So this one is driving me a little nuts. I have a brand new VLAN that I block all traffic to and from using a basic VLAN ACL “deny ip any any” on both in and out on an Aruba 5400 series core switch and the edge switches are also ArubaOS. This is blocking direct traffic from all my testing. All good so far.
However, if I connect Wireshark to a switchport on that VLAN, I am seeing a bunch of broadcast traffic from other VLANs showing up (UDP 255.255.255.255, Broadcast ARP, etc.). I have no idea where this traffic is coming from since only a small number of test ports are even assigned this VLAN. We have MSTP spanning tree on the switches and nothing is being blocked from the logs. We also have Aruba Instant APs and ESX virtual switches, but I can’t see how these would bridge the traffic. There are no ip forward configurations on the switches other than the DHCP helper which points to servers on a different VLAN.
Is there any way for me to understand how this broadcast traffic is traversing VLANs? Is there a way to track where this traffic is coming from? Firmware bug?
No comments:
Post a Comment