VLAN Assignment Issues
- when you configure a VLAN,
- the switch ports assigned to that VLAN are in a segmented network
- VLAN is likely to be assigned its own subnet address
- any device connecting to a port in the VLAN must have an appropriate IP configuration for that subnet
- i.e., IP address, subnet mask, default gateway, DNS servers
- hosts in the VLAN must use the router to contact other VLANs or other remote hosts
- VLAN’s router is likely configured as a virtual interface
- if router has a single physical trunk link to the switch hosting the VLAN,
- then that virtual interface will be configured as a subinterface of the physical interface
- i.e.,
interface G0.16
- If a layer 3 switch is used to implement the VLAN,
- the default gateway address will usually be configured as a Switched Virtual Interface (SVI)
- i.e.,
interface VLAN16
- i.e.,
- use
showcommands on the router or switch to verify:- parameters have been set correctly
- ports have been assigned to the correct VLANs
- the default gateway address will usually be configured as a Switched Virtual Interface (SVI)
- if router has a single physical trunk link to the switch hosting the VLAN,
- host must be physically connected to the correct switch port configured with the appropriate VLAN ID
- if it has correct VID, and the host is still assigned to the wrong VLAN,
- suspect a physical cabling problem
- verify the cable from the patch panel is connected to the correct switch port
- if continued problems,
- verify that the patch panel labeling correctly identifies the wall jack that the computer is connected to
- if it has correct VID, and the host is still assigned to the wrong VLAN,
- If cannot diagnose issue by looking at configuration:
- use
pingto test connectivity - use same process as you would with physical LAN:
- ping the loopback address, then the host’s own IP address
- verifies that TCP/IP is working and the host IP is configured correctly
- Ping the default gateway to verify it is contactable
- optionally, also ping another host on the same VLAN/subnet to verify that local communications can be established
- if cannot ping the default gateway, look for a problem with either the host or switch/router configuration
- if can rule out one of these and no connectivity with any local hosts, check:
- patch cable for the workstation’s wall port is connected to the correct switch port
- for physical cabling issues
- ping a remote host or server to verify that routing is available
- if cannot ping any remote hosts,
- verify the switch and router configuration
- determine if the problem is isolated to single VLAN or spread across network
- if can ping some remote hosts but not others, use
tracerouteto determine cause
- if cannot ping any remote hosts,
- ping the loopback address, then the host’s own IP address
- use
Info
- hosts in each VLAN must be able to reach DHCP servers and DNS servers
- one option is to place these hosts within the VLAN
- but could mean provisioning more servers
- typically will be in a server VLAN
- hosts in the client VLAN must use the default gateway to contact
- DHCP relay must also be configured