11-29-2017 02:51 AM - edited 03-08-2019 12:55 PM
Hello
I have a maybe unusual case.
I have a catalyst 3750g switch with 3 vlans on it. Vlan 1 (native), Vlan 10 and Vlan 20.
On Vlan 10 i have a AIRSAP 702.
My goal is to monitor syslogs and some snmp data from both devices.
i use PRTG for that.
On the switch i only want to monitor the vlan 10 traffic via snmp because that is where all the ction im interessted takes place.
Therefore on the 3750 the VLAN 1 has the address 10.200.0.22 and the AP has 10.200.1.131.
This woks all fine as long as all devices re in the same vlan.
Note that i only have one laptop, meaning just one NIC.
So here is what is did:
My computer has 1 NIC with 2 addresses assigned; 10.200.0.101 to access the data of the 3750 and 10.200.1.11 to access the AP. the laptop is connected to VLAN 1 obviously.
I don't want any routing to take place and i don't want to see any other traffic of that vlan 10 so i did maybe something unusual;
I connected the VLAN 1 and the VLAN 10 with a cable and permitted only the syslog data and the snmp data with an acc-list to receive just these protocols.
This works fine.
Now my problem is, that when i do he show arp command; the ip address that should olny reach VLAN 1 of the switch (10.200.0.101) is listed in vlan 10 and in order to that can't reach the addressed VLAN 1.
It all works fine for a few seconds when i clear the arp cache but after that the arp entry refers to vlan 10..
Is there a way to get around that issue with some acc list or anything?
To force that the mac/ip combination is only valid in vlan 1?
Thank you guys.
11-29-2017 03:41 AM
Hello,
I am not sure I fully understand your question and your setup: you have a 3750G, with an AIRSAP connected to the switch, and you want to use PRTG to only monitor traffic from VLAN 10?
Why don't you create a VLAN 10 interface with an IP address and then connect the laptop to a switchport in Vlan 10 ?
11-29-2017 04:21 AM
Hi George.
For practial circumstances this is what i will do i guess..
But just to learn a few more things i would be happy to know if my question is possible at all?
In my eyes there has to be a possibility to force a arp entry to attach to a certain vlan, isn't there?
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide