I have a 4506 with about 30 SVI's. I have a connection through a metro service provider for a branch with a 3560 in layer 3. It has a few SVI's on it. I am running EIGRP between the 3560 and my 4506. router eigrp 100, network 10.0.0.0, auto sum. The problem is on the 3560 i keep getting a "IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.0.34.1 not on common subnet for Vlan1" I have double checked the configs and i have vlan 34 configured correctly. it is configured just like all of my other SVI's on the 4506. why would i be getting this error? The configuration works great, the error just keeps showing up in the log
I'm not questioning your design. When I ask a question is for a reason. I asked before if you were trunking the interface and you said no. About 5 responses later, it comes to light that you are trunking. That was a time wasted for you and for me.
Again, I asked you if you were pruning the Vlans and you said you are only sending Vlan 1 towards the ISP. The portion of the config above clearly indicates that you aren't pruning and all the Vlans are being forwarded to the HP switch. You don't want that as it can create problems. You have no control on the HP side so you want to limit what is sent to the ISP. They told only Vlan 1 is the transport Vlan, then you only send that Vlan and prune the rest.
You should have asked those questions before. I can't tell the level of knowledge from a poster unless the poster ask for more clarification.
The problem indicates there is a Vlan leakage from the HP to the 3750 within the ISP and it's passing Vlan 34 for some odd reason. You can control this behavior by pruning your Vlans per Victor's command.
Let us know how it works out.
Alright, man. Sorry for the confusion. It isnt easy to follow the conversations on here sometimes.
Just to summarize my recommendations:
1.) As Edison pointed out, you should be pruning your dot1q trunk on the 4506 -- in other words, only allow traffic from the vlans you want traversing the trunk. In your case, its vlan 1, and everyone else will get blocked. Use the command I gave you.
NOTE: You mentioned bringing up more vlans in the future, so if you are going to span another vlan across the provider link, you must also allow that one, too. You added vlan 50 on the 3560 end, but that vlan is local to that side. Its not traversing the link, so you dont need to allow it across. Im talking about a case in which a vlan exists on BOTH sides and there are hosts sitting on that vlan on both sides. In that case, you would allow it through on the trunk.
I know I beat a dead horse. :-)
2.) On the 3560 end, convert that service provider-facing port to a dot1q and make sure you allow vlan 1 and block everything else.