Richard Holbo <holbor@sonss.net> writes:
I have about 500 IPV4 clients on a vlan served by Cisco ME3400, Catalyst 3750 and 3560 switches. These are switched back to a routed interface and IP addresses are assigned by DHCP. We are not using IPV6 at all, and I don't have control of the clients.
This configuration is reminiscent of my back lawn. It probably grew organically, has been neglected for a period of time, and it's going to require a bit of effort to tame it and bring it under control. You probably don't have the option of blocking horizontal layer 2 traffic like the WISP guys do, and even if you were able to get away with that it brings its own set of downsides to it. The solution here is to chop things into separate broadcast domains, each one no bigger than a single switch. You might bring each to a routed interface on another device (or likely more than one other device depending on your network layout), but on no account should you have the broadcast domain span more than one port on that device. Hopefully you don't have any poorly behaved software that depends on being in the same broadcast domain. It can be difficult to inventory that and make sure it all works before taking the leap. It could be easier to just peel off one workgroup of people to configure them that way as a pilot and see if anyone squawks. Tell them that you're doing it and that you want feedback, since your current configuration is conditioning them to just suck it up when the network periodically flakes. Hope this helps, -r