I have 4506 chassis on which users directlly connected and 4506 is connected to wan routers.vlans have been created on the 4506 and users directly connected to 4506.
for 1 vlan what we observed is even though the host gateway is not the vlan interface ip (any ip which is not at all configured on switch)still the users able to reach host on wan side.when we trace in 1st hop its reaching its own vlan interface and from their trace completing properly...
I am not sure if I understand you completely but I believe that one of the possible explanations is the ProxyARP feature. Even though the hosts in your VLAN use a gateway whose IP address is outside of the scope of that VLAN, they simply use the ARP to resolve that IP address to a MAC address. This ARP request is received by your 4506 and though the 4506 does not have the IP address in question, it knows how to reach it according to its routing table, so it responds back with its own MAC address in the ARP reply.
You can test it by issuing the command no ip proxy-arp on the VLAN SVI interface of the respective VLAN and testing the connectivity again. After the ARP cache expires on hosts in that VLAN, they should now be prevented from reaching other networks except their own.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...