Posted on December 4, 2015 6:09 pm
 |  Asked by Martin Sermak
 |  1080 views
RESOLVED
0
0
Print Friendly, PDF & Email

Here’s the relevant config:

vlan 1500

interface Ethernet33
switchport trunk allowed vlan 1500
switchport mode trunk

interface Vlan1500
ip address 1.2.3.4/30

interface Ethernet32
no switchport
ip address 192.168.200.1/24

ip routing

I don’t think we even need to look at Eth33 and Vlan1500, just Eth32 here …

What happens is that when a cable is connected from Eth32 to another
port (Eth1 to Eth31 – which have no configuration, just part of the switch)
and also plug in a PC anywhere on Eth1 to Eth31, you cannot ping
192.168.200.1 unless you add directflow commands …

directflow
no shutdown
flow bridge
match input interface Ethernet1
match input interface Ethernet2
[..]
action output flood

Any ideas ?

0
Posted by Mike Mike
Answered on December 4, 2015 6:47 pm

So there is no layer 3 for eth1-31? I wouldn’t expect it to work then. If they were all in vlan 1500, or if you had an IP address in vlan 1 (the default VLAN for an unconfigured port), there wouldn’t be any way for the traffic to get routed.  Ports 1-31 would be bridged, not routed.

Right, eth1-31 is not layer3, we just want to use those ports as an ”independent switch”
so we’re not required to run a cable from eth32 to another switch (and in turn to our devices).

Would assigning all the subnets (from eth32) to vlan1 and then
configuring eth32 with ”switchport trunk allowed vlan 1” fix this?

All we want is a switch, without wasting eth1-31, without going to a 2nd switch from eth32 …

Thanks!

(Martin Sermak at December 4, 2015 8:53 pm)
0
Posted by Martin Sermak
Answered on December 4, 2015 6:57 pm

I am also unable to ping (from the router) a PC connected to
any of the ports between Eth1 and Eth31 (switch part) even though
the cable from Eth31 is connected to Eth32 (routed port with subnets).

So if a laptop is 192.168.100.75 I cannot ping from the switch itself,
even though I expect it to go to the routed 192.168.200.1/24 interface,
and then to Eth31 and to the laptop …

0
Posted by Christie Joseph
Answered on December 4, 2015 7:47 pm

Hi Martin,

The ARP request will make it to the routed port and the ARP reply will be sourced from the system MAC out the routed port, but this will be dropped on the ingress port due to the Source MAC check. If the Source MAC of a packet is same as the system MAC, the packet is dropped. When you use DirectFlow, this behavior is overridden.

Ok, is there a way to prevent this drop with directflow or another way?

When we use these directflow commands, I believe eth1-31 is turned into a hub and not a switch,
and we’d like it to be a switch – basically we’d like to use eth1-31 as a switch, instead of running
a wire from eth32 to a secondary switch (and in turn to our devices) and wasting ports 1-31 …

Possibly re-writing the mac address or something?

(Martin Sermak at December 4, 2015 8:57 pm)
0
Posted by Martin Sermak
Answered on December 4, 2015 9:30 pm

Just a follow up, I fixed it by doing this … Does this make sense?
(The way I understand this works is that it forces the packet out of Eth32 to Eth31)

I looked up the mac id of Eth32:

show interfaces ethernet 32
Hardware is Ethernet, address is 001c.7393.7419

I forced it to go out to Eth31 when it matches the mac of Eth32:

directflow
no shutdown
flow test
match destination mac 001c.7393.7419
action output interface Ethernet31

Seems to work … when a cable is connected between Eth32 and Eth31

Post your Answer

You must be logged in to post an answer.