Troubleshooting Inter-VLAN Issues – Briefly Explained
If you are using a legacy Inter-VLAN routing, ensure that switch ports connect to the router interface should be configured in the correct VLAN. This is a very common issue with a switch port and requires troubleshooting. If a switch port is not configured to correct VLAN, the devices on that VLAN cannot communicate outside its VLAN.
The figures below illustrate the switch port miss configurations. Figure 1 shows that host 1 is connected to switch0 port F0/1, part of VLAN 100, and switch port F0/2 is connected to Router interface F0/0, which is not part of VLAN-100.
Host 2 is connected to F0/6, and the Router0 interface F0/1 is connected to F0/10. Both F0/6 and F0/10 are part of VLAN 200. So host0 can send data up to the router, but the router cannot forward the data to host-1 because VLAN 100 is not physically connected to Router0. To resolve this problem, do the following on switch0.
- Swithc>enable
- Swithc#configure terminal
- Switch(config)#interface FastEthernet 0/2
- Switch(config-if)#switchport access vlan 100
- Switch(config-if)#exit
- Switch(config)#exit
- Switch# write
![ScreenShot20240613at12939PM NetworkUstad Network diagram showing two laptops connected to a switch which is then linked to a router The first laptop Laptop PT Host 1 has an IP address of 19216812 and connects to the switchs FastEthernet port 06 The second laptop Laptop PT Host 2 has an IP address of 19216813 and connects to the switchs FastEthernet port 01 The switch 2960 24TT Switch0 also connects to the router 2811 Router0 via its FastEthernet port 02 labeled with VLAN 1 and an IP address of 1921681001 The router has another interface with an IP address of 1921682001 connected through its FastEthernet port 01](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-12939-PM.png?resize=831%2C448&ssl=1)
Figure 2 also illustrates the problem with the switch port. The switch ports are properly configured, but we just connected the wrong switch port to the wrong router interface.
The figures show that F0/2 is part of VLAN 200, and interface F0/1 is configured for VLAN 200. However, we connect switch port F0/2 with router interface F0/1 instead. We also wrongly connected Switch port F0/2 instead of Switch port F0/10, so neither can send their data to Router0. To correct this problem, just connect F0/10 with router interface F0/1 and F0/2 with Router interface F0/0.
![ScreenShot20240613at12958PM NetworkUstad VLAN Configuration:
The network diagram depicts two VLANs: VLAN-100 and VLAN-200.
VLAN-100 includes “Laptop-PT Host-2” with an IP address of 192.168.100.2.
VLAN-200 includes “Laptop-PT Host-1” with an IP address of 192.168.200.2.
Device Connections:
The 2960-24TT Switch0 connects both laptops. Specifically:
FastEthernet port F0/6 connects to “Laptop-PT Host-1” (VLAN-200).
FastEthernet port F0/1 connects to “Laptop-PT Host-2” (VLAN-100).
FastEthernet port F0/10 links the switch to the router (for VLAN-200 traffic).
The 2811 Router0 has two Ethernet ports:
FastEthernet port F0/1 (IP address 192.168.200.1) connects to the switch (VLAN-200).
FastEthernet port F0/0 (IP address 192.168.100.1) is part of VLAN-100.
Routing and IP Addresses:
Router0 performs inter-VLAN routing between VLAN-100 and VLAN-200.
The laptops communicate via the switch, and the router routes traffic between VLANs.
Feel free to ask if you need further clarification or have additional questions! 😊](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-12958-PM.png?resize=838%2C459&ssl=1)
The topology in Figure 3 shows the router-on-a-stick routing model. But, the port connected to the router is not configured as a trunk. The port connected to the router for the traffic of multiple VLANs must be configured as a trunk.
But G0/1 on switch0 is not configured as a trunk and is in the default VLAN. Thus, the router cannot route between VLANs because each of its configured subinterfaces cannot send or receive VLAN-tagged traffic. To resolve this problem, configure G0/1 as a trunk.
- Swithc>enable
- Swithc#configure terminal
- Switch(config)#interface G0/1
- Switch(config-if)#switchport mode trunk
- Switch(config-if)#exit
- Switch(config)#exit
- Switch# write
![ScreenShot20240613at13013PM NetworkUstad Network topology diagram with Router01 Switch01 and two hosts illustrating VLAN configuration with IP addresses for educational purposes](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-13013-PM.png?resize=845%2C618&ssl=1)
When the trunk is effectively established, devices connected to each VLAN can communicate with the subinterface assigned to their VLAN, enabling inter-VLAN routing.
The topology in Figure 3 shows the trunk link between Switches is configured but is going down, possibly due to a cable or the Router interface being shut down. There are no redundant connections or paths between these devices, so all VLANs are unable to communicate with each other.
![ScreenShot20240613at13637PM NetworkUstad Network diagram showing two hosts laptops a switch and a router Host 01 1921681002 is connected to the left side of Switch01 2960 24TT while Host 02 1921682002 is connected to the right side The router Router01 has interfaces labeled Fa00 1921681001 crossed out and Fa00 1921682001 Theres also a connection labeled G01 Default VLAN](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-13637-PM.png?resize=761%2C537&ssl=1)
Verify Switch Configuration
When a problem occurs, we can verify the switch configuration. We can use various verification commands to examine the configuration and identify the problem.
I have already explained these verification commands in the article Common Show Command – Cisco IOs, so follow these commands for verification. We can use the show interfaces interface-id switchport to check the port VLAN membership. We can also use show running-config command to check the switch port mode.
Troubleshooting Inter-VLAN Interface Issues
The most common interface issue using legacy inter-VLAN routing is connecting the physical router interface to the wrong switch port. Connecting the router interface in the incorrect VLAN causes traffic to reach the router and forward it to other VLANs.
This is the same problem as I discussed in the switch port issue. To correct this problem, no further configuration and testing are required. It only needs to place the cables correctly.
Verify Router Configuration – Interface Issues
The configuration of the Sub-interface with the wrong VLAN ID is one of the most common issues in the router-on-a-stick configuration. We can check interface issues using show commands.
The <show interfaces> and only the <show running-config> commands are useful in troubleshooting inter-VLAN routing problems. The figure below illustrates the <show interfaces> command output. The command produces a lot of output for all interfaces. However, as shown in the figure, you need to search for your required interface and required line.
We can just enter the command using the interface ID like <show interfaces fastEthernet 0/0.100>. Figure 2 illustrates the output of a command using interface ID.
![ScreenShot20240613at13652PM NetworkUstad Computer screen displaying network interface statistics including input and output packets queue strategy and interface resets The output references FastEthernet00 and FastEthernet01 interfaces Relevant for network administration and troubleshooting](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-13652-PM.png?resize=784%2C500&ssl=1)
![ScreenShot20240613at13703PM NetworkUstad Command line interface output for a routers Ethernet 000 interface It displays detailed information including IP address 192168100124 hardware address 000143d4a601 MTU size 1500 bytes bandwidth 100000 Kbit delay 100 microseconds reliability 255255 load 1255 encapsulation method 8021Q Virtual LAN VLAN ID 100 ARP type ARPA and ARP timeout 4 hours The show interface counters have never been cleared](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-13703-PM.png?resize=781%2C224&ssl=1)
We also use the <show running-config> command to check and verify the interface issues. The figure below illustrates the output of <show running-config> command. We can easily find the required information under the interface FastEthernet 0/0.100.
![ScreenShot20240613at13713PM NetworkUstad Screenshot of a network configuration interface with command line instructions for spanning tree protocol and FastEthernet interfaces highlighting IP address settings in red](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-13713-PM.png?resize=773%2C323&ssl=1)
So, if we found the incorrect VLAN assignment into sub interface then we can correct this problem, to re-configure the subinterface into the correct VLAN using the <encapsulation dot1q VLAN ID> in subinterface configuration mode. We can address the problem by quickly verifying and allowing inter-VLAN routing to function properly.
IP Addresses and Subnet Masks Errors
Each VLAN requires unique subnets on the network. Each VLAN must be connected to the router for inter-VLAN routing. The VLANs can connect to the router using physical interfaces or subinterfaces. So, each interface or subinterface must be configured with a unique IP address of that subnet assigned to the VLAN.
This makes it possible for the devices on the VLAN to communicate with the router interface. The interface enables traffic routing to other VLANs connected to the router. The common issues of IP addressing errors are the following:
- The router interface and subinterface have been configured with an incorrect IP address. The incorrect IP address on the interface prevents the VLAN hosts from being able to communicate with the router. Assign the correct IP address to the router interface using the command <ip address IP ADDRESS SUBNET MASK>. After correcting the IP address, the hosts on the corresponding VLAN can communicate with the router.
- Some hosts on the VLAN cannot communicate with the router and verify their IP addresses. If the IP address is incorrect according to the subnet reserved and according to the address of the interface or subinterface, the hosts cannot communicate. Assign the correct IP address hosts on the VLAN.
Verifying IP Address and Subnet Mask Configuration Issues
Using the show commands, we can easily verify the IP address configuration for the router interface or subinterface. The figure below illustrates the output of <show ip interface brief> command. You can see the IP address assigned to each interface and subinterface here.
![ScreenShot20240613at13725PM NetworkUstad CLI output displaying network interfaces and their IP addresses FastEthernet00 19216811 FastEthernet00100 1921681001 FastEthernet00200 1921682001 FastEthernet01 unassigned and Vlan1 unassigned](https://i0.wp.com/networkustad.com/wp-content/uploads/2024/06/Screen-Shot-2024-06-13-at-13725-PM.png?resize=775%2C251&ssl=1)
The <show running-config> command can also display the IP addresses assigned to the interface or subinterface. For reference see figure 2 above. Sometimes the IP address configuration of the host side is incorrect. For this, you should verify the configuration by using the <ip config/all> command in the command prompt of the operating system.