So I ran into an interesting issue while helping out a customer. Ultimately got him fixed up, but I wanted to get a better understanding of what was going on, so I brought the scenario home to my lab and recreated the situation so I could do some additional captures/debugs...
So here's the set up, I'll be using generic terms because I don't think the vendor makes any difference in this situation.
Router connected to switch with a "trunk port" Untagged VLAN1, subnet 10.245.245.1/24, subinterface VLAN6, subnet 10.245.254.1/24
Switch has both VLANs built and VLAN6 tagged on the "trunk port"
So the scenrio at the customer site was that a new firewall was being put in and they were moving L3 from their Core switches to the firewall. what we found was one building they lost access remotely to the switches, but client traffic seemed to have been working fine. This building was built on the firewall to be VLAN6. They dispatched a tech out to the site to console into the switch. Review of the config showed that this building basically had a managed switch with no real config... so everything was just chilling on the default VLAN, but it had an IP address of 10.245.254.10 and a default route of 0.0.0.0/0 10.245.254.1
So in the end we built VLAN6 on the switch, changed the IP to something in the 10.245.245.0/24 subnet (VLAN1) and changed the default route to 0.0.0.0/0 10.245.245.1
According to the customer, they were able to access the switch with this config prior to moving L3 off of their Core switch, and onto the firewall. And the clients that were working were all pulling IP's from VLAN1 (10.245.245.0/24)
Now like I said, I took this home to run some debugs and pcaps... what I noticed was I only saw STP being sent from the switch. I saw no ARP, nothing... I would have expected to see some ARP since it sits on L2 and L3, but nothing...
Can anyone give me a good explanation of what was happening here?
No comments:
Post a Comment