Solved: Vlan traffic goes to all trunk ports on a switch

rakuten02 · ‎05-31-2021

If a vlan is not configured as an access vlan for any of the interfaces and there are 3 trunk interfaces, will this vlan traffic go out to all 3 trunk interfaces?

Eg:

L3 switch 1

vlan 100

ip address 111.10.122.2 255.255.255.0

L3 switch 2

vlan 100

ip address 111.10.122.3 255.255.255.0

There is a trunk port connecting both switches. 2 other trunk ports to other switches.

If I ping 111.10.122.3 from L3 switch 1, the ping packet will go out on all 3 trunk interfaces and wait for whichever trunk port return ping packet?

Martin L · ‎06-01-2021

i don't recall if you should see arp reply on your side with debug arp. you will not see anything if MAC to IP is already in arp cash. well, if you do not get reply for arp request, then you have failure.

first of all, check if interface vlan 100 is up up on both switches. if it is down, u need an active access port in vl100 or on trunk port or add switchport autostate exclude command.

check vlan 100 is present in vlan database and allowed on trunks and switches it needs to be in order to get to destination. check ip arp cash with show ip arp command and clear ip arp cash in case there are stalled mappings.

check stp for blocking ports.

Regards, ML
**Please Rate All Helpful Responses **

View solution in original post

Martin L · ‎05-31-2021

The process depends if that is your first time ping or not. When ARP cash is empty, anything from Layer 7 (DHCP, DNS, HTTP) or L3 (ICMP aka ping) will send ARP frame first before the actual initiating packet. This is in order to fetch MAC address of destination or next hop router (aka gateway). You know destination IP and your own source IP and source MAC but you do not know destination MAC address which is needed to encap IP into frames. Media such Ethernet use MACs to forward frames. So, ARP frame will go out on all trunk that vlan 100 is allowed to pass and even to all access ports in vl 100 and yes we wait for whichever port returns ARP back .

Next time, ARP table will have IP to MAC match, so ARP request is not needed.

Since those IPs are on the same network, no default gateway is used or needed, we just need MAC of 111.10.122.3. You can see those mappings on your PC with CMD arp -a.

Can you guess what happen on return ping?

Also, switches have and use MAC address tables to forward frames. but that's another story.

Regards, ML
**Please Rate All Helpful Responses **

rakuten02 · ‎06-01-2021

Thanks for the clear reply!

I did a debug arp when I ping from sw1 to sw2, and it show only arp request but no return arp response.

What could be the reason for the arp failure, which led to the ping failure.

Martin L · ‎06-01-2021

i don't recall if you should see arp reply on your side with debug arp. you will not see anything if MAC to IP is already in arp cash. well, if you do not get reply for arp request, then you have failure.

first of all, check if interface vlan 100 is up up on both switches. if it is down, u need an active access port in vl100 or on trunk port or add switchport autostate exclude command.

check vlan 100 is present in vlan database and allowed on trunks and switches it needs to be in order to get to destination. check ip arp cash with show ip arp command and clear ip arp cash in case there are stalled mappings.

check stp for blocking ports.

Regards, ML
**Please Rate All Helpful Responses **