1. Home
  2. Cisco Systems
  3. ethernet frame loop

ethernet frame loop

Hi

following state. I have a switch with e.g. 48 userports and one uplink port. This switch is a carrier grade switch which supports only residential mode. Therefore all frames from the user ports are forwarded to the uplink if. All frames are inside the same Vlan. at the uplink port a router is connected.

Now a new requirement was defined which says sometimes for a special Vlan a communication between each userport should be possible on ethernet base. That means a routing via subnets with a 30 bit subnet mask is not allowed.

And now the question. What can be the right configuration option for a cisco router /L3 switch to ensure this functionality?

The high level engineers says there is some kind of option at cisco edge router which enables some kind of packet loop. Normaly the router/switch only forwards a package to all other ports at the same vlan but it is prohibited to froward the frame to the same port. This function should be disabled from my point of view.

thanks for your hints tips and hands of brain

Reply to
iwetzel
Loading thread data ...

This function in Cabletron-speak is called MDU or Multi-Dwelling Unit switches. Basically all they did was put each port on a VLAN so that no one port could have L2 communication with any other port. This prevents the "first packet" problems and also mitigates the ARP flooding of the switch problems. You could also inhibit direct L3 communication between ports on the upstream L3 device. In theory you could create this manually by putting each port in a different VLAN. You could put more than one port in the same VLAN (for example you put both ports in a 2-bedroom apartment or 3 ports in a 3-bedroom apartment). The ACLs on the L3 device could be configured to either allow or disallow traffic between VLANs.

The other option that comes to mind is what we're using on our DSL termination routers. The involves setting up a loopback on the edge device and pointing each interface at it with "ip unnumbered LoopbackX". No communication between CPE devices will work unless you set "ip local-proxy-arp" on the loopback interface. You could have multipl loopbacks for different purposes. This solution requires a L3 device on the edge. I'm not sure if this could be tied in with VLANs on a L2 device with the loopback on the upstream L3 device. That will take some thought.

J
Reply to
J

Thanks a lot for your answer.

Now I got a different solution. A proxy-arp for the hole subnet at the Edge router. But nobody knows how to configure this at cisco routers.

Or is there somebody how knows how to configure a cisco router to anser each arp request on a special subnet with his own MAC ?

Best regards Immo

J wrote:

Reply to
iwetzel

in Cisco speak this could be private VLAN or PVLAN. only "promiscuous" ports can talk to the others.

this lets you use 1 subnet for the switch there are probably other ways - eg. Cat6k with Sup720-3B has some per user policing services intended for similar uses.

but you would need some traffic filtering on the upstream router port to stop packets from a user on 1 port going back out the same port to a different user

- easiest way is filter with matching against both source and dest with the local subnet....

So turn off the "carrier" service - this is just normal L2 switching without any restrictions?

or are you talking about using multiple VLANs to support the different topologies? if so, you might need all attached devices to send you tagged Ethernet frames.

Reply to
stephen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.