nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Certskills CCENT question - I think the question is wrong

kloppyo

Here is the question

https://blog.certskills.com/ccent/q121/

here is the answer

https://blog.certskills.com/ccent/q121-answer/#comment-46886

And here is my reply to the author. Basically I think the question is worded incorrectly given the answers he's given. I'm guessing the blog needs to moderate comments, but understandably I am scratching my head with this so want to know asap if I am right or not.

Hi Wendell,

I've just gone through this question and appeared to have stumbled at the same hurdle as others, and I think I can see why.

First of all in the Cisco press book in chapter 7 it says "The idea is simple:if you do not know where to send it, send it everywhere, to deliver the frame. And, by the way, that device will likely then send a reply—and then the switch can learn that device’s MAC address, and forward future frames out one port as a known unicast frame."

Going back to the question, the 1st frame is from PC1 to MAC 2222.2222.2222 (the MAC of PC2). SW1 will learn PC1's MAC but then at that point if the above course text extract is taken literally then the SW should flood the frame out Fa0/2 and Fa0/3 in an attempt to learn the MAC of PC2. PC2 should then reply to the SW (again as per the course text) and in the process SW will learn the MAC address for PC2 based on the source MAC of PC2 - 2222.2222.2222.

After reading your explanation a few times I can see that the question is subtly wording such that that the 2nd frame is sent right after the 1st frame. Is this meant to infer that the 2nd frame is sent before the SW floods the 1st frame? Even if that were the case I don't understand why the switch chooses to flood the 2nd frame, but not the 1st frame given they are both destined for 2222.2222.2222. Why does SW choose to flood after frame 2 but not frame 1?

I'm wondering if maybe your question is wrong and the 1st frame should actually be going to 3333.3333.3333, as you also mentioned in a response to Anna that PC1 is actually sending a frame to PC3. The question clearly says 2222.2222.2222, which is the MAC of PC2, not PC3. In addition you've said for the 1st frame "We don’t care where this frame was forwarded, at least for this question", but you've listed the same MAC (2222.2222.2222) as where the 2nd frame was addressed to, so I think that changes things.

Can you confirm please?

What do you all think?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

clarson

The answer is correct.
But, I think the author is confusing things by saying "We don't care where this frame was forwarded". Because the reader does care where it was forwared and why.

Now. for the exercise, to get the right answer you don't need to know where the first frame was forwarded. But, it does cause confusion with reader such as yourself, who think the first frame wasn't flooded. The first frame is flooded. Just like the second frame is. And, for the same reasons.

The author could have used the first frame as reinforcement for the "mac isn't in the mac address table, the frame gets flooded" process. Or, the author could use this as a testing exercise. The cisco exams isn't always going to give you all the information, but you will get enough information to get the answer.

This is the kind of question you will see on the exam. Those that know the right answer will pass. Those that don't, need to study more.

PocketLumberjack

My guess would be that because he didn't specify the reply from PC2 the switch didn't learn the address. The 2 CCENT books I checked both specified "IF" the device responds to the broadcast the switch will learn the mac address of the unknown destination. I think the question was focused on how a switch learns address JUST off of the source address.

Also here's his answer to a similar question posted in the comments of his answer:

Hi Wendell,

could you please clarify once more this situation as i am totally confused?
I understand that SW will flood the frame in case PC3 sends to PC2 and SW doesn’t know PC2 MAC. This is all clear in situation SW does not know PC2 MAC.
But why SW did not flood frame and learn PC2 MAC for the first time, when PC1 sends the frame to 2222.2222.2222 which is PC2 MAC?
Thanks
Rade

Hi Rade,
Sure. The reason is that learning is based on the source MAC. So, that frame sent “from” aka source MAC of PC1, sent “to” destination MAC of PC2’s MAC, causes the switch to learn PC1’s MAC. It doesn’t cause the switch to learn PC2’s MAC. PC2 has to send aka be the source MAC of a frame before the switch would learn PC2’s MAC.
Wendell

ccie14023

Never assume something that was not stated in a question. Of course the idea of flood and learn is that, if PC1 sends a frame, PC2 would respond and the switch would learn the MAC address. But that's not always the case. PC2 could be down. Or PC1 could be sending some sort of UDP data that does not require a response. Part of the certification game is learning to take the question as literally as possible. This is true if you are taking CCENT or taking your CCIE lab. Never assume.

PocketLumberjack

I though UDP was only a layer 4 protocol? I was digging around to see possible reasons a layer 2 protocol wouldn't respond and I guess I didn't dig deep enough.

kloppyo

That's a fair point I hadn't considered PC2 might be down, therefore don't assume PC2 responded unless it's stated.

The author confused me by stating that the MAC was sent to PC2 both times and in the end the answer to this was based on a combination of 1) what's covered in the book and 2) 2nd guessing the wording in front of you.

Maybe this is a learning curve I need to go through as I was expecting it to be based on the concepts talked about in the text book.

OctalDump

I think it's a bad question. If you really don't make assumptions, then A and D are both possible also. A since the switch might be configured to filter frames (maybe reject all traffic from PC3's MAC, for example), and D since the switch might be faulty.

So how you answer the question is about what assumptions you are comfortable making. I think if you answer C only, then you probably do have a grasp of the fundamentals that matter (that the switch will learn MACs from the source address in the frame, and that devices usually respond to frames addressed to them) and are just being "tricked" by the language of the question.

If you are being tested more on how well you answer riddles than on the core knowledge that matters, it's a bad question. The ambiguity can easily be removed, though, by stating something like PC2 is in an unknown state (or even that these are the ONLY frames sent from the PCs on the network), the switch is functioning normally and no security measures are in place. You still test the knowledge, but it's less a test of mind reading the exam maker to divine what assumptions they think are reasonable.

ccie14023

OctalDump wrote: »

I think it's a bad question. If you really don't make assumptions, then A and D are both possible also. A since the switch might be configured to filter frames (maybe reject all traffic from PC3's MAC, for example), and D since the switch might be faulty.

But if the switch is configured with an ACL or something like that to filter frames, or if the switch might be faulty, then those are assumptions. You have to take the question as it is. You cannot think through every eventuality. The only assumption you can really make is that the switch is operating normally, because they didn't tell you otherwise.

The question was careful to state that there were no previously learned MAC addresses. It does not state that PC2 replied. Therefore, there is no way the switch could know PC2's MAC address.

Trust me, I've been a question writer and reviewer for both Juniper and Cisco, and you will see a lot of questions like this. As a reviewer I would not have sent back this question. It is clear. Granted it takes a minute to think about it. But only a minute. Think about it but don't overthink it.

kloppyo

Thanks for all the replies folks. I appreciate the input.

CiscoNet Solutions

1. The switch will examine the source and destination MAC address of inbound frame.
2. The switch will add the source MAC address of host if it isn't in the MAC address table.
3. The switch will unicast flood (MAC learning) the frame outa all ports except the port where
the frame was learned to get destination MAC address if it isn't in the MAC address table.
4. The server responds with MAC address and switch updates table.

the comment concerning cisco question phrasing subtleties is correct. read the question carefully and again.