Perhaps you are right. There really wasn't a need to have provider VLAN be L3 outside of pinging that VLAN in the initial stages. I will remove the IP and make it solely L2 VLAN.<br><br>Thanks for the help.<br><br><br>
<div class="gmail_quote">On Fri, Jul 20, 2012 at 4:08 AM, Erik Bais <span dir="ltr"><<a href="mailto:erik@bais.name" target="_blank">erik@bais.name</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi, <u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">You may want to test with disabling IPARP checking on the L3 vlan’s. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">A L3 vlan will by default only allow IP addresses that it has configured on the vlan. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">If you want to mix L2 and L3 functionality across the same vlan type: <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">disable iparp vr VR-Default checking  <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">That is a switch wide command, so you basically disable it for the complete switch. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Perhaps it is better to change to a second vlan and have that vlan only travel in L2 across switch A, B and C. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">L2 only vlan’s don’t do IPARP checking. <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hope this helps,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Regards,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Erik Bais <u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:extreme-nsp-bounces@puck.nether.net" target="_blank">extreme-nsp-bounces@puck.nether.net</a> [mailto:<a href="mailto:extreme-nsp-bounces@puck.nether.net" target="_blank">extreme-nsp-bounces@puck.nether.net</a>] <b>On Behalf Of </b>Robert Lister<br>
<b>Sent:</b> vrijdag 20 juli 2012 10:13<br><b>To:</b> root net<br><b>Cc:</b> Extreme NSP<br><b>Subject:</b> Re: [e-nsp] Extreme switch "show iparp" - IP Rejected<u></u><u></u></span></p></div></div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Config snippets may help to work this out.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p>
</div><div><p class="MsoNormal">By 'secondary IP' how is this configured on the cisco, and why?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Rob<br><br>-- <u></u><u></u></p>
<div><p class="MsoNormal">Robert Lister<u></u><u></u></p></div></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p></div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><div><p class="MsoNormal">
Provider assigned a /30 say <a href="http://172.16.0.0/30" target="_blank">172.16.0.0/30</a> -> his IP is say <a href="http://172.16.0.1/30" target="_blank">172.16.0.1/30</a><br>Switch A is not assigned an IP on the /27. This switch is simple all L2 (tagged/untagged or trunk/access ports)<br>
Switch B is assigned an IP from a /27 say <a href="http://192.168.0.4/27" target="_blank">192.168.0.4/27</a><br>Switch C is assigned an IP from a /27 say <a href="http://192.168.0.2/27" target="_blank">192.168.0.2/27</a><br>
Main Router is assigned an IP from a /27 say <a href="http://192.168.0.1/27" target="_blank">192.168.0.1/27</a> and the secondary IP is <a href="http://172.16.0.2/30" target="_blank">172.16.0.2/30</a><br><br><br>sh iparp<br>
Destination     Mac                Age Static  VLAN    [VID]   Port<br>192.168.0.1  mac-address-here    0   NO  vlan-name-here  [0002]  1<br>     Dynamic Entries:        1              Static Entries:       0<br>     Pending Entries:        0<br>
         Out Request:       16                Out Response:      11<br>          In Request:     1875                 In Response:      19<br>      Proxy Answered:        0<br>            Rx Error:        0                 Dup IP Addr:       0<br>
      Rejected count:      480                 Rejected IP: 172.16.0.2<br>       Rejected Port:        1                Rejected I/F: transport<u></u><u></u></p></div></blockquote></div></div></div></div></div></blockquote>
</div><br>