Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
6
Replies

Inter vlan routting in 6500

salel.munappil
Level 1
Level 1

‎03-19-2003 10:18 AM - edited ‎03-02-2019 05:59 AM

I have 6500 with redundant sup2/msfc

i have configured vlan in msfc

interface Vlan204

ip address 129.1.204.34 255.255.255.0 alt ip address 129.1.204.35 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

standby ip 129.1.204.31

standby timers 1 5

!

interface Vlan205

ip address 129.1.205.34 255.255.255.0 alt ip address 129.1.205.35 255.255.255.0

no ip redirects

no ip route-cache cef

no ip mroute-cache

standby ip 129.1.205.31

standby timers 1 5

I connect client to vlan 204 with following ip address and gateway as example

ip 129.1.204.55/24 and gateway 129.1.205.50

From the client i can reach any where in the netwrok ..what is the reason for this...and how to stop this..Pls note i am using 205 network as my gateway which belong to 205 Vlan

Clients on a particlar Vlan should be able to do inter vlan routing only if they give the correct gateway..

Labels:
0 Helpful
6 Replies 6

mark-obrien
Level 4
Level 4

‎03-19-2003 12:12 PM

It sounds as though the MSFC is set for proxy-ARP. Your client ARPs for the default gateway, and the MSFC sends its MAC address as a response. The interface command "no ip proxy-arp" should stop this behavior if I am correct about the cause.

Let us know how it works.

Mark

0 Helpful

salel.munappil
Level 1
Level 1
In response to mark-obrien

‎03-19-2003 09:44 PM

Hi Mark,

This was the first thing i thought of..i tried using no ip proxy arp....

I have this no ip proxy arp in the vlan interface..

0 Helpful

t.baranski
Level 4
Level 4
In response to salel.munappil

‎03-20-2003 06:25 PM

A sniffer would give a good indication of what's going on here. Is the host running UNIX? If so, run tcpdump with the -e flag and post the output.

0 Helpful

salel.munappil
Level 1
Level 1
In response to t.baranski

‎03-22-2003 11:01 PM

Hi,

I simulated the same scenario in my office with another 6500 with msfc....

If u have 6500 and msfc ...and configure vlans in msfc...the gateway given in the clents can be any adress which has an entry in msfc...

regards

salel MD

0 Helpful

t.baranski
Level 4
Level 4
In response to salel.munappil

‎03-23-2003 07:37 PM

Was proxy-ARP enabled? I don't see how your results could occur otherwise.

Again, a sniffer will tell the story here. What does a given host do when you give it a gateway that is outside it's subnet? Some UNIX variants won't accept such a command in the first place. But on a host that does let you do this, does it ARP for the gateway when sending a non-local packet or does it just ARP for the destination? Either way, something has to respond to the ARP request and I don't see why the 6500 would do so unless proxy-ARP is enabled.

0 Helpful

salel.munappil
Level 1
Level 1
In response to t.baranski

‎03-24-2003 12:06 AM

Hi,

Ip proxy arp is not enabled on any Vlans...

I am having 98,2000,95 OS in all the OS its the same.

When i dont give any gateway i will not be able to reach any PCsin any other Vlan. But if i give an ip adress belonging to any other vlan as gateway i can reach any where in the network...

I dont have any Unix machine...

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card