Troubleshoot and resolve VLAN problem

Exam: Cisco 200-120 - CCNA Cisco Certified Network Associate CCNA (803)


VLANs divide a network in logical subunits, which have their own broadcast domains. In a VLAN only those unicast, broadcast, and multicast packets are forwarded, which are addressed to that VLAN. To allow communication between VLANs, the traffic must be routed using a router. VLANs are highly efficient as compared to the physical segmentation of a network. On top of it, VLANs are very easy to configure. The only complicated and difficult task in configuring VLANs is to finalize the users that would be the part of a VLAN.

Configuring VLAN

As per IEEE 802.1Q standard, Cisco Nexus 5000 Series switches support VLAN numbers between 1 and 4094. However, the VLAN number 1 and a few ranges of VLAN numbers are reserved category numbers. For example, VLAN number 1is reserved for administrative purposes and is also a Cisco default for VLAN that cannot be modified or deleted. VLAN numbers between 2 to 1005 can be used normally to create VLANs that can be modified and deleted.

The VLAN numbers between 1006 – 4094 are extended VLAN numbers that can be used to create VLANs. However, for these VLANs the state of VLAN is always active, the VLAN is always enabled for this range and you cannot such down these VLANs.

The VLAN numbers between 3968 – 4047 are internally allocated numbers that can be used for internal allocation of VLANs. The VLANs with these numbers cannot be created, modified or deleted by users. VLAN number 4094 is also reserved for internal use by the switch.

To create a VLAN, you need to use the following code:

Configure VLAN on Switch A by first entering into configuration mode.

// Entering into configuration mode

Switch A#configure terminal

// Create VLANs with number 5 - 7

// If you enter a number that is already assigned or a number that is for internal use, you will get an error.

Switch A (config)#vlan 5-7

The above given commands created the VLANs but the VLAN cannot be used unless ports are assigned to it. Remember by default all the ports are assigned to VLAN 1. You need to now configure the VLAN name and its shutdown/ not shutdown status.

// Configure VLAN name as Development

Switch A (config -vlan)# name development

//Configure VLAN 6 name as Accounting

Switch A (config)#vlan 6

Switch A (config -vlan)# nameAccounting

//Configure VLAN 7 name as HRD

Switch A (config)#vlan 7

Switch A (config -vlan)# nameHRD

Switch A (config-vlan)# state active

// The following command enables the VLAN. However, by default the VLAN is enabled and hasno shutdownvalue. You cannot shut down the VLAN1, or VLANs with numbers between 1006 to 4094.

Switch A (config-vlan)# no shutdown

// Go back

(config-vlan)#^Z

//Add ports to VLAN

// configure slot type 1 on port 13. The port can be physical Ethernet port or a port channel.

Switch A#configure terminal

Switch A (config)#interface ethernet 1/13

S1(config-if)#switchport mode ?

access Set trunking mode to ACCESS unconditionally

dynamic Set trunking mode to dynamically negotiate access or

trunk mode

trunk Set trunking mode to TRUNK unconditionally

S1(config-if)#switchport mode access

The switchport mode access command allows you to specify that the port is layer 2 port. You can then assign a VLAN to the port with the switchport access command. This way you can configure multiple ports using the interface range command.

// Set the access mode of the interface to the specified VLAN.

switch A (config-if)# switchport access vlan 5

Verifying VLAN

To verify VLAN configuration on VLAN 5 use command

switch A#show running-config vlan5

To verify VLAN configuration on VLAN 5 – 7use command

switch# show running-config vlan 5-7

The command displays result as:

version 4.0(0)

vlan 1

vlan 5

The following example shows the VLANs created on the switch and their status:

switch# show vlan

VLAN Name Status Ports

---- -----------------------------------------------------------

1 default active Eth1/1, Eth1/5, Eth1/6, Eth1/7

Eth1/7, Eth1/8, Eth1/9

5 Development active

6 Accounting active

7 HRD active

[output cut]

The following example shows the details of VLAN 13 including its member ports:

switch# show vlan id 13

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

13 VLAN0005 active Eth1/13, Eth1/14

VLAN Type MTU

---- ----- -----

13 enet 576

Remote SPAN VLAN

----------------

Disabled

Primary Secondary Type Ports

--------------------------------------------------------------------------

The following example shows the VLAN settings summary:

switch# show vlan summary

Number of existing VLANs : 3

Number of existing VTP VLANs: 3

Number of existing extended VLANs : 0

Troubleshooting VLAN

Any network troubleshooting should start by first checking the physical connectivity of your network. Similarly, for your VLAN connectivity try checking that your cables and switch ports are working well and are connected properly.

You can check the switch ports by checking the switch ports link LEDs.

After checking the physical connectivity between cables and switches, you should check the switch configurations by using thecommand show interface [interface name-number]command that allows you to check the CRC errors or late collisions on the interface. The CRC errors usually occur due to bad cables or bad network interface card. The collisions can be caused due to duplex mismatch with the attached device or congestion on the link.

If the physical connectivity between the switches and the cables for the VLAN is fine and there are no bad NIC or cables and still two hosts on the VLAN are not able to connect, then you need to check whether the hosts that are not able to connect are in the same VLAN or not.

If the two hosts that must connect to each other are a part of different VLAN then you need a router to establish connectivity between them. On the other hand if a host is not able to connect to a switch then you need to check that the host and the switch belong to the same subnet.

Example Question

While plugging in a new host VLAN 3, you realized that the membership of the host is different from what is needed for the host to reach the network services. Which of the following commands will you use to change the membership of the host?

  • Switch(config-if)#switchport access vlan 3
  • switch# show vlan3
  • switch A# show running-config vlan 3
  • switch# show running-config vlan 3

Answer: A

By default all switch ports are members of VLAN 1. In order to change the membership, you must change the port. You can change the port by using Switch(config-if)#switchport access vlan 3 command.


Related IT Guides

  1. Configure and verify DHCP (IOS Router)
  2. Configure and verify NAT for given network requirements
  3. Configure and verify network device security features
  4. Configure and verify switch port security
  5. Describe SNMP v2 and v3
  6. Describe the purpose and basic operation of the protocols in the OSI and TCP/IP models
  7. Identify enhanced switching technologies
  8. Troubleshoot and correct common problems associated with IP addressing and host configurations
  9. Troubleshoot and resolve Layer 1 problems
  10. Troubleshoot and resolve OSPF problems