
    May 8th, 2014

    2,3 were there

    Passed today 1000. Got different configuration of the Eigrp & frame Relay labs where there were different DLCIs and IP addresses, but same process was used to get answers (show commands, show ip protocols, show ip interface brief ).

    A question about GLBP and a question about netflow were on my test. You can find them here: http://www.examtut.com/2013/09/new-questions-in-ccna-200-120-hsrp-vrrp.html

    Study 9tut and this guy i found him really helpful. He has unique way of teaching http://www.danscourses.com If you can do all his videos again and again. Trust me you will get the concept. Also one thing i learned today is if you don’t know the concept it’ll be hard for you in the exam.

    All the best to every one in their path. Keep me in your good wishes.

  20. izzarazzu
    June 27th, 2014

    Took the exam today. Pass 986/1000. Q2, Q3 were on there.
    Thanks 9tut.

  21. ALI
    July 7th, 2014

    All the Qs was in there

  22. CCNA
    August 14th, 2014

    Passed ICND2 today with 933/1000 , Three sims Frame relay, EIGRP and OSPF from here. Some questions were not from here relating to RSTP.

  23. Ant
    August 20th, 2014

    Tested today, 8/20. #3 was on there.

  24. NC
    August 26th, 2014

    Im still confused by Q3…. The router will be configured with “Sub interfaces”, it will not be configured as a trunk… the SWITCH will have its port configured as a trunk.

    My guess would be A… but i suppose without the Mask you cannot say for sure if the sub interfaces are in different subnets…. Horrible question!

  25. josh
    September 3rd, 2014

    Q3- because there are subinterfaces configured, which you can see in the output, means that there has to be a trunk link.

  26. josh
    September 17th, 2014

    you see the fastethernet ports are configured as .1, .2,.3,.4- they are subinterfaces that are part of 802.1Q frame relay, the link therefore has to be a trunk to carry the information.

  27. Georges
    September 27th, 2014

    took the exam today and pass with 907. Question 3 was on there, the others weren’t. location United States Florida.

    test ICND 2

    Thanks 9tut

  28. N8
    September 30th, 2014

    Took ICND2 today 986/100. 3 was on there. Thanks 9TUT

  29. NortySP
    November 3rd, 2014

    Regarding Q3. Configuration of Router on the stick includes on on each subinterface to enter command encapsulation dot1q vlan-id … and DOT1Q is trunking protocol. So answer B seems legit.

  30. BitHead
    November 7th, 2014

    Q3 try and configure an Ethernet sub interface with an IP address without configuring the encapsulation dot1q command.. see what happens… error… why… that command specifies the trunk encapsulation used on the interface and the vlan associated with the sub interface… routers cannot negotiate trunking.. you have to manually configure trunking using that command… so if u see an fa0/or g ethernet sub interface with an ip address in a show command then trunking is in effect…

  31. Fishy
    November 20th, 2014

    I dunno. Fair enough that the interface is using a trunking protocol, but that’s not the same as it being configured as a trunk. To me, it’s perfectly legitimate to refer to a sub-interface as an interface. It’s a type of interface; a logical interface. Referring to 4 sub interfaces as ‘interfaces’ doesn’t, to me, invalidate the question, whereas no amount of “running dot1q” is going to make that interface configured as a trunk. That’s something you do to switchports, not routed ports.

    But, I’m not a CCIE, so go with what you feel I guess.

  32. bee
    December 29th, 2014

    for question 3 b is correct because the meaning of trunk links is a ppp or 802.1q link between two network devices that carries more than one VLAN or subinterface.

  33. marthin
    January 6th, 2015

    Hi all.

    Im preparing on ICND 1 test but now i see that Vlans and trunking is not an part of ICND 1 , but they are in book for icnd 1 .

    Could somebody confirm that if its part of ICND 1 or not ?

    Thanks

  34. Coop
    January 17th, 2015

    no plan and trunking were not on the ICND1 i take the ICND 2 tomorrow i will let you all know what was on it!!

  35. John
    January 20th, 2015

    Question 1
    I believe answers A,C,E are correct. Answer B should read 802.1Q trunking ports CANNOT also be secure ports. Trunking ports can be configured with port security and that is why the wording CANNOT makes answer B wrong.

  36. John
    January 21st, 2015

    @Coop
    How was your exam?

  37. Anonymous
    January 23rd, 2015

    question 3 is silly……I kept looking for any option that pointed out that this scenario is IMPOSSIBLE….the router IOS won’t let you put four ips from the same subnet on four separate sub-int anymore then it’d allow you to put the same ip on them.

  38. anon
    February 13th, 2015

    Guy above me is right, in question 3 all the subinterfaces have to be in different subnets, you can try it in packet tracer.

    As for the port being trunk – you don’t configure trunking on routers on CCNA level.

  39. stevy0
    February 14th, 2015

    You do configure trunking on routers at CCNA level…its a critical part of Router on a Stick. In the real world really both A and B are correct; you would have several different VLANs which will have their own subnet AND trunking is needed to allow multiple VLANs to share the same physical interface

    Assume here we have VLAN 10,20,30 and 40 corresponding to each of the sub-interfaces

    The config on the router would be like this:

    Main_Campus# configure terminal
    Main_Campus(config)# interface fa0/0.1
    Main_Campus(config-subif)# encapsulation dot1q 10
    Main_Campus(config-subif)# ip address 192.168.1.254 255.255.255.0
    Main_Campus(config-subif)# interface fa0/0.2
    Main_Campus(config-subif)# encapsulation dot1q 20
    Main_Campus(config-subif)# ip address 192.168.2.254 255.255.255.0
    Main_Campus(config-subif)# interface fa0/0.3
    Main_Campus(config-subif)# encapsulation dot1q 20
    Main_Campus(config-subif)# ip address 192.168.3.254 255.255.255.0
    Main_Campus(config-subif)# interface fa0/0.4
    Main_Campus(config-subif)# encapsulation dot1q 20
    Main_Campus(config-subif)# ip address 192.168.4.254 255.255.255.0

    dot1q defines the trunking protocol followed by the VLAN ID

    I don’t really like the question, but I would stick with answer B as there is no ambiguity based on the information available. To say for sure that the interfaces were on different subnets (even though we know they would be), we would need the masks. Keep in mind that it says “from the output SHOWN”

  40. stevy0
    February 14th, 2015

    And….there is only one physical LAN interface…we all know how Cisco like to be tricky with funny wording. B is the only way to go, it’s the best answer based on the output shown.

  41. purna
    March 10th, 2015

    Question 1

    Which three of these statements regarding 802.1Q trunking are correct? (Choose three)
    A. 802.1Q native VLAN frames are untagged by default.
    this ending touch “by default” is confusing, so it possible to override this behavior and tag native vlan frames on a trunk?

    Yeah… possible answer…

    B. 802.1Q trunking ports can also be secure ports.
    There is a document on Cisco somewhere that stated some old hardware does not support port security on trunks but recent do
    (there gotta be a weird reason to have port security on trunks, but still possible)

    https://learningnetwork.cisco.com/thread/63028

    Yeah, possible answer….

    C. 802.1Q trunks can use 10 Mb/s Ethernet interfaces.
    some old version of IOS only supported trunks on Fast Ethernet and Gigabit Ethernet
    But after an upgrade to a certain IOS, trunks can be implemented on Ethernet ports

    http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921e4.html

    Yeah, possibly correct answer….

    D. 802.1Q trunks require full-duplex, point-to-point connectivity.
    “A trunk is a single transmission channel between two points” from wiki so trunks are point-to-point and they could work with both half duplex and full duplex but why in the hell half duplex

    Yeah, possibly possibly

    CISCO, are you frikking testing for CCIE or CCND?

  42. purna
    March 10th, 2015

    okay, ICND… whatever.

  43. barney
    March 20th, 2015

    passed on 3/13. questions 2 and 3 on there. tks 9tut

  44. Anonymous
    March 30th, 2015

    For anyone struggling with question 3, i would agree with stevy0.

    They are configured in different subnets, but the word here is not subinterface, its interface. The physical interface is configured with no ip address. Being in different subnets CAN BE ASSUMED from the output provided. IOS immediately tells you when you have an subnet overlap on a subinterface. I’m not sure about ethernet interfaces, but for serial interfaces, if you admin down the physical port, you can assign ip addresses in the same subnet on multiple subinterface. As soon as you no shut the physical interface, the subinterface and the physical interface will appear to be in UP/UP but after a short time, the line protocol will go down on all of your subinterface that have ip address in overlapping subnet.

    On ethernet interfaces, IOS requires that you assign the encapsulation and vlan information to the subinterfaces before an ip address can be configured. Although we don’t have a show command that specifically states that the operational/administrative mode is trunk for routed interfaces, since we have to configure the encapsulation and the operational status of the switchport would be trunk on the switch, we can assume that they are wanting B to be the answer. The definition of a trunk is carrying traffic for multiple vlans, not some show command that says its a trunk. The 4bit field in the header carries the vlan tag information provided from trunking interfaces. Just because its a layer 3 device does not mean it is not capable of being a trunk.

  45. Marco
    May 13th, 2015

    I got Q3 today in the ICND2 exam.
    Thanks 9tut.

  46. ttn
    May 16th, 2015

    Q3 today ICND2

  47. Grisha82
    June 22nd, 2015

    Q2 & Q3 got today.

  48. anon
    June 22nd, 2015

    For Q 3, B is indeed correct. Because if you try to configure a sub-interface on a router without first specifying the encapsulation type, you will get an error. Therefore, the created sub-interfaces imply that the link is configured to trunk, although we don’t see the switch configuration.

  49. Anonymous
    June 26th, 2015

    get dumps with nuggets free from this following link
    wurl. cc/dumps

  50. Anne Normous
    July 1st, 2015

    Just took the test today – 980/1000 Questions 1 and 2 were from this page. Thanks 9tuts! Also got Frame Relay, EIGRP and OSPF labs- a lot of OSPF & quite a few EIGRP questions! You guys ROCK!!

  51. Anne Normous
    July 1st, 2015

    THERE IS NO NEED FOR ANY DUMPS – just study one book (Wendel or Todd) and the you tube lessons along with 9tuts itself are enough

  52. 9tut
    July 13th, 2015

    @all: We had to move all the questions and answers out of 9tut. We can only keep the explanation. You can download the questions and answers at: https://mega.co.nz/#!oIdESYbD!yyu33vygrfKPy4rcmcbV6qW2fxINNoTokuDM3CjA_og

  53. Anonymous
    July 22nd, 2015

    What was the reason why you had to move your stuff out? Why not move domains or change web address, if pass4sure and etc can get away with it then why not 9tut

  54. Ivan
    August 2nd, 2015

    https://mega.co.nz/#!oIdESYbD!yyu33vygrfKPy4rcmcbV6qW2fxINNoTokuDM3CjA_og this reference does not work. Why?
    And where can i get this answers and questions?

  55. Asaq
    August 2nd, 2015
  56. barkoulis
    February 22nd, 2016

    Q2. Why answer 1 is no correct? if both ports of the switches are in access mode then the native vlan will pass through. The answer 1 is correct despite that there aren’t any host in vlan 1 for now. If there are in the future the will talk. Do you agree?

  57. @barkoulis
    March 3rd, 2016

    There are a few things that can explain why 1 is not correct. The biggest thing is the question states that on sw11 the port is configured as an access port, not a trunk port so other vlan traffic cannot pass through it making D correct.

  58. MIKE
    May 12th, 2016

    I HAD Q.3 AT MY EXAM TODAY … IT COULD BE A OR B
    A.The LAN interfaces are configured on different subnets.
    B. Interface FastEthernet 0/0 is configured as a trunk.
    I CHOOSED B …CAUSE AT A HE MENTION LAN INTRFACES…BUT WHEN WE TALK ABOUT ROUTER ON STICK ..WE SHOULD SAY LAN SUBINTERFACES…SO I GUESS A IS WRONG…SO I HAVE B ITS MORE SENSE THROUGH APPLYING ENCAPSULATION DOT1Q AT SUBINTERFACE

  59. Totally new in to tut
    May 26th, 2016

    Hello Mike ,

    I m quite confused on Q.3 may i ask you that how did it go with your answer “B” id thats what you have choosen ?
    regards

  60. PS
    August 29th, 2016

    Hi All is this questions are still valid as I am going to appear for this exam in 1-2 weeks? Please tell me? else please send valid dumps/link at {email not allowed}

  61. PS
    August 29th, 2016

    Hi All is this questions are still valid as I am going to appear for this exam in 1-2 weeks? Please tell me? else please send valid dumps/link at parmpreet.sandhu1 at gmail dot com