Courseiva
Troubleshooting MethodologyCCNA 200-301

Systematic VLAN Connectivity Troubleshooting

Presenting Symptom

Hosts in VLAN 10 cannot ping the default gateway or communicate with hosts in other VLANs, but intra-VLAN communication works.

Network Context

A small branch office with a single Cisco Catalyst 2960 switch (IOS 15.0) connected to a router-on-a-stick (Cisco 4321, IOS 16.9). The switch has two VLANs: VLAN 10 (192.168.10.0/24) for data and VLAN 20 (192.168.20.0/24) for voice. The router's subinterfaces are configured for inter-VLAN routing. The problem occurs after a recent switch replacement.

Diagnostic Steps

1

Check VLAN configuration on the switch

show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
10   Data                             active    Fa0/5, Fa0/6, Fa0/7
20   Voice                            active    Fa0/8, Fa0/9, Fa0/10
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Verify that VLANs 10 and 20 exist and that the correct ports are assigned. If VLANs are missing or ports are in the wrong VLAN, that is the root cause. Normal output shows VLANs active with correct port assignments.

2

Check trunk configuration on the switch uplink port

show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Fa0/24      on           802.1q         trunking      1

Port        Vlans allowed on trunk
Fa0/24      1-1005

Port        Vlans allowed and active in management domain
Fa0/24      1,10,20

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/24      1,10,20

Ensure the uplink port (Fa0/24) is trunking and allows VLANs 10 and 20. If the trunk is down or VLANs are not allowed, inter-VLAN routing fails. Normal output shows trunking mode 'on' or 'dynamic desirable' and VLANs 10 and 20 in allowed list.

3

Check the router subinterface configuration

show running-config interface gigabitethernet 0/0/0.10
interface GigabitEthernet0/0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0

Verify that the subinterface matches the VLAN ID and has the correct IP address. Common issues: wrong VLAN ID in encapsulation, missing 'no shutdown' on the physical interface, or incorrect IP address. Normal output shows encapsulation dot1Q 10 and correct IP.

4

Check the router's routing table for the VLAN networks

show ip route connected
C    192.168.10.0/24 is directly connected, GigabitEthernet0/0/0.10
C    192.168.20.0/24 is directly connected, GigabitEthernet0/0/0.20

Ensure both VLAN networks appear as directly connected routes. If one is missing, the subinterface may be down or misconfigured. Normal output shows both networks.

Root Cause

The switch uplink port (Fa0/24) was configured as an access port in VLAN 1 instead of a trunk port, preventing VLAN 10 and 20 traffic from reaching the router. This occurred after the switch replacement because the default configuration was not updated.

Resolution

On the switch, configure the uplink port as a trunk: interface FastEthernet0/24 switchport mode trunk switchport trunk allowed vlan 10,20 no shutdown This sets the port to trunking mode and allows only VLANs 10 and 20 (optional but recommended).

Verification

Run 'show interfaces trunk' on the switch to confirm Fa0/24 is trunking and VLANs 10 and 20 are allowed. Then from a host in VLAN 10, ping the default gateway (192.168.10.1) and a host in VLAN 20. Successful pings confirm resolution.

Prevention

1. Use a consistent trunk configuration template when deploying new switches. 2. Document VLAN and trunk requirements for all uplink ports. 3. Implement switchport port-security and BPDU guard on access ports to avoid accidental trunk misconfiguration.

CCNA Exam Relevance

On the CCNA 200-301 exam, VLAN troubleshooting scenarios appear in multiple-choice and simulation questions. The exam tests the ability to identify trunk misconfiguration as a cause of inter-VLAN connectivity failure. Key fact: A trunk port must be configured on both ends (switch and router) for VLAN traffic to pass.

Exam Tips

1.

Remember that 'show vlan brief' shows access port assignments, not trunk information. Use 'show interfaces trunk' to verify trunk status.

2.

On the exam, if a host can ping other hosts in the same VLAN but not the gateway, suspect trunk or router subinterface issues.

3.

Memorize the output of 'show interfaces trunk' — specifically the 'Status' field must be 'trunking' and the allowed VLAN list must include the needed VLANs.

Commands Used in This Scenario

show interfaces trunk

Displays trunk interface status, allowed VLANs, and pruning information for all trunk ports on a Cisco switch, used to verify trunking configuration and VLAN membership.

show vlan brief

Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports, used to quickly verify VLAN configuration and port assignments.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions