Switches, Hubs, and Modems
1823940 Members
3701 Online
109667 Solutions
New Discussion

VLAN leakage

 
Paulen
Regular Advisor

VLAN leakage

Here is a little warning to you; remember to *not* tag any VLANs on a port that shouldn't have it. The reason is AFAIK as follows: a IP packet sent out on a port (broadcast) is received at its peer. Now, since the VLAN is not configured on the switch, the packet is tossed. However, the switch has seen the MAC address on the port. This is really bad and can cause a 'loop-like' situation.

We saw this because of parallell links with VLANs and Martini tunnels (MPLS). The switch (5304xl) insisted on seeing a given MAC address on the wrong interface, and tried to send traffic out on a port that didn't have the proper connection.

We discovered a similar thing during a broadcast storm. One switch (2626) had big problems, but didn't have the VLAN in question defined. The trick was to remove the VLAN from the interface on core side of the link.

Another thing; defining the VLAN on the switch, and leaving it without any ports tagged or untagged, also worked. This baffles me. Must be some poor design somewhere.