Home > Articles

This chapter is from the book

Troubleshoot VLANs and Trunks (3.2.4)

When first learning about switches, students have trouble knowing where to start troubleshooting. Pay particular attention to the show commands in this section to verify your configurations using the described techniques instead of simply using the show running-configuration command.

IP Addressing Issues with VLAN (3.2.4.1)

Each VLAN must correspond to a unique IP subnet. If two devices in the same VLAN have different subnet addresses, they cannot communicate. This is a common problem, and it is easy to solve by identifying the incorrect configuration and changing the subnet address to the correct one.

In Figure 3-22, PC1 cannot connect to the web/TFTP server shown.

Figure 3-22

Figure 3-22 IP Issue Within a VLAN

A check of the IP configuration settings of PC1 shown in Figure 3-23 reveals the most common error in configuring VLANs: an incorrectly configured IP address. PC1 is configured with an IP address of 172.172.10.21, but it should have been configured with 172.17.10.21.

Figure 3-23

Figure 3-23 Incorrect IP Address Problem

The PC1 Fast Ethernet configuration dialog box shows the updated IP address of 172.17.10.21. In Figure 3-24, the output on the bottom reveals that PC1 has regained connectivity to the web/TFTP server found at IP address 172.17.10.30.

Figure 3-24

Figure 3-24 Change PC IP Address

Missing VLANs (3.2.4.2)

If there is still no connection between devices in a VLAN, but IP addressing issues have been ruled out, see the flowchart in Figure 3-25 to troubleshoot.

Figure 3-25

Figure 3-25 Missing VLAN Flowchart

  • As shown in Figure 3-25, use the show vlan command to check whether the port belongs to the expected VLAN. If the port is assigned to the wrong VLAN, use the switchport access vlan command to correct the VLAN membership on a particular port. Use the show mac address-table command to check which addresses were learned on a particular port of the switch and to which VLAN that port is assigned, as shown in the following output.

    S1# show mac address-table interface fastethernet 0/1
              Mac Address Table
    ---------------------------------------
    
    Vlan    Mac Address        Type        Ports
    ----    --------------     -------     -----
    10      000c.296a.a21c     DYNAMIC     Fa0/1
    10      000f.34f9.9181     DYNAMIC     Fa0/1
      Total MAC addresses for this criterion: 2
  • Total Mac Addresses for this criterion: If the VLAN to which the port is assigned is deleted, the port becomes inactive. Use the show vlan or show interfaces switchport command to verify whether a VLAN is active.

    S1# show interfaces fastethernet0/1 switchport
    Name: Fa0/1
    Switchport: Enabled
    Administrative Mode: static access
    Operational Mode: static access
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: native
    Negotiation of Trunking: Off
    Access Mode VLAN: 10 (Inactive)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    <output omitted>

In the previous example of a MAC address table, the output shows the MAC addresses that were learned on the F0/1 interface. It can be seen that MAC address 000c.296a.a21c was learned on interface F0/1 in VLAN 10. If this number is not the expected VLAN number, change the port VLAN membership using the switchport access vlan command.

Introduction to Troubleshooting Trunks (3.2.4.3)

A common task of a network administrator is to troubleshoot trunk link formation or links incorrectly behaving as trunk links. Sometimes a switch port may behave like a trunk port even if it is not configured as a trunk port. For example, an access port might accept frames from VLANs different from the VLAN to which it is assigned. This is called VLAN leaking, which is caused by a mismatched native VLAN or misconfigured trunk.

Figure 3-26 displays a flowchart of general trunk troubleshooting guidelines.

Figure 3-26

Figure 3-26 Trunk Troubleshooting Flowchart

To troubleshoot issues when a trunk is not forming or when VLAN leaking is occurring, proceed as follows:

  • Use the show interfaces trunk command to check whether the local and peer native VLANs match. If the native VLAN does not match on both sides, VLAN leaking occurs.
  • Use the show interfaces trunk command to check whether a trunk has been established between switches. Statically configure trunk links whenever possible. Cisco Catalyst switch ports use DTP by default and attempt to negotiate a trunk link.

To display the status of the trunk, determine the native VLAN used on that trunk link and verify trunk establishment using the show interfaces trunk command. The following output shows that the native VLAN on one side of the trunk link was changed to VLAN 2. If one end of the trunk is configured as native VLAN 99 and the other end is configured as native VLAN 2, a frame sent from VLAN 99 on one side is received on VLAN 2 on the other side. VLAN 99 leaks into the VLAN 2 segment.

SW1# show interfaces f0/1 trunk

Port        Mode     Encapsulation    Status    Native vlan
Fa0/1       auto     802.1q           trunking  2
<output omitted>

CDP displays a notification of a native VLAN mismatch on a trunk link with this message:

*Mar 1 06:45:26.232: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on
   FastEthernet0/1 (2), with S2 FastEthernet0/1 (99).

Connectivity issues occur in the network if a native VLAN mismatch exists. Data traffic for VLANs, other than the two native VLANs configured, successfully propagates across the trunk link, but data associated with either of the native VLANs does not successfully propagate across the trunk link.

Common Problems with Trunks (3.2.4.4)

Trunking issues are usually associated with incorrect configurations, shown in Table 3-9.

Table 3-9 Common Problems with Trunks

Problem

Result

Example

Native VLAN mismatch

Poses a security risk and creates unintended results

One port is defined as native VLAN 99 and the opposite trunk end is defined as native VLAN 100.

Trunk mode mismatch

Causes loss of network connectivity

One end of the trunk is configured as trunk mode "off" and the other as trunk mode "on."

Allowed VLANs on trunks

Causes unexpected traffic or no traffic to be sent over the trunk

The list of allowed VLANs does not support current VLAN trunking requirements.

When configuring VLANs and trunks on a switched infrastructure, the following types of configuration errors are the most common:

  • Native VLAN mismatches: Trunk ports are configured with different native VLANs. This configuration error generates console notifications, and causes control and management traffic to be misdirected. This poses a security risk.
  • Trunk mode mismatches: One trunk port is configured with trunk mode off and the other with trunk mode on. This configuration error causes the trunk link to stop working.
  • Allowed VLANs on trunks: The list of allowed VLANs on a trunk has not been updated with the current VLAN trunking requirements. In this situation, unexpected traffic or no traffic is sent over the trunk.

If an issue with a trunk is discovered and if the cause is unknown, start troubleshooting by examining the trunks for a native VLAN mismatch. If that is not the cause, check for trunk mode mismatches, and finally check for the allowed VLAN list on the trunk. The next two sections examine how to fix the common problems with trunks.

Trunk Mode Mismatches (3.2.4.5)

Trunk links are normally configured statically with the switchport mode trunk command. Cisco Catalyst switch trunk ports use DTP to negotiate the state of the link. When a port on a trunk link is configured with a trunk mode that is incompatible with the neighboring trunk port, a trunk link fails to form between the two switches.

In Figure 3-27, PC4 cannot connect to the internal web server. The topology indicates a valid configuration. Why is there a problem?

Figure 3-27

Figure 3-27 Trunk Scenario Topology

Check the status of the trunk ports on switch S1 using the show interfaces trunk command. The following output reveals that interface Fa0/3 on switch S1 is not currently a trunk link. Examining the F0/3 interface reveals that the switch port is actually in dynamic auto mode.

Output from Switch S1:

S1# show interfaces trunk
Port        Mode    Encapsulation    Status    Native vlan
Fa0/1       on      802.1q            trunking  99
Port        Vlans allowed on trunk
Fa0/1       10,99
Port        Vlans allowed and active in management domain
Fa0/1       10,99
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       10,99

S1# show interfaces f0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic auto
<output omitted>

An examination of the trunks on switch S3 reveals that there are no active trunk ports. Further checking reveals that the Fa0/3 interface is also in dynamic auto mode. This explains why the trunk is down as shown in the output.

Output from Switch S3:

S3# show interfaces trunk

S3#
S3# show interfaces f0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: dynamic auto
<output omitted>

To resolve the issue, reconfigure the trunk mode of the F0/3 ports on switches S1 and S3, as shown in the following output. After the configuration change, the output of the show interfaces command indicates that the port on switch S1 is now in trunking mode. The output from PC4 indicates that it has regained connectivity to the Web/TFTP server found at IP address 172.17.10.30.

Output from Switch S1:

S1# config terminal
S1(config)# interface fastethernet0/3
S1(config-if)# switchport mode trunk
S1(config-if)# end
S1# show interfaces fa0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: trunk
<output omitted>

Output from Switch S3:

S3# config terminal
S3(config)# interface fastethernet0/3
S3(config-if)# switchport mode trunk
S3(config-if)# end
S3# show interfaces fa0/3 switchport
Name: Fa0/3
Switchport: Enabled
Administrative Mode: trunk
<output omitted>
S3# show interfaces trunk
Port        Mode   Encapsulation  Status        Native vlan
Fa0/3       on     802.1q          trunking      99
Port        Vlans allowed on trunk
Fa0/3       10,99
Port        Vlans allowed and active in management domain
Fa0/3       10,99
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/3       10,99

Output from Computer PC4:

Pc4> ping 172.17.10.30
Pinging 172.17.10.30 with 32 bytes of data:
Reply from 172.17.10.30: bytes=32 time=147ms TTL=128
<output omitted>

Incorrect VLAN List (3.2.4.6)

For traffic from a VLAN to be transmitted across a trunk, it must be allowed on the trunk. To do so, use the switchport trunk allowed vlan vlan-id command.

In Figure 3-28, VLAN 20 (Student) and PC5 have been added to the network. The documentation has been updated to show that the VLANs allowed on the trunk are 10, 20, and 99. In this scenario, PC5 cannot connect to the student email server.

Figure 3-28

Figure 3-28 Incorrect VLAN List Scenario Topology

Check the trunk ports on switch S3 using the show interfaces trunk command as shown in the output that follows.

Output from Switch S3:

S3# show interfaces trunk
Port        Mode    Encapsulation    Status    Native vlan
Fa0/3       on      802.1q           trunking  99
Port        Vlans allowed on trunk
Fa0/3       10,20,99
Port        Vlans allowed and active in management domain
Fa0/3       10,20,99
Port        Vlans in spanning tree forwarding state and not pruned
Fa0/3       10,20,99

The command reveals that the interface F0/3 on switch S3 is correctly configured to allow VLANs 10, 20, and 99 as shown in the output.

An examination of the F0/3 interface on switch S1 reveals that interfaces F0/1 and F0/3 allow only VLANs 10 and 99. Someone updated the documentation but forgot to reconfigure the ports on the S1 switch, as shown in the output.

Output from Switch S1:

S1# show interfaces trunk
Port        Mode     Encapsulation    Status    Native vlan
Fa0/1       on       802.1q
Fa0/3       on       802.1q           trunking  99
Port        Vlans allowed on trunk
Fa0/1       10,99
Fa0/3       10,99
<output omitted>

Reconfigure F0/1 and F0/3 on switch S1 using the switchport trunk allowed vlan 10,20,99 command as shown in the following output. The output shows that VLANs 10, 20, and 99 are now added to the F0/1 and F0/3 ports on switch S1. The show interfaces trunk command is an excellent tool for revealing common trunking problems.

Output from Switch S1:

S1# config terminal
S1(config)# interface f0/1
S1(config-if)# switchport trunk allowed vlan 10,20,99
S1(config-if)# interface f0/3
S1(config-if)# switchport trunk allowed vlan 10,20,99
S1# show interface trunk
Port        Mode    Encapsulation    Status    Native vlan
Fa0/1       on      802.1q
Fa0/3       on      802.1q           trunking  99
Port        Vlans allowed on trunk
Fa0/1       10,20,99
Fa0/3       10,20,99
<output omitted>

PC5 has regained connectivity to the student email server found at IP address 172.17.20.10.

Output from Computer PC5:

PC5> ping 172.17.20.10
Pinging 172.17.20.10 with 32 bytes of data:
Reply from 172.17.20.10: bytes=32 time=147ms TTL=128
<output omitted>

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020