Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
4
Replies

Hosts in difrent vlans can communicate without the router!!!!!

muchamarcin
Level 1
Level 1

‎04-14-2003 09:11 PM - edited ‎03-02-2019 06:40 AM

Hello. We have connected two 1900 switches (one 24 port and the other 12 port). On the 24 port switch we have configured 2 vlans and vtp as a server - second switch setup as a vtp client. After enabling this configuration, vlans from the first switch were downloaded to the second. We started to test. (Remeber that in thist configutation there is no router, only trunk port) To test isolation, we connected two hosts to the server switch and then to the client switch: first both hosts to difrent vlans - no ping connection, and then to the same vlans- ping ok!!. Everything was good, after this we have made next simply test - one of us have unpluged one of the hosts form the same vlan, and then very fast connected it to the diferent vlan on the second switch. We have noticed that if this operation is done very fast, both host on difrent vlans can communicate without router !!!!!!!!!! Why?- is this a bug, any solution of this problem?

Labels:
0 Helpful
4 Replies 4

jeffrey.zhou
Level 1
Level 1

‎04-14-2003 10:21 PM

what is your trunk encapsulation and the vlan number assigned to your client swtich port which was connected to your test PC. And waht is your vlan number you created on your server switch?

0 Helpful

muchamarcin
Level 1
Level 1
In response to jeffrey.zhou

‎04-14-2003 11:46 PM

Trunk encapsulation IEEE 802.1q (Trunk ports A on both switch set in ON mode) SAID 10010 for vlan10 and 10020 for vlan20. Assigned vlan ports for vlan10 : “server switch” 1-12 and for “client switch” ports 1-6, for vlan20 ports on “server switch” 13-24 and on “client switch” ports 7-12. I also want add, that everything works fine if the time between reconnection is grater than few seconds. But if I will reconnect very fast one host to different vlan (for example both host 1 and 2 are in vlan10, and now I will fast reconnect host 2 to vlan20, then the host 2 and host 1 (different vlan) can communicate without the router),he can communicate with host from previous vlan10 without the router.

0 Helpful

milan.kulik
Level 10
Level 10

‎04-15-2003 12:23 AM

Hi,

I've heard about this already, it's called VLAN hopping, see http://www.sans.org/resources/idfaq/vlan.php

But I was never able to reproduce this fault in my lab - I'm not using Cat1900.

I tried it with 3524 and I was not able to hop between VLANs - so I thought it was fixed in cureent IOS already.

There is a good document on CCO:

http://www.cisco.com/warp/customer/784/packet/jan03/pdfs/p30-cover.pdf

with excellent links at the "Best Practices for Layer 2 Networks" part.

Regards,

Milan

0 Helpful

muchamarcin
Level 1
Level 1
In response to milan.kulik

‎04-15-2003 01:20 AM

Thank you for your help. This event was very strange for me, now I know a little more about this hopping.

0 Helpful
Customers Also Viewed These Support Documents