Page 1 of 1

CSS610-8G-2S+IN VLANs not fully separated on access ports

Posted: Thu Mar 24, 2022 4:22 pm
by rajkosto
I can still see ARP from all the VLANs (wrong ip ranges on packets sniffed via wireshark, seeing the ones from all VLANs, not just the one i set up the access port PVID for) when i connect an ethernet cable into one of the ports that i set VLANs to disabled on, checked they are only in one vlan group already. Running SwOS Lite 2.14 latest, this does not happen on my CSS326 running SwOS normal 2.13 latest with the same settings. This also does not happen on trunk ports where I explicitly join a VLAN via my network driver software (even if the VLAN i join is "untagged" and then i connect to access port)

EDIT: Setting the VLAN mode to "strict" on the access ports fixed this. Strange that this isn't the case on CSS326 and CRS305 that i use, where "Disabled" on access ports does not let ARP from ALL VLANs through. My mistake in thinking that SwOS would be consistent across models.

Re: CSS610-8G-2S+IN VLANs not fully separated on access ports

Posted: Sun Mar 27, 2022 11:42 pm
by rajkosto
Oh it also gives bogus SFP I2C readings on all the fields it reads randomly: ... woDI6E.mp4
Does not happen on CSS326 with same module, also swapped modules between them, still happens only on CSS610
The link does not actually go down thankfully, when its reporting -21rx etc, its just a misreading of i2c.