On one particular site, there are a number of Cisco switches using a VLAN for management traffic, but with no other IP addresses assigned to any of the VLANs. They're running IP-BASE.
I would expect these switches to be completely isolated, reachable only from another node on their management VLAN. However, that's not the case: I can telnet to and ping them from outside that VLAN.
I cannot locate any network translation rules on the L3 core; there isn't even an ip helper-address (which shouldn't affect this anyhow) on that VLAN. And yet, the switch somehow mystically knows what its next hop should be. So, what am I missing?
The example output below is from one of these mentioned switches. Its management IP is 192.168.250.85.
IO1#show ip route Default gateway is not set Host Gateway Last Use Total Uses Interface ICMP redirect cache is empty IO1#ping 192.168.17.200 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.17.200, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/203/1006 ms IO1#traceroute 192.168.17.200 Type escape sequence to abort. Tracing the route to 192.168.17.200 1 192.168.250.2 0 msec 0 msec 0 msec 2 * * *
[cut for brevity --- it never completes. I wouldn't even expect the first line to resolve without any IP routing info.]
And from the server pinged above:
PS C:\Users\user1> tracert 192.168.250.85 Tracing route to 192.168.250.85 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 192.168.17.1 2 1 ms 2 ms 3 ms 192.168.250.85 Trace complete. PS C:\Users\user1>