Courseiva
VLANCCNA 200-301

VLAN Not in VLAN Database — Traffic Dropped

Presenting Symptom

Hosts in a VLAN cannot communicate with hosts in other VLANs, and the switch drops traffic destined for that VLAN.

Network Context

A small branch office with a single Cisco Catalyst 2960 switch running IOS 15.0. The switch has multiple VLANs configured (VLAN 10, 20, 30) for departmental segmentation. A new VLAN 40 was created on a trunk link to an upstream router, but the switch's VLAN database does not include VLAN 40. The trunk is configured to allow all VLANs.

Diagnostic Steps

1

Check the VLAN database on the switch

show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
10   Engineering                      active    Fa0/5, Fa0/6
20   Marketing                        active    Fa0/7, Fa0/8
30   Sales                            active    Fa0/9, Fa0/10
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

If VLAN 40 is not listed, it means the VLAN does not exist in the switch's VLAN database. This is the root cause: the switch does not have VLAN 40 configured, so it drops traffic for that VLAN.

2

Verify trunk configuration and allowed VLAN list

show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-1005

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20,30

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/1       1,10,20,30

The trunk is configured to allow all VLANs (1-1005), but the 'Vlans allowed and active' line shows only VLANs 1,10,20,30. VLAN 40 is missing because it is not in the VLAN database. The switch will not forward traffic for VLAN 40 on the trunk.

3

Check if VLAN 40 exists in the running configuration

show running-config | include vlan 40
(no output)

No output indicates that VLAN 40 is not configured in the running configuration. This confirms the VLAN is missing from the database.

4

Check for any dynamic VLAN or VTP issues (if applicable)

show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 255
Number of existing VLANs        : 6
VTP Operating Mode              : Transparent
VTP Domain Name                 : 
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Local updater ID is 0.0.0.0 (no valid interface found)

If VTP mode is transparent or off, VLANs must be configured manually. This confirms that VLAN 40 was never created locally.

Root Cause

VLAN 40 was not created in the switch's VLAN database. The switch does not have a VLAN entry for VLAN 40, so it drops all frames tagged with VLAN 40 on trunk ports, and no access ports can be assigned to VLAN 40.

Resolution

Create VLAN 40 in the switch's VLAN database using global configuration mode. Commands: 1. enable 2. configure terminal 3. vlan 40 4. name NewVLAN (optional) 5. end 6. copy running-config startup-config (optional) Explanation: The 'vlan 40' command creates the VLAN in the local database. The 'name' command is optional but recommended for documentation. After creation, the VLAN will appear in 'show vlan brief' and traffic can be forwarded.

Verification

Run 'show vlan brief' again. Expected output should now include VLAN 40: VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 10 Engineering active Fa0/5, Fa0/6 20 Marketing active Fa0/7, Fa0/8 30 Sales active Fa0/9, Fa0/10 40 NewVLAN active Also verify trunk: 'show interfaces trunk' should show VLAN 40 in the 'Vlans allowed and active' list.

Prevention

["Always create VLANs on all switches in the path before assigning them to ports or trunks.","Use a consistent VLAN numbering scheme and document all VLANs to avoid missing configurations.","If using VTP, ensure the VTP domain and password are correct and the revision number is managed to avoid accidental VLAN deletion."]

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario appears in troubleshooting questions where a VLAN is not working. The exam tests the ability to identify that a VLAN must exist in the VLAN database before it can be used. Questions may present a 'show vlan brief' output missing the VLAN and ask for the root cause. Key fact: A VLAN must be created with the 'vlan' command in global config; simply allowing it on a trunk does not create it.

Exam Tips

1.

Memorize that 'show vlan brief' is the first command to check when a VLAN is not working.

2.

Remember that a VLAN must be created on the switch before it can be used; trunk allowed lists do not create VLANs.

3.

Be aware that VTP can propagate VLANs, but if VTP is transparent or off, VLANs must be configured manually on each switch.

Commands Used in This Scenario

show interfaces trunk

Displays trunk interface status, allowed VLANs, and pruning information for all trunk ports on a Cisco switch, used to verify trunking configuration and VLAN membership.

show vlan brief

Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports, used to quickly verify VLAN configuration and port assignments.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions