[c-nsp] C3750G-24TS-E: Routing issue between procted switchports

Daniel Bradler bradler at bk.de
Thu Aug 5 08:57:32 EDT 2010


Hi,

I have a routing issue on a C3750G-24TS-E (SW version 12.2(53)SE2) with
the switchport procted feature enabled.

In short, my configuration looks as follows:

interface GigabitEthernet1/0/13
  switchport access vlan 910
  switchport mode access
  switchport protected
!
interface GigabitEthernet1/0/14
  switchport access vlan 910
  switchport mode access
  switchport protected
!
interface Vlan910
  ip address 80.83.127.1 255.255.255.248
!
ip route 80.83.122.0 255.255.255.0 Vlan910
ip route 80.83.123.0 255.255.255.0 Vlan910

There are two test servers connected to port 1/0/13 and 1/0/14. These
servers have IP adresses from 80.83.122.0/24 and 80.83.123.0/23 with
255.255.255.255 as subnet mask and use 80.83.127.1 as default gateway.

The intention of this configuration is to prevent a communication
between the servers on Layer 2 and have all data traffic forwarded
through the switch as a Layer 3 gateway.

The setup works well as long as the servers have IP adresses in
different /24 subnets. If both servers have IP adresses from the same /24
subnet, e.g. 80.83.122.2/32 and 80.83.122.3/32, the data traffic isn't
forwarded. If the "switchport procted" feature is disabled, traffic is
forwarded - hence the issue is obviously related to that feature.  The
problem still exists, when the route for 80.83.122.0/32 on the switch is
replaced by host routes for 80.83.122.2/32 and 80.83.122.3/32. So there
seems to be an internal restriction for /24 subnets.

Is there any known possiblity to use protected ports and have the
traffic forwarded, even if IP adresses in the same /24 subnet are used?

Thanks in advance

Daniel Bradler


More information about the cisco-nsp mailing list