VLAN routing - host in wrong VLAN

Simple topology:

6500 L3 Switch

| |
2950 (vlan 5,20,30) 2950 (vlan 5,20,30)
| fa0/11
Host A

Ran into a problem at work earlier this week where a host was on the wrong VLAN and wasn't able to communicate with the rest of the network. Figured out the problem after a minute and switched him to the correct VLAN and all was good.

However, while troubleshooting, I tried to ping the PC's default gateway, which is our multilayer switch, and didn't get a reply back.

So, the problem was Host A had the following IP configuration

IP: 10.1.5.55 (Should be in VLAN 5)
SM: 255.255.255.0
DG: 10.1.5.254

However, Host A was assigned to the VLAN 20. Our L3 switch routes all inter-VLAN traffic and is assigned a .254 address in all our VLANs, and all hosts point to the 254 address as its default gateway.

So, back to the example, when I issue a ping from Host A, who is on the wrong VLAN, to its default gateway of 10.1.5.254, nothing came back and I can't seem to figure out why (other than it was on the wrong VLAN)...and it's probably something really simple too.

Here's what I think should happen:

Host A pings its DG of 10.1.5.254, and there's no entry for it in its ARP table
Host A broadcast for the DG MAC address.
The 2950 tag the broadcast as VLAN 20 (incorrect VLAN) and sends it to the 6500
6500 receives the frame, and reply back with its IP address, and tag the frame for VLAN 20 (incorrect VLAN)
2950 receives the frame and strip off the VLAN header and forward it out to Host A

Where am I going wrong?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

jwashington1981

Could you post your running config for your switch?

danielno8

pham0329 wrote: »

Simple topology:
6500 L3 Switch
| |
2950 (vlan 5,20,30) 2950 (vlan 5,20,30)
| fa0/11
Host A

Ran into a problem at work earlier this week where a host was on the wrong VLAN and wasn't able to communicate with the rest of the network. Figured out the problem after a minute and switched him to the correct VLAN and all was good.

However, while troubleshooting, I tried to ping the PC's default gateway, which is our multilayer switch, and didn't get a reply back.

So, the problem was Host A had the following IP configuration
IP: 10.1.5.55 (Should be in VLAN 5)

SM: 255.255.255.0

DG: 10.1.5.254

However, Host A was assigned to the VLAN 20. Our L3 switch routes all inter-VLAN traffic and is assigned a .254 address in all our VLANs, and all hosts point to the 254 address as its default gateway.

So, back to the example, when I issue a ping from Host A, who is on the wrong VLAN, to its default gateway of 10.1.5.254, nothing came back and I can't seem to figure out why (other than it was on the wrong VLAN)...and it's probably something really simple too.

Here's what I think should happen:
Host A pings its DG of 10.1.5.254, and there's no entry for it in its ARP table

Host A broadcast for the DG MAC address.

The 2950 tag the broadcast as VLAN 20 (incorrect VLAN) and sends it to the 6500

6500 receives the frame, and reply back with its IP address, and tag the frame for VLAN 20 (incorrect VLAN)

2950 receives the frame and strip off the VLAN header and forward it out to Host A

Where am I going wrong?

Host A's ARP broadcast will have been for the DG IP 10.1.5.254....However, as the the host was in VLAN 20, only this VLAN will have seen the broadcast. Therefore, the 6500 will not have answered the ARP for the IP 10.1.5.254 (even though physically, this IP resides on the 6500, it doens't exist within VLAN 20).

pham0329

danielno8 wrote: »

Therefore, the 6500 will not have answered the ARP for the IP 10.1.5.254 (even though physically, this IP resides on the 6500, it doens't exist within VLAN 20).

Can you expand on that? If the ARP request arrives at the 6500, which also has VLAN 20, why wouldn't it reply? What's the logic used when processing the frame?

Going by that logic, if I decided to assign the 10.1.5.254 address to the 6500 int vlan 3, it would respond to the ARP request?

Monkerz

Because VLAN 20 is a single broadcast domain. When you arp, you are saying, "Hey everyone who can hear me, who is 10.1.5.254?" Being that one interface, the VLAN interface, on the 6500 that is apart of VLAN 20 has an IP address other than 10.1.5.254 it disregards the packet.

danielno8

pham0329 wrote: »

Can you expand on that? If the ARP request arrives at the 6500, which also has VLAN 20, why wouldn't it reply? What's the logic used when processing the frame?

Going by that logic, if I decided to assign the 10.1.5.254 address to the 6500 int vlan 3, it would respond to the ARP request?

Someone else will have to give you the run down on the logic. All i can say is think of the VLAN interfaces as if they were physical interfaces. The ARP comes in on the VLAN interface, and it automatically disregards the ARP, as the address within the ARP (10.1.5.254) is not assigned to the VLAN 20 interface (10.1.20.254).

If your host was then also on VLAN 3, with the IP 10.1.5.x and subnet mask was correct, and VLAN 3 was trunked correctly across the links then yes, that would work.

pham0329

That makes sense. I was thinking of the 6500 as one device itself, rather than multiple vlan interface within.