Switch And Vlan Troubleshooting

Category: Network Troubleshooting
Type: Network Tools & Commands
Generated on: 2025-07-11 01:38:16
For: Network Engineering, Administration & Technical Interviews

This cheatsheet provides a practical guide to troubleshooting switch and VLAN issues using common network tools and commands. It covers syntax, examples, and troubleshooting scenarios for network administrators and engineers.

1. Tool Overview

Tool/Command	Description	When to Use
`ping`	Verifies basic IP connectivity to a device.	Initial connectivity testing, checking network reachability.
`traceroute` / `tracert`	Traces the route packets take to a destination.	Identifying network hops, pinpointing where connectivity breaks down.
`arp`	Displays and manages the ARP cache.	Checking MAC address to IP address mappings, troubleshooting ARP resolution issues.
`ip` (Linux) / `ipconfig` (Windows)	Displays and configures network interfaces, routing tables, and addresses.	Verifying interface status, IP address assignments, and routing information.
`show vlan` (Cisco) / `display vlan` (Huawei)	Displays VLAN configuration and membership.	Verifying VLAN assignments, checking VLAN status, troubleshooting VLAN misconfigurations.
`show mac address-table` (Cisco) / `display mac-address` (Huawei)	Displays the MAC address table, showing which MAC addresses are learned on each port.	Identifying the port a device is connected to, troubleshooting MAC address flooding or flapping.
`tcpdump` / `Wireshark`	Packet capture and analysis tools.	Deep packet inspection, troubleshooting protocol issues, analyzing network traffic.
`show spanning-tree` (Cisco) / `display stp` (Huawei)	Displays Spanning Tree Protocol (STP) status and configuration.	Troubleshooting STP loops, identifying root bridges, verifying port roles.
`mtr` (Linux/macOS) / `pathping` (Windows)	Combines ping and traceroute functionality.	Identifying packet loss and latency along a network path.

2. Basic Syntax

ping:
Terminal window
```
ping <destination_ip_or_hostname>
```

traceroute / tracert:

traceroute <destination_ip_or_hostname>  # Linux/macOS
tracert <destination_ip_or_hostname>     # Windows

arp:

arp -a  # Display all ARP entries
arp -n <ip_address> # Display ARP entry for specific IP

ip (Linux):

ip addr show <interface>   # Show IP address information for an interface
ip route show              # Show the routing table

ipconfig (Windows):

ipconfig /all              # Show all IP configuration details
ipconfig /flushdns          # Clear DNS cache
ipconfig /renew            # Request a new IP address from DHCP

show vlan (Cisco):
Terminal window
```
enable
show vlan brief
```
display vlan (Huawei):
Terminal window
```
display vlan
```

show mac address-table (Cisco):

show mac address-table
show mac address-table address <mac_address>
show mac address-table interface <interface>
show mac address-table vlan <vlan_id>

display mac-address (Huawei):

display mac-address
display mac-address mac-address <mac_address>
display mac-address interface <interface>
display mac-address vlan <vlan_id>

tcpdump:

tcpdump -i <interface> -n -v  # Capture all traffic on an interface
tcpdump -i <interface> -n -v port <port_number>  # Capture traffic on a specific port
tcpdump -i <interface> -n -v host <ip_address>  # Capture traffic to/from a specific host

show spanning-tree (Cisco):

show spanning-tree vlan <vlan_id>
show spanning-tree summary

display stp (Huawei):

display stp brief
display stp vlan <vlan_id>

mtr:
Terminal window
```
mtr <destination_ip_or_hostname>
```
pathping:
Terminal window
```
pathping <destination_ip_or_hostname>
```

3. Practical Examples

Example 1: Basic Connectivity Test

ping 192.168.1.1

Expected Output:

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.500 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.450 ms
...

Example 2: Tracing Route to Google DNS

traceroute 8.8.8.8

Expected Output:

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.1.1  1.000 ms  1.100 ms  1.200 ms
 2  10.0.0.1  5.000 ms  5.100 ms  5.200 ms
 3  ...

Example 3: Checking VLAN Membership (Cisco)

Switch# show vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
10   VLAN10                           active    Gi0/5, Gi0/6
20   VLAN20                           active    Gi0/7, Gi0/8

Example 4: Checking MAC Address Table (Huawei)

<Switch> display mac-address vlan 10
-------------------------------------------------------------------------------
MAC Address    VLAN ID  Learned-From                Aging Time(s)  Interface
-------------------------------------------------------------------------------
00e0-fc12-3456 10       GE0/0/1                     aging          GE0/0/1
00e0-fc78-9abc 10       GE0/0/2                     aging          GE0/0/2
-------------------------------------------------------------------------------
Total matching entries found: 2

Example 5: Capturing HTTP Traffic (tcpdump)

tcpdump -i eth0 -n -v port 80

Sample Output:

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:30:00.123456 IP 192.168.1.100.50000 > 192.168.1.1.80: Flags [S], seq 1234567890, win 65535, options [mss 1460,nop,wscale 7,nop,nop,TS val 123456789 ecr 0,sackOK,eol], length 0
14:30:00.123500 IP 192.168.1.1.80 > 192.168.1.100.50000: Flags [S.], seq 987654321, ack 1234567891, win 65535, options [mss 1460,sackOK,TS val 123456789 ecr 123456789,nop,wscale 7], length 0
...

4. Common Options

Tool/Command	Option	Description
`ping`	`-c <count>`	Send only `count` number of packets.
	`-s <size>`	Specify the packet size.
`traceroute` / `tracert`	`-m <max_hops>`	Set the maximum number of hops.
`arp`	`-d <ip_address>`	Delete an ARP entry (requires root/admin privileges).
`ip` (Linux)	`link set <interface> up/down`	Enable/disable an interface.
	`addr add <ip>/<mask> dev <interface>`	Assign an IP address to an interface.
`ipconfig` (Windows)	`/release`	Release the current IP address.
	`/renew`	Renew the IP address from DHCP.
`tcpdump`	`-i <interface>`	Specify the interface to capture traffic on.
	`-w <filename>`	Write captured packets to a file.
	`-r <filename>`	Read packets from a file.
	`-n`	Don’t resolve hostnames.
	`-v`	Verbose output.
	`-vv`	Very verbose output.
`show spanning-tree` / `display stp`	`vlan <vlan_id>`	Display STP information for a specific VLAN.
`mtr`	`-n`	Disable DNS resolution.
`pathping`	`-n`	Disable DNS resolution.

5. Advanced Usage

Capturing specific traffic with tcpdump:

# Capture traffic between two specific hosts on a specific port
tcpdump -i eth0 -n -v host 192.168.1.100 and host 192.168.1.200 and port 80

Analyzing captured packets with Wireshark:
1. Capture packets using tcpdump -i eth0 -w capture.pcap.
2. Open capture.pcap in Wireshark for detailed analysis.

Troubleshooting routing issues with mtr and pathping:

mtr 8.8.8.8  # Identify latency and packet loss along the path to Google DNS
pathping 8.8.8.8 # Windows alternative for identifying latency and packet loss.

Isolating issues using specific VLAN IDs:

show mac address-table vlan 10 # Check for MAC address learning in a specific VLAN

6. Troubleshooting Scenarios

Scenario 1: No Connectivity to a Device
1. Check Physical Layer: Verify cable connections, port status (up/down).
2. Ping: ping <device_ip> to check basic IP connectivity.
3. ARP: arp -a to check if the device’s MAC address is in the ARP cache. If not, there might be an ARP resolution issue.
4. Traceroute: traceroute <device_ip> to identify where the connection breaks down.
5. VLAN: Verify the device is in the correct VLAN. Use show vlan brief (Cisco) or display vlan (Huawei).
6. MAC Address Table: Use show mac address-table address <device_mac> (Cisco) or display mac-address mac-address <device_mac> (Huawei) to find the port the device is connected to.
7. Firewall: Ensure no firewall rules are blocking traffic.
Scenario 2: VLAN Misconfiguration
1. Verify VLAN Assignments: Use show vlan brief (Cisco) or display vlan (Huawei) to check if ports are assigned to the correct VLANs.
2. Trunk Ports: Ensure trunk ports are configured correctly to carry the necessary VLANs. Use show interface trunk (Cisco) or display interface trunk (Huawei)
3. Native VLAN: Verify the native VLAN is configured correctly on trunk ports. Mismatched native VLANs can cause connectivity issues.
4. VLAN IDs: Ensure VLAN IDs are consistent across the network.
Scenario 3: Spanning Tree Loop
1. Identify Root Bridge: Use show spanning-tree summary (Cisco) or display stp brief (Huawei) to identify the root bridge. The root bridge should have the lowest bridge ID.
2. Check Port Roles: Use show spanning-tree vlan <vlan_id> (Cisco) or display stp vlan <vlan_id> (Huawei) to check the port roles (Root, Designated, Alternate, Blocking). Blocking ports are expected in a stable STP topology.
3. PortFast: Ensure PortFast is enabled on access ports (ports connected to end devices, not other switches).
4. BPDU Guard: Consider enabling BPDU Guard on PortFast enabled ports to prevent rogue switches from injecting BPDUs and disrupting the STP topology.
Scenario 4: Slow Network Performance
1. Ping with Varying Packet Sizes: ping -s <size> <destination> to check for packet fragmentation issues.
2. MTR/Pathping: Use mtr or pathping to identify latency and packet loss along the network path.
3. Interface Utilization: Monitor interface utilization on switches to identify potential bottlenecks. (Vendor-specific commands and SNMP tools are needed for this)
4. QoS: Check Quality of Service (QoS) configurations to ensure traffic is being prioritized correctly.
Scenario 5: MAC Address Flapping
1. Check MAC Address Table: Use show mac address-table address <mac_address> (Cisco) or display mac-address mac-address <mac_address> (Huawei) to see which ports the MAC address is being learned on. If the MAC address is rapidly moving between ports, it indicates a MAC address flapping issue.
2. Isolate the Source: Disconnect devices one by one to identify the source of the flapping MAC address.
3. Possible Causes: Virtualization environments (VM migration), loops, misconfigured devices.

7. Output Interpretation

ping: High latency or packet loss indicates network congestion or connectivity issues.
traceroute / tracert: * * * indicates a hop where the router did not respond within the timeout. High latency at a specific hop indicates a problem at that router or link.
arp: Incorrect MAC address mappings can indicate IP address conflicts or ARP poisoning.
show vlan / display vlan: Incorrect VLAN assignments can cause devices to be unable to communicate.
show mac address-table / display mac-address: A MAC address appearing on multiple ports indicates a potential loop.
tcpdump: Analyze packet headers to identify protocol issues, malformed packets, or unauthorized traffic.
show spanning-tree / display stp: Unexpected port roles or root bridge elections can indicate STP misconfigurations or loops.
mtr / pathping: Identify hops with high latency or packet loss to pinpoint network problems.

8. Security Considerations

arp: Be cautious when using arp -d to delete ARP entries. Incorrectly deleting entries can disrupt network connectivity. ARP spoofing is a security risk.
tcpdump: Be mindful of capturing sensitive data (passwords, credit card numbers). Capture only the necessary traffic and store captured files securely. Restrict access to captured files.
Switch Configuration: Secure switch configurations by using strong passwords, enabling SSH, and disabling unnecessary services. Implement VLAN security measures such as private VLANs and port security.
Spanning Tree: Protect against BPDU attacks by enabling BPDU Guard on PortFast enabled ports.
Remote Access: Use secure protocols (SSH, HTTPS) for remote access to network devices.

9. Platform Differences

Linux: Uses ip command for network configuration. traceroute is the standard traceroute command.
Windows: Uses ipconfig for network configuration. tracert is the traceroute command. pathping combines ping and traceroute functionality.
macOS: Uses ifconfig (deprecated, use ip when possible) for network configuration. traceroute is the standard traceroute command.
Switch CLI: Command syntax varies depending on the vendor (Cisco, Huawei, Juniper, etc.). Refer to the vendor documentation for specific commands and options. The examples in this cheatsheet primarily use Cisco and Huawei syntax.

This cheatsheet is a starting point for troubleshooting switch and VLAN issues. Always consult vendor documentation and network diagrams for more specific information. Remember to document your troubleshooting steps and findings for future reference.