Re: ethernet frame loop

Thanks a lot for your answer.

Now I got a different solution. A proxy-arp for the hole subnet at the
Edge router.
But nobody knows how to configure this at cisco routers.

Or is there somebody how knows how to configure a cisco router to anser
each arp request on a special subnet with his own MAC ?

Best regards
Immo

J wrote:
iwetzel@xxxxxxx wrote:
Hi

following state. I have a switch with e.g. 48 userports and one uplink
port. This switch is a carrier grade switch which supports only
residential mode. Therefore all frames from the user ports are
forwarded to the uplink if. All frames are inside the same Vlan. at the
uplink port a router is connected.

Now a new requirement was defined which says sometimes for a special
Vlan a communication between each userport should be possible on
ethernet base. That means a routing via subnets with a 30 bit subnet
mask is not allowed.

And now the question. What can be the right configuration option for a
cisco router /L3 switch to ensure this functionality?

The high level engineers says there is some kind of option at cisco
edge router which enables some kind of packet loop. Normaly the
router/switch only forwards a package to all other ports at the same
vlan but it is prohibited to froward the frame to the same port.
This function should be disabled from my point of view.

thanks for your hints tips and hands of brain

This function in Cabletron-speak is called MDU or Multi-Dwelling Unit
switches. Basically all they did was put each port on a VLAN so that
no one port could have L2 communication with any other port. This
prevents the "first packet" problems and also mitigates the ARP
flooding of the switch problems. You could also inhibit direct L3
communication between ports on the upstream L3 device. In theory you
could create this manually by putting each port in a different VLAN.
You could put more than one port in the same VLAN (for example you put
both ports in a 2-bedroom apartment or 3 ports in a 3-bedroom
apartment). The ACLs on the L3 device could be configured to either
allow or disallow traffic between VLANs.

The other option that comes to mind is what we're using on our DSL
termination routers. The involves setting up a loopback on the edge
device and pointing each interface at it with "ip unnumbered
LoopbackX". No communication between CPE devices will work unless you
set "ip local-proxy-arp" on the loopback interface. You could have
multipl loopbacks for different purposes. This solution requires a L3
device on the edge. I'm not sure if this could be tied in with VLANs
on a L2 device with the loopback on the upstream L3 device. That will
take some thought.

J

.

Relevant Pages

  • Re: Trunking router to multiple switches and VRF questionss
    ... You can define access port on switch in vlan 300 and connect ... On router port you can create ip address- so this is another- ... After that you should connect you switches ...
    (comp.dcom.sys.cisco)
  • Re: Single domain two IP subnets
    ... A switch is configured with one vlan or many vlans. ... A "tagged" port accepts only frames that already have a tag. ... can communicate with A and B, but not C, D, E or F. This is all true, even ... with the gateways pointed at the router which has an IP interface on ...
    (microsoft.public.win2000.dns)
  • Re: VLAN over Layer2/3 Help...
    ... a 2800 series router via a FE port connected to a 3800 series router via a WIC-1DSU-T1V2and VWIC-2MFT-T1connected to ... I need VLAN 2 to go across that link and exist in bost end ... closest switch, but I can't get it across the link. ... An access port will do. ...
    (comp.dcom.sys.cisco)
  • VLAN woes...
    ... If I have a router with a gigabit port assigned both 192.168.10.1 VLAN ... router port to port 1 on a D-Link DGS-1216T managed switch. ...
    (comp.dcom.lans.ethernet)
  • RE: Open tcp port 2005 on cisco router
    ... for this purpose in the router. ... Open tcp port 2005 on cisco router ... >TCP port 2005 is open and reachable from Internet. ...
    (Pen-Test)