This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ip forwarding issue

ip forwarding issue

Marlon
New Contributor III

‎10-22-2015 04:43 PM

we have summit x460 configured with 3 vlans. ipforwarding is disabled to all vlans but were still able to ping from one vlan to another. please see below the screenshot

197e8d069ba24ea0b6a6e9a32ffe1db2_RackMultipart20151022-4642-2g4zxn-ping_inline.jpg



we also have pc directly connected to vlan server and still can reached the other vlans even the ipforwarding is disabled. below is the screenshot

197e8d069ba24ea0b6a6e9a32ffe1db2_RackMultipart20151022-2367-v4wojx-ping2_inline.jpg



below are the iproutes from switch

197e8d069ba24ea0b6a6e9a32ffe1db2_RackMultipart20151022-6111-y73xf6-routes_inline.gif



is this correct? I am expecting if ipforwarding is disable vlan will not communicate with each other like layer 2.

thanks

0 Kudos
12 REPLIES 12

Marlon
New Contributor III
In response to JeremyClarkson

‎10-23-2015 01:12 PM

just the vlan interface
0 Kudos

JeremyClarkson
New Contributor
In response to JeremyClarkson

‎10-23-2015 01:12 PM

but can you ping clients on the VLAN or just the VLAN interface?
0 Kudos

Marlon
New Contributor III
In response to JeremyClarkson

‎10-23-2015 01:12 PM

Hi Jeremy,

I can still ping the other vlan even the ipforwarding is disable globally and per vlan. thanks
0 Kudos

Matthew_Helm
New Contributor

‎10-22-2015 09:10 PM

Without ipforwarding enabled, a switch will receive a packet on a VLAN interface and will respond if the packet is directed to an IP address assigned to one of its VLAN interfaces where that VLAN is enabled and up (either in loopback mode or has active port(s)). It will not forward that packet to another IP address on that subnet/VLAN even if present in the switch's IP ARP table. It will only forward if IP forwarding is enabled on both the receiving VLAN and enabled on the VLAN where the destination IP address is located.
0 Kudos

Mike_Lane
Extreme Employee

‎10-22-2015 04:57 PM

Your input is almost complete, please show your PC's routing and arp tables to demonstrate that the PC is actually using this switch as its gateway.. I see you have successfully pinged an address for a VLAN that has no active ports in it. I expect this can only happen if there is another switch on your broadcast domain that is forwarding, You can also provide a "show ipstats" to prove that this switch was actually forwarding. - Mike
0 Kudos
GTM-P2G8KFN