Switch Implementation PBQs and Common Misconfigurations
Key Takeaways
- Switch PBQs often ask you to repair a small number of mismatched settings rather than redesign the network.
- Common failures include wrong VLAN assignment, missing trunk VLAN, native VLAN mismatch, STP root problems, and port channel inconsistency.
- Troubleshooting should move from physical link to switchport mode, VLAN membership, trunking, STP, gateway, and policy.
- A single endpoint problem usually points to an access port, cable, NIC, or DHCP issue; a whole VLAN problem often points to trunking, routing, or gateway configuration.
- Evidence such as MAC table entries, interface counters, STP status, and VLAN tables helps separate switching from routing problems.
Last updated: April 2026
Switching PBQs reward careful comparison. Usually, one VLAN, one port, one trunk, or one bundle differs from the working examples. Use the working part of the topology as your template.
Fast Troubleshooting Pattern
| Layer or feature | Check | Evidence |
|---|---|---|
| Physical | Link state, cable, optics, speed, duplex | Interface up/down, CRC errors, drops |
| Access VLAN | Correct endpoint VLAN | VLAN table, MAC address table, DHCP scope |
| Trunk | Mode, allowed VLANs, native VLAN | Trunk status and VLAN list |
| STP/RSTP | Port role and root bridge | STP state, blocked/discarding port |
| Aggregation | LACP state and member consistency | Port channel summary |
| Layer 3 gateway | SVI, router subinterface, firewall gateway | Gateway ping and route table |
| Policy | ACL, port security, 802.1X, firewall | Logs and denied counters |
Common Misconfigurations
| Misconfiguration | Symptom | Repair |
|---|---|---|
| Wrong access VLAN | Host gets wrong IP subnet or cannot reach peers | Assign correct VLAN |
| VLAN not created on switch | Port assigned but VLAN inactive or absent | Create VLAN and ensure it is allowed where needed |
| VLAN missing from trunk | One VLAN fails across uplink | Add VLAN to allowed list |
| Native VLAN mismatch | Untagged traffic behaves unexpectedly | Match native VLAN on both sides |
| Trunk connected to endpoint | Endpoint connectivity unstable or wrong | Set endpoint port to access mode |
| STP root on access switch | Inefficient paths or unexpected blocking | Set root priority on intended core/distribution switch |
| Port channel member mismatch | Member suspended or bundle down | Match speed, duplex, VLANs, MTU, and LACP mode |
| MTU mismatch | Large transfers fail while small tests pass | Align MTU end to end |
| Port security violation | Device cannot connect after MAC change | Clear violation if appropriate and correct policy |
PBQ Example: New Office Floor
Requirement:
| Device | Required network |
|---|---|
| User PCs | VLAN 110 |
| IP phones | Voice VLAN 120 |
| Wireless APs | Trunk carrying VLANs 130 and 140 |
| Uplink to distribution switch | Trunk carrying 110, 120, 130, 140 |
Likely PBQ actions:
- Configure user-facing PC ports as access VLAN 110.
- Configure phone ports with data VLAN 110 and voice VLAN 120.
- Configure AP ports as trunks only if the AP carries multiple SSIDs/VLANs.
- Configure the uplink as a trunk and allow VLANs 110, 120, 130, and 140.
- Verify the Layer 3 gateway exists for each VLAN.
PBQ Example: One VLAN Down
| Evidence | Interpretation |
|---|---|
| VLAN 20 works on access switch A | VLAN exists and local access ports can work |
| VLAN 20 fails across uplink to switch B | Trunk or STP issue likely |
| Trunk allowed list shows VLANs 10,30,40 | VLAN 20 is missing |
| Other VLANs work across the same uplink | Physical link is probably not the root issue |
The smallest correct fix is to allow VLAN 20 on the trunk. Replacing the switch, changing the IP plan, or disabling STP would not match the evidence.
Evidence Interpretation
| Output clue | Meaning |
|---|---|
| MAC learned on wrong VLAN | Access VLAN or trunk tagging issue |
| Interface administratively down | Port was disabled by configuration |
| Err-disabled port | Security, BPDU guard, link-flap, or other protection triggered |
| STP blocking | May be intentional loop prevention |
| Increasing CRC errors | Physical layer problem such as cable or optic |
| Giants counter increasing | Oversized frames or MTU mismatch |
| No MAC learned from endpoint | Cable, NIC, port state, VLAN, or security issue |
Common Traps
| Trap | Better reasoning |
|---|---|
| Change routing when the host is in the wrong VLAN | Fix Layer 2 membership first |
| Disable STP to make all links forward | Preserve loop prevention and fix root/path design |
| Add all VLANs everywhere without a reason | Carry only required VLANs to reduce scope |
| Treat one bad endpoint as a core outage | Scope the blast radius before changing shared links |
| Ignore switch management gateway | Remote management from another subnet needs a correct gateway |
Exam Tactic
When the PBQ has a working port and a broken port, compare them line by line: mode, access VLAN, voice VLAN, trunk allowed VLANs, native VLAN, STP state, port security, speed, duplex, and MTU. The answer is often the one setting that differs from the working reference.
Test Your Knowledge
A user receives an IP address from the wrong subnet after being moved to a new switchport. What should be checked first?
A
B
C
D
Test Your Knowledge
Only VLAN 50 fails across a trunk. Other VLANs on the same trunk work. What is the most likely misconfiguration?
A
B
C
D
Test Your KnowledgeMatching
Match the switch clue to the most likely area.
Match each item on the left with the correct item on the right
1
CRC errors increasing
2
STP blocking a redundant link
3
Port channel member suspended