NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

epmryan's avatar
epmryan
Follower
May 20, 2016

IP Subnet-Based VLANs and ARPs

I am trying to wrap my head around a concept involving subnet based VLANs and how ARPs for those IP subnets are classified into the correct VLAN. So for example let's say I have untagged traffic ingr...
Share
Jedi_Exile's avatar
Jedi_Exile
NETGEAR Expert
Oct 24, 2016

Had to make a post.

 

By design ARP would be flooding the port egress and ingress on PVID port or any tagged vlans.  IP based subnet follow ingress rule.  The assumption isn't about how to egress it.  The assumption is how to treat the traffic on ingress.  Egress applies seperately.

 

Using your example below for vlan 10 and adding vlan 5 as alternative.

vlan database

vlan 5

vlan 10

vlan association subnet 50.0.10.0 255.255.255.0 5

vlan association subnet 100.0.10.0 255.255.255.0 10

exit

 

So in the above configuration, Any incoming traffic on any port where the source IP address given is 100.0.10.x will be mapped to vlan 10 and source ip 50.0.10.x will be mapped to vlan 5.   That does not take into account destination here.  Arp is done on destination and not source.  When the traffic arrives into the port, the assumption here is that packet already has source IP address and MAC which will then get added to ARP table as "Source Address Table" get updated.  Depending on where your traffic is headed.. then ARP is done.  So if source is 100.0.10.50 and destination is 100.0.10.25, if both location already send a packet into the switch then "Source Address Table" already has entry for both and traffic will be forwarded, but if switch does not know 100.0.10.25 then it will flood all VLAN 10 member ports to try to find the location.  If you have failed to take that into account and not properly participated the vlan on the port, then you will never forward the packet.   WIth that in mind, you will need to flood VLAN 10 and 5 broadcast (ARP) to port where you expect either to have destination.

 

interface 1/0/1

description "Port with vlan 5 or 10 client"

vlan participation include 5,10

exit

interface 1/0/1

description "port with vlan 10 only client"

vlan participation include 10

exit

 

Remember the whole point of IP based subnet is use case of specific needs, mostly around ISP needs, I have not seen anyone try to implement this in production LAN enviroment unless they have specific need.

 

Hope that help.  Apologize for any spelling mistakes.

 

 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More