Courseiva
VLANCCNA 200-301

VLAN Traffic Not Passing Across Trunk Link

Presenting Symptom

Hosts in VLAN 10 cannot ping hosts in VLAN 20, even though both VLANs exist on the same trunk link between two switches.

Network Context

Two Cisco Catalyst 2960 switches (SW1 and SW2) are connected via a trunk link configured with 802.1Q encapsulation. VLANs 10 and 20 are created on both switches, and access ports are assigned accordingly. The trunk is configured to allow all VLANs by default. The network is a small branch office with a flat Layer 2 topology. IOS version 15.0(2) is running on both switches.

Diagnostic Steps

1

Check trunk status and allowed VLANs on SW1

show interfaces trunk
Port        Mode         Encapsulation  Status        Native vlan
Gi0/1       on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/1       1-1005

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20

Verify that the trunk is up and that VLANs 10 and 20 are listed as allowed and active. If VLANs are missing from the allowed list, the trunk is pruning them. If the trunk is not trunking (e.g., mode is dynamic desirable but not matching), the link may be an access link.

2

Check VLAN configuration on both switches

show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/2, Gi0/3
10   VLAN0010                         active    Gi0/4
20   VLAN0020                         active    Gi0/5

Ensure VLANs 10 and 20 exist and are active. If a VLAN is missing, it may not have been created or may have been deleted. Also verify that the access ports are in the correct VLAN.

3

Check native VLAN mismatch

show interfaces trunk
Port        Native vlan
Gi0/1       1

[On SW2, if native VLAN is different:] Port        Native vlan
Gi0/1       99

Compare native VLAN on both ends. A mismatch causes CDP errors and can prevent VLAN traffic from passing. Look for CDP messages like 'Native VLAN mismatch discovered'.

4

Verify VLANs are allowed on the trunk on SW2

show interfaces trunk
Port        Vlans allowed on trunk
Gi0/1       1-1005

Port        Vlans allowed and active in management domain
Gi0/1       1,10,20

Confirm that both switches have the same allowed VLAN list. If one switch has a restricted list (e.g., only VLAN 1), traffic from other VLANs will be dropped.

Root Cause

The trunk link on SW2 has been configured with the command 'switchport trunk allowed vlan 1' (or a restricted list that excludes VLANs 10 and 20), either accidentally or as part of a previous change. This causes SW2 to drop all frames tagged with VLAN 10 or 20, even though SW1 is sending them.

Resolution

On SW2, reconfigure the trunk to allow all VLANs or specifically add VLANs 10 and 20. 1. Enter interface configuration mode: interface GigabitEthernet0/1 2. Allow all VLANs: switchport trunk allowed vlan all OR specifically add VLANs 10 and 20: switchport trunk allowed vlan add 10,20 3. Exit and save configuration: end copy running-config startup-config

Verification

Run 'show interfaces trunk' on SW2. Expected output should show VLANs 10 and 20 in the allowed list: Port Vlans allowed on trunk Gi0/1 1-1005 Port Vlans allowed and active in management domain Gi0/1 1,10,20 Then test connectivity: ping from a host in VLAN 10 to a host in VLAN 20. The ping should succeed.

Prevention

1. Use a consistent trunk configuration template across all switches, preferably allowing only required VLANs to reduce unnecessary broadcast traffic. 2. Document all trunk port configurations and review changes before applying. 3. Implement a change management process that includes verification steps after trunk modifications.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario appears in troubleshooting questions where you must identify why VLAN traffic fails across a trunk. The exam tests your ability to interpret 'show interfaces trunk' output and recognize allowed VLAN misconfigurations. A common multiple-choice question presents a scenario with symptoms and asks for the root cause or corrective command.

Exam Tips

1.

Memorize the 'show interfaces trunk' command and its key fields: Mode, Encapsulation, Status, Native VLAN, and allowed VLAN list.

2.

Remember that a native VLAN mismatch causes CDP errors and can disrupt traffic, but the most common trunk issue is an incorrect allowed VLAN list.

3.

In the exam, if you see a trunk that is up but VLAN traffic fails, always check the allowed VLAN list on both ends first.

Commands Used in This Scenario

show interfaces switchport

Displays the administrative and operational status of a switch port, including VLAN membership, trunking mode, and access VLAN, used to verify VLAN configuration and port security settings.

show interfaces trunk

Displays trunk interface status, allowed VLANs, and pruning information for all trunk ports on a Cisco switch, used to verify trunking configuration and VLAN membership.

show vlan brief

Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports, used to quickly verify VLAN configuration and port assignments.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions