Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2281
Views
0
Helpful
7
Replies

vlan leak into other vlans

originalCox
Level 1
Level 1

‎11-27-2020 12:53 AM

have been trying to troubleshoot our network. problem is, vlans used to communicate in their respective vlan IDs. but after deployment of cisco ISE, the vlans started overlapping where by a vlan like vlan 40 for data allows traffic for internet vlan 50 and vice verser. end after powering down the cisco ISE, the problem is still there. what could be the possible problem and solution here?

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎11-27-2020 02:05 AM

Check your ISE Deployment, make sure you have correct Matrix and Right VLAN Tagged to 40 or 50, is the IP address coming to right IP address where 40 and 50,

 

Is this working before ISE deployment ?

is this till issue after you remove dot1.x deployment ?

if your switch configured for Openfail that mean it should work as expected.

connect laptop and check with VLAN 50 and 40 has correct IP address where they belong to is the starting point

 

provide more information and config of the switch VLAN 40 and 50 also IP address to understand better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

originalCox
Level 1
Level 1
In response to balaji.bandi

‎11-29-2020 10:21 PM

everything was fine before ise deployment. but after ise deployment, vlans started seeing each other and leaking into each other. The problem now is that , we have shutdown Cisco ise for the moment to find out the problem. but even after shutting down the ise, the problem has remained there on the network from the distribution switches all the way to the access switches that were configured with ise client settings

0 Helpful

pieterh
VIP
VIP

‎11-27-2020 07:40 AM - edited ‎11-27-2020 07:41 AM

I don't think ISE itself is the problem. there will have been another network config change to implement ISE
but you provide very little specific information about your topology. and the problem

- what traffic do you observe?
- where does it come from? (host, mac address switchport)
- where should it come from?
First check if no-one connected a vlan40 port into a vlan50-port !

and than again you do not have any routing from vlan40 to vlan50 ?

0 Helpful

originalCox
Level 1
Level 1
In response to pieterh

‎11-29-2020 10:23 PM

traffic is normal but the ise client settings are still there

0 Helpful

MHM Cisco World
VIP
VIP

‎11-27-2020 09:30 AM

I think the problem is on dACL from ISE

ISE dACL make connection between both VLAN

0 Helpful

originalCox
Level 1
Level 1
In response to MHM Cisco World

‎11-29-2020 10:23 PM

well, we shut down cisco ise but problem is still there on distribution and access switches

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-30-2020 12:17 AM

If the ACL if already distributed on working port with ISE policy, that need to be removed to work. by removing ISE or shutdown the ISE may not work.

 

please post one of the configs of the switch to understand what changes ISE made?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card