Hello,

I have a private vlan set up for some IoT devices (PLCs/HMIs/control servos and motors).

This vlan is 192.168.1.0.

I have 3 Cisco IE4000 switches connected to a 3560x up-linked to a 3650x access switch.

Each of the IE4Ks have about 10-12 devices on the 192 vlan.

Each of these devices are configed with static IPs that are the same for each like device throughout the IE4Ks.

For example:

IE4K switch 1 has a PLC with 192.168.1.100

IE4K switch 2 has a PLC with 192.168.1.100

IE4K switch 3 has a PLC with 192.168.1.100

This has to be this way per my Controls manager.

My LAN is on a 172.16.0.0 scheme.

These IE4Ks need to be accessible to my LAN, so I have it as part of my VTP domain but in transparent mode.

On each of the IE4Ks, I have vlan interfaces set up for each 192 and 172 networks.

vlan 172

ip address 172.16.X.X 255.255.255.0

ip helper address 172.16.X.X

vlan 192

ip address 192.168.1.X 255.255.255.0

The 192 devices are getting IP conflicts because the 192 vlan is passing through the IE4K>3560>IE4k.

What's the best/easiest way to keep the 192 vlan traffic confined to each IE4K?

I have a few vlans on the 172 network that also need to traverse the IE4Ks so the up-link is a trunk port.

Could I use the "switchport trunk allowed vlan" command? Allowing only the needed 172 vlans and keeping the 192 traffic confined to the IE4K...preventing any IP conflict?

If any more info is needed I can provide