A host in VLAN 10 on Switch A cannot communicate with a host in VLAN 10 on Switch B. The trunk between the switches is up. What should you check first?

Whether VLAN 10 is allowed on the trunk link between the switches. Since both hosts are in the same VLAN (VLAN 10) and the trunk is up, the first thing to check is whether VLAN 10 is included in the trunk allowed VLAN list. Use "show interfaces trunk" to verify. If the VLAN is not allowed on the trunk, traffic for VLAN 10 won't cross between switches. OSPF is not needed for same-VLAN communication.

The output of "show etherchannel summary" shows member ports with status "(s)" (suspended). What is the most likely cause?

The member ports have mismatched configurations (speed, duplex, VLAN, or trunk settings). Suspended "(s)" status in EtherChannel means the member ports have a configuration mismatch with other members or with the port-channel interface. Common causes include different speed, duplex, VLAN assignments, trunk mode, or native VLAN settings on the member ports. All member ports must have identical configurations.

What is the effect of a native VLAN mismatch on a trunk link?

Untagged traffic will be placed in the wrong VLAN on the receiving switch. A native VLAN mismatch causes untagged traffic to be placed in the wrong VLAN on the receiving switch. For example, if Switch A sends untagged traffic for native VLAN 1, but Switch B expects the native VLAN to be VLAN 999, that traffic will be placed in VLAN 999 on Switch B. CDP will report a native VLAN mismatch warning.

A user connected to a switch port cannot get an IP address via DHCP. The DHCP server is on a different subnet. What is likely missing?

The ip helper-address command on the client VLAN gateway interface. When the DHCP server is on a different subnet from the client, the router or Layer 3 switch interface serving as the client's default gateway must have "ip helper-address" configured pointing to the DHCP server. Without this, the DHCP broadcast from the client cannot reach the server on another subnet.

Network Access Troubleshooting

Layer 2 issues can be tricky to diagnose because they don't generate the clear error messages that Layer 3 routing problems produce. This section covers the most common Layer 2 problems and how to identify them.

VLAN Troubleshooting

Host Cannot Communicate with Other Hosts

Step 1: Verify the host's VLAN assignment

Switch# show vlan brief
Switch# show interfaces GigabitEthernet0/1 switchport

Step 2: Verify the VLAN exists on all switches in the path

Switch# show vlan brief   ! VLAN must exist on each switch

Step 3: Verify the trunk allows the VLAN

Switch# show interfaces trunk   ! Check "Vlans allowed" column

Step 4: Verify inter-VLAN routing is configured (if communicating between VLANs)

Router# show ip interface brief   ! Check SVI or sub-interface is up/up

Common VLAN Problems

Problem	Symptom	Fix
Port in wrong VLAN	Host can't reach expected hosts	Reassign port to correct VLAN
VLAN not created on switch	Port goes to default VLAN 1	Create VLAN on the switch
VLAN not allowed on trunk	Traffic doesn't cross trunk	Add VLAN to trunk allowed list
SVI is down	Inter-VLAN routing fails	`no shutdown` on the SVI
Missing `ip routing`	Layer 3 switch can't route	Enable `ip routing` globally

Trunk Troubleshooting

Symptom	Possible Cause	Verification
Trunk not forming	DTP mode mismatch, or non-trunking mode	`show interfaces trunk`
Some VLANs not crossing trunk	VLAN not in allowed list	`show interfaces trunk`
Traffic in wrong VLAN	Native VLAN mismatch	`show interfaces trunk` → check Native vlan
Intermittent issues	Native VLAN mismatch warning	`show cdp neighbors detail` (reports mismatch)

EtherChannel Troubleshooting

If EtherChannel is not forming, check:

Same speed on all member ports
Same duplex on all member ports
Same VLAN assignments (for access) or allowed VLANs (for trunk)
Same trunk mode on all member ports
Same native VLAN on all member ports (for trunk)
Compatible channel modes (LACP active + passive or PAgP desirable + auto)

Switch# show etherchannel summary    ! Check channel status flags
Switch# show etherchannel detail     ! Detailed troubleshooting

Flags to watch for:

(P) — Bundled in port-channel (good)
(s) — Suspended (configuration mismatch)
(D) — Down
(I) — Stand-alone, not in channel

Wireless Troubleshooting

Issue	Possible Cause	Solution
No wireless signal	AP powered off, wrong channel	Check AP power, verify channel
Slow wireless performance	Co-channel interference, too many clients	Adjust channel plan, add APs
Client can't associate	Wrong SSID or security mismatch	Verify SSID name, check WPA2 settings
Associated but no IP	DHCP issue on wireless VLAN	Check DHCP scope, ip helper-address
Connected but can't reach network	VLAN mapping wrong on WLC	Verify WLAN-to-VLAN mapping

On the Exam: Troubleshooting scenarios are common. You may be shown a network diagram with specific configurations and asked to identify why a host cannot communicate. Always check VLANs, trunks, and routing systematically.

Cisco Certified Network Associate

2.7 Network Access Troubleshooting

Key Takeaways

Network Access Troubleshooting

VLAN Troubleshooting

Host Cannot Communicate with Other Hosts

Common VLAN Problems

Trunk Troubleshooting

EtherChannel Troubleshooting

Wireless Troubleshooting

Cisco Certified Network Associate

1Introduction

2Chapter 1: Network Fundamentals (20%)

3Chapter 2: Network Access (20%)

4Chapter 3: IP Connectivity (25%)

5Chapter 4: IP Services (10%)

6Chapter 5: Security Fundamentals (15%)

7Chapter 6: Automation and Programmability (10%)

2.7 Network Access Troubleshooting

Key Takeaways

Network Access Troubleshooting

VLAN Troubleshooting

Host Cannot Communicate with Other Hosts

Common VLAN Problems

Trunk Troubleshooting

EtherChannel Troubleshooting

Wireless Troubleshooting