Hello everyone! I have a task "as is" to have one ip network spanning multiple 6500 interfaces(every interface will be connected to single department with dummy switch on remote side). In addition i need to have ip source guard or equivalen feature to restrict static ip address assignements by users. The problem is i have a quite old Sup2/MSFC2/PFC2 gear installed on 6500. My first idea was to use native mode with s222-adventerprisek9_wan-mz.122-18.SXF17, but there is no ip source guard feature there(optionally i thought to use MAC ACL+ IP ACL, which are dynamically filled with entries from management statoin as eligible users come online). Second option is was to use hybrid mode with cat6000-sup2cvk9.8-6-4.bin and c6msfc2-adventerprisek9_wan-mz.122-18.SXF6, which supports ip source guard, but does not support ip unnumbered for VLAN SVI.
So the question is there any option which allow single ip network to span multiple L3/SVI interfaces in hybrid mode, or any option like ip source guard in native mode.
"Integrated routing and bridging (IRB) and concurrent routing and bridging (CRB) have deliberately been disabled on the Catalyst 6500 series switches and Cisco 7600 Series Routers. You should use routable Layer 2 VLANs and VLAN interfaces for normal bridging and interVLAN routing. Bridge groups are supported only to bridge nonrouted protocols."
In addition to that i can say that i cannot separate clients seated on different 6500 interfaces to different subnets(customer caprice) - although almost all addresses are assigned by DHCP, there will be too much of ip subnets and they scared about it, plus "wise" clients who set addresses statically. So the solution must be seamless to customer and presume current design iseas. Maybe there is another option how to substitute either ip unnumbered in hybrid mode or ip source guard in native mode(i believe that for last thing i can use Port ACL to filter MACs and IP ACL attached to VLAN SVI to filter IPs). Thank you.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...