Hi,

I'm seeing unicast traffic on ports which it should not reach.

The management VLAN is configured as VLAN 16.

A router (in this case an AS5300 running IOS 11.3(11b)T2) is attached to port FastEthernet 0/9 on the 2924XL. The port is configured as a multi-VLAN port (in VLANs 1,3 and 98).

Various servers are connected to the other ports in VLANs 3 and 98, and Fa 0/24 is connected to a 3512XL (VLAN 1 at both ends).

Any machine (all but one runs Linux 2.4.x with either VIA Rhine or DEC Tulip ethernet hardware - the exception is a Sun Ultra 10 running Solaris 8) on a port in VLAN 98 sees all traffic destined for the router from MOST other machines in VLAN 98.

The router is routing the traffic correctly. The frames have, according to tcpdump on any of the machines at least, the correct ethernet address of the router.

The switch has the router's ethernet address in its dynamic MAC address table and has assigned it to the correct VLANs.

port block unicast on any of the server ports stops this traffic showing up. Which suggests to me that the switch thinks it doesn't know the router's address.

Help? :)

Config extracts:

interface FastEthernet0/9

description Aphrael (core router)

port storm-control broadcast action filter

port storm-control broadcast threshold rising 128 falling 96

port storm-control multicast action filter

port storm-control multicast threshold rising 32 falling 16

switchport multi vlan 1,3,98

switchport mode multi

!

interface FastEthernet0/10

description Vanion

port storm-control broadcast action filter

port storm-control broadcast threshold rising 128 falling 96

port storm-control multicast action filter

port storm-control multicast threshold rising 32 falling 16

switchport access vlan 98

spanning-tree portfast

no cdp enable