how to trouble shoot switch port issues

Troubleshooting Inter-VLAN Issues – Briefly Explained

Troubleshooting Inter-VLAN Issues – Briefly Explained

/ /

If you are using a legacy Inter-VLAN routing, ensure that switch ports connect to the router interface should be configured in the correct VLAN. This is a very common issue with a switch port and requires troubleshooting. If a switch port is not configured to correct VLAN, the devices on that VLAN cannot communicate outside its VLAN.

The figures below illustrate the switch port miss configurations. Figure 1 shows that host 1 is connected to switch0 port F0/1, part of VLAN 100, and switch port F0/2 is connected to Router interface F0/0, which is not part of VLAN-100.

Host 2 is connected to F0/6, and the Router0 interface F0/1 is connected to F0/10. Both F0/6 and F0/10 are part of VLAN 200. So host0 can send data up to the router, but the router cannot forward the data to host-1 because VLAN 100 is not physically connected to Router0. To resolve this problem, do the following on switch0.

  • Swithc>enable
  • Swithc#configure terminal
  • Switch(config)#interface FastEthernet 0/2
  • Switch(config-if)#switchport access vlan 100
  • Switch(config-if)#exit
  • Switch(config)#exit
  • Switch# write
Network diagram showing two laptops connected to a switch, which is then linked to a router. The first laptop (Laptop-PT Host-1) has an IP address of 192.168.1.2 and connects to the switch’s FastEthernet port 0/6. The second laptop (Laptop-PT Host-2) has an IP address of 192.168.1.3 and connects to the switch’s FastEthernet port 0/1. The switch (2960-24TT Switch0) also connects to the router (2811 Router0) via its FastEthernet port 0/2, labeled with VLAN-1 and an IP address of 192.168.100.1. The router has another interface with an IP address of 192.168.200.1 connected through its FastEthernet port 0/1.

Figure 2 also illustrates the problem with the switch port. The switch ports are properly configured, but we just connected the wrong switch port to the wrong router interface.

The figures show that F0/2 is part of VLAN 200, and interface F0/1 is configured for VLAN 200. However, we connect switch port F0/2 with router interface F0/1 instead. We also wrongly connected Switch port F0/2 instead of Switch port F0/10, so neither can send their data to Router0. To correct this problem, just connect F0/10 with router interface F0/1 and F0/2 with Router interface F0/0.

VLAN Configuration: The network diagram depicts two VLANs: VLAN-100 and VLAN-200. VLAN-100 includes “Laptop-PT Host-2” with an IP address of 192.168.100.2. VLAN-200 includes “Laptop-PT Host-1” with an IP address of 192.168.200.2. Device Connections: The 2960-24TT Switch0 connects both laptops. Specifically: FastEthernet port F0/6 connects to “Laptop-PT Host-1” (VLAN-200). FastEthernet port F0/1 connects to “Laptop-PT Host-2” (VLAN-100). FastEthernet port F0/10 links the switch to the router (for VLAN-200 traffic). The 2811 Router0 has two Ethernet ports: FastEthernet port F0/1 (IP address 192.168.200.1) connects to the switch (VLAN-200). FastEthernet port F0/0 (IP address 192.168.100.1) is part of VLAN-100. Routing and IP Addresses: Router0 performs inter-VLAN routing between VLAN-100 and VLAN-200. The laptops communicate via the switch, and the router routes traffic between VLANs. Feel free to ask if you need further clarification or have additional questions! ?

The topology in Figure 3 shows the router-on-a-stick routing model. But, the port connected to the router is not configured as a trunk. The port connected to the router for the traffic of multiple VLANs must be configured as a trunk.

But G0/1 on switch0 is not configured as a trunk and is in the default VLAN. Thus, the router cannot route between VLANs because each of its configured subinterfaces cannot send or receive VLAN-tagged traffic. To resolve this problem, configure G0/1 as a trunk.

  • Swithc>enable
  • Swithc#configure terminal
  • Switch(config)#interface G0/1
  • Switch(config-if)#switchport mode trunk
  • Switch(config-if)#exit
  • Switch(config)#exit
  • Switch# write
Network topology diagram with Router01, Switch01, and two hosts illustrating VLAN configuration with IP addresses for educational purposes.

When the trunk is effectively established, devices connected to each VLAN can communicate with the subinterface assigned to their VLAN, enabling inter-VLAN routing.

The topology in Figure 3 shows the trunk link between Switches is configured but is going down, possibly due to a cable or the Router interface being shut down. There are no redundant connections or paths between these devices, so all VLANs are unable to communicate with each other.

Network diagram showing two hosts (laptops), a switch, and a router. Host-01 (192.168.100.2) is connected to the left side of ‘Switch01 2960-24TT,’ while Host-02 (192.168.200.2) is connected to the right side. The router (‘Router01’) has interfaces labeled ‘Fa0/0 192.168.100.1’ (crossed out) and ‘Fa0/0 192.168.200.1.’ There’s also a connection labeled ‘G0/1 Default VLAN.

Verify Switch Configuration

When a problem occurs, we can verify the switch configuration. We can use various verification commands to examine the configuration and identify the problem.

I have already explained these verification commands in the article Common Show Command – Cisco IOs, so follow these commands for verification. We can use the show interfaces interface-id switchport to check the port VLAN membership. We can also use show running-config command to check the switch port mode.

Troubleshooting Inter-VLAN Interface Issues

The most common interface issue using legacy inter-VLAN routing is connecting the physical router interface to the wrong switch port. Connecting the router interface in the incorrect VLAN causes traffic to reach the router and forward it to other VLANs.

This is the same problem as I discussed in the switch port issue. To correct this problem, no further configuration and testing are required. It only needs to place the cables correctly.

Verify Router Configuration – Interface Issues

The configuration of the Sub-interface with the wrong VLAN ID is one of the most common issues in the router-on-a-stick configuration. We can check interface issues using show commands.

The <show interfaces> and only the <show running-config> commands are useful in troubleshooting inter-VLAN routing problems. The figure below illustrates the <show interfaces> command output. The command produces a lot of output for all interfaces. However, as shown in the figure, you need to search for your required interface and required line.

We can just enter the command using the interface ID like <show interfaces fastEthernet 0/0.100>. Figure 2 illustrates the output of a command using interface ID.

Computer screen displaying network interface statistics, including input and output packets, queue strategy, and interface resets. The output references ‘FastEthernet0/0’ and ‘FastEthernet0/1’ interfaces. Relevant for network administration and troubleshooting.
Command-line interface output for a router’s Ethernet 0/0/0 interface. It displays detailed information, including IP address (192.168.100.1/24), hardware address (0001.43d4.a601), MTU size (1500 bytes), bandwidth (100000 Kbit), delay (100 microseconds), reliability (255/255), load (1/255), encapsulation method (802.1Q Virtual LAN), VLAN ID (100), ARP type (ARPA), and ARP timeout (4 hours). The ‘show interface’ counters have never been cleared.

We also use the <show running-config> command to check and verify the interface issues. The figure below illustrates the output of <show running-config> command. We can easily find the required information under the interface FastEthernet 0/0.100.

Screenshot of a network configuration interface with command-line instructions for spanning-tree protocol and FastEthernet interfaces, highlighting IP address settings in red.

So, if we found the incorrect VLAN assignment into sub interface then we can correct this problem, to re-configure the subinterface into the correct VLAN using the <encapsulation dot1q VLAN ID> in subinterface configuration mode. We can address the problem by quickly verifying and allowing inter-VLAN routing to function properly.

IP Addresses and Subnet Masks Errors

Each VLAN requires unique subnets on the network. Each VLAN must be connected to the router for inter-VLAN routing. The VLANs can connect to the router using physical interfaces or subinterfaces. So, each interface or subinterface must be configured with a unique IP address of that subnet assigned to the VLAN.

This makes it possible for the devices on the VLAN to communicate with the router interface. The interface enables traffic routing to other VLANs connected to the router. The common issues of IP addressing errors are the following:

  • The router interface and subinterface have been configured with an incorrect IP address. The incorrect IP address on the interface prevents the VLAN hosts from being able to communicate with the router. Assign the correct IP address to the router interface using the command <ip address IP ADDRESS SUBNET MASK>. After correcting the IP address, the hosts on the corresponding VLAN can communicate with the router.
  • Some hosts on the VLAN cannot communicate with the router and verify their IP addresses. If the IP address is incorrect according to the subnet reserved and according to the address of the interface or subinterface, the hosts cannot communicate. Assign the correct IP address hosts on the VLAN.

Verifying IP Address and Subnet Mask Configuration Issues

Using the show commands, we can easily verify the IP address configuration for the router interface or subinterface. The figure below illustrates the output of <show ip interface brief> command. You can see the IP address assigned to each interface and subinterface here.

CLI output displaying network interfaces and their IP addresses: FastEthernet0/0 (192.168.1.1), FastEthernet0/0.100 (192.168.100.1), FastEthernet0/0.200 (192.168.200.1), FastEthernet0/1 (unassigned), and Vlan1 (unassigned).

The <show running-config> command can also display the IP addresses assigned to the interface or subinterface. For reference see figure 2 above. Sometimes the IP address configuration of the host side is incorrect. For this, you should verify the configuration by using the <ip config/all> command in the command prompt of the operating system.