Cisco – How to Detect Loops Created by Unmanaged Switches

You can check the Amsterdam Internet Exchange's Config Guide for hints on how to silence switches from a variety of vendors.

In my experience there are vendors whose software is so bad that their equipment is never silent, for example they ARP out every interface when they boot, or send out some upon a link up event on a port. Juniper, Cisco, Brocade can be muffled with varying degrees of persuasion, Extreme loops everything during EAPS transitions.

Some things to disable/consider:

• Discovery protocols (LLDP, CDP, FDP, 'dynamic-vlan-discovery')
• VTP, DTP
• STP (disable for the VLAN a port is in)
• Ethernet keepalives or loop frames (useless on full-duplex media)
• Weird stuff like DECnet MOP (topic of another question a few days ago)
• Have a separate management VLAN for the switch's own IP address
• You'll want to disable PIM snooping on a Cisco as this breaks IPv6.

The reason that this doesn't work is that your desktop isn't actually in vlan 200. You changed the IP address of the desktop to be on the 192.168.200.0/24 subnet but that's at layer 3.

Looking at the layer 2 topology, your PC is connected to a dumb switch which is hooked into a vlan 1 port on the managed switch. Because of this, regardless of what your IP address is the traffic coming from your desktop is hitting the switch on vlan 1.

Going back to layer 3 a bit, your default gateway 192.168.200.254 isn't in vlan 1 it's in vlan 200 because it's assigned to a router sub-interface which is watching for traffic tagged vlan 200. Therefore the PC's default gateway is unreachable at layer 2 and you get the infamous "Destination host unreachable" error.

For you to add a host in vlan 200, you need to plug it into a totally new port on the Dell managed switch and assign that port to vlan 200, as well as giving it an IP address in the 192.168.200.0/24 subnet.

On a related note, if you want traffic from vlan 200 to reach the outside internet you will need to create static routes on both the virgin media router and the Cisco router telling them about the other networks.

On the Cisco router you need to add ip route 0.0.0.0 0.0.0.0 192.168.1.1 to tell it to forward any traffic with a destination network it doesn't know about to virgin media. On the virgin media router you need the equivalent of ip route 192.168.200.0 255.255.255.0 192.168.1.254 so that the virgin media router knows where to send traffic coming back from the internet destined for vlan 200.