Receiving not on common subnet error on 4507 R+E

tiwariharish44 · ‎12-28-2015

Hi,

We have 4507 R+E switch at distribution layer on which two ports are connected to an access switch 1900 series(One port on VLAN 80 & other on VLAN 88). Some users on the 1900 switch belong to VLAN 88 and some to VLAN 80.

We have EIGRP running at L3.

Now from past few days we are receiving the following error on the 4507 switch:

Dec 28 15:58:04: %DUAL-6-NBRINFO: EIGRP-IPv4 100: Neighbor 10.215.80.1 (Vlan88) is blocked: not on common subnet (10.215.88.1/24)

Is the above topology causing this error?

Peter Paluch · ‎12-28-2015

Hello,

The switch is telling you that in VLAN 88, it can hear EIGRP packets sent by someone whose address appears to come from VLAN 80. There is a set of questions that need to be answered:

Who is 10.215.80.1? Is it the 4507 itself, or is it another device?
How can the packets from 10.215.80.1 be received in a 10.215.88.0/24 network? Has this device just been connected to an improper VLAN, or is there a possibility that your VLANs 80 and 88 have been inadvertently connected together? Could someone have connected the access ports in VLANs 80 and 88 together?
How is the physical connection between the 1900 and 4507 switches accomplished? Is it just a single physical port? If so, is it operating as a trunk? What native VLAN is being used on that trunk?

Best regards,
Peter

tiwariharish44 · ‎12-29-2015

Hi Peter,

1. 10.215.80.1 is the 4507 itself. Its an interface VLAN on the 4507

3. As I have mentioned that there are two cables connected between 4507 and the 1900. One link is configured as switchport access vlan 80 and other is configured as switchport access 88. This is not a trunk link.

Some outputs from the 4507 are attached for your reference

The 1900 switch name is "ACCOUNTS" as you can see in the sh cdp ne output

tiwariharish44 · ‎12-29-2015

Hi Peter,

I posted this topology because I thought that may be this is what is causing these not on common subnet errors to appear.

Peter Paluch · ‎12-29-2015

Hi,

I am sorry for the misunderstanding.

The logging messages on your 4507 suggest that it is hearing itself in a different VLAN which is a major reason for concern. The configuration of the Gi5/45 and Gi6/24 ports is correct and is not wrong in itself. The fact that the packets from VLAN 80 leak into VLAN 88 suggests that there must be a connection between VLAN 80 and 88.

My questions are:

Do the VLANs 80 and 88 only exist on the 1900 switch, or do they also span other switches?
How are the ports A and B configured on the 1900 switch?
Is it possible to physically inspect the 1900 switch and check whether two ports, one in VLAN 80 and the other in VLAN 88, could have been connected together?

Best regards,
Peter

tiwariharish44 · ‎12-29-2015

Hi Peter,

1..The VLANs 80 and 88 span across our whole campus in multiple switches.

2.Right now the closet in which the 1900 switch is placed, its key is misplaced somewhere so at the moment we don't have physical access to that switch..

3. May be the people of that particular room for whom this 1900 has been placed , may have connected a hub in between in which one cable is coming from VLAN 80 port of 1900 and other cable is coming from VLAN 88.. In this way may be both the VLANs are joined...

I think the third point may be the reason for these errors, right???

Peter Paluch · ‎12-29-2015

Hello,

Yes, the scenario in the 3rd point would explain the phenomenon perfectly. There is every reason to believe that somehow, somewhere in your network, access ports in VLAN 80 and VLAN 88 have been connected together.

Best regards,
Peter