Eg: Switch is configured as 172.30.70.0/23. End hosts which are connected to this switch are in the subnet 22.214.171.124/16.
There is a default gateway configured on the switch which connects to a router.
From what I understand the path when a ping to the end host from the switch goes like this:
Switch > default gateway (router) > Switch.
Assuming the gateway for the 126.96.36.199/16 subnet is also on the router which is providing the gateway for 172.30.70.0/23, then yes the path you describe is correct.
Yes, there is a route in the router for 188.8.131.52/16 subnet pointing back to the interface towards the switch.
In this case, will the ping be successful from switch to the end host?
Does the switch compare the ping IP packet's IP address to its own ARP table, and then forwarrd the IP packet to the end host?
There are some things about your environment that we do not know and this impacts our ability to give good advice. Your diagram showed switch > router < switch
The diagram suggests that both switches are just processing as layer 2 switches and the router is providing routing logic for all subnets in the network. Is that correct?
One way that we can answer your question is to make the point that only devices that are doing layer 3 processing will arp or will look into arp tables. So if the router is going the routing for all subnets then the router is the only one who will look into an arp table.
What the switch would do would be to look in the frame for the destination mac address, using that mac address it would look into its mac address table and find the port to which it should forward the frame.
Hi, the path is actually router <-> switch <-> end host.
The Switch > default gateway (router) > Switch path I mentioned is what I think the path for a ping packet from the switch to the end host would look like.
Oh thanks for clarifying regarding the looking up of arp tables. So even if the switch has a arp table when I do show ip arp, the switch does not make use of it for routing decisions?
Hello @rakuten02 ,
if the switch is acting as a L2 only LAN switch it will act as a normal host:
for all addresses in the same IP subnet 172.30.70.0/23 it will try to find out the corresponding MAC address using ARP table.
for all addresses out of subnet 172.30.70.0/23 it will use the MAC address of the default gateway to send the frame to it.
To be noted hosts in different VLANs can be directly connected to the switch (different from the management VLAN) however the packet path will be switch to default getway to host at L3 and viceversa for opposite direction.
The hosts in different subnets can appear in the CAM table but not in the ARP table of the switch.
A device can have an ARP entry only for IP addresses that are directly reachable via one of its interfaces without going via another L3 device.
As noted by Richard a L2 LAN switch will populate the CAM table by simply learning the source MAC address of frames received on its ports and creating entries like VLAN# port MAC address.
This is called transparent bridge.
But the CAM table is not the same as the ARP table as explained above.
Hope to help
Thanks a lot for clarifying some of my misconceptions.
In such a network IP addressing design, is it possible for a switch to successfully ping an end host?
Please correct me if I am wrong:
1. Ping sent from switch to directly connected end host in different subnet.
2. Ping packet will be forwarded to default gateway as its destination is in a different subnet.
3. Default gateway (router) receives the packet, and based on a path in the routing table which states that all packets to 184.108.40.206/16 go to an interface which is connected to the switch, the ping packet is routed back to the switch.
4. The switch receives the ping packet, and step 2 - 4 will repeat itself in a loop?
Hello @rakuten02 ,
>> go to an interface which is connected to the switch, the ping packet is routed back to the switch
If this interface is in another L2 VLAN there is no issue and the connectivity can be successful at IP level L3.
You need to look at the switch as two different entities:
a L2 LAN switch that supports multiple VLANs
an host with a TCP/IP stack in the management subnet
the return packet in the different VLAN is not examined at L3 by the switch it is simply forwarded to host that has the destination MAC address ( that can be another router for example).
if the switch is acting as L3 switch the risk of a routing loop is present as you noted.
when the switch is in L3 mode you will find the command
in global config mode
and you configure a default route and not a default gateway
if ip routing enabled you need
ip route 0.0.0.0 0.0.0.0 <next-hop>
the ip default-gateway <next-hop> applies only if ip routing is disabled.
in order to be examined at L3 the packet on the return port this port must be member of a VLAN where the associated SVI interface VLAN X is configured and has an IP address otherwise the packet will be simply forwarded at L2 even if ip routing is enabled at global level.
It can be a little complex, but the main question is still the same the switch processes the return packet at OSI L2 or OSI L3 only in the second case a routing loop is created.
Hope to help
In this discussion I believe that we need to be careful to distinguish differences between behavior of switches configured to act as L3 switches and those that are configured as L2 switches. The original post clearly was asking about L2 switches, so we need to focus on that aspect.
In discussing a L2 switch we need to distinguish between IP packets that are originated from the switch itself and IP packets originated from devices (hosts) connected to the L2 switch. The original post asks about the L2 switch attempting to ping a host that is in a different subnet. The ping from the switch will be originated from its management interface (the IP address of the vlan interface - so that will be the source IP address). If the ping destination address is in the same subnet as the IP of the management interface, then the switch would arp for the destination. But if the destination address is in a different subnet (as the original post did specify), then the switch will forward its IP packet to its default gateway. The default gateway would receive the IP packet and do a lookup in its routing table for the destination. It would find the destination in a different subnet - and associated with a different vlan. So the gateway will forward the IP packet using the new vlan toward the destination. The packet would get to the switch. Since the packet is in a vlan different from its management vlan the switch does not consider the IP address of the packet but only looks at the destination mac address, and determines how to forward the packet toward the destination (in the destination vlan). There would be no looping in this.
Thanks for the great answer! I noticed that the switch IP address is in vlan 1, and the rest of the switch interfaces are on vlan 1 as well.
This would mean that there are 2 different subnets in the same vlan. Does being in the same vlan mean that the ping packet from the switch will directly be interpreted by the destination mac address and sent to the corresponding switch interface without going through a gateway?
Hello @rakuten02 ,
>> does being in the same vlan mean that the ping packet from the switch will directly be interpreted by the destination mac address and sent to the corresponding switch interface without going through a gateway?
Not in IPv4 the device will send the packet to its default gateway and eventually make an ARP request for its default gateway.
The default gateway can act as a gateway between two or more subnets on the same broadcast domain by using the secondary address concept (additional subnets are managed using an ip address secondary command under the same L3 interface).
To be noted in IPv6 it is possible to ping between two different IPv6 subnets on the same wire, without the need of a gateway, because IPv6 in neighbor discovery has the concept of on-link prefixes.
Hope to help
I will say it again: there are things that we do not know about this environment and this makes it difficult to give good or complete answers. The original poster has added another aspect to the question: all of the interfaces on the switch are in vlan 1, and there are 2 subnets operating in that vlan. Giuseppe has correctly answered that this can work if, and only if, the router interface is configured with a primary IP in one subnet and a secondary IP address in the second subnet. In this case the ping request from the switch would be sent to the router default gateway address, the router would recognize that the destination was in the secondary address subnet, would look in its arp table for the destination address, (if necessary would arp for the destination address), would set the destination mac address in the ping request as the host mac address, and would send the packet back out the interface to the switch. The switch would receive the frame from the router, would not be aware of the destination IP address, would look at the destination mac address and forward the frame to the destination host.
Are there additional aspects of this environment that we do not yet know about?