Overlapping IP subnetworks

ccatindig · ‎10-23-2012

Hi everyone.

I have a client with two Catalyst 6500Es in VSS and four stacks of 3750 switches. Each stack is dual-linked to the 6500E core using two port channel links. There is a small Netgear switch connected to stack 1 with less than a handful of PCs attached to it.

There are two IP subnets connected across all the access switches, 192.168.0.0/24 and 192.168.1.0/24. The gateways for each of the IP subnets are in the core and not the access switches.

Can anyone advise if this is an issue considering there seems to be two overlapping networks in the LAN? The client claims that when a new PC was connected to the Netgear switch, a VLAN flapping incident occurred. No logs were recovered since the client rebooted the core switches when the incident happened.

Also, is there a way to lock the switch port when an Ethernet patch cable is unplugged? The client mentioned he wants only the administrator to be able to re-enable the locked out switch port.

Stuart Gall · ‎10-24-2012

192.168.0.0/24 and 192.168.1.0/24 do not overlap
If you mean that both are in use on the same vlan then that might be a security issue, will cause unnecessary routing. But it does work.

You can use port security to lock the port when another MAC address is seen.
That is probably good enough
If you shut the port down, how will you enable it when you need it. Because you will only need it when every thing else is broken.
If the answer is use the console then just shutdown the port from console when you are finished.

Sent from Cisco Technical Support iPad App

Antonio Knox · ‎10-24-2012

My first question would be how many connections from the core do you have going to the Netgear switch? If the answer is more than one, I'd assume that your VLAN flapping is related to a spanning tree loop, since the Netgear switch isn't going to participate in 802.1d spanning tree convergence and therefore be smart enough to block ALT paths. I doubt that the ip addressing is your issue if that is the case as your subnets are adjacent, but not overlapping.

As far as your second question regarding shutting down the port if a cable is unplugged, I would say that it is something you could address with an EEM script. Here is a good reference post which has a script similar to, but not exactly like, what you may be able to use. Keep in mind they are speaking in router context, though EEM is alive and well on the switch platform, so the concept is what's important.

https://supportforums.cisco.com/message/657740#657740

If you're familiar with EEM, you could build from the configs they have here, tuning the configuration to admin shut down the port that was just downed by the user. Joe Clark is king with EEM, but I think that even he would find it to be very difficult to ask the switch to tell the difference between a cable being unplugged and a port going down due to a workstation shutdown (though there may be some magical Cisco commands I don't know about, or maybe I'm not sharp this morning, I've had no caffeine yet). The switch will just see the port go down if the cable is unplugged. The problem this presents is that if a user simply shuts down their machine, now they can't get back on the network because the port is shut down. So, It becomes an administrative nightmare to track what ports are going up and down. I'm not sure you want that.