Skip to content

Grading Checklist

A good response must include:

  • Identifies the root cause: VLAN 350 is not in the allowed VLAN list on the trunk port to esxi-node-07
  • Explains that trunk ports only carry VLANs explicitly allowed (or all VLANs if not restricted)
  • Shows the command to check the trunk allowed VLAN list (e.g., show interface trunk, show running-config interface)
  • Notes that VLANs 100 and 200 work because they ARE in the allowed list
  • Explains that tagged frames for VLAN 350 from the host are silently dropped by the switch
  • Proposes the fix: add VLAN 350 to the trunk allowed VLAN list
  • Mentions verifying that VLAN 350 exists in the switch VLAN database
  • Suggests checking for VTP pruning as an alternative cause
  • Recommends verifying with a ping test after applying the fix
  • Points out that tcpdump on the host side showing tagged frames confirms the host config is correct
  • Warns against using switchport trunk allowed vlan all without understanding the security implications
  • Suggests documenting all required VLANs for new host deployments to prevent recurrence