Source IP and/or VLAN mismatch

JonathanShapiro
Here to help

Source IP and/or VLAN mismatch

I have an SD-WAN network for about 30 locations using MX units.  All is working great, but in my two datacenters, I've noticed that I see event log entries regarding source IP and/or VLAN mismatches.  I've configured the LAN ports on these devices to run in Access mode rather than Trunk, yet the alerts persist.  The event log details list the source device, my downstream core switches.  I'm unsure why these alerts are being logged or why there is a conflict.  

 

Here's a sample entry:

 

Client: 192.168.100.3, MAC: 00:01:E8:D7:0D:28, VLAN: 1, details: sent 8895539 unexpected packets (Last seen packet IP=172.16.252.19)

 

The client is the core switch, and I would expect packets destined for that 172.16.252.19 to traverse the SD-WAN.

2 Replies 2
ww
Kind of a big deal
Kind of a big deal

It somehow detects 172.16.252.19 as packet on the lan side. 

You have a config with static routes? Dynamic routing? Or just vlans?

 

172.16.252.19 is a ip from a spoke?

You could try running a pakket capture of the lan side mx with filter "host 172.16.252.19"

henrry81
Here to help

Yeah, understanding your routing config and VLAN setup will help troubleshoot this. Running a packet capture on the LAN side MX could also provide some clues.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels