Troubleshooting Inter-VLAN Issues – Brief Explanation
If you are using a legacy Inter-VLAN routing, ensure that switch ports connect to the router interface should be configured in the correct VLAN. This is a very common issue with a switch port and required troubleshooting. If a switch port is not configured to correct VLAN, the devices on that VLAN cannot communicate outside its VLAN.
The figures below illustrate the switch port miss configurations. Figure 1 shows that host 1 is connected to switch0 port F0/1 which is the part of VLAN 100, and switch port F0/2 is connected to Router interface F0/0, and the switch F0/2 is not the part of VLAN-100.
Host 2 is connected to F0/6, and the Router0 interface F0/1 is connected to F0/10, both F0/6 and F0/10 is part of VLAN 200. So host0 can send data up to the router, but the router cannot forward the data to host-1, because VLAN 100 is not physically connected to Router0. To resolve this problem do the following on switch0.
- Swithc>enable
- Swithc#configure terminal
- Switch(config)#interface FastEthernet 0/2
- Switch(config-if)#switchport access vlan 100
- Switch(config-if)#exit
- Switch(config)#exit
- Switch# write
Figure 2 also illustrates the problem with the switch port, where the switch ports are properly configured. But we just connect the wrong switch port with the wrong interface of the router.
The figures show that F0/2 is the part of VLAN 200, and interface F0/1 is configured for VLAN 200, but instead, we connect switch port F0/2 with router interface F0/1. So we also wrongly connect the Switch port F0/2 instead of switch port F0/10. So both are unable to send their data to Router0. To correct this problem, just connect F0/10 with router interface F0/1 and F0/2 with Router interface F0/0.
The topology in Figure 3 shows the router-on-a-stick routing model. But, the port connected to the router is not configured as a trunk. The port connected to the router for the traffic of multiple VLANs must be configured as a trunk.
But G0/1 on switch0 is not configured as a trunk and it is in the default VLAN. So the router cannot route between VLANs because each of its configured subinterfaces is unable to send or receive VLAN-tagged traffic. To resolve this problem configure G0/1 as a trunk.
- Swithc>enable
- Swithc#configure terminal
- Switch(config)#interface G0/1
- Switch(config-if)#switchport mode trunk
- Switch(config-if)#exit
- Switch(config)#exit
- Switch# write
When the trunk is effectively established, devices connected to each of the VLANs can communicate with the subinterface assigned to their VLAN, therefore enabling inter-VLAN routing.
The topology in Figure 3 shows the trunk link between Switch is configured but is going down may due to a cable or maybe due to the Router interface is shut down. So there are no redundant connections or paths between these devices, So all VLANs are unable to communicate with each other.
Verify Switch Configuration
We can verify the switch configuration when a problem occurs. To verify the configuration we can use various verification commands to examine the configuration and identify the problem.
These verification commands I have already explained in the article Common Show Command – Cisco IOs, so follow these commands for verification. We can use the show interfaces interface-id switchport to check the port VLAN membership. We can also use show running-config command to check the switch port mode.
Troubleshooting Inter-VLAN Interface Issues
The most common interfaces issue using legacy inter-VLAN routing is to connect the physical router interface to the wrong switch port. Connecting the router interface in the incorrect VLAN the traffic to reach the router and to forward them to other VLANs.
This is the same problem as I discussed in the switch port issue, to correct this problem no further configuration and testing are required. It only needs to place the cables correctly.
Verify Router Configuration – Interface Issues
The configuration of the Sub-interface with the wrong VLAN ID is one of the most common issues in the router-on-a-stick configuration. We can check interface issues using show commands.
The <show interfaces> and only the <show running-config> commands are useful in troubleshooting inter-VLAN routing problems. The figure below illustrates the <show interfaces> command output. The command produces a lot of output for all interfaces however, you need to search for your required interface and required line as shown in the figure.
We can just enter the command using the interface ID like <show interfaces fastEthernet 0/0.100>. Figure 2 illustrates the output of a command using interface ID.
We also use the <show running-config> command to check and verify the interface issues. The figure below illustrates the output of <show running-config> command. We can easily find the required information under the interface FastEthernet 0/0.100.
So, if we found the incorrect VLAN assignment into sub interface then we can correct this problem, to re-configure the subinterface into the correct VLAN using the <encapsulation dot1q VLAN ID> in subinterface configuration mode. We can address the problem by proper verification very quickly and allowing inter-VLAN routing to function properly.
IP Addresses and Subnet Masks Errors
Each VLANs required unique subnets on the network. Each VLAN must be connected to the router for inter-VLAN routing. The VLANs can connect to the router by using physical interfaces or subinterfaces. So, each interface or subinterface must be configured with a unique IP address of that subnet assigned to the VLAN.
This makes it possible that the devices on the VLAN to communicate with the router interface. The interface enables the routing of traffic to other VLANs connected to the router. The common issues of IP addressing errors are the following:
- The router interface and subinterface have been configured with an incorrect IP address. The incorrect IP address on the interface prevents the VLAN hosts from being able to communicate with the router. Assign the correct IP address to the router interface using the command <ip address IP ADDRESS SUBNET MASK>. After the correction of the IP address, the hosts on the corresponding VLAN can communicate with the router.
- Some hosts on the VLAN cannot communicate to the router, verify their IP addresses. If the IP address is incorrect according to the subnet reserved and according to the address of the interface or subinterface, the hosts cannot communicate. Assign the correct IP address hosts on the VLAN.
Verifying IP Address and Subnet Mask Configuration Issues
We can easily verify the IP address configuration for the router interface or subinterface using the show commands. The figure below illustrates the output of <show ip interface brief> command. You can see the IP address assigned to each interface and subinterface here.
The <show running-config> command can also display the IP addresses assigned to the interface or subinterface. For reference see figure 2 above. Sometimes the IP address configuration of the host side is incorrect. For this, you should verify the configuration by using the <ip config/all> command in the command prompt of the operating system.