Inter VLAN routing Troubleshooting

Campus, General, Support & Troubleshoot Leave a comment

.

The commands below are shown for a Juniper EX series model, but the troubleshooting is relevant for any platform.

These are the requirements for the VLAN interface to be up/up:

      • The VLAN must exist in the VLAN database and must be active.
      • At least one port must be assigned to the VLAN.
      • The VLAN must contain an active device.

The VLAN interface (like any other interface) has layer-1 and layer-2 state. The layer-1 state is displayed in the Status column of the show ip interface brief command, the layer-2 state in the Protocol column. Default behaviour is to not bring up the routed VLAN interface if there are no active VLAN ports.

A VLAN interface is always up, but its line protocol state tracks the state of attached ports: if at least one port is operational, the line protocol of the VLAN interface is up, otherwise it’s down. With no ports assigned to a VLAN, the line protocol of the VLAN interface is down, its IP address is not in the IP routing table and thus you cannot ping it.

The VLAN Interface is Down

You may have a problem when configuring VLAN interfaces.

Symptom Possible Cause Solution
The VLAN interface is down. The VLAN does not exist. Use the show vlan command to determine if the VLAN exists. Use the vlan command to create the VLAN.
No interfaces on the VLAN are in the STP forwarding state. Use the show vlan internal vlan-info command to check the operating state of the Spanning Tree Protocol (STP). Configure STP so that at least one interface goes into the STP forwarding state.
One or more services prevented the VLAN interface from coming up. Use the show vlan internal vlan-info command to determine the state of the VLAN interface. If the state is oper-es, use the show tech-support interface vlan command to gather more information.
The VLAN is a secondary VLAN. Use the show vlan internal vlan-info command to determine the state of the VLAN interface. Change the VLAN to a primary or user VLAN.
The interface is in the wrong VRF. Use the show vrf interface command to determine the interface that the VLAN interface is assigned to.

 

    • VLANs created and Associated with correct interfaces: Show Vlan = VLANs and ports. Ensure that VLANs exist, the port has been assigned to it, and the port is the correct one to which your intended end device is connected. 

 
>show vlans

Name           Tag       Interfaces

default                         ge-0/0/1.0, ge-0/0/2.0, ge-0/0/4.0, ge-0/0/5.0,

sales             100        ge-0/0/0.0*, ge-0/0/3.0, ge-0/0/20.0, ge-0/0/22.0

support         200         ge-0/0/0.24, ge-0/0/26.0, ge-0/0/44.0, ge-0/0/46.0*

 

    • Physical int status: Show interfaces terse : At least one port (access or trunk) with that vlan assigned to it must be “up” for the layer 3 vlan interface to be up.
    • VLAN int status (admin & link):

 
>show interfaces vlan terse

Interface               Admin Link Proto    Local                 Remote
vlan                                up    up
vlan.111                up    up   inet     111.111.111.1/24
 .

    • Intra VLAN Switching : Show Ethernet-switching tableend station MACs learned on what ports for what VLANs = what VLANs bound to what ports . Confirm that frames can be switched within the same VLAN by the switch. the Ether switching table, also called the Bridge table or MAC Address table, is the MAC address to Port+VLAN binding. In contrast  your ARP table is your IP to MAC Address binding. For Inter-VLAN routing to work successfully, your ARP table should have correct IP-to-MAC binding for your source & destination hosts, and your Bridge Table should have the correct MAC-to-Port bindings for them as well. This whole learning process for ARP & Bridge table is taken care of automatically by the switch, you just have to take a quick look at the tables to ensure the bindings it has learned are correct & valid. If it has not learned a binding you would expect it to, then you have found out where the problem is.

 
> show ethernet-switching table

Ethernet-switching table: 8 entries, 5 learned

VLAN              MAC address           Type             Age Interfaces

sales             *                                    Flood          – All-members

sales             00:00:5e:00:07:09      Learn          – ge-0/0/0.0

support           *                                   Flood          – All–members

support           00:00:5e:00:01:01    Learn          – ge-0/0/46.0

.

    • Inter VLAN ROUTING: show ARP = IP to MAC mapping. check if you see ARP entries for the IPs you are trying to access. The table below shows the MAC addresses mapped to the IP Address of the Layer 3 SVI (Switch Virtual Interface) for the VLAN, i.e. the VLAN interface IP address. In Contrast to the previous command for Bridge table, Here, you are ensuring that traffic can route between one VLAN and another, i.e. if your host is in one VLAN and the destination in another VLAN, then the traffic can be routed from the first VLAN’s interface, into the second VLAN’s interface and on to the host, and vice verca. 


> show arp

MAC Address                Address         Name            Flags

00:00:0c:06:2c:0d        192.0.2.3          vlan.0            None
00:13:e2:50:62:e0        192.0.2.11       vlan.1            None

.

    • L3 forwarding route: Show route : Verify routes via logical Vlan interfaces. Have a quick look at the route table to see if the locally declared L3 VLAN interfaces are present here, and are listed as routable. 

 

.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s