Sure. But that needs to be done via the IOS command line right? Im not too savy on the IOS syntax. How exactly do i provide that output?

Could i do this using the Network Assistant?

You can, but not sure about the details of CNA. Just look for options to retrieve the 'running config' from the switches.

From the CLI, just enter the command "show run." copy that output to a text file.

figured it out.. to get the text ouput to a file, i simply copy/paste right?

yes

Ok, here is the "SHOW RUN" on each of my 3 switches. They are attached.

Where is your network monitor station plugged into? Which switch and which port?

Please also attach the configuration of the router 200.0.3.1.

Thanks,

Jason

200.0.3.1 is on of my domain controllers. That is what im using to monitor the network traffice. It is plugged into switch HH-CISCO-3560 port 1 (VLAN1)

IP Config of 200.0.3.1

IP 200.0.3.1

Subnet: 255.255.255.0

Gateway: (NONE)

DNS: 200.0.3.1

DNS: 200.0.3.2

Uses TCP/IP v4 protocol

Interesting. I had assumed 200.0.3.1 was a router since there is an 'ip default gateway' command pointing that IP address one of the switches.

You don't have any routing enabled so no VLANs should be able to communicate with one another.

When you say, you see IP's from other vlans, what do you mean? Please describe exactly what you are seeing and a description of the IP Addresses you see in NetMonitor.

Do the machines in each of your vlans have different subnets assigned?

All VLANs have different subnets and IP address. I.E.

VLAN1 - 200.0.3.X

VLAN2 - 192.168.1.X

VLAN3 - 151.151.X.X

I do not have routing enable, as this is a purley switched network, and not routing should be taking place..

Let me clarify something that i just learned. This problem seems to be related to the native VLAN1 only. I was working from information from a different tech, and he says that ALL the VLANS were beeding over, but that is not the case. Its just VLAN1.

If i am on my domain controller (200.0.3.1) and use the Windows 2000 Network Monitor to sniff the data on the network over VLAN1 (200.0.3.X) i will see ip's from VLAN2 and VLAN3 of 192.168.1.X and 151.151.X.X. (maybe more, but thats all i have seen as of now. Running a new test now to determine that info.)

I only expect to see the 200.0.3.X subnet on VLAN1 via the network monitor. I should not see any other VLAN IP address/subnets on VLAN1 right?

If i use the Windows 2000 network monitor on VLAN2 192.168.1.X subnet, i only see traffic from the 192.168.X subnet. This is how things should be. Same with VLAN3. (I have not yet tested the other VLANS for this problem)

So to summarize it all, on VLAN1 i see traffice from other VLAN subnets, when in fact, i should only see the VLAN1 subnet of 200.0.3.X. This is what i have described as VLAN bleeding.

While VLAN 1 is used to distribute information between switches such as CDP, VTP, and STP management protocols, you may see IP addresses of the other switches/devices running those protocols. I'm sure Cisco uses VLAN 1 for other purposes as well.

My recommendation is never to use VLAN 1 for users/servers. By doing this, you will minimize the use of VLAN 1 and not risk network management protocols interfering with your data traffic.

HTH,

Jason

I do see data from the other Cisco switches on VLAN1, such as BPDU packets.

However, I should not see IP addresses of my WORKSTATIONS that are configured on VLAN2/3 showing up on VLAN1..

I dont think CDP, VTP or STP protocols are my problem here... What other advise can you provide for this problem?

You can try to configure VACLs on each VLAN to log traffic and try and see what's going on.

While this is not what you want to hear, please see the following link:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39042

It outlines best practices for VLAN 1 use re-iterating what I said earlier. Start at "control plane" in the link.

You always need to make sure best practices are implemented first before taking further. However, I do agree it's strange you're seeing IP's from other vlans, BUT VLAN1 is sometimes a mystery. You are working in small environment and a migration from vlan1 to X wouldn't be simple. NO ip's need to change on the servers at all.

If this doesn't satisfy you, my apologies, and would recommend you open a TAC case with Cisco or contact your AM/SE.

Regards,

Jason

Check the port configuration of the suspect IP addresses to make sure you have assigned it to a vlan; an empty config will put those frames on vlan 1.

I'm also curious how you could have a switched only network. Anytime your hosts try to get to an address off their subnet, those packets will go out the default gateway, which in your case in on vlan 1. Look at the sniffed packets and check the destination IP address and port/protocol. The destination is probably not the same as the source, and that's why it's being "routed" to vlan 1.

If the suspect IP has the correct vlan assignment, and the source and destination IP's are on the same subnet and in the same vlan and they're still being seen on vlan 1, I'd open a Cisco TAC case.