Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
1
Replies

PVLAN and layer-3 isolation

Go to solution
kkalaycioglu
Level 4
Level 4

‎11-22-2004 06:35 AM - edited ‎03-02-2019 08:07 PM

Suppose isolated ports in a PVLAN (all in same subnet). Is it possible to provide layer-3 connectivity between those isolated ports? A whitpaper about PVLANs on CCO says that if a host goes to the def gw instead of directly going to the same subnet host it's possible to provide layer-3 connectivity between isolated ports. How can this be?

Regards.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
milan.kulik
Level 10
Level 10

‎11-22-2004 08:20 AM

Hi,

what about following scenario:

Two PCs connected to isolated ports.

A default gateway (router)connected to a promiscuous port. Proxy ARP enabled on the default gateway.

Whan PC1 wants to talk to PC2, it sends an ARP request to a broadcast address. The default gateway knows PC2's MAC address, so it replies with it's own MAC address (proxy ARP). PC1 then sends packets to default gateway and it forwards them to PC2.

The question is if the default gateway shouldn't recognize that both PC1 and PC2 are in the same IP subnet and either not reply to the ARP request or send an ICMP redirect. Bot it depends on the particular proxy ARP implementation, I think.

Another possibility might be subnet mask mismatch.

Imagine: PC1 10.1.1.1/16, PC2 10.1.2.1/16 and default gateway 10.1.1.2/24 and 10.1.2.2/24 secondary.

Then the gafault gateway would route between PC1 and PC2 with no problem.

Regards,

Milan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
milan.kulik
Level 10
Level 10

‎11-22-2004 08:20 AM

Hi,

what about following scenario:

Two PCs connected to isolated ports.

A default gateway (router)connected to a promiscuous port. Proxy ARP enabled on the default gateway.

Whan PC1 wants to talk to PC2, it sends an ARP request to a broadcast address. The default gateway knows PC2's MAC address, so it replies with it's own MAC address (proxy ARP). PC1 then sends packets to default gateway and it forwards them to PC2.

The question is if the default gateway shouldn't recognize that both PC1 and PC2 are in the same IP subnet and either not reply to the ARP request or send an ICMP redirect. Bot it depends on the particular proxy ARP implementation, I think.

Another possibility might be subnet mask mismatch.

Imagine: PC1 10.1.1.1/16, PC2 10.1.2.1/16 and default gateway 10.1.1.2/24 and 10.1.2.2/24 secondary.

Then the gafault gateway would route between PC1 and PC2 with no problem.

Regards,

Milan

0 Helpful
Customers Also Viewed These Support Documents