Header Only - DO NOT REMOVE - Extreme Networks

ip forwarding issue


Userlevel 2
we have summit x460 configured with 3 vlans. ipforwarding is disabled to all vlans but were still able to ping from one vlan to another. please see below the screenshot



we also have pc directly connected to vlan server and still can reached the other vlans even the ipforwarding is disabled. below is the screenshot



below are the iproutes from switch



is this correct? I am expecting if ipforwarding is disable vlan will not communicate with each other like layer 2.

thanks

12 replies

Userlevel 6
Can you ping the servers IP address from the client?
Userlevel 2
Patrick Voss wrote:

Can you ping the servers IP address from the client?

Hi Patrick,
thanks. yes
Userlevel 3
Your input is almost complete, please show your PC's routing and arp tables to demonstrate that the PC is actually using this switch as its gateway.. I see you have successfully pinged an address for a VLAN that has no active ports in it. I expect this can only happen if there is another switch on your broadcast domain that is forwarding, You can also provide a "show ipstats" to prove that this switch was actually forwarding. - Mike
Userlevel 2
Lane, Mike wrote:

Your input is almost complete, please show your PC's routing and arp tables to demonstrate that the PC is actually using this switch as its gateway.. I see you have successfully pinged an address for a VLAN that has no active ports in it. I expect this can only happen if there is another switch on your broadcast domain that is forwarding, You can also provide a "show ipstats" to prove that this switch was actually forwarding. - Mike

Hi Mike,

thanks. actually I enable the loopback mode in vlan that has no active ports that's why I successfully reached that vlan. below are the screenshots of pc routing table and arp table





below are the ipstats of the switch

X460-24p.1 # sh ipstats
IP Global Statistics
InReceives = 451 InUnicast = 129 InBcast = 78
InMcast = 244
InHdrErr = 0 Bad vers = 0 Bad chksum = 0
Short pkt = 0 Short hdr = 0
Bad hdrlen = 0 Bad length = 0
InDelivers = 163 InDiscards = 0 Bad Proto = 0
OutRequest = 91 OutDiscard = 0 OutNoRoute = 0
Forwards = 0 ForwardOK = 0 Fwd Err = 0
NoFwding = 121 Redirects = 0 No route = 0
Bad TTL = 0 Bad MC TTL = 0
Bad IPdest = 121 Blackhole = 0 Output err = 0
MartianSrc = 0
FragCreate = 0 FragOKs = 0 FragFails = 0

Global ICMP Statistics
OutResp = 8 OutError = 0 InBadcode = 0
InTooshort = 0 Bad chksum = 0 In Badlen = 0
echo reply In = 0 Out = 8
destination unreachable In = 0 Out = 0
- protocol unreachable In = 0 Out = 0
redirect In = 0 Out = 0
echo In = 8 Out = 0
router advertisement In = 0 Out = 0
time exceeded In = 0 Out = 0

Global IGMP Statistics
Out Query = 37 Out Report = 0 Out Leave = 0
In Query = 0 In Report = 46 In Leave = 16
In Error = 0

Router Interface finance
inet 172.21.201.246 netmask 255.255.255.0 broadcast 172.21.201.255
Stats: IN OUT
22 22 packets
704 704 octets
22 22 Mcast pkts
0 0 Bcast pkts
0 0 errors
0 0 discards
0 unknown protos

Router Interface IT
inet 172.21.200.246 netmask 255.255.255.0 broadcast 172.21.200.255
Stats: IN OUT
17 17 packets
544 544 octets
17 17 Mcast pkts
0 0 Bcast pkts
0 0 errors
0 0 discards
0 unknown protos

Router Interface server
inet 172.18.1.246 netmask 255.255.255.0 broadcast 172.18.1.255
Stats: IN OUT
413 52 packets
25786 1888 octets
205 44 Mcast pkts
78 0 Bcast pkts
0 0 errors
122 0 discards
0 unknown protos
Userlevel 1
Without ipforwarding enabled, a switch will receive a packet on a VLAN interface and will respond if the packet is directed to an IP address assigned to one of its VLAN interfaces where that VLAN is enabled and up (either in loopback mode or has active port(s)). It will not forward that packet to another IP address on that subnet/VLAN even if present in the switch's IP ARP table. It will only forward if IP forwarding is enabled on both the receiving VLAN and enabled on the VLAN where the destination IP address is located.
Userlevel 1
Marlon can you confirm please.
Userlevel 2
JeremyClarkson wrote:

Marlon can you confirm please.

Hi Jeremy,

I can still ping the other vlan even the ipforwarding is disable globally and per vlan. thanks
Userlevel 1
JeremyClarkson wrote:

Marlon can you confirm please.

but can you ping clients on the VLAN or just the VLAN interface?
Userlevel 2
JeremyClarkson wrote:

Marlon can you confirm please.

just the vlan interface
Userlevel 7
Hi Marlon, do you still need assistance with this? It may be best to open a case with GTAC if this hasn't been resolved yet.
Userlevel 7
Drew C. wrote:

Hi Marlon, do you still need assistance with this? It may be best to open a case with GTAC if this hasn't been resolved yet.

in my opinion Matthew gave the answer on that topic.
Userlevel 7
Drew C. wrote:

Hi Marlon, do you still need assistance with this? It may be best to open a case with GTAC if this hasn't been resolved yet.

I think so too, but I wanted to try to be sure. Lots of loose ends around here that I'm trying to tie up 🙂

Reply