1
00:00:08,880 --> 00:00:15,000
This is one of multiple LAN or local area network troubleshooting videos.

2
00:00:15,450 --> 00:00:22,230
In this video, we have four switches running in GNS3 switch 1 and switch 2 are configured

3
00:00:22,260 --> 00:00:28,990
as layer 3 switches, switch 3 and switch 4 are configured as layer 2 switches.

4
00:00:29,130 --> 00:00:32,170
So I could change the symbol as an example

5
00:00:35,510 --> 00:00:39,610
to indicate that that's a layer 2 switch.

6
00:00:39,630 --> 00:00:50,410
However, these four switches are running IOS VLAN 2

7
00:00:50,560 --> 00:00:56,150
and what I've done is simply disable IP routing on switch 3 and switch 4.

8
00:00:56,440 --> 00:01:05,220
So we have four switches in the topology and two IOS V routers, router 1 and router 2 acting as PCs.

9
00:01:05,260 --> 00:01:10,250
This is a very simple topology where we have a core and an access Layer.

10
00:01:10,540 --> 00:01:15,700
Typically you would connect the core to the access layer using cross-connects.

11
00:01:15,940 --> 00:01:18,590
I'm not gonna do that in this trouble shooting video.

12
00:01:18,610 --> 00:01:26,770
Have a look in my CCNA course which is linked below for a more complex topology running HSRP optimized

13
00:01:26,830 --> 00:01:33,460
spanning-tree redundancy between the core and the access layer and multiple other options that this

14
00:01:33,460 --> 00:01:37,400
network will suffice for our basic troubleshooting.

15
00:01:37,410 --> 00:01:44,670
So now let's assume that a new hire has made some configuration changes on the network and users are

16
00:01:44,670 --> 00:01:48,410
complaining about a network connectivity issues.

17
00:01:49,070 --> 00:01:58,130
You've been told that this user 10 121 in VLAN 2 is unable to ping this user that has a PC

18
00:01:58,130 --> 00:02:04,670
with IP address 10.1.3.2 in VLAN 3 you've been told that switch 3

19
00:02:04,670 --> 00:02:08,000
is connected to switch 1 as follows.

20
00:02:08,000 --> 00:02:14,920
Switch 1 is connected to switch 2 and switch 2 is connected to switch 4 but as Ronald Reagan 

21
00:02:14,920 --> 00:02:17,960
said "Trust but verify"

22
00:02:18,370 --> 00:02:24,520
and what I like to say is don't trust anything that you've been told about a network until you've checked

23
00:02:24,520 --> 00:02:25,980
it yourself.

24
00:02:26,050 --> 00:02:37,300
So in our topology router 1 is acting as PC 1, show IP interface brief shows us the IP address on

25
00:02:37,510 --> 00:02:44,760
the gigabit interface that looks right, the IP address looks right, subnet mask looks right.

26
00:02:44,940 --> 00:02:58,490
Let's see if we can ping 10.1.3.2 which is the IP address of router 2 acting as PC 2.

27
00:02:58,540 --> 00:03:00,530
Okay so the ping is failing.

28
00:03:00,640 --> 00:03:03,370
We don't seem to be able to ping that device.

29
00:03:03,610 --> 00:03:05,240
So that piece of information is true.

30
00:03:05,350 --> 00:03:13,960
Show IP route shows us no routes in the routing table but it shows us that the default gateway is set

31
00:03:13,960 --> 00:03:22,020
to 10.1.2.254.

32
00:03:22,020 --> 00:03:29,660
Now that's because IP routing has been disabled on this router. In this topology, we've got router 1 acting as

33
00:03:29,660 --> 00:03:31,010
a PC.

34
00:03:31,010 --> 00:03:36,070
So when IP routing is disabled this is what the routing table looks like.

35
00:03:37,190 --> 00:03:41,610
The default gateway has been configured on the PC so that's good.

36
00:03:41,660 --> 00:03:45,720
Let's check if we can ping the default gateway, Yes we can.

37
00:03:46,660 --> 00:03:50,170
Now where is the default gateway.

38
00:03:50,230 --> 00:03:53,040
We could try and telnet to the default gateway

39
00:03:56,590 --> 00:04:00,470
and let's try and telnet to the right IP address.

40
00:04:00,520 --> 00:04:06,370
So the device is there but we're told that a password is required but none is set.

41
00:04:06,460 --> 00:04:11,980
So hopefully the default gateway and this typologies either switch one or switch to which all of the

42
00:04:12,100 --> 00:04:21,720
core layer 3 switches. So here's switch 1 show IP interface brief we can see that VLAN 1, VLAN 2 and VLAN 

43
00:04:21,730 --> 00:04:24,440
3 have an IP address configure

44
00:04:24,550 --> 00:04:27,950
and that's the IP address on VLAN 2.

45
00:04:28,390 --> 00:04:32,950
So these should be the device that the PC is pinging.

46
00:04:33,040 --> 00:04:40,560
I'll do a debug IP ICMP on that switch and get the PC to ping the default gateway.

47
00:04:40,570 --> 00:04:45,640
Now you need to be careful with debugging in a real world environment.

48
00:04:45,740 --> 00:04:52,360
Here because we're studying for the CCNA we can simply enable any debug command because that'll help you

49
00:04:52,360 --> 00:04:54,680
learn the debugs that are available.

50
00:04:54,880 --> 00:05:02,570
But in the real world be careful with simply enabling a debug especially on a core device.

51
00:05:02,620 --> 00:05:09,680
You may get so much output on the console that you can't read anything or in a very bad situation

52
00:05:09,700 --> 00:05:13,260
the device may fall over so we don't want that.

53
00:05:13,700 --> 00:05:16,610
So in the real world be careful with debugging.

54
00:05:17,060 --> 00:05:24,100
Okay, so the pings do arrive on this default gateway so that's good.

55
00:05:25,280 --> 00:05:30,430
I'm gonna turn off IP domain look up in the lab here to make things happen quicker

56
00:05:31,190 --> 00:05:42,150
and then what we'll do is trace 10.1.3.2  which should be PC 2 in our topology.

57
00:05:42,220 --> 00:05:43,430
Let's see how far it gets.

58
00:05:43,450 --> 00:05:51,360
So it gets to the default gateway which we've now determined the switch 1.

59
00:05:51,360 --> 00:06:00,030
So what we should do is update the documentation so we could say that these are the IP addresses on

60
00:06:00,030 --> 00:06:03,740
the VLANs of that switch.

61
00:06:06,310 --> 00:06:13,300
That once again can be seen on switch 1 by using the show IP interface brief command

62
00:06:13,560 --> 00:06:15,060
and there they are once again.

63
00:06:19,030 --> 00:06:27,270
The trace route shows us that the traffic gets to the default gateway but then doesn't go anywhere else.

64
00:06:28,590 --> 00:06:34,360
Let's check if PC 2 can ping its default gateway.

65
00:06:34,460 --> 00:06:43,250
Now a test I like to do is to make sure that the local device can ping the other VLAN of the default

66
00:06:43,250 --> 00:06:44,240
gateway.

67
00:06:44,240 --> 00:06:56,020
So in other words this PC is in VLAN 2 it's in subnet 10 120 and I'm checking that it could ping

68
00:06:56,500 --> 00:07:02,200
the subnet of the device that we're trying to go to but this is the IP address of the default gateway in

69
00:07:02,220 --> 00:07:03,840
that VLAN.

70
00:07:03,850 --> 00:07:11,150
In other words, we've proven that inter VLAN routing is working on the layer 3 switch but now let's

71
00:07:11,150 --> 00:07:17,720
check the connectivity of PC 2, can it get to its default gateway?

72
00:07:17,780 --> 00:07:28,020
So this is router 2 acting as PC 2 show IP interface brief IP address looks right per the diagram subnet

73
00:07:28,020 --> 00:07:32,670
mask looks right now that information is once again not shown in the diagram.

74
00:07:32,800 --> 00:07:42,630
So we'd wanna add that somewhere and you may wanna add that on individual devices or make a note

75
00:07:42,630 --> 00:07:51,450
somewhere that the subnets have a /24 mask, show IP route shows us the default gateway of PC 2.

76
00:07:51,600 --> 00:07:57,050
So can it ping its default gateway?

77
00:07:57,090 --> 00:07:58,870
No, it can't.

78
00:07:58,930 --> 00:08:04,250
So there's something wrong either here or here

79
00:08:05,480 --> 00:08:15,390
or here. Let's have a look at switch 4, switch 4 is the local access switch, show IP interface brief.

80
00:08:15,480 --> 00:08:22,260
It has an IP address of 10 1114, can it ping switch 1 in VLAN 1?

81
00:08:22,290 --> 00:08:31,230
Yes, it can, show IP route default gateway is 10.1.1.254, can it ping 10.

82
00:08:31,230 --> 00:08:40,659
1.3.254? Yes it can, can it ping the PC in VLAN 3?

83
00:08:40,789 --> 00:08:42,870
No it can't.

84
00:08:42,880 --> 00:08:49,210
So this switch could ping the default gateway inter-VLAN routing is working on the default gateway but

85
00:08:49,240 --> 00:08:57,030
it can't ping this PC. Traffic from the switch to this PC you'd have to traverse to here to get to the default

86
00:08:57,030 --> 00:08:59,580
gateway and then it would have to come back again.

87
00:09:00,940 --> 00:09:09,460
Let's confirm the ports on switch 4, so firstly show IP interface brief, let's confirm that interfaces

88
00:09:09,460 --> 00:09:09,970
are up.

89
00:09:09,980 --> 00:09:14,360
All interfaces look up including gigabit 01

90
00:09:17,610 --> 00:09:21,340
that interface is up gigabit 00 is up.

91
00:09:21,490 --> 00:09:26,310
Which is the link to the core network pings did work previously so, 

92
00:09:26,530 --> 00:09:30,930
so we have an indication that those interfaces are already up and working.

93
00:09:31,090 --> 00:09:38,400
Interface trunk is a trunk to the core on gigabit 0 that looks good.

94
00:09:38,400 --> 00:09:46,300
Let's have a look at the gigabit 01 interface, so show interface gigabit 01 switch port this interface

95
00:09:46,300 --> 00:09:51,430
should be in VLAN 3. Can you see the problem in this out

96
00:09:51,430 --> 00:09:54,770
put? Interface name is gigabit

97
00:09:54,770 --> 00:10:00,290
01 it's enabled us to switch port administer of mode is dynamic auto.

98
00:10:00,630 --> 00:10:08,820
It's currently acting as a static access port so dynamic trunk protocol or DTP did not negotiate to

99
00:10:08,820 --> 00:10:10,080
form a trunk.

100
00:10:10,170 --> 00:10:16,030
So DTP is on but there wasn't a switch to negotiate trunking with.

101
00:10:16,260 --> 00:10:27,190
Notice the problem access mode VLAN is 1, show run interface gigabit 01 this port is 

102
00:10:27,200 --> 00:10:29,500
not in VLAN 3.

103
00:10:32,500 --> 00:10:33,290
Interface gigabit

104
00:10:33,330 --> 00:10:37,530
01 is currently in VLAN 1.

105
00:10:37,540 --> 00:10:49,040
So switch port access VLAN 3 show interface gigabit 01 switch port, port is now an access port in

106
00:10:49,040 --> 00:10:52,900
VLAN 3 show run interface gigabit 01,

107
00:10:52,920 --> 00:10:54,920
there's our configuration.

108
00:10:55,470 --> 00:11:02,400
Let's check if the local switch can ping that PC, at the moment it still can't.

109
00:11:02,400 --> 00:11:10,190
It may take a while for spanning tree and other protocols to converge.

110
00:11:10,370 --> 00:11:17,330
So you may just need to wait a bit before you assume that there's a problem but spanning tree at this point

111
00:11:17,330 --> 00:11:18,160
looks good.

112
00:11:18,260 --> 00:11:22,200
So show CDP neighbors.

113
00:11:22,370 --> 00:11:35,220
We can see that router 2 is connected to gigabit 01 using gigabit 00, show interface gigabit 

114
00:11:35,220 --> 00:11:41,670
01 switch port confirms that this port is in VLAN 3.

115
00:11:41,750 --> 00:11:50,070
So let's go back onto the PC and check if it can ping its default gateway.

116
00:11:50,120 --> 00:11:51,120
It can now.

117
00:11:51,350 --> 00:11:57,380
So once again you may just have to wait a little bit before you assume that your change hasn't made any

118
00:11:57,380 --> 00:11:58,110
difference.

119
00:11:59,800 --> 00:12:05,690
Can it ping router 1 acting as PC 1?

120
00:12:05,740 --> 00:12:07,390
Yes, it can.

121
00:12:07,420 --> 00:12:14,460
So it looks like we've solved the problem.

122
00:12:14,490 --> 00:12:20,660
We could trace to the PC which didn't work before that now works.

123
00:12:20,680 --> 00:12:28,450
So previously when we traced to 10 132 it failed at the default gateway

124
00:12:28,570 --> 00:12:35,650
but now it's working and we could do a ping to prove it

125
00:12:38,370 --> 00:12:43,550
and do a debug on this side to prove that the traffic arrives.

126
00:12:43,750 --> 00:12:47,720
So that was an example of how to troubleshoot a local area network.

127
00:12:47,770 --> 00:12:53,880
It can sometimes be complicated to troubleshoot a layer 2 issues but remember to check your interfaces

128
00:12:53,890 --> 00:12:57,900
check your VLANs, check your encapsulations. In other videos

129
00:12:57,910 --> 00:13:01,240
I will show you all the problems that you may encounter.

130
00:13:01,660 --> 00:13:04,390
I need to troubleshoot in this topology.

131
00:13:04,720 --> 00:13:06,350
I hope you enjoyed this video.

132
00:13:06,340 --> 00:13:10,610
If you did please like it and please subscribe to my YouTube channel.

133
00:13:10,900 --> 00:13:12,310
I wish you all the very best.