Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
4
Helpful
4
Replies

VLANs basic query

Go to solution
ganeshnishi
Level 1
Level 1

‎09-10-2009 01:26 AM - edited ‎03-06-2019 07:40 AM

Hi,

Why we can't have the IPs on different subnets for the interfaces in same VLAN?

Since the ARP request is anyway broadcasted in VLAN , the destination machine will reply with its mac address and the source will have the MAC address for the destination interface.

The traffic should get forwarded this way, but its not, Any reason why its not the case?

Appreciate your response.

Regards,

Nishi

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
deyadav
Cisco Employee
Cisco Employee

‎09-10-2009 02:19 AM

Hi Nishi,

Lets understand the concept in this way:

Host A: 192.168.1.1/24, DG: 192.168.1.254

Host B: 192.168.2.1/24, DG: 192.168.2.254

Both are connected in Vlan 1 on the same switch.

If Host A would like to communicate with Host B, it would have to ARP to know the MAC for the destination.

- Broadcast is done within the same subnet. Destination IP: 192.168.2.1 does not belong to same subnet for the Host A, so it would send the frame with Destination MAC for its DG: 192.168.1.254, if it already has MAC for the DG, else it would send ARP for its DG IP address.

- DG for host A, would be configured as a Layer3 interface (SVI) on the switch, so once it receives the frame from Host A, it would inspect to see the Destination IP.

- Destination IP belongs to another Subnet, so it would have to route it, based on whether it is a locally configured subnet or not.

Lets consider it has Interface Vlan 1 for 192.168.1.0/24 subnet and Interface Vlan 2 for 192.168.2.0/24 subnet.

- Checking the destination IP in route table it would see that Destination IP is of directly connected host (as subnet is locally configured) and would hand over the packet to Interface Vlan 2.

- Now Interface Vlan 2 would check to see if it has ARP for the destination IP address which belongs to its local subnet. However it would not see it under Vlan 2 as ARP is maintained per SVI/Layer3 interface, and host B is connected on Vlan 1.

- So it would do an ARP which is broadcast out all ports in Vlan 2. As the host B is in Vlan 1, the ARP would not be forwarded out over that port, thus Host B not hearing the ARP.

This way there would be no communication between Host A and B.

Hope this helps.

Warm Regards,

Deepak Yadav

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-10-2009 02:09 AM

Nishi

Host1 (H1) = 192.168.5.10 255.255.255.0

Host2 (H2) = 192.168.5.11 255.255.255.0

Host2 (H3) = 172.16.5.10 255.255.255.0

H1 wants to send traffic to H2.

H1 knows it's won network ie. 192.168.5.10 255.255.255.0 = 192.168.5.0/24 is the network.

H1 compares H2's address with it's own netmask so

192.168.5.11 255.255.255.0 ie. the network also = 192.168.5.0/24

So H1 knows H2 is on the same subnet and arps out for H2. H2 responds with it's mac-address and then the 2 hosts can talk.

H1 now want to send traffic to H3.

H1 compares H3's ip address against it's own subnet mask ie.

172.16.5.10 255.255.255.0 = network is 172.16.5.0/24

H1 knows it's own network is 192.168.5.0 so it can see they don't match. So H1 thinks H3 is on a different subnet and so sends traffic to it's default-gateway which is H1's vlan interface.

Jon

Go to solution
deyadav
Cisco Employee
Cisco Employee

‎09-10-2009 02:19 AM

Hi Nishi,

Lets understand the concept in this way:

Host A: 192.168.1.1/24, DG: 192.168.1.254

Host B: 192.168.2.1/24, DG: 192.168.2.254

Both are connected in Vlan 1 on the same switch.

If Host A would like to communicate with Host B, it would have to ARP to know the MAC for the destination.

- Broadcast is done within the same subnet. Destination IP: 192.168.2.1 does not belong to same subnet for the Host A, so it would send the frame with Destination MAC for its DG: 192.168.1.254, if it already has MAC for the DG, else it would send ARP for its DG IP address.

- DG for host A, would be configured as a Layer3 interface (SVI) on the switch, so once it receives the frame from Host A, it would inspect to see the Destination IP.

- Destination IP belongs to another Subnet, so it would have to route it, based on whether it is a locally configured subnet or not.

Lets consider it has Interface Vlan 1 for 192.168.1.0/24 subnet and Interface Vlan 2 for 192.168.2.0/24 subnet.

- Checking the destination IP in route table it would see that Destination IP is of directly connected host (as subnet is locally configured) and would hand over the packet to Interface Vlan 2.

- Now Interface Vlan 2 would check to see if it has ARP for the destination IP address which belongs to its local subnet. However it would not see it under Vlan 2 as ARP is maintained per SVI/Layer3 interface, and host B is connected on Vlan 1.

- So it would do an ARP which is broadcast out all ports in Vlan 2. As the host B is in Vlan 1, the ARP would not be forwarded out over that port, thus Host B not hearing the ARP.

This way there would be no communication between Host A and B.

Hope this helps.

Warm Regards,

Deepak Yadav

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-10-2009 03:48 AM

"Why we can't have the IPs on different subnets for the interfaces in same VLAN?"

You can.

"Since the ARP request is anyway broadcasted in VLAN , the destination machine will reply with its mac address and the source will have the MAC address for the destination interface.

The traffic should get forwarded this way, but its not, Any reason why its not the case? "

A simple but interesting question.

Jon and Deepak, what if hosts are on the same physical segment (e.g. VLAN) but do not have a gateway IP?

My understanding, Ethernet ARP is a full L2 broadcast, so assuming a gateway isn't defined on the hosts, a host should ARP for the other IP regardless of subnet and ARP reply. Once both hosts have resolved MACs, communication should be possible.

Consider proxy ARP. The difference is, hosts are physically on different segments, so a router responds instead of the actual hosts. However, by ARP rules, hosts don't know they are using a proxy, it's transparent.

In situations where hosts have a defined gateway, they would only ARP for host IPs on same subnet but ARP for the gateway's IP for off-subnet hosts.

In other words, believe the issue you're asking about, and how it works as described by Jon and Deepak depends on a host having a defined gateway and using it for non-local subnnet hosts. Otherwise, believe two hosts on a shared segment, but in different subnets, could communicate.

0 Helpful

Go to solution
deyadav
Cisco Employee
Cisco Employee
In response to Joseph W. Doherty

‎09-10-2009 05:20 AM

I agree with Joseph, with no default gateway configured, two hosts can communicate with each other even when in different subnet.

Then the ARP broadcast could reach on to every host in the same segment.

The other way around even with a Default gateway set, is to add route statement through command prompt for each other's network, along with Static ARP.

Host A:

cmd> route add 192.168.2.0 mask 255.255.255.0 192.168.2.1

cmd> arp -s 192.168.2.1 xx-yy-ss-aa-ss

Host B:

cmd> route add 192.168.1.0 mask 255.255.255.0 192.168.1.1

cmd> arp -s 192.168.1.1 aa-ee-rr-qq-dd

My view this should also work, also not tried it practically.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card