Options

VLAN routing - host in wrong VLAN

pham0329pham0329 Member Posts: 556
in CCNA & CCENT
Simple topology:
6500 L3 Switch
| |
2950 (vlan 5,20,30) 2950 (vlan 5,20,30)
| fa0/11
Host A


Ran into a problem at work earlier this week where a host was on the wrong VLAN and wasn't able to communicate with the rest of the network. Figured out the problem after a minute and switched him to the correct VLAN and all was good.

However, while troubleshooting, I tried to ping the PC's default gateway, which is our multilayer switch, and didn't get a reply back.

So, the problem was Host A had the following IP configuration
  • IP: 10.1.5.55 (Should be in VLAN 5)
  • SM: 255.255.255.0
  • DG: 10.1.5.254
However, Host A was assigned to the VLAN 20. Our L3 switch routes all inter-VLAN traffic and is assigned a .254 address in all our VLANs, and all hosts point to the 254 address as its default gateway.

So, back to the example, when I issue a ping from Host A, who is on the wrong VLAN, to its default gateway of 10.1.5.254, nothing came back and I can't seem to figure out why (other than it was on the wrong VLAN)...and it's probably something really simple too.

Here's what I think should happen:
  • Host A pings its DG of 10.1.5.254, and there's no entry for it in its ARP table
  • Host A broadcast for the DG MAC address.
  • The 2950 tag the broadcast as VLAN 20 (incorrect VLAN) and sends it to the 6500
  • 6500 receives the frame, and reply back with its IP address, and tag the frame for VLAN 20 (incorrect VLAN)
  • 2950 receives the frame and strip off the VLAN header and forward it out to Host A
Where am I going wrong?
· Share on FacebookShare on Twitter

Comments

  • Options
    jwashington1981jwashington1981 Member Posts: 137
    Could you post your running config for your switch?
    · Share on FacebookShare on Twitter
  • Options
    danielno8danielno8 Member Posts: 34 ■■□□□□□□□□
    pham0329 wrote: »
    Simple topology:
    6500 L3 Switch
    | |
    2950 (vlan 5,20,30) 2950 (vlan 5,20,30)
    | fa0/11
    Host A


    Ran into a problem at work earlier this week where a host was on the wrong VLAN and wasn't able to communicate with the rest of the network. Figured out the problem after a minute and switched him to the correct VLAN and all was good.

    However, while troubleshooting, I tried to ping the PC's default gateway, which is our multilayer switch, and didn't get a reply back.

    So, the problem was Host A had the following IP configuration
    • IP: 10.1.5.55 (Should be in VLAN 5)
    • SM: 255.255.255.0
    • DG: 10.1.5.254
    However, Host A was assigned to the VLAN 20. Our L3 switch routes all inter-VLAN traffic and is assigned a .254 address in all our VLANs, and all hosts point to the 254 address as its default gateway.

    So, back to the example, when I issue a ping from Host A, who is on the wrong VLAN, to its default gateway of 10.1.5.254, nothing came back and I can't seem to figure out why (other than it was on the wrong VLAN)...and it's probably something really simple too.

    Here's what I think should happen:
    • Host A pings its DG of 10.1.5.254, and there's no entry for it in its ARP table
    • Host A broadcast for the DG MAC address.
    • The 2950 tag the broadcast as VLAN 20 (incorrect VLAN) and sends it to the 6500
    • 6500 receives the frame, and reply back with its IP address, and tag the frame for VLAN 20 (incorrect VLAN)
    • 2950 receives the frame and strip off the VLAN header and forward it out to Host A
    Where am I going wrong?

    Host A's ARP broadcast will have been for the DG IP 10.1.5.254....However, as the the host was in VLAN 20, only this VLAN will have seen the broadcast. Therefore, the 6500 will not have answered the ARP for the IP 10.1.5.254 (even though physically, this IP resides on the 6500, it doens't exist within VLAN 20).
    · Share on FacebookShare on Twitter
  • Options
    pham0329pham0329 Member Posts: 556
    danielno8 wrote: »
    Therefore, the 6500 will not have answered the ARP for the IP 10.1.5.254 (even though physically, this IP resides on the 6500, it doens't exist within VLAN 20).

    Can you expand on that? If the ARP request arrives at the 6500, which also has VLAN 20, why wouldn't it reply? What's the logic used when processing the frame?

    Going by that logic, if I decided to assign the 10.1.5.254 address to the 6500 int vlan 3, it would respond to the ARP request?
    · Share on FacebookShare on Twitter
  • Options
    MonkerzMonkerz Member Posts: 842
    Because VLAN 20 is a single broadcast domain. When you arp, you are saying, "Hey everyone who can hear me, who is 10.1.5.254?" Being that one interface, the VLAN interface, on the 6500 that is apart of VLAN 20 has an IP address other than 10.1.5.254 it disregards the packet.
    · Share on FacebookShare on Twitter
  • Options
    danielno8danielno8 Member Posts: 34 ■■□□□□□□□□
    pham0329 wrote: »
    Can you expand on that? If the ARP request arrives at the 6500, which also has VLAN 20, why wouldn't it reply? What's the logic used when processing the frame?

    Going by that logic, if I decided to assign the 10.1.5.254 address to the 6500 int vlan 3, it would respond to the ARP request?

    Someone else will have to give you the run down on the logic. All i can say is think of the VLAN interfaces as if they were physical interfaces. The ARP comes in on the VLAN interface, and it automatically disregards the ARP, as the address within the ARP (10.1.5.254) is not assigned to the VLAN 20 interface (10.1.20.254).

    If your host was then also on VLAN 3, with the IP 10.1.5.x and subnet mask was correct, and VLAN 3 was trunked correctly across the links then yes, that would work.
    · Share on FacebookShare on Twitter
  • Options
    pham0329pham0329 Member Posts: 556
    That makes sense. I was thinking of the 6500 as one device itself, rather than multiple vlan interface within.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.