Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vlan mismatch does not stop data

On a 2950 port 48 is in vlan 66, switchport mode access. This is connected to Intrusion Detection Device and that in turn passes back to a second 2950 to port 39 which is in vlan 137. The two 2950s are connected with GBICs in trunking mode. Also plugged into vlan 137 is a firewall. So data would pass from users in vlan 66 to Intrusion Detection then into vlan 137 to get to firewall and router. The traffic appears to be flowing fine. Do I need to be concerned about the vlan mismatch message? Would I be better off setting up a router-on-a-stick?

2 REPLIES

Re: vlan mismatch does not stop data

Hi Friend,

If the VLan 66 subnet and the firewall interface are in the same subnet, then You are basically leaking traffic from one vlan to another.

This is not a problem but it depends on how your LAN is designed

NArayan

New Member

Re: vlan mismatch does not stop data

Your comment ties in nicely with my research that indicates that packets can travel from one vlan on one switch to another vlan on another switch if they are not in trunking mode. It seems a little haphazard so I think I will set up a router and trunk the output of the intrusion detection to the vlan having the firewall. Thanks for the response.

102
Views
4
Helpful
2
Replies