Troubleshoot VLANs

Exam: Cisco 300-135 - CCNP Troubleshooting and Maintaining Cisco IP Networks (TSHOOT v2.0)


In this chapter we will discuss in details about how to troubleshoot VLANs. This is an important topic from the CCNP exam point of view and it comes under the section that deals with the exam number 300-135 TSHOOT. As no outside material is allowed during the 135 minute exam it is advisable that you prepare the topics well.

Troubleshoot is basically a fault finding exercise. As a network administrator you will have to troubleshoot VLANs on a common basis. This is exactly why you must know this chapter well. The VLANs have the ability to isolate devices that are physically connected to the same network but if you look at them logically they form part of different LANs.

These may not be aware of each other. The VLAN name must contain anything between a-z , A-Z and 0-9. It can also include hyphen and underscores. The management VLAN must always be kept separate from the user data. This is a point that you must always remember. The sticky address resolution protocol (ARP) must be enabled as you configure the private VLANs. This can be a great help as you troubleshoot the VLANs.

Due to security reasons the ARP that have been set on the private VLANs do not age. The IGMP is designed in such a way that it runs only on primary VLANs. If an IGMP request is received in the secondary VLAN it is considered as one that was received in the primary VLAN. Always remember that if a MAC address is learned in secondary VLAN will always be placed in the shared table of the primary VLAN.

The private VLAN support SPAN (switch port analyzer) features this is why you can configure a private VLAN port as a SPAN source port. If the SPAN destination port was configured as private the VLAN port will become inactive. Always keep in mind that the destination SPAN port cannot be an isolated port. A simple checklist that you can maintain to troubleshoot VLANs is mentioned below:

  1. You must verify the physical connectivity if there is any problem in the VLAN or the ports.
  2. You must also verify that both the end devices are in the same VLAN.

The above mentioned two steps will be the initial steps in troubleshooting the VLANs. These will tell you if there is any physical or connectivity problem in the VLAN. You can use the CLI commands to get more information on the VLANs.

Another common problem that you may come across with VLANs is the difficulty to create a VLAN. The cause for this problem may be that you are using a VLAN id that was already reserved. You must check if the VLAN was already reserved.

You must also keep in mind that the VLANs numbered 4094 and the VLANs that range between 3968 and 4047 cannot be used as they are always reserved for internal use. If you keep these points in mind, you will be able to solve most of the problems that you may face regarding VLANs in a network.

Access ports

The Ethernet interfaces will always need an access port or a trunk port to be configured. An access port will usually have one VLAN configured. When a port is being configured in access mode then the specific VLAN that will carry the traffic for the interface can also be specified. If a VLAN is not configured for an access mode then the interface that is carrying the traffic will by default use the default VLAN.

If you want you can change the access port membership in the VLAN and specify the new VLAN. The VLAN must be created before the access VLAN is assigned to the access port. You must keep in mind that if you change the access VLAN on the access port when the VLAN was not created it will shut the access port down almost automatically.

VLAN database

Sometimes you may come across problems in the VLAN database. We will explain how you can troubleshoot the problems that come up in the VLAN database. The VLAN configuration is stored in a vlan.dat file. These files are stored in a non volatile memory.

These files together make the VLAN database. If any one of these files go missing or is corrupted then you are in trouble. Sometimes it is possible that the vlan.dat files get deleted manually and that is when the problem starts. If you want to change the VLAN configuration or the VTP you must follow the commands carefully and not give some commands that you think of.

These commands can be located in the catalyst 4500 series switch Cisco IOS command reference. You cannot configure extended range VLANs in the VLAN database mode. The layer 3 ports and some software features will also use the extended range VLANs. If the VLAN is created in the VLAN database mode then the VLAN configuration will automatically get saved in the vlan.dat file.

Normal, extended VLAN, voice VLAN

Normal, extended and voice are different types of VLANs that you may come across as a network administrator. The voice VLAN is used to carry the IP voice traffic from IP phones. There is a step by step process that you can follow to trouble shoot the voice VLAN issues. We are mentioning some in here:

  1. Check if the network port is functioning properly.
  2. Check the receiving power of the phone
  3. Check the DHCP settings
  4. Verify the voice VLAN configuration
  5. You cannot connect a IP phone to IP phone using the PC port.

The normal range VLANs range from 1-1005 of these the 1002 to 1005 are reserved for FDDI VLANs and token rings. The VLAN number 1 and 1002 to 1005 are created automatically and cannot be removed no matter what. The details of the normal VLANs are usually stored in the vlan.dat file.

The extended VLANs range from 1006 to 4094. These VLANs are basically designed for the service providers. These VLANs will have lesser options when compared to the normal VLANs. These are stored in the running configuration files.

These are some points that you must be aware of as you prepare for the section on how to troubleshoot VLANs. We hope that this discussion will help you to do better in the CCNP exams.

Spring Offer! Get 30% Discount on All Your Purchases!

This is a ONE TIME OFFER. You will never see this Again

Instant Discount

30% OFF

Enter Your Email Address to Receive Your 30% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.